Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
WorkPlace Enterprise Installation/Upgrade Guide
Designed for WorkPlace 2016 and Greater (v16.00+)
Paramount Technologies Inc.
1374 East West Maple Road
Walled Lake, MI 48390-3765
Phone 248.960.0909 • Fax 248.960.1919
www.ParamountWorkPlace.com
W O R K P L A C E I N S T A L L A T I O N G U I D E
Copyright Copyright © 2016 Paramount Technologies. All rights reserved.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights
under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval
system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Paramount Technologies.
Notwithstanding the foregoing, the licensee of the software with which this document was provided may
make a reasonable number of copies of this document solely for internal use.
Trademarks WorkPlace is a registered trademark of Paramount Technologies and is registered in the United States
and other countries. Microsoft, Windows, Windows Server and Windows Vista are either registered
trademarks or trademarks of Microsoft Corporation or its affiliates in the United States and/or other
countries.
The names of actual companies and products mentioned herein may be trademarks or registered marks -
in the United States and/or other countries - of their respective owners. Unless otherwise noted, the
example companies, organizations, products, domain names, e-mail addresses, logos, people, places,
and events depicted herein are fictitious. No association with any real company, organization, product,
domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Intellectual property Paramount may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Paramount, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
Warranty disclaimer Paramount Technologies disclaims any warranty regarding the sample code contained in this
documentation, including the warranties of merchantability and fitness for a particular purpose.
Limitation of liability The content of this document is furnished for informational use only, is subject to change without notice,
and should not be construed as a commitment by Paramount Technologies. Paramount Technologies
assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual.
Neither Paramount Technologies nor anyone else who has been involved in the creation, production or
delivery of this documentation shall be liable for any indirect, incidental, special, exemplary or
consequential damages, including but not limited to any loss of anticipated profit or benefits, resulting
from the use of this documentation or sample code.
License agreement Use of this product is covered by a license agreement provided with the software product. If you have
any questions, please call the Paramount Technologies Support at 800.725.4408 (in the U.S. or Canada)
or +1.800.725.4408.
Publication date July 2016
W O R K P L A C E I N S T A L L A T I O N G U I D E
Contents
PART 1: INTRODUCTION ...................................................................................................................5
Product Overview .................................................................................................... 5
What’s in this manual ............................................................................................... 6Symbols ................................................................................................................. 6
Before you contact support ....................................................................................... 6
PART 2: PREPARATION......................................................................................................................8
Chapter 1: Three-Tiered Operating Environment ............................................................ 8
Web Client System Requirements ................................................................................ 8
Chapter 2: Web Server Recommendations .................................................................... 8
Chapter 3: Database Server Recommendations ............................................................. 9
Chapter 4: User Logins and Passwords ....................................................................... 10
User Authentication Options .................................................................................... 10
Authentication Planning .......................................................................................... 12
Chapter 5: Requesting a WorkPlace License ................................................................ 14
Step 1: Generate the Info File ................................................................................ 14
Step 2: License Request Form ................................................................................. 16
Step 3: Submit Request ......................................................................................... 18
Step 4: Loading the License Certificate ..................................................................... 18
Chapter 6: Pre-Installation Checklist .......................................................................... 19
PART 3: WORKPLACE ENTERPRISE INSTALLATION ........................................................................ 21
Chapter 7: Create Enterprise SQL Databases ............................................................... 21
Chapter 8: The WorkPlace Installation Wizard ............................................................. 21
Chapter 9: SQL Objects Installation ........................................................................... 24
Chapter 10: Scripting the Database Objects ................................................................ 26
Chapter 11: Web Objects Installation ......................................................................... 32
Chapter 12: Optional Windows Components ................................................................ 34
Chapter 13: Configuring your WorkPlace Website ......................................................... 37
Creating the Application Folder / Virtual Directory – Windows 2008.............................. 37
Creating the Virtual Directory – Windows 2003 .......................................................... 39
PART 4: ADDITIONAL SYSTEM CONFIGURATION ........................................................................... 43
Chapter 14: Session User Setup ................................................................................ 43
Configuring using SQL Account ................................................................................ 43
Configuring using NT Pass-through .......................................................................... 44
Chapter 15: Specifying SQL Server Housing Company Databases .................................. 44
Chapter 16: Configuring User Authentication ............................................................... 44
SSO – Single Sign On Authentication ....................................................................... 44
SQL Authentication ................................................................................................ 48
SQLSHARED Authentication .................................................................................... 49
Active Directory / NT Authentication ........................................................................ 50
Active Directory / NTSHARED Authentication ............................................................. 52
Forms Authentication ............................................................................................. 54
W O R K P L A C E I N S T A L L A T I O N G U I D E
Application Authentication ...................................................................................... 58
Chapter 17: Administrative User ................................................................................ 59
SSO Setup ............................................................................................................ 59
Chapter 18: Crystal Report SQL User Account ............................................................. 60
Chapter 19: RFQ Vendor User ................................................................................... 60
Chapter 20: Date Format .......................................................................................... 61
Chapter 21: Session Timeout .................................................................................... 61
Chapter 22: Language Engine ................................................................................... 61
Chapter 23: Web Server Folder Security ..................................................................... 62
PART 5: LOGGING INTO WORKPLACE ............................................................................................ 62
Chapter 24: Your WorkPlace URL ............................................................................... 62
APPENDIX A: WP AGENT UTILITY .................................................................................................. 64
Uses ....................................................................................................................... 64
Configuration .......................................................................................................... 64
APPENDIX B: NOTES ON UPGRADING........................................................................................... 66
Upgrading from Previous WorkPlace Versions .............................................................. 66
General Notes ......................................................................................................... 66
APPENDIX C: UN-INSTALLING WORKPLACE .................................................................................. 68
Remove the installed Web Objects ............................................................................. 68
Removing the installed SQL Databases ....................................................................... 68
Removing the installed Optional Windows Components ................................................. 68
APPENDIX D: ENCRYPTING THE WEB.CONFIG .............................................................................. 69
Encrypting Web.Config ............................................................................................. 69
Decrypting Web.Config ............................................................................................. 69
Microsoft Documentation for Encrypting and Decrypting Configuration Sections ............... 69
Encrypting a Web Configuration Section ................................................................... 70
Decrypting a Web Configuration Section ................................................................... 70
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 5 of 71
Part 1: Introduction
Use this manual to install and prepare Paramount Technologies WorkPlace Enterprise for use. Review
the introductory information about the resources available to you, and then use the WorkPlace
Enterprise Checklist as your guide to installing WorkPlace Enterprise.
Product Overview
The Paramount WorkPlace Suite is built from the ground up for interoperability across heterogeneous
environments using open standards and integrates with all major ERP systems. Platform interfaces to Microsoft
Dynamics®, Sage MAS and Accpac, SAP Business One, Epicor and other platforms deliver optimized interoperability
and seamless integration.
Paramount solutions will streamline your employee management and procurement processes, improve your
employee productivity and accelerate your business.
WORKPLACE EPROCUREMENT
Reduce direct and indirect purchasing costs, increase control over business transactions, and streamline the
employee management and procurement processes
WorkPlace eProcurement is a robust web-based eProcurement solution that allows organizations to automate the
complete procure-to-pay cycle – from product selection, requisitioning, approval and ordering to delivery, receipt
and financial settlement. The suite includes applications for requisitioning, PunchOut via cXML, check request,
budget compliance, RFQ, purchase order generation, receiving, invoice matching and vendor contract enforcement
with approval workflow throughout the entire process.
With an eProcurement solution in place, organizations empower their users throughout the enterprise:
Requesters get the convenience and efficiency of easy self-service for requisitions and check requests
Managers are able to manage by exception and accelerate approvals with automated workflow
Buyers can focus on building strategic supplier relationships to reduce costs
Payables maintains control over expenditures
Benefits
Eliminate error-prone paper-based processes
Reduce requisition-to-order costs and cycle time
Control maverick spending
Manage by exception - ensure that your purchases adhere to your policies
Ensure Sarbanes-Oxley compliance with a complete audit trail of transactions
Enable your procurement professionals to focus on strategic tasks
WORKPLACE PROJECT, TIME & EXPENSE
Automate the project lifecycle to improve resource utilization and streamline time & expense processing
Paramount Technologies’ project accounting solutions enable operational and financial management through project initiation, resource utilization, time and expense processing and earned value management. Via the
WorkPlace Project, WorkPlace Time, and WorkPlace Expense solutions, Paramount Technologies delivers web-
based, workflow-driven information for project and resource management.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 6 of 71
Our solutions address the wide range of unique project accounting, financial management, billing and
procurement requirements in a multi-company, multicurrency environment. The success of a project-driven
business depends on the planning, managing and closing of projects in a timely, quality-focused and cost-effective
manner. Paramount Technologies’ solutions are designed to automate the project lifecycle, eliminate redundant data entry and provide visibility across the project portfolio and resource pool.
Benefits
Eliminate error-prone paper-based processes
Reduce requisition-to-order costs and cycle time
Control maverick spending
Manage by exception - ensure that your purchases adhere to your policies
Ensure Sarbanes-Oxley compliance with a complete audit trail of transactions
Enable your procurement professionals to focus on strategic tasks
What’s in this manual This manual provides guidelines for installing and setting up your Paramount Technologies WorkPlace
Enterprise system. It lists the latest system requirements, contains a step-by-step guide through the
installation process, gives tips on troubleshooting, and describes initial setup procedures. The manual is
divided into the following parts:
Part 2, Preparation, contains information about preparing your computers, network, and
database
Part 3, WorkPlace Enterprise Installation, describes how to install WorkPlace Enterprise on your
server and set up an account framework.
