The main server in your Security Center system hosts the Directory role. You must install the main server first.
Before you begin
What you should know
- The Genetec™
Server service with
the Directory role.
- Server Admin
- Genetec™ Watchdog
- (Optional) Client applications: Config Tool, Security Desk, or both.
- (Optional) Omnicast™ compatibility packs to view video from federated Omnicast™ systems.
Right-click either setup.exe (standalone version) or
SecurityCenterWebSetup.exe (web version), and click
Run as administrator.
The InstallShield Wizard opens.NOTE: Only the standalone installer is illustrated in this procedure.
- On the Setup Language page, select the language of the InstallShield Wizard, and click Next.
On the welcome page, click Next.
Links to relevant Security Center information are provided.
On the License Agreement page, read the terms in the
Software License Agreement, select I accept the terms in
the license agreement, and then click
If you are upgrading from a previous version, a Backward Compatibility notice opens. Ensure that you understand the backward compatibility requirements before proceeding.
On the Custom Setup page, select the Security
Center features to install, specify
the destination folder, and then click Next.
You must select Server from the list. All other features are optional.
For the destination folder, you can only change the root folder where the Genetec Security Center 5.8 folder is created. On a 64-bit machine, the default root folder is C:\Program Files (x86).
On the Genetec™ Security Center Language Selection page,
select the user interface language for Security
Center applications, and click
NOTE: Online help for Security Center applications is not available in all languages. For language availability, see About the documentation in Security Center 5.8 GA.Tip: After installing Security Center, you can change the user interface language with the Language Tool found in the Genetec™ Security Center program group in the Start menu.
On the Installation Type page, select Main
server, and click Next.
IMPORTANT: There must only be one Main server installation per system. If your Security Center license supports additional Directory servers, they must be installed as expansion servers. For more information, see Setting up Directory failover and load balancing.
On the Help Improve Genetec™ Products page, select how
much you want to participate in our data collection, and click
On the Database Server page, select an SQL database, and
The following options are available:
- Use an existing database server
- Selects an existing Microsoft SQL Server instance on this machine,
or another server. Best Practice: Replace (local) with the computer name. You must use a computer name if you are configuring the Directory for load balancing. For more information on load balancing, see Directory failover and load balancing.
If you are upgrading from a supported version of Security Center, the installer automatically upgrades all databases that your system requires.
- Install a new database server
- Installs Microsoft SQL Server 2014 Express Edition on this machine.
You must choose a database server name. The default is SQLEXPRESS.NOTE: The database server name is not case-sensitive, but it must meet all of the following criteria:
- It cannot match any of the SQL Server reserved keywords, such as DEFAULT, PRIMARY, and so on.
- It cannot be longer than 16 characters.
- The first character of the instance name must be a letter or an underscore (_). Acceptable letters are defined by the Unicode Standard 2.0, including Latin characters a-z and A-Z, and letter characters from other languages.
- Subsequent characters can be letters defined by the Unicode Standard 2.0, decimal numbers from Basic Latin or other national scripts, the dollar sign ($), or an underscore (_).
- It cannot contain spaces or the following characters: \ , : ; ' & # @
On the Service Logon Parameters page, set the username and
password used to run Security
Select one of the following options:
- Use default name and password
- Use the default username (LocalSystem).
- Specify the username and password for all services
- Enter a valid domain username and a strong password, and
record them in a safe place. You must provide these
credentials every time you upgrade your Security
Use industry best
practices for creating strong passwords.IMPORTANT: Make sure the service user is a local administrator and not a domain administrator. The service user must have sufficient rights to the local or remote database, and Log on as service user rights. If this server will host the Active Directory role, the specified user must also have read and write access to the Active Directory that you want the server to connect to.NOTE: You can change the service logon user later from Microsoft Management Console.
- Click Next.
- Select one of the following options:
On the Server Configuration page, set the server
Complete the following fields:
- Server port
- The TCP port through which the servers in your system communicate.
- Web server port
- The HTTP port that is used for the web-based Server
Admin. If you change the default port, the
Admin address must include the
port number in the URL. For example, http://computer:port/Genetec
instead of http://computer/Genetec. The link to Server
Admin, accessible through Start menu,
automatically includes this port.CAUTION:Watch out for conflicts with other software, such as a Skype, running on the server that might use port 80.
- Password/Confirm password
- Enter and confirm the password to open the web-based Server
Admin.Best Practice: If you are upgrading your Security Center installation, the existing server password is kept by default. If you were using a blank password, we recommend that you enter a new one that contains at least one uppercase character, one lowercase character, one number and one special character.IMPORTANT: If you lose the server password, call Genetec™ Technical Support to reset it.
- Click Next.
- Complete the following fields:
On the Firewall Rules page, grant the installer permission
to automatically configure the Windows Firewall for Security
Center, and click
NOTE: This option only affects the Windows Firewall. After installation, you must also configure the required ports on other firewalls that control Security Center communication.
- If WinPcap 4.1.3 is not installed, the WinPcap Installation page opens.
- If WinPcap 4.1.3 is already installed, the Security Settings page opens.
On the WinPcap Installation page, select
Install WinPcap, if required, and click
WinPcap captures diagnostic data for units and other services in Security Center. If you require assistance, this data can help Genetec™ technical support troubleshoot your issue.
WinPcap can be installed later.
On the Security Settings page, configure features to make
your system more secure.
- Select Recommended to set the default security
settings, and click Install to start the
The recommended security settings are:
- If the certificate is self-signed, whitelist the identity certificate of the first Directory server this machine connects to.
- Disable basic access authentication for cameras in favor of the more secure digest access authentication.
- Automatically check for software updates.
- Enable Genetec™ Update Service (GUS) integration in Security Center.
- Select Custom (Advanced) to configure the security settings, and click Next.
- Select Recommended to set the default security settings, and click Install to start the installation.
If you selected Custom (Advanced), configure the
Configure the following settings:
- Always validate the Directory certificate
- Select this option to force all client and server
applications on the current machine to validate the identity
certificate of the Directory before connecting to it.Best Practice: If you enable Directory authentication, it is best to use a certificate issued by a trusted certificate authority (CA). Otherwise, the first time this computer connects to the Directory, the user is prompted to confirm the identity of the Directory server.
For more information, see What is Directory authentication?.
- Turn off basic authentication
- Basic access authentication for cameras is turned off by
default to prevent camera credentials from being compromised
when the Archiver connects to a video unit.IMPORTANT: When this option is selected, cameras that only support basic access authentication will not work.Tip: Most recent video unit models support digest access authentication. If you are not sure whether your cameras support digest or not, leave the default setting as is. After installation, if some cameras do not work, you can always turn basic access authentication on again.
- Automatically check for security and enhancement updates for Genetec™ products
- Select this option to allow GUS to automatically check for updates of all installed
- Configure the following settings: