Preview only show first 10 pages with watermark. For full document please download

Windows Server Core Installation And Setup Guide

   EMBED

Share

Transcript

Windows Server Core Installation and Setup Guide Overview Installing Internet Information Server (IIS) via PowerShell Setup Smartcrypt Manager Create Website Extract MDS package (doing manually what Web-Deploy does automatically) Create website inside of IIS Create self-signed certificate Configure the Web Application Test the database configuration by running the database schema tool SmartcryptDB.exe Start the Website and connect in a web browser Assumptions: You have the Smartcrypt Manager ZIP in the location: “C:\\sc-manager\\mds.zip” User is logged in as local admin on the machine Windows Server Core with 32-bit support is used You have the 32-bit Visual C++ Redistributable for Visual Studio 2012 Update 4 in the location: “C:\\sc-manager\\vcredist_x86.exe” Overview This guide will walk through the steps and commands that can be executed to take a bare minimum Windows Server Core system up to the point of running the Smartcrypt Manager #Open Powershell powershell We are going to be using PowerShell to do a lot of the scripting, so we need to change the CMD window that opens on a console session in the Windows Core server into a PowerShell session. Note, when in PowerShell, you will see PS on the far left of the CMD window. Installing Internet Information Server (IIS) via PowerShell #Install IIS and Components install-windowsfeature web-server install-windowsfeature web-mgmt-service Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1 install-windowsfeature Web-Asp-Net45 install-windowsfeature Web-ISAPI-Ext install-windowsfeature web-windows-auth C:\\sc-manager\\vcredist_x86.exe Net Stop WMSVC Net Start WMSVC In this section we are installing the prerequisites required to run Smartcrypt Server. Here is a breakdown of each command: "install-windowsfeature web-server" This is to install IIS so your server can host web sites / web apps. "install-windowsfeature web-mgmt-service" This is used to enable IIS to be remotely managed. Nice for working in a GUI. "Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1" This is a registry setting to allow remote management "install-windowsfeature Web-Asp-Net45" This will install the required components for .NET Extensibility 4.5 "install-windowsfeature Web-ISAPI-Ext" This will install the required components for ISAPI Extensions 3 and ISAPI Filters "install-windowsfeature Web-Windows-Auth" This will install the Server Role for Windows Authentication for the Web Server in IIS C:\\sc-manager\\vcredist_x86.exe This will install the 32-bit Visual C++ Redistributable for Visual Studio 2012 Update 4 Net Stop WMSVC Stop the Web Management Service Net Start WMSVC Start the Web Management Service, to pick up the changes we've made Setup Smartcrypt Manager #Now Setup Smartcrypt Manager Import-Module WebAdministration cd IIS:\ Set-WebConfiguration //System.WebServer/Security/Authentication/windowsAuthentication -metadata overrideMode -value Allow -PSPath IIS:/ #create app pool cd IIS:\Apppools\ $appPool = New-Item smartcrypt $appPool | Set-ItemProperty -Name "managedRunTimeVersion" -Value "v4.0" $appPool | Set-ItemProperty -Name "enable32BitAppOnWin64" -Value "true" In this section of commands, we will be creating the web pool in IIS for the Smartcrypt Application, and configure some of the advanced settings for the IIS web pool. "Import-Module WebAdministration" We need to import this PowerShell module to run IIS-specific commands cd IIS:\ Set-WebConfiguration //System.WebServer/Security/Authentication/windowsAuthentication -metadata overrideMode -value Allow -PSPath IIS:/ This command will enable Windows Authentication in all of IIS which is required for Smartcrypt authentications cd IIS:\Apppools\ "$appPool = New-Item smartcrypt" We are going to create a new app pool called smartcrypt $appPool | Set-ItemProperty -Name "managedRunTimeVersion" -Value "v4.0" After we create the app pool, we set an advanced setting for the run time version $appPool | Set-ItemProperty -Name "enable32BitAppOnWin64" -Value "true" We also set the app pool to support 32-bit applications. This is required, and important to not skip. Create Website #create website cd IIS:\Sites\ New-WebSite -Name sc-manager -Port 80 -PhysicalPath "C:\sc-manager" -ApplicationPool smartcrypt Now that we have our App Pool, we can create a website. cd IIS:\Sites\ New-WebSite -Name sc-manager -Port 80 -PhysicalPath "C:\sc-manager" -ApplicationPool smartcrypt We first create a website called "sc-manager" with the default binding to port 80. This may error if you already have port 80 in use. We also set the path to C:\sc-manager. This will set the new website to use the web pool we created above Extract MDS package (doing manually what Web-Deploy does automatically) #extract zip $BackUpPath = “C:\\sc-manager\\mds.zip” $Destination = “C:\\sc-manager” Add-Type -assembly “system.io.compression.filesystem” [io.compression.zipfile]::ExtractToDirectory($BackUpPath, $destination) #Move Folder to correct location move-item "C:\\sc-manager\\Content\\E_C\\Smartcrypt Manager" "C:\\sc-manager\\mds" #Remove extra files from .zip remove-item "C:\\sc-manager\\Content" -recurse -confirm:$false remove-item "C:\sc-manager\parameters.xml" -confirm:$false remove-item "C:\sc-manager\systemInfo.xml" -confirm:$false remove-item "C:\sc-manager\archive.xml" -confirm:$false In this step we are going to extract the Smartcrypt Manager (also known as the MetaData Server, MDS) zip file and extract