Installation considerations

Important considerations to note before proceeding with an installation.

Disable the Windows Firewall before installing any Verisk products.
Disable User Account Control (UAC) before installing any Verisk products.
If you are using antivirus software, configure setup exclusions for AIR, IIS, SQL, and HPC directories as well as .exe files in those directories after installation. NIC Teaming (the process of combining multiple network cards together for performance and redundancy reasons) is not supported.
Microsoft requires that HPC service accounts be run in interactive mode which is the default mode. The service account must exist on the same domain as the servers hosting Touchstone/Touchstone Re and HPC.
System Administrator access must be enabled on the SQL server for the database installer to run.
Enable Windows Remote Shell on the servers (required). During installation, PowerShell scripts are executed to add the service account to HPC, and this account assumes the identity of all jobs submitted to HPC. The script caches the password inside HPC so there is no need to include the password in the IIS configuration files. This allows the application to submit jobs by only specifying the user name because HPC internally finds the password in its cache.
When deploying with a cloud provider, make sure the specs on the instance types conform with the recommended system requirements.

Clients licensing the Analyze Re Portfolio Rollup analysis option need internet access from compute nodes to the following ports to communicate with AWS.


Port Number	Protocol
443	https
80	http

Auto deliver cat bond companies feature

Clients licensing auto delivery of cat bond companies need internet access from compute nodes to the following port to communicate with AWS.


Port Number	Protocol
80	http

Additional CAT bond-related considerations include:

To view the Remodeling Guide associated with each cat bond company import, a web browser with a PDF viewer must be installed on the local Touchstone Re client.
This CAT bond feature has the following URLs for the OKTA authentication endpoint and AWS API Gateway endpoint whitelisted as defined in Web.config on the IIS Server.
- https://verisk-sso.okta.com/oauth2/ausmjhvnoiVX4e7Rv2p7/v1/token?grant_type=client_credentials
- https://tsre-catbond.cloud.air-worldwide.com/api/getcatbonds
RSS (Receive-Side Scaling) is enabled by default for all installs on the Network Interface Controller of the compute node.

SQL server security

For the latest on SQL server security for Touchstone/Touchstone Re installations refer to the document SQL Server Security