Part 4, Additional System Configuration, describes how to configure WorkPlace Enterprise.
Part 5, Logging into WorkPlace, describes how to log on to your new installation of WorkPlace
Enterprise.
Symbols
The note symbol indicates helpful tips, shortcuts and suggestions.
The “i” symbol indicates situations you should be especially aware of when
completing tasks.
Before you contact support
If you are experiencing a problem when installing WorkPlace Enterprise, have the answers ready to the
following questions to help your support specialist narrow down the source of the problem you’ve experiencing.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 7 of 71
What is the exact error message?
When did the error first occur?
What task were you attempting to perform at the time the error message was displayed?
Has the task been completed successfully in the past?
What is the name of the window you are you working in?
What have you done so far to attempt to fix the problem?
Does the problem occur on another workstation?
What versions of software are you using?
Verify the version numbers for WorkPlace Enterprise, your Microsoft SQL Server, and Microsoft
Windows®. Also note service packs for each product.
Does the problem occur for the sa or system administrator user?
Does the problem occur at the database server?
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 8 of 71
Part 2: Preparation
Chapter 1: Three-Tiered Operating Environment
WorkPlace is recommended for use with the three-tiered architecture model shown below. The
WorkPlace application resides on the Web Server (Front End), the Database resides on the SQL Server
(Back End) and the application is accessed from the Web Client.
Web Client System Requirements
Paramount supports the following minimum client hardware requirements and server
recommendations for WorkPlace Enterprise. (Note that the server recommendations are not the
minimum server requirements.) The specific hardware that you will need for your configurations
depends on environmental factors. To achieve individual performance expectations, you may need to
increase these recommendations.
Component Requirements Notes
Browser Firefox version 3 or greater
Chrome version 16 or greater
Safari version 4 or greater
Internet Explorer 7 or greater
(IE 9 or greater recommended)
PDF Reader
For viewing WorkPlace
reports
Browser based plug-in
Adobe Acrobat
Reader(recommended if using
Internet Explorer)
Chapter 2: Web Server Recommendations
Actual requirements may vary depending on transaction volume, modules used and number of users.
Component Requirements Notes
Operating System Microsoft Windows 7 SP1
Microsoft Windows 8, 8.1
Microsoft Windows 10
It is recommended that the
Web Server is not the same
machine as the SQL Server.
WEB CLIENT
Setup Shortcut or IE Favorite
to launch WorkPlace
WEB SERVER
Houses WorkPlace Website and (if
required) EAIC Website
Installation Folder
SQL SERVER
Houses WorkPlace Control Database
and Financial Application Company
Databases where SQL Objects are
installed
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 9 of 71
Component Requirements Notes
Microsoft Windows Server 2008 SP2
Microsoft Windows Server 2008 R2
SP1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista SP2
32 and 64 bit is supported
Processor Dual Core or Multi-Processer, 2 Gigahertz
(GHz) or greater recommended
Storage 500 GB Hard Drive Depending on number of
users and sizes of
attachments, user can store
attachments on SAN or
other network drive to
reduce storage
requirements.
RAM 2 GB Minimum (8 GB recommended)
Browser Firefox version 3 or greater
Chrome version 16 or greater
Safari version 4 or greater
Internet Explorer 7 or greater
(IE 9 or greater recommended)
Windows Internet
Information Services (IIS)
IIS 6.0 or greater
.NET Runtime Version 4.5.2 .NET Runtime version is
included with WorkPlace.
Chapter 3: Database Server Recommendations
Actual requirements may vary depending on transaction volume, modules used and number of users.
Component Requirements Notes
Database SQL Server 2016
SQL Server 2014
SQL Server 2012
SQL Server 2008 R2
SQL Server 2008
Enterprise, Standard, Web Editions
It is recommended that the
Web Server is not the same
machine as the SQL Server.
32 and 64 bit is supported
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 10 of 71
Component Requirements Notes
Processor Dual Core
Multi-Processer recommended
Storage 100 GB Hard Drive Actual storage may vary due
to volume of transactions
and server configurations.
RAM 8 GB Minimum (16 - 32 GB
recommended)
Provided as part of the WorkPlace installation Wizard:
Microsoft .NET framework
Crystal Reports 32bit and 64bit runtime engine
Chapter 4: User Logins and Passwords
WorkPlace can be configured with any one of five modes of user authentication. See the chart below to
select the proper user authentication for your environment.
User Authentication Options
Option Details
SSO Single Sign On. This option allows for usage of 3rd party authentication services
such as Windows Live, Google and custom providers. When hosting WorkPlace in
the cloud or in a DMZ outside of the internal network this option can provide
access to the local Active Directory via Active Directory Federation Services
(AFDS).
All SQL backend operations are performed using a shared user account. Under
this option the user names are the email addresses of the user.
SQL SQL Name and Password are used and passed directly through to the SQL Server.
This requires the user to be setup on the SQL server as a physical user and the
user must have access to all databases that WorkPlace requires access. It is
recommended that the SQL password encryption option is enabled in WorkPlace
when using this method. Since the users have access to the databases a user
could use excel or other connectable applications to access WorkPlace data if
non-encrypted passwords are allowed.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 11 of 71
Option Details
SQLSHARED SQL Name and Password for authentication only. All backend SQL operations are
performed using a shared SQL user account. This method secures access to the
physical database as the user account does not have access to any of the physical
databases. This method is ideal in environments where other SQL applications
are used and a shared SQL name and password are desired.
NT The Active Directory user name that the user logged into Windows with
(Integrated Authentication) or the Active Directory user that was entered on the
Basic Authentication window (Non-Integrated Authentication) is simply passed
through to the SQL Server. This method as well as the SQL option both have the
same drawbacks in that the user could use an external application to get access to
the SQL databases unless a firewall is enabled. This method also suffers from the
Double-Hop syndrome whereas the SQL Server, Web Server and Client machines
must all be enabled for delegation at the Active Directory level as standard
Kerberos authentication does not allow the client browser to authenticate to the
web server and then allow the web server to impersonate the credentials to the
SQL server.
NTSHARED The Active Directory user name that the user logged into Windows with
(Integrated Authentication) or the Active Directory user that was entered on the
Basic Authentication window (Non-Integrated Authentication) is used to identify
the user to WorkPlace. The SQL backend operations are all performed using a
shared SQL account. This method is the preferred model in larger organizations
as the user cannot access the databases via external applications and all password
and account management is at the Active Directory level. This option also
eliminates the double-hop issue with Active Directory.
FORMS The Active Directory user name that the user logged into Windows with is used to
authenticate against the WorkPlace Web Server using IIS Forms Authentication.
Once authenticated against the web site, the user’s credentials are passed to the WorkPlace solution which will authenticate against the application level security.
All SQL backend operations are all performed using a shared SQL account. This
method is a preferred model in larger organizations as the user cannot access the
databases via external applications and all password and account management is
at the Active Directory level. This option also eliminates the double-hop issue with
Active Directory.
APP User accounts and passwords are managed by WorkPlace exclusively and all SQL
backend operations are performed using a shared user account. Under this
option the user names are the email addresses of the user. The key benefit with
this method is that if users forget their passwords they can simply click a “forgot password” button on the logon page and reset their own passwords. This method
is ideal for environments where account management at the SQL or NT level is not
ideal or empowering the user to manage their own password cuts administrative
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 12 of 71
Option Details
overhead.
Authentication Planning
Before beginning installation of the WorkPlace application, you must determine which method of
authentication will be used. After making this choice, follow the steps in the appropriate section below:
SQL / SQL Shared Requirements
1. Create SQL Server logins and passwords in WorkPlace Security.
WorkPlace supports ENCRYPTED passwords when SQL User logins are created
directly from WorkPlace Security (for Help (F1) and activation, go to Maintenance
Central System Settings General tab)
For additional Sarbanes-Oxley compliance, WorkPlace has advanced password
controls available for SQL Server User Logins (for Help (F1) and activation, go to
Maintenance Central Global Settings)
2. Create or use existing SQL User logins and passwords created in your Financial
Application. Register these users in WorkPlace Security.
3. Create or use existing SQL Server logins and passwords in MS SQL Server. Register
these users in WorkPlace Security.
4. If using SQL Shared then a special shared user account will need to be created that
has access to all the appropriate databases. This account will be referenced when
you configure the WorkPlace web.config.
Until users are set up in WorkPlace Security, ONLY user ‘sa’ or the administrative
user setup in the WorkPlace web.config file will be able to log into the application.
WorkPlace supports Dynamics GP 9+ password encryption. Refer to
Appendix ‘F’ of this guide for setup details.
NT / NT Shared Authentication Requirements
1. Create an NT WorkPlace User Group and make all WorkPlace users a member of this group.
2. NT User names registered in WorkPlace Security must be preceded by the network domain
name and a back slash. For example: OURDOMAIN\jsmith.
3. If using NT Shared then a special shared user account will need to be created that
has access to all the appropriate databases. This account will be referenced when
you configure the WorkPlace web.config.
