30-3001-835 WebClient Planning and Installation Guide
30-3001-835 WebClient Planning and Installation Guide
30-3001-835 WebClient Planning and Installation Guide
Client
Planning and Installation Guide
for Version 2.03
© 2018, Schneider Electric
No part of this publication may be reproduced, read or stored in a retrieval system, or transmitted, in any
form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior writ-
ten permission of Schneider Electric.
The information in this document is furnished for informational purposes only, is subject to change with-
out notice, and should not be construed as a commitment by Schneider Electric. Schneider Electric as-
sumes no liability for any errors or inaccuracies that may appear in this document.
On October 1st, 2009, TAC became the Buildings Business of its parent company Schneider Electric.
This document reflects the visual identity of Schneider Electric. However, there remain references to
TAC as a corporate brand throughout the Andover Continuum software. In those instances, the documen-
tation text still refers to TAC — only to portray the user interface accurately. As the software is updated,
these documentation references will be changed to reflect appropriate brand and software changes. All
brand names, trademarks and registered marks are the property of their respective owners.
Schneider Electric
800 Federal Street
Andover, MA 01810
(978) 794-0800
Fax: (978) 975-9782
http://www.schneider-electric.com/buildings
Andover Continuum web.Client
Planning and Installation Guide
30-3001-835
Version 2.03
Contents
6 Schneider Electric
Changing IE Security Internet Options to Accommodate SSL ..... 99
Enabling SSL for web.Client ......................................................... 99
Setting Up SSL for web.Client Pinpoint ....................................... 100
Changing the Default TCP Port Number ................................................. 103
8 Schneider Electric
About this Manual
Revision History
This manual documents web.Client, Version 2.03.
Revision History
Document Revision Software Version Date
2.03 2.03 June 2018
2.02 2.02 September 2017
2.01 2.01 September 2016
2.0 SP1 2.0 SP1 October 2015
2.0 2.0 July 2014
1.94 1.94 June 2012
1.93 1.93 March 2011
1.92 1.92 December, 2010
1.91 1.91 February, 2010
1.9 1.9 August, 2008
1.82 1.82 January, 2008
1.81 1.81 June, 2007
1.8 1.8 December, 2006
1.74 1.74 August, 2006
1.73 1.73 January, 2006
1.71 1.71 May, 2005
1.7 1.7 December, 2004
1.62 1.62 March, 2004
1.6 1.6 August, 2003
1.52 1.52 December, 2002
1.5 1.5 October, 2002
10 Schneider Electric
About this Manual
Related Documentation
For additional or related information, refer to these documents.
Related Documents
Document Number
Document
Andover Continuum CyberStation Installation Guide 30-3001-720
CyberStation Access Control Essentials Guide 30-3001-405
CyberStation HVAC Essentials Guide 30-3001-1000
web.Client online help (Version 2.00 SP1)
Symbols Used
The Notes, Cautions, Warnings, and Hazards in this manual are defined, as
follows.
CAUTION
Type of hazard
How to avoid hazard.
Failure to observe this precaution can result in injury or equipment damage.
WARNING
Type of hazard
How to avoid hazard.
Failure to observe this precaution can result in severe injury.
DANGER
ELECTRIC SHOCK HAZARD
How to avoid hazard.
Failure to observe these instructions will result in death or serious injury.
12 Schneider Electric
Chapter 1
Introduction to web.Client
web.Client Overview
web.Client User Documentation
A Typical System before web.Client
A Typical System Implementing web.Client
Differences between web.Client and CyberStation
Overview
This manual provides you, the system administrator, with general information for
planning, installing, and configuring your Andover Continuum web.Client system,
version 2.03.
CAUTION
This manual is for system administrators.
To use the installation and setup procedures in this manual you must be a system administrator with
experience in setting up a web server. You must also have experience using Microsoft system
software and understand that there are graphical user-interface differences between the different
Windows platforms. For detailed information about Microsoft software, please see your Microsoft
Windows online help and visit www.microsoft.com and other Microsoft web sites.
Failure to observe this precaution can result in incorrect system configuration.
Note: The procedures in this manual presume you and your users are installing or upgrading to
web.Client version 2.03. You must meet the software and hardware requirements
compatible with version 2.03. Refer to Chapter 2, System Requirements.
web.Client Overview
web.Client is an application that provides you with web-enabled access
everywhere, all the time. By using a standard browser, your authorized personnel
can access the Continuum facility management system in real time across your
site’s local area network (LAN) or across your wide-area network (WAN).
With the basic web.Client Personnel Manager option, your users can:
14 Schneider Electric
Chapter 1: Introduction to web.Client
Create, run, and view graphical reports (class object Report), including bar
charts, pie charts, trend charts, text reports, and so on.
List and view graphics and groups
View live system alarms and live events
View live video, as well as search for and view recorded video, via the class
object, VideoLayout.
Search for web.Client objects by exploring a folder tree hierarchy or a
network/device tree hierarchy, or by using a text search engine
Edit and view Loops and TrendLogs.
For complete information about any of these features, please see the web.Client
online help.
The following illustration shows what the administration of the typical system
would entail. In this security example, a single administrator is responsible for
assigning all security privileges for engineering and manufacturing personnel.
16 Schneider Electric
Chapter 1: Introduction to web.Client
A database server
Dedicated workstations for configuration
A dedicated web.Client application server
PCs running Internet Explorer 10 connecting web.Client
Note: You will be installing either a web.Client for a LAN system or a standalone with
web.Client. A LAN system has two servers: a database server and a web.Client application
server. In a standalone system, the database and web.Client application reside on one
server. Chapter 2, System Requirements, provides detailed requirements for both systems.
You can delegate security tasks to authorized personnel who then assign security
privileges for their departments (in this case, engineering and manufacturing
personnel).
You use the dedicated workstation, and the authorized personnel use web.Client
on their own computers.
18 Schneider Electric
Chapter 1: Introduction to web.Client
Doors X X
Controller Web Pages X
1. Video can be modified, but not saved. For example, you can change cameras,
show/hide time, change focus, zoom, but you will lose these changes if the
page is refreshed or you open another editor.
20 Schneider Electric
Chapter 2
System Requirements
The following table lists the maximum number of web.Client version 2.03 users
per server, as well as the maximum number of CyberStations and IIS servers, for
each type of setup:
Standalone 1 2 2 1 1
22 Schneider Electric
Chapter 2: System Requirements
Be sure to run this batch file from a command window with elevated privileges as
follows:
1. Copy the Windows batch file laa_update.bat to your computer system’s root
directory.
3. From the Accessories program group, right click on the Command Prompt
and select Run as administrator to open a new command window with
elevated privileges.
4. From the Command Prompt window at the root directory, type the name of
the batch file as shown and press Enter:
C:\>laa_update.bat
For example, running the batch file on a Windows 7 32-bit OS produces the
following output.
