Choose and Book Installing Security Broker (IA) client

Choose and Book

Installing Security Broker (IA) client

Installing Security Broker (IA) client

• Pre-Requisites

• Installation

• Testing

• Uninstalling

• Upgrading

Pre-Requisites before installation

Network Connectivity Check spine authentication page

https://gas.national.ncrs.nhs.uk/login/authactivate

telnet nww.ebs.ncrs.nhs.uk 443 Firewall ports opened – http / https Bypassing proxy servers recommended

IA compliant PC

Compliant PC

Windows 98 SEMinimum Platform Requirement

Processor 266Mhz

RAM 128Mb

Browser Version Internet Explorer 6.0 (SP1)

Smartcard Device See following section

Windows Service Pack n/a

Compliant PC

Windows NT 4Minimum Platform Requirement

Processor 266Mhz

RAM 128Mb



Windows Service Pack SP6

Compliant PC

Windows 2000 Minimum Platform Requirement

Processor 500Mhz

RAM 256Mb




Compliant PC

Windows XP Professional Minimum Platform Requirement

Processor 500Mhz

RAM 256Mb




Compliant PC

Integrated client (e.g. Emis) may require higher CPU and memory specifications

Anti-Virus and Anti-Spyware software recommended

A Smart card reader, either USB or serial (winNT), with appropriate drivers

Compliant Smart Card Readers Gemplus PC Twin Reader Gemplus GemPC 430 Reader (does not work on NT 4) Omnikey 3121 USB Reader Dell keyboard integrated smart card readers SCM card readers HP keyboard integrated card reader Fujitsu keyboard integrated card reader

Compliant PC

Adobe Acrobat Reader 5 as minimum An account with permissions to install software

and edit the registry (local administrator)

New Client x Old Client

The new version of the IA client (V7_8_0) can be used for all new installations but is not a required upgrade as the previous version (V7_1_0) continues to be supported

The newer version has some performance and stability improvements and contains an NHS disclaimer. If upgrading the old version must be uninstalled first

Summary Installation Process Flow Ensure all Internet Explorer 6 SP1 cumulative

update patches and fixes have been installed Connect standalone smartcard reader (or USB

Keyboard with built-in Smartcard reader) and install drivers

IA installation pack downloaded from http://nww.connectingforhealth.nhs.uk/implementation/deployment/downloads. Unzip to a temporary location and run “iainstaller_1_0.exe”

Run the appropriate auto-installer from C:\iainstaller\install

Continued

Summary Installation Process Flow

Add Trusted sites fix and create a CaB desktop icon Remove role profile screen if required Copy CaB files to Java folder if multiple Java versions installed Reboot Test access

Install Summary Uninstall previous client IE 6 SP1 patches and fixes have been installed Connect smartcard reader-Install drivers Download install pack, run “iainstaller_1_0.exe” Run auto-installer from C:\iainstaller\install Add Trusted sites fix Create a CaB desktop icon Remove role profile screen if required Copy CaB files to Java folder if multiple Java versions

installed Reboot Test access

Connect the USB card reader install drivers

Drivers for the GemPlus Twin card reader are installed as part of the IA installation pack. Other card readers including the Omnikey 3121 require additional drivers to be installed

Drivers for the Omnikey 3121 are contained within the IA installation pack but must be installed separately

Install Detail

Install the IA Client Software

Check that all previous components of the IA are removed from the system Extract the software to a suitable temporary location and then run the file

iainstaller_1_0.exe The IA Auto Installer will propose a location to extract to dependant on its

location. It is imperative that this location is changed to C:\iainstaller

Install Detail

From c:\iainstaller\install, run the appropriate IA Auto

Installer file dependant on the operating system.

NOTE: It is vital to ensure that the installation is run from this shortcut as the

shortcut contains parameters to ensure the program installs correctly.

Install DetailRun the Installer software

Accept all the defaults for the GemSafe Libraries until

their installation is complete.

Select No at this screen to avoid interrupting the auto-installer

Accept all the defaults for the GemAuthenticate Client until its installation is

complete.

Accept all the defaults until the completion of the Java Installation

Click No at this screen to avoid interrupting the auto-installer

Click No to reboot the system – the auto-installer has finished successfully.

Install IE Trusted Sites Fix

Both the old and new IA Installer only adds trusted sites to the HK_CURRENT_USER hive. As a result, only the account logged on during installation has the required trusted sites added

Install Detail

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nhs.uk" /freg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nhs.uk\nww.ebs.ncrs" /freg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nhs.uk\portal.national.ncrs" /freg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nhs.uk\nww.ebs.ncrs" /v https /t REG_DWORD /D 2 /freg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nhs.uk\portal.national.ncrs" /v https /t REG_DWORD /D 2 /f

Adding CaB Shortcut Icon

Create a new desktop shortcut to the CaB website:- https://nww.ebs.ncrs.nhs.uk

Copy this shortcut to :- “c:\Documents and Settings\All Users\Desktop” – OS dependent

Install Detail

Remove role profile screen (old client)

Run C:\Program Files\Syntegra\Device Identification

Logger\tktmoncfg.exe. Remove last 4 lines of code.

Install Detail

Remove role profile screen (new client)

Install Detail

Disabling Java Automatic Updates

Run “JVM Settings.reg” in the C:\iainstaller\JVM directory if Java still auto updating after installation

JVM Settings.reg

Install Detail

Multiple Java Installations

Copy “c:\Program Files\gemplus\gac\GATicket.jar” to

“c:\Program Files\Java\Java_folder\lib\applet” folder

Copy “c:\Program Files\gemplus\gac\TicketApiDll.dll” to “c:\Program Files\Java\Java_folder\lib\ext\x86” folder

Copy “c:\iainstaller\JVM\java.policy” to

“c:\Program Files\Java\Java_folder\lib\security” folder

Install Detail

Testing CaB Access

1. Insert Smartcard and enter passcode

Install Detail

Testing CaB Access

2. Set Session Role

Testing CaB Access

3. Select Role and/or begin using CaB

Uninstalling the IA client software

• Run the IA Uninstaller shortcut in the c:\iainstaller\install directory. You should answer NO to any request to reboot the PC until the process complete confirmation box

• End the tktmon.exe process from task manager (old client)

• Check control panel to ensure all IA components have been removed

• Remove installation directories

continued

Uninstalling the IA client Software Device Identification Logger Gem Authenticate Client V.3.9.1 GemPlus Smart Card Reader Tools GemSafe Libraries 3.1 Java 2 Runtime Environment ,SE V 1.4.2_04 Remove C:\Program Files\Syntegra folder Remove C:\Program Files\Gemplus folder Remove C:\TicketAPI folder Remove C:\Program Files\Java\j2re1.4.2_04 folder

Upgrading the IA Software

• Delete the old c:\iainstaller directory• Extract the new IA installation software to c:\iainstaller• Run the Remove Old IA shortcut in the c:\iainstaller\install directory• Check the control panel to ensure all old IA components have been removed• Run the appropriate IA Auto Installer file from the c:\iainstaller\install directory

Further Information

This document is provided as a supplement to IG B 0103_21 Installation and Configuration Guide - Security Broker (IA) Client and the Choose and Book Install Reference v3.0 Document which is on the Implementation website – http://nww.connectingforhealth.nhs.uk/implementation/deployment/downloads