30-3001-835 WebClient Planning and Installation Guide

Andover Continuum web.
Client
Planning and Installation Guide
for Version 2.03
© 2018, Schneider Electric
All Rights Reserved
No part of this publication may be reproduced, read or stored in a retrieval system, or transmitted, in any
form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior writ-
ten permission of Schneider Electric.
This document is produced in the United States of America.
Andover Plain EnglishTM is a trademark of Schneider Electric.
Andover InfinetTM is a trademark of Schneider Electric.
All other trademarks are the property of their respective owners.
Title: Andover Continuum web.Client Planning and Installation Guide
web.Client Version 2.03
Schneider Electric part number: 30-3001-835
The information in this document is furnished for informational purposes only, is subject to change with-
out notice, and should not be construed as a commitment by Schneider Electric. Schneider Electric as-
sumes no liability for any errors or inaccuracies that may appear in this document.
On October 1st, 2009, TAC became the Buildings Business of its parent company Schneider Electric.
This document reflects the visual identity of Schneider Electric. However, there remain references to
TAC as a corporate brand throughout the Andover Continuum software. In those instances, the documen-
tation text still refers to TAC — only to portray the user interface accurately. As the software is updated,
these documentation references will be changed to reflect appropriate brand and software changes. All
brand names, trademarks and registered marks are the property of their respective owners.
Schneider Electric
800 Federal Street
Andover, MA 01810
(978) 794-0800
Fax: (978) 975-9782
http://www.schneider-electric.com/buildings
Andover Continuum web.Client
Planning and Installation Guide
30-3001-835
Version 2.03
Contents
About this Manual ................................................................. 9

What’s in this Manual .............................................................................. 9
Revision History ...................................................................................... 10
Related Documentation ........................................................................... 11
Symbols Used .......................................................................................... 11
Chapter 1 Introduction to web.Client ................................................... 13

Overview ................................................................................................. 14
web.Client Overview ............................................................................... 14
web.Client User Documentation .................................................... 15
A Typical System before web.Client ....................................................... 16
A Typical System Implementing web.Client .......................................... 17
Differences between web.Client and CyberStation ................................. 19
Chapter 2 System Requirements .......................................................... 21

web.Client Setup Configurations ............................................................. 22
Running web.Client on a Windows 32-bit OS ........................................ 23
Windows Batch File laa_update.bat ....................................... 23
Windows Batch File laa_update_remove.bat ......................... 24
Hardware and Software Requirements for LAN System ........................ 25
Hardware and Software Requirements for a Standalone System ............ 27
Chapter 3 Pre-Installation Requirements for Windows Server 2008 and

2012, and Windows 7 and 10 ............................................... 31
Pre-Installation Microsoft Tasks ............................................................. 32
Installing System Software ............................................................ 32
Installing IIS on Windows Server 2008 ........................................ 32
Andover Continuum web.Client Planning and Installation Guide 5

Installing .NET Framework 3.5 on Windows Server 2012 and Windows
10 ................................................................................................... 42
Installing IIS on Windows Server 2012 ........................................ 43
Installing .NET Framework on Windows 10 ................................ 51
Configuring IIS for Windows 7 and 10 ......................................... 53
SSL Considerations for the IIS PC ................................................ 53
Changing the Default TCP Web Port Number for the IIS PC 54
Disabling WinSock Proxy Client on Standalone System .............. 54
Ensuring a Domain Membership Is Selected ................................ 55
Avoiding Invalid Characters in a Server Name ............................. 55
User Account Control Data Redirection ....................................... 55
Turning Off User Account Control for Windows Server 2012 and
Windows 10 ........................................................................... 56
Chapter 4 Installing web.Client on the IIS PC ...................................... 57

Overview ................................................................................................. 58
Installing web.Client on the IIS PC ......................................................... 59
Creating and Initializing the Database on a Standalone IIS PC .... 64
Adding web.Client to an Existing Standalone Database ............... 75
Initializing the Database on a LAN IIS PC ................................... 77
web.Client Video System Upgrades ........................................................ 80
Routing Alarms to the IIS PC on a LAN System ................................... 82
Configuring Access Permissions for web.Client Users ................. 83
Configuring Your Video Servers ............................................................ 84
Chapter 5 Configuring Graphics Folders for web.Client .................... 85

Configuring Graphics Folders for web.Client: ........................................ 86
Setting Up an Application for Graphics .................................................. 86
Giving Everyone Access to Graphics Files ............................................. 90
Chapter 6 Configuring web.Client on the IIS PC ................................. 93

Establishing Pinpoint Folders ................................................................. 94
Resetting Timeout and Live Events Via web.config File ........................ 96
Inactivity Timeout ......................................................................... 96
Live EventView ............................................................................. 97
Establishing SSL Support for Confidential Information ......................... 97
Using SSL Online Documentation ................................................ 97
6 Schneider Electric
Changing IE Security Internet Options to Accommodate SSL ..... 99
Enabling SSL for web.Client ......................................................... 99
Setting Up SSL for web.Client Pinpoint ....................................... 100
Changing the Default TCP Port Number ................................................. 103
Chapter 7 Testing and Installing web.Client on a Client PC .............. 105

Overview ................................................................................................. 106
Testing Access to and Installing web.Client
on a Client PC ......................................................................................... 106
Before Getting Started ................................................................... 107
Launching Internet Explorer in Windows 7 .................................. 108
Installing the web.Client Utilities Control ..................................... 109
Installing Microsoft .NET Framework 2.0 ................................... 110
Installing web.Client Pinpoint ....................................................... 111
If your IIS PC Uses IIS 6.0 ..................................................... 112
Installing the Video Layout Control and .NET Framework 3.5 .... 112
Setting Browser “Zone” Permissions for .NET Framework ......... 113
Download and Install .NET Framework SDK 2.0 ................. 114
Run the Microsoft Code Access Security Policy Tool ........... 115
Server Proxy Applications ............................................................. 115
Logging Out of web.Client ...................................................................... 116
Chapter 8 Using web.Client to Set Up Your Organization .................. 119

Overview ................................................................................................. 120
Example: Building a Security Management System ..................... 120
web.Client Security Basics ...................................................................... 121
Testing web.Client Security .......................................................... 123
Scenario 1: A Single-Building Company ................................................ 124
How Is the Company Physically Divided? .................................... 124
Who Are the Users? ....................................................................... 125
What Are the Security Levels? ...................................................... 125
Setting Up web.Client in CyberStation ......................................... 126
Scenario 2: A Global Company ............................................................... 127
What Are the Company Personnel Groups? .................................. 127
Where Are the Company Facilities Located? ................................ 128
Who Are the Users? ....................................................................... 128
What Are the Security Levels? ...................................................... 129
Setting Up web.Client in CyberStation ......................................... 130

Appendix A web.Client Security and Troubleshooting Checklist and Tips
131
Overview ................................................................................................. 132
Tips .......................................................................................................... 132
Tip 1 - Ensuring Full System Access for at Least One User .. 132
Tip 2 - Applying Security to non-web.Client Folders ............ 133
Tip 3- Enabling the Default Document ................................. 133
Tip 4 - Understanding Security Ramifications for IIS Applications
134
Tip 5 - Be Sure that IIS Is Installed before .NET Framework 135
Appendix B web.Client Applications that Are Installed ......................... 137

Installed Applications .............................................................................. 138
Appendix C Guidelines for Upgrading to Version 2.03 .......................... 139

Upgrade Guidelines ................................................................................. 140
Appendix D SQL Express Installation Error Messages ......................... 143

Overview ................................................................................................. 144
SQL Express Installation Error Messages ............................................... 145
About this Manual
What’s in this Manual

 Introduction to web.Client
 System Requirements
 Pre-Installation Requirements for Windows Server 2008 and 2012, and
Windows 7 and 10
 Installing web.Client on the IIS PC
 Configuring Graphics Folders for web.Client
 Configuring web.Client on the IIS PC
 Testing and Installing web.Client on a Client PC
 Using web.Client to Set Up Your Organization
 web.Client Security and Troubleshooting Checklist and Tips
 web.Client Applications that Are Installed
 Guidelines for Upgrading to Version 2.03
 SQL Express Installation Error Messages

About this Manual
Revision History
This manual documents web.Client, Version 2.03.
Revision History
Document Revision Software Version Date
2.03 2.03 June 2018
2.02 2.02 September 2017
2.01 2.01 September 2016
2.0 SP1 2.0 SP1 October 2015
2.0 2.0 July 2014
1.94 1.94 June 2012
1.93 1.93 March 2011
1.92 1.92 December, 2010
1.91 1.91 February, 2010
1.9 1.9 August, 2008
1.82 1.82 January, 2008
1.81 1.81 June, 2007
1.8 1.8 December, 2006
1.74 1.74 August, 2006
1.73 1.73 January, 2006
1.71 1.71 May, 2005
1.7 1.7 December, 2004
1.62 1.62 March, 2004
1.6 1.6 August, 2003
1.52 1.52 December, 2002
1.5 1.5 October, 2002
About this Manual
Related Documentation
For additional or related information, refer to these documents.
Related Documents
Document Number
Document
Andover Continuum CyberStation Installation Guide 30-3001-720
CyberStation Access Control Essentials Guide 30-3001-405
CyberStation HVAC Essentials Guide 30-3001-1000
web.Client online help (Version 2.00 SP1)
Symbols Used
The Notes, Cautions, Warnings, and Hazards in this manual are defined, as
follows.
Note: Notes contain additional information of interest to the user.
CAUTION
Type of hazard
How to avoid hazard.
Failure to observe this precaution can result in injury or equipment damage.
WARNING
Type of hazard
Failure to observe this precaution can result in severe injury.

About this Manual
DANGER
ELECTRIC SHOCK HAZARD
Failure to observe these instructions will result in death or serious injury.
Chapter 1
Introduction to web.Client
This chapter contains the following topics:
 web.Client Overview
 web.Client User Documentation
 A Typical System before web.Client
 A Typical System Implementing web.Client
 Differences between web.Client and CyberStation

Chapter 1: Introduction to web.Client
Overview
This manual provides you, the system administrator, with general information for
planning, installing, and configuring your Andover Continuum web.Client system,
version 2.03.
CAUTION
This manual is for system administrators.
To use the installation and setup procedures in this manual you must be a system administrator with
experience in setting up a web server. You must also have experience using Microsoft system
software and understand that there are graphical user-interface differences between the different
Windows platforms. For detailed information about Microsoft software, please see your Microsoft
Windows online help and visit www.microsoft.com and other Microsoft web sites.
Failure to observe this precaution can result in incorrect system configuration.
Note: The procedures in this manual presume you and your users are installing or upgrading to
web.Client version 2.03. You must meet the software and hardware requirements
compatible with version 2.03. Refer to Chapter 2, System Requirements.
web.Client Overview
web.Client is an application that provides you with web-enabled access
everywhere, all the time. By using a standard browser, your authorized personnel
can access the Continuum facility management system in real time across your
site’s local area network (LAN) or across your wide-area network (WAN).
web.Client is either added to a LAN Andover Continuum CyberStation system or

installed with a standalone CyberStation on a single PC.
With the basic web.Client Personnel Manager option, your users can:
 Create, search for, edit, and delete personnel records

 Change employee access privileges
 View a person’s access events
 View and generate reports of all access events, including area access events,
access events by persons, and distribution-event transactions via the Access
Distribution View
 Edit and view schedules and calendars.

 Change a password.
With the advanced web.Client Pro option, your users have all the features of the
basic web.Client Personnel Manager option as well as the following additional
features:
 Create, run, and view graphical reports (class object Report), including bar
charts, pie charts, trend charts, text reports, and so on.
 List and view graphics and groups
 View live system alarms and live events
 View live video, as well as search for and view recorded video, via the class
object, VideoLayout.
 Search for web.Client objects by exploring a folder tree hierarchy or a
network/device tree hierarchy, or by using a text search engine
 Edit and view Loops and TrendLogs.
For complete information about any of these features, please see the web.Client
online help.
web.Client User Documentation

Extensive online help is available within the web.Client application browser
window. Click the question mark button. This button appears at the top of every
web.Client screen. The online help covers all of the major features in the
web.Client user interface.

A Typical System before web.Client

The following illustration shows how your Continuum system is used before
web.Client.
A Continuum system without web.Client consists of a database server and high

powered, dedicated workstations. Also note that all administration must be
performed at one of the dedicated workstations.
The following illustration shows what the administration of the typical system
would entail. In this security example, a single administrator is responsible for
assigning all security privileges for engineering and manufacturing personnel.
A Typical System Implementing web.Client

Illustrations on the next page show how your system is utilized when web.Client is
added to a Continuum system. As shown in the second illustration, a web.Client
local area network (LAN) system consists of:
 A database server
 Dedicated workstations for configuration
 A dedicated web.Client application server
 PCs running Internet Explorer 10 connecting web.Client
Note: You will be installing either a web.Client for a LAN system or a standalone with
web.Client. A LAN system has two servers: a database server and a web.Client application
server. In a standalone system, the database and web.Client application reside on one
server. Chapter 2, System Requirements, provides detailed requirements for both systems.
You can delegate security tasks to authorized personnel who then assign security
privileges for their departments (in this case, engineering and manufacturing
personnel).
You use the dedicated workstation, and the authorized personnel use web.Client
on their own computers.
In the administration of a web.Client system, for example, you would be

responsible for assigning privileges to engineering and manufacturing designees,
who in turn are responsible for assigning all security privileges for engineering
and manufacturing personnel.
Similarly, you could grant access rights to:
 An employee to adjust the temperature after viewing current conditions

 A coordinator to schedule a conference room and activate the lighting
 A technician to take control of an air handler during service
 A manager to search video for an incident
 A facilities manager to graphically monitor and adjust building conditions
and monitor alarms

Differences between web.Client and CyberStation

web.Client is an extension of CyberStation. Through the convenience of a web
browser, you can view, monitor, and in some cases modify objects and their
values. (These include BACnet® objects, since CyberStation and web.Client
support the BACnet ANSI/ASHRAE standard.) However, there are some
differences between what your users can do in web.Client vs. CyberStation. You
generally use web.Client to view and monitor objects that were defined in
CyberStation. The following table lists the levels of support offered with each
major web.Client feature. For information on web.Client features, see the
web.Client online help.
web.Client Levels of Support

LEVELS OF web.Client SUPPORT
Feature View Modify Delete Create
Personnel X X X X
Schedules and Calendars X X X
Events within Events within
schedules only schedules only
Reports X X X
Areas X
Groups X
Loops X X
Graphics X
Alarms X X
Events X
Distribution Events X X X
Points and objects X X X
Except: BACnet
objects cannot be
deleted.
TrendLogs X X
Video X 1
Doors X X
Controller Web Pages X
1. Video can be modified, but not saved. For example, you can change cameras,
show/hide time, change focus, zoom, but you will lose these changes if the
page is refreshed or you open another editor.

