foreseer server guide (1)

IM02606006E

Server Guide: Foreseer 6.0

Foreseer Server Guide

Foreseer Server GuidePublication date 5/2012

Copyright © 2012 by Eaton Corporation. All rights reserved.

Specifications contained herein are subject to change without notice.

Power Xpert and Foreseer are registered trademarks of Eaton Corporation.

EATON CORPORATION - CONFIDENTIAL AND PROPRIETARY NOTICE TO PERSONS RECEIVING THIS DOCUMENT AND/OR TECHNICAL INFORMATION THIS DOCUMENT, INCLUDING THE DRAWING AND INFORMATION CONTAINED THEREON, IS CONFIDENTIAL AND IS THE EXCLUSIVE PROPERTY OF EATON CORPORATION, AND IS MERELY ON LOAN AND SUBJECT TO RECALL BY EATON AT ANY TIME. BY TAKING POSSESSION OF THIS DOCUMENT, THE RE-CIPIENT ACKNOWLEDGES AND AGREES THAT THIS DOCUMENT CANNOT BE USED IN ANY MANNER ADVERSE TO THE INTERESTS OF EATON, AND THAT NO PORTION OF THIS DOCUMENT MAY BE COPIED OR OTHERWISE REPRO-DUCED WITHOUT THE PRIOR WRITTEN CONSENT OF EATON. IN THE CASE OF CONFLICTING CONTRACTUAL PROVI-SIONS, THIS NOTICE SHALL GOVERN THE STATUS OF THIS DOCUMENT.

DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY

The information, recommendations, descriptions and safety notations in this document are based on Eaton Corporation’s (“Eaton”) experience and judgment and may not cover all contingencies. If further information is required, an Eaton sales office should be consulted. Sale of the product shown in this literature is subject to the terms and conditions outlined in appropriate Eaton selling policies or other contractual agreement between Eaton and the purchaser. THERE ARE NO UNDERSTANDINGS, AGREEMENTS, WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE OR MERCHANTABILITY, OTHER THAN THOSE SPECIFICALLY SET OUT IN ANY EXIST-ING CONTRACT BETWEEN THE PARTIES. ANY SUCH CONTRACT STATES THE ENTIRE OBLIGATION OF EATON. THE CONTENTS OF THIS DOCUMENT SHALL NOT BECOME PART OF OR MODIFY ANY CONTRACT BETWEEN THE PAR-TIES.

In no event will Eaton be responsible to the purchaser or user in contract, in tort (including negligence), strict liability or otherwise for any special, indirect, incidental or consequential damage or loss whatsoever, including but not limited to damage or loss of use of equipment, plant or power system, cost of capital, loss of power, additional expenses in the use of existing power facilities, or claims against the purchaser or user by its customers resulting from the use of the informa-tion, recommendations and descriptions contained herein.

Contents

Chapter 1. Foreseer Server Installation ........................................................ 1

System Requirements ................................................................................ 1Software Considerations ............................................................................ 2Hardware Considerations ........................................................................... 2Foreseer Server Installation ......................................................................... 3Program Installation ..................................................................................... 3

Chapter 2. Configuring the Foreseer Server .............................................. 5

Device Installation ........................................................................................ 7Loading a Set of Devices.............................................................................11Backing Up the Server Configuration ........................................................12Automatic Configuration Backups ...............................................................13Online Help ...............................................................................................13The Tree View ............................................................................................14Server Properties ........................................................................................15Device Properties ........................................................................................16System Channels ......................................................................................17Channel Properties ......................................................................................18User-Defined Channels ............................................................................... 21Administrative Password .......................................................................... 23Client Connection Password ...................................................................... 24Message Manager ..................................................................................... 24Remote Server ......................................................................................29Heartbeat Server ...................................................................................... 30Slave Heartbeat Server ............................................................................ 32

Chapter 3. WebViews ................................................................................. 33

Creating WebViews Folders and Pages ...................................................... 34

Chapter 4. WebViews Security .................................................................... 39

Authorization Levels ................................................................................... 39Accounts .................................................................................................... 41Updating User Groups ................................................................................ 41

Chapter 5. WebViews Administration ......................................................... 43

HTTPS (Secure) Web Server .................................................................... 43Enabling a WebViews Server ..................................................................... 43Server Admin Menu ................................................................................... 45

System Requirements

1

Foreseer is designed to manage your critical site or entire enterprise by monitor-ing power and environmental inputs from equipment, sensors and other systems. Monitored points include Meter (analog) and Status (digital) inputs which open a detailed window into the past, present and future performance of your mission-critical equipment. The unique networked architecture and modular design make Foreseer a cost-effective approach to managing your site while maintaining unique analysis and multi-vendor connectivity capabilities. It furnishes a single integrated system that pro-vides real-time and historical views into the operation of the power and environmental conditions that support your critical operation.

