TD MoE Deployment Guide - ShopMandA
[pic]
TD MoE Deployment Guide
Ver 1.3.4
Intel Confidential
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTEL LECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.
Copyright © 2010-2011, Intel. All rights reserved.
Revision History
|Revision |Description |Revised By |Date |
|0.5.01 |Initialized. |Guo Xixiu, Deng Jing |2010-5-17 |
|0.5.02 |Updated. |Guo Xixiu, Deng Jing |2010-5-28 |
|0.8.01 |Updated |Guo Xixiu, Deng Jing |2010-6-18 |
|0.8.02 |Add firewall rules configuration |Deng Jing |2010-6-22 |
| |Adjust the structure of section 5.4 and 5.5. | | |
|0.8.0.3 |1.2 add CA Server in SW requirements |Wu Chunlei |2010-7-01 |
| |5.1.1 Add notes for install IIS and .net | | |
| |5.1.4 Change the order of login CA Server page; | | |
| |add path of web.config; | | |
| |add step 3 initial Root CA keystore and export public | | |
| |key | | |
| |5.2.1 add canonical source in order to find | | |
| |SUN-JAVA6-JDK. | | |
| |Add command “Apt-get update” | | |
| |5.5.4 add path of server.xml, add step to remove “ | | |
| | /etc/firewall-rules
iptables-restore < /etc/firewall-rules
2 Install Dependencies
Before installing the Theft Deterrent Server, sun-java6-jre, Tomcat 6 and Postgresql 8.4 deb packages should be installed.
1 Update Sources List
Update sources.list to download the installation package.
1. Backup initial sources.list
sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup
2. add sources to the sources.list, for example:
echo "deb lenny main contrib non-free" >> /etc/apt/sources.list
3. Update package list
sudo apt-get update
Note:
Please select effective sources according to the network access rights and rates.
2 Install sun-java6-jre
Input the following command in the terminal:
sudo apt-get install sun-java6-jre
3 Install tomcat6
Input the following command in the terminal:
sudo apt-get install tomcat6
4 Install Postgresql8.4
Input the following command in the terminal:
sudo apt-get install postgresql-8.4
5 Dependencies Installation Checking
Use the command “java -version” to check if jre is installed successfully.
java -version
If installed successfully, the java version will display.
[pic]
Figure 3-2 Checking of JRE Installed
Open FireFox with a URL like below to check if Tomcat is installed correctly.
If Tomcat installed successfully, the webpage will display as below.
[pic]
Figure 3-3 Checking of Tomcat Installed
Use the command “/etc/init.d/postgresql status” to check if Postgresql is installed successfully.
[pic]
Figure 3-4 Checking of Postgresql Installed
3 Set System Environment Variable
Input the following commands in the terminal:
echo "export JAVA_HOME=/usr/lib/jvm/java-6-sun" >> /etc/profile
echo "export TOMCAT_HOME=/usr/share/tomcat6" >> /etc/profile
echo "export CATALINA_BASE=/var/lib/tomcat6" >> /etc/profile
echo "export PGHOME=/usr/lib/postgresql/8.4" >> /etc/profile
echo "export PGHOME_BIN=/usr/lib/postgresql/8.4/bin" >> /etc/profile
echo "export PGHOME_CONF=/etc/postgresql/8.4/main" >> /etc/profile
echo "export PGHOME_DATA=/var/lib/postgresql/8.4/main" >> /etc/profile
Reboot the system when completed.
4 Deploy the TDServer with Central Server Non-supported Type on Debian 6 64-bit
Copy the file “tdserver_3.1.0.9.5.1-amd64.tar.gz” to the local disk.
Input “tar –xvzf tdserver_3.1.0.9.5.1-amd64.tar.gz” to the terminal.
Go to the unzipped folder by the command “cd tdserverinstall”, which contains all of the necessary shell scripts.
1 Install Database
If there is no database for the TDServer, please input the following command in the terminal:
sudo sh InstallPostgreSQL /usr/lib/postgresql postgres 4
2 Install TDServer
Command for the English version:
sudo bash installTDServer.sh /usr/share/tomcat6 English
Command for the Spanish version:
sudo bash installTDServer.sh /usr/share/tomcat6 Spanish
3 Setup CA
To install the TDServer with Central Server non-supported type, the command should be:
sudo bash SetupCA.sh 1 localhost Intel CPG SH CN test@ 1
|Parameter |Meaning |Defalt Value |
|First parameter | |1 |
|Second parameter |Common name of certificate owner |localhost |
|Third parameter |Organization name of certificate owner | |
|Forth parameter |Locality name of certificate owner | |
|Fifth parameter |State name of certificate owner | |
|Sixth parameter |Country of certificate owner | |
|Seventh parameter |email info of certificate owner | |
|Eighth parameter |Flag whether support CS or not. 1: do not| |
| |support Central Server; 0: support | |
| |Central Server | |
Table 3-1 Usage of Command Parameters
4 Set CS Non-supported Type Configuration File
Central Server non-supported type:
sudo sh GetPublicKey.sh 0
5 Set the Server Address
sudo sh SetServerAddr.sh localhost /usr/share/tomcat6
The localhost above should be the IP address of the local computer.
Usage of parameter “localhost”:
The parameter of “localhost” means the IP address for broadcast.
If there is only one net card, the IP address should be “localhost”.
If there are multi net cards, a real IP address should replace the parameter.
6 Set Server Password
sudo sh SetServerPasswd.sh password postgres
The password above cannot be less than 6 characters and it must contain at least one lower case letter, one upper case letter and one special character, e.g. ! @ # , $ %. Some special letters are not allowed, e.g.? \ '.
7 Start Tomcat
sudo sh startupTomcat.sh /usr/share/tomcat6
8 Copy Newer Agent Installation Package
If there is newer version installation package of the Agent, please copy it to /usr/share/tomcat6/webapps/tdserver/Download/DownloadInstall
The Agent is named as: TDAgent_x.x.x.x.xx.deb, TDAgent_x.x.x.x.xx.rpm or TDAgent_x.x.x.xxx.zip
The rules are defined as follows:
|TD Agent Version rules |
|Format: |M.N.F.FOO | |
|Explain: |M-Major version | |
| |N-Minor version | |
| |F.F-Revised version | |
| |OO-OS Flag(OSFlag.OS version) |10:Windows |
| | |22:Ubuntu10.04 |
| | |31:Mandriva 2010 |
| | |41:Metasys XXX |
Table 3-2 Definition of Agent Version Naming
9 Additional Steps for TDServer Pre-activated Non-supported Type
If the TDServer does not support pre-activated provision, perform the steps below:
Create a folder under “/etc/theftdeterrent” folder which name is “pre-activated”.
