Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

Smartcrypt Manager Requirements

  • An SQL Server Database
  • A Windows Server joined to the domain with IIS installed

Note

The Windows Server environment needs to have access to authenticate with the domain for Smartcrypt users. This authentication occurs over the standard Active Directory Domain Services protocols. For more information about ports that are needed for the Windows Server to have access to the domain, see:  https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

 

 

Configuring Smartcrypt Manager Web Application

Follow these steps to configure the Smartcrypt Manager Web Application:

 

Setting Up SQL Server 

Before installing Smartcrypt Manager, you must create an empty database. The database should use the Latin1_General_CI_AS collation. The database user requires db_owner of the Smartcrypt database. Please consult the documentation for your version of SQL Server, if necessary.

Install the Visual C++ 2012 Runtime 

Smartcrypt is developed with Microsoft® Visual Studio® 2012. The Microsoft Visual C++ redistributable enables some required features for Smartcrypt.

  1. Go to https://www.microsoft.com/en-us/download/details.aspx?id=30679. This site hosts the current version of this runtime application.
  2. Click Download.
  3. Select the vcredist_x86 file. This is the 32-bit version of the runtime.
  4. Click Next to begin the download.
  5. Run the file to install.

Install Web Deploy with Microsoft Web Platform Installer 

Next, include the Web Deploy tool from Microsoft. Get Web Deploy through the Microsoft Web Platform Installer (WPI), a free Microsoft tool to install a variety of products into IIS. Download WPI from http://www.microsoft.com/web/downloads/platform.aspx

After you download wpilauncher.exe, run this file to see the Web Platform Installer screen. Click the Search box in the upper right corner and type Web Deploy. Several options may appear, depending on what applications are supported. For your initial installation, we recommend you select the most recent version of Web Deploy with bundled SQL support. Click Add on the latest version of Web Deploy (version 3.6 as of January 2016). WPI will install everything you need.

Configure Internet Information Server for Smartcrypt 

Prior to installing the Smartcrypt Manager website, you must have two features installed and configured on IIS. There are important, if slight, differences in the setups depending on which version of Windows Server you are running.

If you already have these features installed and configured, no changes are required. Skip to “Install Smartcrypt Manager.”

Setting up IIS in Windows Server 2012 R2

  1. From Server Manager, go to IIS.
  2. Click Add Roles and Features.
  3. Skip the Before you begin page. Click Next.
  4. On the Installation Type page, select Role-based or feature-based installation. Click Next.
  5. On the Select destination server page, choose the server you will install Smartcrypt on. Click Next.
  6. On the Server Roles page, select Web Server (IIS).
  7. On the Features page, check ASP.NET 4.5. Click Next.
  8. Under Web Server Role (IIS), go to Role Services.
  9. On the Role Services page, check Windows Authentication (under Security) and ASP.NET 4.5 (under Application Development). Click Next.

10. Click Add Features when the Wizard asks you to Add:

  • .NET Extensibility 4.5
  • ISAPI Extensions
  • ISAPI Filters

11. Confirm your installation selections and click Install.

 

These features are now active.

Setting up IIS in Windows Server 2008 R2

  1. From the Server Manager, go to Web Server (IIS).
  2. If ASP.NET and/or Windows Authentication appear as Not Installed in the Role Services list, click Add Role Services.
  3. Under Application Development, check ASP.NET.
  4. Click Add Required Role Services when the Wizard asks you to Add:
  • .NET Extensibility
  • ISAPI Extensions
  • ISAPI Filters
  1. To enable Windows Authentication, open Security.
  2. Check the Windows Authentication box.
  3. Click Install to add these features.

Enabling .NET Framework 4 Support in IIS (Windows Server 2008)

After installing the ASP.NET features in the Server Manager, you must still enable the .NET Framework in Windows Server 2008. This is done from an Administrator command prompt.

  1. Open the Command Prompt.
  2. Go to C:\Windows\Microsoft.NET\Framework64\v4.0.XXXXX.
  3. Run aspnet_regiis.exe -i.
  4. ASP.NET RegIIS will install ASP.NET.

