Preliminaries

This article will guide you through the process of installing and configuring the TTC Security Server product onto a "new" Windows 2000 or 2003 server.
Part of this process will direct you to a companion article to prepare the hardware device that you will be using for the Security Server. Even if you already have a server with the desired operating system installed, please review the companion article to verify that all of the required components and configurations are installed. Once this server is ready, you will need to return to this document to install the TTC v6.0x Security Agent software and complete the TTC Security Server's integration into your network. We are going to assume that you have a good understanding of Windows 2000 or Windows Server 2003 and have most likely installed either or both operating systems several times before. Even without a lot of previous experience, these complimentary sets of instructions should help you complete the process successfully.

It is important to remember that the TTC Security Server is intended to be a dedicated domain server or stand alone server and should NOT be setup to concurrently operate as a Domain Controller, DNS Server, DHCP Server, Sharepoint Server or any other network management or enterprise utility server. The management processes of the TTC - Security Server software may conflict with other network server processes, and performance will be severely degraded.

We suggest that you study the various methods for placing a TTC server in your network, which are presented in the following Knowledge Base articles: Q10005 -- Transparent Bridging Mode (the most common and recommended implementation) Q10084 -- Passive Monitoring Mode Q10085 -- Firewall/Routing Mode

Please read this article and the associated reference articles in their entirety prior to beginning the actual work. Should you have any questions, please contact us at support@lightspeedsystems.com or 661.326.8324 first. Also, should you encounter any undocumented warnings, errors, etc. please contact Lightspeed support immediately!

The v6.x Security Agent Configuration and Deployment Guide - [*Q10213*] should be referenced when you are ready to proceed with Security Agent client installation and operations.

Use of the TTC User Agent If you are using the TTC User Agent to provide simple user and machine identification for Windows XP, 2000, 2003 Server and Vista workstations, you MUST be sure to download and install the most recent version [(v1.1.5)] of the agent on those workstations. Failure to do so may result in inconsistent reporting through the TTC Identification Service.

Prerequisites

Please reference Hardware and Software Requirements - Q10006 for detailed requirements of all Lightspeed Products.

Follow article [KB:Windows Server 2003 Preparation - Q10335] or [KB:Windows Server 2000 Preparation - Q10336]

Download the latest software at [KB:Software Downloads - Q10019].

Preparation

• Connect a monitor, keyboard, and mouse to the computer.
• If this installation is being performed immediately following the server's operating system preparation (noted above) the TTC Management NIC should be already connected to the internal network, with access to the Internet. This physical connection, using a "straight through" network cable, is required to access the Internet in order to download Microsoft Service Packs, critical Windows updates as well as to complete the TTC Security Server software installation and setup. Make sure this connection is in place.
• If the server is not currently running, power it on and login as the "local Administrator" before starting the TTC - Security Server software installation.

During ANY installation processes you must logon to this machine (the TTC Security Server you are building) using the machine's "Local Administrator" ID and password. Doing so will assure that proper authorities are applied to all of the system critical software components, including the operating system, support services, SQL services and Total Traffic Control services.

TTC Security Server Software Setup

Total Traffic Control Passwords For Total Traffic Control Passwords Please see [KB:Software Downloads - Q10019]

You must Reboot after installing SQL, before installing TTC or you will have issues during the install

The installation of the software encompasses 4 distinct steps:

1. The Prerequisite Check to determine the status of the server's hardware, operating system and support services. This check will advise you of any discrepancies which should be managed before continuing with the installation.
2. The Software Installation process which is actually the Windows Installer service that utilizes the supplied .MSI file to copy the software components onto the server and starts the supporting services.
3. The Security Server Initialization process which queries you for enterprise specific information and operational parameters.
   Each step will keep you updated on the status of the installation steps being performed. If you choose to cancel the installation at any time, you must restart the installation from Step 1, as outlined below.
4. The Software Updates process runs at the end to make sure that all of the most current software files are in place before you begin operations.

Step 1 - Start and Prerequisite Checking

Obtain the latest software package and extraction passwords from [KB:Software Downloads - Q10019]

Run the self-extracting installation program (SecurityServer.exe). This will uncompress the setup programs and then launch setup.exe. This program verifies that the latest version of the Windows Installer is present as well as .Net Framework 2.0. If the Installer program is missing, the setup will not continue. If the .Net Framework 2.0 component is missing, the setup program will prompt you to install it and continue. When the setup program successfully verifies the two components, you will be able to click on the <CONTINUE> button to launch the PreReqCheck.exe program.

The Prerequisite Checking dialog will display the various checks being performed and the status of each. Upon completion, a status icon will be displayed for each item - a "Green Check" icon indicates that the item check was successful; a "Yellow Asterisk" icon indicates that the item check was incomplete and can be corrected or managed later during the installation; a "Red Stop-sign" icon stops the installation and indicates a condition that MUST be corrected before the installation can be completed.

One component of the Prerequisite Checking is the downloading of the latest Windows Installer database file from Lightspeed (LightspeedSecurityServer.msi). This file is a standard Windows Installer database that includes the latest TTC Security Server software. This process may take a few minutes or more to complete, depending on the speed of the Internet connection to the Lightspeed Network Support Center, and is typically the last Prerequisite Checking item to finish.

When the prerequisite checks are complete, and no error conditions have been encountered, click on the <CONTINUE> button to launch the next installation step.

