30 3001 835 v1.94 WebClient+Planning+and+Installation+Guide

Andover Continuum web.
Client
Planning and Installation Guide for Version 1.94
2012, Schneider Electric All Rights Reserved No part of this publication may be reproduced, read or stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of Schneider Electric. This document is produced in the United States of America. Andover Plain EnglishTM is a trademark of Schneider Electric. Andover InfinetTM is a trademark of Schneider Electric. All other trademarks are the property of their respective owners. Title: Andover Continuum web.Client Planning and Installation Guide web.Client Version 1.94 Schneider Electric part number: 30-3001-835 The information in this document is furnished for informational purposes only, is subject to change without notice, and should not be construed as a commitment by Schneider Electric. Schneider Electric assumes no liability for any errors or inaccuracies that may appear in this document. On October 1st, 2009, TAC became the Buildings Business of its parent company Schneider Electric. This document reflects the visual identity of Schneider Electric. However, there remain references to TAC as a corporate brand throughout the Andover Continuum software. In those instances, the documentation text still refers to TAC only to portray the user interface accurately. As the software is updated, these documentation references will be changed to reflect appropriate brand and software changes. All brand names, trademarks and registered marks are the property of their respective owners. Schneider Electric One High Street North Andover, MA 01845 (978) 975-9600 Fax: (978) 975-9782 http://www.schneider-electric.com/buildings
Andover Continuum web.Client Planning and Installation Guide

30-3001-835 Version 1.94
Contents
About this Manual .................................................................

Whats in this Manual ................................................................. Revision History .......................................................................... Related Documentation .............................................................. Symbols Used ..............................................................................
9
9 10 10 11
Chapter 1
Introduction to web.Client ...................................................

Overview ...................................................................................... web.Client Overview ................................................................... web.Client User Documentation ....................................... A Typical System before web.Client ........................................... A Typical System Implementing web.Client ............................. Differences between web.Client and CyberStation ...................
13
14 14 15 16 17 19
Chapter 2
System and Pre-Installation Requirements ........................

web.Client Setup Configurations ............................................... Hardware and Software Requirements for LAN System .......... Hardware and Software Requirements for a Standalone System Pre-Installation Microsoft Tasks ................................................ Installing System Software ............................................... .NET Framework 2.0 ......................................................... Installing IIS on Windows Server 2008 ............................ Installing IIS on Windows XP and Windows Server 2003 Registering File Extensions for Windows Server 2003 .... Configuring IIS for Windows 7 .......................................... Modifying Application Pools for Windows 7 and Windows Server 2008 ......................................................................... Registering File Extensions for Windows Server 2008 and
21
22 23 27 32 32 32 32 43 45 45 46
Windows 7 .......................................................................... SSL Considerations for the IIS PC ................................... Changing the Default TCP Web Port Number for the IIS PC ........................................................................... Disabling WinSock Proxy Client on Standalone System . Ensuring a Domain Membership Is Selected ................... Avoiding Invalid Characters in a Server Name ............... Disabling Windows Automatic Updates and Windows Firewall ............................................................................... Windows 7 and User Account Control Data Redirection .
50 51 52 52 52 52 53 55
Chapter 3
Installing and Configuring web.Client on the IIS PC .........
57
Overview ...................................................................................... 58 Installing web.Client on the IIS PC ........................................... 59 Creating and Initializing the Database on a Standalone IIS PC ................................................................................. 65 Adding web.Client to an Existing Standalone Database . 72 Initializing the Database on a LAN IIS PC ...................... 74 web.Client Video System Upgrades ........................................... 77 Routing Alarms to the IIS PC on a LAN System ..................... 79 Configuring Access Permissions for web.Client Users .... 80 Configuring Your Video Servers ................................................ 81 Configuring Graphics Folders for web.Client: Windows XP and Windows Server 2003 ................................................................. 82 Specifying a Local Folder as a Web Address for Windows XP and Windows Server 2003 ........................................... 82 Specifying a Network Folder as a Web Address for Windows XP and Windows Server 2003 ........................................... 83 Verifying Anonymous Access to Virtual Folders .............. 86 Configuring Graphics Folders for web.Client: Windows Server 2008 and Windows 7 ................................................................... 87 Setting Up an Application for Graphics on Windows Server 2008 and Windows 7 .......................................................... 87 Specifying a Local Folder as a Web Address for Windows Server 2008 and Windows 7 ........................................ 89 Specifying a Network Folder as a Web Address for Windows Server 2008 and Windows 7 ....................... 93 Giving Everyone Access to Graphics Files on Windows Server 2008 and Windows 7 .............................................. 95 Establishing Pinpoint Folders ................................................... 100
6 Schneider Electric
Configuring DCOM Default Security Settings ......................... Configuring Default Launch and Access Permissions ..... Disabling HTTP Keep-Alives ...................................................... Resetting Timeout and Live Events Via web.config File .......... Inactivity Timeout .............................................................. Live EventView .................................................................. Establishing SSL Support for Confidential Information .......... Using SSL Online Documentation .................................... Changing IE Security Internet Options to Accommodate SSL ...................................................................................... Enabling SSL for web.Client ............................................. Setting Up SSL for web.Client Pinpoint ........................... Changing the Default TCP Port Number ..................................
102 102 105 105 106 106 107 107 110 111 111 114
Chapter 4
Testing and Installing web.Client on a Client PC .............. 117

Overview ...................................................................................... Testing Access to and Installing web.Client on a Client PC ............................................................................ Before Getting Started ....................................................... Launching Internet Explorer in Windows 7 ..................... Installing the web.Client Utilities Control ....................... Installing Microsoft .NET Framework 2.0 ....................... Installing web.Client Pinpoint .......................................... If your IIS PC Uses IIS 6.0 and Windows Server 2003, Windows Server 2008, or Windows 7 ......................... Installing the Video Layout Control and .NET Framework 3.5 ........................................................................................ Setting Browser Zone Permissions for .NET Framework Download and Install .NET Framework SDK 2.0 ..... Run the Microsoft Code Access Security Policy Tool . Server Proxy Applications ................................................. Logging Out of web.Client .......................................................... 118 118 119 120 121 122 123 124 124 126 126 127 128 129
Chapter 5
Using web.Client to Set Up Your Organization .................. 131

Overview ...................................................................................... Example: Building a Security Management System ....... web.Client Security Basics ......................................................... Testing web.Client Security .............................................. Scenario 1: A Single-Building Company ....................................
132 132 133 135 136

7
How Is the Company Physically Divided? ........................ Who Are the Users? ........................................................... What Are the Security Levels? .......................................... Setting Up web.Client in CyberStation ............................ Scenario 2: A Global Company ................................................... What Are the Company Personnel Groups? ..................... Where Are the Company Facilities Located? ................... Who Are the Users? ........................................................... What Are the Security Levels? .......................................... Setting Up web.Client in CyberStation ............................
136 137 138 138 139 139 140 140 141 142
Appendix A
web.Client Security and Troubleshooting Tips .................

Tips .............................................................................................. Tip 1 - Ensuring Full System Access for at Least One User .............................................................................. Tip 2 - Placing PIM Files in a Single Folder .............. Tip 3 - Applying Security to non-web.Client Folders Tip 4 - Verifying DCOM Is Enabled ........................... Tip 5 - Enabling the Default Document .................... Tip 6 - Understanding Security Ramifications for IIS Applications ................................................................. Tip 7 - Be Sure that IIS Is Installed before .NET Framework ................................................................... Tip 8 - Changing IIS / Windows Server 2003 Resource Recycle Time ................................................................ Tip 9- Fixing a Web Location Access SOAP Error .....
143
144 144 144 145 146 146 147 148 148 149
Appendix B
web.Client Applications that Are Installed .........................

Installed Applications .................................................................
151
152
Appendix C
Guidelines for Upgrading to Version 1.94 ..........................

Upgrade Guidelines ....................................................................
153
154
Appendix D
SQL Express Installation Error Messages .........................

Overview ...................................................................................... SQL Express Installation Error Messages ................................
157
158 159
Schneider Electric
About this Manual
Whats in this Manual

z z z z z z z z z
Introduction to web.Client System and Pre-Installation Requirements Installing and Configuring web.Client on the IIS PC Testing and Installing web.Client on a Client PC Using web.Client to Set Up Your Organization web.Client Security and Troubleshooting Tips web.Client Applications that Are Installed Guidelines for Upgrading to Version 1.94 SQL Express Installation Error Messages
About this Manual
Revision History
This manual documents web.Client, Version 1.94. Revision History
Document Revision
1.94 1.93 1.92 1.91 1.9 1.82 1.81 1.8 1.74 1.73 1.71 1.7 1.62 1.6 1.52 1.5
Software Version
1.94 1.93 1.92 1.91 1.9 1.82 1.81 1.8 1.74 1.73 1.71 1.7 1.62 1.6 1.52 1.5
Date
June 2012 March 2011 December, 2010 February, 2010 August, 2008 January, 2008 June, 2007 December, 2006 August, 2006 January, 2006 May, 2005 December, 2004 March, 2004 August, 2003 December, 2002 October, 2002
Related Documentation
For additional or related information, refer to these documents. Related Documents
Document
Andover Continuum CyberStation Installation Guide CyberStation Access Control Essentials Guide CyberStation HVAC Essentials Guide web.Client online help (Version 1.94) 10 Schneider Electric
Document Number
30-3001-720 30-3001-405 30-3001-1000
About this Manual
Symbols Used
The Notes, Cautions, Warnings, and Hazards in this manual are defined, as follows.
Note: Notes contain additional information of interest to the user.
CAUTION Type of hazard

How to avoid hazard.
Failure to observe this precaution can result in injury or equipment damage.
WARNING Type of hazard

Failure to observe this precaution can result in severe injury.
DANGER ELECTRIC SHOCK HAZARD

Failure to observe these instructions will result in death or serious injury.
11
About this Manual
12
Schneider Electric
Chapter 1
Introduction to web.Client
This chapter contains the following topics:

z z z z z
web.Client Overview web.Client User Documentation A Typical System before web.Client A Typical System Implementing web.Client Differences between web.Client and CyberStation
13
Chapter 1: Introduction to web.Client
Overview
This manual provides you, the system administrator, with general information for planning, installing, and configuring your Andover Continuum web.Client system, version 1.94.
CAUTION This manual is for system administrators.
To use the installation and setup procedures in this manual you must be a system administrator with experience in setting up a web server. You must also have experience using Microsoft system software and understand that there are graphical user-interface differences between the different Windows platforms. For detailed information about Microsoft software, please see your Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
Failure to observe this precaution can result in incorrect system configuration. Note: The procedures in this manual presume you and your users are installing or
upgrading to web.Client version 1.94. You must meet the software and hardware requirements compatible with version 1.94. Refer to Chapter 2, System and Pre-Installation Requirements.
web.Client Overview
web.Client is an application that provides you with web-enabled access everywhere, all the time. By using a standard browser, your authorized personnel can access the Continuum facility management system in real time across your sites local area network (LAN) or across your wide-area network (WAN). web.Client is either added to a LAN Andover Continuum CyberStation system or installed with a standalone CyberStation on a single PC. With the basic web.Client Personnel Manager option, your users can:
z z z
Create, search for, edit, and delete personnel records Change employee access privileges View a persons access events
View and generate reports of all access events, including area access events, access events by persons, and distribution-event transactions via the Access Distribution View Edit and view schedules and calendars. Change a password.
z z
With the advanced web.Client Pro option, your users have all the features of the basic web.Client Personnel Manager option as well as the following additional features:
z
Create, run, and view graphical reports (class object Report), including bar charts, pie charts, trend charts, text reports, and so on. List and view graphics and groups View live system alarms and live events View live video, as well as search for and view recorded video, via the class object, VideoLayout. Search for web.Client objects by exploring a folder tree hierarchy or a network/device tree hierarchy, or by using a text search engine Edit and view Loops and TrendLogs.
z z z z z
For complete information about any of these features, please see the web.Client online help.
web.Client User Documentation

Extensive online help is available within the web.Client application browser window. Click the question mark button. This button appears at the top of every web.Client screen. The online help covers all of the major features in the web.Client user interface.
15
A Typical System before web.Client

The following illustration shows how your Continuum system is used before web.Client.
A Continuum system without web.Client consists of a database server and high powered, dedicated workstations. Also note that all administration must be performed at one of the dedicated workstations. The following illustration shows what the administration of the typical system would entail. In this security example, a single administrator is responsible for assigning all security privileges for engineering and manufacturing personnel.
16
Schneider Electric
A Typical System Implementing web.Client

Illustrations on the next page show how your system is utilized when web.Client is added to a Continuum system. As shown in the second illustration, a web.Client local area network (LAN) system consists of:
z z z z
A database server Dedicated workstations for configuration A dedicated web.Client application server PCs running Internet Explorer 8.0 connecting web.Client
with web.Client. A LAN system has two servers: a database server and a web.Client application server. In a standalone system, the database and web.Client application reside on one server. Chapter 2, System and PreInstallation Requirements, provides detailed requirements for both systems.
Note: You will be installing either a web.Client for a LAN system or a standalone
You can delegate security tasks to authorized personnel who then assign security privileges for their departments (in this case, engineering and manufacturing personnel). You use the dedicated workstation, and the authorized personnel use web.Client on their own computers. In the administration of a web.Client system, for example, you would be responsible for assigning privileges to engineering and manufacturing designees, who in turn are responsible for assigning all security privileges for engineering and manufacturing personnel. Similarly, you could grant access rights to:
z z z z z
An employee to adjust the temperature after viewing current conditions A coordinator to schedule a conference room and activate the lighting A technician to take control of an air handler during service A manager to search video for an incident A facilities manager to graphically monitor and adjust building conditions and monitor alarms
17
18
Schneider Electric
Differences between web.Client and CyberStation

web.Client is an extension of CyberStation. Through the convenience of a web browser, you can view, monitor, and in some cases modify objects and their values. (These include BACnet objects, since CyberStation and web.Client support the BACnet ANSI/ASHRAE standard.) However, there are some differences between what your users can do in web.Client vs. CyberStation. You generally use web.Client to view and monitor objects that were defined in CyberStation. The following table lists the levels of support offered with each major web.Client feature. For information on web.Client features, see the web.Client online help. web.Client Levels of Support
LEVELS OF web.Client SUPPORT Feature View Modify
Personnel Schedules and Calendars X X X X
Delete
X X Events within schedules only
Create
X Events within schedules only X
Reports Areas Groups Loops Graphics Alarms Events Distribution Events Points and objects
X X X X X X X X X
X X X X X X Except: BACnet objects cannot be deleted.
TrendLogs Video Doors Controller Web Pages
X X X X
X
1
1. Video can be modified, but not saved. For example, you can change cameras, show/hide time, change focus, zoom, but you will lose these changes if the page is refreshed or you open another editor.
19
20
Schneider Electric
Chapter 2
System and Pre-Installation Requirements

z z z z
web.Client Setup Configurations Hardware and Software Requirements for LAN System Hardware and Software Requirements for a Standalone System Pre-Installation Microsoft Tasks
Note: Before installing or upgrading to web.Client version 1.94, be sure the

requirements outlined in this chapter are satisfied. web.Client users must have a password to log on.
21
Chapter 2: System and Pre-Installation Requirements
web.Client Setup Configurations

Depending on your web.Client version 1.94 package and configuration, you are setting up either:
z z
web.Client local area network (LAN) system A standalone single user system with web.Client
LAN system: The web.Client LAN system comprises a Continuum/ SQL database server and an Internet Information Services (IIS) server dedicated to running the web.Client application. On a LAN system, the IIS server can be a Windows XP Professional workstation, Windows Server 2003, Windows Server 2008, or Windows 7 machine. Each supports a different number of user connections, however. See the table below for more details. Standalone system: The standalone single user system with web.Client comprises one PC on which the Continuum/SQL Express database, IIS, and the web.Client application all reside. A standalone system PC may also run Windows XP Professional workstation, Windows Server 2003, or Windows 7. The following table lists the maximum number of web.Client version 1.94 users per server, as well as the maximum number of CyberStations and IIS servers, for each type of setup: Maximum Number of web.Client 1.94 Users Per Server
Maximum Number of web.Client Users Per Server When IIS Is Installed on Windows Server 2003 25
1
System LAN Standalone
When IIS Is Installed on Windows Server 2008 25 2
When IIS Is Installed on Windows XP Professional Workstation
When IIS is installed on Windows 7 Number of CyberStations 2 2 Unlimited 1 Number of IIS Servers Unlimited 1
2 2
22
Schneider Electric
1. A total of three machines (web.Client browser PCs plus CyberStations) is the maximum number allowed on a standalone system. This means the following combinations are valid: Two web.Client connections and one CyberStation, one web.Client connection and two CyberStations, or three CyberStations (if there are no web.Client connections).
Hardware and Software Requirements for LAN System