Create a file named “tcopp_00000000000000000000_00000000000000000000.bin”.
sudo cd /etc/theftdeterrent
sudo mkdir pre-activated
sudo cd pre-activated
sudo echo “” > /etc/theftdeterrent/pre-activated/tcopp_00000000000000000000_00000000000000000000.bin
10 Run TDServer
Launch FireFox. In the address bar, enter: .
The localhost above should be the IP address of the TDServer.
11 Security Configuration
After the deployment completes, please add this part to /usr/share/tomcat6/webapps/tdserver/WEB-INF/web.xml before .
[pic]
12 Import Pre-activated Package for TDServer of Support Pre-activated
Click the “Export” button in the “Export Public Key” table to export Pub_Key.bin.
[pic]
Figure 3-5 Export Pub_Key.bin to Sign Pre-activated Package
Save the exported file “Pub_Key.bin” and send it to the support center.
[pic]
Figure 3-6 Save Pub_Key.bin to Sign Pre-activated Package
Import the pre-activated package received from the support center
[pic]
Figure 3-7 Import Pre-activated Package
5 Deploy the TDServer with Central Server Supported Type on Debian 6 64-bit
Copy the file “tdserver_3.1.0.9.5.1-amd64.tar.gz” to the local disk.
Input “tar –xvzf tdserver_3.1.0.9.5.1-amd64.tar.gz” to the terminal.
Go to the unzipped folder by the command “cd tdserverinstall”, which contains all of the necessary shell scripts.
1 Install Database
If there is no database for the TDServer, please input the following command in the terminal:
sudo sh InstallPostgreSQL /usr/lib/postgresql postgres 4
2 Install TDServer
Command for the English version:
sudo bash installTDServer.sh /usr/share/tomcat6 English
Command for the Spanish version:
sudo bash installTDServer.sh /usr/share/tomcat6 Spanish
3 Setup CA
To install the TDServer with Central Server supported type, the command should be:
sudo bash SetupCA.sh 1 localhost Intel CPG SH CN test@ 0
|Parameter |Meaning |Defalt Value |
|First parameter | |1 |
|Second parameter |Common name of certificate owner |localhost |
|Third parameter |Organization name of certificate owner | |
|Forth parameter |Locality name of certificate owner | |
|Fifth parameter |State name of certificate owner | |
|Sixth parameter |Country of certificate owner | |
|Seventh parameter |email info of certificate owner | |
|Eighth parameter |Flag whether support CS or not. 1: do not| |
| |support Central Server; 0: support | |
| |Central Server | |
Table 3-3 Definition of Agent Version Naming
4 Set CS Supported Type Configuration File
Central Server supported type:
sudo sh GetPublicKey.sh 1
5 Set the Server Address
sudo sh SetServerAddr.sh localhost /usr/share/tomcat6
The localhost above should be the IP address of local computer.
Usage of parameter “localhost”:
The parameter of “localhost” means the IP address which to broadcast.
If there is only one net card, the IP address should be “localhost”.
If there are multi net cards, a real IP address should replace the parameter.
6 Set Server Password
sudo sh SetServerPasswd.sh password postgres
The password above cannot be less than 6 characters and it must contain at least one lower case letter, one upper case letter and one special character, e.g. ! @ # , $ %. Some special letters are not allowed, e.g.? \ '.
7 Start Tomcat
sudo sh startupTomcat.sh /usr/share/tomcat6
8 Copy Newer Agent Installation Package
If there is newer version of the Agent installation package, please copy it to /usr/share/tomcat6/webapps/tdserver/Download/DownloadInstall
The Agent named as: TDAgent_x.x.x.x.xx.deb, TDAgent_x.x.x.x.xx.rpm or TDAgent_x.x.x.xxx.zip
The rules defined as follows:
|TD Agent Version rules |
|Format: |M.N.F.FOO | |
|Explain: |M-Major version | |
| |N-Minor version | |
| |F.F-Revised version | |
| |OO-OS Flag(OSFlag.OS version) |10:Windows |
| | |22:Ubuntu10.04 |
| | |31:Mandriva 2010 |
| | |41:Metasys XXX |
Table 3-4 Definition of Agent Version Naming
9 Run the TDServer
Launch FireFox. In the address bar enter: .
Note: Please replace “localhost” with the real IP address of the TDServer.
If it is deployed successfully, a screen will show as follows:
[pic]
Figure 3-8 Successful HTTP Deployment Page
If is entered in the address bar, the connection will not supported because the CA certificate will not exist until the TDServer has activated successfully.
After the TDServer has activated successfully, the CA certificate must be imported to FireFox to support HTTPS connection. The steps are the same as the steps on the deployment of the Theft Deterrent Server on the public network. Please refer to Chapter 3.5.
6 Upgrade the TDServer from Central Server Non-supported Type to Central Server Supported Type
Copy the file “tdserver_3.1.0.9.5.1-amd64.tar.gz” to the local disk.
Input “tar –xvzf tdserver_3.1.0.9.5.1-amd64.tar.gz” to the terminal.
Go to the unzipped folder by the command “cd tdserverinstall”, which contains all of the necessary shell scripts.
sudo bash SetupCA.sh 1 localhost Intel CPG SH CN test@ 0
sudo sh GetPublicKey.sh 1
And then restart Tomcat with the command:
sudo sh /usr/bin/startup-tomcat.sh
7 Check if Theft Deterrent Server has Been Deployed Successfully
Launch FireFox. In the address bar, enter:
Note: The localhost above should be the IP address of the TDServer.
If the Theft Deterrent Sever has been deployed successfully, a screen as below will be shown:
[pic]
Figure 3-9 Successful HTTPS Deployment Page
8 Enhance Upload Performance
The server.xml can be modified to improve the success rate of slow network uploads.
