General Installation Preparation

User Accounts

The following is the list of the required accounts and access for the installation:

# Access Account Description

1

Master-Core (DataStudio)

AspenTech Inmation account with administrative access

This account is needed to initialize the AspenTech Inmation installation for all servers (except the Master-Core server).

2

All AspenTech Inmation servers

Windows account with administrative rights

This account is used to run the IaC installation scripts.

Servers Preparation Checklist

Check the following for each server:

# Item Description

1

Server Access

Check the server accessibility (remote access, VPN information, etc).

2

Server Availability

Connect to each server and make sure that it is available.

3

Server Specifications

Check the server specifications and make sure that it’s the same as in the "Specification Document".The detailed checklist is in the table below.

On each server, use the steps below to check and prepare the server for the installation.

# Procedure Example Value

1

Check the installation user has administrative permissions.

Login to the server.

Press Windows+R and type lusrmgr.msc.

Go to Users, right click on your user account and click on Properties.

Select Member Of tab and check the user’s group membership.

Set ExecutionPolicy

Installation user is member of an administrator group.

2

Check the script execution policy.

Open PowerShell command as administrator then type:

Get-ExecutionPolicy -List

If the ExecutionPolicy for the current user is undefined, execute the following PowerShell command:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

You will be asked to confirm the policy update. Press Y and Enter.

Set ExecutionPolicy

The execution policy for the current user is set to RemoteSigned.

3

Check the server name and domain.

Open PowerShell command as administrator then type:

$sysinfo = systeminfo; $sysinfo | Select-String 'Host Name';$sysinfo | Select-String 'Domain';$sysinfo | Select-String 'OS Name';

Server Hostname and Domain is the same as in the "Specification Document".

4

Check the server IP address.

Open command Windows as administrator then type

ipconfig

IP address is the same as in the "Specification Document".

5

Volume formatting for MongoDB and Core servers.

The recommendation is to format the D: volume with an NTFS allocation with PowerShell cmdlet for the Relay, connector and Interface servers.

For the MongoDB and Core servers, use the -AllocationUnitSize 65536 -UseLargeFRS options. For other servers, omit them.

To start, you need to get the disk number.

Open PowerShell cmdlet and type in get-disk and press Enter to get information about any disk attached to the current operating system.

Note the Disk number "DiskNumber".

If the disk is not initialized, type initialize-disk "DiskNumber" and press Enter.

Get Disk

Powershell cmdlet to format the D drive (all servers except MongoDB and Core servers)

Format-Volume -DriveLetter D -FileSystem NTFS
Format Disk

Powershell cmdlet to format the D drive (MongoDB and Core servers)

Format-Volume -DriveLetter D -FileSystem NTFS -AllocationUnitSize 65536 -UseLargeFRS
Format Disk
  • D: disk drive is successfully formatted.

  • NTFS settings will be verified in a later step.

6

Check paging file specification.

Open the Control Panel on the host system. In the Control Panel, select System and Security > System

Paging File Spec
  • Paging file size for all drives is not automatically managed by Windows.

  • The available disk space on the D: drive with safe margin exceeds 3 x physical RAM of the machine.

7

Check the server CPU, RAM and Pagefile location.

Open PowerShell command as administrator then type:

$sysinfo = systeminfo; $proc = Get-WmiObject -class Win32_processor; Write-Host "NumberOfCores:             $($proc.NumberOfCores)"; Write-Host "NumberOfLogicalProcessors: //$($proc.NumberOfLogicalProcessors)";$sysinfo | Select-String 'Total Physical Memory:'; $sysinfo | Select-String 'Page File';
  • Server CPU and memory are per the "Specification Document".

  • The paging file location is setup to use D: drive.

8

Check the disk drives specifications and setups.

