After you have installed Royal Server, you should check Configure Royal Server now to review the default installation settings and adapt them to your needs. Although this post seems a bit long, you can leave everything default – except the Worker Account.

Royal Server Setup

Attention: Make sure you configure the Worker Account, otherwise Royal Server is not able to connect to remote machines!

The Royal Server Configuration Tool enables you to check the status and health of Royal Server. You can configure installed components and manage your licenses with it.

Service configuration

Worker Account

2017-02-02 20_41_41-Royal Server Configuration Tool_2

After the Royal ServerConfiguration Tool has been launched, it is strongly recommended to set a Worker Account. Royal Server is running as a Windows Service and as such is using the Local System account. But for the commands Royal Server is executing, a Worker Account is used. It is vital, that this account has network access rights, otherwise Royal Server is unable to manage your servers.

Port

Configuration of the port Royal Server is using

Use Compression

If checked, Royal Server compresses the traffic to save bandwidth.

SSL

Set it to “On” if you need the communication between Royal TS/X and Royal Server to be encrypted. You have to select a pre-installed suitable certificate from the list or create a self-signed certificate with a single click.

Security configuration

2017-02-02 21_23_13-Royal Server Configuration Tool

Require Authentication

If you want to restrict access to Royal Server, you can check “Require Authentication”. If checked, Royal Server only accepts requests from users who are members of the local group “Royal Server Users” (which will be created automatically on installation). By default, the setup puts the local Administrator in this group. In addition, you need to setup and assign this credential in the Royal TS/X Royal Server object. To improve performance when authentication is required, configure the Royal Server caching time (default is 5 minutes).

Block IPs after unsuccessful login attempts

Since Royal Server might be attacked if reachable in the internet, you can configure a blocking mechanism to block IPs that unsuccessfully tried to login too often.

Logging configuration

2017-02-02 21_26_09-Royal Server Configuration Tool

By default, Royal Server logs all Errors to the Windows Event log. A special log with the name “Royal Server Log” has been created automatically.

You can also specify that Royal Server should log in a file and chose a different logging level.

2017-02-02 21_29_17-Royal Server Configuration Tool

Additionally you can enable Request/Response logging where full requests and responses are logged. For each request, two files will be generated: a <guid>_request.xml and a <guid>_response.xml.

Attention: This setting is producing a huge number of files and it is generally recommended to only turn it on for debugging purposes.

Permissions

In the permissions tab you can check which accounts are allowed to work with Royal Server. When Royal Server is first started, it creates the Windows group “Royal Server Users” which contains all Windows accounts that are allowed. Use the Windows management tools or PowerShell to configure this group. The Royal Server Configuration Tool shows you the currently configured accounts:

2017-02-02 21_33_07-temp

Click on Refresh to reload the view, Configure… loads the Windows UI to manage the users of this group.

Attention: Loading the users of Windows groups is potentially slow since it might contain multiple hierarchies in an active directory. Unless all users are loaded, Royal Server denies all queries. This can be checked in the logfile on Loglevel WARN.

Check for updates

2017-02-02 21_37_35-temp

Especially during a beta period, we will frequently deliver new versions of Royal Server (and Royal TS/X). Having “Check for Updates” enabled, notifies you when a new version is available. “Include Beta Releases” is taking beta releases into account as well. We recommend to always stay up to date.

Remark: Since we don’t expect you to have the Royal Server Configuration Tool open all the time, this update check is also included in Royal TS/X. This way you also get notified if there is a newer version of Royal Server available.

Licensing

2017-02-02 21_39_22-temp

Royal Server is designed to be very extensible – because we have big plans for further features. Royal Server offers functionality through components – right now, we have the “Management Connections”, the “Secure Gateway” and the “Document Store” components.

By default, a “Standard Free License (3 Pack)” is installed which allows you to manage 3 servers. Since version 2 of Royal Server we do not license by server anymore but just offer the following licenses which simplifies it alot and also aligns with Royal TS/X licenses:

  • Personal License (non-commercial)
  • Individual User License (commercial)
  • Site License (commercial)
  • Global License (commercial)
  • Extended Global License (commercial)

For detailed information about licensing check out our Royal Server V2 FAQs.

Server Pool configuration

2017-02-02 21_45_46-temp

Royal Server is keeping track of the servers you manage in the case you only have the “Standard Free License (3 Pack)” installed. In the Server Pool configuration, you can delete previously managed servers to free up licenses. This panel shows the number of managed servers you have licensed, how many are used already and how many free licenses are available. The column “Last Accessed” shows the last timestamp Royal Server accessed this server (this information is stored in memory and is not immediately available after the service was started).

Configuration of the servers you want to manage

Each server that should be managed by Royal Server needs to have two basic things configured:

  1. Enable-PSRemoting
  2. Firewall should let through Royal Server traffic (default port is 54899)
  3. Some modules might have additional technical requirements

1. Enable-PSRemoting

Most of the Management Connection modules are based on WMI. To enable the proper configuration for remote WMI calls, you need to execute the Enable-PSRemoting command in an elevated PowerShell console.

2. Firewall settings

In case the Windows Firewall is enabled the following two rules must be enabled: “Windows Management Instrumentation (WMI-In)” and “Windows Management Instrumentation (DCOM-In)”.

For the above two steps, we have also prepared a PowerShell script (in <royal-server-installation-dir>/scripts/prepare_server.ps1).

Royal TS/X Management Connection

Last but not least, you need to make sure you specify proper credentials when you configure a management connection (such as Windows Events or Windows Services) in Royal TS/X. In most scenarios, a user account who is member of the local administrators group is used. For low privilege environments  a number of steps are necessary to grant non-administrative users the required rights.

Royal TS/X and Royal Server

Royal Server is now configured and waiting for requests. As next and last step, you need to install the latest version of Royal TS/X:

Configure your Royal Server object in our clients apps and you are good to go.

Here is a list of blogposts that configure different connection types:

Using Royal TS/X to access Royal Server
https://blog.royalapps.com/2014/07/18/using-royal-ts-x-to-access-royal-server/

Hyper-V management with Royal TS/X and Royal Server
https://blog.royalapps.com/2014/09/24/hyper-v-management-with-royal-tsx-and-royal-server/

Terminal Services management with Royal TS/X and Royal Server
https://blog.royalapps.com/2014/08/27/terminal-services-management-with-royal-ts-x-and-royal-server/

Windows Events management
https://blog.royalapps.com/2015/04/08/royal-server-windows-events-management/

Windows Processes management
https://blog.royalapps.com/2015/04/08/windows-processes-management-with-royal-tsx-and-royal-server/

Windows Services management
https://blog.royalapps.com/2015/04/08/windows-services-management-with-royal-tsx-and-royal-server/

PowerShell scripts executed via Royal Server
https://blog.royalapps.com/2015/06/16/new-feature-powershell-connection/

View clean & dirty server reboots – using Templates
https://blog.royalapps.com/2015/05/22/view-clean-dirty-server-reboots-using-templates/

Previous Post Next Post