APP & SSO Authentication Requirements
1. Gather all the user email accounts that will be setup as WorkPlace users.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 13 of 71
2. If using SSO then a special shared user account will need to be created that has
access to all the appropriate databases. This account will be referenced when you
configure the WorkPlace web.config.
FORMS Authentication Requirements
1. Confirm the client specific Active Directory Connection String that will be used to update the
web.config file.
2. Gather all the AD user names and email accounts that will be setup as WorkPlace users.
3. A special shared user account will need to be created that has access to all the
appropriate databases. This account will be referenced when you configure the
WorkPlace web.config.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 14 of 71
Chapter 5: Requesting a WorkPlace License
To gain access to your WorkPlace application, you must first load a valid license certificate issued by
Paramount into the software. A valid license file can be obtained and loaded in four steps:
1. Generate and Save License Info file
2. Fill out License Request Form
3. Submit your License Info file and License Request Form to Paramount
4. Load your new License Certificate
All License Certificates have a predefined activation deadline. After the
deadline date, the certificate will no longer load into the application and a
new license will need to be requested.
Step 1: Generate the Info File
There are two methods of generating the License Info File:
Option A) Generate request from within WorkPlace. The License Info File can be generated and saved
from within
WorkPlace: Maintenance Central System Settings General Tab Change License Certificate
button
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 15 of 71
CLICK “Retrieve License Request Information” hyperlink
Select Save and make note of the folder where you save your new License Info file.
Option B) Generate Info File from external utility
Locating the License Information Collector
Download this utility program from the Paramount Technologies Customer Area website.
1. Click ‘Request a License Certificate’
2. Download the ‘License Information Collector’ to the machine you will use as the
WorkPlace web server
Before Running the License Information Collector
Make sure the SQL Server where the company data will resides is running.
IMPORTANT: The .NET Framework Run-Time v2 or greater must be installed on the web
server PRIOR to running the License Information Collector. If needed, a copy of the
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 16 of 71
appropriate .NET Framework can be installed using the WorkPlace Installation Wizard
(‘Optional Windows Components’ button).
IMPORTANT: The License Collector program MUST be physically located on the WorkPlace
web server and you MUST run it on the WorkPlace web server ONLY!!
If either of the two conditions above are not met, the License Information Collector
or any license you receive from Paramount will not operate properly.
Running the License Information Collector
The License Information Collector program is a single screen (as shown below). Enter all required
information into the form:
Select ‘Save License Request to Disk’ and note the folder where you save your License Info File.
Note: If you do not select ‘Save License Request to Disk’, you will not be
able to complete the license request process as outlined below.
Step 2: License Request Form
a) Go to the WorkPlace Customer Area website http://www.paramounttechnologies.com
b) Click ‘Request a License Certificate’
c) Fill out License Request Form (Example below, settings may vary)
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 17 of 71
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 18 of 71
Step 3: Submit Request
a) Verify you have attached the License Info File
b) Click ‘Submit Request’
Step 4: Loading the License Certificate
Once you receive your license certificate log into WorkPlace as the System Administrator. Upon the initial login
to the application after installing or upgrading, you will be required to load a new license certificate:
License Certificate Maintenance Form (your WorkPlace version number may differ):
The page above can also be located within the WorkPlace menu system:
Maintenance Central System Settings General Tab Change License Certificate button
1. Type in or Browse to the location that the License Certificate was saved to
2. Click “Load License Certificate”
3. A confirmation window will appear
4. Press the ‘Continue to Re-Log On’ button and login to WorkPlace
After reading this chapter, if you are still having difficulties, please phone your
VAR or contact Paramount at: [email protected] or
248.960.0909
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 19 of 71
Chapter 6: Pre-Installation Checklist
□ Microsoft SQL Server - Installed and configured
□ Databases - WorkPlace Enterprise requires at a minimum a Control database and a Company
database to be created on the SQL Server for Enterprises exclusive use before the SQL
portion of the install is performed.
□ Authentication mode chosen: Active Directory/NT, Application, or SQL Server
□ Web server Machine/operating environment – Installed and configured, including:
1. Internet Information Services (IIS)
2. .Net Framework v4
3. All other components listed previously under “Web Server MachineSpecifications.”
4. Windows Active Directory NT/NT Shared Authentication ONLY – complete steps in
the ‘Network/Domain Configuration’ section of this guide
□ WorkPlace License Certificate file in-hand (.lic extension)
□ Paramount’s WorkPlace Installation Wizard software
Download files from the Paramount Technologies Customer Area website.
□ Read the Release Notes for the current version of WorkPlace (available on the Paramount
Technologies Customer Area website). Make note of any additional instructions.
□ CREATE BACKUPS:
1. Control Database and ALL Company Databases
2. Upgrade ONLY: Backup the WorkPlace web.config file and any modified Crystal
Reports.
□ Determine the location for your ‘WorkPlace Web Server Installation Folder’
In a live/production environment, running the WorkPlace web server and MS SQL
Server services on the same machine is NOT recommended. These servers should be set up
on separate machines for optimum performance.
ALSO, this document does not include detailed installation or configuration instructions for
Microsoft IIS Web Server and SQL Server. For this type of information, please refer to the
reference manuals and online resources provided by Microsoft.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 20 of 71
IMPORTANT: The instructions in Chapter 3 will guide you step by step through the process of installing
the WorkPlace Application in a demonstration, test, or production environment. Please follow all
instructions in the order listed unless otherwise noted. If UPGRADING, Please read Appendix B next.
PLEASE READ ALL INSTRUCTIONS BEFORE PROCEEDING.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 21 of 71
Part 3: WorkPlace Enterprise Installation
All steps must be completed for a first-time installation; steps that can be omitted
in an upgrade are noted throughout this document and in Appendix B.
Chapter 7: Create Enterprise SQL Databases
The first step in the WorkPlace installation is to create at a minimum two physical databases on the SQL
server. One database is a shared control database that is used for common information across a group
of company databases. The other database is for the company information; if you are installing multiple
companies then make sure to add the appropriate number of company databases. If you have logical
groupings of companies or desire to the have the companies exclusively independent of each other than
configure each group of company databases to have their own control database. Data shared in the
control database are things such as Currency, Exchange Rates, and Inter-Company settings. In the
examples that follow you will see that “WPEControl” is the control database used and “WPECompany” is the company database. Feel free to call your databases whatever you like, a common naming
convention for the company is a brief description of what the company entity is referred to.
Chapter 8: The WorkPlace Installation Wizard
This Wizard is a graphical software interface that automatically guides you step by step through the
WorkPlace installation process.
Before starting the Installation Wizard
Close all currently running applications. Be certain that the MS SQL Server Database instance for your
Control and Company Database is running before you proceed. The Install Wizard needs to read and write
to these databases in order to install properly.
Launching the Wizard from a CD
Insert the WorkPlace Product CD into the drive located on the web server. If the CD drive is configured for
autoplay/autorun, the CD will start the Installation Wizard automatically. If the CD does not start
automatically, select StartRun and browse to the CD drive where the WorkPlace Installation CD has been
inserted. Select the Setup.exe, then OK from the Run menu and installation will begin.
Launching the Wizard from a ZIP archive
Extract the ZIP archive to your web server with the setting “include folder names.” A folder named after the
WorkPlace version number will be created with all necessary installation files. Inside that folder, double
click Setup.exe to launch the installation wizard.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 22 of 71
The install code ZIP archive must be saved and extracted onto the web server. ALL
installation executables must be saved on launched on the web server ONLY!
In the Paramount Installation Wizard Window, click Next to proceed with the installation process.
In the License Agreement Window, carefully read the Paramount License Agreement. Select YES if you
agree to the terms of the Agreement and proceed with the installation process.
If you do not agree, select CANCEL and contact Paramount either by phone
248.960-0909 or by email at [email protected].
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 23 of 71
If you selected YES to the License Agreement the following screen appears, this is the Main Installation
Window. The steps appear in necessary completion order. As steps in the process are completed, you
will automatically be returned to this main window to begin the next step.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 24 of 71
Chapter 9: SQL Objects Installation
Before proceeding with SQL Object installation or Upgrade, be certain that
a recoverable backup has been made of your control and company databases.
1. In the Main Installation Window, select the SQL Objects button. This step is required for both initial
set up and upgrades.
The SQL Server must already be installed, configured and have all Control
and Company Databases installed. Close all currently running applications (not
including services).
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 25 of 71
2. Select the components to be installed by clicking the checkbox next to the desired components. If
the .NET Framework is already installed, it is recommended that you un-check that box and do not
reinstall it.
3. Destination folder: By default, the components will be installed to the C:\ drive of the local machine
under C:\ProgramFiles\WorkPlace\SQL or C:\Program Files (x86)\WorkPlace\SQL on a 64 bit OS. To
change the default installation folder, use the BROWSE button to navigate to the desired destination
folder on the SQL Server.
4. Select NEXT to proceed.
If the Default location of the web server installation folder is changed, be
certain to make a note of the path to your installation folder location.
5. Review the settings and Select NEXT to continue if you are satisfied with the settings.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 26 of 71
6. The SQL Objects and the PTI SQL Objects installer are copied to the destination folder.
7. Select FINISH to begin the next phase of the installation process. Leave Launch PTI Installer checked
to continue on to next step.
