Preparing Your Server for the InterGuard Server Package

Contents Overview .......................................................................................................................................... 3

Section 1 - Host Name and SSL Requirements ................................................................................ 3

1.1 Is SSL Required? ..................................................................................................................... 3

1.2 Acquiring an SSL Certificate ................................................................................................... 3

1.3 Installing the SSL Certificate on Your Server ......................................................................... 4

Section 2 - Hardware requirements ................................................................................................ 4

Section 3 – Software Requirements ................................................................................................ 5

3.1 Windows Elements ................................................................................................................ 5

3.1.1 Windows Server 2003 Service Pack 2 or better/Windows Server 2008/2008 R2 .......... 5

3.1.2 IIS (Internet Information Services 6 or better) ............................................................... 5

3.1.3 MSMQ (Microsoft Message Queuing) ............................................................................ 8

3.1.4 Indexing Service ............................................................................................................ 10

3.1.5 Site Binding for the Host/Domain Name ...................................................................... 11

3.2 Database Elements .............................................................................................................. 14

3.2.1 MS SQL Server 2005 with Service Pack 2 or better/MS SQL Server 2008/2008 R2 ..... 14

3.2.2 SQL Server Management Studio ................................................................................... 15

3.2.3 Database collation - SQL_Latin1_General_CP1_CI_AS ................................................. 15

3.2.4 SQL Configured for SQL Server and Windows Authentication ..................................... 16

3.2.5 SQLXML4 Component ................................................................................................... 18

Section 4 – Multi-Server Setup ...................................................................................................... 18

4.1 Is a Multi-Server Setup Necessary? ..................................................................................... 18

4.2 Requirements for Multi-Server Setups ................................................................................ 18

Overview

Congratulations on your purchase of the InterGuard Server solution! This guide is

intended to help you prepare the machine that you will be installing the InterGuard server

software onto. It covers the requirements in detail, and offers basic information on how

to setup up many of the requirements. Please be sure to have all of these requirements

installed and configured before your InterGuard installation appointment. Awareness

Technologies is here to help you but cannot provide support for the pre-requisite

hardware and software.

Please note that the instructions in this guide are written with Windows Server 2008 and

SQL 2008 in mind. If you are using Windows Server 2003 or SQL 2005 some steps will

be different, but the concepts are the same. If you would like specific instructions for

Windows Server 2003 or SQL 2005 please contact a support or sales representative.

Section 1 - Host Name and SSL Requirements The InterGuard desktop agents transmit data back to the InterGuard server over HTTP (or

HTTPS see the SSL info below). A public domain for InterGuard is not required unless

you want to monitor computers outside of your network. InterGuard can be configured to

use the name of the server for the hostname it sends data to. As long as all of your target

computers can resolve that server’s name, you will be fine. If you will be monitoring

computers outside your network, a unique domain name (e.g. mycompany.com) resolving

to the IP of your server will be required. If you do not already have a registered domain

name, you will need to register one and configure it to resolve to your server. There are a

variety of services that you can use to accomplish this. Here are two popular ones:

www.godaddy.com

www.networksolutions.com

If you already have a registered domain name and have the ability to create sub domains

(e.g. interguard.mycompany.com) this will also work for InterGuard as long as the sub

domain is configured to resolve to the server you intend to use for InterGuard.

1.1 Is SSL Required? SSL is not necessary; InterGuard can transmit data with our without SSL encryption. If

you do not plan to use SSL with InterGuard you can skip this section. If you want to

protect the data transmitted from the InterGuard client software with SSL encryption, you

will need a SSL certificate.

1.2 Acquiring an SSL Certificate Unfortunately we cannot provide SSL certificates for you. You can acquire a SSL

certificate from a CA (Certificate Authority) such as VeriSign or Go Daddy. The SSL

certificate must be registered to the exact domain you end up using for InterGuard. For

example, if you have reserved a domain like ‘interguard.mycompanyname.com’ to use

for InteGuard, then your SSL certificate must be signed to

interguard.mycompanyname.com. If it is signed to some other domain or sub domain,

the resulting certificate error will cause the InterGuard client software to be unable to

communicate with your server. Be sure to confirm what you intend to use as the domain

name for InterGuard before you acquire your SSL certificate.

