Repository Web Application
Installation
Launch Sentinet.msi installation package.
Read and Accept License Agreement by clicking I Accept.
Enter User Name, Organization and a valid License Key provided by Nevatech.
Select Custom to install only the Repository Web Application.
Select Complete for a full install.
Select Repository Web application feature if Custom setup type was selected above. Other features are optional.
Click Next to proceed with the installation. Wait for the Wizard to complete the installation.
Configuration
To configure a new or update an existing Sentinet Repository Web Application:
Start the Repository Configuration application from the Windows shortcut or launch RepositoryConfiguration.exe located in the root of the installation directory. This will open the Repository Configuration Wizard starting with the Repository Database page.
Note
You must be logged in to the machine as a member of the local Administrators group and start the Repository Configuration Wizard with the option “Run as administrator” on the machine with tightened security settings.
The first page, Repository Database is used to create a new or use an existing Sentinet Repository database.
a. Select Create new database option to create new Sentinet Repository database or select Use existing database option to attach to an existing database.
Note
Repository Configuration Wizard uses default SQL server settings when it creates new SQL server database. If you want to create Sentinet Repository database with custom settings (e.g. non-default location of the database files), create new empty database with required custom settings using regular SQL server tools, and execute scripts located in the default Sentinet installation folder (C:\Program Files\Nevatech\Sentinet\SQL).
Then run Repository Configuration Wizard and select Use existing database option described in this step. Read Appendix H for more details on using stand-alone SQL scripts.
b. Enter database server name or the network address in the Server Name field. When Use existing database option above is selected, the Configuration Wizard will search for all databases configured on the SQL Server identified by the Server Name field. Database Name field will change to a drop-down list of discovered database names. Default server name is the current machine name.
c. Enter database name into the Database Name field. Default database name is Sentinet.
d. Select the authentication modes for both the System Administrator and Repository Web Application accounts.
Note
Configuration Wizard uses up to two distinct user accounts to access selected SQL Server instance. Sentinet supports both Windows Integrated and SQL Server authentication. Each account can be selected with its own authentication model. It is recommended to use the Windows Integrated authentication model for both accounts.
System Administrator account is used by the Configuration Wizard to create new or update an existing Sentinet Repository database. The Configuration Wizard will use the currently logged-in user Windows account if Windows Integrated authentication is selected, or SQL account if SQL Authentication was selected. In either case, selected account must have sysadmin privileges to the database server. Appendix I describes extended process of using Configuration Wizard without this requirement.
Repository Application account will be used by the Repository Web Application to get access to the Repository database during runtime. This can be any custom Windows account or SQL account.
If an existing SQL database account is selected, then it will be granted the required access to Sentinet Repository database. If the SQL account does not exist, then it will be created by the Configuration Wizard with the appropriate access privileges.
If Windows Integrated authentication is selected (recommended), then the Windows account (that the Repository Web Application is running under) will be given access to the Repository database. By default, Repository Web Application is created to run under the ApplicationPoolIdentity, built-in machine pseudo-account, which is the standard IIS Server account with the least system access privileges.
Step 4 below explains how to control Repository Web Application Windows account.
If SQL Server authentication option is used for both accounts described above, make sure they are different SQL server accounts.
Click Next to navigate to the Monitoring Database page.
Monitoring Database page provides with advanced Sentinet configuration options when Monitoring tables can be partitioned and monitoring data can be configured to reside in its own, stand-alone Monitoring database. Most typical Sentinet deployments do not require these options (both checkmarks are in unchecked state). Details on how to enable Monitoring tables partitioning are described in Appendix F. Details on how to enable stand-alone Monitoring database are described in Appendix G.
Click Next to navigate to the Repository Application page.
Create and configure Repository Web Application as an ASP.NET application hosted in IIS Server.
a. Select the IIS Server Web Site that will host Repository Web Application.
b. Select SSL settings.
Configuration Wizard automatically selects SSL settings currently configured with the selected IIS Server Web Site. If the selected IIS Server Web Site is not configured with SSL, you will have to configure it with an SSL port (default is 443), an SSL certificate and optionally, the network cards' listening IP addresses for the Web Site. These are the same settings used by Microsoft IIS Manager to control Web Site SSL configuration. When selecting an SSL certificate, you can choose from the list of the currently installed valid local machine SSL certificates, or request the Configuration Wizard to generate a new self-signed SSL certificate.
