Installation Guide
Edition 37.2
30 December 2016
Portrait Foundation Installation Guide
©2016 Copyright Portrait Software International Limited
All rights reserved. This document may contain confidential and proprietary information belonging to Portrait Software plc and/or its subsidiaries and associated companies.
Portrait Software, the Portrait Software logo, Portrait, Portrait Software’s Portrait brand and Million Handshakes are the trademarks of Portrait Software International Limited and may not be used or exploited in any way without the prior express written authorization of Portrait Software International Limited.
Acknowledgement of trademarks
Other product names, company names, marks, logos and symbols referenced herein may be the trademarks or registered trademarks of their registered owners.
About Portrait Software
Portrait Software is now part of Pitney Bowes Software Inc.
Portrait Software enables organizations to engage with each of their customers as individuals, resulting in improved customer profitability, increased retention, reduced risk, and outstanding customer experiences. This is achieved through a suite of innovative, insight-driven applications which empower organizations to create enduring one-to-one relationships with their customers.
Portrait Software was acquired in July 2010 by Pitney Bowes to build on the broad range of capabilities at Pitney Bowes Business Insight for helping organizations acquire, serve and grow their customer relationships more effectively. The Portrait Customer Interaction Suite combines world leading customer analytics, powerful inbound and outbound campaign management, and best-in-class business process integration to deliver real-time customer interactions that communicate precisely the right message through the right channel, at the right time.
Our 300 + customers include industry-leading organizations in customer-intensive sectors. They include 3, AAA, Bank of Tokyo Mitsubishi, Dell, Fiserv Bank Solutions, Lloyds Banking Group, Merrill Lynch, Nationwide Building Society, RACQ, RAC WA, Telenor, Tesco Bank, T-Mobile, Tryg and US Bank.
Pitney Bowes Software Inc. is a division of Pitney Bowes Inc. (NYSE: PBI).
For more information please visit: http://www.pitneybowes.co.uk/software/
UK America Norway
Portrait Software Portrait Software Portrait Software The Smith Centre 125 Summer Street Portrait Million Handshakes AS The Fairmile 16th Floor Maridalsveien. 87 Henley-on-Thames Boston, MA 02110 0461 Oslo Oxfordshire, RG9 6AB, UK USA Norway
Email: [email protected] Email: [email protected] Email: [email protected] Tel: +44 (0)1491 416778 Tel: +1 617 457 5200 Tel: +47 22 38 91 00 Fax: +44 (0)1491 416601 Fax: +1 617 457 5299 Fax: +47 23 40 94 99
Edition 37.2
About this document
Purpose of document This document describes the installation process for the Portrait Foundation product, and details environment-specific requirements and approaches. Intended audience Anyone who intends to install Portrait Foundation in a production or implementation environment. Related documents
Database Setup Guide
Demonstration Components User Guide
Operations Guide
Portrait Upgrade Guide
Service Resilience Feature Overview
Software Development Kit User Guide
Technical Architecture
Troubleshooting Guide
Repository Manager User Guide Software release Portrait Foundation 5.0 Update 1 or later.
Portrait Foundation Installation Guide 3 of 64
Edition 37.2
Contents
1 Portrait Foundation 7
2 System requirements 8 2.1 Recommended hardware requirements 8
3 Production environment considerations 9 3.1 User accounts 10 3.2 Machine setup and security considerations 13 3.3 Web servers 18 3.4 Process servers 21 3.5 Portrait Telephony server 21
4 Non-production environment considerations 23
5 Pre-installation tasks 26 5.1 Required steps 26 5.2 Optional steps 26
6 Installing Portrait Foundation 28 6.1 Core Software install 29
7 Setting up a Portrait Foundation system 33 7.1 System Setup Tool 33
8 Installing Portrait Foundation silently 41 8.1 Installation 41 8.2 System Setup 42 8.3 Example 43 8.4 Command line deployment 44
9 Post setup tasks 46 9.1 Management Console settings 46 9.2 DCOM Configuration settings 46 9.3 Database access 46
10 Removing Portrait Foundation 47 10.1 Uninstalling Portrait Foundation 47 10.2 Uninstall messages 48 10.3 Verifying removal 49
11 Troubleshooting 50 11.1 System Setup errors 50 11.2 Service Unavailable in Browser 50
Portrait Foundation Installation Guide 5 of 64
Edition 37.2
11.3 Active Directory Group Policy 51 11.4 Configuring Web Server using MMC 51 11.5 Logging options 51
Appendix A DCOM Firewall settings 52 A.1 Background 52 A.2 Component Services (DCOMCNFG) 53 A.3 Port restriction across all DCOM applications 53 A.4 Performance 54 A.5 Additional information 54
Appendix B System Setup Pages 55 B.1 Overview 55 B.2 System 56 B.3 Operational database 57 B.4 Transient database 58 B.5 Process server 59 B.6 Inbound simplex 60 B.7 Telephony server 61
Appendix C PowerShell modules 62
Portrait Foundation Installation Guide 6 of 64
Edition 37.2
1 Portrait Foundation
Portrait Foundation is an n-tier Customer Interaction Management system that can engage with any assisted or self-service channel. Based on Microsoft technologies, Portrait Foundation deploys into a distributed environment that can accommodate the modules shown in the high-level diagram below.
Figure 1 – Portrait Foundation outline architecture
The Technical Architecture document gives a full description of Portrait Foundation’s architecture.
This guide contains the following sections:
The minimum recommended hardware specification for production and non- production environments (Section 2).
Specific considerations for production (Section 3) and non-production (Section 3.5.2) environment installations.
A list of pre-installation considerations (Section 5).
A description of the installation and setup process (Section 6).
A list of post-installation tasks (Section 0).
A description of the uninstall process (Section 10).
Portrait Foundation Installation Guide 7 of 64
Edition 37.2
2 System requirements
For details of the current Microsoft Windows operating systems and software supported by this release, please refer to the Supported platforms section in the release notes. It is highly recommended that the latest Microsoft Windows Updates and Service Packs have been installed.
The following section lists the recommended hardware specifications for using Portrait Foundation in production and non-production environments. The details are provided as a guideline and may need to be adjusted according to the specific project requirements such as business drivers, scope and complexity of the proposed system, and the network infrastructure.
If you have any specific questions regards the specifications, please contact Portrait Customer Support. 2.1 Recommended hardware requirements The following specification is provided as a recommended minimum guideline for hardware in production and non-production environments. Full production specifications are likely to vary depending on the anticipated number and type of channels, the number of concurrent applications using the system, and the anticipated volume of users. For more details please refer to the Performance and Scalability white paper.
Production environment Non-production environment Machine Quantity Specification Quantity Specification Web server 2xDual-core 1.8 GHz processors, 2 4 GB RAM, 18 GB hard disk Process sever 2xDual-core 1.8 GHz processors, 2 4 GB RAM, 18 GB hard disk Combined Web / 2xDual-core 1.8 GHz processors, 2 Process server 4 GB RAM, 18 GB hard disk Dual core 1.8 GHz Database server Two servers in a cluster, each: One for Processor, 2GB RAM, 18GB 2 2xDual core 1.8 GHz Processor, each instance 8GB RAM, 500 GB RAID array hard disk Deployer workstation Dual-core 1.8 GHz processor, 2GB 1 RAM, 18 GB hard disk Configuration client (including Build N/A environments and test machines) EDGE server See EDGE documentation for minimum specification
Portrait Foundation Installation Guide 8 of 64
Edition 37.2
3 Production environment considerations
There are many possible hardware configurations for a Portrait Foundation production environment, although they can typically be divided into either an intranet setup where you have no interaction with an outside environment, or an internet environment where you have to take firewalls into account.
Figure 2 – Typical intranet production environment
Database Server Database Server Process/WebProcess/Web ServerServer FarmFarm (Contact(Contact Centre)Centre)
CorporateCorporate networknetwork
TelephonyTelephony ServerServer
ContactContact CentreCentre ClientsClients
OtherOther ClientsClients (branches,(branches, partners,partners, etc.)etc.)
For an intranet topology the Process and Web servers should be configured on a single box for optimum performance. You also need to provide:
A clustered database server
A telephony server (if required)
Clients for Internet and Portrait Foundation ASP.NET applications.
Portrait Foundation Installation Guide 9 of 64
Edition 37.2
Figure 3 – Typical internet production environment
Internet SwitchedSwitched networknetwork (DMZ)(DMZ)
RouterRouter FirewallFirewall Web Server Farm (Internet)(Internet)
SwitchedSwitched networknetwork (DMZ)(DMZ)
FirewallFirewall Database Server ProcessProcess ServerServer FarmFarm
CorporateCorporate networknetwork
ContactContact CentreCentre ClientsClients Web Server Farm (Contact(Contact Centre)Centre)
Other Clients TelephonyTelephony ServerServer (branches,(branches, partners,partners, etc.)etc.) Security considerations typically dictate the use of firewalls in a system that has an internet facing channel. Figure 3 shows a typical configuration for such an environment, although other configurations can be supported. The key point to note is that the Web servers and Process servers are installed on separate machines to enable the use of a firewall between them.
The following sections detail the possible hardware and software requirements needed for a production environment. 3.1 User accounts
3.1.1 Installation It is required that Portrait installations are conducted by a user with local administrator rights. 3.1.2 Runtime user accounts A significant proportion of the items detailed here only become necessary when an installation is being performed for a Portrait system that will run under a non local administrator account. This is obviously going to be the case in most ‘production’ environments and generally not the case in development environments.
