Installing the Security Center main server - Security Center 5.11.1.0

Security Center Installation and Upgrade Guide 5.11.1.0

Applies to
Security Center 5.11.1.0
Last updated
2022-10-20
Content type
Guides > Installation guides
Language
English
Product
Security Center
Version
5.11

The main server in your Security Center system hosts the Directory role. You must install the main server first.

What you should know

A main server installation includes the following:
  • The Genetec™ Server service with the Directory role.
    • Server Admin
    • Genetec™ Watchdog
  • (Optional) Client applications: Config Tool, Security Desk, or both.
  • (Optional) Omnicast™ compatibility packs to view video from federated Omnicast™ systems.

Procedure

  1. Right-click either setup.exe (standalone version) or SecurityCenterWebSetup.exe (web version), and click Run as administrator.
    The InstallShield Wizard opens.
    NOTE: Only the standalone installer is illustrated in this procedure.
  2. On the Choose Setup Language page, select the language of the InstallShield Wizard, and click Next.
  3. On the welcome page, click Next.

    Links to relevant Security Center information are provided.

  4. On the License Agreement page, read the terms in the Software License Agreement, select I accept the terms in the license agreement, and then click Next.
    If you are upgrading from a previous version, a Backward Compatibility notice opens. Ensure that you understand the backward compatibility requirements before proceeding.
  5. On the Custom Setup page, select the Security Center features to install, specify the destination folder, and then click Next.

    You must select Server from the list. All other features are optional.

    For the destination folder, you can only change the root folder where the Genetec Security Center 5.11 folder is created. On a 64-bit machine, the default root folder is C:\Program Files (x86).

  6. On the Genetec™ Security Center Language Selection page, select the user interface language for Security Center applications, and click Next.
    NOTE: Online help for Security Center applications is not available in all languages. For language availability, see Documentation updates in Security Center 5.9.3.0.
    Tip: After installing Security Center, you can change the user interface language with the Language Tool found in the Genetec™ Security Center program group in the Start menu.
  7. On the Installation Type page, select Main server, and click Next.
    IMPORTANT: There must only be one Main server installation per system. If your Security Center license supports additional Directory servers, they must be installed as expansion servers. For more information, see Setting up Directory failover and load balancing.
  8. On the Help Improve Genetec™ Products page, select how much you want to participate in our data collection, and click Next.

    A short description of each option and a link to our Global Privacy Policy are available by clicking View more details.

  9. On the Database Server page, select an SQL database, and click Next.
    The following options are available:
    Use an existing database server
    Selects an existing Microsoft SQL Server instance on this machine, or another server.
    Best Practice: Replace (local) with either the computer name or hostname, and port, if required.

    For example: DB_SERVER.GENETEC.COM,1433\SQLEXPRESS

    You must use a computer name or hostname if you are configuring the Directory for load balancing. For more information on load balancing, see Directory failover and load balancing.

    If you are upgrading from a supported version of Security Center, the installer automatically upgrades all databases that your system requires.

    If you are using an old version of SQL Server Express, you get the option to upgrade your database server to SQL Server 2019 Express Edition if the following conditions are met:
    • You are running a version of Windows that supports SQL Server 2019 Express Edition. This means the 64-bit version of Windows 10 or Windows Server 2016 or later.
    • Your current version of SQL Server is upgradable to SQL Server 2019 Express Edition. This means one of the following versions:
      • SQL Server 2012 SP4 Express, version 11.0.7001.0 or later
      • SQL Server 2014 SP2 Express, version 12.0.5000.0 or later
      • SQL Server 2016 Express, version 13.0.1601.5 or later
      • SQL Server 2017 Express, version 14.0.1000.169 or later
    Install a new database server
    Installs Microsoft SQL Server 2019 Express Edition on this computer. You must choose a database server name. The default is SQLEXPRESS.
    NOTE: The database server name is not case-sensitive, but it must meet all of the following criteria:
    • It cannot be the same name as an existing SQL instance on your server.
    • It cannot match any of the SQL Server reserved keywords, such as DEFAULT, PRIMARY, and so on.
    • It cannot be longer than 16 characters.
    • The first character of the instance name must be a letter or an underscore (_). Acceptable letters are defined by the Unicode Standard 2.0, including Latin characters a-z and A-Z, and letter characters from other languages.
    • Subsequent characters can be letters defined by the Unicode Standard 2.0, decimal numbers from Basic Latin or other national scripts, the dollar sign ($), or an underscore (_).
    • It cannot contain spaces or the following characters: \ , : ; ' & # @
    NOTE: SQL Server 2019 Express is only supported on the 64-bit version of Windows 10 and Windows Server 2016 and later. If the version of Windows you are running is not one of these, quit the Security Center installation, download SQL Server 2014 Express SP3 from Microsoft Download Center, and install it first before installing Security Center.
    Use an existing Azure SQL database
    Selects a predefined Microsoft Azure SQL database.
  10. On the Database Server Authentication page, select the database server authentication method.
    The following options are available:
    Windows authentication
    This is the default option. We recommend using this method wherever possible. With Windows authentication, users who are already logged onto Windows do not need to log on separately to SQL Server. The only time you cannot use Windows authentication is if you are using an Azure SQL database.
    SQL Server and Windows authentication (mixed mode)
    Use the mixed mode if you are using an Azure SQL database. You must also provide the credentials to be used to connect to SQL Server.
  11. On the Service Logon Parameters page, set the username and password used to run Security Center services.
    1. Select one of the following options:
      Use default name and password
      Select this option to use the LocalSystem account to run your Security Center services. The LocalSystem account has extensive privileges on the local computer, and acts as the computer on the network.
      Specify the username and password for all services
      Select this option if you want to restrict the privileges granted to the service user. Enter a valid domain username and a strong password, and record them in a safe place. You must provide these credentials every time you upgrade your Security Center software. Use industry best practices for creating strong passwords.
      IMPORTANT: Make sure the service user is a local administrator and not a domain administrator. The service user must have sufficient rights to the local or remote database, and Log on as service user rights. If this server will host the Active Directory role, the specified user must also have read and write access to the Active Directory that you want the server to connect to.
      NOTE: The service user automatically creates all the necessary databases when the system is started for the first time. For this reason, the service user needs the SQL Server role, dbCreator, for its first run. After the databases are created, you can remove the dbCreator role.

