Launching the SCA

The SCA is an ASP application; its starting page is called SCAConfig Main.asp. The SCA is located in the folder <installation drive>\Program Files \Microsoft Content Management Server\server\NRConfig on a machine where the SCA is installed. On a local machine, you can launch the SCA from the Start menu (Start > Programs > Microsoft Content Management Server > Server Configuration Application). The icon on the Start menu is just a shortcut that points to the SCA URL http://<computer name>:<port number>/NRConfig, where <computer name>:<port number> identify the Web site where the SCA is installed (Figure 18-1). On any machine that has HTTP access to the SCA computer, you can launch it by directly typing the URL. The Web site, and therefore the port number, is selected in the Database Configuration Application (DCA) during CMS installation. By default, the site is the IIS Administration Web Site.

When you launch the SCA, the following checks are performed to determine if CMS exists on a machine.

• At least one of the following registry keys exist: HKEY_LOCAL_MACHINE\SOFTWARE\NCompass\Resolution Content Server\Configuration\0\EntryPoints\<N>, where <N> is the IIS instance ID of the Web site.

  There is one registry key for every CMS Web entry point (CMS-enabled IIS virtual Web site). For example, the default Web site has an instance ID of 1.

• The Web site with the <N> instance ID has an /NR virtual directory. This directory identifies the site as a CMS site.

• Two ISAPI filters are installed in the IIS at the global level:

  • Resolution filter located at <installation drive>:\Program Files\Microsoft Content Management Server\Server\bin\ReAuthFilt.dll

  • Resolution HTML Packager located at <installation drive>:\Program Files\Microsoft Content Management Server\Server\bin\REHTMLPackager.dll

If any of the checks fail, the SCA will not start.

Since the SCA is a configuration utility, it must be secure and not accessible to anonymous users. During the SCA installation, the /NRConfig virtual directory is created on a selected Web site on a local machine. The IIS Administration Web Site has the most security; therefore, it is the default Web site for SCA installation. The NRConfig virtual directory points to the <installation drive>:\Program Files\Microsoft Content Management Server\server\NRConfig local directory where the SCA is located. During the installation, the ACLs are set on this directory to restrict access to local administrators (Figure 18-2).

For security reasons, it is not recommended that you install and run the SCA on a Web site if any of the following statements are true.

• The site is a CMS site used for authoring and/or browsing.

• The site uses the default HTTP port 80.

• The site grants access to everyone by default (it should deny access by default and grant access only to explicit IP addresses or domain names).

• The site allows anonymous access.

The best practice to ensure security when the SCA is used remotely is to run it over a Secure Sockets Layer (SSL) connection. You need to use SSL, for example, to protect the user name and password information for a local administrator if it is being passed in clear text over the network. If there is no SSL enabled, when the SCA is first launched it displays a security alert. This alert is displayed only once, on the first run.

NOTE: Each CMS server must have the SCA installed for configuration purposes. However, once the server has been configured, you can stop the Web site where the SCA has been installed. This will provide an additional security layer for your server.

The SCA screen (Figure 18-3) in the top pane displays the current CMS server parameters: the URL of the IIS virtual site that hosts the first CMS site created on the computer where SCA is installed, the CMS version, the name of the CMS database, and the name of the SQL server hosting the database. These are read-only and cannot be changed from the SCA. However, you can change the database name and location using the Database Configuration Application (DCA). Underneath the read-only pane are six tabs that provide access to configuration options: General, Cache, Web, Access, Security, and License. We will now look into the configuration options available in each tab.