In each ‘locked down’ or secured production environment, it is likely you will need to setup a number of user accounts that are used when installing and running Portrait Foundation. The required user accounts and permissions are described in the sections below, but you should note that:
The accounts described should all be separate from one another – do not be tempted to combine two of the accounts into one.
The Process Server and the database server share a domain, but the Web server should not be a member of this (or any other) domain.
Portrait Foundation Installation Guide 10 of 64
Edition 37.2
Depending on the level of security it is necessary to structure the different components of Portrait Foundation to run under different user accounts. The purpose of this is to provide a layered defence where the identity under which a component runs has only the permissions it needs to do its job. It can only communicate with the next step in the chain.
For example, the web server user should only be able to communicate with the process engine and not directly to the database. Therefore to breach the database security it is necessary to get through two layers of user security.
There are also a number of system configurations depending on the hardware available. 3.1.3 Single box environment The user setup requirements for a single box installation are mostly the same for those in a split box environment. The differences are:
The Web Server user is not required - the Process Server user is used instead.
Remote DCOM permissions are not necessary as DCOM is not required when the two tiers are elided.
It is still necessary to ensure that the permissions for Local usage are setup via DCOMCNFG (Component Services) even if DCOM is not being used.
Firewall settings are not required between the two elided tiers. 3.1.4 Split box environment In a split box production environment, the Web and Process server tiers will run on separate machines. This will therefore enable greater layering of the security control, which may be suitable for Internet facing Portrait Foundation systems.
There are a number of built in, local and domain users that will be used in a normal production Portrait Foundation installation: Virtual Directory user Virtual Directory should be set to run with Anonymous Access with PortraitVirtualDirUser as its identity. This is setup by the Portrait Foundation implementation install or can be changed directly within IIS later.
Should be local user only
Does not need admin rights either locally or for the domain
Use DCOMCNFG (Component Services) to allow this user to launch (local) and activate (local) the Portrait Foundation Services DCOM application on the Web server Application Pool user Will be running the IIS Portrait Foundation application pool. This account will impersonate PortraitVirDirUser when calls are made into Portrait Foundation services.
Can be either a specially created account or the standard Windows built-in account Network Service. The use of this Windows built-in account is recommended.
When using the built-in Network Service account, the following requirements are usually met.
Should be local user only
Does not need admin rights either locally or for the domain
Portrait Foundation Installation Guide 11 of 64
Edition 37.2
Needs to be in IIS_WPG group
Needs Impersonate client after authentication permissions in Local Security Policy
Needs ‘Logon As a Service right’ which can either be provided as part of a domain Group Policy, through the Local Security Policy or by manually adding the user to a service in Administrative Tools > Services.
Needs modify access to %SYSTEMROOT%\Temp directory (normally c:\WINDOWS\temp in Windows Server)
Needs modify access to the Temporary ASP.NET Files folder under windows .NET folder. – see later for details
The Network Service is a standard, reduced capability Windows user account, designed for web application use, limited machine access, network access. This account normally runs IIS and the worker processes. Web Server user The Portrait Foundation services on the Web server are setup to log on as this user. This is setup by the Portrait Foundation System Setup or can be changed in Services later.
Needs to be domain user to enable access to remote Process Engine services
Does not need admin rights either locally or for the domain
Needs Logon As a Service right which can either be provided as part of a domain Group Policy, through the Local Security Policy or by manually adding the user to a service in Admin Tools->Services.
Needs ‘Access this computer from the network’ rights
Needs Full Control rights to PST Registry key
Needs to be in Distributed COM Users group on the Process server
Use DCOMCNFG (Component Services) to allow this user to launch (local) and activate (local) all of the Portrait Web Tier DCOM applications on the Web Server.
Use DCOMCNFG (Component Services) to allow this user to launch (remote) and activate (remote) all of the Portrait Foundation Process Server Tier DCOM applications on the Process Server. Process Server user The Portrait Foundation services on the Process server are setup to log on as this user. This is setup by the Portrait Foundation System Setup or can be changed in Services later.
Needs to be domain user to access remote database server
Should not need admin rights either locally or for the domain
Access from the Portrait Foundation Process server to the Operational and Transient databases uses Windows Authentication so this user requires read/write access to both Portrait Foundation databases.
Needs ‘Logon As a Service right’ which can either be provided as part of a domain Group Policy, through the Local Security Policy or by manually adding the user to a service in the Services dialog.
Needs ‘Access this computer from the network’ rights
Needs Full Control rights to PST Registry key
Portrait Foundation Installation Guide 12 of 64
Edition 37.2
Use DCOMCNFG (Component Services) to allow this user to launch (local) and activate (local) all of the Portrait Foundation Process Server Tier DCOM applications on the Process Server.
This user is used for all Portrait Foundation services other than the Controller service (part of Foundation version 4 resilience feature). The controller uses the Service Control Manager API and is run under the LocalSystem account. SQL Server account
Used to run SQL Server instance
Should be separate from Process Server user to limit the access that is available. Installation user Is used to install, update or configure Portrait Foundation.
Should have local admin rights on both Web and Process servers
Needs rights to create and configure Portrait Foundation database on Database server
In order to allow reconfiguration of Portrait Foundation it is necessary to add ‘Access’ permissions to the Installation user on both Web and Process servers (this might already be met, if the account is a local admin).
Select the DCOM Config tree element under My Computer. Right click ServiceHost and select properties
Add permissions for the Installation user to the ServiceHost components 3.2 Machine setup and security considerations The following issues are not specific to any particular tier or installation type. The steps are provided as areas to be covered off or checked and may not require any action. 3.2.1 Windows PowerShell The installation and setup process requires Windows PowerShell v2.0 to configure Portrait Foundation systems. Version 1 and 2 of PowerShell are installed into the same location. To ensure you have the correct version installed launch a command prompt and type PowerShell then type $host.
The execution of Windows PowerShell scripts on a machine can be controlled by administrators via the PowerShell execution policy configured on the machine.
Portrait Foundation Installation Guide 13 of 64
Edition 37.2
Windows PowerShell has four different execution policies:
Restricted: No scripts can be run. Windows PowerShell can be used only in interactive mode.
AllSigned: Only scripts signed by a trusted publisher can be run.
RemoteSigned: Downloaded scripts must be signed by a trusted publisher before they can be run (recommended).
Unrestricted: No restrictions; all Windows PowerShell scripts can be run.
If the PowerShell execution policy for the ‘LocalMachine’ scope is set to ‘Restricted’ then this will prevent the execution of any PowerShell scripts and you will receive the following error:
File
Portrait Foundation Core Software installer requires that the execution policy for the ‘LocalMachine’ scope is set to a minimum of ‘RemoteSigned’. To do this:
Launch PowerShell in Admin Mode from the command line. If it’s a Windows 64-Bit OS, then launch the PowerShell(x86) command line in Admin Mode.
Type this command on the console: Get-ExecutionPolicy -List
If you do not see the above setting, then the scope needs to be updated using the following command:
Set-ExecutionPolicy RemoteSigned -Scope LocalMachine
NB: When the Portrait System Setup Tool executes these PowerShell scripts, it will automatically set the ‘LocalMachine’ execution policy to ‘RemoteSigned’. This is the same approach Microsoft uses with Exchange: http://blogs.msdn.com/b/powershell/archive/2010/02/12/building-on-powershell- execution-policies.aspx 3.2.2 Windows Server Roles Windows Server systems that support the Web tier must have the Web Server (IIS) role selected in the Roles section of the Server Manager application. For more details see Internet Information Server below. 3.2.3 Firewall Windows Firewalls will tend to allow outbound calls but prohibit inbound calls. This default setup does not allow operation of DCOM through the Firewall. The
Portrait Foundation Installation Guide 14 of 64
Edition 37.2
appendix in this document details possible approaches to allowing Portraits DCOM usage via the Firewall. It must be noted that any DCOMCNFG (Component Services) settings, registry settings, and Firewall definitions may need to be done not only on the Process Server tiers but also on any client tiers (e.g. Web, Telephony).
Portrait Foundation can be setup and used in environments where Windows Firewall is active and blocking any incoming requests for which there is not an explicit rule (this is the more restrictive setting – the other being to allow incoming traffic unless there is an explicit prohibition).
For successful operation in a split box environment it is necessary to alter the Firewall settings to allow the DCOM inbound to the Process Server and inbound to any other Portrait Foundation servers that register for SysConfig callbacks. This will include most Portrait Foundation Server types (e.g. Web).
Failure to do so causes initialisation failure of ServiceHost (Portrait Foundation’s Windows Service hosting executable).
Further to the above, there are also occasions where specific changes are needed to the Firewall in order to allow traffic on certain ports to reach its destination. In a secure environment where inbound traffic is restricted, the following changes may need to be made. Client Events There are several modifications required overall to ensure that Portrait Client Events function correctly. This section is only concerned with changes that are required to the Firewall.
On all Foundation servers, an inbound exception in Windows Firewall should be added at the Domain level to allow traffic on UDP ports 5675 and 5680 through to the Portrait ServiceHost (HostU.exe) application.
On all clients that wish to communicate with the Foundation servers, you are also likely to need a similar Firewall exception to allow traffic on the same ports through to the Microsoft HTML Application Host program (mshta.exe).
When run from an administrative prompt, the following command can be used to add the above exception to each server’s Firewall.
netsh advfirewall firewall add rule name="Foundation Client Events" dir=in profile=domain action=allow program="C:\Program Files (x86)\PST\Portrait Foundation\common\bin\HostU.exe" protocol=UDP localport=5675,5680
[Note that the path to the HostU.exe file may be different in your installation.]
