Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Smartcrypt Manager Requirements

  • A SQL Server Database
  • A Windows Server joined to the domain with IIS Installed

Configuring Smartcrypt Manager Web Application

Follow these steps to configure the Smartcrypt Manager Web Application:

 

Setting Up SQL Server 

Before installing Smartcrypt Manager, you must create an empty database and supply a database user for the Smartcrypt Manager to use. 

The database should use the Latin1_General_CI_AS collation.

The database user requires db_owner of the Smartcrypt database.

Please consult the documentation for your version of SQL Server, if necessary.

Install the Visual C++ 2012 Runtime 

Smartcrypt is developed with Microsoft® Visual Studio® 2012. The Microsoft Visual C++ redistributable enables some required features for Smartcrypt.

  1. Go to https://www.microsoft.com/en-us/download/details.aspx?id=30679. This site hosts the current version of this runtime application.
  2. Click Download.
  3. Select the vcredist_x86 file. This is the 32-bit version of the runtime.
  4. Click Next to begin the download.
  5. Run the file to install.

Install Web Deploy with Microsoft Web Platform Installer 

The last step before you install Smartcrypt is to include the Web Deploy tool from Microsoft. Get Web Deploy through the Microsoft Web Platform Installer (WPI), a free Microsoft tool to install a variety of products into IIS. Download WPI from http://www.microsoft.com/web/downloads/platform.aspx

After you download wpilauncher.exe, run this file to see the Web Platform Installer screen. Click the Search box in the upper right corner and type Web Deploy. Several options may appear, depending on what applications are supported. For your initial installation, we recommend you select the most recent version of Web Deploy with bundled SQL support. Click Add on the latest version of Web Deploy (version 3.6 as of January 2016). WPI will install everything you need.

Configure Internet Information Server for Smartcrypt 

Prior to installing the Smartcrypt Manager website, you must have two features installed and configured on IIS. There are important, if slight, differences in the setups depending on which version of Windows Server you are running.

If you already have these features installed and configured, no changes are required. Skip to “Install Smartcrypt Manager.”

Setting up IIS in Windows Server 2012 R2

  1. From Server Manager, go to IIS.
  2. Click Add Roles and Features.
  3. Skip the Before you begin page. Click Next.
  4. On the Installation Type page, select Role-based or feature-based installation. Click Next.
  5. On the Select destination server page, choose the server you will install Smartcrypt on. Click Next.
  6. On the Server Roles page, select Web Server (IIS).
  7. On the Features page, check ASP.NET 4.5. Click Next.
  8. Under Web Server Role (IIS), go to Role Services.
  9. On the Role Services page, check Windows Authentication (under Security) and ASP.NET 4.5 (under Application Development). Click Next.

10. Click Add Features when the Wizard asks you to Add:

  • .NET Extensibility 4.5
  • ISAPI Extensions
  • ISAPI Filters

11. Confirm your installation selections and click Install.

 

These features are now active.

Setting up IIS in Windows Server 2008 R2

  1. From the Server Manager, go to Web Server (IIS).
  2. If ASP.NET and/or Windows Authentication appear as Not Installed in the Role Services list, click Add Role Services.
  3. Under Application Development, check ASP.NET.
  4. Click Add Required Role Services when the Wizard asks you to Add:
  • .NET Extensibility
  • ISAPI Extensions
  • ISAPI Filters
  1. To enable Windows Authentication, open Security.
  2. Check the Windows Authentication box.
  3. Click Install to add these features.

Enabling .NET Framework 4 Support in IIS (Windows Server 2008)

After installing the ASP.NET features in the Server Manager, you must still enable the .NET Framework in Windows Server 2008. This is done from an Administrator command prompt.

  1. Open the Command Prompt.
  2. Go to C:\Windows\Microsoft.NET\Framework64\v4.0.XXXXX.
  3. Run aspnet_regiis.exe -i.
  4. ASP.NET RegIIS will install ASP.NET.

