Deployment Outline

Select KeyServer hardware and Operating System based on our guidelines:

• Hardware Guidelines
• OS Details

Choose a computer that does not have other disk-intensive processes on it.

DNS

(You can skip this during an eval if you want to just use IP address)
DNS names make it friendly for users to find the service, and more flexible in the event of moving a server. Instead of a primary ANAME, we recommend you set up a CNAME record in DNS. This allows KeyServer to be moved in the future independently from any other services, and helps route traffic easier.

Firewalls

As with any service, ensuring network traffic through any host, client, and network Firewalls is critical. Make sure the server can be reached on port 19283 (TCP and UDP) from client and admin workstations. Our installer tries to set this up in the local (Windows) firewall - but in case there are other firewalls in place (e.g. when putting up a VM in Azure, or Checkpoint network Firewalls) you have to also tell those devices to allow the traffic. For Web UI, also allow 80 and/or 443 for http/https, or whatever alternate ports you configure for the web service (see later steps).

Make sure the new server can do outbound https. Specifically, can it get to https://prs.sassafras.com/ to download new Product Definitions and Software Icons from our PRS. http generally isn’t needed but is nice to allow as a fallback. It will also need access to *.openstreetmap.org to fetch map tiles if you use geographic map pins.

If a proxy is generally used for outbound traffic from this computer, we recommend adding an exception so that it can contact prs.sassafras.com without going through the proxy. We have seen instances where a proxy changes packet headers in such a way that communication ultimately fails in subtle ways.

Review the Firewalls document for full details of all ports and considerations for various implementations and features.

See also Network Diagrams

Server install and Config

More detailed steps are in the Installation and Configuration document, and we also have a Full Walkthrough, but the summary is:

• You will need full admin rights on the host where you install the server component.
• Run ksp-server-x64.exe (or relevant Mac or Linux package) from our Downloads.
• Run through the web based configuration wizard. This should pop up automatically, or use localhost:19287 to connect to it.
  • Set the host name and web ports (can be changed later).
  • Set your primary Computer ID (most commonly Serial). See also Choosing a Computer ID.
  • Choose optional AD mapping for clients. This can also be done later.
• Put your full license in place if you have one and restart the service.
• For LabSight and demo installs, a further wizard will assist in basic setup when you open the Web UI.

Access the Web UI

Most daily operations can be done in the Web UI. Common configurations like AD integration for client mapping and admin authentication, audit and mail settings, client updates, usage tracking, and more are all available in the web. On a fresh install running in LabSight demo mode, the Web UI will pop up tasks that would be good to complete your deployment. These include:

• Deploying clients (see below)
• Create a Division and add Computers to it
• Create a Map and Floorplan for visibility
• Create Observe policies to track Software usage

Admin Install

Install the KeyConfigure admin application (Mac and Windows) to manage the KeyServer (ksp-admin-x64.exe). While most of the configuration and daily tasks can be done in the Web UI, a few things may still require the admin application. We recommend installing this on the host server for local troubleshooting and management (if not linux) as well as any administrative workstations for remote administration. If you have not used the Web based setup wizard, the default credentials for KeyServer are Administrator and Sassafras. You will be prompted to set a new password on first login with these credentials. You may also be prompted to set up other components if you skipped the wizard. Once clients are connected, audits have reported in, and the server has connected to PRS, you'll see the Automatic Policy Wizard. Note you can also manage Usage tracking easily in the Web UI. You may want to set up Admin Authentication to allow (for example) Active Directory or Azure users to authenticate to KeyServer and obtain privileged access.

Client install

Ensure you set your Computer ID Types using the setup wizard, and/or manually in the Web UI Settings or KeyConfigure before attaching any clients to the server. It is difficult to change the primary ID of a computer once it is assigned, so this is an important step. You can run the KeyAccess client installer manually on workstations, but it tends to be easier to use an Automated Deployment method. You can use GPO in AD for Windows clients, or systems like SCCM and JAMF for package management. You may also want to configure client authentication, for example to have computers automatically map to Divisions to match your Active Directory OU structure.

Manage Policies

With clients reporting audit data, when you open KeyConfigure our automatic policy wizard will launch and walk you through creating Observe Policies for the Products discovered in your environment. You do need to get some discovery data in the system before this pops up, and it will continue to trigger every time new Products are found. You can also manage these in the Software page of the Web UI, which will also alert you to new items needing attention.

From there you can choose to change some policies to Manage and set their license metrics. While the need to manage licenses has decreased over the years due to vendor provided management it can still be needed in some cases, or add features like queueing for a license or setting group time period priority. You can also create Deny policies to prevent certain programs from being used.

Further Configuration

At this point you're all set up and ready to dive into more advanced configuration and considerations. Use the links in this article to read more about the many configuration options and features in the Web UI to do things like:

• Enter Purchases - This will not only keep track of license costs, but you can run reports that analyze usage against the purchases to see if you're over spending on software.
• Make Interactive Maps - Allow your users and technicians to see interactive floorplans of your building and lab spaces that show use graphics and have easy tools for finding software.
• Make Dynamic Dashboards - With dozens of widgets to visualize your assets and usage that easily scope to individual computer groups, see everything you need at a glance.
• Add Devices - This includes printer inventory with dynamic query by IPP or direct PaperCut integration, as well as storage of records for all your offline equipment.
• Run Reports - Immediately start pulling inventory information, and once you have plenty of usage data you can analyze every aspect of hardware and software utilization.