search
Contact UsVisit GuardWare

GuardWare DISCOVER Server Installation and Setup Guide

hashtag
1. Overview

The GuardWare DISCOVER Server is the central management platform that coordinates all scanning operations across your organisation. Installing the DISCOVER Server establishes the foundation for your entire data discovery infrastructure.

Once installed, you gain a centralised platform to deploy DISCOVER Agents to endpoints, define what types of sensitive data to search for, schedule scans, receive alerts when sensitive data is found, and track remediation processes across your organisation.

This guide walks through the complete installation process, covering all necessary dependencies and configurations to get the GuardWare DISCOVER Server operational.

hashtag
2. Requirements

Before proceeding, ensure your server meets the following minimum requirements:

Specification
Requirement

CPU

8 cores or more

RAM

16 GB or more

Storage

Minimum 500 GB of disk space

Windows Server Version

2019 or later, fully updated, all patches installed

Administrator Access

Required for software installation and server configuration

Network Ports

443 (HTTPS), 3306 (MySQL), 6379 (Redis)

MySQL Version

MySQL version 8.4.4 or higher

Database User Privileges

CREATE, SELECT, INSERT, UPDATE, DELETE on the database

Mobile Device

Mobile device with Google or Microsoft Authenticator app installed

hashtag
3. Pre-Installation Requirements

Before installing the GuardWare DISCOVER Server Setup, the following software dependencies are needed on your device. These components are necessary to support the core server functions of DISCOVER.

GuardWare will provide all required installer files for these components as part of the DISCOVER Server installation package. You can also download the installer files from their official websites.

Component
Purpose

Microsoft Visual C++ Redistributable

Required to run applications built with Visual C++ libraries, including runtime components used by MySQL and its associated services.

MySQL

Serves as the database backend for DISCOVER. It stores configuration details, encryption metadata, user profiles, and other operational data.

Redis

Used as an in-memory cache and message broker to support real-time processing and improve system performance.

OpenSSL

Provides SSL/TLS certificate generation for HTTPS access and cryptographic operations. Used to create self-signed certificates or prepare certificates for Azure integration.

IIS (Internet Information Services)

Required to run DISCOVER components and handle all HTTPS requests.

IIS URL Rewrite Module

Ensures all incoming requests are routed correctly through the DISCOVER application, enabling proper handling of application paths and APIs.

hashtag
4. Install Microsoft Visual C++ Redistributable

The Microsoft Visual C++ Redistributable package contains essential runtime libraries that allow programs compiled with Microsoft Visual C++ to run on your system. The redistributable provides the necessary runtime components for memory management, core functions, and other operations that MySQL depends on to execute properly.

Without the Visual C++ Redistributable, the MySQL installation will fail, or MySQL services will not start, preventing DISCOVER from accessing its database. Installing this package first ensures that when you install MySQL in the next step, all required dependencies are already in place for it to run correctly.

  1. Download the appropriate Microsoft Visual C++ Redistributable from Microsoft’s official websitearrow-up-right, search for the installer, and double-click to launch it.

  1. Click I agree to the license terms and conditions, and click Install.

  1. Click Restart to reboot the device and complete the installation process.

hashtag
5. Install and Configure MySQL

MySQL is a relational database management system that serves as the central data repository for DISCOVER. Every time you create a scan job, execute a scan, or modify user permissions through the Management Console, that information is written to and retrieved from the MySQL database. The database does not store actual files or sensitive data discovered during scans, only metadata about scan configurations and results.

Without MySQL, DISCOVER has no persistent storage for its operational data. The server cannot function without a database to store configurations, track scan history, or maintain user accounts. Installing and properly configuring MySQL is critical because improper database setup can lead to connection failures when running the DISCOVER Server Setup.

  1. Visit MySQLarrow-up-right, configure the Product Version (version 8.4.4 or later), and select the Operating System from the drop-down.

  2. Click Download to save the MSI installer to your system.

  1. Locate the MSI installer, double-click to launch the MySQL Server Setup, and click Next.

  2. Read and accept the End User Licence Agreement (EULA) and click Next.

  1. When selecting the setup type, you have the option to choose between:

Typical
Installs the server, client, and essential tools quickly. Provides everything DISCOVER needs without extra components.

Custom

Lets you select only required components (server + client). Useful if you want to reduce disk usage, omit unnecessary tools, or deploy on a constrained system.

Complete

Includes all optional components, sample databases, and documentation. Larger footprint.

