Page tree
Skip to end of metadata
Go to start of metadata

 

Assumptions:

  • You have the Smartcrypt Manager ZIP in the location:  “C:\\sc-manager\\mds.zip”
  • User is logged in as local admin on the machine
  • Windows Server Core with 32-bit support is used
  • You have the 32-bit Visual C++ Redistributable for Visual Studio 2012 Update 4 in the location: “C:\\sc-manager\\vcredist_x86.exe”

Overview

This guide will walk through the steps and commands that can be executed to take a bare minimum Windows Server Core system up to the point of running the Smartcrypt Manager

#Open Powershell
powershell

We are going to be using PowerShell to do a lot of the scripting, so we need to change the CMD window that opens on a console session in the Windows Core server into a PowerShell session.

 

Note, when in PowerShell, you will see PS on the far left of the CMD window.


 

Installing Internet Information Server (IIS) via PowerShell

 

#Install IIS and Components
install-windowsfeature web-server
install-windowsfeature web-mgmt-service
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1
install-windowsfeature Web-Asp-Net45  
install-windowsfeature Web-ISAPI-Ext
install-windowsfeature web-windows-auth
C:\\sc-manager\\vcredist_x86.exe
Net Stop WMSVC
Net Start WMSVC

In this section we are installing the prerequisites required to run Smartcrypt Server. Here is a breakdown of each command:

  • "install-windowsfeature web-server"

    • This is to install IIS so your server can host web sites / web apps.

  • "install-windowsfeature web-mgmt-service" 

    • This is used to enable IIS to be remotely managed. Nice for working in a GUI.

  • "Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1" 
    • This is a registry setting to allow remote management
  • "install-windowsfeature Web-Asp-Net45"
    • This will install the required components for .NET Extensibility 4.5
  • "install-windowsfeature Web-ISAPI-Ext" 
    • This will install the required components for ISAPI Extensions 3 and ISAPI Filters
  • "install-windowsfeature Web-Windows-Auth"
    • This will install the Server Role for Windows Authentication for the Web Server in IIS
  • C:\\sc-manager\\vcredist_x86.exe
  • Net Stop WMSVC
    • Stop the Web Management Service
  • Net Start WMSVC

    • Start the Web Management Service, to pick up the changes we've made

 

 


Setup Smartcrypt Manager

 

#Now Setup Smartcrypt Manager
Import-Module WebAdministration

cd IIS:\
Set-WebConfiguration //System.WebServer/Security/Authentication/windowsAuthentication -metadata overrideMode -value Allow -PSPath IIS:/
 
#create app pool
cd IIS:\Apppools\
$appPool = New-Item smartcrypt
$appPool | Set-ItemProperty -Name "managedRunTimeVersion" -Value "v4.0"
$appPool | Set-ItemProperty -Name "enable32BitAppOnWin64" -Value "true"

In this section of commands, we will be creating the web pool in IIS for the Smartcrypt Application, and configure some of the advanced settings for the IIS web pool.

  • "Import-Module WebAdministration" 

    • We need to import this PowerShell module to run IIS-specific commands 

  • cd IIS:\

  • Set-WebConfiguration //System.WebServer/Security/Authentication/windowsAuthentication -metadata overrideMode -value Allow -PSPath IIS:/

    • This command will enable Windows Authentication in all of IIS which is required for Smartcrypt authentications
  • cd IIS:\Apppools\

  • "$appPool = New-Item smartcrypt" 

    • We are going to create a new app pool called smartcrypt

  • $appPool | Set-ItemProperty -Name "managedRunTimeVersion" -Value "v4.0" 

    • After we create the app pool, we set an advanced setting for the run time version

  • $appPool | Set-ItemProperty -Name "enable32BitAppOnWin64" -Value "true" 

    • We also set the app pool to support 32-bit applications. This is required, and important to not skip.

 

 


 

Create Website

#create website
cd IIS:\Sites\
New-WebSite -Name sc-manager -Port 80 -PhysicalPath "C:\sc-manager" -ApplicationPool smartcrypt

Now that we have our App Pool, we can create a website.

  • cd IIS:\Sites\
  • New-WebSite -Name sc-manager -Port 80 -PhysicalPath "C:\sc-manager" -ApplicationPool smartcrypt

    • We first create a website called "sc-manager" with the default binding to port 80. This may error if you already have port 80 in use. We also set the path to C:\sc-manager. 
    • This will set the new website to use the web pool we created above

 


Extract MDS package (doing manually what Web-Deploy does automatically)

 

#extract zip 
$BackUpPath = “C:\\sc-manager\\mds.zip”
$Destination = “C:\\sc-manager”
Add-Type -assembly “system.io.compression.filesystem”
[io.compression.zipfile]::ExtractToDirectory($BackUpPath, $destination)


#Move Folder to correct location 
move-item "C:\\sc-manager\\Content\\E_C\\Smartcrypt Manager" "C:\\sc-manager\\mds"
 
#Remove extra files from .zip
remove-item "C:\\sc-manager\\Content" -recurse -confirm:$false
remove-item "C:\sc-manager\parameters.xml" -confirm:$false
remove-item "C:\sc-manager\systemInfo.xml" -confirm:$false
remove-item "C:\sc-manager\archive.xml" -confirm:$false

In this step we are going to extract the Smartcrypt Manager (also known as the MetaData Server, MDS) zip file and extract the files. After extracting the files, we are going to move them into the folder we are hosting the website created above.