Chapter 2
System Requirements
 web.Client Setup Configurations

 Running web.Client on a Windows 32-bit OS
 Hardware and Software Requirements for LAN System
 Hardware and Software Requirements for a Standalone System
Note: Before installing or upgrading to web.Client version 2.03, be sure the requirements outlined
in this chapter are satisfied.
web.Client users must have a password to log on.

Chapter 2: System Requirements
web.Client Setup Configurations

Depending on your web.Client version 2.03 package and configuration, you are
setting up either:
 web.Client local area network (LAN) system

 A standalone “single user” system with web.Client
LAN system: The web.Client LAN system comprises a Continuum/SQL

database server and an Internet Information Services (IIS) server dedicated to
running the web.Client application. On a LAN system, the IIS server can be a
Windows Server 2008, Windows Server 2012, or Windows 7 or Windows 10
machine. Each supports a different number of user connections, however. See the
table below for more details.
Standalone system: The standalone “single user” system with web.Client

comprises one PC on which the Continuum/SQL Express database, IIS, and the
web.Client application all reside. A standalone system PC may also run Windows
7.
The following table lists the maximum number of web.Client version 2.03 users
per server, as well as the maximum number of CyberStations and IIS servers, for
each type of setup:
Maximum Number of web.Client 2.03 Users Per Server

Maximum Number of
web.Client Users Per Server
When IIS Is When IIS is
Installed on installed on
Windows Windows 7 or Number of
Server 2008 10 Cyber- Number of
System or 2012 Stations IIS Servers
LAN 25 2 Unlimited Unlimited
Standalone 1 2 2 1 1
1. A total of three machines (web.Client browser PCs plus Cy-

berStations) is the maximum number allowed on a standal-
one system. This means the following combinations are valid:
Two web.Client connections and one CyberStation, one
web.Client connection and two CyberStations, or three Cy-
berStations (if there are no web.Client connections).
Running web.Client on a Windows 32-bit OS

Beginning with the Andover Continuum web.Client 2.03 Release, Continuum
applications now take advantage of the upper memory address space that is
available natively on 64-bit Operating Systems (OSs). In order to access these
memory addresses on 32-bit OSs, you must reconfigure your 32-bit OS to support
applications that are Large Address Aware (LAA). A Windows batch file is
included as part of the web.Client 2.03 release that allows you to perform this task.
Windows Batch File laa_update.bat
The Windows batch file laa_update.bat is included in the web.Client 2.03

release. Depending on your OS, the batch file modifies the system’s Boot
Configuration Store (BCD), or Boot Configuration boot.ini file.
Be sure to run this batch file from a command window with elevated privileges as
follows:
1. Copy the Windows batch file laa_update.bat to your computer system’s root
directory.
2. From the Windows taskbar, select Start->All Programs->Accessories to

expand the Accessories program group.
3. From the Accessories program group, right click on the Command Prompt
and select Run as administrator to open a new command window with
elevated privileges.
4. From the Command Prompt window at the root directory, type the name of
the batch file as shown and press Enter:
C:\>laa_update.bat
For example, running the batch file on a Windows 7 32-bit OS produces the
following output.
C:\>laa_update
Updating Windows 7 Boot Configuration Data.
The operation completed successfully.
You must restart your system to complete the update.
C:\>

Note: You should see similar output for other 32-bit OSs supported in web.Client
Windows Batch File laa_update_remove.bat
In the event that you need to revert changes made by the previous Windows batch
file laa_update.bat, the Windows batch file laa_update_remove.bat is also
included in the web.Client 2.03 release. Depending on your OS, the batch file
modifies the system’s Boot Configuration Store (BCD), or Boot Configuration
boot.ini file.
Be sure to run this batch file from a command window with elevated privileges as
follows:
1. Copy the Windows batch file laa_update_remove.bat to your computer

system’s root directory.
2. From the Windows taskbar, select Start->All Programs->Accessories to

expand the Accessories program group.
3. From the Accessories program group, right click on the Command Prompt
and select Run as administrator to open a new command window with
elevated privileges.
4. From the Command Prompt window at the root directory, type the name of
the batch file as shown and press Enter:
C:\>laa_update_remove.bat
For example, running the batch file on a Windows 7 32-bit OS produces the
following output.
C:\>laa_update_remove
Updating Windows 7 Boot Configuration Data.
The operation completed successfully.
You must restart your system to complete the update.
C:\>
Note: You should see similar output for other 32-bit OSs supported in web.Client.
Hardware and Software Requirements for LAN System

A web.Client LAN system has two server types:
 Continuum/SQL database server

 IIS server (one for every 25 users)
If your system has no more than 25 users, select one server as the web.Client IIS
server. This IIS server should be dedicated to running the web.Client application.
For a larger LAN system (at least for any system having more than 25 users) your
site must have more than one IIS server.
Depending on your particular LAN installation, the IIS server can be:
 Windows Server 2008 or 2012 (maximum of 25 users per IIS server)

 Windows 7 or 10 (maximum of two users per IIS server)
The IIS server must be on a network that can connect to the Continuum/SQL
database server. The browser PCs must be on a network that can connect to the IIS
server.
web.Client version 2.03 will upgrade any previous version on IIS server.
web.Client 2.03 includes CyberStation 2.03, and installing it upgrades the IIS
machine to 2.03. Workstations not at version 2.03 must be upgraded before
installing web.Client.

See also:
 Chapter 4, Installing web.Client on the IIS PC

 Appendix C, Guidelines for Upgrading to Version 2.03
 Andover Continuum CyberStation Installation Guide, 30-3001-720
The following table shows the hardware and software requirements for the IIS
server and the client browser on LAN systems.
Hardware Requirements for IIS Server for LAN Systems

Minimum Recommended
Quad Core, 2 GHz or better 8 Cores, 2 GHz or better
6.4 GTs or better internal interconnect speed1
4 Gb 8 Gb
30 Gb free space 30 Gb (NTFS Partition)
CD ROM drive CD ROM drive
Video resolution: 1024 x 768 pixels Video resolution: 1024 x 768 pixels
Parallel or USB port Parallel or USB port
1
With memory and processor speed, note that performance is directly related to processor speed
and RAM. Increasing hard drive size allows for growth of applications such as graphics and
programs. Incorporating faster processor speeds and more RAM will also improve performance. It
is recommended that you allow for some level of RAM expandibility.
Note: Every connection to the IIS server by a browser PC accessing web.Client uses 5 MB of
RAM on the IIS server. (For example, two browser PCs connected to the IIS server
accessing web.Client use 10 MB of RAM on the IIS server. For this configuration,
Schneider Electric recommends a minimum of 2 GB plus 10 MB (used by the two PCs) or
a minimum of 522 MB of RAM on the IIS Server.)
The following table shows the video-specific hardware requirements for the IIS
server on LAN systems.
Video-Specific Requirements
Minimum Recommended
100 Mbps network port 1 Gb network port
Graphics card with DirectX 9.x or later with DirectX 10 graphics device with WDDM 1.0 or
256 Mb of dedicated RAM higher driver with 512 of dedicated RAM
Note: Andover Continuum uses stream 2 to display video through video interfaces. Per standard
Pelco Endura video configuration, you should configure stream 2. When doing so, be sure to set a
lower resolution and smaller frame rate. Otherwise, the performance of your PC may be negatively
affected. Be aware that Andover Continuum only supports H.264 and MPEG4 video formats.
Software Requirements
For information about the software requirements for LAN Systems, consult the
Schneider Electric Download Center and search the following reference by either
document number or title:
PA-00503 Software and Firmware Compatibility Matrix
Hardware and Software Requirements for a

Standalone System
On a single-user standalone system with web.Client, the Continuum SQL Express
database, IIS, and the web.Client application are all installed on one Windows 7
machine.
web.Client version 2.03 will upgrade any previous version’s IIS server. web.Client
2.03 includes Cyberstation 2.03, and installing it upgrades the IIS machine to 2.03.
Workstations other than the IIS server that are not at version 2.03 must be
upgraded before installing web.Client. (Refer to the Andover Continuum
CyberStation Installation Guide, 30-3001-720, for upgrade procedures.)

See also:
 Chapter 4, System Requirements

 Chapter 6, Configuring web.Client on the IIS PC
 Appendix C, Guidelines for Upgrading to Version 2.03
 Andover Continuum CyberStation Installation Guide, 30-3001-720
The following table lists hardware and software requirements for the IIS
workstation and the client browser on standalone systems.
Hardware Requirements for Standalone Systems

Minimum Recommended
Quad Core, 2 GHz or better 8 Cores, 2 GHz or better
6.4 GTs or better internal interconnect speed1
4 Gb 8 Gb
30 Gb free space 30 Gb (NTFS Partition)
CD ROM drive CD ROM drive
Video resolution: 1024 x 768 pixels Video resolution: 1024 x 768 pixels
Parallel or USB port Parallel or USB port
1
With memory and processor speed, note that performance is directly related to processor speed
and RAM. Increasing hard drive size allows for growth of applications such as graphics and
programs. Incorporating faster processor speeds and more RAM will also improve performance. It
is recommended that you allow for some level of RAM expandibility.
Note: Every connection to the IIS server by a browser PC accessing web.Client uses 5 MB of
RAM on the IIS server. For example, two browser PCs connected to the IIS server
accessing web.Client use 10 MB of RAM on the IIS server. In this configuration, Schneider
Electric recommends a minimum of 2 GB plus 10 MB (used by the two PCs) or a minimum
of 522 MB of RAM on the IIS Server.)
The following table shows the video-specific hardware requirements for the IIS
workstation on a standalone system.
Video-Specific Requirements
Minimum Recommended
100 Mbps network port 1 Gb network port
Graphics card with DirectX 9.x or later with DirectX 10 graphics device with WDDM 1.0 or
256 Mb of dedicated RAM higher driver with 512 Mb of dedicated RAM
Note: Andover Continuum uses stream 2 to display video through video interfaces. Per standard
Pelco Endura video configuration, you should configure stream 2. When doing so, be sure to set a
lower resolution and smaller frame rate. Otherwise, the performance on your PC may be negatively
affected. Be aware that Andover Continuum only supports H.264 and MPEG4 video formats.
Software Requirements
For information about the software requirements for Standalone Systems, consult
the Schneider Electric Download Center and search the following reference by
either document number or title:
PA-00503 Software and Firmware Compatibility Matrix

Chapter 3
Pre-Installation
Requirements for Windows
Server 2008 and 2012, and
Windows 7 and 10
 Pre-Installation Microsoft Tasks, including:

 Installing System Software
 Installing IIS on Windows Server 2008
 Installing .NET Framework 3.5 on Windows Server 2012 and Windows 10
 Installing IIS on Windows Server 2012
 SSL Considerations for the IIS PC
 Disabling WinSock Proxy Client on Standalone System
 Ensuring a Domain Membership Is Selected
 Avoiding Invalid Characters in a Server Name
 User Account Control Data Redirection
Note: Before installing or upgrading to web.Client version 2.03, be sure the requirements outlined
in this chapter are satisfied.
web.Client users must have a password to log on.

Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
Pre-Installation Microsoft Tasks

Before installing web.Client, perform the following tasks.
CAUTION
Microsoft system experience required.
To perform this standard Microsoft procedure, you must have administrative experience using
Microsoft system software and understand that there are differences in the graphical user interfaces
between different Windows platforms. User interface illustrations are not always provided. Please see
your Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
Installing System Software

Install the operating system, TCP/IP, and PC system software that meet the
requirements specified earlier in this chapter.
Installing IIS on Windows Server 2008

CAUTION
You must install IIS before you install Framework 2.0 for Windows Server 2008 in
order to avoid problems with opening web.Client Pinpoint graphics and some
web.Client editors.
For Windows Server 2008, install Internet Information Services (IIS) on the
designated web.Client application server (LAN systems) or the standalone
CyberStation/web.Client workstation (standalone system). The LAN web.Client
application server and standalone CyberStation/web.Client workstation are
generically called IIS PC in this manual for both systems.
1. Start the Server Manager by clicking in the Administrative Tools menu.
2. In the Server Manager, go to Roles and click Add Roles.

3. In the Add Roles Wizard, Before You Begin page, click Next.
4. In the Select Server Roles page, check the Application Server checkbox to
install .Net Framework 3 as a prerequisite.