Some customers inquire about creating their own a self-signed certificate to use for

InterGuard. This can cause a lot of extra work for you and can make your client software

deployment more complicated. The main issue is that the target computers are not aware

of your self-signed certificate, meaning the computer will not trust your self-signed

certificate until you install it on the computer and configure it to trust the self-signed cert.

This would have to be done prior to deploying the InterGuard client software. When

using a certificate from a CA, you don’t have to worry about it, because the computer is

already aware of the CA. We cannot provide support for implementing a self-signed

certificate on your server or workstations.

1.3 Installing the SSL Certificate on Your Server If you plan to use SSL, the SSL certificate must be installed on your server before you

can install the InterGuard server software. The request and installation steps may vary

depending one who is issuing the certificate. You will need to confirm the process with

the provider you plan to use for your certificate. However, below we have included some

online resources available from some popular SSL providers.

Network Solutions:

Certificate Signing Request (CSR):

http://www.networksolutions.com/support/csr-for-microsoft-iis-7-x/

Installation:

http://www.networksolutions.com/support/installation-of-an-ssl-on-certificate-microsoft-

iis-7-x/

GoDaddy Certificate Signing Request (CSR) and installation instructions:

http://help.godaddy.com/article/4801#Install_IIS7

After installing the certificate you will need to add a site binding that uses certificate.

The steps for adding the site binding can be found in section 3.1.5 Site Binding for the

Host/Domain Name.

Section 2 - Hardware requirements

The minimum requirements for the InterGuard server are as follows: • CPU: Dual Processors, Xeon or Opteron

• RAM: 32 bit systems - 4 GB, 64 bit systems – 6 GB

• Storage: Allow 25 GB of storage for the InterGuard Data Base files; additionally

expect 25MB – 100 MB of storage per user per month. These figures vary greatly

depending on the user’s activities and the recording settings that you have applied

in InterGuard. Please be sure to allow for 3 GB for the InterGuard application.

This includes Visual Studio and .NET files installed by the InterGuard Setup

Wizard. If you plan to use the website categorization feature (used in website

filtering) plan for an additional 9 GB to be used by the application. Your database

files, files storage, and application files do not have to be located in the same

directory. During setup you can select the locations for each of these items.

This meets most of our customers’ needs up to 500 monitored users. Adding users,

configuring aggressive monitoring, or failing to clear out old database records will

require more performance from your hardware. RAM recommendations are made with

the assumption that regular scheduled database maintenance is being performed.

Additionally, overtime the database and file storage will grow as more data is recorded;

larger databases will consume more resources, including RAM. To reduce the

consumption of system resources, it is recommended to regularly archive then purge old

recorded data.

A sales or support agent can suggest additional hardware recommendations if you plan to

monitor beyond 500 users.

Section 3 – Software Requirements

3.1 Windows Elements

3.1.1 Windows Server 2003 Service Pack 2 or better/Windows Server 2008/2008 R2

If you are unsure of the Windows version or Service Pack of your server, do the

following:

1. Right click “My Computer” and select “Properties”.

2. The windows version and service pack information will be displayed. You

may have to select the “General” tab.

If you have Windows 2003 and have no service pack, or service pack one, you can update

by using “Windows Update” found in Start Menu>All programs. The following link

provides additional information on Windows 2003 service packs:

http://support.microsoft.com/kb/889100

3.1.2 IIS (Internet Information Services 6 or better)

IIS is not necessarily installed on Windows Server by default; if you are unsure how to

install IIS please refer to the following document:

http://technet.microsoft.com/en-us/library/cc771209(WS.10).aspx

Please note that when using IIS 7, you must also install IIS 6 Compatibility Management.

This can be done when you install IIS, just be sure to check all of the IIS 6 Management

Compatibility boxes during the Select Role Services step of installation. If IIS is already

installed, do the following to verify or install IIS 6 Management Compatibility:

1. Click Start; click Administrative Tools, and then Server Manager.

2. In the left navigation pane, expand Roles, and then right-click Web Server

(IIS) and select Add Role Services.

3. On the Select Role Services pane, scroll down to IIS 6 Management

Compatibility.

