Alvao Server - manual installation

Make sure the server you want to install the Alvao Server on meets the technical requirements.

Turn on necessary IIS features on the server.

Create new database

1. From the ALVAO downloads page, download the DatabaseDeploy.zip file.
2. Extract the ZIP package to any folder on the disk.
3. Check that you have permission to create a new database on the target SQL Server in either MS Azure or a local server, respectively.
4. Use the DatabaseDeploy utility to create a new database.

Create IIS application pools

If you install Alvao on a local server or a VM in cloud, create several IIS application pools as follows:

1. Open the Internet Information Services (IIS) Manager.

2. Select Application Pools and right-click in the right pane and select Add Application Pool...

3. As the Name of the new pool enter AlvaoWebApp AppPool. As the .NET Framework version select No Managed Code. In the Manage pipeline mode field select Integrated and then click OK.

4. Then right-click on the newly created application pool and select Advanced settings...

5. First, change the Reqular Time Interval (minutes) property value to 43200, i.e. 30 days. Second, change the Idle Time-out (minutes) property value to 43199.

6. You also need to change the Identity field value to NetworkService.

7. Repeat the steps above to create another application pools for other applications:

   • AlvaoCustomAppsWebService AppPool
   • AlvaoRestApi AppPool
   • AlvaoRestApiWinAuth AppPool

8. Make sure that identity for AlvaoWebApp AppPool has write permission to C:\Windows\System32\config\systemprofile and C:\inetpub\wwwroot\Alvao folders on the application server.

tip

For more information on IIS application pools, see the following articles:

• Specify an Identity for an Application Pool (IIS 7)
• Application Pool Identities

Alvao WebApp

Installation

1. Log in as administrator and run the installation package AlvaoWebApp.msi. If you have a problem with UAC, run the installation from the command line using msiexec -i AlvaoWebApp.msi.

2. In the installation wizard, select the AlvaoWebApp AppPool application pool you have previously created.

3. The installer will create inetpub\wwwroot\Alvao folder on disk and also Alvao virtual directory in IIS.

4. In the appsettings.json file of the installed application, set the database connection string.

We recommend installing the Alvao WebApp in a folder on IIS (e.g., inetpub\wwwroot\Alvao) and not placing it directly in the web-site's root.

User authentication

For proper functionality of Alvao WebApp it is necessary to configure the user authentication method in IIS.

Available authentication methods:

• Microsoft Entra ID authentication
  • Authentication is delegated to Microsoft Entra ID and users are also provisioned from Microsoft Entra ID.
  • This authentication method is recommended if all users have an Entra ID user account.
• Form Authentication
  • Authentication by entering username and password.
  • This method of authentication should be used if the WebApp is accessible from the Internet.
• Windows Integrated Authentication
  • Authentication without the need to enter a username and password (in case of successful integrated authentication).
  • This authentication method is appropriate to use when both the solution teams and requesters are from Active Directory and working in a domain.
• Integrated Windows and Forms Authentication (simultaneously)
  • WebApp first tries to authenticate the user using Windows. When this authentication fails (or is revoked by the user), the user is allowed to log in using a form.
  • This authentication method may not work properly due to technical limitations (see below).

Microsoft Entra ID authentication

If you want to use Microsoft Entra ID authentication, first enable forms authentication, then follow the steps on Microsoft Entra ID authentication page.

Windows Integrated Authentication

To set up Windows Integrated Authentication:

1. In IIS Manager, click on the application Alvao and then click Authentication.

2. Make sure Windows Authentication is enabled (and all others are disabled).

   warning

   Authentication must also be enabled on the website where the application is installed.

3. Open the appsettings.json file located in the Alvao WebApp folder in a text editor.

4. Make sure that the LoginUrl attribute is set to /Account/LoginIntegrated.

5. In the IIS root, set Feature delegation (Feature Delegation) - enable read or write in the following authentication modes:

   • Anonymous
   • Windows

warning

This authentication method cannot be used to authenticate users who are not imported from Active Directory.

warning

For this authentication method to work properly, you need to have Alvao server address on the intranet.

Form authentication

If you want to set up forms authentication:

1. In IIS Manager, click on the application Alvao and then click Authentication.

2. Make sure that Anonymous Authentication is enabled and Windows Authentication (if present) is disabled.

3. Open the appsettings.json file located in the Alvao WebApp folder in a text editor.

4. Make sure that the LoginUrl attribute is set to /Account/Login.

If users are logging in with a password from Active Directory, the path to the AD server must be set in the Administration - Settings - Active Directory.