C:\>laa_update
Updating Windows 7 Boot Configuration Data.
The operation completed successfully.
You must restart your system to complete the update.
C:\>
Note: You should see similar output for other 32-bit OSs supported in web.Client
In the event that you need to revert changes made by the previous Windows batch
file laa_update.bat, the Windows batch file laa_update_remove.bat is also
included in the web.Client 2.03 release. Depending on your OS, the batch file
modifies the system’s Boot Configuration Store (BCD), or Boot Configuration
boot.ini file.
Be sure to run this batch file from a command window with elevated privileges as
follows:
3. From the Accessories program group, right click on the Command Prompt
and select Run as administrator to open a new command window with
elevated privileges.
4. From the Command Prompt window at the root directory, type the name of
the batch file as shown and press Enter:
C:\>laa_update_remove.bat
For example, running the batch file on a Windows 7 32-bit OS produces the
following output.
C:\>laa_update_remove
Updating Windows 7 Boot Configuration Data.
The operation completed successfully.
You must restart your system to complete the update.
C:\>
Note: You should see similar output for other 32-bit OSs supported in web.Client.
24 Schneider Electric
Chapter 2: System Requirements
If your system has no more than 25 users, select one server as the web.Client IIS
server. This IIS server should be dedicated to running the web.Client application.
For a larger LAN system (at least for any system having more than 25 users) your
site must have more than one IIS server.
Depending on your particular LAN installation, the IIS server can be:
The IIS server must be on a network that can connect to the Continuum/SQL
database server. The browser PCs must be on a network that can connect to the IIS
server.
web.Client version 2.03 will upgrade any previous version on IIS server.
web.Client 2.03 includes CyberStation 2.03, and installing it upgrades the IIS
machine to 2.03. Workstations not at version 2.03 must be upgraded before
installing web.Client.
See also:
The following table shows the hardware and software requirements for the IIS
server and the client browser on LAN systems.
Note: Every connection to the IIS server by a browser PC accessing web.Client uses 5 MB of
RAM on the IIS server. (For example, two browser PCs connected to the IIS server
accessing web.Client use 10 MB of RAM on the IIS server. For this configuration,
Schneider Electric recommends a minimum of 2 GB plus 10 MB (used by the two PCs) or
a minimum of 522 MB of RAM on the IIS Server.)
26 Schneider Electric
Chapter 2: System Requirements
The following table shows the video-specific hardware requirements for the IIS
server on LAN systems.
Video-Specific Requirements
Minimum Recommended
100 Mbps network port 1 Gb network port
Graphics card with DirectX 9.x or later with DirectX 10 graphics device with WDDM 1.0 or
256 Mb of dedicated RAM higher driver with 512 of dedicated RAM
Note: Andover Continuum uses stream 2 to display video through video interfaces. Per standard
Pelco Endura video configuration, you should configure stream 2. When doing so, be sure to set a
lower resolution and smaller frame rate. Otherwise, the performance of your PC may be negatively
affected. Be aware that Andover Continuum only supports H.264 and MPEG4 video formats.
Software Requirements
For information about the software requirements for LAN Systems, consult the
Schneider Electric Download Center and search the following reference by either
document number or title:
web.Client version 2.03 will upgrade any previous version’s IIS server. web.Client
2.03 includes Cyberstation 2.03, and installing it upgrades the IIS machine to 2.03.
Workstations other than the IIS server that are not at version 2.03 must be
upgraded before installing web.Client. (Refer to the Andover Continuum
CyberStation Installation Guide, 30-3001-720, for upgrade procedures.)
See also:
The following table lists hardware and software requirements for the IIS
workstation and the client browser on standalone systems.
Note: Every connection to the IIS server by a browser PC accessing web.Client uses 5 MB of
RAM on the IIS server. For example, two browser PCs connected to the IIS server
accessing web.Client use 10 MB of RAM on the IIS server. In this configuration, Schneider
Electric recommends a minimum of 2 GB plus 10 MB (used by the two PCs) or a minimum
of 522 MB of RAM on the IIS Server.)
28 Schneider Electric
Chapter 2: System Requirements
The following table shows the video-specific hardware requirements for the IIS
workstation on a standalone system.
Video-Specific Requirements
Minimum Recommended
100 Mbps network port 1 Gb network port
Graphics card with DirectX 9.x or later with DirectX 10 graphics device with WDDM 1.0 or
256 Mb of dedicated RAM higher driver with 512 Mb of dedicated RAM
Note: Andover Continuum uses stream 2 to display video through video interfaces. Per standard
Pelco Endura video configuration, you should configure stream 2. When doing so, be sure to set a
lower resolution and smaller frame rate. Otherwise, the performance on your PC may be negatively
affected. Be aware that Andover Continuum only supports H.264 and MPEG4 video formats.
Software Requirements
For information about the software requirements for Standalone Systems, consult
the Schneider Electric Download Center and search the following reference by
either document number or title:
30 Schneider Electric
Chapter 3
Pre-Installation
Requirements for Windows
Server 2008 and 2012, and
Windows 7 and 10
This chapter contains the following topics:
Note: Before installing or upgrading to web.Client version 2.03, be sure the requirements outlined
in this chapter are satisfied.
web.Client users must have a password to log on.
CAUTION
Microsoft system experience required.
To perform this standard Microsoft procedure, you must have administrative experience using
Microsoft system software and understand that there are differences in the graphical user interfaces
between different Windows platforms. User interface illustrations are not always provided. Please see
your Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
Failure to observe this precaution can result in incorrect system configuration.
For Windows Server 2008, install Internet Information Services (IIS) on the
designated web.Client application server (LAN systems) or the standalone
CyberStation/web.Client workstation (standalone system). The LAN web.Client
application server and standalone CyberStation/web.Client workstation are
generically called IIS PC in this manual for both systems.
32 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
3. In the Add Roles Wizard, Before You Begin page, click Next.
34 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
4. In the Select Server Roles page, check the Application Server checkbox to
install .Net Framework 3 as a prerequisite.
36 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
8. In the Select Server Roles page, check the following checkboxes: Web
Server (IIS) Support, HTTP Activation, and Message Queuing
Activation.
An Add role services/features required dialog displays for each of your role
service selections.
9. Click the Add Required Role Services or Add Required Features button to
install additional features for Web Server (IIS) Support, HTTP Activation,
and Message Queuing Activation.
38 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
12. In the Select Role Services page, check the IIS 6 Management
Compatibility checkbox.
14. In the Confirm Installation Selections page, click Install to verify your
selections.
40 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
Due to Microsoft installation limitations, you must have either internet access or the
original operating system installation media in order to successfully install .NET
Framework 3.5 on Windows Server 2012 and Windows 10.
1. In Server 2012 Server Manager, select Add Rolls and Features. In Features,
click .NET Framework 3.5 Features and .NET Framework 4.5 Features.
