Академический Документы
Профессиональный Документы
Культура Документы
www.bitkoo.com
Page 1 of 15
www.bitkoo.com
Copyright Notice
This document (written or otherwise displayed on magnetic media or other medium) contains confidential and proprietary information of BiTKOO, LLC. It is furnished only for informational purposes, and no license or permission is hereby granted to use such information in any manner. In no event may this information be reproduced, distributed and/or publicly displayed in any form or by any means without prior expressed written permission of BiTKOO, LLC.
Page 2 of 15
www.bitkoo.com
Overview
Keystone is an extensible and scalable security solution for user authentication and fine-grained authorization. It works in concert with a variety of authentication directories to provide application security. Keystones integrated set of components acts to protect applications from unauthorized access. These components are based on current technology and standard protocols for authentication and authorization. As applications and web services utilize this shared infrastructure, an enterprise will reap the benefits from the elimination of redundant development efforts as well as the efficiency of standardized administration, cross-application reporting and audit trail.
Please note the following companion documents that describe the function and use of the Keystone system: Keystone Administration Application Guide Keystone Authorization Component Guide
Keystone Prerequisites
The following are prerequisites for installation of Keystone Version 3.9.0. IIS 6.0 or Higher Keystone requires IIS 6.0 or higher to be installed on an application server. Supported servers include Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2. Both 32-bit and 64-bit servers are supported. SQL Server Keystone requires an instance of Microsoft SQL Server 2005 or Microsoft SQL Server 2008. All editions of SQL 2005 and SQL 2008 are supported. Note: IIS and SQL can be run from the same server, but this may limit failover scenarios.
Page 3 of 15
www.bitkoo.com
.NET Framework 3.5 SP1 You can download and install this software from the Microsoft web site at http://www.microsoft.com/downloads/details.aspx?familyid=ab99342f-5d1a-413d-831981da479ab0d7&displaylang=en. Please note: if you are using Windows Server 2008 R2, the .NET Framework can be added by opening the Server Manager, clicking Add Features and then selecting .NET Framework 3.5.1 Features. Web Services Enhancements (WSE) 3.0 You can download and install this software from the Microsoft web site at http://www.microsoft.com/downloads/details.aspx?FamilyID=018a09fd-3a74-43c5-8ec18d789091255d&displaylang=en. The installer offers a number of options; Keystone only requires the Runtime features to be installed. Alternately, the Keystone Installation Package will attempt to install Microsoft WSE 3.0 automatically during the setup process.
Page 4 of 15
www.bitkoo.com
Installation Preparation
Before running the Keystone Installation Package, you should have the following items in place: SQL Server Administrator Account Keystone requires an existing SQL Server account that has the sysadmin role assigned on the SQL Server instance to be used. The Keystone installation supports either Windows Authentication or SQL Server Authentication for the installation process. Service Account Keystone requires an existing user account to run the Keystone Audit Trail Service and the IIS Application Pool. This can be either a local server account or a domain account. The user account should be a member of the Administrators group on the application server and should have a strong password. Note: if you are installing onto Windows Server 2003, then the user account must also be a member of the IIS_WPG group. Existing Web Sites Before installing Keystone, you must stop any existing web sites that are running on port 80 (web sites run on port 80 by default). Follow these steps to stop any currently running sites: 1. Open the Internet Information Services (IIS) Manager. 2. Check for web sites running on port 80. 3. Right-click the running web site name. a. For Windows Server 2003: Select Stop. b. For Windows Server 2008: Select Manage Web Site from the menu. Select Stop.
Page 5 of 15
www.bitkoo.com
Installation Walkthrough
The following steps will guide you through the Keystone Installation Package. Note: If you would like to create a text log of the installation, please see the Installation with Logging section below. 1. Run the BiTKOO-Keystone-3.9.0.exe application as an administrator. To run the application as an administrator under Windows Server 2008, right-click on the installation icon and select Run as administrator from the context menu.
Note: if you are installing under Windows Server 2003, right-click and choose Run as, then uncheck the options that says Run this program with restricted access.
Page 6 of 15
www.bitkoo.com
3. Read the text of the BiTKOO Click-Through Evaluation License Agreement. If you disagree with the terms, click the button. Otherwise 4. Check the button labeled I accept the terms in the License Agreement:
5. Click the
button.
Page 7 of 15
www.bitkoo.com
7. Using the items in the box labeled BiTKOO Keystone Features, check the features that you wish to install or uncheck the features that you do not wish to install. Note that categories of features may be expanded by clicking the button to the left of the category name:
Note: If you are doing a new install (with an empty database), then select the Install Databases option (and do not select Upgrade Databases). If you would like to upgrade an existing database to the current version, then select Upgrade Databases, and de-select Install Databases. 8. Click the button.
