Install a new XProtect system

Install XProtect Essential+

You can install a free version of XProtect Essential+. This version provides you with limited capabilities of the XProtect VMS for a limited number of cameras. You must have internet connection to install XProtect Essential+.

This version is installed on a single computer, using the Single computer installation option. The Single computer option installs all server and client components on the current computer.

Milestone recommends that you read the following section carefully before you install: Before you start installation.

For FIPS installations, you cannot upgrade XProtect VMS when FIPS is enabled on the Windows operating system. Before you install, disable the Windows FIPS security policy on all of the computers that are part of the VMS, including the computer that hosts the SQL server. But, if you are upgrading from XProtect VMS version 2020 R3 and after, you do not need to disable FIPS. For detailed information on how to configure your XProtect VMS to run in FIPS 140-2 compliant mode, see the FIPS 140-2 compliance section in the hardening guide.

After initial installation, you can continue with the configuration wizard. Depending on your hardware and configuration, the recording server scans your network for hardware. You can then select which hardware devices to add to your system. Cameras are preconfigured in views, and you have the option to enable other devices such as microphones and speakers. You also have the option of adding users to the system with either an operator role or an administrator role. After installation, XProtect Smart Client opens, and you are ready to use the system.

Otherwise, if you close the installation wizard, XProtect Management Client opens, where you can make manual configurations such as add hardware devices and users to the system.

If you upgrade from a previous version of the product, the system does not scan for hardware or create new views and user profiles.

  1. Download the software from the internet (https://www.milestonesys.com/downloads/) and run the Milestone XProtect VMS Products 2020 R3 System Installer.exe file.
  2. The installation files unpack. Depending on the security settings, one or more Windows® security warnings appear. Accept these and the unpacking continues.
  3. When done, the Milestone XProtect VMS installation wizard appears.
    1. Select the Language to use during the installation (this is not the language that your system uses once installed; this is selected later). Click Continue.
    2. Read the Milestone End-user License Agreement. Select the I accept the terms in the license agreement check box and click Continue.
    3. Click the XProtect Essential+ link to download a free license file.

      The free license file is downloaded and appears in the Enter or browse to the location of the license file field. Click Continue.

  4. Select Single computer.

    A list of components to install appears (you cannot edit this list). Click Continue.

  5. On the Assign a system configuration password page, enter a password that protects your system configuration. You will need this password in case of system recovery or when expanding your system, for example when adding clusters.

    It is important that you save this password and keep it safe. If you lose this password, you may compromise your ability to recover your system configuration.

    If you do not want your system configuration to be password protected, select I choose not to use a system configuration password and understand that the system configuration will not be encrypted.

    Click Continue.

  6. On the Specify recording server settings page, specify the different recording server settings:
    1. In the Recording server name field, enter the name of the recording server. The default is the name of the computer.
    2. The Management server address field shows the address and port number of the management server: localhost:80.
    3. In the Select your media database location field, select the location where you want to save your video recording. Milestone recommends that you save your video recordings in a separate location from where you install the software and not on the system drive. The default location is the drive with the most space available.
    4. In Retention time for video recordings field, define for how long you want to save the video recordings. You can enter from between 1 and 999 days, where 7 days is the default retention time.
    5. Click Continue.
  7. On the Select encryption page, you can secure the communication flows:

    • Between the recording servers, data collectors, and the management server

      To enable encryption for internal communication flows, in the Server certificate section, select a certificate.

      If you encrypt the connection from the recording server to the management server, the system requires that you also encrypt the connection from the management server to the recording server.

    • Between the recording servers and clients

      To enable encryption between recording servers and client components that retrieve data streams from the recording server, in the Streaming media certificate section, select a certificate.

    • Between the mobile server and clients

      To enable encryption between client components that retrieve data streams from the mobile server, in the Mobile streaming media certificate section, select a certificate.

    You can use the same certificate file for all system components or use different certificate files depending on the system components.

    For more information about preparing your system for secure communication, see Secure communication (explained) and the Milestone guide about certificates.

    You can also enable encryption after installation from the Server Configurator in the Management Server Manager tray icon in the notification area.

  8. On the Select file location and product language page, do the following:

    1. In the File location field, select the location where you want to install the software.

      If any Milestone XProtect VMS product is already installed on the computer, this field is disabled. The field displays the location where the component will be installed.

    2. In Product language, select the language in which to install your XProtect product.
    3. Click Install.

    The software now installs. If not already installed on the computer, Microsoft® SQL Server® Express and Microsoft IIS are automatically installed during the installation.

  9. You may be prompted to restart the computer. After restarting your computer, depending on the security settings, one or more Windows security warnings may appear. Accept these and the installation completes.

  10. When the installation completes, a list shows the components that are installed on the computer.

    Click Continue to add hardware and users to the system.

