-
Preparing Your Server for the InterGuard Server Package
-
Contents Overview .......................................................................................................................................... 3
Section 1 - Host Name and SSL Requirements ................................................................................ 3
1.1 Is SSL Required? ..................................................................................................................... 3
1.2 Acquiring an SSL Certificate ................................................................................................... 3
1.3 Installing the SSL Certificate on Your Server ......................................................................... 4
Section 2 - Hardware requirements ................................................................................................ 4
Section 3 – Software Requirements ................................................................................................ 5
3.1 Windows Elements ................................................................................................................ 5
3.1.1 Windows Server 2003 Service Pack 2 or better/Windows Server 2008/2008 R2 .......... 5
3.1.2 IIS (Internet Information Services 6 or better) ............................................................... 5
3.1.3 MSMQ (Microsoft Message Queuing) ............................................................................ 8
3.1.4 Indexing Service ............................................................................................................ 10
3.1.5 Site Binding for the Host/Domain Name ...................................................................... 11
3.2 Database Elements .............................................................................................................. 14
3.2.1 MS SQL Server 2005 with Service Pack 2 or better/MS SQL Server 2008/2008 R2 ..... 14
3.2.2 SQL Server Management Studio ................................................................................... 15
3.2.3 Database collation - SQL_Latin1_General_CP1_CI_AS ................................................. 15
3.2.4 SQL Configured for SQL Server and Windows Authentication ..................................... 16
3.2.5 SQLXML4 Component ................................................................................................... 18
Section 4 – Multi-Server Setup ...................................................................................................... 18
4.1 Is a Multi-Server Setup Necessary? ..................................................................................... 18
4.2 Requirements for Multi-Server Setups ................................................................................ 18
-
Overview
Congratulations on your purchase of the InterGuard Server solution! This guide is
intended to help you prepare the machine that you will be installing the InterGuard server
software onto. It covers the requirements in detail, and offers basic information on how
to setup up many of the requirements. Please be sure to have all of these requirements
installed and configured before your InterGuard installation appointment. Awareness
Technologies is here to help you but cannot provide support for the pre-requisite
hardware and software.
Please note that the instructions in this guide are written with Windows Server 2008 and
SQL 2008 in mind. If you are using Windows Server 2003 or SQL 2005 some steps will
be different, but the concepts are the same. If you would like specific instructions for
Windows Server 2003 or SQL 2005 please contact a support or sales representative.
Section 1 - Host Name and SSL Requirements The InterGuard desktop agents transmit data back to the InterGuard server over HTTP (or
HTTPS see the SSL info below). A public domain for InterGuard is not required unless
you want to monitor computers outside of your network. InterGuard can be configured to
use the name of the server for the hostname it sends data to. As long as all of your target
computers can resolve that server’s name, you will be fine. If you will be monitoring
computers outside your network, a unique domain name (e.g. mycompany.com) resolving
to the IP of your server will be required. If you do not already have a registered domain
name, you will need to register one and configure it to resolve to your server. There are a
variety of services that you can use to accomplish this. Here are two popular ones:
www.godaddy.com
www.networksolutions.com
If you already have a registered domain name and have the ability to create sub domains
(e.g. interguard.mycompany.com) this will also work for InterGuard as long as the sub
domain is configured to resolve to the server you intend to use for InterGuard.
1.1 Is SSL Required? SSL is not necessary; InterGuard can transmit data with our without SSL encryption. If
you do not plan to use SSL with InterGuard you can skip this section. If you want to
protect the data transmitted from the InterGuard client software with SSL encryption, you
will need a SSL certificate.
1.2 Acquiring an SSL Certificate Unfortunately we cannot provide SSL certificates for you. You can acquire a SSL
certificate from a CA (Certificate Authority) such as VeriSign or Go Daddy. The SSL
certificate must be registered to the exact domain you end up using for InterGuard. For
example, if you have reserved a domain like ‘interguard.mycompanyname.com’ to use
for InteGuard, then your SSL certificate must be signed to
interguard.mycompanyname.com. If it is signed to some other domain or sub domain,
-
the resulting certificate error will cause the InterGuard client software to be unable to
communicate with your server. Be sure to confirm what you intend to use as the domain
name for InterGuard before you acquire your SSL certificate.