A web.Client LAN system has two server types:
z z
Continuum/SQL database server IIS server (one for every 25 users)
If your system has no more than 25 users, select one server as the web.Client IIS server. This IIS server should be dedicated to running the web.Client application. For a larger LAN system (at least for any system having more than 25 users) your site must have more than one IIS server.
Depending on your particular LAN installation, the IIS server can be:
z z z z
Windows XP Professional workstation (maximum of two users) Windows Server 2003 (maximum of 25 users per IIS server) Windows Server 2008 (maximum of 25 users per IIS server) Windows 7 (maximum of two users per IIS server)
23
The IIS server must be on a network that can connect to the Continuum/SQL database server. The browser PCs must be on a network that can connect to the IIS server. web.Client version 1.94 will upgrade any previous version on IIS server. web.Client 1.94 includes CyberStation 1.94, and installing it upgrades the IIS machine to 1.94. Workstations not at version 1.94 must be upgraded before installing web.Client. See also:
z z z
Chapter 3, Installing and Configuring web.Client on the IIS PC Appendix C, Guidelines for Upgrading to Version 1.94 Andover Continuum CyberStation Installation Guide, 30-3001-720
The following table shows the hardware and software requirements for the IIS server and the client browser on LAN systems. Hardware Requirements for IIS Server for LAN Systems
Minimum
Intel CoreTM 2, Duo, 1.66 GHz or better1, 2 2 Gb RAM or higher2 plus 5 Mb per connection 15 Gb free space (NTFS Partition) CD ROM drive Video resolution: 1024 x 768 pixels Parallel or USB port
Recommended
Quad core1 2 GHz or better 4 Gb RAM plus 5 Mb per connection 30 Gb free space (NTFS Partition) CD ROM drive Video resolution: 1024 x 768 pixels Parallel or USB port
1. Memory and processor speed - Performance is directly related to processor speed and RAM. Increasing hard drive size allows for growth of applications (graphics, programs, and so on). Faster processor speeds and more RAM available to the program will increase performance. 2 Use Recommended requirement for systems with integrated video.
Note: Every connection to the IIS server by a browser PC accessing web.Client uses 5
MB of RAM on the IIS server. (For example, two browser PCs connected to the IIS server accessing web.Client use 10 MB of RAM on the IIS server. For this configuration, Schneider Electric recommends a minimum of 512 MB plus 10 MB (used by the two PCs) or a minimum of 522 MB of RAM on the IIS Server.)
24
Schneider Electric
The following table shows the video-specific hardware requirements for the IIS server on LAN systems. Video-Specific Requirements
Minimum
100 Mbps network port Graphics card with DirectX 9.x or later with 256 Mb of dedicated RAM
Recommended
1 Gb network port DirectX 10 graphics device with WDDM 1.0 or higher driver with 512 Mb of dedicated RAM
Note: Andover Continuum uses stream 2 to display video through video interfaces. Per standard Pelco Endura video configuration, you should configure stream 2. When doing so, be sure to set a lower resolution and smaller frame rate. Otherwise, the performance of your PC may be negatively affected. Be aware that Andover Continuum only supports H.264 and MPEG4 video formats.
The following software is recommended for LAN systems. Software for LAN Systems
Tested & Supported Software for LAN Systems1 Microsoft Windows XP Professional workstation (SP3) Server
OR: Microsoft Windows Server 2003 (SP2) OR: Microsoft Windows Server 2003 R2 (SP2) OR:
Microsoft Windows Server 2008 using SQL 20082 OR: Microsoft Windows Server 2008 R2 32-bit or 64-bit modes using SQL Server 20082 OR: Microsoft Windows 7 Professional OR: Microsoft Windows 7 Ultimate
Browser
For Windows XP and Server 2003: Internet Explorer 8.0
For Windows 7: Internet Explorer 8.0 Note: Be aware that web.Client only supports the 32-bit version of Internet Explorer.
Internet
IIS: Microsoft Windows XP: IIS 5.0 Microsoft Windows Server 2003: IIS 6.0 Microsoft 7: IIS 7.0
CyberStation Andover Continuum CyberStation Version 1.94

Andover Continuum web.Client Planning and Installation Guide 25
Software for LAN Systems

Tested & Supported Software for LAN Systems1 SQL Server 2000 (SP4) Database
OR: SQL Server 2005 (SP3) OR: SQL Server 2008 (SP1) OR: SQL Server 2008 R2
When you are prompted to select an authentication mode, select Mixed Mode. For more information, please see the Andover Continuum CyberStation Installation Guide, 30-3001-720.
Network protocol Other
TCP/IP Microsoft .NET Framework version 2.0 AND: Microsoft .NET Framework version 3.5 (SP1) Windows Installer 3.1
1. Internet Explorer, IIS, and TCP/IP are included with the Microsoft operating systems. Upgrades and service packs are available free of charge from Microsofts web site, www.microsoft.com. 2. No CyberStation or webClient software installed.
26
Schneider Electric
The following table shows the Browser PCs that are recommended for LAN systems. Browser PCs for Users on a LAN System
Tested & Supported Browser PCs for Users on a LAN System Hardware
The video feature requires network access to a digital video recorder. This may require you to open port 18772 or establish a Virtual Private Network (VPN) connection if there is a firewall.
Software
The client browser PC on a LAN system can be running one of the following:
z z z
Windows XP Professional (SP3) Windows Server 2003 (SP2) or Windows Server 2003 R2 (SP2) Windows 7 Professional or Windows 7 Ultimate
For Windows XP and Windows Server 2003: Internet Explorer 8.0 For Windows 7: Internet Explorer 8.0 Verify IE defaults are enabled for: Cookies and JavaScript
Hardware and Software Requirements for a Standalone System

On a single-user standalone system with web.Client, the Continuum SQL Express database, IIS, and the web.Client application are all installed on one Windows XP Professional workstation, one Windows Server 2003, or one Windows 7 machine.
Note: The standalone system can accommodate two user connections (browser PCs).
If you require more than two users, then you must upgrade to a LAN system with Windows Server 2003 (maximum 25 users).
web.Client version 1.94 will upgrade any previous versions IIS server. web.Client 1.94 includes Cyberstation 1.94, and installing it upgrades the IIS machine to 1.94. Workstations other than the IIS server that are not at version 1.94 must be upgraded before installing web.Client.
(Refer to the Andover Continuum CyberStation Installation Guide, 303001-720, for upgrade procedures.) See also:
z z z
Chapter 3, Installing and Configuring web.Client on the IIS PC Appendix C, Guidelines for Upgrading to Version 1.94 Andover Continuum CyberStation Installation Guide, 30-3001-720
The following table lists hardware and software requirements for the IIS workstation and the client browser on standalone systems. Hardware Requirements for Standalone Systems
Minimum
Intel CoreTM 2, Duo, 1.66 GHz or better1
1, 2
Recommended
Quad core1 2 GHz or better 4 Gb RAM 30 Gb free space CD ROM drive Video resolution: 1024 x 768 pixels Parallel or USB port
2 Gb RAM or higher2 15 Gb free space CD ROM drive Video resolution: 1024 x 768 pixels Parallel or USB port
1. Memory and processor speed - Performance is directly related to processor speed and RAM. Increasing hard drive size allows for growth of applications (graphics, programs, and so on). Faster processor speeds and more RAM available to the program will increase performance. 2. Use Recommended requirement for systems with integrated video.
Note: Every connection to the IIS server by a browser PC accessing web.Client uses 5
MB of RAM on the IIS server. For example, two browser PCs connected to the IIS server accessing web.Client use 10 MB of RAM on the IIS server. In this configuration, Schneider Electric recommends a minimum of 512 MB plus 10 MB (used by the two PCs) or a minimum of 522 MB of RAM on the IIS Server.)
28
Schneider Electric
The following table shows the video-specific hardware requirements for the IIS workstation on a standalone system. Video-Specific Requirements
Minimum
100 Mbps network port Graphics card with DirectX 9.x or later with 256 Mb of dedicated RAM
Recommended
1 Gb network port DirectX 10 graphics device with WDDM 1.0 or higher driver with 512 Mb of dedicated RAM
Note: Andover Continuum uses stream 2 to display video through video interfaces. Per standard Pelco Endura video configuration, you should configure stream 2. When doing so, be sure to set a lower resolution and smaller frame rate. Otherwise, the performance on your PC may be negatively affected. Be aware that Andover Continuum only supports H.264 and MPEG4 video formats.
The following table shows the software that is recommended for standalone systems. Software for Standalone Systems
Tested & Supported Software for Standalone Systems Server
Microsoft Windows XP Professional workstation (SP3) OR: Microsoft Windows Server 2003 (SP2) OR: Microsoft Server 2003 R2 (SP2) OR: Microsoft Windows Server 2008 using SQL 20081 OR: Microsoft Windows Server 2008 R2 32-bit or 64-bit modes using SQL Server 20081 OR: Microsoft Windows Windows 7 Professional OR: Microsoft Windows 7 Ultimate
Browser
For Windows XP, or Windows Server 2003: Internet Explorer 8.0 For Windows 7: Internet Explorer 8.0 Note: Be aware that web.Client only supports the 32-bit version of Internet Explorer.
Internet
IIS: Microsoft Windows XP: IIS 5.0 Microsoft Windows Server 2003: IIS 6.0 Microsoft Windows 7: IIS 7.0 Andover Continuum CyberStation Version 1.94 Andover Continuum web.Client Planning and Installation Guide 29
CyberStation
Software for Standalone Systems (continued)

Tested & Supported Software for Standalone Systems Database
SQL Express database engine with the Continuum database (SP4)
Note: If you are upgrading version 1.94, your database engine is
automatically upgraded to SQL Express, if SQL Express is not already installed. (See also Chapter 3, Installing and Configuring web.Client on the IIS PC , Appendix C, Guidelines for Upgrading to Version 1.94,.and the Microsoft web site).
Network protocol
TCP/IP
Note: Internet Explorer, IIS, and TCP/IP are included with the
Microsoft operating systems. Upgrades and service packs are available free of charge from their web site, www.microsoft.com.
Other
Microsoft .NET Framework version 2.0 AND: Microsoft .NET Framework version 3.5 (SP1) Windows Installer 3.1
1. No CyberStation or web.Client software installed.
30
Schneider Electric
The following table shows the browser PCs that are recommended for standalone systems. Browser PCs for Users on a Standalone System
Tested & Supported Browser PCs for Users on a Standalone System Hardware
The video feature requires network access to a digital video recorder. This may require you to open port 18772 or establish a Virtual Private Network (VPN) connection if there is a firewall.
Software
The client browser PC on a standalone system can be running one of the following:
z z z
Windows XP Professional (SP3) Windows Server 2003 (SP2) or Windows Server 2003 R2 (SP2) Windows 7 Professional or Windows 7 Ultimate
For Windows XP, or Server 2003: Internet Explorer 8.0
For Windows 7: Internet Explorer 8.0 Verify IE defaults are enabled for Cookies and JavaScript
31
Pre-Installation Microsoft Tasks

Before installing web.Client, perform the following tasks.
CAUTION Microsoft system experience required.
To perform this standard Microsoft procedure, you must have administrative experience using Microsoft system software and understand that there are differences in the graphical user interfaces between different Windows platforms. User interface illustrations are not always provided. Please see your Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
Failure to observe this precaution can result in incorrect system configuration.
Installing System Software

Install the operating system, TCP/IP, and PC system software that meet the requirements specified earlier in this chapter.
.NET Framework 2.0

Note: If IIS is installed after .NET Framework, you will experience problems opening
web.Client Pinpoint graphics and some web.Client editors.
To avoid this problem, be sure that IIS has been installed on the server before Microsoft .NET Framework 2.0 is installed. If Microsoft Windows already comes with .NET Framework 2.0, or you have downloaded .NET Framework 2.0 separately during a Windows upgrade before IIS is installed, run the following command:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i
Installing IIS on Windows Server 2008

For Windows Server 2008, install Internet Information Services (IIS) on the designated web.Client application server (LAN systems) or the standalone CyberStation/web.Client workstation (standalone system).
The LAN web.Client application server and standalone CyberStation/ web.Client workstation are generically called IIS PC in this manual for both systems.
1.
Start the Server Manager by clicking in the Administrative Tools menu.
2.
In the Server Manager, go to Roles and click Add Roles.
33
3.
In the Add Roles Wizard, Before You Begin page, click Next.
34
Schneider Electric
4.
In the Select Server Roles page, check the Application Server checkbox to install .Net Framework 3 as a prerequisite.
35
5.
Click Add Required Features.
6.
In the Select Server Roles page, click Next.
36
Schneider Electric
7.
.
In the Application Server page, click Next.
8.
In the Select Server Roles page, check the following checkboxes: Web Server (IIS) Support, HTTP Activation, and Message Queuing Activation.
An Add role services/features required dialog displays for each of your role service selections.
9.
Click the Add Required Role Services or Add Required Features button to install additional features for Web Server (IIS) Support, HTTP Activation, and Message Queuing Activation.
38
Schneider Electric
10. In the Select Role Services page, click Next.
39
11. In the Web Server (IIS) page, click Next.
40
Schneider Electric
12. In the Select Role Services page, check the IIS 6 Management
Compatibility checkbox.
13. Click Next. 14. In the Confirm Installation Selections page, click Install to
verify your selections.
41
An Installation Progress page displays with information on the roles, role services, or features being installed.
15. When the Installation Results page displays, click Close.
42
Schneider Electric
Installing IIS on Windows XP and Windows Server 2003

Note: If you have Windows 7, see Configuring IIS for Windows 7.
For Windows XP and Windows Server 2003, install IIS on the designated web.Client application server (LAN systems) or the standalone CyberStation/web.Client workstation (standalone system). The LAN web.Client application server and standalone CyberStation/ web.Client workstation are generically called IIS PC in this manual for both systems. For Windows XP: Follow this procedure to install IIS 5.0:
1. 2. 3.
From the Control Panel, open Add/Remove Programs. The Add/Remove Programs dialog appears. Select Add/Remove Windows Components. The Windows Components Wizard (Windows Components) screen appears. Check the Internet Information Services (IIS) checkbox, and click Next to install.
4.
After the Wizard completes the component-configuration process, which may take several minutes, click Finish.
For Windows Server 2003: Follow this procedure to install IIS 6.0:
1. 2. 3. 4. 5.
From the Control Panel, open Add/Remove Programs. The Add/Remove Programs dialog appears. Select Add/Remove Windows Components. The Windows Components Wizard (Windows Components screen) appears. Check the Application Server checkbox. Select and highlight Application Server, and click the Details button. The Application Server dialog appears. Check the following checkboxes: ASP.NET, Application Server Console, Enable network COM+ access, and Internet Information Services (IIS). In the Application Server dialog, select and highlight Internet Information Services (IIS) and click the Details button. The Internet Information Services (IIS) dialog appears. Check the following checkboxes: Common Files, Internet Information Services Manager, and World Wide Web Service. In the Internet Information Services (IIS) dialog, select and highlight World Wide Web Service, and click the Details button. The World Wide Web Service dialog appears. Check the following checkboxes: Active Server Pages, Internet Data Connector, Server Side Includes, WebDAV Publishing, and World Wide Web Service.
6.
7.
8.
9.
10. Click the OK button back through all three dialogs. 11. Click Next in the Wizards Configuring Components screen. A
progress bar appears on this screen during the configuration process, which may take several minutes. Please wait.
12. After the Wizard completes the component-configuration process,
click Finish.
44
Schneider Electric
Registering File Extensions for Windows Server 2003

If you have Windows Server 2003, you must also register the .PIN and .EMF file extensions in the IIS MIME Types (for web.Client Pinpoint graphics). After IIS installation on Server 2003, follow this procedure:
1. 2.
From the Control Panel, double click and open Administrative Tools. The Administrative Tools dialog appears. Double click and open Internet Information Services (IIS) Manager. The Internet Information Services (IIS) Manager dialog appears. In the tree, right click on the machine name, and select Properties from the popup menu. The Properties dialog appears. Click the MIME Types button. The MIME Types dialog appears. Click the NEW button. The MIME Type dialog appears. In the Extension field, enter .pin and in the MIME type field, enter pinfiles/plain. Click OK and repeat steps 5 and 6, but in the Extension field, enter .emf and in the MIME type field, enter image/emf. Click OK three times back through the dialogs. Restart your machine, follow the other pre-installation tasks, and follow the installation procedures in Installing and Configuring web.Client on the IIS PC and Testing and Installing web.Client on a Client PC.
3. 4. 5. 6. 7. 8. 9.
Configuring IIS for Windows 7

