Configure Lasernet Config Server

On the server that will run Lasernet Config Server, you must use Lasernet Service Manager to configure the Lasernet Config 11 Windows service. The main parts of this task include configuring Lasernet Config Server’s database connection and specifying which Lasernet environments it will manage.

When you install Lasernet Config Server on a server, the installer automatically creates and starts a Lasernet Config 11 Windows service.

Steps

To configure Lasernet Config Server, follow these steps:

1. On the server that is running Lasernet Config Server, in the Windows Start menu, click Lasernet 11 > Lasernet Service Manager 11. The Lasernet Service Manager 11 window opens.

2. Double-click the Lasernet Config 11 row. The Lasernet Config window opens.

3. Optional: On the General tab, if you leave the Server runtime data directory box blank, Lasernet Config Server will use its default location for configuration data, its job database (which tracks paused jobs, scheduled jobs, failed jobs, and combined jobs), grab data, and job data. In most situations, this is satisfactory. If you want to specify where Lasernet Config Server will store this data, enter or select a directory.

4. Configure Lasernet Config Server’s database connection. This database includes data about Lasernet configurations, revision data, and deployment log history.
   

   1. On the Database tab, enter appropriate values for the following settings:

      • Server: The SQL Server instance that hosts the database. This can be a host name or it can identify a particular SQL Server instance: <host name>\<instance name>

      • Credentials > Username: The username of a database identity that grants sufficient access to the Lasernet Config Server database. Leave this empty to use Windows authentication. The identity that the Config Server uses to connect to its database must have permission to create and alter tables, and insert, update, and delete rows.

      • Credentials > Password: The password that accompanies the username. Leave this empty to use Windows authentication.

      • Databases > Config: The name of the Lasernet Config Server database.

      • Databases > Dictionary: If applicable, the name of the Dictionary database.

      • Require encryption: Toggles database connection encryption. The appropriate setting depends on how SQL Server has been set up.

      • Trust server certificate: The appropriate setting depends on the database server’s configuration.

      • Connection > Retries: The number of database connection attempts that Lasernet Config Server will make.

      • Connection > Interval: The interval between each connection attempt.

   2. Click Test Connection.

5. Configure Lasernet Config Server’s port number. On the Bindings tab, modify the Port number (see 1 in the image below).

   Note

   In most situations, the default port number (443) is suitable. Modify the port number only if necessary to prevent port conflicts with other software running on the same server.

   

6. If necessary, specify the hostnames to bind a local server certificate to. Lasernet Config Server will use the certificate to prove the server’s identity. The certificate also provides encryption keys to secure communication between the server and the client. Lasernet Config Server can use certificates installed in the Windows certificate store (in the Computer certificates area) or certificates stored on disk as PFX files. You must create a binding for every hostname that clients use to connect to Lasernet Config Server.

   Note

   If no bindings are configured, Lasernet will autogenerate self-signed certificates for localhost, <server name> and the server’s fully qualified domain name (FQDN).

   To specify a binding, follow these steps:

   1. Click Add (see 2 in the image above).

   2. In the Add Binding window (3), enter a Hostname. This is the hostname that the certificate will be bound to. Valid values for Hostname are a hostname (without a domain specified), a FQDN, or an IP address.

   3. Provide certificate details:

      • If Thumbprint is supplied, the certificate (in the Windows certificate store) that has the specified thumbprint will be used.

      • PFX is the path and filename to a certificate (including private key) that is stored in PFX format. Password is the password for the PFX file.

      • If you leave both Thumbprint and PFX blank, a self-signed certificate for the specified Hostname will be generated and stored in the Windows Certificate Store.

   4. Click OK to save the binding.

   Note

   Repeat these steps for every hostname that clients will use to connect to Lasernet Config Server. For example, some clients might connect to localhost, whereas other clients might connect to the server’s FQDN. Multiple bindings can point to the same certificate, if necessary.

7. Specify which Lasernet environments will be managed by this Lasernet Config Server.

   1. On the Environments tab, decide whether to select Automatically synchronize Environments (see 1 in the image below).

      • If selected, when an environment is added to the Lasernet Service Manager 11 window, it will be added to the Lasernet Config Environments tab. Consequently, the Config Server manages all the environments that run on the same server as the Config Server (and only those environments).

      • If not selected, you must manually Add and Remove environments from the list. If the Config Server must manage environments that are not running on the same server as the Config Server, you must add them in this way.

      

   2. If Automatically synchronize Environments is not selected: Manually add environments to the list:

      1. Click Add (below the environment list). The Add Environment window opens.

      2. Enter the Name of the environment or select it from the list (2). The name you enter must match the name displayed in the Lasernet Service Manager 11 window on the server that is hosting the environment.

         • If the environment is running on the same server as the Config Server, the environment will be listed in the same Lasernet Service Manager 11 window as the Lasernet Config 11 service. In this scenario, you can select the environment from the list.

         • If the environment is running on a different server, the environment will be listed in the Lasernet Service Manager 11 window on that server. In this scenario, you must manually enter the environment’s name into the Name box.  

      3. Enter the Client secret for the environment. When you created and configured environments, you made a note of each environment’s client secret.

         Note

         If the environment is running on the same server as the Config Server, Lasernet Service Manager will automatically copy and enter the environment’s client secret for you.

8. If Automatically synchronize Environments is selected: To modify settings (such as Client secret) for an environment that was automatically added to the list, select the environment in the list, click Edit, then modify the settings as described above.

9. If necessary, configure external authentication of Lasernet users.

   Note

   If external authentication is enabled and multiple authentication providers are configured, the user must specify which provider to use when they log in.

   Note

   Enabling external authentication and specifying external providers is only part of the process for configuring external authentication. For a complete guide to the process, see the Guide to Configuring Microsoft Entra ID Authentication for Lasernet.

   1. To enable user authentication through external authentication providers, select Use external provider(s) on the Authentication tab (see 1 in the image below).

      

   2. To add an authentication provider, click Add (2).

   3. In the Add Provider window, enter the following properties, then click OK.

      • Name: A descriptive name that identifies the provider.

      • Client ID: The application (client) ID that identifies the relevant app registration (or equivalent) in the authentication provider.

      • OIDC metadata endpoint: The OpenID Connect Metadata document URI. The OpenID Connect Metadata document provides Lasernet with the information required to validate the JWT tokens issued by the authentication provider.

   4. If more than one provider is configured: To designate the default provider, select its row on the Authentication tab and then click Set as Default.

   Note

   If external authentication is enabled, an External Roles page is added to the Config Server application.

10. Click OK to close the Config Server properties window and save your configuration changes. Lasernet Service Manager will ask you if you want to restart the Lasernet Config 11 service (to apply your changes).  

After configuring Lasernet Config Service, the next step of the Lasernet 11 installation and setup process is to configure the Lasernet Web Client (if used). If Lasernet Web Client is not used, the next step is to sign in to the Lasernet Config app so that you can continue the Lasernet system setup process.