Installing the Security Center main server - Security Center 5.9.4.0

Security Center Installation and Upgrade Guide 5.9.4.0

Applies to
Security Center 5.9.4.0
Last updated
2020-11-05
Content type
Guides
Guides > Installation guides
Language
English
Product
Security Center
Version
5.9

The main server in your Security Center system hosts the Directory role. You must install the main server first.

What you should know

A main server installation includes the following:
  • The Genetec™ Server service with the Directory role.
    • Server Admin
    • Genetec™ Watchdog
  • (Optional) Client applications: Config Tool, Security Desk, or both.
  • (Optional) Omnicast™ compatibility packs to view video from federated Omnicast™ systems.

Procedure

  1. Right-click either setup.exe (standalone version) or SecurityCenterWebSetup.exe (web version), and click Run as administrator.
    The InstallShield Wizard opens.
    NOTE: Only the standalone installer is illustrated in this procedure.
  2. On the Choose Setup Language page, select the language of the InstallShield Wizard, and click Next.
  3. On the welcome page, click Next.

    Links to relevant Security Center information are provided.

  4. On the License Agreement page, read the terms in the Software License Agreement, select I accept the terms in the license agreement, and then click Next.
    If you are upgrading from a previous version, a Backward Compatibility notice opens. Ensure that you understand the backward compatibility requirements before proceeding.
  5. On the Custom Setup page, select the Security Center features to install, specify the destination folder, and then click Next.

    You must select Server from the list. All other features are optional.

    For the destination folder, you can only change the root folder where the Genetec Security Center 5.9 folder is created. On a 64-bit machine, the default root folder is C:\Program Files (x86).

  6. On the Genetec™ Security Center Language Selection page, select the user interface language for Security Center applications, and click Next.
    NOTE: Online help for Security Center applications is not available in all languages. For language availability, see Documentation updates in Security Center 5.9.3.0.
    Tip: After installing Security Center, you can change the user interface language with the Language Tool found in the Genetec™ Security Center program group in the Start menu.
  7. On the Installation Type page, select Main server, and click Next.
    IMPORTANT: There must only be one Main server installation per system. If your Security Center license supports additional Directory servers, they must be installed as expansion servers. For more information, see Setting up Directory failover and load balancing.
  8. On the Help Improve Genetec™ Products page, select how much you want to participate in our data collection, and click Next.

    A short description of each option and a link to our Global Privacy Policy are available by clicking View more details.

  9. On the Database Server page, select an SQL database, and click Next.
    The following options are available:
    Use an existing database server
    Selects an existing Microsoft SQL Server instance on this machine, or another server.
    Best Practice: Replace (local) with either the computer name or hostname, and port, if required.

    For example: DB_SERVER.GENETEC.COM,1433\SQLEXPRESS

    You must use a computer name or hostname if you are configuring the Directory for load balancing. For more information on load balancing, see Directory failover and load balancing.

    If you are upgrading from a supported version of Security Center, the installer automatically upgrades all databases that your system requires.

