Installing Sectona Web Access
Sectona Web Access or Application access is an interface for the user and administrator to communicate with the vault and leverage system services. This guide provides detailed information for setting up Sectona Web Access in your environment.
Pre-installation tasks
You have the license file available with you.
You have set up a web server. Refer to the section 'Setting up IIS server' below.
You have installed Microsoft .Net Framework 4.5.2 or newer. Refer download link here.
You have installed Visual C++ Redistributable Packages for Visual Studio 2013. Refer download link here.
If you have purchased the enterprise edition or are using an evaluation version, please complete Sectona Vault installation by following steps given for embedded database
You have a valid SSL certificate.
You have installed Microsoft SQL Server (if you are using external RDBMS). Refer to compatible databases here. Once you install Microsoft SQL Server, create a database (Sectonadb), create a user named as 'Sectonadbadmin' and also make sure the user is devoid of parameters such as 'Enforce password policy', 'Enforce password expiration' and 'User must change password at next login'. The MS SQL user should have 'db_owner' role membership for the database created.
Installation Procedure
The setting up of Sectona Web access requires setting up a web server and installation of the Sectona Web Access component.
Setting up IIS Web Server
You can skip this step if you want to install the IIS server using the standard application installer. If you want to setup the IIS Web Server manually follow the steps listed in respective Windows Installation instruction.
Installing Sectona Web Access with embedded password vault
Provided you have installed successfully installed Vault storage component. Refer the section Installing Vault Component
Download Sectona Web Access installer from the Download portal. You can also request a copy of the installation from the Sectona Support team. Contact the support team for issues at http://support.sectona.com.
Run and initiate the installer.
Validate prerequisites and install any missing components to rerun the installer.
Once your pre-requisites are validated, click next to continue.
Review the License Agreement. Select the ‘I accept’ agreement option to accept and continue. Click on Next to continue.
On the Web Server Configuration page, select the path to install the Sectona web access component (we recommend installing it on a non-OS drive. Provide the name of the site to be recognized by IIS Server and port number (default:443). It is mandatory to install the application with Secure Sockets Layer (SSL) certificate. You will need a certificate that you either request from a trusted root authority or create a self-signed one on your web server. Either select a certificate from the available drop-down list or create a new certificate by selecting 'Create New' or you can choose a file from your local machine using the Choose button. You can update or install a new certificate later on by Configuring HTTPs certificate. Click on Next to continue.
In case want to add an additional certificate, click on Add self-signed certificate button and you will see the following screen:
When you select the Choose option, a screen will appear from where you can choose your certificates. After choosing your certificate, click on the Next button:
The system provides an automated method of hardening your application server based on minimum security guidelines. You can install the application without these steps. Consult your support team for hardening based on your settings. Click on Next to continue.
Validate the application setup.
The installation process will begin.
After a successful installation, the finished page appears. It contains a link for the next step of authentication. Click on the link to continue.
Browse the website link provided by the installer. Upon accessing the link, you will arrive at the Welcome page for the installation of the Sectona Privileged Access Suite.
In the License Settings, enter the License Key that you have received. Then click on the autogenerate button to generate the License Key Code. Contact support at https:// support.sectona.com and provide your license key code / Professional Services Consultant/Sectona Licensing portal. You will receive the validation code to set up your license. Enter the received license validation code and click on Next to continue.
On the Vault configuration page, enter the IP address and the Port No. of the vault host. Navigate to <Drive>:\Program Files\Sectona\Sectona Vault Storage Host\SectonaVaultStorage and open the
notepad file named 'VaultStorage'. There will be a field named 'AccessKey'(as mentioned below), copy the access key and enter it in the Access Key field. Click on Next to continue.
Default Administrator Credential: You can choose between Sectona Authentication or Active Directory Authentication. Sectona Authentication is a built-in authentication store that does not require validation of the user identity from an external source. For AD Authentication, Active directory must be configured and user details must be provided. Details provided will be added in your Sectona configuration.
Setup instance: Instances help you to define logical groups for easier management of accounts and assets. On the Setup Default Instance page, enter the Instance name, a Short Code for the instance, and the instance Description. Click on Next to continue.
Encryption Settings: You can encrypt your passwords and critical data by choosing version supported encryption types. Currently, we support AES - 256 bits and RSA - 2048 encryption types. Choose the desired option and proceed as mentioned below. It is important to secure encryption keys for reinstalling from a disaster scenario or recovering your setup.
Example: Choosing RSA 2048 encryption key.
Click on Next to continue. Verify the configured Summary and click on Next to continue.
The installation process will begin.
A Finish page appears after a successful installation. Click on the Finish button. You will be redirected to the login page.
Installing Sectona Web Access with Microsoft SQL Server Vault
Provided you have successfully installed Vault storage component. If not, refer the section Installing Vault Component
Download Sectona Web Access installer from the Download portal. You can also request a copy of the installation from the Sectona Support team. Contact the support team for issues at http://support.sectona.com.
Run and initiate the installer.
Validate prerequisites and install any missing components to rerun the installer.
Once your pre-requisites are validated, click Next to continue.
Review the License Agreement. Select the I accept agreement option to accept and continue. Click on Next to continue.
