Installation
Double-click the Install file to begin. Click Next to proceed to the License Agreement page. Read and accept the terms, and click Next again.
1. Prerequisites
The installer will begin a system check to ensure that the minimum hardware and software requirements have been met. If an error occurs during the checking process, you can click the Re-Run button to perform the check again.
The installer will check the following conditions:
Operating System version (OS)
.NET Framework version (4.6.1 or later)
.NET Framework features
WMI services activity status
IIS version (7.0 or later)
IIS services status
IIS components set up status (40 items total)
Microsoft Messages Queue set up status
Once the system check is finished, the installer will display a full list of components that are installed or that need to be installed. If an item does not pass the system check (as indicated by the Failed status), you can click the item to learn the reason for the failure and instructions for fixing the problem. After installing the missing component(s), click Re-Run to check the installation again.
Once all components meet the requirements for installation, you will be able to click the Next button to continue.
2. Database Connection
Select a database server for BSNEE. You can choose from a list of databases available on the network and PC or create a new database.
Click Browse to view a drop-down list of database servers and select the desired server. Alternatively, you can specify the server by typing the name in the text field. Note that an existing database catalog must be set to use the same Authentication Provider as BSNEE.
Under Connect Using, select either the Windows or SQL Server authentication method. You must use a Login ID and Password if you use SQL Server authentication.
To use a new database catalog, check the Create New Database box. In the Name of database catalog field, enter a name for the new database. This name must be different from any other currently available database. Click Browse to view available databases and ensure that the new database is unique.
After filling out all the required fields, click the Next button to verify the connection. If the verification process fails, a dialog box will appear explaining the error that must be corrected before you can proceed.
BSNEE SQL Permissions
The BSNEE Installer requires elevated permissions on the SQL server to perform the installation:
For creating a new database during BSNEE installation:
The sysadmin server role
For connecting to an existing database (this option works only if the BSNEE database is in a valid state):
The securityadmin server role
The db_datareader, db_datawriter, and db_ddladmin role memberships for the BSNEE database
The above permissions are only temporary requirements for installation, and can be removed after the installation process is completed. The BSNEE Installer will create a new SQL user with the SQL Server authentication mode. This user has a limited set of permissions for the BSNEE database:
CONNECT
CREATE
UPDATE
INSERT
DELETE
EXECUTE (for two scalar functions created during installation)
Manual Database Deployment
If you're having trouble getting the proper permissions on remote database server(s) for BSNEE, follow the steps below:
Contact BrightSign Support and request a database-creation script for BSNEE.
Run the database-creation script on the enterprise server (this normally requires elevated "sysadmin" permissions) with the required placeholders, including credentials for the BSNEE application itself. The BSNEE installer will construct the user name for login as "{DatabaseName}User": For example, if you name the database "BSNEE", you will need to create a user/login for "BSNEEUser" on your database server for SQL login.
During installation, specify the database server address, database name, and password for the BSNEE application user on the remote server. The BSNEE Installer will write the specified password configuration as is; it will not attempt to set the password or modify any tables remotely.
3. Mail Server Parameters
Set the parameters on this page to allow BSNEE to send notifications to BSNEE users. The Server Name, Port, and FROM Address fields are required. However, the User Name and Password fields may be left blank if the server does not require authentication via Login ID and password. The TLS parameter is disabled by default, but you may enable it by clicking the Enable TLS box.
You can validate your mail server settings by entering a target Email address and clicking Validate. The installer will send a validation message to the Email address. If validation is successful, the installer will display an informational message. If validation is unsuccessful, the installer will display a generic error message.
4. Bindings Configuration
Enter the common domain name in the Base Domain Name text field. The domain names for BSNEE nodes will be automatically generated.
Check the Use HTTP and/or Use HTTPS boxes if you would like to enable these protocols for the Web Site, Web Services, and Device Handlers nodes.
BSNEE requires an X.509 certificate and HTTPS binding for the Web Services node. This certificate is required by the WS-* (WS-Security) specifications for message-level encryption in WCF services, as well as transport-level encryption with the WS-I Basic Profile 1.1. Please install a valid certificate and select it for the Web Services node. Make sure the “IIS_IUSRS” local security group has read access to the certificate’s private key.
Note
For testing purposes, you may use a self-signed certificate issued for the Web Services binding.
If you have not registered all domains in the DNS, clicking the Next button will prompt a standard notification regarding registering all domains in the DNS. You may complete this process after installation, but BSNEE will not function properly until all strings are registered in the DNS.
5. Storage Setup
Devices use a URL to connect to persistent storage on a hard drive and download files. Temporary storage is used by the server to upload large files.
Persistent Storage
First, specify a directory on the hard drive or UNC path that will serve as the constant physical storage space. Click the Browse button under Persistent Storage and navigate to the desired folder on the hard drive or network.
Once you have selected a storage destination, specify a URL that devices will use to connect to the Persistent Storage HTTP server. Make sure to specify this URL while configuring the Persistent Storage HTTP server as part of the Post-Installation steps. Enter this URL in the Persistent Root Storage field.
Temporary Storage
Click the Browse button in the Temporary Storage Folder section and navigate to the desired folder on the local hard drive. Make sure to allocate no less than 5GB for this folder.
6. Services Directories
Specify installation folders for each domain. Click the Browse button for each domain to select the desired folder.
