” means that you press and hold down the Alt key while you press the P key.
•
Bold type appearing in the text, or in a procedure indicates the word or the character that you should type into a text box from the keyboard. It is also used to indicate the name of the menu, button or function that you should select.
•
Italic type appearing in the text or in a procedure indicates the name of menu, dialog box or field from which an option should be selected or into which parameters should be entered.
•
Tips and notes appear in a different typeface. For example:
This is an example of notes that you may encounter throughout this Guide.
1-9
Chapter 1 - Introduction
1-10
2 Internet Information Service (IIS) Installation IIS Installation
This chapter describes the installation of the IIS. This chapter can be skipped if you have Windows 2000 & 2003 Server installed or if the IIS Server is already installed on your server.
SQL Server Installation
MGC Web Server Installation
SQL Server Configuration
Registering the Database in ODBC Defining the Server Security Properties MGC Web Commander Configuration
2-1
Chapter 2 - Internet Information Service (IIS) Installation
Installing the IIS Application (Windows NT Workstation/Professional Only) The user must be logged in with administrator rights on the server to install the IIS.
To install the Internet Information Services Application: 1. Insert the Windows NT Option Pack CD into the CD drive. 2.
Using the Windows NT browser or any other file management application, display the list of files stored on the CD.
3.
Double-click the Setup icon. The Setup Wizard opens.
4.
Click the Install hyperlink in the left frame.
5.
Click the Install Windows NT 4.0 Option Pack hyperlink. The File Download window opens.
6.
Click the Run this program from its current location option and then click OK. A window indicating the installation destination path opens.
7.
Click OK to continue. The Windows NT 4.0 Option Pack Welcome window opens.
8.
Click Next. The End User License Agreement window opens.
9.
Click Accept. The Installation Type window opens.
10. Click the Typical button to select the installation type. 11. Select the target directory for the IIS installation and click OK. The system installs the IIS application in the selected directory. 12. When the installation is complete, restart Windows NT. For a more detailed explanation on installing the IIS server, refer to Microsoft documentation.
2-2
MGC Web Server Manager Installation and Configuration Guide
Installing the Internet Service Manager Application (Windows NT Workstation Only) If you are using Windows NT Workstation and not Windows NT Server or Windows NT Professional, the Internet Service Manager must be installed. This procedure should be performed only for MGC Web Server Client installations. For more details, see Chapter 4, “Installing the MGC Web Server and MGC Web Server Manager Application” on page 4-7.
To install the Internet Service Manager Application: 1. Restart Windows NT and insert the Windows NT Option Pack CD into the CD drive. 2.
Using the Windows NT browser or any other file management application, display the list of files stored on the CD.
3.
Double-click the Setup icon. The Setup Wizard opens.
4.
Click the Add/Remove button.
5.
Select Personal Web Server from the list, and click the Show sub components button.
6.
Click on the Internet Service Manager option from the list, and click OK.
7.
The Internet Service Manager application is installed.
For a more detailed explanation on installing the Internet Service Manager, refer to Microsoft documentation.
2-3
Chapter 2 - Internet Information Service (IIS) Installation
2-4
3 SQL Server Installation IIS Installation
This chapter describes the installation of the SQL server. This chapter can be skipped if you are using only the Polycom Datastore or Access database provided with the MGC WebCommander application.
SQL Server Installation
MGC Web Server Installation
SQL Server Configuration
Registering the Database in ODBC Defining the Server Security Properties MGC Web Commander Configuration
3-1
Chapter 3 - SQL Server Installation
Installing Windows NT Service Pack 4.0 The Windows NT Service Pack 4.0 should be installed prior to installing the SQL Server to ensure the SQL Server operates smoothly. To install the Windows NT Service Pack: 1. Insert the Windows NT Service Pack 4.0 CD into the CD drive. 2.
Using the Windows NT browser or any other file management application, display the list of files stored on the CD.
3.
Double-click the Setup icon. The Setup Wizard opens.
4.
Click the Install Service Pack 4.0 option in the Section Contents list. The File Download window opens.
5.
Click the Run this program from its current location option, and then click OK. A window indicating the installation destination path opens.
6.
Click OK to continue. The Windows NT 4.0 Service Pack Welcome window appears.
7.
Click Next. The End User License Agreement window opens.
8.
Click Accept.
9.
Click the Install button.
10. At the end of the installation, restart Windows NT For a detailed explanation on installing Windows NT Service Pack 4.0 refer to Microsoft documentation.
3-2
MGC Web Server Manager Installation and Configuration Guide
Installing the SQL Server The user must be logged in with administrator rights on the server to install the SQL.
To install the SQL Server: 1. Insert the SQL Server CD into the CD drive. The Setup Wizard window opens. 2.
Double-click the Setup icon. The Setup Wizard opens.
3.
Click the Install SQL Server 7.5 and components option.
4.
Select the Desktop Edition option. The File Download window opens.
5.
Click the Local Install to local disk option, and then click Next.
6.
Click Next again to continue. The Installation Type window opens.
7.
Click Typical, and then click Next. The Service Accounts window opens.
Installing SQL in workstations having Windows NT with non-Latin Language support (Chinese, Hebrew, etc.) may cause, in some cases, an error message when configuring the database (as described in Chapter 5). In such an installation, the Custom installation may be used. For more details, see “Installing the SQL Server in Windows NT with non-Latin language support” at the end of this procedure.
8.
Select the Use the same account for each service and the Auto Start SQL Server Service options. The Service Settings dialog box opens.
9.
Click the Use a domain user account option, and then click Next.
10. Click Next to start the installation. The Setup Complete window opens when the installation is complete. 11. Click Finish to exit the SQL Server application.
3-3
Chapter 3 - SQL Server Installation
Installing the SQL Server in Windows NT with non-Latin language support: 1. Perform steps 1 to 6 in the previous procedure. 2.
In the Setup Type window, select the Custom option button.
3.
Click Next. The Select Components window opens.
4.
3-4
Click Next to install the default components.
MGC Web Server Manager Installation and Configuration Guide
The Character Set window opens.
5.
Select the following parameters: Character Set – 1252/ISO Character Set — Set Order – Dictionary order, case-insensitive — Unicode Collation – General Unicode — Check the following check boxes: Case-insensitive, Widthinsensitive and Kana-insensitive Click Next. The Network Libraries window opens. —
6. 7.
Click Next to accept the system defaults.
8.
Perform steps 8 to 11 of the previous procedure.
For a detailed explanation on installing Windows NT Service Pack 4.0 refer to Microsoft documentation.
3-5
Chapter 3 - SQL Server Installation
3-6
4 MGC Web Server Manager Installation IIS Installation
SQL Server Installation
MGC Web Server Installation
SQL Server Configuration
Registering the Database in ODBC Defining the Server Security Properties MGC Web Commander Configuration
This chapter describes the installation of the MGC Web Server. The MGC Web Server communicates with the IIS sever, the database server and the MCUs. On a clean installation of Windows NT or 2000 Server, the WebCommander is automatically installed under Default Web Site and is assigned active port 80 of the IIS. As the Default Web site is well known, it may be vulnerable to viruses. Therefore it is recommended to create a virtual directory (under a different name) to which the port 80 Web site on the IIS will be assigned, so that when installing WebCommander, the application is automatically installed under this new Web site, and not the Default Web site. Do not perform this step if there are virtual sites already in use that are residing in the Default Web site in your system, as all sites located in the Default Web site stop working after creating a new port 80 Web site. If there is already an active port 80 Web site that is not the Default Web site configured on the IIS, there is no need to create a new Web site, as the IIS is already protected. The security of the site may also be increased by installing the Cumulative Patch for Internet Information Services that can be found in: http://www.microsoft.com/technet/treeview/ default.asp?url=/technet/security/bulletin/ms02-018.asp
4-1
Chapter 4 - MGC Web Server Manager Installation
Prior to Installation and Software Upgrade If you are upgrading from a previous version, it is recommended to backup the SQL/MSDE or Access database. The WebCommander and MGC Personal Scheduler supports NT authentication when using an ODBC connection. SQL authentication is available starting with version 7.5.
Backing Up the SQL/MSDE Database To backup the SQL/MSDE database: 1. On the Start-Programs menu, click Microsoft SQL Server and then Enterprise Manager.
The SQL Server Enterprise Manager window opens.
4-2
2.
Click the [+] icon next to Microsoft SQL Server to expand the list.
3.
Click the [+] icon next to SQL Server Group to expand the list.
4.
Click the [+] icon next to to expand the list.
MGC Web Server Manager Installation and Configuration Guide
5.
Right-click the Databases folder icon. On the pop-up menu click All Tasks, and then select Backup Database.
The SQL Server Backup – General dialog box opens.
4-3
Chapter 4 - MGC Web Server Manager Installation
6.
On the General tab, select a database from the list and enter a name for the backup file, select a backup destination folder and click OK.
When the backup process is completed, the SQL Server Enterprise Manager message is displayed, indicating the backup operation was completed successfully. 7.
Click OK. The new backup file is located in the destination folder selected in step 6.
Backing up the Access Database To backup the Access database:
4-4
1.
Open the folder where the database resides.
2.
Select the database file by clicking it.
3.
From the Edit menu, select Copy, and then select Paste.
4.
The backup database file called Copy of , appears in the same folder as the original database. This file can be moved to any folder.
MGC Web Server Manager Installation and Configuration Guide
Product Validation WebCommander Version 8.0, requires product validation to operate. To validate your product it must be registered in the Polycom Resource Center Web site (http://extranet.polycom.com/csnprod/signon.html) prior to software installation or during the software installation and the key code that is retrieved is used during the software installation. Your MGC WebCommander software product is shipped with the appropriate license number (found on the software CD) and the licensed number of users. When the number of users permitted on his license is exceeded, you can upgrade the license to increase the number of WebCommander users. If you are downloading the new software version from Polycom FTP and the appropriate license number was not provided, contact your next level of support for the appropriate license number. Retrieving the Key Code from a Polycom Web Site: Access the Polycom web site http://extranet.polycom.com/csnprod/ signon.html. User ID and Password are required to access this site. If you are new to Polycom's Resource Center, you must first get a New User Account.
1.
In the Polycom's Resource Center page, login using your User ID and Password.
2.
Click Product Activation. The Activate Your Product web page opens.
3.
Select one of the following of options according to your installation type: a.
If you are upgrading from a previous version that is already registered with Polycom’s Resource Center, in the Software Upgrade Key Code box, click Retrieve Software Key Code to generate the appropriate key code.
b.
If you are registering a new product, in the Single License Number box, enter the License and Serial Number and then click Generate to retrieve the key code.
c.
If you are registering a new product with multiple licenses, create a text file with all the license numbers. In the Multiple License
4-5
Chapter 4 - MGC Web Server Manager Installation
Numbers box, click Attach File to add the text file with all your product Licenses and Serial Numbers and automatically send it to Polycom’s Resource Center. An e-mail listing all the required key codes is sent to your registered e-mail address. The retrieved Key Code together with the product’s License number are used during the product installation or upgrade.
