Windows deployment
Hideez Enterprise Server on Windows

Requirements

  • Internet Information Services (IIS)
  • MySQL Server (version 8.0+) or MS SQL Server 2012+
  • PowerShell to execute commands in the console

System Preparation

1. If the web server is not enabled then use the official guide to enable IIS.
2. Enable WebSockets on IIS according to this guide
If the IIS installation requires a restart, restart the system.
You can perform a simple test by opening a web browser and browsing http://<you_domain_name> You should see a default IIS page.
3. Download and install Windows Hosting Bundle
You can download the latest versions of this applications. They can be found at https://dotnet.microsoft.com/download/dotnet-core/5.0
[Note] You MUST have IIS installed before installing Windows Hosting Bundle
4. Database installation
The HES server can run on MySQL or MS SQL database engines. Both methods will be described below. You have to choose one of them
  • Option 1 My SQL
Download and install MySQL
Alternatively, You can also go to https://dev.mysql.com/downloads/installer and download the latest versions of this applications
You can read the documentation for installing MySQL at this address.
When installing MySQL to run our software, you can select the Server only option
During installation, you may need an additional Microsoft Visual C ++ 2019 Redistributable Package. Agree, and perform the installation
Also, during the installation process, you will be prompted to enter a strong password for the root user. Don't forget this password, we'll need it later
If the server configuration step was skipped during the installation, you can do so after installation by clicking Start / My SQL Installer Community and selecting the "Reconfigure" action
  • Option 2 MS SQL
Skip this step, if you have already selected a MySQL database
Download and install Microsoft SQL Server 2019 Express
you can select the Basic installation type during installation
Also for database management, we need SQL Server Management Studio (SSMS).
You can download it here
Also, as an alternative to Server Management Studio, you can use sqlcmd
The sqlcmd Utility lets you enter Transact-SQL statements, system procedures, and script files at the command prompt
Enable TCP/IP connections:
HES uses TCP/IP to connect to the SQL Server database, but SQL Server Express does not enable TCP support by default. To enable TCP/IP:
In SQL Server Configuration Manager, expland the SQL Server Network Configuration > Protocols for SQLEXPRESS node.
Right-click the TCP/IP item on the right, then select Properties.
On the General tab, change Enabled to Yes.
On the IP Addresses tab, under the IPAll node, clear the TCP Dynamic Ports box.
In TCP Port, enter the port to listen on 1433. This port to be used in the HES connection string.
Click OK.
Restart the Microsoft SQL Server Express service using either the standard service control panel or the SQL Express tools.

Getting Started (fresh install)

Step 1.

  • Option 1 My SQL
Creating MySQL User and Database for the Hideez Enterprise Server
Start the MySQL Command Line Client (Start/MySQL 8.0 Command Line Client), enter the MySQL root user password.
The following lines create a database db, the user user with the password <user_password>. Сhange <user_password> to a strong password, otherwise you may get a password validator error.
1
### CREATE DATABASE
2
mysql> CREATE DATABASE db;
3
4
### CREATE USER ACCOUNT
5
mysql> CREATE USER 'user'@'127.0.0.1' IDENTIFIED BY '<user_password>';
6
7
### GRANT PERMISSIONS ON DATABASE
8
mysql> GRANT ALL ON db.* TO 'user'@'127.0.0.1';
9
10
### RELOAD PRIVILEGES
11
mysql> FLUSH PRIVILEGES;
Copied!
  • Option 2 MS SQL
The procedure for creating users and databases is described in detail in the official documentation. Here we are just repeating those steps
Start SQL Server Management Studio and Connect to Server
Our HES requires authentication to be enabled on the instance of SQL Express. To do this:
In SQL Server Management Studio Express tool, right-click the instance of SQL Express to configure, then select Properties.
Select the Security section on the left.
Change the Server Authentication to SQL Server and Windows Authentication mode.
Restart the Microsoft SQL Server Express service using either the standard service control panel or the SQL Express tools.
Create a database user
In SQL Server Management Studio Express tool, right-click the Security > Logins node; then select New Login.
Enter the username: user
Change the Windows authentication to SQL Server аuthentication.
Enter the user's password.
Disable "Enforce password expiration" box
Click OK.
Create a database
In SQL Server Management Studio Express tool, right-click the Databases, then select New Database. Enter the database name: db
Click OK.
After creating, assign this user db_owner permissions on the database, so that it can create the required database tables.
For this in Server Management Studio Express tool, in Databases - db - Security - Users, right-click and select "New user..."
In the new user input window,
On Geberal page enter:
User name: user
Login name: user
On Membership page check db_owner role
Click OK.
An alternative way to create a database and user is to use the sqlcmd utility.
On the Start menu, select Run. In the Open box type sqlcmd, and then select OK
The following lines create a database db, the user user with the password <user_password>. Сhange <user_password> with your real password
1
> CREATE LOGIN [user] WITH PASSWORD = 'user_password';
2
> GO
3
> CREATE DATABASE db;
4
> GO
5
> USE db;
6
> GO
7
> CREATE USER [user] from login [user];
8
> GO
9
> GRANT CONTROL ON DATABASE::db TO [user];
10
> GO
Copied!