    If you click Close now, you bypass the configuration wizard and XProtect Management Client opens. You can configure the system, for example add hardware and users to the system, in Management Client.

  11. On the Enter user names and passwords for hardware page, enter the user names and passwords for hardware that you have changed from the manufacturer defaults.

    The installer scans the network for this hardware as well as hardware with manufacturer default credentials.

    Click Continue and wait while the system scans for hardware.

  12. On the Select the hardware to add to the system page, select the hardware that you want to add to the system. Click Continue and wait while the system adds the hardware.
  13. On the Configure the devices page, you can give the hardware descriptive names by clicking the edit icon next to the hardware name. This name is then prefixed to the hardware devices.

    Expand the hardware node to enable or disable the hardware devices, such as cameras, speakers, and microphones.

    Cameras are enabled by default, and speakers and microphones are disabled by default.

    Click Continue and wait while the system configures the hardware.

  14. On the Add users page, you can add users to the system as Windows users or basic users. The users can have either the Administrators role or the Operators role.

    Define the user and click Add.

    When you are done adding users, click Continue.

  15. When the installation and initial configuration are done, the Configuration is complete page appears, where you see:
    • A list of hardware devices that are added to the system
    • A list of users who are added to the system
    • Addresses to the XProtect Web Client and XProtect Mobile client, which you can share with your users
  16. When you click Close, XProtect Smart Client opens and is ready to use.

Install your system - Single computer option

The Single computer option installs all server and client components on the current computer.

Milestone recommends that you read the following section carefully before you install: Before you start installation.

For FIPS installations, you cannot upgrade XProtect VMS when FIPS is enabled on the Windows operating system. Before you install, disable the Windows FIPS security policy on all of the computers that are part of the VMS, including the computer that hosts the SQL server. But, if you are upgrading from XProtect VMS version 2020 R3 and after, you do not need to disable FIPS. For detailed information on how to configure your XProtect VMS to run in FIPS 140-2 compliant mode, see the FIPS 140-2 compliance section in the hardening guide.

After initial installation, you can continue with the configuration wizard. Depending on your hardware and configuration, the recording server scans your network for hardware. You can then select which hardware devices to add to your system. Cameras are preconfigured in views, and you have the option to enable other devices such as microphones and speakers. You also have the option of adding users to the system with either an operator role or an administrator role. After installation, XProtect Smart Client opens, and you are ready to use the system.

Otherwise, if you close the installation wizard, XProtect Management Client opens, where you can make manual configurations such as add hardware devices and users to the system.

If you upgrade from a previous version of the product, the system does not scan for hardware or create new views and user profiles.

  1. Download the software from the internet (https://www.milestonesys.com/downloads/) and run the Milestone XProtect VMS Products 2020 R3 System Installer.exe file.
  2. The installation files unpack. Depending on the security settings, one or more Windows® security warnings appear. Accept these and the unpacking continues.
  3. When done, the Milestone XProtect VMS installation wizard appears.
    1. Select the Language to use during the installation (this is not the language that your system uses once installed; this is selected later). Click Continue.
    2. Read the Milestone End-user License Agreement. Select the I accept the terms in the license agreement check box and click Continue.
    3. In the Enter or browse to the location of the license file, enter your license file from your XProtect provider. Alternatively, browse to the file location or click the XProtect Essential+ link to download a free license file. For limitations to the free XProtect Essential+ product, see the Product comparison chart. The system verifies your license file before you can continue. Click Continue.
  4. Select Single computer.

    A list of components to install appears (you cannot edit this list). Click Continue.

  5. On the Assign a system configuration password page, enter a password that protects your system configuration. You will need this password in case of system recovery or when expanding your system, for example when adding clusters.

    It is important that you save this password and keep it safe. If you lose this password, you may compromise your ability to recover your system configuration.

    If you do not want your system configuration to be password protected, select I choose not to use a system configuration password and understand that the system configuration will not be encrypted.

    Click Continue.

  6. On the Specify recording server settings page, specify the different recording server settings:
    1. In the Recording server name field, enter the name of the recording server. The default is the name of the computer.
    2. The Management server address field shows the address and port number of the management server: localhost:80.
    3. In the Select your media database location field, select the location where you want to save your video recording. Milestone recommends that you save your video recordings in a separate location from where you install the software and not on the system drive. The default location is the drive with the most space available.
    4. In Retention time for video recordings field, define for how long you want to save the video recordings. You can enter from between 1 and 999 days, where 7 days is the default retention time.
    5. Click Continue.
  7. On the Select encryption page, you can secure the communication flows:

    • Between the recording servers, data collectors, and the management server

      To enable encryption for internal communication flows, in the Server certificate section, select a certificate.