If you are installing web.Client on Windows 7, you must configure IIS settings, as follows.
1. 2.
From the Control Panel, open Programs and Features. Under Tasks on the left, click Turn Windows features on or off.
3. 4.
In the Windows Features (Turn Windows features on or off) dialog, in the tree, expand Internet Information Services. Under Internet Information Services, expand Web Management Tools, then expand IIS 6 Management Compatibility. Check only the following checkboxes: IIS 6 Management Console, IIS Metabase and IIS 6 configuration compatibility, and IIS Management Console. Other checkboxes must be cleared. Under Internet Information Services, expand World Wide Web Services, then expand Application Development Features, Common Http Features, Health and Diagnostics, Performance Features, and Security. Check only the following checkboxes: .NET Extensibility, ASP.NET, ISAPI Extensions, ISAPI Filters, Default Document, Directory Browsing, HTTP Errors, Static Content, HTTP Logging, Request Monitor, Static Content Compression, Request Filtering, and Windows Authentication. Other checkboxes must be cleared. Click OK.
5.
6.
7.
8.
Restart your machine, follow the other pre-installation tasks, and follow the installation procedures in Installing and Configuring web.Client on the IIS PC and Testing and Installing web.Client on a Client PC.
Modifying Application Pools for Windows 7 and Windows Server 2008

After IIS installation and configuration on Windows 7 and Windows Server 2008, follow these procedures to modify Application Pools in order for web.Client to run:
1. 2.
Open IIS Manager. Expand the computer name in the left-hand pane and click on Application Pools in the system tree view.
46
Schneider Electric
3.
Select DefaultAppPool and click Set Application Pool Defaults.
4. 5.
In the Application Pool Defaults dialog box, select Identity under Process Model. When the selection control appears in the second column, click this button.
47
6.
In the Application Pool Identity dialog box, select Network Service in the dropdown menu under Built-in account.
7. 8.
Click OK. Then, click OK once more in the Application Pool Defaults dialog box.
Perform the following steps for 64-bit Systems only:

1. 2.
Open IIS Manager. Expand the computer name in the left-hand pane and click on Application Pools in the system tree view.
48
Schneider Electric
3.
Select DefaultAppPool and click Advanced Settings.
4.
.
In the Advanced Settings dialog box, change the Enable 32-bit Applications option to True.
49
Registering File Extensions for Windows Server 2008 and Windows 7

If you have Windows Server 2008 and Windows 7, you must also register the .PIN and .EMF file extensions in the IIS MIME Types (for web.Client Pinpoint graphics). After IIS installation and configuration on Windows Server 2008 and Windows 7, follow this procedure:
1. 2. 3. 4. 5. 6.
Access Internet Information Services (IIS) Manager. In the Connections tree, select the machine name. In the content pane, under IIS, double click MIME Types. The Add MIME Type dialog appears. Under Actions, click Add. In the File name extension field, enter .pin. In the MIME type field, enter pinfiles/plain.
7.
Click OK and repeat Steps 4, 5, and 6, but in the File name extension field, enter .emf and in the MIME type field, enter image/emf. Click OK. Restart your machine, follow the other pre-installation tasks, and follow the installation procedures in Installing and Configuring web.Client on the IIS PC and Testing and Installing web.Client on a Client PC.
8. 9.
50
Schneider Electric
SSL Considerations for the IIS PC

The tasks described below are not necessarily pre-installation tasks, but they are related to establishing support for SSL on the IIS PC. For detailed instructions, please use the reference links below. Setting Up SSL on the IIS PC -- web.Client version 1.74 (and higher) fully supports Secure Sockets Layer (SSL) technology, whereby a web.Client user can access confidential, secure information over the Internet. As a system administrator, you must ensure that an SSL Certificate, acquired by an authorized SSL provider, resides on the IIS PC. You can set up SSL before or after web.Client installation. For instructions, please see Establishing SSL Support for Confidential Information in Chapter 3. Enabling SSL for web.Client -- After you have set up an SSL Certificate for the IIS PC, you must enable SSL for web.Client via web.Client Properties in Internet Information Services. For instructions, please see Enabling SSL for web.Client in Chapter 3. SSL and web.Client Pinpoint Graphics -- The graphics package, web.Client Pinpoint, can be used with an SSL installation. However, you must perform a few tasks to ensure compatibility with Pinpoint and ensure access to graphics files that have been set up in the Pinpoint graphics folders. This is not a pre-installation task. You must first establish Pinpoint graphics folders (Chapter 3) and set up an SSL Certificate on the IIS PC. For instructions, please see Setting Up SSL for web.Client Pinpoint in Chapter 3. Changing IE Internet Security Options to Accommodate SSL -After you have set up an SSL Certificate for the IIS PC, you must modify Internet Explorer Internet Options to disable superfluous warning messages that users would otherwise see while using certain web.Client features with SSL. This is not a pre-installation task. For instructions, please see Changing IE Security Internet Options to Accommodate SSL in Chapter 3.
51
Changing the Default TCP Web Port Number for the IIS PC
Normally, the IIS PC defaults to Internet TCP port 80. Some Internetaccess providers do not use port 80. You can change this port number from 80 to another port number. This can be done before or after web.Client installation. For more information, please see Changing the Default TCP Port Number in Chapter 3
Disabling WinSock Proxy Client on Standalone System

To improve performance on a single-user standalone system, disable the Microsoft WinSock Proxy Client. Follow this procedure:
1. 2.
From the Windows Control Panel, double click WSP Client. The Microsoft WinSock Proxy Client dialog appears. Remove the check from the Enable WinSock Proxy Client checkbox, and click OK.
Ensuring a Domain Membership Is Selected

To improve performance (if your site has more than one web.Client user), be sure each PC (computer name) is designated as a member of a domain, rather than a workgroup, via the Microsoft Windows system properties network identification.
Note: After installing web.Client, be sure you configure Distributed COM (DCOM)
default security settings and disable HTTP keep-alives. For those Microsoft procedures, see Chapter 3, Installing and Configuring web.Client on the IIS PC. See also Appendix A, web.Client Security and Troubleshooting Tips for troubleshooting tips.
Avoiding Invalid Characters in a Server Name

When specifying a name for the web.Client IIS server, be sure the server name does not contain an underscore character (_). If the web.Client IIS server has an underscore, such as http:// www.boston.com/yourtown/news/malden/2010/05/ planning_board_gives_green_lig.html, it will not be able to set cookies.
52
Schneider Electric
Disabling Windows Automatic Updates and Windows Firewall

It is mandatory that you turn off Automatic Windows Updates for all Windows operating systems. To do so, access the Automatic Updates through the Control Panel and ensure that they are disabled. You should also ensure that you disable Windows Firewall for all Windows operating systems. For Windows Server 2008 and Windows 7, follow these instructions:
1. 2. 3. 4.
In the Control Panel, click System and Security and then Windows Firewall. Disable all three Windows firewalls: Domain, Public, and Private. Select Administrative Tools and then double-click Services. Double-click Windows Firewall.
5. 6.
Click Stop to disable Windows Firewall. Also, in Services, locate and double-click Software Protection.
7. 8.
Click Stop to disable Software Protection. In Services, locate and double-click Windows Defender.
54
Schneider Electric
9.
Click Stop to disable Windows Defender. Center.
10. In Control Panel, click System and Security and then Action 11. Disable the anti-virus software. For more information, see the anti-
virus product documentation.

12. Install the Andover Continuum software. Be sure to run the setup
as administrator.
Windows 7 and User Account Control Data Redirection

Before the introduction of Windows 7, administrators typically ran applications. As a result, applications could freely read and write system files and registry keys. These applications would fail, however, when run by Standard users due to insufficient access. With Windows Windows 7, application compatibility for Standard users has improved considerably since writes are now transparently and automatically redirected to a per-user location within the users profile.
55
By design, Andover Continuum writes files to the Program Files\Continuum directory. This includes Pinfiles (.pin) for graphics, Menu files (.mnu) for the Continuum shell, XML (.xml) for the Personnel Manager custom buttons, and text files (.txt) for CommandLine macros. For example, if User Account Control is enabled when creating a graphic, Andover Continuum attempts to create the .pin file in the Program Files\Continuum\NewGraphicsFiles folder. If the user does not have permissions to write to that folder, the write operation is redirected instead to the following location:
Users\<Username>\AppData\Local\VirtualStore\Program Files\Continuum\NewGraphicsFiles
On 64-bit systems, the user is redirected here instead:

Users\<Username>\AppData\Local\VirtualStore\Program Files (x86)\Continuum\NewGraphicsFiles
Later, if another Windows user logs on to the workstation, that user will be unable to access the Pinpoint graphic.
CAUTION If you are an Andover Continuum administrator, you resolve this issue by either turning off User Account Control or allowing read\write permissions to the Program Files\Continuum or Program Files (x86)\Continuum folder for all of your Standard users.
56
Schneider Electric
Chapter 3
Installing and Configuring web.Client on the IIS PC
This chapter contains the following topics

z z z z z z z z z z z z
Overview Installing web.Client on the IIS PC web.Client Video System Upgrades Configuring Your Video Servers Configuring Graphics Folders for web.Client: Windows XP and Windows Server 2003 Configuring Graphics Folders for web.Client: Windows Server 2008 and Windows 7 Establishing Pinpoint Folders Configuring DCOM Default Security Settings Disabling HTTP Keep-Alives Resetting Timeout and Live Events Via web.config File Establishing SSL Support for Confidential Information Changing the Default TCP Port Number
57
Chapter 3: Installing and Configuring web.Client on the IIS PC
Overview
This chapter provides instructions for installing and configuring web.Client version 1.94 on the IIS PC, defined as follows:
z
The IIS PC on a LAN system is the IIS server with Windows Server 2003, Windows Server 2008, Windows XP Professional workstation, or Windows 7. The IIS PC on a standalone system with web.Client is the single machine (Windows XP Professional workstation, Windows Server 2003, or Windows 7) on which both IIS and Continuum database reside.

To perform this standard Microsoft procedure, you must have administrative experience using Microsoft system software and understand that there are differences in the graphical user interfaces between different Windows platforms. User-interface illustrations are not provided. Please see your Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
The procedures in this chapter are for a first-time installation. If you are upgrading to web.Client version 1.94, refer to Appendix C, Guidelines for Upgrading to Version 1.94, which presents some guidelines for this upgrade. See also the Andover Continuum CyberStation Installation Guide, 30-3001-720.
58
Schneider Electric
Installing web.Client on the IIS PC

Follow this procedure to install web.Client on the IIS PC.
1.
Insert the web.Client CD. The Install web.Client screen displays. Click Install web.Client to begin.
2.
If you do not have the Microsoft VS 2008 C++ Redistributable installed, an InstallShield Wizard appears and indicates that this application is required before the CyberStation installation begins. Click Install. Continuum then checks to ensure that Microsoft .NET Framework 3.5 is also installed. If not, the following message displays:
59
Follow these instructions, discontinue this CyberStation installation, and install the .NET Framework 3.5 from the Continuum release CD. Once these requirements are installed, return to this installation and when the initial Install web.Client screen displays once more, click Install web.Client.
Note: If you do not have the correct Microsoft service pack installed, you will receive a
warning message, asking you to install the correct software. See Chapter 2 for software requirements.
3.
When the web.Client Installation dialog appears, click Next to continue.
If your key is not enabled for web.Client, you will receive a warning message. You may continue with the installation or cancel.
4.
The License Information dialog appears. Read and accept the license agreement, and click Next to continue.
60
Schneider Electric
5.
The RegisterUser dialog appears. Enter your User Name and Company Name.
Later, after web.Client is installed, you can right-click on the Continuum icon in your tool tray and select About to display the About Continuum dialog, which lists the information from the RegisterUser dialog.
6.
An Alias Information screen appears explaining what happens next in the installation. After reading this screen, click Yes to continue.
61
The Enter Text screen asks you to provide the web.Client Virtual Directory Alias. Keep the default alias (WebClient) or provide your own alias. Click Next to continue.
7.
The Create Web Server Virtual Directory screen asks you to select the physical path for your virtual Web Server directory. Select the default directory, or supply your own directory. Click Next to continue.
62
Schneider Electric
The Setup Status screen appears as the files are installed.
Once the progress bar disappears, the Create IIS Application window appears and informs you that the IIS application is being created.
Then, you are asked if you would like to read the latest web.Client release notes. Click Yes or No. Finally, you are asked if you would like to run the Database Initialization program now. Click Yes or No.
63
web.Client is now installed on the IIS PC. Depending on your system, follow one of the next three procedures, covered in the following subsections:
z z z
Creating and Initializing the Database on a Standalone IIS PC Adding web.Client to an Existing Standalone Database Initializing the Database on a LAN IIS PC
64
Schneider Electric
Creating and Initializing the Database on a Standalone IIS PC

A first-time database installation on a standalone system happens in two steps via the Database Initialization dialog:
Step 1: Step 2: Installing the SQL Express database engine. Creating a new Continuum database.
Note: After successful installation, the Continuum Database Initialization dialog

automatically appears.
Installing SQL Express Via Database Initialization Dialog

CAUTION Close all applications on your computer before installation.
After SQL Express is installed, your PC restarts immediately. You cannot restart your computer later. Be sure to close all open applications on your computer.
Failure to observe this precaution will result in the loss of your work.
Follow this procedure:

1. 2.
From the Start menu, select Programs > Continuum > Database Initialization. Select Stand Alone from the Continuum Database Initialization dialog.
65
The Database Initialization dialog appears.
3.
Select the Create New Database radio button.
66
Schneider Electric
Note that Microsoft SQL Server is shown in the DBMS Name field dropdown menu.
4. 5.
Ensure that Continuum (default setting) appears in the Data Source Name field. Ensure that (Workstation Name)\SQLEXPRESS appears in the Server Name field. For example, QUALPC217 is the workstation name used in the previous dialog. Leave the Database Name at its default, ContinuumDB. Enter your login ID, Andover97, in the User Login ID field. Enter your user password in the User Password field.
password, Pyramid97, you must enter Pyramid97 here. If you are installing web.client for the first time, use a password of your choice.
6. 7. 8.
Note: If you are upgrading to Version 1.94, and you accepted the pre-1.94 default
9.
Re-enter your password (Pyramid97 if you are upgrading to 1.94 from the previous version default) in the Confirm Password field. path, then you must leave SQL Express at its default path when it is installed. If you browse a different path for DB File Location, then you must browse SQL Express to the same file path when it is installed.
10. DB File Location: If you leave DB File Location at its default
11. Leave the Database Size at its default setting. 12. Enter a system administrator password of your choice into the Sa
Password field. This password must meet Microsoft SQL Server rules for the composition of a password:

The password must be at least eight characters long. The password must not contain all or part of the users account name (three or more alphanumeric characters). The password must not contain the following characters: comma (,), period (.), hyphen (-), underscore (_), or number sign (#). The password must contain characters from three of the following four categories: Uppercase letters (A...Z)
Lowercase letters (a...z) Digits 0...9 Non-alphanumeric characters, such as exclamation (!) and dollar ($)
Otherwise you will receive this warning:
13. In the Windows User Name field, enter your Microsoft Windows
system user name here. This is necessary with SQL Express. You must have administrative access in order to run the automated scripts that are part of the database initialization process.
14. Enter your Microsoft Windows system password and confirm that
password in the Windows Password and Confirm Password fields, respectively.