4-6
MGC Web Server Manager Installation and Configuration Guide
Installing the MGC Web Server and MGC Web Server Manager Application Product validation procedure must be performed prior to the software upgrade. During the WebCommander installation setup, the Enter License Information window provides a link in order to access the website. For existing WebCommander users that want to upgrade to the latest version, the Polycom sales order number of your invoice is assigned as the WebCommander serial number. A Polycom sales order number is generated when a product is ordered, by a Polycom reseller or customer, from Polycom. Please keep the assigned WebCommander serial number on file, as it is needed to be referenced for downloading WebCommander software upgrades from the Polycom Resource Center web site (http:// extranet.polycom.com), or when placing service support calls. The MGC WebCommander software package is based on the type license purchased. The following product types are available: •
Professional Server – Installs the MGC Web Server, the MGC Web Server Manager, the WebCommander Configuration tool and the MGC Personal Scheduler/Client applications to enable full functionality from the Web, and conference scheduling from Microsoft Outlook. This installation allows users to schedule and start reservations, monitor, and control On Going conferences from the Web.
•
Meeting Director Server - Installs the MGC Web Server and MGC Web Server Manager applications that enables the monitoring of conferences via the Web.
•
Meeting Scheduler - Installs the MGC Web Server, the MGC Web Server Manager and the MGC Personal Scheduler applications that enable the scheduling of conferences via the Web. This module enables users to schedule and organize conferences using the Meeting Scheduler, Personal Scheduler or just the Client application.
The Installation Wizard guides you through the installation process for the MGC Web Server. When a Firewall is present on your network it is recommended that you use Port 80 for your WebCommander configuration.
4-7
Chapter 4 - MGC Web Server Manager Installation
If installing from FTP:
1.
Download the software from the FTP site and unzip the files.
2.
Open Windows Explorer and browse to the directory that contains the MGC WebCommander diskettes.
3.
Expand the Disk 1 folder and double-click the Setup.exe file. The Installation Wizard Welcome screen opens.
If installing from a CD:
1.
Insert the CD into the CD drive.
2.
From the Start menu, select Run.
3.
In the Run dialog box, enter D:Setup, where D is the CD drive name, and then click OK. The Installation Wizard Welcome screen opens.
Installation Wizard The installer must have administrator rights or domain administration rights to install software. It is also important that the password used to access the domain is permanent and does not expire after 90 days.
To Upgrade version 9.0 using an existing product License A customer may be required to upgrade the WebCommander when installing a different package from the one currently installed. When a change in the product type is required, the customer is required to enter the new license Serial Number and Key Code. 1. In the Upgrade wizard’ s Software License Agreement window, click Yes to accept and continue. The Question dialog box appears.
4-8
MGC Web Server Manager Installation and Configuration Guide
2.
Click No to use the current license number. The Question dialog box appears.
a.
Click Yes to use the existing product license and complete the installation. For more information, continue on page 11, with step 5.
b.
When you click No, you exit the installation.
New WebCommander Installations and Version Upgrades: 1. From the “Polycom Resource Center’s Web site” retrieve the KeyCode information by entering the product’s license and serial number in the Activate Your Product - Single License Number/Multiple License Numbers dialog box, for more information see “Retrieving the Key Code from a Polycom Web Site:” on page 5. The WebCommander installation disk lists the product’s license. You will be required to provide this information when running the Installation Wizard. 2.
In the Software License Agreement window, click Yes to accept and continue. The Enter License Information window opens.
4-9
Chapter 4 - MGC Web Server Manager Installation
— Click Polycom Resource Center to register your product on the Polycom Web site and retrieve your product’s Key Code. See “Retrieving the Key Code from a Polycom Web Site:” on page 5. — In the License field enter the serial number located on the Product CD — In the Key Code field enter the key code retrieved from the Polycom web site
3.
When incorrect information is entered, a Warning dialog box appears.
— Click OK, and re-type the sequence of codes. — If this dialog box re-appears, please contact customer support.
4.
Click OK and continue the installation setup. If this dialog box re-appears, please contact customer support.
In certain instances the following dialog box appears.
Click Yes, to upgrade your MDAC version and continue the installation. Windows automatically reboots after the MDAC installation, and the WebCommander installation setup restarts automatically.
4-10
MGC Web Server Manager Installation and Configuration Guide
5.
Click OK and continue the installation setup. The Software License Agreement window appears.
6.
Click Yes, to accept and continue. The Welcome window opens.
7.
Click Next. The User Information window opens.
8.
Enter the user Name and Company details and click Next.
4-11
Chapter 4 - MGC Web Server Manager Installation
The Setup Type window opens, listing the products according to the purchased package. 9.
Select the appropriate product type as follows: •
Client – Installs the MGC Web Server Manager application on a computer other than the server for remote access to the MGC Web Server. • MGC Personal Scheduler – Installs the MGC Web Server and MGC Web Server Manager applications that enable users to define, modify, and start reservations via the Web or Microsoft Outlook. • Meeting Director Server - Installs the MGC Web Server and MGC Web Server Manager applications that controls and manages On Going conferences via the Web. This module enables users to monitor the ongoing conference status, and perform various operations. • Professional Server – Installs the MGC Personal Scheduler and the Meeting Director Server components to enable full functionality from the Web, and conference scheduling from Microsoft Outlook. This installation allows users to schedule and start reservations, monitor, and control On Going conferences from the Web. 10. Click Next. The Choose Destination Location window opens. 11. Select the target path for the installation (it is recommended to accept the suggested path and directory name) and click Next. The Select Programs Folder window opens. 12. Click Next to accept the suggested group folder and name. The system starts downloading the software files. When the download is complete, a Security Configuration dialog box appears. In Secure Mode all communications between the WebCommander components (WebCommander sites, WebCommander client, Server Manager application, OperServ, WAM and MCUs) are encrypted and authenticated.
4-12
MGC Web Server Manager Installation and Configuration Guide
13. In the Security Configuration window, select whether to implement the WebCommander’s Secure Mode and click Next.
•
The Central Server Service is disabled in Secure Mode. Leave this check box cleared if you want to use the Central Server Service features such as MCU redundancy, Backup and Auto Cascading.
•
If you are upgrading from a non-secured installation, leave this check box cleared to install the new version in non-Secure Mode. Once the installation is complete, change the WebCommander security settings using the Server Manager application.
If you have selected the Secure Mode option, the Information dialog box opens indicating that the database must be configured to Secure Mode (if you have not done so prior to the WebCommander installation). For more details about Secure Mode Environment Settings, see Appendix A. 14. Click Yes to continue the installation process. 15. In the Link to PathNavigator prompt box, select whether to create a direct link to the PathNavigator gatekeeper and use its database.
4-13
Chapter 4 - MGC Web Server Manager Installation
Select: — Yes to automatically configure the link to the PathNavigator Gatekeeper. Proceed with step 16. — No, if no PathNavigator gatekeeper is installed in your environment, or to manually define the link to the PathNavigator. Proceed with step 17 on page 17.
16. If you have selected Yes, the Select Components window opens.
The following options are available: — Specify is the default setting. It enables you to manually define the link to the PathNavigator gatekeeper. — Automatically lets the WebCommander search for a PathNavigator database on all the SQL servers installed in the local domain and automatically create the link between them.
a.
4-14
To manually select the PathNavigator gatekeeper server, click Next.
MGC Web Server Manager Installation and Configuration Guide
The Enter Information window opens.
•
b.
Enter the name of the PathNavigator gatekeeper server, and click Next. • A confirmation dialog box (Server found) opens. Click OK. Select Automatically to let the system to detect automatically select the PathNavigator gatekeeper, and click Next. A confirmation dialog box opens.
•
Click Yes to enable the system to automatically search for the PathNavigator Gatekeeper, or click Cancel, to Specify the PathNavigator gatekeeper. If you have selected Yes, the Select a PathNavigator Database dialog box opens, listing the SQL Servers found in the local domain.
4-15
Chapter 4 - MGC Web Server Manager Installation
•
c.
Select the required PathNavigator Server, and then click Next.
If you have selected Cancel, the Select Components window reopens.
When you enter an incorrect name, a Warning dialog box appears.
4-16
MGC Web Server Manager Installation and Configuration Guide
17. The Site alias name window opens. The site Alias name automatically redirects participants to the correct Web site in the event that the address changes (for instance, when upgrading to a higher version). For example, the alias entered to go to the Web site can be abcABC, where abcABC is the IP address of the WebCommander server.
18. Enter the site Alias name and then click Next. The Setup Complete window opens.
4-17
Chapter 4 - MGC Web Server Manager Installation
19. At the end of the installation, click Finish to complete the installation procedure and exit the Setup Wizard. Sometimes the error message “Cannot Create Application” appears at the end of the installation. This error message may appear when there are two Web sites installed in the system. In this case, you need to manually create and configure the ConfSiteV9_0 and ConfPollerSiteV9_0 in the IIS application.
4-18
5 Configuration IIS Installation
SQL Server Installation
This chapter describes the steps required to configure the various components of the MGC Web Server, MGC WebCommander and MGC Personal Scheduler applications. This chapter also describes the Client installation and configuration, and the integration with Polycom PathNavigator. The following steps are described in this chapter:
MGC Web Server Installation
SQL Server Configuration
Registering the Database in ODBC Defining the Server Security Properties
•
SQL Server Configuration
•
Registering the database in the ODBC Data Sources
•
Integrating Polycom PathNavigator
•
Configuring the Polycom Datastore Database
•
Defining the Server Security properties
•
Configuring the Internet Information Service for Windows Authentication
•
MGC WebCommander configuration
•
MGC Personal Scheduler plug-in configuration
•
Remote installation of the MGC Personal Scheduler Client
•
Installation and Configuration of the MGC Web Server Client
MGC Web Commander Configuration
5-1
Chapter 5 - Configuration
SQL Server Configuration (For SQL/MSDE Server Installations Only) IIS Installation
SQL Server Installation
MGC Web Server Installation
SQL Server Configuration
Registering the Database in ODBC Defining the Server Security Properties MGC Web Commander Configuration
This step is required only if you have an SQL/MSDE Server installed in your configuration. In this step, the SQL/MSDE database supplied with the MGC Web Server Manager application is registered, restored and configured in the SQL Server application. When using the SQL/MSDE Server, the SQL Server must be configured to work with the SQL database supplied with the MGC Web Server. The database in the ODBC must then be configured. This step is required for both SQL/MSDE and Access databases. The following table describes the system behavior when the SQL/MSDE or the Access database is installed on a remote computer (on a computer other than the server), or on the local server (same computer as the MGC Web Server), using System Account or User Account. Whether the database is remote or local is defined during the configuration of the database, according to the desired behavior and the account type.
Local Access
Remote Access
Local SQL/ MSDE
Remote SQL/ MSDE
System Account Before Login
√
X
√
X
System Account After Login
√
X
√
X
User Account Before Login
√
X
√
√
User Account After Login
√
√
√
√
√ - Access to the database
X- No access to the database
5-2
MGC Web Server Manager Installation and Configuration Guide
Existing WebCommander Users Upgrading to the SQL/MSDE Database If you are using WebCommander with a default database and want to migrate to SQL or MSDE database you are required to install SQL or MSDE database package including the SQL database management tool, the SQL Server Enterprise Manager application. First install the database package and then install the management tools package. After installation of both components you are required to register the SQL database in the Enterprise Manager application. For more information see “Registering the SQL/MSDE Database in the SQL Enterprise Manager” on page 5-3. When complete, create an Login account in the Enterprise Manager application. For more information see “Adding an SQL/MSDE Database Login Account in the SQL Enterprise Manager:” on page 5-7.
