[[admin:server_installation]]

  • mSupply Server can be installed on a range of Windows OS hardware platforms. Installations of the mSupply Server and client software on these different platforms will not be identical.
  • This page includes instructions for installing the mSupply Server and client software on a typical Windows 10 Pro platform. This will include many hardware configuration issues as these have been known to be important for mSupply Server operation and troubleshooting.

The following table lists minimum recommended hardware for an mSupply server

Item Recommendation
OS Windows 2008 / 2011 / 2012 / 2016 /2019 or Win 7 / 8 / 10 Pro with latest service packs
Processor For server Quad core minimum is recommended. Consider adding more core for 15 users or more
Memory ECC memory Minimum 8Gb +1Gb per user over 8 users
Hard disks 3 Hard drives to run RAID 1 (or 5) Array + Hot Spare. 1 separate Hard disk for primary back up
Network card Gigabit
RAID controller RAID 1: Onboard RAID controller is fine
Power supply Dual hot-swap power supply is best, single power supply acceptable with good power quality

Indicative pricing before local taxes: USD3,000 to USD5,000.

For a Terminal server, the general specification changes in that

  • More RAM is needed.
  • Hard disks are less important, as no data is stored on the server (unless you are using the same server for both hosting the mSupply server and hosting the terminal sessions).
  • An additional Gigabit Ethernet port could be useful

Pricing should be similar.

Beware of Solid State Drives (SSDs) without Power Loss Protection!

At least one country using mSupply on servers with SSDs installed has had the bitter experience of the SSDs failing after ungraceful shutdowns due to failing UPSes.

The vast majority of ICT documentation on the internet is written from and for locations enjoying relatively stable power supplies. When the above-mentioned experience happened, there was precious little information available for facilities suffering from the sort of chronic power supply issues which the majority of mSupply users experience. Now there is more literature - refer here : Surviving SSD sudden power loss

Even though you have the server protected by a UPS, the batteries will fail sooner or later, based on this, our strong recommendation is that unless you are sure that your SSDs will survive a power failure:

Avoid the use of SSDs in servers.

To achieve performance gains, invest instead in more RAM.



UPS (Interruptible power supply)

  • Unless you have extremely reliable power we strongly suggest you install a UPS with external batteries that will provide several hours run time, e.g.:
  • The UPS must be able to communicate with the server (usually with a USB cable) to initiate a graceful shutdown in advance of UPS shutdown.
  • For the UPS to protect the server from power surges / spikes, the UPS needs to be connected to a power socket that is properly earthed.

More details on configuration of the UPS is contained below.

ICT capacity

Do you have sufficient in-house ICT capacity to do the rest of the server installation yourself?

  • This server hardware belongs to you (or maybe not… see tip below).
  • Sustainable Solutions is a software development company and our core business is not hardware

However, we know that if the server is not installed and configured correctly, the mSupply software and your medical supplies data is vulnerable. Therefore, in most instances, we end up playing a significant role in installing and configuring the mSupply Server.

Over recent years, with the development of reliable and relatively low-cost cloud based server solutions, more and more mSupply client / server installations have used a cloud based server. In many cases, Sustainable Solutions has provided this cloud based server as a separate service, thus relieving you of any responsibility for installation, configuration and management of the mSupply Server hardware.



Set up the physical hardware including

  • RAID 1 volume with Spare (3 disks total)
  • Separate backups volume
  • OS install with correct region, and keyboard
  • Administrator account called Sussol (mSupply server will operate from this account.


There are a number of miscellaneous server tweaks that we recommend:

Remove Windows / OEM bloatware

  • Remove all icons pinned to the Start bar except File Explorer
  • Remove / uninstall all tiles on the Windows start area


Hibernation / sleep

  • The pc can go to sleep after a few hours so change the power settings to never sleep etc. Even after setting the sleep setting to never you still must go into the advanced settings and change the hibernate setting to never: How to turn off Hibernation on Windows 10


Turn off Cortana

Cortana is unhelpful on mSupply servers. It is worth disabling - refer https://www.windowscentral.com/how-turn-cortana-and-stop-personal-data-gathering-windows-10

Automatic Updates

Turn on Windows Update Delivery Optimization

While it is good to control when Windows updates take place, it is often beneficial to use Windows Update Delivery Optimization to minimise bandwidth for Windows Updates. It is recommended to turn on Windows Update Delivery Optimization for the server.

Turn off DEP (Data Execution Protection)

Data Execution Protection (DEP) can interfere with 4D - refer 4D Knowledgebase: Tech Tip: Windows Server 2008 also uses DEP, so, we may need to adjust it - refer https://www.online-tech-tips.com/windows-xp/disable-turn-off-dep-windows/

  • Initially, try things with the default setting (Turn on DEP for for essential Windows programs and services only)
  • Then, if 4D / mSupply has issues, try Turning off DEP for all programs and services:
    • Open Command prompt (as administrator)
    • Run the following: bcdedit.exe /set {current} nx AlwaysOff

Turn off UAC (User Account Control)

User Account Control (UAC) can interfere with 4D - refer 4D Knowledgebase: Tech Tip: Windows UAC and the "Program Files" directory, so, we need to turn it off - refer https://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-uac.aspx

  • You have the option to turn off UAC via registry by changing the DWORD EnableLUA from 1 to 0 in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
  • You may get a notification that a reboot is required. Reboot anyway.
  • After the reboot, UAC is disabled.