When run from an administrative prompt, the following command can be used to add the above exception to each client’s Firewall.
netsh advfirewall firewall add rule name="Foundation Client Events" dir=in profile=domain action=allow program="C:\Windows\System32\mshta.exe" protocol=UDP localport=5675,5680
The above port numbers are the default values. They can be reconfigured through the Portrait Foundation Management Console under the ‘Client Events’ property page. Portrait Management Console (MMC) In order for the Portrait MMC to be able to communicate with Portrait Services on other configured Portrait servers, an inbound exception in Windows Firewall should be added at the Domain level to allow traffic on UDP ports 16812 to 16813 to every Portrait server.
When run from an administrative prompt, the following command can be used to add the above exception to the local server’s Firewall.
Portrait Foundation Installation Guide 15 of 64
Edition 37.2
netsh advfirewall firewall add rule name="Foundation MMC" dir=in profile=domain action=allow protocol=UDP localport=16812-16813
Note that if the implementation has more than one Portrait ‘system’ configured, then two extra ports for each system should be sequentially included upwards from the above port values. 3.2.4 Portrait controller service Since version 4.1, Portrait Foundation has supported Server ‘Resilience’. If configured for Resilience (often referred to as ‘Failover’) each Portrait Foundation system will have a Controller Service. It is this service that manages the Primary and Alternate services that deliver the Portrait Foundation functionality. This service need not run as a Local Administrator account but can be run as the LocalSystem account. As detailed elsewhere, all Portrait Foundation services need to run with:
Full access to the install directory (e.g. C:\Program Files\PST\Portrait Foundation)
Full access to the Windows temp directory (e.g. C:\Windows)
Full access to the registry keys HKLM\Software\PST and below
DCOMCNFG (Component Services) Launch (local) and activation (local) permissions for all Portrait Services (e.g. Client Events, Service Controller, Primary and Alternate ServiceHost).
Log on as a service right in the Local Policy 3.2.5 Add Read and Execute Permissions to Portrait folder By default users have read and execute permissions to the Portrait Foundation program folder. However, following the spirit of Windows Server security, some customers have locked down access to only allow users access to certain programs.
Therefore we have experienced situations where it has been necessary to add read and execute permissions to the PST directory under Program Files. 3.2.6 PST Registry Key Access Although the configuration of a Portrait Foundation system is performed mainly through its central database, a variety of machine specific settings are held within the servers registry. Also, a number of system wide settings are written locally to the registry for performance reasons. As a result, it is necessary for the Portrait Foundation services to be able to read from and write to the [HKEY_LOCAL_MACHINE\Software\PST] registry key and its sub-keys.
Under Windows Server the default for any newly added registry settings is for users to not have access to them.
Therefore, because the SysConfig component retrieves Portrait setup information from the database and writes it to the registry, Portrait cannot work with the out of the box settings. Note, the Web server service does not access the database directly, but through the Process server.
After installation of Portrait Foundation, it is necessary to find the [HKEY_LOCAL_MACHINE\SOFTWARE\PST\Portrait] key and add full control privileges to the Portrait Foundation services users and this needs to be inherited by any sub keys.
Portrait Foundation Installation Guide 16 of 64
Edition 37.2
3.2.7 DCOM Security Within some Windows Server versions, remote access to DCOM components is locked down by default. To allow remote communication using DCOM, explicit permissions must be added either generally across the server or to additional DCOM applications. This is performed using Component Services under Computer Management.
Some Windows Server versions have built-in local group called “Distributed COM Users”. If an account needs to invoke DCOM remotely, it has to be a member of this group on the target machine.
Some Windows Server versions have a global setting, which can enable/disable DCOM on the server level. This setting (“Enable Distributed COM on this computer”) is normally switched on, but it is worth checking via Component Services -> Default Properties tab of “My Computer”.
To allow the Portrait Foundation services on the Web server to be able to communicate with the Portrait Foundation services on a separate the Process server it may be require that:
DCOM be enabled on the Process server
Permissions must be explicitly added within DCOM Configuration
Portrait Web Service account must be a member of Process server “Distributed COM Users” local group 3.2.8 Services permissions
Non-administrative service There are a couple of extra steps required to allow non-administrative account to account control the Portrait Services. The first is to allow the account access to the Service Manager (SCManager), and the second is to arrange the necessary permissions for the Portrait Services.
The first step is to download a free Microsoft tool called SubInAcl.exe.
In the same folder as the above SubInAcl.exe file create a batch file containing the following text:
@echo off rem *********************************************************************** rem This batch file will allow a domain account that is not a member of the rem machine's administrator group to be used to run the Portrait Services. rem ***********************************************************************
set /P sysname="What is the name of your Portrait system (e.g. MyPortrait)? " set /P domain="What is the domain of the Portrait Service account that you want to have permissions? " set /P user="What is the username of the Portrait Service account that you want to have permissions? " rem Set the access for SCManager first. We require SC_MANAGER_ALL_ACCESS for this account...
rem The following will give full access to SCManager to all Authenticated Users. sc.exe sdset SCManager D:(A;;KA;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA ;KA;;;WD)(AU;OIIOFA;GA;;;WD) rem Now give the account full permissions on the four Portrait Services...
FOR %%A IN (Controller ClientEvents WebServicePrimary WebServiceAlternate ServiceHostPrimary ServiceHostAlternate) do ( for /F "tokens=3 delims=: " %%H in ('sc query %sysname%%%A ^| findstr " STATE"') do (
Portrait Foundation Installation Guide 17 of 64
Edition 37.2
subinacl /outputlog=%%A_perms.txt /service %sysname%%%A /grant=%domain%\%user%=F type %%A_perms.txt >>Permissions_Change.txt del %%A_perms.txt ) ) pause
Save the file with the name ApplyServicesPerms.bat.
Running the file from an elevated command prompt will ask you to supply the Portrait system name and the domain and username of the service account. It will then alter the Service Manager and the Portrait services to allow your non- administrative user to be used to control them.
If you wish to revoke permissions for this account, please refer to Knowledge Base article Q11756 on the Portrait Customer Support web site. 3.3 Web servers This section describes tasks necessary for preparing the environment on a web server. The details are appropriate, unless explicitly stated otherwise, for both single box installations and split box installations. 3.3.1 Internet Information Server IIS 7.5 and 8 Portrait is designed to work with and rely on IIS functionality. Therefore IIS must be installed prior to any Portrait Foundation installation.
The following World Wide Web Service features must be installed.
Application Development Features
o ASP.NET [4.5 for IIS 8]
Common HTTP Features
o Default Document
o Static Content
For IIS 7 and 8 you need to ensure that ASP.NET v4.0.30319 (32-bit version - %SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll) is set to Allowed in the “ISAPI and CGI Restrictions” section of Internet Information Services (IIS) Manager.
In previous versions of Foundation, IIS 7 was only supported through the Classic Managed Pipeline Mode and required the IIS 6 Compatibility features to be installed. All Portrait Foundation applications have been updated to run using the Integrated Managed Pipeline Mode so the IIS 6 Compatibility features are no longer required.
NB: If your Portrait Foundation Implementation makes use of the Microsoft IE Web Controls (v1.0) then the IIS 6 compatibility options still need to be installed via the role management application. This applies to all customers using EDGE2020. Application Pools Application Pools allow administrators to define groups of applications which run under their own process. Failure of one process should not affect applications running under other processes.
Portrait Foundation Installation Guide 18 of 64
Edition 37.2
For IIS 7 and 8, the application pool used by the Portrait Foundation applications must be configured to use the Integrated Managed Pipeline Mode and the .NET Framework Version must be set to v4.0
It is recommended that Portrait ASP.NET applications are run within their own application pools for a number of reasons:
It protects Portrait from failures in other applications
It protects other applications from failures in Portrait Software
It provides a number of mechanisms for improving the resilience of a Portrait ASP.NET application.
The recommended configuration of a production Portrait Application Pool includes:
Recycling settings
When an IIS pool worker process is being recycled, its current context is thrown away and the context needs to be reloaded when the process starts again. Sudden drops in response have been observed during these recycling periods and therefore this mechanism should be used with caution. An example of how to determine whether recycling is appropriate is to use the Performance Monitor to examine the Requests Executing counter in ASP.NET Applications. If the number of requests increases without returning to normal, the worker process or processes are likely to be hanging. It is recommended, as good maintenance practice, to configure IIS to recycle processes at a time outside business hours. The following options can assist if you are experiencing responsiveness issues with your Portrait application, but should be checked during performance testing to determine whether they are required. Recycle on Minutes – this automatically recycles the processes assigned to Portrait in order to pre-empt problems caused by long running processes. Note that if there are multiple processes running, recycling of processes does not occur at the same time. Each additional process is recycled at an offset- time from the first. Recycle on Requests – automatically recycles the process assigned to Portrait after a number of requests has been reached, in order to pre-empt problems caused by long running processes. Recycle on Memory – automatically recycles the process assigned to Portrait if a pre-determined amount of memory is consumed. This option may be appropriate if memory used by the process is seen to only increase, or there is a sudden increase in memory that is not reclaimed. Performance settings
Idle timeout – automatically shuts-down processes after they have been idle for a selected number of minutes. It is recommended that this option is turned off, particularly where the server is only hosting your Portrait application. Maximum Worker Processes – used for distributing the workload across multiple processes, to reduce contention for resources used by all worker processes. Typically, the number of processes would be 2, but an accurate number of processes depends upon your system requirements, and should be determined during performance testing. Health
Ping: Ping Worker Process Every (in seconds): 30. This is intended to allow IIS to detect a failure in the worker process and automatically recycle that process. 30s is seen as a practical balance between reducing the overhead of too frequent pings and detecting failures as quickly as possible. Rapid-fail protection: Disable. While this prevents a rogue application from reducing the performance of a web server supporting multiple web
Portrait Foundation Installation Guide 19 of 64
Edition 37.2
applications, in Portrait scenarios where it is the only application running this is not as beneficial. In our case we would want the Portrait ASP.NET application to return to operation as quickly as possible. Identity: Network Service. The Microsoft recommendations are to use the Built In Network Service account for the worker process identity.