If any errors were encountered, the Prerequisite Check Report dialog will display the errors that can be corrected later (Yellow) and the errors that must be completed immediately (Red). Review the messages in this dialog along with the informational links displayed, then cancel the installation process, correct the errors, as instructed, and restart the installation with Step 1, above. Some common errors and solutions can be reviewed in KB Q10637

Step 2 - Software Installation

This step requires minimal input from you as the Windows Installer copies the TTC Security Server software onto the server and starts the necessary supporting services. You must respond to the software licensing dialog for the process to continue. Installer status messages will be displayed until the process is finished and the <FINISH> button is enabled. Click on this button to continue to the next installation step.

Step 3 - Security Server Initialization

This step sets up the operating environment for the Security Server. It will require your response through a few dialogs to specify operating parameters and contact information while other background tasks are executing. The interactive dialogs will request the following information:

• Content Database Sharing - This dialog requests you to specify if local changes to the content database will be shared with Lightspeed Systems for updating the master database and subsequently for updating other Security Server installations. We recommend you select Yes to share your local database changes.
• Monitoring Contact Information - This is required information which you must supply. Specify the person who will be primarily responsible for your Security Server maintenance and updates and will be your primary liaison with the Lightspeed Customer Support department. The process will prompt for complete and correctly formatted information. Use the Help button on the dialog to get an understanding of what this data is used for.
• Scheduled Reports Address List - Scheduled reports are a subset of the TTC Traffic reports which provide information on the previous day's network traffic statistics and user's network activities. These reports can be automatically dispatched to specified users on a daily basis. This dialog allows you to specify, by users' email addresses, who should receive these reports. Recipients are specified by entering their full email address, i.e. TJameson@ourdomain.com. Multiple recipients should be entered with separating semicolons, i.e. TJameson@ourdomain.com;JZumalt@ourotherdomain.org.

One long-running process during this Initialization step is the formatting and loading of the Content Database. At this point, the SQL server is loaded with the latest Master Content Database information. This process can require up to 45 minutes to complete, so please be patient.
When the Management Console Initialization is completed, the Manager will present a "Finish" dialog, advising you of a successful installation. Click on the <FINISH> button to complete the software installation and return to the Management Console.

Step 4 - Applying the Latest Software Updates

Lastly, you should obtain and apply the latest updates to the TTC software. To do this, close the TTC Management Console if it is open. Then open a command prompt window and change to the TTC home directory (C:\Program Files\Lightspeed Systems\Traffic) and run:

ttcupdate -n

This routine will open an Internet connection to the Lightspeed Systems download server and retrieve the latest software updates for your installation.  Be patient, depending on your internet connection and the number and size of the updates, this may take a number of minutes or longer.

If you see the program stop with a message about 'Sleeping for XX minutes before starting ...', type Ctrl+C to stop the program and IMMEDIATELY run it again with the same --n parameter. This time it will begin to apply the updates.

When the update process has finished you should close the command prompt and return to the Management Console.  Do NOT attempt to open the Management Console until the process has completely finished!

Placing the TTC Security Server into Operation

Now that the Security Server has been properly loaded and initialized, it's time to generate a traffic management configuration and insert the TTC Security Server into your network to begin traffic management operations.

When you click on the "Finish" button at the end of Step 3, the TTC Security Server will return to the management console. If the initialization was unable to create a default configuration (a condition that can occur if the server's NICs are not named in a fashion that can be recognized by the initialization process) you must create a configuration. Select the option to create a new configuration, which will launch the Configuration Wizard. It is recommended that you follow the instructions to work with the default configuration. The Default configuration will provide Content Filtering services, Spam Mail Blocking services and Traffic Classification and Reporting services. This basic configuration - which provides immediate connectivity and security between your external and internal networks - can be modified, as necessary, after you've had a chance to observe your network traffic patterns and establish traffic management policies.

Once the configuration is complete you will need to physically add the TTC Security Server to your network.

Placing the TTC server into operation will require a temporary disruption of the flow of traffic between your internal network and the outside world (Internet). This will happen as you disconnect existing cable connections between the external network (your firewall / border device) and your internal network and insert the TTC Security Server. Please plan for this accordingly.

To complete this process do the following:

• The Management NIC cable was put into place during the Preparation phase of these instructions and was used for connecting the TTC Security Server to the Internet during the software installation. Verify that this cable is still properly connected between your internal network (switch) and the Management NIC.
• Connect a crossover Ethernet cable between the TTC server's External NIC port and the internal connector port of your border device (firewall, router, etc).
• Connect a straight-thru Ethernet cable between the TTC server's Internal NIC port and your internal network (switch).

Network traffic should now be flowing from your internal network, through the TTC server, to the Internet.

This network traffic can now be monitored through the Total Traffic Reports which are accessible from Reports option on the Management Console toolbar. The first time you access the traffic reports from the TTC Security Server or any other workstation, you will be prompted to install/setup the Macromedia Flash Player for the Internet browser software that you are using. This process is a very quick download from the Macromedia download center and you should accept and install the package when you are prompted. You will only need to do this once. Since the Flash Player is specific to the Internet browser software you are using, if you modify your browser choice, you may need to accept and install a subsequent download. After the download/install of the Flash Player is complete, refresh your reports display for full and correct report formatting.

You have now completed the installation of your TTC - Security Server.

Related Articles:

[KB:Software Downloads - Q10019] [KB:Software Downloads - Q10019] [KB:TTC NIC Duplexing Requirements - Q10061] [KB:Properly Configuring the NICs for a TTC Server - Q10108] [KB:Naming Conventions for the NICs on a TTC Server - Q10307] [KB:SQL 2005 Installation with TTC Security Server - Q10869] TTC Installation Failures during Prerequisite Checking - Q10637