Sie sehen die Flagge von Österreich

BMD
Österreich

Sie sehen die Flagge von Deutschland

BMD
Deutschland

Sie sehen die Flagge der Schweiz

BMD
Schweiz

Sie sehen die Flagge von Ungarn

BMD
Magyarország

Sie sehen die Flagge der Slowakei

BMD
Slovensko

Sie sehen die Flagge von Tschechien

BMD
Česko

Sie sehen die englische Flagge

BMD
International

Sie sehen die Flagge der Slowakei SK
Vyhľadaj

Setting up BMD Web applications

09.12.2020 | Einrichten BMD Webanwendungen

1. Steps for setting up BMD Web applications

This guide is for skilled computer administrators with experience in working with the Internet Information Webserver. On request, our BMD Technik team can set up the web applications for you. To make an appointment please contact: termin@bmd.at

 

1.1. IIS must be installed on the web server with the following role services (in addition to the default installations)

  1. Dynamic Content Compression
  2. ISAPI Extensions
  3. HTTP redirection
  4. IIS 6 Management Compatibility
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility
PowerShell
Add-WindowsFeature Web-Server,Web-Dyn-Compression,Web-ISAPI-Ext,Web-Http-Redirect,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Metabase,Web-WMI

 

A web application can process up to 30 concurrent users. For more than 30 concurrent users, you have to set up an appropriate load-balancing solution. To do so, please contact the BMD Technik team: technik@bmd.at

 

For BMD Mobile, no separate application pool is required. It is sufficient to set up the BMD Web application with an additional entry in BMD.INI.

 

BMD Online application is also part of BMD Web. It is opened via a special parameter: http://.... /bmdweb/bmdweb.dll/STARTFUNC/?func=MCS_FRMONLBEWWEB_CREATE

 

1.2. Create a separate Windows user

The application runs under this user. 

Web server = BMD server

Create user as local user (or as domain user)

 

Web server ≠ BMD server

Create user as local user (or as domain user) directly on the web server

  1. User name: e.g. bmdcom-sa (It is recommended to create a separate user for each web application.)
    Web applicationUser name
    BMD Combmdcom-sa
    BMD Webbmdweb-sa
    BMD Mobilebmdweb-sa
    BMD Online applicationbmdweb-sa
    BMD Web servicebmdntcsws-sa
  2. Password: any complex password
  3. The user cannot change the password and it never expires.
  4. Group membership
    • User or domain user
    • IIS_IUSRS

 

The created user must be granted permission to "Debug programs". This either has to be configured in the local security policy or in the group policies.

 

1. 3. Create the folder structure on the web server according to the web application in use

  1. C:\Inetpub\"web application"
    Web applicationFolder structure
    BMD ComC:\Inetpub\bmdcom
    BMD WebC:\Inetpub\bmdweb
    BMD MobileC:\Inetpub\bmdweb
    BMD Online applicationC:\Inetpub\bmdweb
    BMD Web serviceC:\Inetpub\bmdntcsws
  2. For this folder, grant the respective user (e.g. bmdcom-sa) permission to "Read, execute" and remove the group "user" (NTFS inheritance has to be disabled in the advanced security settings).
  3. Set up the folder "LOG".
  4. For this folder you have to grant the user (e.g. bmdcom-sa) permission to "Change" and "Write".

 

1.4. Copy the necessary directories and files to the web server

  1. Copy \\“BMDSERVER“\BMDNTCS_PGM\BMDWEBCORE2_SubFolder.zip to the previously created folder and unpack it. In terms of the BMD web service, you need to copy and unpack BMDNTCSWS_SubFolder.zip.
  2. Copy \BMDSERVER\BMDNTCS_PGM\bmdwebcore2.dll to the previously created folder and rename it according to the web application.
    (Exceptions BMD web service)

 

CAUTION! Danger of confusion! The files BMDWEBCORE_SubFolder.zip and bmdwebcore.dll are used for legacy BMD Web/Com applications.

Web application.dll
BMD Combmdcom.dll
BMD Webbmdweb.dll
BMD Mobilebmdweb.dll
BMD Online applicationbmdweb.dll
BMD Web serviceHere, you have to copy the file bmdntcsws.dll (instead of bmdwebcore2.dll).


