<< Click here to display Table of Contents >>

Installing Web Server and Web API Server

Contents

Multiple Web/Web API Servers can be installed and load-balanced under your load-balancing infrastructure. You can repeat the installation steps to install Web Servers paired with Web API Servers per data center location to reduce the response time for accessing web pages of Thin Clients.

Note: Don’t install multiple Web/Web API Servers at the same time; install them one after another on separate machines. Otherwise, it will cause the database initialization failure.

Note: Service Monitor Agent needs to be installed prior to installing Web/Web API Server. Refer to Installing Service Monitor Agent on Windows for more detailed steps.

Note: Web/Web API Servers are integrated into one installation package with Worker Server. It is highly recommended to install Worker Server on a standalone machine after the installation of Web/Web API Server. See Installing Worker Server on Windows for more details.

Note: It is highly recommended that the extended memory of your machine is larger than 16GB.

Note: Before the installation, the Existing Internet Information Services (IIS) must be removed, and the FIPS setting must be disabled by modifying the Enabled value to 0 under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy directory of Windows registry.

Complete the following steps to install Web API Server and Web Server on the same machine with administrative privileges.

1.Download the netbrain-ie-windows-x86_64-10.0.zip file and save it in your local folder.

Tip: Contact NetBrain Support Team to get the download link.

2.Extract installation files from the netbrain-ie-windows-x86_64-10.0.zip file.

3.Right-click the netbrain-ie-windows-x86_64-10.0.exe file, and then select Run as administrator to start the Installation Wizard.

4.Follow the Installation Wizard to complete the installation step by step:

1).NET Framework 4.8 must be pre-installed on this machine before you install the Application Server. The Installation Wizard will automatically check this dependency. If it has not been installed, the wizard will guide you through the installation as follows; it has been installed, the wizard will directly go to step 2).

Note: Make sure the Windows update is of the latest. For Windows Server 2012, you might be asked to install some software patches before the .NET Framework 4.8 installation can start.

a)Click Install.

b)Read the license agreement of Microsoft .NET Framework 4.8, select the I agree to the license terms and conditions check box and click Install. It might take a few minutes for the installation to be completed.

Note: Some running applications must be closed during the installation of .NET Framework 4.8, such as Server Manager.

c)You must click Restart Now to restart the machine immediately. Otherwise, the upgrade will fail due to the failure of upgrading the new .Net Framework. After the machine reboots, continue with step 2).

Note: The interface above may not appear if the .NET Framework has never been installed on the server. In such case, it is still highly recommended to reboot the server after the installation of the .NET Framework completes.

Note: Ensure the FIPS is disabled after restarting the machine. To disable the FIPS setting, modify the Enabled value to 0 under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy directory of Windows registry

2)On the Welcome page, click Next.

3)On the NetBrain Integrated Edition Prerequisites page, read the components that must be set up in your environment beforehand and click Next.

4)On the System Configuration page, review the system configuration summary and click Next.

5)On the License Agreement page, read the license agreements, select the I have read the subscription EULA… check box and then click I ACCEPT.

6)On the Customer Information page, enter your company name, and then click Next.

7)On the Destination Location page, click Next to install the Web Server and Web API Server under the default directory C:\Program Files\NetBrain\. If you want to install them under another location, click Change.

8)Select both the Web API Service and Web Server check boxes, and then click Next.

9)On the MongoDB Server Connection page, enter the following information to connect to MongoDB and then click Next.

▪Address — enter the IP address or resolvable FQDN of MongoDB and the corresponding port number. By default, the port number is 27017.

Tip: You can enter the fully qualified domain name (FQDN) of MongoDB if all NetBrain servers are managed in the same domain. For example, test.netbraintech.com:27017.

▪User Name — enter the username that you created when installing MongoDB.

▪Password — enter the password that you created when installing MongoDB.

▪Replica Set Name — enter the replica set name of MongoDB. Keep the default value rs as it is unless you changed it.

▪Use SSL — used to encrypt the connections to MongoDB with SSL. If SSL is enabled on MongoDB, select this check box; otherwise, leave it unchecked.

▪Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to validate the connection to the dependent server. This will not affect the application running timeout value.

10) On the License Agent Server Information page, enter the following information to connect to License Agent, and then click Next.

▪License Agent port — the port number that the service of License Agent Server listens to. By default, it is 27654.

▪Use SSL — used to encrypt the connections to License Agent Server with SSL. If SSL is enabled on License Agent Server, select it; otherwise, leave it unchecked.

11) On the Elasticsearch Connection page, enter the following information to connect to Elasticsearch, and then click Next.

▪Address — enter the IP address or resolvable FQDN of Elasticsearch and the corresponding port number. For example, 10.10.3.142:9200.

Note: If a proxy server is configured on this machine to access the Internet, you must add the IP address and port number of Elasticsearch into the proxy exception list of the web browser, to ensure this NetBrain server can communicate with Elasticsearch.

Tip: You can enter the FQDN of Elasticsearch if all NetBrain servers are managed in the same domain. For example, test.netbraintech.com:9200.

▪User Name — enter the username that you created when installing Elasticsearch.