7. System Administrator Account
Specify a Login, Email address, and Password for the System Administrator account. This account will be used for administering BSNEE once the installation is complete.
Check the Enable Subscriptions Management box to enable the subscription management systems and UI in your BSNEE instance. Leaving this box unchecked will give all devices permanent Grace subscriptions and disable all scheduler and UI functions associated with subscriptions.
In the Email for the Error Notifications field, specify the email address that will receive error logs from the system.
All fields on this page are required unless you specify the Authentication Provider as LDAP. If you do, areas that are not applicable for LDAP mode will be grayed out. None of the fields in this window will be applicable if you selected an existing database during the Database Connection step.
LDAP
If you need to configure the BSNEE account structure to use the Lightweight Directory Access Protocol (LDAP), select LDAP under Authentication Provider. Clicking Next will provide you with additional parameters for LDAP installation. Please see Step 7a. LDAP Server Configuration below for more details.
If you select LDAP, make sure that the Email address values in this window are the same as the LDAP attribute you use for RDN in the following LDAP Settings window. Note that in most cases the attribute will not be in the form of an Email address.
7a. LDAP Server Configuration
If you selected LDAP as the Authentication Provider in the previous step, consult the below information to learn more about setting parameters in the LDAP Settings window. If you did not select LDAP as the Authentication Provider, move on to Step 8.
Note
Unless otherwise indicated as “optional”, each field below must be specified.
Server Configuration
Server Name: A common format IP address or domain name of the target LDAP server or gateway. You can also specify a port number after the colon (“:”) delimiter. If you do not specify a port number, port 389 will be used by default.
User Name (optional): The username/login of a Windows Account that has read access to the directory. The credentials can be entered either in common format (e.g. “jdoe”) or in LDAP Data Interchange Format (LDIF) (e.g. “uid=jdoe, ou=people, dc=example, dc=org”).
Password (optional): The password of the Windows Account specified in the User Name field above. This field is only required if a User Name is specified.
Auth Types: The Authentication Type used in System.DirectoryServices. See this page for more information about some of the Authentication Types.
Basic
Anonymous
Validation
Read-Only
Fast Bind
Secure
Secure & Read-Only
Secure & Fast Bind
Secure & Sealing
Secure & Signing
SSL/TLS
SSL & Anonymous
User Configuration
Base DN: The User Base Distinguished Name. Use this field to specify the LDAP directory under which the users are located. The search will be performed on all levels under the specified directory. However, for performance reasons, we recommend specifying this directory as close to the users directory as possible.
Filter: The Users Search Filter that will be used to find the user entries in the directory specified above. You can leave the field as the default “(objectClass=*)”, but we recommend creating a more specific filter to improve performance. You can find descriptions and examples of Search Filter syntax at the Windows Dev Center and the LEX online manual.
RDN: The User Relative Distinguished Name. This LDAP attribute uniquely identifies users in a directory and is used for authentication in the BSNEE system. This attribute corresponds to the Login field on the BSNEE Sign In page. By default, this field corresponds to the Windows User Login in Active Directory. You could also use the “userPrincipalName” (e.g. “john.doe@domain.com”).
Groups Configuration
Base DN: The Groups Base Distinguished Name. Use this field to specify the LDAP directory under which the groups are located. The search will be performed on all levels under the specified directory. However, for performance reasons, we recommend specifying this directory as close to the groups directory as possible.
Filter: The Groups Search Filter that will be used to find the group entries in the directory specified above. You can leave the field as the default “(objectClass=*)”, but we recommend creating a more specific filter to improve performance. You can find descriptions and examples of Search Filter syntax at the Windows Dev Center and the LEX online manual.
RDN: The Group Relative Distinguished Name. This LDAP attribute uniquely identifies groups in a directory. Make sure the value of this attribute corresponds to the format specified in the Group Names Template described below. The format should contain the BSNEE Network Name and BSNEE Role Name, which are used in the authentication procedure.
Users Membership(optional): The Users Membership Attribute Name. This LDAP attribute contains a list of groups of which the current user is a member. Most LDAP servers store the membership attribute with both the user and group attributes, but there are a few exceptions: We recommend setting this value if your LDAP server supports cross storage of membership attributes because searching a user attribute for its groups results in better performance than searching groups for user membership.
Groups Membership: The Groups Membership Attribute Name. This LDAP attribute contains a list of members (users) for a group. This attribute should be present on all LDAP servers
Groups Name Template: Use this field to specify how the name format of your LDAP groups will correspond to the names of BSNEE roles. This field should contain “{NetworkName}” and “{RoleName}” placeholders, which can be placed anywhere in the string (e.g. “BSNEE-{NetworkName}-{RoleName}”).
Other
Enable VLV: Check this box if you would like BSNEE to use the Virtual List View (VLV) extension. Enable this feature only if your LDAP server supports VLV. Most LDAP servers now support VLV, but some might require the administrator to actively enable this feature or install an add-on.
Enable Sort: Check this box if you would like BSNEE to use the Server Side Properties Sort extension. You must enable Server Side Properties Sort in order to use VLV, but you can also use this feature without enabling VLV.
Additional Information
You can make LDAP traffic confidential and secure using the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technologies. You can enable LDAP over SSL (LDAPS) support for BSNEE by selecting “SSL/TLS” in the Auth. Types dropdown menu in the LDAP Settings window.
8. Installation
If all parameters have been specified correctly, the final installation page will appear. Click Install to begin the installation process.