From 2643a310381441fa3625b01b80fef4f7ea5c8671 Mon Sep 17 00:00:00 2001 From: james-haytko_nwx Date: Mon, 2 Mar 2026 17:50:49 -0600 Subject: [PATCH 1/4] doc rewrite 2 --- .../9.3/installation/installation.md | 57 +++++++------------ 1 file changed, 21 insertions(+), 36 deletions(-) diff --git a/docs/passwordsecure/9.3/installation/installation.md b/docs/passwordsecure/9.3/installation/installation.md index 7250488faa..96ae5ffd68 100644 --- a/docs/passwordsecure/9.3/installation/installation.md +++ b/docs/passwordsecure/9.3/installation/installation.md @@ -6,71 +6,56 @@ sidebar_position: 20 # Installation -The following pages will provide you with all the information how to install the different Netwrix -Password Secure components. +This section covers how to install each Netwrix Password Secure component. ## System landscape -The following overview presents a basic production Netwrix Password Secure system landscape. Version -9 allows the use of several database servers across all sites. These are then synchronized using -Microsoft SQL server tools. Any number of application servers can be made available for the client -connection. This ensures load distribution, and allows work without significant latency. This -technology offers enormous performance advantages, particularly in the case of installations that -are spread across worldwide locations. +A basic production Netwrix Password Secure system landscape consists of the three tiers described below. Version 9 supports multiple database servers across all sites, synchronized using Microsoft SQL Server tools. You can deploy any number of application servers to handle client connections, which distributes load and reduces latency. This is especially valuable for installations spread across multiple geographic locations. ## Client (presentation layer) -The client layer handles the representation of all data and functions, which are provided by the -application server. +The client layer handles the presentation of all data and functions that the application server provides. ## Application server (business logic) -The application server is entirely responsible for the control of the business logic. This server -only ever delivers the data for which the corresponding permissions are available. The multi-tier -architecture described at the beginning allows the use of several application servers and ensures -efficient load distribution. +The application server controls all business logic and only delivers data for which the corresponding permissions exist. The multi-tier architecture supports multiple application servers, ensuring efficient load distribution. ## Database server (data storage) -Netwrix Password Secure uses Microsoft SQL Server to store data due to its widespread use, and its -ability to ensure high-performance access even in large and geographically scattered environments. -Smaller installations may also use the free SQL Express version. +Netwrix Password Secure uses Microsoft SQL Server for data storage, which provides high-performance access in large and geographically distributed environments. Smaller installations can use the free SQL Express edition. -## Conclusion +## Recommended server configuration -At least three servers are thus recommended: +A minimum of three servers is recommended: - Database server (MSSQL) - Application server (Netwrix Password Secure services) - Web server (IIS, NginX, Apache 2) -**CAUTION:** For databases in a production system, we recommend using a fail-safe cluster. Microsoft -SQL Server can replicate the data to a different data centre, e.g via WAN. We also recommend -providing a Windows server for each function. Separating the systems makes it easier to expand and -scale the system landscape at a later point. However, it is not absolutely necessary to separate the -systems. Accordingly, all of the components can also be installed on one server in the case of -smaller installations or test environments. +:::warning +For production systems, use a fail-safe database cluster. Microsoft SQL Server can replicate data to a different data center, for example via WAN. Netwrix also recommends a dedicated Windows Server for each role — separating roles makes it easier to expand and scale the environment later. For smaller installations or test environments, you can install all components on a single server. +::: -### Firewall rules / Ports +## Firewall rules and ports -## MSSQL Server +### MSSQL Server -- Port 1433 TCP for communication with application server (incoming) +- Port 1433 TCP for communication with the application server (incoming) ### Application server - Port 443 HTTPS for connection to the Netwrix Password Secure license server (outgoing) -- Port 11011 TCP for communication with clients or web server IIS (incoming) -- Port 11014 TCP for the backup service (usually does not need to be unlocked) -- Port 11016 TCP for the Web services (incoming; only when using the Web Application) -- Port 11018 TCP for real-time update (incoming) +- Port 11011 TCP for communication with clients or the IIS web server (incoming) +- Port 11014 TCP for the backup service (usually doesn't need to be opened) +- Port 11016 TCP for web services (incoming; only required when using the Web Application) +- Port 11018 TCP for real-time updates (incoming) - Port 1433 TCP for communication with SQL Server (outgoing) -### Webserver (Web Application) +### Web server (Web Application) -- Port 443 HTTPS to access the webserver from the client (incoming) -- Port 11016 for communication to the application server (outgoing) -- Port 11018 for the real-time update (outgoing) +- Port 443 HTTPS to access the web server from the client (incoming) +- Port 11016 for communication with the application server (outgoing) +- Port 11018 for real-time updates (outgoing) ### Client From 3afe00628fa53eda5c7ba1a272a7a44f82475c4b Mon Sep 17 00:00:00 2001 From: james-haytko_nwx Date: Mon, 2 Mar 2026 17:57:10 -0600 Subject: [PATCH 2/4] Fix last issue line rendering as H2 heading The FOOTER started with "\n---\n\n", placing --- immediately after the last issue line with only one newline between them. In Markdown, a line followed by --- on the next line is a setext H2 heading. Adding a blank line before --- makes it render as a horizontal rule instead. Generated with AI Co-Authored-By: Claude Code --- .github/workflows/claude-documentation-reviewer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude-documentation-reviewer.yml b/.github/workflows/claude-documentation-reviewer.yml index 7617a2ad72..08c496ca15 100644 --- a/.github/workflows/claude-documentation-reviewer.yml +++ b/.github/workflows/claude-documentation-reviewer.yml @@ -133,7 +133,7 @@ jobs: import sys FOOTER = ( - "\n---\n\n" + "\n\n---\n\n" "To apply suggested fixes to the updated documentation, individually or in bulk, comment `@claude`" " on this PR followed by your instructions (`@claude fix all issues`" " or `@claude fix all linting issues` or `@claude fix only the spelling errors`).\n\n" From ce0d0e873ff9711ac909fbe7c051faf4b16e4b7a Mon Sep 17 00:00:00 2001 From: james-haytko_nwx Date: Mon, 2 Mar 2026 18:09:26 -0600 Subject: [PATCH 3/4] Use * * * instead of --- as review footer separator GitHub normalizes PR review body storage, collapsing blank lines so that --- ends up immediately after the last issue line regardless of how many newlines precede it. A line of text followed by --- renders as a setext H2 heading in Markdown. * * * is also a valid horizontal rule but cannot be a setext heading marker (only = and - are setext underline characters), so the last issue line always renders as plain text. Generated with AI Co-Authored-By: Claude Code --- .github/workflows/claude-documentation-reviewer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude-documentation-reviewer.yml b/.github/workflows/claude-documentation-reviewer.yml index 08c496ca15..e40986f2b9 100644 --- a/.github/workflows/claude-documentation-reviewer.yml +++ b/.github/workflows/claude-documentation-reviewer.yml @@ -133,7 +133,7 @@ jobs: import sys FOOTER = ( - "\n\n---\n\n" + "\n\n* * *\n\n" "To apply suggested fixes to the updated documentation, individually or in bulk, comment `@claude`" " on this PR followed by your instructions (`@claude fix all issues`" " or `@claude fix all linting issues` or `@claude fix only the spelling errors`).\n\n" From 87424f1c045f3a1e646bf893fd6c360911349016 Mon Sep 17 00:00:00 2001 From: jth-nw Date: Mon, 2 Mar 2026 18:27:08 -0600 Subject: [PATCH 4/4] Apply suggestions from code review Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- docs/passwordsecure/9.3/installation/installation.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/passwordsecure/9.3/installation/installation.md b/docs/passwordsecure/9.3/installation/installation.md index 96ae5ffd68..133f1463c8 100644 --- a/docs/passwordsecure/9.3/installation/installation.md +++ b/docs/passwordsecure/9.3/installation/installation.md @@ -10,7 +10,7 @@ This section covers how to install each Netwrix Password Secure component. ## System landscape -A basic production Netwrix Password Secure system landscape consists of the three tiers described below. Version 9 supports multiple database servers across all sites, synchronized using Microsoft SQL Server tools. You can deploy any number of application servers to handle client connections, which distributes load and reduces latency. This is especially valuable for installations spread across multiple geographic locations. +A basic production Netwrix Password Secure system landscape consists of the three tiers described below. Version 9 supports multiple database servers across all sites, and Microsoft SQL Server tools synchronize them. You can deploy any number of application servers to handle client connections, which distributes load and reduces latency. This is especially valuable for installations spread across multiple geographic locations. ## Client (presentation layer) @@ -26,19 +26,19 @@ Netwrix Password Secure uses Microsoft SQL Server for data storage, which provid ## Recommended server configuration -A minimum of three servers is recommended: +Use a minimum of three servers: - Database server (MSSQL) - Application server (Netwrix Password Secure services) - Web server (IIS, NginX, Apache 2) :::warning -For production systems, use a fail-safe database cluster. Microsoft SQL Server can replicate data to a different data center, for example via WAN. Netwrix also recommends a dedicated Windows Server for each role — separating roles makes it easier to expand and scale the environment later. For smaller installations or test environments, you can install all components on a single server. +For production systems, use a fail-safe database cluster. Microsoft SQL Server can replicate data to a different data center, for example via WAN. Also use a dedicated Windows Server for each role — separating roles makes it easier to expand and scale the environment later. For smaller installations or test environments, you can install all components on a single server. ::: ## Firewall rules and ports -### MSSQL Server +### MSSQL server - Port 1433 TCP for communication with the application server (incoming) @@ -46,7 +46,7 @@ For production systems, use a fail-safe database cluster. Microsoft SQL Server c - Port 443 HTTPS for connection to the Netwrix Password Secure license server (outgoing) - Port 11011 TCP for communication with clients or the IIS web server (incoming) -- Port 11014 TCP for the backup service (usually doesn't need to be opened) +- Port 11014 TCP for the backup service (usually not required) - Port 11016 TCP for web services (incoming; only required when using the Web Application) - Port 11018 TCP for real-time updates (incoming) - Port 1433 TCP for communication with SQL Server (outgoing)