Introduction

This document describes the installation of the CoreOne Suite based on the version Release 9.1.X

Preparation

Before you start the installation all system requirements need to be updated/installed on the server:

Database installation

Please make sure you have a database ready to install to (see required version here: System requirements Database Service)

• MySQL - Installation

• MariaDB - Installation

Database sql mode

Make sure that the SQL mode ONLY_FULL_GROUP_BY is not active.
You can check that with the following SQL statement: select @@sql_mode;

If it’s in the result, edit your my.ini file for MariaDB or MySQL and remove this SQL mode from the list.

ASP.NET Core 8.0 Runtime / Windows Hosting Bundle

The installation needs a .NET update as well.

• Go to the following page: https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-aspnetcore-8.0.11-windows-hosting-bundle-installer

Installation CoreOne Suite (All-In-One)

Step 1 - Start the installer as administrator

Navigate to the folder with the installer.

Right-click the installer and select “Run as administrator”.

Step 2 - CoreOne Suite Installer

On the first page of the installer, general information is displayed.

Continue with the button “Next”.

Open

Step 3 - Accept licence agreement

Accept the license agreement with a selected checkbox.

Continue with the button “Next”.

Open

Step 4 - Feature selection

Select the desired components to install. For a standalone installation we select all features except the system-connector:

• CoreOne Application Service

  • The CoreOne Application Services includes the CoreOne System Connector

• CoreOne Authentication Service

  • CoreOne Authentication Services (IDP)

• CoreOne Self Service

  • The Self Service Portal

• CoreOne System Connector Service

  • CoreOne System Connector (only necessary if installed on a dedicated server)

• CoreOne Web Service

  • CoreOne Web Services (Admin UI old/v2)

• CoreOne Workflow Dashboard

  • CoreOne Workflow Dashboard (Web UI)

• CoreOne Workflow Runner

  • CoreOne Workflow Service

Continue with the button “Next”.

Open

Step 5 - CoreOne Application Service user credentials

The user which the Windows service will be started with.

• System accounts:

  • Pre-defined system accounts to choose from
    -> no need for a username or password

• User name:

  • Username for a dedicated user account

• Password:

  • Password for the dedicated user account

• No Password checkbox:

  • If the given username doesn’t need a password, for example if it’s a managed service account, you can check this box

If no dedicated user was created, use LocalSystem and continue with the button “Next”.

If a dedicated user is provided, make sure its able to “logon as a service”.

Verify the user with the “Check User” button.

Continue with the button “Next”.

Open

Step 6 - MySQL settings

Provide the connection-parameter for the MySQL server.

• Server:

  • Server where MySQL is running (IP address or hostname)

• Port:

  • Port of the MySQL server (default 3306)

• User:

  • User for the MySQL server (has to have administrative and grant privileges)

• Password:

  • Password for the MySQL server

Test the connection with “Check connection”.

Continue with the button “Next”.

Open

Step 7 - MySQL settings - readonly

Check the checkbox and fill out the connection parameters if you want to use other connection parameters for a readonly connection.

Open

Step 8 - Network selection

Select in the given drop-down menus the specific ip-adresses.

• Service network (usually internal address (127.0.0.1))

  • The heart beat service listens on this IP (used between APP servers)

  • The event manager listens on this IP (used between APP servers)

• Customer network (usually internal address (127.0.0.1))

  • All WCF services listen on this IP (APP ↔ WEB)

• Network public (usually external address)

  • Used as a fallback for HTTP Bindings

  • WCF-Router listens on this IP (has been replaced, configuration is there as a fallback)

Continue with the button “Next”.

Open

Step 9 - Tenant name

Provide a name for the tenant.

• Tenant name:

  • Unique identifier used to distinguish one tenant from another within a multi-tenant system or environment. Any name can be used.

Continue with the button “Next”.

Open

Step 10 - Admin user set up

Provide a secure and unique passwort for the “admin account”-user and save the credentials to a dedicated place.