Chapter 10: Scripting the Database Objects
Once the WorkPlace SQL Objects are unpacked and copied to the destination folder, they must be
scripted into the Company database(s) by our SQL Installer .NET utility program. To continue the
installation process directly from the Installation Wizard, page above, leave the ‘Launch PTI Installer’ box checked and click FINISH. The main installation window will reappear briefly, and then the .NET Installer
will be launched automatically.
Database scripting must be performed for ALL installation types (Demonstration,
Test or Production (fresh Install) or Upgrade from prior version).
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 27 of 71
If you have closed out of the Installation Wizard and need to resume the installation process at this
point, go to the Windows Start Menu on your web server and select “SQL Installer .NET” under “All Programs.”
1. On the Connect to SQL screen, type in the correct path to the appropriate SQL Server database
instance or select it from the drop down menu or browse button. Choose the authentication
method for the installer program. NOTE that this choice is totally unrelated to how users will be
authenticated when logging into WorkPlace. ‘sa’ will default as the Login name for SQLauthentication. If your DBO user login is not ‘sa’, enter the appropriate login, password, then selectNEXT to continue
2. In the Select Company Database(s) window, select the proper choice for your Control Database in
this example it is called ‘WPEControl’. It is possible to select any database that appears on thescreen below. The most common approach is to manually create specific databases for WorkPlace
to connect with. For example, the databases ‘WPEControl’ and ‘WPECompany’ in the screenshotabove were manually created in advance using SQL Server. After selected the control database then
select the company database(s) that you wish to script at this time. The WorkPlace application will
be connected to these companies after installation is complete (Do not select your Control
database). Select NEXT to continue.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 28 of 71
3. The installer command file ‘WorkPlace.xml’ determines which ‘module specific’ pages follow asthe installer continues to run. The default path is usually correct and should point to the folder
where you initially unpacked the WorkPlace SQL Objects. Select NEXT to continue.
4. Specify the ‘Installation Type’ by clicking the circle to the left of the desired option.
Each of these options upgrades the WorkPlace SQL Objects to the version that came with
the Installation Wizard. The difference between these options is the effect on data held in
the tables created by WorkPlace:
UPGRADE – leaves WorkPlace data UN-changed and scripts all objects and permissions.
PRODUCTION – empties all WorkPlace data tables. The first time WorkPlace is installed to a
company database, this option must be chosen.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 29 of 71
DEMONSTRATION - empties all WorkPlace data tables AND loads in sample data that may
be helpful for sales demonstrations.
None of the Installation types will affect data in Control database tables.
Select NEXT to continue.
5. Indicate the WorkPlace modules you have purchased by checking the boxes to the left of each
appropriate option. You may select multiple options. Select NEXT to continue.
6. The default options should be used for this page, Select NEXT to continue.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 30 of 71
7. Select Start to begin scripting; this process may take a few minutes.
The installation of each script is listed (shown below) as they are installed to the database. Each
time the installer is run, a log file is created and saved in the /Log subdirectory of the folder to
which the SQL Objects were unpacked.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 31 of 71
8. SQL Objects are now installed.
A log file is generated in the installation folder while the SQL
Installer is scripting the database objects.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 32 of 71
Chapter 11: Web Objects Installation
The web server machine’s operating environment must already be prepared and configured prior to installing the
WorkPlace application’s Web Objects.
The installation of Web Objects is performed for BOTH fresh installs and Upgrades.
If you are UPGRADING – navigate to the Web Folder where WorkPlace was initially
installed. You must rename or print the web.config file for reference in configuring the
new web.config that will replace it during the upgrade. You should also backup any
reports that you have customized as you will have to re-copy those back in after the
upgrade.
1. Select the WEB OBJECTS button to begin installation of the WorkPlace Web Components
2. Accept the default location C:\Program Files (86)\WorkPlace, or replace the default location by
typing over it or using the BROWSE button to choose a destination folder location. Select NEXT to
continue the installation of the Web Objects
If the default installation location is changed, be sure to make note of the new
installation folder’s location. If UPGRADING, be certain that your original installation
folder is selected AND that you copy, rename, or print your existing web.config file before
proceeding.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 33 of 71
Verify the settings before the files are copied to the local drive. Select NEXT to start copying files.
Select the FINISH button to return to the main installation window
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 34 of 71
Chapter 12: Optional Windows Components
All of the Optional Windows Components must be installed on the web server in order for WorkPlace to run
properly. Do not reinstall these programs if the same or a newer version already exists on your web server. To
install any of these components, select the OPTIONAL WINDOWS COMPONENTS Button on the main Installation
Wizard screen.
If any components have been installed previously, they need not be selected when running the
WorkPlace installation wizard.
Periodically these components are updated in future versions of WorkPlace so it is important to make sure that these
exact versions of the components are installed. If you are in question simply install the components and they will tell you if
they are installed or not.
1. Select the components you wish to install and select NEXT to continue.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 35 of 71
2. Verify the components to be installed and Select NEXT to continue. The installation wizard will run
the setup programs for any components you have selected.
3. You have now completed all set up processes performed by the Installation Wizard! Click
Finish to go back to the main installation area.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 36 of 71
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 37 of 71
Chapter 13: Configuring your WorkPlace Website
This step is required for a first time installation; it may be skipped when upgrading. A WorkPlace web site must
be configured for each SQL Server where your Financial Application is installed i.e. TEST SQL Server instance vs.
Live SQL Server Instance. The previous Sections in this manual must be completed prior to configuring your
WorkPlace website.
Creating the Application Folder / Virtual Directory – Windows 2008
1. Open the Internet Information Services (IIS) by navigating to Start Settings Control Panel Administrative Tools Internet Information Services (IIS) Manager. Once open right mouse click on
Applications Pools and select Add Application Pool…
On the Add Application Pool screen enter a name for the pool such as “WorkPlace”, then select “.NET Framework v4.0.30319” and finally select “Classic” as the Managed pipeline mode. Leave the “Start application pool immediately” checked and click OK.
Now that the Application Pool is created we need to create the Application folder for WorkPlace and tie
it to this newly created Application Pool. To create the Application folder right mouse click on the Web
Site that is to contain the Application folder, in this example we are putting it on the Default Web Site.
Click Add Application…
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 38 of 71
From the Add Application screen enter the Alias that will be used from the web browser to access
WorkPlace, in this example we are using “WorkPlace”. Next select the Application pool “WorkPlace” that was created in step 2. Finally enter the folder where the WorkPlace web objects were installed, the
default installation folder “C:\Program Files (x86)\WorkPlace”. After this information is entered click OK.
WorkPlace is now configured for access. To test out access simply open a web browser and type in the
url for the web browser machine name along with the Application folder that we just configured, i.e.,
http://mywebserver/WorkPlace.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 39 of 71
Creating the Virtual Directory – Windows 2003
1. Open the Internet Information Services (IIS) by navigating to Start Settings Control Panel Administrative Tools Internet Information Services (IIS) Manager. Once open right mouse click on
Applications Pools and select New and then Application Pool…
On the Add New Application Pool screen enter a name for the pool such as “WorkPlace”. Leave the “Use default settings for new application pool” checked and click OK
Now that the Application Pool is created we need to create the Virtual Directory for WorkPlace and tie it
to this newly created Application Pool. To create the Virtual Directory right mouse click on the Web Site
that is to contain the Virtual Directory, in this example we are putting it on the Default Web Site. Select
New and then Virtual Directory…
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 40 of 71
The Virtual Directory Creation Wizard will now appear, click Next to configure the Virtual Directory.
Now enter the Alias for WorkPlace, in our example we defined this as WorkPlace (this alias is how
WorkPlace will be accessed from the web browser). Click Next to continue.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 41 of 71
Now enter the folder where the WorkPlace web objects were installed, the default installation folder
“C:\Program Files (x86)\WorkPlace”. After this information is entered click Next.
From the Virtual Directory Creation Wizard select “Read” and “Run scripts (such as ASP)” and click Next.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 42 of 71
The Virtual Directory is now created, click Finish.
Now we need to tie the Application Pool to the Virtual Directory. Right mouse click on the WorkPlace
Virtual Directory and select Properties.
From the Properties window select the Application pool that we created in step 2.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 43 of 71
WorkPlace is now configured for access. To test out access simply open a web browser and type in the
url for the web browser machine name along with the Application folder that we just configured, i.e.,
http://mywebserver/WorkPlace.
Part 4: Additional System Configuration
Chapter 14: Session User Setup
In order for WorkPlace to maintain state between web pages a user defined connection string is
available in the web.config to direct WorkPlace to the proper SQL Server along with account information
to access to the state database tables. It is recommended to use a special SQL user account for session
management, if using the NT authentication model you have the option of using pass-through for this
setting. Even under the NT authentication model It is still recommended to use a SQL account for access.
Configuring using SQL Account
1. Create the SQL session user account in SQL Server and set the default database to “PTIMaster” andfrom within “PTIMaster” give this SQL user account full control on the “PTINETSessionHdr” and“PTINETSessionDtl” tables.
2. Open the web.config and specify this user account and the SQL Server name that holds the
“PTIMaster” database. The section that holds this information is the “SessionSQLConnectionString”.
