You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Information

Files of indeed AM Server reside in: indeed AM 7\Indeed Enterprise Server\<Version number>\

  • IndeedEA.Server-x64.ru-ru.msi is the installation package of Indeed Enterprise Server.
  • /Misc/EA.KeyGen.exe is the utility to generate encryption keys.
  • /Misc/AccessControlInitialConfig/EA.Server.AccessControlInitialConfig.exe is the initial configuration utility.
  • /Misc/AccessControlInitialConfig/EA.Server.AccessControlInitialConfig.exe.config is the file to setup the configuration utility.
  • /Misc/EA.Config.Encryptor/EA.Config.Encryptor.exe is the utility to encrypt the configuration file.
  • /Misc/EA.Config.Encryptor/EA.Config.Encryptor.exe/encryptConfigs.bat is the script to encrypt all the sections of configuration file.
  • /Misc/EA.Config.Encryptor/EA.Config.Encryptor.exe/decryptConfigs.bat is the script to decrypt all the sections of configuration file.

Installation

  1. Install the Indeed Enterprise Server by running IndeedEA. Server-x64.ru-ru.msi installer.
  2. Add HTTPS binding in Default Web Site settings of IIS Manager. Information: Indeed Enterprise Server is a web application on the basis of IIS. “Require SSL” is a default installation setting, which, in turn, requires active HTTPS binding.

If you do not plan to use HTTPS protocol, then deactivate SSL requirement in IIS settings for  easerver and in the server configuration file (C:\inetpub\wwwroot\easerver\Web.config). To do so, change the value of "requireHttps" parameter to "false".

<appSettings>

<add key="requireHttps" value="false" />

</appSettings>

  1. Run IIS Manager and expand the Sites item.
  2. Select the Default Web Site site and click Bindings item in the Actions section.
  3. Click Add:
  4. Type - https.
  5. Port - 443.

iii. Select the SSL Certificate.

  1. Save the binding.

Modifying a configuration file.

Information

Errors that appear during  AM server deployment (for example, errors in configuration file) are logged according to the LogServer settings.

It is recommended to use EA.KeyGen. exe utility to generate encryption keys, using any available algorithm.

  1. Open the server configuration file named Web.config (C:

\inetpub\wwwroot\easerver\Web.config).

  1. Add a private key to sign the token of "secretKey” parameter of “logonSettings” tag. The "secretKey" parameter is used to create a user token in the "jwt” format. 
  2. Define the system user directory. To do so, edit the adUserCatalogProvider tag parameters:
  3. id  is the unique identifier of the directory.
  4. serverName is the name of Active Directory domain, where the said directory resides.
  5. containerPath is the path to the container in the form of Distinguished Name or the domain itself (again as DN), if the whole of the domain is used to store users.
  6. userName is the name of service account used to connect to the user directory.
  7. password is the password of the service account for the user directory in AD.
  8. Define the root identifier of the provider to work with the directory. To do so, edit the rootUserCatalogProviderId attribute of  userCatalogProviderSettings tag.
  9. rootUserCatalogProviderId - set it to the value of Id attribute of  adUserCatalogProvider tag.


  1. Define the system data storage. In SQL Server, edit dbContextSettings tag and create mssqlDbContext tag with id and connectionString parameters.
  2. rootDbContextId is an the unique value of storage identifier.
  3. id - set it to the value of rootDbContextId tag.
  4. Add the connectionString parameter with built-in parameters:

Data Source - this defines the server instance. The parameter is mandatory for all connections. Admissible values are: network name or server IP address, local or  localhost for local connections.

Initial Catalog defines the database name.

User Id is the user name to connect to the database. Password is user password to connect to the database.

  1. Define the encryption key for the system data. To do so, edit the encryptionSettings tag parameters.
  2. cryptoAlgName specifies the encryption algorithm used.
  3. cryptoKey contains key values generated by the utility.
  4. certificateThumbprint - Thumbprint of the certificate used to encrypt the key (delete the attribute, if it is not to be used).
  5. Define the system administrator. To do so, edit the userId parameter of accessControlAdminSettings tag.
  6. userId is the user identifier in the following format: “Directory identifier (rootUserCatalogProviderId); underscore; user identifier in the directory”.

Note: The user in question has to be within the user directory.

Information: GUID can be found with PowerShell command. For this, Remote Server Administration Tools component has to be installed.

  1. Define url to connect to log server. To do so, edit the logServer tag.
  2. URL is url to connect to log server in the following format http(s)://server_name/ils/api.
  3. CertificateThumbprint - this is to be defined if the private key is stored in the registry, and the certificate is in the PC storage.
  4. CertificateFilePath -this is to be defined, if the key pair is stored in pfx.
  5. CertificateFilePassword is the password for pfx. 

Encryption / decryption of configuration file.

  1. Run command line as Administrator.
  2. In command line, switch to encryption utility folder.

Information: The utility encrypts the following sections: logServer, logonSettings, userCatalogProviderSettings, encryptionSettings, dbContextSettings. It is recommended to encrypt all the sections.

  1. Encryption / decryption of separate sections.

To encrypt a separate section, you have to execute the following command: EA. Config.Encryptor /encrypt "Path to server configuration file" "Section name”

To decrypt a separate section, you have to execute the following command: EA. Config.Encryptor /decrypt "Path to server configuration file" "Section name”

  1. Encryption/decryption of all sections.

To encrypt a separate section, run the encryptConfigs. bat script.

To decrypt a separate section, run the decryptConfigs.bat script. 

Initial configuration setup

  1. Open the EA.Server.AccessControlInitialConfig.exe.config file for editing.
  2. Edit the key attribute - value parameter is to be set to true, if Windows Token is planned to be used for authentication.

If the server is within the domain, you can use one of the following providers: windows password, emailOTP, smsOTP. To do so, value is to be set to false.

3. Run the EA.Server.AccessControlInitialConfig.exe utility at the domain machine under the user account, which is to become system administrator and which defined as administrator in the accessControlAdminSettings tag.

  • No labels