It should be noted that it is also recommended that these resilience settings are NOT used in general testing as they will mask issues which could be found and fixed before the system goes live. They are intended as a measure to reduce the impact of system bugs from affecting production users. Temporary ASP.NET Files folder ASP.NET compiles aspx files into runtime class objects rather than interpreting them at runtime as old asp applications used to work. The benefit is enhanced performance after initial use.
When ASP.NET runs, it compiles the files to a temporary folder under the windows folder:
%SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files
Where %SYSTEMROOT% is likely to be C:\Windows or similar
In order for the ASP.NET application to perform this compilation, the identity under which it is running needs access to the folder to read, write and to create folders.
This can either be added directly for the identity under which the Portrait Foundation Application Pool is running or by giving access to the IIS_WPG group of which the Application Pool user needs to be a member.
If this is added via the IIS_WPG group then it should be noted that the default may be for IIS_WPG to only have read access to the temporary ASP.NET folder. Therefore, Modify access needs to be added to the group.
NOTE: If this is the first ASP.NET application on this machine it may be necessary to create this folder in order to add the permissions to it as it doesn’t exist by default. Portrait Virtual Directories Each of the Portrait Foundation web applications, for example Contact centre, Internet channel application or exposed Portrait Foundation web service, will be hosted in their own virtual directory. The virtual directory is the container for all the web pages and .NET assemblies needed to run the ASP.NET application.
IIS expects the Virtual Directory setup to define how users should be authenticated when accessing the virtual directory. The recommended approach will be defined later, but for information on other approaches consult IIS documentation. 3.3.2 Installation on 64-bit operating systems While possible to run Portrait Foundation on 64-bit versions of windows, it should be noted that the 64-bit version of ASP.Net is not supported. To enable Portrait Foundation on 64-bit versions of windows, you must enable the 32-bit version:
1 From the Windows Start menu launch Administrative Tools > Internet Information Services (IIS) Manager.
2 Select Application Pools, right click the application pool that the Portrait Foundation applications are using and select Advanced Settings…
3 Set Enable 32-Bit Applications to True.
Portrait Foundation Installation Guide 20 of 64
Edition 37.2
To install the 32-bit version of ASP.Net, and to install the script maps to IIS, type the following:
%SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i
3.3.3 Portrait Foundation service This is a service running on the Web Server which handles any communication between the Application Virtual Directory and Portrait Foundation Process Server. For single box installs this service does not exist as a separate Windows service; it is rolled up into the ServiceHost service that runs on the Process Server tier. 3.4 Process servers
3.4.1 Portrait Foundation service The Process Server runs a service which must be configured to run under the domain account described above as Process Server user account A. The service is called Service Host, and as its name implies it implements many functions. 3.4.2 Database access The Process Server must be a member of the same domain as the database server. The domain account created for the services on the Process Server should be given the database permissions required to use the Portrait Foundation database. 3.5 Portrait Telephony server
3.5.1 Services The Portrait Telephony Server runs a set of services, which must be configured to run under the domain account described above as User account A. These are:
AMC Service Host
AMC Telephony Server 3.5.2 Security pre-requisites In the standard implementation, the Portrait Telephony Client (PTC) is implemented within the JavaScript file downloaded to client workstation from the Web Server. In order to integrate to the telephony infrastructure, PTC needs to create an HTTP connection to the Portrait Telephony Server (PTS). Within the context of Internet Explorer, such communication is referred to as cross-domain data access. When browsing the content of unknown and non-trusted sites, cross-domain data access may pose significant security risks. Therefore, Internet Explorer default security settings for Internet and Intranet zone prohibit such script activity.
In the case of a CTI-enabled Portrait Foundation implementation, cross-domain data access is desired behaviour, as it enables communication of an agent with telephony infrastructure. As such, the ability to perform cross-domain data access forms the pre-requisite of Portrait Foundation CTI deployment.
Portrait Software recommends that, in order to enable cross domain data access in most secure way, the deployment environment owners ensure that
all Web Server URLs used by a particular environment are added into Trusted Sites security zone in the Internet Explorer security settings on client workstations belonging to this environment, and
Portrait Foundation Installation Guide 21 of 64
Edition 37.2
the security policy for Trusted Sites security zone enables cross-domain data access (see “Access data sources across domains” setting below).
Various system management tools allow distribution of the above settings to agent workstations. The Internet Explorer Administration Kit (IEAK) is the systems management tool Microsoft recommends for such tasks.
Adding Web Servers into Trusted Sites security zone, the whole content of the servers is going to be trusted by particular client workstation. This step should, therefore, be made in line with reviewing the content and security policies of incriminated web servers. The impact on other trusted sites within agent workstation configuration should also be considered. Portrait Software cannot be held responsible for the damage caused by inappropriate web server security mechanisms or third party content hosted on the same web server.
Portrait Foundation Installation Guide 22 of 64
Edition 37.2
4 Non-production environment considerations
Read this section if you are unfamiliar with Portrait Foundation, and are installing it in a non-production environment, or on a proof of concept or demonstration machine. Depending upon requirements and the scope and complexity of the proposed system, a number of environments may be required (for example, Development, Integration, System Test, Performance Test, User Acceptance Test, Support and Training).
Figure 4 – Non-production environment
ProcessProcess ServerServer WebWeb ServerServer
DevelopmentDevelopment ClientsClients
DatabaseDatabase ServerServer
BuildBuild ControlControl ClientClient
TelephonyTelephony ServerServer
TestingTesting ClientClient
SourceSource ControlControl Database Admin Client Database Admin Client ServerServer Business Analyst Client Business Analyst Client Figure 4 shows the different types of client and server that you may require during development. The exact configuration of the environment depends on which features your solution needs to support and the resources you have available during development. Each system is described in greater detail in the following sections. 4.1.1 Servers In the implementation environment, wherever possible servers can be installed and run on the same machine. This reduces the space taken and cost of the environment. It is important to note that the sharing of machines does not in any way detract from the quality or usability of the environment.
The servers required in the environment are detailed below. Source Control server and/or Network share Portrait Foundation requires that you have a source control system in place. It has been designed to work with TFS, ClearCase or its own internal snapshots source control. Integration with other source control systems is available through the Microsoft Source Code Control API. The source control system may have a
Portrait Foundation Installation Guide 23 of 64
Edition 37.2
dual role: as well as being used to store configuration snapshots to provide a change history and views of the configuration at major points in the project development lifecycle. It can also be used as a source code repository for C# and Web development.
If you are using Portrait snapshots then a Network share may be required to share the Configuration Repository between multiple users. It is possible to create more than one master snapshot on the network, with local snapshots for individual users on their own machines. Web server The Web server is used specifically for testing purposes. Developers can have most of Portrait Foundation installed on their own development machines.
The Web servers should be configured to accommodate two logical drives, traditionally C:\ for hosting binaries, and D:\ for hosting the Web files.
In a production environment, security considerations may dictate that web servers are installed on dedicated machines. However, in a development or test environment, it is common for web servers to share the same machine as a Process Server. Process server The Process Server is used specifically for testing purposes. Developers can have most of Portrait Foundation installed on their own development machines. Database server The database server will hold at least two databases. One will be used for development and the other for testing. This is vital to ensure that test data is not corrupted.
Should it be necessary to include data mart or any analytics/MIS/DSS and so on, more databases will have to be created on the server.
It is worth ensuring that there is a file server available for regular backups. This will ensure that data can be restored in the event of corruption. EDGE server If your Portrait Foundation implementation interacts with EDGE, then an EDGE server is required for testing purposes. 4.1.2 Client Machines The number of client machines will vary depending on the size of the development team. You can add as many or as few of the machines listed to the environment. Comments on each client machine are provided below. Stand-alone client Used for off-site demonstrations, these machines must have both the software for the development client and the database server. Development client Used by the development staff, these machines will have various software packages installed on them that will reduce the need for separate servers to exist within the environment. This software enables the developers to develop and run the application on their own machines without having to connect to dedicated external servers. Build control client The regular builds, as well as other ad-hoc builds, will be performed on this machine.
Portrait Foundation Installation Guide 24 of 64
Edition 37.2
You may wish to dedicate a PC to just building any C# components (or C++ components if you a have any existing COM components that you need to recompile) that you develop as part of an implementation project, for example, custom nodes, integration modules and so on. This is useful if you have many developers working simultaneously, and want one PC with the snapshot of the code from everyone on it to create a build to be used for integration testing. Alternatively this function can be performed by one of the development team on their development client PC. Test client Because the test environment has to be as isolated from the development environment as is possible, the test client will make use of dedicated Web and Process Servers. Furthermore the test machine will make use of its own database, residing with the development database, on the SQL Server. Test and development share the remaining server. Database administrator client The inclusion of this client in the environment is optional. Should the implementation involve only the online transaction processing side of the database, a DBA client will not be necessary, but if the analytical processing side is also required it is suggested that the DBA client is included. It should also be noted that all DBA work could be performed on the SQL Server but the inclusion of a dedicated client is advised. Business analyst client In a large implementation team you may find that some members of the team are just doing configuration activities and no Web or code development. In this case, you do not need to install all the software required for a development client (e.g. Microsoft Visual Studio, Portrait Foundation SDK). In this case you can create a business analysis client, which is a PC setup just for configuration activities. 4.1.3 Implementation, system test and user acceptance test environments The implementation, system test and user acceptance test environments should increasingly resemble the production environments, and may be dependent on what machines are available.