▪Password — enter the password that you created when installing Elasticsearch.

▪Use SSL — used to encrypt the connections to Elasticsearch with SSL. If SSL is enabled on Elasticsearch, select it; otherwise, leave it unchecked.

12) On the RabbitMQ Connection page, enter the following information to connect to RabbitMQ, and then click Next.

▪Address — enter the IP address or resolvable FQDN of RabbitMQ.

Tip: You can enter the FQDN of RabbitMQ if all NetBrain servers are managed in the same domain.

▪User Name — enter the admin username that you created when installing RabbitMQ.

▪Password — enter the admin password corresponding to the username that you created when installing RabbitMQ.

▪Port Number — enter the port number used by RabbitMQ to communicate with Web API Server, Worker Server, and Task Engine. By default, it is 5672.

▪Use SSL — used to encrypt the connections to RabbitMQ with SSL. If SSL is enabled on RabbitMQ, select it; otherwise, leave it unchecked.

13) On the Redis Connection page. enter the following information to connect to Redis by selecting the Standalone mode, and then click Next.

▪Redis Address — enter the IP address of Redis.

Tip: You can enter the FQDN of Redis if all NetBrain servers are managed in the same domain.

▪Password — enter the admin password that you created when installing Redis.

▪Use SSL — used to encrypt the connections to Redis with SSL. If SSL is enabled on Redis, select it; otherwise, leave it unchecked.

▪Redis Port — enter the port number used by Redis to communicate with Web API Server, Worker Server, and Front Server Controller. By default, it is 6379.

14) (Required only if the Use SSL check box is selected when configuring the connections to MongoDB, License Agent, Elasticsearch, RabbitMQ, or Redis.) Configure whether to authenticate the Certificate Authority (CA) of the SSL certificates used on these servers, and then click Next.

To authenticate CA:

a)Select the Conduct Certificate Authority verification check box.

b)If the CA has not been installed on this machine, click Browse to import the CA certificate file, for example, ca.pem.

Note: Only the certificate in Base-64 encoded X.509 PEM format is supported.

Note: The following conditions must be met for the CA certificate file:
- The CA certificate must contain CRL Distribution Points property with valid CRL HTTP distribution point URL. (CRL stands for Certificate Revocation List.)
- The CRL Distribution Points URL must be accessible to Web Server/Worker Server.
- Internet access must be ensured if the certificate is signed by third-party CA.

15) On the KeyVault Administration Passphrase Settings page, create a passphrase to initialize and manage the system KeyVault which contains all encryption keys to protect data security. Type it twice and select the Enable Resetting KVAP check box to enable the KVAP resetting. Click Next.

Tip: The passphrase must contain at least one uppercase letter, one lowercase letter, one number, and one special character, and the minimum permissible length is 8 characters. All special characters except for the quotation mark (") are allowed.

Note: Keep notes of the passphrase because it is required when you scale up or upgrade the Application Server. In case of losing the passphrase, keep the Enable Resetting KVAP check box selected so that NetBrain system admin can reset the passphrase at any time. See Resetting KeyVault Administration Passphrase for more details.

16) On the Web API Server Configuration page, create an API key for Web API Server to verify the connection request from Service Monitor Agent. Type it twice and click Next.

Note: This API Key must be consistent with the one entered during installing Service Monitor Agent before.

17) On the Auto Update Server page, configure the listen address and listen port.

▪Use SSL between Auto Update Server and Client — used to encrypt the connections between Auto Update Server and Client with SSL. Otherwise, leave it unchecked.

oCerticate — required only if Use SSL... is selected. Click Browse to select the certificate file containing the public key. For example, cert.pem.

oPrivate Key — required only if Use SSL... is selected. Click Browse to select the private key file. For example, key.pem.

Note: The Listen Address must be the local server’s IP address which can be reached from other NetBrain servers including Front Server.

18) Review the summary of the installation settings and click Install.

19) (Optional) Ensure the NetBrain installation process using administrator account has the necessary permissions to modify “User Rights Assignment” in “Local Security Policy” or change the local user privileges. Otherwise, the following error message will prompt when installing each Windows component.

Click Yes to continue with installation/upgrade process and NetBrain service will be configured to run as Local System. If you have security concerns, please click No to abort the installation/upgrade.

Note: Local System accounts have additional privileges that are considered a high risk. Please verify that this is an acceptable risk in accordance with your SysAdmin policies.

Note: After clicking No, please check with your system administration team to enable the relevant permissions, uninstall the affected component(s) and reinstall. Contact NetBrain support team if you need any assistance during the process.

5.After successfully installing the Web Server and Web API Server, click Finish to complete the installation process and exit the Installation Wizard.

6.Open the IIS Manager to check that the Default Web Site and ServicesAPI under the Sites exist.

7.Open the Task Manager to check that the NetBrainKCProxy service is running.

Tip: To have the required configurations auto-populated during the installation of other system components, you can copy the netbrain,ini file from the C:\NBIEInstall of this machine directly to the C:\NBIEInstall drive of the machines where Worker Server, Task Engine, and Front Server Controller will be installed.