      To avoid having to grant the dbCreator role to the service user, you can create the databases required by the Security Center roles yourself, as empty databases. When the system is started for the first time, the service user only has to create the tables, without going through the database creations. For the list of Security Center roles that need a database and the minimum SQL Server roles they require, see About connecting to SQL Server with an account that has administrative privileges.

      You can also deny the service user the dbCreator role and create the databases later. In this case, the Security Center roles that require a database will fail at system startup. You must then create the databases and restart each role manually. You can also change the service user later from Microsoft Management Console.

    2. Click Next.
  12. On the Server Configuration page, set the server connection parameters.
    1. Complete the following fields:
      Server port
      The TCP port through which the servers in your system communicate.
      Web server port
      The HTTP port that is used for the web-based Server Admin. If you change the default port, the Server Admin address must include the port number in the URL. For example, http://computer:port/Genetec instead of http://computer/Genetec. The link to Server Admin, accessible through Start menu, automatically includes this port.
      CAUTION:
      Watch out for conflicts with other software, such as a Skype, running on the server that might use port 80.
      Password/Confirm password
      Enter and confirm the password to open the web-based Server Admin.
      Best Practice: If you are upgrading your Security Center installation, the existing server password is kept by default. If you were using a blank password, we recommend that you enter a new one that contains at least one uppercase character, one lowercase character, one number and one special character.
      IMPORTANT: If you lose the server password, call Genetec™ Technical Support to reset it.
    2. Click Next.
  13. On the Firewall Rules page, grant the installer permission to automatically configure the Windows Firewall for Security Center, and click Next.
    NOTE: This option only affects the Windows Firewall. After installation, you must also configure the required ports on other firewalls that control Security Center communication. Firewall ports must also be updated after a major upgrade. For more information about firewall ports, see the Security Center Administrator Guide.
  14. If old configuration files (ConfigurationFiles\*.gconfig) are detected on your computer, you have the option to select which configuration to use. This step is skipped if you are upgrading your system.
    Keep existing settings
    Use the existing configuration files detected for an older release of the current major version (5.11). This option is hidden if Security Center 5.11 was never installed on this computer.
    Deploy new settings
    Disregard any existing configuration files you might have on your computer and install the default configuration files for the version you are installing.
    Use settings found in <Security Center Installation Folder>
    Use the configuration files found in an older Security Center installation folder. This option is only available if an older major version of Security Center is detected.
  15. On the Security Settings page, configure features to make your system more secure.
    • Select Recommended to set the default security settings, and click Install to start the installation.

      The recommended security settings are:

    • Select Custom (Advanced) to configure the security settings, and click Next.
  16. If you selected Custom (Advanced), configure the security settings.
    1. Configure the following settings:
      Always validate the Directory certificate
      Select this option to force all client and server applications on the current machine to validate the identity certificate of the Directory before connecting to it.
      Best Practice: If you enable Directory authentication, it is best to use a certificate issued by a trusted certificate authority (CA). Otherwise, the first time this computer connects to the Directory, the user is prompted to confirm the identity of the Directory server.

      For more information, see What is Directory authentication?.

      Turn off basic authentication
      Basic access authentication for cameras is turned off by default to prevent camera credentials from being compromised when the Archiver connects to a video unit.
      IMPORTANT: When this option is selected, cameras that only support basic access authentication will not work.
      Tip: Most recent video unit models support digest access authentication. If you are not sure whether your cameras support digest or not, leave the default setting as is. After installation, if some cameras do not work, you can always turn basic access authentication on again.
      Automatically check for security and enhancement updates for Genetec™ products
      Select this option to allow GUS to automatically check for updates of all installed Genetec™ products.
      Enable Genetec™ Update Service (GUS) integration in Security Center
      Enable this option to make GUS available in Config Tool.
    2. Select I acknowledge that I have read and understood the implications of selecting these security settings, and click Install to start the installation.
  17. On Installation Completed page, select the required post-installation options, and click Finish.
    If you selected Launch Server Admin, Server Admin opens in a browser window. Before using Security Center, you must connect to Server Admin and activate your product license.

    If you selected Connect me to GTAP for the latest updates now and your machine has Internet access, you are connected to the Genetec™ Product Download page on GTAP. You need a username and a password to log in.

    If you selected Launch Security Desk, Security Desk opens automatically. However, you cannot log on to the Directory until your product license is activated.

    If you get a message asking you to restart your computer, click Yes.

    If you get a warning message that the SQL Server 2019 telemetry service cannot be disabled, disable it manually.

Results

The Security Center main server is now installed.

After you finish

Do the following:
  • Activate your product license from the Server Admin.
  • Configure Genetec™ Update Service.
  • If required, install Security Center on expansion servers.