Server Build – SFAC-AD-01.SFAC.AUCKLAND.AC.NZ Server build document LIC-01 Science Faculty License Server Server Build – SFAC-AD-01.SFAC.AUCKLAND.AC.NZ Document History Author Group Version Richard Lau SIT Windows 0.1 Date Comments 23/06/2010 Initial document. Server Build – SFAC-AD-01.SFAC.AUCKLAND.AC.NZ Table of Contents Server build document .............................................................................................. i LIC-01 .......................................................................................................................... i Science Faculty License Server ................................................................................ i 1 Introduction .......................................................................................................... 1 2 System Hardware Specifications ....................................................................... 2 3 System Software Specifications......................................................................... 4 4 Sign-off Sheet .................................................................................................... 12 1 Introduction 1.1 Purpose of this Document This document outlines the steps taken to build a server. The document should be kept with any other relevant support documentation for this server. 1.2 Scope of this Document The scope of this document is restricted to the server LIC-01.FOS.AUCKLAND.AC.NZ. 1.3 High Level Build Tasks Create VM / Configure VM Install Operating System Configure Operating System Install VMware Tools Network Firewall Domain WSUS Install Antivirus Patch Operating System Install required services Patch Operating System SIT Windows 1 of 9 2 System Hardware Specifications 2.1 Hardware Science IT in The University of Auckland uses VMware ESXi4 for physical server hardware virtualisation. Unless there is a stated need for a physical platform servers are virtualised. Anywhere USB/5 device is used along with the VMware virtual machine for the virtual machine to communicate with the connected USB devices over IP address. 2.1.1 VMware VMware ESXi is not a new concept to the University. The University VMware host servers are reliable, scalable and fault tolerant. 2.1.2 VMware Guest Configuration VMware virtual machines can be allocated specific amounts of resource from the host server – in fact, the sizing of these virtual machines can literally be changed at anytime (requires a reboot). lic-01 – OGG Data centre – Production Resource Pool 1x Virtual CPUs / 4GB RAM 1x Floppy Disk drive 1x CD/DVD drive 1x Network adapter (35 Subnet) 1x LSI Logic SAS HD Controller utilising SAN connected storage 2x Hard Disk drives (VMDK file) Disk Drive Size Format C: (SYSTEM) – Operating System volume 25GB NTFS 2.1.3 Digi Anywhere USB/5 AnywhereUSB hubs allow one physical or virtual machines to communicate with connected USB device over IP. AnywhereUSB/5 has 1 RJ-45 Ethernet port and 5 USB ports. An IP address needs be configured on the device or install the device in the subnet with DHCP available in order configure the device. SIT Windows 2 of 9 SIT Windows 3 of 9 3 System Software Specifications 3.1 Operating System The server has been built with a Windows Server 2008 R2 x64, Standard Edition. 3.1.1 Configuration The following manual configuration changes have been made to the file system, registry, system files or access control lists. Assign a static IP address Join to SFAC domain Windows Updates configured via Group Policy NRPE installed and FOS nagios monitors disk storage and windows updates Remote desktop enabled for SFAC\Domain Admins 3.1.2 Windows Updates The Windows automatic updates service has been configured to use the UoA WSUS Server via Group Policy to “Download updates but let me choose whether to install them”. All available Windows Updates from the WSUS server have been applied as at 2010-06-23. 3.1.3 Local Services N/A 3.1.4 System Software The following system level applications have been installed. Digi AnywhereUSB 5 v2.9 o Download and install the driver for the device o Add the IP address of the device in Connection List Manager under the Edit menu in AnywhereUSB Concentrator Configuration Utility o Select the device found and click on Connect Aladdin Sentinel HASP o SIT Windows HASP License Manager v8.32.5.40 Install lmsetup.exe Refer to “135-Install_LM_UnderWindows_7.pdf” for detailed information on installing and setting up HASP License Manager under Windows 7. Uncomment 127.0.0.1 in “C:\Windows\System32\drivers\etc\hosts” 4 of 9 Configure/View HASP Keys via Sentinel HASP Admin Control