Registering the SQL/MSDE Database in the SQL Enterprise Manager Registration with the SQL sever allows you to define the authentication link that will be used to connect the database and the server. 1.
Access the SQL Enterprise Manager.
2.
Right-click the SQL Services Group and select New SQL Server Registration.
5-3
Chapter 5 - Configuration
The Register SQL Server Wizard dialog box opens.
5-4
3.
Click Next.
4.
The wizard automatically populates a list of servers available on the network, select the server that has to connect to the Database.
5.
Select the Add button and then click Next.
MGC Web Server Manager Installation and Configuration Guide
6.
Select the Authentication mode used to connect to the SQL Server and then click Next. Select: — Windows Authentication — SQL Server Authentication
7.
If you selected SQL Server Authentication you can login automatically by providing the Login name and Password.
. •
If working with an SQL database with no connection to the PathNavigator database the following login entries are required:
• • •
Login name: GKUser Password: Gatekeeper
When PathNavigator is installed, the GKUser is already defined in the database, and you do not need to add a Login account.
5-5
Chapter 5 - Configuration
You may be prompted for the Login name and Password when the connection to the SQL Server is established 8.
Click Next.
9.
You can add the SQL Server to an existing SQL Server Group or select to create a new one, and click Next.
10. The setup is complete and the wizard lists the name of the server that is connecting to the SQL Server. Complete the wizard installation by clicking Finish.
5-6
MGC Web Server Manager Installation and Configuration Guide
Adding an SQL/MSDE Database Login Account in the SQL Enterprise Manager: Setting up an Login account with the SQL sever allows you to define the authentication link that will be used to connect the database and the enterprise manager. 1.
Select the SQL Server registered in the SQL Enterprise Manager and expand the tree.
2.
Expand the Security list, right-click Logins and select New Login.
The SQL Server Login Properties - New Login dialog box opens 3.
In the Name box enter the Windows Login name of the Server.
5-7
Chapter 5 - Configuration
4.
In the Authentication pane select the mode that is used to connect to the server: Windows Authentication - Select from the Domain list, the domain that is required to access the network and click Grant access. — SQL Server Authentication - Enter the password used to access the SQL server. Choose the Database Access tab and select the database to access during login. —
5.
5-8
6.
Select in the Permit in Database Role the type of user (public) that can access the database and the database owner (db owner).
7.
Click OK. The user is added to the Logins list.
MGC Web Server Manager Installation and Configuration Guide
Restoring the SQL Server The server security properties must then be defined and the User or System account must be selected according to the desired behavior and the account to be used. To configure the SQL Server: 1. On the Start-Programs menu, click Microsoft SQL Server, and then Enterprise Manager.
The SQL Server Enterprise Manager window opens. 2.
Click the plus [+] icon next to the Microsoft SQL Servers to expand the list.
3.
Click the plus [+] icon next to the SQL Server Group to expand the list.
4.
Right-click the Databases folder icon and then click All Tasks – Restore Database on the pop-up menu.
5-9
Chapter 5 - Configuration
The Restore database – General dialog box opens.
5-10
5.
In the Restore as database box, enter a name to identify the database and select the From device option.
6.
Click the Select Devices button. The Choose Restore Devices dialog box opens.
7.
Click the Add button.
MGC Web Server Manager Installation and Configuration Guide
The Choose Restore Destination dialog box opens.
8.
In the File Name box, enter the name and path of the SQL database file (AccordSQLDB) to be restored in the SQL Server Manager. This file is installed with the MGC Web Server Manager application, and is stored in the Accord MGC Web Server Manager\Database directory (the path of the default installation is c:\Program Files\Accord MGC Web ManagerV8.0\Database\AccordSQLDB).
9.
Click the browse button (...) to select this file from the file browser.
One SQL database may be used by both the MGC WebCommander applications and the MGC Manager application provided the same database is selected for both applications. If the MGC Manager is installed first, select the database configured in the MGC Manager ODBC. If the WebCommander Server Manager application is installed first, select the database configured here as the database for the MGC Manager application. In both cases, the database can be installed on a network server other than the one used for the Web Server.
10. Click OK to confirm. The system returns to the Choose Restore Devices dialog box, displaying the path and name of the database file to be restored. 11. Click OK to confirm.
5-11
Chapter 5 - Configuration
The system returns to the Restore database – General dialog box. 12. Click the Options tab to verify that the appropriate path of the SQL Server is selected. If it is incorrect, type the correct path (usually you will have to modify the drive, i.e., from D to C).
13. Click OK to confirm. The system exits the Restore Database dialog box and launches the restore operation. At the end of the restore operation, the restored database appears in the list of databases. In some installations the following error message may be displayed when clicking OK:
5-12
MGC Web Server Manager Installation and Configuration Guide
To overcome this problem perform the following steps: 1. Stop the SQL Server: In the System Tray, right click the SQL Server icon, and then click MSSQLSever – Stop.
2.
Using Windows Explorer, access the SQL directory on your system and copy the Data directory either to the same location (a Copy of Data directory is created), or to a different location.
3.
Using Windows Explorer, access the SQL directory and the BINN directory, and double-click the Rebuildm.exe utility.
5-13
Chapter 5 - Configuration
The Rebuild Master dialog box opens.
4.
Click the Browse button to select the master database to be used to change the sort order. The Browse for Folder dialog box opens.
5.
Select the Copy of Data folder according to its path (as resulting from step 2 of this procedure).
6.
Click OK. The name of the folder appears in the Source Directory containing Data Files box.
7.
Click Settings to select the appropriate sort order. The Character Set/ Sort Order/Unicode Collation dialog box opens.
5-14
MGC Web Server Manager Installation and Configuration Guide
8.
Define the following parameters: — Character Set – 1252/ISO Character Set — Sort Order – Dictionary order, case-insensitive — Unicode Collation – General Unicode
9.
Select the following check boxes: Case-insensitive, Width-insensitive and Kana-insensitive
10. Click Next. The Rebuild Master dialog box opens. 11. Click Rebuild. At the end of the processing, the Rebuild Master dialog box closes. 12. Reconnect the SQL Server: In the System Tray, right click the SQL Server icon, and then click SMMQLSEVER – Start on the pop-up menu.
13. Perform steps 1 to 11 in the SQL Server Configuration procedure. Make sure that the appropriate path is selected in the Restore Database – Options dialog box.
5-15
Chapter 5 - Configuration
Registering the SQL Database in the ODBC Data Sources If you are upgrading from a previous MGC Web Server Manager version without changing the database path, this procedure can be skipped.
IIS Installation
SQL Server Installation
MGC Web Server Installation
The SQL database provided with the MGC Web Server must be registered in the ODBC Data Source to enable its use by both the SQL and MGC WebCommander applications. The Database can be registered either from the MGC Web Server Manager application, or from the Control Panel. To register the SQL Database: 1. Access the ODBC Data Sources dialog box in one of the following methods: a.
SQL Server Configuration
Registering the Database in ODBC
Click Start > Settings> Control Panel>Administrative Tools> The Administrative Tools window opens. Double-click the ODBC Data Sources icon. The ODBC Data Sources dialog box opens. •
b.
In the MGC Web Server Manager application, click the Options menu, and then click Add/Remove connection to ODBC. The ODBC Data Sources dialog box opens.
Defining the Server Security Properties MGC Web Commander Configuration
5-16
MGC Web Server Manager Installation and Configuration Guide
2.
Click the System DSN tab to display the System DSN window.
3.
Click the Add button.
The Create New Data Source dialog box opens.
4.
In the database type list, select SQL Server.
5.
Click Finish. The Create a New Data Source to SQL Server Wizard dialog box opens.
5-17
Chapter 5 - Configuration
6.
In the Name box, enter a name to identify the database file in the MGC Web Server Manager application.
7.
From the SQL Server list, select Local if the SQL Server is installed on the same computer as the MGC Web Server. Otherwise select the appropriate server name from the list. The list shows the names of all the SQL servers currently installed in the network.
One SQL database can be used by both the MGC WebCommander applications and the MGC Manager application provided the same database is selected for both applications. If the MGC Manager is installed first, select the database configured in the MGC Manager ODBC. If the WebCommander Server Manager application is installed first, select the database configured here as the database for the MGC Manager application. In both cases, the database may be installed on a network server other than the one used for the Web Server. In both cases, the database must be installed on a disk defined as Shared or on one of the network disk that can be accessed by all MGC Manager and MGC WebCommander users.
8.
5-18
Click Next. The fields in the Create a New Data Source to SQL Server window change.
MGC Web Server Manager Installation and Configuration Guide
9.
Select the With Windows NT authentication using the network login ID option.
10. Select the Connect to SQL Server to obtain default settings for the additional configuration options check box.
11. Click Next. The fields in the Create a New Data Source to SQL Server window change. 12. Select the Change the default database to check box, and then select the database that was restored in the SQL Server.
5-19
Chapter 5 - Configuration
13. Click Next. The fields in the Create a New Data Source to SQL Server window change. 14. To change the User Interface language used in the database, select the Change the Language of SQL Server System Message to check box and select the desired language from the drop-down list.
15. Click Finish. The ODBC Microsoft SQL Server Setup window opens, displaying the ODBC data source configuration.
5-20
MGC Web Server Manager Installation and Configuration Guide
16. Click Test Data Source to make sure that the appropriate database was selected. The SQL Server ODBC Data Source Test window opens, with the message “TESTS COMPLETED SUCCESSFULLY”.
17. Click OK to confirm. The selected database is added to System DSN list. 18. Click OK to exit the ODBC.
5-21
Chapter 5 - Configuration
Registering the Access Database in the ODBC Data Sources IIS Installation
SQL Server Installation
MGC Web Server Installation
SQL Server Configuration
Registering the Database in ODBC
This procedure is required only when additional databases (on the local disk or from the network) are to be used with the WebCommander. Otherwise, the registration of the Access database provided with MGC Web Server Manager application is automatically performed during installation. If you are upgrading from a previous Web Server Manager version without changing the database path you can skip this procedure. The following table describes the system behavior when an Access database is installed on a remote computer (on a computer other than the server) or a local server (same computer as the server), using System Account or User Account. Local Access
Remote Access
User Account Before Login
√
X
User Account After Login
√
√
√ - Access to the database
X - No access to the database Defining the Server Security Properties MGC Web Commander Configuration
5-22
The Database can be registered either from the MGC Web Server Manager application or from the Control Panel.
MGC Web Server Manager Installation and Configuration Guide
To register the Access Database: 1. On the Start - Settings menu, click Control Panel. The Control Panel window opens.
2.
Double-click the Administrative Tools icon.
The Administrative Tools window opens. 3.
Double-click the ODBC Data Sources icon.
The ODBC Data Sources dialog box opens. Alternatively, in the MGC Web Server Manager application, click the Options menu, and then click Add/Remove connection to ODBC. The ODBC Data Sources dialog box opens.
5-23
Chapter 5 - Configuration
5-24
4.
Click the System DSN tab.
5.
Click the Add button. The Create New Data Source dialog box opens.
6.
In the database type list, select Microsoft Data Access.