XML file’s location: /usr/share/tomcat6/conf/server.xml.
The configuration item in server.xml is as follows:
By modifying or adding properties of maxThreads, minSpareThreads and maxSpareThreads such as maxThreads="1500" minSpareThreads="1000" maxSpareThreads="1200" the success rate of slow network uploads can be improved.
Installation of Theft Deterrent Server Windows 2008 R2 64bit Version
1 Install TDServer with Central Server Supported Type
1 Install the TDServer
Select the language that is going to be displayed on the UI during the installation process.
[pic]
Click "Next".
[pic]
Read the license agreement carefully, and continue.
[pic]
Click "Next" to check dependencies.
[pic]
Select the Central Server support type.
[pic]
Select the Setup type.
Default: JRE, Tomcat, and PostgreSQL will be installed to the default location.
Custom: JRE, Tomcat, and PostgreSQL installation path can be changed in the next step.
Note: Only English characters, numbers, “.”, “(“, “)”, “_”, and white spaces are valid characters for installation path.
[pic]
Set PostgreSQL Password.
Note: the default password is “Intel@123”.
The password cannot be less than 6 characters, and must contain at least one lower case letter, one upper case letter, and one of the following special characters: ! @ # , $ %.
[pic]
Click "Next".
[pic]
Set the TDServer password.
Note: the password cannot be less than 6 characters, and must contain at least one lower case letter, one upper case letter and one of the following special characters: ! @ # , $ %.
[pic]
Input the TDServer IP address.
Note: The Server IP Address can be left as blank only if there is only one network card in the local machine and the IP address acquisition manner is to not obtain an IP address automatically but use a configured static IP address. If the local machine has more than one network card, then input a valid static IP address for the local machine in the Server IP Address field.
[pic]
Choose preferred options and click "Finish".
[pic]
2 Copy Newer Agent Installation Package
If there is newer version installation package of the Agent, please copy it to %TOMCAT_HOME%/webapps/tdserver/Download/DownloadInstall.
The Agent will be named: TDAgent_x.x.x.x.xx.deb, TDAgent_x.x.x.x.xx.rpm or TDAgent_x.x.x.xxx.zip.
TD Agent version naming rules:
|TD Agent Version rules |
|Format: |M.N.F.FOO | |
|Explain: |M-Major version | |
| |N-Minor version | |
| |F.F-Revised version | |
| |OO-OS Flag(OSFlag.OS version) |10:Windows |
| | |22:Ubuntu10.04 |
| | |31:Mandriva 2010 |
| | |41:Metasys XXX |
Table 4-1 TD Agent Version Naming Rules
3 Security Configuration
Note: Very important.
Please add this part to %TOMCAT_HOME%/webapps/tdserver/WEB-INF/web.xml after activation from the Central Server is successful.
Add it before .
[pic]
Add the following content to the registry if the export or download operation failed with IE.
[pic]
2 Install the TDServer with Central Server Non-supported Type
1 Install the TDServer
Select the language that is going to be displayed on the UI during the installation process.
[pic]
Click "Next".
[pic]
Read the license agreement carefully, and continue.
[pic]
Click "Next" to check dependencies.
[pic]
Select Central Server non-support type.
[pic]
Select the Setup type.
Note: Only English characters, numbers, “.”, “(“, “)”, “_” and white spacesr are valid characters for the path.
[pic]
Set PostgreSQL password.
Note: The default password is “Intel@1”.
The password cannot be less than 6 characters and it must contain at least one lower case letter, one upper case letter and one special character, e.g. ! @ # , $ %.
[pic]
Click "Next".
[pic]
Set the TDServer password.
Note: the password cannot be less than 6 characters and it must contain at least one lower case letter, one upper case letter and one special character, e.g. ! @ # , $ %.
[pic]
Input the TDServer IP address.
Note: the Server IP Address can be left as blank only if there is only one network card in the local machine and the IP address acquisition manner is to not obtain an IP address automatically but use a configured static IP address. If the local machine has more than one network card, then input a valid static IP address for the local machine in the Server IP Address field.
[pic]
Click Finish.
[pic]
2 Import Pre-activated Package for TDServer of Support Pre-activated
If the TDServer is in under maintenance status, then the TDAgent cannot connect to the TDServer before successfully importing pre-activated package.
Click the “Export” button in the “Export Public Key” table to export Pub_Key.bin. Save the exported file “Pub_Key.bin” and send it to the support center.
[pic]
Import the pre-activated package received from the support center
[pic]
3 Additional Steps for TDServer Pre-activated Non-supported Type
If the TDServer does not support pre-activated provision, perform the steps below:
In the “C:\CMPC” folder, create a folder named “pre-activated”.
Create a file named “tcopp_00000000000000000000_00000000000000000000.bin”.
4 Copy Newer Agent Installation Package
If there is a newer version installation package of the Agent, copy it to %TOMCAT_HOME%/webapps/tdserver/Download/DownloadInstall
The Agent is named: TDAgent_x.x.x.x.xx.deb, TDAgent_x.x.x.x.xx.rpm or TDAgent_x.x.x.xxx.zip
The rules are defined as follows:
|TD Agent Version rules |
|Format: |M.N.F.FOO | |
|Explain: |M-Major version | |
| |N-Minor version | |
| |F.F-Revised version | |
| |OO-OS Flag(OSFlag.OS version) |10:Windows |
| | |22:Ubuntu10.04 |
| | |31:Mandriva 2010 |
| | |41:Metasys XXX |
Table 4-2 Definition of Agent Version Naming
5 Security Configuration
Note: Very important.
Add this part to %TOMCAT_HOME%/webapps/tdserver/WEB-INF/web.xml after installation is finished.
Add it before .
[pic]
Please add the following content to the registry if the export or download operation failed with IE.
[pic]
3 Upgrade the TDServer from Central Server Non-supported Type to Central Server Supported Type
1 Upgrade
Click “Setup.exe” in the installation package to upgrade the TDServer from Central Server non-supported type to Central Server supported type.
[pic]
Select Upgrade.
[pic]
Click Finish.
[pic]
4 Setting for TDServer
Note: To guarantee the TDServer will work correctly, please turn off the firewall or allow TDServer to access ports 80 and 443.