Page 8 of 15
www.bitkoo.com
10. If you click the button labeled , a folder selector box will appear. 11. Select the directory where you wish to install Keystone. In the above example, this is C:\Program Files (x86)\BiTKOO\Keystone, but you may choose any directory that currently exists on your system. 12. Select the directories for the database MDF and LDF files. The path names must include a backslash (\) symbol at the end. Also note: these directories must already exist on the system. They may be located on the SQL Server file system or a network share accessible by the SQL Server. 13. Click the button. 14. The IIS Settings screen will appear:
Page 9 of 15
www.bitkoo.com
15. In the Windows Domain or Computer Name box, type the name of the domain or local computer for the login. The Username and Password boxes should contain an existing user on that domain. In the above example, AdminAccount is a system identity that has been previously established on the machine where Keystone 3.9.0 is being installed. 16. Click the button. 17. The SQL Connections screen will appear:
18. Type the host name or IP of the database server in the box labeled SQL Server Hostname or IP. If dealing with a named instance, type the server name followed by a backslash (\) and then the instance name (InstanceName in the above example). Note: Ensure that TCP/IP is enabled on the SQL Server. If necessary, ping the database server to be sure that it is reachable from the installation location. 19. Choose Windows Authentication or SQL Server Authentication from the Authentication dropdown box for Installer SQL Connection:
If Windows Authentication is selected, then the current Windows session must be logged in with an account with the sysadmin role on the SQL Server. Note: Depending on the installation environment, there may be potential issues using Windows Authentication for the database installation depending on how the server is logged in and what impersonation (if any) is used. Because of this, it is highly recommended that you set up a sysadmin account on the SQL Server that can be logged in with SQL Server Authentication. This login can be deleted after the
Page 10 of 15
www.bitkoo.com
installation is complete. If SQL Server Authentication is selected in the dropdown list, the Login and Password boxes will appear:
The login used for the installation must have the sysadmin role on the SQL Server. 20. Fill in the connection for the Keystone SQL Connection. This will be used by the Keystone application during normal operation. If you select Windows Authentication, it will use the same login credentials supplied on the previous screen. If you select SQL Server Authentication, the login will be created on the SQL Server if it does not already exist. 21. Click the button. 22. The Environment Configuration screen will appear:
23. In the Current Installation Environment box, select the type of installation currently being performed:
Page 11 of 15
www.bitkoo.com
24. Type the name of each host domain to which the current instance of Keystone will be connecting for Development, QA and Production functions. This hostname must not be terminated with a slash (/) or backslash (\). If you are installing into a test environment, it is acceptable to use the same value for each of the host names. 25. Click the button. 26. Keystone 3.9.0 is now ready to install:
27. Click
information on any previous pages, or to initiate the Keystone 3.9.0 installation process. 28. During the installation process, the Progress screen will appear:
Page 12 of 15
www.bitkoo.com
The upper bar indicates the overall progress of the installation. The lower bar tracks the creation and configuration of the various elements being installed. 29. If you selected to use https (on the Environment Configuration) screen, the installation will pause and prompt you to associate the SSL certificate with the Keystone website (Note: if you are using http, this screen will not appear):
At this point, you should open the IIS Configuration Manager and configure the https binding to use an SSL certificate. After IIS is configured, go back to the open window and press any key to continue the installation. 30. On successful completion of the installation, the Completed screen will appear:
Page 13 of 15
www.bitkoo.com
You should now be able to navigate to the Keystone Web Site at http://*MachineName+/Keystone. This web site allows you to download the Keystone Administration Application, the various client-side developer components, and additional documentation.
3. Locate the folder containing the Keystone installer files. At the command prompt, change to the directory containing the installer files. In the illustrated example below, the installer files are located in directory C:\Temp:
5. The normal installation process will start. See the Installation Walkthrough section above for specific instructions.
2011 BiTKOO, LLC.
Page 14 of 15
www.bitkoo.com
6. When installation has completed, you can find the log file in the folder containing the Keystone installation files. The file is named KeystoneInstaller.log. Here are the log files that are created during installation and their locations: KeystoneInstaller.log records installer actions when the batch script InstallKeystoneWithLogging.bat is run. KeystoneInstaller.log is written to the same directory as the batch script. DeployerFileUpload.log records messages for deployer file upload operations when the Deployer Files feature is installed. DeployerFileUpload.log is located at <InstallationLocation>\<Version>\DeployerFileUpload.log. WriteInstallerVariables.log records messages for variable substitution operations when anything is installed. WriteInstallerVariables.log is located at <InstallationLocation>\<Version>\WriteInstallerVariables.log. BuildLauncher.log records messages for KeystoneInstaller.msi build operations when the Launcher feature is installed. BuildLauncher.log is located at <InstallationLocation>\<Version>\BuildLauncher.log.
Uninstall
If you uninstall Keystone, the following items are not affected: All Keystone databases are left intact and unchanged. The Microsoft WSE 3.0 SDK is not uninstalled. If desired, this can be removed using the Add/Remove Programs option on the server.
Additional Configuration
The Keystone Directory Abstraction Layer (DAL) allows you to use your existing directories for authentication. For additional information, please see the Keystone Directory Abstraction Layer Guide available on the Keystone web site noted above. This document will walk through the set up and configuration of directories, auth token parameter masks, and auto-provisioning.
Support
Any questions regarding Keystone can be sent to: support@bitkoo.com or contact your direct technical support engineer.
Page 15 of 15