Installing the Security Center main server - Security Center 5.12.2.0

Security Center Installation and Upgrade Guide 5.12.2.0

Product
Security Center
Content type
Guides > Installation guides
Version
5.12
Release
5.12.2.0
Language
English
Last updated
2024-08-08

The main server in your Security Center system hosts the Directory role. You must install the main server first.

What you should know

A main server installation includes the following:
  • The Genetecâ„¢ Server service with the Directory role.
    • Server Admin
    • Genetecâ„¢ Watchdog
  • (Optional) Client applications: Config Tool, Security Desk, or both.

Procedure

  1. Right-click either setup.exe (standalone version) or SecurityCenterWebSetup.exe (web version), and click Run as administrator.
    The InstallShield Wizard opens.
    NOTE: Only the standalone installer is illustrated in this procedure.
  2. On the Choose Setup Language page, select the language of the InstallShield Wizard, and click Next.
  3. On the welcome page, click Next.
    The Welcome page of the Security Center InstallShield Wizard.

    Links to relevant Security Center information are provided.

  4. On the License Agreement page, read the terms in the Software License Agreement, select I accept the terms in the license agreement, and click Next.
    If you are upgrading from a previous major version, a Backward Compatibility notice opens. Ensure that you understand the backward compatibility requirements before proceeding.
  5. On the Cached MSI Files Verification page, select one of the following options and click Next.
    The Cached MSI Files Verification page of the Security Center InstallShield Wizard.
    Recommended
    It is particularly important to ensure that all MSI files cached by Windows Installer are present on your system before proceeding with the installation if you are upgrading your system or changing your installation. If a cached MSI file is found missing, installation is interrupted and instructions are provided on how to resolve the issue.
    Advanced
    Select this option only if you are an experienced Security Center installer. This option mirrors the behavior found in Security Center 5.12.1.0 and earlier versions. Note that if a cached MSI file is missing, no assistance is provided.
    For more information on cached MSI files, click Explanation on missing cached MSI files.
  6. On the Custom Setup page, select the Security Center features to install, specify the destination folder, and click Next.
    NOTE: Server is mandatory. All other features are optional.
    The Custom Setup page of the Security Center InstallShield Wizard.

    To specify the destination folder, click Change. You can change only the root folder where the Genetec Security Center 5.12 folder is created. On a 64-bit machine, the default root folder is C:\Program Files (x86).

  7. On the Genetecâ„¢ Security Center Language Selection page, select the user interface language for Security Center applications, and click Next.
    NOTE: Online help for Security Center applications is not available in all languages supported by the user interface.
    Tip: After installing Security Center, you can change the user interface language with the Language Tool found in the Genetec Security Center program group in the Start menu.
  8. On the Installation Type page, select Main server, and click Next.
    IMPORTANT: There must be only one Main server installation per system. If your Security Center license supports more Directory servers, they must be installed as expansion servers. For more information, see Setting up Directory failover and load balancing.
    The Installation Type page of the Security Center InstallShield Wizard, with Main server option selected.
  9. On the Help Improve Genetecâ„¢ Products page, select how much you want to participate in our data collection, and click Next.
    The Help Improve Genetec Products page of the Security Center InstallShield Wizard.

    A short description of each option and a link to our Global Privacy Policy are available by clicking View more details.

  10. On the Database Server page, select an SQL database, and click Next.
    The Database Server page of the Security Center InstallShield Wizard.
    The following options are available:
    Use an existing database server
    Selects an existing Microsoft SQL Server instance on the local machine or another server.
    Tip: Click Browse to see a list of SQL Server instances you can connect to in a dialog box. If you do not see the SQL Server instance you want, close the dialog box and enter its name manually.
    Best Practice: Replace (local) with either the computer name or hostname, and port, if required.

    For example: DB_SERVER.GENETEC.COM,1433\SQLEXPRESS

    Use a computer name or hostname if you are configuring the Directory for load balancing. For more information, see Directory failover and load balancing.

    If you are upgrading from a supported version of Security Center, the installer automatically upgrades all databases that your system requires.