Step 1: Click Windows Firewall in the Control Panel, followed by “Advanced settings”.
[pic]
Step 2: Selecte Inbound Rules. Click “Inbound Rules”.
[pic]
Step 3: Click “Port”. Click “Next”.
[pic]
Step 4: Click “TCP” and input 80 in the “Specific local ports” input box. Click Next.
[pic]
Step 5: Click Next on the Action and Profile settings page. Input the rule name in the “Name” input box, and click “Finish”.
[pic]
Open TCP port 443 following steps 2 to 5. Select "Outbound Rules" in step 2 and open ports 80 and 443 following steps 3 to 5.
For the IE7 or IE8 security settings, please enable the "to upload files to a server that contains a local directory path" option.
[pic]
5 Uninstall the TDServer
1 Uninstall with the Installation Package
Step 1: After clicking Setup.exe the dialog below will display if the TDServer installed is the Central Server support type. Click Next.
[pic]
After clicking Setup.exe the dialog below will display if the TDServer installed is the Central Server non-support type. Select Remove and then click Next.
[pic]
Step 2: Click Remove.
[pic]
Step 3: Click Finish after the uninstall is finished.
[pic]
2 Uninstall with Control Panel
Open Control Panel -> Programs and Features, Select “Intel(R) Learning Series Theft Deterrent Server” and click “Uninstall” to uninstall the TDServer with Control panel.
[pic]
Deployment of Theft Deterrent Agent
1 Deploy Theft Deterrent Agent on Windows Platform
1 Install Theft Deterrent Agent
1. Click “setup.exe” in InstallPackage\Agent with admin privileges. The language selection page will display.
[pic]
Figure 5-1 Language Selection Page
2. Select the language and click "Next" on the Welcome page.
[pic]
Figure 5-2 Welcome Page
3. Choose "I accept the terms in the license agreement", and click "Next”.
[pic]
Figure 5-3 License Agreement Page
4. Click "Next" to install the Theft Deterrent Agent.
[pic]
Figure 5-4 Install TDAgent Page
5. When the installation process is completed, the message will pop up.
[pic]
Figure 5-5 Install Finish Page
6. After clicking the "Finish" button, a message box will prompt the user to restart the computer. Click "Yes" to restart the computer.
[pic]
Figure 5-6 Restart Computer Dialog
7. After rebooting the computer, the Theft Deterrent Agent will run automatically with the agent icon in system tray icon area.
[pic]
Figure 5-7 TDAgent Tray Icon
2 Connect the Theft Deterrent Agent to the Theft Deterrent Server via a Public Network
After the “Theft Deterrent Server” and the “Theft Deterrent Agent” have been installed successfully, the Theft Deterrent Agent will connect with the Theft Deterrent Server when it launches.
1. Theft Deterrent Agent will acquire a server address automatically, or the server address input can be manually. When it gets the server address it will try to connect to the server.
2. On the server side, you will see the following message after the Theft Deterrent Agent is connected.
[pic]
Figure 5-8 New Device Message
Click “Click here” to turn to temporary device account list page. Choose the devices to approve from the select column, and click “Approve”. The devices will become normal accounts and can then download certificates from the server.
[pic]
Figure 5-9 Temporary Device Account List
3. After the device account has been approved, the Theft Deterrent Agent will download the Auto Provision Package. Choose “Yes” at the following message to install the CA certificate.
[pic]
Figure 5-10 Install CA Cert Dialog
If the Reboot Information Dialog is displayed, choose “Reboot now” to apply the certificate.
[pic]
Figure 5-11 Reboot Information Dialog
4. After restarting the device, the Theft Deterrent Agent will download a Shared Secret certificate automatically. Choose “Reboot now” at the Reboot Information Dialog.
5. The deployment of the Connecting Theft Deterrent Agent to the Theft Deterrent Server is complete.
2 Deploy Theft Deterrent Agent on Ubuntu 10.04
1 Install Theft Deterrent Agent
Before installing the TDAgent , “libtdagent” should be installed. To install the TDAgent, sudo permission is required.
1. Install libtdagent
a) Input " dpkg -l libtdagent " to check if libtdagent already been installed.
b) If there is no installed info of libtdagent, then install it by the following command: " sudo dpkg -i libtdagent_1.0netbook0natick3_i386.deb ".
2. If there is no TDAgent in local computer, install TDAgent as follows:
Input " sudo dpkg -i tdagent_2.0.0.9.22netbook0natick1_i386.deb " in Terminal.
3. If there is an old version of TDAgent it must be upgraded it to a new version.
a) Unzip the UpgradeAgent.zip package.
b) Put the "tdagent_2.0.0.9.22netbook0natick1_i386.deb" and "UpgradeAgent.sh" in the same path. Please keep the file name of deb package to “tdagent_2.0.0.9.22netbook0natick1_i386.deb”. The path cannot contain a space character.
c) Input " sh UpgradeAgent.sh " in Terminal.
4. Restart the OS. After restarting, the Theft Deterrent Agent will run automatically.
2 Connect Theft Deterrent Agent to Theft Deterrent Server via Public Network
After the “Theft Deterrent Server” and the “Theft Deterrent Agent” have been installed successfully, the Theft Deterrent Agent will connect with the Theft Deterrent Server when it launches.
1. The Theft Deterrent Agent will acquire a server address automatically, or a server address can be input manually. When acquires the server address it will try to connect to the server.
2. On the server side the new device message described in Chapter 4.1.2 will be displayed after the Theft Deterrent Agent is connected.
After the device account has been approved, the Theft Deterrent Agent will download the Auto Provision Package. At the Reboot Information Dialog choose “Reboot now” to make apply the certificate.
Deployment of the Root CA Management Server and the Theft Deterrent Central Server on a Public Network
1 Install the TD Root CA Management Server
The TD Root CA Server is the third-party server. The Central Server will depend on it to sign the certificate for the TD Server.
1 System Requirements
1. Hardware Configuration:
Intel pentium 4 or Core2Duo above processor.
2. Operating System:
Windows 7 (32/64-bit) Windows Server 2008 (32/64-bit).
3. Internet Information Services (IIS):
IIS 7.0 and above.