Windows and Forms Integrated Authentication (simultaneously)

If you want to use Windows integrated authentication for some computers and forms-based logon for other computers:

1. In IIS Manager, click on the application Alvao and then click Authentication.

2. Make sure that Anonymous Authentication is enabled and Windows Authentication is enabled.

   warning

   Authentication must also be enabled on the website where the application is installed.

3. In the Alvao WebApp installation folder, copy the SampleWebMixedMode.config file and replace the web.config file with it.

4. Open the appsettings.json file located in the Alvao WebApp folder in a text editor.

5. Make sure that the LoginUrl attribute is set to /Account/MixedModeLogin.

6. Set Feature Delegation in the IIS root. - enable read or write in the following authentication modes: Anonymous, Forms, Windows.

7. In Administration - Settings - Integrated Authentication enter the IP address ranges of the computers on the internal corporate network for which integrated authentication is to be applied. For all other computers, forms-based authentication will be used.

warning

For computers that will be authenticated in an integrated manner, the same restrictions and assumptions apply as for Windows integrated authentication, see the caveats in the previous section.

Alvao Asset Management WebService

warning

Install AM WebService only when upgrading from older versions of Alvao. It is not needed for new implementations.

Asset Management WebService is part of the ALVAO Asset Management product. It is used to communicate with autonomous agents that do not yet communicate with the REST API. WebService sends them the URL to the REST API and the agents do not communicate with WebService after that. It can be uninstalled after all agents are upgraded to communication with the REST API.

Upgrade

1. Make sure that the Microsoft OLE DB Driver is installed on the server.

2. Log in as administrator and run the installation package AlvaoAssetWebService.msi.

3. During installation, select the ALVAO AppPool .NET 4.0 application pool you have previously created.

4. The installer creates a folder on disk (inetpub\wwwroot\AssetWebService) and also a virtual directory in IIS (AssetWebService).

5. In the web.config file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.

note

To test the correct web-service setup, temporarily enable WSDL by commenting out the following section in the web.config file: <remove name="Documentation"/>.. Then enter the AssetWebService path (URL) in your web browser all the way to the "AssetWebService.asmx" file. For example: https://server/AssetWebService/AssetWebService.asmx. If set correctly, a list of operations is displayed. For security reasons, disable WSDL when the testing is finished.

Alvao Service

Alvao Service performs background task for Alvao WebApp and other applications.

Installation

1. Run the installation package AlvaoService.msi.

2. The installer will install the service in the %Program Files%\ALVAO\AlvaoService folder.

3. In the appsettings.json file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.

4. Set the Alvao Service system service to run under the NT AUTHORITY\NETWORK SERVICE account.

5. Start the system service.

warning

If you are using a database in a special instance (e.g., SQLServer\Alvao), you need to use double backslashes, instead of single backslash, in the config appsettings.json file.

tip

To verify functionality, you can run AlvaoService.exe on your desktop or from the command line. Then exit the application.

note

If you need to change the appsettings.json configuration file, you need to stop the Alvao Service service before making the change and start the service again after saving the configuration changes.

Alvao REST API

Alvao REST API is a web service implementing the REST API interface. Apart from the ALVAO Asset Management Enterprise API module, the REST API is used by many other components of the Alvao system.

Installation

1. Log in as administrator and run the AlvaoRestApi.msi installation package. If you have a problem with UAC, run the installation from the command line using msiexec -i AlvaoRestApi.msi.

2. When installing, in the AlvaoRestApi application pool field enter the AlvaoRestApi AppPool value and in the AlvaoRestApiWinAuth application pool field enter the AlvaoRestApiWinAuth AppPool value.

3. The installer creates inetpub\wwwroot\AlvaoRestApi folder on disk and also AlvaoRestApi, and AlvaoRestApiWinAuth virtual directories in IIS.

4. In the appsettings.json file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.

warning

AlvaoRestApi is set to Anonymous Authentication and AlvaoRestApiWinAuth is set to Windows Authentication. Both these settings must be stored in ApplicationHost.config file. Do not set authentication mode for these applications via IIS Manager.

Alvao Custom Apps WebService

Installation

1. (Optional) Before installation, setting up the Windows Integrated Authentication is strongly recommended:

   1. In IIS Manager, click on the application AlvaoCustomAppsWebService and then click Authentication.

   2. Make sure Windows Authentication is enabled (and all others are disabled).

      warning

      Authentication must also be enabled on the website where the application is installed.

   3. Open the web.config file located in the Alvao WebApp folder in a text editor.

   4. Make sure that in the configuration/system.web attribute is authentication mode is set to Windows.

   5. In the IIS root, set Feature delegation (Feature Delegation) - enable read or write in the following authentication modes:

      • Anonymous
      • Windows
   warning

   This authentication method cannot be used to authenticate users who are not imported from Active Directory.

   warning

   For this authentication method to work properly, you need to have Alvao server address on the intranet.

