How do I Set Up NorthScope?
This document will walk through a series to steps that are involved with setting up NorthScope and its related components. This will include verifying prerequisites are installed, setting up several accounts and configuring the database security.
Step 1: Confirm SQL Server Setup
Review the SQL server settings to verify it meets our requirements for a NorthScope instance:
SQL Server 2014 Standard Edition
SQL Server Reporting Services
Note that in most cases one SQL Server will run both a live and a test NorthScope instance.
Step 2: Confirm Web Server Setup
Review web server settings to verify it meets our requirements for a NorthScope instance:
.Net Framework 4.0 at minimum
Microsoft Report Viewer 2012 Runtime
Note that the Microsoft Report Viewer Runtime has some prerequisites itself, most notably the Microsoft SQL Server System CLR Types
WCF Services -> HTTP Activation is required
Note that in most cases one Web Server will run both a live and a test NorthScope instance.
Step 3: Determine your Instance Name
Each NorthScope instance should have a unique name so you can easily identify the instance, the most common reason for having multiple instances is so that you can have a “Live” and a “Test” environment. We suggest that the instance name is used when creating the database, folder structure and various accounts so that all the components of an instance are named in a similar way.
Using the company name of “Northlake Partners” as an example, we would suggest the following naming conventions for the instance names:
Live Instance: NS_Live_NLP
Test Instance: Test_NS_NLP
Step 4: Setup Accounts
NorthScope requires several different accounts to run properly. All accounts should also be named to relate with the instance they are associated with. The below examples assume we are setting up accounts for the NS_Live_NLP instance from Step 3.
Windows Account: “YourDomain\NS_Live_NLP”
This account will be used to run the IIS application pool, the website itself, access SSRS reports and access the associated SQL database
Note that separate accounts can be setup for each of these tasks if required. NLP suggests that one account is setup to run both the live and test instance.
Step 5: Setup The Website File Structure
NorthScope application file folders should be named to indicate what instance it belongs to. Typical installation naming conventions are as follows:
Add a folder in a location of your choice on the web server. Using the “NS_Live_NLP” instance example, the suggested path is: C:\NorthScope\NS_Live_NLP
Unzip and then copy and paste the “Web” folder which contains all the application files under NS_Live_NLP
Grant the user created in step 4 “YourDomain\NS_Live_NLP” full control to the C:\NorthScope\NS_Live_NLP folder
Note that you will need to setup one website folder structure per NorthScope instance.
Step 6: Setup The Database
The NorthScope database should be named to indicate what instance it belongs to. Typical installation naming conventions are as follows:
Add a new database to the SQL Server. Using the “NS_Live_NLP” instance example, the suggested database name is: NS_Live_NLP
Add the user created in step 4 “YourDomain\NS_Live_NLP” to the db_owner role of the NS_Live_NLP database
Note that you will need to setup one database per NorthScope instance.
Step 7: Create Or Obtain A SSL Certificate
If you already have a certificate for the domain, please skip to the next step. If you don’t have an SSL certificate for your domain then you have two options.
Option 1- Purchase and install a certificate from a trusted source. This is the preferred option although NorthScope will work with self-signed certificates as well. If you would like any help with this part please reach out to NLP support for assistance. This would most commonly be used for any NorthScope websites that are exposed to the internet.
Option 2 - Create a self-signed certificate for your local domain. This would most commonly be used in a NorthScope setup that will only be accessed on an internal network or intranet and not exposed to the internet.
To create a self-signed certificate, open PowerShell “As Administrator” and run the following script in the PowerShell window. In this example the “YourDomainNameHere” should be changed to reflect your specific DNS name and “YourServerNameHere” should be changed to be the server name. This script will create a self-signed SSL Certificate that is valid for 10 years.
$todaydt = Get-Date
$10years = $todaydt.AddYears(10)
New-SelfSignedCertificate -dnsname *.YourServerNameHere.YourDomainNameHere.Local -notafter $10years
Navigate to Microsoft Management Console (MMC) and add the snap-in for certificates at the local computer account. Copy the PowerShell Self-Signed Certificate from the Personal > Certificates folder and paste it to the Trusted Root Certification Authorities > Certificates Folder. This step will ensure that the local machine has access to the certificate.