<add key="SessionSQLConnectionString" value="Password=J*&%$@12;Persist Security
Info=false;User ID=PTINETSessionUser;Initial Catalog=PTIMaster;Max Pool Size=500;Data
Source=sqlserver\instance1"/>
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 44 of 71
Configuring using NT Pass-through
Configure an Active Directory group for use with WorkPlace and then add all users that will access
WorkPlace to this group. Now on the SQL Server add this group and set the default database to
“PTIMaster” and from within “PTIMaster” give the group full control on the “PTINETSessionHdr” and “PTINETSessionDtl” tables.
Open the web.config and use the connection string specified below and specify the SQL Server name
that holds the “PTIMaster” database. The section that holds this information is the “SessionSQLConnectionString”.
<add key="SessionSQLConnectionString" value=" Integrated Security=SSPI;Persist Security
Info=False;Initial Catalog=PTIMaster;Max Pool Size=500;Data Source=sqlserver\instance1"/>
Chapter 15: Specifying SQL Server Housing Company Databases
The SQL Server housing the company databases for WorkPlace must be specified in the web.config.
Simply open the web.config and find the section “ServerName” and set the value to your SQL Server’s name and instance.
<add key="ServerName" value="sqlserver\instance1”/>
Chapter 16: Configuring User Authentication
There are seven user authentication options available; following will list each option and the required
setup for each.
SSO – Single Sign On Authentication
Third party authentication (Windows Live, Google, ADFS and custom providers) is used to access the
WorkPlace web site and is subsequently linked to a valid WorkPlace User account based on the users
email address. Under this security model all WorkPlace User Names must be the users valid email
account. Since the SSO only authenticates the user to WorkPlace, WorkPlace requires the Shared SQL
account to be setup and configured – this account is used for all database access.
Specify SSO in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="SSO"/>
Uncomment the 3 sections in the web.config within the blocks: SSO Config Section 1, SSO Config Section
2 and SSO Config Section 3.
In the SSO Config Section 1 there are a few settings that need to be filled in based on your SSO setup –
see them highlighted below. Replace the value http://localhost/workplace/ with a valid external URL for
access to WorkPlace, this value will also be specified as the Relying Party Application in the SSO Access
Control Service (this is outside of WorkPlace and in some instances will be obtained from Azure Access
Control Services). The next value we need to specify is the certificate information for the Token Signing
Certificate, this will be specified in the trusedIssuers section and in our example is obtained from the
Azure Access Control Service -> Service Settings -> Certificate and Keys meu option. Finally we need to
set the issuer and the realm, the ream will be already be set from a prior setup, the issuer comes
PassiveRequestorEndpoint->Address element from the WS-Federation Metadata file (see screen shots
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 45 of 71
below for examples). … <system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost/workplace/"/>
</audienceUris>
<issuerNameRegistry
type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="A39AE26FADEEB1C9F0E618727570D776DB97DF15"
name="pticorp.accesscontrol.windows.net" />
</trustedIssuers>
</issuerNameRegistry>
<certificateValidation certificateValidationMode="None"/>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false"/>
<wsFederation passiveRedirectEnabled="true"
issuer="https://pticorp.accesscontrol.windows.net/v2/wsfederation"
realm="http://localhost/workplace/" requireHttps="false"/>
</federationConfiguration>
</system.identityModel.services>
…
WINDOWS AZURE RELYING PARTY APPLICATION SETUP
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 46 of 71
AZURE ACCESS CONTROL SERVICE TOKEN SIGNING CERTIFICATE AND KEY
AZURE WS-FEDERATION METADATA URL DOWNLOAD LINK
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 47 of 71
AZURE FEDERATIONMETADATA.XML
If using a SSO Identity Provider other than Windows Live or ADFS you will need to specify the claim type
used to define the unique attribute for the authenticated user. This value goes into the
SSOClaimType4UniqueID section in the web.config. For multiple Identify Providers simply specify the
additional claim types with semi-colon delimeter.
DEFAULT ENTRY IN WEB.CONFIG FOR WINDOW LIVE AND ADFS <add key="SSOClaimType4UniqueID"
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier;http://schemas.m
icrosoft.com/ws/2008/06/identity/claims/windowsaccountname"/>
When using the WorkPlace Agent or the WorkPlace OTG Server it is recommended (not required) to
restrict the IP access as these two pages fall outside of the SSO authentication process. The IP address
for the WorkPlace Agent should be the IP Address where the WP Agent Service or .EXE is being run. The
IP address for the WP OTG Server should be the IP address that is hosting the WP OTG Server web site.
Since all Database Access is being done by the shared user account we need to configure that now by
setting up a SQL user account for ALL backend queries to run under.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS),
and to ALL Company databases that WorkPlace is installed to. Within each of these databases give the
user access to the PTIWorkPlaceAdmin role.
Specify the SQL user account in the web.config in the “SharedUserName” section.
<add key="SharedUserName" value="WPSharedUser"/>
Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to
encrypt the password go to step 8, otherwise the setup is complete at this point.
<add key="SharedPasswordClear" value="shareduserpassword"/>
To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder
in the WPEncrypt folder. To use this utility simply go to a command line and type the following, replace
the value with the SQL user accounts password and type anything you wish into the key value. Once run
you get the encrypted password outputted to the screen and there is also a Encrypted.txt file that is
generated with the encrypted password.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 48 of 71
WPEncrypt.exe value=" shareduserpassword" key="cookiejar"
Copy the value outputted from previous step into the “SharedPasswordEncrypted” section, also specify
the key used in the “SharedPasswordEncryptedKey” section.
<add key="SharedPasswordEncrypted"
value="eynIXqZGgFjiEibiHg5aA/x/gYfu3fvu9K/xGDMl+QJfKJh2rCTHLYhQjxGSIjsm"/>
<add key="SharedPasswordEncryptKey" value="cookiejar"/>
SQL Authentication
SQL Name and Password are used and are passed directly through to the SQL Server. This requires the
user to be setup on the SQL server as a physical user and the user must have access to all databases that
WorkPlace requires access. It is recommended that the SQL password encryption option is enabled in
WorkPlace when using this method. Since the users have access to the databases a user could use excel
or other connectable applications to access WorkPlace data if non-encrypted passwords are allowed.
Specify SQL in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="SQL"/>
When using SQL 2005 or greater WorkPlace can honor the SQL Server Password policies by enabled the
“EnforceSQLPasswordPolicyAndExpiration” section in the web.config.
<add key="EnforceSQLPasswordPolicyAndExpiration" value="ON"/>
In order to encrypt the SQL passwords when “EnforceSQLPasswordPolicyAndExpiration” is on the setting “EnforceSQLPasswordEncryption” must also be set to “ON”
<add key="EnforceSQLPasswordEncryption" value="ON"/>
To enable users to change their SQL passwords from within WorkPlace set the “ChangePassword” setting in the web.config to “ON”
<add key="ChangePassword" value="ON"/>
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 49 of 71
SQLSHARED Authentication
SQL Name and Password for authentication only. All backend SQL operations are performed using a
shared SQL user account. This method secures access to the physical database as the user account does
not have access to any of the physical databases. This method is ideal in environments where other SQL
applications are used and a shared SQL name and password are desired.
Specify SQLSHARED in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="SQLSHARED"/>
Configure a SQL user account as the account that ALL backend queries will be run under.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS),
and to ALL Company databases that WorkPlace is installed to. Within each of these databases give the
user access to the PTIWorkPlaceAdmin role.
Specify the SQL user account in the web.config in the “SharedUserName” section.
<add key="SharedUserName" value="WPSharedUser"/>
Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to
specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to encrypt the password go to step 6, otherwise the setup is complete at this point.
<add key="SharedPasswordClear" value="shareduserpassword"/>
To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder
in the WPEncrypt folder. To use this utility simply go to a command line and type the following, replace
the value with the SQL user accounts password and type anything you wish into the key value. Once run
you get the encrypted password outputted to the screen and there is also a Encrypted.txt file that is
generated with the encrypted password.
WPEncrypt.exe value=" shareduserpassword" key="cookiejar"
Copy the value outputted from Step 6 into the “SharedPasswordEncrypted” section, also specify the key used in the “SharedPasswordEncryptedKey” section.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 50 of 71
<add key="SharedPasswordEncrypted"
value="eynIXqZGgFjiEibiHg5aA/x/gYfu3fvu9K/xGDMl+QJfKJh2rCTHLYhQjxGSIjsm"/>
<add key="SharedPasswordEncryptKey" value="cookiejar"/>
When using SQL 2005 or greater WorkPlace can honor the SQL Server Password policies by enabled the
“EnforceSQLPasswordPolicyAndExpiration” section in the web.config.
<add key="EnforceSQLPasswordPolicyAndExpiration" value="ON"/>
In order to encrypt the SQL passwords when “EnforceSQLPasswordPolicyAndExpiration” is on the setting “EnforceSQLPasswordEncryption” must also be set to “ON”
<add key="EnforceSQLPasswordEncryption" value="ON"/>
To enable users to change their SQL passwords from within WorkPlace set the “ChangePassword” setting in the web.config to “ON”
<add key="ChangePassword" value="ON"/>
Active Directory / NT Authentication
The Active Directory user name that the user logged into Windows with (Integrated Authentication) or
the Active Directory user that was entered on the Basic Authentication window (Non-Integrated
Authentication) is simply passed through to the SQL Server. This method as well as the SQL option both
have the same drawbacks in that the user could use an external application to get access to the SQL
databases unless a firewall is enabled. This method also suffers from the Double-Hop syndrome whereas
the SQL Server, Web Server and Client machines must all be enabled for delegation at the Active
Directory level as standard Kerberos authentication does not allow the client browser to authenticate to
the web server and then allow the web server to impersonate the credentials to the SQL server.