42 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
3. In the Add Roles and features Wizard, Before You Begin tab, click Next.
5. Click Next and then select a server or virtual hard disk on which to install
roles and features.
7. Click Next and select one or more roles to install on the selected server.
44 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
10. IIn the Add Roles and Feature Wizard pop-up window, click Add
Features.
11. Click Next. In Features, select ASP .NET 4.5 Framework Features, WCF
Services and select HTTP Activation, and Message Queuing (MSMQ)
Activation. Click Next.
46 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
13. In the Add Roles and Features Wizard pop-up window, click Add
Features.
48 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
(continued)
50 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
3. When the Turn Windows features on or off screen displays, select .NET
Framework 3.5 (includes .NET 2.0 and 3.0).
5. Under .NET Framework 4.6 Advanced Services, select ASP .NET 4.6.
52 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
8. Click OK.
Restart your machine, follow the other pre-installation tasks, and follow the
installation procedures in Installing web.Client on the IIS PC and Testing and
Installing web.Client on a Client PC.
Setting Up SSL on the IIS PC -- web.Client version 1.74 (and higher) fully
supports Secure Sockets Layer (SSL) technology, whereby a web.Client user can
access confidential, secure information over the Internet. As a system
administrator, you must ensure that an SSL Certificate, acquired by an authorized
SSL provider, resides on the IIS PC. You can set up SSL before or after web.Client
installation. For instructions, please see Establishing SSL Support for Confidential
Information in Chapter 6.
Enabling SSL for web.Client -- After you have set up an SSL Certificate for the
IIS PC, you must enable SSL for web.Client via web.Client Properties in Internet
Information Services. For instructions, please see Enabling SSL for web.Client in
Chapter 6.
Changing the Default TCP Web Port Number for the IIS PC
Normally, the IIS PC defaults to Internet TCP port 80. Some Internet-access
providers do not use port 80. You can change this port number from 80 to another
port number. This can be done before or after web.Client installation. For more
information, please see Changing the Default TCP Port Number in Chapter 6
54 Schneider Electric
Chapter 3: Pre-Installation Requirements for Windows Server 2008 and 2012, and Windows 7 and 10
1. From the Windows Control Panel, double click WSP Client. The Microsoft
WinSock Proxy Client dialog appears.
2. Remove the check from the Enable WinSock Proxy Client checkbox, and
click OK.
Users\<Username>\AppData\Local\VirtualStore\Program
Files\Continuum\NewGraphicsFiles
Users\<Username>\AppData\Local\VirtualStore\Program Files
(x86)\Continuum\NewGraphicsFiles
Later, if another Windows’ user logs on to the workstation, that user will be unable
to access the Pinpoint graphic.
CAUTION
If you are an Andover Continuum administrator, resolve this issue by either turning
off User Account Control, or allowing read\write permissions to the Program
Files\Continuum or Program Files (x86)\Continuum folder for all of your Standard
users.
Turning Off User Account Control for Windows Server 2012 and
Windows 10
For Windows Server 2012 and Windows 10, additional steps are required to
disable User Account Control. Although the slider bar can be set to “Never
Notify”, the User Account Control does not disable completely.
The User Account Control can be disabled for any user by setting the system
registry value “EnableLUA” to zero in the system registry under the registry key
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
policies\system”.
A Windows registration file has been included in the Continuum 2.03 release in
order to expedite these additional steps.
56 Schneider Electric
Chapter 4
Installing web.Client on the
IIS PC
Overview
Installing web.Client on the IIS PC
web.Client Video System Upgrades
Configuring Your Video Servers
Overview
This chapter provides instructions for installing and configuring web.Client
version 2.03 on the IIS PC, defined as follows:
The IIS PC on a LAN system is the IIS server with Windows Server 2008 or
Windows 7.
The IIS PC on a standalone system with web.Client is the single machine
(Windows 7) on which both IIS and Continuum database reside.
CAUTION
Microsoft system experience required.
To perform this standard Microsoft procedure, you must have administrative experience using
Microsoft system software and understand that there are differences in the graphical user interfaces
between different Windows platforms. User-interface illustrations are not provided. Please see your
Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
Failure to observe this precaution can result in incorrect system configuration.
The procedures in this chapter are for a first-time installation. If you are upgrading
to web.Client version 2.03, refer to Appendix C, Guidelines for Upgrading to
Version 2.03, which presents some guidelines for this upgrade. See also the
Andover Continuum CyberStation Installation Guide, 30-3001-720.
58 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
Once these requirements are installed, return to this installation and when the
initial Install web.Client screen displays once more, click Install
web.Client.
Note: If you do not have the correct Microsoft service pack installed, you will receive a warning
message, asking you to install the correct software. See Chapter 2 for software
requirements.
If your key is not enabled for web.Client, you will receive a warning message.
You may continue with the installation or cancel.
4. The License Information dialog appears. Read and accept the license
agreement, and click Next to continue.
60 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
After reading this screen, enter the web.Client Virtual Directory Alias. Keep the
default alias (WebClient) or provide your own alias. Click Next to continue.
6. The RegisterUser dialog appears. Enter your User Name and Company
Name.
Later, after web.Client is installed, you can right-click on the Continuum icon
in your tool tray and select About to display the About Continuum dialog,
which lists the information from the RegisterUser dialog.
7. When the Destination Folder window appears, select the installation folder..
The default location where web.Client files are installed is shown in the
Destination Folder field. If the location is acceptable, click Next. If not, click
Change to bring up the Change Current Destination Folder dialog.
Select the folder that you wish to use for the web.Client installation program.
Click OK. Click Next.
62 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
8. From the Ready to Install the Program dialog, click Install to start the
installation.
Once the progress bar disappears, you are asked if you would like to read the
latest web.Client release notes. Click Yes or No.
Finally, you are asked if you would like to run the Database Initialization
program now. Click Yes or No.
Andover Continuum web.Client Planning and Installation Guide 63
Chapter 4: Installing web.Client on the IIS PC
web.Client is now installed on the IIS PC. Depending on your system, be sure to
follow one of the next three procedures, covered in the following subsections:
Note: After successful installation, the Continuum Database Initialization dialog automatically
appears.
CAUTION
Close all applications on your computer before installation.
After SQL Express 2012 is installed, your PC restarts immediately. You cannot restart your computer
later. Be sure to close all open applications on your computer.
Failure to observe this precaution will result in the loss of your work.
Follow this procedure to install SQL Express 2012 on a stand alone system using
the Database Initialization dialog:
64 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
1. From the Start menu, select Programs > Continuum > Database
Initialization.
Note: After clicking Stand Alone, it may take several minutes for the data to
populate during the first database initialization.
Note that Microsoft SQL Server is shown in the DBMS Name field
dropdown menu.
4. Ensure that Continuum (default setting) appears in the Data Source Name
field.
