To add processing power to your Security Center system, you can install expansion servers and connect them to the main server.
Before you begin
- Prepare to install Security Center.
- Install the Security Center main server, and ensure that it is up and running.
What you should know
- The Genetec™ Server service without
the Directory role.
- Server Admin
- Genetec™ Watchdog
- (Optional) Client applications: Config Tool, Security Desk, or both.
Procedure
-
Right-click either setup.exe (standalone version) or
SecurityCenterWebSetup.exe (web version), and click
Run as administrator.
The InstallShield Wizard opens.NOTE: Only the standalone installer is illustrated in this procedure.
- On the Choose Setup Language page, select the language of the InstallShield Wizard, and click Next.
-
On the welcome page, click Next.
Links to relevant Security Center information are provided.
-
On the License Agreement page, read the terms in the
Software License Agreement, select I accept the terms in
the license agreement, and click
Next.
If you are upgrading from a previous major version, a Backward Compatibility notice opens. Ensure that you understand the backward compatibility requirements before proceeding.
-
On the Cached MSI Files Verification page, select one of
the following options and click Next.
- Recommended
- It is particularly important to ensure that all MSI files cached by Windows Installer are present on your system before proceeding with the installation if you are upgrading your system or changing your installation. If a cached MSI file is found missing, installation is interrupted and instructions are provided on how to resolve the issue.
- Advanced
- Select this option only if you are an experienced Security Center installer. This option mirrors the behavior found in Security Center 5.12.1.0 and earlier versions. Note that if a cached MSI file is missing, no assistance is provided.
-
On the Custom Setup page, select the Security Center
features to install, specify the destination folder, and click
Next.
NOTE: Server is mandatory. All other features are optional.
To specify the destination folder, click Change. You can change only the root folder where the Genetec Security Center 5.12 folder is created. On a 64-bit machine, the default root folder is C:\Program Files (x86).
-
On the Genetec™ Security Center Language Selection page,
select the user interface language for Security Center applications, and click
Next.
NOTE: Online help for Security Center applications is not available in all languages supported by the user interface.Tip: After installing Security Center, you can change the user interface language with the Language Tool found in the Genetec Security Center program group in the Start menu.
-
On the Installation Type page, select Expansion
server, and click Next.
-
On the Database Server page, select an SQL database, if
required, and click Next.
The following options are available:
- Use an existing database server
- Selects an existing Microsoft SQL Server instance on the local
machine or another server.Tip: Click Browse to see a list of SQL Server instances you can connect to in a dialog box. If you do not see the SQL Server instance you want, close the dialog box and enter its name manually.Best Practice: Replace
(local)
with either the computer name or hostname, and port, if required.For example:
DB_SERVER.GENETEC.COM,1433\SQLEXPRESS
Use a computer name or hostname if you are configuring the Directory for load balancing. For more information, see Directory failover and load balancing.
If you are upgrading from a supported version of Security Center, the installer automatically upgrades all databases that your system requires.
If you are using an old version of SQL Server Express, you can upgrade your database server to SQL Server 2022 Express Advanced if the following conditions are met:- You are running a version of Windows that supports SQL Server 2022 Express Advanced. This means the 64-bit version of Windows 10, Windows 11, or Windows Server 2016 or later.
- Your current version of SQL Server is upgradable to
SQL Server 2022 Express Advanced. This means one of
the following versions:
- SQL Server 2012 SP4 Express, version 11.0.7001.0 or later
- SQL Server 2014 SP3 Express, version 12.0.6024.0 or later
- SQL Server 2016 SP3 Express, version 13.0.6300.2 or later
- SQL Server 2017 Express, version 14.0.1000.169 or later
- SQL Server 2019 Express, version 15.0.2000.5 or later
- Install a new database server
-
Installs Microsoft SQL Server 2022 Express Advanced on this
computer. You must choose a database server name. The
default is SQLEXPRESS.
NOTE: The database server name is not case-sensitive but must meet all following criteria:
- It cannot be the same name as an existing SQL instance on your server.
- It cannot match any of the SQL Server reserved keywords, such as DEFAULT, PRIMARY, and so on.
- It cannot be longer than 16 characters.
- The first character of the instance name must be a letter or an underscore (_). Acceptable letters are defined by the Unicode Standard 2.0, including Latin characters a-z and A-Z, and letter characters from other languages.
- Subsequent characters can be letters defined by the Unicode Standard 2.0, decimal numbers from Basic Latin, or other national scripts, the dollar sign ($), or an underscore (_).
- It cannot contain spaces or the following characters: \ , : ; ' & # @
NOTE: SQL Server 2022 Express is supported only on the 64-bit version of Windows 10, Windows 11, and Windows Server 2016 and later. If the version of Windows you are running is not one of these, quit the Security Center installation, download SQL Server 2014 Express SP3 from Microsoft Download Center, and install it first before installing Security Center. - Use an existing Azure SQL database
- Selects a predefined Microsoft Azure SQL database.
