Quick Start Deployment Guide


This quick start guide will help you to install and configure Ekran System, so as to start monitoring the activity of users.


The Ekran System installation package can be downloaded from here.


To install and configure Ekran System, follow the steps below (in sequence):


Application Server Installation Prerequisites


Installing the Database


Ekran System supports two types of databases:

  • PostgreSQL (downloadable from here)
  • MS SQL (downloadable from here)


Installing .NET Framework


.NET Framework 4.8 is included in Windows 10 (version 1903).

If your version of Windows does not have .NET Framework 4.8, you can download it from the official Microsoft website. .NET Framework requires administrator permissions for installation.

NOTE: After installing .NET Framework, the computer needs to be restarted.


Installing the Ekran System Application Server


To install the Application Server, do the following: 

1. Run the installation file (EkranSystem_Server.exe) to open the Ekran System Setup wizard.

2. On the Welcome to the Ekran System Setup page, click the Next button.

3. On the License Agreement page, read the End User License Agreement carefully, and then click I agree

4. On the Choose the Installation Mode page, if this is the initial installation of the Application Server, make sure that the New Ekran System Application Server option is selected, and then click Next.

   

NOTE: After installation of the initial (new) Application Server, the “Add Application Server to existing deployment” option can be used later to subsequently install additional Application Server instances on multiple nodes, if required for large deployments.

5. On the Choose Install Location page, enter the installation path or click Browse to navigate to the Application Server installation folder, and then click Next.

   

NOTE: If more than one Master Certificate (called EkranMasterCertificate) is detected in the certificate store (e.g. due to reinstallation of the Application Server), a warning message is displayed to the user, and installation cannot be performed until the unnecessary Master Certificates are deleted.

6. On the Ekran Master Certificate page, if the Application Server is being installed for the first time, select the Generate a new certificate option.

NOTE: Ekran System uses the Ekran System Master Certificate for encryption, which must be generated during initial installation of the Ekran System Application Server. For large deployments requiring multiple instances of the Application Server, after installation of the initial Application Server, the “Use existing Master Certificate” option must be selected later when subsequently installing additional Application Server instances.

   

7. On the Database Type page, select the type of database you want to use for storing data, and then click Next.

   

8. If you selected the PostgreSQL database, on the PostgreSQL Server Database Configuration page, define the connection parameters as follows, and then click Next

Enter the hostname or IP address of the PostgreSQL Server instance, which is the instance name assigned to the TCP/IP port. Optionally, you can define a custom PostgreSQL database port by entering its name after the Server instance name, separating them by a colon (e.g. <server_instance_name>:<port>). 

NOTE: If the default instance of the PostgreSQL server is used, enter “localhost” in the “Server instance” field. 

Enter the User name and Password of the user account via which the connection to the server will be established. 

NOTE: By default, this is the user with the login “postgres”, and the password defined during the installation of PostgreSQL.

   

9. If you selected the MS SQL Server database, define the connection parameters as follows on the MS SQL Server Database Configuration page,, and then click Next

Enter the hostname or IP address of the MS SQL Server instance, which is the instance name assigned to the TCP/IP port. Optionally, you can define a custom MS SQL database port by entering its name after the server instance name, separating them by a comma (e.g. <server_instance_name>,<port>). 

NOTE: If the default instance of the MS SQL server is used, only the name of the machine where the MS SQL server is located needs to be defined. 

Select the type of authentication required: SQL Server Authentication or Windows Authentication

When using SQL Server Authentication, enter the SQL Server User name and Password for the user account via which the connection to the server will be established. 

NOTE: You must enter either “sa” (system administrator) credentials or the credentials of a user with the “dbcreator” permission. 

When using Windows Authentication, enter the User name as <domainname>\<user name> and the Password

NOTE: The specified user must have already been added as a user in MS SQL and have system administrator permissions.

   

10. If you already have a database, which was created either manually or when using previous versions of the Ekran System Application Server, you will be offered to use it. If you want to use this existing database, click Yes. Otherwise, click No and a new database will be created.

   

11. On the Administrator password page, define a password for the administrator (i.e. for the default user of Ekran System with the login “admin” and full permissions), and then click Next.

   

12. On the Ekran System Client Uninstallation Key page, define a key that will be used for uninstalling the Client locally, and then click Next (by default, the Uninstallation key is “allowed”, and can be changed by way of the Management Tool at any time later).

   

13. Click Install, and the installation process will start.

14. When installation is complete, click Finish to exit the Setup wizard.


Management Tool Installation Prerequisites


The following preconditions need to be met before installing the Management Tool application. 

NOTE: For Windows 7, these tasks must be done in the correct sequence (as stated below).


