Installation and Configuration

Installing and configuring the Sassafras KeyServer Platform can be quick and easy with just a few important considerations.

Overview

This document walks through the basic install and deployment process and calls out to other documents along the way as needed. See also the Deployment Outline for an even more high level overview, and use the Full Walkthrough for a much more detailed guide and introduction to the platform features.

You will want to review the Requirements and Firewalls pages when planning your server installation. A general example in planning may be a 2,000 seat server could run on a Windows Server VM with 6gb RAM, 4 CPU, and fast disk I/O. This can vary of course if the Sassafras Server is not the only thing on this system. The software is not memory intensive, but running reports can be CPU and disk intensive. Generally virtual servers have robust infrastructure for the disk speed. CPUs will not be used all the time, but when reports are run you want to ensure they are responsive and the web services are not impacted.

There are no other required technologies for the Sassafras Software Suite. No SQL server, no IIS, we have everything we need built in to the server, all built in house. You can also install on any machine you like (even a personal laptop) to have a 7 seat demo/test server at any time.

Downloads

Next, you will Download the software from our website. Note you can pull down the full image that contains all components for all platforms for convenience, or you can pull down the specific component installer for the specific platforms you need for speed. The full image contains additional optional installs, add ins, and so forth, but the main three components of concern are:

Server - Headless service but does include the Web UI service. Can be run on any platform.

Admin - Application to manage the Server locally or remotely. Windows and Mac only.

Client - What you use on the workstations, virtual machines, etc. of any platform

Installation

While you can use any platform to host the server, Windows is the most common and easy to set up due to having a UI and typically being bound to Active Directory. We will use this as the example during this document, but these concepts can be applied on Mac or Linux of your choice as well (check the Requirements for specific notes). Assume all steps are as an administrative level user on the server.

1. Run the ksp-server-x64.exe file you downloaded or pulled from the full image archive. This is a simple installer that contains all necessary server files, creates the server Service, firewall rules, etc. You will click Next through 5 screens and then Install. In most cases the defaults are fine with the following notes:
   • You can change the Install Location if you need.
   • You can use a domain service account to run the service under, but this is not recommended. It is much easier for AD integration and Certificate management if you use the system account default.
2. Once the install finishes, a browser session to localhost:19287 should automatically open to start the setup wizard. The steps of the web setup attempt to be very clear about the options.
   • See Computer ID Types for more information on that choice, and consult with Sassafras Software Support on any questions.
   • Any of these options can be changed later (though Computer ID Types can pose considerations) in the Settings.
3. At the end of the Setup click one of the links to open the now fully activated Web UI. You can manage most options in the Settings, and other niche items in the KeyConfigure admin application (see below).
   • If you are using the LabSight product, a reminder will pop up on first login and occasionally as you work. This is a checklist of items you will want to complete to get data into the system: add a client, add a division, put client in division, create a map, and track usage. All but the first item will take you to the relevant part of the web UI to perform that action.
   • A common first consideration will be setting up Accounts so that you can use AD authentication. Note that you can commonly just enable Active Directory authentication with no further settings when the Server is on Windows that is bound to AD and running under the system account.
   • If you did not set up to use AD for client mapping, you will likely want to create Divisions under Computers so you can organize your clients and work with them further in Maps and Reporting.
   • Under Software you will be able to Manage usage tracking easily once clients have been deployed.
4. Put the full License (server.lic) you may have received from Sassafras Software Sales in the appropriate location and restart the KeyServer Service (Windows Services, ks-StartStop script on Mac, etc).
   Win (64bit): C:\Program Files\Sassafras K2\Server\KeyServer Data Folder
   Mac: /Library/KeyServer/KeyServer Data Folder
   Linux: /usr/local/k2/KeyServer Data Folder
   You can verify this is in place in the Information section of the Settings of the Web UI.

Note in regards to the server license, there are three main categories it will operate in:

Fully Licensed - This can be in Subscription or Perpetual with Maintenance model.

Evaluation - This can be the default 7 seats or a larger number from Sassafras Software for testing purposes, which will expire after 1-2 months generally.

Expired - The server will stop working if this is Evaluation or Subscription based, and will work without PRS access if Perpetual.

Note that for a host OS with no UI (commonly linux servers) you will of course not be able to use the web setup wizard. Instead you will need to install KeyConfigure (see below) and set up the server manually from a remote system. This will of course require firewall rule considerations both on the OS as well as the network. In such a case the default Administrator password is Sassafras. Once in KeyConfigure you can set up the Web Service under the Config menu.

Client Deployment

The server won't have much to do until there are connected clients that submit audits. After that you can create Policies that gather usage data and start reporting on all of this, as well as enjoying the rich collection of Dashboard Widgets. The KeyAccess client can be installed on any platform (Win, Mac, linux) on physical or virtual systems. There is support for tracking multi user sessions in traditional thin client (Terminal Services) as well as newer systems like Windows Virtual Desktops. It is successfully deployed in VMware Horizon, Citrix, AppV, AppStream, and other settings. If you have specific questions please contact Sassafras Software Support.

Remember that licensing of the Sassafras KeyServer Platform is based on active client records. Over time you will want to manage the lifecycle of your Computers to ensure you are not wasting license seats on retired hardware. There are also methods to manage large virtual deployments to optimize license use concurrently.

At the simplest, you can run any client installer on any workstation you want to report to the server. The client talks on UDP 19283 which must be open in any firewalls. It will start a session when a user logs in, but you can cause immediate audits on mass deployment. It is generally best to use a DNS name for the server address as this can be moved later if needed.

KeyConfigure

The full Admin tool is used less under 8.0 than ever before due to many management features being added into the Web UI. However there are still times it is needed for deeper configuration, especially for AllSight customers. It is recommended you install this on the server to have a local fallback when needed (helps rule out network issues), but is most commonly installed on an admin workstation for remote management. Note this requires TCP 19283 from workstation to server.

1. Run the ksp-admin-x64.exe installer to get started. You can just click through the defaults unless you want to put it in a custom location.
2. Open KeyConfigure and connect to localhost (if running on the server) or the IP/hostname of the server. If you could not configure the server in the web setup wizard, the default password will be Sassafras. Otherwise the Administrator password is whatever you set during configuration.
3. If you did not set up client mapping, you may want to do that, or proceed with manually creating Divisions to organize your Computers.
4. If you want Guest users to see Remote links in Floorplans, add the Remote Connection Role to the KeyReporter Guest account. Otherwise, you may want to turn on Admin Authentication where all Unknown logins get the Community experience which by default is essentially Guest with Remote rights.
5. If you need more complex authentication roles see Admin Access and ACLs.
6. If you need more complex management of software see Policies.
7. If you have AllSight you will likely want to look at Purchases

For a more detailed look at implementation, see our Full Walkthrough which covers the above with deeper discussion, and then proceeds through detailed training on the various capabilities.