CAUTION
The password you enter here is required to execute scheduled SQL Server tasks. Should you later change your Windows password, these scheduled tasks will no longer execute. To correct this, access the Scheduled Tasks in Windows and change their password with the Set Password button in their Properties dialog
15. Check the checkboxes as follows: Note: Be sure the Create Default List Views, Create System List Views, Create
System Alarm Enrollments, and Enhanced Alarm Logging boxes are checked. If you leave them unchecked, CyberStation does not import the necessary dump files. The dump files generate all of the default views, so the listviews and alarms are not created. In addition, faster alarm logging is not activated. The dump file import happens as soon as the workstation is started for the first time after installation and the appropriate files are placed in folders. For more information on Listviews, alarms, and alarm logging, please see the Continuum CyberStation online help.
a.
Create Default List Views - Check this box to import and create listviews (from the ASCII dump file, DefaultListViews.dmp) for all CyberStation object classes.
68
Schneider Electric
b.
c.
d.
e.
Create System List Views - Check this box to import and create listviews (from the ASCII dump file, List.dmp) for system information other than object class defaults (for example, all events). Create System Alarm Enrollments - Check this box to import configured system AlarmEnrollment objects (from the ASCII dump file, SystemAlarms.dmp). These define the basic conditions under which CyberStation points go into alarm. Create/Update Graphical Report Settings - Check this box to import graphical report templates. CyberStation supplies many Report templates that include bar-chart templates, pie-chart templates, and trend templates, giving Reports a certain default look and feel. If you do not check this box, then these report templates will not be available. For more information on Reports, see the Continuum CyberStation online help. Enhanced Alarm Logging - Check this box to activate an enhanced method that automatically speeds up the process of logging alarms with workstations. Without enhanced alarm logging, configuration of workstation recipients in EventNotification objects becomes more cumbersome.
Alarm Delivery checkbox becomes unselectable.
Note: If the Enhanced Alarm Logging checkbox is not checked, the Enhanced f. Enhanced Alarm Delivery - This checkbox is intended for a system with multiple workstations. Check this box only if you intend to add more workstations to the system. If more workstations will not be added, then leave it unchecked.
the configuration of BACnet alarm notifications.
Note: This setting has no effect on BACnet alarms, which can be guaranteed through Checking this checkbox guarantees the delivery of alarms to all recipient workstations regardless of their status at the time of the alarm generation. This selection activates special background applications and processes (already installed) that establish an ongoing connection between workstations and the database server, where new alarms are written. Enhanced alarm delivery guarantees alarm delivery even when connections are lost. The alarms are delivered when the connection is restored. Enhanced alarm delivery provides a suite of diagnostic and troubleshooting tools that allow you, for example, to monitor the status of alarm messages and background alarm delivery processes as well as
69
ping a particular workstation to deliver an alarm message that, for some reason, could not be delivered. For instructions on how to activate these diagnostic tools, please contact product support services. g. Extended Logging Backwards Compatibility - If you want to use pre-Version 1.7 old extended logging, in addition to new extended logging, be sure this checkbox is checked.
These programs facilitated extended log tables in the database, one table per controller. In version 1.7 or higher, you must check the Extended Logging Backwards Compatibility box to retain the older method for creating extended logs, while also enabling new extended logging functionality.
Note: Before version 1.7, you created Plain English programs for extended logs.
For more information about extended logs, please see the Continuum CyberStation online help. 16. Click the Continue button.
The Is SQL Express Installed dialog appears.
For first time installations, you should see this dialog. If, in the very unlikely event, you do not see this dialog, it means SQL Express is already on your computer for some other reason. If it is not installed, proceed to the next step. If it is already installed be sure it has been configured with the correct settings, as defined in the CyberStation Installation Guide, 30-3001-720.
17. Select the Install SQL now radio button and click OK. SQL
Express is then installed automatically.

During SQL Express installation, the software checks your computer for certain problems that could complicate SQL installation and/or the creation or update of the Continuum database. There are several different scenarios. For example, thirdparty software may generate license-agreement issues. For a detailed description of these issues, how CyberStation resolves them, and a list of error messages, please see Appendix D, SQL Express Installation Error Messages. If there are no problems, the Select Folder dialog appears.
18. Accept the default path, or use the browse button to select a
directory in which to install SQL Express, and click OK.

Note: If you left DB File Location at its default path, then you MUST leave SQL
Express at its default path when it is installed. If you browsed a different path for DB File Location, then you must browse SQL Express to the same file path
Note: Be sure that the drive you have selected has a minimum of 2 GB of free space
available.
19. The Extracting Files progress window appears. The unpacking
takes approximately 1 to 5 minutes. Next, the Microsoft SQL Server 2005 Setup progress window appears. This also can take several minutes. After the installation has completed, the reboot dialog appears, which may take up to 60 seconds. Do not proceed until this dialogue appears. Click OK and reboot your computer.
Note: Reboot happens immediately. You do not have the choice of doing this later. 20. After rebooting, a screen telling you that SQL script is running
then appears. This screen closes automatically after a few minutes.

21. After your PC finishes rebooting, verify MSSQL server is running.
Double click the SQL Server Service Manager icon system tool tray.
in the
The SQL Server Service Manager dialog appears.
The status bar at the bottom of the dialog should read:

Running - \\WorkstationName\SQLEXPRESS - MSSQLServer Note: If the SQL Server Service Manager icon
is not present in the system tool tray, try running it from the Windows Start menu. Click Start, select Programs and Startup. The SQL Server Service Manager icon should be there. If this does not work, contact the Schneider Electric Technical Support department for further instructions.
Adding web.Client to an Existing Standalone Database

On a standalone single-user system, if you are adding web.Client to an existing Continuum database, perform this procedure.
1.
Be sure you have performed the procedure, Installing web.Client on the IIS PC. After the server reboots, the Continuum Database Initialization window appears.
72
Schneider Electric
2.
Select Stand Alone.
The Database Initialization dialog, shown on the next page, appears.

3. 4.
Select the Update Existing Database radio button. Click the Continue button. Upon completion, you receive this message:
Database successfully updated
5.
Click OK. The Continuum Database Initialization window reappears.
6.
Click Close.
73
Initializing the Database on a LAN IIS PC

Prior to using your web.Client LAN system IIS PC, perform the following procedure to initialize the database. The detailed procedure for CyberStation is presented in the Andover Continuum CyberStation Installation Guide, 30-3001-720, but the web.Client specific steps are shown, as follows:
1. 2.
After the server reboots, the Continuum Database Initialization window appears. Select Workstation. Once the database is set up on your web server, the main Workstation Configuration dialog, shown on the next page, appears.
74
Schneider Electric
Select the Workstation tab to set the workstation parameters. Set the Workstation Name, Folder Name, Device Node ID and Network ID for the workstation. See the Andover Continuum CyberStation Installation Guide, 30-3001-720, for further details.
Note: The Andover Continuum CyberStation Installation Guide, 30-3001-720,
provides important guidelines for entering information in the Workstation Configuration dialog. Refer to that manual.
3. 4.
Select the Database tab, shown on the next page. Fill in the fields as shown below if you are adding a new server to a LAN system. If this is a server upgrade, they will be populated automatically. The Server Name field should be set to the name of your Continuum database server.
5.
Click OK to activate the workstation, then click Close on the Continuum Database Initialization window to complete the database initialization. Run web.Client on this machine. This will create the final objects in the Continuum database for this workstation.
6.
76
Schneider Electric
web.Client Video System Upgrades

If you are upgrading from a 1.92 and earlier version of web.Client, the Learn All Video Servers dialog appears at the completion of the database initialization process. You must learn your video servers in order to see cameras. For more information on configuring video servers, see Configuring Your Video Servers. For more information on upgrading web.Client, see Appendix C, Guidelines for Upgrading to Version 1.94.
1.
Click Yes to learn all servers and cameras now, or No to learn them later in CyberStations Video Administrator. It is recommended that you learn video servers and cameras now since it is more efficient to learn them all at once rather than learning them individually later.
Note: Should you choose not to learn servers and cameras now, you will need to learn
them later in Video Administrator. For more information on learning cameras , see the Video Administrator Settings tab in the CyberStation online help.
If you click Yes, the Learn All Video Servers - Status dialog, shown on the next page, displays. It shows a count of the servers and cameras as they are learned.
2.
Click Close to stop the learn process at any time. The video servers and cameras will then be in a partially-learned state- with only those servers and cameras that have been learned to that point displaying in the Learn All Video Servers - Status dialog.
Note: If your video system is unstable, you may receive an ERROR:SERVERNAME
message during the learn process. Should this occur, ensure that your system is stable and then perform a single Learn Cameras operation for that server. For more information, see the Video Server Editor - General Tab in the CyberStation online help.
78
Schneider Electric
Routing Alarms to the IIS PC on a LAN System

On a LAN system, perform the following procedure from another CyberStation to route alarms to the IIS PC:
1.
For every EventNotification object, add the IIS PCs workstation to the list of alarm recipients to be notified. To do so, open the EventNotification editor and select the Delivery tab.
2.
In the Delivery tab, click the Add Recipient button. The Recipients Configuration dialog, shown on the next page, appears. Use the Recipient fields browse button and the browse dialog to search for and select the workstation that is on the IIS PC. Configure these settings appropriately for your system. There are several ways to configure recipients, according to your needs. Refer to the Continuum CyberStation online help, for information on the configuration of event notifications.
3. 4.
5.
Click OK to save the settings.
79
Note: For additional enhanced alarm delivery, ensure that the Enhanced Alarm
Delivery checkbox is checked via the Database Initialization dialog. For detailed information on the checkboxes in the Database Initialization dialog, please see the Andover Continuum CyberStation Installation Guide, 30-3001720.
Configuring Access Permissions for web.Client Users

Perform the following CyberStation procedure to grant or deny security access permissions for web.Client users.
1.
From the system tray in the lower right corner of your screen, right-click on the Continuum icon, and select Security from the popup menu to open the Security editor. Select the Actions tab of the Security editor. Scroll down to the bottom of the folder tree structure. Expand the web.Client folder. A list of all web.Client permissions, or actions appears.
2. 3. 4.
80
Schneider Electric
5.
For each user group, edit each web.Client action to grant or deny permission to access the web.Client feature. To grant access, click to display a key, as shown above. To deny access, leave the lock, or if unlocked, click to display a lock.
For complete Continuum security configuration procedures, see the Andover Continuum CyberStation Access Control Essentials Guide, 313001-405, or the Continuum CyberStation online help.
Configuring Your Video Servers

For your users to access the web.Client video surveillance monitor (also known as a video layout) and assign one or more cameras to a video layout camera matrix, at least one video server must have been configured via Continuums VideoServer object editor, so that its cameras are available to the video layout.
Note: VideoServer and VideoLayout objects are created on CyberStation. Though you
may modify a VideoLayout in web.Client, you cannot save your modifications in web.Client; only on CyberStation.
For more information on configuring a video server (and the VideoServer object) please see VideoServer in the Continuum CyberStation online help. For more information on configuring video layouts, please see Video in the web.Client online help.
Configuring Graphics Folders for web.Client: Windows XP and Windows Server 2003
If you have Windows XP or Windows Server 2003, perform the following procedures. If you have Windows 7, see Configuring Graphics Folders for web.Client: Windows Server 2008 and Windows 7. Your users must access web.Client Pinpoint graphics file folders as URL web-address locations on the Internet. This section presents the following procedures:
z z z
Specifying a Local Folder as a Web Address for Windows XP and Windows Server 2003 Specifying a Network Folder as a Web Address for Windows XP and Windows Server 2003 Verifying Anonymous Access to Virtual Folders
encrypted, confidential information, then you must also set up web.Client Pinpoint to be compatible with SSL. For instructions, please see Setting Up SSL for web.Client Pinpoint later in this chapter.
Note: If you are using SSL (and an SSL Certificate) to facilitate exchanges of
Note: web.Client does not support multiple network interface cards (NICs).
Specifying a Local Folder as a Web Address for Windows XP and Windows Server 2003
Use the following procedure to specify local folders as web addresses:
1.
Using your Windows Explorer, search for and select the folder that you wish to access as a URL web address. For example, suppose the folder name is NewGraphicsFiles. Right click on the folder. The Properties dialog appears (in this example, entitled NewGraphicsFiles Properties). Select the Web Sharing tab on the Properties dialog. Click the Share this folder radio button. The Edit Alias dialog appears.
2. 3. 4.
82
Schneider Electric
5.
Check the Read, Write and Directory browsing checkboxes in the Access permissions section, and be sure the Scripts radio button is selected in the Application permissions section. Click OK. This graphics folder can now be accessed via the web address:
http://ServerName/NewGraphicsFiles
6.
If the server is registered in an Internet domain, the URL would be:

http://www.ServerName.com/NewGraphicsFiles
where ServerName is the IIS PC. Normally, Internet port numbers default to port 80. Some Internet access providers use a port other than port 80. If you have such a provider, then Pinpoint graphics files may not be accessible. As a workaround, you can specify a port number other than 80 (the default) directly in the URL:
http://ServerName:PortNumber/NewGraphicsFiles
where ServerName is the IIS PC and where PortNumber is an integer representing the number of the desired port. If the server is registered in an Internet domain, the format would be:
http://ServerName.com:PortNumber/NewGraphicsFiles
Note: You can also permanently change the default TCP port number. See Changing
the Default TCP Port Number later in this chapter.
Refer to Establishing Pinpoint Folders to finish this procedure.
Specifying a Network Folder as a Web Address for Windows XP and Windows Server 2003
Perform the following procedure to specify remote network graphics folders as URL web addresses that can be accessed via web.Client on the Internet:
1. 2.
Using your Windows Start menu, select Settings, then Control Panel. From the Control Panel, select Administrative Tools. The Administrative Tools dialog appears.
3.
From the Administrative Tools dialog, select Internet Services Manager (or Internet Information Services in Windows XP). The Internet Information Services dialog appears.
4. 5. 6. 7.
From the explorer tree, expand your server name directory, exposing the default subdirectories. Right click on the Default Web Site subdirectory. From the popup menu, select New, then Virtual Directory. The Virtual Directory Creation Wizard appears. Click the Next button to continue. The Virtual Directory Alias screen appears.
8.
In the Alias field, enter an alias name that you want to use to gain access to this virtual web directory. For example, you could enter NewGraphicsFiles.
9.
Click the Next button to continue. The Web Site Content Directory screen appears. for) the network server/drive and path containing the graphics files.
10. In the Directory field, enter (or use the Browse button to search
11. Click the Next button to continue. 12. Enter a user name and password to gain access to the network
resource.
13. Click Next, and enter the password again to confirm.
84
Schneider Electric
If you have a Windows Server 2003 machine - On Windows Server 2003, you must uncheck the checkbox, Always use the authenticated users credentials when validating access to the network directory. Removing the check from this box makes the user and password fields selectable.
14. Click the OK button. The Access Permissions screen appears. 15. Check the Read, Write, Browse, and Run Scripts checkboxes. 16. Click Next. 17. Click Finish. 18. Using the example alias name, NewGraphicsFiles, established in
step 8, the graphics files can now be accessed via the web address:
where ServerName is the IIS PC. If the server is registered in an Internet domain, the URL would be:
Normally, Internet port numbers default to port 80. Some Internet access providers use a port other than port 80. If you have such a provider, then Pinpoint graphics files may not be accessible. As a workaround, you can specify a port number other than 80 (the default) directly in the URL. (See Step 6 in the previous section for details.)
85
Verifying Anonymous Access to Virtual Folders

If you have a Windows Server 2003 or Windows XP machine(s), you must also verify that anonymous access to the virtual folders is established, as follows:
1. 2. 3. 4. 5.
From the Control Panel, double click and open Administrative Tools. The Administrative Tools dialog appears. Double click and open Internet Services Manager. The Internet Information Services (IIS) Manager dialog appears. In the tree, expand your machine name, expand Web Sites, and expand Default Web Sites. Right click on NewGraphicsFiles, and from the popup, select Properties. The NewGraphicsFiles Properties dialog appears. Select the Directory Security tab, and under Authentication and access control, click the Edit button. The Authentication Methods dialog appears. Check the Enable anonymous access checkbox. Click OK.
6. 7.
86
Schneider Electric
Configuring Graphics Folders for web.Client: Windows Server 2008 and Windows 7
If you have Windows Server 2008 and Windows 7, perform the following procedures. If you have Windows XP or Windows Server 2003, see Configuring Graphics Folders for web.Client: Windows XP and Windows Server 2003. Your users must access web.Client Pinpoint graphics file folders as URL web-address locations on the Internet. This section presents the following procedures:
z
Setting Up an Application for Graphics on Windows Server 2008 and Windows 7 including:
Specifying a Local Folder as a Web Address for Windows Server 2008 and Windows 7 Specifying a Network Folder as a Web Address for Windows Server 2008 and Windows 7
Giving Everyone Access to Graphics Files on Windows Server 2008 and Windows 7
Setting Up an Application for Graphics on Windows Server 2008 and Windows 7

