To install ACP with ApacheWindows sspi auth

Install the ACP code

Download this archive and extract it to a folder on your computer.

  • Copy these files (from the archive extracted) to C:\Program Files\Lumina\Analytica 6.2. Overwrite any existing files with the same name.

Analytica.ini
suan.exe
libssl-3.dll
libcrypto-3.dll
SuanFirebaseAuth.dll

The rest of the files from the extracted archive, in folders assets and build, need to saved to the ACP\ui folder.

  • Save these folders to D:\ACP\ui\.

D:\ACP\ui\Assets
D:\ACP\ui\Build


Create the Subscription Database

  • Launch Start / Microsoft SQL Server Tools 18 / Microsoft SQL Server Management Studio
    • Connect dialog appears.
      Server type=Database engine
      Server name=Yourserver\SQLEXPRESS
      Authentication=Windows Authentication
  • Right-click on Databases / New Database...
    • Database name=Suan Subscriptions
    • Press OK

Use the Analytica library to create the tables in the database

  • Run: Analytica.exe "d:\Acp\ui\assets\Create Suan DB.ana"
  • Press the "Create the Tables" button
  • Press the "Populate the Tables" button
  • Assumins no errors, exit Desktop Analytica.


Set up application in Apache configuration

  • In the Apache\conf directory, rename the default httpd.conf file to httpd-bk.conf so you have it as a backup, then replace it with the httpd.conf file you received from Lumina.
  • In the Apache\conf\extra directory, rename the default httpd-ssl.conf file to httpd-ssl-bk.conf so you have it as a backup, then replace it with the httpd-ssl.conf file you received from Lumina.
  • Check the apache configuration - in an administrator command prompt

cd C:\Apache24\bin

httpd.exe -t

{Output should be syntax OK} If not then there is a problem .

  • If the response is OK, restart apache in the command prompt:

cd C:/Apache24/bin
httpd -k restart

  • Test
    • Open a non-admin UI CMD window:
      CD "C:\Program Files\Lumina\Analytica 6.2"
      .\suan.exe /config:d:\Acp\ui\assets\server.config
      Expected: No UI appears. But in Task Manager, you should see a Suan process running.
    • In a browser on the server: Check your url
      Expected: The login page appears. It should prompt for windows username and password. Tests for apache & UI-side code working.
    • Log in - enter a windows user and password and press Sign in.
      Expected: Goes to User Portal, with an empty file listing.
  • On a computer other than the server, in Chrome: Check your url with https
    Expected: Should get to sign in screen
  • On a computer other than the server, in Chrome: Check your url with http
    Expected: It should convert to https and be an the sign in screen

Setup account to serve requests

We create a new account with security restrictions that ACP requests (i.e., models) run under.

  • Run Computer Management / System Tools / Local Users and Groups / Users
  • New User...
    User name = ACPUser
    Description = Account that ACP models run in.
    Password = ***yourpasswordhere***
    User cannot change password + Password never expires
  • Press Create. Then Right-click ACPUser/ Properties / MemberOf. Remove from group "Users".
  • In a CMD prompt:
    CD "C:\Program Files\Lumina\Analytica 6.2"
    RunAs /user:ACPUser .\Analytica
  • When Analytica launches, accept the terms and select the license in Desktop Analytica's Help->Update License dialog
  • Test that it saves this info by exiting and restarting, again as ACPUser, and checking the Help-Update License dialog.

Test - To launch the server now, from CMD, use:

RunAs /user:ACPUser "c:\Program Files\Lumina\Analytica 6.2\Suan /config:d:\Acp\ui\assets\server.config".

Ensure Analytica starts with the correct license then close Analytica

Give ACPUser DB access

  • In Microsoft SQL Server management Studio / Databases / Suan subscriptions / Security / Users
  • New User... / Windows user + <yourcomputername>\ACPUser + (leave login name blank) + default schema=dbo
  • Membership / db_datawriter + db_datareader

Configure for auto-launch

Configure Windows to automatically launch the Suan server when the computer boots.

  • Run Task Scheduler
    • Create a new folder under "Task Scheduler Library" named Lumina
    • Right-click on Lumina / Create Task...
    • General tab
      Name: Start ACP server at boot
      Description: Launches the ACP server process when the server starts up (reboots)
      Press "Change User or Group..." and set to ACPUser
      Run whether user is logged on or not
      Configure for: Windows Server 2019 (I don't think this matters)
    • Triggers tab
      New.... Begin the task at Start Up.
      Delay task for 30 seconds (I don't know if this is necessary -- but give everything else a chance to get going first)
    • Actions tab, New...
      Program/script: "c:\Program Files\Lumina\Analytica 6.2\Suan.exe"
      Arguments: /config:d:\Acp\ui\assets\Server.config
    • Settings tab
      Allow task to be run on demand
      Run task as soon as possible after a scheduled start is missed
      Uncheck "Stop if task runs longer than"
      Click OK
  • At Start menu, type: "Local security policy"
    • Drill down to: Local security policy / Security Settings / Local Policies / User Rights Assignment / Log on as a batch job / Add User or Group...
    • Add ACPUser [Apply] [Ok]
  • Test that this works by
    right-clicking on the Task Scheduler task added above / Run.
    Task manager / Details. Verify that Suan.exe is running under the ACPUser account.

Create a Group Account

So now you should be able to use ACP. Here we will create a Group account with 1 admin user.

  • Copy

d:\acp\ui\assets\suan account admin.ana
and d:\acp\ui\assets\db driver info.ana
to:
d:\acp\accounts\suan account admin.ana
and d:\acp\accounts\db driver info.ana

  • In a command prompt

cd c:\"Program Files\Lumina\Analytica 6.2"
.\suan.exe /config:d:\acp\ui\assets\singleinstance.config "d:\acp\accounts\suan account admin.ana"

When prompted to create a subscription administrator, click yes.

  • Open the module Create new Group Subscription.
  • In the account type select Group or Premium Group - if you are installing with optimizer select Premium Group
  • Enter a Account/Subscription name

(In the Email address filed, because you are using windows authentication. Enter the windows user name for the Group account admin).

  • Press the [Create Subscription] Button.

Expected: You should get a message box 'Subscription created'. Clear that by Clicking [OK]

  • Close the module Create new Group subscription and open the module Manage existing Group subscription.
  • In the pulldown menu for Subscription Admin, ensure that the new user is selected as the subscription admin.
  • Close the suan account admin.ana model for now.

Expected: You should have a group account that you can use with ACP in a browser. And the subscription manager is the user who is the Group account admin you entered

  • Go to the ACP sign in page (your domain) in a Chrome Browser. (For now we are recommending that users stick with Chrome until we have done more testing in other browsers).
  • In the User name field enter the Windows user name for the Group account admin
  • Enter the windows password for this user in the password field then press enter

Expected: You are signed in to ACP with the new group Account, in the Subscription admin project. From here you can manage other users.

That's it . If you click the project pulldown menu, you should have a Home project, to which you can upload models and add users, etc. You can also manage subscription admins. See more here.

Managing Users

  • You can add users as described here. With windows authentication the users will be windows users not email addresses.
  • When using Windows authentication the admin will need to ensure that each user is in the local Windows Users. They also need to notify each user, and create and reset passwords when needed. Unless the users have the permissions to do that themselves with windows.
Comments


You are not allowed to post comments.