Foreseer is an easy-to-use Windows program consisting of both Server and Client software modules (which may be installed on the same PC).

The Foreseer Server functions as a centralized storage location for information from managed Devices and the Foreseer Client acts as a retrieval and display terminal for that information. Together, the applications allow you to observe real-time data, re-spond to events and alarms, as well as view historical data and project potential failure for every data input. Your system has been pre-configured during installation with equipment, critical data points and other views specific to your operation. The configu-ration can be readily modified to meet your changing monitoring needs.

Although multiple Clients can access the Server and view its resident data, Foreseer administrative functions control who has modification privileges to particular program features. Password authorization can be specified to protect the Server configuration from inadvertent alteration.

Foreseer has certain hardware and software requirements; exceeding these prereq-uisites will enhance the performance of the program. The following minimum sys-tem configuration is necessary to run the Foreseer Server Application (note that the recommended system meeting these specifications is an HP Proliant DL380 G5 rack mounted server):

• Microsoft® Windows Server 2003, Release 2, and Microsoft Server 2008. Refer to the Release Notes for a list of newly supported operating systems.

• A PC with a 2 GHz dual core processor

• 17”, 1440 x 900, 16-Bit Color Super VGA Monitor with a 64 Mb Video Card

• 2 Gb of RAM

• 146 GB SCSI Hot Swap Hard Drives-qty. 2, (mirrored)

• CDRW/DVD-ROM Drive

• Dual NICs, onboard

• Keyboard & Mouse

Optional equipment includes:

• RS-232/422 Converters for Device connections exceeding 50 feet

• Local Printer for hardcopy outputs

System Require-ments

Chapter 1. Foreseer Server Installation

Hardware Considerations

2

• Sound Card

Foreseer also has certain hardware and software prerequisites that must be ad-dressed prior to installing the program on the Server. Hardware prerequisites consist of completing the Configuration Checklist for all of the Devices to be monitored, then establishing physical connections between the Server and the Devices to be monitored.

9 It is recommended that you complete the enclosed Configuration Checklist to use as a reference during program installation.

9 Each monitored Device can be connected to the Server through one of several interfaces. If the distance between the Foreseer Server and a serially targeted Device exceeds 50 feet, RS-232/422 converters will be necessary to adapt the serial signal.

Figure 2.1 FORESEER SERVER SETUP PROCEDURE

Software prerequisites consist of verifying that the Windows operating system, TCP/IP Protocol and (if appropriate) Remote Access Server are installed and enabled. Before starting, determine the unique network address for the Foreseer Server PC.

9 Ensure that the Windows operating system is installed on the Foreseer Server PC.

Administration via Remote Desktop

If you are using terminal services to connect to a Foreseer Server, you must be connected via the console session. If you don’t connect through the console session, some administrative tools, such as the Message Manager utility, won’t work. The server must also be set to access remote desktop connections to use this approach.

Hardware Con-siderations

Complete Configuration Checklist

Verify Server PC meets minimum requirements

Ensure that the Devices are functioning normally

Determine Foreseer Connection Method Serial Connection

1. Obtain Serial Port Expander.

2. Obtain RS-232/422 Converters if distance exceeds 50 ft.

Network Connection

1. Locate available network drop within 300 ft.

2. Obtain the IP address.

Consult your Network Administrator if necessary

Install Network Adapter

Repeat connection and test for each monitored Device

Install Foreseer Server Application

Configure Foreseer Server

Install Devices

Backup Foreseer Server Configuration

Software Consid-erations

Foreseer Server Installation

3

To launch a remote desktop connection to the console session on a server, type the following command at the Windows command prompt:

mstsc -v:machine_name /F -admin

Where machine_name is the name of the server.

Foreseer installation and configuration is a three-step process: Program Installa-tion, Server Configuration and Device Configuration. All three steps use a series of InstallShield®Wizards to simplify the procedure and user prompts guide you through the entire process. Be sure to register your Foreseer Application to ensure that you are notified about future updates and product enhancements.

Foreseer Server Application installation is performed from the CD-ROM and includes all of the required files. You are prompted for the drive destination and the application is placed in the specified location. There are two installation .msi files located in the Installer folder:

• ForeseerInstaller.msi

• MsgManInstaller.msi This can be installed on a separate machine instead of the Foreseer server. This can be a good strategy as it allows the message manager to respond should the Foreseer server be down. If you do this, you’ll need to configure the Message Manager on the client machine to point to the Foreseer server (covered in the Message Manager Client Setup Guide) and configure the Foreseer Server to accept connections from this client (covered in “Trusted Mes-sage Manager Connections” on page 28).

Example: To install Foreseer Server software (the other .msi file installations are almost identical).

1. Insert the Foreseer Server Application CD into the Server PC’s CD-ROM drive.

2. Select Run… in the Windows Start menu and that dialog box is displayed.

3. Browse to locate the installation file on the Foreseer Server Application CD, then click OK. Installation setup begins, its progress reported until complete, at which time a Welcome dialog box is presented.