Perform the following procedure to set up an application (folder) to accommodate graphics files on Windows Server 2008 and Windows 7:
Note: For 64-bit systems, when you are directed to enter a graphics file path, specify
the following: C:\Program Files (x86)\Continuum\NewGraphicsFiles.
1. 2. 3. 4.
Access the Internet Information Services (IIS) Manager. Under Connections, under computer name, expand Sites. Expand Default Web Site. Right click over Default Web Site, and select Add Virtual Directory from the popup menu.
5. 6.
In the Add Virtual Directory dialog, enter NewGraphicsFiles in the Alias field. In the Physical path field, specify the following:
C:\Program Files\Continuum\NewGraphicsFiles
7. 8.
Click OK. Share the graphics folder with everyone and provide full-control access. For more information, see Giving Everyone Access to Graphics Files on Windows Server 2008 and Windows 7. Under Default Web Site, select the newly created NewGraphicsFiles folder. and open Directory Browsing.
9.
10. In the NewGraphicsFiles Home pane, under IIS, double-click
88
Schneider Electric
11. Under Actions, click Enable.
Specifying a Local Folder as a Web Address for Windows Server 2008 and Windows 7
Use the following procedure to specify local folders as web addresses:
1.
Using your Windows Explorer, search for and select the folder that you wish to access as a URL web address. For example, suppose the folder name is NewGraphicsFiles. Right click on the folder. The Properties dialog appears (in this example, entitled NewGraphicsFiles Properties). Select the Sharing tab on the Properties dialog. Click Advanced Sharing. The Advanced Sharing dialog appears. Click Permissions. When the Permission for NewGraphicsFiles dialog appears, click Add. In the Select Users, Computers, Service Accounts or Groups, dialog, select Users, Groups, or Built-in security principals in the object type selection field.
2. 3. 4. 5. 6. 7.
8. 9.
Click Locations, find your computer, and ensure that it appears in the From this location field. Click Advanced and then Find Now.
10. In the Search results list, double click Everyone and click OK. 11. Check the Full Control checkbox to add full control for everyone
as shown.
12. Click OK. This graphics folder can now be accessed via the web
address:
If the server is registered in an Internet domain, the URL would be:

where ServerName is the IIS PC. Normally, Internet port numbers default to port 80. Some Internet access providers use a port other than port 80. If you have such a
90
Schneider Electric
provider, then Pinpoint graphics files may not be accessible. As a workaround, you can specify a port number other than 80 (the default) directly in the URL:
http://ServerName:PortNumber/NewGraphicsFiles
where ServerName is the IIS PC and where PortNumber is an integer representing the number of the desired port. If the server is registered in an Internet domain, the format would be:
http://ServerName.com:PortNumber/NewGraphicsFiles
13. Configure the following Local Settings for the NewGraphicsFiles
application.
Under Connections > Default Web Site, right-click on the NewGraphicsFiles folder. Select Manage Application and then Advanced Settings. Check the path: Graphics (pin files) - c:\program files\Continuum\NewGraphicsFiles Image - c:\program files\Continuum\NewGraphicsFiles\ImageLibrary Background - c:\program files\Continuum\NewGraphicsFiles\Backgrounds
store your .pin files.
Note: Since these are the defaults, no typing is needed if you are using the IIS PC to
91
Launch Internet Explorer. Browse to the following sample web location as a test: http://ser8web/NewGraphicsFiles Files under this web location display.
92
Schneider Electric
Specifying a Network Folder as a Web Address for Windows Server 2008 and Windows 7
Start this procedure by referring to Specifying a Local Folder as a Web Address for Windows XP and Windows Server 2003. Then, continue by following these steps to specify remote network graphics folders as URL web addresses:
1.
Configure the following Remote Share settings (in this example, a new application called NewGraphicsFiles2).

Map a drive to the share. Add the mapped path to the Options in Continuum Graphics.
93
2. 3.
Launch Internet Explorer. Browse to the following sample web location as a test: http://ser8web/NewGraphicsFiles2 Files under this web location display.
94
Schneider Electric

Note: In Windows 7, there is a permissions issue with User Account Control and
graphics in Andover Continuum. If you do not have permission to write to the NewGraphicsFiles folder, the write operation is redirected to the Users\<Username>\AppData\Local\VirtualStore\Program Files\Continuum\NewGraphicsFiles folder. For more information and a resolution for this issue, see Windows 7 and User Account Control Data Redirection on page 55.
Giving Everyone Access to Graphics Files on Windows Server 2008 and Windows 7
Follow this procedure to add everyone full-control access to the graphics files folder on Windows Server 2008 and Windows 7.
1.
Access Internet Information Services (IIS) Manager.
95
2. 3. 4. 5.
In the Connections tree, expand the computer name, then Web Sites, then Default Web Site. Right click over NewGraphicsFiles. (See also Setting Up an Application for Graphics on Windows Server 2008 and Windows 7.) From the popup menu, click Edit Permissions (Windows 7). In the NewGraphicsFiles Properties dialog, select the Security tab, and click the Advanced button.
6.
In the Advanced Security Settings for NewGraphicsFiles dialog, select the Permissions tab, and click Edit.
96
Schneider Electric
7. 8.
When the Permissions tab reappears, click Add. In the Select User or Group dialog, specify the location for the object (Everyone). Make sure the computer name appears beneath From this location, and click Find Now. In the Search results list, double click Everyone. tab, check the Full Control checkbox).
9.
10. In the Permission Entry for NewGraphicsFiles dialog, Object
97
11. Click OK. 12. Launch Microsoft Notepad as user Administrator. (That is, when
you open this program, right click on its menu selection, and from the popup menu, select Run as administrator.)
13. Access and open the ApplicationHost.config file located in: C:\Windows\System32\inetsrv\config\ 14. Change this line:
<section name=requestFiltering overrideModeDefault=Deny />
to:
<section name=requestFiltering overrideModeDefault=Allow />
15. Access and open the Web.config file located in: C:\\Program files\Continuum\DNWACServerFactory\. 16. Using Notepad as user Administrator, edit the present Web.config
file so that it looks like the following.

<configuration> <system.runtime.remoting> <application> <service> <wellknown mode=Singleton type=DNWACServerProxy.WACServer-Factory, DNWACServerProxy object Uri=WACServerFactory.soap /> </service> <channels> <channel ref=http machineName=WORKSTATION1> </channel> </channels> <application> <system.runtime.remoting> <system.webServer> </security> <requestFiltering allowDoubleEscaping=True/> </security> <directoryBrowse enabled=true /> </system.webServer> </configuration>
98
Schneider Electric
Note: Be sure to edit the machine name to your PC name (in this example,
WORKSTATION1).
Note: Due to page size limitations, the line starting with <wellknown mode= and 17. Launch Internet Explorer. 18. From the Tools menu, select Internet Options.
ending with .soap /> is shown on 3 different lines here. Be aware that this text needs to be on a single line in your Web.config file.
19. In the Internet Options dialog, select the Connections tab and
click LAN Settings.

20. In the Local Area network (LAN) Settings dialog, make sure
the Automatically detect settings checkbox is cleared.

21. Click OK.
99
Establishing Pinpoint Folders

Note: This Web Locations tab on the Options dialog appears only on Continuum
workstations that have the web.Client application installed and the graphics package enabled.
Perform the following procedure:

1. 2. 3.
Log on to Continuum and start Pinpoint. (See the Continuum CyberStation online help for details.) From the Pinpoint application window, select the View dropdown menu, then Options. The Options dialog appears. On the Web Locations tab, enter the appropriate paths to the following shared folders.If the image folder and background folder are under NewGraphicsFiles (the sample folder you just specified as a web address) then, in the Web Locations tab of the Pinpoint Options dialog, the new paths would be:
http://ServerName/NewGraphicsFiles/imagelibrary and http://ServerName/NewGraphicsFiles/backgrounds
NewGraphics (Pin) Files - This is the location (specified as a URL web address) from which Pinpoint panel (.PIN) files are accessed. In a multi-user setup this could be a shared location across the workstations. ImageLibrary - This is the image file location (specified as a URL web address) that contains ready-made images that you can use to make graphic panels in Pinpoint. This is usually set up and copied by the installation program. Backgrounds - This is the image folder location (specified as a URL web address) that contains background files that serve as backgrounds for the panels. These files are specified per graphic in the Configuration editor of the CyberStation Pinpoint graphics application.
folders so that all client machines can view the graphics. To ensure the paths you entered are correct, click the Check button.
Note: Ensure that you have given accessible sharing privileges to the above three
If the path is incorrect, the symbol appears next to the incorrect path. If the three paths are correct, click OK and close Pinpoint.
CAUTION Manually changing an IP address
If you use a specific IP address in the Graphics (Pin Files) field, instead of ServerName, and then manually change the IP address (in the IP Address field of the Default Web Site Properties dialog, accessed via the Control Panels Administrative Tools - Internet Services Manager - Default Web Site properties) the Graphics URL no longer works. You must go back and change the path in the Graphics (Pin Files) field in the Options dialog to match what was changed in the IP Address field, or enter a server name. To map the local host to this new IP address, you must also edit, and place this new entry into the LMHOSTS.SAM file located in: C:\WINNT\system32\drivers\...
Failure to observe this precaution can result in failure to access web.Client Pinpoint graphics files. 4. 5. 6.
Log out of Continuum. Stop and then restart your IIS server, or reboot the machine. Lock your computer.
Configuring DCOM Default Security Settings

To perform this standard Microsoft procedure, you must have administrative experience using Microsoft system software and understand that there are differences in the graphical user interfaces between different Windows platforms. User-interface illustrations are not provided. Please see your Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
Failure to observe this precaution can result in equipment issues.
After installing web.Client, the default security permissions for both access and launch might not be set. You must verify that the Distributed COM (DCOM) default security is configured properly. This involves editing the default access permissions and default launch permissions.
Configuring Default Launch and Access Permissions

Edit default launch permissions and default access permissions, as follows. Repeat this procedure for the ACWPPServerProxy and ACCXMLAuto, and ACWebServerProxy applications. Perform the following procedure for Windows XP Professional, Windows Server 2003, and Windows 7.
Note: If you are installing web.Client Version 1.94 for the first time on a PC that does
not contain any Adobe Acrobat product, you will likely receive a DCOM warning regarding Adobe Acrobat Reader, which is installed automatically with web.Client. The warning states that a class ID is not recorded in \\HKEY_CLASSES_ROOT\AppId. When you are asked Do you wish to record it? click Yes.
1.
From the Windows Start menu, select Run, and run the DCOM configuration utility. (In the Run dialog, enter dcomcnfg, and click OK.) The Component Services dialog appears.
2.
In the explorer tree, expand Component Services, expand the Computers folder, expand My Computer, and expand DCOM Config. Right-click over AccDataServices, and select Properties from the popup menu. The AccDataServices Properties dialog appears.
3.
4. 5.
Select the Security tab, and in the Launch and Activation Permissions section, select the Customize radio button. Click the Edit button. The Launch Permission dialog appears, displaying a Group or user names window and a Permission for... window.
6.
Click the Add button. The Select Users, Computers, or Groups dialog appears.
7.
Click the Locations button, and from the Locations dialog, select the IIS PC (computer) name. It usually appears at the top of the list. Click OK. You can also specify an object type via the Object Types button.
8.
From the Select Users, Computers, or Groups dialog, click the Advanced button. A blank window appears at the bottom of the dialog.
9.
Click the Find Now button. The window at the bottom of the dialog becomes populated with the names and locations of users and groups.
10. For Windows XP, highlight and add this account:

ComputerName\ASPNET (ASP.NET)
For Windows Server 2003, IIS 6.0, and Windows Server 2008, and Windows 7, IIS 7.0, highlight and add these accounts:
NETWORK SERVICE INTERACTIVE IUSR IWAM
11. Click OK, and OK again to close the Select Users, Computers,
or Groups dialog.
12. On the Launch Permissions dialog, in the Permissions for...
window, check the Local Launch and Local Activation checkboxes for each user/group.
13. Click OK. 14. From Security tab of the ACCDataServices Properties dialog,
in the Access Permissions section, select the Customize radio button, then click the Edit button. The Access Permission dialog appears, displaying a Group or user names window and a Permission for ... window.
15. Repeat steps 6 through 12 for Access Permissions this time
(instead of Launch and Activation Permissions). But in step 12, be sure to select the Local Access checkbox.
16. Repeat steps 3 through 14 for AccXMLAuto,
ACWebServerProxy, and ACWPPServerProxy application (in addition to AccDataServices).

Note: In Windows XP, the ACCXMLAuto application may have the following global
unique identifier name: {08B49494-6EF2-11D5-82F7-00500462D6CE}
Note: After installing web.Client, check that the default document on the web.Client
virtual directory is set. (See Tip 5 - Enabling the Default Document in Appendix A.)
Disabling HTTP Keep-Alives

When your IIS PC is a Windows XP Professional workstation, you must disable HTTP keep-alives. (This is not necessary with Windows Server 2003.) Perform the following procedure for Windows XP Professional:
1. 2.
From the Control Panel, access Administrative Tools. From the Administrative Tools dialog, select Internet Information Services Manager (IIS) Manager. The Internet Information (IIS) Services Manager dialog appears. In the explorer tree, expand the IIS PC name directory, and expand the Web Sites folder. Right click on the Default Web Site folder, and from the popup menu select Properties. The Default Web Site Properties dialog appears. In the Web Site tab, remove the check from the HTTP KeepAlives Enabled checkbox, and click OK.
3. 4.
5.
Resetting Timeout and Live Events Via web.config File

The sessionState timeout is set in the web.config file located in the folder:
C:\Program Files\WebServer
The timeout is the number of minutes that a web.Client session remains active during non-use (inactivity) before the session ends, requiring the user to log on again. The maxEventViewRows is also set in the web.config file. It defines the maximum number of live events that are listed in the EventViews window. For more information about session timeout and EventViews, see the web.Client online help.
Inactivity Timeout
The timeout default is 20 minutes, but it can be reset to a different time period by editing the web.config file:
Live EventView
The maxEventViewRows default value is 1000, but you may want edit the web.config file to reset it to a smaller number to save time while the event view list rebuilds:
Establishing SSL Support for Confidential Information

web.Client version 1.74 (and higher) fully supports Secure Sockets Layer (SSL) technology, whereby a web.Client user can access confidential, secure information over the Internet. Web pages that a client requests are encrypted at the server machine via an authorized SSL Certificate installed on the IIS PC. Likewise, the user deciphers the encrypted information on the client machine using an authentication process. As a system administrator, you must ensure that an SSL Certificate, acquired by an authorized SSL provider, resides on the IIS PC. There are several authorized SSL providers (also known as Certificate authorities) such as VeriSign.
Using SSL Online Documentation

Certificate authority web sites and Microsofts IIS online documentation provide extensive information on SSL technology and extensive instructions on how to acquire a Certificate and install it on your server. For example, a leading Certificate authority, Verisign (www.verisign.com) provides different sets of detailed instructions for preparing, installing, moving, and backing up a Certificate on different servers running different web server software. This includes:
z z
Microsoft IIS version 5.0 Microsoft IIS version 6.0.
For example: VeriSign web-site instructions for generating a Certificate Signing Request (CSR) for a Microsoft IIS 6.0 Server, in preparation for installation.
VeriSign web-site instructions for installing a Certificate on a Microsoft IIS 6.0 Server. VeriSign web-site instructions for moving a Certificate from one server to another. VeriSign web-site instructions for backing up a Certificate. You generate a CSR and install a Certificate through Microsofts administrative tool, Internet Information Services, and the IIS Web Server Certificate Wizard. For complete instructions for using SSL on Microsoft platforms, please see Microsofts extensive online IIS documentation on secure communications and certificates:
1. 2. 3. 4. 5. 6.
From your Control Panel, open Administrative Tools. From the Administrative Tools dialog, open Internet Information Services. In the navigation tree in the Internet Information Services dialog, expand your local PC name and the Web Sites folder. Right click over Default Web Site, and select Properties. On the Default Web Site Properties dialog, select the Directory Security tab. Click the Help button. From the IIS Documentation window, select Secure communications. For very extensive, detailed information, click Certificates. This Microsoft IIS documentation provides information on:
z z z z
An overview of certificates Setting up SSL on your server Using the security task wizards Obtaining a server certificate
Using Certificate trust lists. (Trust lists are managed via Internet Explorers Internet Options dialog. From IEs Tools dropdown menu, select Internet Options. Select the Content tab. Certificate management options appear in the Certificates section. Obtaining a client Certificate Enabling client certificates Mapping client Certificates to user accounts.
domain name of the IIS server, particularly if you plan to connect the web server to the Internet with a public IP address. For example, use the following: (FQDN) System name.schneider-electric.com (public). If you plan to connect the web server internally with a private IP address, you need only use a NetBIOS name. For example, use the following: (netBios) System name (private). The URL of the site name must comprise the same server name and domain name to which your client machine browsers connect: https://ServerName.DomainName.com For example: https://yourpc.schneider-electric.com/webclient (public IP address) https://yourpc/webclient (private IP address) Otherwise, if these do not match, errors will result and SSL wont work. To test the URL, ping it from your machine and ensure there is a reply.
z z z
Note: When applying for and creating your certificate, please use the fully qualified
Note: In order to use SSL encryption from the client machine, a web.Client user must
access web.Client with the prefix: https:// instead of http:// For more information, see Chapter 4.
To launch Microsofts Web Server Certificate Wizard, click the Server Certificate button under Secure communications on the Directory Security tab of the Default Web Site Properties dialog.
Changing IE Security Internet Options to Accommodate SSL