7.
Click Finish. The ODBC Microsoft Access Setup dialog box opens.
8.
In the Data Source Name box, enter a name that to identify the database file in the MGC Web Server Manager.
MGC Web Server Manager Installation and Configuration Guide
9.
Click Select.
The Select Database dialog box opens. 10. Select the database file supplied with the MGC Web Server Manager (AccordAccess.mdb) located in the MGC Web Server\DataBase folder.
11. Click OK.
5-25
Chapter 5 - Configuration
One Access database can be used by both the MGC WebCommander application and the MGC Manager application provided the same database is selected for both applications. If the MGC Manager is installed first, select the database configured in the MGC Manager ODBC. If the WebCommander Server Manager application is installed first, select the database configured here as the database for the MGC Manager application. In both cases, the database may be installed on a network server other than the one used for the Web Server. In both cases, the database must be installed on a disk defined as Shared or on one of the network disk that can be accessed by all MGC Manager and MGC WebCommander users.
The system returns to the ODBC Microsoft Access Setup dialog box, displaying the name and path of the selected database file. 12. Click OK. The System DSN dialog box opens. 13. Click OK to confirm and exit the ODBC settings.
5-26
MGC Web Server Manager Installation and Configuration Guide
Defining the MGC Web Server Security Properties The security properties of the MGC Web Server must be defined to allow access to the Server. The security properties are defined differently for the Windows NT Server, Windows 2000 Server and Windows 2003 Server. If you want to use the Windows Authentication Method for logging into the WebCommander, the Web Server Properties definition changes. For more details see the Web Server Manager Installation and Configuration Guide, Configuring the Internet Information Service (IIS) for Windows Authentication.
Windows NT Server To define the security properties in Windows NT Server: 1. On the Start - Programs menu, click Windows NT Option Pack 4.0, Microsoft Personal Web Server, and then Internet Service Manager.
The Internet Information Services window opens. 2.
Click the [+] icon next to Internet Information Server to expand the list.
The Internet Information Services (IIS) must be located within the Domain. The installer must have administrator rights or domain administration rights to install software. It is also important that the password used to access the domain is permanent and does not have an expiration date.
3.
Click the [+] icon next to the Server name to expand the list.
5-27
Chapter 5 - Configuration
4.
Click on the [+] icon next to the Default Web Site to expand the list. The MGC WebCommander application works with two Web sites: ConfSiteV9_0 and ConfPollerSiteV9_0. The ConfSiteV9_0 contains the Web pages that enable the user to schedule reservations and manage the site. — The ConfPollerSiteV9_0 enables the monitoring of On Going conferences. These sites function differently and require different buffering settings. Therefore, each of these sites must be configured separately. —
5.
Right-click the ConfSiteV9_0 icon, and then click Properties.
The ConfSiteV9_0 Properties-Virtual Directory dialog box opens.
5-28
MGC Web Server Manager Installation and Configuration Guide
6.
Click the Virtual Directory tab, and then click Configuration.
The Application Configuration dialog box opens. 7.
Click the App Options tab and ensure that the Enable buffering check box is selected.
5-29
Chapter 5 - Configuration
When configuring the ConfPollersite V9.0 clear this check box. The Enable buffering should not be selected.
8.
Click the Directory Security tab, and then click Edit.
The Authentication Methods dialog box opens. 9.
5-30
Select the Anonymous access check box, and then click Edit.
MGC Web Server Manager Installation and Configuration Guide
The Anonymous User Account dialog box opens. 10. Click the Browse button to select the user name.
The Select User dialog box opens. 11. Select the user name from the list, and then click OK.
The Anonymous User Account dialog box opens.
5-31
Chapter 5 - Configuration
12. Enter the Password, and then click OK.
The Confirm Password dialog box opens. 13. Enter the Password, and then click OK. The system returns to the Authentication Methods dialog box. 14. Click OK. The system returns to the ConfSiteV9_0 Properties dialog box. 15. Click OK. The system returns to the Internet Information Services window.
5-32
MGC Web Server Manager Installation and Configuration Guide
16. Right-click the ConfPollerSiteV9_0 icon, and then click Properties on the pop-up menu.
The ConfPollerSiteV9_0 Properties-Virtual Directory dialog box opens. 17. Repeat steps 6 – 13 of the ConfSite V9_0 configuration procedure to complete the ConfPollerSiteV9_0 configuration.
5-33
Chapter 5 - Configuration
Windows 2000 Server To define the security properties in Windows 2000 Server 1. On the Start - Programs menu, click Settings, and then click Control Panel.
The Control Panel window opens. 2.
Click the Administrative Tools icon.
The Administrative Tools window opens. 3.
Click the Internet Services Manager icon.
The Internet Information Services window opens.
5-34
4.
Click the [+] icon next to Internet Information Server to expand the list.
5.
Click the [+] icon next to the Server name to expand the list.
MGC Web Server Manager Installation and Configuration Guide
6.
Click the [+] icon next to the Default Web Site to expand the list.
The MGC WebCommander application works with two Web sites: ConfSiteV9_0 and ConfPollerSiteV9_0. The ConfSiteV9_0 contains the Web pages that enable the user to schedule reservations and manage the site. The ConfPollerSiteV9_0 enables the monitoring of On Going conferences. These sites function differently and require different buffering settings. Therefore, each of these sites must be configured separately. 7.
Right-click the ConfSiteV9_0 icon, and then click Properties.
5-35
Chapter 5 - Configuration
The ConfSiteV9_0 Properties-Virtual Directory dialog box opens.
8.
Click the Virtual Directory tab, and then click Configuration.
The Application Configuration dialog box opens.
5-36
MGC Web Server Manager Installation and Configuration Guide
9.
Click the App Options tab and ensure that the Enable buffering check box is selected.
When configuring ConfPollersiteV9_0 configuration clear this checkbox. The Enable buffering should not be selected.
10. Click OK.
5-37
Chapter 5 - Configuration
11. Click the Directory Security tab, and then click Edit in the Anonymous access and authentication control pane.
The Authentication Methods dialog box opens. 12. Select the Anonymous access check box, and then click Edit.
The Anonymous User Account dialog box opens.
5-38
MGC Web Server Manager Installation and Configuration Guide
13. Click the Browse button to select the user name.
The Select User dialog box opens. 14. Select the user name from the list, and then click OK.
The Anonymous User Account dialog box opens. 15. Enter the Password, and then click OK.
5-39
Chapter 5 - Configuration
The Confirm Password dialog box opens. The system returns to the Authentication Method dialog box. 16. Click OK. The system returns to the ConfSiteV9_0 Properties dialog box. 17. Click OK. The system returns to the Internet Information Services window. 18. Right-click the ConfPollerSiteV9_0 icon, and then click Properties.
The ConfPollerSiteV9_0 Properties-Virtual Directory dialog box opens. 19. Repeat steps 8 – 15 of the ConfSite V9_0 configuration procedure to complete the ConfPollerSiteV9_0 configuration.
5-40
MGC Web Server Manager Installation and Configuration Guide
Windows 2003 Server To define the security properties in Windows 2003 Server: 1. On the Start - Programs menu, click Settings, and then click Control Panel.
The Control Panel window opens. 2.
Click the Administrative Tools icon.
The Administrative Tools window opens. 3.
Click the Internet Services Manager icon.
The Internet Information Services window opens. 4.
Click the [+] icon next to Internet Information Server to expand the list.
5.
Click the [+] icon next to the Server name to expand the list.
6.
Click the [+] icon next to the Web Sites to expand the list.
5-41
Chapter 5 - Configuration
7.
Click the [+] icon next to the Default Web Site to expand the list.
The MGC WebCommander application works with two Web sites: ConfSiteV9_0 and ConfPollerSiteV9_0. The ConfSiteV9_0 contains the Web pages that enable the user to schedule reservations and manage the site. The ConfPollerSiteV9_0 enables the monitoring of On Going conferences. These sites function differently and require different buffering settings. Therefore, each of these sites must be configured separately.
5-42
MGC Web Server Manager Installation and Configuration Guide
8.
Right-click the ConfSiteV9_0 icon, and then click Properties.
The ConfSiteV9_0 Properties-Virtual Directory dialog box opens. 9.
Click the Virtual Directory tab, and then click Configuration.
5-43
Chapter 5 - Configuration
The Application Configuration dialog box opens. 10. Click the Options tab and ensure that the Enable buffering check box is selected. When configuring ConfPollersite V9.0 configuration clear this check box. The Enable buffering must not be selected.
11. Click OK.
5-44
MGC Web Server Manager Installation and Configuration Guide
12. Click the Directory Security tab, and then click Edit in the Anonymous access and authentication control pane.
The Authentication Methods dialog box opens. 13. Select the Enable Anonymous access check box, and then click Edit.
5-45
Chapter 5 - Configuration
The Select User dialog box opens. 14. Click the Object Types button to select the user name.
The Object Types dialog box opens. 15. Select the user name from the list, and then click OK.
The Select User dialog box opens.
5-46
MGC Web Server Manager Installation and Configuration Guide
16. Enter the Enter the object name to select, and then click OK.
The system returns to the ConfSiteV9_0 Properties dialog box. 17. Click OK. The system returns to the Internet Information Services window. 18. Right-click the ConfPollerSiteV9_0 icon, and then click Properties.
The ConfPollerSiteV9_0 Properties-Virtual Directory dialog box opens.
5-47
Chapter 5 - Configuration
19. Repeat steps 8 – 15 of the ConfSite V9_0 configuration procedure to complete the ConfPollerSiteV9_0 configuration. 20. Select the Web Server Extension and click Activate Server Pages. 21. Click Allow.
The installation is complete.
5-48
MGC Web Server Manager Installation and Configuration Guide
Selecting the User Account for Accessing the MGC Web Server By default, the Web Server is installed during the installation process. When using a local database, there is no need to define the Web Server security properties. All other definitions require setting the properties of the Web Server. To select the user account in Windows NT/2000 Server:
1.
Click Start > Settings> Control Panel>Administrative Tools> Services. The Services window opens.
2.
Right-click OperSrvV9_0, and then click Properties. The OperSrvV9_0 Properties (Local Computer) dialog box opens.
3.
Click the Log On tab.
4.
Select This account to select the user with access to the MGC WebCommander Server.
5-49
Chapter 5 - Configuration
5.
Click the Browse button to select the user name.
The Select User dialog box opens. 6.
Select the user name from the list, and then click OK.
The system returns to the OperSrvV9_0 Properties (Local Computer) dialog box.
5-50
7.
Enter the user password in the Password field.
8.
Enter the user password again in the Confirm Password field.
MGC Web Server Manager Installation and Configuration Guide
9.
Click OK. A confirmation box opens.
10. Click OK to confirm and complete this procedure. To select the user account in Windows 2003 Server: The Web Server application is installed during the WebCommander installation process. When using a local database, there is no need to define the Web Server security properties. All other database definitions require configuring the properties of the Web Server. To select the user account in Windows NT/2000/2003 Server: 1. Click Start > Settings> Control Panel>Administrative Tools> Services. The Services window opens.
2.
Right-click OperSrvV9_0, and then click Properties. The OperSrvV9_0 Properties (Local Computer) dialog box opens.
3.
Click the Log On tab.
4.