Turning on Internet Information Services (IIS)


IIS for Windows 8.1 and Windows 7


To turn on Internet Information Services for Windows 8.1 and Windows 7, do the following:

1. Select Control Panel > Programs > Programs and Features.

2. Click the Turn Windows features on or off navigation link.

   

3. In the Windows Features window that opens, in the Features tree-view, select the Internet Information Services checkbox, and then click OK.

   


IIS for Windows Server 2012


Internet Information Services can be turned on using either Windows PowerShell or Windows Server 2012 Server Manager.


To turn on Internet Information Services for Windows Server 2012 using Windows PowerShell, do the following:

On the Start menu, select Windows PowerShell.

Enter the following command, and then press Enter:

Install-Windows Feature -Name Web-Server, Web-Mgmt-Tools


To turn on Internet Information Services for Windows Server 2012 using Server Manager, do the following:

1. On the Start menu, select Server Manager.

2. In the Navigation pane, select Dashboard, and then click Manage > Add roles and features.

   

3. In the Add Roles and Features Wizard that opens, on the Before You Begin page, click Next.

4. On the Installation Type page, select the Role-based or feature-based installation option, and then click Next.

   

5. On the Server Selection page, select the Select a server from the server pool option, and then select your server from the Server Pool list, and click Next.

   

6. On the Server Roles page, select the Web Server (IIS) checkbox, then click Next, and click Add Features to complete turning on IIS.

   


IIS Installation on Windows Server 2019 Core


The following PowerShell commands (using the PowerShell admin prompt) can be used on Windows Server 2019 Core for installing the IIS feature:

1. Install IIS and its components:

Install-WindowsFeature -Name Web-Server, Web-WebSockets, Web-Asp-Net, Web-Asp-Net45, Web-Mgmt-Console

2. Check for installed features:

Get-WindowsFeature

3. After installation, IIS Manager can be run by using its full path and name. The default path is:

C:\Windows\System32\inetsrv\InetMgr.exe.


Configuring Internet Information Services (IIS)


.NET Framework 4.8 is included in Windows 10 (version 1903).

If your version of Windows does not have .NET Framework 4.8, you can download it from the official Microsoft website. .NET Framework requires administrator permissions for installation.

NOTE: After installing .NET Framework, you must restart the computer.


To configure IIS correctly, follow the corresponding instructions below depending on your version of Windows OS:


Using a Self-Signed Certificate


Creating the Self-Signed Certificate


To generate a self-signed certificate on the computer on which you want to install the Management Tool, do the following: 

1. Open Internet Information Services Manager: 

For Windows 8.1 and Windows 7: Open Computer > Manage > Services and Applications > Internet Information Services (IIS) Manager

For Windows Server 2012: Press Windows+R, enter “inetmgr” in the Run window that opens, and then press Enter

NOTE: Using the “inetmgr” command is a common way to open Internet Information Services Manager for any version of the Windows operating system.

2. Click the main node in the Connections tree-view and then double-click the Server Certificates icon in the IIS section.

   

3. In the Actions panel on the right, click Create Self-Signed Certificate.

   

4. In the Create Self-Signed Certificate window that opens, enter a name for the certificate in the Specify a friendly name for the certificate field, and then select Personal in the Select a certificate store for the new certificate drop-down list, and click OK to create the self-signed certificate.

   


Exporting the Self-Signed Certificate


To export the self-signed certificate, do the following:

1. Using Internet Information Service Manager, in the Server Certificates pane, select the certificate generated, and then click Export in the Actions pane.

NOTE: Alternatively, this can be done in the context menu by right-clicking on the certificate, and then clicking Export.

2. In the Export Certificate pop-up window, define a location and password for the certificate, and then click OK.

   

3. The certificate is then exported and can be added to Trusted Root Certification Authorities.


Adding the Self-Signed Certificate to Trusted Root Certification Authorities


To add the certificate to Trusted Root Certification Authorities, do the following: 

1. Press Windows+R, and enter “mmc” in the Run window that opens, and then press Enter

2. In the User Account Control window that opens, click Yes

3. In the Console window, select File > Add/Remove Snap-in.

   

4. In the Add or Remove Snap-ins window that opens, select Certificates > Add.

   

5. In the Certificates snap-in window that opens, select Computer account, and then click Next.

   

6. In the Select Computer window that opens, select Local computer: (the computer this console is running on), and then click Finish.

   

7. In the Add or Remove Snap-ins window, click OK.

8. In the Console window, expand the Certificates (Local Computer) node.

9. In the Certificates (Local computer) tree-view, find the Trusted Root Certification Authorities node.

   

10. Right-click on the Trusted Root Certification Authorities node, and then select All Tasks > Import in the context menu to open the Certificate Import Wizard.