  1. Select either Typical or Complete and click Next.

  1. Click Install to begin the installation.

  1. Select Run MySQL Configurator if you wish to automatically launch the MySQL Configurator immediately after clicking Finish.

  1. If you did not select the Run MySQL Configurator on MySQL Server Setup, search MySQL Configurator from Search and click Open to launch it.

  1. Click Next on the Welcome screen.

  1. Select a path to the data directory. You can browse the path by clicking the button beside the dialogue box. This is where MySQL will store all database files, including the DISCOVER database. Ensure the selected location has sufficient space for database growth as scan history accumulates. Click Next.

  1. In the Type and Networking window, keep the default settings and note down the assigned port number. The default port is 3306. You will need this port number when configuring the DISCOVER Server to connect to MySQL. Click Next.

  1. Set a password for the root account and click Next. The root account has full administrative privileges over all MySQL databases. You will use this username (root) and password during the DISCOVER Server Setup to establish the database connection; therefore, store these credentials securely.

  1. In Windows Service, enable Configure MySQL Server as a Windows Service and Start the MySQL Server at System Startup. This ensures MySQL starts automatically when the server boots, so DISCOVER can always access the database without manual intervention.

  1. Adjust file permission settings as required for your environment, and click Next.

  1. Skip the sample database creation and click Next.

  2. Review the configuration summary and click Execute to apply the configurations.

  1. After configuration completes, click Finish to exit the configurator. MySQL is now installed and running as a Windows service, ready to store DISCOVER's operational data.

hashtag
6. Install Redis

Redis is an in-memory data store that DISCOVER uses to improve performance and support real-time operations. It temporarily caches frequently accessed data in RAM, allowing the Management Console to retrieve information much faster than querying the MySQL database for every request.

The server application is built with Redis as a required dependency for caching and session management.

  1. Download the Redis MSIarrow-up-right version 3.0.504 or above.

  1. Locate the MSI file and double-click to launch the Redis on Windows Setup.

  2. On the welcome screen, click Next.

  1. Read and accept the EULA and click Next.

  2. Select the Redis installation directory, select the Add the Redis installation folder to the PATH environment variable, then click Next. Adding Redis to the system PATH allows the DISCOVER Server to locate and communicate with Redis automatically without requiring manual configuration of the Redis executable location.

circle-exclamation

Ensure that the Add the Redis installation folder to the PATH environment variable is selected before proceeding.

  1. Enter the desired port number or leave the default value. The default port is 6379. Click the Add an exception to the Windows Firewall to create a firewall rule in Windows Defender Firewall that allows inbound network traffic to the Redis server's default port. This firewall exception is necessary if DISCOVER components need to access Redis over the network. Click Next.

  1. Choose whether to set a memory limit to restrict the maximum amount of RAM Redis can consume for storing in-memory data. Set the Max Memory limit as per your requirements (default 100MB, 1024MB recommended) and click Next.

  1. Click Install to begin the installation.

  1. Click Finish when installation completes.

hashtag
7. Install OpenSSL

OpenSSL is a cryptographic toolkit used to generate and manage SSL/TLS certificates for secure communications. DISCOVER requires an SSL certificate to enable HTTPS access to the Management Console for encrypted communication.

The certificate's public key may also be uploaded to Azure Entra ID and associated with an App Registration to enable certificate-based application authentication. This enables DISCOVER to authenticate with supported Azure services using OAuth 2.0 client credentials, eliminating the need for client secrets.

  1. Download Win32/64 OpenSSL for Windowsarrow-up-right (Win64 OpenSSL v3.6.0 or Win64 OpenSSL v3.6.0 Light recommended).

  1. Locate the installer (.msi or .exe) and double-click to launch it.

  2. Read and accept the license agreement and click Next.

  1. Select the installation directory (default: C:\Program Files\OpenSSL-Win64\) and click Next.

  1. Select a location to store the program’s shortcuts and click Next.

  1. In the Select Additional Tasks window, choose The OpenSSL binaries (/bin) directory. This copies the OpenSSL DLL files to the OpenSSL installation folder rather than the Windows system directory. Click Next.

  2. Click Install to begin the installation.

  3. Click Finish when installation completes.

hashtag
Add OpenSSL to System PATH

After installing OpenSSL on Windows, the bin folder (e.g., C:\Program Files\OpenSSL-Win64\bin) must be added to the system PATH environment variable. PATH tells Windows where to look for executables when you type a command in Command Prompt.

Without this, you would need to specify the full path to openssl.exe each time. Once added to PATH, you can run OpenSSL commands, such as openssl version or certificate generation commands, which are required in the following installation steps.