Configure Windows Authentication for the Application 

After adding Windows Authentication to the Windows Server configuration, you must further configure the IIS Manager to permit this. The steps to allow single sign on are the same for both Windows Server 2008 and 2012:

  1. Open the IIS Manager (Control Panel > Administrative Tools > Internet Information Services Manager)
  2. In the Management section, select Feature Delegation
  3. Change the Authentication - Windows setting to Read/Write
  4. From the main window, click Authentication.
  5. Select Windows Authentication
  6. In the Actions panel on the right, click Enable.
  7. Click Providers.
  8. Use the Move Up button to bring NTLM to the top of the list. Save.

Install Smartcrypt Manager 

As a web application, there are several steps to deploying Smartcrypt Manager.

Adding an Application Pool

While not always necessary, if you have a website already configured in IIS, you should add an Application Pool to your configuration.

  1. Open the IIS Manager (Control Panel > Administrative Tools > Internet Information Services Manager).
  2. Click View Application Pools to display existing pools.
  3. Click Add Application Pool.
  4. Give the application pool a name (possibly something like “MDS"). It is appropriate to accept the remaining default options.
  5. Under Edit Application Pool, click Advanced Settings for your new pool.
  6. Select Enable 32-Bit Applications, Select True from the dropdown menu. This allows 32-bit applications (like Smartcrypt) to run on 64-bit Windows.

Configuring SSL (Required)

Ensure that your site has been configured with an SSL certificate matching the name you will be using for the Smartcrypt Manager.

Note: This certificate must be trusted by devices running deployed instances of the Smartcrypt Application as well as any browsers used by your Security and Administration teams.

Deploying Smartcrypt

  1. Download the latest package ZIP file from PKWARE to your server. Note: Do not extract the contents of the ZIP archive.
  2. In IIS Manager, go to Sites.
  3. Click Add Web Site. Name it Smartcrypt Manager. Select the application pool you created.

If you are setting up IIS solely to run Smartcrypt, we recommend that you rename Default Web Site to Smartcrypt Manager.

  1. In the Action menu on the right side of the screen, select Import Application from the Deploy section.
  2. Browse to the directory where the Smartcrypt package is located, select the ZIP, and click Next.
  3. Review the contents of the package, and click Next to confirm.
  4. Enter Application Package Information:
  • Application Path: Where Smartcrypt sits on your server. This should be set to mds, but can be edited.
  • Smartcrypt Manager Server Password: This is the password that secures your Satellite account with PKWARE. It is used for encryption of all your keys. It should be securely backed up. If this password is lost, no user will be able to use any existing Smartkey in Smartcrypt. It’s important the password is secure.

Define the System Administrator

Smartcrypt Manager needs to have one System Administrator to do the initial setup. Choose to authenticate the first System Administrator through Active Directory or a local username and password. If you are installing multiple instances of the Smartcrypt Manager, the values need to be the same on all installations.

  • AD SysAdmin: Select the preferred Active Directory account here. Leave empty to use a local account instead.
  • Local SysAdmin: Enter the username to select a locally defined user. Leave empty if you are using an Active Directory account.
  • Local SysAdmin Password: If you selected a locally defined username, enter that user’s password here. Leave empty if you are using an Active Directory account.
  • Connection String: Connects Smartcrypt Manager to the database you set up at the start. Edit this line with the data source (database server), initial catalog (the name of the database to be used by Smartcrypt), and the login credentials of the database admin (dbuser and dbpassword).
  1. Click Next to install Smartcrypt Manager.
  2. To populate the database, run SmartCryptDB.exe. This file is included in the ZIP package (Step 1).

 

Point your browser to https://<server>/<ApplicationPath>/SuperUser to login with the System Administrator credentials (Active Directory or Local) and start using Smartcrypt.

Example: https://smartcrypt.pkware.com/mds/SuperUser


  • No labels