Select This account to select the user with access to the MGC WebCommander Server.
5-51
Chapter 5 - Configuration
5.
Click the Browse button to select the user name.
The Select User dialog box opens. 6.
Select the user name from the list, and then click OK. The system returns to the OperSrvV9_0 Properties (Local Computer) dialog box.
7.
In the Password field, enter the user password.
8.
In the Confirm Password field, enter the user password.
9.
Click OK. A confirmation box opens.
10. Click OK to confirm and complete this procedure. Starting up the Server
When the application is installed, the server is started automatically. A manual start of the server is only required when the password is changed or for troubleshooting.
5-52
MGC Web Server Manager Installation and Configuration Guide
To start up the Server in Windows NT/2000/2003 Server: 1. Click Start > Settings> Control Panel>Administrative Tools> Services. The Services window opens. 2.
Right-click OperSrvV9_0, and then click Start.
The Service Control box opens, indicating that Windows is attempting to start the OperSrvV9_0 service.
5-53
Chapter 5 - Configuration
In the Services dialog box, the status of the service changes to “Started”.
5-54
MGC Web Server Manager Installation and Configuration Guide
Selecting the User Account for Accessing the WAM Server By default, the WAM Server is installed during the installation process. When using a local database, there is no need to define the WAM Server security properties. All other definitions require setting the properties of the WAM Server. To select the user account in Windows NT/2000/2003 Server:
1.
Click Start > Settings> Control Panel>Administrative Tools> Services. The Services window opens.
In Windows 2003 Server click Component Services.
2.
Right-click WAM, and then click Properties.
The WAM Properties (Local Computer) dialog box opens. 3.
Click the Log On tab.
5-55
Chapter 5 - Configuration
4.
Select This account to select the user with access to the MGC WebCommander Server.
5.
Select this account to open and then click the Browse button to select the user name.
The Select User dialog box opens. 6.
Select the user name from the list, and then click OK. The system returns to the WAM (Local Computer) dialog box.
7.
Enter the user password in the Password field.
8.
Enter the user password again in the Confirm Password field.
9.
Click OK. A confirmation box opens.
10. Click OK to confirm and complete this procedure.
5-56
MGC Web Server Manager Installation and Configuration Guide
Starting up the WAM Server
When the application is installed, the server is started automatically. Manual start of the server is only required when the password is changed or when troubleshooting. To start up the WAM Server in Windows NT/2000/2003 Server: 1. Click Start > Settings> Control Panel>Administrative Tools> Services. The Services window opens. In Windows 2003 Server click Component Services.
2.
Right-click WAM, and then click Start on the pop-up menu.
5-57
Chapter 5 - Configuration
The Service Control box opens, indicating that Windows is attempting to start the WAM service.
In the Services dialog box, the status of the service changes to “Started”.
5-58
MGC Web Server Manager Installation and Configuration Guide
Optimizing E-mail Delivery on the Server To Optimize e-mail Delivery on your Server: 1. Access the Internet Services Manager.
The Internet Information Services window opens. 2.
Click the [+] icon next to Internet Information Server to expand the list.
The Internet Information Services (IIS) must be located within the Domain. The installer must have administrator rights or domain administration rights to install software. It is also important that the password used to access the domain is permanent and does not have an expiration date.
3.
Click the [+] icon next to the Server name to expand the list.
4.
Click Default SMTP Virtual Server.
5-59
Chapter 5 - Configuration
5.
5-60
Right-click Default SMTP Virtual Server and select Properties.
MGC Web Server Manager Installation and Configuration Guide
6.
The Default SMTP Virtual Server Properties window opens, then click Delivery. The Default SMTP Virtual Server Properties - Delivery opens.
7.
Click Advanced. The Advanced Delivery window opens.
5-61
Chapter 5 - Configuration
8.
The Fully-qualified domain name field is registered by the system, and appears automatically.
9.
In the Smart host field enter your organization’s mail server name or IP address of the server.
10. Click OK.
5-62
MGC Web Server Manager Installation and Configuration Guide
Integrating Polycom PathNavigator •
You must use an SQL database or SQL-compatible database (such as MSDE - see below) for the Polycom PathNavigator
•
For large databases, use an SQL database for the Polycom PathNavigator. For smaller databases, you can use an MSDE database that can be installed from your Microsoft Office 2000 or Microsoft Access 2000 CD-ROM. MSDE databases are SQL-compatible. For more information, see: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ off2000/html/acconAboutMSDE.asp
•
It is recommended that PathNavigator and WebCommander use the same SQL DB
•
SQL should be installed on the WebCommander server and not on the PathNavigator server
•
PathNavigator must be installed first and WebCommander is installed second
•
Installations using an existing separate SQL server is supported but must be part of a domain when accessing the same database from an MGC Manager workstations PathNavigator
WebCommander \ SQL Server
SQL
5-63
Chapter 5 - Configuration
•
You can transfer Access data into an SQL database by building the structure of an empty SQL database and using the import utility in the SQL server.
•
Verify that the IIS is already installed on the server and correctly configured on the network before installing the WebCommander application
Connecting to the PathNavigator Database The process of integrating the PathNavigator is the same process as adding a new database to be accessed by the Web Server Manager. During the WebCommander installation setup, you have the option to Specify or Automatically add the PathNavigator database by clicking Yes.
For more information see Chapter 4, “Installing the MGC Web Server and MGC Web Server Manager Application” on page 4-7.
If the MGC Web Server Manager is installed on the same server as the PathNavigator, do not use the database entry in the DNS (ODBC Data Source) that was automatically created when the PathNavigator was originally installed. Add a new DNS entry for the PathNavigator to be accessed by the MGC Web Server.
5-64
MGC Web Server Manager Installation and Configuration Guide
To add Polycom PathNavigator SQL database to the list of connections in the Web Server Manager: 1. On the Options menu, select Add/Remove Connection to ODBC.
The ODBC Data Source Administrator window opens. 2.
Click the System DSN tab.
3.
Click Add.
The Create New Data Source window opens.
5-65
Chapter 5 - Configuration
4.
Select SQL Server.
5.
Click Finish. The Create a New Data Source to SQL Server Wizard dialog box opens.
5-66
6.
In the Name box, enter a name to identify the database file in the MGC Web Server Manager application.
7.
From the SQL Server list, select Local if the SQL Server is installed on the same computer as the MGC Web Server. Otherwise select the
MGC Web Server Manager Installation and Configuration Guide
appropriate server name from the list. The list shows the names of all the SQL servers currently installed in the network.
One SQL database can be used by both the MGC WebCommander applications and the MGC Manager application, provided the same database is selected in both applications. If the MGC Manager is installed first, select the database configured in the MGC Manager ODBC. If the WebCommander Server Manager application is installed first, select the database configured here as the database for the MGC Manager application. In both cases, the database may be installed on a network server other than the one used for the Web Server. In both cases, the database must be installed on a disk defined as Shared or on one of the network disk that can be accessed by all MGC Manager and MGC WebCommander users.
8.
Click Next. Additional options are displayed.
9.
Select With Windows NT authentication using the network login ID or With Windows SQL authentication using a login ID and password entered by the user.
5-67
Chapter 5 - Configuration
10. Select the Connect to SQL Server to obtain default settings for the additional configuration options check box.
11. Click Next. 12. Select the Change the default database to check box, and then select the database that was restored in the SQL Server.
13. Click Next. Options enabling you to select the user interface language used in the database are displayed.
5-68
MGC Web Server Manager Installation and Configuration Guide
14. To change the User Interface language used in the database, click the Change the Language of SQL Server System Message to check box and select the desired language from the drop-down list. 15. Click Finish. The ODBC Microsoft SQL Server Setup window opens, containing the ODBC data source configuration.
16. Click Test Data Source to make sure that the appropriate database was selected.
5-69
Chapter 5 - Configuration
The SQL Server ODBC Data Source Test window opens, with the message “TESTS COMPLETED SUCCESSFULLY”.
17. Click OK to confirm. The selected database is added to System DSN list. 18. Click OK to exit the ODBC. 19. At this point you need to update the PathNavigator database. Follow the steps described in “Updating the Database” on page 5-73.
5-70
MGC Web Server Manager Installation and Configuration Guide
Adding an SQL/MSDE Database Login Account in the SQL Server Enterprise Manager: This is login account is only required when the PathNavigator database is not installed.
Setting up an Login account with the SQL sever allows you to define the authentication link that will be used to connect the database and the enterprise manager. With SQL Authentication however, configuration of the Login account is required when no PathNavigator is present on the network. 1.
Select the SQL Server registered in the SQL Enterprise Manager and expand the tree.
2.
Expand the Security list, right-click Logins and select New Login.
The SQL Server Login Properties - New Login dialog box opens
5-71
Chapter 5 - Configuration
5-72
3.
In the Name box enter the Windows Login name of the Server.
4.
In the Authentication pane select SQL Server Authentication.
5.
Enter the Password used to access the SQL server.
6.
Choose the Database Access tab and select the database to access during login.
MGC Web Server Manager Installation and Configuration Guide
7.
Select in the Permit in Database Role the type of user (public) that can access the database and the database owner (db owner).
8.
Click OK. The user is added to the Logins list.
Updating the Database When upgrading from a previous version of the MGC Web Server Manager, the old database is saved during the installation procedure. It is recommended that you back-up the database before updating the database.
At the end of the installation procedure, you must access the MGC Web Server Manager application to automatically update the database. •
The procedure for updating the database is the same for Windows NT, Windows 2000 and Windows 2003.
•
Windows 95/98 does not support Unicode; therefore, when upgrading from a previous version, the language tables will not be upgraded. In such a case, perform the upgrade from a computer where Windows NT/2000 is installed.
To update the database: 1. On the Start – Programs menu, click MGC Web Manager Ver9.0, and then click MGC Web Server Manager.
The Database Login dialog box opens.
5-73
Chapter 5 - Configuration
2.
Enter your Login Name and Password as defined in the database and click Login.
The default Login Name is admin1. The default Password is 123. The system automatically starts the update process.
3.
If there are discrepancies in the number of fields between the old and the new databases, the system prompts whether to update the existing database to the new format.
4.
Click Yes to automatically update the database (recommended), or No to leave the database unchanged. If you select No, new entries added to the database via the MGC Web Server Manager will not be saved. If you select Yes, the UpdateDB dialog box opens, indicating which databases require updating.
Updating all the databases you intend to use is recommended. To cancel the update of a database, clear the check mark next to the database.
5-74
MGC Web Server Manager Installation and Configuration Guide
5.
Click Apply to update the selected databases. The updating process may take time, depending on the size of the database. At the end of the process, an Update Database Results dialog box may open, listing the fields that were updated.
On computers that support Unicode, this dialog box does not appear.
6.
Click OK to return to the UpdateDB dialog box. Click Cancel to close the dialog box and exit the update process.
•
When upgrading from a previous version which did not support Groups, the Update Database process - automatically performed by the Server Manager - creates a group for each listed user, and retains the access rights defined for a user as the access rights to that group.
•
Participant templates and Conference templates are automatically assigned to the Root directory; therefore, only users who have access rights to the root directory (usually administrators) are able to view these conferences. The templates can be moved to the appropriate group in the Groups tree in the MGC Manager – Database Manager segment, using Copy and Paste (drag & drop is not available).
