WS_FTP (v7.1) Deployment/Installation

byLiveStream -
0
  1. Get licensed WS_FTP 7.1
Run install (WS_FTPServer71.exe).
clip_image002
click Next

clip_image004
select "I accept", click Next

clip_image006
click Next

clip_image008
click Next
SAMPLE SCREEN
Enter corresponding server’s name.

Click Next





SAMPLE SCREEN

put Username and Password.

Note: this Username is not AD account. It is local user ID just for WS_FTP on this server.


clip_image013
click Install
SAMPLE SCREEN
clip_image015
Enter the right serial number.
Click Activate
SAMPLE SCREEN

Note: User Name & Password are from www.myipswitch.com when purchasing the license.
Click Activate

To move licence from old machine to new machine
To Deactivate old licence

clip_image019

clip_image023


clip_image025

To Active license on new machine
clip_image027


click Generate File

clip_image029
click Save
Note: by default, it’s saved to c:\Windows\SysWOW64\.

Copy license.ofa to local PC or another server with internet access, open IE, go to http://www.ipswitchft.com/support/offlineactivation.aspx

clip_image031

clip_image033

click Browse, select license.ofa, click Submit



clip_image035
click Save

Copy license.txt back to our server, under folder C:\Program Files\Ipswitch\Common

go back to
clip_image037
click Next

clip_image039
click Browse to select the license file, click Activate


clip_image041
click Finish

clip_image043
Click Finish. The sever will be restarted.
  1. Initial setting
Start WS_FTP Server Manager
(from shortcut on desktop or start -> All Programs -> Ipswitch WS_FTP Server -> WS_FTP Server Manager):
clip_image045
type in User name and Password (for production, User name is wsftp_admin, which was created during installation of WS_FTP), click Login

clip_image047

click Listeners
clip_image049
Check Port 21, click Delete

  1. Setup Listener of 889 for SSL
Click Home, click Listeners, click Create
Type in IP address, Port: 889
SAMPLE SCREEN
clip_image051
IP address:
For QA: 10.192.1.170
For production: 10.XXX.XX.XXX

click Add
SAMPLE SCREEN
clip_image053
Select Host Name, then click OK
SAMPLE SCREEN
clip_image055
Click Save

  1. Setup Passive Connection
Click Host Settings, Firewall Settings, click “Firewall - Passive Connection Settings”, add 889, 890 in Port Range
SAMPLE SCREEN
clip_image057
IP address:
For QA: 10.192.1.170
For production: 10.XXX.XX.XXX
(TODO : Check with Mark Liu, Dr will be different)


  1. Create SSL

4.1     Run IE -> Tools -> Internet Options -> Content -> Certificates -> Trusted Root Certification Authorities  

Select RANDOM, click View

The last 2 digits: 72 for Dev, 66 for Production. If on production server it is not 66, need new certificate.

4.2     After verify certificate, get Reference number & Authorization code from replying email of “CertificateKey, Management” (see Chapter 3.1 Pre-Deployment step 5)
4.3     Click Server, under Other Settings, click SSL Certificates, click Create

clip_image061




SAMPLE SCREEN
clip_image063
Passphrase: lctr
Name: it is temp name, i.e. PrdTemp
Email: for production, it should be Production Support email
Common Name: Reference number from certification email.
Click Save







SAMPLE SCREEN
clip_image065
Click the newly created certificate
SAMPLE SCREEN
clip_image067
Click Export Certificate Signing Request
Need to export CSR as well as Key, also save them to the DR server for import.