To generate a new self-signed SSL certificate, click Create.
Note
Certificate Common Name and Expiration (in number of days) are mandatory fields. By default, Common Name is the current machine name, and Expiration is set to one year. Pay special attention to the selection of the SSL certificate Common Name, because SSL protocol requires the host address (that client applications will use to access the SSL server) to match the server certificate Common Name. For example, if Repository Web Application will be accessed by Sentinet administrators and by Sentinet Nodes at the www.contoso.com host address, then the SSL certificate must be issued with the Common Name www.contoso.com.
Clicking OK will generate a new self-signed certificate, the dialog box closes and certificate is automatically selected as the SSL certificate in the Repository Application page of the Configuration Wizard.
c. Select Web Application settings.
Select the name for the Repository Web Application. The default name is Sentinet. This will be the name of the IIS Server Virtual Directory and Application. Select the IIS Server Application Pool that will host the Repository Web Application. By default, SentinetAppPool is selected as new, isolated IIS Server Application Pool dedicated to Repository Web Application.
Note
You can also select any of the existing IIS Server Applications Pools if the selected pool is configured with .NET CLR Version 4.0 and Integrated Managed Pipeline Mode.
The labels beneath the Application Pool entry field show the properties of the selected Application Pool. The Identity label shows the exact Windows account Identity that is configured with the Application Pool. For example, built-in machine pseudo-account “ApplicationPoolIdentity” shows up as “IIS APPPOOL\[Application Pool Name]”.
Repository Web Application will use the application pool Windows Identity to access the Sentinet Repository database, if Windows Integrated authentication for Repository Application account is selected on the previous Configuration Wizard page.
Selecting different Application Pools allows control of the Repository Web Application Windows Identity. Use the IIS Manager application to create a new Application Pool (or modify the existing) with a desired Windows Identity. Click the Refresh hyper-link on the Configuration Wizard page and select Application Pool created (or modified) by IIS Manager.
Check Require SSL box (recommended by default security settings) to restrict access to Repository Web Application with SSL. Repository Web ASP.NET Application will automatically redirect all traffic to https addresses when Require SSL setting is turned on.
Click Next to navigate to the Signing X.509 Certificate page.
Note
Sentinet Certificates Provisioning and Management system uses the signing X.509 certificate as an internal Certificate Authority. A Certificate Authority can sign other certificates generated by the Sentinet Certificates Provisioning and Management system. This feature enables the Sentinet infrastructure to operate in its own Certificates Authority realm. A typical example of using a Sentinet as a Certificates Authority, is when the Sentinet Nodes are automatically configured with certificates generated and issued by the Repository Web Application. The Sentinet configuration requires a Signing X.509 certificate.
Using Sentinet as a Certificate Authority is entirely optional.
The signing X.509 certificate can be the same SSL server certificate configured on the previous page. By default, the SSL certificate is automatically selected as the signing X.509 certificate if the server SSL certificate was generated by the Configuration Wizard.
Click Create to generate a new (or different from SSL) Signing X.509 certificate. Click View to review details of the selected certificate.
Click Select button to select a Signing Authority X.509 Certificate from the list of certificates installed on the local machine. The list is populated with certificates that are valid for signing other certificates. Alternatively, click Create button to generate a new certificate.
Click Next to navigate to the Reporting page to configure Sentinet's Reporting settings.
a. Select Reporting Time Zone.
Sentinet generates reports and provides Monitoring Graphs for real-time message exchanges. Both reports and Monitoring Graphs can show data aggregated over specified time periods. Data aggregation results may depend on the Time Zone used by the Sentinet data aggregation processes. To avoid ambiguity, Sentinet uses a single Time Zone configured for the data aggregation processes. By default, the Configuration Wizard selects the current Time Zone of the computer it is running on.
b. Select the real-time Monitoring Graph interval that will start using aggregated data. Sentinet is designed to process millions of messages. Under a high volume messages load, Sentinet responds with faster real-time monitoring if aggregated data is used.
Selecting a Monitoring Graph interval at which to start using aggregated data will enable the Sentinet Console to have a better response time for monitored services and for monitored Sentinet Nodes.
