As customers wonder what the recommended way of installing and setting up Royal Server is, here is a typical use case:
Tom is working as an systems engineer in a small team and manages the company’s IT infrastructure. Amongst other servers, there is a web farm hosting the company’s e-commerce web site on 30 servers. These web servers are running Windows Server 2012 R2 with IIS installed and have assigned IPs in the range from x.x.x.x to y.y.y.y. Tom and his colleagues want to determine if there are web servers where the IIS service is stopped.
This post walks you through a typical setup of Royal Server and Royal TS to fulfill this use case.
1. Royal Server Setup
First, we install Royal Server on a dedicated machine. We recommend installing Royal Server close to the environment that you want to manage. In our use case, Royal Server could be installed close to the web farm from a network point of view.
For production environments, we recommend that you turn on “Require Authentication” in the Security Configuration. Only users that are in the local windows user group “Royal Server Users” are able to talk to Royal Server with this setting. Since the authentication process might slow down your requests, you can cache the successful authentications for a specified number of minutes. 0 Minutes means no caching and every request is re-authenticated.
We also recommend using SSL in production environments. For this, you first need to select an installed certificate or create a self-signed certificate with the Configuration Tool. Your configuration should look similar to this:
After you’ve changed the configuration, click “Save” and restart Royal Server for the new settings to take effect.
2. Royal TS (for Windows) Setup – Royal Server
We create an empty Royal TS document (“Company Web Site Farm”) and delete all default folders (Connections, Credentials, Tasks). Then, we add a Royal Server object – it encapsulates all information that is needed to communicate with Royal Server. Typically, you have one Royal Server object for each Royal Server installation.
Remark: This tutorial assumes that you use Royal Server and not “Direct Connect (No Royal Server)”. Royal TS (for Windows) V3 offers another mode where the application is using a direct connection to the managed servers called “Direct Connect (No Royal Server)”. While it is possible to use this, we recommend using Royal Server – and here’s why.
Previously, we configured Royal Server to require SSL. Make sure, you tick the “Use SSL” checkbox in Royal TS. And since our Royal Server installation also requires authentication – we need to specify a Credential in Royal TS – this account has to be added to the “Royal Server Users” group on the server where Royal Server is installed. Otherwise, you’ll get an “Access denied” error.
If we configured the IP and port correctly, you can click the “Test” button to check and see if basic connectivity to Royal Server is working.
3. Royal TS (for Windows) setup – Windows Services view
For this tutorial, we want to prepare a view that shows all web servers, where the “World Wide Web Publishing Service” has stopped (typically not a good thing for a web server):
Start by adding a new “Windows Services” view.
Specify the 30 web servers in the Computer Name field. You can either just write the servers separated by a semicolon, or click the “…” button to the right and get an editor which is a bit more convenient – e.g. it offers the Windows Network Browser to browse a list from your network infrastructure.
Make sure your Windows Services View is referencing the previously created Royal Server (click on Royal Server on the left navigation):
Requirements on the managed servers
Each server that should be managed by Royal Server needs to have two settings configured:
- Enable-PSRemoting (execute this PowerShell commandlet in an elevated PowerShell)
- If the Windows Firewall is enabled, enable the following Firewall Rules: “Windows Management Instrumentation (WMI-In)” and “Windows Management Instrumentation (DCOM-In)”
Most of our Royal Server modules internally work with WMI, which is why Enable-PSRemoting is the easiest way to configure a Windows Server correctly.
For both of these steps, there is a PowerShell script that comes with the Royal Server installation. It can be found at C:\Program Files (x86)\Royal Server\scripts\prepare_server.ps1. This script checks the two requirements and can configure them if you like. It needs to be executed on all the servers that are to be managed by Royal Server.
Managing a Windows Server remotely requires a windows account with sufficient rights (a.k.a. local admin rights). Usually, there is already a management account that can be used. Configure this account in the Credentials panel:
We are only interested in the machines where the service has actually stopped. We can specify this in the “Filter” panel (click on Filter in the left navigation):
Wrap Up
It looks like a lot of steps – but the setup of Royal Server and the Royal Server in Royal TS need to be done only once. After that, you can create many more views that use the Royal Server and can be shared with your team.
For example, you could define a new Windows Events View that shows the Errors in the Windows Event Log for the last hour for all servers in the Farm. This way, you can easily see if a a single machine or all machines currently have issues.
Keep in mind: this is just the beginning. Royal TS/X offers so much more when it comes to flexibility and usability: easy team sharing, management of multiple servers with a single click, Templates and many other versatile features!