Only after you have set up an SSL Certificate for the IIS PC, you must modify (on each client machine) Internet Explorer Internet Options to disable superfluous warning messages that users would otherwise see while using SSL with certain web.Client features. Follow this procedure:
1. 2. 3. 4. 5. 6. 7. 8.
Install an SSL Certificate. See Establishing SSL Support for Confidential Information. In Internet Explorer, select Internet Options from the Tools dropdown menu. On the Internet Options dialog, select the Security tab. In the Security level for this zone section, click the Custom Level button. On the Security Settings dialog, scroll down to Miscellaneous. Under Display mixed content, select the Enable radio button. Under Access data sources across domains, select the Enable radio button. Click OK in the Security Settings dialog and again in the Internet Options dialog.
As an alternative, on each client machine you can add the web.Client URL address to Trusted sites. On the Internet Options dialog:
1. 2. 3.
Select the Security tab, and click Trusted sites. On the Trusted sites dialog, enter the web address in the Add this Web site to the zone field. Click OK.
Enabling SSL for web.Client

You must also enable SSL for use with web.Client via the web.Client Properties dialog in Internet Information Services. Follow this procedure:
1. 2. 3. 4.
Install an SSL Certificate. See Establishing SSL Support for Confidential Information. From the Control Panel, open Administrative Tools. From the Administrative Tools dialog, select Internet Information Services. From the navigation tree in the Internet Information Services dialog, expand your local computer name, expand Web Sites, and expand Default Web Site. Locate and right-click over WebClient. Select Properties. On the WebClient Properties dialog, select the Directory Security tab. In the Secure communications section, click the Edit button. On the Secure Communications dialog, check the Require secure channel (SSL) checkbox, and make sure the Ignore client certificates radio button is selected. Click OK.
5. 6. 7. 8.
9.
Setting Up SSL for web.Client Pinpoint

The graphics package, web.Client Pinpoint, can be used with an SSL installation. However, you must perform the following procedure to enable SSL for web.Client Pinpoint, ensure compatibility with Pinpoint, and ensure access to graphics files. Follow this procedure:
1.
Set up your Pinpoint graphics folders. See Configuring Graphics Folders for web.Client: Windows XP and Windows Server 2003 and Configuring Graphics Folders for web.Client: Windows Server 2008 and Windows 7 earlier in this chapter.
2. 3. 4. 5.
Install an SSL Certificate. See Establishing SSL Support for Confidential Information. From the Control Panel, open Administrative Tools. From the Administrative Tools dialog, select Internet Information Services. From the navigation tree in the Internet Information Services dialog, expand your local computer name, expand Web Sites, and expand Default Web Site. Locate and right-click over DNWACServerFactory. Select Properties from the popup menu. On the DNWACServerFactory Properties dialog, select the Directory Security tab. Under Secure communications, click the Edit button. On the Secure Communications dialog, check the Require secure channel (SSL) checkbox, and make sure the Ignore client certificates radio button is selected.
6. 7. 8. 9.
10. Click OK. 11. On the same DNWACServerFactory Properties dialog, select
the ASP.NET tab.

12. In the ASP.NET version field, make sure the version is 2.0.50727. 13. Click OK. 14. Open the file, WWPMonitor.exe.config. Its located in:
c:\program files\continuum\dnwacserverfactory\bin\
15. Access the following lines of code:

<add key=SSL_Use value=false /> <add key=SSL_ServerName value=xpavalon /> <add key=SSL_Port value=443 />
16. Modify these lines as follows:
Change false to true when SSL is active.
Change the value of the ServerName to the fully qualified domain name of the IIS server. Make sure the SSL port value remains 443, which is the default. Note: If you are using SSL with Pinpoint graphics, the SSL port must be 443.
17. Restart your computer. 18. After restarting your computer, test the Certificate and its
compatibility with Pinpoint by accessing the following page:

https://ServerName/dnwacserverfactory/bin/TestWPinpointSSL.htm
19. A Security Alert appears. Click Yes to the question, Do you want
to proceed? This accepts the Certificate.

20. If the Certificate is valid with Pinpoint, the following page appears:
If this page does not appear, it means it is not valid, or the Certificate has expired. At this point, SSL is ready for use with web.Client Pinpoint.
Changing the Default TCP Port Number

Normally, the IIS PC defaults to Internet TCP port 80. Some Internetaccess providers do not use port 80. This may, for example, prevent access to web.Client Pinpoint graphics files. (web.Client users can access graphics file folders as URL web address locations. See Configuring Graphics Folders for web.Client: Windows XP and Windows Server 2003 and Configuring Graphics Folders for web.Client: Windows Server 2008 and Windows 7.) If your IIS PC uses such an Internet access provider, you should change the default port 80 to another port compatible with your access provider. To change the default port number permanently on the IIS PC:
1. 2. 3. 4. 5. 6.
From the Control Panel, open Administrative Tools. From the Administrative Tools dialog, open Internet Information Services. From the navigation tree in the Internet Information Services dialog, expand the local computer name, and expand Web Sites. Right click over Default Web Sites, then select Properties. On the Default Web Site Properties dialog, select the Web Site tab. Under Web Site Identification, in the TCP Port field, change 80 to a number compatible with your Internet access provider. (Consult your provider.)
7.
Click OK. If you do not permanently change the TCP Port number, you can override the default, 80, by entering the desired port number directly into a URL web address. For example, if you want to connect to web.Client:
https://ServerName.com:PortNumber/webClient
Note: The s in the https:// URL is used when an authorized SSL Certificate is
installed on the IIS PC.
8.
Reboot your system.
Chapter 4
Testing and Installing web.Client on a Client PC

z z z z z z z z z z z
Overview Testing Access to and Installing web.Client on a Client PC Before Getting Started Launching Internet Explorer in Windows 7 Installing the web.Client Utilities Control Installing Microsoft .NET Framework 2.0 Installing web.Client Pinpoint Installing the Video Layout Control and .NET Framework 3.5 Setting Browser Zone Permissions for .NET Framework Server Proxy Applications Logging Out of web.Client
Chapter 4: Testing and Installing web.Client on a Client PC
Overview
When your web.Client users log on to web.Client via their clientmachine browsers for the first time, it is likely that several applications will be installed (automatically or via user prompts).
Note: The procedures in this chapter presume you and your users are installing or
upgrading to web.Client version 1.94 and have Internet Explorer version 8.0, and meet the other software and hardware requirements presented in Chapter 2, System and Pre-Installation Requirements.
Testing Access to and Installing web.Client on a Client PC

After performing the installation and configuration procedures in Chapter 3, Installing and Configuring web.Client on the IIS PC, you, as the administrator, must test web.Client browser access, through a user-client PC, by logging on as a web.Client user. If necessary, a user client is prompted to install the following applications:
z z z z
web.Client Utilities Control Microsoft .NET Framework 2.0 web.Client Pinpoint (only if users have access permission to graphics) Schneider Electric Video Layout Control (only if users have access permission to video) and Microsoft .NET Framework 3.0, which the video requires for its operation.
This chapter shows you how to test browser access to web.Client by logging on and installing web.Client on a user-client workstation.
Before Getting Started

Before getting started:
1. 2. 3. 4.
Find a workstation suitable for testing client-browser access to web.Client. Be sure this workstation has versions of the operating system that your user clients would typically have. Be sure the workstation meets the system requirements given in Chapter 2, System and Pre-Installation Requirements. Restart this workstation and other client PCs before logging onto web.Client for the first time.
During these procedures, please be aware that on a client machine:

z
web.Client Utilities Control must be installed before a user can log on to web.Client for the first time. (See Installing the web.Client Utilities Control.) .NET Framework 2.0 must be installed before a user can bring up the web.Client Home screen in a browser for the first time. (See Installing Microsoft .NET Framework 2.0.) web.Client Pinpoint must be installed before a user can open a graphic for the first time. (See Installing web.Client Pinpoint.) The Schneider Electric Video Layout Control (and .NET Framework 3.0, which is required for the Video Layout Control) must be installed before a user can open a video layout for the first time. (See Installing the Video Layout Control and .NET Framework 3.5.)
z z
Note: All web.Client users must have a password to log in. web.Client users are
created in CyberStation. web.Client features must be unlocked at another CyberStation for the test user, so that the user can log on to web.Client and perform all the necessary feature tests.
Launching Internet Explorer in Windows 7

If any of your client users has a Windows 7 client machine, they must launch Internet Explorer, as follows.
Note: Skip this procedure if your client users have Windows XP or Sever 2003;
proceed to Installing the web.Client Utilities Control.
1.
Launch Internet Explorer as user Administrator, in one of the following ways:
Right click the Internet Explorer icon in your tool tray, and select Run as administrator. Via Program Files in your Start menu, right click the Internet Explorer menu selection, and select Run as administrator.
Note: Your users need only perform this step once in order to install
ActiveX components and web.Client Pinpoint. Once they do so, they can run web.Client as that user (it is profile dependent) without being asked to specify the administrator account or run IE as administrator.
2. 3. 4.
From the Internet Explorer Tools menu, select Internet Options. In the Internet Options dialog, select the Connections tab, and click LAN Settings. In the Local Area Network (LAN) Settings dialog, make sure the Automatically detect settings checkbox is cleared.
5.
Click OK.
Installing the web.Client Utilities Control

Before you can log on to web.Client, you must install the web.Client Utilities Control. This is done automatically. Follow this procedure:
1. 2.
Launch Internet Explorer. Enter the following URL web address:

https://MachineName/VirtualDirectoryAlias
where MachineName is the name of the computer where you installed web.Client and Continuum. See Chapter 3, Installing and Configuring web.Client on the IIS PC. You must enter https:// if you have installed an authorized SSL Certificate on the IIS PC. If this is not an SSL server, then you would enter http://. Version 1.74 (and higher) fully supports SSL, which accommodates client-server exchanges of confidential information. (See Establishing SSL Support for Confidential Information in Chapter 3.) The VirtualDirectoryAlias was entered in the Enter Text screen of the installation procedure. Enter the name you supplied. If you did not change the default name, enter WebClient. For example:
https://SiteServer1/WebClient
Note: You must use Internet Explorer 8.0.
A Security Warning dialog appears, prompting you to install the web.Client Utilities Control.
Note: If the IIS server does not have Internet connectivity, it may take between 30
and 90 seconds for this installation prompt to appear.
Note: The web.Client Log On screen, shown on the next page, appears in the
background, beneath this Security Warning dialog, but you cannot enter your user name and password until the web.Client Utilities Control is installed.
3.
Click the Yes button (or the Install button on Windows XP) on the Utilities Control Security Warning dialog to begin the
installation. Installation of the Utilities Control happens automatically, in a few seconds. If you are upgrading from Version 1.73 to 1.94, go to the next step. If you are upgrading from Version 1.74 or 1.94, go to Step 4.
4.
If you are upgrading from Version 1.73 to 1.94, a dialog appears, asking you to close and restart Internet Explorer. Do so now. After you restart Internet Explorer, enter the same URL you entered in Step 1. On the web.Client Log On screen, enter your user name and password.
5.
Installing Microsoft .NET Framework 2.0

web.Client operates in a .NET Framework environment. As you log on for the first time, if you do not already have Microsoft .NET Framework 2.0, you are asked to install it at this time. The Microsoft .NET Framework 2.0 Setup dialog guides you through an easy procedure:
1.
At the Welcome to Microsoft .NET Framework 2.0 Setup window, click Next. The End-User License Agreement window appears.
2.
Check the I accept the terms of the License Agreement checkbox, and click Install. A Setup progress-bar, followed by the Installing components window, appears while the installation is configured and components are installed. This may take a several minutes. Please wait. When .NET Framework 2.0 is installed successfully, the Setup Complete window appears. Click Finish.
3.
.Microsoft .NET Framework allows the system to accept configurations that include firewalls.
Installing web.Client Pinpoint

Before your users can bring up a file in a web.Client Pinpoint window for the first time, they must install the web.Client Pinpoint graphics application. At least 4 MB of disk space are needed for web.Client Pinpoint. (See also Appendix B, web.Client Applications that Are Installed.) It is recommended your users install this application after bringing up the Home screen for the first time. Perform the following procedure:
1. 2.
Select Graphics from the navigation filter dropdown menu. In the navigation pane, explore and search for a list of graphic paths, and click the name of the graphic file you want. A Security Warning dialog appears, prompting you to install the file, msxml4.cab. Click the Yes button (or the Install button on Windows XP) to install the file. Another Security Warning dialog appears, asking if you want to install and run the WebClient Pinpoint graphics package. Click Yes to launch the Install Shield Wizard for WebClient Pinpoint and begin the installation. Click Next.
3.
4.
5. 6.
A License Agreement window appears. Click Yes to accept the terms of the license agreement. At this time, web.Client Pinpoint files are installed. The Setup Status window appears, displaying the progress of the installation. When installation is complete, the InstallShield Wizard appears. Click Finish to complete the installation process.
If your IIS PC Uses IIS 6.0 and Windows Server 2003, Windows Server 2008, or Windows 7
If your IIS PC uses IIS 6.0 and Windows Server 2003, Windows Server 2008, or Windows 7, be aware that IIS resources are recycled after a long period of time (29 hours) by default. This means that your web.Client Pinpoint windows, including web.Client itself, are disconnected after this long period of time expires. Please take this into account if your users need Pinpoint running continuously for more than a day. If you need to run Pinpoint continuously for more than 29 hours, you may lengthen that time via the Windows Internet Information Services (IIS) Manager. For a procedure on how do to this, please see the section, Tip 8 - Changing IIS / Windows Server 2003 Resource Recycle Time, in Appendix A, web.Client Security and Troubleshooting Tips.
Installing the Video Layout Control and .NET Framework 3.5

Before your users can bring up a web.Client video for the first time, they must install the Schneider Electric Video Layout Control. They may also have to install Microsoft .NET Framework 3.5, which the Video Layout Control also requires for its operation. It is recommended your users perform these installations after bringing up the web.Client Home screen for the first time. After .NET Framework 3.5 is installed, both versions 2.0 and 3.5 reside on the client machine.)
Note: The video feature requires network access to a digital video recorder. This may
require you to open port 18772 or establish a Virtual Private Network (VPN) connection if there is a firewall.
At least 72 MB of disk space are needed for the Video Layout Control, which comprises the file, WebClientVideo.cab, and .NET Framework 3.5. (See also Appendix B, web.Client Applications that Are Installed.) To install the Video Layout Control and .NET Framework 3.5, perform the following procedure:
1. 2.
From the navigation filter dropdown menu, select Video, Explore and search for a list of video paths, and click the name of the VideoLayout object you want. A message appears, prompting you to install the file, WebClientVideo.cab, as the first step in Video Layout Control installation.
3.
Click Install. If you do not already have Microsoft .NET Framework 3.5 installed on your computer, the InstallShield Wizard appears, asking you to install it now. (If you are not asked to install .NET Framework 3.5, go to Step 5.)
4.
Click Install. Installation of .NET Framework 3.5 begins. A progress bar appears in the InstallShield Wizard window. Installation takes several minutes. Please wait.
5.
When installation of .NET Framework 3.5 completes, the Welcome to InstallShield Wizard for Schneider Electric Video Layout Control window appears. Click Next. The Ready to Install the Program window apperas. Click Install.
6.
7.
The Installing Schneider Electric Video Layout Control window appears with a progress bar. Please wait. When installation completes, click Next. The InstallShield Wizard Completed window appears. Click Finish. Your video layout object appears.
8.
Setting Browser Zone Permissions for .NET Framework

web.Client operates in a Microsoft .NET Framework 2.0 environment. Microsofts Internet Explorer has various browser zones (for example, the Internet zone, Local Intranet zone, and Trusted zone). Each zone requires different user permissions settings. On the client side, .NET Framework 2.0 controls do not run in the IE browsers Internet or Trusted zone with their default permission settings. Therefore, users must add full trust to these zones. On each client machine, you can do so in one of the following two ways:
z
Download and install the Microsoft .NET Framework Software Development Kit (SDK) 2.0, available from Microsoft, and set zone permissions. Run the Microsoft Code Access Security Policy tool, Caspol.exe
Download and Install .NET Framework SDK 2.0