By default, none of the Monitoring Graph intervals are configured to use aggregated data, resulting in all monitored data to be collected against a live feed.
Example: If 1 hour Monitoring Graph interval is selected, it is expected that monitored services and Sentinet Nodes will experience high volume of messages within any monitored hour. These Monitoring time intervals will use aggregated data instead of a live feed. Lower monitoring intervals (15 and 30 minutes in this case) will continue to use live data for the real-time Monitoring Graphs.
Click Next to navigate to the Mail Server page.
The Mail Server page is used to configure a connection to a mail server. If the email option is selected for alerts and notifications, Sentinet will use this mail server connection configuration to send emails. By default, the mail server connection is not configured.
Note
It is strongly recommended to configure a mail server connection (particularly for production environments), because otherwise no email alerts will be sent and no self-registration for the users of the Developer Portal will be available. Without mail server connection the only way to register Developer Portal Consumer accounts will be to create them by Sentinet Administrators using Sentinet Administrative Console.
From Name field specifies the from name for e-mails.
From Address field specifies the from address for e-mails. Host field specifies the hostname of the SMTP mail server to use for SMTP transactions. This attribute has no default value.
Port field specifies the port number to use to connect to the SMTP mail server. Default value is 25.
Use SSL checkbox specifies whether SSL is used to access an SMTP mail server. The default value is false.
Username field specifies the user name to use for authentication to the SMTP mail server. This attribute has no default value.
Password field specifies the password to use for authentication to the SMTP mail server. This attribute has no default value.
Use Default Credentials checkbox specifies whether the default user credentials should be used to access the SMTP mail server for SMTP transactions. The default value is false.
Client Domain field specifies the client domain name to use in the initial SMTP protocol request to connect to the SMTP mail server. The default value is the localhost name of the local computer sending the request.
Target (SPN) field specifies the Service Provider Name (SPN) to use for authentication when using extended protection for SMTP transactions. This attribute has no default value.
For a detailed description of the mail server connection fields, view Microsoft documentation at:
http://msdn.microsoft.com/en-us/library/w355a94k.aspx,
http://msdn.microsoft.com/en-us/library/ms164242.aspx and
http://msdn.microsoft.com/en-us/library/ms164240.aspx
Click Test Settings to test the Mail Server connection configuration. Specify an email address and click Send to receive a test email alert.
Click Next to navigate to the Administrator Account page.
The repository Administrator page creates a root-level Sentinet administrator account with the highest access permissions to the Sentinet Repository. Sentinet Repository Web Application instance can be reconfigured later to use a Windows Integrated (Appendix A) or Client X.509 certificates security (Appendix B). The root-level administrator account can be modified to use any supported credentials type.
Check Create Administrator Account box to create an administrator account. If the Configuration Wizard creates a new Sentinet Repository database (Configuration Wizard first page setting), then the box is checked by default. If the Configuration Wizard is attaching to an existing Sentinet Repository database, the box is not checked by default.
Fill out the administrator field values for username (default value is Administrator), email and password. Password must be 6 to 64 characters long and contain at least one upper case character, one lower case character, one number, and one special character.
Click Finish to start the configuration process.
Progress of the configuration process should now be displayed.
Click Close button to close application. If the Launch Application box is checked (default value), a default browser application is started with the login page of the Sentinet Administrative Console.
Note
Before closing Repository Configuration Wizard, you can click Save Configuration button (see screenshot above) to save input data collected by this Wizard in configuration file. This configuration file can later be used for automated deployments, installations and product upgrades (see Appendix A in this document for more details).
Integrated Help system
By default, Sentinet Administrative Console configured as part of the Sentinet Repository Web Application, will use online Help system integrated into https://www.nevatech.com web site. Nevatech customers can request a complete copy of this system (which is a collection of static web pages) and install it at any other location of their choice. The new location in this case must be changed in the web.config file of the Repository Web Application. Below is an example of default location configured in web.config file:
…
<nevatech.vsb.repository documentationUrl="https://www.nevatech.com/docs/Sentinet/6.4">
…
Database Management
After Sentinet Repository application is configured, it must be enabled with the database management control.
Important
Execute steps described in details in Appendix C. Repository Database Management.