Step 2.

2.1 Download HES server
Option 1
You can download the zip file in the usual way for you from https://update.hideez.com/hes/windows_x64_latest.zip, then unzip its contents to a folder C:\Hideez\HES.
Option 2
Or you can do it with powershell:
1
> Invoke-WebRequest -Uri https://update.hideez.com/hes/windows_x64_latest.zip -OutFile ~\windows_x64_latest.zip
2
> Expand-Archive -LiteralPath ~\windows_x64_latest.zip -DestinationPath C:\Hideez\HES
Copied!
this download and extract the HES to C:\Hideez\HES directory
2.2. Configuring the HES
Go to C:\Hideez\HES directory
Copy appsettings.json to appsettings.Production.json.
You can do this in the usual way through Explorer, by making a copy of file and opening the file in Notepad, or by using powershell:
1
> cd C:\Hideez\HES
2
> copy appsettings.json appsettings.Production.json
Copied!
Edit the file C:\Hideez\HES\appsettings.Production.json:
1
> cd C:\Hideez\HES
2
> notepad appsettings.Production.json
Copied!
1
{
2
"ConnectionStrings": {
3
"DefaultConnection": "server=127.0.0.1;port=3306;database=db;uid=user;pwd=<user_password>"
4
},
5
6
"EmailSender": {
7
"Host": "<smtp_host>",
8
"Port": "<smtp_port>",
9
"EnableSSL": true,
10
"UserName": "<email_address>",
11
"Password": "<email_password>"
12
},
13
14
"ServerSettings": {
15
"ServerUrl": "https://<your_domain_name>",
16
"ServerFullName": "Hideez Enterprise Server",
17
"ServerShortName": "HES",
18
"CompanyName": "Hideez Group Inc.",
19
"ReverseProxyHandleSSL": true,
20
"UpdateUrl": "https://update.hideez.com/hes/build.json"
21
},
22
23
...
Copied!
Replace the following settings in this file with your own:
  • <user_password> - Password for the user on MySQL server
  • <smtp_host> - Host name of your SMTP server (example: smtp.example.com)
  • <smtp_port> - Port number of your SMTP server (example: 123)
  • <email_address> - Your email adress (example: [email protected])
  • <email_password> - Password to access the SMTP server (example: password)
  • <you_domain_name> - you fully qualified domain name (FQDN) of your HES site (example: hideez.example.com)
If you use MS SQL instead of MySQL, the connection string should look like this
1
"ConnectionStrings": {
2
"DefaultConnection": "Server=127.0.0.1,1433;Initial Catalog=db;User ID=user;Password=password",
3
"Provider": "MsSql"
4
},
Copied!
Replace the following settings in this file with your own:
  • password - Password for the user on MS SQL server

Step 3.

Configuring IIS
4.1 Create a Self-Signed Certificate for IIS
Note:
In production, you should take care of acquiring a certificate from a certificate authority. For a self-signed certificate, the browser will alert you that site has security issues.
Option 1 (creating a certificate using IIS)
you can click on the created certificate and see its properties
Option 2 (creating a certificate using powershell)
An alternative way to create a certificate is to use the cmdlet New-SelfSignedCertificate in PowerShell, which can be used to specify the required CN:
1
New-SelfSignedCertificate -DnsName <you_domain_name> -FriendlyName <friendly_name>
Copied!
for example:
1
New-SelfSignedCertificate -DnsName hideez.example.com -FriendlyName HES
Copied!
4.2 Add the Web Site
  • In the Connections pane, right-click the Sites node in the tree view, and then click Add Web Site.
  • In the Add Web Site dialog box, type a friendly name for your Web site in the Web site name box. "HES" would be a good choice
  • In the Physical path box, type the physical path of the Web site's folder (C:\Hideez\HES), or click the browse button (...) to browse the file system to find the folder.
  • If you want to select a different application pool than the one listed in the Application Pool box. In the Select Application Pool dialog box, select an application pool from the Application Pool list, and then click OK.
  • The default value in the IP address box is All Unassigned. If you must specify a static IP address for the Web site, type the IP address in the IP address box.
  • Optionally, type a host header name for the Web site in the Host Header box.
  • If you do not have to make any changes to the site, and you want the Web site to be immediately available, select the Start Web site immediately check box.
  • Click OK.
  • In the Bindings pane click "Add" and Add site Binding with type https for you hostname port 443 and with you certificate (In the SSL cerificate drop-down menu, select your certificate)
  • Under the server's node, select Application Pools.
  • Right-click the site's app pool and select Basic Settings from the contextual menu.
  • In the Edit Application Pool window, set the .NET CLR version to No Managed Code.
  • (optmal) In Sites node turn off "Default Web Site"
Setup is complete. The server should be accessible in a browser at the address (https://<you_domain_name>).
You must use your domain name to access the HES server (e.g. https://hideez.example.com).