• Admin user password:

  • Password for the admin user

• Repeat password:

  • Repeat password for approval

Check if the passwords match with “Check password”.

Continue with the button “Next”.

Open

Step 11 - CoreOne Application Service configuration

Set the configurations for the CoreOne Application Service.

• Load CoreOne System Connectors:

  • If check mark is set, run the CoreOne System Connectors on the local application service

• Root log level:

  • Log4Net Logger level of root logger

• NHibernate log level:

  • Log4Net Logger level of NHibernate logger

• NHibernate SQL log level:

  • Log4Net Logger level of NHibernate SQL logger

• iTsense moving log level:

  • Log4Net Logger level of iTsense moving logger

• iTsense DataProviderFactory log level:

  • Log4Net Logger level of iTsense DataProviderFactory logger

• iTsense RouterService log level:

  • Log4Net Logger level of iTsense RouterService logger

• iTsense BackendCommon log level:

  • Log4Net Logger level of iTsense BackendCommon logger

• Communication certificate:

  • SSL certificate for internal communication

• SSL cert CN for API (DB setting):

  • SSL certificate for the backend API

• Backend Base URL for API:

  • URL where the Backend API is hosted

• Elsa URL for API:

  • URL where the Workflow Runner API is hosted

• Backend client secret:

  • The client secret for the backend (cos_applicationservice)

• System Connector Authentication Api Url:

  • URL for the Authentication API

Continue with the button “Next”.

Open

Step 12 - Select certificate (CoreOne System Connector Service Host-Certificate)

Choose a certificate for the CoreOne System Connector Service Host.

Continue with the button “Next”.

Open

Step 13 - Select certificate (CoreOne System Connector Service Client-Certificate)

Choose a certificate for the CoreOne System Connector Service Client.

Continue with the button “Next”.

Open

Step 14 - CoreOne Authentication Service site settings

Enter settings for the CoreOne Authentication Service site.

CoreOne Authentication Service site:

• Website URL:

  • Host URL for the Authentication Service web site

• SSL Port:

  • SSL Port for the Authentication Service site (443 by default)

• SSL certificate:

  • SSL certificate for the Authentication Service site

App pool user:

• System accounts:

  • Account for the operating system-defined purpose

    • NetworkService (Recommended)

    • Local Service

    • LocalSystem

    • Created user

• User name:

  • User name for the system account, not needed if system account is set

• Password:

  • Password for the system account, not needed if system account is set

• No password check box

  • If set, no password is required, for example for managed service accounts

If a dedicated app pool user is provided, verify the user with the “Check User” button.

Continue with the button “Next”.

Open

Step 15 - CoreOne Web Service site settings

Enter settings for the CoreOne Web Service site.

CoreOne Web Service site:

• Website URL:

  • Host URL for the Web Service web site

• SSL Port:

  • SSL Port for the Web Service site (443 by default)

• SSL certificate:

  • SSL certificate for the Web Service site

App pool user:

• System accounts:

  • Account for the operating system-defined purpose

    • NetworkService (Recommended)

    • Local Service

    • LocalSystem

    • Created user

• User name:

  • User name for the system account, not needed if system account is set

• Password:

  • Password for the system account, not needed if system account is set

• No password check box

  • If set, no password is required, for example for managed service accounts

If a dedicated app pool user is provided, verify the user with the “Check User” button.

Continue with the button “Next”.

Open

Step 16 - CoreOne Self-Service site settings

Enter settings for the CoreOne Self-Service site.

CoreOne Self-Service site:

• Website URL:

  • Host URL for the Self-Service site

• SSL Port:

  • SSL Port for the Self-Service site (443 by default)

• SSL certificate:

  • SSL certificate for the Self-Service site

App pool user:

• System accounts:

  • Account for the operating system-defined purpose

    • NetworkService (Recommended)

    • Local Service

    • LocalSystem

    • Created user

• User name:

  • User name for the system account, not needed if system account is set

• Password:

  • Password for the system account, not needed if system account is set

• No password check box

  • If set, no password is required, for example for managed service accounts

If a dedicated app pool user is provided, verify the user with the “Check User” button.