4. Select the check boxes for IIS 6 Management Compatibility.

If the boxes are already selected and ‘grayed’ out then IIS 6 management

Compatibility is already installed and you can select Cancel.

5. Click Next from the Select Role Services pane, and then click Install at the

Confirm Installations Selections pane.

6. Click Close to leave the Add Role Services wizard.

It is not necessary to set up a website for InterGuard in IIS. InterGuard can use the

existing ‘Default Website’ in IIS. The InterGuard installation wizard will build the

required website elements. If the default site is available you can move on to the next

section. If you already have an application or site using the Default Website then you will

need to create a new website in IIS for InterGuard. Here is what you will need to do:

1. Click Start, click Administrative Tools and then Internet Information Services

(IIS) Manager.

2. In the Connections pane, right-click the Sites node in the tree, and then click

Add Web Site.

3. The Add Web Site dialog box will open. Type a friendly name for your Web

Site in the Web Site name box (InterGuard for example).

4. Enter a physical path for the site in the Physical Path box. At this point the

location is not critical. When you install InterGuard, the setup wizard will ask

for the actual path that you would like to use for the InterGuard application

and will configure the site accordingly.

5. The boxes in the Binding section can be left as is for the time being. We will

cover configuring the site binding in section 3.1.5 Site Binding for the

Host/Domain Name. Click Ok.

3.1.3 MSMQ (Microsoft Message Queuing)

MSMQ is generally not installed on Windows Server by default. You can install MSMQ

by doing the following:

1. Click Start, click Administrative Tools and then Server Manager.

2. Click Features

3. In the right-hand pane under Features Summary, click Add Features.

4. In the resulting window, expand Message Queuing.

5. Select Message Queuing Server.

6. Click Next, then click Install.

You only need to install MSMQ; you do not need to create or configure any message

queues. The InterGuard setup wizard will build and configure the required queues.

3.1.4 Indexing Service

The Indexing service is not necessarily installed by default. If you have disabled the

Indexing Service, you will need to re-enable it. This can be done via the Services panel

found in Administrative Tools. The Startup type for the Index Service needs to be set to

Automatic. If the Index service is not present it will need to be installed. please do the

following:

1. Click Start, click Administrative Tools and then Server Manager.

2. In the console tree of Server Manager, right-click Roles, and then click Add

Roles.

3. In the Add Roles Wizard, click Next.

4. On the Select Server Roles page, select the File Services check box, and then

click Next.

5. On the File Services page, click Next.

6. On the Select Roles Services page, select the Indexing Service check box

under Windows Server 2003 File Services, and then click Next.

7. On the Confirm Installation Selections page, click Install.

8. Follow the instructions in the Add Roles Wizard to complete the installation.

3.1.5 Site Binding for the Host/Domain Name

A host or domain name must be configured for the site in IIS that you intend to use for

InterGuard. As mentioned earlier in this guide, you do not need to create a new site in

IIS, the default site in IIS will work fine, assuming it is not already being used by some

other application. Note that if you intend to use an SSL, the SSL certificate must be

installed before you can add the site binding. To add the site binding for your host or

domain name, do the following:

1. Click Start, click Administrative Tools and then Internet Information Services

(IIS) Manager.

2. In the Connections pane, expand the Sites node in the tree, and select the site

you intend to use for InterGuard.

3. In the Actions pane, select click Bindings.

4. The Site Bindings dialog will open, displaying the bindings that have been

configured. Click the Add button.

5. The Add Site Binding dialog will open.

a. In the Type field select http, or if you are using an SSL certification select

https. If you select https the dialog will change slightly, so please skip to

step 6.

b. In the IP Address field leave All Unassigned selected or if you plan to use

a static IP address specifically for InterGuard, enter the IP address you

will be using. Note that if you enter in an IP address, that IP address must

be configured to resolve to this machine prior to installing InterGuard.

c. Leave the Port field set to 80.

d. In the Host name field enter the domain name or host name you plan to

use. If you are using a public domain name, enter the name you registered.

