Preparing your System for Thin Web Client

Preparing your system is necessary prior to installing the CygNet Thin Web Client. Complete the following steps.

1. Servers/Computers

The following computers are required to operate the CygNet Thin Web Client:

1. CygNet host — An existing CygNet host running CygNet v9.7 or later.
   • Update the host to the latest version and install any patches. See the CygNet v9.8 Upgrade Procedure for upgrade instructions.
2. Thin Web Client host — A dedicated host where the TWC servers are installed. The standard CygNet host requirements should be sufficient. See the CygNet v9.8 System Requirements for more information. A TWC installation consists of two servers, which are usually installed on the same computer:
   • TWC.Service.Server — the main web service is a web application and contains the Web/Rest functionality.
   • TWC.PublishingService.Server — the publishing service is for processing and publishing Canvas files into the web application.
3. Canvas client computer — We recommended a stand-alone computer where Canvas is running separately from other CygNet clients, but not a virtual computer. Canvas is required to configure screens and communicate with the Publishing service. The system requirements for CygNet Canvas can be found here. Exit Canvas before installing or upgrading CygNet Thin Web Client.

2. Install the TWC License

1. Acquire and install the valid license CygNet.lic file containing the appropriate CygNet Thin Web Client license keys.

2. See CygNet Thin Web Client Licensing Requirements for more information.

3. Run CygConn

Use the CygNet Domain Connection utility (CygConn.exe) to add a CygNet Domain ID for the TWC services to connect to.

1. Start CygConn using the CygNet Client Installer or from the C:\CygNet\Utilities directory.
2. Click Add.
3. In the Default Domain box, add the Domain ID to which the TWC services will connect. Optionally add a Domain description.
4. If the CygNet Host is not in the same network as the TWC services, specify the IP address of the Preferred ARS.
5. Click OK.
6. Click Test Domain to verify the connection.

4. Allow Access in the CygNet ACS

1. Create a TWC application and ACCESS event in the CygNet Access Control Service (ACS).
2. Configure authorization of at Level 1 (read) in the TWC / ACCESS event for your user. See User Access for more information.

5. Install an SSL (Secure Sockets Layer) Certificate

An SSL Certificate is required to ensure the transfer of secure, encrypted information.

1. Obtain an SSL Certificate — There are many SSL certificate providers, so we encourage you to use the one with which you are most comfortable. If you are running the TWC main web service and the publishing service on the same computer, you only need a single SSL Certificate.
2. Install the SSL Certificate — Follow the SSL certificate provider’s instructions to download the certificate and install it to the "Personal" store on the computer where the TWC services will be installed. The SSL certificate providers should provide instructions for installing the certificate on various web servers, such as IIS or Apache. Note that you should choose the option for PFX import/export or equivalent. It is recommended that you log into the server as the user the TWC services will be running as, to ensure proper installation of the SSL certificate.
   1. Right-click on the pfx certificate file and select InstallPFX.
   2. For the Store location, select "Local Machine".
      
   3. Enter the Password assigned to the certificate.
   4. For the Certificate Store, select "Place all certificates in the following store", click Browse and select "Personal" (it will be the first choice).
   5. Click on Next and Finish.
   6. Repeat for "Current User". Note: We are installing the pfx certificate in both Local Machine and Current User, however, this is more of a precaution, and not necessarily a requirement.

3. Add a Friendly name to the certificate — Once installed, a friendly name can be manually added to the certificate, which can be useful for wildcard certificates. These certificates contain a wildcard character (*) in the domain ID field and allows the certificate to secure multiple sub-domain names in the same base domain. A wildcard certificate for *.<domain>.com can be used for www.<domain>.com, mail.<domain>.com, twc.<domain>.com. If you have a wildcard certificate, you will need to add a Friendly name to the certificate. To add a Friendly name:
   1. Open the Certificate Manager by running either certlm.msc or certmgr.msc.
   2. Find your certificate in the Personal > Certificates group.
   3. Right-click on the certificate and select Properties.
   4. In the General tab, type "CygNet Thin Web Client" in the Friendly name property.
   5. Click OK.

Friendly Name for the Certificate Manager

6. Create a User to run TWC services

The TWC Installer (TWC.Installer.SetUp.exe) will require a Windows user that can access CygNet data and run Windows services. See Installing TWC > User Credentials.

1. Make sure the user has proper ACS permissions.

2. Make sure the user has proper "Logon as a Service" permissions.

   Note: The TWC Installer (TWC.Installer.SetUp.exe) will add the user specified during installation to the Windows "Logon as a Service" policy, ensuring the TWC services can run under the supplied user account.

7. Firewall Settings

The TWC services run on well-known ports The port numbers where the TWC services run are configurable. Edit the /Config/configuration.json file and change the port numbers assigned to the TWC.PublishingService.Server and/or the TWC.Service.Server as necessary. Restart the affected server(s). and those ports should be made accessible by the clients to ensure proper functionality. The following are the port assignments:

• TWC.PublishingService.Server — uses https on port 7301
• TWC.Service.Server — uses https on port 5001