Installing the Security Center main server - Security Center 5.8 GA

The main server in your Security Center system hosts the Directory role. You must install the main server first.

1. Right-click either setup.exe (standalone version) or SecurityCenterWebSetup.exe (web version), and click Run as administrator.
   The InstallShield Wizard opens.

   NOTE: Only the standalone installer is illustrated in this procedure.
2. On the Setup Language page, select the language of the InstallShield Wizard, and click Next.
3. On the welcome page, click Next.
   

   Links to relevant Security Center information are provided.

4. On the License Agreement page, read the terms in the Software License Agreement, select I accept the terms in the license agreement, and then click Next.
   If you are upgrading from a previous version, a Backward Compatibility notice opens. Ensure that you understand the backward compatibility requirements before proceeding.
5. On the Custom Setup page, select the Security Center features to install, specify the destination folder, and then click Next.
   

   You must select Server from the list. All other features are optional.

   For the destination folder, you can only change the root folder where the Genetec Security Center 5.8 folder is created. On a 64-bit machine, the default root folder is C:\Program Files (x86).

6. On the Genetec™ Security Center Language Selection page, select the user interface language for Security Center applications, and click Next.
   NOTE: Online help for Security Center applications is not available in all languages. For language availability, see About the documentation in Security Center 5.8 GA.

   Tip: After installing Security Center, you can change the user interface language with the Language Tool found in the Genetec™ Security Center program group in the Start menu.
7. On the Installation Type page, select Main server, and click Next.
   IMPORTANT: There must only be one Main server installation per system. If your Security Center license supports additional Directory servers, they must be installed as expansion servers. For more information, see Setting up Directory failover and load balancing.

   

8. On the Help Improve Genetec™ Products page, select how much you want to participate in our data collection, and click Next.
   

   A short description of each option and a link to our Global Privacy Policy are available by clicking View more details.

9. On the Database Server page, select an SQL database, and click Next.
   

   The following options are available:

   Use an existing database server

   Selects an existing Microsoft SQL Server instance on this machine, or another server.

   Best Practice: Replace (local) with the computer name. You must use a computer name if you are configuring the Directory for load balancing. For more information on load balancing, see Directory failover and load balancing.

   If you are upgrading from a supported version of Security Center, the installer automatically upgrades all databases that your system requires.

   Install a new database server

   Installs Microsoft SQL Server 2014 Express Edition on this machine. You must choose a database server name. The default is SQLEXPRESS.

   NOTE: The database server name is not case-sensitive, but it must meet all of the following criteria:

   • It cannot match any of the SQL Server reserved keywords, such as DEFAULT, PRIMARY, and so on.
   • It cannot be longer than 16 characters.
   • The first character of the instance name must be a letter or an underscore (_). Acceptable letters are defined by the Unicode Standard 2.0, including Latin characters a-z and A-Z, and letter characters from other languages.
   • Subsequent characters can be letters defined by the Unicode Standard 2.0, decimal numbers from Basic Latin or other national scripts, the dollar sign ($), or an underscore (_).
   • It cannot contain spaces or the following characters: \ , : ; ' & # @

10. On the Service Logon Parameters page, set the username and password used to run Security Center services.
    
    1. Select one of the following options:

       Use default name and password

       Use the default username (LocalSystem).

       Specify the username and password for all services

       Enter a valid domain username and a strong password, and record them in a safe place. You must provide these credentials every time you upgrade your Security Center software. Use industry best practices for creating strong passwords.

       IMPORTANT: Make sure the service user is a local administrator and not a domain administrator. The service user must have sufficient rights to the local or remote database, and Log on as service user rights. If this server will host the Active Directory role, the specified user must also have read and write access to the Active Directory that you want the server to connect to.

       NOTE: You can change the service logon user later from Microsoft Management Console.

    2. Click Next.
11. On the Server Configuration page, set the server connection parameters.
    
    1. Complete the following fields:

       Server port

       The TCP port through which the servers in your system communicate.

       Web server port

       The HTTP port that is used for the web-based Server Admin. If you change the default port, the Server Admin address must include the port number in the URL. For example, http://computer:port/Genetec instead of http://computer/Genetec. The link to Server Admin, accessible through Start menu, automatically includes this port.

       CAUTION:

       Watch out for conflicts with other software, such as a Skype, running on the server that might use port 80.

       Password/Confirm password

       Enter and confirm the password to open the web-based Server Admin.

       Best Practice: If you are upgrading your Security Center installation, the existing server password is kept by default. If you were using a blank password, we recommend that you enter a new one that contains at least one uppercase character, one lowercase character, one number and one special character.

       IMPORTANT: If you lose the server password, call Genetec™ Technical Support to reset it.

    2. Click Next.
12. On the Firewall Rules page, grant the installer permission to automatically configure the Windows Firewall for Security Center, and click Next.
    

    NOTE: This option only affects the Windows Firewall. After installation, you must also configure the required ports on other firewalls that control Security Center communication.
    • If WinPcap 4.1.3 is not installed, the WinPcap Installation page opens.
    • If WinPcap 4.1.3 is already installed, the Security Settings page opens.
13. On the WinPcap Installation page, select Install WinPcap, if required, and click Next.
    

    WinPcap captures diagnostic data for units and other services in Security Center. If you require assistance, this data can help Genetec™ technical support troubleshoot your issue.

    WinPcap can be installed later.

14. On the Security Settings page, configure features to make your system more secure.
    
    • Select Recommended to set the default security settings, and click Install to start the installation.

      The recommended security settings are:

      • If the certificate is self-signed, whitelist the identity certificate of the first Directory server this machine connects to.
      • Disable basic access authentication for cameras in favor of the more secure digest access authentication.
      • Automatically check for software updates.
      • Enable Genetec™ Update Service (GUS) integration in Security Center.
    • Select Custom (Advanced) to configure the security settings, and click Next.
15. If you selected Custom (Advanced), configure the security settings.
    
    1. Configure the following settings:

       Always validate the Directory certificate

       Select this option to force all client and server applications on the current machine to validate the identity certificate of the Directory before connecting to it.

       Best Practice: If you enable Directory authentication, it is best to use a certificate issued by a trusted certificate authority (CA). Otherwise, the first time this computer connects to the Directory, the user is prompted to confirm the identity of the Directory server.

       For more information, see What is Directory authentication?.

       Turn off basic authentication

       Basic access authentication for cameras is turned off by default to prevent camera credentials from being compromised when the Archiver connects to a video unit.

       IMPORTANT: When this option is selected, cameras that only support basic access authentication will not work.

       Tip: Most recent video unit models support digest access authentication. If you are not sure whether your cameras support digest or not, leave the default setting as is. After installation, if some cameras do not work, you can always turn basic access authentication on again.

       Automatically check for security and enhancement updates for Genetec™ products

       Select this option to allow GUS to automatically check for updates of all installed