Figure 2.2 Running the Foreseer Installation File

4. Click Next> to continue; a dialog box is displayed to specify the program’s Instal-lation Folder.

5. Type or Browse… to identify the desired Installation Folder. Also specify whether the installation is for anyone using this computer or only you, then click Next> to continue with the installation.

Foreseer Server Installation

Program Installa-tion

CAUTION:

If upgrading from a previ-ous version of the Fore-seer Server, this procedure should only be performed by experienced personnel under the direction of Ea-ton technical support. Re-fer to the Release Update and the Release Notes for more information.

Note: Foreseer should be installed on the local hard drive with the most avail-able disk space. This may not be the C: drive.

Program Installation

4

Figure 2.3 Selecting the Installation Folder (default folder shown)

6. Click Next> to confirm that you wish to install the Foreseer software on your computer. A status bar reports on the progress of the installation.

7. When complete, click Finish to conclude the installation process. You may be prompted to reboot the system, although rebooting is not always necessary.

The installer will create a Foreseer program group in the Windows Start menu that includes the following:

Device Config - Launches the Device Configuration utility, which you can use to add devices to a running Foreseer Server.

Foreseer Server - Launches the Foreseer Server itself.

Documentation - Links to the various Forseeer manuals. Clicking these launches Adobe Acrobat (if installed) and loads a PDF copy of the selected guide.


5

Chapter 2. Configuring the Foreseer Server

The initial step in setting up Foreseer is to configure the Server. This includes estab-lishing password authorization, if desired, to protect the basic administrative opera-tions governing the maintenance of the application.

To configure the Foreseer Server:

1. After installation, the Foreseer Server is automatically launched. This starts the configuration sequence.

To manually launch the Foreseer server, select Start > All Programs > Foreseer > Foreseer Server.

2. Select Install a New Server and click Next>. The Server Configuration Wizard dialog box is displayed.

3. Make sure a Configuration Checklist at the back of this manual has been com-pleted for each of the connected Devices, then click Next to continue.

Figure 2.1 Foreseer Server Configuration Wizard Dialog Boxes


6

4. Identify this Foreseer Server for communication and reporting purposes by typing in a name, up to 29 characters. Click Next> to continue with the Server configura-tion.

Figure 2.2 SQL Server Configuration

5. You are required to enter the SQL Server connection string, as well as an account name and a valid password for access authentication. Enter the password a second time for verification. Asterisks are displayed to maintain system security. You can specify a Windows account if you are using Windows Authentication mode for SQL Server. You can also specify the Database File and Transaction Log Locations, if desired. With the necessary SQL Server information entered, click the Next> button.

Device Installation

7

6. You may optionally require password authorization before changes can be made to the Server. Password protection is recommended in critical installations to prevent inadvertent changes which could adversely affect the Foreseer system. Again, you must enter the Password in both fields to confirm it. Click Next>.

Figure 2.3 Administrative Password

7. Click <Back to change any of the chosen setup parameters, if necessary. Other-wise, click Finish to save the Server Configuration settings. The Server software is launched automatically.

The next step in the installation procedure is to populate the Server with the equip-ment that is to be monitored. New Devices can be added to Forseer one-at-a-time by the following procedure. See “Loading a Set of Devices” on page 11 for instruc-tions for batch loading a set of devices via a comma-separated values (CSV) file.

The Device Installation Wizard guides you through the procedure, prompting the nec-essary information and applying default parameters based on a standard list of moni-tored points for each Device. Individual settings for these points may be changed later (refer to Channel Properties).

To install a Device on the Foreseer Server:

1. Right-click in the Devices window and select Install New Device… to access that dialog box. Locate the Configuration Checklist for the new equipment, then click Next> to continue.

2. Select the appropriate Device from the list of supported equipment and click Next>.

Device Installa-tion

Note: Adding Devices requires first selecting the Start Server Configuration command in the Configu-ration menu followed by Install Device.

Device Installation

8

Figure 2.4 Selecting a Device

3. Accept the suggested Name for the Device, or enter another unique description, up to 24 characters, then click Next > to continue.

4. Specify whether the interface between the Server and the Device is a Network or a Serial Connection, as well as the appropriate type, and click Next>.

Figure 2.5 Selecting Communications Protocol

Note: TCP/IP protocol must be installed on the Server PC regardless of the type of Device con-nection. When utilizing a ConnectUPS Network Adapter, specify a UDP/IP connection. A VIM II Direct Serial Connection is used only when installing legacy Liebert equipment.

Device Installation

9

5. Enter the necessary Device Connection information:

For a Network Device, enter its IP Address or URL/Web address. This Address must be correct or the Server will be unable to communicate with the target equipment. Click OK to accept the entry and return to the Device Installation Wizard window.