Specify NT in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="NT"/>
Set the “authentication” mode to “Windows” in the web.config
<authentication mode="Windows"/>
Set the “identity” impersonate to “true” in the web.config
<identity impersonate="true"/>
Remove the Anonymous access from the Application Folder / Virtual Directory and check the Basic or
Windows/Integrated authentication checkboxes.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 51 of 71
Windows 2008 Screen Shot
Configure an Active Directory group for use with WorkPlace and then add all users that will access
WorkPlace to this group. Now on the SQL Server add this group and give this group permission to the
PTIMaster, all Control databases (example: DYNAMICS), and to ALL Company databases that WorkPlace
is installed to. Within each of these databases give the group access to the PTIWorkPlaceAdmin role.
Configure the Windows Management Instrumentation (WMI) Control. From the Web Server go to Start
Control Panel Administrative Tools Computer Management. Open the Service and Applications
group. Right-click on the WMI Control and select Properties.
Go to the Security tab and open the Root group and then highlight the CIMV2 folder and click the
Security button.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 52 of 71
Add your Active Directory group. Check both the ‘Enable Account’ and ‘Remote Enable’ in the lower ‘Permissions’ pane. Click Advanced and highlight the group you just added. Click Edit. In the ‘Apply onto’ drop-down, change the setting to "This namespace and subnamespaces". Click ‘OK’ on all the open dialogs to complete.
Reboot the Web Server to invoke changes.
Active Directory / NTSHARED Authentication
The Active Directory user name that the user logged into Windows with (Integrated Authentication) or
the Active Directory user that was entered on the Basic Authentication window (Non-Integrated
Authentication) is used to identify the user to WorkPlace. The SQL backend operations are all
performed using a shared SQL account. This method is the preferred model in larger organizations as
the user cannot access the databases via external applications and all password and account
management is at the Active Directory level. This option also eliminates the double-hop issue with
Active Directory.
Specify NTSHARED in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="NTSHARED"/>
Set the “authentication” mode to “Windows” in the web.config
<authentication mode="Windows"/>
Set the “identity” impersonate to “true” in the web.config
<identity impersonate="true"/>
Configure a SQL user account as the account that ALL backend queries will be run under.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS),
and to ALL Company databases that WorkPlace is installed to. Within each of these databases give the
user access to the PTIWorkPlaceAdmin role.
Specify the SQL user account in the web.config in the “SharedUserName” section.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 53 of 71
<add key="SharedUserName" value="WPSharedUser"/>
Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to encrypt the password go to step 8, otherwise the setup is complete at this point.
<add key="SharedPasswordClear" value="shareduserpassword"/>
To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder
in the WPEncrypt folder. To use this utility simply go to a command line and type the following, replace
the value with the SQL user accounts password and type anything you wish into the key value. Once run
you get the encrypted password outputted to the screen and there is also a Encrypted.txt file that is
generated with the encrypted password.
WPEncrypt.exe value=" shareduserpassword" key="cookiejar"
Copy the value outputted from previous step into the “SharedPasswordEncrypted” section, also specify the key used in the “SharedPasswordEncryptedKey” section.
<add key="SharedPasswordEncrypted"
value="eynIXqZGgFjiEibiHg5aA/x/gYfu3fvu9K/xGDMl+QJfKJh2rCTHLYhQjxGSIjsm"/>
<add key="SharedPasswordEncryptKey" value="cookiejar"/>
Remove the Anonymous access from the Application Folder / Virtual Directory and check the Basic or
Windows/Integrated authentication checkboxes.
Windows 2008 Screen Shot
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 54 of 71
Configure an Active Directory group for use with WorkPlace and then add all users that will access
WorkPlace to this group.
Configure the Windows Management Instrumentation (WMI) Control. From the Web Server go to Start
Control Panel Administrative Tools Computer Management. Open the Service and Applications
group. Right-click on the WMI Control and select Properties.
Go to the Security tab and open the Root group and then highlight the CIMV2 folder and click the
Security button.
Add your Active Directory group. Check both the ‘Enable Account’ and ‘Remote Enable’ in the lower ‘Permissions’ pane. Click Advanced and highlight the group you just added. Click Edit. In the ‘Apply onto’ drop-down, change the setting to "This namespace and subnamespaces". Click ‘OK’ on all the open dialogs to complete.
Reboot the Web Server to invoke changes.
Forms Authentication
The Active Directory user name that the user logged into Windows with is used to authenticate against
the WorkPlace Web Server using IIS Forms Authentication. Once authenticated against the web site, the
user’s credentials are passed to the WorkPlace solution which will authenticate against the application
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 55 of 71
level security. All SQL backend operations are all performed using a shared SQL account. This method is
a preferred model in larger organizations as the user cannot access the databases via external
applications and all password and account management is at the Active Directory level. This option also
eliminates the double-hop issue with Active Directory.
Specify FORMS in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="FORMS"/>
Set the “authentication” mode to “Forms” in the web.config
<authentication mode="Forms"/>
Set the "SessionSQLConnectionString" using SQL Account. See Chapter 13: Session User Setup -
Configuring using SQL Account.
Configure a SQL user account as the account that ALL backend queries will be run under.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS),
and to ALL Company databases that WorkPlace is installed to. Within each of these databases give the
user access to the PTIWorkPlaceAdmin role.
Specify the SQL user account in the web.config in the “SharedUserName” section.
<add key="SharedUserName" value="WPSharedUser"/>
Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to
specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to encrypt the password go to step 6, otherwise the setup is complete at this point.
<add key="SharedPasswordClear" value="shareduserpassword"/>
To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder
in the WPEncrypt folder. To use this utility simply go to a command line and type the following, replace
the value with the SQL user accounts password and type anything you wish into the key value. Once run
you get the encrypted password outputted to the screen and there is also a Encrypted.txt file that is
generated with the encrypted password.
WPEncrypt.exe value=" shareduserpassword" key="cookiejar"
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 56 of 71
Copy the value outputted from previous step into the “SharedPasswordEncrypted” section, also specify the key used in the “SharedPasswordEncryptedKey” section.
<add key="SharedPasswordEncrypted"
value="eynIXqZGgFjiEibiHg5aA/x/gYfu3fvu9K/xGDMl+QJfKJh2rCTHLYhQjxGSIjsm"/>
<add key="SharedPasswordEncryptKey" value="cookiejar"/>
There are 3 additional sections in the web.config file specific to FORM Configuration. Each begins with
“START: FORM” and will need to be uncommenting and updated as outlined below.
Update FORM Config Section 1 with the customer specific Active Director Connection String.
<!-- START: FORM Config Section 1 -->
<!-- * Add your Active Directory to authenticate against. -->
<location path="Central/LoginAction.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Central/WPAgent.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="OTG/OTGMain.asmx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 57 of 71
<connectionStrings>
<add name="ADConnectionString"
connectionString="LDAP://domain.mycompany.com/CN=Users,DC=domain,DC=mycompany,DC=com"/
>
</connectionStrings>
<!-- END: FORM Config Section 1 -->
Update FORM Config Section 2 with the AttributeMapUIsername which will be one of 2 options;
sAMAccountName: The active Directory ‘User Logon Name’ (pre-Windows 2000) with no
domain which would be used as the Login Name in WorkPlace Security (i.e. aduser).
userPrincipalName: The active directory ‘User Logon Name’ with the domain email which
would be used as the Login Name in WorkPlace Security (i.e. [email protected]).
<!-- START: FORM Config Section 2 -->
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<membership defaultProvider="MyADMembershipProvider">
<providers>
<!--attributeMapUsername values: "sAMAccountName" which would be the
account name such as jsmith, and "userPrincipalName" which is
would be UserName@DomainName or
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>
<!-- END: FORM Config Section 2 -->
Update FORM Config Section 3 by removing the comment tags to appear as below. No other updates
are required.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 58 of 71
<!-- START: FORM Config Section 3 -->
<forms name=".ADAuthCookie" timeout="10" loginUrl="~/Central/Login.aspx"
defaultUrl="~/"/>
<!-- END: FORM Config Section 3 -->
Update the WorkPlace Application Folder / Virtual Directory to enable Anonymous and Forms
Authentication. All other settings should be disabled.
Application Authentication
User accounts and passwords are managed by WorkPlace exclusively and all SQL backend operations are
performed using a shared user account. Under this option the user names are the email addresses of
the user. The key benefit with this method is that if users forget their passwords they can simply click a
“forgot password” button on the logon page and reset their own passwords. This method is ideal for environments where account management at the SQL or NT level is not ideal or empowering the user to
manage their own password cuts administrative overhead.
Specify APP in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="APP"/>
Configure a SQL user account as the account that ALL backend queries will be run under.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS),
and to ALL Company databases that WorkPlace is installed to. Within each of these databases give the
user access to the PTIWorkPlaceAdmin role.
Specify the SQL user account in the web.config in the “SharedUserName” section.