4. Microsoft .NET framework 4.0 or above
5. Microsoft Visual Studio 2010 runtime components of Visual C++ Libraries
2 Installation/update
1 Installation on Windows 7(Windows Server 2008)
1. Install Internet Information Services (IIS)
Note: Select all sub-items in Internet Information Services.
[pic]
2. Extract the RootCA server package and click the TDCAServerWebSetup.msi to start the installation
3. Follow the wizard to finish the installation.
4. Add write permission to App_Data for IIS_IUSRS
The default path is “c:\Inetpub\wwwroot\TDCAServerWebSetup\App_Data\”
[pic]
5. Open the IIS management console by typing "inetmgr" from "Run"
6. Modify settings of Application pools
a. Click “Application Pools”, right click “defaultAppPool” and select “Advanced Settings”.
[pic]
b. Set .NET Framework Version to v4.0.
[pic]
c. Select “NetworkService” in “Identity”.
[pic]
d. Double click the “DefaultAppPool” and set the “.Net Framework version” as “.Net Framework v4.0.30319” in the “Edit Application Pool” dialog.
[pic]
2 Update the root CA Server from current use version
a) Backup the old CA Server’s ‘App_Data’ folder and files in the folder.
[pic]
b) Uninstall the old CA Server.
c) Install the new CA Server.
d) Modify the setting like in step 6.
e) Copy the App_Data folder and files to the new CA Server folder to replace the current versions.
3 First-time Login
1. Test the web service:
Open a web browser and the enter URL:
Note: Replace localhost with the actual URL
2. Configure the Central IP address in web.config
• Open web.config from the TD root CA web folder
o The default path is “c:\Inetpub\wwwroot\TDCAServerWebSetup\web.config”
• Find the and add the Central Server IP address or its domain name into the value string.
3. Initial Root CA keystore
• Intel or EXO has own RootCA keystore. Please rename the Own RootCA keystore name to CmpcRoot.keystore.
• Copy to C:\Inetpub\wwwroot\TDCAServerWebSetup\App_data\keystore\
Note: If logged in to the Root CA Management Server, DO NOT click the button “Initialize CMPC Root CA keystore” in page “Root CA Initialization”; otherwise, it will generate a third party RootCA Keystore.
4. Login RootCA Server:
Default Account:
• User name: admin
• Password: 123456
5. Click “Root CA Initialization”( “Export CMPC Root CA Public Key”
[pic]
6. Rename CmpcRoot.pubkey to Root_Pub_Key.bin. (It is for the Central Server)
4 Firewall Settings
If the server can’t be accessed remotely, open port 80 (for HTTP) and 443 (for HTTPS) in the firewall settings. Open the firewall setting console by typing " wf.msc" from "Run".
a. click “Inbound Rules”. Right click “BranchCache Content Retrieval (HTTP-In)” rule and select “Properties”.
[pic]
b. check the “Enabled” button on the “General” page.
[pic]
c. Go to the “Scope” page and in “Remote IP address”, select “Those IP addresses” and add the IP addresses which are allowed to visit the server.
[pic]
d. Follow the same steps for the “BranchCache Hosted Cache Server (HTTP-In)” rule.
2 Install Central Server Preparations
1 Update the Sources List
Update sources.list to download the installation package.
4. Backup the initial sources.list
sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup
5. add sources to the sources.list
echo "deb lucid partner" | sudo tee -a /etc/apt/sources.list
6. Update the package list
sudo apt-get update
7. Upgrade the old packages
sudo -E apt-get upgrade –y
Note:
Please select effective sources according to network access rights and rates.The above source is a partner source to download Sun-JAVA6-JDK and sources can be edited in the file.
3 Install Dependencies
1 Install sun-java6-jdk
1. Install sun jdk.
sudo apt-get –y install sun-java6-jdk
2. Choose jdk.
sudo update-alternatives -–config java
Ubuntu will list all alternative javas. Select java-6-sun not OpenJDK.
3. Set the java environment variables in the file “.bashrc”.
sudo vi ~/.bashrc
Add the following command to bottom of file “.bashrc” if JAVA_HOME or JRE_HOME isn’t set.
Note:
• The configuration will take effect after restarting the shell if .bashrc has been edited.
Reboot command: sudo reboot
• Check the version of jdk, and confirm it is sun-java6-jdk not OpenJDK
4. Check if configuration is successful with the following command:
echo $JAVA_HOME
echo $JRE_HOME
2 Install tomcat6
sudo apt-get –y install tomcat6
3 Install Postgresql
sudo apt-get –y install postgresql-8.4
Note: Postgresql should be 8.3 or above, the current version in source is 8.4
4 Set Configuration Files
1 Configure Postgresql
Modify pg_hba.conf:
sudo vi /etc/postgresql/8.4/main/pg_hba.conf
Change to:
2 Configure Openssl
Use the supplied f which is under the directory CentralServer, but not the system file.
Note: The version of openssl cannot be lower than 1.0.0a.
5 Install Central Server
1 Deploy Software
1. Stop Tomcat6
sudo /etc/init.d/tomcat6 stop
2. Copy CentralServer.war from the CentralServer install package.
sudo cp CentralServer.war /var/lib/tomcat6/webapps
3. Change the permission of the CenterServer.war
sudo chmod 777 /var/lib/tomcat6/webapps/CentralServer.war
4. Start Tomcat6
sudo /etc/init.d/tomcat6 start
Note: After restarting tomcat6 service, CentralServer.war should be extracted to “/var/lib/tomcat6/webapps/CentralServer/”
2 Deploy Configurations
1. Extract CentralServer.tar
sudo tar –xf CentralServer.tar
2. Copy CentralServer to /etc
sudo cp –R CentralServer /etc
Note: If directory of CentralServer is deployed to another path, please update path to the config.xml, f
3. Configure f which is under the directory of CentralServer. Replace dir with the actual path.
| [CA_default] |
|dir = /etc/CentralServer |
4. Set access levels for directories and files.
sudo chmod 777 /etc/CentralServer
cd /etc/CentralServer
sudo chmod 777 newcerts
sudo chmod 666 index.txt
sudo chmod 666 serial
sudo chmod 777 step0-generateCA.sh
sudo chmod 777 step1-generateCentralServer.sh
sudo chmod 777 step2-signCSWithCA.sh
sudo chmod 777 TempTD
5. Copy Root_Pub_Key.bin to /etc/CentralServer/ (generated CmpcRoot.pubkey by RootCA Server and renamed to Root_Pub_Key.bin)
sudo cp Root_Pub_Key.bin /etc/CentralServer/
6. Copy Pub_Key.bin to /etc/CentralServer/TempTD/
sudo cp -r Pub_Key.bin /etc/CentralServer/TempTD/
Note:
The Pub_Key.bin in the folder is necessary to sign the pre-activated key with a command which is supposed to be generated when CMPC is in factory.