Some customers inquire about creating their own a self-signed certificate to use for
InterGuard. This can cause a lot of extra work for you and can make your client software
deployment more complicated. The main issue is that the target computers are not aware
of your self-signed certificate, meaning the computer will not trust your self-signed
certificate until you install it on the computer and configure it to trust the self-signed cert.
This would have to be done prior to deploying the InterGuard client software. When
using a certificate from a CA, you don’t have to worry about it, because the computer is
already aware of the CA. We cannot provide support for implementing a self-signed
certificate on your server or workstations.
1.3 Installing the SSL Certificate on Your Server If you plan to use SSL, the SSL certificate must be installed on your server before you
can install the InterGuard server software. The request and installation steps may vary
depending one who is issuing the certificate. You will need to confirm the process with
the provider you plan to use for your certificate. However, below we have included some
online resources available from some popular SSL providers.
Network Solutions:
Certificate Signing Request (CSR):
http://www.networksolutions.com/support/csr-for-microsoft-iis-7-x/
Installation:
http://www.networksolutions.com/support/installation-of-an-ssl-on-certificate-microsoft-
iis-7-x/
GoDaddy Certificate Signing Request (CSR) and installation instructions:
http://help.godaddy.com/article/4801#Install_IIS7
After installing the certificate you will need to add a site binding that uses certificate.
The steps for adding the site binding can be found in section 3.1.5 Site Binding for the
Host/Domain Name.
Section 2 - Hardware requirements
The minimum requirements for the InterGuard server are as follows: • CPU: Dual Processors, Xeon or Opteron
• RAM: 32 bit systems - 4 GB, 64 bit systems – 6 GB
• Storage: Allow 25 GB of storage for the InterGuard Data Base files; additionally
expect 25MB – 100 MB of storage per user per month. These figures vary greatly
depending on the user’s activities and the recording settings that you have applied
in InterGuard. Please be sure to allow for 3 GB for the InterGuard application.
This includes Visual Studio and .NET files installed by the InterGuard Setup
Wizard. If you plan to use the website categorization feature (used in website
-
filtering) plan for an additional 9 GB to be used by the application. Your database
files, files storage, and application files do not have to be located in the same
directory. During setup you can select the locations for each of these items.
This meets most of our customers’ needs up to 500 monitored users. Adding users,
configuring aggressive monitoring, or failing to clear out old database records will
require more performance from your hardware. RAM recommendations are made with
the assumption that regular scheduled database maintenance is being performed.
Additionally, overtime the database and file storage will grow as more data is recorded;
larger databases will consume more resources, including RAM. To reduce the
consumption of system resources, it is recommended to regularly archive then purge old
recorded data.
A sales or support agent can suggest additional hardware recommendations if you plan to
monitor beyond 500 users.
Section 3 – Software Requirements
3.1 Windows Elements
3.1.1 Windows Server 2003 Service Pack 2 or better/Windows Server 2008/2008 R2
If you are unsure of the Windows version or Service Pack of your server, do the
following:
1. Right click “My Computer” and select “Properties”.
2. The windows version and service pack information will be displayed. You
may have to select the “General” tab.
If you have Windows 2003 and have no service pack, or service pack one, you can update
by using “Windows Update” found in Start Menu>All programs. The following link
provides additional information on Windows 2003 service packs:
http://support.microsoft.com/kb/889100
3.1.2 IIS (Internet Information Services 6 or better)
IIS is not necessarily installed on Windows Server by default; if you are unsure how to
install IIS please refer to the following document:
http://technet.microsoft.com/en-us/library/cc771209(WS.10).aspx
Please note that when using IIS 7, you must also install IIS 6 Compatibility Management.
This can be done when you install IIS, just be sure to check all of the IIS 6 Management
Compatibility boxes during the Select Role Services step of installation. If IIS is already
installed, do the following to verify or install IIS 6 Management Compatibility:
1. Click Start; click Administrative Tools, and then Server Manager.
2. In the left navigation pane, expand Roles, and then right-click Web Server
(IIS) and select Add Role Services.
-
3. On the Select Role Services pane, scroll down to IIS 6 Management
Compatibility.
