Prerequisites ​

Production DNS ​

If you will be installing a Production license of AlphaTrust e-Sign™, you will need to establish the public DNS name for your server (or Web farmed servers) and obtain a public SSL certificate for that DNS name. For example, if the IIS Web site on which you will operate the AlphaTrust e-Sign™ software will be configured to respond to esign.yourdomain.com, then obtain and install an SSL certificate for esign.yourdomain.com on that IIS Web site prior to activating the license for the AlphaTrust e-Sign™ software. You may install and test the software locally before activation.

Non-Production DNS ​

If you will be installing a Non-Production license of AlphaTrust e-Sign™ (i.e. a developer / evaluation / other non-production license), you do not need to obtain either an SSL certificate or public DNS name. The control panel does require HTTPS url so you can either trust the local unsecured site prompt in the browser or create and use a local trusted SSL certificate. You will need to decide on the local DNS name, NETBIOS name, or IP address with which to configure both the Web site for AlphaTrust e-Sign™ as well as AlphaTrust e-Sign™ itself.

Multiple Server Considerations ​

AlphaTrust e-Sign™ may be setup as a single server installation or a multiple server installation (sometimes referred to as a Web farm installation or redundant server installation). A multiple server installation uses a common SQL Server database and common file share locations among all servers running AlphaTrust e-Sign™.

If you are installing a multiple server installation of AlphaTrust e-Sign™, or expanding an existing single server installation to multiple servers, please follow these steps first:

1. Make sure your SQL Server database server is located on a server machine other than a server hosting AlphaTrust e-Sign™.

2. Create a common file share on a file server other than a server hosting AlphaTrust e-Sign™. As an example we will call this share AT_Share on a server named SAN. So the UNC path to this share would be \\SAN\AT_Share.

   IMPORTANT

   You may use any appropriate SAN, NAS, or other read/write remote storage as long as such storage supports simultaneous shared access from multiple app servers using standard Windows network-based UNC shares. Not all network storage services support this.

3. Create three directories on this common share: DB, Images, and AcctData. You will use these UNC paths (using your own actual path names), rather than local paths, when you configure each instance of AlphaTrust e-Sign™:

   \\SAN\ProntoShare\DB\
   \\SAN\ProntoShare\Images\
   \\SAN\ProntoShare\AcctData\

4. IMPORTANT: The ProntoServer service account used by AlphaTrust e-Sign™ MUST have full access to these shares. The account needs all file permissions except permissions management and "take control". That is: all read, write, create directory, delete, append, etc. permissions.

5. Normally the network load balancer, or proxy does not pass through the end users client IP address and the IP address reported to IIS is the LB's or proxy IP address. In this case AlphaTrust e-Sign™ cannot record the correct end user IP address or properly defend itself using its security mechanisms such as dynamic IP blocking. You must configure your LB or proxy to set an HTTP header to the IP address of the end user connecting to the LB/proxy. You could name this header anything, but X-Forwarded-For is recommended and most load balancers will use this header name by default. You must then add this header name to the "ProntoConfig.ini" file in the [PRONTO_MODE] section. The setting is named ProntoClientIPHeaderName. So, if you set the LB/proxy HTTP header to X-Forwarded-For you would set:

   ProntoClientIPHeaderName="X-Forwarded-For"