Installation
Before starting the Xtraction installation process, make sure you've reviewed the system requirements. For details, see System requirements.
Product setup includes four major parts:
1.Completing the pre-installation checklist, which includes downloading and installing your Xtraction license files and setting up the Xtraction database.
2.Installing the Xtraction application and configuring required and optional settings.
3.Configuring the data model (i.e., product connector) settings.
4.Completing post-installation steps.
1. Pre-installation checklist
•IMPORTANT: Xtraction application servers require a license before they can be used. There are two ways to obtain a license, either by downloading one from the Ivanti Licensing Portal or by using the license credentials available in the Licensing Portal to automatically license Xtraction. Selecting the automatic method enables you to choose which licensable features are to be consumed by the Xtraction server. It also means that you won't have to download and apply a new license should the manually generated one expire.
If you choose to use automatic licensing, you can select the required licensing features from the Xtraction Settings utility, which runs near the end of the installation process. Under the Licensing tab, you'll find this page listing the available licenses:
Selecting the Automatic or Manual option does not prevent you from choosing the other method if you modify your installation or update your license files at a later date. In either case, your license files are available from the Ivanti Licensing Portal.
For troubleshooting tips related to licensing, see this Xtraction community article: Troubleshooting automatic and manual licensing. (You may first need to register with the community to view it.)
• Download the data models (i.e., product connectors) that you're entitled to:
•Third-party product connectors are available on demand after their purchase has been verified by Ivanti. For details, see this Xtraction community article: How to download Xtraction licenses and connectors from Ivanti.
If you want Xtraction to report on data from a cloud-based or encrypted service (such as Ivanti Neurons for ITSM, Salesforce, and so on) extra steps are required to set up that connection. For details, see Connecting to a cloud-based or encrypted service.
•Ivanti product connectors are available at Connector Downloads, where you must first register to log in.
You’ll configure the data model settings after installing Xtraction, as explained below.
•Install Internet Information Server (IIS) on your Xtraction server and ensure it’s working correctly.
•(Optional) If your target application database is on Oracle, install Oracle Client on your Xtraction server and configure it to access that database.
•Set up the Xtraction database using the procedure below. You'll create an empty Xtraction database with two user accounts:
•The first account needs read-only access to the target application database(s) on which Xtraction will report (this usually is not the Xtraction database itself).
•The second account needs read, write, and owner access to the Xtraction database in order to create tables. After installing Xtraction, you’ll run the Xtraction Settings utility for the first time. The Settings utility will use this account to create the required tables in the database.
If the accounts in steps 2 and 4 both use Windows authentication, they MUST be the same account.
1.Record all necessary environmental details as you complete these steps. To keep track, you may want to print the Installation details checklist.
2.Identify or create a user account with read-only permissions to the target application database(s). The username(s) can be any valid name, but Ivanti recommends using Xtraction_RO for consistency. If this account uses Windows authentication, be sure to include the domain name (e.g., MYDOMAIN\myuser).
•For MS SQL, it should be sufficient to grant db_datareader access.
3.Manually create the Xtraction database on an MS SQL server to store the Xtraction data. The database name can be any valid name, but Ivanti recommends using Xtraction for consistency.
4.Identify or create a user account to enable Xtraction to connect to the Xtraction database with read, write, and owner permissions. The username can be any valid name, but Ivanti recommends using Xtraction for consistency. If the account uses Windows authentication, be sure to also include the domain name (e.g., MYDOMAIN\myuser).
•For MS SQL, it should be sufficient to grant db_owner, db_datareader, and db_datawriter permissions once the tables are created.
2. Install the Xtraction application
You can install the Xtraction application on the same server as the Xtraction database, or a different one. The installation process needs to run using an account with administrator privileges that has administrative rights on the Xtraction server. Administrative access is required only for installation.
You must run the installer from a local drive, not a network share. Installations run from a network share will fail.
1.Run Setup.exe to start the install wizard. After reading the welcome message, click Continue.
2.After reading the license agreement, select I accept the terms in the License Agreement and click Continue.
