Requirements

• Internet Information Services (IIS)

• MySQL Server (version 8.0+)

• PowerShell to execute commands in the console

System Preparation

1. If the web server is not enabled then use the official guide to enable IIS.

2. Enable WebSockets on IIS according to this guide

If the IIS installation requires a restart, restart the system.

You can perform a simple test by opening a web browser and browsing http://<you_domain_name> You should see a default IIS page.

3. Download and install Windows Hosting Bundle

• Windows Hosting Bundle, which includes the .NET Core Runtime and IIS support

You can download the latest versions of this applications. They can be found at https://dotnet.microsoft.com/download/dotnet-core/5.0

[Note] You MUST have IIS installed before installing Windows Hosting Bundle

4. Download and install

• MySQL

Alternatively, You can also go to https://dev.mysql.com/downloads/installer and download the latest versions of this applications

You can read the documentation for installing MySQL at this address.

When installing MySQL to run our software, you can select the Server only option

During installation, you may need an additional Microsoft Visual C ++ 2019 Redistributable Package. Agree, and perform the installation

Also, during the installation process, you will be prompted to enter a strong password for the root user. Don't forget this password, we'll need it later

If the server configuration step was skipped during the installation, you can do so after installation by clicking Start / My SQL Installer Community and selecting the "Reconfigure" action

Getting Started (fresh install)

Step 1.

Creating MySQL User and Database for the Hideez Enterprise Server

Start the MySQL Command Line Client (Start/MySQL 8.0 Command Line Client), enter the MySQL root user password.

The following lines create a database db, the user user with the password <user_password>. Сhange <user_password> to a strong password, otherwise you may get a password validator error.

  ### CREATE DATABASE
  mysql> CREATE DATABASE db;

  ### CREATE USER ACCOUNT
  mysql> CREATE USER 'user'@'127.0.0.1' IDENTIFIED BY '<user_password>';

  ### GRANT PERMISSIONS ON DATABASE
  mysql> GRANT ALL ON db.* TO 'user'@'127.0.0.1';

  ###  RELOAD PRIVILEGES
  mysql> FLUSH PRIVILEGES;

Step 2.

2.1 Download HES server

Option 1

You can download the zip file in the usual way for you from https://update.hideez.com/hes/windows_x64_latest.zip, then unzip its contents to a folder C:\Hideez\HES.

Option 2

Or you can do it with powershell:

> Invoke-WebRequest -Uri  https://update.hideez.com/hes/windows_x64_latest.zip  -OutFile  ~\windows_x64_latest.zip
> Expand-Archive -LiteralPath ~\windows_x64_latest.zip -DestinationPath C:\Hideez\HES

this download and extract the HES to C:\Hideez\HES directory

2.2. Configuring the HES

Copy appsettings.json to appsettings.Production.json.

You can do this in the usual way through Explorer, by making a copy of file and opening the file in Notepad, or by using powershell:

  > cd C:\Hideez\HES
  > copy appsettings.json appsettings.Production.json

Edit the file C:\Hideez\HES\appsettings.Production.json:

  > cd C:\Hideez\HES
  > notepad appsettings.Production.json

  {
   "ConnectionStrings": {
    "DefaultConnection": "server=127.0.0.1;port=3306;database=db;uid=user;pwd=<user_password>"
  },

  "EmailSender": {
    "Host": "<smtp_host>",
    "Port": "<smtp_port>",
    "EnableSSL": true,
    "UserName": "<email_address>",
    "Password": "<email_password>"
  },

  "Fido2": {
    "ServerDomain":"<your_domain_name>",
    "ServerName": "HES",
    "Origin": "https://<your_domain_name>",
    "TimestampDriftTolerance": 300000,
    "MDSAccessKey": null
  },

  "ServerSettings": {
    "Name": "HES",
    "Url": "https://<your_domain_name>"
  },
  
 ...

Replace the following settings in this file with your own:

• <user_password> - Password for the user on MySQL server

• <smtp_host> - Host name of your SMTP server (example: smtp.example.com)

• <smtp_port> - Port number of your SMTP server (example: 123)

• <email_address> - Your email adress (example: user@example.com)

• <email_password> - Password to access the SMTP server (example: password)

• <you_domain_name> - you fully qualified domain name (FQDN) of your HES site (example: hideez.example.com)

Step 3.

Configuring IIS

4.1 Create a Self-Signed Certificate for IIS

Note:

In production, you should take care of acquiring a certificate from a certificate authority. For a self-signed certificate, the browser will alert you that site has security issues.

Option 1 (creating a certificate using IIS)

• Start IIS Manager. For information about starting IIS Manager, see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770472(v=ws.10)?redirectedfrom=MSDN

• Click on the name of the server in the Connections column on the left. Double-click on Server Certificates.

• In the Actions column on the right, click on Create Self-Signed Certificate...

• Enter any friendly name (for example HES) and then click OK.

