Overview Hardware Requisition Software and Drivers Users SSL Certificates Network Gather Settings Troubleshooting Checklist
ControlPanel Setup
Overview Hardware Requisition Software and Drivers Users SSL Certificates Network Gather Settings Troubleshooting Checklist ControlPanel Setup

Overview of Server Installation Process

Prima is generally installed on-site rather than in the cloud. This allows each customer to own and protect their data, meet their own security standards and help their own users as they see fit.

Prima consists of:

  • Prima application server (Windows Server 2016 or newer) that hosts a couple of Windows services
  • Microsoft SQL database
  • Clients (mainly Windows desktop, some internal web)
  • Digital storage (documents, slide images, etc)
In general, it is best to have two systems: one for production and a scaled-down version for user and upgrade testing. There are two stages to the installation: the prep work that is included here and running the installer. The installer does a lot for us. Not only does it install the software, but it configures the system to use SSL certs, configures firewall settings (locally), LDAP/AD and more. If all the prep work is completed and there aren't any hidden (e.g. security) hiccups, the Prima installation should only take 20 minutes.

Setting Up Server Hardware

As a general stance on supported versions of software, Fortelinea stays very much on top of using all new performance and security measures in new versions of software. This means newer versions are always better, as far as we are concerned.

Hardware Requirements

Hardware requirements can vary quite a bit from lab to lab based on the usage of the system. We like to set both minimum and recommended requirements. We find that, if as much as possible is done using virtual machines, systems can later be tweaked based on how the lab ends up using the system.

Note that recommended requirements are based on a lab with about 12 stations/users.

Prima Application Server

Parameter Minimum Recommended
CPU 3.0GHz, 2 cores 3.4+GHz, 4 cores
Memory 8GB 32GB
Storage 32GB 64GB
Operating System Windows Server 2012 R2 Windows Server 2016 (or newer)

Prima Database Server

While we list specs for a database server, feel free to host the database on a shared server, given the overhead to support Prima is available. If you choose to allocate an SQL server VM to Prima, I would recommend using one for both the test and production databases (two databases on a single server). This will save on costs and be one less thing to manage.

Expect database growth in the neighborhood of 1GB per year

Parameter Minimum Recommended
CPU 3.0GHz, 2 cores 3.4+GHz, 4 cores
Memory 16GB 64GB
Storage 8GB (prefer autogrow) 16GB (prefer autogrow)
Operating System SQL Server 2016 SQL Server 2019

Shared Storage

Storage is highly configurable, but is separated here for ease of planning and use.

Parameter Minimum Recommended
Digital Documents 4GB 80GB
Digital Images 16GB 1TB

Installing Features and Drivers, Etc.

  • Assign a vanity name to the servers (e.g. prima.mycompany.com, prima-test.mycompany.com or whatever you want)

    Using a human-readable vanity name makes remembering the server address easier when installing clients, accessing your internal Prima website, etc.

  • Ensure that .NET Framework 4.8 (an up-to-date OS should have this already) and .NET Core Hosted runtime (both 3.1 and latest version) are installed on the application server
  • It's highly recommended to install Visual Studio Code for editing config files on the app server. It will save a ton of time, effort and frustration.

Service Users and Access

User Setup
  1. Fortelinea Team members will need access to the application server and database. This will save untold amounts of time in the long run. There are three methods, so choose one that best fits your scenario:
    1. Recommended Add a new account for the Fortelinea dev team (e.g. FortelineaPrimaAdmin). This account should have admin rights on the app server and full rights to the database. This account will be used for installations and updates.
    2. Setup individual accounts for at least two Fortelinea developers (will require more maintenance). These accounts will be used for installations and updates (any further mentions of FortelineaPrimaAdmin will apply to these individual accounts).
    3. Assign an IT contact that can allow access or perform the work over a screen share. This is fairly common, but not recommended; Fortelinea support cannot respond ot the lab as quickly and any work over the screen share is much slower
  2. Add a new service account for the application and database (e.g. prima). This account should have db_reader and db_writer access to the SQL database and the ability to read and write files from a network file share.
  3. Add a new admin account for the database (e.g. primaAdmin). This account is used by the installation/upgrade process to make table changes and other migrations. Separating this access to a different database user is an extra step in security, but you could choose to give this level of access to the service user instead.

