The main server is the only server in your Security Center system that hosts the Directory role. You must install the main server first so that other servers can connect to it. You must also activate your Security Center license on the main server.
Before you begin
What you should know
- The Genetec™
with the Directory role.
When installing Genetec™ Server, Server Admin and Genetec™ Watchdog are also installed. The installer creates and upgrades all the databases that your system requires. You must specify the name of your database server. If you do not have one, Microsoft SQL Server 2014 Express Edition is installed by default.
- (Optional) Client applications (Config Tool, Security Desk, or both).
- (Optional) Omnicast™ compatibility packs to view video from federated Omnicast™ systems.
Right-click either setup.exe (standalone version) or
SecurityCenterWebSetup.exe (web version) and click
Run as administrator to launch the Security
NOTE: Only the standalone InstallShield Wizard is illustrated in this procedure.
On the Setup Language selection page, select either
English or French, and click Next.
The Welcome to the InstallShield Wizard screen appears.
On the Welcome page, click Next.
Links are provided to view relevant Security Center documentation online, or in PDF format.
- On the License Agreement page, read the terms in the Software License Agreement, select I accept the terms in the license agreement, and then click Next.
On the Custom Setup page, select the Security
Center applications you want to
You can choose from the following:
- Installs the Genetec™ Server service, the SQL Server databases, the Server Admin, and the Genetec™ Watchdog service.
- (Optional) Client
- Installs the Security Center Client applications. You can choose either Config Tool, Security Desk, or both.
- (Optional) Omnicast™ Compatibility Packs
- If Omnicast™ systems will be federated, select the required Omnicast™ compatibility packs.
To change the installation folder, click Change, and
You can only change the root folder where the product subfolder (Genetec Security Center 5.7) will be created. On a 64-bit machine, the default root folder is C:\Program Files (x86).
On the Genetec™ Security Center Language Selection page,
select the user interface language for Security
Center applications, and click
NOTE: Online help for Security Center applications is not available in all languages. For language availability, see About the documentation in Security Center 5.7 SR1.Tip: After the installation, you can change the user interface language any time using the Language Tool found in the Tools subfolder of the Genetec™ Security Center program group.
On the Installation Type page, select Main
server, and click Next.
IMPORTANT: You must not use the Main server installation type more than once per system. If your Security Center license supports additional Directory servers, all Directory servers that are not your main server must be installed as expansion servers. For more information, see Setting up Directory failover and load balancing.
On the Help Improve Genetec™ Products page, select one of
the following data collection options:
- Yes, I want to participate
- (Default) You agree to share your system data and your system ID
with Genetec Inc. to
facilitate proactive support and improve communication.Two types of data are being collected:
- Health data
- Directories, roles, units, and entities that you have in your system, and their availability (up and down times).
- System configuration data
- Machines, operating systems, and installed Genetec™ products and their versions.
If you are a Genetec™ Advantage customer, you can monitor your system data from a single place, through the System Availability Monitor (SAM) page on GTAP. The data is updated close to real time (every 15 minutes). To benefit from this service, you must enter your activation code, which you can obtain from GTAP. For information about generating an activation code, see Generating activation codes for the System Availability Monitor Agent.
- Yes, I want to participate, but anonymously
- You agree to share your system data with Genetec Inc., but you want that information to remain anonymous. Genetec Inc. will not receive any data (system ID, machine names, entity names) that identify your company. No activation code is required. Health data is anonymized by your local System Availability Monitor Agent (SAMA) before being sent to a dedicated Health Monitoring Service in the cloud. No identifiable data will ever leave your network. The anonymized data is used by Genetec Inc. for statistical purposes and cannot be accessed through GTAP.
- No, I do not want to participate
- No data is collected for product improvement.
Regardless which option you chose, the data is always transmitted on a secured channel (HTTPS). The selection you make here is applied to all future components that you install on your system. However, after the installation, you can change your data collection preference from the Main server page in Server Admin.
- Click Next.
On the Database Server page, select one of the following
- Use an existing database server
- Select an existing Microsoft SQL Server instance to install the
As a best practice, replace (local) with your machine name. You must use your machine name if you are configuring the Directory for load balancing.
- Install a new database server
- Installs Microsoft SQL Server 2014 Express Edition. You must choose a database server name. The default is SQLEXPRESS. NOTE: The database server name is not case-sensitive, but it must meet all of the following criteria:
- It cannot match any of the SQL Server reserved keywords, such as DEFAULT, PRIMARY, and so on. For a complete list of all reserved keywords, see https://msdn.microsoft.com/en-us/library/ms189822.aspx.