<add key="SharedUserName" value="WPSharedUser"/>
Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to
specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to encrypt the password go to step 6, otherwise the setup is complete at this point.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 59 of 71
<add key="SharedPasswordClear" value="shareduserpassword"/>
To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder
in the WPEncrypt folder. To use this utility simply go to a command line and type the following, replace
the value with the SQL user accounts password and type anything you wish into the key value. Once run
you get the encrypted password outputted to the screen and there is also a Encrypted.txt file that is
generated with the encrypted password.
WPEncrypt.exe value=" shareduserpassword" key="cookiejar"
Chapter 17: Administrative User
The administrative user defined in the web.config will grant access to WorkPlace even if the user is not
configured in WorkPlace. This user does not go against the licensed user account and allows limited
access to certain WorkPlace functions such as Security and Setting Settings.
Specify the administrative users login name in the web.config section “AdministrativeUser”. For Active Directory specify the domain prefix.
<add key="AdministrativeUser" value="mydomain\jsmith"/>
SSO Setup
To initially get into WorkPlace with SSO enabled you have to do one of two things. One you can setup
WorkPlace for another authentication method and then configure the WorkPlace user account and
setup the default SMTP server settings. Then flip the authentication over to SSO and then follow the
dialogs to assication your SSO account with WorkPlace. The other method involves manually setting up
this account which is detailed below.
1. Navigate manually to http://www.mydomain/WorkPlace/Central/SSOInfo.aspx (replace the domain
and folder with your valid specific values). From this page you get the value for the unique identifier
and the identity provider.
SSOINFO.ASPX
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 60 of 71
2. Use the values from step 1 and insert a manual record with this information into the PTISecuritySSO
table that is within the PTIMaster database.
INSERT INTO PTISecuritySSO (idfEmail,idfFlagActivated,idfIdentityProvider,idfIdentityUniqueID)
VALUES
('[email protected]',1,'uri:WindowsLiveID','8tsPDrj9x8nhfjbi0qkYvF0zBqXsZ0+i7bjo6L9FVl8=')
Chapter 18: Crystal Report SQL User Account
If using Active Directory / NT Pass-through or are using any options in the
SQLPasswordEncryptionExtendedSupport setting such as “GRPCONNECT” then the following steps will need to be performed.
Configure a SQL user account for running the Crystal Reports queries.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS),
and to ALL Company databases that WorkPlace is installed to. Within each of these databases give the
user access to the PTIWorkPlaceRFQVndAccess role.
Update the web.config settings “ReportUserName” and “ReportPassword” with the SQL user account that was just configured.
<add key="ReportUserName" value="WPCrystalUser"/>
<add key="ReportPassword" value="7803*&#@"/>
Chapter 19: RFQ Vendor User
If licensed for Request for Quote then a SQL user account will need to be created for the RFQ module to
process responses from outside vendors.
Configure a SQL user account.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS),
and to ALL Company databases that WorkPlace is installed to. Within each of these databases give the
user access to the PTIWorkPlaceUser role.
Update the web.config settings “VendorUserName” and “VendorPassword” with the SQL user account that was just configured.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 61 of 71
<add key="VendorUserName " value="WPVendorUser"/>
<add key="VendorPassword " value="7803*&#@"/>
Chapter 20: Date Format
The date format that is used in WorkPlace can be changed in the web.config. Once changed all display
and input fields will use this format.
To change the date format edit the “DateFormat” section of the web.config.
<add key="DateFormat" value="MM/dd/yyyy"/>
Format Option Example
MM/dd/yyyy 01/12/2015
yyyy.MM.dd 2015.12.01
dd/MM/yyyy 12/01/2015
dd.MM.yyyy 12.01.2015
dd-MM-yyyy 12.01.2015
MM-dd-yyyy 01-12-2015
yyyy/MM/dd 2015/01/12
Chapter 21: Session Timeout
The amount of inactivity allowed before a user has to re-login is controlled by the “SessionTimeout” setting in the web.config. The default time is 60 minutes.
To modify the timeout simply edit the “SessionTimeout” web.config setting and change to the specified amount of minutes.
<add key="SessionTimeout" value="60"/>
Chapter 22: Language Engine
If the Language Engine has been purchased and licensed the following setup needs to be performed.
Configure a SQL user account that will be used to access the Language Resource tables.
Set the Default Database of the SQL user account to be one of the companies that WorkPlace is installed
against. This is important as the Default Database on the Language User Account tells WorkPlace where
the Language Resource tables are.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 62 of 71
Give the SQL user account permission to the PTIMaster and to the Company database. Within each of
these databases give the user access to the PTIWorkPlaceLanguageAccess role.
Specify the SQL Language user name and password in the web.config
<!--<add key="LanguageUserName" value="sa"/>-->
<!--<add key="LanguagePassword" value="sasa"/>-->
The default language used by WorkPlace can be specified in the “Language” section of the web.config.
<!--<add key="Language" value="English"/>-->
Chapter 23: Web Server Folder Security
Within the web objects folder on the web server there are a three folders that WorkPlace needs full privileges on.
Those folders are the Attachments, ReportExports, and DynamicFiles.
1. Using Explorer, Navigate to the WorkPlace web server folder created during installation (Unless
changed during install, default location is C:\Program Files (86)\WorkPlace).
2. Navigate to the WorkPlace\Central\Attachments folder
3. Right-mouse click on the Attachments Folder Sharing and Security
4. Select the SECURITY Tab
5. Select the appropriate user account/group
a. If using SQL, SQLSHARED, or APP Authentication: Select the User Account that the
Application Pool is running under.
b. If using NT or NTSHARED: Select the WorkPlace users Active Directory Group
6. Allow READ, WRITE and MODIFY Permissions for this account
7. Select OK to save your changes and close the Security Properties Window
8. Repeat Step 1 through 7 for the Central\ReportExports folder
9. Repeat Step 1 through 7 for the Central\DynamicFiles folder
10. Repeat Step 1 through 7 for the C:\Windows\Temp folder
Part 5: Logging into WorkPlace
Chapter 24: Your WorkPlace URL
Open Internet Explorer and enter the address of your WorkPlace Application
Your URL will look like this:
http://<Web server machine name>/<IIS virtual directory name>
For Example:
Web Server Name = Neptune; Virtual Directory Name = WorkPlace
You would type in: Http://NEPTUNE/WORKPLACE
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 63 of 71
- OR -
Example: Web Server IP address = 120.120.120.118; Virtual Directory = WorkPlace
You would type in: Http://120.120.120.118/WORKPLACE
When you successfully launch WorkPlace from your browser, you will reach a login screen where you will need to
enter some or all of the following information:
Username
Password
Company Name
Option to change Password
The information required/available on the login screen is primarily determined by the Authentication mode that
you have configured to validate users and passwords.
The option to allow users to change their own passwords is available only in SQL
Authentication mode. This feature can be activated by modifying the Web.config file.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 64 of 71
Appendix A: WP Agent Utility
The Agent program (typically c:\program files\WorkPlace\wpagent\WPAgent.exe) is a stand alone
executable program that calls a special web page (WPAgent.aspx) on a regular schedule. When called,
the web page checks for two types of situations as explained in the “uses” section below, and if found and launches the appropriate routines. The frequency the agent program calls the web page is
scheduled on the web server using a command line ‘AT’ command or by using ‘Scheduled Tasks’ in Control Panel.
Uses
1) When WorkPlace is installed with an EAIC, the WP Agent can be used to automatically update
WorkPlace application tables based on any modifications that have been made by by the application
connected via the EAIC.
2) Also, this utility can be used to automatically send out an “Approval Tickler” email from the standardWorkPlace email engine. Reminder emails can be sent by the agent program when transactions (i.e.:
Requisitions, Invoices, Timesheets, Expense Sheets) have been submitted for approval, but have not yet
been loaded into an approval session.
Configuration
ACTIVATE
The WP Agent Program must be activated within the WorkPlace application System Settings page. To do
so, simply fill in a value for “Elapsed Hours” setting on the General Tab. The minimum number of hours is one, and fractional hours are not valid. The WP Agent Program is activated and configured per
individual company. Each company can have a different number of ‘elapsed hours’ specified in its WorkPlace System Settings.
ASSIGN A USER
SQL Authentication: select or create a user in SQL Server that is a member of the PTIWorkPlaceUser
Role in all Company DB(s), PTIMaster, and the Financial Application Control Database.
NT Authentication: select or create a user that is also a member of the NT Group for WorkPlace users.
CREATE COMMAND
Configure a command to launch the Agent program using ‘Scheduled Tasks’ in Control Panel or a command line ‘AT’ command. For example:
WPAgent.exe url="http://127.0.0.1/WorkPlace/Central/WPAgent.aspx" user="wpagent" password="wppass"
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 65 of 71
NOTE: The user information entered on the ‘Scheduled Task” Windows form can be any valid windows user on the web server. This user is separate and can be different from the
user information listed in your WPAgent command line.
Required Command Parameters (parameter names must be in lower case)
[url] This must point to the location of WPAgent.aspx within your virtual
folder you have configured for WorkPlace.
[user] The SQL Server/NT User Name.
[password] The password for the User above.
[domain] NT Authentication ONLY: the User account’s network domain name.
Optional Command Parameters (parameters in lower case, ON/SCREEN in upper case)
[debug] ON: Output will be written to a file called WPAgentLog.txt in the
path specified in [path], if no path is specified, C:\ will be used.