5. Click Add Required Features.
6. In the Select Server Roles page, click Next.
7. In the Application Server page, click Next.
8. In the Select Server Roles page, check the following checkboxes: Web
Server (IIS) Support, HTTP Activation, and Message Queuing
Activation.

An Add role services/features required dialog displays for each of your role
service selections.
9. Click the Add Required Role Services or Add Required Features button to
install additional features for Web Server (IIS) Support, HTTP Activation,
and Message Queuing Activation.
10. In the Select Role Services page, click Next.
11. In the Web Server (IIS) page, click Next.

12. In the Select Role Services page, check the IIS 6 Management
Compatibility checkbox.
13. Click Next.
14. In the Confirm Installation Selections page, click Install to verify your
selections.
An Installation Progress page displays with information on the roles, role

services, or features being installed.
15. When the Installation Results page displays, click Close.

Installing .NET Framework 3.5 on Windows Server 2012 and

Windows 10
CAUTION
You must install .NET Framework 3.5 before you install IIS on Windows Server
2012 and Windows 10.
Due to Microsoft installation limitations, you must have either internet access or the
original operating system installation media in order to successfully install .NET
Framework 3.5 on Windows Server 2012 and Windows 10.
1. In Server 2012 Server Manager, select Add Rolls and Features. In Features,
click .NET Framework 3.5 Features and .NET Framework 4.5 Features.
2. Click Next, then Install.
Installing IIS on Windows Server 2012

For Windows Server 2012, install IIS on the designated web.Client application
server (LAN systems) or the standalone CyberStation/web.Client workstation
(standalone system).
1. Start the Server Manager by clicking in the Administrative Tools menu.
2. In the Server Manager, click Add Roles and Features.
3. In the Add Roles and features Wizard, Before You Begin tab, click Next.
4. In Installation Type, select Role-based or feature-based installation.

5. Click Next and then select a server or virtual hard disk on which to install
roles and features.
6. In Server Selection, click Select a server from the server pool.
7. Click Next and select one or more roles to install on the selected server.
8. In Server Roles, check Application Server.
9. In Server Roles, select Web Server (IIS).

10. IIn the Add Roles and Feature Wizard pop-up window, click Add
Features.
11. Click Next. In Features, select ASP .NET 4.5 Framework Features, WCF
Services and select HTTP Activation, and Message Queuing (MSMQ)
Activation. Click Next.
12. In Role Services select Web Server (IIS) Support.
13. In the Add Roles and Features Wizard pop-up window, click Add
Features.

14. In Role Services, select the following:
(continued)

15. Click Next and then Install.
Installing .NET Framework on Windows 10

To install .NET Framework on Windows 10, follow these instructions:
1. From the Windows Control Panel, select Programs and features.
2. Select Turn Windows features on or off to enable .NET and IIS.
3. When the Turn Windows features on or off screen displays, select .NET
Framework 3.5 (includes .NET 2.0 and 3.0).

4. Under that selection, click Windows Communication Foundation HTTP

activation.
5. Under .NET Framework 4.6 Advanced Services, select ASP .NET 4.6.
6. Under WCF Services, click HTTP Activation and Message Queuing

(MSMQ) Activation.
7. Click OK to install .NET Framework.
Configuring IIS for Windows 7 and 10

If you are installing web.Client on Windows 7 or Windows 10, you must configure
IIS settings, as follows:
1. From the Control Panel, open Programs and Features.
2. Under Tasks on the left, click Turn Windows features on or off.
3. In the Windows Features (Turn Windows features on or off) dialog, in the

tree, expand Internet Information Services.
4. Under Internet Information Services, expand Web Management Tools,

then expand IIS 6 Management Compatibility.
5. Check only the following checkboxes: IIS 6 Management Console, IIS

Metabase and IIS 6 configuration compatibility, and IIS Management
Console. Other checkboxes must be cleared.
6. Under Internet Information Services, expand World Wide Web Services,

then expand Application Development Features, Common Http Features,
Health and Diagnostics, Performance Features, and Security.
7. Check only the following checkboxes: .NET Extensibility, ASP.NET, ISAPI

Extensions, ISAPI Filters, Default Document, Directory Browsing, HTTP
Errors, Static Content, HTTP Logging, Request Monitor, Static Content
Compression, Request Filtering, and Windows Authentication. Other
checkboxes must be cleared.
8. Click OK.
Restart your machine, follow the other pre-installation tasks, and follow the
installation procedures in Installing web.Client on the IIS PC and Testing and
Installing web.Client on a Client PC.
SSL Considerations for the IIS PC

The tasks described below are not necessarily pre-installation tasks, but they are
related to establishing support for SSL on the IIS PC. For detailed instructions,
please use the reference links below.

Setting Up SSL on the IIS PC -- web.Client version 1.74 (and higher) fully
supports Secure Sockets Layer (SSL) technology, whereby a web.Client user can
access confidential, secure information over the Internet. As a system
administrator, you must ensure that an SSL Certificate, acquired by an authorized
SSL provider, resides on the IIS PC. You can set up SSL before or after web.Client
installation. For instructions, please see Establishing SSL Support for Confidential
Information in Chapter 6.
Enabling SSL for web.Client -- After you have set up an SSL Certificate for the
IIS PC, you must enable SSL for web.Client via web.Client Properties in Internet
Information Services. For instructions, please see Enabling SSL for web.Client in
Chapter 6.
SSL and web.Client Pinpoint Graphics -- The graphics package, web.Client

Pinpoint, can be used with an SSL installation. However, you must perform a few
tasks to ensure compatibility with Pinpoint and ensure access to graphics files that
have been set up in the Pinpoint graphics folders. This is not a pre-installation
task. You must first establish Pinpoint graphics folders (Chapter 6) and set up an
SSL Certificate on the IIS PC. For instructions, please see Setting Up SSL for
web.Client Pinpoint in Chapter 6.
Changing IE Internet Security Options to Accommodate SSL -- After you

have set up an SSL Certificate for the IIS PC, you must modify Internet Explorer
Internet Options to disable superfluous warning messages that users would
otherwise see while using certain web.Client features with SSL. This is not a pre-
installation task. For instructions, please see Changing IE Security Internet
Options to Accommodate SSL in Chapter 6.
Changing the Default TCP Web Port Number for the IIS PC
Normally, the IIS PC defaults to Internet TCP port 80. Some Internet-access
providers do not use port 80. You can change this port number from 80 to another
port number. This can be done before or after web.Client installation. For more
information, please see Changing the Default TCP Port Number in Chapter 6
Disabling WinSock Proxy Client on Standalone System

To improve performance on a single-user standalone system, disable the Microsoft
WinSock Proxy Client. Follow this procedure:
1. From the Windows Control Panel, double click WSP Client. The Microsoft
WinSock Proxy Client dialog appears.
2. Remove the check from the Enable WinSock Proxy Client checkbox, and
click OK.
Ensuring a Domain Membership Is Selected

To improve performance (if your site has more than one web.Client user), be sure
each PC (computer name) is designated as a member of a domain, rather than a
workgroup, via the Microsoft Windows system properties network identification.
Avoiding Invalid Characters in a Server Name

When specifying a name for the web.Client IIS server, be sure the server name
does not contain an underscore character (_). If the web.Client IIS server has an
underscore, such as http://www.boston.com/yourtown/news/malden/2010/05/
planning_board_gives_green_lig.html, it will not be able to set cookies.
User Account Control Data Redirection

Before the introduction of Windows 7, administrators typically ran applications.
As a result, applications could freely read and write system files and registry keys.
These applications would fail, however, when run by Standard users due to
insufficient access. With Windows Windows 7, application compatibility for
Standard users has improved considerably since writes are now transparently and
automatically redirected to a per-user location within the user’s profile.
By design, Andover Continuum writes files to the Program Files\Continuum

directory. This includes Pinfiles (.pin) for graphics, Menu files (.mnu) for the
Continuum shell, XML (.xml) for the Personnel Manager custom buttons, and text
files (.txt) for CommandLine macros.
For example, if User Account Control is enabled when creating a graphic,

Andover Continuum attempts to create the .pin file in the Program
Files\Continuum\NewGraphicsFiles folder. If the user does not have permissions
to write to that folder, the write operation is redirected instead to the following
location:

Users\<Username>\AppData\Local\VirtualStore\Program
Files\Continuum\NewGraphicsFiles
On 64-bit systems, the user is redirected here instead:
Users\<Username>\AppData\Local\VirtualStore\Program Files
(x86)\Continuum\NewGraphicsFiles
Later, if another Windows’ user logs on to the workstation, that user will be unable
to access the Pinpoint graphic.
CAUTION
If you are an Andover Continuum administrator, resolve this issue by either turning
off User Account Control, or allowing read\write permissions to the Program
Files\Continuum or Program Files (x86)\Continuum folder for all of your Standard
users.
Turning Off User Account Control for Windows Server 2012 and
Windows 10
In Windows 7, to disable an individual’s User Account Control, the administrator

must open the Control Panel, click User Account Control Settings, and then
select the lowest frequency on the slider bar, “Never Notify”.
For Windows Server 2012 and Windows 10, additional steps are required to
disable User Account Control. Although the slider bar can be set to “Never
Notify”, the User Account Control does not disable completely.
The User Account Control can be disabled for any user by setting the system
registry value “EnableLUA” to zero in the system registry under the registry key
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
policies\system”.
A Windows registration file has been included in the Continuum 2.03 release in
order to expedite these additional steps.
1. Open the Utilities folder.
2. Double click the EnableLUA.reg file.
3. Restart the computer.
Chapter 4
Installing web.Client on the
IIS PC
This chapter contains the following topics
 Overview
 Installing web.Client on the IIS PC
 web.Client Video System Upgrades
 Configuring Your Video Servers

Chapter 4: Installing web.Client on the IIS PC
Overview
This chapter provides instructions for installing and configuring web.Client
version 2.03 on the IIS PC, defined as follows:
 The IIS PC on a LAN system is the IIS server with Windows Server 2008 or
Windows 7.
 The IIS PC on a standalone system with web.Client is the single machine
(Windows 7) on which both IIS and Continuum database reside.
CAUTION
To perform this standard Microsoft procedure, you must have administrative experience using
between different Windows platforms. User-interface illustrations are not provided. Please see your
Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
The procedures in this chapter are for a first-time installation. If you are upgrading
to web.Client version 2.03, refer to Appendix C, Guidelines for Upgrading to
Version 2.03, which presents some guidelines for this upgrade. See also the
Andover Continuum CyberStation Installation Guide, 30-3001-720.
Installing web.Client on the IIS PC

Follow this procedure to install web.Client on the IIS PC.
1. Insert the web.Client CD. The Install web.Client screen displays.
Click Install web.Client to begin.
2. If you do not have several prerequisites installed including Microsoft VS

2008 C++ Redistributable and .NET Framework 4.0, an InstallShield Wizard
appears and indicates that this application is required before the installation
begins. Click Install.
Once these requirements are installed, return to this installation and when the
initial Install web.Client screen displays once more, click Install
web.Client.
Note: If you do not have the correct Microsoft service pack installed, you will receive a warning
message, asking you to install the correct software. See Chapter 2 for software
requirements.
3. When the web.Client Installation dialog appears, click Next to continue.

If your key is not enabled for web.Client, you will receive a warning message.
You may continue with the installation or cancel.
4. The License Information dialog appears. Read and accept the license
agreement, and click Next to continue.
5. An Alias Information screen appears explaining what happens next in the

installation.
After reading this screen, enter the web.Client Virtual Directory Alias. Keep the
default alias (WebClient) or provide your own alias. Click Next to continue.
6. The RegisterUser dialog appears. Enter your User Name and Company
Name.

Later, after web.Client is installed, you can right-click on the Continuum icon
in your tool tray and select About to display the About Continuum dialog,
which lists the information from the RegisterUser dialog.
7. When the Destination Folder window appears, select the installation folder..
The default location where web.Client files are installed is shown in the
Destination Folder field. If the location is acceptable, click Next. If not, click
Change to bring up the Change Current Destination Folder dialog.
Select the folder that you wish to use for the web.Client installation program.
Click OK. Click Next.
8. From the Ready to Install the Program dialog, click Install to start the
installation.
The Installing web.Client screen appears as the files are installed.
Once the progress bar disappears, you are asked if you would like to read the
latest web.Client release notes. Click Yes or No.
Finally, you are asked if you would like to run the Database Initialization
program now. Click Yes or No.
web.Client is now installed on the IIS PC. Depending on your system, be sure to
follow one of the next three procedures, covered in the following subsections:
 Creating and Initializing the Database on a Standalone IIS PC

 Adding web.Client to an Existing Standalone Database
 Initializing the Database on a LAN IIS PC
Creating and Initializing the Database on a Standalone IIS PC

A first-time database installation on a standalone system happens in two steps via
the Database Initialization dialog:
Step 1: Installing the SQL Express database engine.
Step 2: Creating a new Continuum database.
Note: After successful installation, the Continuum Database Initialization dialog automatically
appears.
Installing SQL Express 2012 using the Database Initialization Dialog
CAUTION
Close all applications on your computer before installation.
After SQL Express 2012 is installed, your PC restarts immediately. You cannot restart your computer
later. Be sure to close all open applications on your computer.
Failure to observe this precaution will result in the loss of your work.
Follow this procedure to install SQL Express 2012 on a stand alone system using
the Database Initialization dialog:
1. From the Start menu, select Programs > Continuum > Database
Initialization.
2. Select Stand Alone from the Continuum Database Initialization dialog.
Note: After clicking Stand Alone, it may take several minutes for the data to
populate during the first database initialization.