3.The installation performs a prerequisite check and lists any missing prerequisites. If you want to see what those prerequisites are, click the Show all prerequisites check box. Follow the instructions in the install wizard to provide the missing components. If all prerequisites are met, the installation indicates that the prerequisites check has passed. Click Continue.
4.Designate the folder where Xtraction is to be installed. The default folder is C:\Program Files (x86)\Xtraction Software\Xtraction. Click Continue.
5.When you're ready to install the files, click Install. The installer will step through several tasks, such as registering components, copying files, and configuring Internet Information Server (IIS).
6.When the Configuring Xtraction installation task begins, the wizard will open the Xtraction Settings utility. You can complete the required configuration settings now or cancel and do so later—the installation will finish either way when you click Finish.
IMPORTANT: Note that even though the installation is complete, Xtraction will not work until the required settings are configured, as explained below.
The Xtraction Settings utility runs near the end of the installation process. You can configure the required product settings as part of installation or cancel and configure them later. Other optional settings are also available and may be useful to your installation.
You can find the Xtraction Settings utility with the other installed Xtraction files (by default at C:\Program Files (x86)\Xtraction Software\Xtraction\Tools).
Xtraction license files
To view your available licenses and verify that each one is valid, click the Licensing tab, then click the License status button. For more information about Xtraction licenses, see the "Pre-installation checklist" section above.
Database connection and setup
Note that Xtraction will fail without this next step.
To configure the connection settings to the Xtraction database that was created before installation, click the General tab, then click the Create/Update Database button. The Verify or Enter Connection Details dialog opens:
•Server: The name of the database server where the Xtraction database resides. If a non-standard port is used, place a comma (“,”) after the server name, followed by the port number.
•Database: The name of the Xtraction database created as part of the pre-installation steps.
•User ID: The User ID that Xtraction should use when connecting to this database. Leave this field empty if you’re using Integrated Security.
•Password: The password for the User ID specified above. The following special characters are NOT supported: single quote (‘), double quotes (“), semicolon (;), < >, &, and %. Leave this field empty if you’re using Integrated Security.
•Integrated Security: Select if the IIS application pool running Xtraction will connect to the Xtraction database using Windows Authentication.
If you’re using Integrated Security, the Test and Update Database buttons described below will use the Windows account that you’re currently using to run the Xtraction Settings utility, not the Windows account that is or will be configured in IIS. If you need to use the Windows account that is or will be configured in IIS, you must either re-run the Settings utility with the Run as a Different User option, or log back into the server with that Windows user account.
•Encrypt Connection: Not a mandatory field, but select to encrypt all traffic to and from the Xtraction database.
•Trust Server Certificate: Not a mandatory field, but select to encrypt the channel while bypassing the certificate chain to validate trust. Selecting indicates that you accept any certificate as valid.
After you’ve entered the details for your database, click Test to attempt a database connection and ensure that the provided details are correct.
When you click Update Database after completing and testing the connection settings, the Settings utility will automatically run the script to configure your Xtraction database. By default, this script is found at: <Xtraction installation path>\Tools\DatabaseScripts\Build.sql.
Note that the Update Database button modifies the schema, requiring the account to have the db_owner role on the Xtraction database. If needed, you can remove the db_owner role after the database has been configured. In this case, the account will require db_datareader and db_datawriter roles on the database.
Trusted sites
Use the Trusted Sites tab to include all site addresses of your Xtraction server that users may use to connect to Xtraction. This includes the hostname, FQDN, DNS Alias, and IP address. Enter all items in lowercase, as the list is case sensitive.
By default, the localhost is automatically added as a trusted site, which enables you to open Xtraction locally on the Xtraction server.
After an upgrade to version 2022.3, you will not be able to log in remotely to Xtraction until your trusted site addresses are added to this tab.
When using trusted sites, Strong Cryptography (TLS 1.2) needs to be enabled on the Xtraction server; otherwise, end users may get an error message that authentication has failed when connecting to Xtraction over https.
