- Getting started
- System components and configuration
- BlackBerry AtHoc account requirements
- Install BlackBerry AtHoc
- Upgrade BlackBerry AtHoc
- Postinstallation or upgrade configuration
- Set antivirus file exclusions for database log and tempDB files
- Update certificate metadata for AuthServices
- IIS postinstallation checklist
- Application pool configuration tables
- Table 1: Application pool configuration
- Table 2: Application Pool - Web application associations for the AtHoc website - Enterprise configuration
- Table 3: AtHoc services application pool configuration
- Table 4: Application pools - web application association for AtHoc services web site
- IIS handler mappings
- Verification checklist
- Application pool configuration tables
- (Optional) Enable the TLS 1.2 protocol
- (Optional) Configure the application server for Windows authentication
- (Optional) Configure client certificates on the application server
- (Optional) Set the SSL client certificate
- (Optional) Install certificates for cloud delivery services
- (Optional) Configure new access card formats for operator auto-login
- (Optional) Enable FIPS on each application server
- (Optional) System Archive account requirement
- Configure .NET framework to use a web proxy
- (Optional) Restore the XML files for duplicated devices
- (Optional) Set up error pages for Self Service throttling
- Advanced server configuration
- IIS 10.0 Security Technology Implementation Guide
- Server STIG
- IIST-SV-000102: Enable enhanced logging
- IIST-SV-000103: Enable log file and Event Tracing for windows
- IIST-SV-000110: Produce log records
- IIST-SV-000111: Produce log records
- IIST-SV-000115: Protect log information
- IIST-SV-000117: Do not perform user management
- IIST-SV-000118: Contain only necessary functions
- IIST-SV-000119: Must not be both a website server and a proxy server
- IIST-SV-000120: Remove code samples, example applications, and tutorials
- IIST-SV-000121: Delete accounts created by uninstalled features
- IIST-SV-000123: Remove unnecessary features, utilities, plug-ins, and modules
- IIST-SV-000124: Disable MIMEs that invoke OS shell programs
- IIST-SV-000125: Disable WebDAV
- IIST-SV-000130: Limit installed Java software
- IIST-SV-000131: Limit access to only administrative accounts
- IIST-SV-000134: Use cookies to track session state
- IIST-SV-000135: Accept only system-generated session identifiers
- IIST-SV-000138: Disable directory browsing
- IIST-SV-000139: Index only web content
- IIST-SV-000140: Modify warning and error messages
- IIST-SV-000141: Follow access policy
- IIST-SV-000142: Restrict inbound connections
- IIST-SV-000144: Conform to minimum file permission requirements
- IIST-SV-000145: Allocate sufficient log record storage capacity
- IIST-SV-000147: Restrict access to web administration tools
- IIST-SV-000149: Disable IPP
- IIST-SV-000152: Use TLS to send session IDs
- IIST-SV-000153: Use TLS to maintain confidentiality
- IIST-SV-000154: Use approved TLS version
- IIST-SV-000156: Assign passwords
- IIST-SV-000158: Remove unspecified file extensions
- IIST-SV-000159: Configure a global authorization rule
- IIST-SV-000200: Configure the Max Connections setting
- IIST-SV-000205: Enable HSTS
- IIST-SV-000160: Require authentication for an SMTP relay
- Application STIG
- IIST-SI-000201: Enable session state
- IIST-SI-000202: Configure session state cookie settings
- IIST-SI-000206: Enable the log file and ETW
- IIST-SI-000210: Produce log records containing sufficient information
- IIST-SI-000214: Disable MIMEs that invoke OS shell programs
- IIST-SI-000216: Set resource mappings
- IIST-SI-000217: Disable WebDAV
- IIST-SI-000221: Restrict anonymous access accounts
- IIST-SI-000223: Generate unique session identifiers
- IIST-SI-000224: Separate document directory and system files
- IIST-SI-000225: Limit the maxURL
- IIST-SI-000226: Limit the size of web requests
- IIST-SI-000227: Configure the Maximum Query String limit
- IIST-SI-000228: Prohibit non-ASCII characters in URLs
- IIST-SI-000229: Prohibit double encoded URL requests
- IIST-SI-000231: Disable directory browsing
- IIST-SI-000233: Modify warning and error messages
- IIST-SI-000234: Disable debugging and trace information
- IIST-SI-000238: Use a logging mechanism
- IIST-SI-000244: Use TLS to send session IDs
- IIST-SI-000255: Set an application pool recycle time
- IIST-SI-000257: Enable application pool pinging monitor
- IIST-SI-000259: Enable application pool rapid fail protection settings
- IIST-SI-000261: Keep interactive scripts in unique and designated folders
- IIST-SI-000262: Add restrictive access controls for interactive scripts