Download the Microsoft .NET Framework SDK 2.0. This is available from Microsoft, http://www.microsoft.com/downloads/. Then perform the following procedure to set zone permissions:
1. 2.
From the Windows Control Panel, open Administrative Tools. The Administrative Tools dialog appears. In the Administrative Tools dialog, double click Microsoft .NET Framework 2.0 Configuration. The .NET Configuration 2.0 dialog appears.
3. 4.
In the tree, expand Runtime Security Policy, Machine, Code Groups, All_Code, until all code groups are listed. Depending on which zone is running, right click on Trusted_Zone or Internet_Zone and select Properties from the popup menu. The Trusted_Zone Properties dialog (or Internet_Zone Properties dialog, respectively) appears.
5. 6.
Click the Permission Set tab, and from the Permission set dropdown menu, select FullTrust. Click OK or Apply
You can also change the default permission set or create a new permission set that has the following specific permissions.
z z z
Security - Enable Assembly execution User Interface - Grant assemblies unrestricted access to user interface elements. Web Access - Grant assemblies unrestricted access to user interface elements.
Run the Microsoft Code Access Security Policy Tool

As an alternative, you can add full trust to the zones by executing the Microsoft Code Access Policy tool (caspol.exe) located in:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\
To add full trust to the Internet zone in .NET Framework 2.0, execute the following:
caspol.exe -m -addgroup Internet_Zone -zone InterNet FullTrust -name FullTrust
To add full trust to the Trusted zone in .NET Framework 2.0, execute the following:
caspol.exe -m -addgroup Trusted_Zone -zone Trusted FullTrust -name FullTrust
Server Proxy Applications

There are some applications that are displayed during a web.Client session, including:
z
ACWebServerProxy, installed with web.Client, displays a window, shown below, that logs all users who are logged on to web.Client. It runs automatically on the server after the first user logs on the web site. It must not be manually closed.
ACWPPServerProxy is used exclusively for web.Client Pinpoint. Like the ACWebServer Proxy, it runs automatically on the server and must not be manually closed. Schneider Electric XML Automation server
CAUTION Manually closing the ACWebServerProxy

Do not manually close the ACWebServerProxy window.
If anyone manually closes the ACWebServerProxy window, all users are disconnected from the application.
Logging Out of web.Client

When a user logs onto web.Client, one of the client licenses is reserved for that user to use. When a user wishes to end the web.Client session, he/she must log out in order for that client license to be released and made available for another user to log on and use.
CAUTION Closing sessions without logging out
Users should not close their sessions without logging out.
If the session is closed without logging out, the client license will not be available for a different user until after the timeout period has expired.
Chapter 5
Using web.Client to Set Up Your Organization

z z z z
Overview web.Client Security Basics Scenario 1: A Single-Building Company Scenario 2: A Global Company
Chapter 5: Using web.Client to Set Up Your Organization
Overview
Having installed and tested web.Client version 1.94 on an Internet browser, you are now ready to use this powerful, web-based facility management tool. For example, web.Client can distribute personnel records, view and edit schedules and points, integrate video, display live events, provide convenient access to reports for managers, monitor BACnet loops, and download TrendLog records. (For complete information, please see the web.Client online help.) It is very important to plan for web.Client carefully. If you can start planning for web.Client before the initial configuration of the facility management system, implementation will be much easier.
Example: Building a Security Management System

This chapter provides a security example: building a security management system. It simulates an access control / personnel management system. Throughout this process keep in mind that you will be creating delegates to log on to web.Client and access the Continuum facility management system. Start by asking the following questions:
z z z z z z
Is the security installation contained within one building or are there multiple facilities managed by one system? Where are the facilities located? Who are the security delegates that will administer the personnel records? What personnel records do the security delegates have authority to administer? What are the areas of which the security delegates have control? Can personnel records be placed in logical groups?
Based on the answers to the above questions, you will have to decide:
z
What folders will need to be created in CyberStation?
z z
What Folder and Device Level (FDL) security should be used for these folders? What group level security should the security delegates have to limit their ability to view only certain object classes or perform only certain tasks? What object level security should be set up to limit the security delegate to specific groups of objects?
This chapter details two scenarios in which the above questions were answered and decisions were made on how to set up the Continuum system. Use these examples to aid in planning for your scenario.
web.Client Security Basics

To utilize web.Client effectively, Continuum security will be applied to the users who have access to web.Client, to limit their view and actions. Since CyberStation allows a user to be configured with just a user name and no password, only CyberStation users with both a user name and password can log onto web.Client. This is achieved by configuring the Continuum system security at one of the workstations (not on the IIS Server). On this workstation, you will be creating the following: Security groups: Define these by right-clicking on the Continuum icon in your tool tray, and selecting Security from the popup menu. This invokes the Security Editor, where you can edit user-level security. web.Client has its own set of object-class security keys for security groups to utilize. Using security groups, you can assign each group overall access to an object class by unlocking actions. That is, if the web.Client class object has unlocked, Alarms permissions set for a security group, then the security group may view every alarm in the entire Continuum system. If a class and action is unlocked by a security group, only a security level may override it. Many users can be assigned to the same security group. Security levels: Security levels do not exist in the Continuum system by default, they must be created. Security levels are used to apply object-level security, to override permissions granted by security
groups, and can only be used to deny a permission granted by security groups. Security levels cannot be used to grant permissions denied by security groups. They may be applied to individual objects (for example, an area called Engineering) or to a folder with many objects. When a security level is applied to a folder, all the contents of the folder, including subfolders, are limited to that security levels restrictions. Since only one security level can be applied to an individual object or folder, a security level must be defined to include all the restrictions that will be applied. For example, the following security levels may be required:
z z z
Admin only Admin and Engineering Managers Admin, Engineering Managers, and Sales Managers
Folders: Folders are used in the Continuum system to partition, or logically group objects in the database. For example, a folder may contain all the areas in building 52. Folders make Continuum security much easier to implement. Instead of individually applying security levels to every object, a security level can be applied to the folder once to set the appropriate security permissions. Users: Users created with the Continuum system are assigned to one or more security groups. Since a user may be a member of more than one security group, security groups may be set up to focus on a small set of permissions. Setting up security groups with a modular approach, makes assignment of security groups to users much easier. If a user is assigned to more than one security group with conflicting permissions, the unlocked permissions take precedence and the user will be granted the permission. Object-Level Security: is accomplished by using an object class called SecurityLevel. This class contains security permissions; these permissions are part of the SecurityLevel object and may be (and usually are) different than the default permissions. SecurityLevel: Objects are used to create security permissions for groups of objects (such as Building52 Areas or Administration Objects). These permissions can then be attached to the appropriate objects.
Folder and Device Level Security (FDL): provides the user with the ability to apply a security level to a collection of child objects by placing them in a folder (the parent) so that they inherit the parents security level. When you configure security using FDL, consider the following:
z z z
Roles - Categories to which users can be assigned (for example, Administration, Guard, Maintenance, and so on) Partitions - Divisions of the site into physical areas (for example, Building A, Building B, and so on) Group names - The combination of roles and partitions (for example, BldgAAdmin, BldgAGuard, BldgAMaint, and so on)
The number of groups is a product of the number of roles multiplied by the number of partitions: Number of Groups = (Number of Roles) x (Number of Partitions) For example, a site with three roles and two partitions would have six groups.
Note: CyberStation supports up to 1024 groups. If the number of groups (number of
roles multiplied by the number of partitions) exceeds 1024, then the number of roles and/or number of partitions needs to be decreased.
Testing web.Client Security

After you configure security for your system, test all functional areas for proper security permissions. Log in as each user once and verify that the right areas are granted or denied according to your configuration plan.
Scenario 1: A Single-Building Company

A single-building company would like to assign one security designee per department. This person will be responsible for creating, editing, and deleting department personnel, as well as assigning area permissions and time schedules to their personnel. The administrative designee (the Human Resources delegate) will have permissions to all records and areas. The IT personnel need to be granted permissions to all areas of the building so that they may work anywhere in the building. This section contains the following topics:
z z z z
How Is the Company Physically Divided? Who Are the Users? What Are the Security Levels? Setting Up web.Client in CyberStation
How Is the Company Physically Divided?

The company is divided into the following departments:
z z z z
Administrative Engineering Sales IT
The areas of the building are:

z z z z z z z
Main lobby East stairwell West stairwell Fitness room Human Resources department Administrative offices Engineering lab
z z
Engineering Conference room Sales offices
The areas can be grouped as:

z z z z
Common areas: Main lobby, fitness room, east stairwell, west stairwell Administrative areas: Human Resources department, administrative offices Engineering areas: Engineering lab, engineering conference room Sales areas: Sales offices
Who Are the Users?

The following table lists the users in scenario: Who Are the Users?
Name HRDel EngDel SalesDel ITDel Description
Human Resources delegate with permissions to all personnel records and areas Engineering delegate with permissions only to engineering personnel records and engineering and common areas Sales delegate with permissions only to sales personnel records and sales and common areas IT delegate with permissions only to IT personnel records and all areas
Since this setup requires that each delegate have different sets of permissions, it requires four security groups (one for each user / delegate). These groups will be: Admin, Eng, Sales, and IT (where the HRDel serves as the Admin delegate). Also, since only one security level can be applied per folder or object, it is recommended that you create separate security levels for each folder. This will make it easier to organize permissions specifically for the contents of the folder.
What Are the Security Levels?

The following table lists the security levels in this scenario: What Are the Security Levels?
This security level CommonAreasSL AdminAreasSL EngAreasSL SalesAreasSL AdminPersonnelSL EngPersonnelSL SalesPersonnelSL ITPersonnelSL Is Unlocked for these Groups
All security groups Administrative and IT groups Administrative, IT, and engineering groups Administrative, IT, and sales groups Administrative group Administrative and engineering groups Administrative and sales groups Administrative and IT groups
Setting Up web.Client in CyberStation

For the scenario described above, it is recommended you set up web.Client in Continuum CyberStation to have the following security groups, personnel folders, area folders, security levels, and users. Recommended Set Up
Security Groups
Admin Eng Sales IT
Personnel Folders Area Folders Security Levels

AdminPersonnel EngPersonnel SalesPersonnel ITPersonnel CommonAreas AdminAreas EngAreas SalesAreas CommonAreasSL AdminAreasSL EngAreasSL SalesAreasSL AdminPersSL EngPersSL SalesPersSL ITPersSL
Users
HrDel EngDel SalesDel ITDel
Scenario 2: A Global Company

In a global company, you would like to assign one security designee per company location. This person will be responsible for creating, editing, and deleting personnel, as well as assigning area permissions and time schedules to their locations personnel. There will also be a global administrator (GlobalViewer) who will have permissions to view all records and areas. This user may not create, edit, or delete records. For traveling employees who do not have a particular location, there is another global administrator (GlobalPersonnelAdmin). This person can create, edit, and delete the personnel records of these people in particular, but they cannot assign access to any areas. Lastly, local administrators can grant area permissions to the traveling employees, but they may not create, edit, or delete their records. This section contains the following topics:
z z z z z
What Are the Company Personnel Groups? Where Are the Company Facilities Located? Who Are the Users? What Are the Security Levels? Setting Up web.Client in CyberStation
What Are the Company Personnel Groups?

The company is divided into the following personnel groups:
z z z z z z
Andover personnel England personnel France personnel Germany personnel Hong Kong personnel Mexico personnel
Global personnel (the traveling personnel)
Where Are the Company Facilities Located?

The locations of the company facilities are, as follows:
z z z z z z
Andover England France Germany Hong Kong Mexico
Who Are the Users?

The following table lists the user names in this scenario: Who Are the Users?
Name AndoverAdmin Description
Andover delegate with permissions to all Andover personnel records and areas, also has permissions to view global personnel and assign Andover area permissions to them. England delegate with permissions to all England personnel records and areas, also has permissions to view global personnel and assign England area permissions to them. France delegate with permissions to all France personnel records and areas, also has permissions to view global personnel and assign France area permissions to them. Germany delegate with permissions to all Germany personnel records and Areas, also has permissions to view global personnel and assign Germany area permissions to them. Hong Kong delegate with permissions to all Hong Kong personnel records and areas, also has permissions to view global personnel and assign Hong Kong area permissions to them. Mexico delegate with permissions to all Mexico personnel records and areas, also has permissions to view global personnel and assign Mexico area permissions to them.
EnglandAdmin
FranceAdmin
GermanyAdmin
HongKongAdmin
MexicoAdmin
Who Are the Users? (continued)

Name GlobalPersonnelA dmin GlobalViewer Description
Global delegate with permissions to all global personnel records but not to areas, so he/she cannot assign area permissions to global personnel. Global delegate with permissions only to view all personnel records and areas.
Since this setup requires that each delegate have different sets of permissions, this scenario requires eight administrative groups (one for each user / delegate). These groups will be: Andover Administrator, England Administrator, France Administrator, Germany Administrator, Hong Kong Administrator, Mexico Administrator, Global Personnel Administrator, and Global Viewer. Also, since only one security level can be applied per folder or object, it is recommended to create separate security levels for each folder. This will make it easier to organize permissions specifically for the contents of the folder.
What Are the Security Levels?

The following table lists the security levels in this scenario: What Are the Security Levels?
This security level AndoverAreaSL EnglandAreaSL FranceAreaSL GermanyAreaSL HongKongAreaSL MexicoAreaSL AndoverPersonnelSL EnglandPersonnelSL FrancePersonnelSL GermanyPersonnelSL Is Unlocked for this Group1
Andover administrator group England administrator group France administrator group Germany administrator group Hong Kong administrator group Mexico administrator group Andover administrator group England administrator group France administrator group Germany administrator group
HongKongPersonnelSL Hong Kong administrator group

What Are the Security Levels? (continued)

This security level MexicoPersonnelSL GlobalPersonnelSL Is Unlocked for this Group1
Mexico administrator group Global personnel administrator group
1. All Security Levels will also be unlocked for the Global Viewer with the exception that the keys (in the security settings) will be locked for the change, edit, create, and delete functions.
Setting Up web.Client in CyberStation

The web.Client setup in Continuum CyberStation for this scenario is recommended to have the following security groups, personnel folders, area folders, and security levels. Recommended Setup
Security Groups
Andover Administrator England Administrator France Administrator Germany Administrator Hong Kong Administrator Mexico Administrator Global Personnel Administrator Global Viewer
Personnel Folders
AndoverPersonnel EnglandPersonnel FrancePersonnel GermanyPersonnel HongKongPersonnel MexicoPersonnel GlobalPersonnel
Area Folders
AndoverAreas EnglandAreas GermanyAreas HongKongAreas MexicoAreas
Security Levels
AndoverAreaSL EnglandAreaSL FranceAreaSL GermanyAreaSL HongKongAreaSL MexicoAreaSL AndoverPersonnelSL EnglandPersonnelSL FrancePersonnelSL GermanyPersonnelSL HongKongPersonnelSL MexicoPersonnelSL GlobalPersonnelSL
Users
AndoverAdmin EnglandAdmin FranceAdmin GermanyAdmin HongKongAdmin MexicoAdmin GlobalPersonnel Admin Global Viewer
Appendix A
web.Client Security and Troubleshooting Tips
This appendix contains the following topics:

z z z z z z z z z
Tip 1 - Ensuring Full System Access for at Least One User Tip 2 - Placing PIM Files in a Single Folder Tip 3 - Applying Security to non-web.Client Folders Tip 4 - Verifying DCOM Is Enabled Tip 5 - Enabling the Default Document Tip 6 - Understanding Security Ramifications for IIS Applications Tip 7 - Be Sure that IIS Is Installed before .NET Framework Tip 8 - Changing IIS / Windows Server 2003 Resource Recycle Time Tip 9- Fixing a Web Location Access SOAP Error
Appendix A: web.Client Security and Troubleshooting Tips
Tips
This appendix provides some tips for keeping your web.Client system secure and for troubleshooting some common problems that may arise.
To perform the Microsoft-related procedures, you must have administrative experience using Microsoft system software and understand that there are differences in the graphical user interfaces between different Windows platforms. User-interface illustrations are not provided. Please see your Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
Tip 1 - Ensuring Full System Access for at Least One User

To protect your Andover Continuum system, reserve user security groups 1 and 128 (or the highest-numbered user security group your site uses) to have all keys unlocked for all classes. Do this for the baselevel security and all object-level security (security levels).
Note: Although it is unlikely you would use all of them, CyberStation provides a
maximum of 1024 user security groups.
Be sure at least one user is assigned to both the first and your highestnumbered security groups. This ensures that at least one user will have full access to the system in case of an inadvertently locked action.
Tip 2 - Placing PIM Files in a Single Folder

If the Personnel Information Manager (PIM) is being used, the PIM requires that all personnel records exist in a single folder under the Root.
Tip 3 - Applying Security to non-web.Client Folders