Continue with the button “Next”.

Open

Step 17 - CoreOne Authentication Service configuration

Set the configurations for the CoreOne Authentication Service.

• Certificate type:

  • Choose a certificate type for the CoreOne Authentication service:

    • Self generated RSA key

    • Self generated Certificate

    • Windows Store Certificate

• Certificate store*:

  • Choose a certificate in the Windows certificate store. This dropdown is only available if the certificate type is set to “Windows store certificate”

• Backend api url:

  • URL where the backend api is hosted

• Backend api v2 url:

  • URL where the backend api v2 is hosted

• Self-service url:

  • URL of the self-service portal, used for the “My data” links on the Admin UI

Continue with the button “Next”.

Open

Step 18 - CoreOne Web Service configuration

Set configurations for the CoreOne Web Service.

• Auto refresh token:

  • Enable or disable the automatic renewing of the authentication token before it expires

• Enable inactivity logout:

  • Enable or disable automatically logging out a user after a certain period of inactivity

• Inactivity logout timespan in minutes:

  • Period of time in minutes for the user to log out due to inactivity (if enabled)

• Login authority:

  • URL for the login authority, usually the URL where the Auth server is hosted

• Application Service hostname:

  • The hostname/URL where the application service is hosted

• Communication certificate:

  • Communication certificate for the CoreOne Web Service

• Backend api url:

  • URL of the backend api

• Backend api v2 url:

  • URL of the backend api v2

• Backend health-check endpoint url:

  • URL of the backend health-check endpoint

Continue with the button “Next”.

Open

Step 19 - CoreOne Admin UI 2.0 configuration

Configuration for the new Admin UI 2.0

• Authentication server url:

  • URL to the authentication server

• API endpoint url:

  • URL to the backend API

• Client secret:

  • Generate a new secret or set your own for the Admin UI 2.0 client

Open

Step 20 - CoreOne Self-Service configuration

Set configurations for the CoreOne Self-Service.

• Authentication server url:

  • URL of the authentication server

• Frontend web server url:

  • URL of the frontend web, used to navigate from the Portal to the Admin UI

• API endpoint url:

  • URL of the api endpoint

• Backend api v2 url:

  • URL of the backend api v2

• Disabled pages: (separated by new line):

  • Manually disable certain pages

• Disabled actions: (separated by new line):

  • Manually disable certain actions

• Force reauthentication after (seconds):

  • Set reauthentication timer in seconds

• Logout after (minutes):

  • Set timer for logout in minutes

• Title prefix:

  • Set a prefix title

• User notification interval (seconds):

  • Sets the interval in seconds for polling new notifications on the self-service portal

• Client secret:

  • Generate a new secret with the button or set your own for the self-service client

• Callback enabled:

  • If checked, callback is enabled and shows the callback box in the portal to navigate the user back to the original site

• Callback allowed urls:

  • For each line, an URL can be defined that is allowed to be used in the callback

• Callback allowed urls regex:

  • For each line, an URL with a regex pattern can be defined that is allowed to be used in the callback

Continue with the button “Next”.

Open

Step 21 - CoreOne Workflow Runner user credentials

Set user credentials for the CoreOne Workflow Runner.

• System accounts:

  • Account for the operating system-defined purpose

• User name:

  • User name for the system account, not needed if system account is set

• Password:

  • Password for the system account, not needed if system account is set

• No password check box

  • If set, no password is required, for example for managed service accounts

If a dedicated user is provided, make sure its able to “logon as a service”.

Verify the user with the “Check User” button.

Continue with the button “Next”.

Open

Step 22 - CoreOne Workflow Runner settings

Enter settings for the CoreOne Workflow Runner.

