Adding WAN Access to Existing RecTrac 3.1 Install
01/04/2022
Table of Contents
Adding WAN Access to Existing Install
Note: This document assumes an already-configured WebServer in your DMZ that is currently servicing webtrac.
3.1 WAN access for RecTrac essentially functions as a website similar to WebTrac. The following steps would be used to add RecTrac WAN access in a scenario where there is already a publicly available WebTracwebsite configured. In the scenario below, webtrac.somecity.com would be replaced with your WebTrac domain. This document also assume the WebServer isdedicated to WebTrac/RecTrac (running as its own site in IIS and that when originally configured, the home directory was selected as\VSI3\RecTrac\WebServer\WEB)
For Example: Preconfigured WebTrac site:
https://webtrac.somecity.com/wbwsc/webtrac.wsc/splash.html
Required: Your HTTPS Connection through an SSL
Connecting through the HTTPS protocol improves security by utilizing a Secure Socket Layer (SSL) Certificate, also referred to as a Transport LayerSecurity (TLS), to encrypt information sent between your RecTrac server and webbrowser. To optimize security when using RecTrac, Vermont Systems now requires all customers to adhere to HTTPS protocol through an SSL Certificate, regardless of whether you are:
- Using a wide-area network (WAN) or local-access network (LAN);
- Operating as on premise or hosted (hosted customers currently are required to use HTTPS);
- Using VIC.
For instructions on switching your RecTrac 3.1 connection from HTTP to HTTPS, refer to our guide Switchingfrom HTTP to HTTPS Connection for RecTrac 3.1.
Note: While Vermont Systems can help determine your idealSSL option, we do not support or complete the installation, renewal, or setupof SSLs on your servers. We will support the specific RecTrac application changesonce the SSL & DNS changes are applied to IIS and bonded. To learn how to load the SSL certificate into youron-premise server, refer to the Certificate Issuer’s support documentation.
Onthe WebServer
1 Navigate to IIS on your WebTrac WebServer stationed in the DMZ.
2 Right-click on the website representing your WebTrac site (For Example: webtrac.yourcity.com) and choose Add VirtualDirectory. Set the Alias to GUI, and browse to the GUI folder viaX:\VSI3\RecTrac\WebServer\GUI where X:\ represents the drive the Vermont Systems product is installed on. Click OK.
3 Beneath the newly created GUI folder within your website in IIS, there will be wbwsc folder. Select this folder and then double click Handler Mappings.
4 Remove the CGI-EXE and ISAPI-DLL disabled features if applicable.
· If “CGI-EXE” is listed as disabled, then highlight/select and click Remove.
· If “ISAPI-DLL” is listed as disabled, then highlight/select and click Remove.
5 On the right-hand side of the screen(under the Actions heading), select Add Module Mapping.
· Req Path = *.exe
· Module = SelectCgiModule from the drop-down list.
· Name = CGI-exe
· Click RequestRestrictions. Select the Invoke Handler and File Options. Click OK.
6 On the right-hand side of the screen(under the Actions heading), select Add Script Map.
· Request Path =cgiip.exe
· Executable =<x>:\VSI3\Progress\DLC117\bin\cgiip.exe %s %s
· Name = CLIENT
· Click Request Restrictions. Select the Invoke Handler and File or Folder options. Click OK.
· After clicking OKto add this map; a message box pops asking “Would you like to enable this ISAPIextension?” – answer Yes.
7 On the right-hand side of the screen(under the Actions heading), select Add Script Map.
· Request Path =*.wsc
· Executable =<x>:\VSI3\Progress\DLC117\bin\cgiip.exe %s %s
· Name = CLIENTWSC
· Click Request Restrictions. Select the Invoke Handler and File options. Click OK.
· After clicking OK to add this map; a message box pops asking “Would you like to enable this ISAPI Extension” – answer Yes.
8 Through file explorer, browse toX:\VSI3\RecTrac\WebServer\GUI\wbwsc where X:\represents the installation drive on the Vermont Systems products.
9 Edit the client.wsc and client demo.wscfiles respectively to point to the RecTrac server. The standard port for the client and client demo are 4033 and 4034 respectively.
