Sie sehen die Flagge von Österreich

BMD
Österreich

Sie sehen die Flagge von Deutschland

BMD
Deutschland

Sie sehen die Flagge der Schweiz

BMD
Schweiz

Sie sehen die Flagge von Ungarn

BMD
Magyarország

Sie sehen die Flagge der Slowakei

BMD
Slovensko

Sie sehen die Flagge von Tschechien

BMD
Česko

Sie sehen die englische Flagge

BMD
International

Sie sehen die Flagge von Tschechien CZ
vyhledávání

Setting up BMD web applications

1.    Steps for setting up BMD web applications
    1.1.    IIS must be installed on the web server with the following role services (in addition to the default installations)
    1.2.    Create a separate Windows user
    1.3.    Create the folder structure on the web server according to the web application in use
    1.4.    Copy the necessary directories and files to the web server
    1.5.    Create BMD.ini on the web server
    1.6.    Depending on the web application, BMD.ini has to be extended.
    1.7.    Special constellations
    1.8.    Setup in IIS
    1.9.    Set up automatic update services
2.    Troubleshooting
3.    Security recommendations

1. Steps for setting up BMD web applications

This guide is for skilled computer administrators with experience in working with the Internet Information Webserver. On request, our BMD Technik team can set up the web applications for you. To make an appointment please contact: termin@bmd.at

 

1.1. IIS must be installed on the web server with the following role services (in addition to the default installations)

  1. Dynamic Content Compression
  2. ISAPI Extensions
  3. HTTP redirection
  4. IIS 6 Management Compatibility
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility
PowerShell
Add-WindowsFeature Web-Server,Web-Dyn-Compression,Web-ISAPI-Ext,Web-Http-Redirect,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Metabase,Web-WMI

 

A web application can process up to 30 concurrent users. For more than 30 concurrent users, you have to set up an appropriate load-balancing solution. To do so, please contact the BMD Technik team: technik@bmd.at

 

For BMD Go, no separate application pool is required. It is sufficient to set up BMD Web with an additional entry in BMD.INI.

 

BMD Online application is also part of BMD Web. It is opened via a special parameter: http://.... /bmdweb/bmdweb.dll/STARTFUNC/?func=MCS_FRMONLBEWWEB_CREATE

 

1.2. Create a separate Windows user

The application runs under this user. 

Web server = BMD server

Create user as local user (or as domain user)

 

Web server ≠ BMD server

Create user as local user (or as domain user) directly on the web server

  1. User name: e.g. bmdcom-sa (We recommend creating a separate user for each web application.)
    Web applicationUser name
    BMD Combmdcom-sa
    BMD Webbmdweb-sa
    BMD Online applicationbmdweb-sa
    BMD Web servicebmdntcsws-sa
  2. Password: any complex password
  3. The user cannot change the password and it never expires.
  4. Group membership
    • User or domain user
    • IIS_IUSRS

 

The created user must be granted permission to “Debug programs”. This either has to be configured in the local security policy or in the group policies.

 

1. 3. Create the folder structure on the web server according to the web application in use

  1. C:\Inetpub\"web application"
    Web applicationFolder structure
    BMD ComC:\Inetpub\bmdcom
    BMD WebC:\Inetpub\bmdweb
    BMD Online applicationC:\Inetpub\bmdweb
    BMD Web serviceC:\Inetpub\bmdntcsws
  2. Grant the respective user (e.g. bmdcom-sa) permission to “Read, execute” for this folder and remove the group “User” (NTFS inheritance has to be disabled in the advanced security settings).
  3. Set up the folder “LOG”.
  4. For this folder, you have to grant the user (e.g. bmdcom-sa) permission to “Change” and “Write”.

 

1.4. Copy the necessary directories and files to the web server

  1. Copy \\“BMDSERVER“\BMDNTCS_PGM\BMDWEBCORE2_SubFolder.zip to the previously created folder and unpack it. In terms of the BMD web service, you need to copy and unpack BMDNTCSWS_SubFolder.zip.
  2. Copy \BMDSERVER\BMDNTCS_PGM\bmdwebcore2.dll to the previously created folder and rename it according to the web application.
    (Exceptions BMD web service)

 

CAUTION! Danger of confusion! The files BMDWEBCORE_SubFolder.zip and bmdwebcore.dll are used for legacy BMD Web/Com applications.

Web application.dll
BMD Combmdcom.dll
BMD Webbmdweb.dll
BMD Online applicationbmdweb.dll
BMD Web serviceHere, you have to copy the file bmdntcsws.dll (instead of bmdwebcore2.dll).