- It cannot be longer than 16 characters.
- The first character of the instance name must be a letter or an underscore (_). Acceptable letters are defined by the Unicode Standard 2.0, including Latin characters a-z and A-Z, and letter characters from other languages.
- Subsequent characters can be letters defined by the Unicode Standard 2.0, decimal numbers from Basic Latin or other national scripts, the dollar sign ($), or an underscore (_).
- Embedded spaces or other special characters are not allowed: backslash (\), comma (,), colon (:), semi-colon (;), single quotation mark ('), ampersand (&), number sign (#), and at sign (@).
- Click Next.
On the Service Logon Parameters page, select one of the
- Use default name and password
- Use the default username (LocalSystem) to run the Security Center services. This option works in most cases.
- Specify the username and password for all services
- Enter a valid domain username and a strong password, and write them
down in a safe place. You need to provide these credentials every
time you upgrade your Security
Center software. Use industry best
practices for creating strong passwords.IMPORTANT: Make sure the service user is a local administrator and not a domain administrator. The service user must have the rights to the local or remote database, and the Log on as service user rights. If this server is to host the Active Directory role, the specified user must have Read and Write access to the Active Directory you want the server to connect to.
- Click Next.
On the Server Configuration page, enter the following
- Server port
- The TCP port through which the servers in your system communicate.
- Web server port
- The HTTP port that is used for the web-based Server
Admin. If you change the default port,
then the Server
Admin address must include
the port number in the URL (for example,
http://computer:port/Genetec instead of
http://computer/ Genetec). The link to Server
Admin (accessible through
Start menu) automatically includes this port.CAUTION:Be aware of conflicts with other software running on the server that may also use port 80 (for example, a web browser).
- Password/Confirm password
- Enter and confirm the password (minimum 8 characters) to open the web-based Server
Admin.Best Practice: If you are upgrading your Security Center installation, the existing server password is kept by default. If you were using a blank password, we recommend that you enter a new one. Use industry best practices for creating strong passwords.IMPORTANT: If you lose the server password, call Genetec™ Technical Support to reset it.
- Click Next.
On the Firewall Rules page, select Allow
5.7 to create necessary firewall rules for its
applications, and click Next.
This option ensures that the internal Windows Firewall security rules are configured correctly.NOTE: You must also configure the Security Center ports on your corporate firewall after the installation.
On the WinPcap Installation page, select the
Install WinPcap option and click
This dialog box does not appear if WinPcap 4.1.3 is already installed. With this option, you can capture diagnostic data for units and other services in Security Center. This data is used by the Genetec™ Technical Support team if you require assistance. If the WinPcap installation does not start immediately you will be prompted to install it at a later time.
On the Security Settings page, select one of the following
- (Default) Select the default security settings.
- Whitelist the identity certificate of the first Directory this machine connects to, if the certificate is self-signed.
- Turn off the basic authentication for cameras.
- Automatically check for software updates.
- Custom (Advanced)
- Select this option to configure your own security settings on the next page.
- Click Next.
If you selected the Custom (Advanced) option in the
previous page, configure the following options:
- Always validate the Directory certificate
- Select this option to force all client and server applications on
the current machine to validate the identity certificate of the
Directory before connecting to it.Best Practice: If you choose to enable Directory authentication, it is best to use a certificate issued by a trusted certificate authority (CA). Otherwise, the first time a connection is made from this computer to the Directory, the user is prompted to confirm the identity of the Directory server.
For more information, see What is Directory authentication?.
- Turn off basic authentication
- Basic camera authentication is turned off by default to prevent
camera credentials from being compromised when the Archiver connects
to a video unit.IMPORTANT: When this option is selected, cameras that only support basic authentication cannot be used in Security Center.NOTE: If necessary, you can configure this option individually for each camera manufacturer extension in Config Tool from the Archiver's Extensions tab.
- Automatically check for security and enhancement updates for Genetec™ products
- Select this option to allow Genetec™ Update Service to check automatically for updates of all installed Genetec™ products.
Select I acknowledge that I have read and understood the
implications of selecting these security settings, and click
The Genetec™ Security Center Installer opens and starts the installation.
If you chose to install WinPcap 4.1.3, the WinPcap 4.1.3 Setup
- In the WinPcap 4.1.3 Setup Wizard, follow the installation instructions.
- On the Installation options page, select the Automatically start the WinPcap driver at boot time option, and click Install.
- Click Finish, and continue with the Security Center installation.
(Optional) When the Installation Completed page opens,
click View Installation logs to open the folder that
contains the Installation logs that can be viewed in Notepad.