 |
|
||||||||||||||||||||||||||||||||||||||||||
(PDF version of this guide is also available for download here) 1.
Installation |
||||||||||||||||||||||||||||||||||||||||||
|
1. Installation The aim of this Installation Guide is to provide system managers with the information needed to install inGOT v4.0. Details about the functionality and features of inGOT are available in the Users Guide. 1.1 Overview InGOT is made up of two components: The inGOT ‘Engine’ and the inGOT ‘Control’. The inGOT Engine is at the heart of inGOT and provides all the scanning and Internet access control functionality. The inGOT Engine is also specific to the network environment under which inGOT will be running. For example, there is a specific engine for a Novell Netware/BorderManager environment and another separate engine for a Microsoft/Proxy or ISA environment. Other operating environments will have their own separate engine. The inGOT Control user interface is generic and operates in conjunction with any of the inGOT Engines. The control user interface interacts with the Engine via a TCP/IP connection, is used to monitor the status of inGOT and make all configuration or user changes. The inGOT system is installed via the Microsoft Installer (MSI) utility. MSI is available on any Windows system from Windows 2000 and above. For systems that support MSI the “inGOT v4.0 MSI only” pack can be downloaded from the Liverton web site. Once downloaded, MSI will launch if the inGOTv4.0.MSI is opened (double-click on the file). For Windows NT systems, download the “inGOT v4.0 MSI and MSI Installer” pack and run the executable. 1.2 File names There are several files that are included as part of the inGOT installation set. This includes seven (7) executable programs and four (4) support files. The executable files are:
To install inGOT v4.0, run the MSI installer utility. This will unpack and install all the necessary inGOT v4.0 components. The various inGOT executable files will by default be installed into the C:\Program Files\inGOT4\ folder. The MS-Access databases will be installed by default in the C:\inGOT4Data\ folder. If the intention is to store the data files in another locate (for example, on a network drive) the recommendation is to COPY the contents of the C:\inGOT4Data\ folder to the new location and leave the existing installed data files in the default location. 1.4 Important considerations There are several important consideration that need to be understood before the setup and configuration of inGOT can be completed. 1.4.1 inGOT Engine running as a service The most significant consideration is that the inGOT Engine normally runs as a Windows service. This means that it does not use the currently logged in client credentials to operate. The service authenticates by default using the “Local System” account. The inGOT Engine will therefore continue to operate without any account being logged onto the server. The inGOT Engine will automatically start if the Windows server is restarted. 1.4.2 Novell considerations If inGOT is to be used in a Novell Netware environment the following specific considerations are needed: • NDS trustee permission The inGOT Engine component runs as a service. A Windows Service does not use the client login credentials to access network resources so the Netware Client utility cannot be used to provide the engine with permission to access NDS objects. If trustee permission is not set correct the inGOT Engine will report “Error 76: Path Error” in the inGOT Engine system log (inGOTEngine_MMMYY.LOG). Correct trustee permission is required for inGOT to read the BorderManager logs and update the NDS ‘Internet Access’ control group object(s). To setup correct trustee permission the computer running the inGOT Engine must be added to the NDS as a Zenworks WORKSTATION object. This WORKSTATION object must be given SUPERVISOR access to the BorderManager log file folders and any group objects it needs to access. Further information on setting this up is available from the Liverton Knowledge Based Article #010008, located here at: ../../support/ingot/KB010008.htm. • BorderManager logging The inGOT system requires both COMMON and EXTENDED logging to be enabled. These log files must also be created on a time (not size) basis. The recommendation is to have BorderManager create new log files ever 4 hours. When enabled correctly BorderManager creates a set of two files, one stored in the COMMON folder and the other in the EXTENDED folder. Both files will have the same name, the naming convention will be YYMMDDHH.LOG (e.g. 03123104.LOG will be created at 4am on the 31st of December 2003).
• BorderManager rule-set configuration The inGOT system controls user access to the Internet via a NDS group (or groups) and the BorderManager rule-set. It is therefore necessary to create a BorderManager DENY rule that blocks Internet access based on a user's membership of a NDS group. It is recommended that this rule be the first rule in the BorderManager rule-set and that inGOT be configured so that group membership ‘Denies’ Internet access.
1.4.3 Microsoft Proxy or ISA Server considerations If inGOT is to be used in a Microsoft Proxy or ISA Server environment the following specific considerations are needed: • inGOT Engine not installed on Proxy/ISA server machine If the inGOT Engine is running as a service but not on the same machine as the Proxy/ISA server then it will not have permission to read the proxy logs. This is due to the inGOT Engine service account being set to “Local System”. This account does not have access to any network resources. The solution is to create a new domain account (for example ‘inGOTEngine’) and assign this account name to the inGOT Engine service. (This is done via the ‘Control Panel/Administrative Tools/Services’ utility). The account would need access to the proxy server logs. The inGOT Engine will then log onto the domain via this account instead of via the “Local System” account. 2. Starting inGOT for the first time Once installed, when inGOT is started for the first time a welcome message is displayed.