      If you encrypt the connection from the recording server to the management server, the system requires that you also encrypt the connection from the management server to the recording server.

    • Between the recording servers and clients

      To enable encryption between recording servers and client components that retrieve data streams from the recording server, in the Streaming media certificate section, select a certificate.

    • Between the mobile server and clients

      To enable encryption between client components that retrieve data streams from the mobile server, in the Mobile streaming media certificate section, select a certificate.

    You can use the same certificate file for all system components or use different certificate files depending on the system components.

    For more information about preparing your system for secure communication, see Secure communication (explained) and the Milestone guide about certificates.

    You can also enable encryption after installation from the Server Configurator in the Management Server Manager tray icon in the notification area.

  8. On the Select file location and product language page, do the following:

    1. In the File location field, select the location where you want to install the software.

      If any Milestone XProtect VMS product is already installed on the computer, this field is disabled. The field displays the location where the component will be installed.

    2. In Product language, select the language in which to install your XProtect product.
    3. Click Install.

    The software now installs. If not already installed on the computer, Microsoft® SQL Server® Express and Microsoft IIS are automatically installed during the installation.

  9. You may be prompted to restart the computer. After restarting your computer, depending on the security settings, one or more Windows security warnings may appear. Accept these and the installation completes.

  10. When the installation completes, a list shows the components that are installed on the computer.

    Click Continue to add hardware and users to the system.

    If you click Close now, you bypass the configuration wizard and XProtect Management Client opens. You can configure the system, for example add hardware and users to the system, in Management Client.

  11. On the Enter user names and passwords for hardware page, enter the user names and passwords for hardware that you have changed from the manufacturer defaults.

    The installer scans the network for this hardware as well as hardware with manufacturer default credentials.

    Click Continue and wait while the system scans for hardware.

  12. On the Select the hardware to add to the system page, select the hardware that you want to add to the system. Click Continue and wait while the system adds the hardware.
  13. On the Configure the devices page, you can give the hardware descriptive names by clicking the edit icon next to the hardware name. This name is then prefixed to the hardware devices.

    Expand the hardware node to enable or disable the hardware devices, such as cameras, speakers, and microphones.

    Cameras are enabled by default, and speakers and microphones are disabled by default.

    Click Continue and wait while the system configures the hardware.

  14. On the Add users page, you can add users to the system as Windows users or basic users. The users can have either the Administrators role or the Operators role.

    Define the user and click Add.

    When you are done adding users, click Continue.

  15. When the installation and initial configuration are done, the Configuration is complete page appears, where you see:
    • A list of hardware devices that are added to the system
    • A list of users who are added to the system
    • Addresses to the XProtect Web Client and XProtect Mobile client, which you can share with your users
  16. When you click Close, XProtect Smart Client opens and is ready to use.

Install your system - Custom option

The Custom option installs the management server, but you can select which other server and client components you want to install on the current computer. By default, the recording server is not selected in the component list. Depending on your selections, you can install the not selected system components on other computers afterwards. For more information about each system component and their role, see Main system components. Installation on other computers is done through the management server's download web page named Download Manager. For more information about installation through the Download Manager, see Install new XProtect components.

Milestone recommends that you read the following section carefully before you install: Before you start installation.

For FIPS installations, you cannot upgrade XProtect VMS when FIPS is enabled on the Windows operating system. Before you install, disable the Windows FIPS security policy on all of the computers that are part of the VMS, including the computer that hosts the SQL server. But, if you are upgrading from XProtect VMS version 2020 R3 and after, you do not need to disable FIPS. For detailed information on how to configure your XProtect VMS to run in FIPS 140-2 compliant mode, see the FIPS 140-2 compliance section in the hardening guide.

  1. Download the software from the internet (https://www.milestonesys.com/downloads/) and run the Milestone XProtect VMS Products 2020 R3 System Installer.exe file.
  2. The installation files unpack. Depending on the security settings, one or more Windows® security warnings appear. Accept these and the unpacking continues.
  3. When done, the Milestone XProtect VMS installation wizard appears.
    1. Select the Language to use during the installation (this is not the language that your system uses once installed; this is selected later). Click Continue.
    2. Read the Milestone End-user License Agreement. Select the I accept the terms in the license agreement check box and click Continue.
    3. In the Enter or browse to the location of the license file, enter your license file from your XProtect provider. Alternatively, browse to the file location or click the XProtect Essential+ link to download a free license file. For limitations to the free XProtect Essential+ product, see the Product comparison chart. The system verifies your license file before you can continue. Click Continue.
  4. Select Custom. A list of components to be installed appears. Apart from the management server, all components in the list are optional. The recording server is by default not selected. Click Continue.
  5. In the steps below, all system components are installed. For a more distributed system, install fewer system components on this computer and the remaining components on other computers. If you cannot recognize an installation step, it is likely because you have not selected to install the system component that this page belongs to. In that case, continue to the next step. See also Install new XProtect components, Install new XProtect components, and Install new XProtect components.

