User Guide
Apollo A2 Server installation
Filename: / A2 Installation Guide.docUser Guide
Apollo A2 Server installation
1.Prerequisites
2.Installation on 32bit IIS
2.1.Installation
2.2.Adding a new Instance
3.Installation on 64bit IIS
3.1.File Installation
3.2.Permissions
4.Configuration
4.1.Data Store, Upload & Logs
4.2.Private Encryption Key
4.3.Relay Service URL
5.Testing the A2 Installation
5.1.Web Service Availability
5.2.File Submission
6.Changes to the A2 Server
Appendix 1 - A2 Server Checklist
1.Prerequisites
The following are prerequisites for the successful installation of the Apollo A2 Server installation.
- Windows Server 2003 Standard Edition or higher, configured with the following roles;
- File Server
- Application Server
- Windows Installer v3.0
- Microsoft .NET Framework v2.0
- An Externally visible IP address
- Firewall/Proxy configuration to allow access to the following;
- IN and OUT bound http access to the external IP address. This is to expose the A2 web service to A2 clients.
- Outbound access to This allows Apollo to receive notification of datasets received. This must be available to all local user accounts (in particular the account that IIS uses to run .NET applications)
Supplied with this document should be the following:
For 32-bit Installations:
- Setup.exe
- Apollo.A2.Deployment.msi
For 64-bit Installations
- The A2 Folder
- A2SecurityLib.exe
- A2SecurityLib.000
For all Installations
- A2Permissions.bat
- Private Keys (filename in the form XXX000.PRV)
For each project that the server will manage, a private Decryption Key will be supplied. If you are managing multiple projects for multiple users/clients on the same server, you will need to store each key in a separate instance. Please ensure that each key is paired with the correct instance that is installed. See below for details on how to do this; if you have any queries, please call Apollo Support for assistance.
2.Installation on 32bit IIS
There are 2 files required for this installation of the Apollo A2 Server software. The files will be supplied along with this document.
- Setup.exe
- Apollo.A2.Deployment.msi
2.1.Installation
To install the Apollo A2 Server please follows the instructions below.
- Save the above files to your local file system.
- Double Click Setup.exe to commence the install.
- The Welcome screen will appear, please select Next.
- The License Agreement will appear, please read and accept, then select Next to continue.
- The Select Installation Addressscreen will appear. This allows you to select the web site location, Virtual Directory and the application pool. Please leave as default unless you specifically require bespoke setup. Click Next to continue.
- Click Next on the first Configuration screen, leaving the ‘None’ selected.
- Click Next on the second Configuration screen.
- Check the Enable Relay Log option. This allows the A2 service to send file receipt notifications to This aids in project support.
- Click Next on the Confirm Installation screen, to begin the install.
- A Command prompt window and RegSvr32 dialog box will open. Press any key to close the command prompt, and click OK to confirm the RegSvr32 message.
- Click Close to exit the Installation once complete.
The installation of the first A2 service is complete; Now all that’s left is to configure the permissions required for the A2 service to operate correctly. Most of the permissions are handled by a batch file for convenience. Please run A2Permissions.bat, this will alter the file permissions for the default folders (mentioned later), as well as the application paths.
2.2.Adding a new Instance
- Decide on the name of the second instance. In the remainder of the documentation, we will use an example name of A2_secondinstance
- Copying the web documents in IIS’ default wwwroot location to a matching location with the new instance’s name. In our example that would mean copying from c:\inetpub\wwwroot\A2 to c:\inetpub\wwwroot\A2_secondinstance
- Create a new Folder Store to hold the uploaded files. We would recommend creating the folders A2_SecondInstance\Logs, A2_SecondInstance\upload, and A2_SecondInstance\store, much like the default folders
- Create a new Application in IIS for the new instance. In the IIS manager screen, right click on the folder and choose properties. In the lower half of the resulting dialog box, under Application Settings, Click “Create” next to the Application name. This will create a new application it will require permission to run both Scripts andexcutables.
