Installation
Cisco TMS Secure Server Configuration Guide 13.0
Page 7 of 34
Installation
Pre-install considerations
We strongly recommend installing Cisco TMS on a dedicated server. Using Cisco TMS server for
other purposes or services will reduce the effectiveness of any security initiative.
The outline presented in this document assumes Cisco TMS is the only application installed on
the server.
The server should be physically placed in a room that is inaccessible to unauthorized persons.
The server should never be a domain controller.
The security recommendation is to install Cisco TMS using a local instance of SQL Server. This
reduces the surface area of the SQL server and keeps all communications between the
application and the database off the network. Installations looking to use an external SQL Server
should consider using SSL to secure the database traffic between the Cisco TMS Server and the
SQL Server.
For additional Microsoft documentation regarding SSL and SQL, see
How SQL Server uses a
certificate when the Force Protocol Encryption option is turned on
Installing baseline configuration
1.
Install Windows 2003 SP2- When installing the server; create two partitions on the server.
One is the system partition, usually C:\ where Windows and IIS is installed. The second partition
is used by Cisco TMS. Install Windows Server 2003 with Service Pack 2 (SP2) using the default
settings. Be sure to format the partitions NTFS when performing the initial setup of Windows.
2.
Install anti-virus software and updates - Protect the new server by installing your choice of
enterprise anti-virus software package. It is important that you keep up–to-date on the latest
virus signatures. Take note of anti-virus features that control/prevent sending of email via
SMTP. Cisco TMS requires the ability to send mail via SMTP (TCP Port 25).
3.
Install the latest Windows Service Pack - As each Service Pack from Microsoft includes all
security fixes known to date it is vital that the latest version is installed. Update your baseline
server to the latest Service Pack for Windows.
4.
Install the appropriate post-Service Pack security updates - Update the server to the latest
available post-Service Pack security updates and any relevant hot-fixes. You can subscribe to
the e-mail service where Microsoft sends administrators information about security issues and
hot-fixes available for patching security holes- Go to:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
5.
Join server to Domain – Join the new server to the domain it will be used with.
6.
Optional – Install SQL Server 2005 - If you are planning on running a full edition of SQL
Server 2005 rather than the express edition installed with Cisco TMS, install SQL Server at this
time to the second partition of the server. The server must be installed in Mixed Authentication
mode – choose a strong password for the SA account. Only the SQL Engine component and its
dependencies are required.
7.
Install Cisco TMS - Install the latest version of Cisco TMS. When running the installer, choose
the custom option to allow greater control of the installation.
If no SQL Server was previously installed, specify to install the SQL Server locally with a strong
SA password.
Specify the installation paths of the SQL Server and Cisco TMS directories to be on the second
partition of your server. As part of the installation, IIS and SQL Server may be installed.
8.
Secure Default Groups for Cisco TMS – As part of the default installation of Cisco TMS, all
new users are automatically added to the Site Administrators group and the Users group.
Both groups have full permissions to all facilities.
To establish one user as the only Site Administrator, do the following:
a. Log in as that user, go to Administrative Tools > User Administration > Default Groups
and set Users to be the only default group. All new users that log in to Cisco TMS will now