To enable TLS 1.2 on the Xtraction server, run the following PowerShell commands. A reboot will be necessary after:
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Authentication
You MUST specify an authentication provider for Xtraction to function correctly. A single instance of Xtraction supports one or more of these methods of authentication:
•Windows: The Xtraction user accounts are tied to the corresponding Windows user accounts. User passwords are not maintained within Xtraction. Xtraction verifies the user’s identity via IIS. For details about configuring enhanced Active Directory integration with Windows authentication, see Integrating with Active Directory
•Xtraction Local: The Xtraction user accounts are created and maintained within Xtraction. All account information, including passwords, are maintained in Xtraction. Note that any administrator account using local authentication will always have access to an analyst license to perform administrative functions even if all available Xtraction licenses are in use by others.
•Custom: The Xtraction user accounts are tied to the corresponding user accounts in an external system. User passwords are not maintained within Xtraction. One example of a custom option is using the Ivanti Identity Broker web application to broker authentication via Okta or Microsoft Entra ID. For details, see Integrating with Ivanti Identity Broker.
Note that brokered authentication via Identity Broker is being deprecated, because native authentication using Okta and Entra ID is available as of Xtraction 2023.2.
•Okta: The Xtraction user accounts are tied to the corresponding Okta user accounts. User passwords are not maintained within Xtraction. For details about configuring authentication via Okta, see Authenticating with Microsoft Entra ID or Okta.
•Micosoft Entra ID: The Xtraction user accounts are tied to the corresponding Entra ID user accounts. User passwords are not maintained within Xtraction. For details about configuring authentication via Entra ID, see Authenticating with Microsoft Entra ID or Okta.
To add an authentication method, click Click here to add a new row. The Edit dialog opens with the following settings:
•Active: Select to make this authentication provider active within Xtraction. If you clear this check box to deactivate this authentication method at a later date, the settings will continue to be saved.
•ID: A unique ID for this authentication provider instance. Enter the ID any way you like.
•Type: The type of authentication provider this instance refers to. If you select Okta or Entra ID, additional settings will display. For details, see Authenticating with Microsoft Entra ID or Okta.
•Provider: The provider name that will display on the Xtraction login page.
•URL: The URL that unauthenticated users should be redirected to for authentication.
•Auto Create Users: Select if Xtraction should automatically create a user who has been authenticated by the provider but doesn’t exist within Xtraction. These users are automatically assigned the default user role(s) that you can set up under the Features tab of this utility. It's recommended that you enable this option.
At any time after setup, you can edit permissions for individual users via the Administration link > User Administration tab at the bottom of the Xtraction web client.
•Token Key: The key to use for encrypted, secure communication between Xtraction and the different authentication providers; it must match the key stored at the authentication provider.
WARNING: Xtraction is installed with a default key. This key MUST be changed during the installation in order to protect yourself from a potential security vulnerability.
•Think of this key as a password and change it to something unique for your organization. Set it to a character string of 10–20 characters. The only requirement is that the same password needs to be set at each authentication provider.
•If you're using Windows authentication, you also need to change this value in the web.config file of the WinAuth web application, under secretKey. For details, see Integrating with Active Directory.
•During a fresh installation (not an upgrade), the Token Key is randomly generated. Therefore, if you're intending to use an existing Xtraction database or reuse your WinAuth\web.config file—for example, for testing purposes or if migrating Xtraction to a new server—you may get an error when logging in. For instructions on how to fix this, see this Xtraction community article: Xtraction Authentication Failed. Invalid signature.
•Token Timeout (mins): The number of minutes a token from an authentication provider is valid for. Any token received by Xtraction that is older than this value will be rejected.
This section describes the settings that are not required for Xtraction to work but are highly recommended. You can find the Xtraction Settings utility with the other installed Xtraction files (by default at C:\Program Files (x86)\Xtraction Software\Xtraction\Tools).
General
•Default Time Zone: Xtraction adjusts date/time values to the appropriate time zone. This default time zone used here will be the default time zone applied to all users, unless their accounts have been individually updated to reflect a different time zone. Xtraction automatically adjusts for daylight savings if the selected time zone observes daylight savings.