Selecting Serial Connection prompts additional interface information. A Direct Serial Connection requires that you specify the COM Port to which the Device is connected and its communications settings. Accept the displayed serial Port or assign another from the drop down list of selections in the Serial Communica-tions Port field.

Press the Settings… button to display the Port’s Properties dialog box containing additional serial interface parameters. Click OK to enable the displayed param-eters and return to the Device Installation Wizard window.

Device Installation

10

6. Once the Device connection is properly configured, click Next> and Foreseer will attempt to establish connections with the specified equipment.

7. Verify that the information displayed about the Device corresponds to the infor-mation recorded on your Configuration Checklist. If not, Cancel the installation and recheck the Device. With the correct Device information displayed, click Next>.

8. With the target Device and the interface connection defined, click Finish to complete the installation. The new equipment will appear in the Devices window. Install any additional Devices, if necessary, using the same procedure for each.

If installation is unsuccessful or the Device information does not appear in the Identification window, go <Back and check that all configuration entries are proper and that hardware connections with the equipment are correct. After verifying the configuration and connections, once again attempt to install the De-

Loading a Set of Devices

11

vice. Contact Eaton Corporation - Foreseer Technical Support if Device installation problems persist.

9. With all Devices properly installed, click No to terminate the installation process. You may wish to select newly installed equipment in the Server’s Tree View and review the default settings assigned to each of its input channels. The Properties vary slightly depending on whether it is a Meter (analog) or Status (digital) chan-nel and they only can be changed by a User with Administrative authorization. Refer to Channel Properties for more information on these data point settings.

As an alternative to loading a single device via the wizard, you can load a set of de-vices by predefining these in a comma-separated values (CSV) file. This “device list” file has the following format:

device_type,device_name,vi_file_name,IP_address,driver_specific_info

Where:

device_type is either Modbus3, SnmpManager2, PowerSNMP, or Nothing. These are not case sensitive. The Nothing driver is provided as a “device” you can use when in-stalling derived channels. Note that for the SnmpManager2 device, you must have the TrapManager installed prior to adding devices. Failure to do this will require that you manually add the devices to the TrapManager (these devices will not communicate until this step is done).

device_name is the name that will be used in Foreseer for the device.

vi_file_name is the filename of the driver file for that device. This file is stored in the install_path/Foreseer/vi folder. Note that some driver file names may have a single comma. Foreseer will handle this correctly.

IP_address is the IP address for that device. Set this to none for the Nothing driver.

driver_specific_info is either the device ID (for Modbus) or the read community string for SNMP. Set this to none for the Nothing driver.

For example, the following .csv file loads five separate devices Powerware UPS 5125 devices:

PowerSNMP,5125-1,5-Powerware UPS 5125 Xslot SNMP.vi,10.22.50.32,public

Loading a Set of Devices

Backing Up the Server Configuration

12




You can load the .csv file into Foreseer through any of the following methods:

• The Foreseer Web Configuration Utility (see the help/manual for that utility for specific instructions). Note that the Web Configuration Utility expects the device list file to be in the install_path/Foreseer/vi folder.

• The Device Config Utility (see the help/manual for that utility for specific instruc-tions).

• The Foreseer Server. Instructions for loading the device list file follows:

To load a device list file through the Foreseer Server:

1. In the Configuration menu, click Start Server Configuration.

2. In the Configuration menu, click Install Devices from List.

3. In the Select CSV File dialog box, browse to the CSV file.

4. Click Open.

The file will be validated and, if no errors are found, loaded. Should errors be detected in the device list file, refer to the error dialog boxes and the log report.

It is strongly recommended that a backup be performed after initial system configu-ration as well as before and after any significant modifications to ensure maximum disaster recovery capability.

Significant changes are signaled via the Major Server Version System Channel.

The Backup archive includes the Foreseer Server configuration—data files are not backed up in this procedure. Automatic data backups can be scheduled under the Da-tabase menu (see Database Backups), but do not include information about the Server configuration.

To backup a Foreseer Server configuration:

1. Select Configuration Backup… in the Configuration menu to display the Save Server Configuration Backup As… dialog box.

2. Enter a File name for the backup, specify a different destination directory if nec-essary, then click Save to create the archive file.

Backing Up the Server Configu-ration

Automatic Configuration Backups

13

3. Click OK to continue once the backup is reported “Completed Successfully.”

You can schedule the configuration backups automatically at specified intervals.

A network drive is the recommended backup destination.

To schedule regular backups:

1. Select Backup… in the Server’s Configuration menu.

2. Specify when the backup is to be performed. The Start Time is based on a 24-hour clock: for example, 5:00 p.m. is entered as “17:00.” Note that the backup cannot occur within ten minutes of midnight and that there are restrictions based on the type of backup media. The Start Timeplus the duration of the archive can-not extend through midnight if archiving to a tape drive and it cannot be within the half hour preceding midnight if archiving to another disk drive.

