Installing PolicyServer

The PolicyServer installation process involves running an installer on the server endpoint to configure the following:

  • Endpoint Encryption product license

  • Enterprise name and Administrator logon

  • Endpoint Encryption services

  • PolicyServer database

  • PolicyServer MMC (optional)

Warning:

For security reasons, legacy Endpoint Encryption agents cannot communicate directly with a PolicyServer instance residing in a different network. For information about configuring a web proxy, see Traffic Forwarding Services for Legacy Agents.

  1. Verify that all system requirements are met.

    See PolicyServer System Requirements.

  2. Run PolicyServerInstaller.exe

    The PolicyServer Installer opens.

  3. At the PolicyServer Services screen, click Install at the right.
  4. At the Product Legal Notice screen, read the license agreement and accept the terms by clicking Accept.
  5. At the Product Activation screen, select your licensing method:
    • Click Register Online to register your product and receive an Activation Code.

    • Select Use a full license if you have an Activation Code to specify your code and activate full functionality.

    • Select Use a trial license to evaluate a managed Endpoint Encryption configuration for 30 days.

      Note:

      During the trial period, PolicyServer functions normally with all agent management, unlimited devices, and up to 100 users. After 30 days, contact a Trend Micro representative for more information about the Registration Key and Activation Code.

  6. At the Create Enterprise Name and Administrator Logon screen, specify the credentials for your main Enterprise administrator account and then click Continue.
    Option Description

    Enterprise Name

    The name of the Enterprise. This will be required for user and device authentication.

    Administrator

    The first Enterprise Administrator account user name.

    Password

    The first Enterprise Administrator account password.

    Confirm Password

    Confirm the first Enterprise Administrator account password.

    Enterprise administrator accounts can manage all device, user, and policy settings from PolicyServer MMC and Control Manager. You can create more Enterprise administrator accounts at a later time. If you are upgrading or reinstalling PolicyServer, the Enterprise administrator account that you specified previously appears automatically.

  7. At the Windows Service Logon screen, click Continue.
  8. At the Database Administrator Logon screen, choose your database connection method:
    • Select Microsoft SQL Express to create a new database instance.

      Note:

      Use Microsoft SQL Express only for networks of fewer than 1500 endpoints, or for evaluation purposes. Microsoft SQL Express is only available in environments that do not have SQL Server configured.

    • Select SQL Server to specify an existing Microsoft SQL Server instance.

      If you select SQL Server, specify the following information:

      Field

      Description

      SQL Server

      The SQL Server host name or IP address.

      Note:

      For environments with multiple SQL Server instances, append the SQL instance to the end of the database host name or IP address used. Use the following syntax to specify an instance:

      <hostname_or_IP_address>\<database_instance>

      User name

      The user name with the "sysadmin" role for the specified SQL Server instance.

      Password

      The password for the "sysadmin" account.

    • Select Use a different log database server to specify a different SQL Server instance for log data.

  9. At the Create Database Logon screen, specify a new database account for the PolicyServer Windows Service to use for all database transactions.
    Note:

    Do not specify the "sysadmin" account.

  10. At the Endpoint Encryption Service screen, specify the following parameters:
    Option Description

    Port number

    Specify the port number that the PolicyServer MMC, Control Manager and Endpoint Encryption 6.0 Patch 1 agents use to communicate with PolicyServer (default: 8080).

    Note:

    In environments with legacy agents, Trend Micro recommends using port 8080 for the Admin Web Service and port 80 for the Client Web Service. The port number must be a positive integer between 1 and 65535.

    Automatically generate a new self-signed certificate

    Select this option if no certificate is available. The installer generates a certificate for encrypted communication.

    Specify an existing certificate

    Select this option to use a specific certificate. There are no limitations or requirements for specifying an existing certificate except that the certificate is correctly formatted.

  11. Click Continue.
  12. At the Legacy Agent Service screen, select the location that legacy Endpoint Encryption agents (version 3.1.3 and below) use to communicate with PolicyServer, then click Continue.
  13. To immediately install PolicyServer MMC, click Yes. To install PolicyServer MMC at a later time or on a separate endpoint, see Installing PolicyServer MMC.

    The installation process begins.

  14. When prompted, click OK.
  15. Click Finished.
  16. Click Exit to close the PolicyServer installer.
  17. Add the initial Endpoint Encryption users and groups.

    See Configuring PolicyServer.