This page will assist you with fulfilling the requirements for integrating your network with ClassLink on Windows Server (versions 2008 through 2012R2) for Microsoft Active Directory. Integrating your network will allow you to utilize your existing user credentials and even access your home folders and network shares from My Files.
We require a new dedicated virtual machine or server for running the ClassLink web service. We will not install the web service on a server that is running other roles.
Once the server and firewall rules are ready, ClassLink will complete the setup via a screen-sharing session with a member of the school district.
Server Hardware (physical or VM)
- CPU: At least 2vCPUs VM; 2.0 GHz o32-bit (x86) or 64-bit (x64)
- RAM: At least 4 GB Minimum
- HDD: At least 40 GB free space
- Operating System: Windows Server 2008/R2 or 2012/R2; domain member server
- Roles: Internet Information Services (IIS)
- All latest Windows updates installed
- Public IP Address:mapped to web server's internal IP over port 443 (https requires a valid SSL certificate- a .pfx file imported in IIS)
- External and Internal DNS Record: A DNS "A" record must be assigned to the webserver on a public DNS provider (pointing to external IP address used) and on the internal DNS (pointing to internal IP address of webserver)
- Optional* HTML5 Gateway. Additional Public IP Address: mapped to web server's secondary internal IP over port 443 for HTML5 Gateway (iOS/Android devices)
- Optional* SSH Gateway. Public IP Address: mapped to web server's internal IP over port 222 JavaSSH (secure RDP)
*For terminal server application provisioning. All 3 services can function on the same server however authentication and html5 gateway need separate public IPs and separate NICs to function. SSH can re-use an ip.
**Firewall rules must be set to accept traffic from all sources
Firewall rules must be created prior to setup. Note: ClassLink server in DMZ is optional
HTML5 gateway is optional if you wish to deliver Windows apps remotely via Terminal Servers (RDS).
Outside to DMZ
DMZ to inside
TCP/UDP 389 : LDAP
TCP/UDP 53 : DNS
TCP & UDP 88
DMZ to inside
DMZ to File Server
TCP 135 : MS-RPC
TCP 1025 & 1026 : AD Login
TCP 445 : SMB, MS-DS
TCP 139 : SMB
UDP 137 & 138 : NetBIOS
UDP 88 : Kerboros v5