The Database Initialization dialog appears.
3. Select the Create New Database radio button.
Note that Microsoft SQL Server is shown in the DBMS Name field
dropdown menu.
4. Ensure that Continuum (default setting) appears in the Data Source Name
field.
5. Ensure that (Workstation Name)\SQLEXPRESS appears in the Server

Name field.
6. Leave the Database Name at its default, ContinuumDB.
7. Enter the default login ID, Andover97, in the User Login ID field.
8. Enter your user password in the User Password field. (Pyramid97 is the
default).
9. Re-enter your password in the Confirm Password field.

10. Enter a valid DB File Location or leave the default setting.
If you leave DB File Location at its default path, then you must leave SQL
Express at its default path when it is installed. If you browse a different path
for DB File Location, then you must browse SQL Express to the same file
path when it is installed.
11. Leave the Database Size at its default setting.
12. Enter a valid SQL system administrator password in the Sa Password field.
This password must meet Microsoft SQL Server rules for the composition of
a password:
 The password must be at least eight characters long.
 The password must not contain all or part of the user’s account name (three or
more alphanumeric characters).
 The password must not contain the following characters: comma (,), period (.),
hyphen (-), underscore (_), or number sign (#).
 The password must contain characters from three of the following four categories:
Uppercase letters (A...Z)
Lowercase letters (a...z)
Digits (0...9)
Non-alphanumeric characters, such as exclamation (!) and dollar ($)

Note: Be sure to create a strong SA password. Otherwise, the SQL Database Engine will install,
but not start. Once you create that password, you should remember it since you can change
it later if you have the original password.
13. Enter your valid Windows credentials as follows.
a. In the Windows User Name field, enter your Microsoft Windows system user
name. This is necessary with SQL Express. You must have administrative access
in order to run the automated scripts that are part of the database initialization
process.
b. Enter your Microsoft Windows system password and confirm that password in
the Windows Password and Confirm Password fields, respectively.
CAUTION
The password you enter here is required to execute scheduled SQL Server tasks. Should you later
change your Windows password, these scheduled tasks will no longer execute. To correct this, access
the Scheduled Tasks in Windows and change their password with the Set Password button in their
Properties dialog
14. In the Device Information group, verify that the Database and Log names
are unique.
Note: The device information and log file name should be unique for each database created. An
error occurs, and database creation fails, if these fields are not unique.
15. Check the checkboxes as follows:
Note: Be sure the Create Default List Views, Create System List Views, Create System
Alarm Enrollments, and Enhanced Alarm Logging boxes are checked. If you leave them
unchecked, CyberStation does not import the necessary dump files. The dump files
generate all of the default views, so the listviews and alarms are not created. In addition,
faster alarm logging is not activated. The dump file import happens as soon as the
workstation is started for the first time after installation and the appropriate files are placed
in folders. For more information on Listviews, alarms, and alarm logging, please see the
Continuum CyberStation online help.
a. Create Default List Views - Check this box to import and create listviews (from
the ASCII dump file, DefaultListViews.dmp) for all CyberStation object classes.
b. Create System List Views - Check this box to import and create listviews (from
the ASCII dump file, List.dmp) for system information other than object class
defaults (for example, all events).
c. Create System Alarm Enrollments - Check this box to import configured sys-
tem AlarmEnrollment objects (from the ASCII dump file, SystemAlarms.dmp).
These define the basic conditions under which CyberStation points go into alarm.
d. Create/Update Graphical Report Settings - Check this box to import graphical
report templates. CyberStation supplies many Report templates that include bar-
chart templates, pie-chart templates, and trend templates, giving Reports a certain
default “look and feel.” If you do not check this box, then these report templates
will not be available. For more information on Reports, see the Continuum
CyberStation online help.
e. Enhanced Alarm Logging - Check this box to activate an enhanced method that
automatically speeds up the process of logging alarms with workstations. Without
enhanced alarm logging, configuration of workstation recipients in EventNotifi-
cation objects becomes more cumbersome.
Note: If the Enhanced Alarm Logging checkbox is not checked, the Enhanced Alarm Delivery
checkbox becomes unselectable.
f. Enhanced Alarm Delivery - This checkbox is intended for a system with multi-
ple workstations. Check this box only if you intend to add more workstations to
the system. If more workstations will not be added, then leave it unchecked.
Note: This setting has no effect on BACnet alarms, which can be guaranteed through the
configuration of BACnet alarm notifications.
Checking this checkbox guarantees the delivery of alarms to all recipient

workstations regardless of their status at the time of the alarm generation. This
selection activates special background applications and processes (already

installed) that establish an ongoing connection between workstations and the

database server, where new alarms are written. Enhanced alarm delivery
guarantees alarm delivery even when connections are lost. The alarms are
delivered when the connection is restored.
Enhanced alarm delivery provides a suite of diagnostic and troubleshooting tools

that allow you, for example, to monitor the status of alarm messages and
background alarm delivery processes as well as ping a particular workstation to
deliver an alarm message that, for some reason, could not be delivered. For
instructions on how to activate these diagnostic tools, please contact product
support services.
g. Extended Logging Backwards Compatibility - If you want to use pre-Version

1.7 “old” extended logging, in addition to “new” extended logging, be sure this
checkbox is checked.
Note: Before version 1.7, you created Plain English programs for extended logs. These programs
facilitated extended log tables in the database, one table per controller. In version 1.7 or
higher, you must check the Extended Logging Backwards Compatibility box to retain
the older method for creating extended logs, while also enabling new extended logging
functionality.
For more information about extended logs, please see the Continuum
CyberStation online help.
16. Click the Continue button.
The Is SQL Express Installed dialog appears.
For first time installations, you should see this dialog. If, in the very unlikely
event, you do not see this dialog, it means SQL Express is already on your
computer for some other reason.
If you see this dialog, go to the next step. If you do not see this dialog, and
SQL Express is installed, proceed to the next section, Adding web.Client to
an Existing Standalone Database.
17. Select the Install SQL now radio button and click OK. SQL Express is then
installed automatically.
During SQL Express installation, the software checks your computer for
certain problems that could complicate SQL installation and/or the creation or
update of the Continuum database. There are several different scenarios. For
example, third-party software may generate license-agreement issues.
For a detailed description of these issues, how CyberStation resolves them,
and a list of error messages, please see SQL Express Installation Error
Messages.
If there are no problems, the Select Folder dialog appears.
Accept the default path, or use the browse button to select a directory in
which to install SQL Express, and click OK.
Note: If you left DB File Location at its default path, then you MUST leave SQL Express at its
default path when it is installed. If you browsed a different path for DB File Location, then
you must browse SQL Express to the same file path. Be sure that the drive you have
selected has a minimum of 2 GB of free space available.

The Extracting Files progress window appears. The unpacking takes

approximately 1 to 5 minutes. Next, the Microsoft SQL Server 2012 Setup
progress window appears. This also can take several minutes.
After the installation has completed, the reboot dialog appears, which may
take up to 60 seconds.
18. Click OK.
Note: Reboot happens immediately. You do not have the choice of doing this later.
After the reboot, the Database Initialization dialog reappears.
19. Repeat steps 7 through 16 of this procedure.
Adding web.Client to an Existing Standalone Database

On a standalone single-user system, if you are adding web.Client to an existing
Continuum database, perform this procedure.
1. Be sure you have performed the procedure, Installing web.Client on the IIS
PC. After the server reboots, the Continuum Database Initialization
window appears.
2. Select Stand Alone.
The Database Initialization dialog, shown on the next page, appears.
3. Select the Update Existing Database radio button.
4. Click the Continue button.
Upon completion, you receive this message:

Database successfully updated
5. Click OK.
The Continuum Database Initialization window reappears.
6. Click Close.
Initializing the Database on a LAN IIS PC

Prior to using your web.Client LAN system IIS PC, perform the following
procedure to initialize the database. The detailed procedure for CyberStation is
presented in the Andover Continuum CyberStation Installation Guide, 30-3001-
720, but the web.Client specific steps are shown, as follows:
1. After the server reboots, the Continuum Database Initialization window

appears. Select Workstation.
2. Once the database is set up on your web server, the main Workstation
Configuration dialog, shown on the next page, appears.
Select the Workstation tab to set the workstation parameters. Set the
Workstation Name, Folder Name, Device Node ID and Network ID for the
workstation. See the Andover Continuum CyberStation Installation Guide,
30-3001-720, for further details.
3. Select the Database tab, shown on the next page.
4. Fill in the fields as shown below if you are adding a new server to a LAN
system. If this is a server upgrade, they will be populated automatically. The

Note: The Andover Continuum CyberStation Installation Guide, 30-3001-720, provides important
guidelines for entering information in the Workstation Configuration dialog. Refer to that
manual.
Server Name field should be set to the name of your Continuum database
server.
5. Click OK to activate the workstation, then click Close on the Continuum

Database Initialization window to complete the database initialization.
6. Run web.Client on this machine. This will create the final objects in the
Continuum database for this workstation.

web.Client Video System Upgrades

If you are upgrading from a 1.92 and earlier version of web.Client, the Learn All
Video Servers dialog appears at the completion of the database initialization
process. You must learn your video servers in order to see cameras.
For more information on configuring video servers, see Configuring Your Video
Servers. For more information on upgrading web.Client, see Appendix C,
Guidelines for Upgrading to Version 2.03.
1. Click Yes to learn all servers and cameras now, or No to learn them later in
CyberStation’s Video Administrator.
It is recommended that you learn video servers and cameras now since it is
more efficient to learn them all at once rather than learning them individually
later.
Note: Should you choose not to learn servers and cameras now, you will need to learn them later
in Video Administrator. For more information on learning cameras , see the Video
Administrator Settings tab in the CyberStation online help.
If you click Yes, the Learn All Video Servers - Status dialog, shown on the
next page, displays. It shows a count of the servers and cameras as they are
learned.
2. Click Close to stop the learn process at any time.
The video servers and cameras will then be in a partially-learned state- with
only those servers and cameras that have been learned to that point displaying
in the Learn All Video Servers - Status dialog.
Note: If your video system is unstable, you may receive an ERROR:SERVERNAME message
during the learn process. Should this occur, ensure that your system is stable and then
perform a single Learn Cameras operation for that server. For more information, see the
Video Server Editor - General Tab in the CyberStation online help.

Routing Alarms to the IIS PC on a LAN System

On a LAN system, perform the following procedure from another CyberStation to
route alarms to the IIS PC:
1. For every EventNotification object, add the IIS PC’s workstation to the list of
alarm recipients to be notified. To do so, open the EventNotification editor
and select the Delivery tab.
2. In the Delivery tab, click the Add Recipient button. The Recipients
Configuration dialog, shown on the next page, appears.
3. Use the Recipient field’s browse button and the browse dialog to search for
and select the workstation that is on the IIS PC.
4. Configure these settings appropriately for your system. There are several
ways to configure recipients, according to your needs.
Refer to the Continuum CyberStation online help, for information on the

configuration of event notifications.
5. Click OK to save the settings.
Note: For additional enhanced alarm delivery, ensure that the Enhanced Alarm Delivery
checkbox is checked via the Database Initialization dialog. For detailed information on
the checkboxes in the Database Initialization dialog, please see the Andover Continuum
CyberStation Installation Guide, 30-3001-720.
Configuring Access Permissions for web.Client Users

Perform the following CyberStation procedure to grant or deny security access
permissions for web.Client users.
1. From the system tray in the lower right corner of your screen, right-click on
the Continuum icon, and select Security from the popup menu to open the
Security editor.
2. Select the Actions tab of the Security editor.
3. Scroll down to the bottom of the folder tree structure.
4. Expand the web.Client folder.
A list of all web.Client permissions, or “actions” appears.

5. For each user group, edit each web.Client action to grant or deny permission
to access the web.Client feature. To grant access, click to display a key, as
shown above. To deny access, leave the lock, or if unlocked, click to display a
lock.
For complete Continuum security configuration procedures, see the Andover

Continuum CyberStation Access Control Essentials Guide, 31-3001-405, or the
Continuum CyberStation online help.
Configuring Your Video Servers

For your users to access the web.Client video surveillance monitor (also known as
a “video layout”) and assign one or more cameras to a video layout camera matrix,
at least one video server must have been configured via Continuum’s VideoServer
object editor, so that its cameras are available to the video layout.
Note: VideoServer and VideoLayout objects are created on CyberStation. Though you may
modify a VideoLayout in web.Client, you cannot save your modifications in web.Client;
only on CyberStation.
For more information on configuring a video server (and the VideoServer object)
please see VideoServer in the Continuum CyberStation online help. For more
information on configuring video layouts, please see Video in the web.Client
online help.
Chapter 5
Configuring Graphics
Folders for web.Client
This chapter contains the following topics
 Configuring Graphics Folders for web.Client:

 Setting Up an Application for Graphics
 Giving Everyone Access to Graphics Files

Chapter 5: Configuring Graphics Folders for web.Client
Configuring Graphics Folders for web.Client:

Your users must access web.Client Pinpoint graphics file folders as URL web-
address locations on the Internet.
Setting Up an Application for Graphics

Perform the following procedure to set up an application (folder) to accommodate
graphics files
Note: For 64-bit systems, when you are directed to enter a graphics file path, specify the
following: C:\Program Files (x86)\Continuum\NewGraphicsFiles.
1. Access the Internet Information Services (IIS) Manager.
2. Under Connections, under computer name, expand Sites.
3. Expand Default Web Site.
4. If you are not using the default physical path for your NewGraphicsFiles path
then click the NewGraphicsFiles Virtual Directory. In the Actions pane,
select Basic Settings and update the Physical Path to the correct location.
5. For a remote share, be sure to enter the system and share name as follows:
\\server\newgraphics files
6. Click Test Settings.
7. Ensure that there are two green check marks in the Results window.
8. If not, you need to create a local account and then select Connect as.