Set correct Regional settings including Keyboard, copy to 'New user accounts'

Microsoft keeps changing how these settings are accessed. You'll likely need to hunt around to find them :-(

Be sure to set the correct regional settings, particularly if this is a cloud server which may be physically located in a different region to the country where the server will be used…

  • Go to SettingsTime & LanguageRegion & LanguageLanguage
  • Click on Change date, time, or number formats
  • A Region window will open, set your preferences on Formats and Location tabs.

Even if you chose the correct keyboard (normally US) during setup, another keyboard (like the UK keyboard) can sometimes still be the default keyboard. Check this by trying to type the @ character… To fix this, you will need to:

  • Add the correct language (e.g. English (Australia)). This will auto select US keyboard
  • Move it up to the default position and delete the other language option(s).

Copy to New user accounts

  • Click Change date, time or number formats
  • Click Administrative tab.
  • Click on Copy settings button.
  • A window entitled : Welcome screen and new user accounts settings will open.
  • Check New user accounts check box.
  • Click OK button on same window
  • Click Apply button and then OK button on Region window.

Disable system protection

There have been instances where mSupply has crashed and the Windows OS executes a system restore to a state prior to the mSupply installation / upgrade. To avoid this, disable System Protection:

Go to File Explorer → Right click on This PC → Click on Properties - > System Protection

System Protection

Go to Configure > Delete > Continue to Delete > Disable System Protection > Apply Changes

Configure Delete and Disable the system Protection Continue to Delete Apply changes

Remote connectivity efficiency - Best performance

Remote access speed gain by disabling visual effects.

  • Go to SystemAdvanced System settingsPerformance and choose Adjust for best performance.

Remote connectivity efficiency - Remove background picture

Remote access speed gain by removing the background picture on the Windows 10 sign-in screen.

  • Go to Settings (keyboard shortcut: Windows + I) > Personalization > Lock screen.
  • Scroll down and turn off the option, Show Windows background picture on the sign-in screen.

Improve Windows Explorer file visibility

To carry out some of the server configuration tasks, file visibility in the Windows OS needs to be improved from the default.

Follow these instructions to View hidden files and folders in Windows 10

While doing this, make the following changes:

  • Always show menus
  • Display the full path in the title bar
  • Show hidden files, folders and drives
  • Don't hide empty drives
  • Don't hide extensions for known file types
  • Don't hide protected operating system files (Recommended)
  • Use check boxes to select items


Install Dropbox

Sustainable Solutions recommends using Dropbox to assist with transferring installation files to the server, and as a means of moving mSupply secondary backups off site.

  • Contact Sustainable Solutions to organise a DropBox account for the server and for instructions on setting it up on the server.

Do this step first so that you can use the Dropbox folder to transfer software and files to the server.

Install Remote Support Software

Instructions for installing Remote Support software

Over the years we have used a number of applications for providing remote support to clients. As of writing this (April 2019) TeamViewer is the software that we use.

The steps that need to be followed on the host (your) computer are:

  1. Get the following three files on to the host computer.
    1. TeamViewer_Host.msi
    2. TeamViewer_Settings.reg
    3. Install in New - RUN AS ADMIN.bat(or other if provided by Sustainable Solutions)

      For convenience, we have zipped up these three files and they can be downloaded from here: http://www.msupply.org.nz/files/Teamviewer/Teamviewer_Support_deployment.zip You must extract the files from the ZIP file before following the instructions in step 4 below.

  2. Rename the host
    • It's a good idea to change the host Computer Name to something that we will recognise before the running the TeamViewer MSI package (Control Panel > System and Security > System > Advanced system settings > Computer Name > Change…). A name that reflects the site and / or user would be useful.

      The Computer description is NOT the Computer Name.

  3. Uninstall any existing TeamViewer installation if it is older than v14.1.
    • Public instruction from TeamViewer states that older versions of TeamViewer must be uninstalled before installing this version. If possible, please do this. However, it has been found that the TeamViewer Host package can be successfully installed on top of any version of TeamViewer. It may result with multiple TeamViewer entries in the installed programs list, which is messy, and may result in long-term issues. You have been warned.
    • It is safest to uninstall TeamViewer before installing the new TeamViewer Host.
  4. Execute the batch file As Administrator - refer to method 3 of 9 ways to run programs as administrator in Windows.
    • You must execute the batch file As Administrator. It will not work unless you do.
    • It is not enough to be logged in to a Windows Administrator account and run the batch file 'normally'.

The Teamviewer Customised Host window should appear on the host screen:

If the above window does not appear, the full installation has not completed. It definitely helps to run the batch file with a reasonable internet connection. If the internet connection is not good enough, then some or all of the actions in the batch file will not complete. If that happens, please re-run the batch file (as Admin) when the internet connection is better.

