Chapter 2: Installing InControl

This section describes the installation of the InControl server, client and ILA. Further details about ILA installation, particularly on a separate computer, can be found in Section 23.2, The InControl Logging Agent (ILA).

Hardware and Software Resource Requirements

The minimum hardware and software platform requirements for InControl and its components can vary from release to release. Because of this, the recommended requirements are stated in the System Requirements section of the separate Release Notes document associated with each InControl version.

The InControl Installation Executable

InControl installation package can be downloaded directly from the Clavister website after logging in to the relevant MyClavister account.

The InControl installer for versions 3.00 and later consists of a single Windows executable file with the following filename format:

		clavister-incontrol-<version>-setup.exe

The Installer Assumes Internet Access is Available

Sometimes the installer may require access to required resources over the Internet so, ideally, Internet access should be available during installation. However, if this is not the case, installation without Internet access is covered by an article in the Clavister Knowledge Base at the following link:

https://kb.clavister.com/343412798

Notes About Running the Installer

The following should be noted about running the installer executable:

The Installer Visual Interface

When the executable is run normally, without any previous InControl installation, the administrator will initially be presented with the options shown below.

The installer offers the choice of installing any combination of the client, server and ILA components. For a first-time installation it is recommended that at least the InControl server and the InControl client are installed on the same computer. This means that the client can be opened immediately after installation and will have local access to the server.

The columns on the left show what previous installations, if any, have been detected by the installer. Pressing the Install button for a component will select that component for installation and also provide the opportunity to change the default installation paths. An example for the server is shown below.

The Install button will be disabled if the installer cannot upgrade a previously installed component. Note that each component provides the choice between Install, Uninstall and No Change. The default is No Change so another button must be pressed for a component if any action is to be taken.

Once the installer actions for all components have been selected, the administrator can then press the Apply button at the bottom of the dialog and agree to the license conditions. This will launch the selected actions with separate progress bars showing the state of execution. Note that the second bar (labeled InControl followed by the version number) shows progress for installation of the installer itself (so it can opened later to make changes).

After completion, press the Done button to close the installer.

Uninstalling and Running the Installer Later

During installation from the .exe file, the installer will install itself so that it can be run later to make changes, even though the original .exe file has been deleted. Uninstallation is one of the changes that can be made.

Starting the installer later can be done by opening the Windows Apps & Features list, finding the InControl entry and pressing the Modify button. An example of this is shown below.

An alternative way to do this is by opening the Windows Control Panel and selecting Programs & Features.

However, new InControl versions cannot be installed using the current installer and a new .exe file will have to be downloaded and executed for upgrades.

Enhancing Security with a New Local User for Running Services

As mentioned previously, installation of InControl server and ILA components must be done from a Windows account with administrator privileges (the client does not require this). However, using a non-local account could mean that security might be compromised by a malicious user logging in across a network.

To enhance the security of the InControl services, it is strongly recommended to create a new, local user account and then log into this account to perform installation of InControl components. Such user accounts are sometimes referred to as Service Accounts. These keep critical services completely separate from normal user accounts.

[Important] Important: Use the same local user for ILA services

When the two ILA services (logging agent and log receiver) are running on the same computer, they must both be installed using the same local user. However, in the case of multiple ILA instances, each pair of ILA services for each instance can run under different user accounts.

Once server installation is complete, the Windows service ICS.exe should then be set up in Windows to run under the new, local account (select the Log On tab in the properties of the service and specify the account).

To additionally enhance security, InControl server database file access should be restricted to this account only.

Client Installation and Remote Updating on a Separate Computer

First time client-only installation on a Windows computer can be done by running the installer .exe file on the computer and selecting only the client option. The client interface is described further in Chapter 5, The Client Interface.