3. Check the Day(s) of the Week on which the backup is performed. At least one day must be checked to enable this automatic feature.

4. Enter or browse to the desired backup path.

5. Click OK to enable the displayed Data Backup settings. Archiving will be per-formed automatically at the scheduled time on the selected day(s).

Much of the operation of Foreseer should be familiar to those who have used the Microsoft Windows Operating System. Foreseer’s online help facility furnishes more

Automatic Con-figuration Back-ups

Note: You can either co-ordinate the configuration archiving process with an existing tape backup pro-gram or copy it to another drive, if desired.

Online Help

Online Help

14

comprehensive information on program operation. You are urged to consult the Fore-seer Server online help files to learn more about all aspects of the application.

Hotspots within the various Help topics pop up specific information or quickly jump to related topics simply by clicking on them. These hypertext links are identified by their green color if they are textual, or the cursor changing to a pointing finger if they are graphic.

To access help, Select Help Index in the program’s Help menu to conduct a search of subjects. A subsequent Help window organizes assistance by Contents.

The Tree View, also available on the Client, provides a hierarchical display of the Server configuration much like Windows Explorer. If it is not displayed, select Tree View in the Window menu.

The left pane of the Tree View lists all associated Foreseer Servers as well as their subordinate Devices and Channels. The list, like Windows Explorer, is expanded and contracted by clicking on the “+” and “–” preceding the desired icon.

Selecting a Server, Device or Channel displays summary information about its constit-uent components in the right pane of the window. Listed Server information includes the Name, Address, frequency of Alarm and Channel Updates, whether the connec-tion is Enabled, whether the software Needs Updating and when the Last Update Check was performed. Device information lists its resident channels as well as the State, Value and Type of each.

Figure 2.6 Tree View

Selecting an individual channel similarly identifies its current State, Value and Type. Any of these listings may be resorted by clicking on the desired column heading. To sort Device channels alphabetically by Type, for example, click on that column heading; clicking the column header a second time resorts them in reverse order. Selecting a Server, Device or Channel and right-clicking presents a context-sensitive menu that allows Foreseer actions and responses to be performed depending on the chosen sys-tem component. The Tree View also provides an <Alarm Management> summary in the right window and allows <Reports> to be created and viewed on the Server. The available Report formats are the same as those offered through WebViews.

The Tree View

Note: The use of leading characters (such as “*” and “!”) in list names are used to ensure critical elements sort at the top of the list in larger Server configurations.

Server Properties

15

The Server Properties dialog box, accessed through the Server Properties… command in the Administration menu, allows a number of general settings to be specified. They are organized under four tabs:

General provides the name of the Foreseer Server whenever it is reported, such as in Message Management and in Report titles. It also quantifies the information that is written to the Log file. Other settings permit the Server to be enabled as a password-protected user rather than a local system account when running as a service and Watchdog Processing support to ensure ongoing system operation.

Remote settings allow connected Clients to restart the Foreseer application on the Server, perform a complete reboot of the Foreseer Server computer, and upload newer releases of Foreseer software and Device Drivers to the Foreseer Server.

Database specifies a Retry Time, in seconds, after which Foreseer will attempt to reconnect to SQL Server. Foreseer will continue to retry connections, using the speci-fied interval between tries, until a connection is established. The retry attempts can be temporarily disabled to avoid nuisance alarms, or this feature can be disabled entirely with a Retry Time setting of “0.”

Redundant System identifies the Server as a backup to ensure continued site moni-toring in the event the principal Server fails. A single redundant Server is designated as a Stand-Alone. In instances where there is more than one such Server, it must be identified as the Primary or Secondary Redundant in the backup system.

Server Proper-ties

Device Properties

16

Figure 2.7 Server Properties Tabs

The Device Properties dialog box furnishes operational information on each monitored piece of equipment. In addition to the standard tabbed settings, there may also be a Device-specific tab.

To view Device Properties:

1. Choose the Tree View command in the Window menu to display that system view.

2. Expand the left pane if necessary to locate the desired Device and click on it to highlight it.

3. Right-click and choose Properties… from the context-sensitive menu to display the General Device Properties dialog box.

Device Proper-ties

Note: Alteration of Device settings must be done with the Device disabled, which requires Administra-tive Authorization.

System Channels

17

4. Click on the appropriate tab(s) to access those Device Properties. They can be viewed in a read-only mode.

Figure 2.8 A typical Device Properties Page

Separate from individual Device inputs, Foreseer provides predefined System Chan-nels to monitor critical Server operations. Grouped together in the Tree View, they have predefined Properties that may be modified as desired, although alteration is not recommended:

Active Client Connections indicates the number of Foreseer Clients currently com-municating with the Server.

Archive Elapsed Time reports the time between high-resolution data archives.

Configuration Backup indicates when the backup of the Server configuration is no longer current: a system backup is recommended.