    If you are using an old version of SQL Server Express, you can upgrade your database server to SQL Server 2022 Express Advanced if the following conditions are met:
    • You are running a version of Windows that supports SQL Server 2022 Express Advanced. This means the 64-bit version of Windows 10, Windows 11, or Windows Server 2016 or later.
    • Your current version of SQL Server is upgradable to SQL Server 2022 Express Advanced. This means one of the following versions:
      • SQL Server 2012 SP4 Express, version 11.0.7001.0 or later
      • SQL Server 2014 SP3 Express, version 12.0.6024.0 or later
      • SQL Server 2016 SP3 Express, version 13.0.6300.2 or later
      • SQL Server 2017 Express, version 14.0.1000.169 or later
      • SQL Server 2019 Express, version 15.0.2000.5 or later
    Install a new database server
    Installs Microsoft SQL Server 2022 Express Advanced on this computer. You must choose a database server name. The default is SQLEXPRESS.
    NOTE: The database server name is not case-sensitive but must meet all following criteria:
    • It cannot be the same name as an existing SQL instance on your server.
    • It cannot match any of the SQL Server reserved keywords, such as DEFAULT, PRIMARY, and so on.
    • It cannot be longer than 16 characters.
    • The first character of the instance name must be a letter or an underscore (_). Acceptable letters are defined by the Unicode Standard 2.0, including Latin characters a-z and A-Z, and letter characters from other languages.
    • Subsequent characters can be letters defined by the Unicode Standard 2.0, decimal numbers from Basic Latin, or other national scripts, the dollar sign ($), or an underscore (_).
    • It cannot contain spaces or the following characters: \ , : ; ' & # @
    NOTE: SQL Server 2022 Express is supported only on the 64-bit version of Windows 10, Windows 11, and Windows Server 2016 and later. If the version of Windows you are running is not one of these, quit the Security Center installation, download SQL Server 2014 Express SP3 from Microsoft Download Center, and install it first before installing Security Center.
    Use an existing Azure SQL database
    Selects a predefined Microsoft Azure SQL database.
  11. On the Database Server Authentication page, select the database server authentication method.
    The Database Server Authentication page of the Security Center InstallShield Wizard.
    1. Select one of the following options:
      Windows authentication
      This is the default option. We recommend using this method wherever possible. With Windows authentication, users who are already logged on to Windows do not need to log on separately to SQL Server. The only time you cannot use Windows authentication is if you are using an Azure SQL database.
      SQL Server and Windows authentication (mixed mode)
      Use the mixed mode if you are using an Azure SQL database. Also provide the credentials to be used to connect to SQL Server.
    2. Click Next.
  12. On the Service Logon Parameters page, set the username and password used to run Security Center services.
    The Server Logon Parameters page of the Security Center InstallShield Wizard.
    1. Select one of the following options:
      Use default name and password
      Select this option to use the LocalSystem account to run your Security Center services. The LocalSystem account has extensive privileges on the local computer and acts as the computer on the network.
      Specify the username and password for all services
      Select this option if you want to restrict the privileges granted to the service user. Enter a valid domain username and a strong password, and record them in a safe place. You must provide these credentials every time you upgrade your Security Center software. Use industry best practices for creating strong passwords.
      IMPORTANT: Make sure that the service user is a local administrator and not a domain administrator. The service user must have sufficient rights to the local or remote database, and Log on as service user rights. If this server hosts the Active Directory role, the specified user must also have read and write access to the Active Directory that you want the server to connect to.
      NOTE: The service user automatically creates all the necessary databases when the system is started for the first time. For this reason, the service user needs the SQL Server role, dbCreator, for its first run. After the databases are created, you can remove the dbCreator role.

      To avoid having to grant the dbCreator role to the service user, you can create the databases required by the Security Center roles yourself, as empty databases. When the system is started for the first time, the service user has to create only the tables, without going through the database creations. For the list of Security Center roles that need a database and the minimum SQL Server roles they require, see About connecting to SQL Server with an account that has administrative privileges.

      You can also deny the service user the dbCreator role and create the databases later. In this case, the Security Center roles that require a database fail at system startup. Then create the databases and restart each role manually. You can also change the service user later from Microsoft Management Console.

    2. Click Next.
  13. On the Server Configuration page, set the server connection parameters.
    The Server Configuration page of the Security Center InstallShield Wizard.
    1. Complete the following fields:
      Server port
      The TCP port through which the servers in your system communicate.
      Web server port
      The HTTP port that is used for the web-based Server Admin. If you change the default port, the Server Admin address must include the port number in the URL. For example, http://computer:port/Genetec instead of http://computer/Genetec. The link to Server Admin, accessible through Start menu, automatically includes this port.
      CAUTION:
      Watch out for conflicts with other software, such as a Skype, running on the server that might use port 80.
      Password and Confirm password
      Enter and confirm the password to open the web-based Server Admin.
      Best Practice: If you are upgrading your Security Center installation, the existing server password is kept by default. If you are using a blank password, we recommend that you enter a new one that contains at least one uppercase character, one lowercase character, one number, and one special character.
      IMPORTANT: If you lose the server password, call Genetec Technical Support to reset it.
    2. Click Next.
  14. On the Firewall Rules page, grant the installer permission to configure automatically the Windows Firewall for Security Center, and click Next.
    The Firewall Rules page of the Security Center InstallShield Wizard.
    NOTE: This option affects only the Windows Firewall. After installation, you must also configure the required ports on other firewalls that control Security Center communication. Firewall ports must also be updated after a major upgrade. For more information about firewall ports, see the Security Center Administrator Guide.
  15. If old configuration files (ConfigurationFiles\*.gconfig) are detected on your computer, you can select which configuration to use. This step is skipped if you are upgrading your system.
    The Configuration Settings page of the Security Center InstallShield Wizard.
    1. Select one of the following options:
      Keep existing settings
      Use the existing configuration files detected for an older release of the current major version (5.12). This option is hidden if Security Center 5.12 was never installed on this computer.
      Deploy new settings
      Disregard any existing configuration files you might have on your computer and install the default configuration files for the version you are installing.
      Use settings found in <Security Center Installation Folder>
      Use the configuration files found in an older Security Center installation Directory role. This option is available only if an older major version of Security Center is detected.
    2. Click Next.
  16. On the Security Settings page, configure features to make your system more secure.