7. Enter the default login ID, Andover97, in the User Login ID field.
66 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
8. Enter your user password in the User Password field. (Pyramid97 is the
default).
If you leave DB File Location at its default path, then you must leave SQL
Express at its default path when it is installed. If you browse a different path
for DB File Location, then you must browse SQL Express to the same file
path when it is installed.
68 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
12. Enter a valid SQL system administrator password in the Sa Password field.
This password must meet Microsoft SQL Server rules for the composition of
a password:
The password must be at least eight characters long.
The password must not contain all or part of the user’s account name (three or
more alphanumeric characters).
The password must not contain the following characters: comma (,), period (.),
hyphen (-), underscore (_), or number sign (#).
The password must contain characters from three of the following four categories:
Uppercase letters (A...Z)
Digits (0...9)
Note: Be sure to create a strong SA password. Otherwise, the SQL Database Engine will install,
but not start. Once you create that password, you should remember it since you can change
it later if you have the original password.
a. In the Windows User Name field, enter your Microsoft Windows system user
name. This is necessary with SQL Express. You must have administrative access
in order to run the automated scripts that are part of the database initialization
process.
b. Enter your Microsoft Windows system password and confirm that password in
the Windows Password and Confirm Password fields, respectively.
CAUTION
The password you enter here is required to execute scheduled SQL Server tasks. Should you later
change your Windows password, these scheduled tasks will no longer execute. To correct this, access
the Scheduled Tasks in Windows and change their password with the Set Password button in their
Properties dialog
70 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
14. In the Device Information group, verify that the Database and Log names
are unique.
Note: The device information and log file name should be unique for each database created. An
error occurs, and database creation fails, if these fields are not unique.
Note: Be sure the Create Default List Views, Create System List Views, Create System
Alarm Enrollments, and Enhanced Alarm Logging boxes are checked. If you leave them
unchecked, CyberStation does not import the necessary dump files. The dump files
generate all of the default views, so the listviews and alarms are not created. In addition,
faster alarm logging is not activated. The dump file import happens as soon as the
workstation is started for the first time after installation and the appropriate files are placed
in folders. For more information on Listviews, alarms, and alarm logging, please see the
Continuum CyberStation online help.
a. Create Default List Views - Check this box to import and create listviews (from
the ASCII dump file, DefaultListViews.dmp) for all CyberStation object classes.
b. Create System List Views - Check this box to import and create listviews (from
the ASCII dump file, List.dmp) for system information other than object class
defaults (for example, all events).
c. Create System Alarm Enrollments - Check this box to import configured sys-
tem AlarmEnrollment objects (from the ASCII dump file, SystemAlarms.dmp).
These define the basic conditions under which CyberStation points go into alarm.
d. Create/Update Graphical Report Settings - Check this box to import graphical
report templates. CyberStation supplies many Report templates that include bar-
chart templates, pie-chart templates, and trend templates, giving Reports a certain
default “look and feel.” If you do not check this box, then these report templates
will not be available. For more information on Reports, see the Continuum
CyberStation online help.
e. Enhanced Alarm Logging - Check this box to activate an enhanced method that
automatically speeds up the process of logging alarms with workstations. Without
enhanced alarm logging, configuration of workstation recipients in EventNotifi-
cation objects becomes more cumbersome.
Note: If the Enhanced Alarm Logging checkbox is not checked, the Enhanced Alarm Delivery
checkbox becomes unselectable.
f. Enhanced Alarm Delivery - This checkbox is intended for a system with multi-
ple workstations. Check this box only if you intend to add more workstations to
the system. If more workstations will not be added, then leave it unchecked.
Note: This setting has no effect on BACnet alarms, which can be guaranteed through the
configuration of BACnet alarm notifications.
For more information about extended logs, please see the Continuum
CyberStation online help.
For first time installations, you should see this dialog. If, in the very unlikely
event, you do not see this dialog, it means SQL Express is already on your
computer for some other reason.
72 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
If you see this dialog, go to the next step. If you do not see this dialog, and
SQL Express is installed, proceed to the next section, Adding web.Client to
an Existing Standalone Database.
17. Select the Install SQL now radio button and click OK. SQL Express is then
installed automatically.
During SQL Express installation, the software checks your computer for
certain problems that could complicate SQL installation and/or the creation or
update of the Continuum database. There are several different scenarios. For
example, third-party software may generate license-agreement issues.
For a detailed description of these issues, how CyberStation resolves them,
and a list of error messages, please see SQL Express Installation Error
Messages.
Accept the default path, or use the browse button to select a directory in
which to install SQL Express, and click OK.
Note: If you left DB File Location at its default path, then you MUST leave SQL Express at its
default path when it is installed. If you browsed a different path for DB File Location, then
you must browse SQL Express to the same file path. Be sure that the drive you have
selected has a minimum of 2 GB of free space available.
74 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
After the installation has completed, the reboot dialog appears, which may
take up to 60 seconds.
Note: Reboot happens immediately. You do not have the choice of doing this later.
1. Be sure you have performed the procedure, Installing web.Client on the IIS
PC. After the server reboots, the Continuum Database Initialization
window appears.
5. Click OK.
Andover Continuum web.Client Planning and Installation Guide 75
Chapter 4: Installing web.Client on the IIS PC
76 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
6. Click Close.
2. Once the database is set up on your web server, the main Workstation
Configuration dialog, shown on the next page, appears.
Select the Workstation tab to set the workstation parameters. Set the
Workstation Name, Folder Name, Device Node ID and Network ID for the
workstation. See the Andover Continuum CyberStation Installation Guide,
30-3001-720, for further details.
4. Fill in the fields as shown below if you are adding a new server to a LAN
system. If this is a server upgrade, they will be populated automatically. The
Note: The Andover Continuum CyberStation Installation Guide, 30-3001-720, provides important
guidelines for entering information in the Workstation Configuration dialog. Refer to that
manual.
Server Name field should be set to the name of your Continuum database
server.
6. Run web.Client on this machine. This will create the final objects in the
Continuum database for this workstation.
78 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
For more information on configuring video servers, see Configuring Your Video
Servers. For more information on upgrading web.Client, see Appendix C,
Guidelines for Upgrading to Version 2.03.
1. Click Yes to learn all servers and cameras now, or No to learn them later in
CyberStation’s Video Administrator.
It is recommended that you learn video servers and cameras now since it is
more efficient to learn them all at once rather than learning them individually
later.
Note: Should you choose not to learn servers and cameras now, you will need to learn them later
in Video Administrator. For more information on learning cameras , see the Video
Administrator Settings tab in the CyberStation online help.
If you click Yes, the Learn All Video Servers - Status dialog, shown on the
next page, displays. It shows a count of the servers and cameras as they are
learned.
The video servers and cameras will then be in a partially-learned state- with
only those servers and cameras that have been learned to that point displaying
in the Learn All Video Servers - Status dialog.