Example (BMD Com):

1.5. Create BMD.INI on the web server

  1. Create a file called “BMD.INI” in the directory of the web application. 
  2. Depending on the constellation, there are different templates (please adjust the paths accordingly).
    PLEASE NOTE: If the paths contain spaces, enter them without ""!!
    The entries “ALIASCONFIG” and “ALIASNAMES” have to match the entries in the global BMD.INI which can be found in the general BMD NTCS program directory. Please also note that entry is case sensitive. Moreover, it must be possible for the web server to resolve the SQL server name (if DNS resolution is not possible, please specify it via the HOST file on the web server). This parameter defines the authentication type.
ConstellationContent of the BMD.INI
BMDSERVER = WEBSERVER

[BMD]
BIN=D:\PROGRAMME\BMDSoftware\BIN
NLS=D:\PROGRAMME\BMDSoftware\NLS
DATA=D:\PROGRAMME\BMDSoftware\DATEN
LOG=C:\Inetpub\”Web application”\LOG

[BMD\ALIASNAMES]
ALIAS0=BMDSERVER\BMD:BMD

[BMD\ALIASCONFIG]
BMDSERVER\BMD:BMD=ENCRYPTED, EXTENDED or SQL

BMDSERVER ≠ WEBSERVER[BMD]
BIN=C:\BMDUpdateservice\BIN
NLS=C:\BMDUpdateservice\NLS
DATA=C:\BMDUpdateservice\DATEN
LOG=C:\Inetpub\”Web application”\LOG

[BMD\ALIASNAMES]
ALIAS0=BMDSERVER\BMD:BMD

[BMD\ALIASCONFIG]
BMDSERVER\BMD:BMD=ENCRYPTED, EXTENDED or SQL

 

1.6. Depending on the web application, BMD.INI has to be extended.

Web applicationExtension in BMD.INI
BMD Com[BMD\BMDCOM2]
DBALIAS=BMDSERVER\BMD:BMD
FILESDIR=C:\Inetpub\bmdcom\FILES
BMD Web[BMD\BMDWEB2]
DBALIAS=BMDSERVER\BMD:BMD
FILESDIR=C:\Inetpub\bmdweb\FILES
BMD Online applicationNo additional entries are necessary here.
BMD Web service

No additional entries are necessary here.

 

1.7. Special constellations

  1. In the case of BMD Go, the functionality of BMD Web should be deactivated completely.
    Web applicationExtensions in BMD.INI
    BMD Go[BMD\BMDWEB2]
    HANDLEDREQUESTS=REST
  2. In the case of BMD Online application, the functionality of BMD Web should be deactivated completely.
    Web applicationExtensions in BMD.INI
    BMD Online application[BMD\BMDWEB2]
    AUTOSTART_SUBTYPE_MCS=MCS_FRMONLBEWWEB_CREATE
  3. The default timeout of 30 minutes should be adjusted.
    Web applicationExtensions in BMD.INI
    BMD Com[BMD\BMDCOM2]
    TIMEOUT=10
    BMD Web[BMD\BMDWEB2]
    TIMEOUT=10

 

1.8. Setup in IIS

(only different when it comes to the names of individual web applications)

  1. Set up an application pool according to the web application.
    Web applicationName of the application pool
    BMD Combmdcom
    BMD Webbmdweb
    BMD Online applicationbmdweb
    BMD Web servicebmdntcsws

 

Example (BMD Com):

 

2. Adjust the advanced settings of the application pool

  • Enable 32-bit applications => TRUE
  • Start mode => AlwaysRunning
  • Identity => define the user, e.g. bmdcom-sa
  • Idle timeout (minutes) => 0
  • Ping enabled => TRUE
  • Rapid-Fail Protection enabled => FALSE

3. Add a new application (according to the web application) using the context menu of the Default Web Site:

Web applicationName of the application
BMD Combmdcom
BMD Webbmdweb
BMD Online applicationbmdweb
BMD Web servicebmdntcsws
  • Specify the application pool.
  • “Connect as” => define the respective user, e.g. bmdcom-sa.

 

Example (BMD Com):

 

4. Adjust the following settings in the application that you have just created:
 Add default document => the respective .dll of the application

Web applicationName of .dll file
BMD Combmdcom.dll
BMD Webbmdweb.dll
BMD Online applicationbmdweb.dll
BMD Web servicebmdntcsws.dll

 

Example (BMD Com):

 

5. Enable the ISAPI-dll in the “Handler Mappings”:

 

6. The .dll of the web application still needs to be added as an ISAPI in the ISAPI and CGI restrictions (at the level of the web server):

Web applicationISAPI or CGI path
BMD ComC:\Inetpub\bmdcom\bmdcom.dll
BMD WebC:\Inetpub\bmdweb\bmdweb.dll
BMD Online applicationC:\Inetpub\bmdweb\bmdweb.dll
BMD Web serviceC:\Inetpub\bmdntcsws\bmdntcsws.dll

