Feature/12526 separate debugger install instructions

.htmltest.yml

@@ -19,6 +19,7 @@ IgnoreURLs:
 - "https://learn.microsoft.com/.*"
 - "https://fonts.googleapis.com.*"
 - "https://fonts.gstatic.com.*"
+- "https://nssm.cc/"
 IgnoreDirs:
 - "docs/?.*/_print/"
 - "docs/?.*/_shared/"

content/en/docs/2023.11/_shared/currentVersion.md

@@ -1 +1 @@
-2023.9
+2023.11

content/en/docs/2023.11/_shared/install-application-server/apply-recommended-security-measures.md

@@ -0,0 +1,36 @@
+These are non-compulsory security measures, recommended to be applied to the server, in order to prevent potential attacks that exploit known industry security vulnerabilities.
+
+Applying these measures may impact other applications running on your server. Therefore, it is your responsibility to ensure that other applications and their clients will not be affected by the changes.
+
+### Only Use Recommended Encryption Algorithms and TLS Protocols
+
+A collection of registry settings need to be applied to guarantee your server is only using the recommended encryption algorithms and TLS protocols. Information about these settings can be found at [SSL Best Practices][].
+
+{{% alert type="warning" title="Warning" %}}Disabling specific TLS versions or specific Cipher Suites can have impact on {{% ctx %}} components themselves as well as their communication capabilities with third party systems and services, e.g. Execution Service executing flows with blocks which communicate with 3rd parties via PowerShell or REST. All parties communicating together must support a shared protocol version and cipher suite, otherwise they will not be able to establish a secure communication link between each other.{{% /alert %}}
+
+The settings can be applied by running a script. Be aware that the server will be restarted when the script is run. Apply the settings by following these instructions:
+
+1. Open a Windows PowerShell (x64) window as administrator.
+1. Navigate PowerShell to inside the `Cortex Innovation {{< version >}} - App Server Install Scripts` folder using the following command, modifying the path as necessary:
+
+    ```powershell
+    cd "C:\Install\Cortex Innovation {{< version >}} - App Server Install Scripts"
+    ```
+
+1. Run the `Cortex.Innovation.Install.SSLBestPractices.ps1` script using the following command:
+
+    ```powershell
+    .\Cortex.Innovation.Install.SSLBestPractices.ps1
+    ```
+
+    {{% alert title="Note" %}}
+To avoid answering all of the prompts `-Override 0` can be added to the end of the script. This will automatically apply all settings and forcibly restart the server.
+    {{% /alert %}}
+
+   If `-Override 0` has been specified no further steps need to be taken and you can move on to the next section when the server has restarted.
+1. To use all the recommended settings click `Apply all` to the first prompt.
+
+    To selectively apply each setting select `Choose which to apply`. Each change will then be prompted with a Yes/No confirmation before applying.
+1. Restart the machine when the script asks.
+
+[SSL Best Practices]: {{< url path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.SSLBestPractices" >}}

content/en/docs/2023.11/_shared/install-application-server/install-dot-net-framework.md

@@ -0,0 +1,17 @@
+Microsoft Service Fabric requires a minimum of Microsoft .NET Framework 4.7.2 to be installed on the server.
+
+To find the version of the framework that is installed:
+
+1. On the Start menu, choose `Run`.
+1. In the open box, enter `regedit.exe`. You must have administrative credentials to run regedit.exe.
+1. In the Registry Editor, open the subkey `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full`.
+1. If the `Full` subkey is not present, then you do not have the .NET Framework 4.5 or later installed.
+1. Check for a `DWORD` value named `Release`. The existence of the Release DWORD indicates the .NET Framework 4.5 or newer has been installed on that computer. If the value is `461808` or over then at least .NET Framework 4.7.2 is installed and no further steps need to be taken. If it is not installed, continue with the following steps to install it.
+
+To install .NET Framework 4.7.2:
+
+1. Download the [.NET Framework 4.7.2][NET Framework 472] installer.
+1. Double-click on the installer file to run it.
+1. Follow the wizard to complete the installation.
+
+[NET Framework 472]: {{< url path="MSDotNet.Framework472.MainDoc" >}}

content/en/docs/2023.11/_shared/install-application-server/make-installation-artefacts-available.md

@@ -0,0 +1,6 @@
+1. Copy the following artefacts to a folder on the server:
+   * Cortex Innovation {{< version >}} - Block Packages.zip
+   * Cortex Innovation {{< version >}} - App Services.zip
+   * Cortex Innovation {{< version >}} - App Server Install Scripts.zip
+
+1. Extract the `Cortex Innovation {{< version >}} - App Server Install Scripts.zip` file to a folder with the same name.