  1. Open Run, enter sysdm.cpl, and click OK.

  1. Go to Advanced and click Environment Variables

  1. In the System Variables section, search for Path and click Edit.

image-20260121-091000.png

  1. Click New and enter the OpenSSL path C:\Program Files\OpenSSL-Win64\bin to the system PATH environment variable.

image-20260121-091155.png

  1. Click OK on all windows to save the changes.

  2. To verify OpenSSL is correctly added to PATH, open a new Command Prompt window and type openssl version. The OpenSSL version will be displayed.

hashtag
8. Install IIS

Internet Information Services (IIS) is Microsoft’s web server platform that hosts the DISCOVER Management Console. IIS receives HTTPS requests from the web browser, processes those requests through the DISCOVER application, and serves the web-based interface that allows users to work in the Management Console.

Without IIS, the user cannot access the DISCOVER Management Console, as the web application requires a web server to handle HTTP/HTTPS traffic and deliver the user interface to browsers.

hashtag
Install IIS on Windows Server

  1. Click the Start menu, search for Server Manager, and open it.

  2. Click Add Roles and Features on the home screen, or click Manage in the top-right corner, and select Add Roles and Features.

  1. On Before You Begin, click Next.

  2. On the Select installation type, click Next.

  3. On Installation Type, select Role-based or feature-based installation, and click Next.

image-20251201-051423.png

  1. On Server Selection, click Select a server from the server pool, choose the server from the list, and click Next.

  1. On Server Roles, select Web Server (IIS) and also select the Include Management tools (if applicable). Click Add Features to close the window, and click Next.

  1. Click Next on Features.

  2. Click Next on Web Server Role (IIS).

  3. Expand the Role Services under Web Server (IIS), and add the following features:

  1. Click Next and select Install to begin the installation. Wait for the installation to complete, then click Close.

These features enable DISCOVER to process dynamic content through CGI, handle API requests through ISAPI extensions, compress responses for better performance, log requests for auditing, and enforce security restrictions. Each feature is required for specific DISCOVER functionality to work correctly.

  1. Verify by opening Run, typing inetmgr, and navigating to http://localhost in a browser. You will see the IIS welcome page.

hashtag
Install IIS on Windows (Alternative Option)

  1. Open Run, type optionalfeatures, and press Enter.

  1. Expand Internet Information Services.

  1. Select and add the following features:

  1. Click OK to begin the installation. Wait for the installation to complete.

  2. Verify the installation by opening Run, typing inetmgr, and pressing Enter, confirming that IIS opens.

hashtag
9. Install the IIS URL Rewrite Module

The IIS URL Rewrite Module is an add-on for Internet Information Services (IIS) that allows you to create rules for manipulating URLs, such as rewriting requests internally, redirecting traffic, enforcing HTTPS or canonical domains, and mapping clean, user-friendly URLs to backend query strings.

The module ensures that all incoming requests are routed through index.php, enabling proper handling of application paths and APIs.

  1. Download the IIS URL Rewritearrow-up-right Module installer.

  1. Locate the Installer MSI and double-click to launch it.

  2. On the IIS URL Rewrite Module 2 Setup welcome screen, read and accept the license agreement.

  3. Click Install to begin the URL rewrite process.

  1. Click Finish to exit the Setup Wizard.

hashtag
10. Install the GuardWare DISCOVER Server

The GuardWare DISCOVER Server Setup prepares the runtime environment for DISCOVER and connects to MySQL.

  1. Double-click to launch the GuardWare DISCOVER Server Setup Wizard and click Next.

  1. Read and accept the EULA and click Next.

  2. Choose a folder to install the DISCOVER Server and click Next.

  1. Here, you can either choose to install DISCOVER components as either Fresh or update them

    1. Selecting Fresh Install will take you to configuring and connecting to the database (continued in step 5).

    2. Selecting Update will update the DISCOVER Server.

      1. Select Update and click Next.

      2. Click Install to proceed with the selected options.

      3. Wait until the process completes and click Finish to exit the setup wizard safely.

circle-exclamation

Only select update if you have installed DISCOVER on your device and wish to update it. If DISCOVER is not installed, and you select Update, the installation process will fail.

  1. On the Database Connection page, enter the credentials that you entered when configuring MySQL:

    1. DB Host, DB Port (default is 3306), DB name (existing or a new database name), DB Username (default is root), and Password.

    2. Select Fresh Installation to create a new database with a clean schema. Make sure the DB Name is unique to avoid conflicts with any existing MySQL databases.