Directory tree of CentralServer is:
[pic]
3 Generate Certificates
7. Run scripts in /etc/CentralServer
cd /etc/CentralServer
sudo ./step0-generateCA.sh
8. Modify step1-generateCentralServer.sh
sudo vi step1-generateCentralServer.sh
[pic]
Note: use actual IP and E-mail instead.
9. Run scripts
sudo ./ step1-generateCentralServer.sh
sudo ./step2-signCSWithCA.sh
Note:
the CA root certificate is self-signed in step0. CentralServer is signed by CA and it can be also signed by a trusted CA. Make sure that the path generated by truststore and keystore is the same as all the configuration files referred to in the section “Configure Tomcat6”.
4 Configure Tomcat6
1. Configure the server.xml for https policy.
sudo vi /var/lib/tomcat6/conf/server.xml
• Remove the remark character “” after “truststoreType="JKS" />”
Note: Replace the CentralServer.keystore and CentralServer.truststore with the actual path.
2. Configure web.xml for security.
sudo vi /var/lib/tomcat6/webapps/CentralServer/WEB-INF/web.xml
[pic]
Note: Increase the web.xml file by the above documents.
5 Configure XMLs
1. Configure config.xml
sudo vi /var/lib/tomcat6/webapps/CentralServer/WEB-INF/classes/config.xml
[pic]
Note:
• : the deployed location of directory CentralServer
• : the location of the constvalue.xml. Please double check that it is set correctly.
• : Path of CentralServer Web Pages which extracted in Chapter 5.5.1. Suggest configuring the path to another location which can be access by tomcat but not the tomcat installation path.
[pic]
Note:
• Setting an appropriate value for maxPoolSize according to connected numbers of the TD Server.
2. Configure constvalue.xml
sudo vi /var/lib/tomcat6/webapps/CentralServer/WEB-INF/constvalue.xml.
Configure items in constvalue.xml is as follows:
[pic]
Note:
• : Central Server address.
• : Central Server supports an interface for third party SW to switch the Central Server between operation status and maintenance status. "stateSwitchIP" is used to input the allowed accessing IP of the computer where the third party SW is located. Partition off multi-IP addresses by comma.
• : Path of the CentralServer Web Pages which were extracted in Chapter 5.5.1 “Deploy software” must be the same as "" in config.xml
• :RootCA server address
6 Post-configuration
Type the following commands:
cd webapps/CentralServer/WEB-INF
cp –f classes/config.xml services/HttpWebServiceInterface
cp –f classes/config.xml services/WebServiceInterface
sudo /etc/init.d/tomcat6 restart
7 Enhance Upload Performance
There are two methods to enhance upload performance.
Note: After modification, please restart tomcat.
1. Enhance the performance of concurrent uploads.
Modify “$CATALINA_HOME/bin/catalina.sh” as follow:
Note: Modify the red number according to the number and size of the concurrent upload files.
2. Improve the success rate of slow network uploads.
Modify the web.xml and XML file’s location: webapps/CentralServer/WEB-INF/web.xml.
Configure the item in constvalue.xml is as follows:
Note:
• The units of timeout are in minutes.
• If “singleTime” means the longest time for uploading a single file successfully then it is suggested to adopt the following calculation for expressions of timeout:
timeout >= singleTime * 130%
8 Deploy Database
1. Extract and open tools.tar.
sudo tar –xf tools.tar
cd tools
2. Initialize the postgresql database.
sudo /etc/init.d/postgresql-8.4 restart
sudo chmod 777 cmpc_csdb.sql
sudo psql –U postgres –f cmpc_csdb.sql
The following commands are just for reference:
|Start or stop postgresql service with the following command: |
|sudo /etc/init.d/postgresql-8.4 stop |
|sudo /etc/init.d/postgresql-8.4 start |
|Create a user or database with the following command: |
|sudo createuser tddbadmin –U postgres |
|sudo createdb tdmoecs –U tddbadmin |
|Delete a database or user by using the following command. Database must be deleted before the user. |
|sudo dropdb tdmoecs –U tddbadmin |
|sudo dropuser tddbadmin –U postgres |
3. Configure the login password, e-mail account and smtp server in the file operator.conf.
sudo vi operator.conf.
Note:
• Change the red color highlighted values without changing the format.
• It’s important for Central Server to be able to send email.
[pic]
4. Run configureadmin.sh to update the admin password, email account and smtp server to the database.
sudo chmod 777 configureadmin.sh
sudo./configureadmin.sh
Note:
• This step must be executed after initializing database.
• Make sure that the related files are here.
utility/Md5Encrypt.class
configureadmin.sh
operator.conf
9 Configure Firewall Rules
Central Server opens 80/443 ports. If ports 8080 and 8443 are specific in server.xml, thenI iptables must be used to map ports 8080/8443 to ports 80/443.
There are two methods to implement the port mapping.
Method 1:
Apply the rules from the terminal and the rules are disabled after the OS reboot.
sudo iptables –t nat -A PREROUTING –p tcp --dport 80 –j REDIRECT --to-port 8080
sudo iptables –t nat -A PREROUTING –p tcp --dport 443 –j REDIRECT --to-port 8443
Method 2: (Recommend)
Apply the rules automatically as the OS starts.
1. Save the firewall rules to a file.
sudo iptables-save > /etc/iptables.up.rules
2. Add or modify rules to the file iptables.up.rules [pic]
Note:
• Ports (8080/8443) should be consistent with the configuration ports in server.xml.