80 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
Note: If your video system is unstable, you may receive an ERROR:SERVERNAME message
during the learn process. Should this occur, ensure that your system is stable and then
perform a single Learn Cameras operation for that server. For more information, see the
Video Server Editor - General Tab in the CyberStation online help.
1. For every EventNotification object, add the IIS PC’s workstation to the list of
alarm recipients to be notified. To do so, open the EventNotification editor
and select the Delivery tab.
2. In the Delivery tab, click the Add Recipient button. The Recipients
Configuration dialog, shown on the next page, appears.
3. Use the Recipient field’s browse button and the browse dialog to search for
and select the workstation that is on the IIS PC.
4. Configure these settings appropriately for your system. There are several
ways to configure recipients, according to your needs.
82 Schneider Electric
Chapter 4: Installing web.Client on the IIS PC
Note: For additional enhanced alarm delivery, ensure that the Enhanced Alarm Delivery
checkbox is checked via the Database Initialization dialog. For detailed information on
the checkboxes in the Database Initialization dialog, please see the Andover Continuum
CyberStation Installation Guide, 30-3001-720.
1. From the system tray in the lower right corner of your screen, right-click on
the Continuum icon, and select Security from the popup menu to open the
Security editor.
5. For each user group, edit each web.Client action to grant or deny permission
to access the web.Client feature. To grant access, click to display a key, as
shown above. To deny access, leave the lock, or if unlocked, click to display a
lock.
Note: VideoServer and VideoLayout objects are created on CyberStation. Though you may
modify a VideoLayout in web.Client, you cannot save your modifications in web.Client;
only on CyberStation.
For more information on configuring a video server (and the VideoServer object)
please see VideoServer in the Continuum CyberStation online help. For more
information on configuring video layouts, please see Video in the web.Client
online help.
84 Schneider Electric
Chapter 5
Configuring Graphics
Folders for web.Client
Note: For 64-bit systems, when you are directed to enter a graphics file path, specify the
following: C:\Program Files (x86)\Continuum\NewGraphicsFiles.
4. If you are not using the default physical path for your NewGraphicsFiles path
then click the NewGraphicsFiles Virtual Directory. In the Actions pane,
select Basic Settings and update the Physical Path to the correct location.
5. For a remote share, be sure to enter the system and share name as follows:
\\server\newgraphics files
86 Schneider Electric
Chapter 5: Configuring Graphics Folders for web.Client
7. Ensure that there are two green check marks in the Results window.
8. If not, you need to create a local account and then select Connect as.
9. Select Specific user and enter the credentials that have permission to access
the physical path.
10. Create a local account and add the account to the share and the directory
88 Schneider Electric
Chapter 5: Configuring Graphics Folders for web.Client
12. Ensure that there are two green check marks in the Results window.
14. Share the graphics folder with everyone and provide full-control access. For
more information, see Giving Everyone Access to Graphics Files.
15. Under Default Web Site, select the newly created NewGraphicsFiles folder.
2. In the Connections tree, expand the computer name, then Web Sites, then
Default Web Site.
90 Schneider Electric
Chapter 5: Configuring Graphics Folders for web.Client
8. In the Select User or Group dialog, specify the location for the object
(Everyone). Make sure the computer name appears beneath From this
location, and click Find Now.
10. In the Permission Entry for NewGraphicsFiles dialog, Object tab, check
the Full Control checkbox).
14. In the Internet Options dialog, select the Connections tab and click LAN
Settings.
15. In the Local Area network (LAN) Settings dialog, make sure the
Automatically detect settings checkbox is cleared.
92 Schneider Electric
Chapter 6
Configuring web.Client on
the IIS PC
2. From the Pinpoint application window, select the View dropdown menu, then
Options. The Options dialog appears.
3. On the Web Locations tab, enter the appropriate paths to the following
shared folders.If the image folder and background folder are under
NewGraphicsFiles (the sample folder you just specified
as a web address) then, in the Web Locations tab of the Pinpoint Options
dialog, the new paths would be:
http://ServerName/NewGraphicsFiles/imagelibrary
and
http://ServerName/NewGraphicsFiles/backgrounds
94 Schneider Electric
Chapter 6: Configuring web.Client on the IIS PC
Note: Ensure that you have given accessible sharing privileges to the above three folders so that
all client machines can view the graphics. To ensure the paths you entered are correct, click
the Check button.
If the path is incorrect, the symbol appears next to the incorrect path. If the
three paths are correct, click OK and close Pinpoint.
CAUTION
Manually changing an IP address
If you use a specific IP address in the Graphics (Pin Files) field, instead of ServerName, and then
manually change the IP address (in the IP Address field of the Default Web Site Properties dialog,
accessed via the Control Panel’s Administrative Tools - Internet Services Manager - Default Web
Site properties) the Graphics URL no longer works. You must go back and change the path in the
Graphics (Pin Files) field in the Options dialog to match what was changed in the IP Address field,
or enter a server name. To map the local host to this new IP address, you must also edit, and place this
new entry into the LMHOSTS.SAM file located in:
C:\WINNT\system32\drivers\...
Failure to observe this precaution can result in failure to access web.Client Pinpoint
graphics files.
5. Stop and then restart your IIS server, or reboot the machine.
C:\Program Files\WebServer
The timeout is the number of minutes that a web.Client session remains active
during non-use (inactivity) before the session ends, requiring the user to log on
again.
For more information about session timeout and EventViews, see the web.Client
online help.
Inactivity Timeout
The “timeout” default is 20 minutes, but it can be reset to a different time period
by editing the web.config file:
96 Schneider Electric
Chapter 6: Configuring web.Client on the IIS PC
Live EventView
The “maxEventViewRows” default value is 100, but you may want edit the
web.config file to reset it to a smaller number to save time while the event view
list rebuilds:
For complete instructions for using SSL on Microsoft platforms, please see
Microsoft’s extensive online IIS documentation on secure communications and
certificates:
An overview of certificates
Setting up SSL on your server
Using the security task wizards
Obtaining a server certificate
Using Certificate trust lists. (Trust lists are managed via Internet
Explorer’s Internet Options dialog. From IE’s Tools dropdown menu,
select Internet Options. Select the Content tab. Certificate management
options appear in the Certificates section.
Obtaining a client Certificate
Enabling client certificates
Mapping client Certificates to user accounts.
Note: When applying for and creating your certificate, please use the fully qualified domain
name of the IIS server, particularly if you plan to connect the web server to the Internet
with a public IP address. For example, use the following: (FQDN) System name.schneider-
electric.com (public).
If you plan to connect the web server internally with a private IP address, you need only use
a NetBIOS name. For example, use the following: (netBios) System name (private).
The URL of the site name must comprise the same server name and domain name to which
your client machine browsers connect:
https://ServerName.DomainName.com
For example:
https://yourpc.schneider-electric.com/webclient (public IP
address)
Otherwise, if these do not match, errors will result and SSL won’t work. To test the URL,
ping it from your machine and ensure there is a reply.