9. Select Specific user and enter the credentials that have permission to access
the physical path.
10. Create a local account and add the account to the share and the directory
11. Click Test Settings once more.
12. Ensure that there are two green check marks in the Results window.
13. Click OK.
14. Share the graphics folder with everyone and provide full-control access. For
more information, see Giving Everyone Access to Graphics Files.
15. Under Default Web Site, select the newly created NewGraphicsFiles folder.
16. Test the graphics folder to ensure it can be accessed.

Giving Everyone Access to Graphics Files

Follow this procedure to add everyone full-control access to the graphics files
folder.
1. Access Internet Information Services (IIS) Manager.
2. In the Connections tree, expand the computer name, then Web Sites, then
Default Web Site.
3. Right click over NewGraphicsFiles. (See also Setting Up an Application for

Graphics.)
4. From the popup menu, click Edit Permissions (Windows 7).
5. In the NewGraphicsFiles Properties dialog, select the Security tab, and

click the Advanced button.
6. In the Advanced Security Settings for NewGraphicsFiles dialog, select the

Permissions tab, and click Edit.
7. When the Permissions tab reappears, click Add.
8. In the Select User or Group dialog, specify the location for the object
(Everyone). Make sure the computer name appears beneath From this
location, and click Find Now.
9. In the Search results list, double click Everyone.
10. In the Permission Entry for NewGraphicsFiles dialog, Object tab, check
the Full Control checkbox).

11. Click OK.
12. Launch Internet Explorer.
13. From the Tools menu, select Internet Options.
14. In the Internet Options dialog, select the Connections tab and click LAN
Settings.
15. In the Local Area network (LAN) Settings dialog, make sure the
Automatically detect settings checkbox is cleared.
16. Click OK.
Refer to Establishing Pinpoint Folders to finish this procedure.
Chapter 6
Configuring web.Client on
the IIS PC
 Establishing Pinpoint Folders

 Resetting Timeout and Live Events Via web.config File
 Establishing SSL Support for Confidential Information
 Changing the Default TCP Port Number

Chapter 6: Configuring web.Client on the IIS PC
Establishing Pinpoint Folders

Note: This Web Locations tab on the Options dialog appears only on Continuum workstations
that have the web.Client application installed and the graphics package enabled.
Perform the following procedure:
1. Log on to Continuum and start Pinpoint. (See the Continuum CyberStation

online help for details.)
2. From the Pinpoint application window, select the View dropdown menu, then
Options. The Options dialog appears.
3. On the Web Locations tab, enter the appropriate paths to the following
shared folders.If the image folder and background folder are under
NewGraphicsFiles (the sample folder you just specified
as a web address) then, in the Web Locations tab of the Pinpoint Options
dialog, the new paths would be:
http://ServerName/NewGraphicsFiles/imagelibrary
and
http://ServerName/NewGraphicsFiles/backgrounds
 NewGraphics (Pin) Files - This is the location (specified as a URL web

address) from which Pinpoint panel (.PIN) files are accessed. In a multi-user
setup this could be a shared location across the workstations.
 ImageLibrary - This is the image file location (specified as a URL web
address) that contains ready-made images that you can use to make graphic
panels in Pinpoint. This is usually set up and copied by the installation
program.
 Backgrounds - This is the image folder location (specified as a URL web
address) that contains background files that serve as backgrounds for the
panels. These files are specified per graphic in the Configuration editor of the
CyberStation Pinpoint graphics application.
Note: Ensure that you have given accessible sharing privileges to the above three folders so that
all client machines can view the graphics. To ensure the paths you entered are correct, click
the Check button.
If the path is incorrect, the symbol appears next to the incorrect path. If the
three paths are correct, click OK and close Pinpoint.
CAUTION
Manually changing an IP address
If you use a specific IP address in the Graphics (Pin Files) field, instead of ServerName, and then
manually change the IP address (in the IP Address field of the Default Web Site Properties dialog,
accessed via the Control Panel’s Administrative Tools - Internet Services Manager - Default Web
Site properties) the Graphics URL no longer works. You must go back and change the path in the
Graphics (Pin Files) field in the Options dialog to match what was changed in the IP Address field,
or enter a server name. To map the local host to this new IP address, you must also edit, and place this
new entry into the LMHOSTS.SAM file located in:
C:\WINNT\system32\drivers\...
Failure to observe this precaution can result in failure to access web.Client Pinpoint
graphics files.
4. Log out of Continuum.
5. Stop and then restart your IIS server, or reboot the machine.
6. Lock your computer.

Resetting Timeout and Live Events Via web.config File

The “sessionState” timeout is set in the web.config file located in the folder:
C:\Program Files\WebServer
The timeout is the number of minutes that a web.Client session remains active
during non-use (inactivity) before the session ends, requiring the user to log on
again.
The maxEventViewRows is also set in the web.config file. It defines the

maximum number of live events that are listed in the EventViews window.
For more information about session timeout and EventViews, see the web.Client
online help.
Inactivity Timeout
The “timeout” default is 20 minutes, but it can be reset to a different time period
by editing the web.config file:
Live EventView
The “maxEventViewRows” default value is 100, but you may want edit the
web.config file to reset it to a smaller number to save time while the event view
list rebuilds:
Establishing SSL Support for Confidential Information

web.Client version 1.74 (and higher) fully supports Secure Sockets Layer (SSL)
technology, whereby a web.Client user can access confidential, secure information
over the Internet. Web pages that a client requests are encrypted at the server
machine via an authorized SSL Certificate installed on the IIS PC. Likewise, the
user deciphers the encrypted information on the client machine using an
authentication process.
As a system administrator, you must ensure that an SSL Certificate, acquired by

an authorized SSL provider, resides on the IIS PC. There are several authorized
SSL providers (also known as Certificate authorities) such as VeriSign.
Using SSL Online Documentation

Certificate authority web sites and Microsoft’s IIS online documentation provide
extensive information on SSL technology and extensive instructions on how to
acquire a Certificate and install it on your server.
For example, a leading Certificate authority, Verisign (www.verisign.com)

provides different sets of detailed instructions for preparing, installing, moving,
and backing up a Certificate on different servers running different web server
software.

For complete instructions for using SSL on Microsoft platforms, please see
Microsoft’s extensive online IIS documentation on secure communications and
certificates:
This Microsoft IIS documentation provides information on:
 An overview of certificates
 Setting up SSL on your server
 Using the security task wizards
 Obtaining a server certificate
 Using Certificate trust lists. (Trust lists are managed via Internet
Explorer’s Internet Options dialog. From IE’s Tools dropdown menu,
select Internet Options. Select the Content tab. Certificate management
options appear in the Certificates section.
 Obtaining a client Certificate
 Enabling client certificates
 Mapping client Certificates to user accounts.
Note: When applying for and creating your certificate, please use the fully qualified domain
name of the IIS server, particularly if you plan to connect the web server to the Internet
with a public IP address. For example, use the following: (FQDN) System name.schneider-
electric.com (public).
If you plan to connect the web server internally with a private IP address, you need only use
a NetBIOS name. For example, use the following: (netBios) System name (private).
The URL of the site name must comprise the same server name and domain name to which
your client machine browsers connect:
https://ServerName.DomainName.com
For example:
https://yourpc.schneider-electric.com/webclient (public IP
address)
https://yourpc/webclient (private IP address)
Otherwise, if these do not match, errors will result and SSL won’t work. To test the URL,
ping it from your machine and ensure there is a reply.
Note: In order to use SSL encryption from the client machine, a web.Client user must access
web.Client with the prefix:
https://
instead of http://
Changing IE Security Internet Options to Accommodate SSL

Only after you have set up an SSL Certificate for the IIS PC, you must modify (on
each client machine) Internet Explorer Internet Options to disable superfluous
warning messages that users would otherwise see while using SSL with certain
web.Client features. Follow this procedure:
1. Install an SSL Certificate. See Establishing SSL Support for Confidential

Information.
2. In Internet Explorer, select Internet Options from the Tools dropdown

menu.
3. On the Internet Options dialog, select the Security tab.
4. In the Security level for this zone section, click the Custom Level button.
5. On the Security Settings dialog, scroll down to Miscellaneous.
6. Under Display mixed content, select the Enable radio button.
7. Under Access data sources across domains, select the Enable radio button.
8. Click OK in the Security Settings dialog and again in the Internet Options
dialog.
As an alternative, on each client machine you can add the web.Client URL address
to Trusted sites. On the Internet Options dialog:
1. Select the Security tab, and click Trusted sites.
2. On the Trusted sites dialog, enter the web address in the Add this Web site
to the zone field.
3. Click OK.
Enabling SSL for web.Client

You must also enable SSL for use with web.Client via the web.Client Properties
dialog in Internet Information Services. Follow this procedure:

Information.

2. From the Control Panel, open Administrative Tools.
3. From the Administrative Tools dialog, select Internet Information

Services.
4. From the navigation tree in the Internet Information Services dialog,

expand your local computer name, expand Web Sites, and expand Default
Web Site.
5. Locate and right-click over WebClient. Select Properties.
6. On the WebClient Properties dialog, select the Directory Security tab.
7. In the Secure communications section, click the Edit button.
8. On the Secure Communications dialog, check the Require secure channel

(SSL) checkbox, and make sure the Ignore client certificates radio button is
selected.
9. Click OK.
Setting Up SSL for web.Client Pinpoint

The graphics package, web.Client Pinpoint, can be used with an SSL installation.
However, you must perform the following procedure to enable SSL for web.Client
Pinpoint, ensure compatibility with Pinpoint, and ensure access to graphics files.
Follow this procedure:
1. Set up your Pinpoint graphics folders. See Configuring Graphics Folders for
web.Client:.

Information.
4. From the Administrative Tools dialog, select Internet Information

Services.

expand your local computer name, expand Web Sites, and expand Default
Web Site.

6. Locate and right-click over DNWACServerFactory. Select Properties from

the popup menu.
7. On the DNWACServerFactory Properties dialog, select the Directory

Security tab.
8. Under Secure communications, click the Edit button.
9. On the Secure Communications dialog, check the Require secure channel

(SSL) checkbox, and make sure the Ignore client certificates radio button is
selected.
10. Click OK.
11. On the same DNWACServerFactory Properties dialog, select the

ASP.NET tab.
12. In the ASP.NET version field, make sure the version is 2.0.50727.
13. Click OK.
14. Open the file, WWPMonitor.exe.config. It’s located in:
c:\program files\continuum\dnwacserverfactory\bin\
15. Access the following lines of code:
<add key=”SSL_Use” value=”false” />

<add key=”SSL_ServerName” value=”xpavalon” />
<add key=”SSL_Port” value=”443” />
16. Modify these lines as follows:
 Change “false” to “true” when SSL is active.

 Change the value of the ServerName to the fully qualified domain name of the IIS
server.
 Make sure the SSL port value remains 443, which is the default.
Note: If you are using SSL with Pinpoint graphics, the SSL port must be 443.
17. Restart your computer.
18. After restarting your computer, test the Certificate and its compatibility with
Pinpoint by accessing the following page:

https://ServerName/dnwacserverfactory/bin/TestWPinpointSSL.htm
19. A Security Alert appears. Click Yes to the question, Do you want to
proceed? This accepts the Certificate.
20. If the Certificate is valid with Pinpoint, the following page appears:
If this page does not appear, it means it is not valid, or the Certificate has
expired.
At this point, SSL is ready for use with web.Client Pinpoint.

Changing the Default TCP Port Number

Normally, the IIS PC defaults to Internet TCP port 80. Some Internet-access
providers do not use port 80. This may, for example, prevent access to web.Client
Pinpoint graphics files. (web.Client users can access graphics file folders as URL
web address locations. See Configuring Graphics Folders for web.Client:.) If your
IIS PC uses such an Internet access provider, you should change the default port
80 to another port compatible with your access provider.
To change the default port number permanently on the IIS PC:
2. From the Administrative Tools dialog, open Internet Information

Services.

expand the local computer name, and expand Web Sites.
4. Right click over Default Web Sites, then select Properties.
5. On the Default Web Site Properties dialog, select the Web Site tab.
6. Under Web Site Identification, in the TCP Port field, change 80 to a

number compatible with your Internet access provider. (Consult your
provider.)


Chapter 7
Testing and Installing
web.Client on a Client PC
 Overview
 Testing Access to and Installing web.Client on a Client PC
 Before Getting Started
 Launching Internet Explorer in Windows 7
 Installing the web.Client Utilities Control
 Installing Microsoft .NET Framework 2.0
 Installing web.Client Pinpoint
 Installing the Video Layout Control and .NET Framework 3.5
 Setting Browser “Zone” Permissions for .NET Framework
 Server Proxy Applications
 Logging Out of web.Client

Chapter 7: Testing and Installing web.Client on a Client PC
Overview
When your web.Client users log on to web.Client via their client-machine
browsers for the first time, it is likely that several applications will be installed
(automatically or via user prompts).
Note: The procedures in this chapter presume you and your users are installing or upgrading to
web.Client version 2.03 and have Internet Explorer version 10, and meet the other software
and hardware requirements presented in Chapter 3, Pre-Installation Requirements for
Windows Server 2008 and 2012, and Windows 7 and 10.
Testing Access to and Installing web.Client

on a Client PC
After performing the installation and configuration procedures in Chapter 4,
Installing web.Client on the IIS PC and Chapter 6, Configuring web.Client on the
IIS PC, as the administrator, you must test web.Client browser access, through a
user-client PC, by logging on as a web.Client user. If necessary, a user client is
prompted to install the following applications:
 web.Client Utilities Control

 Microsoft .NET Framework 2.0
 web.Client Pinpoint (only if users have access permission to graphics)
 Schneider Electric Video Layout Control (only if users have access
permission to video) and Microsoft .NET Framework 3.0, which the video
requires for its operation.
This chapter shows you how to test browser access to web.Client by logging on
and installing web.Client on a user-client workstation.

