The purpose of this guide is to describe the environmental requirements and steps required to configure the Smartcrypt Manager and associated Smartcrypt Application (Agent).
A Windows Server to host the Smartcrypt Manager. This server should be joined to an Active Directory domain.
A SQL Server Database where Smartcrypt Manager application data will live. Before installing you should obtain:
Database server instance name
Database username with access to the above database
Database user password
An SSL certificate that matches the hostname you wish to use for the Smartcrypt Manager
(optional) A DNS record for "pkwareops.[domain.ext]" published into your internal/external DNS. The Smartcrypt application will look for this record by default.
The Windows Server that will host the Smartcrypt Manager site/application needs to have access to authenticate with your Active Directory. This authentication occurs over the standard Active Directory Domain Services protocols. For more information about ports that are needed for the Windows Server to have access to the domain, see: https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
Looking for instructions for installing on Windows Server Core? We've got you covered here: Windows Server Core Installation and Setup Guide
New in 15.3 is the option to perform a scripted installation of the Smartcrypt Manager. Contact your PKWARE account representative to obtain the appropriate package for your platform.
The script performs the following steps, in order:
Notes for the scripted deployment option:
Running the installation script
Extract the mds-installer.zip file and browse to the extracted location via PowerShell
Confirm your selections:
Mobile and IOS devices cannot connect to the SMDS when it has been configured with this script. This is because these devices cannot use the self-signed certificate created by the setup script. Installing a trusted certificate will allow these types of devices to connect to SMDS.
The Smartcrypt Manager requires an empty database, appropriate authentication credentials and permissions. Please perform the following actions, consulting the documentation for your version of SQL Server, if necessary.
For More Information about how to authenticate to Microsoft SQL Server, see:
Perform the following steps on the Windows Server running IIS:
Smartcrypt is developed with Microsoft® Visual Studio® 2012. The Microsoft Visual C++ redistributable enables some required features for Smartcrypt. Since Smartcrypt was created using Visual Studio 2012, the 2012 redistributables are required.
Prior to installing the Smartcrypt Manager website, you must have two features installed and configured on IIS. There are important, if slight, differences in the setups depending on which version of Windows Server you are running.
If you already have these features installed and configured, no changes are required. Skip to “Install Smartcrypt Manager.”
Setting up IIS in Windows Server 2012 R2
Setting up IIS in Windows Server 2008 R2
Launch the Server Manager and select IIS
Launch the Server Manager and select Web Server (IIS).
Enabling .NET Framework 4 Support in IIS (Windows Server 2008)
After installing the ASP.NET features in the Server Manager, you must still enable the .NET Framework in Windows Server 2008. This is done from an Administrator command prompt.
Install Web Deploy through the Microsoft Web Platform Installer (WPI), a free Microsoft tool to install a variety of products into IIS. Download WPI from http://www.iis.net/downloads/microsoft/web-deploy
After you download wpilauncher.exe, run it to see the Web Platform Installer screen. Click the Search box in the upper right corner and type "Web Deploy." Several options may appear, depending on what applications are supported. For your initial installation, we recommend you select the most recent version of Web Deploy with bundled SQL support. At the time this was written, 3.5 was the latest version so for example, Click Add on Web Deploy 3.5 with bundled SQL support. WPI will install everything you need.
After adding Windows Authentication to the Windows Server configuration, you must further configure the IIS Manager to permit this. The steps to allow single sign on are the same for both Windows Server 2008 and 2012:
If you are accessing Smartcrypt Manager from outside your internal network domain, you also need to create a public DNS entry.
The Smartcrypt Manager requires an SSL connection to protect data being posted to the server. We need to add a binding to enable SSL for this website.
Verify the site is working properly by pointing your browser to https://<server>/ – you should see the IIS Welcome Page.
Verify the certificate is trusted on your other devices!
If you are using a self-signed certificate, this will require additional steps. Learn how to trust any certificate here.
Now that the prerequisites are fulfilled, we are ready to install the Smartcrypt Manager.
Note: The next section assumes you have a .ZIP file containing the Smartcrypt Manager deployment package.
Now that the web application is set up and deployed with SSL configured, the last item we need to complete is populating the Smartcrypt database with the initial schema. Smartcrypt comes with a tool to complete this task for you called SmartcryptDB.exe. From the application server running IIS:
Make sure your Application Pool is started and your website is started in IIS. Next, point your browser to https://<server>/<ApplicationPath>/SuperUser to login with the System Administrator credentials (Active Directory or Local) and start using Smartcrypt.