Note: In order to use SSL encryption from the client machine, a web.Client user must access
web.Client with the prefix:
https://
instead of http://
98 Schneider Electric
Chapter 6: Configuring web.Client on the IIS PC
4. In the Security level for this zone section, click the Custom Level button.
7. Under Access data sources across domains, select the Enable radio button.
8. Click OK in the Security Settings dialog and again in the Internet Options
dialog.
As an alternative, on each client machine you can add the web.Client URL address
to Trusted sites. On the Internet Options dialog:
2. On the Trusted sites dialog, enter the web address in the Add this Web site
to the zone field.
3. Click OK.
9. Click OK.
1. Set up your Pinpoint graphics folders. See Configuring Graphics Folders for
web.Client:.
12. In the ASP.NET version field, make sure the version is 2.0.50727.
c:\program files\continuum\dnwacserverfactory\bin\
Note: If you are using SSL with Pinpoint graphics, the SSL port must be 443.
17. Restart your computer.
18. After restarting your computer, test the Certificate and its compatibility with
Pinpoint by accessing the following page:
https://ServerName/dnwacserverfactory/bin/TestWPinpointSSL.htm
19. A Security Alert appears. Click Yes to the question, Do you want to
proceed? This accepts the Certificate.
20. If the Certificate is valid with Pinpoint, the following page appears:
If this page does not appear, it means it is not valid, or the Certificate has
expired.
5. On the Default Web Site Properties dialog, select the Web Site tab.
Overview
Testing Access to and Installing web.Client on a Client PC
Before Getting Started
Launching Internet Explorer in Windows 7
Installing the web.Client Utilities Control
Installing Microsoft .NET Framework 2.0
Installing web.Client Pinpoint
Installing the Video Layout Control and .NET Framework 3.5
Setting Browser “Zone” Permissions for .NET Framework
Server Proxy Applications
Logging Out of web.Client
Overview
When your web.Client users log on to web.Client via their client-machine
browsers for the first time, it is likely that several applications will be installed
(automatically or via user prompts).
Note: The procedures in this chapter presume you and your users are installing or upgrading to
web.Client version 2.03 and have Internet Explorer version 10, and meet the other software
and hardware requirements presented in Chapter 3, Pre-Installation Requirements for
Windows Server 2008 and 2012, and Windows 7 and 10.
This chapter shows you how to test browser access to web.Client by logging on
and installing web.Client on a user-client workstation.
2. Be sure this workstation has versions of the operating system that your user
clients would typically have.
4. Restart this workstation and other client PCs before logging onto web.Client
for the first time.
Note: All web.Client users must have a password to log in. web.Client users are created in
CyberStation.
web.Client features must be unlocked at another CyberStation for the test user, so that the
user can log on to web.Client and perform all the necessary feature tests.
Note: Your users need only perform this step once in order to install ActiveX
components and web.Client Pinpoint. Once they do so, they can run
web.Client as that user (it is profile dependent) without being asked to
specify the administrator account or run IE as administrator.
3. In the Internet Options dialog, select the Connections tab, and click LAN
Settings.
4. In the Local Area Network (LAN) Settings dialog, make sure the
Automatically detect settings checkbox is cleared.
5. Click OK.
You must enter https:// if you have installed an authorized SSL Certificate on
the IIS PC. If this is not an SSL server, then you would enter http://. Version
1.74 (and higher) fully supports SSL, which accommodates client-server
exchanges of confidential information. (See Establishing SSL Support for
Confidential Information in Chapter 6.)
https://SiteServer1/WebClient
Note: If the IIS server does not have Internet connectivity, it may take between 30 and 90 seconds
for this installation prompt to appear.
Note: The web.Client Log On screen, shown on the next page, appears in the background, beneath
this Security Warning dialog, but you cannot enter your user name and password until the
web.Client Utilities Control is installed.
3. Click the Yes button on the Utilities Control Security Warning dialog to
begin the installation. Installation of the Utilities Control happens
automatically, in a few seconds.
If you are upgrading from Version 1.73 to 2.03, go to the next step.
If you are upgrading from Version 1.74 or 2.03, go to Step 5.
4. If you are upgrading from Version 1.73 to 2.03, a dialog appears, asking you
to close and restart Internet Explorer. Do so now. After you restart Internet
Explorer, enter the same URL you entered in Step 1.
5. On the web.Client Log On screen, enter your user name and password.
Note: In Internet Explorer 10, the logon screen text fields contain user interface controls that
allow you to clear text in the User Name field and display text in the Password field. To
display password text, click and hold the left mouse button over the eye icon in the
Password field. This option is helpful when you wish to ensure you have entered the
correct password.
2. Check the I accept the terms of the License Agreement checkbox, and click
Install.
A Setup progress-bar, followed by the Installing components window,
appears while the installation is configured and components are installed.
This may take a several minutes. Please wait.
At least 4 MB of disk space are needed for web.Client Pinpoint. (See also
Appendix B, web.Client Applications that Are Installed.)
It is recommended your users install this application after bringing up the Home
screen for the first time.
2. In the navigation pane, explore and search for a list of graphic paths, and click
the name of the graphic file you want. A Security Warning dialog appears,
prompting you to install the file, msxml4.cab.
3. Click the Yes button to install the file. Another Security Warning dialog
appears, asking if you want to install and run the WebClient Pinpoint
graphics package.
4. Click Yes to launch the Install Shield Wizard for WebClient Pinpoint and
begin the installation. Click Next.
5. A License Agreement window appears. Click Yes to accept the terms of the
license agreement.
The Setup Status window appears, displaying the progress of the installation.
When installation is complete, the InstallShield Wizard appears. Click
Finish to complete the installation process.
If your IIS PC uses IIS 6.0, be aware that IIS resources are recycled after a long
period of time (29 hours) by default. This means that your web.Client Pinpoint
windows, including web.Client itself, are disconnected after this long period of
time expires. Please take this into account if your users need Pinpoint running
continuously for more than a day.
If you need to run Pinpoint continuously for more than 29 hours, you may
lengthen that time via the Windows Internet Information Services (IIS)
Manager.
After .NET Framework 3.5 is installed, both versions 2.0 and 3.5 reside on the
client machine.)
Note: The video feature requires network access to a digital video recorder. This may require you
to open port 18772 or establish a Virtual Private Network (VPN) connection if there is a
firewall.
At least 72 MB of disk space are needed for the Video Layout Control, which
comprises the file, WebClientVideo.cab, and .NET Framework 3.5. (See also
Appendix B, web.Client Applications that Are Installed.)
To install the Video Layout Control and .NET Framework 3.5, perform the
following procedure:
2. Explore and search for a list of video paths, and click the name of the
VideoLayout object you want.