For example, if you registered “www.YourNameHere.com” you would

enter “www.YourNameHere.com”. If you are not using a public domain

name, the name of the server will usually suffice, as the name of your

server will most likely be valid on your organization’s name resolution

system; otherwise enter a name that is registered with your organization’s

name resolution system (internal DNS).

e. Press Ok on the Add Site Binding dialog and then close on the Site

Bindings dialog. You are done and close the IIS manager.

6. If you selected https in step 5, the dialog will have changed slightly. The Host

name will be set based on the information from your SSL certificate.

a. The SSL certificate drop down menu will list the names of the certificates

installed on the server, select the SSL cert you plan on using. If you do

not see your certificate in the drop down menu, then it has not been

properly installed onto this server. In which case consult the

documentation or help options that accompanied your certificate.

b. In the IP Address field leave All Unassigned selected or if you plan to use

a static IP address specifically for InterGuard, enter the IP address you

will be using. Note that if you enter in an IP address, that IP address must

be configured to resolve to this machine prior to installing InterGuard.

c. Leave the Port field set to 443.

d. Press Ok on the Add Site Binding dialog and then close on the Site

Bindings dialog. You are done and can close the IIS manager.

3.2 Database Elements

3.2.1 MS SQL Server 2005 with Service Pack 2 or better/MS SQL Server 2008/2008

R2

Please note that InterGuard will not work on the Express edition of MS SQL Server. We

recommend the Standard or Enterprise editions. You can also use the Workgroup

edition, however the Workgroup SQL licensing limits the amount system resources that

can be used, and this may cause poor performance. If you are unsure of your version or

edition of SQL you can run the following script in the SQL Server Management Studio.

It will return your version, service pack, and edition info. If you do not have SQL Server

Management Studio, it will need to be installed, please see section 3.2.2 SQL Server

Management Studio.

1. Open the SQL Server Management Studio. You can typically find it in Start

Menu>all programs>Microsoft SQL server.

2. When prompted, connect to the server you will be using for InterGuard.

3. Click on New Query.

4. In the Query window paste in the following:

SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY

('productlevel'), SERVERPROPERTY ('edition')

5. Hit the execute button or the F5 key.

6. Below the query window you will find the results. You will see a version

number followed by the service pack level and then the edition. If an Express

edition is indicated, then you will need to upgrade SQL. If you have SQL

Server 2005 you will see a version number starting with a 9, in which case if

you have no service pack (RTM) or have service pack 1 you will need to

update MS SQL Server 2005. For more information on service packs for SQL

2005 visit:

http://support.microsoft.com/kb/913089

3.2.2 SQL Server Management Studio

This is not necessarily installed with MS SQL Server by default. If it is installed you can

find it in All Programs>Microsoft SQL Server.

If it is not installed, you will need to run SQL server setup. Note that the Management

Studio is a Client Component; if your SQL setup package includes more than one disk

you will need to use the disk that contains the Client Components. Additionally, the

Management Studio may not be immediately apparent during the SQL setup. When

selecting “Components to install” you will need to click the Advanced button. The

Management Studio is contained within the Client Components.

3.2.3 Database collation - SQL_Latin1_General_CP1_CI_AS

The collation setting for the instance of MS SQL that you will use for InterGuard must be

set to SQL_Latin1_General_CP1_CI_AS. This is typically the default setting when MS

SQL is installed. You can verify what your collation setting is by doing the following:

1. Open the SQL Server Management Studio. You can typically find it in Start

Menu>all programs>Microsoft SQL server.

2. When prompted, connect to the server you will be using for InterGuard.

3. Click on New Query.

4. Paste in:

SELECT SERVERPROPERTY('Collation')

5. Hit execute or the F5 key.

6. If the settings are something other than SQL_Latin1_General_CP1_CI_AS,

you will need to reinstall MS SQL using the above collation settings. You can

also run setup applying switches to rebuild SQL with the proper collation

setting. Here is an example:

i. start /wait setup.exe /qb INSTANCENAME=MSSQLSERVER

REINSTALL=SQL_Engine REBUILDDATABASE=1

SAPWD=test

SQLCOLLATION=SQL_Latin1_General_CP1_CI_AI

Before doing this be aware that this may adversely affect other databases that

are installed on same instance of SQL, particularly if they require a different

collation setting than InterGuard. In these cases you should consider using a

different instance of SQL for InterGuard.