 


Example (BMD Com):

 

7. Go to Request Filtering for the respective website and increase the upload limit of the application to slightly over 100 MB (e.g. 107520000 bytes), as the default value in BMD NTCS is 100 MB. This ensures that the IIS limit is high enough and the limit in BMD NTCS is reached first so that a corresponding BMD NTCS message is generated when the limit is exceeded:

 

Example for BMD Com:

 

Detailansicht Technik1.9. Set up automatic update services

Setting up an automatic update service depends on the constellation (adjust paths accordingly). You have to set up and start the update service. Once it is completed (entry in the log: update complete), you can test calling the website.

 

ConstellationContent of BMDService.INI
BMDSERVER = WEBSERVER 
  1. Edit the file \\“BMDSERVER“\BMDNTCS_PGM\bmdservice.INI and set the following entry:
    [BMDUPDATESERVICE]
    UpdateClient=2
  2. Restart the service “BMDNtcsSvc”
  3. Check the file \\“BMDSERVER“\BMDNTCS_PGMDATA\LOG\bmdntcssvc.log
 

BMDSERVER ≠ WEBSERVER

 
  1. Copy the files BMDNtcsSvc.exe – libeay32.dll – ssleay32.dll – msvcr71.dll from the directory \\“BMDSERVER“\BMDNTCS_PGM to a local directory on the web server (e.g. C:\BMDUpdateservice)
  2. Create a bmdservice.INI file in the same directory with the following specifications:
    [BMDUPDATESERVICE]
    UpdateClient=1
    Host=BMDSERVER
    Port=81
  3. Create a BMD.INI file in the same directory with the following specifications:
    [BMD]
    BIN=C:\BMDUpdateservice\BIN
    NLS=C:\BMDUpdateservice\NLS
    DATA=C:\BMDUpddateservice\DATEN
    LOG=C:\BMDUpdateservice\LOG
    [BMD\ALIASNAMES]
    ALIAS0=BMDSERVER\BMD:BMD
  4. Use a command, e.g. C:\BMDUpdateservice\BMDNtcsSvc.exe/install, to create the service on the web server and then start it.
  5. Check the file, e.g. C:\BMDUpdateservice\LOG\bmdntcssvc.log
 

 

 

Detailansicht Technik2. Troubleshooting

  • Check if all the required ports from the web server to the application server are reachable - see BMD programs and (software) firewalls.
  • The website displays a “Service unavailable” notification and the application pool is being stopped automatically each time:
    • Check whether the user bmdcom-sa is specified with the correct password on the website as well as in the application pool.
    • Check whether the permissions for the required directories are correct.
    • Check whether the user bmdcom-sa has the permission “Log on as batch processing order” (should be the case by default due to the membership in the group IIS_IUSRS).
  • The login window opens but without the background or text on the buttons:
    • Check the BIN, NLS and FILES directories in BMD.INI and their permissions for the bmdcom-sa user.
       
  • A database connection error occurs when logging in:
    • Check the ALIAS entry in BMD.INI
    • Name resolution not possible (especially in the case of a web server in a DMZ)
  • Uploading the Databox or sharing documents is not possible:
    • The service BMDNTCSSVC must be actively running and the document archive in BMD NTCS has to operate as “storage via service”.
    • Name resolution not possible (especially in the case of a web server in a DMZ)
  • The browser displays a message stating “Possible DoS Attack...”
    • The BMD web applications are equipped with protection against denial-of-service attacks. If more than 20 accesses occur within 5 minutes from one IP address, further accesses are blocked by the web application. This value can be changed via a parameter in BMD.INI on the web server. This might be necessary if you are using a load balancer and it is therefore always the same IP which accesses the webserver.
    • To do so, set the following entries in section [BMD\BMDWEB2]:
      • DOS_TIME_RANGE=5 (time in minutes)
      • DOS_ALLOWEDSESSIONS=100 (number of accesses by one IP address)

 

Detailansicht Technik3. Security recommendations

Please also refer to our BMD NTCS hardening guide:  BMD NTCS Hardening Guide

Section:

Setting Up BMD Web Applications




BMD Česká republika
Komplexní informační technologie s.r.o.

Salvátorská 931/8

CZ-11000 Praha

obchod@kit.cz
 

BMD Česká republika
Komplexní informační technologie s.r.o.

Chelčického 15

CZ-37001 České Budějovice

+420 387 312 345

obchod@kit.cz

Follow us

Sledujte nás na Facebook
Sledujte nás na Xing
Sledujte nás na LinkedIn
Sledujte nás na YouTube
Sledujte nás na Kununu
Sledujte nás na Instagram