3. Click Install.
If you do not already have Microsoft .NET Framework 3.5 installed on your
computer, the InstallShield Wizard appears, asking you to install it now. (If
you are not asked to install .NET Framework 3.5, go to Step 5.)
4. Click Install.
On the client side, .NET Framework 2.0 controls do not run in the IE browser’s
Internet or Trusted zone with their default permission settings. Therefore, users
must add full trust to these zones.
On each client machine, you can do so in one of the following two ways:
Download the Microsoft .NET Framework SDK 2.0. This is available from
Microsoft, http://www.microsoft.com/downloads/.
5. Click the Permission Set tab, and from the Permission set dropdown menu,
select FullTrust.
6. Click OK or Apply
You can also change the default permission set or create a new permission set that
has the following specific permissions.
As an alternative, you can add full trust to the zones by executing the Microsoft
Code Access Policy tool (caspol.exe) located in:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\
To add full trust to the Internet zone in .NET Framework 2.0, execute the
following:
To add full trust to the Trusted zone in .NET Framework 2.0, execute the
following:
CAUTION
Manually closing the ACWebServerProxy
Do not manually close the ACWebServerProxy window.
If anyone manually closes the ACWebServerProxy window, all users
are disconnected from the application.
CAUTION
Closing sessions without logging out
Users should not close their sessions without logging out.
If the session is closed without logging out, the client license will not be available for
a different user until after the timeout period has expired.
Overview
web.Client Security Basics
Scenario 1: A Single-Building Company
Scenario 2: A Global Company
Overview
Having installed and tested web.Client version 2.03 on an Internet browser, you
are now ready to use this powerful, web-based facility management tool. For
example, web.Client can distribute personnel records, view and edit schedules and
points, integrate video, display live events, provide convenient access to reports
for managers, monitor BACnet loops, and download TrendLog records. (For
complete information, please see the web.Client online help.)
It is very important to plan for web.Client carefully. If you can start planning for
web.Client before the initial configuration of the facility management system,
implementation will be much easier.
Throughout this process keep in mind that you will be creating delegates to log on
to web.Client and access the Continuum facility management system.
Is the security installation contained within one building or are there multiple
facilities managed by one system?
Where are the facilities located?
Who are the security delegates that will administer the personnel records?
What personnel records do the security delegates have authority to
administer?
What are the areas of which the security delegates have control?
Can personnel records be placed in logical groups?
Based on the answers to the above questions, you will have to decide:
What group level security should the security delegates have to limit their
ability to view only certain object classes or perform only certain tasks?
What object level security should be set up to limit the security delegate to
specific groups of objects?
This chapter details two scenarios in which the above questions were answered
and decisions were made on how to set up the Continuum system. Use these
examples to aid in planning for your scenario.
Security levels: Security levels do not exist in the Continuum system by default,
they must be created. Security levels are used to apply “object-level” security, to
override permissions granted by security groups, and can only be used to deny a
permission granted by security groups. Security levels cannot be used to grant
permissions denied by security groups. They may be applied to individual objects
(for example, an area called “Engineering”) or to a folder with many objects.
When a security level is applied to a folder, all the contents of the folder, including
subfolders, are limited to that security level’s restrictions.
Since only one security level can be applied to an individual object or folder, a
security level must be defined to include all the restrictions that will be applied.
For example, the following security levels may be required:
Admin only
Admin and Engineering Managers
Admin, Engineering Managers, and Sales Managers
Users: Users created with the Continuum system are assigned to one or more
security groups. Since a user may be a member of more than one security group,
security groups may be set up to focus on a small set of permissions. Setting up
security groups with a modular approach, makes assignment of security groups to
users much easier. If a user is assigned to more than one security group with
conflicting permissions, the “unlocked” permissions take precedence and the user
will be granted the permission.
Folder and Device Level Security (FDL): provides the user with the ability to
apply a security level to a collection of child objects by placing them in a folder
(the parent) so that they inherit the parent’s security level. When you configure
security using FDL, consider the following:
For example, a site with three roles and two partitions would have six groups.
Note: CyberStation supports up to 1024 groups. If the number of groups (number of roles
multiplied by the number of partitions) exceeds 1024, then the number of roles and/or
number of partitions needs to be decreased.
Log in as each user once and verify that the right areas are granted or denied
according to your configuration plan.
Administrative
Engineering
Sales
IT
The areas of the building are:
Main lobby
East stairwell
West stairwell
Fitness room
Human Resources department
Administrative offices
Engineering lab
Engineering Conference room
Sales offices
The areas can be grouped as:
Common areas: Main lobby, fitness room, east stairwell, west stairwell
Administrative areas: Human Resources department, administrative offices
Engineering areas: Engineering lab, engineering conference room
Sales areas: Sales offices
Since this setup requires that each delegate have different sets of permissions, it
requires four security groups (one for each user / delegate). These groups will be:
Admin, Eng, Sales, and IT (where the HRDel serves as the Admin delegate).
Also, since only one security level can be applied per folder or object, it is
recommended that you create separate security levels for each folder. This will
make it easier to organize permissions specifically for the contents of the folder.
Recommended Set Up
Security Groups Personnel Folders Area Folders Security Levels Users
Admin AdminPersonnel CommonAreas CommonAreasSL HrDel
Eng EngPersonnel AdminAreas AdminAreasSL EngDel
Sales SalesPersonnel EngAreas EngAreasSL SalesDel
IT ITPersonnel SalesAreas SalesAreasSL ITDel
AdminPersSL
EngPersSL
SalesPersSL
ITPersSL
For traveling employees who do not have a particular location, there is another
global administrator (GlobalPersonnelAdmin). This person can create, edit, and
delete the personnel records of these people in particular, but they cannot assign
access to any areas.
Lastly, local administrators can grant area permissions to the traveling employees,
but they may not create, edit, or delete their records.
Andover personnel
England personnel
France personnel
Germany personnel
Hong Kong personnel
Mexico personnel
Andover
England
France
Germany
Hong Kong
Mexico
GlobalViewer Global delegate with permissions only to view all personnel records and areas.
Since this setup requires that each delegate have different sets of permissions, this
scenario requires eight administrative groups (one for each user / delegate).
Also, since only one security level can be applied per folder or object, it is
recommended to create separate security levels for each folder. This will make it
easier to organize permissions specifically for the contents of the folder.
1. All Security Levels will also be unlocked for the Global Viewer with the excep-
tion that the keys (in the security settings) will be locked for the change, edit,
create, and delete functions.