The user acceptance test environment should be as close to the final production environment as possible.
Portrait Foundation Installation Guide 25 of 64
Edition 37.2
5 Pre-installation tasks
You must carry out the steps in this section before you install Portrait Foundation. If you miss a step here, you may find that Portrait Foundation will not run as expected. 5.1 Required steps
5.1.1 Setup user accounts Before installing Portrait Foundation, you must setup the user accounts described in Section 3.1 5.1.2 Enable the relevant Windows access permissions Before installing Portrait Foundation, you must setup the relevant access permissions described in Section 3.2 5.1.3 Create or upgrade database You must create a Portrait Foundation operational database (and transient database if required) before creating a Foundation System with the System Setup tool. If you are upgrading from a previous version of Portrait Foundation a database upgrade is required. Please refer to the Database Setup Guide and Portrait Upgrade Guide for more details. 5.1.4 Support for SQL Server 2014 and 2016 SQL Server 2012 was the last Microsoft SQL Server release to support the Microsoft OLE DB Provider for SQL Server.
http://blogs.msdn.com/b/adonet/archive/2011/09/13/microsoft-sql-server-oledb- provider-deprecation-announcement.aspx
Customers wishing to use SQL Server 2014 or 2016 must ensure that the SQL Server Native Client (OLE DB) provider is installed on the Process Server. The System Setup tool and other components will try to use the following OLE DB providers in this order:
SQL Server Native Client 11.0
SQL Server Native Client 10.0
Microsoft OLE DB Provider for SQL Server
If neither of the SQL Server Native Client (OLE DB) providers are installed, the Microsoft OLE DB Provider for SQL Server will be used. The use of this provider with SQL Server 2014 and 2016 in not supported by Portrait Foundation.
All Generic Data Access Systems using SQL Server 2014 or 2016 must also be updated in the Management Console. Making sure the connection string uses the correct SQL Server Native Client (OLE DB) provider. 5.2 Optional steps
5.2.1 Install QuickAddress Portrait Foundation provides integration to Experian QAS. Customers wishing to use this functionality should have the relevant supported version of the
Portrait Foundation Installation Guide 26 of 64
Edition 37.2
QuickAddress API installed on the Process Server before installing Portrait Foundation. Please refer to the release notes for details of supported versions. 5.2.2 Setup a Telephony server Portrait Foundation provides integration to Genesys Server. Customers wishing to use this functionality must have a working Genesys Server with the appropriate supported software already setup before running the System Setup Tool. Please refer to the release notes for details of supported versions. 5.2.3 Prepare for Demo component installation If you wish to install any of the demo components please refer to the Demonstration Components User Guide. Please note that these are demonstration features that are not designed for use in production systems. 5.2.4 Create IIS Web Site If you do not wish to use the default Web site, you can create your own Web site before installing Portrait Foundation. It is recommended that an Internet-facing Web server use a non-default Web site container. In this scenario the default Web site should ideally be deleted.
If you do not wish to delete the default Web site, but still want to use a non- default Web site name, the default Web site must be either stopped or transferred from TCP port 80 to another port. Port 80, the standard HTTP port, will be required for use by the Portrait Foundation Web site.
Portrait Foundation Installation Guide 27 of 64
Edition 37.2
6 Installing Portrait Foundation
All the files required to install Portrait Foundation are provided on the release media. Ensure that you have carried out all the pre-installation tasks described in Section 5 before you start the install.
During the course of the installation, you are asked which components you wish to install. You should choose the appropriate components for the individual servers which you are installing.
NB: The Core Software install only needs to be run once. A separate System Setup Tool is now provided for creating multiple Portrait Foundation systems. Implementation installs still need to be run per system.
The Portrait Foundation installation encompasses:
Checking pre-requisites.
o Microsoft Windows Installer
o Microsoft Windows PowerShell
o Microsoft .NET Framework
o Microsoft MSXML
Installing redistributables.
These can be found in the ISSetupPrerequisites directory of the Core Software install and include:
o Microsoft Visual C++ (x86)
o Microsoft Primary Interoperability Assemblies
Creating directory structures.
Installation and registration of the selected feature components.
Setting up the relevant registry information.
o Details of the installed features are stored under:
[HKEY_LOCAL_MACHINE\SOFTWARE\Pitney Bowes Software\Portrait]
o The setup details of each Portrait Foundation system are stored under:
[HKEY_LOCAL_MACHINE\SOFTWARE\PST\Portrait]
Modifying system environment variables.
“
Web server specific installation of the Portrait_Client web files in C:\inetpub\wwwroot.
Portrait Foundation Installation Guide 28 of 64
Edition 37.2
6.1 Core Software install
1 Ensure that you are logged on as an Administrator (Process Server user account A). If you do not have administrator privileges, the installation will not run.
2 From the release media browse to Software\Installsets\Core_software
3 Double click setup.exe to start the installation.
4 If a User Account Control prompt appears, click Yes to continue.
5 Setup will perform the relevant checks and launch the MSI.
6 Once this is complete, click Next on the Welcome screen.
Portrait Foundation Installation Guide 29 of 64
Edition 37.2
7 Select the relevant installation folder and click Next.
8 Select the relevant setup type and click Next. For more details about the available program features see Section 6.1.1.
Portrait Foundation Installation Guide 30 of 64
Edition 37.2
9 If the custom option is selected, the following options will be available. Select the relevant features and click Next.
10 To start the installation click Install.
Portrait Foundation Installation Guide 31 of 64
Edition 37.2
6.1.1 Program features The following features are provided.
Feature Description
Client Tools Installs the Configuration tools, Localization tools, Profiling tools, Service Generation wizard and Data Mart creation utility.
Process Server Installs the core runtime components required by all Portrait Foundation systems.
QAS Installs the components that provide address lookup through integration to QAS (requires QuickAddress).
Inbound Simplex Installs the document management and queue listener components.
Demo Post Installs the demonstration components that provide simple document management capabilities (requires Microsoft Message Queue Server).
Web Server Installs the web components required to run all Portrait Foundation applications (requires Microsoft Internet Information Services).
Telephony Server Installs the Portrait Telephony Server components that provide integration to Genesys via the TServer API.
SDK Installs the Portrait Foundation Software Development Kit. This includes the Build environment, MSI implementation install and Visual Studio templates.
Selecting the “Typical” setup type will install the following features:
Client Tools
Process Server (excluding QAS and Inbound Simplex)
Web Server 6.1.2 Modify To modify the features installed on a machine, run the Portrait Foundation Core Software install (setup.exe) as above, click Next and select Modify.
Once you have selected the relevant features to modify and the installation is complete, it is important to re-run System Setup for each existing system.
NB: In a split box environment any changes to the Process Server will also require System Setup to be re-run on the associated Web Server.
Portrait Foundation Installation Guide 32 of 64
Edition 37.2
7 Setting up a Portrait Foundation system
The setup of multiple Portrait Foundation Systems is now performed via the System Setup Tool. This tool is responsible for capturing all the information required to setup a Portrait Foundation system, based on the features that have been installed. It can then be run many times to setup additional systems and update or remove existing systems. The use of this tool is described below. 7.1 System Setup Tool If the Core Software install is not being run via the command line, then at the end of the install the System Setup Tool will be launched. This is the default behaviour and can be changed by unselecting the “Launch Portrait Foundation System Setup” option before pressing Finish in the install.
The System Setup Tool can also be launched from the Windows Start menu under All Programs > Portrait Foundation.
The tool consists of a number of settings pages used to capture the data required to setup a Portrait Foundation system. It is possible to navigate to each page by clicking on the Settings links, using the defined keyboard shortcuts or using the Next and Previous buttons.
Portrait Foundation Installation Guide 33 of 64
Edition 37.2
The pages displayed are dependent on the installed features. The following pages will be displayed when you a creating a new system for the first time. If a system already exists when System Setup is launched then the first page displayed is Overview.
Installed feature(s) Pages
Client Tools only System
Operational database
Process server
Process Server only System
Operational database
Transient database
Web Server only System
Process server
Telephony Server only System
Operational database
Telephony server
Typical System
Operational database
Transient database
Complete System
Operational database
Transient database
Inbound simplex
Telephony server
See Appendix B for a more details on these pages.
NB: For SDK only installs System Setup is not required, so this tool is not installed.
Portrait Foundation Installation Guide 34 of 64
Edition 37.2
Validation occurs at the page level and is triggered when a page is selected. Errors are indicated by a red exclamation icon. Hovering over this icon displays a tooltip with the validation error.
Clicking the Apply button will trigger two levels of validation. First it validates that all the data captured by the pages is correct. If any errors are found the following message will be displayed.
The second level of validation covers.
Validation Comments
Portrait Telephony Server (PTS) setup. The To setup the PTS additional PTS does not support multi-tenancy so it is system may need to be only possible to setup one Portrait removed. Foundation system.
