Installing Security Center on an expansion server - Security Center 5.7 GA

Security Center Installation and Upgrade Guide 5.7 GA

series
Security Center 5.7 GA
revised_modified
2017-10-25

To add processing power to your Security Center system, you can add expansion servers that connect to the main server.

Before you begin

What you should know

The expansion server installation procedure installs the following:
  • The Genetec™ Server service without the Directory role.

    When installing Genetec™ Server, Server Admin and Genetec™ Watchdog are also installed. The installer creates and upgrades all the databases that your system requires. You must specify the name of your database server. If you do not have one, Microsoft SQL Server 2014 Express Edition is installed by default.

  • (Optional) Client applications (Config Tool, Security Desk, or both).
  • (Optional) Omnicast™ compatibility packs to view video from federated Omnicast™ systems.

Procedure

  1. Right-click either setup.exe (standalone version) or SecurityCenterWebSetup.exe (web version) and click Run as administrator to launch the Security Center Installer.
    NOTE: Only the standalone InstallShield Wizard is illustrated in this procedure.
  2. On the Setup Language selection page, select either English or French, and click Next.
    The Welcome to the InstallShield Wizard screen appears.

  3. On the Welcome page, click Next.
    Links are provided to view relevant Security Center documentation online, or in PDF format.
  4. On the License Agreement page, read the terms in the Software License Agreement, select I accept the terms in the license agreement, and then click Next.
  5. On the Custom Setup page, select the Security Center applications you want to install.

    You can choose from the following:
    Server
    Installs the Genetec™ Server service, the SQL Server databases, the Server Admin, and the Genetec™ Watchdog service.
    (Optional) Client
    Installs the Security Center Client applications. You can choose either Config Tool, Security Desk, or both.
    (Optional) Omnicast™ Compatibility Packs
    If Omnicast™ systems will be federated, select the required Omnicast™ compatibility packs.
  6. To change the installation folder, click Change, and click Next.
    You can only change the root folder where the product subfolder (Genetec Security Center 5.7) will be created. On a 64-bit machine, the default root folder is C:\Program Files (x86).
  7. On the Genetec™ Security Center Language Selection page, select the user interface language for Security Center applications, and click Next.
    NOTE: Online help for Security Center applications is not available in all languages. For language availability, see About the documentation in Security Center 5.7 GA.
    Tip: After the installation, you can change the user interface language any time using the Language Tool found in the Tools subfolder of the Genetec™ Security Center program group.
  8. On the Installation Type page, select Expansion server, and click Next.

  9. On the Database Server page, select one of the following options:

    Use an existing database server
    Select an existing Microsoft SQL Server instance to install the database on.

    As a best practice, replace (local) with your machine name. You must use your machine name if you are configuring the Directory for load balancing.

    Install a new database server
    Installs Microsoft SQL Server 2014 Express Edition. You must choose a database server name. The default is SQLEXPRESS.
    NOTE: The database server name is not case-sensitive, but it must meet all of the following criteria:
    • It cannot match any of the SQL Server reserved keywords, such as DEFAULT, PRIMARY, and so on. For a complete list of all reserved keywords, see https://msdn.microsoft.com/en-us/library/ms189822.aspx.
    • It cannot be longer than 16 characters.
    • The first character of the instance name must be a letter or an underscore (_). Acceptable letters are defined by the Unicode Standard 2.0, including Latin characters a-z and A-Z, and letter characters from other languages.
    • Subsequent characters can be letters defined by the Unicode Standard 2.0, decimal numbers from Basic Latin or other national scripts, the dollar sign ($), or an underscore (_).
    • Embedded spaces or other special characters are not allowed: backslash (\), comma (,), colon (:), semi-colon (;), single quotation mark ('), ampersand (&), number sign (#), and at sign (@).
  10. Click Next.
  11. On the Service Logon Parameters page, select one of the following options:

    Use default name and password
    Use the default username (LocalSystem) to run the Security Center services. This option works in most cases.
    Specify the username and password for all services
    Enter a valid domain username and a strong password, and write them down in a safe place. You need to provide these credentials every time you upgrade your Security Center software. Use industry best practices for creating strong passwords.
    IMPORTANT: Make sure the service user is a local administrator and not a domain administrator. The service user must have the rights to the local or remote database, and the Log on as service user rights. If this server is to host the Active Directory role, the specified user must have Read and Write access to the Active Directory you want the server to connect to.
  12. Click Next.
  13. On the Server Configuration page, enter the following fields:

