How to get here
- Log in to the memoQ server computer through Remote Desktop.
- Download the memoQ server setup package from our Downloads page: Click the orange Download button, and in the memoQ server row, click the Download link.
- When the download is complete, launch the file you downloaded.
- Windows may ask you to confirm to run the file. Click Yes or Run.
- The memoQ server deployment tool is installed on the server.
The memoQ Server Deployment Administration window opens.
You need the topmost section (memoQ server):
What can you do?
The data folder for memoQ server is displayed in the Data folder box, at the top of the window. To change it, click the (Browse) button next to the box, and browse to a different folder, preferably on a different physical disk or storage subsystem.
After you make your choice, stay in this screen, and set up the database for memoQ server. (See the next section on this page.)
The second section of the setup screen contains the database settings. By default, memoQ server setup will install a new SQL Server instance that is set up like this:
- It runs on the same computer as the memoQ server service;
- The SQL Server instance is called MemoQServer.
To choose a SQL Server instance that is running on a different computer, type the address of that computer in the SQL Server address box, and then click Choose to choose an instance from the other computer.
To choose a different SQL Server instance on the same computer, leave localhost in the SQL Server address text box, but click Choose to choose a different SQL Server instance on the same computer.
If SQL Server is not yet installed on the computer, the setup program will use these settings nevertheless. When you click Next, it will attempt to install a new instance using the SQL Server installer included in the memoQ server setup package. memoQ server 9.8 uses SQL Server 2014 Express.
Note: If you are using the memoQ server setup package that does not include the SQL Server installer (this is mainly available to developers), the memoQ server installer will look for the SQL Server instance that you specified, but it will not attempt to look for and run an SQL Server installer package.
memoQ server needs permissions to access SQL server: When you choose a SQL Server instance, two users - the person who is installing memoQ server and the memoQ server service account - need sufficient privileges to access the memoQ server database. Normally, the memoQ server setup program configures this, but it cannot do that if, for example, SQL Server is installed on a different computer, and the user installing memoQ server has insufficient privileges to configure permissions on databases.
Separate SQL Server? Do not forget the server-level and database-level roles of affected users.
If you install SQL Server separately, grant specific roles to at least two users.
- Over the SQL Server, the preferred server-level role is sysadmin.
- Over the memoQ server database, the memoQ server service user must be db_owner.
The user who installs and manages memoQ server on the server computer needs the following:
- Over the SQL server, the minimum role is bulkadmin (to make backups of the database), the preferred privilege is sysadmin.
- Over the memoQ server database, the user needs to be db_owner.
By default, the database is called MemoQServer. It is recommended to leave it that way.
Normally, the database file is stored in the data folder of memoQ server – if SQL Server is running on the same computer as memoQ server itself.
After you make your choice about the database (normally, you would leave the default settings as they are), stay on the same screen, and configure the service account for the memoQ server service.
At the bottom of the setup window, you can choose a service account for memoQ server. Practically, this is a ‘user’ on the Windows server, and memoQ server will be running under this user’s name. This means that the memoQ server service will have the same privileges and permissions as this user account.
Normally, memoQ server is set up to work under the name of a virtual service account (called NT SERVICE\MemoQ server service) on operating systems that allow this. This means that the memoQ server service has its separate user account, and it can be granted or denied permissions without affecting any other services or programs running on the server computer. This provides for maximum permission security, and will be the preferred option for most IT infrastructure specialists.
It is highly recommended to use the virtual service account: the memoQ server setup program will configure all necessary privileges and permissions for it.
After you choose the data folder, the SQL Server instance and the service account, click Next.
As a next step, you need to specify the initial administrative password for memoQ server. This will be the password of the ‘admin’ user. In addition, you can set a client connect address for your server. The client connect address is the Internet address or URL that memoQ clients will use to connect to your server. Before choosing and configuring a client connect address, make sure that your server will be accessible by this address.
To set the password, type the password twice in the upper half of this wizard page:
memoQ server enforces password complexity. You will not be able to use simple names or words as your password: it must be 12 characters or longer, and it must contain at least one lowercase letter, one capital letter, a digit, and a special character.
To change the client connect address - the external web address of memoQ server -, check the Override client connect address check box, and then type the client connect address in the Client connect address box.
Click the links at the bottom of this wizard page to adjust various settings for your memoQ server system. To learn more, read the next few sections from this topic.
After setting the password and configuring other settings, click Next.
memoQ server can encrypt the connection between the server and the memoQ desktop program. memoQ server can use the HTTPS or the TLS protocol for that purpose.