•
When you open the MGC Web Server Manager for the first time after an upgrade, and you have not yet updated the database, you can do it later using the dB’s to Update from the Options menu.
5-75
Chapter 5 - Configuration
Configuring the Polycom Datastore Database Polycom Datastore (PDS) database is a central database where all Polycom applications and endpoints interact and share stored information. When the Polycom Datastore database is configured in the Web Server Manager, a group called Polycom Datastore is automatically defined in the WebCommander database. When defined, information can be exchanged to synchronize the WebCommander dB and Polycom Datastore databases using the PDS API application (XML and Html). To configure the Polycom Datastore database in the Web Server Manager: 1. Register the Polycom Datastore database in the ODBC source. If the Polycom Datastore database is in SQL, follow the instructions in “Registering the SQL Database in the ODBC Data Sources” on page 516. If the Polycom Datastore database is in Access, follow the instructions in “Registering the Access Database in the ODBC Data Sources” on page 5-22. 2.
5-76
In the Options menu, click Polycom Datastore DB. The Polycom Datastore Setting dialog box opens.
MGC Web Server Manager Installation and Configuration Guide
3.
Select the check box(es) next to the database(s) to synchronize with the Polycom Datastore database.
4.
Fill in the parameters as described in the following table:.
5.
Parameter
Description
Server IP
The IP address of the server. Alternatively, you can enter the server URL.
Server Port
The port of the server. By default this is 8080.
Username
Not applicable
Password
Not applicable
Click OK. The name of the database(s) synchronized with Polycom Datastore appear, listing the server IP and version number.
A new participant group, Polycom Datastore, appears in the New Meeting window in the WebCommander Web site.
5-77
Chapter 5 - Configuration
The names of the endpoints synchronized with the Polycom Data Store database are listed.
5-78
MGC Web Server Manager Installation and Configuration Guide
Configuring the Internet Information Service (IIS) for Windows Authentication Windows Authentication mechanism allows users registered with the network servers to access the MGC WebCommander Web site using their Windows login name and password. Windows users are authenticated by Windows NT through the Internet Service Manager. To enable the Windows Authentication working mode, the MGC Web Site (ConfSiteV9_0) must be configured accordingly in the IIS application. Windows Authentication is not supported by Netscape browser.
Configuring the MGC Web Site to work in Windows Authentication Mode in Windows NT/2000
To configure the MGC Web Site ConfSiteV9_0: 1. In the Start - Settings menu, click Control Panel. 2.
In the Control Panel list, double-click the Administrative Tools icon.
3.
In the Administrative Tools list, double-click the Internet Services Manager icon.
The Internet Information Services window opens. 4.
Expand the server categories tree.
5-79
Chapter 5 - Configuration
5.
Expand the Default Web Site tree.
In Windows 2003, expand the Web Sites tree and then select the Default Web Site.
6.
5-80
Right-click ConfSiteV9_0, and then click Properties.
MGC Web Server Manager Installation and Configuration Guide
7.
ConfSiteV9_0 Properties window opens. The Authentication Methods window opens.
8.
Click the Directory Security tab.
9.
In the ConfSiteV9_0 Properties - Directory Security window, click the Edit button in the Anonymous access and authentication access pane.
10. Clear the Anonymous access check box. 11. Select the Integrated Windows authentication check box. 12. Click OK.
5-81
Chapter 5 - Configuration
Configuring the MGC Web Site to work in Windows Authentication Mode in Windows 2003
To configure the MGC Web Site ConfSiteV9_0: 1. In the Start - Settings menu, click Control Panel.
5-82
2.
In the Control Panel list, double-click the Administrative Tools icon.
3.
In the Administrative Tools list, double-click the Internet Services Manager icon. The Internet Information Services window opens.
4.
Expand the server categories tree.
5.
Expand the Web Sites tree.
6.
Expand the Default Web Site tree.
7.
Right-click ConfSiteV9_0, and then click Properties.
8.
ConfSiteV9_0 Properties window opens. The Authentication Methods window opens.
9.
Click the Directory Security tab.
MGC Web Server Manager Installation and Configuration Guide
10. In the ConfSiteV9_0 Properties - Directory Security window, click the Edit button in the Anonymous access and authentication access pane.
11. Clear the Enable Anonymous access check box. 12. Select the Integrated Windows authentication check box. 13. Click OK. Defining MGC WebCommander Users in the MGC Server Manager
When the IIS is configured to Windows Authentication mode, Windows users can be automatically added to the WebCommander users list when the MGC Web Server is configured to the Automatic mode. For more details on the automatic mode configuration, see “Configuring the MGC Web Server Manager” on page 5-88. The Windows users are automatically added to the MGC Web Server Manager Users list based on their Windows user Name and Password. All other User properties remain blank and have to be manually defined by the system administrator when required. For more details on Users definition, see the MGC Web Server Manager User’s Guide, Chapter 4.
5-83
Chapter 5 - Configuration
Configuring the WebCommander as an External Database application for User Authentication You can configure the WebCommander application to be used as the external database application for users authentication when they login to the MGC. When a user connects to the MCU (via the MGC Manager or another application), the user is validated with the MGC Operators list. If the user is not defined in the MGC, an authentication request is sent from the MGC to the WebCommander server, where the user is validated with the Users list. When the users are defined in the WebCommander Users list, one of the three permissions that correspond to the MGC Manager permissions should be assigned to them: Administrator, Operator and Attendant. For more details about the MGC Manager Permissions, see the MGC Administrator’s Guide, Chapter 6. These permissions must be defined in the Permissions table of the WebCommander. When the Users log into the MGC Manager, their WebCommander Permission is translated to the appropriate permission in the MGC Manager. Users with a permission other than these three permissions, when logging into the MGC Manager are granted Attendant permissions. System.cfg Flags Configuration
To use the WebCommander as the external database application for MGC Operator authentication, the following flags must be set in the MGC system.cfg file: •
ENABLE_EXTERNAL_DB_ACCESS = YES
•
EXTERNAL_DB_PORT = 5005
•
EXTERNAL_DB_LOGIN = POLYCOM (MCU logon passwords)
•
EXTERNAL_DB_PASSWORD = POLYCOM
•
EXTERNAL_DB_IP = xxx.xx.xxx.xxx (WebCommander server's IP address)
•
AUTHENTICATE_USER = YES
For more information on system.cfg flags and their settings, see the MGC Administrator’s Guide Chapter 5, MCU Utilities. WebCommander Server configuration: 1. In the Server Manager Browser area expand the Database list.
5-84
MGC Web Server Manager Installation and Configuration Guide
2.
Right-click Database icon and click Personal Scheduler Configuration. The MGC Personal Scheduler Configuration dialog box opens.
3.
Specify the following settings: — Database (the external database) — User - administrator (required) — Template group: Default (required) — IP Address: localhost (required) — Port: 5005 (required)
For more information, see the Personal Scheduler Quick Start Guide Chapter 2, MGC Personal Scheduler Parameter Configuration.
5-85
Chapter 5 - Configuration
4.
In the Database - MCUs list, verify that the correct user login and password are used.
For more information, see the MGC Web Server Manager User’s Guide Chapter 5, Defining an MCU. 5.
In the Permissions list, make sure that the required MGC Permissions (Administrator, Operator and Attendant) are defined, and if not add the required Permissions.
For more information, see the MGC Web Server Manager User’s Guide Chapter 5, Defining Permissions.
5-86
MGC Web Server Manager Installation and Configuration Guide
6.
Define the Users properties: set the Name, Password, and Permission. These parameters are used to authenticate the user login on the MGC.
For more information, see the MGC Web Server Manager User’s Guide Chapter 5, Defining a New User.
5-87
Chapter 5 - Configuration
Configuring the MGC Web Server Manager IIS Installation
SQL Server Installation
Selecting the databases that are accessible from the Web is a mandatory step. Other parameters such as the language database and the date format should also be configured. These parameters enable users to define and modify conference and participant templates, schedule reservations or monitor On Going conferences using the Web browser. To select the MGC Web Server’s Authentication Mode: 1. Access the MGC Web Server Manager.
MGC Web Server Installation
SQL Server Configuration
Registering the Database in ODBC Defining the Server Security Properties MGC Web Commander Configuration
5-88
2.
On the Options menu, click Web Configuration.
MGC Web Server Manager Installation and Configuration Guide
The Configuration dialog box opens.
The sample window lists an SQL database with two types of login modes defined: • NTAUTHDB - Uses Windows NT Login
•
SQLAUTHDB - Uses SQL Authentication Login In this example the SQL Database with SQL Authentication (SQLAUTHDB) is selected.
5-89
Chapter 5 - Configuration
3.
Define the following parameters: Table 5-1: Web Configuration Parameters Option
Description
Highest MCU Version
The WebCommander behavior is determined according to the MCU version. Three MCU version levels can be selected, 3, 4, or 4.5 and above. • If the highest level selected is 3 or 4, the Audio Look and Feel check box option is disabled in the Configuration dialog box, and the option to select Audio Only conferences is disabled in the WebCommander site.
•
5-90
If the highest level selected is 4.5 and above, the Audio Look and Feel check box is enabled. If the Audio Look and Feel check box is cleared, both Video and Audio Only conferences are enabled in the WebCommander site. When the Audio Look and Feel check box is selected, the option for Video conferences is disabled in the WebCommander site.
Audio Look&Feel
Select this check box to enable all template defaults to automatically be set to Audio Only configuration for conferences implementing the VoicePlus features. The WebCommander user interface changes to show only audio options. All video options are hidden and cannot be accessed.
Secure Mode
Select this check box to switch from a non-secured configuration to a secured configuration. Once you select this check box, the system displays a message listing the operations that will be performed when the WebCommander application is switched to Secure Mode. Click OK to confirm. If you select Cancel, the system will clear the Secure Mode selection. For more details about Secure Mode settings see Appendix A.
MGC Web Server Manager Installation and Configuration Guide
Table 5-1: Web Configuration Parameters (Continued) Option
Description
Encryption Key Path
This field is enabled if Secure Mode is confirmed. Click the Browse button and select the folder to save the encryption key used to encrypt the MCU passwords in the database.
Allocate Permanent Dial in Numbers
This option is applicable only to “Meet Me Per Conference” conferences that are set and run via the Web. When enabled, the MGC Web Server allocates a dial-in number to a “Meet Me Per Conference” conference when it is saved to the database. This number will remain assigned to the conference indefinitely regardless of the system resources status. When disabled, the dial-in number for the conference is allocated by the MCU only when the conference is started. Note: The dial-in number can be deleted from the conference. In such a case, the MCU will allocate the dial-in number to the conference when the reservation is transferred to the MCU.
Conference End Time Alert (Minutes)
Enter the number of minutes before the end of the conference in which the End of Conference Reminder icon should appear. For example, if you enter 5, the End of Conference Reminder icon will be displayed five minutes prior to the end of the conference. Entering 0 disables the display of the warning icon.