Center website on local machine at http://localhost:1947/_int_/ACC_help_index.html Flexera software FlexNet Publisher 11.8 o Install lmadmin-i86_n3-11_8_0_0.exe o Launch lmtools.exe Select “Config Services” tab Configure/Save Flexlm ArcGIS as a service Service Name: Flexlm Maya Path to the lmgrd.exe file: C:\FlexNet\lmgrd.exe Path to the license file: C:\FlexNet\arcgis.lic Path to the debug log file: C:\FlexNet\log\arcgis.log Check – Start Server at Power Up Check – Use Services Configure/Save Flexlm Avenza as a service Service Name: Flexlm Avenza Path to the lmgrd.exe file: C:\FlexNet\lmgrd.exe Path to the license file: C:\FlexNet\avenza.lic Path to the debug log file: C:\FlexNet\log\avenza.log Check – Start Server at Power Up Check – Use Services Configure/Save Flexlm Defoiens as a service Service Name: Flexlm Defiens Path to the lmgrd.exe file: C:\FlexNet\lmgrd.exe Path to the license file: C:\FlexNet\dialic.lic Path to the debug log file: C:\FlexNet\log\dialic.log Check – Start Server at Power Up Check – Use Services Configure/Save Flexlm ERDASNET as a service Service Name: Flexlm Maya Path to the lmgrd.exe file: C:\FlexNet\lmgrd.exe Path to the license file: C:\FlexNet\erdasnet.lic Path to the debug log file: C:\FlexNet\log\erdasnet.log Check – Start Server at Power Up Check – Use Services Configure/Save Flexlm Ikon as a service Service Name: Flexlm Ikon SIT Windows 5 of 9 Path to the lmgrd.exe file: C:\FlexNet\lmgrd.exe Path to the license file: C:\FlexNet\ikon.lic Path to the debug log file: C:\FlexNet\log\ikon.log Check – Start Server at Power Up Check – Use Services Configure/Save Flexlm Matlab as a service Service Name: Flexlm Matlab Path to the lmgrd.exe file: C:\FlexNet\lmgrd.exe Path to the license file: C:\FlexNet\matlab.lic Path to the debug log file: C:\FlexNet\log\matlab.log Check – Start Server at Power Up Check – Use Services Configure/Save Flexlm Maya as a service Service Name: Flexlm Maya Path to the lmgrd.exe file: C:\FlexNet\lmgrd.exe Path to the license file: C:\FlexNet\maya.lic Path to the debug log file: C:\FlexNet\log\maya.log Check – Start Server at Power Up Check – Use Services Reprise Software (RLM) "C:\rlm.v8.0BL5.enduser\rlm.exe" "-c" "avenza.lic" "-dlog" "log\avenza.log" -install_service service_name "RLM Avenza" SafeNet Sentinel RMS Sigmaplot 11 C:\Sentienl RMS>lslic.exe –f 775102254_lic01.lic Sigmaplot 10 C:\Sentienl RMS>lslic.exe –f 775061110.lic ESET NOD32 Anti-Virus v.4.2.40.0 with fos-nod32v4.xml REM map network share net use \\sit-build.fos.auckland.ac.nz\packages “\\sit-build.fos.auckland.ac.nz\packages\Eset\NOD32 Antivirus\4.2.40.0\x64\installFOS.cmd” FOS Nagios NRPE REM Copy Fos Nagios NRPE to C:\nrpe_nt REM install Fos Nagios NRPE REM allow port 5666 in firewall for remote hosts nagios-ogg and nagios-tmk \\sit-build\APPS\NAGIOS\install.cmd SIT Windows 6 of 9 3.1.4.1 Software License Keying Method Methods describing how following software are keyed: FlexLM ArcGIS o Flexlm Avenza o MAC address: 00505610cd01 SafeNet Sentinel RMS Sigmaplot o Run RegIDCreator.exe which generates a unique key for the machine, then requests a license file from the supplier using the unique key. o Software Serial number is required by supplier to generate the unique key. Aladdin HASP LM – E-Prime o USB Dongle Reprise LM Avenza o MAC address: 00505610cd01 Flexlm Maya o MAC address: 00505610cd01 Flexlm Matlab o MAC address: 00505610cd01 Flexlm Ikon o Volume ID: 2892c01a Flexlm ERDASNET o MAC address: 00505610cd01 Flexlm Defoiens o MAC address: 00505610cd01 USB Dongle Aladdin HASP LM - Wavefunction Spartan 08 v1.2.0 o USB Dongle 3.1.4.2 Software License Management tool Methods describing how following software are keyed: Aladdin Monitor (AKS Monitor) o FlexLM o lmtools.exe – manage all FlexLM services. Reprise LM o SIT Windows Provide centralise administration on HASP License Manager and the HASP network keys rlmutil.exe 7 of 9 SafeNet Sentinel RMS o SIT Windows Wlmadmin.exe – view license status and connected clients 8 of 9 3.2 Network Overview The server is configured with 1 Network Interface Card on the 130.216.35.0/24 subnet and has the local Windows firewall enabled. It has been joined to the sfac.auckland.ac.nz domain and its computer object is located in the following OU: sfac.auckland.ac.nz/Domain Controllers 3.2.1 Network Settings 3.2.1.1 Server Network Settings Subnet Location Description 35 OGG,TMK Trusted Servers Primary NIC – vLAN35 o IP Address : 130.216.35.240 o Subnet Mask : 255.255.255.0 o Gateway : 130.216.35.254 o Primary DNS Suffix : fos.auckland.ac.nz o DNS Server 1 : 130.216.35.35 o DNS Server 2 : 