Example (BMD Com):

1.5. Create BMD.INI on the web server

  1. Create a file called "BMD.INI" in the directory of the web application. 
  2. Depending on the constellation, there are different templates (please adjust the paths accordingly).
    PLEASE NOTE: If the paths contain spaces, enter them without ""!!
    The entries "ALIASCONFIG" and "ALIASNAMES" have to match the entries in the global BMD.INI which can be found in the general BMD NTCS program directory. Please also note that entry is case sensitive. Moreover, it must be possible for the web server to resolve the SQL server name (if DNS resolution is not possible, please specify it via the HOST file on the web server). This parameter defines the authentication type.
ConstellationContent of the BMD.INI
BMDSERVER = WEBSERVER

[BMD]
BIN=D:\PROGRAMME\BMDSoftware\BIN
NLS=D:\PROGRAMME\BMDSoftware\NLS
DATA=D:\PROGRAMME\BMDSoftware\DATEN
LOG=C:\Inetpub\”Web application”\LOG

[BMD\ALIASNAMES]
ALIAS0=BMDSERVER\BMD:BMD

[BMD\ALIASCONFIG]
BMDSERVER\BMD:BMD=EXTENDED or SQL

BMDSERVER ≠ WEBSERVER[BMD]
BIN=C:\BMDUpdateservice\BIN
NLS=C:\BMDUpdateservice\NLS
DATA=C:\BMDUpdateservice\DATEN
LOG=C:\Inetpub\”Web application”\LOG

[BMD\ALIASNAMES]
ALIAS0=BMDSERVER\BMD:BMD

[BMD\ALIASCONFIG]
BMDSERVER\BMD:BMD=EXTENDED or SQL

 

1.6. Depending on the web application, BMD.INI has to be extended.

Web applicationExtension in BMD.INI
BMD Com[BMD\BMDCOM2]
DBALIAS=BMDSERVER\BMD:BMD
FILESDIR=C:\Inetpub\bmdcom\FILES
BMD Web[BMD\BMDWEB2]
DBALIAS=BMDSERVER\BMD:BMD
FILESDIR=C:\Inetpub\bmdweb\FILES
BMD Moblie

Additional entry in C:\Inetpub\bmdweb\BMD.INI
[BMD\BMDMOBILE]
DBALIAS=BMDSERVER\BMD:BMD

BMD Online applicationNo additional entries are necessary here.
BMD Web service

No additional entries are necessary here.

 

1.7. Special constellations

  1. In the case of BMD Mobile, the functionality of BMD Web should be deactivated completely.
    Web applicationExtensions in BMD.INI
    BMD Mobile[BMD\BMDWEB2]
    HANDLEDREQUESTS=MOBILE
  2. In the case of BMD Online application, the functionality of BMD Web should be deactivated completely.
    Web applicationExtensions in BMD.INI
    BMD Online application[BMD\BMDWEB2]
    AUTOSTART_SUBTYPE_MCS=MCS_FRMONLBEWWEB_CREATE
  3. The default timeout of 30 minutes should be adjusted.
    Web applicationExtensions in BMD.INI
    BMD Com[BMD\BMDCOM2]
    TIMEOUT=10
    BMD Web[BMD\BMDWEB2]
    TIMEOUT=10

 

1.8. Setup in IIS

(only different when it comes to the names of individual web applications)

  1. Set up an application pool according to the web application.
    Web applicationName of the application pool
    BMD Combmdcom
    BMD Webbmdweb
    BMD Mobilebmdweb
    BMD Online applicationbmdweb
    BMD Web servicebmdntcsws

 

Example (BMD Com):

 

2. Edit the advanced settings of the application pool 

  • Enable 32-bit applications => TRUE
  • Identity => define the user, e.g. bmdcom-sa
  • Idle timeout (minutes) => 0
  • Ping enabled => TRUE
  • Rapid-Fail Protection enabled => FALSE

3. Add a new application (according to the web application) using the context menu of the Default Web Site:

Web applicationName of the application
BMD Combmdcom
BMD Webbmdweb
BMD Mobilebmdweb
BMD Online applicationbmdweb
BMD Web servicebmdntcsws
  • Specify the application pool.
  • "Connect as" => define the respective user, e.g. bmdcom-sa.