When adding new personnel using web.Client, the New Person dialog displays all of the CyberStation system folders for which that logged-on user has permissions to view. Schneider Electric recommends that you apply a security level to all folders not used by web.Client users (the folders that do not include any personnel, areas, or numerics used by schedules) so as to prevent personnel from inadvertently being placed in the wrong folder.
1. 2. 3.
Create a security level at a CyberStation workstation and call it NonWebClient. Unlock permissions only for CyberStation workstation users. Keep the columns reserved for web.Client security groups locked. Apply this new security level to all folders without personnel, areas, or numerics (used by schedules).
Tip 4 - Verifying DCOM Is Enabled

To verify that DCOM is enabled properly, perform the following procedure. For Windows XP Professional and Windows Server 2003
1. 2. 3.
From the Windows Start menu, select Run. The Run dialog appears. Enter dcomcnfg. The Component Services dialog appears. In the explorer tree, expand Component Services, and right click on My Computer. The My Computer Properties dialog appears.
4. 5.
Select the Default Properties tab. Verify that the Enable Distributed COM on this computer checkbox is checked.
See also Configuring DCOM Default Security Settings
Tip 5 - Enabling the Default Document

Perform the following procedure to ensure that the default document on the web.Client virtual directory is set.
1. 2. 3.
From the Start menu, select Settings Control Panel. From the Control Panel, select Administrative Tools. The Administrative Tools dialog appears. From the Administrative Tools window, click Internet Services Manager. (or Internet Information Services on Windows XP and Server 2003). The Internet Services Manager dialog appears. In the left-hand explorer tree pane of the Internet Information Services dialog, expand the directories beneath the computer icon that is the name of the computer on which you are working.
4.
5.
Expand the directory name, Default Web Site. (On Windows XP and Windows Server 2003, expand Web Sites, then Default Web Sites.)
web.Client, and by default it is called WebClient. During the installation of web.Client, this directory name can be changed.
Note: There is a virtual directory under the default web site that is used for
6.
Right click on the WebClient directory, and select Properties.

contents in the right-hand pane. The web.Client virtual directory will have two ACCWebMgr files in the list in the pane.
Note: If you are unsure which directory it is, click them, one at a time, to list the
7. 8. 9.
The WebClient Properties dialog appears. Select the Documents tab. Ensure that the Enable Default Document checkbox is checked. Click OK to close the WebClient Properties dialog and the Internet Information Services dialog.
Tip 6 - Understanding Security Ramifications for IIS Applications

Launching an OLE or COM object requires certain permissions. This is normally not an issue for most interactive users because the default permissions for launching and accessing OLE and COM objects allow access to anyone logged onto the local machine interactively. An IIS application, whether it is running in the context of the IUSR_<servername> account or an impersonated user account from Basic or NTLM authentication, is not interactively logged on. Therefore, the default permissions for launching and accessing OLE and COM objects will not allow an ISAPI extension DLL, CGI application, or Internet script to launch these objects successfully by default. The utility DCOMCNFG allows you to set the default permissions for *ALL* COM and OLE objects on your machine. You can use this utility to provide OLE and COM access to the IUSR_<servername> account as well as all user accounts that might be impersonated by your IIS configuration. You can even grant permissions to the Everyone group.
For more information on launching OLE servers from ISAPI applications, refer to the Microsoft article on Security Ramifications for IIS Applications. This article can be found at:
http://www.microsoft.com/windows2000/en/server/iis/htm/asp/ eadg4n77.htm?id=231.
Tip 7 - Be Sure that IIS Is Installed before .NET Framework

To avoid problems opening web.Client Pinpoint graphics, be sure that IIS has been installed on the server before Microsoft .NET Framework 2.0 is installed. If Microsoft Windows already comes with .NET Framework 2.0, or you have downloaded .NET Framework 2.0 separately during a Windows upgrade before IIS is installed, perform the following: For Windows XP Professional or Windows Server 2003 run the following command:
C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i
Refer to Chapter 2, System and Pre-Installation Requirements. and Chapter 3, Installing and Configuring web.Client on the IIS PC.
Tip 8 - Changing IIS / Windows Server 2003 Resource Recycle Time

If your IIS PC uses IIS 6.0 and Windows Server 2003, please be aware that IIS resources are recycled after a long period of time (29 hours) by default. This means that your web.Client Pinpoint windows, including web.Client itself and other resources, are disconnected after this long period of time expires. Please take this into account if your users need Pinpoint and/or web.Client running continuously for more than a day. You may lengthen this resource-recycle time via the Windows Internet Information Services (IIS) Manager. On the IIS PC (Windows Server 2003) perform this procedure:
1.
From the Windows Control Panel, double click and open Administrative Tools. The Administrative Tools dialog appears.
2.
Double click and open Internet Information Services (IIS) Manager. The Internet Information Services (IIS) Manager dialog appears. In the navigational directory, expand your local computer directory. Expand the Application Pools directory. Right click on DefaultAppPool, and from the popup menu, select Properties. The DefaultAppPool Properties dialog appears.
3. 4. 5.
6. 7.
Select the Recycling tab. Next to the Recycle worker processes (in minutes) checkbox, which should be checked, notice the field displaying the default number of minutes - 1740 minutes. This is equivalent to 29 hours. To lengthen this time, use the field's up-arrow button to add minutes. (Use the down arrow to subtract minutes.) Click OK.
8. 9.
Your resources are now automatically disconnected when this new time expires.
Tip 9- Fixing a Web Location Access SOAP Error

Should you receive a Simple Object Access Protocol (SOAP) error when attempting to access the test http://ser8web/NewGraphicsFiles2 web location in Setting Up an Application for Graphics on Windows Server 2008 and Windows 7:
1.
Access and open the Web.config file located in:

C:\\Program files\Continuum\DNWACServerFactory\.
2.
Using Wordpad as user Administrator, add the following lines to the present Web.config file:
<system.webServer> <security> <requestFiltering allowDoubleEscaping=True/> </security> <directoryBrowse enabled=true/> </system.webServer>
Appendix B
web.Client Applications that Are Installed
This appendix lists the applications that web.Client installs on the client PCs and the file size of each application.
Appendix B: web.Client Applications that Are Installed
Installed Applications
The following table lists the applications that web.Client installs on the client PCs and the file size of each application. Applications that web.Client Installs on the Client PCs
Installed Application
web.Client Utilities Control Microsoft .NET Framework 2.0
Description
This 60 KB application configures some internal settings that are invisible to administrators and users. Required before user logs on. web.Client operates in a Microsoft .NET Framework 2.0 environment. The user installs.NET Framework 2.0 on the client machine when web.Client is launched for the first time. Be sure you have at least 22 MB of free disk space for .NET Framework 2.0. For more information, refer to Installing Microsoft .NET Framework 2.0 When a user brings up a video layout in web.Client for the first time, he/she is prompted to install the Video Layout Control. As part of that installation, the user may also be prompted to install .NET Framework 3.5, which the Video Layout Control requires. The Video Layout Control and .NET Framework 3.5 make up the file WebClientVideo.cab. Be sure you have at least 72 MB of free disk space. For more information, refer to Installing the Video Layout Control and .NET Framework 3.5
Schneider Electric Video Layout Control and Microsoft .NET Framework 3.5
Adobe scalable vector graphics (SVG) viewer for graphical reports. web.Client Pinpoint (wPinpoint) web.Client Video Control
This 5 MB application allows the client to view web.Client Reports. (See the web.Client online help.)
This 4 MB application allows the client to view Pinpoint graphics through web.Client. This 2 MB application allows the client to view and play back live and recorded video images through web.Client.
Appendix C
Guidelines for Upgrading to Version 1.94
This appendix contains guidelines for upgrading web.Client to version 1.94.
Appendix C: Guidelines for Upgrading to Version 1.94
Upgrade Guidelines
This appendix presents guidelines for upgrading web.Client to version 1.94. A quick procedure is provided below, but please refer back to the procedures and requirements in Chapter 2, Chapter 3, and Chapter 4. Refer also to the Andover Continuum CyberStation Installation Guide, 30-3001-720. As with any upgrade, it is good practice to ensure, before you begin, that you have a known good backup of the database.
Note: web.Client version 1.94 supports Microsoft Windows Server 2003, in addition
to Windows XP Professional Workstation.
1.
Upgrade your hardware security key to version 1.94 Depending upon the version of CyberStation you are running, you may need to update your hardware security key to version 1.94. If your CyberStation software is a pre-1.9 version (such as, v1.6, or v1.81), you will have to upgrade your key to support v1.94. If you are running version 1.9 or higher, however, you will not need to update your security key; your key is already enabled to support version 1.94.
2.
Perform pre-installation tasks, and ensure your system meets the minimum software and hardware requirements. (See Chapter 2, System and Pre-Installation Requirements.) Reboot your PC before inserting the version 1.9CD, and start the web.Client Install program. Perform the installation over the previous versions application. Reboot your PC, when prompted. Also refer to the procedure in Chapter 3: Installing web.Client on the IIS PC.
3.
4.
After the installation procedure is complete, and you have rebooted your machine, the database initialization procedure begins. When the Database Initialization dialog appears, select the Update Existing Database radio button to update the database.
Note: If you do not have the database engine, SQL Express, already installed, or if
you have an older version of the database engine, then SQL Express is installed for you automatically during the database initialization process.
Refer to the procedures in Chapter 3: Initializing the Database on a LAN IIS PC and Creating and Initializing the Database on a Standalone IIS PC. See also, Appendix D, SQL Express Installation Error Messages.
5.
Follow these other configuration procedures from Chapter 3:

Configuring Access Permissions for web.Client Users Configuring Your Video Servers Configuring Graphics Folders for web.Client: Windows XP and Windows Server 2003 Configuring Graphics Folders for web.Client: Windows Server 2008 and Windows 7 Configuring DCOM Default Security Settings Disabling HTTP Keep-Alives Establishing SSL Support for Confidential Information Enabling SSL for web.Client
6.
After installation is complete, and your users are ready to log onto web.Client on their client-PC browsers, follow the procedures, as needed, in Chapter 4, Testing and Installing web.Client on a Client PC. Be sure your users reboot their browser PCs before logging on to the upgraded IIS PC.
Microsoft .NET Framework 2.0 installed, a user must install it as he/she logs on to web.Client for the first time. web.Client operates in a .NET Framework environment. When a user is logged onto web.Client and tries to bring up a video layout for the first time, he/she may be prompted to install .NET Framework 3.0 on the client machine, if it is not already installed. The web.Client Video Control requires the client machine to have .NET Framework 3.0, just as web.Client overall requires .NET Framework 2.0. For more information see Installing the Video Layout Control and .NET Framework 3.5 in Chapter 4.
Note: During the web.Client installation, if a client machine does not already have
.NET Framework installation typically takes several minutes. If your machine has a 9600 baud-rate modem, the process is longer. Please be patient.
Appendix D
SQL Express Installation Error Messages
This appendix contains the following topics:

z z
Overview SQL Express Installation Error Messages
Appendix D: SQL Express Installation Error Messages
Overview
This appendix provides a list of error messages that may appear if certain problems occur during the installation of the database engine, SQL Express. (SQL Express is installed or upgraded automatically on a standalone system during the Continuum database initialization process.) During SQL Express installation, one of three things is detected on your computer:
z z
There is no SQL Express at all. In this case, SQL Express is installed automatically. MSDE 2000 is already installed as the database engine. In this case, SQL Express is installed over MSDE 2000.
However, your computer is also checked for certain rare problems that could complicate SQL Express installation and/or the creation or update of the Continuum database. For example, a third-party software vendor may already be using the existing database engine. This creates license-agreement conflicts and possible performance problems. To satisfy the software license agreement, Continuum CyberStation must own the database engine. In this case, it may be necessary to create another instance of SQL Express for Continuum CyberStation and/or notify the software vendor. Using another example, the database may be configured incorrectly. In this case, it may be necessary to re-create the Continuum database during database initialization. In a few cases, it may be necessary to contact your Technical Support representative. There are many variations of these special cases. If a problem arises, you will receive an SQL Express installation error message that states the problem and provides instructions for correcting it.
SQL Express Installation Error Messages

For every problem that may occur during SQL Express installation, one of the following error messages appears. These messages are selfexplanatory:
An error occurred while upgrading or installing SQL Express on your computer. Please contact your Technical Support representative for further instructions.
We have detected an existing incorrectly configured version of SQL Express, which cannot be upgraded. Installation has been halted. Please uninstall this version manually, and rerun Continuum Database Initialization. To uninstall, go to the Windows Control Panel, open Add/Remove Programs, select "SQL Server 2005", and uninstall.
We have detected an incorrectly configured existing version of SQL Express, which Continuum is already using. Another instance of SQL Express will be installed now, and the existing Continuum database will be attached to it automatically.
We have detected an incorrectly configured existing version of SQL Express, which another software vendor is already using. According to the Microsoft license agreement, Continuum cannot use this version of SQL Express. We will now install another instance of SQL Express for Continuum. After the SQL Express instance is installed, a reboot of your computer is required. Please note the new server name, "ServerName\ContinuumSE". Each client workstation will need to have the server name adjusted accordingly to include "\ContinuumSE". For example, a server formerly named "MyServer" is now "MyServer\ContinuumSE". Please use this new SQL Express instance for Continuum only. This satisfies the conditions of the Microsoft license agreement.
We have detected that an existing version of SQL Express is already installed on your computer. However, another software vendor, in addition to Continuum, is already using this existing version. The upgrade will continue, but we recommend you notify the software vendor that it is using an SQL Express instance belonging to Continuum and suggest that the vendor create its own instance of SQL Express to avoid configuration incompatibilities, performance problems, and license-agreement conflicts.
We have detected that your Continuum database is configured incorrectly. To correct the problem, please call your Technical Support representative after the database update for further instructions.
Andover Continuum web.Client Planning and Installation Guide Document Number 30-3001-835 Version 1.94

30 3001 835 v1.94 WebClient+Planning+and+Installation+Guide

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

30 3001 835 v1.94 WebClient+Planning+and+Installation+Guide

Încărcat de

Drepturi de autor:

Formate disponibile

Andover Continuum web.

Andover Continuum web.Client Planning and Installation Guide

About this Manual .................................................................

Introduction to web.Client ...................................................

System and Pre-Installation Requirements ........................

Installing and Configuring web.Client on the IIS PC .........

Testing and Installing web.Client on a Client PC .............. 117

Using web.Client to Set Up Your Organization .................. 131

132 132 133 135 136

web.Client Security and Troubleshooting Tips .................

web.Client Applications that Are Installed .........................

Guidelines for Upgrading to Version 1.94 ..........................

SQL Express Installation Error Messages .........................

About this Manual

Whats in this Manual

Andover Continuum web.Client Planning and Installation Guide

About this Manual

About this Manual

CAUTION Type of hazard

Failure to observe this precaution can result in injury or equipment damage.

WARNING Type of hazard

Failure to observe this precaution can result in severe injury.

DANGER ELECTRIC SHOCK HAZARD

Failure to observe these instructions will result in death or serious injury.

Andover Continuum web.Client Planning and Installation Guide

About this Manual

This chapter contains the following topics:

Andover Continuum web.Client Planning and Installation Guide

Chapter 1: Introduction to web.Client

Chapter 1: Introduction to web.Client

web.Client User Documentation

Andover Continuum web.Client Planning and Installation Guide

Chapter 1: Introduction to web.Client

A Typical System before web.Client

Chapter 1: Introduction to web.Client

A Typical System Implementing web.Client

Andover Continuum web.Client Planning and Installation Guide

Chapter 1: Introduction to web.Client

Chapter 1: Introduction to web.Client

Differences between web.Client and CyberStation

X X X X X X Except: BACnet objects cannot be deleted.

TrendLogs Video Doors Controller Web Pages

Andover Continuum web.Client Planning and Installation Guide

Chapter 1: Introduction to web.Client

This chapter contains the following topics:

Note: Before installing or upgrading to web.Client version 1.94, be sure the

Andover Continuum web.Client Planning and Installation Guide

Chapter 2: System and Pre-Installation Requirements

web.Client Setup Configurations

System LAN Standalone

When IIS Is Installed on Windows Server 2008 25 2

When IIS Is Installed on Windows XP Professional Workstation

Chapter 2: System and Pre-Installation Requirements

Hardware and Software Requirements for LAN System

Continuum/SQL database server IIS server (one for every 25 users)

Andover Continuum web.Client Planning and Installation Guide

Chapter 2: System and Pre-Installation Requirements

Chapter 2: System and Pre-Installation Requirements

For Windows XP and Server 2003: Internet Explorer 8.0

CyberStation Andover Continuum CyberStation Version 1.94

Chapter 2: System and Pre-Installation Requirements

Software for LAN Systems

Network protocol Other