10 If you intend to use Peripherals inyour WAN configuration. Please continue with the steps from RT 3 1 VIC AIA WANConfig-w.pdf
In Your Firewall
1 The appropriate ports need to be open between the WebServer and the RecTrac server. In standard installations you will need 4033, 4034 are the broker TCP ports, and dynamic range is either using 2701-2751 if the server was installed prior to 3.1.06.00 and is using2700-2750 if the server was installed after on version 3.1.06.00 or higher. The dynamic range being used by the client live broker on the RecTrac server can beverified by calling Vermont Systems support.
WebServer ----------> RecTrac Server
4033
4034
2701-2751 (if installation media prior to3.1.06.00 is used)
2700-2750 (if installation media 3.1.06.00 or later is used)
Onthe RecTrac Server
1 If you have the Windows firewall enabled on this server, make the same exception you made on your physical firewall.
2 Under Start • Programs • VSI3: RunDB_Utilities as an Administrator.
3 Choose Update Interface Parameters and click Next>.
4 Create and Interface Parameter record "RecTrac_WAN" and choose Process.
5 At this time if your firewall rules are correct, you should now be able to access RecTrac through the WAN using the following URL, replacing webtrac.mycity.com with your WebTrac domain information.
https://webtrac.mycity.com/gui/wbwsc/client.wsc/index.html?interfaceparameter=RecTrac_WAN
AIAVIC Configuration RecTrac 3.1
Note: This doc should be used for a WAN installation. This is NOT the regular Aia VIC document. The regular Aia VIC doc is available via the RecTrac 3.1 Help • VIC profile • Full Page ("?")Help.
Configure Ubroker.properties file and update web.xml
You will need to make sure the following entries exist in your ubroker.properties file under E:\vsi3\Progress\DLC117\properties (relative to your server install).
Verify under [AIA] the following value exists
httpsEnabled=0
Copy and paste the following entry into the ubroker file, and update the log file path so it is valid in your install:
[AIA.Aiavic]
controllingNameServer=vsins1
logAppend=1
allowAiaCmds=0
logFile=E:\VSI3\logs\Aiavic.aia.log
loggingLevel=2
Navigate toE:\VSI3\Tomcat\webapps\aia\WEB-INF (relative to your server install) and Update the four (4) highlighted lines below in the Web.xml file.
Note: Ensure you include the values all of the way down to</web-app>, and update the paths for your server install.
<web-app>
<servlet>
<servlet-name>
Aiavic
</servlet-name>
<servlet-class>
com.progress.aia.Aia
</servlet-class>
<init-param>
<param-name>InstallDir</param-name>
<param-value>E:\VSI3\Progress\DLC117</param-value>
</init-param>
<init-param>
<param-name>instanceName</param-name>
<param-value>Aiavic</param-value>
</init-param>
<init-param>
<param-name>propertyFileName</param-name>
<param-value>E:\VSI3\Progress\DLC117/properties/ubroker.properties</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>
Aiavic
</servlet-name>
<url-pattern>
/Aiavic
</url-pattern>
</servlet-mapping>
</web-app>
AIAon the WebTrac Server for VIC
If installing AIA on the WebTrac Server forVIC, verify the following values are in the ubroker.properties file:
[NameServer.VSINS1]
autoStart=1
environment=VSINS1
portNumber=4032
srvrLogFile=C:\VSI3\Logs\vsins1.ns.log
hostName=SERVERNAME or IP (of the Server running the VICAppServer)
location=remote
If this entry does not exist, it will need to be added
Also: UDP port 4032 needs to be open bidirectionally for VIC to communicate.
IIS 7.0
Configuration of ARR
Notes:
1. If using Server 2016 or Server 2012,then go to Appendix A for ARR Installation instructions before proceeding here.
2. Ensure TLS 1.0 is ENABLED both on the server and firewall. This will normally be disabled for locations who follow the new November 2016PCI Compliance, which requires TLS 1.0 to be disabled. Verify that you can get to the Vermont Systems Application Center with the following URL:https://<yourdomainname>/aia/Aia
The VIC portion of the setup will result in a timeout if TLS 1.0 is disabled.
1 Install Application Request Routing 2.0 (ARR) by running the executable on the WebServer. Accept all defaults.
· This executable is available from the Vermont Systems sFTP Site: File Updates AndDrivers\RecTrac\3.1\ARR
· Use Vermont Systems Knowledge Base 1516 for current login credentials.