Updating

1. Back up the HES binaries and the configuration file
  • Stop the site using the IIS console
  • rename old binary folder:
or in PowerShell:
1
> iisreset /stop
2
> cd C:\Hideez
3
> mv HES HES.old
Copied!
If you get an error that some files are busy, you may need to wait a while (up to 10 minutes)
3. Backuping MySQL Database
In MySQL option:
The following commands will create a copy of the database in file db.sql in directory C:\Hideez\HES.old:
1
> cd "C:\Program Files\MySQL\MySQL Server 8.0\bin"
2
> .\mysqldump -u root -p db > "C:\Hideez\HES.old\db.sql"
Copied!
you will need to enter the MySQL root password. Here "db" is the name of your real database
In MS SQL option:
In SQL Server Management Studio:
Right click on the database name Select Tasks > Backup Select "Full" as the backup type Select "Disk" as the destination Click on "Add..." to add a backup file and type C:\Hideez\HES.old\db.bak and click "OK" Click "OK" again to create the backup
or in powershell command promt:
1
> sqlcmd -S localhost -Q "BACKUP DATABASE [db] TO DISK = N'C:\Hideez\HES.old\db.bak' WITH NOFORMAT, NOINIT, NAME = 'db-full', SKIP, NOREWIND, NOUNLOAD, STATS = 10"
Copied!
4. Download and install the latest HES
Download the zip file in the usual way for you from https://update.hideez.com/hes/windows_x64_latest.zip, then unzip its contents to a folder C:\Hideez\HES
or in PowerShell:
1
> Invoke-WebRequest -Uri https://update.hideez.com/hes/windows_x64_latest.zip -OutFile ~\windows_x64_latest.zip
2
> Expand-Archive -LiteralPath ~\windows_x64_latest.zip -DestinationPath C:\Hideez\HES
Copied!
5. Restoring the configuration file
copy C:\Hideez\HES.old\appsettings.Production.json to C:\Hideez\HES\appsettings.Production.json in Explorer
or in PowerShell:
1
> cd C:\Hideez
2
> cp HES.old\appsettings.Production.json HES\appsettings.Production.json
3
Copied!
6. Starting the HES
Start the site using the IIS console
or in PowerShell:
1
> iisreset /start
2
Copied!
If something goes wrong, you can restore the HES server using the following commands:
Stop the site using the IIS console, then rename old foler to HES, then restore database:
  • MySQL option
1
> cd "C:\Program Files\MySQL\MySQL Server 8.0\bin"
2
> Get-Content "C:\Hideez\HES.old\db.sql" | .\mysql.exe -u root -p db
Copied!
you will need to enter the MySQL root password. Here "db" is the name of your real database
  • MS SQL option
In SQL Server Management Studio:
In the left navigation bar, right-click on Databases and then click Restore Database.
In the Source section, select Device and click the button with three dots and type C:\Hideez\HES.old\db.bak
In the pop up window that opens, click Add and browse for your backup file. Click OK.
In the left navigation menu, click Options.
In the pane on the right select Overwrite the existing database (WITH REPLACE) and Close existing connections to destination database.
Click OK.
or in powerhell:
1
> sqlcmd -S localhost -Q "RESTORE DATABASE [db] FROM DISK = N'C:\Hideez\HES.old\db.bak' WITH FILE = 1, NOUNLOAD, REPLACE, STATS = 5"
Copied!
And start the site using the IIS console
After checking that the update was successful and everything works fine, you can delete copies of the database and server:
delete folder C:\Hideez\HES.old in PowerShell
1
> cd C:\Hideez
2
> rm HES.old>
Copied!

Possible problems and solutions

Problem: When activating the data protection, HES requires the data protection password to be entered after each startup
Solution:
The HES server stores the data protection password in RAM until it restarts. After that, HES will ask for the password again each time. To save the data protection password between HES reboots, it is possible to save this password in the file appsettings.Production.json:
1
...
2
"DataProtection": {
3
"Password": "<your_data_protection_password>"
4
},
5
...
Copied!
After editing appsettings.Production.json, you need to restart HES.
To change the data protection password login to HES and go to "Settings" - "Data Protection" - "Change Password". After this, you need to update the password in the appsettings.Production.json also.
Problem: When activating data protection, the administrator's e-mail often receives messages, such as: "Your Hideez Enterprise Server has been restarted. Please activate the data protection on the server by clicking this button:"
Solution: Typically, this problem is due to the fact that IIS stops your HES server if the application doesn't receive any request in the specified time period (default for 20 minutes)
Step 1 Cancel Idle Time-out:
  • Go into the IIS Manager
  • Click on Application Pools (on the left)
  • Right click on your application pool
  • Select Advanced Settings
  • Change the value of Idle Time-out (minutes) from 20 to 0
  • Click "OK"
Step 2 Cancel IIS Recycling :
  • Go into the IIS Manager
  • Click on Application Pools (on the left)
  • Right click on your application pool
  • Select Recycling...
  • Uncheck "Regular time intervals (in minutes)"
  • Click "Next"
  • Click "Finish"
Step 3 Restart the IIS