Database validation to ensure that the If any problems are identified, selected database is a valid Portrait a warning message is Foundation database and has been displayed to the user, but they upgraded to the correct version. can choose to continue if required.
Domain user validation to ensure the Setup cannot continue without credentials provided are correct. valid domain user credentials.
Portrait Foundation Installation Guide 35 of 64
Edition 37.2
7.1.1 Creating a new system To create a new system, launch the Portrait Foundation System Setup Tool. If another Portrait Foundation system has already been created then the Overview page will be display. If this is the first Portrait Foundation system to be created then the System page will be displayed.
Navigate through the settings pages and enter the relevant data. The Apply button can be clicked at any point to check for any missing or invalid data.
Once all the relevant data has been captured, click Apply. As long as there are no validation errors the System Setup Launchpad will be displayed.
At this point all the data captured will be saved into an XML settings file in “%ProgramData%\Pitney Bowes Software\Portrait Foundation” using the following format:
FdnSystemSettings_
If you created a system called “MyPortrait” the settings file would be:
C:\ProgramData\Pitney Bowes Software\Portrait Foundation\FdnSystemSettings _MyPortrait.xml
At any point during the data capture process the Save settings action can be used to save the current values entered to a specific file. These files are not removed during uninstallation. For security reasons passwords are never stored in this file.
Click Start to create the new Portrait Foundation system. The outcome of System Setup will be displayed in the log. If the system has been created successfully, clicking Close will cause the tool to refresh displaying the Overview page.
Portrait Foundation Installation Guide 36 of 64
Edition 37.2
The System Setup Tool uses PowerShell to setup the Portrait Foundation system. One of the first steps in this process is to generate a PowerShell script that is used to create the Portrait Foundation system. For reference the name of this file is logged at the start of the process.
These files are not removed during uninstallation and can be used to automate the installation process. See section 8.2 for more details. 7.1.2 Updating an existing system If you have modified the Core Software features installed on a machine then you must re-run System Setup for each existing system. This process will completely remove the existing Portrait Foundation system and create a new one based on the newly modified installation features.
NB: When doing this it is important that the Portrait Foundation services for this system are stopped using Service Check and that all Portrait Foundation applications are closed. This includes Service Check and the Windows Service management console. If a split box environment is in use and you are updating the Process Server, then the relevant Web Server’s Portrait Foundation services should also be stopped.
To update an existing system, launch the Portrait Foundation System Setup Tool. The first Overview page will display a list of existing systems with their current state.
To avoid re-keying all the required details, a previously saved settings file can be loaded. Passwords are never stored so always need to be entered. When a system is initially created via the System Setup Tool the data captured is saved in a settings file. To load the settings for a specific system, click the Load settings action.
Portrait Foundation Installation Guide 37 of 64
Edition 37.2
Select the relevant settings file and click Open. All the data saved in the file will be used to populate the pages. As passwords are not saved these need to be entered manually.
Navigate through the pages and enter any missing mandatory data. The Apply button can be clicked at any point to check for any missing or invalid data.
Once all the relevant data has been captured, click Apply.
Click Start to unregister the existing Portrait Foundation system and create a new one based on the newly captured data. The outcome of System Setup will be displayed in the log. If the system has been created successfully, clicking Close will cause the tool to refresh displaying the Overview page.
If any errors occur during system setup please refer to section 11 for help on resolving the problem.
Portrait Foundation Installation Guide 38 of 64
Edition 37.2
7.1.3 Removing an existing system The System Setup Tool allows you to remove one Portrait Foundation system at a time. For details on how system removal can be achieved via the command line please refer to Appendix C.
To remove an existing system, launch the Portrait Foundation System Setup Tool. The first Overview page will display a list of existing systems with their current state.
Select the System page, use the System name dropdown to select the existing system you wish to remove and tick the Remove checkbox. This will disable most of the UI except the Apply and Close buttons. This is because removal only requires the system name, no other details are relevant. If you wish to re-enable all the controls then simply untick the Remove checkbox.
Click the Apply button.
Click Start to remove the selected system. The outcome of System Setup will be displayed in the log. If the system has been removed successfully, clicking Close will cause the tool to refresh.
Portrait Foundation Installation Guide 39 of 64
Edition 37.2
If any errors occur during system setup please refer to section 11 for help on resolving the problem.
Portrait Foundation Installation Guide 40 of 64
Edition 37.2
8 Installing Portrait Foundation silently
8.1 Installation The Core Software installation uses MSI technology to enable installs to be run “silently” via the command line.
setup.exe /s /v"/qn ADDLOCAL=<
ADDLOCAL (optional) - Used to define the specific features to install. If not supplied, all program features will be installed. The following features can be specified on the command line.
Common,CommonRelease o ClientTools,ClientToolsRelease o Process,ProcessRelease . QAS,QASRelease . InboundSimplex,InboundSimplexRelease DemoPost,DemoPostRelease o Web,WebRelease o Telephony,TelephonyRelease o SDK
All selectable features that are available thought the GUI are dependent on “Common,CommonRelease”. To correctly install any of these features, the hierarchy above must be followed. Examples
Feature(s) Command
Client Tools only ADDLOCAL=Common,CommonRelease,ClientTools,ClientTool sRelease
Process Server ADDLOCAL=Common,CommonRelease,Process,ProcessRelea only se
Web Server only ADDLOCAL=Common,CommonRelease,Web,WebRelease
Telephony Server ADDLOCAL=Common,CommonRelease,Telephony,Telephony only Release
SDK only ADDLOCAL=Common,CommonRelease,SDK
Client Tools, ADDLOCAL=Common,CommonRelease,ClientTools,ClientTool Process Server & sRelease,Process,ProcessRelease,Web,WebRelease Web Server only
Portrait Foundation Installation Guide 41 of 64
Edition 37.2
8.2 System Setup When the System Setup Tool is used to create (or update) a new system, it generates a PowerShell script. This .ps1 file should be used by customers as a template to create their own scripts. It can be parameterized to pass in the relevant values that may change per environment. Please refer to section 7.1.1 for details on how this file is generated.
This generated script can be run via the command line using the following PowerShell command:
PowerShell -file "%ProgramData%\Pitney Bowes Software\Portrait Foundation\SetupFdnSystem_<
NB: Always run the 32-bit version of Windows PowerShell. On a 32-bit Windows operating system use:
%windir%\System32\WindowsPowerShell\v1.0\PowerShell.exe
and on a 64-bit Windows operating system use:
%windir%\SysWOW64\WindowsPowerShell\v1.0\PowerShell.exe
By default this script takes four parameters which represent all the passwords that can be captured by the System Setup pages.
Parameter Description
[string]$ServiceUserPassword The domain user account password used by the Portrait Foundation services. System setup will fail if this value is not supplied.
[string]$OperationalDbPassword The SQL Server user password stored in the Operation database UDL file. This is only relevant if the Operation database is not using Windows authentication.
[string]$TransientDbPassword The SQL Server user password stored in the Transient database UDL file. This is only relevant if a Transient database is being used and Windows authentication is not selected.
These parameters can be passed in via the command line in the order they are defined above. The optional parameters can be omitted or empty string ("") can be used. For example…
PowerShell -file "%ProgramData%\Pitney Bowes Software\Portrait Foundation\SetupFdnSystem_MyPortrait.ps1" "<
Portrait Foundation Installation Guide 42 of 64
Edition 37.2
NB: When Portrait Foundation is installed on a machine, “
This is not a problem for customers with Portrait Foundation implementation installs as IIS is restarted during this install. But customers without such an implementation install will not be able to run any Portrait Foundation web related components (e.g. Web Services) until IIS has been restarted. For this reason, the generated script contains the following commented out command:
#Restart-IIS
The comment symbol “#” can be removed if customers wish to restart IIS during System Setup.
For details on how to remove Portrait Foundation systems from the command line or generate this PowerShell script using a saved System Setup XML settings file see Appendix C. 8.3 Example
The following represents an example batch file which will install the “Complete” Core Software features in “silent” mode and then setup a system called “MyPortrait”. The example below assumes a 64-bit Windows operating system.
@echo off
echo. echo Installing Portrait Foundation Core Software ... "<
set ServicesPassword="<
echo. echo Creating Portrait Foundation System ... %windir%\SysWOW64\WindowsPowerShell\v1.0\PowerShell -file "%ProgramData%\Pitney Bowes Software\Portrait Foundation\SetupFdnSystem_MyPortrait.ps1" "%ServicesPassword%" if ERRORLEVEL 1 ( echo System Setup failed with errors [Error %ERRORLEVEL%] goto end ) echo Setup complete
:end
pause exit /b
Portrait Foundation Installation Guide 43 of 64
Edition 37.2
8.4 Command line deployment
To support automated deployments, the Portrait Foundation Deployer provides a command line interface, so you can deploy your configuration from a batch file or build script. The command line uses a "Necessary" deployment mode unless a "Full" parameter is specified, and does not refresh the configuraiton from the repository unless explicitly requested.
FdnDeployer.exe
[/System:
[/WindowsAuth | [/User:
[/SccProvider:
/SccLocalFolder:
/SccProjectPath:
/SccProjectName:
[/Workspace:
[/Deploy:
[/Exit]
Parameter Description
System The Portrait Foundation system used to identify the database to deploy the Workspace to.
Optional – if not supplied the default system will be used.
WindowsAuth Use Windows Authentication rather than a Configuration Suite user defined in the Repository Manager.
User Configuration Suite user name (if not using Windows Authentication).
Password Users password (if not using Windows Authentication).