5-91
Chapter 5 - Configuration
Table 5-1: Web Configuration Parameters (Continued) Option
Description
Automatic Naming of Conferences
The format of the conference name can be based on the user name or based on the user’s E-mail address, and also includes the template name and a randomly generated number. When the format of the conference name is based on the users name, the format is: TemplateName_UserName_Random Number For example: Sales_Admin1_886 When the format of the conference name is based on the user’s E-mail address, the format is: TemplateName_UserEmail_Random Number For example: [email protected]_887
On Going Participants Names Display
In the On Going Participants Names Display pane, select an option: • Custom Length - stipulate the maximum number of letters in a name
• Language database for the Web site – Database
5-92
Full Name
In the Database list, select the database from which the text appearing in the user interface of the Web pages is taken. The list includes all the databases registered in the ODBC. If the SQL database is selected, the language is defined during the restore operation of the SQL database.
MGC Web Server Manager Installation and Configuration Guide
Table 5-1: Web Configuration Parameters (Continued) Option
Description
Language database for the Web site – Party Headers Order
Click this button to modify the party headers order presented in the MGC WebCommander Application. Party headers are the column in the table displaying the participant’s details in the Participants pane in the Participant template window, and in the Conference template window of the WebCommander site. Note: The configuration of the Party Headers order is done in the language area of the database. Every time WebCommander is installed, the default database is completely erased, including all language configurations. Therefore it is strongly recommended to select a database other than the Default database to store the configuration of the Party Headers order, so that you do not need to reconfigure the party headers each time a new version is installed. For details, see page 5-96.
Databases accessible from the Web site
The Accessible Database from Web box lists all of the databases registered in the ODBC utility. Databases of different types may be selected i.e., Microsoft Access and SQL. By default, all the databases are selected. To cancel the selection of a specific database, clear the check box next to the database. Click the UnSelect All button to cancel the selection of all the listed databases (all check boxes are cleared). The UnSelect All button toggles with the Select All, enabling you to select all of the databases to be accessed from the web.
5-93
Chapter 5 - Configuration
Table 5-1: Web Configuration Parameters (Continued)
5-94
Option
Description
Automatically add authenticated Windows users to WebCommanders Users list
Select this check box to allow users registered in the Windows domain to be automatically added to the MGC WebCommander Web Server – Users list with their Windows login name and password. All other user parameters such as E-mail address, Permission, and WebOffice URL have to be manually added to the user definition in the MGC Web Server Manager – Users table. For more details, see the MGC Web Server Manager User’s Guide, Chapter 4. The Windows Authentication mechanism allows users registered with the network servers to access the MGC WebCommander Web site using their Windows login name and password. In order to enable the Windows Authentication working mode, the MGC Web Site (ConfSiteV9_0) must be configured accordingly in the IIS application. For more details, see “Integrating Polycom PathNavigator” on page 5-63. Note: When Secure Mode is enabled, the Automatically add authenticated Windows users to WebCommander Users list option is automatically selected and cannot be cleared.
MGC Web Server Manager Installation and Configuration Guide
Table 5-1: Web Configuration Parameters (Continued) Option
Description
Create private groups for automatically added users
By selecting this checkbox, the Web Server Manager application can be configured to automatically add a new group for users who have been automatically added to the WebCommander Users table of the database. The new Group can be used by the user as a private address book to which personal contacts can be added. Users can be automatically added to the WebCommander Users table when: • The user accesses the WebCommander application pages from the Web Portal. If the user has the right to access the WebCommander application pages, the user is automatically added to the WebCommander Users table and his or her properties are imported from a table also shared by the Web Portal.
•
The user accesses the WebCommander database for the first time, using Windows login name and password. At the end of the authentication process, a new user is created in the User table of the WebCommander database, copying the parameters from the User table of the SQL Server. The name of new private group that is created is taken from the user name. The Read/Write permissions to the new Group are identical to those defined for the Default User.
4.
In the Databases accessible from the web site pane, select the Database required.
5.
Click OK.
5-95
Chapter 5 - Configuration
Configuring the Party Headers Order Party headers are the column in the table displaying the participant’s details in the Participants pane in the Participant template window, and in the Conference template window of the WebCommander site. You can select the columns displayed in the participants table that is displayed and the order in which they appear in the On Going Conferences window. The configuration is done per permission and you can have different settings for different permissions. To configure the On Going Party Headers Order columns display: 1. In the database Permissions Properties -Settings1 dialog box, click the Custom Headers Order check box.
The columns header is defined in a table which is part of the WebCommander database. Each time WebCommander is installed, the Accord database (not SQL) is overwritten, including all the tables. Therefore it is strongly recommended to rename or backup the database, so that you do not need to reconfigure the On Going party headers each time a new version is installed.
5-96
MGC Web Server Manager Installation and Configuration Guide
2.
Click the Select Headers Order button. The On Going Party Headers Order window opens.
Lists the columns that will not be displayed in the Participants pane.
Lists the columns that will be displayed in the Participants pane, and their order.
The On Going Party Headers list displays the columns not displayed in the Participant Details pane. The Selected On Going Party Headers list displays the columns that would appear in the ongoing conference pane. The order in which the columns are listed is the order in which they appear in the ongoing conference pane. 3.
To display a column, in the On Going Party Headers list, select the column name to be displayed and then click the double right arrow button [>>]. The column is added to the end of the Selected On Going Party Headers list. To hide a column, in the Selected On Going Party Headers list, select the column name to hide, and then click the double left arrow button [Control Panel ->Administrative Tools ->Internet Information Services (IIS) Manager. The Internet Information Services window opens. 2.
Expand the Server name list.
3.
Right-click the Default Web Site icon and then click Properties. The Default Web Site Properties dialog box opens.
4.
Click the Directory Security tab, and then click View Certificate.
5.
Verify that the system indicates that the certificate is valid.
6.
Click OK and close the dialog box.
A-3
Appendix A: Secure Mode Environment Settings
Database Security Settings If an SQL database is used with the WebCommander, in addition to the installation of the SSL/TLS certificate, it must also be set to Secure Mode by selecting the Force Protocol Encryption option. Enabling the Secure Mode: When using an Access database or an external database the connection between WebCommander and the database is not secure.
1.
On the Start - Programs menu, click Microsoft SQL Server, and then click Server Network Utility. The SQL Server Network Utility dialog box opens.
2.
Click the Force protocol encryption check box.
The connections to the SQL Server will be secured using SSL. 3.
A-4
Click OK.
MCU SSL (Secure Socket Layer)/TLS Configuration SSL (Secure Socket Layer) enables secure HTTP connection on MCU’s with XPEK Operating Systems. SSL Certificate is required to enable SSL-level security for the MCU’s connection to external applications. SSL uses a third party, that is the Certificate Authority, to identify HTTP transactions and secure them using the HTTPS protocol. The SSL certificate must be obtained on first connection to the MCU. To obtain the SSL certificate: 1. Connect to the MCU. 2.
Right-click the unit’s icon or name, and then click Create SSL Certificate Request.
The dialog box opens where you can enter data for the request and apply. 3.
Fill in the following information: Enter complete information, as all fields are mandatory for the request.
4.
Click Apply. The new certificate request appears in the details box.
A-5
Appendix A: Secure Mode Environment Settings
Table A-1: SSL Certificate Request - Required Information
A-6
Field
Description
Country
Enter any 2 letter code for the country name.
State or Province
Enter the full name of the state or province.
Locality
Enter the full name of the town/city/location.
Organization
Enter the full name of your organization for which the certificate will be issued.
Organizational Unit
Enter the full name of the unit (group or division) for which the certificate will be issued.
Common Name (DNS/IP)
Enter the DNS or the IP address of the MCU.
5.
Click Copy, then click Close. Alternatively, for a previously defined MCU for which SSL has been obtained before, click Get to get the latest certificate request from the MCU.
6.
In the browser, access your preferred certificate authority (for example, http://www.thawte.com and select from the quick login box: Certificate Status), paste the certificate request from MCU and submit.
The authority issues the SSL certificate, and sends the certificate to you by E-mail. 7.
When the E-mail with the certificate arrives from the authority, select the text and click Copy.
8.
Back in the MGC Manager application, right-click the MCU’s icon and click Send SSL Certificate.
The Send SSL Certificate dialog box opens. 9.
Paste the certificate’s text in the Send SSL certificate window.
10. Click Send. The MCU validates the certificate.
A-7
Appendix A: Secure Mode Environment Settings
—
If the certificate is not valid, the following message appears:
—
If the certificate matches the private key, and the task is completed, a message informs you that the certificate was created successfully.
11. Reset the MCU. The system has access to the SSL-secured port 443. To enable a Mandatory and Secure connection for the MCU: 1. Before connecting the MCU, right-click the MCU icon and click MCU Utils, then click Edit “system.cfg”. The SysConfig dialog box opens. 2.
In the GENERAL section, set the following flags to:
3.
SECURED_PORT_MANDATORY_FOR_API=YES — SECURED_PORT_MANDATORY_FOR_FILE=YES — PREFERRED_SECURED_PORT=443 Click OK and then reset the MCU.
4.
Right-click the MCU icon and then click Properties.
—
Do not connect to the MCU. When you right-click the MCU, the MCU should be disconnected and the icon appear grey.
The Properties dialog box opens. 5.
A-8
Click Advanced.
6.
Select the Secured check box to enable mandatory security.
7.
Ensure that the Automatic Discovery option is deactivated (clear the check box).
8.
The Port Number box is enabled, enter port 443 as the Port Number.
9.
Click OK.
10. Connect to the MCU. When reconnected, the MCU uses the secured port. After reconnecting, it is recommended to change the login password.
A-9
Appendix A: Secure Mode Environment Settings
—
A-10
The HTTPS protocol is indicated in the Connections list Protocol column under the MCU Configuration icon. Port 443 and the Secured (the lock) icon are indicated in the MGC Manager window’s status bar.
Secure Mode Implementation The Secure Mode can be implemented in the WebCommander in the following ways: •
•
New installation The following operations are performed: — Selecting Secure Mode during the Installation of the WebCommander application. For more details, see “Installation Setup” on page A-12. — Verifying that the appropriate security settings were performed. For details, see “Verifying the Secure Mode Settings” on page A-15. — DCOM Config. For details, see “DCOM Configuration” on page A-19. — Set the working database as Global default so NT Authenticated users can be added to it Users table. — It is recommended to set the default user Permissions to lower permissions and enable the permission add MCUs to the database or update the MCU passwords. All users that are automatically added to the WebCommander Users list will inherit this permission. For details, see “Permissions Setting” on page A-27. Upgrading an existing installation Install the new version in non-secure mode and then switch the installation to Secure Mode as described in "Switching a non-secured installation to Secure Mode"
•
Switching a non-secured installation to Secure Mode The following operations are performed: — In the Server Manager application, change the security settings in the Web Configuration dialog box. For details, see “Modifying the Security Settings in the Web Server Manager” on page A-13. — Verifying that the appropriate security settings were performed. For details, see “Verifying the Secure Mode Settings” on page A-15. — DCOM Config. For details, see “DCOM Configuration” on page A-19. — If instructed by the system, manually update the MCU passwords to encrypt them. For details, see “Manually Updating the MCU Password” on page A-26.
A-11
Appendix A: Secure Mode Environment Settings
Set the working database as Global default so NT Authenticated users can be added to it Users table. — It is recommended to set the default user Permissions to lower permissions and enable the permission add MCUs to the database or update the MCU passwords. All users that are automatically added to the WebCommander Users list will inherit this permission. For details, see “Permissions Setting” on page A-27. —
Installation Setup When the Secure Mode option is selected during system installation, all the requires security configuration are automatically performed by the system. This procedure should be performed only with new WebCommander installation. During the installation process, in the installation wizard: •
In the Security Configuration window, select Secure Mode and then click Next.