• If the file “iptables.up.rules” contains “nat” rule, add the command which is highlight with red color to the file, or else the “nat” rule needs to be added to the file.
3. Modify the /etc/network/interfaces script to apply the rules automatically. Add the following command in the end.
[pic]
4. Reboot system
sudo reboot
Note: After rebooting the OS, the modification to interfaces will be effective
6 Run Central Server
1. Make sure that the firewall allows the following ports to access: 80 and 443.
Set the firewall to allow port 80 and 443 to any address on this host
sudo ufw allow 80
sudo ufw allow 443
2. Make sure that the CA server runs normally.
3. Login from the URL:
Note: the IP may be the domain name.
7 Upgrade Central Server
1 Upgrade Central Server Preparation.
1. Stop Tomcat6
sudo /etc/init.d/tomcat6 stop
2. Create a Backup Folder
sudo mkdir /var/lib/tomcat6/BackupFile
3. Move the original application file to the backup folder
sudo mv -f /var/lib/tomcat6/webapps/CentralServer -t /var/lib/tomcat6/BackupFile
4. Backup the original war file
sudo mv -f /var/lib/tomcat6/webapps/CentralServer.war -t /var/lib/tomcat6/BackupFile
5. Copy CentralServer.war from the CentralServer install package.
sudo cp CentralServer.war /var/lib/tomcat6/webapps
6. Change the permission of CenterServer.war
sudo chmod 777 /var/lib/tomcat6/webapps/CentralServer.war
7. Start Tomcat6
sudo /etc/init.d/tomcat6 start
2 Upgrade Configurations
1. Create a Temp TD Folder
cd /etc/CentralServer
sudo mkdir TempTD
2. Copy the Temp TD file to the TempTD folder
sudo cp -r Pub_Key.bin /etc/CentralServer/TempTD/
Note:
* The Pub_Key.bin is a factory pre-generated file used to sign Pre-activated Key.
3 Configure XMLs
1. Copy the original services file to the new application
cd /var/lib/tomcat6/BackupFile/CentralServer/WEB-INF/
sudo cp -rf services /var/lib/tomcat6/webapps/CentralServer/WEB-INF/
2. Copy the orginal TD backup file to the new application
sudo cp -rf backup /var/lib/tomcat6/webapps/CentralServer/WEB-INF/
sudo chmod 777 -R /var/lib/tomcat6/webapps/CentralServer/WEB-INF/backup/
3. Copy the original configuration file to the new application
sudo cp -f constvalue.xml /var/lib/tomcat6/webapps/CentralServer/WEB-INF/
sudo cp -f web.xml /var/lib/tomcat6/webapps/CentralServer/WEB-INF/
sudo cp -f urlrewrite.xml /var/lib/tomcat6/webapps/CentralServer/WEB-INF/
sudo cp -f classes/config.xml /var/lib/tomcat6/webapps/CentralServer/WEB-INF/classes/
4 Upgrade the Database
1. Extract upgrade.tar
sudo tar -xf upgrade.tar
cd upgrade
2. Upgrade the Central Server database.
sudo /etc/init.d/postgresql-8.4 restart
sudo chmod 777 upgrade_csdb.sql
sudo psql -U postgres -f upgrade_csdb.sql
5 Run the Central Server
sudo /etc/init.d/tomcat6 restart
Deployment of the Theft Deterrent Server in Schools
1 Connect to the Theft Deterrent Central Server for Activation
After the TDServer deployment is completed, go first to the “Register School Information” page after login; Click the “Account Management” tab to jump to the “Register School Information” page.
1 Register School Information
This page is used to fill in and send school register information.
[pic]
Figure 7-1 Register School Information page
There are 2 kinds of registration methods: online registration and offline registration.
• Register School Online
To register online all the school registration information provided on this page will be sent to the Central Server. If the information was sent successfully and Central Server admin approves the registration requirements an “Activation Code” will be e-mailed.
• Register School Offline
To register offline the “Network Address of Central Server” info is not needed on the Register School Information page. All school registration information provided on this page will be generated into an offline registration package. Right click the link “Right click to save the file” to save the package, and copy it into a local computer or USB disk and import it to the Central Server side to generate an activation package.
Note: For the “Register School Online” type, both IP address and port number should be inputted after “Network Address of Central Server”. If the port number is 80, leave the port number as empty.
[pic]
Figure 7-2 Offline Register page
After filling in all required registration information on the page and selecting the registration method, the page will jump to the Activate School Account page.
2 Activate School Account
This page is used to activate school accounts.
There are 2 kinds of activation methods: online activation and offline activation.
• Activate School Online
[pic]
Figure 7-3 Online Activation
To activate a school online the “Activation Code” and “Network Address of Central Server” are required. If school registration information was sent successfully, and the CS admin approved the registration requirements an “Activation Code” will be e-mailed box. Enter the “Activation Code” and “Network Address of Central Server” and click the “Activate” button.
• Activate School Offline
[pic]
Figure 7-4 Offline Activation
To activate a school offline the “Activation Code” and “Offline Activation Package” are required. Enter the “Activation Code” and “Offline Activation Package” path and click the “Activate” button.
ATTENTION:
1. Before activation, do not connect the TDAgent to TDServer.
2. After activation, please restart the computer.
3 Security Configuration
After activation, please add this part to /usr/share/tomcat6/webapps/tdserver/WEB-INF/web.xml before .
[pic]
2 Check if Theft Deterrent Server has Been Deployed Successfully
Launch FireFox. In the address bar, enter:
If the Theft Deterrent Sever has been deployed successfully, the screen below will be display:
[pic]
Figure 7-5 Successful HTTPS Deployment Page
3 Enhance Upload Performance
The server.xml can be modified to improve the success rate of slow network uploads.
The XML file’s location: /usr/share/tomcat6/conf/server.xml.
Configure items in the server.xml is as follows:
By modifying or adding properties of maxThreads, minSpareThreads and maxSpareThreads such as maxThreads="1500" minSpareThreads="25" maxSpareThreads="75" the success rate of slow network uploads can be improved.
Transfer Theft Deterrent Agent to School
All of the transfer operations can be performed on the “Transfer” page.
There are 2 tabs on the page: Request Transfer and Accept Transfer.