SCCProvider Optional. Will use the previous value stored by the Configuration Suite, Repository Manager or Deployer.
Possible values include "Portrait Snapshots", "Clearcase" or “Microsoft Team Foundation Server”.
SccLocalFolder Path to the snapshot folder or the local source control folder.
Optional - will use the previous value stored by the Configuration Suite, Repository Manager or Deployer.
Portrait Foundation Installation Guide 44 of 64
Edition 37.2
SccProjectPath Path to the .psconfig file.
Optional - will use the previous value stored by the Configuration Suite, Repository Manager or Deployer.
SccProjectName Project name within the repository.
Optional - will use the previous value stored by the Configuration Suite, Repository Manager or Deployer.
Workspace Name of the workspace to load
Deploy Name to save with the deployed workspace.
Full Full deployment - forces all configuration objects to be re-deployed.
Refresh Refreshes the configuration from the repository before it is deployed.
Exit By default, the Deployer UI will remain open to display the results of the deployment. If present, the application will close when the deployment has finished.
Returns Successful deployment return ExitCode 0. Examples "C:\Program Files\PST\Portrait Foundation\Common\Bin\FdnDeployer.exe" /System:MyPortrait /User:Superuser /Password:Password /SccProvider:"Portrait Snapshots" /SccLocalFolder:"C:\Repository\Snapshot" /SccProjectPath:"C:\Repository\Master\PortraitRepository.psconfig" /SccProjectName:"PortraitRepository" /Workspace:"All applications workspace" /Deploy:"command line deploy" /Exit
"C:\Program Files\PST\Portrait Foundation\Common\Bin\FdnDeployer.exe" /WindowsAuth /Workspace:"All applications workspace" /Deploy:"command line deploy" /Exit
It is also possible to automate the process of importing cab files into a pre- configured Repository via the command line. For more details please refer to the Repository Manager User Guide.
Portrait Foundation Installation Guide 45 of 64
Edition 37.2
9 Post setup tasks
The following tasks should be completed after installation if necessary. 9.1 Management Console settings Each of the following aspects of system configuration must be reviewed to ensure appropriateness for the particular installation and Portrait Foundation version. Details of the recommendation settings are available in the Operations Guide.
Logging
Miscellaneous caches
Session management
o Local cache
o Global cache
Process engine
o Threading
o Model purging
o Messaging
Encryption
Purging
Timeout
Generated interactions
Data object factory 9.2 DCOM Configuration settings For split box environments additional DCOM security settings may be required as described in section 3.2.7. To do this launch the Component Services management console and update the Launch and Activation Permissions for the following Portrait Foundation services.
See section A.2 of the appendix for more details. 9.3 Database access NB: Customers wishing to change the operational database that a Portrait Foundation system is running against must now use the System Setup Tool. It is not simply enough to manually change the amc and transient udl files. See section 7.1.2 Updating an existing system for more details. For security reasons it is recommended to use Windows Authentication when setting up database connections.
Portrait Foundation Installation Guide 46 of 64
Edition 37.2
10 Removing Portrait Foundation
10.1 Uninstalling Portrait Foundation
List break The following procedure covers the removal of Portrait Foundation.
1 Important: Before you start, ensure that all Portrait Foundation services are stopped. If you are uninstalling the Process Server in a split box environment, the Web Server services must also be stopped.
2 Launch Programs and Features from the Control Panel, right click on Portrait Foundation Core Software and select Uninstall.
Another method is to run the Portrait Foundation Core Software install (setup.exe) and select the Remove option.
3 On the uninstall confirmation screen click Yes to continue.
4 If a User Account Control prompt appears, click Yes to continue. A progress bar will be displayed until all features have been removed.
Portrait Foundation Installation Guide 47 of 64
Edition 37.2
During the uninstallation process a PowerShell session will be launched to remove all the Portrait Foundation systems that were created using the System Setup Tool. The output should look something like this.
10.2 Uninstall messages
If all Portrait Foundation services have not been stopped before staring an uninstall then it may report that the following AMC services should be closed.
AMC
AMC
AMC
AMC
Portrait Foundation Installation Guide 48 of 64
Edition 37.2
If this is the case, select “Do not close applications.” and click OK. The uninstall should continue as expected. 10.3 Verifying removal If any errors occurred during uninstallation, you may wish to check the following to ensure that Portrait Foundation has been completely removed.
List break
1 That the C:\Program Files\PST\Portrait Foundation directory has been deleted (or the directory into which Portrait Foundation was installed, if different).
2 All Portrait Foundation services have been removed. From the Windows Start menu launch Administrative Tools > Services. There should be no services starting with “AMC”.
3 Check that the following Portrait Foundation specific registry keys no longer exist.
[HKEY_LOCAL_MACHINE\SOFTWARE\Pitney Bowes Software\Portrait]
[HKEY_LOCAL_MACHINE\SOFTWARE\PST\Portrait]
4 Check that the Portrait Foundation shortcut menu no longer exists under “All Programs” in the Windows Start menu.
Portrait Foundation Installation Guide 49 of 64
Edition 37.2
11 Troubleshooting
The following sections cover common problems that may be encountered during the installation and setup process of Portrait Foundation. For more details on how to approach the investigation of problems with a Portrait Foundation implementation please refer to the Troubleshooting Guide. 11.1 System Setup errors If System Setup fails to stop the existing Portrait Foundation services the following message box will be displayed.
At this point System Setup will not continue until OK is clicked.
This error will stop the new Portrait Foundation system from being setup correctly and will result in “Rollback”. In this circumstance it is not possible to roll back the Portrait Foundation system to its previous working state. Instead System Setup will completely remove this system.
To resolve this problem simply click Close and then click Apply and Start again.
This should result in a fully working Portrait Foundation system.
NB: To avoid this problem it is recommended that the Portrait Foundation services for the system (being updated or removed) are stopped using Service Check and that all Portrait Foundation applications are closed. This includes Service Check and the Windows Service management console. 11.2 Service Unavailable in Browser This error is commonly returned when running a virtual directory under an IIS 6 application pool where the application pool cannot start for some reason. This is often caused by the user running the application pool not being added to the IIS_WPG group or their details (user ID and password) being incorrectly entered.
This can be checked easily.
Portrait Foundation Installation Guide 50 of 64
Edition 37.2
If the event logs are checked there are normally entries in either the system or application logs reporting that there has been a problem with the user identity being invalid for worker process use.
Other problems related to IIS 7 include not correctly configuring the Application Pool on 64-bit operating systems to enable 32-bit applications. See section 3.3.2 for more details. 11.3 Active Directory Group Policy Make sure that rights needed in the local policy are not being overwritten by the Active Group Policy e.g. Log on as a service right. 11.4 Configuring Web Server using MMC The default Portrait installation assumes that you will use the MMC on the Process Server to reduce the potential for a security breach on the public web server from configuring the Portrait system. 11.5 Logging options Places to consider checking for logging information to identify problems:
Event Viewer: Application, System and Security Logs in Windows Administrative Tools.
Portrait Log Viewer: debug mode if services are running in user only access mode. The filter can be set to export all viewer information if necessary.
IIS Logs: identify what traffic is received and when (the default path is C:\inetpub\logs\LogFiles, otherwise check the IIS web-site Logging properties)
Installation logs: Look at the MSI log files written to “%temp%”.
Setup logs: Look at the logs created in “%APPDATA%\Pitney Bowes Software\Portrait Foundation”.
Performance Monitor: analyse system performance (the default path is C:\PerfLogs\Admin\Portrait\Foundation).
Portrait Foundation Installation Guide 51 of 64
Edition 37.2
Appendix A DCOM Firewall settings
This appendix summarises the options for configuring DCOM components to use a restricted set of TCP/IP ports. Such a restriction is desirable is situations where inter-tier traffic (Web Server to Process Server) must pass through a firewall.
The information in this appendix is intended for use by Portrait Software, Partner and Customer technical staff when designing or implementing a Portrait Foundation environment. The appendix assumes a basic understanding of the Portrait Foundation architecture, TCP/IP, firewalls and network security principles.
This appendix does not make any recommendations regarding the positioning or configuration of firewalls because the approach will be dependent on many different factors within an organisation. The appendix therefore focuses on the configuration of DCOM as it relates to Portrait Foundation components.
It is important to note that Portrait Process Servers need to be configured to allow incoming DCOM through the firewall and the other Portrait Server types e.g. Web Servers also may need to have incoming DCOM permitted through the firewall. This is often required for SysConfig callbacks (notifications of Sysconfig Changes). Failure to allow incoming DCOM may prohibit the Portrait Services starting on non Process Server tier devices in a split/multiple box environment. A.1 Background Portrait Foundation is designed to work with many different deployment architectures. A common requirement is to place Portrait Foundation’s public- facing Web Servers in a “Demilitarised Zone” (DMZ) and Process Servers in a more secure part of the corporate network.
The diagram below shows a simplified view of this deployment scenario. It can be seen that messages flowing from the Web Server to the Process Server must pass through the inner firewall.
Figure 5 – Simplified deployment scenario
HTTP DCOM
Internet
FirewallFirewall FirewallFirewall Web Server Farm Process Server Farm
DMZ Corporate Network
The default protocol for sending messages from the Web Server to the Process Server is DCOM. DCOM provides extremely good performance characteristics in this environment and has been proven to scale up to very large numbers of users.