From InControl version 3.00 onwards, it is possible to update an existing client installation remotely from the InControl server over a network connection. When the client starts, it automatically queries the server if there is a newer version of the client software available. If there is because the server has been updated but not the client, the newer version can be automatically downloaded from the server and installed. This means that a InControl update needs only a single central installation and then remote clients can be easily updated. However, this remote updating feature is not possible with versions of the InControl client prior to 3.00.

Importantly, it should be noted that InControl versions after 3.03.01 use a different and improved method for communication between the client and server. This means that a client with a version number of 3.03.01 or earlier cannot be updated remotely from a server with a version above 3.03.01. Such a client will have to be initially upgraded locally to a version above 3.03.01, but remote upgrading from the server will then be possible again after that.

Installing MSI Files

Sometimes, for example with Active Directory, installation of the separate MSI files may be required and the .exe file will not be used. In this case, the following MSI properties may be required:

  1. Properties for the InControl Server:

    • TARGETDIR - The installation directory. The default value is:

      	%PROGRAMFILES(X86)%\Clavister\InControl\Server\

      Note that if upgrading from a pre-3.00 version and a non-default path was used previously, the TARGETDIR property must be specified. If the default path was used, TARGETDIR must not be specified.

    • TAKEBACKUP - Take a backup of the database prior to the upgrade. Set this to "1" to enable a backup.

    • REMOVEDATA - Remove as much application data (such as configuration files, database, logs) as possible when doing an uninstall. Set this to "1" to remove the data.

    • DATABASEDIR - The location of the database. This is only used for a first-time installation or an upgrade from a pre-3.00 InControl version (since the old NSIS-based installer was used). The default path is:

      	%PROGRAMDATA%\Clavister\InControl\Server\Database\

    • AUDITDIR - The location of the audit logs. Only used for a first-time installation, or an upgrade from a pre-3.00 InControl version. The default path is:

      	%PROGRAMDATA%\Clavister\InControl\Server\Audit\

  2. Properties for the InControl Client:

    • TARGETDIR - The installation directory. The default value is:

      	%PROGRAMFILES(X86)%\Clavister\InControl\Client\

      Note that if upgrading from a pre-3.00 version and a non-default path was used previously, the TARGETDIR property must be specified. If the default path was used, TARGETDIR must not be specified.

  3. Properties for the InControl ILA:

    • TARGETDIR - The installation directory. The default value is:

      	%PROGRAMFILES(X86)%\Clavister\InControl\LoggingAgent\

      Note that if upgrading from a pre-3.00 version and a non-default path was used previously, the TARGETDIR property must be specified. If the default path was used, TARGETDIR must not be specified.

    • REMOVEDATA - Remove as much application data (such as configuration files, databases, logs) as possible when doing an uninstall. Set to "1" to remove the data.

    • DEFAULTCONFIGDIR - The default base configuration directory for new ILA instances. The default value is:

      	%PROGRAMDATA%\Clavister\InControl\LoggingAgent\Config\

      This is only used for a first-time installation.

    • DEFAULTDATADIR - The default base data directory for new ILA instances. The default value is:

      	%PROGRAMDATA%\Clavister\InControl\LoggingAgent\Data\

      This is only used for a first-time installation.

Windows Services

On completion of InControl server installation, the server will be left running as a Windows service and the InControl client can connect to it immediately. ILA services will also be left in the running state, if ILA is installed. The Windows service executables for the InControl components are the following:

[Important] Important: Restrict access to the server hardware

Access to the InControl server management interface is not protected by any security mechanisms. Physical access to the computer on which the server is running also means possible access to the server interface. It is therefore important to restrict access to this computer.

Solving Service Start Timeout Problems

On a hardware platform with limited resources, it is possible that services will not start sufficiently quickly before Windows times out a service startup. Dealing with this issue is discussed in an article in the Clavister Knowledge Base at the following link:

https://kb.clavister.com/354851828

Locations of Log Files

Note that the locations of the log files for all the InControl components is discussed in an article in the Clavister Knowledge Base at the following link:

https://kb.clavister.com/354850220