If you are upgrading from a non-secured installation, leave this check box cleared to install the new version in non-Secure Mode. Once the installation is complete, change the WebCommander security settings using the Server Manager application.
The Information dialog box opens indicating that the database must be configured to Secure Mode (if you have not done so prior to the WebCommander installation). •
A-12
Click OK to continue and complete the installation.
Modifying the Security Settings in the Web Server Manager Perform this procedure to switch from non-Secure Mode to Secure Mode. To enable the Secure Mode: 1. Access the MGC Web Server Manager. 2.
On the Options menu, click Web Configuration.
The Configuration dialog box opens. 3.
Click the Secure Mode check box.
A-13
Appendix A: Secure Mode Environment Settings
Once you select this check box, the system displays a message listing the operations that will be performed when the WebCommander application is switched to Secure Mode. 4.
Click OK to confirm. If you select Cancel, the system will clear the Secure Mode selection. If OK is selected, the Encryption Key Path field is enabled and the Automatically add authenticated Windows users to WebCommander Users list option is automatically selected and cannot be cleared.
5.
In the Encryption Key Path field, click the Browse button and select the folder to save the encryption key used to encrypt the MCU passwords in the database.
6.
Click OK. At this point, the system performs the following operations: Updates all the WebCommander sites (ConfSite, ConfpollerSite, WebCommander and Linked WebCommander) to work with SSL and integrated Windows authentication, while cancelling the anonymous access option. — Encrypts the MCU passwords in the database. If this operation fails, the MCU passwords must be manually re-entered to encrypt them. — Stops and then starts the WebCommander services: Operserv, WAM and KeepAlive. — Disconnects all the MCUs. Once the system is restarted the MCU must be reconnected. — This process takes about 10 seconds and at the end a confirmation message is displayed. Click OK. The system restarts and the user is automatically logged into the system. —
7.
A-14
Verifying the Secure Mode Settings You can verify that the system performed the required changes in the security settings of the server and the OperServ by performing the procedures described next. These procedures are optional and can be skipped. IIS Server Security Setting Verification
To ensure that the IIS Security Settings were enabled: 1. Click Start ->Settings ->Control Panel ->Administrative Tools ->Internet Information Services (IIS) Manager. The Internet Information Services window opens. 2.
Expand the Server name list.
3.
Right-click the Default Web Site icon and then click Properties. The Default Web Site Properties dialog box opens.
4.
Click the Directory Security tab.
5.
In the Anonymous access and authentication control box, click the Edit button.
6.
Verify that the Anonymous access option is cleared and the Integrated Windows authentication option is selected and then click OK.
A-15
Appendix A: Secure Mode Environment Settings
7.
In the Secure Communications box, click the Edit button. The Secure Communications dialog box opens.
8.
Verify that the following check boxes are selected: Require secure channel (SSL) — Require 128-bit encryption —
9.
A-16
Click OK and then close the WebCommander Properties dialog box.
OperServ Security Settings Verification
In Secure Mode, OperServ is set to the highest authentication level of Packet Privacy. To verify the OperServ security settings: 1. Click Start ->Run. The Run dialog box opens 2.
In the Open field, type dcomcfng and click OK.
3.
Access the OperServ properties. a.
In Windows 2000 server and Windows NT server, the Distributed COM Configuration Properties dialog box, click OperServV9_0 and then click the Properties button.
The OperServ9_0 Properties - General dialog box opens.
A-17
Appendix A: Secure Mode Environment Settings
A-18
b.
In Windows XP server and Windows 2003 Server, in the Component Services window, click Computers -> My Computer -> DCOM Config.
—
Right-click OperservV9_0 and then click Properties. The OperServ9_0 Properties - General dialog box opens.
4.
Verify that Packet Privacy is selected in the Authentication Level field.
5.
Click OK.
DCOM Configuration To grant various access rights to Windows authenticated users when using Web Server Manager Client and WebCommander Client, you must modify the properties of the OperServ and WAM services. OperSrv Configuration for NT Authentication
1.
Click Start ->Run. The Run dialog box opens
2.
In the Open field, type dcomcfng and click OK.
3.
Access the OperServ properties. a.
In Windows 2000 server and Windows NT server, the Distributed COM Configuration Properties dialog box, click OperServV9_0 and then click the Properties button.
The OperServ9_0 Properties - General dialog box opens.
A-19
Appendix A: Secure Mode Environment Settings
A-20
b.
In Windows XP server and Windows 2003 Server, in the Component Services window, click Computers -> My Computer -> DCOM Config.
—
Right-click OperservV9_0 and then click Properties. The OperServ9_0 Properties - General dialog box opens.
4.
Click the Security tab.
5.
In the Launch and Activation Permissions pane, select Customize and then click the Edit button.
The Launch Permission dialog box opens. 6.
Click the Add button. The Select Users, Computers or Groups dialog box opens.
7.
Click the Locations button. The Locations dialog box opens.
8.
Select the local computer name.
9.
Click the Advanced button.
10. Click the Find Now button. A list of users is displayed. 11. Select the Authenticated Users group and click OK.
The selected Group is added to the Launch Permission dialog box, in the Group or user names list.
A-21
Appendix A: Secure Mode Environment Settings
12. Set the permission to Allow - Local launch, Allow - Local Activation, Allow - Remote Launch and Allow - Remote Activation.
13. Click OK. 14. In the Security tab, set Access Permission to Customize and click the Edit button. 15. Repeat steps 6 to 13 performed for Launch Permission also for Access Permission. 16. At the end of the procedure, click OK to close the Properties dialog box. Do not close the Distributed COM Configuration Properties dialog box (Windows NT) or the Component Services window, in which the DCOM Config services are listed as you will need it for the next procedure.
A-22
WAM Configuration for NT Authentication
1.
Access the WAM properties. a.
In Windows 2000 server and Windows NT server, the Distributed COM Configuration Properties dialog box, click WAM and then click the Properties button. The WAM Properties - General dialog box opens.
b.
In Windows XP server and Windows 2003 server, in the Component Services - DCOM Config list, right-click WAM and then click Properties. The WAM Properties - General dialog box opens.
2.
Click the Security tab.
3.
Repeat steps 5 to 11 in the "OperSrv Configuration for NT Authentication" procedure.
4.
In the Permissions for Authenticated Users pane, set the permission to Allow - Local Launch and Allow - Local Activation.
5.
Click OK to close the Properties dialog box.
A-23
Appendix A: Secure Mode Environment Settings
Allowing Connecting/Starting the Application Server (OperSrv) from Server Manager Clients
Windows 2003 server 1. In the server computer, right-click the My Computer icon and then click Manage. 2.
Expand the System Tools tree.
3.
Expand the Local Users and Groups tree
4.
Click the Groups folder to display its list.
5.
Right-click the Distributed COM Users group and click Properties.
The "Distributed COM Users" group exists only from Windows 2003 server. For Windows NT server and Windows 2000 server, it is recommended to create a new domain’s user group for remote Server Manager Clients, and add the group once to the Groups list instead of adding users one by one. For more details, see “Creating a Group and granting permissions to the group in Windows NT server and Windows 2000 server” on page A-25.
6.
Click the Add button. The Select Users, Computers or Groups dialog box opens.
7.
and add the user or users' group to this group.
8.
Click the Locations button. The Locations dialog box opens.
9.
Select the local computer name.
10. Click the Advanced button. 11. Click the Find Now button. A list of users is displayed. 12. Select the Authenticated Users group and click OK. The selected Group is added to the Distributed COM Users group in the Group or user names list. 13. Click OK.
A-24
Creating a Group and granting permissions to the group in Windows NT server and Windows 2000 server 1. In the server computer, right-click the My Computer icon and then click Manage. 2.
Expand the System Tools tree.
3.
Expand the Local Users and Groups tree
4.
Right-click Groups folder and then click New Group. The New Group dialog box opens.
5.
Click the Add button and add the required users to this group.
6.
Click OK.
7.
Click Start ->Run. The Run dialog box opens
8.
In the Open field, type dcomcfng and click OK.
9.
In the Component Services window, expand the Computers list.
10. Right-click My Computer and then click Properties. 11. Click the COM Security tab. 12. In the Access Permissions box, click the Edit Limits button.
The Access Permission dialog box opens.
A-25
Appendix A: Secure Mode Environment Settings
13. Click the Add button and add the group you have created to the list. 14. Set the group permissions to Allow - Local Access and Allow - Remote Access. 15. Click OK. You are returned to the COM Security tab. 16. In the Launch and activation Permissions box, click the Edit Limits button. 17. Click the Add button and add the group you have created to the list. 18. Set the group permissions to Allow - Local Access, Allow - Remote Access, Allow - Local Activation, and Allow - Remote Activation. 19. Click OK.
Manually Updating the MCU Password This procedure must be performed when: •
You have selected the Secure Mode option during the installation of version upgrade. In such a case, passwords of MCU already defined in the database are not encrypted automatically and they must be re-entered to encrypt them.
•
The system failed to automatically update the MCU passwords when switching to Secure Mode.
When adding or changing MCU passwords in Secure Mode, they are automatically encrypted by the OperSrv and stored in the database. To re-enter the MCU password: 1. In the Web Server Manager, expand the SQL database tree and click MCU’s. The list of MCU’s appears. 2.
A-26
For each MCU in the MCU list, right-click the MCU icon and click Properties. The MCU Properties dialog box appears.
3.
In the Password field, re-enter the password. The password is hidden by a series of asterisks (****).
4.
Click OK.
Permissions Setting Any NT Authenticated user that is added to the WebCommander users list is automatically given default user's permission. When adding an MCU to the database or when modifying the MCU password in Secure Mode, the user must have a special permission to perform these operations. To grant permission: 1. In the Web Server Manager, expand the Database tree and click Permissions. The Permission Properties dialog box opens.
A-27
Appendix A: Secure Mode Environment Settings
A-28
2.
Click the Settings2 tab.
3.
Click the Allow remote Client access to Server Manager (Secure Mode) check box.
4.
Click OK.
Switching from Secure Mode to Non-Secure Mode When reverting back to a non-secure mode, the following operations are performed: •
In the Server Manager application, in the Web Configuration dialog box, clear the Secure Mode check box. The system displays a message indicating the process that will be performed once the operation is confirmed. These operations include: — Restoring the IIS defaults (turning off SSL/TLS and NTLM Authentication, and turning on Anonymous access) — Restarting all the WebCommander services — Enabling the Personal Scheduler application — Decrypting MCU passwords in ALL connected databases
•
Once the process is complete, the Login dialog box is displayed and the user must enter the User Name and Password.
A-29
Appendix A: Secure Mode Environment Settings
WebCommander Server Client Installation WebCommander Server client installations cannot be switched from non-Secure Mode to Secure Mode and vice versa and must be re-installed. To install the WebCommander Server Client in Secure Mode: • In the installation setup procedure, select the Secure Mode option.
•
A-30
Select the name or IP of the WebCommander server. The server name must be identical to name for which the SSL/TLS certificate was issued (and installed on the server).