- Do not select a database server now
- Install this expansion server without a database. Roles that need a database cannot be hosted on this server. A SQL database can be added later.
-
On the Database Server Authentication page, select the
database server authentication method.
-
Select one of the following options:
- Windows authentication
- This is the default option. We recommend using this method wherever possible. With Windows authentication, users who are already logged on to Windows do not need to log on separately to SQL Server. The only time you cannot use Windows authentication is if you are using an Azure SQL database.
- SQL Server and Windows authentication (mixed mode)
- Use the mixed mode if you are using an Azure SQL database. Also provide the credentials to be used to connect to SQL Server.
- Click Next.
-
Select one of the following options:
-
On the Service Logon Parameters page, set the username and
password used to run Security Center
services.
-
Select one of the following options:
- Use default name and password
- Select this option to use the LocalSystem account to run your Security Center services. The LocalSystem account has extensive privileges on the local computer and acts as the computer on the network.
- Specify the username and password for all services
- Select this option if you want to restrict the privileges
granted to the service user. Enter a valid domain username
and a strong password, and record them in a safe place. You
must provide these credentials every time you upgrade your
Security Center software. Use industry best
practices for creating strong passwords.
IMPORTANT: Make sure that the service user is a local administrator and not a domain administrator. The service user must have sufficient rights to the local or remote database, and Log on as service user rights. If this server hosts the Active Directory role, the specified user must also have read and write access to the Active Directory that you want the server to connect to.NOTE: The service user automatically creates all the necessary databases when the system is started for the first time. For this reason, the service user needs the SQL Server role, dbCreator, for its first run. After the databases are created, you can remove the dbCreator role.
To avoid having to grant the dbCreator role to the service user, you can create the databases required by the Security Center roles yourself, as empty databases. When the system is started for the first time, the service user has to create only the tables, without going through the database creations. For the list of Security Center roles that need a database and the minimum SQL Server roles they require, see About connecting to SQL Server with an account that has administrative privileges.
You can also deny the service user the dbCreator role and create the databases later. In this case, the Security Center roles that require a database fail at system startup. Then create the databases and restart each role manually. You can also change the service user later from Microsoft Management Console.
- Click Next.
-
Select one of the following options:
-
On the Server Configuration page, set the server
connection parameters.
-
Complete the following fields:
- Server port
- The TCP port through which the servers in your system communicate.
- Web server port
- The HTTP port that is used for the web-based Server Admin. If you change the default port, the
Server Admin address must include the
port number in the URL. For example, http://computer:port/Genetec
instead of http://computer/Genetec. The link to Server Admin, accessible through Start menu,
automatically includes this port.CAUTION:Watch out for conflicts with other software, such as a Skype, running on the server that might use port 80.
- Server address
- The hostname or IP address and port used to connect to the
main server.
If you changed the default port number (5500) of the main server, enter the correct number here.
- Password/Confirm password
- Enter and confirm the main server password.
- Click Next.
-
Complete the following fields:
-
On the Firewall Rules page, grant the installer permission
to configure automatically the Windows Firewall for Security Center, and click
Next.
NOTE: This option affects only the Windows Firewall. After installation, you must also configure the required ports on other firewalls that control Security Center communication. Firewall ports must also be updated after a major upgrade. For more information about firewall ports, see the Security Center Administrator Guide.
-
If old configuration files (ConfigurationFiles\*.gconfig)
are detected on your computer, you can select which configuration to use. This
step is skipped if you are upgrading your system.
-
Select one of the following options:
- Keep existing settings
- Use the existing configuration files detected for an older release of the current major version (5.12). This option is hidden if Security Center 5.12 was never installed on this computer.
- Deploy new settings
- Disregard any existing configuration files you might have on your computer and install the default configuration files for the version you are installing.
- Use settings found in <Security Center Installation Folder>
- Use the configuration files found in an older Security Center installation Directory role. This option is available only if an older major version of Security Center is detected.
- Click Next.
-
Select one of the following options:
-
On the Security Settings page, configure features to make
your system more secure.
- Select Recommended to set the default security
settings, and click Install to start the
installation.
The recommended security settings are:
- If the certificate is self-signed, whitelist the identity certificate of the first Directory server this machine connects to.
- Disable basic access authentication for cameras in favor of the more secure digest access authentication.
- Automatically check for software updates.
- Enable Genetec™ Update Service (GUS) integration in Security Center.
- Select Custom (Advanced) to configure the security settings, and click Next.
- Select Recommended to set the default security
settings, and click Install to start the
installation.
-
If you selected Custom (Advanced), configure the
security settings.