STK Terrain Server Installation Guide



Similar documents
FTP, IIS, and Firewall Reference and Troubleshooting

Reference and Troubleshooting: FTP, IIS, and Firewall Information

NSi Mobile Installation Guide. Version 6.2

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

System Administration Training Guide. S100 Installation and Site Management

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

IIS, FTP Server and Windows

Colligo Engage Windows App 7.0. Administrator s Guide

PC-Duo Web Console Installation Guide

Installation Guide for Pulse on Windows Server 2012

Census. di Monitoring Installation User s Guide

To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.

Access It! Universal Web Client Integration

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

Active Directory Requirements and Setup

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Security IIS Service Lesson 6

LepideAuditor Suite for File Server. Installation and Configuration Guide

Mixed Authentication Setup

Perceptive Intelligent Capture Solution Configration Manager

Installation Instruction STATISTICA Enterprise Server

Trial environment setup. Exchange Server Archiver - 3.0

WINDOWS 7 & HOMEGROUP

XenDesktop Implementation Guide

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

Installing CaseMap Server User Guide

PaperPort PSP Server 3 SERVER ADMINISTRATOR S GUIDE

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Installing Globodox Web Client on Windows Server 2012

Secret Server Installation Windows Server 2008 R2

Sitecore Ecommerce Enterprise Edition Installation Guide Installation guide for administrators and developers

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip

INSTALLATION GUIDE. BrightSign Network Enterprise Edition 3.5

Web Deployment on Windows 2012 Server. Updated: August 28, 2013

Active Directory Management. Agent Deployment Guide

Coveo Platform 7.0. Microsoft Dynamics CRM Connector Guide

Microsoft Dynamics GP SQL Server Reporting Services Guide

Cloud Services ADM. Agent Deployment Guide

Egnyte Single Sign-On (SSO) Installation for OneLogin

Installation Guide for Pulse on Windows Server 2008R2

Web VTS Installation Guide. Copyright SiiTech Inc. All rights reserved.

Using Internet or Windows Explorer to Upload Your Site

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

ShoreTel Advanced Applications Web Utilities

NTP Software File Auditor for Windows Edition

Team Foundation Server 2012 Installation Guide

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Installing and Configuring WhatsUp Gold

Interworks. Interworks Cloud Platform Installation Guide

BusinessObjects Enterprise XI Release 2

v Devolutions inc.

Juris and Juris Suite 2.5 Service Pack 2. Installation Guide

Installation and Deployment

Redtail CRM Integration. Users Guide Cities Digital, Inc. All rights reserved. Contents i

SharePoint Integration Framework Developers Cookbook

BlackBerry Enterprise Server Resource Kit

NetWrix USB Blocker. Version 3.6 Administrator Guide

SINGLE SIGN-ON FOR MTWEB

Juris Suite 2.6. Upgrade Guide

Contents 1. Introduction 2. Security Considerations 3. Installation 4. Configuration 5. Uninstallation 6. Automated Bulk Enrollment 7.

Technical Support Set-up Procedure

Ingenious Testcraft Technical Documentation Installation Guide

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

SAS 9.3 Foundation for Microsoft Windows

Security Guidelines for MapInfo Discovery 1.1

IMDG Code for Intranet

Enterprise Knowledge Platform

ISSUE TRACK FOR WINDOWS INSTALLATION GUIDE VERSION XX

Click Studios. Passwordstate. Installation Instructions

ProjectWise Mobile Access Server, Product Preview v1.1

Click Studios. Passwordstate. Upgrade Instructions to V7 from V5.xx

OrgPublisher EChart Server Setup Guide

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

DreamFactory on Microsoft SQL Azure

ScanJour PDF 2014 R8. Configuration Guide

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Quick Start Guide for VMware and Windows 7

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

Setting Up SSL on IIS6 for MEGA Advisor

Configuring Security Features of Session Recording

Archive Attender Version 3.5

Richmond SupportDesk Web Reports Module For Richmond SupportDesk v6.72. User Guide

owncloud Configuration and Usage Guide

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

SQL Server 2008 R2 Express Edition Installation Guide

Install SQL Server 2014 Express Edition

Cloudfinder for Office 365 User Guide. November 2013

IBM Business Process Manager Version IBM Business Process Manager for Microsoft SharePoint Add-On Installation Guide

Laserfiche Web Access 9.2 Installation Guide. White Paper

Colligo Briefcase for Windows 6.0. Administrator s Guide

Advantage for Windows Copyright 2012 by The Advantage Software Company, Inc. All rights reserved. Client Portal blue Installation Guide v1.