Database Archiving reports an alarm when data are not being logged into the Server database.

Database Backup alarms when a scheduled data backup was unsuccessful.

Database Status reports the current condition of the Server’s database. This channel alarms if any problems are detected in ac-cessing the database.

Digital Transition Rate reports the number of digital transitions per hour and sets the data type to be archived.

Disk Free Space displays the amount of disk space available on the local hard drive on which the Foreseer application is installed. This channel alarms when its value drops be-low the Lo Caution and Critical Limits set in its Basic Channel Properties dialog box.

System Channels

Channel Properties

18

Major Server Version indicates consequential changes to the Version Server configuration such as the addition or deletion of a De-vice or channel. It is strongly recommended a Configu-ration Backup be performed when this channel reports changes have been.

Minor Server Version indicates incidental changes such as the Version alteration of a channel’s properties have been made. A Configuration Backup typically is not necessary when this channel reports changes.

Server Configuration Mode shows if changes are currently being made to the server.

System Alarm indicates a system-wide problem not associated with database operations. The Log file can provide addition-al information on this condition.

System Warning indicates a minor system problem has been detected. The Log file can provide additional information on this condition.

Foreseer is shipped with some pre-configured Device settings. These parameters are defined during Server Device installation. You may selectively enter your own settings, if desired. Although any channel’s Properties reside at the Foreseer Server, they are available for display and/or modification by authorized Clients.

To alter Channel Properties:

1. Expand the list if necessary by clicking on the “+” preceding its associated Device’s name, then select the desired channel within the Tree View. A Meter (analog) channel is identified by a circle, a Status (digital) channel is a square, a text channel is indicated by a “T” and a clock symbol designates a date channel.

2. Right-click to display the context-sensitive menu and select Properties… to ac-cess its Channel Properties dialog box.

Channel Proper-ties

Note: If specified during Foreseer program instal-lation, Administrative Authorization is required to change Channel Proper-ties.

Channel Properties

19

3. Click on the desired tab in order to access those Channel Properties. The tabs dif-fer slightly depending on whether it is a Meter (analog) or a Status (digital) chan-nel.

The Meter Channel Properties dialog box defines an analog channel’s operational parameters:

• General Channel Properties identify the individual input as well as its display and archiving characteristics. Settings include a Description of the data point, its display Units and Archive rate. There are also selections to Disable and/or Disarm the channel.

• Basic Channel Properties define the data point’s Alarm Limits and correspond-ing Messages. It also assigns the channel Priority for alarm sorting functions. If you have created a derived channel that can be referenced by other channels for alarm settings, you can specify that derived channel as well.

To set up a derived channel for alarm referencing, first create a derived Analog channel and then set the alarm values. You can reference these through another channel by selecting Use Global Alarm Limits. You can then use the Global Chan-nel browse button to reference the derived channel you’ve created. Once you’ve referenced a derived channel its alarm values appear in the Basic tab, although you must enable them before they become active.

Figure 2.9 Analog Channel - Basic Channel Properties Tab

Advanced Channel Properties (shown) enable various responses to an alarm including Ack-Holdoff, Re-Arm and Delay Alarm intervals. These intervals postpone alarm re-sponse for the user-specified period. Alarm Latching can be enabled, if Alarm Latch-ing is not enabled then a Hysteresis value may be assigned. Hysteresis determines the threshold Value before a new alarm is reported for this channel. The Hysteresis setting is used to eliminate nuisance alarms when the channel’s current reading is near its set Alarm Limits. When an alarm occurs, the reading must drop below or rise above the threshold Value, then exceed the Limit once again before a new alarm is reported. Note that the Hysteresis setting is only available for non-Latching alarms. En-

Note: A channel’s scal-ing values should only be changed at the direction of Eaton personnel.

Channel Properties

20

able Scaling allows you to apply a linear scaling factor to the channel’s Minimum and Maximum Raw and Scaled Values.

Figure 2.10 Advanced Channel Properties Tab

Figure 2.11 Digital Channel - Basic Properties Tab

The Status Channel Properties dialog box defines a digital channel’s operational pa-rameters:

General Channel Properties identify the individual input as well as its display character-istics. Settings include a Description of the data point, its display True and False String. There are provisions to Disable and Disarm the channel.

Basic Channel Properties (shown) enable the data point’s Alarm and its corresponding Message. You also can specify if the channel Alarm Value is True or False, whether the condition is Cautionary or Critical, and its relative Priority for alarm sorting functions.

Advanced Channel Properties enable various responses to a detected alarm. They include Ack-Holdoff, Re-Arm and Delay Alarm intervals, which postpone those alarm responses for the user-specified period.

Alarm Latching can be disabled if desired.

User-Defined Channels

21

User-defined channels can be analog, digital, text or date-based to address specific monitoring needs. A Text Channel is used to enter a text string (or optionally a User-defined channel can be used to assign a text string to a text channel), such as the Device’s serial number for quick retrieval. A Date Channel can be used, for example, to generate an alarm notification that it is time to perform a scheduled maintenance procedure.

