Key Server

Axidian Key Server (Key Server) is the server required for the operation of the Axidian Key mobile application. Push notifications are sent using Key Server and communication with Core Server is established.

Communication with the Axidian Key mobile application is carried out through the HTTP or HTTPS protocol.

When using the SSL connection, you need a root certificate and a web server authentication certificate. When creating a certificate for Key Server, in the Common Name, specify the name or IP of the server to which access for the Axidian Key application is configured in the serverUrl tag of the Key Server configuration file. If the IP address is specified in CN, then it must be without a protocol and port.

To record server events, you need a separate Microsoft SQL or PostgreSQL database.

Installation files

The files for the Key Server installation are located at: Axidian AM version number/Axidian Key Server/Version numbers.

AxidianKey.Server-version number.x64.ru.ru.msi: Package for installing Axidian Key Server.
AxidianKey.EventLog.Setup-version number.x64.ru.ru.msi: Package for creating the required log structure in WindowsEventLog.

Create a database and a service account

Key Server supports PostgreSQL and Microsoft SQL databases.

For more information about creating a database and a service account, see Data storage.

Note

After you create the database (after the first query), you can reduce the rights for a user. The db_owner right is sufficient for the created database.

HTTPS binding in IIS Manager

Key Server is a web application that runs on the AIS database. During installation, SSL is required for Key Server in the settings, which in turn requires HTTPS connection.

In IIS Services Manager, in the left menu, navigate to Axidian Access → sites → Default Web Site.
In the Actions section of the right menu, click Bindings.
Click Add and set the following parameters in the window that appears:
- In the Type field, select https.
- In the Port field, specify 443.
- In the SSL Certificate field, select the Core Server certificate.
Click OK to save the link.

If you do not plan to use the HTTPS protocol, disable the SSL certificate requirement in the IIS settings for Key Server.

Install and configure Key Server

info

To work correctly, Key Server requires ASP.NET 4.7.

System requirements

To install Key Server, run Axidian package.AxidianKey.Server-version number.x64.ru.ru.msi.
Open IIS Manager.
Select Axidian Key Web Site. In the Actions window, select Bindings and click Edit.
In the Change Site Binding window, select the SSL certificate with the Server Authentication value and click Ok.
Tip
To save the changes in the application configuration file, run the editor with administrator rights.
If you use the HTTP protocol, add a binding with a random port and click Ok. Open C:\inetpub\wwwroot\axidiankey\Web.config and disable the HTTPS requirement as follows: in the requireHttps key, change the value from true to false.
```
<add key="requireHttps" value="false" />
```
In the rootDbContextId parameter, set the mssql value if you use the Microsoft SQL database, or PostgreSQL if you use the PostgreSQL database.
In the dbContextSettings section, specify the string to connect to the database:
- Microsoft SQL: Use the mssqlDbContexts parameter.
- PostgreSQL: Use the postgresqlDbContexts parameter.
Note
Windows authentication is not supported in this version.
In the value parameter with the serverUrl key, specify the URL to connect to Key Server. By default, a secure connection is used (the default port is 81). When using the HTTP connection, specify a port other than 80. Port 80 is used as the default port for HTTP connections on the IIS server.
info
Key Server must be accessible from a mobile device.
- For HTTPS: <add key="serverUrl" value="https://axidiankey.axidian.local:81 " />
- For HTTP: <add key="serverUrl" value="http://axidiankey.axidian.local:82 " />

In the Url parameter of the LogServer tag, specify the URL to connect to Log Server.

<logServer Url="http://logserver.axidian.local/ls/api" CertificateThumbprint="" CertificateFilePath="" CertificateFilePassword="" />

Save the changes and restart the IIS server.

Configure server events

Install and configure server events on Log Server.

You can use all the storage methods supported in Log Server.

You can track events by the following ways:

When stored in Windows events: Via Windows Events.
When stored in a database: By third-party monitoring tools or using SQL queries.
When using Syslog: Third-party monitoring tools with Syslog support.

info

Current version of Axidian Access does not support viewing Key Server events using Management Console.

To configure Key Server events, perform the following steps:

Install Log Server.AirKey.EventLog.Setup.
Open C:\inetpub\wwwroot\ls\clientApps.config.
For the SchemaId parameter with the akcSchema value, set the storage location of the log files. In the ReadTargetId tag and the nested TargetID tag of the WriteTargets tag, set the required parameter:
- akcEventLogTarget: Events are read and written from a separate Windows event log. This value is set by default.
  To view events, open the Windows Log Server event Log and navigate to Control Panel → Administration → Event View → Application and Service Logs → Axidian Key → Operational.
- akcSqlTarget: Events are read and written from Microsoft SQL databases.
  To view events, use the Axidian Access API. Create the SQL query in the EventEntities table.

Example

<Application Id="akc" SchemaId="akcSchema"> 
         <ReadTargetId>akcSqlTarget</ReadTargetId> 
   <WriteTargets> 
         <TargetId>akcSqlTarget</TargetId> 
   </WriteTargets> 
   <AccessControl> <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />--> </AccessControl> </Application>

If you use a database as the event storage, configure the connection to the database in the C:\inetpub\wwwroot\ls\targetConfigs\akcSqlTarget.config.

info

For Key Server events, use a separate database.

Remove obsolete data

In the C:\inetpub\wwwroot\axidiankey\Web.config file, you can set the parameters of the service for removing old data from the AkDatas table.

<jobSettings>
      <cleanAkDatas enabled="true" firstRunTime="00:00" intervalSec="86400" akDataLifeTimeSec="86400" />
</jobSettings>

Description of attributes from the example

Attribute Name	Description	Meaning	Default value	The minimum allowed value
`enabled`	The flag for enabling the service	`true` \ `false`	`true`	Absent
`firstRunTime`	The time of the first launch of the service	A string in the time format hh`:mm`	`00:00` (midnight)	Absent
`intervalSec`	Service launch interval	Number of seconds	`86400` (24 hours)	`600`
`akDataLifeTimeSec`	Data lifetime	Number of seconds	`86400` (24 hours)	`600`

Healthcheck

To check the status of Key Server, use the api/HealthCheck method. The server checks the storage status in the background task. The interval for executing the background task is configured in the C:\inetpub\wwwroot\axidiankey\Web.config file, the Jobsettings section:

<jobSettings>
      <storageHealthCheck intervalSec="60" />
  </jobSettings>

Encrypt/Decrypt the configuration file

Use the following batch files located in the Axidian Access distribution at Axidian version number folder\Axidian Key Server\8.2.2\Misc\EA.Config.Encryptor:

EncryptConfig.bat: Encrypt the configuration file.
DecrypConfig.bat: Decrypt the configuration file.

Installation files​

Create a database and a service account​

HTTPS binding in IIS Manager​

Install and configure Key Server​

Configure server events​

Remove obsolete data​

Healthcheck​

Encrypt/Decrypt the configuration file​

Installation files

Create a database and a service account

HTTPS binding in IIS Manager

Install and configure Key Server

Configure server events

Remove obsolete data

Healthcheck

Encrypt/Decrypt the configuration file