Installing Security Center on the main server - Security Center 5.7 SR1

Security Center Installation and Upgrade Guide 5.7 SR1

series
Security Center 5.7 SR1
revised_modified
2018-01-23

The main server is the only server in your Security Center system that hosts the Directory role. You must install the main server first so that other servers can connect to it. You must also activate your Security Center license on the main server.

What you should know

The main server installation procedure installs the following:
  • The Genetec™ Server service with the Directory role.

    When installing Genetec™ Server, Server Admin and Genetec™ Watchdog are also installed. The installer creates and upgrades all the databases that your system requires. You must specify the name of your database server. If you do not have one, Microsoft SQL Server 2014 Express Edition is installed by default.

  • (Optional) Client applications (Config Tool, Security Desk, or both).
  • (Optional) Omnicast™ compatibility packs to view video from federated Omnicast™ systems.

Procedure

  1. Right-click either setup.exe (standalone version) or SecurityCenterWebSetup.exe (web version) and click Run as administrator to launch the Security Center Installer.
    NOTE: Only the standalone InstallShield Wizard is illustrated in this procedure.
  2. On the Setup Language selection page, select either English or French, and click Next.
    The Welcome to the InstallShield Wizard screen appears.

  3. On the Welcome page, click Next.
    Links are provided to view relevant Security Center documentation online, or in PDF format.
  4. On the License Agreement page, read the terms in the Software License Agreement, select I accept the terms in the license agreement, and then click Next.
  5. On the Custom Setup page, select the Security Center applications you want to install.

    You can choose from the following:
    Server
    Installs the Genetec™ Server service, the SQL Server databases, the Server Admin, and the Genetec™ Watchdog service.
    (Optional) Client
    Installs the Security Center Client applications. You can choose either Config Tool, Security Desk, or both.
    (Optional) Omnicast™ Compatibility Packs
    If Omnicast™ systems will be federated, select the required Omnicast™ compatibility packs.
  6. To change the installation folder, click Change, and click Next.
    You can only change the root folder where the product subfolder (Genetec Security Center 5.7) will be created. On a 64-bit machine, the default root folder is C:\Program Files (x86).
  7. On the Genetec™ Security Center Language Selection page, select the user interface language for Security Center applications, and click Next.
    NOTE: Online help for Security Center applications is not available in all languages. For language availability, see About the documentation in Security Center 5.7 SR1.
    Tip: After the installation, you can change the user interface language any time using the Language Tool found in the Tools subfolder of the Genetec™ Security Center program group.
  8. On the Installation Type page, select Main server, and click Next.
    IMPORTANT: You must not use the Main server installation type more than once per system. If your Security Center license supports additional Directory servers, all Directory servers that are not your main server must be installed as expansion servers. For more information, see Setting up Directory failover and load balancing.

  9. On the Help Improve Genetec™ Products page, select one of the following data collection options:

    Yes, I want to participate
    (Default) You agree to share your system data and your system ID with Genetec Inc. to facilitate proactive support and improve communication.
    Two types of data are being collected:
    Health data
    Directories, roles, units, and entities that you have in your system, and their availability (up and down times).
    System configuration data
    Machines, operating systems, and installed Genetec™ products and their versions.

    If you are a Genetec™ Advantage customer, you can monitor your system data from a single place, through the System Availability Monitor (SAM) page on GTAP. The data is updated close to real time (every 15 minutes). To benefit from this service, you must enter your activation code, which you can obtain from GTAP. For information about generating an activation code, see Generating activation codes for the System Availability Monitor Agent.

    Yes, I want to participate, but anonymously
    You agree to share your system data with Genetec Inc., but you want that information to remain anonymous. Genetec Inc. will not receive any data (system ID, machine names, entity names) that identify your company. No activation code is required. Health data is anonymized by your local System Availability Monitor Agent (SAMA) before being sent to a dedicated Health Monitoring Service in the cloud. No identifiable data will ever leave your network. The anonymized data is used by Genetec Inc. for statistical purposes and cannot be accessed through GTAP.
    No, I do not want to participate
    No data is collected for product improvement.

    Regardless which option you chose, the data is always transmitted on a secured channel (HTTPS). The selection you make here is applied to all future components that you install on your system. However, after the installation, you can change your data collection preference from the Main server page in Server Admin.

  10. (Optional) Click View more details to view a short description of each option and a link to our Privacy Policy.
  11. Click Next.
  12. On the Database Server page, select one of the following options:

    Use an existing database server
    Select an existing Microsoft SQL Server instance to install the database on.

    As a best practice, replace (local) with your machine name. You must use your machine name if you are configuring the Directory for load balancing.