  6. The Select a website on the IIS to use with your XProtect system page is shown only if you have more than one IIS website available on the computer. You must select which website you will use with your XProtect system. If possible, select a website with HTTPS binding because this protocol is a more advanced and secure version of HTTP. Click Continue.
  7. If Microsoft® IIS is not installed on the computer, it is installed.

  8. On the Select Microsoft SQL Server page, select the SQL Server that you want to use. See also SQL Server options during custom installation. Click Continue.
  9. If you do not have a SQL Server on your local computer, you can install Microsoft SQL Server Express, but in a larger distributed system you would typically use a dedicated SQL Server on your network.

  10. On the Select database page (only shown if you have selected an existing SQL Server), select or create an SQL database for storing your system configuration. If you choose an existing SQL database, decide whether to Keep or Overwrite existing data. If you are upgrading, select to keep existing data so you do not lose your system configuration. See also SQL Server options during custom installation. Click Continue.
  11. On the Assign a system configuration password page, enter a password that protects your system configuration. You will need this password in case of system recovery or when expanding your system, for example when adding clusters.

    It is important that you save this password and keep it safe. If you lose this password, you may compromise your ability to recover your system configuration.

    If you do not want your system configuration to be password protected, select I choose not to use a system configuration password and understand that the system configuration will not be encrypted.

    Click Continue.

  12. On the Select service account page, select either This predefined account or This account to select the service account for all system components except for the recording server. If needed, enter a password. Click Continue.
  13. On the Select service account for recording server, select either This predefined account or This account to select the service account for the recording server.

    If needed, enter a password.

    The user name for the account must be a single word. It must not have a space.

    Click Continue.

  14. On the Specify recording server settings page, specify the different recording server settings:
    1. In the Recording server name field, enter the name of the recording server. The default is the name of the computer.
    2. The Management server address field shows the address and port number of the management server: localhost:80.
    3. In the Select your media database location field, select the location where you want to save your video recording. Milestone recommends that you save your video recordings in a separate location from where you install the software and not on the system drive. The default location is the drive with the most space available.
    4. In Retention time for video recordings field, define for how long you want to save the video recordings. You can enter from between 1 and 999 days, where 7 days is the default retention time.
    5. Click Continue.
  15. On the Select encryption page, you can secure the communication flows:

    • Between the recording servers, data collectors, and the management server

      To enable encryption for internal communication flows, in the Server certificate section, select a certificate.

      If you encrypt the connection from the recording server to the management server, the system requires that you also encrypt the connection from the management server to the recording server.

    • Between the recording servers and clients

      To enable encryption between recording servers and client components that retrieve data streams from the recording server, in the Streaming media certificate section, select a certificate.

    • Between the mobile server and clients

      To enable encryption between client components that retrieve data streams from the mobile server, in the Mobile streaming media certificate section, select a certificate.

    You can use the same certificate file for all system components or use different certificate files depending on the system components.

    For more information about preparing your system for secure communication, see Secure communication (explained) and the Milestone guide about certificates.

    You can also enable encryption after installation from the Server Configurator in the Management Server Manager tray icon in the notification area.

  16. On the Select file location and product language page, select the File location for the program files.

    If any Milestone XProtect VMS product is already installed on the computer, this field is disabled. The field displays the location where the component will be installed.

  17. In the Product language field, select the language in which to install your XProtect product. Click Install.

    The software now installs. When the installation completes, you see a list of successfully installed system components. Click Close.

  18. You may be prompted to restart the computer. After restarting your computer, depending on the security settings, one or more Windows security warnings may appear. Accept these and the installation completes.

  19. Configure your system in Management Client. See Initial configuration tasks list.
  20. Depending on your selections, install the remaining system components on other computers through the Download Manager. See Install new XProtect components.

SQL Server options during custom installation

Decide which SQL Server and database to use with the below options.

SQL Server options:

  • Install Microsoft® SQL Server® Express on this computer: This option is shown only if you do not have a SQL Server installed on the computer
  • Use the SQL Server on this computer: This option is shown only if a SQL Server is already installed on the computer

  • Select a SQL Server on your network through search: Enables you to search for all SQL Servers that are discoverable on your network subnet
  • Select a SQL Server on your network: Enables you to enter the address (host name or IP address) of a SQL Server that you might not be able to find through search

SQL database options:

  • Create new database: Mainly for new installations
  • Use existing database: Mainly for upgrades of existing installations. Milestone recommends that you reuse the existing SQL database and keep the existing data in it, so you do not lose your system configuration. You can also choose to overwrite the data in the SQL database