   

11. On the Welcome to the Certificate Import Wizard page, click Next.

   

12. On the File to Import page, click the Browse button to find the certificate to be imported, and then click Next.

   

13. On the Private key protection page, enter the certificate password, and then click Next.

   

14. On the Certificate Store page, click Next.

   

15. On the last page of the Certificate Import Wizard, click Finish to complete importing the certificate.


Setting Up an HTTPS Binding for the Default Website


To set up an HTTPS binding for the default website, do the following: 

1. Open Internet Information Services Manager:

For Windows 8.1 or Windows 7: Open Computer > Manage > Services and Applications > Internet Information Services (IIS) Manager

For Windows Server 2012: Press Windows+R, enter “inetmgr” in the Run window that opens, and then press Enter.

NOTE: Using the “inetmgr” command is a common way to open Internet Information Services Manager for any version of the Windows operating system. 

2. In the Connections pane on the left, expand the node with the name of the target computer, and then expand the Sites node under it, and select Default Web Site to open the Default Web Site Home pane in the center

NOTE: If there is no such website in Internet Information Services (IIS) Manager on the computer, any other website can be selected (the name of the website does not matter).

   

3. In the Actions pane on the right, click the Bindings navigation link to open the Site Bindings window.

4. If there is no binding of Https type in the Site Bindings window, click Add.

   

5. In the Add Site Binding window that opens, select https in the Type field, and then select your certificate in the SSL certificate field, and click OK.

   

6. In the Site Bindings window, click Close, and Internet Information Services is then fully configured, so the Management Tool can now be installed.


Using a Self-Signed Certificate on Windows Server 2019 Core


The PowerShell commands (using the PowerShell admin prompt) to use on Windows Server 2019 Core are as follows:

To export a self-signed certificate, use the following PowerShell commands:

$password = ConvertTo-SecureString -String "my_password" -Force -AsPlainText

Get-ChildItem -Path Cert:\LocalMachine\My\<cert_thumbprint> | Export-PfxCertificate -FilePath "C:\cert.pfx" -Password $password

 • To import a self-signed certificate, use the following PowerShell commands:

$password = ConvertTo-SecureString -String "my_password" -Force -AsPlainText

Import-PfxCertificate -FilePath <path_to_certificate> -CertStoreLocation Cert:\LocalMachine\My -Password $password

 • To generate a self-signed certificate with the name “ekransystem” and bind it to port 443, use the following PowerShell commands:

$site = "Default Web Site"

New-WebBinding -Name $site -IPAddress * -Port 443 -Protocol https

$cert = New-SelfSignedCertificate -CertStoreLocation 'Cert:\LocalMachine\My' -DnsName "ekransystem"

$certPath = "Cert:\LocalMachine\My\$($cert.Thumbprint)"

$providerPath = 'IIS:\SslBindings\0.0.0.0!443'

Get-Item $certPath | New-Item $providerPath


Installing the Management Tool


To install the web-based Management Tool application, do the following:

1. Run the EkranSystem_ManagementTool.exe installation file.

2. Carefully read the terms of the End-User License Agreement, and then click I Agree.

3. On the Connection Settings page, specify the required values in the following fields, and then click Next:

In the Server field, enter the name or IP address of the computer on which the Application Server is installed. 

In the URL field, enter a name for the folder where you want the Management Tool to be located within IIS (the default name is EkranSystem, and this folder name will form part of the URL used to open the Management Tool).

   

4. In the Destination Folder field, select the folder where the Management Tool application will be installed, and then click install.

   


To log in to the web-based Management Tool application, do the following:

1. Open a browser, and in the address bar enter: https://<hostname or IP address of the machine where the Management Tool was installed>/<URL that was specified during Management Tool installation>.

e.g. https://server/EkranSystem

2. Enter the default Login “admin” and the Password that was defined during the installation of the Ekran System Application Server.

   


Installing Windows/Linux/macOS Clients


To see how to install Windows Clients, please refer to this section in the User Manual.

To see how to install macOS Clients, please refer to this section in the User Manual.

To see how to install Linux Clients, please refer to this section in the User Manual.


Licensing


To activate the product, a serial key needs to be entered into the system.

To obtain a serial key, please contact your account manager or the Ekran System Support team at: [email protected]

To activate the product online, open the Serial Key Management page in the Management Tool, and click the Activate Product Online button.

If you have an internal network without an internet connection, an offline serial key needs to be requested from your account manager or from the Ekran System Support team.

To activate the product offline using an offline serial key, please refer to the following article on the Ekran System Knowledge Base FAQ.