    Server port
    The TCP port through which the servers in your system communicate.
    Web server port
    The HTTP port that is used for the web-based Server Admin. If you change the default port, then the Server Admin address must include the port number in the URL (for example, http://computer:port/Genetec instead of http://computer/ Genetec). The link to Server Admin (accessible through Start menu) automatically includes this port.
    CAUTION:
    Be aware of conflicts with other software running on the server that may also use port 80 (for example, a web browser).
    Server address
    The DNS name or IP address of the main server.

    If you changed the port number (5500) on the main server, enter the correct port number in the field that follows.

    Password/Confirm password
    Enter the same password that was used to configure the main server. Once connected, the main server password is pushed to all expansion servers.
  14. On the Firewall Rules page, select Allow Genetec™ Security Center 5.7 to create necessary firewall rules for its applications, and click Next.

    This option ensures that the internal Windows Firewall security rules are configured correctly.
    NOTE: You must also configure the Security Center ports on your corporate firewall after the installation.
  15. On the WinPcap Installation page, select the Install WinPcap option and click Next.

    This dialog box does not appear if WinPcap 4.1.3 is already installed. With this option, you can capture diagnostic data for units and other services in Security Center. This data is used by the Genetec™ Technical Support team if you require assistance. If the WinPcap installation does not start immediately you will be prompted to install it at a later time.

  16. On the Security Settings page, select one of the following options:

    Recommended
    (Default) Select the default security settings.
    • Whitelist the identity certificate of the first Directory this machine connects to, if the certificate is self-signed.
    • Turn off the basic authentication for cameras.
    • Automatically check for software updates.
    Custom (Advanced)
    Select this option to configure your own security settings on the next page.
  17. Click Next.
  18. If you selected the Custom (Advanced) option in the previous page, configure the following options:

    Always validate the Directory certificate
    Select this option to force all client and server applications on the current machine to validate the identity certificate of the Directory before connecting to it.
    Best Practice: If you choose to enable Directory authentication, it is best to use a certificate issued by a trusted certificate authority (CA). Otherwise, the first time a connection is made from this computer to the Directory, the user is prompted to confirm the identity of the Directory server.

    For more information, see What is Directory authentication?.

    Turn off basic authentication
    Basic camera authentication is turned off by default to prevent camera credentials from being compromised when the Archiver connects to a video unit.
    IMPORTANT: When this option is selected, cameras that only support basic authentication cannot be used in Security Center.
    NOTE: If necessary, you can configure this option individually for each camera manufacturer extension in Config Tool from the Archiver's Extensions tab.
    Automatically check for security and enhancement updates for Genetec™ products
    Select this option to allow Genetec™ Update Service to check automatically for updates of all installed Genetec™ products.
  19. Select I acknowledge that I have read and understood the implications of selecting these security settings, and click Install.
    The Genetec™ Security Center Installer opens and starts the installation.
  20. If you chose to install WinPcap 4.1.3, the WinPcap 4.1.3 Setup Wizard opens:
    1. In the WinPcap 4.1.3 Setup Wizard, follow the installation instructions.
    2. On the Installation options page, select the Automatically start the WinPcap driver at boot time option, and click Install.
    3. Click Finish, and continue with the Security Center installation.
  21. (Optional) When the Installation Completed page opens, click View Installation logs to open the folder that contains the Installation logs that can be viewed in Notepad.

  22. Click Finish.

    If you selected the Launch Server Admin option at the end of the installation, the Server Admin browser window opens.

    If you selected the Connect me to GTAP for the latest updates now option, your Internet browser opens to the Genetec™ Product Download page on GTAP. You need a username and a password to log on to GTAP.

    If you selected the Launch Security Desk option, Security Desk opens automatically. However, you cannot log on to the Directory until your product license is activated.

    If you get a message asking you to restart your computer, click Yes.

Results

Security Center is now installed on the expansion server.