content/en/docs/2023.11/_shared/install-application-server/single-server/add-antivirus-exclusions.md

@@ -0,0 +1,15 @@
+1. Open a Windows PowerShell (x64) window as administrator.
+1. Navigate PowerShell to inside the `Cortex Innovation {{< version >}} - App Server Install Scripts` folder using the following command, modifying the path as necessary:
+
+    ```powershell
+    cd "C:\Install\Cortex Innovation {{< version >}} - App Server Install Scripts"
+    ```
+
+1. Run the `Cortex.Innovation.Add.WindowsDefenderExclusions.ps1` script using the following command, modifying the `ApplicationServers` value to contain the NETBIOS name or fully qualified domain name of the server:
+
+    ```powershell
+    .\Cortex.Innovation.Add.WindowsDefenderExclusions.ps1 -ApplicationServers @("app-server1")
+    ```
+
+1. A credentials prompt will appear. Enter credentials of a domain user that is a member of the local Administrators group on the server and press OK.
+1. A message will indicate that the script has completed successfully.

content/en/docs/2023.11/_shared/install-application-server/single-server/add-innovation-only/configure-installation-script.md

@@ -0,0 +1,77 @@
+1. In the `Cortex Innovation {{< version >}} - App Server Install Scripts` folder, locate the `Cortex.Innovation.Install.ps1` script and open it with a text editor.
+1. Choose the tab below that matches the configuration for this installation, then update the script to match, changing the parameters according to the details given below:
+
+    {{< tabpane lang="powershell" >}}
+        {{< tab header="CA Certs" >}}
+.\Cortex.Install.ps1 -ConfigFileName Cortex.Innovation.Install.Config.json `
+    -AppServicesPath "C:\Install\Cortex Innovation {{< version >}} - App Services.zip" `
+    -BlockPackagesPath "C:\Install\Cortex Innovation {{< version >}} - Block Packages.zip" `
+    -ApiGatewayBasicAuthUsername "BasicAuthUser" `
+    -ApiGatewayBasicAuthPassword '#_065077199197085!212123173135087074174142102155007175102029143220132038175026114248243207204119030125106032237087162060168108135168241247037070081~187087056217118!069132229129134129097089241180163#' `
+    -CustomerName "Customer1" `
+    -ApplicationServerIPv4Addresses @("192.168.1.1") `
+    -ServerCertificatePath "C:\Install\Certificates\cert.pfx" `
+    -ServerCertificatePassword '#_186224203199039!168155035100255155162114088105027~037077176064169!055142133197216213014226219148063#' `
+    -SkipLoadBalancer `
+    -Credential $Credential `
+    -LdapConnectionDetails @{
+        Host= "LDAP://ldapserver.fqdn.com:389"
+        UseSsl= $false
+        Username= "someUserName"
+        Password= '#_156218162004047!225018081008117174092221250099053~110194001237006!035122107175168133055021013201167#'
+    } `
+    -AcceptEULA:$AcceptEula `
+    *>&1 | Tee-Object -FilePath "cortex-app-install-log.txt"
+        {{< /tab >}}
+        {{< tab header="Self-Signed Certs" >}}
+.\Cortex.Install.ps1 -ConfigFileName Cortex.Innovation.Install.Config.json `
+    -AppServicesPath "C:\Install\Cortex Innovation {{< version >}} - App Services.zip" `
+    -BlockPackagesPath "C:\Install\Cortex Innovation {{< version >}} - Block Packages.zip" `
+    -ApiGatewayBasicAuthUsername "BasicAuthUser" `
+    -ApiGatewayBasicAuthPassword '#_065077199197085!212123173135087074174142102155007175102029143220132038175026114248243207204119030125106032237087162060168108135168241247037070081~187087056217118!069132229129134129097089241180163#' `
+    -CustomerName "Customer1" `
+    -ApplicationServerIPv4Addresses @("192.168.1.1") `
+    -UseSelfSignedCertificates `
+    -SkipLoadBalancer `
+    -Credential $Credential `
+    -LdapConnectionDetails @{
+        Host= "LDAP://ldapserver.fqdn.com:389"
+        UseSsl= $false
+        Username= "someUserName"
+        Password= '#_156218162004047!225018081008117174092221250099053~110194001237006!035122107175168133055021013201167#'
+    } `
+    -AcceptEULA:$AcceptEula `
+    *>&1 | Tee-Object -FilePath "cortex-app-install-log.txt"
+        {{< /tab >}}
+    {{< /tabpane >}}
+
+    {{% alert title="Important" color="warning" %}}Parameters required to be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}} must be encrypted on one of the servers specified in the {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.SingleServerWithoutHA.EncryptionRequirements" title="Encryption Requirements" >}} steps.{{% /alert %}}
+
+    | Name                                         | Description |
+    |----------------------------------------------|-------------|
+    |`AppServicesPath`                              | Configure this value with the location of the App Services zip file on the server. |
+    |`BlockPackagesPath`                           | Configure this value with the location of the Block Packages zip file on the server. |
