Self-Serve web portal

• Physical or virtual server with the following specifications:
  • 1 processor, 2Ghz or better, 64-bit architecture
  • 4GB RAM
  • 50GB system disk
  • 25GB data disk (recommended but not required)
• Windows Server 2016, 2019, or 2022 (recommended) or later with Internet Information Services (IIS) enabled
• Stateful inspection firewall and Internet connectivity
• Public static IP address
• Fully-qualified domain name for the website (e.g., selfserve.company.com)
• Secure Sockets Layer (SSL) certificate, preferably through a trusted certificate authority
• Anti-virus software client
• Note: The ActivityHD Self-Serve application can reside on a shared web server, depending on the deployment option selected.

Option 1: DMZ

AccountingWare recommends you deploy the Self-Serve web server on the same network with the ActivityHD server but in a secure DMZ.

Option 2: Web-hosting provider

Alternatively, you can deploy the Self-Serve web server through a web-hosting provider.

1. Install the Windows Server operating system (if needed).
2. Assign and configure a static IP address.
3. Enable the IIS server role.
4. Download and install all available Microsoft critical updates. Configure the server to automatically download and install future updates.
5. Install an anti-virus client. Configure to automatically download and install future signature updates.
6. Open IIS and install Microsoft Web Platform Installer by clicking Get New Web Platform Components.
7. Open Web Platform Installer and verify that .NET 4.5 is installed on the webserver. If not, install it with Web Platform Installer.
8. Through Web Platform Installer, verify that Web Deploy 3.5 is installed on the webserver. If not, install it with Web Platform Installer.
9. Install ASP by navigating to Control Panel > Programs > Turn on or off features > Web Server (IIS) > Web Server > Application Development > ASP.NET 4.6.

1. Create the website.
   1. In the main tree view, right-click on the Sites folder and select Add Website.
   2. Add a Site name.
   3. Add a physical path.
   4. Add an https binding for the website (leave the host name blank for now).
      1. If a "binding is assigned to another site" message is displayed, click Yes to continue. This will be dealt with in a later step.
   5. Select the SSL certificate.
   6. Uncheck Start Website immediately.
   7. Click OK.
   8. Verify that the new website's .NET CLR Version is v4.0
      1. In the main tree view, click Application Pools.
      2. If the .NET CLR Version is not v4.0, use the .NET CLR version dropdown to select the correct version.
2. Install the Self-Serve package.
   1. Right-click on the new website and hover over Deploy.
   2. Click Import Application.
   3. Browse to the location of the ActivityHD selfserve.zip file that contains the asp.net Self-Serve site.
   4. Click Next until the "Enter application package information" page is displayed. Clear the value in the text box.
   5. Click Next and the package will be installed.
3. Configure ActivityHD company web services.
   1. Run ActivityHD Explorer.
   2. Connect to the ActivityHD System Server.
   3. Highlight the ActivityHD System > Companies folder.
   4. For each ActivityHD company that will be available through the website, do the following:

      1. In the HD view, right-click the company name and select Autoconfigure Web Services to create a self-signed certificate for the communication between the ActivityHD server and the Self-Serve website. By default, this action creates a certificate with an expiration of 80 years and configures a default port for the Self-Serve website to connect with.

         Note

         This certificate is only for communication from the Self-Serve website to ActivityHD (not vice versa). Just as a user connecting to a secure website must trust the secure website's certificate, the Self-Serve website must trust the ActivityHD server certificate.

      2. Open the company record, select the Web Services tab and note the port and certificate settings.
      3. Save the SSL certificate to a .cer file.
         1. Select everything in the SSL Certificate box. (For best results, use Ctrl + A)
         2. Copy the selected text to your clipboard.
         3. Open Notepad and paste the text you just copied.
         4. Save as a .cer file. This .cer file will be installed on the web server.
      4. Restart the ActivityHD company.

      Note

      If a self-signed certificate is not preferred, it can be replaced with a signed certificate–either signed by an internal CA or a public CA. The certificate and private key must be in a PEM format.

4. Install the Activity Company SSL certificate on the webserver.
   1. Copy the .cer file created in the previous step to the web server.
   2. On the web server, run MMC.
   3. Select File > Add > Remove Snap-in.
   4. Double-click Certificates.
   5. Choose Computer Account.
   6. Choose Local Computer.
   7. Double-click Certificates.
   8. Right-click Trusted Root Certification Authorities, select All Tasks > Import and go through the Wizard to install.
   9. Give the newly installed certificate (in the TRCA folder) a user-friendly name for easy identification.
5. Create the .config files.
   1. Create the App.config file by copying app.sample.config(found in the path specified for website physical directory) and then renaming it to App.config.
   2. In the App.config file, define the following values:
      1. For a single company:
         • ActivityServerURL
         • ActivityCompanyName
         • ActivityConfig:RowsPerPage
      2. For multiple companies:
         • <subdomain>:ActivityServerURL
         • <subdomain>:ActivityCompanyName
         • ActivityConfg:RowsPerPage

         Replace <subdomain> with the actual subdomain value, and repeat for each company.

      3. If you want to display your domain name on the login page, uncomment the add key line and enter the value.
      4. To display your logo on the Self-Serve page, copy the logo file to the website's \Content\Images folder, then replace the default logo filename with your logo filename on the add key line.
      5. If you want the password reset option available to Self-Serve users, define the following values:
         • SMTP:Host
         • SMTP:Port
         • SMTP:EnableSSL
         • SMTP:Username
         • SMTP:Password
         • SMTP:FromAddress
         • SMTP:Contact
      6. To use Swipeclock authentication, uncomment and provide values for the following:
         • SwipeClock:Secret
         • SwipeClock:Url
   3. Create the Machinekey.config file by copying Machinekey.sample.config (found in the path specified for website physical directory) and renaming it to Machinekey.config.
   4. To get the values required for the Machinekey.config file, do the following:
      1. Open the "IIS" application.
      2. Expand Server > Sites > <new website>.
      3. Double click on the Machine Key icon.
      4. Verify that the Validation Method is set to SHA1.
      5. Verify that the Encryption Method is set to AES.
      6. Click Generate Keys on the right side of the page.
      7. Copy the Validation Key into the Machinekey.config "validationKey" value .
         • Delete the extra characters ",isolate" at the end of the key, and save prior to copying.
      8. Copy the Decryption Key into the Machinekey.config "decryptionKey" value.
         • Delete the extra characters ",isolate" at the end of the key, and save prior to copying.
      9. Save the Machinekey.config file.
   5. Set up the nLog.config file:
      1. Change nLog.config target to point to "${basedir}/logs/self-serve-log.txt"
      2. Create a "Logs" folder in the base directory.
      3. Give Read/Write access to the website profile. The profile name is created by IIS and should match the name of the website.

For DMZ deployment

1. Modify the company firewall to allow inbound TCP ports 80 and 443 from all Internet addresses to the server in the DMZ.
2. Modify the firewall to allow the ActivityHD company ports between the Self-Serve server in the DMZ and the ActivityHD server on the company LAN.
3. Create DNS records on the external and internal DNS servers for the Self-Serve website (e.g., selfserve.company.com).

For Web-hosting deployment

1. Request that the hosting provider modify their firewall to allow inbound TCP ports 80 and 443 from all Internet addresses to the hosted Self-Serve server.
2. Modify the company firewall to allow the ActivityHD company ports between the public IP of the hosted Self-Serve server and the ActivityHD server on the company LAN.
3. Create DNS records on external DNS servers for the Self-Serve website (e.g., selfserve.company.com).