3.2.4 SQL Configured for SQL Server and Windows Authentication

You can verify this by doing the following:

1. Open the SQL Server Management Studio. You can typically find it in Start

Menu>all programs>Microsoft SQL server.

2. When prompted, connect to the server you will be using for InterGuard.

3. Right click the name of the server. It's on the left side under the Connect

button. Then select Properties.

4. The Properties window will open up. Select Security.

5. Make sure that "SQL Server and Windows Authentication mode" is selected.

Then click OK.

6. If it was not already selected, and you had to select it, you will need to restart

the SQL server service (MSSQLSERVER). Open up the services consol.

This can be done by going to Administrative tools and selecting Services

7. Select the SQL server service (MSSQLSERVER) and click “Restart the

service”

3.2.5 SQLXML4 Component

This component is not necessarily installed with MS SQL Server by default. You can

verify if it is installed by viewing the Remove/uninstall Programs list on your server. If it

is not present, it will need to be installed.

If you are using MS SQL 2008 you will need to download SQLXML4. You can

download it from:

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8824

Simply scroll down to Microsoft SQLXML4.0 and select the appropriate download link

for 64 or 32 bit operating systems.

If you are using MS SQL 2005, you will need to run SQL server setup. Note that

SQLXML4 is a Client Component; if your SQL setup package includes more than one

disk you will need to use the disk that contains the Client Components. Additionally,

SQLXML4 is not immediately apparent during the SQL setup. When selecting

“Components to install” you will need to click the Advanced button. SQLXML4 is

contained within the Client Components. Please note that if you are planning to use a

multi-server setup for InterGuard, SQLXML4 must be installed on all of the machines.

For more information on multi-server setups see Section 4 – Multi-Server Setup.

Section 4 – Multi-Server Setup The InterGuard server package can be configured so that its various roles are split

between more than one machine. For example, the Database role can be installed on one

machine and the remaining roles on a second machine.

4.1 Is a Multi-Server Setup Necessary? Using multiple servers is absolutely NOT necessary. In fact for most cases the

complications of using multiple servers outweighs the benefits. In general, the most ideal

situation is to use one machine dedicated for InterGuard.

We generally don’t recommend considering a multi-server setup unless you are planning

to monitor more than 3-5 thousand active users. This will vary a bit depending on how

aggressively you intend to monitor your users.

4.2 Requirements for Multi-Server Setups The same requirements as indicated in this guide still apply; the difference is that many

of the requirements only need to be in place on the machine that will host the associated

roles of InterGuard. In all cases each machines you use must be Windows Server 2003

Service Pack 2 or Windows Server 2008/2008 R2.

In our experience, the most successful multi-server setup for our customers involves two

servers. One hosts only the InterGuard database role and the other hosts the remaining

InterGuard roles (Web User Interface, Message Queuing, etc.). Here is how the

requirements would break down for this setup:

• The machine hosting the Database will require sufficient drive space for the

database and application (not included the additional amount for website

categorization) as indicated in Section 2 - Hardware requirements. It will require

all of the components indicated in section 3.2 Database Elements. When

allocating your system resources, consider that the database role will likely

consume the most cpu and memory resources compared to the other InterGuard

roles.

• The machine that will host the remainder of InterGuard will require sufficient

drive space for the Application (including the amount for website categorization if

applicable) and File Storage as indicated in Section 2 - Hardware requirements. It

will require all of the components indicated in section3.2 Database Elements 3.1

Windows Elements. It will require the SQLXML4 component as indicated in

section 3.2.5 SQLXML4 Component. This is in addition to SQLXML4 that

already exists on the machine hosting the Database role. If you plan to use SSL,

the SSL certification will need to be installed on this machine. When allocating

your system resources, consider that this machine will host the File Storage, and

hence over time, will likely consume the most drive space.

The various roles of InterGuard including; Data Processors, Web User Interface, Client

Web Services, Database, File Storage, and Message Queuing, can be split up in

additional ways. In most cases splitting them up over more than two machines is overkill.

If you are interested in splitting them up in a manner different than the above example,

please consult a support representative. Additionally if you are considering installing the

Database role into a SQL Cluster, please consult a support representative.