Requirements
Before preparing a server for Sureview make sure you check:
- That you have everything you need from the Minimum Specifications, particularly the Infrastructure items of:
- The login information for the service domain user
- SSL Certificates either already imported to the server or the PFX files provided for use during this step
- The location of the database server
- Whether this server will be the Filestore server
- which Tier this server will be hosting
Sureview Prep Script
The "SureviewPrep" PowerShell script automatically configures a computer ready for use with Sureview without the need for any manual actions, including doing steps of:
- Checking that the OS is at least Server 2012
- Hardening the server
- Importing a SSL certificate (optionally generating a self-signed certificate for test server use)
- Creating the Sureview program files directory and downloading the latest Sureview installer to the "Setup" sub folder
- Giving the service user permissions to write to the Sureview program files directory and listen on HTTP ports (optionally creating the user locally for test server use)
- Creating a Filestore folder and sharing it on the network with write access for the service user
- Installing SQL Express (for test server use only)
- Installing SQL Management Studio
- Installing the C++ Runtimes
- Installing and configuring the IIS Windows, including installing UrlRewrite for HTTPS redirection and .NET Core (latest 2.1.x bundle) for use with Sureview V2
- Installing Chrome (for test server use only)
- Renaming and changing the password of the Administrator user (for test server use only)
- Renaming the computer (for test server use only)
Downloading
Run the following Powershell command to download the "SureviewPrep.ps1" script file into the current directory (run "cd" without any arguments to see what directory you are currently in, and run "cd" again with an argument to move around to other folders):
Set-Location ~\Downloads; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
Invoke-WebRequest -Uri "https://download.sureviewsystems.com/SureviewPrep.ps1" -OutFile ".\SureviewPrep.ps1" -UseBasicParsing;
Usage
The script includes Comment Based Help that explains what all parameters do, provides some examples, and provides a link to this page too - this should be your first place to look when understanding how to use the script:
Get-Help .\SureviewPrep.ps1 -Detailed <# Shows an explanation of what each parameter does and a list of examples #>
Get-Help .\SureviewPrep.ps1 -Examples <# Shows a list of examples #>
Get-Help .\SureviewPrep.ps1 -Online <# Opens this support page #>
Example: Only download the latest Sureview installer
This example demonstrates only downloading the latest Sureview installer (to the "Setup" subfolder of the Sureview Program Files folder)
Set-Location ~\Downloads; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri "https://download.sureviewsystems.com/SureviewPrep.ps1" -OutFile ".\SureviewPrep.ps1" -UseBasicParsing;
.\SureviewPrep.ps1 -SetupDownload
Example: Configuring a standalone test server
This example demonstrates setting up a self-contained test server:
- Using the "TestServer" preset to install all prerequisites including SQL Express
- Changing the Administrator username and password
- Creating a local service user with a given password
- Renaming the computer to something meaningful
- Generating a self-signed certificate with a given hostname
Set-Location ~\Downloads; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri "https://download.sureviewsystems.com/SureviewPrep.ps1" -OutFile ".\SureviewPrep.ps1" -UseBasicParsing;
.\SureviewPrep.ps1 -Preset "TestServer" -ServiceUserCreatePassword "Surev13w" -CertSelfSignedHostname "localhost";
Example: Configuring a production server
This example demonstrates setting up a production server with:
- Using the "ProdAppDevice" preset to install all App and Device tier prerequisites. Note: use "ProdApp" or "ProdDevice" to just do one of those tiers instead of both.
- Providing the domain service user account for it to be given permissions to write to the Sureview directory and listen on the HTTP ports
- Providing the location and password for a certificate PFX file to be imported into the computer and set on port 443
Set-Location ~\Downloads; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri "https://download.sureviewsystems.com/SureviewPrep.ps1" -OutFile ".\SureviewPrep.ps1" -UseBasicParsing;
.\SureviewPrep.ps1 -Preset "ProdAppDevice" -ServiceUserName "YourDomain\YourServiceUser" -CertFileImport "\\some\path\or\url\to\a\cert.pfx" -CertFilePassword "YourPFXPassword";
Example: download the prerequisite installers for use with an offline install
This example demonstrates downloading all of the prerequisite installers for when you are installing the prerequisites on a server that does not have internet access (an "offline" prerequisites install). The process is:
- On a PC with internet access run the command below to download all the prerequisite installers
Set-Location ~\Downloads; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri "https://download.sureviewsystems.com/SureviewPrep.ps1" -OutFile ".\SureviewPrep.ps1" -UseBasicParsing;
.\SureviewPrep.ps1 -Preset "DownloadInstallers"; - Copy the script file and all the downloaded installers over to the server that has no internet access into the same folder then run it as usual with whatever arguments you require to install the prerequisites.
Manual Setup (not recommended)
Note: manual setup is NOT recommended as you may miss steps - use the Sureview Prep PowerShell script described above instead.
All Servers
All servers must have:
- Remote Desktop secured by setting it to...
- use NLA
- use "High" level of encryption
- use the "SSL" security layer
- SMB file sharing secured by setting it to...
- SMB v1 disabled
- Use encryption
- Insecure encryption protocols disabled by running IISCrypto with the "best" template
- Users secured by...
- Disabling the "Guest" user
- Ensuring a service user account exists for all Sureview services to use, that...
- Has a complex password
- Is not a member of the "Administrators" group
- Has permission to write to the Sureview "Program Files" folder
- Has permission to listen on the HTTP ports used by Sureview via the "netsh http add urlacl" command
- Is not used by real users to log in
- Ensuring the "Administrators" group...
- Does not contain the Sureview service user account
- Contains as few users as possible
- Contains only users with complex passwords
- A SSL certificate imported to be used by Sureview to encrypt transmitted data
Data Tier
In addition to the "All Servers" section, Data Tier servers must be set up as follows:
- Microsoft SQL Server 2012 (or newer) Standard edition (or higher) installed *1
- With enough CALs for your users
- Configured for redundancy (recommended)
- Accessible from the App and Device Tier servers (in a multi-server setup)
- Windows File Share created for audited media storage
- Accessible from the Device Tier servers (in a multi-server setup)
- The user running the SQL service must have explict permissions to write to C:\program files(x86)\Immix Cloud\DB.
*1 Express Edition may only be used for test servers and is not supported by SureView for production use
App Tier
In addition to the "All Servers" section, App Tier servers must be set up as follows:
- Windows Features installed:
- NET Framework v4.6.2 (or newer)
- HTTP Activation
- IIS, with sub-features of:
- Common
- Default Document
- Static Content
- Application Development
- ASP.NET v4.x
- Common
- NET Framework v4.6.2 (or newer)
- .NET Core IIS hosting bundle (latest 6.0.x bundle) installed (note: must be installed after IIS and an "iisreset" must be performed afterwards to apply the changes)
- UrlRewrite installed (for HTTPS redirection)
- C++ 2015 Runtime x86 installed
Device Tier
In addition to the "All Servers" section, Device Tier servers must be set up as follows:
- Windows Features installed:
- .NET Framework v4.6.2 (or newer)
- C++ 2015 Runtime x86 installed
- C++ 2013 Runtime x86 installed
Comments
0 comments
Please sign in to leave a comment.