The configuration wizard will automatically launch the first time inGOT is started. For inGOT to work correctly this configuration wizard must be allowed to complete.
The first step is to select the type of installation required. First full installation This option should be selected if this is the first primary installation of inGOT. Normally there will only be one full installation of inGOT at each site. Subsequent ‘inGOT Control’ only installations This option should be selected for subsequent installations of inGOT. If this is the first time inGOT is to be installed in the network the ‘First full installation’ option should be selected.
The inGOT Control user interface interacts with the inGOT Engine via TCP/IP. For first time installations of inGOT both the inGOT Control interface and the inGOT Engine system must reside on the same computer. Consequently the localhost IP address of 127.0.0.1 is used to communicate between these two systems. The default TCP Port number is 19999 but can be change at this point. If the TCP Port is changed then all secondary installations of inGOT must also be updated to use the new port number.
The next step is to select the appropriate network environment. The inGOT system currently has two separate inGOT Engines. The first supports the Microsoft Network and MS-Prosy or ISA Server environment, the second supports the Novell Netware and Border Manager environment. These two engines are called inGOTEngine_Proxy.EXE and inGOTEngine_BM.EXE respectively.
If either of the Windows system options (MS-Proxy server or MS-ISA Server) are selected the configuration wizard will require the current Windows Domain name and the name of the Primary Domain Controller. The PDC name must be preceded by a double-backslash (‘\\’).
If the Novell Netware and BorderManager system option is selected the configuration wizard will require the NDS Tree name and the name of the default NDS Organisation. The default NDS Organisation name should be preceded with a period (“.”).
The next step is to select the appropriate database environment. The inGOT system includes a set of Microsoft Access databases.
If the Microsoft SQL Server option is selected the configuration wizard will require the SQL Server name and the SQL Database name. The SQL User ID and Password can be entered by pressing the ‘Set User ID’ button.
To run the inGOT reports against data stored in MS-SQL, replace all tables within the inGOT.MDB Microsoft Access database with ‘Links’ to the tables in the SQL database. See The Liverton Knowledge Based article #10009 for further details at: ../../support/ingot/KB010009.htm.
If the Microsoft Proxy/ISA server option has been selected then the name of the proxy database must be entered next. The Proxy/ISA server must be configured to log traffic information to an OBDC service. The OBDC service will connect to the MS-Access or MS-SQL Server database to store traffic information.
If the BorderManager proxy system option has been selected then the path to the COMMON and EXTENDED log files must be entered next. The inGOT system can support up to six BorderManager servers.
The next step is to enter the name of the network group that will be used to control users’ access to the Internet. Access to the Internet can be controlled by a group on either a ‘Grants Access’ or a ‘Denies Access’ basis. An access rule in the proxy server (BorderManager, Proxy Server or ISA Server) must be set up that uses membership of this group to control access to the Internet.
The last screen in the Startup Wizard displays all the selected configuration settings. Please ensure these setting are correct before pressing the ‘Finish’ button. Pressing the ‘Finish’
button will invoke the selected configuration settings. This includes
copying the specifically required inGOT Engine file to inGOTEngine.EXE. Immediately after the Startup Wizard has completed inGOT will register that the inGOT Engine has not been set up as a service.
Before inGOT can start scanning an Activation Key must be retrieved from the Liverton Registration Server.
When the inGOT Engine first starts it will determine that the Activation Key is missing and will prompt to retrieve one. An initial 30-day evaluation key can be retrieved from the Liverton Registration Server.
To retrieve an Activation Key select the ‘Help/Install Activation Key’ menu item.
The initial ‘Install Activation Key’ screen enables a key to be entered manually. To request a new key automatically from the Liverton Registration Server press the ‘Request Key’ button. This will expand the screen so registration details can be entered.
Once the registration details have been entered press the ‘Send Request’ key. This will attempt to automatically connect to the Liverton Registration Server to retrieve an Activation Key.
Once the Liverton Registration Server has generated and returned an Activation Key it will be automatically entered into the ‘Activation Key’ field.
Additional information and support for inGOT is available from the Liverton web site at: ../../products/ingot.htm or via email at: . Thank you for installing
inGOT. |
 |
Last Updated 12 February 2004 |
Copyright Liverton Ltd. ©2002 |  |