Skip to content


This server installation guide will provide a complete walk through for the setup of Theopenem server (Toems) components. These components include the Toems-UI, the Toems-API, the Toec-API, and database. The installation of the endpoint agent (Toec) will be covered in the Client Installation Tutorial. If you have not yet read the Welcome Introduction, please read it before continuing.

The installation process is mostly automated with the MSI. The entire process should take about 20 minutes for you to complete.


  • Install .NET 4.6 (Only required if your server version is Server 2012R2. Newer server versions already have a greater version of .NET installed).
    .NET 4.6.2 can be downloaded here. If you wish to install a newer version of .NET greater than 4.6, that is fine also.
  • Assign your server a static ip address


Theopenem is a fully redundant and scalable application. Basic users can simply install everything on a single server. If you are more advanced or want more control over your system, you could do something like the example below. There is no limit to the number of servers you can use.

  • Application Server 1 - This application server runs all 3 required web applications.
  • Application Server 2 - This application server runs all 3 required web applications.
  • Database Server - Runs the backend database that both the Toems-API and Toec-API communicate with.
  • File Share - When more than one Toec-API or Toems-API server is installed, data replication must occur b/w the servers. An SMB file share is used for this purpose. The Toec agent does not communicate with this server. You can use any existing File Server for this purpose. If only a single Toec-API and Toems-API are used in your topology, the File Share is not needed.
  • DMZ Toec-API (Optional) - A Toec-API server can be setup in your DMZ to allow management of endpoints when they are offsite. This server should only run the Toec-API, you should never allow Toems-API or Toems-UI access from the outside.

Each application server should be dedicated to Theopenem and not shared with other web applications or services. The database server and file share can be on shared resources.

The Toec-API should never go through a load balancer. Load balancing and failover of the Toec-API is built into the Toec agent. Running the Toec-API through a load balancer could lead to authentication failures.

The diagram below shows the traffic flow among these services.