Open PowerShell command as administrator then type:

Get-Volume | Format-List DriveLetter, AllocationUnitSize, FileSystemLabel
fsutil fsinfo ntfsinfo D:

Core and MongoDB servers:

Bytes Per Cluster :                65536
Bytes Per FileRecord Segment    :  4096

All other servers:

Bytes Per Cluster :                4096
Bytes Per FileRecord Segment    :  1024
  • First command: disk drives available: C: and D:, AllocationUnitSize: should match expected value of "Bytes Per Cluster"

  • Second command: two specified lines match expected values

9

Apply IIS Crypto 3.2 Schannel configuration to harden the server security.
This free tool from Nartac Software can be downloaded here.

  1. Launch IISCrypto.exe.

  2. Click the Best Practices button.

  3. Uncheck TLS 1.0 and TLS 1.1 (both server and client), Triple DES 168, MD5, and SHA.

  4. Click the Apply button.

Harden Server with IIS Crypto (part 1)
Harden Server with IIS Crypto (part 2)
Clicking Apply on a different page will modify other settings. Apply the settings on the Schannel page and not a different page.

Schannel settings are applied to the server.

10

Check the NTP server by running the following cmd:

w32tm /query /status

Validate the NTP server against the "Specification document".

11

Check the checksum of every configuration file (xml) and script file (ps1) in the server. Execute the following in PowerShell cmdlet:

$(Get-FileHash "D:\installation\install.ps1" -Algorithm MD5).Hash
$(Get-FileHash "D:\installation\NodeSetup.xml" -Algorithm MD5).Hash

or

$(Get-FileHash "D:\installation\Setup.xml" -Algorithm MD5).Hash

Take note of each file checksum and validate it against the one in the "Specification document".

12

Export SCHANNEL and Lsa registry Keys from the following registry locations:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Open the exported registry keys and validate the values to the one in the "Specification Document".

Registry Keys are exported to a local folder.

13

Restart the server.

The server restarts and applies pending changes.

Network Access

Central Core System - Network Access

Make sure that the Firewall exceptions have been set up properly by the IT department.

Site Core System - Network Access

Make sure that the Firewall exceptions have been set up properly by the IT department.

Use the following commands to test the network connectivity.

# From server Command Description

1

SITE-Relay

Test-NetConnection -ComputerName GXPC-Core -Port 6512

To test if the inbound network traffic on the TCP port 6512 is configured for the Master-Core server from the SITE-Relay server. It is assumed that the Master-Core service is already installed.

2

SITE-Core

Test-NetConnection -ComputerName SITE-Relay -Port 6511

To test if the inbound network traffic on the TCP port 6511 is configured for the SITE-Relay server from the SITE-Core server. This command can be used before the installation of the SITE-Core/Connector services under the Relay to check the TCP connection from the SITE-Relay to the SITE-Core/Connector server. It is assumed that the SITE-Relay service is already installed.

3

SITE-Node

Test-NetConnection -ComputerName SITE-Core -Port 6512

To test if the inbound network traffic on the TCP port 6512 is configured for the Site Core server from the SITE-Node server. It is assumed that the Site Core service is already installed.

To use the Test-NetConnection command, the AspenTech Inmation service should be running on the destination server to get accurate results.

Templates Preparation

The template preparation is specific to each site.

The user will be required to configure the site information manually, replacing the Example Values in the IaC deployment template files AspenTech Inmation(Node)Setup.xml, pre-install.lua and post-install.lua scripts for each AspenTech Inmation component.

Templates preparation for the site core system installation

# Parameter Example Value

1

Site long name

SITE

2

Site short code

SITE

3

Deployment role shortcode {D/Q/P}

D

4

Central Core server information:

Server DNS or hostname

D-GXPC-Core

IP address

10.1.0.19

5

Active Directory information:

Domain Name

inGxP.com

Domain group prefix

G-GXPC-DEV

6

Relay server information

Server DNS or hostname

D-SITE-Relay

IP address

10.1.0.19

7

Local Core server information

Server DNS or hostname

D-SITE-Core

IP address

10.1.0.15

8

MongoDB primary server information

Server DNS or hostname

D-SITE-RepA

IP address

10.1.0.8

9

MongoDB secondary1 server information

Server DNS or hostname

D-SITE-RepB

IP address

10.1.0.9

10

MongoDB secondary2 server information

Server DNS or hostname

D-SITE-RepC

IP address

10.1.0.10

11

Node server information

Server DNS or hostname

D-SITE-Conn-A

IP address

10.1.0.11

Node server extension

LineA

12

Interface server information

Server DNS or hostname

D-SITE-Interface

IP address

10.1.0.20

Interface server extension

Interface01

After collecting the site information in the table above, the installation templates should be updated. For each server, open the installation templates (AspenTech Inmation(Node)Setup.xml, pre-install.lua and post-install.lua), refer to the table below and make sure that the updates were done properly.

