To add processing power to your Security Center system, you can install expansion servers and connect them to the main server.
Before you begin
- Prepare to install Security Center.
- Install the Security Center main server, and ensure that it is up and running.
What you should know
- The Genetec™
Server service without
the Directory role.
- Server Admin
- Genetec™ Watchdog
- (Optional) Client applications: Config Tool, Security Desk, or both.
- (Optional) Omnicast™ compatibility packs to view video from federated Omnicast™ systems.
Procedure
-
Right-click either setup.exe (standalone version) or
SecurityCenterWebSetup.exe (web version), and click
Run as administrator.
The InstallShield Wizard opens.NOTE: Only the standalone installer is illustrated in this procedure.
- On the Choose Setup Language page, select the language of the InstallShield Wizard, and click Next.
-
On the welcome page, click Next.
Links to relevant Security Center information are provided.
-
On the License Agreement page, read the terms in the
Software License Agreement, select I accept the terms in
the license agreement, and then click
Next.
If you are upgrading from a previous version, a Backward Compatibility notice opens. Ensure that you understand the backward compatibility requirements before proceeding.
-
On the Custom Setup page, select the Security Center features to install, specify
the destination folder, and then click Next.
You must select Server from the list. All other features are optional.
For the destination folder, you can only change the root folder where the Genetec Security Center 5.11 folder is created. On a 64-bit machine, the default root folder is C:\Program Files (x86).
-
On the Genetec™ Security Center Language Selection page,
select the user interface language for Security Center applications, and click
Next.
NOTE: Online help for Security Center applications is not available in all languages. For language availability, see Documentation updates in Security Center 5.9.3.0.Tip: After installing Security Center, you can change the user interface language with the Language Tool found in the Genetec™ Security Center program group in the Start menu.
-
On the Installation Type page, select Expansion
server, and click Next.
-
On the Database Server page, select an SQL database, if
required, and click Next.
The following options are available:
- Use an existing database server
- Selects an existing Microsoft SQL Server instance on this
machine, or another server. Best Practice: Replace
(local)
with either the computer name or hostname, and port, if required.For example:
DB_SERVER.GENETEC.COM,1433\SQLEXPRESS
You must use a computer name or hostname if you are configuring the Directory for load balancing. For more information on load balancing, see Directory failover and load balancing.
If you are upgrading from a supported version of Security Center, the installer automatically upgrades all databases that your system requires.
If you are using an old version of SQL Server Express, you get the option to upgrade your database server to SQL Server 2019 Express Edition if the following conditions are met:- You are running a version of Windows that supports SQL Server 2019 Express Edition. This means the 64-bit version of Windows 10 or Windows Server 2016 or later.
- Your current version of SQL Server is upgradable to
SQL Server 2019 Express Edition. This means one of
the following versions:
- SQL Server 2012 SP4 Express, version 11.0.7001.0 or later
- SQL Server 2014 SP2 Express, version 12.0.5000.0 or later
- SQL Server 2016 Express, version 13.0.1601.5 or later
- SQL Server 2017 Express, version 14.0.1000.169 or later
- Install a new database server
- Installs Microsoft SQL Server 2019 Express Edition on this
computer. You must choose a database server name. The
default is SQLEXPRESS.NOTE: The database server name is not case-sensitive, but it must meet all of the following criteria:
- It cannot be the same name as an existing SQL instance on your server.
- It cannot match any of the SQL Server reserved keywords, such as DEFAULT, PRIMARY, and so on.
- It cannot be longer than 16 characters.
- The first character of the instance name must be a letter or an underscore (_). Acceptable letters are defined by the Unicode Standard 2.0, including Latin characters a-z and A-Z, and letter characters from other languages.
- Subsequent characters can be letters defined by the Unicode Standard 2.0, decimal numbers from Basic Latin or other national scripts, the dollar sign ($), or an underscore (_).
- It cannot contain spaces or the following characters: \ , : ; ' & # @
NOTE: SQL Server 2019 Express is only supported on the 64-bit version of Windows 10 and Windows Server 2016 and later. If the version of Windows you are running is not one of these, quit the Security Center installation, download SQL Server 2014 Express SP3 from Microsoft Download Center, and install it first before installing Security Center. - Use an existing Azure SQL database
- Selects a predefined Microsoft Azure SQL database.
- Do not select a database server now
- Install this expansion server without a database. Roles that need a database cannot be hosted on this server. A SQL database can be added later.
-
On the Database Server Authentication page, select the
database server authentication method.
The following options are available:
- Windows authentication
- This is the default option. We recommend using this method wherever possible. With Windows authentication, users who are already logged onto Windows do not need to log on separately to SQL Server. The only time you cannot use Windows authentication is if you are using an Azure SQL database.
- SQL Server and Windows authentication (mixed mode)
- Use the mixed mode if you are using an Azure SQL database. You must also provide the credentials to be used to connect to SQL Server.
-
On the Service Logon Parameters page, set the username and
password used to run Security Center
services.
-
Select one of the following options:
- Use default name and password
- Select this option to use the LocalSystem account to run your Security Center services. The LocalSystem account has extensive privileges on the local computer, and acts as the computer on the network.