    Install a new database server
    Installs Microsoft SQL Server 2014 Express Edition on this machine. You must choose a database server name. The default is SQLEXPRESS.
    NOTE: The database server name is not case-sensitive, but it must meet all of the following criteria:
    • It cannot match any of the SQL Server reserved keywords, such as DEFAULT, PRIMARY, and so on.
    • It cannot be longer than 16 characters.
    • The first character of the instance name must be a letter or an underscore (_). Acceptable letters are defined by the Unicode Standard 2.0, including Latin characters a-z and A-Z, and letter characters from other languages.
    • Subsequent characters can be letters defined by the Unicode Standard 2.0, decimal numbers from Basic Latin or other national scripts, the dollar sign ($), or an underscore (_).
    • It cannot contain spaces or the following characters: \ , : ; ' & # @
  10. On the Service Logon Parameters page, set the username and password used to run Security Center services.
    1. Select one of the following options:
      Use default name and password
      Use the default username (LocalSystem).
      Specify the username and password for all services
      Enter a valid domain username and a strong password, and record them in a safe place. You must provide these credentials every time you upgrade your Security Center software. Use industry best practices for creating strong passwords.
      IMPORTANT: Make sure the service user is a local administrator and not a domain administrator. The service user must have sufficient rights to the local or remote database, and Log on as service user rights. If this server will host the Active Directory role, the specified user must also have read and write access to the Active Directory that you want the server to connect to.
      NOTE: You can change the service logon user later from Microsoft Management Console.
    2. Click Next.
  11. On the Server Configuration page, set the server connection parameters.
    1. Complete the following fields:
      Server port
      The TCP port through which the servers in your system communicate.
      Web server port
      The HTTP port that is used for the web-based Server Admin. If you change the default port, the Server Admin address must include the port number in the URL. For example, http://computer:port/Genetec instead of http://computer/Genetec. The link to Server Admin, accessible through Start menu, automatically includes this port.
      CAUTION:
      Watch out for conflicts with other software, such as a Skype, running on the server that might use port 80.
      Password/Confirm password
      Enter and confirm the password to open the web-based Server Admin.
      Best Practice: If you are upgrading your Security Center installation, the existing server password is kept by default. If you were using a blank password, we recommend that you enter a new one that contains at least one uppercase character, one lowercase character, one number and one special character.
      IMPORTANT: If you lose the server password, call Genetec™ Technical Support to reset it.
    2. Click Next.
  12. On the Firewall Rules page, grant the installer permission to automatically configure the Windows Firewall for Security Center, and click Next.
    NOTE: This option only affects the Windows Firewall. After installation, you must also configure the required ports on other firewalls that control Security Center communication.
    • If WinPcap 4.1.3 is not installed, the WinPcap Installation page opens.
    • If WinPcap 4.1.3 is already installed, the Security Settings page opens.
  13. On the WinPcap Installation page, select Install WinPcap, if required, and click Next.

    WinPcap captures diagnostic data for units and other services in Security Center. If you require assistance, this data can help Genetec™ technical support troubleshoot your issue.

    WinPcap can be installed later.

  14. On the Security Settings page, configure features to make your system more secure.
    • Select Recommended to set the default security settings, and click Install to start the installation.

      The recommended security settings are:

    • Select Custom (Advanced) to configure the security settings, and click Next.
  15. If you selected Custom (Advanced), configure the security settings.
    1. Configure the following settings:
      Always validate the Directory certificate
      Select this option to force all client and server applications on the current machine to validate the identity certificate of the Directory before connecting to it.
      Best Practice: If you enable Directory authentication, it is best to use a certificate issued by a trusted certificate authority (CA). Otherwise, the first time this computer connects to the Directory, the user is prompted to confirm the identity of the Directory server.

      For more information, see What is Directory authentication?.

      Turn off basic authentication
      Basic access authentication for cameras is turned off by default to prevent camera credentials from being compromised when the Archiver connects to a video unit.
      IMPORTANT: When this option is selected, cameras that only support basic access authentication will not work.
      Tip: Most recent video unit models support digest access authentication. If you are not sure whether your cameras support digest or not, leave the default setting as is. After installation, if some cameras do not work, you can always turn basic access authentication on again.
      Automatically check for security and enhancement updates for Genetec™ products
      Select this option to allow GUS to automatically check for updates of all installed Genetec™ products.
      Enable Genetec™ Update Service (GUS) integration in Security Center
      Enable this option to make GUS available in Config Tool.
    2. Select I acknowledge that I have read and understood the implications of selecting these security settings, and click Install to start the installation.
  16. If you chose to install WinPcap 4.1.3, follow the WinPcap 4.1.3 Setup Wizard that opens.
    1. On the Installation options page, select Automatically start the WinPcap driver at boot time.
    2. Click Install.
  17. On Installation Completed page, select the required post-installation options, and click Finish.
    If you selected Launch Server Admin, Server Admin opens in a browser window. Before using Security Center, you must connect to Server Admin and activate your product license.

    If you selected Connect me to GTAP for the latest updates now and your machine has Internet access, you are connected to the Genetec™ Product Download page on GTAP. You need a username and a password to log in.

    If you selected Launch Security Desk, Security Desk opens automatically. However, you cannot log on to the Directory until your product license is activated.

    If you get a message asking you to restart your computer, click Yes.

Results

The Security Center main server is now installed.

After you finish

Do the following:
  • Activate your product license from the Server Admin.
  • Configure Genetec™ Update Service.
  • If required, install Security Center on expansion servers.