Initial installation of the ENTERPRISE Variant : Installing IZYTRONIQ Backend : Installing the Application Server
Installing the Application Server
IZYTRONIQ BackEnd ApplicationServer.msi
This setup installs the application server to IIS.
MSI Package
The MSI package includes the following optional parameters:
INSTALLWEBAPPDIR = standard wwwroot directory of the IIS,
normally = c:\inetpub\wwwroot\IZYTRON.IQ
WEBSITE_NAME = Default Website
With the default settings, the application server is installed as follows:
This installs the application server to IIS under “MyWebSite\MyWebApp” (virtual directory) and physically to “c:\myinstalldir”. The application pool (IZYTRON.IQ.BackEnd Pool) (default) is set up with user name “myapppooluser” and password “mypwd”, and is assigned to the website.
The user designated for operative use must also always have access to the database with read and write authority, in so far as this user is not the dbo (database owner)!
The application’s URL is laid out as follows:
https://<certificate path>/<application name>
The certificate path is the path which is specified in the general information for the certificate in IIS (“General” tab, issued to: <certificate path> in the “Certificate” window).
If “IZYTRON.IQ BackEnd ApplicationServer.msi” is executed directly by double-clicking, the application server is installed as “Default Web Site\IZYTRONIQ” with the “IZYTRON.IQ.BackEnd Pool” app pool and the following default app pool credentials: ApplicationPoolIdentity.
This user (ApplicationPool) probably doesn’t have any access to the database. A suitable user must be entered to this end (in the app pool’s “Advanced Settings” under “Identity”).
The following URL can be opened in the browser in order to display the correct installation:
“https://localhost/IZYTRON.IQ/HandshakeRemoteService.svc” (if installed in this way).
In the event of correct installation, an information page is displayed.
https://<certificate path>/IZYTRON.IQ/HandshakeRemoteService.svc
However, if URL https://localhost/IZYTRON.IQ/HandshakeRemoteService.svc is used,
a certificate error is displayed as a rule in the browser because certificates are not typically issued via a certificate path including “localhost”.
The user must also assure that the certificate used for the application has been entered or saved to the web browser which is also used for the application. This also applies in the case of computers for which subsequent installation of an IZYTRONIQ Enterprise client is planned, if a self-signed certificate is involved.
If the page is not displayed, a standard IIS error message appears instead, which provides information concerning any possible installation errors.
The application uses default HTTPS port 443. The TCP port setting may not be changed.
A valid certificate must be assigned to the page. Otherwise, the clients are unable to access the application server.
A corresponding binding with a certificate for this purpose must therefore be set up on the IZYTRONIQ backend server. When installing the IZYTRONIQ backend application service with the default parameters specified above, binding to the default website must take place in IIS (internet information services). Please refer to previous section 5.1.4, “SSL Certificate”, for details.
The value for “findValue” must also be correctly set in the Web.Config file under the <serviceCertificate> tag. This corresponds to the certificate’s fingerprint or thumbprint.
As shown in the figure above, the fingerprint or thumbprint can be taken from the certificate’s details, which in turn can be found in IIS under Server Certificates.
For the purposes of IZYTRONIQ, the fingerprint must be taken over
– without blanks,
– using uppercase letters only and
– without hidden special characters
within the <serviceCertificate> tag of the Web.config file.
The Web.config file doesn’t have to be modified until modification of the IZYTRONIQ SyncService.exe.config file becomes necessary during installation of the synchronization service (next section: “Installing the Synchronization Service”). The corresponding tag in the Web.config file can simply be replaced with the modified <serviceCertificate> tag there.
The user of the application server’s application pool (in IIS) must be authorized to access the database. Corresponding rights (read and write) must be provided at the database side.