- Specify the username and password for all services
- Select this option if you want to restrict the privileges
granted to the service user. Enter a valid domain username
and a strong password, and record them in a safe place. You
must provide these credentials every time you upgrade your
Security Center
software. Use industry best
practices for creating strong passwords.IMPORTANT: Make sure the service user is a local administrator and not a domain administrator. The service user must have sufficient rights to the local or remote database, and Log on as service user rights. If this server will host the Active Directory role, the specified user must also have read and write access to the Active Directory that you want the server to connect to.NOTE: The service user automatically creates all the necessary databases when the system is started for the first time. For this reason, the service user needs the SQL Server role, dbCreator, for its first run. After the databases are created, you can remove the dbCreator role.
To avoid having to grant the dbCreator role to the service user, you can create the databases required by the Security Center roles yourself, as empty databases. When the system is started for the first time, the service user only has to create the tables, without going through the database creations. For the list of Security Center roles that need a database and the minimum SQL Server roles they require, see About connecting to SQL Server with an account that has administrative privileges.
You can also deny the service user the dbCreator role and create the databases later. In this case, the Security Center roles that require a database will fail at system startup. You must then create the databases and restart each role manually. You can also change the service user later from Microsoft Management Console.
- Click Next.
-
Select one of the following options:
-
On the Server Configuration page, set the server
connection parameters.
-
Complete the following fields:
- Server port
- The TCP port through which the servers in your system communicate.
- Web server port
- The HTTP port that is used for the web-based Server
Admin. If you change the default port, the
Server
Admin address must include the
port number in the URL. For example, http://computer:port/Genetec
instead of http://computer/Genetec. The link to Server
Admin, accessible through Start menu,
automatically includes this port.CAUTION:Watch out for conflicts with other software, such as a Skype, running on the server that might use port 80.
- Server address
- The hostname or IP address and port used to connect to the
main server.
If you changed the default port number (5500) of the main server, enter the correct number here.
- Password/Confirm password
- Enter and confirm the main server password.
- Click Next.
-
Complete the following fields:
-
On the Firewall Rules page, grant the installer permission
to automatically configure the Windows Firewall for Security Center, and click
Next.
NOTE: This option only affects the Windows Firewall. After installation, you must also configure the required ports on other firewalls that control Security Center communication. Firewall ports must also be updated after a major upgrade. For more information about firewall ports, see the Security Center Administrator Guide.
-
If old configuration files (ConfigurationFiles\*.gconfig)
are detected on your computer, you have the option to select which configuration
to use. This step is skipped if you are upgrading your system.
- Keep existing settings
- Use the existing configuration files detected for an older release of the current major version (5.11). This option is hidden if Security Center 5.11 was never installed on this computer.
- Deploy new settings
- Disregard any existing configuration files you might have on your computer and install the default configuration files for the version you are installing.
- Use settings found in <Security Center Installation Folder>
- Use the configuration files found in an older Security Center installation folder. This option is only available if an older major version of Security Center is detected.
-
On the Security Settings page, configure features to make
your system more secure.
- Select Recommended to set the default security
settings, and click Install to start the
installation.
The recommended security settings are:
- If the certificate is self-signed, whitelist the identity certificate of the first Directory server this machine connects to.
- Disable basic access authentication for cameras in favor of the more secure digest access authentication.
- Automatically check for software updates.
- Enable Genetec™ Update Service (GUS) integration in Security Center.
- Select Custom (Advanced) to configure the security settings, and click Next.
- Select Recommended to set the default security
settings, and click Install to start the
installation.
-
If you selected Custom (Advanced), configure the
security settings.
-
Configure the following settings:
- Always validate the Directory certificate
- Select this option to force all client and server
applications on the current machine to validate the identity
certificate of the Directory before connecting to it.Best Practice: If you enable Directory authentication, it is best to use a certificate issued by a trusted certificate authority (CA). Otherwise, the first time this computer connects to the Directory, the user is prompted to confirm the identity of the Directory server.
For more information, see What is Directory authentication?.
- Turn off basic authentication
- Basic access authentication for cameras is turned off by
default to prevent camera credentials from being compromised
when the Archiver connects to a video unit.IMPORTANT: When this option is selected, cameras that only support basic access authentication will not work.Tip: Most recent video unit models support digest access authentication. If you are not sure whether your cameras support digest or not, leave the default setting as is. After installation, if some cameras do not work, you can always turn basic access authentication on again.
- Automatically check for security and enhancement updates for Genetec™ products
- Select this option to allow GUS to automatically check for updates of all installed Genetec™ products.
- Enable Genetec™ Update Service (GUS) integration in Security Center
- Enable this option to make GUS available in Config Tool.
- Select I acknowledge that I have read and understood the implications of selecting these security settings, and click Install to start the installation.
-
Configure the following settings:
-
On Installation Completed page, select the required
post-installation options, and click Finish.
If you selected Launch Server Admin, Server Admin opens in a browser window. Before using Security Center, you must connect to Server Admin and activate your product license.
If you selected Connect me to GTAP for the latest updates now and your machine has Internet access, you are connected to the Genetec™ Product Download page on GTAP. You need a username and a password to log in.
If you selected Launch Security Desk, Security Desk opens automatically. However, you cannot log on to the Directory until your product license is activated.
If you get a message asking you to restart your computer, click Yes.
If you get a warning message that the SQL Server 2019 telemetry service cannot be disabled, disable it manually.