4. Select the check boxes for IIS 6 Management Compatibility.
If the boxes are already selected and ‘grayed’ out then IIS 6 management
Compatibility is already installed and you can select Cancel.
5. Click Next from the Select Role Services pane, and then click Install at the
Confirm Installations Selections pane.
6. Click Close to leave the Add Role Services wizard.
-
It is not necessary to set up a website for InterGuard in IIS. InterGuard can use the
existing ‘Default Website’ in IIS. The InterGuard installation wizard will build the
required website elements. If the default site is available you can move on to the next
section. If you already have an application or site using the Default Website then you will
need to create a new website in IIS for InterGuard. Here is what you will need to do:
1. Click Start, click Administrative Tools and then Internet Information Services
(IIS) Manager.
2. In the Connections pane, right-click the Sites node in the tree, and then click
Add Web Site.
3. The Add Web Site dialog box will open. Type a friendly name for your Web
Site in the Web Site name box (InterGuard for example).
4. Enter a physical path for the site in the Physical Path box. At this point the
location is not critical. When you install InterGuard, the setup wizard will ask
for the actual path that you would like to use for the InterGuard application
and will configure the site accordingly.
5. The boxes in the Binding section can be left as is for the time being. We will
cover configuring the site binding in section 3.1.5 Site Binding for the
-
Host/Domain Name. Click Ok.
3.1.3 MSMQ (Microsoft Message Queuing)
MSMQ is generally not installed on Windows Server by default. You can install MSMQ
by doing the following:
1. Click Start, click Administrative Tools and then Server Manager.
2. Click Features
3. In the right-hand pane under Features Summary, click Add Features.
-
4. In the resulting window, expand Message Queuing.
5. Select Message Queuing Server.
6. Click Next, then click Install.
You only need to install MSMQ; you do not need to create or configure any message
queues. The InterGuard setup wizard will build and configure the required queues.
-
3.1.4 Indexing Service
The Indexing service is not necessarily installed by default. If you have disabled the
Indexing Service, you will need to re-enable it. This can be done via the Services panel
found in Administrative Tools. The Startup type for the Index Service needs to be set to
Automatic. If the Index service is not present it will need to be installed. please do the
following:
1. Click Start, click Administrative Tools and then Server Manager.
2. In the console tree of Server Manager, right-click Roles, and then click Add
Roles.
3. In the Add Roles Wizard, click Next.
4. On the Select Server Roles page, select the File Services check box, and then
click Next.
5. On the File Services page, click Next.
-
6. On the Select Roles Services page, select the Indexing Service check box
under Windows Server 2003 File Services, and then click Next.
7. On the Confirm Installation Selections page, click Install.
8. Follow the instructions in the Add Roles Wizard to complete the installation.
3.1.5 Site Binding for the Host/Domain Name
A host or domain name must be configured for the site in IIS that you intend to use for
InterGuard. As mentioned earlier in this guide, you do not need to create a new site in
IIS, the default site in IIS will work fine, assuming it is not already being used by some
other application. Note that if you intend to use an SSL, the SSL certificate must be
installed before you can add the site binding. To add the site binding for your host or
domain name, do the following:
1. Click Start, click Administrative Tools and then Internet Information Services
(IIS) Manager.
2. In the Connections pane, expand the Sites node in the tree, and select the site
you intend to use for InterGuard.
-
3. In the Actions pane, select click Bindings.
4. The Site Bindings dialog will open, displaying the bindings that have been
configured. Click the Add button.
5. The Add Site Binding dialog will open.
a. In the Type field select http, or if you are using an SSL certification select
https. If you select https the dialog will change slightly, so please skip to
step 6.
b. In the IP Address field leave All Unassigned selected or if you plan to use
a static IP address specifically for InterGuard, enter the IP address you
will be using. Note that if you enter in an IP address, that IP address must
be configured to resolve to this machine prior to installing InterGuard.
c. Leave the Port field set to 80.
d. In the Host name field enter the domain name or host name you plan to
use. If you are using a public domain name, enter the name you registered.