+    |`ApiGatewayBasicAuthUsername`                     | Configure this value with a username that can be used to make HTTPS requests to the API Gateway Service using Basic Authentication (e.g. starting flows). This username will be used by Gateway for all HTTPS requests to the API Gateway Service.<br /><br />For security reasons it is recommended that the default value `BasicAuthUser` should be changed.<br /><br />This value will be needed later, [when installing Gateway][Install Gateway].<br /><br /> This username can also be used by external services for HTTPS requests to the API Gateway Service but is not recommended; these requests should use an OAuth2 session for an authorised Active Directory user.{{< alert type="note" title="Note" >}} This parameter can be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}|
+    |`ApiGatewayBasicAuthPassword`                      | Configure this value with the password for the username specified for `ApiGatewayBasicAuthUsername`.<br /><br />For security reasons it is recommended that the default value should be changed.<br /><br />This value will be needed later, [when installing Gateway][Install Gateway].{{< alert type="note" title="Note" >}} This parameter must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}|
+    |`CustomerName`                                | A name identifying the platform being installed. This must have no spaces or symbols. It will be appended to the node names that are displayed in Service Fabric Explorer. |
+    |`ApplicationServerIPv4Addresses`              | The IPv4 address of the server.|
+    |`ServerCertificatePath`                       | The local path of a .PFX certificate file on the server. Environment variables cannot be used. <br /><br />This is only needed if installing with CA Certificates (Recommended). The certificate should meet the [Certificate Requirements][]. <br /><br />This certificate will be used for: <ul><li>Securing communication between the Application Services.</li><li>Allowing Application Services to identify themselves to clients such as Gateway.</li><li>Preventing unauthorised nodes from joining the single node cluster.</li><li>Connecting to Service Fabric Explorer from each of the Application Servers.</li></ul>{{< alert type="warning" title="Warning" >}}It is critical to set a reminder to {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.RolloverCertificates" title="update certificates" >}} in good time before they expire. If they expire then the platform will cease to function and {{< ahref path="Cortex.ServicePortal.MainDoc" title="CORTEX Service Portal" >}} must be contacted for support.{{< /alert >}}|
+    |`ServerCertificatePassword`                        | The password for the .PFX certificate file specified in `ServerCertificatePath`. <br /><br /> This is only needed if installing with CA Certificates (Recommended).{{< alert type="note" title="Note" >}} This parameter must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}|
+    |`UseSelfSignedCertificates`                    | Installs Application Services and required infrastructure using generated Self-Signed Certificates rather than CA Certificates.  <br /><br /> Not recommended for production use.  |
+    |`SkipLoadBalancer`                             | Installs Application Services and required infrastructure without installing a load balancer. |
+    |`Credential`                                   | The credentials of the user which will be used to perform remote operations on the server. It must be a domain user that is a member of the local Administrators group on the server. <br /><br /> This does not need to be changed, a prompt will appear to enter this information when the script is run. |
+    |`LdapConnectionDetails`                        | The connection details to the LDAP server. <br /><br />This must be configured with a valid `Host`, `Username`, `Password`, and whether the LDAP server uses SSL using `UseSsl`. {{< alert type="note" title="Note" >}}The parameters `Host` and `Username` can be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}. The parameter `Password` must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}} |
+    |`AcceptEULA`                                   | This does not need to be changed, the EULA will be accepted at a later stage. |
+    |`FilePath`                                   | The filename that installation logs are written to.  If this should be written to a different location than where the installation files are then a full path should be specified. |
+
+    The `ApiGatewayBasicAuthUsername` and `ApiGatewayBasicAuthPassword` will be needed later, [when installing Gateway][Install Gateway].
+
+    {{% alert title="Note" %}}
+More advanced configuration (such as changing ports) can be undertaken by modifying the `Cortex.Innovation.Install.Config.json` file but this shouldn't be required for most installations. More information about this can be found at {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.AdvancedConfigSingleServer" title="Advanced Application Server and Load Balancer Configuration Changes" >}}.
+    {{% /alert %}}
+
+1. Save and close `Cortex.Innovation.Install.ps1`.
+
+[Certificate Requirements]: {{< url path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.SingleServerWithoutHA.CertificateRequirements" >}}
+[CORTEX Encrypted]: {{< url path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" >}}
+[Install Gateway]: {{< url path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.SingleServerWithoutHA.ConfigureCortexGatewayInstallationScript" >}}