[pic]
Figure 8-1 Transfer Page
1 Request Transfer from TDServer on Public Network
The Request Transfer tab is used to control and view the transfer out application.
[pic]
Figure 8-2 Request Transfer Tab
The student info table is displayed in the middle part of the page. Transfer status is displayed in “Transfer Status” column. If there are too many records in the table, use the “Search” or “Advanced Search” on top of the page to find the desired record(s) easily.
To transfer out a student, check the checkbox of the student, and click the “Transfer” button. If the “Request Transfer” is added successfully, the transfer status will change into “Pending”.
To revoke a transfer out requirement, check the checkbox of the student, and click the “Revoke” button.
2 Accept Transfer from the TDServer in Specific School
The Accept Transfer tab is used to audit transfer in applications and export transfer certificates.
[pic]
Figure 8-3 Accept Transfer Tab
The transfer in application table is displayed in the middle part of the page. Transfer status is displayed in “Transfer Status” column. If there are too many records in the table, use the “Search” or “Advanced Search” on top of the page to find the desired record(s) easily.
To approve a transfer in application, check the checkbox of the requirement, and click the “Approve” button. If the transfer is approved successfully, the transfer status will become “approved” or “signed”.
To reject a transfer in application, check the checkbox of the application, and click the “Reject” button.
3 Export the Transfer Certificate to the TDAgent
When a transfer status becomes “signed” in the “Accept Transfer” tab, the transfer certificate needs to be exported to the TDAgent.
There are two ways to export the transfer certificate:
1. Connect the TDAgent to the TDServer in the school to upload the transfer certificate.
2. Click the “Export” button on the “Accept Transfer” tab. The transfer certificate will be exported to a pre-configured position as a binary file. It can then be copied to the TDAgent for use.
If the TDAgent has successfully downloaded or exported the certificate, the transfer status will become “normal”.
4 Check if the TDAgent has Been Transferred Successfully
There are 6 kinds of “Transfer Status” in entire the “transfer” procedure.
• Normal
The device is being used in a school.
• Pending
Transfer out application has been accepted, but target school has not approved.
• Approved
Target school has approved transfer request, but Transfer Certificate has not been generated.
• Rejected
Target school rejects the transfer request. When the original school receives the “Rejected” message, the CMPC will be turned to “Normal” status, and the TD admin will be informed by a message.
• Signed
Transfer Certificate has been generated, but has not been downloaded or exported.
• Completed
Transfer Certificate has been downloaded or exported, transfer process is complete, and this status is equivalent to “Normal”.
If the Theft Agent has been transferred successfully, the transfer status for the TDAgent in the target school will become “Completed” or “Normal”, and the TDAgent info will not be visible in the original info of the old TDServer on the public network.
Update the TDServer Public Key with Central Server Non-supported Type
To submit an update request, click “Update”.
[pic]
Click “Yes”.
[pic]
Click “Generate”.
[pic]
A download box will pop up. Save the file, and send if to the support center to sign the pre-activated package.
After submitting the update request and signing pre-activated package with the new public key, import the pre-activated package to make the new public key take effect.
[pic]
Restore
Click “Restore” button.
[pic]
After clicking “Restore” button, “Restore” page will pop up.
[pic]
On this page, the DB and SCF can be restored from the CS or local host.
1 Restore From Local Backup File
When restoring from the local host the latest 3 backup files will be displayed in the DDL. Select a backup file and click the “Restore” button.
[pic]
After clicking the “Restore” button, the restore confirmation page will pop up.
[pic]
After clicking “Restore” button, the restore result will display on the restore result page.
[pic]
Note: When reinstalling the TDServer, before the restore operation, please perform the following operation:
If the TDServer is installed on Windows 2008 R2:
Clear the “C:\CMPC\tdserverbackup” directory, and copy the backup file(s) to be restored into it after the installation has successfully completed.
If the TDServer is installed on Debian:
Clear the “/user/local/tdserverbackup” directory, and copy the backup file(s) to be restored into it after the installation has successfully completed.
Export the necessary public key update package after successful restoration.
2 Restore From the Central Server
When restoring from the CS the latest 3 backup files will be displayed in the DDL. Select a backup file and click the “Restore” button. The CS login password will be needed.
Note: the SCF can be restored from the CS, but cannot be backed up on the TDS because during activation, the TDS sends its key pair to the CS to be signed and CS does have SCF backup.
[pic]
After clicking the “Restore” button, the restore results will be displayed on the restore result page.
[pic]
Note: When reinstalling the TDServer, reactivate the TDServer from the Central Server before the restoration operationt. Reactivation operations can be found on the TDServer “Account Management” page.
[pic]
[End of Document]
-----------------------
…….
…….
…….
SSL
/*
CONFIDENTIAL
…….
…….
…….
SSL
/*
CONFIDENTIAL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
"BypassSSLNoCacheCheck"=dword:00000001
…….
…….
…….
SSL
/*
CONFIDENTIAL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
"BypassSSLNoCacheCheck"=dword:00000001
# set java environment
export JAVA_HOME=/usr/lib/jvm/java-6-sun
export JRE_HOME=$JAVA_HOME/jre
local all postgres ident
local all all ident
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
local all postgres trust
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
/CentralServer/
newcerts/
TempTD/
Pub_Key.bin
index.txt
serial
Root_Pub_Key.bin
f
step0-generateCA.sh
step1-generateCentralServer.sh
step2-signCSWithCA.sh
CS_CN=10.10.112.116 #Common Name: must be local IP
CS_Email=test@ #e-mail
…….
…….
…….
SSL
/services/WebServiceInterface.WebServiceInterfaceHttpSoap11Endpoint/*
SSL
/services/WebServiceInterface.WebServiceInterfaceHttpSoap12Endpoint/*
CONFIDENTIAL
3
10.10.112.116
10.10.112.11
/var/lib/tomcat6/webapps/CentralServer/
[pic]
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- 82nd airborne division deployment 2019
- crm deployment plan
- deployment antonym
- lms moe moe gov ae
- deployment pay calculator 2020
- military deployment pay chart
- military deployment benefits
- salesforce deployment checklist
- air force deployment pay chart
- dod civilian deployment pay calculator
- office 365 proplus deployment tool
- download office deployment tool