2 Open IIS and expand the WebServer. A successful installation will result in a ServerFarm folder being created underneath the server beneath the Sites folder:
3 Highlight Server Farm and under the actions tab in the right corner off IIS 7 click CreateServer Farm.
4 EnterTomcat as the farm name and ENSURE online NOT enabled as shown below:
5 Click Next.
6 Enter localhost (Not External IP).
7 Click Advanced Settings.
8 Click the + symbol next to application RequestRouting
9 Enter 8085 in http Port and 8443in the support fields respectively.
10 Click Add at the top right.
11 Click Finish.
12 Answer NO to the challenge message for creating the default rule. Failure to answer 'No' will create a default rule at the WebServer root level in IIS directing all traffic to Tomcat which will essentially break all IIS functions until the rule is removed manually.
13 Click on the newly created Tomcat server under the Server Farm.
14 Double click on Proxy.
15 Make sure that under custom headers Include TCP port from client is not enabled and that under buffer settings the Response buffer threshold is set to 0.
16 Once these settings are implemented click Apply in the top right corner under the Actions tab.
17 Click back on Tomcat under Server Farms on the left.
18 Next double click on Routing Rules. The screen should be set as follows:
19 From the screen above in the right side under the Actions tab click URL Rewrite under Advanced Routing.
20 From the URL Rewrite screen in the top right under the Actions tab, click Add Rule.
21 Choose Blank Rule under Inbound Rules.
22 Enter VSI AIA Traffic as the name, and configure the rule as follows:
Note: If using an https connection, choose http:// under Action properties->Scheme when creating the rule.
23 ENSURE that the toggle below the Action Properties box shown above Stop processing of subsequent rules IS enabled.
24 Click Apply in the top right under the Actions tab.
25 Click Back to rule under the Actions tab on the right.
26 After verifying the above rule is correct click on Tomcat under Server Farmson the left. To bring the request routing online click Bring Server Farm Online under the Actions tab to the right.
Now go into Services. msc:
If Apache Tomcat 8 is not running, start it, if it is, running, restart it.
For your VIC Profile, you will need to select the appropriate WAN version selected, which should include your domain name with/aia/Aiavic?AppService=(Name of VIC Appserver), as well as the other pertinent values which should be automatically populated.
StepsRequired Regardless of IIS version
Verifying Redirect Configuration IIS6/IIS7
1 Verifythat AIA is functioning by visiting the following URLs:
· WAN: https://<yourdomainname>/aia/Aiavic.
· LAN: http://<yourservername>:4180/aia/Aiavic.
A successful test will result in a message of: Internal commands restricted: access denied.
Note: No port number (8085) is needed in the URL when using ARR. Tomcat port 8085 SHOULD NOT be open to the outside world for RecTrac WAN purposes.
Appendix A - Loading ARR on Server 2016
1 Determine whether Web Platform Installer is loaded already as an application on the machine.
· Open the search field and type web platform and ensure Apps is selected.
· If Web Platform Installer is loaded, launch the application and then continue to Step 3 below. If Web Platform Installer is not loaded, go to Step 2.
2 If Web Platform Installer is not loaded, then visit the following URL through a browser on the web server to load the Web Platform Installer:
· When prompted, choose Run
· This will launch and install the Web Platform Interface.
· Accept the License Agreement, click Install, and follow the installation prompts on the Setup Wizard.
3 Once the Web Platform Installer App is loaded, launch it from the Start menu • Microsoft Web Platform Installer.
4 Enter "Application Request Routing" in the Search window and press <ENTER>. This will return a result set similar to what is shown below.
5 Highlight/Select the most recent version of Application Request Routing X.x and click Add.
6 This will illuminate the Install button on the bottom right. Click Install.
7 When prompted to agree to the License terms. Click I Accept.
8 The install will run. When the install completes, click Finish.
9 Click Exit.
Note: If you running Server 2012, then you also need to install Web Farm prior to exiting Web Platform Installer. Enter"Web Farm" in the Search window, select the most recent version, click Add, click Install, follow the prompts and click Finish when done. Then Exit.
10 You are now ready to proceed with the ARR configuration through IIS. Go to IIS 7.0 above.