# Parameter Interface Local Core MongoDB P MongoDB S1 MongoDB S2 Node Relay

1

Site long name

2

Site short code

(1)

(2)

(2)

(2)

(2)

3

Deployment role

4

Central Core server information

5

Active Directory information

6

Relay server information

(3)

7

Local Core server information

(3)

8

MongoDB Primary server information

(2)

9

MongoDB Secondary1 server information

(2)

10

MongoDB Secondary2 server information

(2)

11

Node server information

(2)

12

Interface server information

(1)

  • ✔: the File Key should be updated in the Setup.xml file

  • (1) : the File Key should be updated in the Setup.xml and in the post-install.lua script files

  • (2): the File Key should be updated in the Setup.xml and in the pre-install.lua script files

  • (3): the File Key should be updated in the pre-install.lua script file

Templates preparation for the central core system installation

# Parameter Example Value

1

Site long name

GLOBAL

2

Site short code

GLOBAL

3

Deployment role shortcode {D/Q/P}

D

4

Central Core server information:

Server DNS or hostname

D-GXPC-Core

IP address

10.1.0.4

5

Active Directory information:

Domain Name

inGxP.com

Domain group prefix

G-GXPC-DEV

6

MongoDB primary server information

Server DNS or hostname

D-GXPC-RepA

IP address

10.1.0.6

7

MongoDB secondary1 server information

Server DNS or hostname

D-GXPC-RepB

IP address

10.1.0.7

8

MongoDB secondary2 server information

Server DNS or hostname

D-GXPC-RepC

IP address

10.1.0.16

9

Node server information

Server DNS or hostname

D-GXPC-Conn-A

IP address

10.1.0.11

Node server extension

LineA

10

Interface server information

Server DNS or hostname

D-GXPC-Interface-1

IP address

10.1.0.4

Interface server extension

Interface01

After collecting the site information in the table above, the installation templates should be updated. For each server, open the installation templates (AspenTech Inmation(Node)Setup.xml, pre-install.lua and post-install.lua), refer to the table below and make sure that the updates were done properly.

# Parameter Interface Master Core MongoDB P MongoDB S1 MongoDB S2 Node Relay

1

Site long name

2

GXPC short code

(1)

(2)

(2)

(2)

(2)

3

Deployment role

4

Central Core Server information

5

Active Directory information

6

MongoDB Primary Server information

(2)

7

MongoDB Secondary1 Server information

(2)

8

MongoDB Secondary2 Server information

(2)

9

Node Server information

(2)

10

Interface Server information

(1)

  • ✔: the File Key should be updated in the Setup.xml file

  • (1) : the File Key should be updated in the Setup.xml and in the post-install.lua script files

  • (2): the File Key should be updated in the Setup.xml and in the pre-install.lua script files

Installation Files

Download MongoDB

Download the MongoDB Community Server .msi-file compatible with 5.0.x versions (please see compatibility notes in the release notes for more details) from the MongoDB download page and move it to the installation folder (D:\installation).

Master-Core server

The following files should be copied to the installation folder of the Master-Core server (D:\installation).

# File Description

1

AspenTechInmationNodeSetup.exe

AspenTech Inmation node setup file (latest version).

2

AspenTechInmationSetup.exe

AspenTech Inmation setup file (latest version).

3

Setup.xml

xml file, contains the site information that will be loaded by the install.ps1 script.

4

install.ps1

Installation PowerShell script.