Features
•Session Timeout (mins): A user’s session will time out if the user hasn’t contacted the Xtraction server in this time period. The user will need to log back into Xtraction to continue. Note that a session timeout is required, so you cannot set the number to zero.
•Default Roles: When the Auto Create Users option is selected for an authentication provider, any newly created users will get the roles selected here by default.
•Default Features: When the Auto Create Users option is selected for an authentication provider, any newly created users will get the designer features selected here by default.
•Import Out of the Box Content: Used to import out-of-the-box (OOTB) content packs into Xtraction. Select Overwrite or Append, navigate to the OOTB zip file, and click Import to save the content to Shared Folders within Xtraction.
If you want the Xtraction Task Scheduler and Alert services to send email, use the Email tab to set up the email settings. You have two options for sending email: SMTP (displayed by default) or Microsoft 365 (if you want to integrate Xtraction with Azure Active Directory).
SMTP settings:
•Server: The name of the email server.
•Port: The port to use when sending email to the email server.
•Username: The username to use to connect to the email server.
•Password: The password to use to connect to the email server.
•Sender: The sender to use when sending email from Xtraction. This must be a valid email address.
•Subject Prefix: Text entered here will display on the email subject line before the document name.
•Use SSL: Select if the connection to the email server needs to be made via SSL.
•Test Email: If you want to test the settings provided, enter an email address and then click Test Email.
Microsoft 365 settings:
These settings use your Entra ID account to send email via Microsoft 365.
Note that you'll need to add the Microsoft Graph Mail.Send application permission to the App Registration in your Entra ID account for email to work. For details, see this Xtraction community article: How to set up Microsoft 365 App Registration for sending Xtraction emails.
•Client ID: The client ID associated with your instance of Microsoft 365. A mandatory field.
•Client Secret Value: The client secret associated with the client ID. A mandatory field.
•Tenant ID: The tenant ID (also known as the tenant URL) you created in Azure Active Directory. A mandatory field.
•Sender: The sender to use when sending email from Xtraction. This must be a valid email address. A mandatory field.
•Subject Prefix: Text entered here will display on the email subject line before the document name.
•Test Email: If you want to test the settings provided, enter an email address and then click Test Email.
The Microsoft 365 fields are saved in the Xtraction database in the Settings table as: SenderEmail, SubjectPrefixEmail, TenantIdBinary, ClientIdBinary, SecretBinary, and TenantIdBinary. ClientIdBinary and SecretBinary are encrypted.
Alerts
Use the Alerts tab is to configure the Xtraction Alerts service. This service shares email configurations with the Xtraction Task Scheduler service, so the settings on the Email tab will be used with both services.
•Xtraction URL: When notification emails are sent, there’s an option to link to Xtraction content. Use the base URL of your Xtraction installation when building the URL to send in the notification email (for example, http://server1/xtraction/, where “server1” is the name of your Xtraction server). Note that the slash ( / ) at the end of the URL is required.
•Notification Subject Prefix: All notification emails are sent with this prefix in the email subject line.
•Maximum Alerts Allowed: The maximum number of alerts allowed to be defined in Xtraction. Once this number has been reached, no more alerts can be defined.
•Errors Before Alert Failure: The number of errors an alert can encounter before it’s flagged as failed.
•Worker Count: Once an alert is triggered to be checked, it’s placed in a queue for checking. This value defines the number of worker processes that pull alerts from the queue to perform alert checking and actioning if necessary.
•Shutdown Queue Size: The maximum number of entries allowed in the queue before the Alerts service shuts down and restarts. See Worker Count.
Xtraction dates
If you want to change the format for dates that are displayed in Xtraction, you can set them on the Xtraction Dates tab.
•Short Date Format: The short date format contained within the Xtraction configuration file Settings.dat is displayed here. If you change this value and click OK, the change is saved back to the Settings.dat file.