For example, if you registered “www.YourNameHere.com” you would
-
enter “www.YourNameHere.com”. If you are not using a public domain
name, the name of the server will usually suffice, as the name of your
server will most likely be valid on your organization’s name resolution
system; otherwise enter a name that is registered with your organization’s
name resolution system (internal DNS).
e. Press Ok on the Add Site Binding dialog and then close on the Site
Bindings dialog. You are done and close the IIS manager.
6. If you selected https in step 5, the dialog will have changed slightly. The Host
name will be set based on the information from your SSL certificate.
a. The SSL certificate drop down menu will list the names of the certificates
installed on the server, select the SSL cert you plan on using. If you do
not see your certificate in the drop down menu, then it has not been
properly installed onto this server. In which case consult the
documentation or help options that accompanied your certificate.
b. In the IP Address field leave All Unassigned selected or if you plan to use
a static IP address specifically for InterGuard, enter the IP address you
will be using. Note that if you enter in an IP address, that IP address must
be configured to resolve to this machine prior to installing InterGuard.
c. Leave the Port field set to 443.
d. Press Ok on the Add Site Binding dialog and then close on the Site
Bindings dialog. You are done and can close the IIS manager.
-
3.2 Database Elements
3.2.1 MS SQL Server 2005 with Service Pack 2 or better/MS SQL Server 2008/2008
R2
Please note that InterGuard will not work on the Express edition of MS SQL Server. We
recommend the Standard or Enterprise editions. You can also use the Workgroup
edition, however the Workgroup SQL licensing limits the amount system resources that
can be used, and this may cause poor performance. If you are unsure of your version or
edition of SQL you can run the following script in the SQL Server Management Studio.
It will return your version, service pack, and edition info. If you do not have SQL Server
Management Studio, it will need to be installed, please see section 3.2.2 SQL Server
Management Studio.
1. Open the SQL Server Management Studio. You can typically find it in Start
Menu>all programs>Microsoft SQL server.
2. When prompted, connect to the server you will be using for InterGuard.
3. Click on New Query.
4. In the Query window paste in the following:
SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY
('productlevel'), SERVERPROPERTY ('edition')
5. Hit the execute button or the F5 key.
6. Below the query window you will find the results. You will see a version
number followed by the service pack level and then the edition. If an Express
edition is indicated, then you will need to upgrade SQL. If you have SQL
Server 2005 you will see a version number starting with a 9, in which case if
you have no service pack (RTM) or have service pack 1 you will need to
-
update MS SQL Server 2005. For more information on service packs for SQL
2005 visit:
http://support.microsoft.com/kb/913089
3.2.2 SQL Server Management Studio
This is not necessarily installed with MS SQL Server by default. If it is installed you can
find it in All Programs>Microsoft SQL Server.
If it is not installed, you will need to run SQL server setup. Note that the Management
Studio is a Client Component; if your SQL setup package includes more than one disk
you will need to use the disk that contains the Client Components. Additionally, the
Management Studio may not be immediately apparent during the SQL setup. When
selecting “Components to install” you will need to click the Advanced button. The
Management Studio is contained within the Client Components.
3.2.3 Database collation - SQL_Latin1_General_CP1_CI_AS
The collation setting for the instance of MS SQL that you will use for InterGuard must be
set to SQL_Latin1_General_CP1_CI_AS. This is typically the default setting when MS
SQL is installed. You can verify what your collation setting is by doing the following:
1. Open the SQL Server Management Studio. You can typically find it in Start
Menu>all programs>Microsoft SQL server.
2. When prompted, connect to the server you will be using for InterGuard.
3. Click on New Query.
4. Paste in:
SELECT SERVERPROPERTY('Collation')
5. Hit execute or the F5 key.
6. If the settings are something other than SQL_Latin1_General_CP1_CI_AS,
you will need to reinstall MS SQL using the above collation settings. You can
-
also run setup applying switches to rebuild SQL with the proper collation
setting. Here is an example:
i. start /wait setup.exe /qb INSTANCENAME=MSSQLSERVER
REINSTALL=SQL_Engine REBUILDDATABASE=1
SAPWD=test
SQLCOLLATION=SQL_Latin1_General_CP1_CI_AI
Before doing this be aware that this may adversely affect other databases that
are installed on same instance of SQL, particularly if they require a different
collation setting than InterGuard. In these cases you should consider using a
different instance of SQL for InterGuard.