- IIST-SI-000263: Remove backup interactive scripts
- IIST-SI-000264: Display the required DoD banner page
- Server STIG
- IIS 8.5 Security Technology Implementation Guide
- Server STIG
- IISW-SV-000103: Enable log file and Event Tracing windows
- IISW-SV-000107: Sufficient web server log records for location of web server events
- IISW-SV-000108: Sufficient web server log records for source of web server events
- IISW-SV-000110: Sufficient web server log records to establish the outcome of web server events
- IISW-SV-000111: Sufficient web server log records to establish identity
- IISW-SV-000112: Web server must use Event Tracing for Windows logging option
- IISW-SV-000120: Samples, examples, and tutorials must be removed from production server
- IISW-SV-000124: Web server must have MIMEs that invoke OS shell programs disabled
- IISW-SV-000146: Web server must not impede ability to write log record content to an audit log
- IISW-SV-000153: Web server must maintain the confidentiality of controlled information during transmission
- IISW-SV-000154: Web server must maintain the confidentiality of controlled information during transmission
- Application STIG
- IISW-SI-000206: Enable log file and Event Tracing windows
- IISW-SI-000209: Sufficient website log records to establish identity
- IISW-SI-000210: Sufficient website log records to establish identity
- IISW-SI-000211: Website must use Event Tracing for Windows logging option
- IISW-SI-000214: Website must have MIMEs that invoke OS shell programs disabled
- IISW-SI-000228: Non-ASCII characters in URLs must be prohibited
- Server STIG
- Verifying BlackBerry AtHoc is operational
- Appendix A: Troubleshooting
- Appendix B: Organization duplicator object management
- BlackBerry AtHoc Customer Support Portal
- Documentation feedback
- Legal notice
- BlackBerry Docs
- BlackBerry AtHoc
- 7.19
- Install and Configure BlackBerry AtHoc
- Install BlackBerry AtHoc
- Install the database server
Install the database server
During a new installation, run the
AtHoc
setup kit on the database server. The setup kit supports both Microsoft SQL
Server
authentication and Windows authentication connections to SQL Server. A Windows
authentication connection requires the user's computer or domain login to have a sysadmin login in Microsoft SQL
Server
.The database server must be installed first when you install separate application and database servers. When installing both application and database servers on the same server (a “combo install”), they can be installed at the same time.
- Download theBlackBerry AtHocsetup kit .zip file to the server.
- Right-click the setup kit .zip file and selectProperties>General>Unblockto unblock the file.
- Extract the contents of the setup kit .zip file into a temporary directory.Due to Windows OS file path length limitations, some of the included utilities may not extract correctly. To avoid this issue, use a short path for the extraction directory (for example, C:\setup). Keep the total number of characters to 20 or less, including the drive letter, colon, and slashes.
- Use the<setupkit_root>/user.ymlconfiguration file to provide product-specific setup parameters.This file is included in the setup kit as a template with blocks of related parameters that are commented out and a brief description for each block. To use the parameters in a block, remove the # from the parameter, update it, and save the file.Uncomment the following lines in the user.yml file:selected_roles: - db args: user_input: user.yml sql_server_instance: . db_name: ngaddata admin_db_auth: sql admin_db_user: 'sa' admin_db_pw: '<password>' app_db_auth: sql app_db_user: ngad app_db_pw: <password> db_dir: C:\Program Files (x86)\AtHocENS\Database db_log_dir: C:\Program Files (x86)\AtHocENS\Database\Log db_archive_dir: C:\Program Files (x86)\AtHocENS\Database\Archive app_dir: C:\Program Files (x86)\AtHocENS system_url: https://<hostname>.athocdevo.com
- Do one of the following:
- Right-click theSetupKit.exefile from the root folder and run as an administrator.
- Run Windows PowerShell as an administrator and then run the.\SetupKit.exescript to install theAtHocdatabase server.
- TheSetupKit.exefile starts the installation process and completes the following tasks:
- Parses setup parameters from theuser.ymlfile.
- Creates log directory and writes to log files.
- Installs each product in the following order: database, application, support modules.
- Reports result and elapsed time.
When the installation is complete, theBlackBerry AtHocis database installed and running. - Continue with the installation of the application server or servers, as described in Install BlackBerry AtHoc on a clustered database.