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Active Directory Management. Agent Deployment Guide

File and Printer Sharing with Microsoft Windows

SYSTEM REQUIREMENTS...3

Installing the ASP.NET VETtrak APIs onto IIS 5 or 6

Introduction to Mobile Access Gateway Installation

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Transcription:

STK Terrain Server Installation Guide This guide walks you through the process of installing and configuring STK Terrain Server on your system. System Requirements 64-bit Windows, including Windows Server 2008 or later, and Windows Vista or later. Microsoft.NET Framework v4.5 or later. Internet Information Services (IIS) v7.0 or later. 4 GB RAM or more. Faster CPUs, Solid State Drive, and more RAM will significantly improve terrain processing time. Plenty of disk space for storing raw and processed terrain data. At a minimum, 500 GB of disk space is required for hosting the processed STK World Terrain Dataset (licensed separated). Installation 1. Install Internet Information Services (IIS) v7.0+ and Microsoft.NET Framework v4.5+ if they re not already installed. 2. Run C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -i (without the quotes) from a command prompt with administrator rights to ensure ASP.NET is registered in IIS. If you get a message saying This option is not supported on this version of the operating system use Turn Windows Features On/Off or Server Manager to install ASP.NET 4.5. The message from aspnet_regiis has more information on how to do this. 3. Double-click install.exe to run the STK Terrain Server installer and follow the on-screen instructions. 4. Launch License Manager and use it to install your STK Terrain Server license. 5. Launch STK Terrain Server by selecting it from the Start menu/screen, or by visiting http://[servername]/stk-terrain. Default Authentication The STK Terrain Server installer provides a means for easy configuration of Windows Authentication. By default, Windows Authentication will be enabled, and All Users will have Read access to the STK Terrain Server, while only users that are members of the Windows Group StkTerrainServerAdmins can modify the STK Terrain Server contents. If there is no possibility of accidental or intentional misuse in your environment, you may disable the Windows Authentication in the Setup dialog. The Windows Group may be set to a different Windows Group if preferred by specifying a new group name in the Setup Dialog. Windows groups can be added and managed from the Computer Management Windows application, via the Groups folder under Local Users and Groups.

Configuring Authentication in IIS The current version of STK Terrain Server supports authentication using the Windows or Basic authentication mechanism in Internet Information Services (IIS). It allows you to designate Windows users or groups that are allowed to make modifications inside the application. To set it up, open the Internet Information Service (IIS) Manager and navigate to the stk-terrain virtual directory in the Default Web Site. Your virtual directory may have a different name if you changed the default during installation. Then, choose the Authentication feature.

Then, enable Windows authentication or Basic authentication. We recommend that you use Windows authentication whenever possible. Basic authentication will send login credentials in clear text in the HTTP request, which is a security problem unless your server is also configured to require an HTTPS connection. If the authentication mechanism you want does not appear in the list, you will need to install it. On Windows Server 2008 and 2012, authentication mechanisms are installed using Server Manager. Navigate to the IIS pane, scroll down to the Role Services section, and click the Add Role Services

button or select Add Roles and Features from the Tasks drop-down. The features are found under Web Server (IIS), Web Server, Security. On Windows Vista, 7, 8, and 8.1, authentication mechanisms are installed via Turn Windows features on or off, under Internet Information Services, World Wide Web Services, Security.

Next, we configure which users and groups are allowed access to the application. In the Features View for the stk-terrain virtual directory again, select.net Authorization Rules. IIS.NET authorization rules are evaluated in top-down order, and the first rule that matches a user and HTTP verb takes effect. If the first matching rule has a mode of Allow the user will be allowed to

perform that action. If the first matching rule has a mode of Deny the user will not be allowed to perform that action. The first rule in the list, set up by the STK Terrain Server installer, specifies that all users, including anonymous, unauthenticated users, are allowed to do GET requests. In STK Terrain Server, GET requests cannot make modifications to the server, so this rule provides read-only access to everyone. To only allow specified users or groups to read data on the server, double-click the first rule in the list and choose a radio button to specify an allowed user or group.

Users and groups refer to Windows users or groups on the web server. They can be qualified with a Windows domain name if necessary. The next rule in the list grants all users full access (read and write) to the STK Terrain Server application. We recommend that you double-click this rule and select a user or group in order to limit write access. You can designate multiple users or groups by inserting additional, similar rules at the same position in the rule list. The third rule in the list denies access to all users that weren t granted access by previous rules. The fourth and subsequent rules in the list, which could be different on your server, are inherited from the parent web site. With this configuration complete, web browsers will automatically prompt for login credentials when attempting to perform an action within the STK Terrain Server application that does not allow anonymous access. In some cases, the login may be automatic (no explicit prompt) when you re logged into the server as a user that is allowed access, or if your network has a Windows domain and your domain user is allowed access. Troubleshooting Authentication If authentication doesn t work in particular, if you re using Windows authentication and the server will not accept your credentials here are some things to try. Configure the StkTerrainServerAppPool to use the NetworkService identity instead of the ApplicationPoolIdentity. This often helps because NetworkService is set up by default to work with Kerberos authentication on a Windows domain, whereas ApplicationPoolIdentity is not. In IIS Manager, select Application Pools in the tree on the left, and then click StkTerrainServerAppPool in the list. Click Advanced Settings on the right. Under Process Model select Identity and then click the button next to it. Under Built-in account select NetworkService.