•Long Date Format: The long date format contained within the Xtraction configuration file Settings.dat is displayed here. If you change this value and click OK, the change is saved back to the Settings.dat file. The long date format affects the way the date is shown in most presentations.
•Test: Used to view today’s date and time in the format entered in the text boxes for short date or long date format.
•Format Help: This is a list of known formats for your locale.
Excel dates
Documents that are exported to Excel will format date columns in accordance with the Excel date format shown below. The Excel date format is separate from the Xtraction date formats, because Xtraction uses Windows operating system locale date/time formats, and not all of these formats are valid in Excel.
•Excel Date Format: The date format used for columns containing dates. The Settings utility doesn't validate the format you save, so it’s recommended that you test the format in Excel before exporting content to that application.
ADO.NET
If you're using Xtraction to report from a non-MS SQL database such as PostgresSQL, Informix, DB2, Teradata, or Sybase, add a connection to it from the ADO.NET tab after you install the desired .NET Data Providers.
Telemetry
On the Telemetry tab, the Send Telemetry Data option is selected by default. During upgrades, this feature enables Xtraction to upload certain usage information to Ivanti so that we can improve the product.
Currently, this data is limited to the following information:
• Computer name
• Xtraction current version and version upgraded from
•Information about templates
•Information about dashboards
3. Configure the data model settings
This section provides the minimum required steps for configuring a data model. For detailed information, see Data Model Editor tool. To configure a data model for a cloud-based or encrypted service, see Connecting to a cloud-based or encrypted service.
Before running Xtraction, you need to configure the settings for the data model (i.e., product connector) downloaded earlier.
First, you need to rename the Datamodel.dat file that was installed with the default instance of Xtraction (located in the …\Xtraction Software\Xtraction\Data\Configuration folder). Rename the Datamodel.dat to Datamodel.old. Next, copy the downloaded data model to the Configuration folder and save it as Datamodel.dat.
Next, open the provided Data Model Editor tool to change several settings and get the data model up and running. In a default installation, a shortcut to the editor tool is placed on the desktop. Otherwise, locate it in the …\Xtraction Software\Xtraction\Tools folder where Xtraction was installed.
Load the data model
By default, there is no saved data model associated with Xtraction when it's installed. The very first time you use the editor tool, you'll need to load the data model by clicking the File > Open menu, browsing to the Configuration folder, and selecting the Datamodel.dat.
Add connection strings
For each data source in the Datamodel.dat, you need to provide a read-only connection string so that Xtraction can connect to that data source. Open the Connection String Editor by clicking the Tools > Connection String Editor menu.
The Connection String Editor dialog displays all of the data sources within your data model. To edit a connection string, click the appropriate connection item and then click the ellipsis (...) button.
If your Datamodel.dat contains data sources that connect to the same physical database, after setting up the first connection string, you can copy the information by selecting the appropriate items, right-clicking the connection to copy, and selecting Copy.
When finished, click the File > Save menu to save the file. The connection strings are encrypted and associated with the server where the file was opened and saved to a file called Datamodeldb.dat.
If you copy the Datamodel.dat file to a different server, you'll need to re-enter the connection string details there, where they'll be encrypted and saved in a Datamodeldb.dat file on that server. Each Datamodeldb.dat file is specific to the server it's created on and will not work if copied elsewhere.
Update target application URLs
When displaying lists of records in Xtraction, an end user can double-click a record to launch the associated application’s website to display that record in the native application. For this to work, Xtraction has to know the URL for the website. To update the URLs within the data model, click the Tools > URL Editor menu.
By default, a placeholder is included with the URLs, and you’ll need to update this based on your environment. You can edit URLs in the grid or click the Find & Replace button to edit multiple URLs at once.
Use the Find & Replace dialog to replace these placeholders with the correct address. Below are some examples of search-and-replace strings based on different scenarios.
Standard URL:
•Sample URL: http://appserver/Remote/...
•Search for: [WEBSERVER]
•Replace with: appserver
HTTPS:
•Sample URL: https://appserver/Remote/...