SCREEN: Output will be written to the console screen exclusively.
[path] This is the path where the WPAgentLog.txt will be created.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 66 of 71
Appendix B: Notes on upgrading
Upgrading from Previous WorkPlace Versions
Previous versions of WorkPlace ran on the .NET 2.0 (before version 11) and .NET 4 (after version 11)
framework as was limited to 32 bit mode only. WorkPlace 2015 is built on the .NET 4.5.2 framework and
the System Requirements within this document should be consulted prior to upgrading.
Install the Microsoft Framework 4.5.2 version.
Install the new Crystal Reports.NET v13.0.5.891, either the 32bit or 64bit depending on OS.
SQL password encryption was changed with WorkPlace version 11 to a new encryption engine as the old
engine only supported 32 bit operation. If you wish to continue to use the old password encryption you
can enable the old encryption library by setting the web.config setting “SQLClassicEncryptionEnabled” to “ON”
<add key="SQLClassicEncryptionEnabled" value="ON"/>
If you want to run in native 64 bit mode then the “SQLClassicEncryptionEnabled" cannot be set to “ON” and all the WorkPlace SQL user accounts will have to have their SQL passwords reset. This can be done
manually by the WorkPlace admin or there is a built in stored procedure than can be run in the
WorkPlace company database to set all the SQL accounts to a common password along with forcing the
users to change their password on logon. The stored procedure to execute is
spPTISQLResetPasswordAll, it takes one parameter which is the default password that all users will be
set to. The default password is “wppass”
EXEC spPTISQLResetPasswordAll
General Notes
Upgrading WorkPlace generally has fewer steps than a fresh “production” installation because most of the work was already done during your original install. For all upgrades:
When preparing to request your new license, you can generate the License Information File
from within WorkPlace on the System Settings General tab.
Unless you have a specific reason (i.e. instructed to by the release notes) you need not re-
install the Optional Window components.
Select “Upgrade” instead of production when installing SQL Objects.
After installing Web Objects you can simply copy your backup web.config file into the Web-
server main installation folder to restore your custom settings.
Also, copy any modified reports from the web server as you will need to copy these back in
after the upgrade.
Most likely, you will be able to launch WorkPlace without modifying settings in your
operating environment (i.e. IIS Manager, SQL Server, and Security Settings on the Web-
server installation folder.)
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 67 of 71
There are two main types of upgrades, and the process varies between the two:
Upgrading to a new version of WorkPlace
Download the new version of WorkPlace from the Customer Area website. Unzip on your
Web-server and double-click Setup.exe to launch.
Using the WorkPlace Installation Wizard, Install both Web Objects and SQL Objects.
When Installing SQL Objects, on the page where you identify your Financial Application
version, check to make sure the version of WorkPlace listed in the header of the popup
window is the version number you expect.
Select all of the same settings from your last install when installing your new objects
EXCEPT:
Select “Upgrade” instead of production when installing SQL Objects
Adding a new Interface to your current WorkPlace version
Don’t run the WorkPlace installation Wizard! Instead, go to the Windows Start Menu onyour Web-server and run SQL Installer .NET to install your WorkPlace SQL Objects (this is
more efficient and saves time.)
When Installing SQL Objects, on the page where you identify your Financial Application
version, check to make sure the version of WorkPlace listed in the header of the popup
window is the version number you expect.
Select all of the same settings from your last install when installing your new objects
EXCEPT:
Select “Upgrade” instead of production when installing SQL Objects, and
Select the checkbox to install the NEW INTERFACE that has caused you to upgrade.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 68 of 71
Appendix C: Un-Installing WorkPlace
Remove the installed Web Objects
Delete the folder from where you originally installed the WorkPlace web objects. Once removed open
Internet Information Services and remove the application/virtual folder that was created for WorkPlace.
Also, remove the Application Pool.
Removing the installed SQL Databases
During the SQL objects installation process, tables, triggers, stored procedures and views were installed
to the Control database and Company database(s). To remove these objects email
[email protected] for additional information. Also, there is another shared
database called PTIMaster that should be removed only if WorkPlace is being removed from ALL
Companies on the associated SQL Server.
Removing the installed Optional Windows Components
These optional Windows Components can be removed using the standard Add/Remove programs
feature included with Windows.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 69 of 71
Appendix D: Encrypting the Web.Config
The web.config can hold some sensitive information such as special user names and password for
session management, report execution and language management to name a few. In order to secure
this information .NET provides a build in encryption routine for the web.config. Following are excerpts
from the Microsoft .NET documentation on performing this activity.
Encrypting Web.Config
To encrypt the WorkPlace appSettings inside the web.config simply run this command. Make sure when
you run this command that is from the Administrators level command prompt. Also make sure you are
using the proper .NET framework folder for your version that WorkPlace is running under and that you
specify the proper virtual folder that WorkPlace is using.
Example:
C:\>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pe "appSettings" -app
"/WorkPlace"
Decrypting Web.Config
To decrypt the WorkPlace appSettings inside the web.config simply run the same command as we did to
encrypt but we will use the –pd command versus the –pe. Make sure when you run this command that
is from the Administrators level command prompt. Also make sure you are using the proper .NET
framework folder for your version that WorkPlace is running under and that you specify the proper
virtual folder that WorkPlace is using.
Example:
C:\>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pd "appSettings" -app
"/WorkPlace"
Microsoft Documentation for Encrypting and Decrypting Configuration Sections
Information Obtained from Microsoft Article: https://msdn.microsoft.com/en-us/library/zhhddkxy.aspx
You can use the ASP.NET IIS Registration Tool (Aspnet_regiis.exe) to encrypt or decrypt sections of a
Web configuration file. ASP.NET will automatically decrypt encrypted configuration elements when the
Web.config file is processed.
NOTE: The Aspnet_regiis.exe tool is located in the
%windows%\Microsoft.NET\Framework\versionNumber folder.
You can also use the protected configuration classes in the System.Configuration namespace to encrypt
and decrypt sections of a Web configuration file, sections of a configuration file for an executable (.exe),
or sections in the machine-level and application-level configuration files. For more information, see
the ProtectSection method of the SectionInformation class. For information on referencing a section of a
Web.config file, see the WebConfigurationManager class. For information on referencing configuration
sections of files other than the Web.config file, see the ConfigurationManager class.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 70 of 71
Encrypting a Web Configuration Section
To encrypt configuration file contents, use the Aspnet_regiis.exe tool with the –pe option and the name
of the configuration element to be encrypted.
Use the –app option to identify the application for which the Web.config file will be encrypted and the -
site option to identify which Web site the application is a part of. The Web site is identified using the site
number from the Internet Information Services (IIS) metabase. You can retrieve the site number from
the INSTANCE_META_PATH server variable in the ServerVariables collection. For example, when IIS is
installed, a Web site named "Default Web Site" is created as site 1. In pages served from that site, the
INSTANCE_META_PATH server variable returns "/LM/W3SVC/1". If you do not specify a -site option, site
1 is used.
Use the –prov option to identify the name of the ProtectedConfigurationProvider that will perform the
encryption and decryption. If you do not specify a provider using the -prov option, the provider
configured as the defaultProvider is used.
NOTE: If you are using an RsaProtectedConfigurationProvider instance that specifies a custom key
container, you must create the key container before running the Aspnet_regiis.exe tool. For more
information, see Importing and Exporting Protected Configuration RSA Key Containers.
The following command encrypts the connectionStrings element in the Web.config file for the
application SampleApplication. Because no -site option is included, the application is assumed to be
from Web site 1 (most commonly Default Web Site in IIS). The encryption is performed using
the RsaProtectedConfigurationProvider specified in the machine configuration.
aspnet_regiis -pe "connectionStrings" -app "/SampleApplication" -prov
"RsaProtectedConfigurationProvider"
When a page or other ASP.NET resource in the application is requested, ASP.NET calls the provider for
the protected configuration section to decrypt the information for use by ASP.NET and your application
code.
NOTE: To decrypt and encrypt a section of the Web.config file, the ASP.NET process must have
permission to read the appropriate encryption key information. For more information, see Importing and
Exporting Protected Configuration RSA Key Containers.
Decrypting a Web Configuration Section
To decrypt encrypted configuration file contents, you use the Aspnet_regiis.exe tool with the -pd switch
and the name of the configuration element to be decrypted. Use the –app and -site switches to identify
the application for which the Web.config file will be decrypted. You do not need to specify the –prov switch to identify the name of the ProtectedConfigurationProvider, because that information is
read from the configProtectionProvider attribute of the protected configuration section.
The following command decrypts the connectionStrings element in the Web.config file for the ASP.NET
application SampleApplication:
aspnet_regiis -pd "connectionStrings" -app "/SampleApplication"
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 71 of 71
Index
Access the WorkPlace Application(s) ............... 62
Db Installation Log ........................................... 30
Default Web Objects Location ......................... 32
IIS ................................................................ 37, 39
Installation Wizard ........................................... 21
Installing Workplace ......................................... 20
Main Installation Window ................................ 22
SQL Object Installation ..................................... 24
SQL Server Services .......................................... 19
Virtual Directory ......................................... 62, 63
Web Objects Installation .................................. 32
Web Server Services......................................... 19
Web Site Configuration .................................... 37
Windows Components ..................................... 34
WorkPlace license ...................................... 15, 19