You need a certificate: Before you can configure HTTPS connections to memoQ server, you need a certificate on the same computer. You must acquire a certificate from a public certification authority, or else you must create a root certificate for your organization, and derive the server certificate from that.
If you have no public certificate, the memoQ server deployment tool – the installer – can create a self-signed certificate for you. To do this, click Configure Resources API in the Install memoQ server window. The Configure Resources API window appears:
You need to enable the Resources API before you can create the certificate. Do the following:
- Check the Enable Resources API check box.
- Click Install certificates. The memoQ server installer will create and install two certificates: a self-signed root certificate to sign the server certificate, and the server certificate itself. While this is happening, command-line windows may briefly appear on the screen.
- Once the certificates are created, you need to insert the thumbprint (a long numeric identifier) of the server certificate in the Certificate thumbprint box in the same window. To do this, click Use the generated certificate.
The thumbprint appears in the Certificate thumbprint box:
Click OK to use the certificate and enable the Resources API.
Reinstalling? Use the existing certificate, don't create a new one: On a computer, you only need to create the certificate once. If you reinstall memoQ server, you will not be able to create the certificate again. However, in this case, you can click Browse next to the Certificate thumbprint box, and choose the certificate from a menu.
If you are using a self-signed certificate, you may need to install the root certificate on the client computers. To retrieve this certificate, use the Certificates console in Windows, and save the certificate in a file. Transfer this file to the client computers, and use the Certificates console to install the root certificate there.
Once you create the certificate and enable the Resources API, you can use the same certificate to turn on secure connections for other protocols on memoQ server. To use the certificate for generic HTTPS connections to the memoQ server itself, do the following:
- In the Install memoQ server window, click Configure network connections. The Configure network protocols window opens:
- Check the HTTPS check box to enable HTTPS. For HTTPS to work, you need to specify the certificate you just created. Next to the Certificate thumbprint box, click Browse.
- In the Windows Security window that appears, click the certificate you have created, and then click OK. The thumbprint of the certificate (a very long hexadecimal string) will appear in the Certificate thumbprint box.
You can also set the port number where memoQ server will listen through each protocol.
Click OK to save the settings and return to the previous window.
If you plan to use the WS API: In the Install memoQ server window, click Configure Web Service API. The Configure Web Service API window opens. In this window, check the Use secure con-nection (https) check box. Next to the Certificate thumbprint box, click Browse. From the menu that appears, choose the same certificate you created with the Resources API.
Older memoQ versions don't have secure communication: Earlier versions of the memoQ desktop program – older than memoQ 2015 (7.8) – do not support secure communication. Both the memoQ desktop program and the memoQ server must be upgraded to the latest version (at the time of writing, memoQ 8.5).
Proxy servers are OK: HTTP and HTTPS support communication through proxy servers.
To change these settings or set them up later, use the Deployment tool again. In the memoQ server section, click Advanced, and from the menu, choose Configure server. This will open the Configure server window, which has a tab for the Network connection, and two other tabs for the Web Service API and the Resources API. To learn more, read the topic about configuring memoQ server.
The Web Service API or WS API is the main automation interface of memoQ server. Through the WS API, other programs – such as project management systems – can create and manage users, projects, and resources on memoQ server.
The WS API is licensed separately. memoQ server will not offer this interface if there is no specific license for it.
Exposing the WS API without protection is extremely dangerous. Although the API is not so easy to figure out, a thorough attacker can gain full control of the server in time.
You have three options to secure the WS API:
- Encryption – you can force callers to use a HTTPS connection, with the same certificate you used to secure the Resources API. (See the previous section on this page.)
- Shared secret or API key – you can force callers to authenticate using a so-called API key. The API key is the same for every caller, which means you need to protect it well: the more callers know the secret key, the less protected the API is.
- IP address filtering – Normally, the caller of the WS API will be a server application, running on a computer that has a fixed IP address. You can make sure that no-one can reach the WS API from any other IP address. In addition, if there are numerous callers, but they all belong to a corporate network, you can filter for the addresses of that network, excluding everyone else.
To set up security for the WS API: In the Install memoQ server wizard, click Configure Web Service API.
Do not enable the WS API if you are not using it. If you plan to use it later, keep the Enable the WS API check box cleared until there actually is at least one caller application in your organization. Check the check box only if the API needs to be called immediately after that.
In the Base address and security box, enter the address and port where the API will listen. The default port is 8080, but you can use any free port. Make sure that the firewall rules allow the callers to connect to memoQ server over this port. For the base address, enter the external address of the server (if the caller application is not on the same computer).
To turn on encryption, check the Use secure connection (https) check box, and choose a certificate. You must choose from existing certificates; you cannot generate or install a new certificate here. To acquire or install a new certificate, configure the security of the Resources API first. To learn how, see the previous section in this topic.
