Skip Navigation LinksALVAO 11.2 / Admin guide / On-premises installation / Installation / Alvao Server - manual installation
Alvao Server - manual installation
Make sure the machine where you want to install the Alvao Server meets the technical requirements and has configured IIS server roles.
Create new database
- From the ALVAO downloads page, download the DatabaseDeploy.zip file.
- Extract the ZIP package to any folder on the disk.
- Check that you have permission to create a new database on the target SQL Server in either MS Azure or a local server, respectively.
- Use the DatabaseDeploy utility to create a new database.
Create IIS application pools
If you install Alvao on a local server or a VM in cloud, create IIS application pools as follows:
- Open the Internet Information Services (IIS) Manager.
- Select Application Pools and right-click in the right pane and select Add Application Pool...
- As the Name of the new pool enter ALVAO AppPool .NET 4.0. As the .NET Framework version select .NET CLR Version v4.0.30319. In the Manage pipeline mode field select Integrated and then click OK.
- Then right-click on the newly created application pool and select Advanced settings...
- First, change the Reqular Time Interval (minutes) property value to 43200, i.e. 30 days.
Second, change the Idle Time-out (minutes) property value to 43199.
- You also need to change the Identity field value to NetworkService.
- Repeat the steps above to create another 2 application pools:
- AlvaoRestApi AppPool
- AlvaoRestApiWinAuth AppPool
Note:
For more information of IIS application pools, see the following articles:
Alvao WebApp
Installation
- Make sure that the following components are installed on the server:
- Log in as administrator and run the installation package AlvaoWebApp.msi. If you have a problem with UAC, run the installation from the command line using msiexec -i AlvaoWebApp.msi.
- When installing, select the ALVAO AppPool .NET 4.0 application pool you have previously created.
- The installer will create a folder on disk (inetpub\wwwroot\Alvao)
and also a virtual directory in IIS (Alvao).
- In the web.config file of the installed application set the database connection string.
Caution:
We recommend installing the Alvao WebApp in a folder on IIS (e.g. inetpub\wwwroot\Alvao) and not placing it directly in the root.
User authentication
For proper functionality of Alvao WebApp
it is necessary to configure the user authentication method in IIS.
Available authentication methods:
- Form Authentication
- Authentication by entering username and password. For a permanent login without the need to enter a username and password, you can use the Permanently log in.
- This method of authentication should be used if the WebApp is accessible from the Internet.
- Windows Integrated Authentication
- Authentication without the need to enter a username and password (in case of successful integrated authentication).
- This authentication method is appropriate to use when both the solution teams and requesters are from Active Directory and working in a domain.
- Integrated Windows and Forms Authentication (simultaneously)
- WebApp first tries to authenticate the user using Windows. When this authentication fails (or is revoked by the user),
the user is allowed to log in using a form.
- This authentication method may not work properly due to technical limitations (see below).
If you want to set up forms authentication:
- In IIS Manager, click on the application Alvao and then click Authentication.
- Make sure that Anonymous Authentication
is enabled, Forms Authentication
is enabled, and Windows Authentication
is disabled.
- Open the Web.config file located in the Alvao WebApp folder in a text editor.
- Make sure that the authentication attribute mode is set to Forms and the loginUrl parameter
is set to ~/Account/Login.
Note:
For this authentication method, the options
Logout and
Change Password are available to the users.
Note:
If users are logging in with a password from Active Directory, the path to the AD server must be set in the
Administration - Settings - Active Directory.
Windows Integrated Authentication
To set up Windows Integrated Authentication:
- In IIS Manager, click on the application AlvaoWebApp and then click Authentication.
- Make sure Windows Authentication is enabled (and all others are disabled).
Caution:
Authentication must also be enabled on the website where the application is installed.
- Open the Web.config file located in the Alvao WebApp folder in a text editor.
- Make sure that the authentication attribute mode is set to Windows.
- In the IIS root, set Feature delegation
(Feature Delegation) - enable read or write in the following authentication modes: Anonymous
and Windows.
Caution:
There are no options available for this authentication method
Logout and
Change Password.
Caution:
This authentication method cannot be used to authenticate users who are not imported from Active Directory.
Caution:
For this authentication method to work properly, you need to have Alvao server address on the intranet.
If you want to use Windows integrated authentication for some computers and forms-based logon for other computers:
- In IIS Manager, click on the application Alvao and then click Authentication.
- Make sure that Anonymous Authentication
is enabled, Forms Authentication
is enabled, and Windows Authentication
is enabled.
