This page will assist you with fulfilling the requirements for integrating your network with ClassLink on Windows Server (versions 2008 through 2012R2) for Microsoft Active Directory. Integrating your network will allow you to utilize your existing user credentials and even access your home folders and network shares from My Files.
We require a new dedicated virtual machine or server for running the ClassLink web service. We will not install the web service on a server that is running other roles.
Once the server and firewall rules are ready, ClassLink will complete the setup via a screen-sharing session with a member of the school district.
Server Hardware (physical or VM)
- CPU: At least 2vCPUs VM; 2.0 GHz o32-bit (x86) or 64-bit (x64)
- RAM: At least 4 GB Minimum
- HDD: At least 40 GB free space
- Operating System: Windows Server 2008/R2 or 2012/R2; domain member server
- Roles: Internet Information Services (IIS)
- All latest Windows updates installed
- Public IP Address: mapped to web server's internal IP over port 443 (https requires a valid SSL certificate- a .pfx file imported in IIS)
- External and Internal DNS Record: A DNS "A" record must be assigned to the web server on a public DNS provider (pointing to external IP address used) and on the internal DNS (pointing to internal IP address of web server)
- Optional* HTML5 Gateway. Additional Public IP Address: mapped to web server's secondary internal IP over port 443 for HTML5 Gateway (iOS/Android devices)
- Optional* SSH Gateway. Public IP Address: mapped to web server's internal IP over port 222 JavaSSH (secure RDP)
*For terminal server application provisioning. All 3 services can function on the same server, however, authentication and html5 gateway need separate public IPs and separate NICs to function. SSH can re-use an IP.
**Firewall rules must be set to accept traffic from all sources
Firewall rules must be created prior to setup. Note: ClassLink server in DMZ is optional
HTML5 gateway is optional if you wish to deliver Windows apps remotely via Terminal Servers (RDS).
DMZ Firewall (optional)
|Outside to DMZ||Any||ClassLink Server||
|DMZ to inside||DMZ to File Server||AD Server||
TCP/UDP 389 : LDAP
|DMZ to inside||DMZ to File Server||Terminal Servers||
|DMZ to File Server||ClassLink||File Server||TCP 135 : MS-RPC
TCP 1025 & 1026 : AD Login
TCP 445 : SMB, MS-DS
TCP 139 : SMB
UDP 137 & 138 : NetBIOS
UDP 88 : Kerboros v5