Before Getting Started

Before getting started:
1. Find a workstation suitable for testing client-browser access to web.Client.
2. Be sure this workstation has versions of the operating system that your user
clients would typically have.
3. Be sure the workstation meets the system requirements given in Chapter 3,

Pre-Installation Requirements for Windows Server 2008 and 2012, and
Windows 7 and 10.
4. Restart this workstation and other client PCs before logging onto web.Client
for the first time.
During these procedures, please be aware that on a client machine:
 web.Client Utilities Control must be installed before a user can log on to

web.Client for the first time. (See Installing the web.Client Utilities Control.)
 .NET Framework 2.0 must be installed before a user can bring up the
web.Client Home screen in a browser for the first time. (See Installing
Microsoft .NET Framework 2.0.)
 web.Client Pinpoint must be installed before a user can open a graphic for the
first time. (See Installing web.Client Pinpoint.)
 The Schneider Electric Video Layout Control (and .NET Framework 3.0,
which is required for the Video Layout Control) must be installed before a
user can open a video layout for the first time. (See Installing the Video
Layout Control and .NET Framework 3.5.)
Note: All web.Client users must have a password to log in. web.Client users are created in
CyberStation.
web.Client features must be unlocked at another CyberStation for the test user, so that the
user can log on to web.Client and perform all the necessary feature tests.

Launching Internet Explorer in Windows 7

If any of your client users has a Windows 7 client machine, they must launch
Internet Explorer, as follows.
1. Launch Internet Explorer as user Administrator, in one of the following ways:

 Right click the Internet Explorer icon in your tool tray, and select Run as
administrator.
 Via Program Files in your Start menu, right click the Internet Explorer menu
selection, and select Run as administrator.
Note: Your users need only perform this step once in order to install ActiveX
components and web.Client Pinpoint. Once they do so, they can run
web.Client as that user (it is profile dependent) without being asked to
specify the administrator account or run IE as administrator.
2. From the Internet Explorer Tools menu, select Internet Options.
3. In the Internet Options dialog, select the Connections tab, and click LAN
Settings.
4. In the Local Area Network (LAN) Settings dialog, make sure the
Automatically detect settings checkbox is cleared.
5. Click OK.

Installing the web.Client Utilities Control

Before you can log on to web.Client, you must install the web.Client Utilities
Control. This is done automatically. Follow this procedure:
1. Launch Internet Explorer.
2. Enter the following URL web address:

https://MachineName/VirtualDirectoryAlias
where MachineName is the name of the computer where you installed

web.Client and Continuum.
See Chapter 4, Installing web.Client on the IIS PC.
You must enter https:// if you have installed an authorized SSL Certificate on
the IIS PC. If this is not an SSL server, then you would enter http://. Version
1.74 (and higher) fully supports SSL, which accommodates client-server
exchanges of confidential information. (See Establishing SSL Support for
Confidential Information in Chapter 6.)
The VirtualDirectoryAlias was entered in the Enter Text screen of the

installation procedure. Enter the name you supplied. If you did not change the
default name, enter WebClient. For example:
https://SiteServer1/WebClient
Note: You must use Internet Explorer 10 or 11.
A Security Warning dialog appears, prompting you to install the web.Client

Utilities Control.
Note: If the IIS server does not have Internet connectivity, it may take between 30 and 90 seconds
for this installation prompt to appear.
Note: The web.Client Log On screen, shown on the next page, appears in the background, beneath
this Security Warning dialog, but you cannot enter your user name and password until the
web.Client Utilities Control is installed.
3. Click the Yes button on the Utilities Control Security Warning dialog to
begin the installation. Installation of the Utilities Control happens
automatically, in a few seconds.

If you are upgrading from Version 1.73 to 2.03, go to the next step.
If you are upgrading from Version 1.74 or 2.03, go to Step 5.
4. If you are upgrading from Version 1.73 to 2.03, a dialog appears, asking you
to close and restart Internet Explorer. Do so now. After you restart Internet
Explorer, enter the same URL you entered in Step 1.
5. On the web.Client Log On screen, enter your user name and password.
Note: In Internet Explorer 10, the logon screen text fields contain user interface controls that
allow you to clear text in the User Name field and display text in the Password field. To
display password text, click and hold the left mouse button over the eye icon in the
Password field. This option is helpful when you wish to ensure you have entered the
correct password.
Installing Microsoft .NET Framework 2.0

web.Client operates in a .NET Framework environment. As you log on for the first
time, if you do not already have Microsoft .NET Framework 2.0, you are asked to
install it at this time. The Microsoft .NET Framework 2.0 Setup dialog guides
you through an easy procedure:
1. At the Welcome to Microsoft .NET Framework 2.0 Setup window, click

Next. The End-User License Agreement window appears.

2. Check the I accept the terms of the License Agreement checkbox, and click
Install.
A Setup progress-bar, followed by the Installing components window,
appears while the installation is configured and components are installed.
This may take a several minutes. Please wait.
3. When .NET Framework 2.0 is installed successfully, the Setup Complete

window appears. Click Finish.
.Microsoft .NET Framework allows the system to accept configurations that

include firewalls.
Installing web.Client Pinpoint

Before your users can bring up a file in a web.Client Pinpoint window for the first
time, they must install the web.Client Pinpoint graphics application.
At least 4 MB of disk space are needed for web.Client Pinpoint. (See also
Appendix B, web.Client Applications that Are Installed.)
It is recommended your users install this application after bringing up the Home
screen for the first time.
Perform the following procedure:
1. Select Graphics from the navigation filter dropdown menu.
2. In the navigation pane, explore and search for a list of graphic paths, and click
the name of the graphic file you want. A Security Warning dialog appears,
prompting you to install the file, msxml4.cab.
3. Click the Yes button to install the file. Another Security Warning dialog
appears, asking if you want to install and run the WebClient Pinpoint
graphics package.
4. Click Yes to launch the Install Shield Wizard for WebClient Pinpoint and
begin the installation. Click Next.
5. A License Agreement window appears. Click Yes to accept the terms of the
license agreement.
6. At this time, web.Client Pinpoint files are installed.

The Setup Status window appears, displaying the progress of the installation.
When installation is complete, the InstallShield Wizard appears. Click
Finish to complete the installation process.
If your IIS PC Uses IIS 6.0
If your IIS PC uses IIS 6.0, be aware that IIS resources are recycled after a long
period of time (29 hours) by default. This means that your web.Client Pinpoint
windows, including web.Client itself, are disconnected after this long period of
time expires. Please take this into account if your users need Pinpoint running
continuously for more than a day.
If you need to run Pinpoint continuously for more than 29 hours, you may
lengthen that time via the Windows Internet Information Services (IIS)
Manager.
Installing the Video Layout Control and .NET Framework 3.5

Before your users can bring up a web.Client video for the first time, they must
install the Schneider Electric Video Layout Control. They may also have to install
Microsoft .NET Framework 3.5, which the Video Layout Control also requires for
its operation.
It is recommended your users perform these installations after bringing up the

web.Client Home screen for the first time.
After .NET Framework 3.5 is installed, both versions 2.0 and 3.5 reside on the
client machine.)
Note: The video feature requires network access to a digital video recorder. This may require you
to open port 18772 or establish a Virtual Private Network (VPN) connection if there is a
firewall.
At least 72 MB of disk space are needed for the Video Layout Control, which
comprises the file, WebClientVideo.cab, and .NET Framework 3.5. (See also
Appendix B, web.Client Applications that Are Installed.)
To install the Video Layout Control and .NET Framework 3.5, perform the
following procedure:

1. From the navigation filter dropdown menu, select Video,
2. Explore and search for a list of video paths, and click the name of the
VideoLayout object you want.
A message appears, prompting you to install the file, WebClientVideo.cab, as

the first step in Video Layout Control installation.
3. Click Install.
If you do not already have Microsoft .NET Framework 3.5 installed on your
computer, the InstallShield Wizard appears, asking you to install it now. (If
you are not asked to install .NET Framework 3.5, go to Step 5.)
4. Click Install.
Installation of .NET Framework 3.5 begins. A progress bar appears in the

InstallShield Wizard window.
Installation takes several minutes. Please wait.
5. When installation of .NET Framework 3.5 completes, the Welcome to

InstallShield Wizard for Schneider Electric Video Layout Control
window appears. Click Next.
6. The Ready to Install the Program window appears. Click Install.
7. The Installing Schneider Electric Video Layout Control window appears

with a progress bar. Please wait. When installation completes, click Next.
8. The InstallShield Wizard Completed window appears.

Click Finish. Your video layout object appears.
Setting Browser “Zone” Permissions for .NET Framework

web.Client operates in a Microsoft .NET Framework 2.0 environment.
Microsoft’s Internet Explorer has various browser “zones” (for example, the
Internet zone, Local Intranet zone, and Trusted zone). Each zone requires different
user permissions settings.
On the client side, .NET Framework 2.0 controls do not run in the IE browser’s
Internet or Trusted zone with their default permission settings. Therefore, users
must add full trust to these zones.

On each client machine, you can do so in one of the following two ways:
 Download and install the Microsoft .NET Framework Software Development

Kit (SDK) 2.0, available from Microsoft, and set zone permissions.
 Run the Microsoft Code Access Security Policy tool, Caspol.exe
Download and Install .NET Framework SDK 2.0
Download the Microsoft .NET Framework SDK 2.0. This is available from
Microsoft, http://www.microsoft.com/downloads/.
Then perform the following procedure to set zone permissions:
1. From the Windows Control Panel, open Administrative Tools. The

Administrative Tools dialog appears.
2. In the Administrative Tools dialog, double click Microsoft .NET

Framework 2.0 Configuration.
The .NET Configuration 2.0 dialog appears.
3. In the tree, expand Runtime Security Policy, Machine, Code Groups,

All_Code, until all code groups are listed.
4. Depending on which zone is running, right click on Trusted_Zone or

Internet_Zone and select Properties from the popup menu.
The Trusted_Zone Properties dialog (or Internet_Zone Properties dialog,

respectively) appears.
5. Click the Permission Set tab, and from the Permission set dropdown menu,
select FullTrust.
6. Click OK or Apply
You can also change the default permission set or create a new permission set that
has the following specific permissions.
 Security - Enable Assembly execution

 User Interface - Grant assemblies unrestricted access to user interface
elements.
 Web Access - Grant assemblies unrestricted access to user interface elements.

Run the Microsoft Code Access Security Policy Tool
As an alternative, you can add full trust to the zones by executing the Microsoft
Code Access Policy tool (caspol.exe) located in:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\
To add full trust to the Internet zone in .NET Framework 2.0, execute the
following:
caspol.exe -m -addgroup Internet_Zone -zone InterNet FullTrust

-name FullTrust
To add full trust to the Trusted zone in .NET Framework 2.0, execute the
following:
caspol.exe -m -addgroup Trusted_Zone -zone Trusted FullTrust

-name FullTrust
Server Proxy Applications

There are some applications that are displayed during a web.Client session,
including:
 ACWebServerProxy, installed with web.Client, displays a window, shown

below, that logs all users who are logged on to web.Client. It runs
automatically on the server after the first user logs on the web site. It must not
be manually closed.
 ACWPPServerProxy is used exclusively for web.Client Pinpoint. Like the
ACWebServer Proxy, it runs automatically on the server and must not be
manually closed.
 Schneider Electric XML Automation server

CAUTION
Manually closing the ACWebServerProxy
Do not manually close the ACWebServerProxy window.
If anyone manually closes the ACWebServerProxy window, all users
are disconnected from the application.
Logging Out of web.Client

When a user logs onto web.Client, one of the client licenses is reserved for that
user to use. When a user wishes to end the web.Client session, he/she must log out
in order for that client license to be released and made available for another user to
log on and use.
CAUTION
Closing sessions without logging out
Users should not close their sessions without logging out.
If the session is closed without logging out, the client license will not be available for
a different user until after the timeout period has expired.



Chapter 8
Using web.Client to Set Up
Your Organization
 Overview
 web.Client Security Basics
 Scenario 1: A Single-Building Company
 Scenario 2: A Global Company

Chapter 8: Using web.Client to Set Up Your Organization
Overview
Having installed and tested web.Client version 2.03 on an Internet browser, you
are now ready to use this powerful, web-based facility management tool. For
example, web.Client can distribute personnel records, view and edit schedules and
points, integrate video, display live events, provide convenient access to reports
for managers, monitor BACnet loops, and download TrendLog records. (For
complete information, please see the web.Client online help.)
It is very important to plan for web.Client carefully. If you can start planning for
web.Client before the initial configuration of the facility management system,
implementation will be much easier.
Example: Building a Security Management System

This chapter provides a security example: building a security management system.
It simulates an access control / personnel management system.
Throughout this process keep in mind that you will be creating delegates to log on
to web.Client and access the Continuum facility management system.
Start by asking the following questions:
 Is the security installation contained within one building or are there multiple
facilities managed by one system?
 Where are the facilities located?
 Who are the security delegates that will administer the personnel records?
 What personnel records do the security delegates have authority to
administer?
 What are the areas of which the security delegates have control?
 Can personnel records be placed in logical groups?
Based on the answers to the above questions, you will have to decide:
 What folders will need to be created in CyberStation?