  • $BackUpPath = “C:\\sc-manager\\mds.zip”
  • $Destination = “C:\\sc-manager”
  • Add-Type -assembly “system.io.compression.filesystem”
  • [io.compression.zipfile]::ExtractToDirectory($BackUpPath, $destination)
    • These steps basically initiate the dotNET framework through PowerShell and extract the .zip
  • move-item "C:\\sc-manager\\Content\\E_C\\Smartcrypt Manager" "C:\\sc-manager\\mds"
    • Move the "Smartcrypt Manager" application to the folder "C:\\sc-manager\\mds". We will use this in a step below, so if you alter if here, alter it below too.
  • remove-item "C:\\sc-manager\\Content" -recurse -confirm:$false
  • remove-item "C:\sc-manager\parameters.xml" -confirm:$false
  • remove-item "C:\sc-manager\systemInfo.xml" -confirm:$false
  • remove-item "C:\sc-manager\archive.xml" -confirm:$false
    • Remove some of the extra files that are used in Web Deploy. 
    • Web Deploy can also be used to import the application as well

 

 


Create website inside of IIS

#create website inside of IIS
cd IIS:\
new-webapplication -Name "mds" -Site "sc-manager" -physicalPath "C:\sc-manager\mds" -ApplicationPool "smartcrypt" 
cd IIS:\Sites\sc-manager\mds
Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value true -PSPath IIS:\ -location sc-manager/mds

Now that we have the Smartcrypt Manager package in the location "C:\sc-manager\mds" we will tell IIS this is our web application

  • cd IIS:\
  • new-webapplication -Name "mds" -Site "sc-manager" -physicalPath "C:\\sc-manager\\mds" -ApplicationPool "smartcrypt"
    • We are adding a web application called "mds" to the web site "sc-manager" and associating it with the "smartcrypt" app pool
    • the name "mds" will be used in the MDS, so if you change it, remember to change it later in these instructions.
  • cd IIS:\Sites\sc-manager\mds

  • Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value true -PSPath IIS:\ -location sc-manager/mds

    • This will enable Windows Authentication for the website. This is required.

 

 


 

Create self-signed certificate 

If you already have an SSL certificate you want to use, you do not need to generate one

#create self signed certificate
cd IIS:\
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname pkwareops.w2012r2x64c-1.qanet.dom
New-WebBinding -Name "sc-manager" -IP "*" -Port 443 -Protocol https
cd IIS:\sslbindings
get-item cert:\LocalMachine\MY\764FB4B310FBDAFC8EDE2665235059A4848CB448 | new-item 0.0.0.0!443
iisreset
  • cd IIS:\
  • New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname pkwareops.w2012r2x64c-1.qanet.dom
    • I am creating a self signed certificate for the entry "pkwareops.w2012r2x64c-1.qanet.dom". I will need to create a DNS entry for this in my domain as well.
    • When I run this, I will get a thumbprint for the SSL cert which I use later. Capture it.
  • New-WebBinding -Name "sc-manager" -IP "*" -Port 443 -Protocol https
    • I am adding a new binding for port 443 for the Site named "sc-manager"
  • cd IIS:\sslbindings
  • get-item cert:\LocalMachine\MY\764FB4B310FBDAFC8EDE2665235059A4848CB448 | new-item 0.0.0.0!443
    • Lastly I am searching to my certificate (by thumbprint returned above), and then associating it with traffic on port 443
  • iisreset

    • IISReset will stop and start the web server with all the new changes we've made.

Configure the Web Application

Now configure the web application by manually editing Web.config in Notepad

  1. Browse to the C:\sc-manager\mds\ folder and open web.config in Notepad (or your favorite text editor).
  2. Look for the "<connectionStrings>" section, which has the database connection string defined.
    • Replace the string "$(ReplacableToken_SmartcryptEntities-Web.config Connection String_0)" with a valid connection string with your environment's information:
      • Example: 
      • <add name="SmartcryptEntities" providerName="System.Data.SqlClient" connectionString="Data source=DBSERVER;initial catalog=DBNAME;user id=DBUSER;password=DBPASSWORD;multipleactiveresultsets=True;App=EntityFramework" />
      • This string is typically filled in during the WebDeploy setup, but we are skipping WebDeploy in this example
  3. Next, look for the "<appsettings>" value to configure the Ultimate Super User for first time log into the Smartcrypt Manager
    • The values: 
    • <add key="SatellitePassword" value="" />

      • This is the password that secures your Satellite account with PKWARE. It is used for encryption of all your keys. It should be securely backed up.
      • If this password is lost, no users will be able to use any existing Smartkey in Smartcrypt. It’s important the password is secure.
    • <add key="ADAdmin" value="" />
      • Select the preferred Active Directory account here. Leave empty to use a local account instead.
    • <add key="LocalAdmin" value="" />
      • Enter the username to select a locally defined user. Leave empty if you are using an Active Directory account.
    • <add key="LocalPassword" value="" />
      • If you selected a locally defined username, enter that user’s password here. Leave empty if you are using an Active Directory account.
  4. Save web.config.

Test the database configuration by running the database schema tool SmartcryptDB.exe

  • Navigate to MDS\Bin and run SmartcryptDB.exe.
  • The tool will connect to the database and deploy or upgrade the schema.
  • This also tests that your web server can connect to the database server.

Start the Website and connect in a web browser

  • If you have set up DNS internally, you can hit the application by the fully qualified DNS record, if not, you can use https://localhost/mds/superuser
  • If you followed these steps, your Smartcrypt manager will be accessible with <dns_entry>/mds/superuser
    • If you changed mds (the web app) name above, you will need to change it here

If you cannot reach the Smartcrypt Manager in a web browser (no response), the website is probably not running. You need to start it in PowerShell:

Start-WebSite -Name "sc-manager"
 

If the sc-manager website doesn't start, you might need to remove (or stop) the default website

Remove-WebSite -Name "Default Website"
or
Stop-WebSite -Name "Default Website"
 

 

 

  • No labels