To create a User-Defined Channel:

1. Choose the Start Server Configuration command in the Configuration menu. The Server Configuration Mode System Channel turns yellow and

“********SERVER CONFIGURATION MODE********”

is displayed in the window’s title bar to confirm operational status.

2. If not already displayed, select Tree View in the Window menu.

3. Click on the desired Device icon on the left side of the Tree View, then right-click and select Add User-defined Channel… from the context-sensitive menu. The New User Defined Channel dialog box is displayed.

Figure 2.12 New User Defined Channel Dialog Box

4. Enter a unique Name for the new data point and specify if it is an Analog, Digital, Text or Date Channel, then click OK to display its corresponding Channel Proper-ties dialog box.

5. Enter the necessary General, Basic and Advanced Channel Properties as appropri-ate to define the channel’s settings. Date Channels present the standard analog Channel Properties while Text channels only have General Channel Properties.


Note: If specified during Foreseer program instal-lation, Administrative Authorization is required to change the Server Con-figuration.


22

Figure 2.13 User Defined Settings

User-Defined Analog and Digital Channels include a User Defined Equation tab which specifies the calculation used to determine their value (refer to the Fore-seer Server Online Help for a complete listing of available mathematical operators and conditional statements). It also allows the reported Values of other channels to be used in its calculation. Click on the Insert Channel button then locate it in

For more information about User Defined Equations, you can request training as well as a Technical Sup-port Bulletin from Eaton’s Foreseer Customer Service group.

Administrative Password

23

the Select Channel dialog box. Highlight the desired channel and press OK to insert it into the Equation at the cursor location.

Figure 2.14 User Defined Channels in the Tree

6.

6. With the channel’s settings specified, click OK and the channel is created under the designated Device in the Tree View. Analog channels are identified by a circle icon, digital channels by a square, text channels by a “T” and date channels by a clock.

7. Choose End Server Configuration in the Configuration menu to finish the edit-ing session and restore normal monitoring operations. Standard Meter (analog) and Status (digital) channels are similarly added to the Server configuration in response to new inputs using the Add Channel… command in the Edit menu. You can also Rename or Delete individual channels (or entire Devices) from the list by selecting them and choosing the appropriate command in the right-click menu. Refer to the Foreseer Server Online Help file for more information on all of these topics.

The Administrative Password may be changed, or assigned if one was not specified during initial Server configuration. This authorization is altered through the Change Passwords dialog box.

To change the Administrative Password:

1. Select the Change Passwords… command in the Administration menu to display the Change Passwords dialog box.

Figure 2.15 Change Passwords Dialog Boxes

Note: Renaming or de-leting existing channels or Devices can have an adverse effect on Foreseer Client configurations.

Administrative Password

Client Connection Password

24

2. Click on the Change Administrative Password button to display the appropriate dialog box.

3. Enter the Old Password (asterisks are displayed to maintain system security). If no Password was previously assigned, simply skip to the New Password field.

4. Enter the desired New Password.

5. Type the same character string in the Verify New Password field to validate the entry.

6. Click OK to save the New Password.

A Client Connection Password is used to prevent an unauthorized Foreseer Client from accessing the Server and modifying its configuration, such as changing Channel Properties. This password must agree with the Server Password entry on the Client or the two computers will not be able to establish communications. The Connection Password may be modified by a User with Server Administration privileges.

To change the Client Connection Password:

1. Select the Change Passwords… command in the Administration menu to display the Change Passwords dialog box.

2. Click on the Change Client Connection Password button to display that dialog box.

3. Enter the New Password, then again in the Confirm field in order to verify the change. Observe the same naming conventions as those used for other Foreseer passwords, such as case sensitivity.

4. Click OK to implement the New Password. Be aware that all subscribing Foreseer Clients must know and enter the New Password locally or they will not be able to access the Server.

Figure 2.16 Changing the Client Password

There are four configuration tasks for the message manager within the Foreseer Server:

Setup: Defines which devices or individual channels send alerts through Message Management as well as the configuration for various alarms and actions. You can also define the SNMP behavior.

Configure Required Connections: Identifies which Foreseer systems are required to be connected to this Server in instances where the Client normally performs Mes-sage Management functions. If any one of the listed systems becomes disconnected

Note: Passwords are case-sensitive; thus, “USER,” “User” and “user” are all recognized as different entries.

Client Connec-tion PasswordNote: Foreseer is shipped with “special” as the default Client Connection Password. DO NOT specify a Client Connection Password on a network hosting Clients running a prior version of Foreseer, or they will not be able to communicate with the Foreseer Server.

Message Man-ager

Message Manager

25

from the Server, Foreseer Message Management begins its messaging routine to alert personnel of alarms.