3.Installation on 64bit IIS
3.1.File Installation
There are a number of files required for the installation of the Apollo A2 Server software when running IIS in 64bit mode, this unfortunately is a manual task. The files will be supplied along with this document and need to be placed into the following locations.
InetPub\wwwroot\A2
App_Data
[EncrpytionKey].Prv
Bin
Apollo.A2.Decryptor.dll
Apollo.A2. Decryptor.pdb
Apollo.A2.Deployment.Custom.Configuration.dll
Apollo.A2. Deployment.Custom.Configuration.pdb
Apollo.A2.HIIntegration.dll
Apollo.A2.HIIntegration.pdb
Apollo.A2.Information.dll
Apollo.A2.Information.pdb
Apollo.A2.IonIntegration.dll
Apollo.A2.IonIntegration.pdb
Apollo.A2.Relay.dll
Apollo.A2. Relay.pdb
Apollo.A2.Server.dll
Apollo.A2.Server.pdb
Interop.A2SecurityLib.dll
Raize.CodeSiteLogging.dll
Inspector
Images
ApolloLogo.jpg
Download.aspx
Download.aspx.cs
Login.aspx
Login.aspx.cs
LogWindow.aspx
LogWindow.aspx.cs
Web.Config
Styles
style.css
A2Permissions.bat
Apollo Blank.ico
EUL.RTF
Service.ashx
Web.config
XMLFile.xml
Program Files x86\Apollosoft\A2\Common
A2SecurityLib.exe
Now we need to double click on the A2SecurityLib.exe to register it. Once the small A2SecurityLib window opens, please close it.
Finally we need to install the RemObjects components by dropping the following files into the %windir%\assembly folder.
- RemObjects.InternetPack.dll
- RemObjects.SDK.dll
- RemObjects.SDK.Server.dll
- RemObjects.SDK.ZLib.dll
Some version of windows will not let you drag-and-drop files into this location, and you will need to use the gacutil tool provided
3.2.Permissions
Most of the permissions are handled by a batch file for convenience. Please run A2Permissions.bat on a 32 bit system. On a 2008/64-bit server, A2 permissions won’t work as instead of ASPNET as the service account, NETWORK SERVICE account needs to be used. However this can be done manually by granting full access to the Network Service account on the following folders:
- The A2 Log, Upload and Store folders (See section 4.1 below)
- The Windows\Temp folder
- C:\Program Files x86\ApolloSoft\A2\Common
The second part of the permissions setup is to configure the A2SecurityLib.exe’s permissions. Please select Start, then Run and type ‘dcomcnfg’, then press enter. This will launch the Component Services window. Browse through to the following.
Console Root
Component Services
Computers
My Computer
DCOM Config
{A662BE7F-D149-4761-971D-71C86C9A0A27}
(Note: for Win 2008 64bit server, run C:\Windows\sysWOW64\mmc comexp.msc /32, to list all 32bit CLSIDs).
Right click on {A662BE7F-D149-4761-971D-71C86C9A0A27} and select Properties. Select the security tab and customise the Security properties so that ‘Everyone’ is granted full rights to Launch, Access and Configuration.
Finally in IIS 7.5 (Windows 2008) only, you will also need to right click the Sites->DefaultWebSite->A2 folder and “Convert to Application”. Ensure the Classic (as opposed to the default in IIS7 Integrated) version of .NET 2.0.xxx is being used on the Application pool.
The installation of the A2 service is now complete. To set up additional instances, please follow the instructions as listed in section 2.1
Note (JC 04/07/2012): If still having difficulty with permissions on the Upload, Logs and Store folders, try adding the ‘<hostname>\IIS_IUSRS’ account will full control to all three.
4.Configuration
Configuration happens (by default) in the c:\inetpub\wwwroot\A2\web.config file. There will be a separate web.config file per instance of A2.
4.1.Data Store, Upload & Logs
By default the installer sets up the Logs, Store and Upload folders in C:\A2\. The store folder can become quite large as this is the destination for all datasets received from A2 clients. It is therefore recommended that the A2 folder is placed on a large drive with plenty of free space.