130.216.35.135 o WINS Server 1 : 130.216.191.10 o WINS Server 2 : 130.216.191.11 Unchecked “Register this connection’s addresses in DNS” 3.2.1.1.1 Server CNAME(s) licenses.sges.auckland.ac.nz (licenses.geog.auckland.ac.nz) o FlexLM ArcGIS (University) o Flexlm Avenza (Environment) o Flexlm Defoiens (Environment) o Flexlm ERDASNET (Environment) o Flexlm Ikon (Environment) o Flexlm Matlab (Environment & Psychology) o Flexlm Maya (Environment) o Reprise LM Avenza (Environment) o Sentinel RMS – Sigmaplot v10 (Science) o Aladdin HASP – ePrime (Psychology) spartan-license.fos.auckland.ac.nz o SIT Windows Wavefunction Spartan 08 v1.2.0 (Chemistry) 9 of 9 sigmaplot-license.fos.auckland.ac.nz o Sentinel RMS – Sigmaplot v11 (SES) 3.2.1.2 AnywhereUSB Network Settings Subnet Location Description 35 OGG,TMK Trusted Servers Primary NIC – vLAN35 o IP Address : 130.216.35.237 o Subnet Mask : 255.255.255.0 o Gateway : 130.216.35.254 o MAC Address: 00:20:be:7f:16:b3 3.2.2 Firewall Settings The server is configured with the Windows firewall turned on for the primary NIC (vLAN35) and has the following exceptions configured: o Allow RDP (TCP 3389) from ANY source o Allow FlexLM ArcGIS netsh advfirewall firewall add rule name="FlexNet ArcGIS" dir=in profile=domain new enable=yes protocol=tcp localport=27004 action=allow netsh advfirewall firewall add rule name="FlexNet ArcGIS Daemon" dir=in profile=domain new enable=yes protocol=tcp localport=57004 action=allow o Allow Flexlm Avenza netsh advfirewall firewall add rule name="FlexNet Avenza" dir=in profile=domain new enable=yes protocol=tcp localport=28001 action=allow netsh advfirewall firewall add rule name="FlexNet Avenza Daemon" dir=in profile=domain new enable=yes protocol=tcp localport=58001 action=allow o Allow Flexlm Defoiens netsh advfirewall firewall add rule name="FlexNet Defoiens" dir=in profile=domain new enable=yes protocol=tcp localport=28007 action=allow netsh advfirewall firewall add rule name="FlexNet Defoiens Daemon" dir=in profile=domain new enable=yes protocol=tcp localport=58007 action=allow o Allow Flexlm ERDASNET netsh advfirewall firewall add rule name="FlexNet ERDASNET" dir=in profile=domain new enable=yes protocol=tcp localport=28003 action=allow netsh advfirewall firewall add rule name="FlexNet ERDASNET Daemon" dir=in profile=domain new enable=yes protocol=tcp localport=58003 action=allow SIT Windows 10 of 9 o Allow Flexlm Ikon netsh advfirewall firewall add rule name="FlexNet Ikon" dir=in profile=domain new enable=yes protocol=tcp localport=28008 action=allow netsh advfirewall firewall add rule name="FlexNet Ikon Daemon" dir=in profile=domain new enable=yes protocol=tcp localport=58008 action=allow o Allow Flexlm Matlab netsh advfirewall firewall add rule name="FlexNet MatLab" dir=in profile=domain new enable=yes protocol=tcp localport=28005 action=allow netsh advfirewall firewall add rule name="FlexNet MatLab Daemon" dir=in profile=domain new enable=yes protocol=tcp localport=58005 action=allow o Allow Flexlm Maya netsh advfirewall firewall add rule name="FlexNet Maya" dir=in profile=domain new enable=yes protocol=tcp localport=28004 action=allow netsh advfirewall firewall add rule name="FlexNet Maya Daemon" dir=in profile=domain new enable=yes protocol=tcp localport=58004 action=allow o Allow Reprice LM Avenza netsh advfirewall firewall add rule name="RLM Avenza" dir=in profile=domain new enable=yes protocol=tcp localport=29001 action=allow netsh advfirewall firewall add rule name="RLM Avenza Daemon" dir=in profile=domain new enable=yes protocol=tcp localport=59001 action=allow netsh advfirewall firewall add rule name="RLM Avenza Web Server" dir=in profile=domain new enable=yes protocol=tcp localport=5054 action=allow o Allow Sentinel RMS Sigmaplot netsh advfirewall firewall add rule name="RMS Sigmaplot" dir=in profile=domain new enable=yes protocol=udp localport=5093 action=allow o Wavefunction Spartan 08 v1.2.0 (HASP LM – TCP,UDP 475-in, HASP SRM – TCP,UDP 1947-in (Firewall rules are created automatically after installing HASP LM)) o Allow FoS Nagios NRPE (TCP 5666) from 130.216.35.79 and 130.216.207.13 netsh advfirewall firewall add rule name="FOS Nagios NRPE" dir=in profile=domain,private,public new enable=yes remoteip=130.216.35.79/32,130.216.207.13/32 protocol=tcp localport=5666 action=allow SIT Windows 11 of 9 4 Sign-off Sheet Approval – Infrastructure Manager, James Harper _________________________ Signature ______________ Date Approval – Windows Team Leader, Richard Lau _________________________ Signature SIT Windows ______________ Date 12 of 9
© Copyright 2026 Paperzz