SSL Certificates

Prima uses an SSL certificate to encrypt traffic sent to the clients, just like an https website. While many companies have a system that places certificates on all computers, some may need to generate a certificate manually. There are only a few requirements that must be met:

  • The certificate must match the name of the computer (this can be a vanity name, computer name or a wildcard)
      If using a vanity name:
    • The certificate must list the vanity name
    • The certificate should list the ip and/or any standard names (e.g. WK0123L21.mycompany.com) as secondary names
  • The Prima service user account must have access/privileges to the private key
  • The cert should be signed by your CA or an outside trusted CA; the cert needs to be trusted by the clients that will connect
  • The cert should be placed in LocalMachine\My of the certificate store
  • The cert should be at least 256 bit

Network Prep

Prima will communicate over your network to clients, hardware and other computer systems. It will also communicate with our web server. By ensuring all paths are clear, we can save a lot of troubleshooting time.

Ports to clients
9350-9355
Prima Web service
https://prima.fortelinea.com
Ventana Connect
Port 55550 (IP on your network)
Arcos block and slide storage
(IP on your network)
Other
Discussed prior to installation

Also:

  • Ensure that any network proxy information has been setup. Prima will ask Windows for this information and will attempt to use it.
  • Make sure that a newer, secure browser on the application server can reach https://prima.fortelinea.com and that js is enabled. We will use this for downloading installers, updates, grabbing license info, troubleshooting, etc.

Record Settings for Prima Installation

Before we run the Prima installer, you'll want to make sure you have the following:

  • Prima does a great job of finding your Active Directory server, but it is best to be prepared. Make sure you know the address and port.
  • Know the connection string (or at least the address and relevant parameters) for the SQL server.

Extra Installation Info and Troubleshooting

SQL Backup

It is highly recommended to setup a database backup plan. If a backup/restore is something that you can allow Fortelinea or the prima database admin user to do, it can save time and effort later.

Notes on Prima Web Service Installation

There are times when the automated installation process and tasks need to happen by hand. For the Prima Web Service (internal website and API), troubleshooting often needs to occur with ports and SSL certs.

    //Ensure the port is open
    netsh http add urlacl url=https://localipaddress:80/ user=ServiceUser
    netsh http add urlacl url=https://localipaddress:443/ user=ServiceUser

    //For SSL, ensure there is a certificate tied to the port (replace the ip address and the cert hash with yours')
    netsh http show sslcert
    netsh http add sslcert ipport=localipaddress:443 certhash=6cebc18f5458ee3fa5957160ab548e0cc4906801 appid="{1dacd40e-b2e0-4b17-a326-fee8818e202f}"

Troubleshooting

Prima Website Logs
As long as the application has access to talk to our server (https://prima.fortelinea.com), we get and log a variety of detailed information on crashes, exceptions, and configuration warnings. Usually, the website logs are the first tool Fortelinea developers use when troubleshooting.
Event Viewer
The Windows Event viewer is a great place to look. Most serious logs end up here. Be sure to check under Application and System event logs.
File logs
There are times when exceptions don't make it to the event viewer due to a crash and the logs don't make it to our website. The fallback are textual log files which can be found at C:\ProgramData\FortelineaSoftwareSystems\Prima\Logs
Service Logs
The Prima service runs on top of Microsoft's WCF framework. We can view log events coming from service framework problems (e.g. SSL certificate errors) through an output feature they provide. If a folder is created at C:\Logs then WCF will log events there. It is good to remove this when done, as it can get large and can slow performance.

Server Installation Checklist

The following is meant to be a brief guideline, but the detailed sections should be followed for specifics:

  1. Requisition two Windows Server VMs for the Prima Application Server (test and production)
  2. Requisition an SQL Server
  3. Assign vanity names to the Prima servers
  4. Create a Prima service user
  5. Setup SSL certificates on the two application servers (ensure service user has PK rights)
  6. Ensure .Net Framework 4.8 and .Net Core hosting bundle are installed
  7. Install a better editor than Notepad (e.g. Visual Studio Code)
  8. Ensure a modern web browser (with js enable) is installed and can reach https://prima.fortelinea.com
  9. Set Windows proxy settings
  10. Create two SQL databases: one for prod and one for test
  11. Create a Prima database admin user
  12. Assign db read/write to the Prima service user
  13. Ensure ports are not blocked on the network (routers, subnets, etc)