 What Folder and Device Level (FDL) security should be used for these
folders?

 What group level security should the security delegates have to limit their
ability to view only certain object classes or perform only certain tasks?
 What object level security should be set up to limit the security delegate to
specific groups of objects?
This chapter details two scenarios in which the above questions were answered
and decisions were made on how to set up the Continuum system. Use these
examples to aid in planning for your scenario.
web.Client Security Basics

To utilize web.Client effectively, Continuum security will be applied to the users
who have access to web.Client, to limit their view and actions. This is achieved by
configuring the Continuum system security at one of the workstations (not on the
IIS Server).
On this workstation, you will be creating the following:
Security groups: Define these by right-clicking on the Continuum icon in your

tool tray, and selecting Security from the popup menu. This invokes the Security
Editor, where you can edit “user-level” security. web.Client has its own set of
object-class security keys for security groups to utilize. Using security groups, you
can assign each group overall access to an object class by “unlocking actions”.
That is, if the web.Client class object has unlocked, “Alarms” permissions set for a
security group, then the security group may view every alarm in the entire
Continuum system. If a class and action is “unlocked” by a security group, only a
security level may override it. Many users can be assigned to the same security
group.
Security levels: Security levels do not exist in the Continuum system by default,
they must be created. Security levels are used to apply “object-level” security, to
override permissions granted by security groups, and can only be used to deny a
permission granted by security groups. Security levels cannot be used to grant
permissions denied by security groups. They may be applied to individual objects
(for example, an area called “Engineering”) or to a folder with many objects.
When a security level is applied to a folder, all the contents of the folder, including
subfolders, are limited to that security level’s restrictions.

Since only one security level can be applied to an individual object or folder, a
security level must be defined to include all the restrictions that will be applied.
For example, the following security levels may be required:
 Admin only
 Admin and Engineering Managers
 Admin, Engineering Managers, and Sales Managers
Folders: Folders are used in the Continuum system to partition, or logically

group objects in the database. For example, a folder may contain all the areas in
building 52. Folders make Continuum security much easier to implement. Instead
of individually applying security levels to every object, a security level can be
applied to the folder once to set the appropriate security permissions.
Users: Users created with the Continuum system are assigned to one or more
security groups. Since a user may be a member of more than one security group,
security groups may be set up to focus on a small set of permissions. Setting up
security groups with a modular approach, makes assignment of security groups to
users much easier. If a user is assigned to more than one security group with
conflicting permissions, the “unlocked” permissions take precedence and the user
will be granted the permission.
Object-Level Security: is accomplished by using an object class called

SecurityLevel. This class contains security permissions; these permissions are
part of the SecurityLevel object and may be (and usually are) different than the
default permissions.
SecurityLevel: Objects are used to create security permissions for groups of

objects (such as “Building52 Areas” or “Administration Objects”). These
permissions can then be attached to the appropriate objects.
Folder and Device Level Security (FDL): provides the user with the ability to
apply a security level to a collection of child objects by placing them in a folder
(the parent) so that they inherit the parent’s security level. When you configure
security using FDL, consider the following:
 Roles - Categories to which users can be assigned (for example,

Administration, Guard, Maintenance, and so on)
 Partitions - Divisions of the site into physical areas (for example, Building A,
Building B, and so on)

 Group names - The combination of roles and partitions (for example,

BldgAAdmin, BldgAGuard, BldgAMaint, and so on)
The number of groups is a product of the number of roles multiplied by the

number of partitions:
Number of Groups = (Number of Roles) x (Number of Partitions)
For example, a site with three roles and two partitions would have six groups.
Note: CyberStation supports up to 1024 groups. If the number of groups (number of roles
multiplied by the number of partitions) exceeds 1024, then the number of roles and/or
number of partitions needs to be decreased.
Testing web.Client Security

After you configure security for your system, test all functional areas for proper
security permissions.
Log in as each user once and verify that the right areas are granted or denied
according to your configuration plan.

Scenario 1: A Single-Building Company

A single-building company would like to assign one security designee per
department. This person will be responsible for creating, editing, and deleting
department personnel, as well as assigning area permissions and time schedules to
their personnel. The administrative designee (the Human Resources delegate) will
have permissions to all records and areas. The IT personnel need to be granted
permissions to all areas of the building so that they may work anywhere in the
building.
This section contains the following topics:
 How Is the Company Physically Divided?

 Who Are the Users?
 What Are the Security Levels?
 Setting Up web.Client in CyberStation
How Is the Company Physically Divided?

The company is divided into the following departments:
 Administrative
 Engineering
 Sales
 IT
The areas of the building are:
 Main lobby
 East stairwell
 West stairwell
 Fitness room
 Human Resources department
 Administrative offices
 Engineering lab
 Engineering Conference room

 Sales offices
The areas can be grouped as:
 Common areas: Main lobby, fitness room, east stairwell, west stairwell
 Administrative areas: Human Resources department, administrative offices
 Engineering areas: Engineering lab, engineering conference room
 Sales areas: Sales offices
Who Are the Users?

The following table lists the users in scenario:
Who Are the Users?

Name Description
HRDel Human Resources delegate with permissions to all personnel records and areas
EngDel Engineering delegate with permissions only to engineering personnel records and
engineering and common areas
SalesDel Sales delegate with permissions only to sales personnel records and sales and
common areas
ITDel IT delegate with permissions only to IT personnel records and all areas
Since this setup requires that each delegate have different sets of permissions, it
requires four security groups (one for each user / delegate). These groups will be:
Admin, Eng, Sales, and IT (where the HRDel serves as the Admin delegate).
Also, since only one security level can be applied per folder or object, it is
recommended that you create separate security levels for each folder. This will
make it easier to organize permissions specifically for the contents of the folder.
What Are the Security Levels?

The following table lists the security levels in this scenario:

This security level… Is Unlocked for these Groups
CommonAreasSL All security groups
AdminAreasSL Administrative and IT groups


This security level… Is Unlocked for these Groups
EngAreasSL Administrative, IT, and engineering groups
SalesAreasSL Administrative, IT, and sales groups
AdminPersonnelSL Administrative group
EngPersonnelSL Administrative and engineering groups
SalesPersonnelSL Administrative and sales groups
ITPersonnelSL Administrative and IT groups
Setting Up web.Client in CyberStation

For the scenario described above, it is recommended you set up web.Client in
Continuum CyberStation to have the following security groups, personnel folders,
area folders, security levels, and users.
Recommended Set Up
Security Groups Personnel Folders Area Folders Security Levels Users
Admin AdminPersonnel CommonAreas CommonAreasSL HrDel
Eng EngPersonnel AdminAreas AdminAreasSL EngDel
Sales SalesPersonnel EngAreas EngAreasSL SalesDel
IT ITPersonnel SalesAreas SalesAreasSL ITDel
AdminPersSL
EngPersSL
SalesPersSL
ITPersSL

Scenario 2: A Global Company

In a global company, you would like to assign one security designee per company
location. This person will be responsible for creating, editing, and deleting
personnel, as well as assigning area permissions and time schedules to their
location’s personnel.
There will also be a global administrator (GlobalViewer) who will have

permissions to view all records and areas. This user may not create, edit, or delete
records.
For traveling employees who do not have a particular location, there is another
global administrator (GlobalPersonnelAdmin). This person can create, edit, and
delete the personnel records of these people in particular, but they cannot assign
access to any areas.
Lastly, local administrators can grant area permissions to the traveling employees,
but they may not create, edit, or delete their records.
This section contains the following topics:
 What Are the Company Personnel Groups?

 Where Are the Company Facilities Located?
 Who Are the Users?
 What Are the Security Levels?
 Setting Up web.Client in CyberStation
What Are the Company Personnel Groups?

The company is divided into the following personnel groups:
 Andover personnel
 England personnel
 France personnel
 Germany personnel
 Hong Kong personnel
 Mexico personnel

 Global personnel (the traveling personnel)
Where Are the Company Facilities Located?

The locations of the company facilities are, as follows:
 Andover
 England
 France
 Germany
 Hong Kong
 Mexico
Who Are the Users?

The following table lists the user names in this scenario:
Who Are the Users?

Name Description
AndoverAdmin Andover delegate with permissions to all Andover personnel records and areas, also has
permissions to view global personnel and assign Andover area permissions to them.
EnglandAdmin England delegate with permissions to all England personnel records and areas, also has
permissions to view global personnel and assign England area permissions to them.
FranceAdmin France delegate with permissions to all France personnel records and areas, also has permissions
to view global personnel and assign France area permissions to them.
GermanyAdmin Germany delegate with permissions to all Germany personnel records and Areas, also has
permissions to view global personnel and assign Germany area permissions to them.
HongKongAdmin Hong Kong delegate with permissions to all Hong Kong personnel records and areas, also has
permissions to view global personnel and assign Hong Kong area permissions to them.
MexicoAdmin Mexico delegate with permissions to all Mexico personnel records and areas, also has
permissions to view global personnel and assign Mexico area permissions to them.
GlobalPersonnelAdmi Global delegate with permissions to all global personnel records but not to areas, so he/she
n cannot assign area permissions to global personnel.
GlobalViewer Global delegate with permissions only to view all personnel records and areas.
Since this setup requires that each delegate have different sets of permissions, this
scenario requires eight administrative groups (one for each user / delegate).

These groups will be: Andover Administrator, England Administrator, France

Administrator, Germany Administrator, Hong Kong Administrator, Mexico
Administrator, Global Personnel Administrator, and Global Viewer.
Also, since only one security level can be applied per folder or object, it is
recommended to create separate security levels for each folder. This will make it
easier to organize permissions specifically for the contents of the folder.

The following table lists the security levels in this scenario:

This security level… Is Unlocked for this Group1
AndoverAreaSL Andover administrator group
EnglandAreaSL England administrator group
FranceAreaSL France administrator group
GermanyAreaSL Germany administrator group
HongKongAreaSL Hong Kong administrator group
MexicoAreaSL Mexico administrator group
AndoverPersonnelSL Andover administrator group
EnglandPersonnelSL England administrator group
FrancePersonnelSL France administrator group
GermanyPersonnelSL Germany administrator group
HongKongPersonnelSL Hong Kong administrator group
MexicoPersonnelSL Mexico administrator group
GlobalPersonnelSL Global personnel administrator group
1. All Security Levels will also be unlocked for the Global Viewer with the excep-
tion that the keys (in the security settings) will be locked for the change, edit,
create, and delete functions.

Setting Up web.Client in CyberStation

The web.Client setup in Continuum CyberStation for this scenario is
recommended to have the following security groups, personnel folders, area
folders, and security levels.
Recommended Setup
Security Groups Personnel Folders Area Folders Security Levels Users
Andover AndoverPersonnel AndoverAreas AndoverAreaSL AndoverAdmin
Administrator EnglandPersonnel EnglandAreas EnglandAreaSL EnglandAdmin
FrancePersonnel GermanyAreas FranceAreaSL FranceAdmin
England GermanyPersonnel HongKongAreas GermanyAreaSL GermanyAdmin
Administrator HongKongPersonnel MexicoAreas HongKongAreaSL HongKongAdmin
MexicoPersonnel MexicoAreaSL MexicoAdmin
France Administrator GlobalPersonnel AndoverPersonnelSL GlobalPersonnelAd
EnglandPersonnelSL min
Germany FrancePersonnelSL Global Viewer
Administrator GermanyPersonnelSL
HongKongPersonnelSL
Hong Kong MexicoPersonnelSL
Administrator GlobalPersonnelSL
Mexico
Administrator
Global Personnel
Administrator
Global Viewer

Appendix A
web.Client Security and
Troubleshooting Checklist
and Tips
This appendix contains the following topics:
 Overview
 Tips

Appendix A: web.Client Security and Troubleshooting Checklist and Tips
Overview
This appendix provides a series of tips for keeping your web.Client system secure
and troubleshooting some common problems that may arise.
CAUTION
To perform the Microsoft-related procedures, you must have administrative experience using
between different Windows platforms. User-interface illustrations are not provided. Please see your
Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
Tips
The following tips are helpful in ensuring the security of your web.Client system.
Tip 1 - Ensuring Full System Access for at Least One User
To protect your Andover Continuum system, reserve user security groups 1 and
128 (or the highest-numbered user security group your site uses) to have all keys
unlocked for all classes. Do this for the “base-level” security and all “object-level”
security (security levels).
Note: Although it is unlikely you would use all of them, CyberStation provides a maximum of
1024 user security groups.
Be sure at least one user is assigned to both the first and your highest-numbered
security groups. This ensures that at least one user will have full access to the
system in case of an inadvertently locked action.

Tip 2 - Applying Security to non-web.Client Folders
When adding new personnel using web.Client, the New Person dialog displays all
of the CyberStation system folders for which that logged-on user has permissions
to view.
Schneider Electric recommends that you apply a security level to all folders not
used by web.Client users (the folders that do not include any personnel, areas, or
numerics used by schedules) so as to prevent personnel from inadvertently being
placed in the wrong folder.
1. Create a security level at a CyberStation workstation and call it

“NonWebClient”.
2. Unlock permissions only for CyberStation workstation users. Keep the

columns reserved for web.Client security groups locked.
3. Apply this new security level to all folders without personnel, areas, or
numerics (used by schedules).
Tip 3- Enabling the Default Document
Perform the following procedure to ensure that the default document on the
web.Client virtual directory is set. The default document is set automatically by
the install that creates the web.Client virtual directory.
1. From the Start menu, select Settings Control Panel.
2. From the Control Panel, select Administrative Tools. The Administrative

Tools dialog appears.
3. From the Administrative Tools window, click Internet Services Manager.