SAMPLE SCREEN
clip_image069
Click Save
SAMPLE SCREEN



4.4     Retrieve SSL
From local PC, go to https://eaespr.RANDOMfg.com/ 
Note: for QA, the site is https://eesweb.RANDOMgc.net/cda-cgi/clientcgi?action=start
clip_image071
Click “Create Web Server Certificate from PKCS#10 Request”
clip_image073

Enter Reference number & Authorization code from CertificateKey Management’s email. Leave “Options” drop down as default.  Copy and paste CSR information (from C:\Program Files\Ipswitch\WS_FTP Server\SSLFiles\*.csr).
Click Submit Request
clip_image075
Click Download.
Save file as *.cer. (For easier identification, name the file the same as the CSR certificate)
SAMPLE SCREEN















Copy the .cer file back to the server under C:\Program Files\Ipswitch\WS_FTP Server\SSLFiles


import the key on both primary and DR servers.
clip_image078

clip_image080

clip_image082

clip_image084



clip_image086

Change the ssl setting for host
clip_image088

Need to restart the service

clip_image090


Click Save.
  1. Set up AD account and second host

Click Home, click Change host, click Create.
Enter Host name. In User database, select Microsoft Active Directory Database
SAMPLE SCREEN
clip_image092
Click Configure.

SAMPLE SCREEN
clip_image094
Copy AD account’s full info (starting from “OU”) into Organization Unit. i.e. Dev AD account is
“OU=Service Accounts,OU=LMG,OU=SysdevCTD,DC=sysdev,DC=adroot,DC=RANDOMgc,DC=net” into Organization Unit
Production use “OU=Service Accounts,OU=Domain Administration,DC=office,DC=adroot,DC=RANDOMgc,DC=net”
Click OK
SAMPLE SCREEN
clip_image096
Click Save
Click Home, Click Change Host. Select the newly created Host for AD users. click users, it shows:
clip_image098
Click Synchronize
SAMPLE SCREEN
clip_image100
Click the link of corresponding user
SAMPLE SCREEN
clip_image102
select Lock user to home folder, then click Save
Note: after creating the second host, when login to WS_FTP Server Manager again, you may need to add @default_host to the login ID, i.e. for production, like wsftp_admin@fci-bccwprapp01.office.adroot.RANDOMgc.net
SAMPLE SCREEN
clip_image104
Otherwise, you may get “Authentication Failed”.


  1. Add Firewall Passive Connection for the newly created Host

Click Home, click Change host, click the newly created Host, under Other Settings, click “Firewall - Passive Connection Settings”, add 889, 890 in Port Range
SAMPLE SCREEN
clip_image105
IP address:
For QA: 10.192.1.170
For production: 10.XXX.XX.XXX
(TODO : Check with Thang, Dr will be different)



  1. Add the newly created Host to the listener

SAMPLE SCREEN
clip_image107
Click Listeners
SAMPLE SCREEN
clip_image109
Click on the IP address of port 889
SAMPLE SCREEN
clip_image111
Click Add
SAMPLE SCREEN
clip_image113
Select the host and click OK



Select the host you just added, and click Set Default
SAMPLE SCREEN
clip_image115
Select the other host and click remove, then click Save













SAMPLE SCREEN
clip_image117
Then restart Services
SAMPLE SCREEN
clip_image119
Click Services
SAMPLE SCREEN
clip_image121
Check 1st, 2nd & 4th (no need for SSH Server). Click restart
SAMPLE SCREEN
clip_image123



  1. Virtual folders

We need to create “SEND” & “REC” as virtual folders (point to E:\stage\send  &  E:\stage\rec)
Click Home, click Folders, click Create virtual folder.
SAMPLE SCREEN
clip_image125
Note: choose “Display in user” in Virtual display location

Click Add






SAMPLE SCREEN
clip_image127
Check the right user, click OK










SAMPLE SCREEN
clip_image129
Click Save

Repeat the same steps to create virtual folder “REC” as E:\stage\rec








  1. Go to Host, under Other Settings, click SSL Settings

clip_image131
Check ForceSSL and “Force SSL for data channel”, click Save
Note: if check “Force SSL”, ALL ports will be SSL-enabled, including port 21
  1. Log setting
To change log setting, go to Server, under Other Settings, click Log Settings, in Logging level, select Verbose and click Save


Tags:

Post a Comment

Previous Post Next Post