A Windows server that hosts the Web component must meet additional requirements, in addition to those for all IaaS Windows servers.

The requirements are the same, whether or not the Web component hosts the Model Manager.

  • Configure Java.

    • Install 64-bit Java 1.8 update 161 or later. Do not use 32-bit.

      The JRE is enough. You do not need the full JDK.

    • Set the JAVA_HOME environment variable to the Java installation folder.

    • Verify that %JAVA_HOME%\bin\java.exe is available.

  • Configure Internet Information Services (IIS) according to the following table.

    You need IIS 7.5 for Windows 2008 variants, IIS 8 for Windows 2012, IIS 8.5 for Windows 2012 R2, and IIS 10 for Windows 2016.

    In addition to the configuration settings, avoid hosting additional Web sites in IIS. vRealize Automation sets the binding on its communication port to all unassigned IP addresses, making no additional bindings possible. The default vRealize Automation communication port is 443.

    Table 1. IaaS Manager Service Host Internet Information Services

    IIS Component


    Internet Information Services (IIS) roles

    • Windows Authentication

    • Static Content

    • Default Document

    • ASPNET 3.5 and ASPNET 4.5

    • ISAPI Extensions

    • ISAPI Filter

    IIS Windows Process Activation Service roles

    • Configuration API

    • Net Environment

    • Process Model

    • WCF Activation (Windows 2008 variants only)

    • HTTP Activation

    • Non-HTTP Activation (Windows 2008 variants only)

      (Windows 2012 variants: Go to Features > .Net Framework 3.5 Features > Non-HTTP Activation)

    IIS Authentication settings

    Set the following non-defaults.

    • Windows Authentication enabled

    • Anonymous Authentication disabled

    Do not change the following defaults.

    • Negotiate Provider enabled

    • NTLM Provider enabled

    • Windows Authentication Kernel Mode enabled

    • Windows Authentication Extended Protection disabled

    • For certificates using SHA512, TLS1.2 must be disabled on Windows 2012 variants