The Internet Services Manager dialog appears.
4. In the left-hand explorer tree pane of the Internet Information Services

dialog, expand the directories beneath the computer icon that is the name of
the computer on which you are working.
5. Expand the directory name, Default Web Site.
Note: There is a virtual directory under the default web site that is used for web.Client, and by
default it is called “WebClient”. During the installation of web.Client, this directory name
can be changed.

6. Right click on the WebClient directory, and select Properties.
Note: If you are unsure which directory it is, click them, one at a time, to list the contents in the
right-hand pane. The web.Client virtual directory will have two ACCWebMgr files in the
list in the pane.
7. The WebClient Properties dialog appears. Select the Documents tab.
8. Ensure that the Enable Default Document checkbox is checked.
9. Click OK to close the WebClient Properties dialog and the Internet

Information Services dialog.
Tip 4 - Understanding Security Ramifications for IIS Applications
Launching an OLE or COM object requires certain permissions. This is normally

not an issue for most interactive users because the default permissions for
launching and accessing OLE and COM objects allow access to anyone logged
onto the local machine interactively. An IIS application, whether it is running in
the context of the IUSR_<servername> account or an impersonated user account
from Basic or NTLM authentication, is not interactively logged on. Therefore, the
default permissions for launching and accessing OLE and COM objects will not
allow an ISAPI extension DLL, CGI application, or Internet script to launch these
objects successfully by default.
The utility DCOMCNFG allows you to set the default permissions for *ALL*
COM and OLE objects on your machine. You can use this utility to provide OLE
and COM access to the IUSR_<servername> account as well as all user accounts
that might be impersonated by your IIS configuration. You can even grant
permissions to the “Everyone” group.
For more information on launching OLE servers from ISAPI applications, refer to
the Microsoft article on Security Ramifications for IIS Applications. This
article can be found at:
http://www.microsoft.com/windows2000/en/server/iis/htm/asp/
eadg4n77.htm?id=231.

Tip 5 - Be Sure that IIS Is Installed before .NET Framework
To avoid problems opening web.Client Pinpoint graphics, be sure that IIS has
been installed on the server before Microsoft .NET Framework 2.0 is installed.
Refer to Chapter 4, Installing web.Client on the IIS PC.


Appendix B
web.Client Applications that
Are Installed
This appendix lists the applications that web.Client installs on the client PCs and
the file size of each application.

Appendix B: web.Client Applications that Are Installed
Installed Applications
The following table lists the applications that web.Client installs on the client PCs
and the file size of each application.
Applications that web.Client Installs on the Client PCs

Installed
Application Description
web.Client Utilities This 60 KB application configures some internal settings that are
Control invisible to administrators and users. Required before user logs on.
Microsoft .NET web.Client operates in a Microsoft .NET Framework 2.0 environment.
Framework 2.0 The user installs.NET Framework 2.0 on the client machine when
web.Client is launched for the first time. Be sure you have at least 22 MB
of free disk space for .NET Framework 2.0. For more information, refer
to Installing Microsoft .NET Framework 2.0
Schneider Electric When a user brings up a video layout in web.Client for the first time, he/
Video Layout Control she is prompted to install the Video Layout Control. As part of that
and Microsoft .NET installation, the user may also be prompted to install .NET Framework
Framework 3.5 3.5, which the Video Layout Control requires. The Video Layout Control
and .NET Framework 3.5 make up the file WebClientVideo.cab.
Be sure you have at least 72 MB of free disk space. For more information,
refer to Installing the Video Layout Control and .NET Framework 3.5
Adobe scalable vector This 5 MB application allows the client to view web.Client Reports. (See
graphics (SVG) viewer the web.Client online help.)
for graphical reports.
web.Client Pinpoint This 4 MB application allows the client to view Pinpoint graphics through
(wPinpoint) web.Client.
web.Client Video This 2 MB application allows the client to view and play back live and
Control recorded video images through web.Client.

Appendix C
Guidelines for Upgrading to
Version 2.03
This appendix contains guidelines for upgrading web.Client to version 2.03.

Appendix C: Guidelines for Upgrading to Version 2.03
Upgrade Guidelines
This appendix presents guidelines for upgrading web.Client to version 2.03. A
quick procedure is provided below, but please refer back to the procedures and
requirements in the previous chapters of the document. Refer also to the Andover
Continuum CyberStation Installation Guide, 30-3001-720. As with any upgrade, it
is good practice to ensure, before you begin, that you have a known good backup
of the database.
Note: web.Client version 2.03 supports Microsoft Windows Server 2008 and Windows 7.
1. Upgrade your hardware security key to version 2.03
Depending upon the version of CyberStation you are running, you may need
to update your hardware security key to version 2.03. If your CyberStation
software is a pre-1.9 version (such as, v1.6, or v1.81), you will have to
upgrade your key to support v2.03.
If you are running version 2.x or higher, however, you will not need to update
your security key; your key is already enabled to support version 2.03.
2. Perform pre-installation tasks, and ensure your system meets the minimum
software and hardware requirements. (See Chapter 3. Pre-Installation
Requirements for Windows Server 2008 and 2012, and Windows 7 and 10)
3. Reboot your PC before inserting the version 2.03 CD, and start the web.Client
Install program. Perform the installation over the previous version’s
application. Reboot your PC, when prompted.
Also refer to the procedure in Chapter 4: Installing web.Client on the IIS PC.
4. After the installation procedure is complete, and you have rebooted your
machine, the database initialization procedure begins.
When the Database Initialization dialog appears, select the Update Existing
Database radio button to update the database.
Note: If you do not have the database engine, SQL Express, already installed, or if you have an
older version of the database engine, then SQL Express is installed for you automatically
during the database initialization process.

Refer to the procedures in Chapter 4: Initializing the Database on a LAN IIS

PC and Creating and Initializing the Database on a Standalone IIS PC. See
also, Appendix D, SQL Express Installation Error Messages.
5. Follow these other configuration procedures from Chapter 4 thru Chapter 6:

 Configuring Access Permissions for web.Client Users
 Configuring Your Video Servers
 Configuring Graphics Folders for web.Client
 Establishing SSL Support for Confidential Information
 Enabling SSL for web.Client
6. After installation is complete, and your users are ready to log onto web.Client
on their client-PC browsers, follow the procedures, as needed, in Chapter 7,
Testing and Installing web.Client on a Client PC. Be sure your users reboot
their browser PCs before logging on to the upgraded IIS PC.
Note: During the web.Client installation, if a client machine does not already have Microsoft
.NET Framework 2.0 installed, a user must install it as he/she logs on to web.Client for the
first time. web.Client operates in a .NET Framework environment.
When a user is logged onto web.Client and tries to bring up a video layout for the first time,
he/she may be prompted to install .NET Framework 3.0 on the client machine, if it is not
already installed. The web.Client Video Control requires the client machine to have .NET
Framework 3.0, just as web.Client overall requires .NET Framework 2.0. For more
information see Installing the Video Layout Control and .NET Framework 3.5 in Chapter 7.
.NET Framework installation typically takes several minutes. Please be patient.


Appendix D
SQL Express Installation
Error Messages
This appendix contains the following topics:
 Overview
 SQL Express Installation Error Messages

Appendix D: SQL Express Installation Error Messages
Overview
This appendix provides a list of error messages that may appear if certain
problems occur during the installation of the database engine, SQL Express. (SQL
Express is installed or upgraded automatically on a standalone system during the
Continuum database initialization process.)
During SQL Express installation, several things are detected on your computer:
 There is no SQL Express at all. In this case, SQL Express is installed

automatically.
 MSDE 2000 is already installed as the database engine. In this case, SQL
Express is installed over MSDE 2000.
However, your computer is also checked for certain rare problems that could
complicate SQL Express installation and/or the creation or update of the
Continuum database.
For example, a third-party software vendor may already be using the existing
database engine. This creates license-agreement conflicts and possible
performance problems. To satisfy the software license agreement, Continuum
CyberStation must “own” the database engine. In this case, it may be necessary to
create another instance of SQL Express for Continuum CyberStation and/or notify
the software vendor.
Using another example, the database may be configured incorrectly. In this case, it
may be necessary to re-create the Continuum database during database
initialization.
In a few cases, it may be necessary to contact your Technical Support

representative.
There are many variations of these special cases. If a problem arises, you will
receive an SQL Express installation error message that states the problem and
provides instructions for correcting it.

SQL Express Installation Error Messages

For every problem that may occur during SQL Express installation, one of the
following error messages appears. These messages are self-explanatory:
An error occurred while upgrading or installing SQL Express on your

computer. Please contact your Technical Support representative for
further instructions.
We have detected an existing incorrectly configured version of SQL

Express, which cannot be upgraded. Installation has been halted.
Please uninstall this version manually, and rerun Continuum Database
Initialization. To uninstall, go to the Windows Control Panel, open
Add/Remove Programs, select "SQL Server 2005", and uninstall.
We have detected an incorrectly configured existing version of SQL

Express, which Continuum is already using. Another instance of SQL
Express will be installed now, and the existing Continuum database
will be attached to it automatically.
We have detected an incorrectly configured existing version of SQL

Express, which another software vendor is already using. According to
the Microsoft license agreement, Continuum cannot use this version of
SQL Express. We will now install another instance of SQL Express for
Continuum. After the SQL Express instance is installed, a reboot of
your computer is required.
Please note the new server name, "ServerName\ContinuumSE". Each
client workstation will need to have the server name adjusted
accordingly to include "\ContinuumSE". For example, a server formerly
named "MyServer" is now "MyServer\ContinuumSE".
Please use this new SQL Express instance for Continuum only. This
satisfies the conditions of the Microsoft license agreement.
We have detected that an existing version of SQL Express is already

installed on your computer. However, another software vendor, in
addition to Continuum, is already using this existing version. The
upgrade will continue, but we recommend you notify the software
vendor that it is using an SQL Express instance belonging to
Continuum and suggest that the vendor create its own instance of SQL
Express to avoid configuration incompatibilities, performance
problems, and license-agreement conflicts.

We have detected that your Continuum database is configured

incorrectly. To correct the problem, please call your Technical
Support representative after the database update for further
instructions.

Andover Continuum web.Client Planning
and Installation Guide
Document Number 30-3001-835
Version 2.03

30-3001-835 WebClient Planning and Installation Guide

Uploaded by

Copyright:

Available Formats

30-3001-835 WebClient Planning and Installation Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

30-3001-835 WebClient Planning and Installation Guide

Uploaded by

Copyright:

Available Formats

Andover Continuum web.

All Rights Reserved

This document is produced in the United States of America.

Andover Plain EnglishTM is a trademark of Schneider Electric.

Andover InfinetTM is a trademark of Schneider Electric.

All other trademarks are the property of their respective owners.

Title: Andover Continuum web.Client Planning and Installation Guide

web.Client Version 2.03

Schneider Electric part number: 30-3001-835

About this Manual ................................................................. 9

Chapter 1 Introduction to web.Client ................................................... 13

Chapter 2 System Requirements .......................................................... 21

Chapter 3 Pre-Installation Requirements for Windows Server 2008 and

Andover Continuum web.Client Planning and Installation Guide 5

Chapter 4 Installing web.Client on the IIS PC ...................................... 57

Chapter 5 Configuring Graphics Folders for web.Client .................... 85

Chapter 6 Configuring web.Client on the IIS PC ................................. 93

Chapter 7 Testing and Installing web.Client on a Client PC .............. 105

Chapter 8 Using web.Client to Set Up Your Organization .................. 119

Andover Continuum web.Client Planning and Installation Guide 7

Appendix B web.Client Applications that Are Installed ......................... 137

Appendix C Guidelines for Upgrading to Version 2.03 .......................... 139

Appendix D SQL Express Installation Error Messages ......................... 143

What’s in this Manual

Andover Continuum web.Client Planning and Installation Guide 9

Note: Notes contain additional information of interest to the user.

Andover Continuum web.Client Planning and Installation Guide 11

This chapter contains the following topics:

Andover Continuum web.Client Planning and Installation Guide 13

web.Client is either added to a LAN Andover Continuum CyberStation system or

 Create, search for, edit, and delete personnel records

 Edit and view schedules and calendars.

web.Client User Documentation

Andover Continuum web.Client Planning and Installation Guide 15

A Typical System before web.Client

A Continuum system without web.Client consists of a database server and high

A Typical System Implementing web.Client

In the administration of a web.Client system, for example, you would be

Similarly, you could grant access rights to:

 An employee to adjust the temperature after viewing current conditions

Andover Continuum web.Client Planning and Installation Guide 17

Differences between web.Client and CyberStation

web.Client Levels of Support

Andover Continuum web.Client Planning and Installation Guide 19

This chapter contains the following topics:

 web.Client Setup Configurations

Andover Continuum web.Client Planning and Installation Guide 21

web.Client Setup Configurations

 web.Client local area network (LAN) system

LAN system: The web.Client LAN system comprises a Continuum/SQL

Standalone system: The standalone “single user” system with web.Client

Maximum Number of web.Client 2.03 Users Per Server

1. A total of three machines (web.Client browser PCs plus Cy-

Running web.Client on a Windows 32-bit OS

Windows Batch File laa_update.bat

The Windows batch file laa_update.bat is included in the web.Client 2.03

2. From the Windows taskbar, select Start->All Programs->Accessories to

Andover Continuum web.Client Planning and Installation Guide 23

Windows Batch File laa_update_remove.bat

1. Copy the Windows batch file laa_update_remove.bat to your computer