    Install a new database server
    Installs Microsoft SQL Server 2014 Express Edition. You must choose a database server name. The default is SQLEXPRESS.
    NOTE: The database server name is not case-sensitive, but it must meet all of the following criteria:
    • It cannot match any of the SQL Server reserved keywords, such as DEFAULT, PRIMARY, and so on. For a complete list of all reserved keywords, see https://msdn.microsoft.com/en-us/library/ms189822.aspx.
    • It cannot be longer than 16 characters.
    • The first character of the instance name must be a letter or an underscore (_). Acceptable letters are defined by the Unicode Standard 2.0, including Latin characters a-z and A-Z, and letter characters from other languages.
    • Subsequent characters can be letters defined by the Unicode Standard 2.0, decimal numbers from Basic Latin or other national scripts, the dollar sign ($), or an underscore (_).
    • Embedded spaces or other special characters are not allowed: backslash (\), comma (,), colon (:), semi-colon (;), single quotation mark ('), ampersand (&), number sign (#), and at sign (@).
  13. Click Next.
  14. On the Service Logon Parameters page, select one of the following options:

    Use default name and password
    Use the default username (LocalSystem) to run the Security Center services. This option works in most cases.
    Specify the username and password for all services
    Enter a valid domain username and a strong password, and write them down in a safe place. You need to provide these credentials every time you upgrade your Security Center software. Use industry best practices for creating strong passwords.
    IMPORTANT: Make sure the service user is a local administrator and not a domain administrator. The service user must have the rights to the local or remote database, and the Log on as service user rights. If this server is to host the Active Directory role, the specified user must have Read and Write access to the Active Directory you want the server to connect to.
  15. Click Next.
  16. On the Server Configuration page, enter the following fields:

    Server port
    The TCP port through which the servers in your system communicate.
    Web server port
    The HTTP port that is used for the web-based Server Admin. If you change the default port, then the Server Admin address must include the port number in the URL (for example, http://computer:port/Genetec instead of http://computer/ Genetec). The link to Server Admin (accessible through Start menu) automatically includes this port.
    CAUTION:
    Be aware of conflicts with other software running on the server that may also use port 80 (for example, a web browser).
    Password/Confirm password
    Enter and confirm the password (minimum 8 characters) to open the web-based Server Admin.
    Best Practice: If you are upgrading your Security Center installation, the existing server password is kept by default. If you were using a blank password, we recommend that you enter a new one. Use industry best practices for creating strong passwords.
    IMPORTANT: If you lose the server password, call Genetec™ Technical Support to reset it.
  17. Click Next.
  18. On the Firewall Rules page, select Allow Genetec™ Security Center 5.7 to create necessary firewall rules for its applications, and click Next.

    This option ensures that the internal Windows Firewall security rules are configured correctly.
    NOTE: You must also configure the Security Center ports on your corporate firewall after the installation.
  19. On the WinPcap Installation page, select the Install WinPcap option and click Next.

    This dialog box does not appear if WinPcap 4.1.3 is already installed. With this option, you can capture diagnostic data for units and other services in Security Center. This data is used by the Genetec™ Technical Support team if you require assistance. If the WinPcap installation does not start immediately you will be prompted to install it at a later time.

  20. On the Security Settings page, select one of the following options:

    Recommended
    (Default) Select the default security settings.
    • Whitelist the identity certificate of the first Directory this machine connects to, if the certificate is self-signed.
    • Turn off the basic authentication for cameras.
    • Automatically check for software updates.
    Custom (Advanced)
    Select this option to configure your own security settings on the next page.
  21. Click Next.
  22. If you selected the Custom (Advanced) option in the previous page, configure the following options:

    Always validate the Directory certificate
    Select this option to force all client and server applications on the current machine to validate the identity certificate of the Directory before connecting to it.
    Best Practice: If you choose to enable Directory authentication, it is best to use a certificate issued by a trusted certificate authority (CA). Otherwise, the first time a connection is made from this computer to the Directory, the user is prompted to confirm the identity of the Directory server.

    For more information, see What is Directory authentication?.

    Turn off basic authentication
    Basic camera authentication is turned off by default to prevent camera credentials from being compromised when the Archiver connects to a video unit.
    IMPORTANT: When this option is selected, cameras that only support basic authentication cannot be used in Security Center.
    NOTE: If necessary, you can configure this option individually for each camera manufacturer extension in Config Tool from the Archiver's Extensions tab.
    Automatically check for security and enhancement updates for Genetec™ products
    Select this option to allow Genetec™ Update Service to check automatically for updates of all installed Genetec™ products.
  23. Select I acknowledge that I have read and understood the implications of selecting these security settings, and click Install.
    The Genetec™ Security Center Installer opens and starts the installation.
  24. If you chose to install WinPcap 4.1.3, the WinPcap 4.1.3 Setup Wizard opens:
    1. In the WinPcap 4.1.3 Setup Wizard, follow the installation instructions.
    2. On the Installation options page, select the Automatically start the WinPcap driver at boot time option, and click Install.
    3. Click Finish, and continue with the Security Center installation.
  25. (Optional) When the Installation Completed page opens, click View Installation logs to open the folder that contains the Installation logs that can be viewed in Notepad.