On the Web Server Configuration page, select the path to install the Sectona web access component (we recommend installing it on a non-OS drive. Provide the name of the site to be recognized by IIS Server and port number (default:443). It is mandatory to install the application with Secure Sockets Layer (SSL) certificate. You will need a certificate that you either request from a trusted root authority or create a self-signed one on your web server. Either select a certificate from the available drop-down list or create a new certificate by selecting 'Create New' or you can choose a file from your local machine using the Choose button. You can update or install a new certificate later on by Configuring HTTPs certificate. Click on Next to continue.
In case want to add an additional certificate, click on Add self-signed certificate button and you will see the following screen:
When you select the Choose option, a screen will appear from where you can choose your certificates. After choosing your certificate, click on the Next button:
The system provides automated method of hardening your application server based on minimum security guidelines. You can install the application without these steps. Consult your support team for hardening based on your settings. Click on Next to continue.
Validate the application setup.
The installation process will begin.
After a successful installation, the Finish page appears. It contains a link for the next step of authentication. Click on the link to continue.
Browse the website link provided by the installer. Upon accessing the link, you will arrive at the Welcome page for the installation of the Sectona Privileged Access Suite.
In the License Settings, enter the License Key that you have received. Then click on the autogenerate button to generate the License Key Code. Contact support at https:// support.sectona.com and provide your license key code / Professional Services Consultant/ Sectona Licensing port. You will receive the validation code to set up your license. Enter the received license validation code and click on Next to continue.
Vault host configuration: Sectona PAM supports Microsoft SQL as an external RDBMS engine. Refer to System Requirements to confirm supported Database engines. Ensure you have already installed the Microsoft SQL engine with a valid database name. Choose a valid authentication option at the database level i.e. Database Native Authentication. Enter the database name, the corresponding username, and the password to access the database. Fill in the username and password used to access the database.
Create a database (Sectonadb). Make sure MS SQL user 'Sectonadbadmin' is devoid of parameters such as 'Enforce password policy', 'Enforce password expiration', 'User must change password at next login'. The MS SQL user should have 'db_owner' role membership for the database created.
Default Administrator Credential: You can select from Sectona Authentication or Active Directory Authentication. Sectona authentication is a built-in authentication store that does not need to validate the user identity from an external source. AD Authentication: Active directory must be configured and user details must be provided. Details provided will be added to your Sectona configuration.
Setup instance: Instances help you to define logical groups in your solution for easier management of accounts and assets. On the Setup Default Instance page, enter the Instance name, a Short Code for the instance, and the instance Description. Click on Next to continue.
Encryption Settings: Passwords and critical data is encrypted using the encryption and key selected by you. The currently supported encryption types are AES - 256 bits and RSA - 20148 option. It is important store the encryption in a secure manner. Encryption key generated is unique for the installation. On the Encryption Settings page, you can choose the Type of Encryption key by either clicking on AES 256 bit or RSA 2048 option. You can also generate a new key by clicking on the Generate button. The encryption key will be owned by you; hence it is recommended that you save and secure it. Click on Next to continue. On selection of AES 256 bit encryption key.
On selection of RSA 2048 encryption key.
Read the configured Summary and click on Next to continue.
The installation process will begin.
On successful installation, a Finish page appears. Click on the Finish button to jump to the login page.
Installing Web Access for HA
Install Sectona Vault Component using embedded vault or external vault (MS SQL Server) option on the node you need to configure as HA in Sectona. For the installation procedure, refer here.
If using external vault option kindly refer section 'High Availability options for vault instance of Microsoft SQL Server' on page Configuring vault for high availability for HA configuration.
Once the Vault component is successfully installed on the HA node, run the Sectona web access installer again on the node you are trying to configure as HA instance in Sectona. When installing Sectona web access use the 'Application Only' option from the installer and complete the installation.
Now from the Primary Node copy AppConfig.xml file from Folder SectonaPAM > ApplicationData and paste it in SectonaPAM > ApplicationData on HA node.
In case, vault component is installed on a Shared (Cluster) Storage, there is no change in AppConfig.xml file. But if, vault component is installed on the physical drive of the HA node then open the AppConfig.xml file and replace the IP address '<ServerIP Value="X.X.X.X" />' to Vault Node IP address.
For configuring High Availability setting in Sectona please refer here.
Installing Web Access for DR
Install Sectona Vault Component using embedded vault or external vault (MS SQL Server) option on the node you need to configure as DR in Sectona. For the installation procedure, refer here.
If using external vault option kindly refer section 'High Availability options for vault instance of Microsoft SQL Server' on page Configuring vault for high availability for HA configuration.
Once the Vault component is successfully installed on the DR node, run the Sectona web access installer again on the node you are trying to configure as DR instance in Sectona. When installing Sectona web access use the 'Application Only' option from the installer and complete the installation.
Now from the Primary Node copy AppConfig.xml file from Folder SectonaPAM > ApplicationData and paste it in SectonaPAM > ApplicationData on DR node.
In case, vault component is installed on a Shared (Cluster) Storage, there is no change in AppConfig.xml file. But if, vault component is installed on the physical drive of the DR node then open the AppConfig.xml file and replace the IP address '<ServerIP Value="X.X.X.X" />' to DR Vault Node IP address.
For configuring DR setting in Sectona please refer here.