Configure Windows Authentication for the Application 

After adding Windows Authentication to the Windows Server configuration, you must further configure the IIS Manager to permit this. The steps to allow single sign on are the same for both Windows Server 2008 and 2012:

  1. Open the IIS Manager (Control Panel > Administrative Tools > Internet Information Services Manager)
  2. In the Management section, select Feature Delegation
  3. Change the Authentication - Windows setting to Read/Write
  4. From the main window, click Authentication.

Install Smartcrypt Manager 

Now that the prerequisites are fulfilled, we are ready to install the Smartcrypt Manager.

Adding an Application Pool 

  1. Open the IIS Manager (Control Panel > Administrative Tools > Internet Information Services Manager).
  2. Click View Application Pools to display existing pools.
  3. Click Add Application Pool.
  4. Give the Application Pool a name (possibly something like “MDS"). It is appropriate to accept the remaining default options.

Now configure the Application Pool to allow 32 bit applications.

  1. Under Edit Application Pool, click Advanced Settings for your new pool.
  2. Select Enable 32-Bit Applications, Select True from the dropdown menu. This allows 32-bit applications (like Smartcrypt) to run on 64-bit Windows.

Adding a website 

  1. Download the latest package ZIP file from PKWARE to your server. Note: Do not extract the contents of the ZIP archive.
  2. In IIS Manager, go to Sites.
  3. Click Add Website. Name it Smartcrypt Manager. 
  4. The Add Website dialog will open. Make sure you select the Application pool created above. Also define the physical path, site name and a hostname. 
    1. Remember, if you give the website a hostname, you will need to make sure your domain has proper routing for the hostname defined in DNS. 
    2. If you are accessing your Smartcrypt Manager from outside your internal network domain, you will also need a public DNS entry created.
  5. Click OK to complete this step.

Importing the web application with Web Deploy 

  1. Highlight the website created above above and look for the Deploy options in the right side menu. Select Import Application.
  2. Web Deploy will launch and ask you to select the Smartcrypt Manager .ZIP file
  3. Web Deploy will scan the contents of the package. Click next to continue.
  4. Web Deploy will prompt for some application configuration options which are required to get the Smartcrypt Manager configured properly.
    1. Application Path: This is the name of the web application. This name the will appear in the URL you will use to access the Manager.
    2. Smartcrypt Manager Server Password: This is the password that secures your Satellite account with PKWARE. It is used for encryption of all your keys. It should be securely backed up.

      1. If this password is lost, no users will be able to use any existing Smartkey in Smartcrypt. It’s important the password is secure.

    3. You need to define the first system administrator who can log in to the Smartcrypt Manager
      1. AD SysAdmin: Select the preferred Active Directory account here. Leave empty to use a local account instead.
      2. or
      3. Local SysAdmin: Enter the username to select a locally defined user. Leave empty if you are using an Active Directory account.
      4. Local SysAdmin Password: If you selected a locally defined username, enter that user’s password here. Leave empty if you are using an Active Directory account.
    4. Connection String: Connects Smartcrypt Manager to the database you set up at the start. Edit this line with the data source (database server), initial catalog (the name of the database to be used by Smartcrypt), and the login credentials of the database admin (dbuser and dbpassword).
  5. Click Next to install Smartcrypt Manager.
  6. Web Deploy will process and complete the setup.

Enabling SSL for the Website 

The Smartcrypt Manager requires an SSL connection to protect data being posted to the server. We need to add a binding to enable SSL for this website.

  1. Select the website on the left side menu in IIS. Then select bindings on the right side of the IIS menu.
  2. To add a binding, select the type (https) and then select your SSL Certificate
    1. Remember a certificate needs to be trusted on your devices.

 

Creating the Smartcrypt database schema 

Now that the web application is set up and deployed with SSL configured, the last item we need to complete is populating the Smartcrypt database with the initial schema. Smartcrypt comes with a tool to complete this task for you called SmartcryptDB.exe.

  1. Open a command window (cmd).
  2. Change directory to the location you installed the website to (above) and look for the bin directory.
  3. Now execute SmartcryptDB.exe.
  4. The tool should run and set up the required scheme for the version of the Smartcrypt Manager you have.

 

Make sure your Application Pool is started and your website is started in IIS. Next, point your browser to https://<server>/<ApplicationPath>/SuperUser to login with the System Administrator credentials (Active Directory or Local) and start using Smartcrypt.

Example: https://smartcrypt.pkware.com/mds/SuperUser


  • No labels