•Search for: https://[WEBSERVER]
•Replace with: https://appserver
Alternate port:
•Sample URL: http://appserver:8080/Remote/…
•Search for: [WEBSERVER]
•Replace with: appserver:8080
Update the schema or table owner
Depending on your database setup, it may be necessary to modify the schema/owner where the tables are located. To update the schema/owner, click the Tools > Schema/Owner Editor menu. The Schema/Owner Editor dialog displays the entire data model and enables you to check the appropriate tables to update.
Simply enter the name of the schema/owner and click the Update button. Repeat this process for each set of tables.
4. Post-installation steps
Once the installation process is complete, it's necessary to finish up with some post-installation steps.
IIS settings
If you’ve chosen to use an Active Directory account against your Xtraction database, this is where you’ll need to configure the Identity setting. For details about using AD, see Integrating with Active Directory.
For Windows 2008 or higher servers, confirm the following IIS settings before running Xtraction for the first time:
•Basic Settings: Verify that Xtraction is running within its own application pool, which should’ve been created during installation.
•Advanced Settings: If any of your application databases use Integrated Security to connect to the Xtraction database, update the Identity setting:
•In IIS, locate the Xtraction application pool.
•Open Advanced Settings.
•Change the Identity setting to the user account used to access the database. The Xtraction application will now execute as the user account specified. This account needs the correct permissions to the file system in order to read the Xtraction web files (located by default at C:\Program Files\Xtraction Software\Xtraction\Web\Server\).
Xtraction Task Manager
The Xtraction Task Manager is a Windows service used to run the scheduled exports of dashboards, documents, and custom reports. Task Manager is installed by default into Windows services but may need to be configured for your environment.
1.Make sure the file is not blocked:
•Navigate to the Tools folder (by default, C:\Program Files (x86)\Xtraction Software\Xtraction\Tools).
•Locate the Xtraction.SchedulerService.exe file.
•Right-click Properties.
•Check to see if there’s an Unblock button on the General tab (Windows Server 2008 R2).
•Click Unblock, then Apply, then OK.
•Right-click Properties again to make sure it has disappeared.
2.Open the Services Manager.
3.Scroll to the bottom where you should see Xtraction Task Manager.
4.Set up the appropriate settings (Startup type and Logon). Important: If using Integrated Security, the service should run as the Active Directory account.
5.Start the Xtraction Task Manager service.
Xtraction Alerts
Xtraction Alerts is a Windows service used to run the alert checks defined within Xtraction. The Alerts service is installed by default into Windows services but may need to be configured for your environment.
1.Make sure the file is not blocked:
•Navigate to the Tools folder (by default, C:\Program Files (x86)\Xtraction Software\Xtraction\Tools).
•Locate the Xtraction.AlertService.exe file.
•Right-click Properties.
•Check to see if there’s an Unblock button on the General tab (Windows Server 2008 R2).
•Click Unblock, then Apply, then OK.
•Right-click Properties again to make sure it has disappeared.
2.Open the Services Manager.
3.Scroll to the bottom where you should see Xtraction Alerts.
4.Set up the appropriate settings (Startup type and Logon). Important: If using Integrated Security, the service should run as the Active Directory account.
5.Start the Xtraction Alerts service.
New installations require a certificate replacement
For all new installations of Xtraction (not direct upgrades), the software automatically configures itself to use SSL/HTTPS by default. This means that you must carry out a final procedure as part of the post-installation process—we recommend replacing the self-signed certificate with one from a Trusted Certificate Authority so that users don’t see an error message from their browser when they attempt to log in.
Should your organization require it, Xtraction can still be used with HTTP instead.
1.In IIS, click the Default Web Site node on the Connections tree.
2.Select the Actions menu > Edit Site List > Bindings option.
3.Select HTTPS from the list of site bindings, then click the Edit button.
4.Next to the name of the SSL certificate, click the Select button to choose an alternate certificate.
5.Click OK.
Now that the post-installation process is complete, you're ready to use the product. For details, see Running Xtraction.