Recommended Setup
Security Groups Personnel Folders Area Folders Security Levels Users
Andover AndoverPersonnel AndoverAreas AndoverAreaSL AndoverAdmin
Administrator EnglandPersonnel EnglandAreas EnglandAreaSL EnglandAdmin
FrancePersonnel GermanyAreas FranceAreaSL FranceAdmin
England GermanyPersonnel HongKongAreas GermanyAreaSL GermanyAdmin
Administrator HongKongPersonnel MexicoAreas HongKongAreaSL HongKongAdmin
MexicoPersonnel MexicoAreaSL MexicoAdmin
France Administrator GlobalPersonnel AndoverPersonnelSL GlobalPersonnelAd
EnglandPersonnelSL min
Germany FrancePersonnelSL Global Viewer
Administrator GermanyPersonnelSL
HongKongPersonnelSL
Hong Kong MexicoPersonnelSL
Administrator GlobalPersonnelSL
Mexico
Administrator
Global Personnel
Administrator
Global Viewer
Overview
Tips
Overview
This appendix provides a series of tips for keeping your web.Client system secure
and troubleshooting some common problems that may arise.
CAUTION
Microsoft system experience required.
To perform the Microsoft-related procedures, you must have administrative experience using
Microsoft system software and understand that there are differences in the graphical user interfaces
between different Windows platforms. User-interface illustrations are not provided. Please see your
Microsoft Windows online help and visit www.microsoft.com and other Microsoft web sites.
Failure to observe this precaution can result in incorrect system configuration.
Tips
The following tips are helpful in ensuring the security of your web.Client system.
To protect your Andover Continuum system, reserve user security groups 1 and
128 (or the highest-numbered user security group your site uses) to have all keys
unlocked for all classes. Do this for the “base-level” security and all “object-level”
security (security levels).
Note: Although it is unlikely you would use all of them, CyberStation provides a maximum of
1024 user security groups.
Be sure at least one user is assigned to both the first and your highest-numbered
security groups. This ensures that at least one user will have full access to the
system in case of an inadvertently locked action.
When adding new personnel using web.Client, the New Person dialog displays all
of the CyberStation system folders for which that logged-on user has permissions
to view.
Schneider Electric recommends that you apply a security level to all folders not
used by web.Client users (the folders that do not include any personnel, areas, or
numerics used by schedules) so as to prevent personnel from inadvertently being
placed in the wrong folder.
3. Apply this new security level to all folders without personnel, areas, or
numerics (used by schedules).
Perform the following procedure to ensure that the default document on the
web.Client virtual directory is set. The default document is set automatically by
the install that creates the web.Client virtual directory.
Note: There is a virtual directory under the default web site that is used for web.Client, and by
default it is called “WebClient”. During the installation of web.Client, this directory name
can be changed.
Note: If you are unsure which directory it is, click them, one at a time, to list the contents in the
right-hand pane. The web.Client virtual directory will have two ACCWebMgr files in the
list in the pane.
The utility DCOMCNFG allows you to set the default permissions for *ALL*
COM and OLE objects on your machine. You can use this utility to provide OLE
and COM access to the IUSR_<servername> account as well as all user accounts
that might be impersonated by your IIS configuration. You can even grant
permissions to the “Everyone” group.
For more information on launching OLE servers from ISAPI applications, refer to
the Microsoft article on Security Ramifications for IIS Applications. This
article can be found at:
http://www.microsoft.com/windows2000/en/server/iis/htm/asp/
eadg4n77.htm?id=231.
To avoid problems opening web.Client Pinpoint graphics, be sure that IIS has
been installed on the server before Microsoft .NET Framework 2.0 is installed.
This appendix lists the applications that web.Client installs on the client PCs and
the file size of each application.
Installed Applications
The following table lists the applications that web.Client installs on the client PCs
and the file size of each application.
Be sure you have at least 72 MB of free disk space. For more information,
refer to Installing the Video Layout Control and .NET Framework 3.5
Adobe scalable vector This 5 MB application allows the client to view web.Client Reports. (See
graphics (SVG) viewer the web.Client online help.)
for graphical reports.
web.Client Pinpoint This 4 MB application allows the client to view Pinpoint graphics through
(wPinpoint) web.Client.
web.Client Video This 2 MB application allows the client to view and play back live and
Control recorded video images through web.Client.
Upgrade Guidelines
This appendix presents guidelines for upgrading web.Client to version 2.03. A
quick procedure is provided below, but please refer back to the procedures and
requirements in the previous chapters of the document. Refer also to the Andover
Continuum CyberStation Installation Guide, 30-3001-720. As with any upgrade, it
is good practice to ensure, before you begin, that you have a known good backup
of the database.
Note: web.Client version 2.03 supports Microsoft Windows Server 2008 and Windows 7.
Depending upon the version of CyberStation you are running, you may need
to update your hardware security key to version 2.03. If your CyberStation
software is a pre-1.9 version (such as, v1.6, or v1.81), you will have to
upgrade your key to support v2.03.
If you are running version 2.x or higher, however, you will not need to update
your security key; your key is already enabled to support version 2.03.
2. Perform pre-installation tasks, and ensure your system meets the minimum
software and hardware requirements. (See Chapter 3. Pre-Installation
Requirements for Windows Server 2008 and 2012, and Windows 7 and 10)
3. Reboot your PC before inserting the version 2.03 CD, and start the web.Client
Install program. Perform the installation over the previous version’s
application. Reboot your PC, when prompted.
Also refer to the procedure in Chapter 4: Installing web.Client on the IIS PC.
4. After the installation procedure is complete, and you have rebooted your
machine, the database initialization procedure begins.
When the Database Initialization dialog appears, select the Update Existing
Database radio button to update the database.
Note: If you do not have the database engine, SQL Express, already installed, or if you have an
older version of the database engine, then SQL Express is installed for you automatically
during the database initialization process.
Note: During the web.Client installation, if a client machine does not already have Microsoft
.NET Framework 2.0 installed, a user must install it as he/she logs on to web.Client for the
first time. web.Client operates in a .NET Framework environment.
When a user is logged onto web.Client and tries to bring up a video layout for the first time,
he/she may be prompted to install .NET Framework 3.0 on the client machine, if it is not
already installed. The web.Client Video Control requires the client machine to have .NET
Framework 3.0, just as web.Client overall requires .NET Framework 2.0. For more
information see Installing the Video Layout Control and .NET Framework 3.5 in Chapter 7.
Overview
SQL Express Installation Error Messages
Overview
This appendix provides a list of error messages that may appear if certain
problems occur during the installation of the database engine, SQL Express. (SQL
Express is installed or upgraded automatically on a standalone system during the
Continuum database initialization process.)
During SQL Express installation, several things are detected on your computer:
For example, a third-party software vendor may already be using the existing
database engine. This creates license-agreement conflicts and possible
performance problems. To satisfy the software license agreement, Continuum
CyberStation must “own” the database engine. In this case, it may be necessary to
create another instance of SQL Express for Continuum CyberStation and/or notify
the software vendor.
Using another example, the database may be configured incorrectly. In this case, it
may be necessary to re-create the Continuum database during database
initialization.
There are many variations of these special cases. If a problem arises, you will
receive an SQL Express installation error message that states the problem and
provides instructions for correcting it.