- Created by Mikhail Yakovlev, last modified on Apr 29, 2019
You have to fill in the necessary values in the configuration files of each service at the system deployment stage. Configuration files of all system services reside in the root folder of IIS web applications (default path is %SystemDrive%\inetpub\wwwroot).
Card Monitor service configuration files are located in %ProgramFiles%\Indeed CM\CardMonitor.
Setup of configuration files is carried out using Indeed CM Setup Wizard. The latter runs automatically upon completion of Indeed CM Server Installation Wizard, if the corresponding checkbox is activated.
However, you also can run the Wizard manually at any time (Start - All Programs – Indeed Identity – Indeed CM).
Figure 9 – Access control selection.
Table 4 features the section of Setup Wizard, along with description of their parameters.
Table 4 – Indeed CM Setup Wizard sections and their description.
Section | Description |
---|---|
Before starting work | This contains information about the purpose and features of Indeed CM Setup Wizard. |
Restore configuration | This allows to load a backup copy of Indeed CM configuration. |
System features
| Configuration of internal parameters of Indeed CM web applications:
|
User catalog
| Definition of the system user catalog. |
Access control
| Definition of access control parameters for Indeed CM services and account to configure user roles. |
Database
| Definition of system data storage and encryption algorithm. Parameters of connection to the storage are defined according to the selected type. |
Card Monitor service | The Card Monitor service is intended for control of smart card usage. The service performs:
If the device was updated through the Agent Indeed CM without automatic approval of certificates by the CA operator.
|
Confirmation | This contains combined information on settings of all Wizard sections, as well as an opportunity to create a backup copy of Indeed CM configuration. |
Results | This displays the Wizard progress in writing the defined values to configuration files of Indeed CM services. |
For the Card Monitor service to work correctly, create a service role (say, Card Monitor service) in Roles section (see the Indeed CM Operation Manual), include an account in it, on behalf of which Card Monitor will work with and define the flowing privileges for named role:
- Updating card
- Disabling card
- Revoking card
- Unassigning card
- Cleaning card
To perform tasks for the regular launch of the Card Monitor service, the account specified in the setup wizard must have permissions to Log on locally to the Indeed
CM server, or permission to Log on as a batch job.
When installed Indeed CM Server for the first time, set up the required parameters and make a backup copy of those (option Backup current configuration settings in the Confirmation section).
The backup copy of Indeed CM settings contains all the parameters defined for all services during installation, as well as encryption key and algorithm. To use the backup to deploy new Indeed CM servers, specify it in the Restore configuration section of Setup Wizard.
The backup also contains the data of service accounts (the one for user directory and for data storage), encryption key and algorithm. Be sure to store the backup copy file in a safe place.
After the Setup Wizard is complete, the defined values of all parameters are written to the configuration files of all applications and encrypted. Encryption is performed using the Microsoft .NET (NetFramework ConfigurationKey) key. Encryption algorithm is RSA.
- No labels