Performing a standard installation

For an initial installation of SES Evolution:

  1. Log in to the machine using a Windows account with the following characteristics:
    • If the machine belongs to a domain, the Windows account must be a domain account,
    • It must hold administration privileges on the local machine,
    • If the database already existed before the installation, the account must have access to the database instance with the “sysadmin” server role.
  2. Double-click on the SES_Evolution_Installation_Center.exe file.
  3. Click on New installation.
  4. Select Standard installation.
  5. Enter the addresses of the administration and log database instances. Both databases can be located on the same instance. Regardless of which authentication type is selected, the “sysadmin" role is required for the creation of databases.
  6. NOTE
    Database instances must not contain data and the operating system from which the Installation Center is run must be able to access the instances.

  7. Configure Log database storage. The parameters differ depending on whether you have SQL Server Enterprise or SQL Server Express.
    • Log storage path: Use the default SQL Server storage path or a custom path. This field is available only on SQL Server Enterprise.
    • Agent event retention and System log retention: SES Evolution logs are kept by default for 12 months before they are automatically deleted, and only for two months if you are using SQL Server Express. Enter a retention period higher than or equal to 1 month. The maximum duration allowed on SQL Server Express is 12 months.

      Logs can be kept indefinitely on SQL Server Enterprise. As such, ensure that you always have enough disk space to contain all logs.

      Retention values can be modified later through the administration console. For more information, refer to the section Managing the size of the log database in the .

  8. Enter the passwords that encrypt private keys for root and intermediate certificate authorities.
  9. The domain account with which you have logged in is pre-entered as the super administrator account. The super administrator is the user of the console that makes it possible to create other users. It must belong to the same Active Directory domain as the SQL server, the various SES Evolution database instances and the administration console. If this is not the case, then a relationship of trust must be established between the domains.

    NOTE:
    If you rename the domain account which is SES Evolution super administrator, make sure you have created before a user with the new name in the SES Evolution administration console. Otherwise you will not be able to log in to the console. For more information, refer to the section Managing users on the SES Evolution administration console.

  10. Select Backend if you wish to install a backend component on this machine. The backend centralizes all the operations performed in the environment, and is the core of the installation. Specify the following parameters:
    • The DNS name of the host that will be used to access the backend in HTTPS. The name of the machine from which you have logged in and the domain are pre-entered. This name cannot be changed later.
    • The cluster host name is mandatory. If you want to implement load balancing or redundancy (NLB feature) on several backends (recommended for more than 50,000 agents), this is the address that agent handlers and the console will use to connect to the backend. The DNS name must be different from the first host name. This information will be known only after the initial installation of the backend. Both of these DNS names cannot be changed later.
      If you do not wish to set up a backend cluster, a DNS entry (CNAME) must still be declared with a specific name (e.g., SESBACKCLUSTER.SES.local). Its IP address will point to the address of the machine on which the backend is installed. SES Evolution components will not need to be reinstalled later if an architecture with an NLB cluster is implemented. The DNS alias will need to be changed so as it points to the virtual IP address of the NLB cluster.
    • Select the type of account that will be used as the identity for the worker processes of the IIS server:
      Domain accountAccount on the domain, ideally created only for use as the identity of SES Evolution services and programs, with a password that never expires. The service that updates the backend, installed on every backend server, also uses this domain account.
      Local accountLocal account on the machine. This option can be used to install SES Evolution outside a Windows domain that uses several different machines. This requires the creation of local accounts with the same login and password on every machine. The service that updates the backend, installed on every backend server, also uses this domain account.
      Predefined IIS accountVirtual account valid only on the local machine, and to be used only for local installations of a backend on the same machine as the database. In this case, the update service on the backend is installed as SYSTEM.
    • Enter the name and password of the account.
  11. Next, select Stormshield Endpoint Security Evolution Agent handlers and Administration console if you wish to install them on this machine. Enter the contact address of the agent handler, that agents will use to contact it.
  12. Register your license file. To get your license, refer to the section Getting the SES Evolution license.
  13. Click Install.
  14. In the next step, move your mouse randomly to produce random numbers. The certificates needed to run SES Evolution are generated from these numbers.
    If the IIS role is not enabled, the Installation Center will enable it automatically when the backend component is installed. This operation may take a while to complete.
  15. Quit the Installation Center once the installation is complete.

To install the other components on other machines, run the Installation Center on each machine and select Modify an existing installation. For further information, refer to Adding a console, backend component or agent handler.

You are advised to back up the administration database and log database regularly.