• Use Redis Distributed Locking:

  • If enabled, Redis Distributed Locking provides a way to implement distributed locks in the system, allowing for synchronized access to shared resources

• Use Redis Distributed Cache Signal:

  • If enabled, Redis Distributed Cache Signal invalidate cached data in the system by signaling all instances to clear their cache

• Redis connection string:

  • URI-like string used to specify the connection details required for a client to connect to the Redis database. Don’t forget the password!

• Use RabbitMq:

  • If enabled, RabbitMQ enables communication between systems by sending and receiving messages between applications and services

• RabbitMq connection string:

  • URI-like string used to specify the connection details required for a client to connect to the RabbitMq broker

• RabbitMq Queue Prefix:

  • Prefix for better management in queues

• API Certificate:

  • SSL Certificate for the API

• Faulted Workflow Notification WorkflowDefinitionId:

  • Identifier to specify the ID of the workflow definition that should be notified in case of a fault or failure in the workflow execution.

• SmtpOptions {json config}:

  • Configurations for the Smtp formatted as a json object

• Authority:

  • URL for authority site, usually URL of the Auth server

• API Base Url (apiv2):

  • URL for the API Base (apiv2)

• Identity Prefix:

  • Prefix for identity

• Time to live in days for instances:

  • How long workflow instances remain in the database after they’ve been executed

• Load DMS activites:

  • If checked, loads the DMS (Document management system) activites in the workflow runner and the dashboard

Continue with the button “Next”.

Open

Step 23 - CoreOne Workflow Runner settings (pt2)

Additional settings for the workflow runner

• Encrypt workflow instances:

  • If checked, encrypts the workflow instances in the database to protect sensitive data

• Encryption Key (32):

  • Generate a key with the button or enter your own key (32 characters)

• Client secret:

  • Generate a secret with the button or enter your own client secret for the workflow runner client

• Hangfire database user password:

  • Generate a password with the button or enter your own, used for the movingHangfire database user

• Elsa database user password:

  • Generate a password with the button or enter your own, used for the movingElsaWorkflow database user

Open

Step 24 - CoreOne Workflow Dashboard settings

Enter settings for the CoreOne Workflow Dashboard site.

CoreOne Workflow Dashboard site:

• Website URL:

  • URL for the Workflow Dashboard site

• SSL Port:

  • SSL Port for the Workflow Dashboard site (will be 443 by default)

• SSL certificate:

  • SSL certificate for the Workflow Dashboard site

App pool user:

• System accounts:

  • Account for the operating system-defined purpose

    • NetworkService (Recommended)

    • Local Service

    • LocalSystem

    • Created user

• User name:

  • User name for the system account, not needed if system account is set

• Password:

  • Password for the system account, not needed if system account is set

• No password check box

  • If set, no password is required, for example for managed service accounts

Continue with the button “Next”.

Open

Step 25 - CoreOne Workflow Dashboard settings (pt2)

Set the configurations for the Workflow Dashboard.

• Elsa Server Base Url:

  • URL where the Worklow Runner is hosted

• Authorization Server:

  • URL of the Auth server

• WF-Servoce Secret:

  • Secret for access
    If the Workflow Runner is installed at the same time, this field will be automatically filled with the generated secret and is not editable.

Continue with the button “Next”.

Open

Step 26 - Installation path

Choose a folder where CoreOne Suite will be installed.

Click on “Change folder” and select desired installation path.

Continue with the button “Next”

Open

Step 27 - Check Prerequisites

Let the installer check all the needed prerequisits.

If all checks are successful, all the tiles will be green and you can continue with the button “Next”.

Open

Step 28 - Ready for installation

Continue with the button “Next”.

Let the installer install the software.

Open

Step 29 -Installation

The CoreOne Suite is being installed

Open

Step 30 - Setup complete

If all the prerequisits, settings and connections were successful, all the tiles will be green and the message “Setup succeeded!” will be shown.

Should any part during the installation fail, the affected tiles will be red to indicate what failed. Check the installer log files to find out what failed.

Open