Creating Web Server roles - Security Center 5.8

Security Center Administrator Guide 5.8

series
Security Center 5.8
revised_modified
2020-08-17

Create a Web Server role to host a Web Client and to define the web address (URL) that users enter in their web browser to access Security Center Web Client.

What you should know

  • If your system will only have a single Web Server, then you can create the role using the default settings. However, if you have a complex system involving multiple private networks, you might choose to deploy multiple Web Server roles, in which case, you might need to change the default settings of each role.
  • When the Web Server role is created, it is deployed to the main server. If you have multiple Web Server roles, move each role to an expansion server so that traffic loads are well distributed.
  • The Media Gateway role is created automatically and hosted on the same server as the Web Server role.
  • If you deploy multiple instances of Web Client on the same server, make sure the URL of each is unique. Otherwise, the Web Server role turns yellow and an Entity warning event is generated.
  • If end-users will monitor video in Web Client using Mozilla Firefox or Microsoft Edge browsers, make sure that one of the following conditions is met:
    • A valid SSL certificate is installed on the server hosting the Web Server role.
      NOTE: If a third-party certificate was already installed on the server through Windows, you can apply the certificate to Security Center from Server Admin: select your server from the list, under the Secure communication section, click Select certificate, select the certificate you want, and then click Select > Save.
    • If using the default self-signed SSL certificate, make sure that the REST ports on the Media Gateway role and the Web Server port settings match; the defaults are port 80 for HTTP and port 443 for HTTPS.

Procedure

  1. From the Config Tool home page, open the System task, and click the Roles view.
  2. Click Add an entity (), and then click Web Server ().
  3. (Optional) Set Unlimited session time to ON so that users remain logged on to Web Client as long as they keep their browser window open.
    Set Unlimited session time to OFF so that users are automatically signed out of Web Client after 12 hours of inactivity.
  4. On the Basic information page, enter a name and description for the role.
  5. Select the Partition this role is a member of, and click Next.

    Only users that are members of the partition can view or modify those entities.

  6. Click Next > Create > Close.

    The new Web Server role is created.

  7. In the Web Server page, click the Properties tab.
  8. If you have multiple Web Server roles, verify that the default URL under Communications settings does not match the URL of other Web Server roles in your system. If it does, change the Web address or the port settings so that the URL of this Web Client is unique.
    The default URL of a Web Client is https://host:443/SecurityCenter, where host is the IP address or computer host name of the server that hosts the Web Server.
  9. Click Apply.

After you finish

  • If this is one of many Web Server roles, move this role to its own server.
  • To configure failover for this role, add a standby server.
  • If the default port settings conflict with other applications on your system, you can change the ports used by the Web Server and the Media Gateway roles. In the Web Server role, on the Properties page, slide the Use the default web ports of the server slider to OFF, then change the HTTP and HTTPS ports. The default settings are HTTP port 80 and HTTPS port 443. Click Apply to save your changes. Then make the same changes to the REST port settings in the Media Gateway role.