Alvao Server - manual installation

Make sure the server you want to install the Alvao Server on meets the technical requirements.

Turn on necessary IIS features on the IIS server and install the Full-Text and Semantics Extractions for Search component on the SQL Server.

Create new database

1. From the Downloads page, download the DatabaseDeploy.zip file.
2. Extract the ZIP package to any folder on the disk.
3. Check that you have permission to create a new database on the target SQL Server in either MS Azure or a local server, respectively.
4. Use the DatabaseDeploy utility to create a new database.

Create IIS application pools

If you install Alvao on a local server or a VM in cloud, create several IIS application pools as follows:

1. Open the Internet Information Services (IIS) Manager.

2. Select Application Pools and right-click in the right pane and select Add Application Pool...

3. As the Name of the new pool enter AlvaoWebApp AppPool. As the .NET Framework version select No Managed Code. In the Manage pipeline mode field select Integrated and then click OK.

4. Then right-click on the newly created application pool and select Advanced settings...

5. First, change the Reqular Time Interval (minutes) property value to 43200, i.e. 30 days. Second, change the Idle Time-out (minutes) property value to 43199.

6. You also need to change the Identity field value to NetworkService.

7. Repeat the steps above to create another application pools for other applications:

   • AlvaoCustomAppsWebService AppPool
   • AlvaoRestApi AppPool
   • AlvaoRestApiWinAuth AppPool

8. Make sure that the AlvaoWebApp AppPool's identity has the following permissions in the disk folders on the application server:

   • Folder: C:\Windows\System32\config\systemprofile
     • write
   • Folder: C:\inetpub\wwwroot\Alvao
     • write
     • modify

tip

For more information on IIS application pools, see the following articles:

• Specify an Identity for an Application Pool (IIS 7)
• Application Pool Identities

Alvao WebApp

Installation

1. Log in as administrator and run the installation package AlvaoWebApp.msi. If you have a problem with UAC, run the installation from the command line using msiexec -i AlvaoWebApp.msi.

2. In the installation wizard, select the AlvaoWebApp AppPool application pool you have previously created.

3. The installer will create inetpub\wwwroot\Alvao folder on disk and also Alvao virtual directory in IIS.

4. In the appsettings.json file of the installed application, set the database connection string.

We recommend installing the Alvao WebApp in a folder on IIS (e.g., inetpub\wwwroot\Alvao) and not placing it directly in the web-site's root.

User authentication

For proper functionality of Alvao WebApp it is necessary to configure the user authentication method in IIS.

Available authentication methods:

• Microsoft Entra ID authentication
  • Authentication is delegated to Microsoft Entra ID and users are also provisioned from Microsoft Entra ID.
  • This authentication method is recommended if all users have an Entra ID user account.
• Form Authentication
  • Authentication by entering username and password.
  • This method of authentication should be used if the WebApp is accessible from the Internet.
• Windows Integrated Authentication
  • Authentication without the need to enter a username and password (in case of successful integrated authentication).
  • This authentication method is appropriate to use when both the solution teams and requesters are from Active Directory and working in a domain.
• Integrated Windows and Forms Authentication (simultaneously)
  • WebApp first tries to authenticate the user using Windows. When this authentication fails (or is revoked by the user), the user is allowed to log in using a form.
  • This authentication method may not work properly due to technical limitations (see below).

Microsoft Entra ID authentication

If you want to use Microsoft Entra ID authentication, first enable forms authentication, then follow the steps on Microsoft Entra ID authentication page.

Windows Integrated Authentication

To set up Windows Integrated Authentication:

1. In IIS Manager, click on the application Alvao and then click Authentication.

2. Make sure Windows Authentication is enabled (and all others are disabled).

   warning

   Authentication must also be enabled on the website where the application is installed.

3. Open the appsettings.json file located in the Alvao WebApp folder in a text editor.

4. Make sure that the LoginUrl attribute is set to /Account/LoginIntegrated.

5. In the IIS root, set Feature delegation (Feature Delegation) - enable read or write in the following authentication modes:

   • Anonymous
   • Windows

warning

This authentication method cannot be used to authenticate users who are not imported from Active Directory.

warning

For this authentication method to work properly, you need to have Alvao server address on the intranet.

Form authentication

If you want to set up forms authentication:

1. In IIS Manager, click on the application Alvao and then click Authentication.

2. Make sure that Anonymous Authentication is enabled and Windows Authentication (if present) is disabled.

3. Open the appsettings.json file located in the Alvao WebApp folder in a text editor.

4. Make sure that the LoginUrl attribute is set to /Account/Login.

If users are logging in with a password from Active Directory, the path to the AD server must be set in the Administration - Settings - Active Directory.

Windows and Forms Integrated Authentication (simultaneously)

If you want to use Windows integrated authentication for some computers and forms-based logon for other computers:

1. In IIS Manager, click on the application Alvao and then click Authentication.

2. Make sure that Anonymous Authentication is enabled and Windows Authentication is enabled.

   warning

   Authentication must also be enabled on the website where the application is installed.

3. In the Alvao WebApp installation folder, copy the SampleWebMixedMode.config file and replace the web.config file with it.

4. Open the appsettings.json file located in the Alvao WebApp folder in a text editor.

5. Make sure that the LoginUrl attribute is set to /Account/MixedModeLogin.

6. Set Feature Delegation in the IIS root. - enable read or write in the following authentication modes: Anonymous, Forms, Windows.

7. In Administration - Settings - Integrated Authentication enter the IP address ranges of the computers on the internal corporate network for which integrated authentication is to be applied. For all other computers, forms-based authentication will be used.

warning

For computers that will be authenticated in an integrated manner, the same restrictions and assumptions apply as for Windows integrated authentication, see the caveats in the previous section.