 

Example (BMD Com):

 

4. Adjust the following settings in the application that you have just created:
 Add default document => the respective .dll of the application

Web applicationName of .dll file
BMD Combmdcom.dll
BMD Webbmdweb.dll
BMD Mobilebmdweb.dll
BMD Online applicationbmdweb.dll
BMD Web servicebmdntcsws.dll

 

Example (BMD Com):

 

5. Enable the ISAPI-dll in the "Handler Mappings":

 

6. The .dll of the web application still needs to be added as an ISAPI in the ISAPI and CGI restrictions (at the level of the web server):

Web applicationISAPI or CGI path
BMD ComC:\Inetpub\bmdcom\bmdcom.dll
BMD WebC:\Inetpub\bmdweb\bmdweb.dll
BMD MobileC:\Inetpub\bmdweb\bmdweb.dll
BMD Online applicationC:\Inetpub\bmdweb\bmdweb.dll
BMD Web serviceC:\Inetpub\bmdntcsws\bmdntcsws.dll

 


Example (BMD Com):

 

7. Increase the application’s upload limit to 100 MB (100000000 bytes) in request filtering.

 

Example for BMD Com:

 

1.9. Set up automatic update services

Setting up an automatic update service depends on the constellation (adjust paths accordingly). You have to set up and start the update service. Once it is completed (entry in the log: update complete), you can test calling the website.

 

ConstellationContent of BMDService.INI
BMDSERVER = WEBSERVER 
  1. Edit the file \\“BMDSERVER“\BMDNTCS_PGM\bmdservice.INI and set the following entry:
    [BMDUPDATESERVICE]
    UpdateClient=2
  2. Restart the service “BMDNtcsSvc”
  3. Check the file \\“BMDSERVER“\BMDNTCS_PGMDATA\LOG\bmdntcssvc.log
 

BMDSERVER ≠ WEBSERVER

 
  1. Copy the files BMDNtcsSvc.exe – libeay32.dll – ssleay32.dll – msvcr71.dll from the directory \\“BMDSERVER“\BMDNTCS_PGM to a local directory on the web server (e.g. C:\BMDUpdateservice)
  2. Create a bmdservice.INI file in the same directory with the following specifications:
    [BMDUPDATESERVICE]
    UpdateClient=1
    Host=BMDSERVER
    Port=81
  3. Create a BMD.INI file in the same directory with the following specifications:
    [BMD]
    BIN=C:\BMDUpdateservice\BIN
    NLS=C:\BMDUpdateservice\NLS
    DATA=C:\BMDUpddateservice\DATEN
    LOG=C:\BMDUpdateservice\LOG
    [BMD\ALIASNAMES]
    ALIAS0=BMDSERVER\BMD:BMD
  4. Use a command, e.g. C:\BMDUpdateservice\BMDNtcsSvc.exe/install, to create the service on the web server and then start it.
  5. Check the file, e.g. C:\BMDUpdateservice\LOG\bmdntcssvc.log
 

 

 

2. Troubleshooting

  • The website displays a "Service unavailable" notification and the application pool is being stopped automatically each time:
    • Check whether the user bmdcom-sa is specified with the correct password on the website as well as in the application pool.
    • Check whether the permissions for the required directories are correct.
    • Check whether the user bmdcom-sa has the permission "Log on as batch processing order" (should be the case by default due to the membership in the group IIS_IUSRS).
  • The login mask appears, but without the background or text on the buttons:
    • Check the BIN, NLS and FILES directories in BMD.INI and their permissions for the bmdcom-sa user.
       
  • A database connection error occurs when logging in:
    • Check the ALIAS entry in BMD.INI
    • Name resolution not possible (especially in the case of a web server in a DMZ)
  • Uploading the Databox or sharing documents is not possible:
    • The service BMDNTCSSVC must be actively running and the document archive in BMD NTCS has to operate as "storage via service".
    • Name resolution not possible (especially in the case of a web server in a DMZ)
  • The browser displays a message stating "Possible DoS Attack..."
    • The BMD web applications are equipped with protection against denial-of-service attacks. If more than 20 accesses occur within 5 minutes from one IP address, further accesses are blocked by the web application. This value can be changed via a parameter in BMD.INI on the web server. This might be necessary if you are using a load balancer and it is therefore always the same IP which accesses the webserver.
    • To do so, set the following entries in section [BMD\BMDWEB2]:
      • DOS_TIME_RANGE=5 (time in minutes)
      • DOS_ALLOWEDSESSIONS=100 (number of accesses by one IP address)

 

3. Security recommendations

Please also refer to our BMD NTCS hardening guide:  BMD NTCS Hardening Guide

Dátum:

09.12.2020


Kategória:

Einrichten BMD Webanwendungen




BMD Business Solutions s.r.o.

Suché Mýto 1

SK-81103 Bratislava

+421 220 861 990

bratislava@bmd.com

Partner
Partner SKDP

Follow us

Folgen Sie uns auf LinkedIn
Folgen Sie uns auf YouTube