3.2.4 SQL Configured for SQL Server and Windows Authentication
You can verify this by doing the following:
1. Open the SQL Server Management Studio. You can typically find it in Start
Menu>all programs>Microsoft SQL server.
2. When prompted, connect to the server you will be using for InterGuard.
3. Right click the name of the server. It's on the left side under the Connect
button. Then select Properties.
4. The Properties window will open up. Select Security.
5. Make sure that "SQL Server and Windows Authentication mode" is selected.
Then click OK.
-
6. If it was not already selected, and you had to select it, you will need to restart
the SQL server service (MSSQLSERVER). Open up the services consol.
This can be done by going to Administrative tools and selecting Services
7. Select the SQL server service (MSSQLSERVER) and click “Restart the
service”
-
3.2.5 SQLXML4 Component
This component is not necessarily installed with MS SQL Server by default. You can
verify if it is installed by viewing the Remove/uninstall Programs list on your server. If it
is not present, it will need to be installed.
If you are using MS SQL 2008 you will need to download SQLXML4. You can
download it from:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8824
Simply scroll down to Microsoft SQLXML4.0 and select the appropriate download link
for 64 or 32 bit operating systems.
If you are using MS SQL 2005, you will need to run SQL server setup. Note that
SQLXML4 is a Client Component; if your SQL setup package includes more than one
disk you will need to use the disk that contains the Client Components. Additionally,
SQLXML4 is not immediately apparent during the SQL setup. When selecting
“Components to install” you will need to click the Advanced button. SQLXML4 is
contained within the Client Components. Please note that if you are planning to use a
multi-server setup for InterGuard, SQLXML4 must be installed on all of the machines.
For more information on multi-server setups see Section 4 – Multi-Server Setup.
Section 4 – Multi-Server Setup The InterGuard server package can be configured so that its various roles are split
between more than one machine. For example, the Database role can be installed on one
machine and the remaining roles on a second machine.
4.1 Is a Multi-Server Setup Necessary? Using multiple servers is absolutely NOT necessary. In fact for most cases the
complications of using multiple servers outweighs the benefits. In general, the most ideal
situation is to use one machine dedicated for InterGuard.
We generally don’t recommend considering a multi-server setup unless you are planning
to monitor more than 3-5 thousand active users. This will vary a bit depending on how
aggressively you intend to monitor your users.
4.2 Requirements for Multi-Server Setups The same requirements as indicated in this guide still apply; the difference is that many
of the requirements only need to be in place on the machine that will host the associated
roles of InterGuard. In all cases each machines you use must be Windows Server 2003
Service Pack 2 or Windows Server 2008/2008 R2.
In our experience, the most successful multi-server setup for our customers involves two
servers. One hosts only the InterGuard database role and the other hosts the remaining
InterGuard roles (Web User Interface, Message Queuing, etc.). Here is how the
requirements would break down for this setup:
-
• The machine hosting the Database will require sufficient drive space for the
database and application (not included the additional amount for website
categorization) as indicated in Section 2 - Hardware requirements. It will require
all of the components indicated in section 3.2 Database Elements. When
allocating your system resources, consider that the database role will likely
consume the most cpu and memory resources compared to the other InterGuard
roles.
• The machine that will host the remainder of InterGuard will require sufficient
drive space for the Application (including the amount for website categorization if
applicable) and File Storage as indicated in Section 2 - Hardware requirements. It
will require all of the components indicated in section3.2 Database Elements 3.1
Windows Elements. It will require the SQLXML4 component as indicated in
section 3.2.5 SQLXML4 Component. This is in addition to SQLXML4 that
already exists on the machine hosting the Database role. If you plan to use SSL,
the SSL certification will need to be installed on this machine. When allocating
your system resources, consider that this machine will host the File Storage, and
hence over time, will likely consume the most drive space.
The various roles of InterGuard including; Data Processors, Web User Interface, Client
Web Services, Database, File Storage, and Message Queuing, can be split up in
additional ways. In most cases splitting them up over more than two machines is overkill.
If you are interested in splitting them up in a manner different than the above example,
please consult a support representative. Additionally if you are considering installing the
Database role into a SQL Cluster, please consult a support representative.