Managed Deployment

Managed deployment scenario is intended for large customer with a managed approach to software installations.

Managed deployment is to install IFS Applications client into the same environment / file system which is used for hosting other applications. Security requirements on this file system, update policies etc is managed by computer network or security staff. Citrix, Windows Terminal Server, software on shared file servers etc is covered in this scenario.

Actions

These options requires Administrator rights on local PC / local workstation / Citrix / Terminal server, and browse/read access to Application Server file system.

  1. Locate IFS Applications client runtime directory on Application Server
    Client runtime is located in <ifs_home>\<instance_name>\client\runtime.

    <instance_name> is the name assigned to this particular IFS installation.

     

    Client runtime
  2. Copy files  from Application Server to destination

    Copy files from Application Server to destination, e.g. file server, Windows Terminal Server, Citrix, or to an software distribution/management server.

    <ifs_home>\<instance_name>\client\runtime
md "\\destination\share\Program Files\IFS"
xcopy * "\\destination\share\Program Files\IFS\<instance_name>" /I /E
  3. Create shortcut

    Create shortcut to Ifs.Fnd.Explorer.exe

    1. Start Windows "New shortcut" wizard.
    2. Locate Ifs.Fnd.Explorer.exe in \Program Files\IFS\instance_name.. There are other files with similar names, so please ensure that you pick the correct file.
    3. Pick a suitable name for this shortcut. If you have several instances, it is a good idea to include instance_name in shortcut name.

      Selecting a suitable name for shortcut.

     "IFS Applications ..." shortcut will start IFS Applications securely.

  4. Perform any additional system specific steps if necessary

    A few additional steps may be required. These steps are:

    If using independent workstation installations:

    1. push out program files and shortcut to clients using software update management software.

    If hosting software on shared terminal server, e.g. Citrix or Windows Terminal Server:

    1. publish shortcut to end-users.

    If hosting IFS Applications software on a shared (and trusted) fileserver, either do:

    1. Add file server to My Computer zone
    2. Update workstations' registry keys or domain policies to indicate that file server is member of My Computer (0) zone (Microsoft KB303650).
    3. Add file server to Local Intranet or Trusted Sites zone, and add FullTrust .NET rights
    4. Update workstations' registry keys or domain policies to indicate that file server is member of Local Intranet (1) or Trusted Sites (2) zone (Microsoft KB303650).
    5. Update .NET framework policies to indicate that the file server should have FullTrust on workstations, either by using CASPOL on workstations or pushing updated %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config files to workstations.

    Security consideration: Adding servers to My Computer is potentially dangerous. To limit threat, you may chose to only add the file servers file protocol to this zone

    Security consideration: When changing .NET framework policies, FullTrust should be added to file:// URLs to improve security.

    Security consideration: Windows can be configured to use SMB signing and only accept Kerberos authentication. This improves network file system access a lot.

Verify

Start the Application by double clicking the Icon on the desktop or by selecting the shortcut in the start menu.

"IFS Applications ..." shortcut will start IFS Applications securely.
Download dialog problem when running Ifs.Fnd.Explorer.exe from file server:

Ifs.Fnd.Explorer.exe - File download dialog

This screen is indicating that:

  • Internet Explorer running in "Enhanced Security Configuration" mode. This is OK, no need to change.
  • The file server which is hosting Ifs.Fnd.Explorer.exe is not added to any zone. Preferably it should be added to My Computer zone, alternatively Local Intranet or Trusted Sites zone.
 
Unhandled Exception problem

Ifs.Fnd.Explorer.exe - Application has generated an exception that could not be handled

This problem is most likely caused by a trust/permission problem when executed from a network fileserver. The application has insufficient rights to work properly. If Managed deployment, this might mean that the network fileserver is not a member of My Computer zone. It may also mean that client is a member of another zone (e.g. Local Intranet or Trusted Sites zone) and therefore a FullTrust rule for .NET framework must be added for site.