You are here

Installing Theatre Manager

Subscribe to Syndicate
This guide provides instructions for installing or upgrading Theatre Manager that is very similar on all platforms. Since Theatre Manager is a point of sale application for your venue that can deal with credit card information, care must be taken to install it using the steps that follow to ensure PCI compliance.

There are three components to the Theatre Manager System

  • The Postgresql database server
  • The Theatre Manager desktop application used by Box Office, Development, Marketing, Finance, etc for daily activities
  • The Web Services (also known as the Director) that can be configured to handle various web related functions including:
    • The TM Web Listener service that responds to all online patron requests.
    • The Web server that passes web requests from Patrons to the TM Web Listener

The installation of the database server, Theatre Manager and web sales is relatively simple and can be done in a few minutes.

The installation procedures are constantly updated with the latest instructions to implement Theatre Manager in a PCI manner.

Achieving PCI compliance for your venue comes with how you install it on your network and other protections you put in place. These protections are mandated by PCI standards regardless of whether or not you use software in your operation. We hope that our instructions make it easy for a merchant to meet PCI DSS compliance.

We have placed alerts similar to this throughout the installation documentation to signify areas of particular concern to the PCI standards council. Please pay particular attention to these alerts as they contain valuable information to assist venues meeting PCI compliance.

The steps that follow indicate how to install and run Theatre Manager in a manner that will help you meet your PCI compliance requirements as outlined in the latest PCI quick reference guide. A venue that chooses to opt out of some of the safety and security measures in this document needs to be aware that they have chosen to bypass some aspects of the compliance required in the merchant agreement with their bank and the PCI Security Standards Council that is operated by the credit card companies.

Venues may opt out of any compliance step by signing the appropriate area. The credit card companies have placed the onus on all point of sale software providers to help merchants meet compliance (instead of the banks) and highlight areas to address.

Theatre Manager assists you in meeting PCI compliance because:

  • it is audited and certified per PCI requirements by an accredited third party for your protection
  • it provides the following PA-DSS installation instructions designed to help you implement your internal card practices in a safe manner
Step Purpose Optional Installation instructions or link Who
1. Network Setup Mandatory Setting up network for PCI compliance Artsman Venue
2. Installation of Postgres Server Mandatory Platform specific install instructions ArtsMan
3. Installation of Theatre Manager Mandatory Platform specific install instructions Venue
4. Installation of a customer database Optional If this is the first time that Theatre Manager is being installed at a venue, an 'empty' venue specific serialized database will be provided. It will only contain the zip code lookup table and sample code tables. ArtsMan
5. Credit Card Authorization Optional Theatre Manager provides a selection of service providers for credit card authorization.

Venue Artsman

6. Installation of the Nginx Server Optional Installation of the Nginx server is platform specific if you are using web sales. ArtsMan
7. Setup TLS certificate Optional If you are using web sales, you must set up an TLS certificate and configure your firewall to allow web traffic. You will need to set up a DNS record for 'tickets.yourvenue.org' rather than assigning the TLS to a static IP address. ArtsMan
8. Upgrade of existing web pages Optional This step indicates the general changes to existing web pages that must be made when migrating from any version to any other version.

In addition, a venue must be aware of OWASP and should bookmark it in their browser. This site has a 'top 10' list of ongoing security considerations and standards for web site development. Arts Management reviews and implements each years suggestions annually - see this years top 10.

Finally, if you accept credit cards on the internet, you may need an application firewall as per PCI requirement 6.6 and the web pages are significantly changed. We are looking at mod_security and may put that into a future release of the apache server on your behalf.

Venue
9. Initial settings in TM Mandatory After Theatre Manager and the database have been installed, you will need to review minimum key standards and other security features for PCI compliance. ArtsMan Venue
10. Remote Access Optional This step is a discussion on remote access and what a venue need to do if they wish to provide that for themselves, for Remote Box Offices.

There are considerations for using RDP within the network and enabling security.

Arts Management uses a tool for remote remote support called teamviewer.

ArtsMan Venue
11. Policy Manual Additions mandatory These are some policies that should be added to the customer service and/or security policy manual at a venue for PCI compliance. Venue ArtsMan