Caution:
Authentication must also be enabled on the website where the application is installed.
- Open the Web.config file located in the Alvao WebApp folder in a text editor.
- Make sure that the authentication attribute mode is set to Forms and the loginUrl parameter
is set to ~/Account/MixedModeLogin.
- Set Feature Delegation in the IIS root.
- enable read or write in the following authentication modes: Anonymous, Forms, Windows.
- In Administration - Settings -
Integrated Authentication
enter the IP address ranges of the computers on the internal corporate network for which integrated authentication is to be applied. For all other computers, forms-based authentication will be used.
Caution:
If Windows authentication is successful, the
Logout and
Change Password options are not available.
Caution:
For computers that will be authenticated in an integrated manner, the same restrictions and assumptions apply as for Windows integrated authentication, see the caveats in the previous section.
Alvao Asset Management WebService
Asset Management WebService is part of the ALVAO Asset Management product. It is used to communicate with autonomous agents and also to remotely connect to the Asset Management Console.
Installation
- Make sure that the Microsoft OLE DB Driver is installed on the server.
- Log in as administrator and run the installation package AlvaoAssetWebService.msi.
- During installation, select the ALVAO AppPool .NET 4.0 application pool you have previously created.
- The installer creates a folder on disk (inetpub\wwwroot\AssetWebService)
and also a virtual directory in IIS (AssetWebService).
- In the web.config file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.
Note: To test the correct web-service setup, temporarily enable WSDL by commenting out the following section in the web.config file: <remove name="Documentation"/>.. Then enter the AssetWebService path (URL) in your web browser all the way to the "AssetWebService.asmx" file.
For example: https://server/AssetWebService/AssetWebService.asmx.
If set correctly, a list of operations is displayed. For security reasons, disable WSDL when the testing is finished.
Alvao Service
Alvao Service is an application that, among other things, automatically notifies users of missing licenses.
Installation
- Run the installation package AlvaoService.msi.
- The installer will install the service in the %Program Files%\ALVAO\AlvaoService folder.
- In the appsettings.json file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.
- Set the Alvao Service system service to run under the NT AUTHORITY\NETWORK SERVICE account.
- Start the system service.
Caution:
If you are using a database in a special instance (e.g., SQLServer\Alvao), you need to use double backslashes, instead of single backslash, in the config appsettings.json file.
Tip:
To verify functionality, you can run
AlvaoService.exe on your desktop or from the command line. Then exit the application.
Note:
If you need to change the
appsettings.json configuration file,
you need to stop the
Alvao Service service before making the change and start the service again after saving the configuration changes.
Alvao REST API
Alvao REST API is a web service implementing the REST API interface. Apart from the ALVAO Asset Management Enterprise API module, the REST API is used by many other components of the Alvao system.
Installation
- Log in as administrator and run the AlvaoRestApi.msi installation package. If you have a problem with UAC, run the installation from the command line using msiexec -i AlvaoRestApi.msi.
- When installing, in the AlvaoRestApi application pool field enter the AlvaoRestApi AppPool value and in the AlvaoRestApiWinAuth application pool field enter the AlvaoRestApiWinAuth AppPool value.
- The installer creates a folder on disk (inetpub\wwwroot\AlvaoRestApi) and also two virtual directories in IIS (AlvaoRestApi and AlvaoRestApiWinAuth).
- In the appsettings.json file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.
Caution:
AlvaoRestApi is set to
Anonymous Authentication and AlvaoRestApiWinAuth is set to
Windows Authentication. Both these settings must be stored in ApplicationHost.config file. Do not set authentication mode for these applications via IIS Manager.
Alvao Custom Apps WebService
Installation
- (Optional) Before installation, setting up the Windows Integrated Authentication is strongly recommended:
- In IIS Manager, click on the application AlvaoWebApp and then click Authentication.
- Make sure Windows Authentication is enabled (and all others are disabled).
Caution:
Authentication must also be enabled on the website where the application is installed.
- Open the web.config file located in the Alvao WebApp folder in a text editor.
- Make sure that in the configuration/system.web attribute is authentication mode is set to Windows.
- In the IIS root, set Feature delegation
(Feature Delegation) - enable read or write in the following authentication modes: Anonymous
and Windows.
Caution:
This authentication method cannot be used to authenticate users who are not imported from Active Directory.
- Log in as administrator and run the AlvaoCustomAppsWebService.msi installation package. If you have a problem with UAC, run the installation from the command line using msiexec -i AlvaoCustomAppsWebService.msi.