the files. After extracting the files, we are going to move them into the folder we are hosting the website created above. $BackUpPath = “C:\\sc-manager\\mds.zip” $Destination = “C:\\sc-manager” Add-Type -assembly “system.io.compression.filesystem” [io.compression.zipfile]::ExtractToDirectory($BackUpPath, $destination) These steps basically initiate the dotNET framework through PowerShell and extract the .zip move-item "C:\\sc-manager\\Content\\E_C\\Smartcrypt Manager" "C:\\sc-manager\\mds" Move the "Smartcrypt Manager" application to the folder "C:\\sc-manager\\mds". We will use this in a step below, so if you alter if here, alter it below too. remove-item "C:\\sc-manager\\Content" -recurse -confirm:$false remove-item "C:\sc-manager\parameters.xml" -confirm:$false remove-item "C:\sc-manager\systemInfo.xml" -confirm:$false remove-item "C:\sc-manager\archive.xml" -confirm:$false Remove some of the extra files that are used in Web Deploy. Web Deploy can also be used to import the application as well Create website inside of IIS #create website inside of IIS cd IIS:\ new-webapplication -Name "mds" -Site "sc-manager" -physicalPath "C:\sc-manager\mds" -ApplicationPool "smartcrypt" cd IIS:\Sites\sc-manager\mds Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value true -PSPath IIS:\ -location sc-manager/mds Now that we have the Smartcrypt Manager package in the location "C:\sc-manager\mds" we will tell IIS this is our web application cd IIS:\ new-webapplication -Name "mds" -Site "sc-manager" -physicalPath "C:\\sc-manager\\mds" -ApplicationPool "smartcrypt" We are adding a web application called "mds" to the web site "sc-manager" and associating it with the "smartcrypt" app pool the name "mds" will be used in the MDS, so if you change it, remember to change it later in these instructions. cd IIS:\Sites\sc-manager\mds Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value true -PSPath IIS:\ -location sc-manager/mds This will enable Windows Authentication for the website. This is required. Create self-signed certificate If you already have an SSL certificate you want to use, you do not need to generate one #create self signed certificate cd IIS:\ New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname pkwareops.w2012r2x64c-1.qanet.dom New-WebBinding -Name "sc-manager" -IP "*" -Port 443 -Protocol https cd IIS:\sslbindings get-item cert:\LocalMachine\MY\764FB4B310FBDAFC8EDE2665235059A4848CB448 | new-item 0.0.0.0!443 iisreset cd IIS:\ New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname pkwareops.w2012r2x64c-1.qanet.dom I am creating a self signed certificate for the entry "pkwareops.w2012r2x64c-1.qanet.dom". I will need to create a DNS entry for this in my domain as well. When I run this, I will get a thumbprint for the SSL cert which I use later. Capture it. New-WebBinding -Name "sc-manager" -IP "*" -Port 443 -Protocol https I am adding a new binding for port 443 for the Site named "sc-manager" cd IIS:\sslbindings get-item cert:\LocalMachine\MY\764FB4B310FBDAFC8EDE2665235059A4848CB448 | new-item 0.0.0.0!443 Lastly I am searching to my certificate (by thumbprint returned above), and then associating it with traffic on port 443 iisreset IISReset will stop and start the web server with all the new changes we've made. Configure the Web Application Now configure the web application by manually editing Web.config in Notepad 1. Browse to the C:\sc-manager\mds\ folder and open web.config in Notepad (or your favorite text editor). 2. Look for the "" section, which has the database connection string defined. Replace the string "$(ReplacableToken_SmartcryptEntities-Web.config Connection String_0)" with a valid connection string with your environment's information: Example: This string is typically filled in during the WebDeploy setup, but we are skipping WebDeploy in this example 3. Next, look for the "" value to configure the Ultimate Super User for first time log into the Smartcrypt Manager The values: This is the password that secures your Satellite account with PKWARE. It is used for encryption of all your keys. It should be securely backed up. If this password is lost, no users will be able to use any existing Smartkey in Smartcrypt. It’s important the password is secure. Select the preferred Active Directory account here. Leave empty to use a local account instead. Enter the username to select a locally defined user. Leave empty if you are using an Active Directory account. If you selected a locally defined username, enter that user’s password here. Leave empty if you are using an Active Directory account. 4. Save web.config. Test the database configuration by running the database schema tool SmartcryptDB.exe Navigate to MDS\Bin and run SmartcryptDB.exe. The tool will connect to the database and deploy or upgrade the schema. This also tests that your web server can connect to the database server. Start the Website and connect in a web browser If you have set up DNS internally, you can hit the application by the fully qualified DNS record, if not, you can use https://localhost/mds/su peruser If you followed these steps, your Smartcrypt manager will be accessible with /mds/superuser If you changed mds (the web app) name above, you will need to change it here If you cannot reach the Smartcrypt Manager in a web browser (no response), the website is probably not running. You need to start it in PowerShell: Start-WebSite -Name "sc-manager" If the sc-manager website doesn't start, you might need to remove (or stop) the default website Remove-WebSite -Name "Default Website" or Stop-WebSite -Name "Default Website"