In order for the entire domain to recognize the certificate we suggest using Active Directory Group Policy to deploy the certificate. The steps below can be used to configure the certificate deployment within active directory group policy:
Log in to your Active Directory server using a domain administrator account
Open the Group Policy Management Console
Create a new GPO or use an existing one of your choice
Right-click the desired Group Policy Object and select “Edit”
Go to Computer Configuration -> Policies -> Windows Settings -> Security Settings ->Public Key Policies
Right-click Trusted Root Certification Authorities, and select “Import”
In the Certificate Import Wizard click Next, and in the File to Import page, click Browse and navigate to where your certificate is saved, and double click it
With the cert listed in the “File name” click Next
Accept the default option, Place all certificates in the following store (Trusted Root Certification Authorities), click Next, and then click Finish and OK
Link the GPO to the OU of the systems you want the certificate installed onto
Note that you should only need one certificate per Web Server.
Step 8: IIS Setup
Each instance of NorthScope Live and Test should have their own Website and Application Pool with the same naming conventions as the database and file structure.
Open IIS Manager on the web server
Create the Application Pool
Navigate to Application Pool and right click to “Add Application Pool”
Configure the name to match the file structure and database, using our example this would be: NS_Live_NLP
Verify the “.Net CLR Version v4.0.30319“ is selected
Select “Integrated” pipeline mode
Check the “Start application pool immediately” option
Edit the Advanced Settings of the Application Pool
Select to the “Identity” setting to set a Custom account and use the user setup in Step 4: “YourDomain\NS_Live_NLP”
Improve performance by adjusting the Regular Time Interval
This Advanced Setting determines how long before a connection that is not active is closed. Under the Application Pool Tasks, expand “Recycling”. Change the Regular Time Interval to 120 minutes.
Create the Website
Navigate to Sites and right click to “Add Website”
Enter a Site Name that matches the instance name, in our example this would be: NS_Live_NLP
Select the previously created Application Pool
Point the Physical Path to the path you are using from Step 5. In our example this would be: “C:\NorthScope\NS_Live_NLP\Web”
Click the Connect as button so that we can specify the account used to access the website path. Set the User Name to match the user we setup in Step 4: “YourDomain\NS_Live_NLP”
Set Binding Type = “https”
Enter Host Name as the NorthScope instance and then the full computer name or fully qualified domain name depending on tour setup.
If using a local domain with our instance name example this would be: NS_Live_NLP.YourServerHere.YourDomain.local
If using a proper domain this would be: NS_Live_NLP.YourDomain.com
Select your previously purchased and installed certificate or your self-signed certificate
Edit the Advanced Website Settings to improve performance
Select IIS > Default Document and move “Default.aspx” to the top of the list
Note that you will need one website for each NorthScope instance.
Step 9: Update Web Config
For each of the folders you setup in Step 5, browse to the Web folder to edit the web.config file and update the Connection String with the following properties. Before completing this step or if you are upgrading your system please be sure you have the latest copy of the web.config file that matches your version of the software.
<add name="ERPxConnectionString" connectionString="Data Source=YourServerName; Initial Catalog=NS_Live_NLP; Trusted_Connection=True; Application Name=NorthScope;" providerName="System.Data.SqlClient" />
Step 10: Add DNS records to resolve the Website
In order to correctly route traffic to the NorthScope website you may need to make some changes to DNS settings. This may involve one or all of the steps below depending on your network setup and whether or not the website is exposed to the internet.
Make an entry to the Hosts file of the web server for immediate local testing of the website if no other DNS entries can be made. Using the example from above, this would involve making an entry to the hosts file similar to this: 10.10.10.10 NS_Live_NLP.YourDomain.com
where 10.10.10.10 is our server’s IP address.Setup a “Forward Lookup Zone” for your internal DNS
Add an A record that resolves the website Name to the IP address of the machine where the website is located
Note this will need to be done for each NorthScope website.
Additional Components
Component 1: Emailing
The Mail Queue Processor Service will process reports to files, send out emails from the RSMailQueue and process direct print ready files. To set up this service, please refer to this document: https://northlakeconfluence.atlassian.net/wiki/spaces/NDD/pages/1544618598
Component 2: Printing
Component 3: Jobs
Other Possible Helpful Pieces Of Information:
Force SSRS to run over TLS 1.2 if images are not showing up in reports when images are referenced with a web URL.
Update the Registry to add the following keys
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001
Add the following Entry in the configuration file for Reporting Services : ReportingServicesService.exe.config in the runtime element
<AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSchUseStrongCrypto=false" />