Configure Windows authentication to prefer NTLM over Negotiate. This may help when authenticating Windows domain users, because Negotiate will often choose to use Kerberos authentication in this scenario, which can be tricky to get working. Navigate back to the Authentication feature for the stkterrain virtual directory in IIS Manager. Select Windows Authentication from the list and then click Providers on the right. Move NTLM above Negotiate. Configuring Web Service Authorization In the above sections, we showed how the STK Terrain Server can restrict anonymous users to read only access. For some, this level of security may not be adequate enough, as any user can still retrieve information on tilesets and datasources defined on the STK Terrain Server. Authorization of users to only have permissions to request tiles and tileset metadata can be achieved by using the Url Authorization Feature for IIS. The Url Authorization Feature for IIS must first be enabled on your server. On Windows Server 2008 and 2012, Url Authorization is installed using Server Manager. Navigate to the IIS pane, scroll down to the Role Services section, and click the Add Role Services button or select Add Roles and Features from the Tasks drop-down. The feature is found under Web Server (IIS), Web Server, Security.

On Windows Vista, 7, 8, and 8.1, authentication mechanisms are installed via Turn Windows features on or off, under Internet Information Services, World Wide Web Services, Security.

With URL Authorization enabled for IIS, authorization can now be configured for each REST webservice. Open the Web.Config file located at the root of the stk-terrain install directory. Inside the <configuration> element, a REST webservice virtual location can be identified and assigned authorization control. The following example, highlighted in red, would restrict the use of localhost/stkterrain/admin REST API to only users in the StkTerrainServerAdmins user group. <?xml version="1.0" encoding="utf-8"?> <configuration> <location path="admin"> <system.webserver> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accesstype="allow" roles="stkterrainserveradmins" /> </authorization> </security> </system.webserver> </location>... </configuration> Users and groups refer to Windows users or groups on the web server. They can be qualified with a Windows domain name if necessary. Following the pattern illustrated in the example above, the path attribute can be configured for authorization of the following admin REST API end points: admin/datasources Returns json that defines the collection of datasources defined on the STK Terrain Server. admin/datasources/{name} Returns the json that defines the configuration of a named datasource. Named datasources will inherit the authorization defined at the datasources level; defining authorization rules for a named datasource will override the authorization above. admin/settings Returns json that defines the configuration settings for viewing a tileset admin/license Returns json that describes the STK Terrain Server license state admin/datasources/files Defines an interface for uploading files to a STK Terrain Server datasource. admin/tilesets Returns json that defines the collection of tilesets defined on the STK Terrain Server. This web service allows for the discovery of tilesets on the server, but provides admin information about the tileset, including the directory location of the tileset and status on the incorporation of data sources into this tileset, including percent complete and the time elapsed to incorporate the data source. The public REST API end points can also be configured for authorization control: v1/tilesets Returns json that defines the collection of tilesets defined on the STK Terrain Server. This web service allows for the discovery of tilesets on the server, but does not include the additional admin datasource processing information.

v1/tilesets/{name}/tiles Root path of all Terrain Server tiles. For legacy Cesium applications, the v1 can be optional for tile and layer.json retrieval endpoints, however this unversioned REST API may be deprecated in the future. These legacy endpoints are o tilesets/{name}/tiles/layer.json o tilesets/{name}/tiles/{z}/{y}/{x}.terrain Licensing If a license for STK Terrain Server is not yet installed, browsing to the Data Sources or Tilesets page in the web interface will redirect to a license information page: As the page says, the easiest way to install a license is by running the STK License Manager on the server. The Obtain Purchased License tab allows you to obtain an already-purchased license through AGI s Customer Licensing System, and also contains contact information if you need to purchase a license.

If you already have a license file, click the Manage Licenses and click the Install a License File button. Browse to your license and click Open. Then, return to the STK Terrain Service licensing page and click the Check Again button. If the license was installed successfully, you will be automatically directed to the Data Sources or Tilesets page. If there is a problem with the license, diagnostic information will be displayed on the page. Please contact AGI support if you have difficulties with licensing.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information