• You will now have an IIS Self Signed Certificate valid for 1 year listed under Server Certificates.

you can click on the created certificate and see its properties

Option 2 (creating a certificate using powershell)

An alternative way to create a certificate is to use the cmdlet New-SelfSignedCertificate in PowerShell, which can be used to specify the required CN:

New-SelfSignedCertificate -DnsName <you_domain_name>  -FriendlyName <friendly_name>

for example:

New-SelfSignedCertificate -DnsName hideez.example.com -FriendlyName HES

4.2 Add the Web Site

• Start IIS Manager. For information about starting IIS Manager, see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770472(v=ws.10)?redirectedfrom=MSDN

• In the Connections pane, right-click the Sites node in the tree view, and then click Add Web Site.

• In the Add Web Site dialog box, type a friendly name for your Web site in the Web site name box. "HES" would be a good choice

• In the Physical path box, type the physical path of the Web site's folder (C:\Hideez\HES), or click the browse button (...) to browse the file system to find the folder.

• If you want to select a different application pool than the one listed in the Application Pool box. In the Select Application Pool dialog box, select an application pool from the Application Pool list, and then click OK.

• The default value in the IP address box is All Unassigned. If you must specify a static IP address for the Web site, type the IP address in the IP address box.

• Optionally, type a host header name for the Web site in the Host Header box.

• If you do not have to make any changes to the site, and you want the Web site to be immediately available, select the Start Web site immediately check box.

• Click OK.

• In the Bindings pane click "Add" and Add site Binding with type https for you hostname port 443 and with you certificate (In the SSL cerificate drop-down menu, select your certificate)

• Under the server's node, select Application Pools.

• Right-click the site's app pool and select Basic Settings from the contextual menu.

• In the Edit Application Pool window, set the .NET CLR version to No Managed Code.

• (optmal) In Sites node turn off "Default Web Site"

Setup is complete. The server should be accessible in a browser at the address (https://<you_domain_name>).

You must use your domain name to access the HES server (e.g. https://hideez.example.com).

Updating

1. Back up the HES binaries and the configuration file

• Stop the site using the IIS console

• rename old binary folder:

or in PowerShell:

  > iisreset /stop
  > cd C:\Hideez 
  > mv HES HES.old

If you get an error that some files are busy, you may need to wait a while (up to 10 minutes)

3. Backuping MySQL Database

The following commands will create a copy of the database in file db.sql in directory C:\Hideez\HES.old:

 > cd C:\Program Files\MySQL\MySQL Server 8.0\bin
 > mysqldump -u root -p<MySQL_root_password>  db > C:\Hideez\HES.old\db.sql 

change <MySQL_root_password> with your real password

4. Download and install the latest HES

Download the zip file in the usual way for you from https://update.hideez.com/hes/windows_x64_latest.zip, then unzip its contents to a folder C:\Hideez\HES

or in PowerShell:

> Invoke-WebRequest -Uri  https://update.hideez.com/hes/windows_x64_latest.zip  -OutFile  ~\windows_x64_latest.zip
> Expand-Archive -LiteralPath ~\windows_x64_latest.zip -DestinationPath C:\Hideez\HES

5. Restoring the configuration file

copy C:\Hideez\HES.old\appsettings.Production.json to C:\Hideez\HES\appsettings.Production.json in Explorer

or in PowerShell:

  > cd C:\Hideez
  > cp HES.old\appsettings.Production.json HES\appsettings.Production.json
 

6. Starting the HES

Start the site using the IIS console

or in PowerShell:

  > iisreset /start
 

If something goes wrong, you can restore the HES server using the following commands:

Stop the site using the IIS console, then rename old foler to HES, then restore database:

> cd C:\Program Files\MySQL\MySQL Server 8.0\bin
> mysql -u root -p<MySQL_root_password> db < C:\Hideez\bkp\db.sql

change <MySQL_root_password> with your real password

And start the site using the IIS console

After checking that the update was successful and everything works fine, you can delete copies of the database and server:

delete folder C:\Hideez\HES.old in PowerShell

> cd C:\Hideez
> rm  HES.old> 

Possible problems and solutions

Problem: When activating the data protection, HES requires the data protection password to be entered after each startup

Solution:

The HES server stores the data protection password in RAM until it restarts. After that, HES will ask for the password again each time. To save the data protection password between HES reboots, it is possible to save this password in the file appsettings.Production.json:

 ...
  "DataProtection": {
    "Password": "<your_data_protection_password>"
  }, 
 ...

After editing appsettings.Production.json, you need to restart HES.

To change the data protection password login to HES and go to "Settings" - "Data Protection" - "Change Password". After this, you need to update the password in the appsettings.Production.json also.

Problem: When activating data protection, the administrator's e-mail often receives messages, such as: "Your Hideez Enterprise Server has been restarted. Please activate the data protection on the server by clicking this button:"

Solution: Typically, this problem is due to the fact that IIS stops your HES server if the application doesn't receive any request in the specified time period (default for 20 minutes)

Step 1 Cancel Idle Time-out:

• Go into the IIS Manager

• Click on Application Pools (on the left)

• Right click on your application pool

• Select Advanced Settings

• Change the value of Idle Time-out (minutes) from 20 to 0

• Click "OK"

Step 2 Cancel IIS Recycling :

• Go into the IIS Manager

• Click on Application Pools (on the left)

• Right click on your application pool

• Select Recycling...

• Uncheck "Regular time intervals (in minutes)"

• Click "Next"

• Click "Finish"

Step 3 Restart the IIS