However, using its default settings, DCOM is not “firewall friendly” because it dynamically assigns ports within a very large range (1024 to 65535). Only one port is assigned to each process hosting DCOM components, but that port will be one of thousands of possible numbers, assigned randomly at runtime. Hence, any firewall between the two components must allow traffic on all of these thousands of ports. This is generally unacceptable as it removes much of the benefit of the firewall.
Fortunately, DCOM applications can be constrained to use a very small number of ports, and hence avoid the need to open up thousands of ports on the firewall. Two approaches to port restriction are described later in this document.
Portrait Foundation Installation Guide 52 of 64
Edition 37.2
The following diagram shows the sequence of interactions between the client and server when a DCOM object is created or accessed.
Client Component DCOM Service Control Manager Server Component
Port 135 “Get object reference” Create or locate object “Object is on Port 5678”
Port 5678 Call object through its interface Response
At the start of the interaction, the DCOM client always makes a request to a “well known” port on the server – port TCP 135. Port 135 is used by all RPC protocols, of which DCOM is one. The DCOM Service Control Manager (SCM) receives requests on this port when a client attempts to connect to a DCOM object. The SCM responds to the client, telling it which port it can use to access the requested object. The client then makes a second call, this time to the specified port, which directly accesses the required object. A.2 Component Services (DCOMCNFG) Running the executable DCOMCNFG is a legacy mechanism for accessing the Component Services application. All references in this document to use ‘DCOMCNFG’ can be performed using the following steps:
From the Windows Start menu launch Administrative Tools > Component Services.
Expand Component Services -> Computers -> My Computer -> DCOM Config.
Right click on appropriate Portrait Foundation application (Service) and select Properties, then the Security tab.
Customize the Launch and Activation Permissions by clicking Edit and (typically) add the named user with requested permissions.
A.3 Port restriction across all DCOM applications The current approach to configure RPC (and hence DCOM) is to use a specified set of ports and to share those ports among all of the applications on the server. For example, if RPC was configured to use ports 5500 to 5520, Portrait Foundation would be (randomly) allocated a port within that range at run time.
Portrait Foundation Installation Guide 53 of 64
Edition 37.2
The set of ports can be specified individually and does not have to be a contiguous range. For example, it is possible to allocate the following ports: 5500, 5503, 5510-5519, 5525.
These ports are shared across all server applications that use RPC protocols (including all DCOM traffic), it is essential that the set of ports allocated is large enough to accommodate all of the applications. If there are not enough ports available, some of the applications will fail to operate correctly. It is recommended that at least 20 ports are allocated.
On Windows Server 2008 and later versions, the default range of dynamic RPC is 49152 through 65535. The following Microsoft articles discusses how to configure dynamic RPC ports on the different versions of Windows:
http://technet.microsoft.com/en-us/library/cc732839(WS.10).aspx
http://support.microsoft.com/kb/832017/
Defining a range of ports is achieved by manually creating the following registry key values:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet]
Within this key, the following values need to be added:
Name Type Value
Ports REG_MULTI_SZ One port or port range per line, for example: 5500 5510-5519
PortsInternetAvailable REG_SZ Set to “Y”
UseInternetPorts REG_SZ Set to “Y”
A.4 Performance Both of the configuration approaches outlined in this document have been tested in our Performance and Scalability lab. After configuring the port restrictions, the system was placed under load. The application continued to behave normally.
The response times and system throughput were measured and compared with those obtained in an unconstrained system. There were no observable differences in the results obtained, suggesting that the port restrictions have no effect on Portrait Foundation’s performance and scalability characteristics. A.5 Additional information Microsoft recommends that ports should be allocated in a range over 5000 to avoid conflicts with other well-known ports. This applies to both of the configuration mechanisms described in this document.
Portrait Foundation Installation Guide 54 of 64
Edition 37.2
Appendix B System Setup Pages
B.1 Overview This page is only displayed if one or more systems have already been setup. It shows the current state of each system.
The keyboard shortcut to select this page is ALT+V.
So for example is the Core Software install had been modified and a new feature added, then any systems setup before this change would indicate that this feature had not been setup. This would be indicated by a red exclamation icon. A green tick indicates that the feature has already been setup and a grey cross means the feature has not been installed.
Portrait Foundation Installation Guide 55 of 64
Edition 37.2
B.2 System
This page is always displayed.
The keyboard shortcut to select this page is ALT+Y.
Portrait Foundation Installation Guide 56 of 64
Edition 37.2
B.3 Operational database
This page will only be displayed if the Client Tools or Process server components are installed.
The keyboard shortcut to select this page is ALT+O.
Portrait Foundation Installation Guide 57 of 64
Edition 37.2
B.4 Transient database
This page will only be displayed if the Process server components are installed.
The keyboard shortcut to select this page is ALT+T.
Portrait Foundation Installation Guide 58 of 64
Edition 37.2
B.5 Process server This page will only be displayed if the Process server is not installed but the Client Tools or Web Server components are installed. In this case an existing Portrait Foundation Process server is required.
The keyboard shortcut to select this page is ALT+R.
Portrait Foundation Installation Guide 59 of 64
Edition 37.2
B.6 Inbound simplex
This page will only be displayed if the Inbound Simplex Demonstration components are installed. The keyboard shortcut to select this page is ALT+I.
Portrait Foundation Installation Guide 60 of 64
Edition 37.2
B.7 Telephony server
This page will only be displayed if the Portrait Telephony Server (PTS) components are installed.
The keyboard shortcut to select this page is ALT+E.
Portrait Foundation Installation Guide 61 of 64
Edition 37.2
Appendix C PowerShell modules
The Portrait Foundation Core Software installer installs its own set of PowerShell modules that are used to setup and remove various system features. On a 32-bit Windows operating system these can be found in
%windir%\System32\WindowsPowerShell\v1.0\Modules\PortraitFoundationModules
and on a 64-bit Windows operating system
%windir%\SysWOW64\WindowsPowerShell\v1.0\Modules\PortraitFoundationModules
The generated PowerShell script referenced in section 8.2 makes use of the following Portrait Foundation published functions. The list below is for information only as these functions are not designed to be called independently.
Function Synopsis
Write-DefaultSystem Writes the Portrait default system name key in the registry.
Validate-DomainUserCredentials Validates the logged on domain user with the given credentials.
New-UDLFile Creates a new UDL File onto the disk.
Set-DataAcessRegistry Writes the Main Database related information including the UDL file path into the registry.
Set-TransientDatabase Writes the Transient Database details including the UDL file name into the registry.
New-TelephonyServer Sets up a new Portrait Foundation Telephony server.
New-SimplexServer Sets up the registry information required by the Inbound Simplex components.
New-InboundDemoPost Creates the Simplex Inbound Demo Post server configuration for a Portrait Foundation system.
Add-QueueListener Creates the configuration for the inbound listener queue.
New-ProcessServer Sets up a new Portrait process server.
New-WebServer Sets up a new Portrait web server in a split box scenario only.
New-ClientTools Sets up the Portrait Foundation Client tools along with the shortcuts.
Portrait Foundation Installation Guide 62 of 64
Edition 37.2
New-PerfMonCounters Sets up the Portrait Foundation performance counters.
New-ServerShortcuts Sets up the Windows shortcuts for the Portrait Foundation Server components.
New-CommonShortcuts Sets up the Windows shortcuts for the common tools.
Complete-Setup Finalizes the set up by writing common registry keys and registering common system dlls.
Start-ControllerService Starts the Portrait Foundation controller service.
Start-TelephonyService Starts the Portrait Telephony service on the machine.
Restart-IIS Restarts the IIS on the local machine.
Show-LogFileMsg Outputs the Portrait Foundation PowerShell log file path to the user on the console.
Help and examples for these functions can be access through the standard PowerShell Get-Help command.
Get-Help
There are also a number of remove scripts that are used by the Portrait Foundation Core Software installation process. These can be used to remove (or rollback) a system from the command line and are located in
All remove scripts have a single optional $system parameter which can be used to specify the system you wish to remove. If a system name is not provided the script will remove the relevant feature system setup information for all systems.
File Description
RemoveFdnSystem.ps1 Removes all system setup information for all installed features. This is the best script to use to completely remove a system.
RemoveClientTools.ps1 Removes all system setup information for the Client Tools feature.
RemoveInboundDemoPost.ps1 Removes all system setup information for the Demo Post feature.
RemoveSimplex.ps1 Removes all system setup information for the Inbound Simplex feature including any child features (Demo Post).
Portrait Foundation Installation Guide 63 of 64
Edition 37.2
RemoveProcessServer.ps1 Removes all system setup information for the Process Server feature including any child features (Inbound Simplex & Demo Post)
RemoveWebServer.ps1 Removes all system setup information for the Web Server feature.
RemoveTelephony.ps1 Removes all system setup information for the Telephony Server feature.
These can be called manually though PowerShell, but you must first use Import- Module to import the Portrait Foundation modules.
Import-Module "PortraitFoundationModules" Generating a System Setup PowerShell script It is also possible to generate a System Setup PowerShell script from a saved XML settings file.
Launch a 32-bit Windows PowerShell command prompt.
Import the Portrait Foundation Modules.
Change the directory to
Run .\GenerateServerScript.ps1 passing the following parameters
o The System Setup XML settings file (including path).
o The script template file ("FdnSetup.ps1").
o The output PowerShell script file.
.\GenerateServerScript.ps1 "C:\ProgramData\Pitney Bowes Software\Portrait Foundation\FdnSystemSettings_MyPortrait.xml" "FdnSetup.ps1" "c:\temp\Setup_MyPortrait.ps1"
Portrait Foundation Installation Guide 64 of 64