To change the location of the A2 folder simply copy the existing folder to the new location and amend the following keys in the …\InetPub\wwwroot\A2\web.config file;
<add key="UploadFolderPath" value="C:\A2\Upload" />
<add key="StoreFolderPath" value="C:\A2\Store" />
<add key="LogFolderPath" value="C:\A2\Logs" />
We recommend using a different base path (e.g. c:\A2_Secondinstance) for all 3 of the above settings
The folders will require full access by the IIS Service, either ASPNET or NETWORK SERVICE accounts. We have included a A2Permissions.bat file that will configure the access rights on the default folders automatically.
4.2.Private Encryption Key
By default the installer sets up the QA001.Prv as the Private Key for the A2 server. You should have been provided a Private Key for your server. Please put the .Prv key in the following folder.
…\Inetpub\wwwroot\A2\App_Data\
Now the …\InetPub\wwwroot\A2\web.config file needs to be amended to use your new key. Please amend the following line in your web.config file.
<add key="PrivateKey" value="QA001.Prv" />
Remember that if you have multiple instances set up for each instance the encryption keys are private, and each instance should have just the private keys that it needs.
4.3.Relay Service URL
By default the receiverURL is blank. Please update value with the following URL;
Ensure the below setting is set to True in the ‘web.config’ file
<add key="UseDailyLog" value="True" />
5.Testing the A2 Installation
There are 2 stages to testing the web service.
5.1.Web Service Availability
This test is preformed on the server and simply checks that the A2 web service is running.
Open a web browser on the server, and visit the following URL:
If the web service is running then you should see XML in the Browser window.
This will need testing for each instance of A2 set up on the server with /<instancename>/Service.ashx/bin. So, in our example, you will also need to test
5.2.File Submission
This test is preformed on a client site and tests the full A2 Process and requires access to a Practice PC.
This test is carried out by our Support technicians, who will send a dummy file via the A2 client, to the target URL. On receipt of the encrypted file the A2 server will place it in the C:\A2\Upload folder, then unpack the file and decrypt it. Upon successful decryption the file will move to the C:\A2\Store folder, under Year\Month\day folder structure and the Uploaded files are removed.
Any errors encountered during this process will be logged to the C:\A2\Logs\A2.log file.
6.Changes to the A2 Server
If any changes are made to the server upon which the A2 software resides e.g. replacing / rebuilding the server or changing IP Address Apollo must be notified immediately and in advance as this may impact the ability for the server to receive further data extractions.
Should Apollo not be notified correctly via your designated Apollo Project Manager we reserve the right to charge for any data extracts that would have successfully uploaded and for any time taken to rectify issues. Apollo standard day rate is £800 per day.
Appendix 1 - A2 Server Checklist
Project Name:
Prerequisites
A2 Private Key GenerationDocumentation sent to client
IP/DNS address received from client :
Repository Built
Confirmation from client port 80 is available inbound through firewall
Confirmation from client outbound access to on port 80
MPL/Hydra project assigned an ID and Code
SDE Client setup
SDE Project Creation
SDE Incident Generation
Installation
Confirmation of A2\Store location from client :.Net 2 installed
Windows Installer 3 installed
IIS Configured
wwwroot\A2 folder created and files copied
Private key copied to \wwwroot\a2\app_data
A2SecurityLib.exe copied to \PFx86\Apollosoft\A2\Common
Gacutil /i run on 4 Remobjects component files in wwwroot
A2SecurityLib run
Permissions granted on folders (\A2, c:\windows\temp, C:\PFx86\Asoft\) for NETWORK SERVICE (or ASPNET, or IIS_USR)
mmc comexp.msc /32 on {A662BE7F-D149-4761-971D-71C86C9A0A27}, granting everyone security access under security pane for all 3 options
Convert A2 folder to application in IIS
web.config has paths set up
web.config has private key configured
web.config has use daily log set to True
web.config has receiverURL set to:
Confirm receiver URL is visible from server
Pilot site test for tryme and/or full fileset, including files in store
Check Apollo Relay Log