Installing the Application Server

The Application Server processes Ivanti Device and Application Control client activities and is the only application component that connects to the database. One or more Application Servers communicate device and application control information between the Ivanti Device and Application Control database and Ivanti Device and Application Control client(s).

Prerequisites:

Before you can successfully install the Application Server, you must:

  • Verify that a valid Ivanti Device and Application Control license file is listed in c:\windows\system32, and that its file name is endpoint.lic.
  • Important: For installation or upgrade to the latest version of Ivanti Device and Application Control:

    • You must have a valid license file that is issued specifically for version 4.5 or later. Confirm that you have the required license file available before you begin installation.
    • License files issued before Ivanti Device and Application Control version 4.5 will not work with the Application Server and may cause your Application Servers to stop working.
    • The license for Ivanti Device and Application Control 4.5 or later must be installed before you install or upgrade the Ivanti Device and Application Control database, and then the Application Server.
    • Request a new license file using the Downloads tab on the Self-Service Portal.
  • Verify that you satisfy the minimum hardware and software system requirements.
  • When using TLS protocol confirm TCP ports 33115 and 65229 are open. When not using TLS protocol open TCP port 65129. Depending upon how firewalls are setup in your environment, these ports may be closed.
  • Configure the TCP/IP protocol to use a fixed IP address for the computer that runs the Application Server.
  • Configure the Application Server host computer to perform fully qualified domain name (FQDN) resolution for the Ivanti Device and Application Control clients that the server manages.
  • Ensure that the Application Server host computer account is configured to read domain information using the Microsoft® Windows® Security Account Manager. See Security Account Manager (SAM) on the Microsoft documentation site for additional information about the Microsoft Windows Security Account Manager.
  • Synchronize the Application Server's system clock with the Ivanti Device and Application Control database server's system clock using the Microsoft Windows time service. See Time Service on the Microsoft documentation site for details about using the Microsoft Windows time service.
  1. Log in with administrative user access to the computer where you are installing the Application Server.
  2. Important: For Active Directory environments, log in using the dedicated Application Server domain user rights service account. The Application Server installation process configures the Application Server service account for access to the database.

  3. Close all programs running on the computer.
  4. From the location where you saved the Ivanti Device and Application Control application software, run \server\sxs\Server.exe.
  5. Click OK.
    The Installation Wizard Welcome page opens.
    Installation Wizard Welcome page
  6. Click Next.
    The License Agreement page opens.
    License Agreement page
  7. Review the license agreement and, if you agree, select I accept the terms in the license agreement.
  8. Click Next.
    The Setup dialog opens when the setup process detects an operating system that is subject to security changes concerning Remote Procedure Calls (RPC).
    Setup dialog
  9. Click Yes.
    A confirmation dialog opens after the registry value is reset.
    Confirmation dialog
  10. Click OK.
    The Destination Folder page opens.
    Destination Folder page
  11. You may choose an installation destination folder other than the Ivanti Device and Application Control default folder C:\Program Files\Ivanti\Device and Application Control\.
    1. Click Change.
      The Change Current Destination Folder page opens.
      Change Current Destination Folder page
    2. Select a folder from the Look in: field.
    3. Click OK.
      The Change Current Destination Folder closes, and the Destination Folder page changes to reflect the new location.
  12. Click Next.
    The Service Account page opens.
    Service Account page
  13. Type the name of the user or domain in the User Account field for access to the Application Server.
    Enter domain account information using the Domain\User format, and local account information using the Computer\User format. Ivanti Device and Application Control supports use of standard NetBIOS computer names up to fifteen (15) characters long.
  14. Tip: This is the user name that you created when you configured the domain service account for the Application Server.

  15. In the Password field, type the user account access password.
  16. Click Next.
    The Database Server page opens.
    Database Server page
  17. Type the name of the database instance for the Application Server connection, using the servername\instancename format.
    The default database instance is automatically populated, when installed on the same computer. Alternately, the instancename is not required if the database is installed in the default instance of Microsoft SQL Server.
  18. Click Next.
    The Datafile directory page opens.
    Datafile directory page
  19. You may choose a folder other than the Ivanti Device and Application Control default folder, C:\DataFileDirectory\, where Application Server log, shadow, and scan files are stored.
  20. Tip: Use a permanent network share when you are installing more than one Application Server or a dedicated file server. To improve performance for a multi-server installation, assign a separate data file directory to each server to provide load balancing; although more than one server can access the same data file directory. Use a Universal\Uniform Name Convention path name; do not use a mapped drive name.

    1. Click Change.
      The Select datafile directory page opens.
      Select datafile directory page
    2. Type the name of the datafile directory in the Folder name field.
    3. Click OK.
  21. Click Next.
    The Server communication protocol page opens.
    Server communication protocol page
  22. Select an encryption option.
  23. Important: Do not select Apply encryption via TLS - setup will generate a TLS certificate as it is no longer supported.

    Restriction: The server communication protocol options shown depend upon the client version supported and whether a certification authority digital certificate is installed.

  24. Click Next.
    The Server communication protocol page opens.
    Server communication protocol page
  25. Specify the communication port(s).
  26. Restriction: The port field(s) shown depend upon the encryption communication protocol that you selected previously.

  27. Click Next.
    The Syslog Server page opens.
    Syslog Server page
  28. Type the name or the IP address of the SysLog server in the SysLog server address field.
  29. Important: This step is optional. You do not have to specify a Syslog server.

  30. Select from the following options:
  31. Option

    Description

    Audit Logs

    Logs changes to policy administered through the Management Console.

    System Logs

    Logs system events.

    Agent Logs

    Logs events uploaded directly from the Ivanti Device and Application Control client.

  32. Click Next.
    The Ready to Install Program page opens.
    Ready to Install Program page
  33. Click Install.
    A progress bar runs on the page, showing installation progress, then the Completed page opens.
  34. Click Finish.
    The Application Server files are installed and the server establishes a connection to the Ivanti Device and Application Control database.