- When installing, select the ALVAO AppPool .NET 4.0 application pool.
- The installer creates a folder on disk (<InetPub>\wwwroot\AlvaoCustomAppsWebService) and also a virtual directory in IIS (AlvaoCustomAppsWebService).
- In the web.config file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.
Note:
Alvao Custom Apps WebService has
Windows authentication set up.
Assign database roles to application accounts
Set the database roles according to the following table:
Application |
Database roles |
Application account for local installation (in Azure use managed identities) |
Alvao WebApp |
public, db_datareader, db_datawriter, db_ddladmin, db_executor |
NT AUTHORITY\NETWORK SERVICE |
Alvao Asset WebService |
Alvao REST API |
Alvao Service |
db_owner, db_executor |
NT AUTHORITY\NETWORK SERVICE |
Asset Management Collector |
public, db_datareader, db_datawriter, db_ddladmin, db_executor |
NT AUTHORITY\SYSTEM |
In Microsoft Azure use the managed identities.
For local installation, use SQL Server Management Studio to set the roles. In the Security - Logins folder allow access to the individual application accounts and assign them database roles.
Azure managed identities
If you install Alvao in the Microsoft Azure cloud environment, we recommend using managed identities to control the application permission.
- On the Azure portal select a Virtual machine or an AppService.
- In Settings, select the Identity tab and set the Status to ON.
- Open SQL Server Manager Studio and modify and run the command to create a database user representing the particular managed identity:
CREATE USER <VM_or_AppService_name> FROM EXTERNAL PROVIDER;
- Set database roles of the user:
ALTER ROLE <database_role> ADD MEMBER <VM_or_AppService_name>
For the list of database roles see Assign database roles to application accounts.
- In the configuration of all server applications add the following snippet at the end of the database connection string:
Authentication=Active Directory Managed Identity
Initial setup
Once you have the application installed, let's do the initial setup:
- Go to Alvao WebApp (http://localhost/Alvao) and in Administration - License, enter the activation key.
You can obtain the key from your Alvao vendor. You can also obtain a temporary activation key to test the application at info@alvao.com.
Note:
When the database is activated, the activation key entered is verified over the Internet.
- On the Administration - Settings - Sending messages page, enter the SMTP server address, login credentials, and email address for sending messages from the Alvao.
- On the Administration - Settings - Active Directory and Microsoft Entra page, fill values according you chosen user authentication method.
- On the Administration - Settings - WebApp page, enter the WebApp root path in the WebApp (URL) field, e.g., http://contoso-server/alvao.
- By default, after installation, the application displays time data in the Coordinated Universal Time (UTC) time zone to users.
If necessary, change the default time zone in Administration - Settings - Languages and time zone.
- In Administration - Settings - Web services - Custom Apps WebService (URL) enter the path to the ALVAO Custom Apps WebService folder. For example: http://server/AlvaoCustomAppsWebService.
Asset Management Collector (deprecated)
This application is deprecated now. We recommend installing it only when necessary for backward compatibility.
Installation
- On the server where you want to run the Collector service, run the AlvaoAssetCollector.msi installation package.
- The installer will automatically install Collector as a service and start it.
Note:
In order to run
Asset Management Collector as an application, you must first stop its service.
Settings
- Stop the Asset Management Collector service.
- Release AMCollector.exe from the installed folder.
- Use the Action - Settings command to set up the database connection.
- It is recommended to enable logging to the file and set the level to "status and errors".
- Set the Asset Management Collector service to run under an account with administrator privileges. The services in Windows run by default with the permission "Local system account". In order to be able to detect stations on the network without using agents, the Asset Management Collector service must run with administrator privileges.
- Enable the selected account to access the Alvao database and assign it the required database roles.
- In Administration - Asset Management - Servers, enable the server with the Enable command.
- Run the Asset Management Collector service again.
Tip:
Other Collector settings are done in
Administration - Asset Management - Servers.
Caution:
If you set the log detail in the file to the
Detailed, the Collector will generate a large amount of data in the LOG file and the detection rate will be very slow. Therefore, setting it to
Detailed is only recommended for troubleshooting and is not recommended for normal operation.
Note:
If you only want to run Collector as an application and have installed it with
AM Console, you can run Collector from the
Start - ALVAO - Asset Management Collector (in this case there is no need to install AlvaoAssetCollector.msi).
Note:
After a new installation, automatic retrieval of detections from the %ProgramData%\ALC\ALVAO Asset Management Collector\Detections folder is enabled by default.
Did not find what you were looking for? Ask our technical support team.