5

mongodb-windows-x86_64-5.0.x-signed.msi

MongoDB installation file (latest 5.0.x version)

Interface Server

The following files should be copied to the installation folder of the correspondent server (D:\installation).

# File Description

1

AspenTechInmationNodeSetup.exe

AspenTech Inmation node setup file (latest version).

2

AspenTechInmationSetup.exe

AspenTech Inmation setup file (latest version).

3

Setup.xml

xml file, contains the site information that will be loaded by the install.ps1 script.

4

install.ps1

Installation PowerShell script.

5

post-install.lua

Post installation Lua script, should be executed on the Master-Core through the DataStudio console.

Local Core Server

The following files should be copied to the installation folder of the correspondent server (D:\installation).

# File Description

1

AspenTechInmationNodeSetup.exe

AspenTech Inmation node setup file (latest version).

2

AspenTechInmationSetup.exe

AspenTech Inmation setup file (latest version).

3

Setup.xml

xml file, contains the site information that will be loaded by the install.ps1 script.

4

install.ps1

Installation PowerShell script.

5

pre-install.lua

Pre installation Lua script, should be executed on the Master-Core through the DataStudio console.

6

mongodb-windows-x86_64-5.0.x-signed.msi

MongoDB installation file (latest 5.0.x version)

Node and Relay Servers

The following files should be copied to the installation folder of the correspondent server (D:\installation).

# File Description

1

AspenTechInmationNodeSetup.exe

AspenTech Inmation node setup file (latest version).

2

NodeSetup.xml

xml file, contains the site information that will be loaded by the install.ps1 script.

3

install.ps1

Installation PowerShell script.

4

pre-install.lua

Pre installation Lua script, should be executed on the Master-Core through the DataStudio console.

MongoDB Servers

MongoDB primary replica set member

The following files should be copied to the installation folder of the Primary MongoDB server (D:\installation).

# File Description

1

AspenTechInmationNodeSetup.exe

AspenTech Inmation node setup file (latest version).

2

AspenTechInmationSetup.exe

AspenTech Inmation setup file (latest version).

3

Setup.xml

xml file, contains the site information that will be loaded by the install.ps1 script.

4

install.ps1

Installation PowerShell script.

5

pre-install.lua*

Pre installation Lua script, should be executed on the Master-Core through the DataStudio console.

6

pre-install.ps1

Pre installation PowerShell script, should be executed to generate the Keyfile that will be used by all replica set members during the installation.

7

mongodb-windows-x86_64-5.0.x-signed.msi

MongoDB installation file (latest 5.0.x version)

: *pre-install_local.lua should be used for the local site and pre-install_master.lua should be used for the global site.

MongoDB secondary replica set members

The following files should be copied to the installation folder of the Secondary MongoDB servers (D:\installation).

# File Description

1

AspenTechInmationNodeSetup.exe

AspenTech Inmation node setup file (latest version).

2

AspenTechInmationSetup.exe

AspenTech Inmation setup file (latest version).

3

Setup.xml

xml file, contains the site information that will be loaded by the install.ps1 script.

4

install.ps1

Installation PowerShell script.

5

Keyfile

Keyfile, generated by the pre-install.ps1 script.

6

mongodb-windows-x86_64-5.0.x-signed.msi

MongoDB installation file (latest 5.0.x version)

Installation Order

The following is the installation order of the AspenTech Inmation components, perform the general installation preparation and AspenTech Inmation installation one server at a time:

Installation Order

1 : A lua script post-install.lua should be executed in the Master-Core through the DataStudio console after the installation.

2 : A lua script pre-install.lua should be executed in the Master-Core through the DataStudio console before running the installation PowerShell script install.ps1.

3 : the following two scripts should be executed before running the installation PowerShell script install.ps1:

  • pre-install.lua, it is a Lua script and should be executed in the Master-Core through the DataStudio console.

  • pre-install.ps1, it is a PowerShell script and should be executed to generate the MongoDB Keyfile. The generated Keyfile should be copied to all MongoDB servers installation folders (D:\installation).