    3. If upgrading the server, enter an existing database name and select 'Database Exists' to connect DISCOVER to an existing MySQL database and update its schema. As this option may modify or remove existing data, make a backup of the database beforehand.

    4. Click Test Connection to check whether the entered information is valid or not.

circle-info

Entering a new DB Name (one that does not already exist), selecting Fresh Installation or Database Exist, and clicking Test Connection automatically creates a new database and verifies the connection.

  1. Enter the Super Admin’s name, email, and password, and click Next.

circle-info

These credentials will be required to log in to the DISCOVER Management Console, so store them securely.

  1. Select the HTTPS protocol and give the domain a name that you would like the IIS to access. You can have the following domain name formats:

circle-exclamation

If you do not have an SSL certificate ready, pause here and create a self-signed SSL certificate from PowerShellarrow-up-right or have one issued by a Certificate Authorityarrow-up-right and then have it exported in a .pfxformat. After that is ready, continue from here.

When selecting HTTPS, you must bind an SSL certificate in IIS for encrypted communication.

If the certificate file (e.g.,.pfx) was exported with a password, you must enter the same password in the Certificate Password section when attaching the certificate during server setup. This password is required to unlock and decrypt the private key contained within the certificate file.

Select the location where you want to install IIS, and then click Next.

  1. Click Install to begin the installation.

hashtag
Bind Self-Signed SSL Certificate to IIS (Optional)

If you created the SSL certificate in PowerShell and exported it in .pfx format, you will need to bind it to IIS to enable HTTPS access. By default, IIS does not automatically bind certificates; therefore, this step is required.

  1. Press the Windows key, type Internet Information Services (IIS) Manager, and press Enter.

  2. In the left Connections pane, expand your server name and expand Sites to see all hosted websites.

  3. Select the hosted site you want to bind the SSL certificate to and click Bindings… in the rightmost pane.

  1. Click Add.

  1. In Type, select https from the drop-down.

  2. In the IP address, select from either All Unassigned, IP Address, or IPv6 address.

Option
Description
When to Use

All Unassigned

Default option. The site accepts requests on any IP address configured on the server for the specified port (e.g., 443 for HTTPS).

When hosting a single HTTPS site or using SNI for multiple SSL sites on one IP.

Specific IP Address

Binds the site to a particular IP address assigned to the server. The site will only respond on that IP.

When hosting multiple SSL sites, each with its own dedicated IP address.

IPv6 Address

Displays IPv6 addresses if your server supports them. Works the same way as IPv4 bindings.

When using IPv6 networking or dual-stack (IPv4 and IPv6) configuration.

  1. Leave the Port value as is, and in the Host name field, enter the domain name for your site.

  1. Select the appropriate SSL Certificate from the drop-down and click OK.

  2. To test whether the binding is successful, close the Site Bindings window.

  3. On the rightmost pane, under Browse Website, click the https site; it will open in a new browser window.

hashtag
11. Log in to the Management Console

The Management Console is the web-based interface for GuardWare DISCOVER, where administrators can manage scans, view scan results, and perform remediation tasks. To access it:

  1. Navigate to the DISCOVER Management Console from a web browser. The exact URL depends on how the DISCOVER Server was configured during the server setup.

Access Method
URL Format
Notes

Local access on the server

https://localhost/gwapp/login

Use this when accessing DISCOVER directly on the server.

Access via configured domain

https://<domain-name>/gwapp/login

Requires the domain to resolve to the DISCOVER server’s IP via DNS or hosts file.

  1. Log in using the Super Admin credentials created during installation.

  2. On first login, configure Two-Factor Authentication:

    1. Scan the QR code with an authenticator app (Google or Microsoft).

    2. Enter the generated verification code.

  3. Update your password as prompted to complete initial setup.

hashtag
Uninstall the DISCOVER Server

Before proceeding, ensure you have administrative privileges and have backed up any necessary configuration files or data.

triangle-exclamation

Please follow the given instructions carefully, as failing to uninstall properly can cause residual files to remain in your system, leading to registry errors, wasted storage space, and potential conflicts if you reinstall the server later.

  1. Double-click the installer to launch the GuardWare DISCOVER Server Setup Wizard.

  2. Click Next.

  1. Select Remove and on the next page, click Remove.

  1. Wait for the process to complete. You may be prompted to restart your device to complete the uninstallation.

PreviousIntroduction to DISCOVERNextGuardWare DISCOVER Agent Installation: Endpoint Devices

Last updated