Versions Compared

Version Old Version 21 New Version Current
Changes made by

Mattias Löfstrand

Hanna Agerlo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Install SQL Management studio.

IIS options

Go to Server manager → Manage → Add Roles and Features wizard → Check: Request monitor & IIS 6 Metabase Compatiility

...

Legacy servers: Activate server role: Web Server (IIS).

...

Security settings for IIS

...

Set that the applications pool will use 32 bit applications since it will refer .Net Framework 4.5.x.

...

For version 4.2.3 and later

...

Disable 32 bit applications for applications. Signifikant Server and Web-application performs better when run in 64-bit application pools.

...

Note identity: https://signifikant.atlassian.net/wiki/spaces/ASKB/pages/546963458/Technical+instruction+-+Installing+application+on+Windows+Server#Service-account

image-20240904-070018.pngImage Added

Activate ASP.NET service set it to start automatically. The service is needed to support user session data in a state server.

...

  • Start Server Manager.

  • Click Manage, and then click Add Roles and Features

  • On the Before You Begin page, click Next

  • On the Installation Type page, select Role-based or Feature-based Installation, and then click Next

  • On the Server Selection page, select the server or virtual hard disk on which to install Windows Search Service

  • On the Features page, select Windows Search Service, and then click Next

  • On the Confirmation page, verify that Windows Search Service is listed, and then click Install

...

Other Apps on Server

Info

Avoid installing apps on the server unless needed. When selecting apps, avoid apps which are not updated automatically.

Non updated apps may be security risks and normally monthly patching schedules only include what is managed by Windows and selected other apps handled by infra teams.

Connectivity

Connectivity between Manager Server and Web Server(s) using http(s) port 80/443 is required.

...

It is recommended to always organize folders according to the same structure. Proposed structure is to create a sub folder structure on the data disk;. This is the proposed structure for the Manager server.

Code Block
D:/Signifikant
  Backup
  Data
    <Site>
  Imports
    Export
    ExportArchive
    Import
  Install

This is the proposed structure for the Web server. Note the extra Remote folder under Data.

Code Block
D:/Signifikant
  Backup
  Data
    Remote
      <Site>
  Imports
    Export
    ExportArchive
    Import
  Install

...

Info

It is recommended to use a service account for IIS instead of LocalSystem.

Tilde Short File/Folder Name Disclosure

If IIS accept short filenames, a user may try to break security by testing different file names. Two actions are suggested for this issue.

...

Discard or filter all web requests including a tilde "~" character. The most recommended prevention technique is to apply a filtering rule in the firewall for all ~ (tilde) and Unicode encoded equivalences sent in the URL path to the server. If such a rule cannot be applied, URL rewrite should be used instead.

...

Find the security hardening checklist here: https://

...

signifikant.

...

atlassian.

...

net/wiki/spaces/ASKB/pages/2830761985/Technical+instruction+-+IIS+security#IIS-settings

Publisher settings

Technical documentation - Whitelisting publisher API