To restrict the IP address of the callers, click the Limit connections to a list of IP addresses radio button, and add the allowed IP addresses to the list below the radio button. You must add the IP ad-dresses one by one; you cannot add IP address ranges (subnets), only individual IP addresses.
To secure the connection using a secret key, check the Enable API key check box. This is a sort of password that callers must send before they can call on the WS API. The deployment tool will automatically fill in the API key box with a randomly generated API key.
If you need to change the auto-generated API key for any reason – for example, because your previous API key was compromised –, you can either paste another key from the clipboard, or make the installer generate a new one. It is recommended to keep the auto-generated key or generate a new one by clicking Generate new API key, because that makes sure that the key will be complex enough not to be guessed easily.
Always use encryption (https) when you use an API key. If the connection is not encrypted, an eavesdropping attacker could easily extract it from the network traffic, and then impersonate a legitimate caller.
If you set up an API key without using a secure connection (https) at the same time, the deployment tool will display a warning icon. If you place the mouse pointer over the icon, a message will appear saying your server will not be more secure this way:
These are only the security options that memoQ server offers out of the box. You can further strengthen security using industry-standard methods such as setting up a VPN or an IPSec connection to the memoQ server – then you can introduce proper authentication where the caller must impersonate a legitimate user of your network, and thus be identified more precisely.
Do not clear the Use advanced fault handling check box unless you need to use an application that was written for a memoQ server of version 5.0.52 or earlier. This fault handling mode is crucial for external programs to receive detailed error and status messages from the API.
You can enable or disable the WS API and configure its security later, after memoQ server is installed. To return to these settings, use the Deployment tool again. In the memoQ server section, click Advanced, and click Configure server. In the Configure server window, click the WS API tab.
memoQ server needs to send e-mails for several reasons. to configure how your system will send e-mails, click Configure e-mail SMTP options. You need to specify the e-mail server you are planning to use, and the e-mail address from which memoQ server will send e-mails:
- In the Server URL box, type the Internet address of your organization's e-mail server. If you are not sure, contact your IT staff.
Modern e-mail systems all require authentication - e-mails must always be sent from a mailbox that can be traced back to the organization. memoQ server will need a user name and a password to send e-mails.
- Check the Authentication check box. In the User name box, type the user name that memoQ server will use. In the Password box, type the password that belongs to that user name.
- Modern e-mail systems all use encryption as well. If your IT staff does not give you different information, check the SSL check box, and type 465 in the Port box. That is the most common configuration. (If the memoQ server is in the same secure area of the network as the e-mail server - behind the same firewall -, authentication and encryption may be unnecessary. If you are not sure, contact your IT staff.)
- Recipients need to know who is sending the e-mail (so that memoQ server does not send e-mails directly to the translators' Junk folders). Under Sender, fill in the Address and Name boxes. Address is the e-mail address of the memoQ server. Normally, it's a no-reply address because memoQ server does not read e-mails. The Name box has the full name for the memoQ server. Use a name that tells the user the e-mail is from a memoQ server.
- When everything else is filled in, type your own e-mail address in the Send test e-mail to box, and click Send test e-mail. Watch your e-mail program. If the test e-mail does not arrive in reasonable time, check the settings - but if you cannot find anything amiss, contact your IT staff to resolve the problem.
- After the test e-mail arrives, click OK. This will save the settings and return to the previous window.
There are several other settings in the last Install memoQ server window, but they are not required for memoQ server to start up. They can be configured later from the memoQ server deployment tool – see the following topics:
After you choose the data folder, the SQL Server instance, the service account, and at least your administrative password, the memoQ server setup program will check if all is set for a successful installation:
Troubleshooting: If the setup program complains that the database name is not unique in the SQL Server (that is, a red X appears next to Database name is unique in the SQL Server), you are probably attempting to use an existing memoQ server database, but the corresponding copy of memoQ server is no longer available on the server. To prevent this, do not remove the previous installation of memoQ server before you begin to install memoQ server's current version. However, if you have already done that, you can still install memoQ server, and start using your existing database. To learn how, see the Troubleshooting memoQ server topic.
If all checks pass, click Install to proceed with the installation.
memoQ server setup will install memoQ server:
When the Install has completed text appears, click Finish to return to the main setup screen. However, memoQ server needs to be activated before you can start it. If this is a first-time installation, the memoQ server activator program will start automatically.
Keep the main setup screen open while you activate memoQ server. You will be able to return to this screen to start the memoQ server service afterwards.
Read on: Activate and start memoQ server