Advise Sustainable Solutions once you see this and they will then be able to confirm that remote access is operational.

Install UPS hardware and software

If its not already done, install the UPS hardware and software, refer UPS above.

Install Anti-virus software

Anti-virus can be a hotly contended issue. This web page is pretty convincing: What’s the Best Antivirus for Windows 10? (Is Windows Defender Good Enough?)

Conclusion:

  • If the OS is Win8 or later, Windows Defender is probably good enough for anti-virus, and better than much of the competition.
  • Once configured, the server should not be vulnerable to exploit programs as these are usually downloaded and triggered by human activity! However, to be safe, it is recommended to install an Anti-exploit program such as Malwarebytes. The website suggests that Malwarebytes is not free, but as at the time of writing this (May 2018), Malwarebytes successfully reverts to a free version after the 14 days trial. This means that it has to be manually run.

Install another Web browser

If you're not a fan of Microsoft Internet Explorer, (12 reasons not to use Internet Explorer, ever) then install another browser. Good options include:

Pin the browser to the Taskbar.

Install LibreOffice

mSupply can produce reports in Microsoft Excel format. Client machines will need to have software to open these reports. Occasionally there will be need to run and open these reports while logged in to the Server. If you do not have Microsoft Excel installed on the server, a good option is:

It's a good idea to stick this in to the Dropbox

Install TurnedOnTimesView

As part of troubleshooting, it is valuable to be able to analyse when the server has shut down ungracefully.

  • TurnedOnTimesView is a simple tool that analyses the event log of Windows operating system, and detects the time ranges that your computer was turned on and whether the last shutdown was graceful or not.
  • Installation instructions are on the website, but is very straightforward:
    • Copy the TurnedOnTimesView.exe file to the Desktop
    • Pin it to the Taskbar.

TurnedOnTimesView.zip

It's a good idea to stick this in to the following folder in Dropbox:

  • TurnedOnTimesView

Install Logoff and Lock utilities

It is too easy for support workers accessing the server remotely to accidentally shutdown the server. Therefore, two Windows shortcuts have been created to allow support workers to easily logoff or lock their windows session without having to go through the usual Windows procedure:

  • Lock computer
  • Logoff computer

Lock / Logout utilities

It's a good idea to stick this in to the following folder in Dropbox:

  • Lock Logout Shortcuts

The Yellow Lock computer utility needs to be copied to the Admin desktop and then pinned to the task bar.

The Green Logoff computer utility needs to be copied to the C:\Users\Public\Desktop folder. This will place the shortcut on the desktop of each normal user. Users of each normal user account will need to pin this shortcut from the desktop to the taskbar. Don't pin it to the taskbar of the Admin user account. We try to keep the Admin account open so as to keep Dropbox working.

The C:\Users\Public\Desktop folder is normally a hidden folder. You will likely need to make it visible).

Configure Interactive Services Detection (ISDS)

How-to Geek has a helpful article on Understanding and Managing Windows Services which appears to be updated frequently with changes in Windows OS.

Interactive Services Detection is a means by which mSupply Support can interact with the mSupply Service to investigate issues.

From What is Interactive Services Detection and Why is it Blinking at Me?:

Services and system processes run in session 0. Prior to Vista, the console (first logged on user’s desktop) ran in session 0 as well. Vista introduced session 0 isolation to protect services from elevation of privilege exploits from the console desktop. Now, the first user’s desktop runs in session 1.

Interactive Services Detection (the blinking button on the taskbar) is a mitigation for legacy applications that detects if a service is trying to interact with the desktop. This is handled by the Interactive Services Detection (UI0Detect) service.

Interactive services since Windows 10 V1803 and Server 2019

Microsoft has removed the Interactive Services Detection Service on Windows 10 Version 1803 and Server 2019.

We recommend FireDaemon Zero (Session 0 Viewer) as an alternative means of interacting with the mSupply Service. Refer to this deployment matrix. The utilities are here: Firedaemon

Procedure:

  1. Make sure the OS is fully updated.
  2. Install Firedaemon Zero 2.5 (in the Firedaemon utilities, above)
  3. Install Firedaemon Zeroinput to restore Keyboard/Mouse control. Right click on the FDUI0Input.inf (in the Firedaemon utilities, above) and select Install.
  4. RESTART THE MACHINE The FDUI0Input.inf driver will not take effect until the machine is restarted.
  5. Double click on the red Firedaemon Zero icon on the task bar to go to Session 0 (Interactive services):

  • In Session 0 Double-click the Firedaemon Zero icon to get back. Or it will automatically go back in 30 seconds of inactivity.
  • If mouse and keyboard are working on Session 0 you can turn off Firedaemon Zero 'Quirk' pref to exit session zero after 30 seconds. Right-click on the red icon and click on Options. Then on “Quirk” just uncheck the option. Done.\\

    If you turn off Firedaemon Zero 'Quirk' pref to exit session zero after 30 seconds before installing Keyboard/Mouse driver, plan for a physical trip to site to fix it! ;-))



  • Last modified: 2019/09/04 13:55
  • by Lou Lomas