Alvao Service

Alvao Service performs background task for Alvao WebApp and other applications.

Installation

1. Run the installation package AlvaoService.msi.

2. The installer will install the service in the %Program Files%\ALVAO\AlvaoService folder.

3. In the appsettings.json file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.

4. Set the Alvao Service system service to run under the NT AUTHORITY\NETWORK SERVICE account.

5. Start the system service.

warning

If you are using a database in a special instance (e.g., SQLServer\Alvao), you need to use double backslashes, instead of single backslash, in the config appsettings.json file.

tip

To verify functionality, you can run AlvaoService.exe on your desktop or from the command line. Then exit the application.

note

If you need to change the appsettings.json configuration file, you need to stop the Alvao Service service before making the change and start the service again after saving the configuration changes.

Alvao REST API

Alvao REST API is a web service implementing the REST API interface. Apart from the ALVAO Asset Management Enterprise API module, the REST API is used by many other components of the Alvao system.

Installation

1. Log in as administrator and run the AlvaoRestApi.msi installation package. If you have a problem with UAC, run the installation from the command line using msiexec -i AlvaoRestApi.msi.

2. When installing, in the AlvaoRestApi application pool field enter the AlvaoRestApi AppPool value and in the AlvaoRestApiWinAuth application pool field enter the AlvaoRestApiWinAuth AppPool value.

3. The installer creates inetpub\wwwroot\AlvaoRestApi folder on disk and also AlvaoRestApi, and AlvaoRestApiWinAuth virtual directories in IIS.

4. In the appsettings.json file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.

warning

AlvaoRestApi is set to Anonymous Authentication and AlvaoRestApiWinAuth is set to Windows Authentication. Both these settings must be stored in ApplicationHost.config file located in the %windir%\system32\inetsrv\config folder. Do not set authentication mode for these applications via IIS Manager.

Alvao Custom Apps WebService

Installation

1. (Optional) Before installation, setting up the Windows Integrated Authentication is strongly recommended:

   1. In IIS Manager, click on the application AlvaoCustomAppsWebService and then click Authentication.

   2. Make sure Windows Authentication is enabled (and all others are disabled).

      warning

      Authentication must also be enabled on the website where the application is installed.

   3. Open the web.config file located in the Alvao WebApp folder in a text editor.

   4. Make sure that in the configuration/system.web attribute is authentication mode is set to Windows.

   5. In the IIS root, set Feature delegation (Feature Delegation) - enable read or write in the following authentication modes:

      • Anonymous
      • Windows
   warning

   This authentication method cannot be used to authenticate users who are not imported from Active Directory.

   warning

   For this authentication method to work properly, you need to have Alvao server address on the intranet.

2. Log in as administrator and run the AlvaoCustomAppsWebService.msi installation package. If you have a problem with UAC, run the installation from the command line using msiexec -i AlvaoCustomAppsWebService.msi.

3. When installing, select the AlvaoCustomAppsWebService AppPool application pool.

4. The installer creates <inetpub>\wwwroot\AlvaoCustomAppsWebService folder on disk and also AlvaoCustomAppsWebService virtual directory in IIS.

5. In the appsettings.json file of the installed application set the database connection string. Use the same connection string as for the Alvao WebApp application.

note

Alvao Custom Apps WebService has Windows authentication set up.

Assign database roles to application accounts

Set the database roles according to the following table:

Application	Database roles	Application account for local installation (in Azure use managed identities)
Alvao WebApp	public, db_datareader, db_datawriter, db_ddladmin, db_executor	NT AUTHORITY\NETWORK SERVICE
Alvao Custom Apps WebService
Alvao REST API
Alvao Service	db_owner, db_executor	NT AUTHORITY\NETWORK SERVICE

In Microsoft Azure use the managed identities.

For local installation, use SQL Server Management Studio to set the roles. In the Security - Logins folder allow access to the individual application accounts and assign them database roles.

Azure managed identities

If you install Alvao in the Microsoft Azure cloud environment, we recommend using managed identities to control the application permission.

1. On the Azure portal select a Virtual machine or an AppService.
2. In Settings, select the Identity tab and set the Status to ON.
3. Open SQL Server Manager Studio and modify and run the command to create a database user representing the particular managed identity:

CREATE USER <VM_or_AppService_name> FROM EXTERNAL PROVIDER;

4. Set database roles of the user:

ALTER ROLE <database_role> ADD MEMBER <VM_or_AppService_name>

For the list of database roles see Assign database roles to application accounts.

5. In the configuration of all server applications add the following snippet at the end of the database connection string: Authentication=Active Directory Managed Identity.

Initial setup

Once you have the application installed, let's do the initial setup:

1. Go to Alvao WebApp ( https://localhost/Alvao) and in Administration - License, enter the activation key. You can obtain the key from your Alvao vendor. You can also obtain a temporary activation key to test the application at info@alvao.com.

   note

   When the database is activated, the activation key entered is verified over the Internet.

2. On the Administration - Settings - Outbound emails page, enter the SMTP server address, login credentials, and email address for sending messages from the Alvao.

3. On the Administration - Settings - Active Directory and Microsoft Entra page, fill values according you chosen user authentication method.

4. On the Administration - Settings - WebApp page, enter the WebApp root path in the WebApp (URL) field, e.g., https://contoso-server/alvao.

5. By default, after installation, the application displays time data in the Coordinated Universal Time (UTC) time zone to users. If necessary, change the default time zone in Administration - Settings - Language and time.

6. In Administration - Settings - Web services - Custom Apps WebService (URL) enter the path to the ALVAO Custom Apps WebService folder. For example: https://server/AlvaoCustomAppsWebService.