2. Log in as administrator and run the AlvaoCustomAppsWebService.msi installation package. If you have a problem with UAC, run the installation from the command line using msiexec -i AlvaoCustomAppsWebService.msi.

3. When installing, select the AlvaoCustomAppsWebService AppPool application pool.

4. The installer creates <inetpub>\wwwroot\AlvaoCustomAppsWebService folder on disk and also AlvaoCustomAppsWebService virtual directory in IIS.

5. In the appsettings.json file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.

note

Alvao Custom Apps WebService has Windows authentication set up.

Assign database roles to application accounts

Set the database roles according to the following table:

Application	Database roles	Application account for local installation (in Azure use managed identities)
Alvao WebApp	public, db_datareader, db_datawriter, db_ddladmin, db_executor	NT AUTHORITY\NETWORK SERVICE
Alvao Custom Apps WebService
Alvao REST API
Alvao Service	db_owner, db_executor	NT AUTHORITY\NETWORK SERVICE

In Microsoft Azure use the managed identities.

For local installation, use SQL Server Management Studio to set the roles. In the Security - Logins folder allow access to the individual application accounts and assign them database roles.

Azure managed identities

If you install Alvao in the Microsoft Azure cloud environment, we recommend using managed identities to control the application permission.

1. On the Azure portal select a Virtual machine or an AppService.
2. In Settings, select the Identity tab and set the Status to ON.
3. Open SQL Server Manager Studio and modify and run the command to create a database user representing the particular managed identity:

CREATE USER <VM_or_AppService_name> FROM EXTERNAL PROVIDER;

4. Set database roles of the user:

ALTER ROLE <database_role> ADD MEMBER <VM_or_AppService_name>

For the list of database roles see Assign database roles to application accounts.

5. In the configuration of all server applications add the following snippet at the end of the database connection string: Authentication=Active Directory Managed Identity.

Initial setup

Once you have the application installed, let's do the initial setup:

1. Go to Alvao WebApp ( https://localhost/Alvao) and in Administration - License, enter the activation key. You can obtain the key from your Alvao vendor. You can also obtain a temporary activation key to test the application at info@alvao.com.

   note

   When the database is activated, the activation key entered is verified over the Internet.

2. On the Administration - Settings - Sending messages page, enter the SMTP server address, login credentials, and email address for sending messages from the Alvao.

3. On the Administration - Settings - Active Directory and Microsoft Entra page, fill values according you chosen user authentication method.

4. On the Administration - Settings - WebApp page, enter the WebApp root path in the WebApp (URL) field, e.g., https://contoso-server/alvao.

5. By default, after installation, the application displays time data in the Coordinated Universal Time (UTC) time zone to users. If necessary, change the default time zone in Administration - Settings - Languages and time zone.

6. In Administration - Settings - Web services - Custom Apps WebService (URL) enter the path to the ALVAO Custom Apps WebService folder. For example: https://server/AlvaoCustomAppsWebService.

Asset Management Collector (deprecated)

This application is deprecated now. We recommend installing it only when necessary for backward compatibility.

Installation

1. On the server where you want to run the Collector service, run the AlvaoAssetCollector.msi installation package.
2. The installer will automatically install Collector as a service and start it.

note

In order to run Asset Management Collector as an application, you must first stop its service.

Settings

1. Stop the Asset Management Collector service.
2. Release AMCollector.exe from the installed folder.
3. Use the Action - Settings command to set up the database connection.
4. It is recommended to enable logging to the file and set the level to "status and errors".
5. Set the Asset Management Collector service to run under an account with administrator privileges. The services in Windows run by default with the permission "Local system account". In order to be able to scan stations on the network without using agents, the Asset Management Collector service must run with administrator privileges.
6. Enable the selected account to access the Alvao database and assign it the required database roles.
7. In Administration - Asset Management - Servers, enable the server with the Enable command.
8. Run the Asset Management Collector service again.

tip

Other Collector settings are done in Administration - Asset Management - Servers.

warning

If you set the log detail in the file to the Detailed, the Collector will generate a large amount of data in the LOG file and the scan rate will be very slow. Therefore, setting it to Detailed is only recommended for troubleshooting and is not recommended for normal operation.

note

If you only want to run Collector as an application and have installed it with AM Console, you can run Collector from the Start - ALVAO - Asset Management Collector (in this case there is no need to install AlvaoAssetCollector.msi).

note

After a new installation, automatic retrieval of scans from the %ProgramData%\ALC\ALVAO Asset Management Collector\Scans folder is enabled by default.