Technical instruction - Installing application on Windows Server

Owned by Kenneth Jonsson
Last updated: 21 Sept 2023 by Mattias Löfstrand
5 min read

Introduction

This document is intended for technical staff installing Signifikant Platform on a Windows 2016 server (or later).

A good practice is to change background colour of Production server to solid blue to make it different from Test and Staging servers.

Installation

.Net Framework

Install Microsoft Framework 4.7 or 4.8.

Some operating systems will need a configuration of .NET Framework according to below. Please check if these settings are available in your environment and if so, turn on features below. Make sure to check the HTTP activation for the version of .NET you are running.

Failure to define the HTTP Activation feature will result in i.e. loss of the import repository or other SOAP related functions. In the Manager log file you may find errors like this: AssertManager Error: 0 : System.Net.WebException: The request failed with HTTP status 405: Method Not Allowed.

Error detail from log file, this time when fetching import repository information from a server.

AssertManager Error: 0 : System.Net.WebException: The request failed with HTTP status 405: Method Not Allowed. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Signifikant.Assert.Server.ImportServiceReference.ImportService.GetImportPoints(String requestXml) at Signifikant.Assert.Server.ImportRemoteServer.GetImportPoints(ActivityPointsRequest request)

SQL Server

Install SQL Server as database engine on Manager Server and Web Server.

  • Manager Server will need access to

    • A database engine for the editorial database. An SQL Server hotel on a separate server may be used.

    • A database engine used for temporary databases during publication. An SQL Server installed locally will be needed.

  • Web Server will need access to a database engine installed locally.

  • If Express edition is used, the instance name does not have to be changed.

  • If non Express edition is used, make sure to name the database instance. This name will be referred to in the configuration.

Install SQL Management studio.

IIS

Activate server role: Web Server (IIS).

 

Security settings for IIS

https://signifikant.atlassian.net/wiki/spaces/ASKB/pages/2830761985

Important! Set security aspects on IIS. Also, keep track of changed recommendations from Microsoft on security configurations.

ASP.NET i IIS7

Activate ASP.NET in IIS7 by adding roles to the server.

 

Same information from a Windows 2012 server, the feature installation confirmation window:

ASP.NET Core Applications

Follow below instructions in order to host ASP.Core Applications on Windows with IIS

https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/?view=aspnetcore-7.0

Still need of support of IIS6 metabase

Installing applications to IIS require components installed with IIS6 metabase. Enable and install the component.

Applications pool

Defined chosen application pool to be run by ”LocalSystem” to make it a privileged process with administrator access to databases and files. It may be that it will be defined using AppPoolIdentity.

For versions prior to 4.2.3

Set that the applications pool will use 32 bit applications since it will refer .Net Framework 4.5.x.

For version 4.2.3 and later

Set that the applications pool will use 32 bit applications during the installation. After the installation reset Enable 32-Bit application to false.

Also select LocalSystem for application pool login, a suitable session timeout and select to Suspend the application, rather then Terminate it to reduce startup time after idle time out.

For version 5.1 and later

Disable 32 bit applications for applications. Signifikant Server and Web-application performs better when run in 64-bit application pools.

Note identity: https://signifikant.atlassian.net/wiki/spaces/ASKB/pages/546963458/Technical+instruction+-+Installing+application+on+Windows+Server#Service-account

Activate ASP.NET service set it to start automatically. The service is needed to support user session data in a state server.

Free text search in Pdf and HTML files are implemented with the Widows Search service. When installing on a Windows Server ensure that the service installed.

Server 2016 and later

Windows Search Service in Server 2012 is found in Server Manager> Features > Windows Search.

  • Start Server Manager.

  • Click Manage, and then click Add Roles and Features

  • On the Before You Begin page, click Next

  • On the Installation Type page, select Role-based or Feature-based Installation, and then click Next

  • On the Server Selection page, select the server or virtual hard disk on which to install Windows Search Service

  • On the Features page, select Windows Search Service, and then click Next

  • On the Confirmation page, verify that Windows Search Service is listed, and then click Install

Connectivity

Connectivity between Manager Server and Web Server(s) using http(s) port 80/443 is required.

Organizing folders

It is recommended to always organize folders according to the same structure. Proposed structure is to create a sub folder structure on the data disk;

D:/Signifikant Backup Data <Site> Imports Export ExportArchive Import Install

Access

Signifikant will need access rights and credentials to access the server and SQL Server/Management Studio in order to perform installations and deliver support. Make sure to provide the needed security tools and credentials.

Operational aspects

Operational aspects not covered in guides. Procedures need to follow client’s standard operating procedures. Ensure the following is covered by client’s standard operating procedures.

Aspect

Content

Comments

Aspect

Content

Comments

Backup

Ensure to backup databases, file areas for content, and settings.

Ensure to set time for backup which does not interfere with possible nighly imports or publish processes.

Monitoring

Monitor SQL and IIS

Also consider using GetStatus. https://signifikant.atlassian.net/wiki/spaces/ASKB/pages/77398017

Antivirus

Ensure to configure antivirus

Possible exclusions only if large amount of files are changed at each publish, this may hamper performance in some anti viros tools.

Incident management

Ensure to prepare organisation for handling incidents and changes

 

Down time procedures

Ensure to prepare organisation for down time procedure

 

Clean up

Ensure to apply clean up scripts for automated imports and log files

 

Security

Service account

Tilde Short File/Folder Name Disclosure

If IIS accept short filenames, a user may try to break security by testing different file names. Two actions are suggested for this issue.

  1. Discard or filter all web requests including a tilde "~" character. The most recommended prevention technique is to apply a filtering rule in the firewall for all ~ (tilde) and Unicode encoded equivalences sent in the URL path to the server. If such a rule cannot be applied, URL rewrite should be used instead.

  2. An alternativ is to discard all web requests using the tilde character by adding a registry key named NtfsDisable8dot3NameCreation to HKLM\SYSTEM\CurrentControlSet\Control\FileSystem. Set the value of the key to 1 to mitigate all 8.3 name conventions on the server. Please refer to

Publisher settings