SNMP Properties: Sets global SNMP resend properties.

Trusted Connections: Defines a set of trusted machines that are permitted to con-nect to the Message Manager.

For instructions about how to configure the Message Manager through its configura-tion utility, see the Message Manager Client Setup Guide.

SetupUse this to configure Message Manager settings for the server, devices, or individual channels.

1. Select the Setup command from the Administration > Message Management > submenu.

2. Right-click any server, device, or channel in the list, and click Edit.

3. For individual channels, you can set whether or not to use the default Notification List (this checkbox is under the Default tab). For channels, devices, and servers you can set behavior for Critical and Cautionary alarms, as well as when an alarm is acknowledged or normal status is attained. You can specify:

� The notification list to use.

� Whether to send a message if required connections are missing.

� Parameters for Alpha Messages. You can either choose to use the standard message and configure it with the checkboxes or select Use Custom Mes-sage (under Alpha Message). If you are using the standard message, you can select to include the Server Name, Device Name, Channel name, as well as a user defined message.

If you choose Use Custom Message, you have access to all of the Message Manager variables. Click Edit the Custom Message to access the message editor dialog box.

When creating a custom message, you can use the following variables to provide additional alarm information:

$SERVER_NAME$ - returns the server issuing the alarm.

$DEVICE_NAME$ - returns the name of the device issuing the alarm.

$CHANNEL_NAME$ - returns by the name of the channel

$ALARM_MSG$ - returns the alarm message.

$DATE$ - returns the current date.

$SERIAL#$ - returns the serial number of the device that issued the alarm.

$ACKED_BY$ - returns the user name that acknowledged the alarm.

$CHANNEL_VALUE$ - returns the current value of the channel.

$CHANNEL_UNITS$ - returns the units used by the channel.

$ALARM_VALUE$ - returns the channel value at the time of the alarm.

$ALARM_STATE$ - returns the current state of the alarm.

Message Manager

26

$ALARM_PRIORITY$ - returns the alarm priority.

$ACK_NOTE$ - returns the text, if any, that was entered as a note when the alarm was acknowledged.

� The command line to use for the Command Line service. This allows you to change the command line issued for each alarm state or status.

Once these are configured, you can copy the settings to the other alarm or status tabs using the buttons at the bottom of the dialog box.

Figure 2.17 Channel Message Settings Dialog Box

4. If you are also configuring SNMP traps, click the SNMP tab:

a. For both Critical Alarm and Cautionary Alarm, select one of the 25 predefined traps or leave the setting at Do not send a Trap.

b. Set the Alarm Events parameters. You can choose to also send a trap on alarm acknowledgement or return to normal.

5. Click OK.

Message Manager

27

Figure 2.18 SNMP Settings

SNMP Resend ParametersThrough this dialog box you can globally set the trap resend behavior. These settings apply to all channels, devices, and server for which SNMP traps are configured. To access it, select the SNMP Properties command from the Administration > Message Management > submenu.

Figure 2.19 SNMP Properties Dialog Box

Message Manager

28

Required Connections1. Select the Configure Required Connection command from the Administration >

Message Management > submenu to display the Required Connection Settings dialog box.

Figure 2.20 Required Connection Strings Dialog Box

2. Click on the Add button to access the Enter Client IP Address dialog box.

3. Furnish either the Foreseer message management host network address or com-puter name and click OK.

4. Check the box preceding the address to enable server access by that client.

5. Specify the Startup Delay during which the server will ignore any clients that become disconnected. This delay is in effect whenever the server is initialized, or when modifications have been made to the system.

6. Repeat the process to add other Foreseer clients to the list.

7. Click OK to accept the displayed settings.

Trusted Message Manager ConnectionsWhen setting up the Message Manager on client machines, you must define them as having trusted IP addresses or machine names within the Foreseer Server. To access the dialog box, select the Trusted Connections command from the Administration > Message Management > submenu Click the Add button to add machines to the list. Select an entry and click Remove to delete it. Use the Edit button to change an entry.

Remote Server

29

Figure 2.21 Trusted Message Manager Connections Dialog Box

A local Foreseer Server can serve as host to a remote Foreseer Server. Once defined, the Remote Server appears on the Tree View as another computer and can be modi-fied locally. A Password provision adds another layer of security by restricting access to authorized personnel.

To add and connect to a Remote Server:

1. With the Server’s Tree View displayed, choose Start Server Configuration in the Configuration menu. The Server Configuration Mode System Channel turns yel-low and

“*******SERVER CONFIGURATION MODE*******”

is displayed in the window’s title bar to confirm operational status. Select Add Remote… in the Configuration|Remote Management submenu (or right-click in the left pane of the Tree View) to view that dialog box.

Figure 2.22 Add a Remote Dialog

2. Identify the Server by entering its Name and Address followed by the valid Pass-word.

3. Accept the defaults for Alarm,Channel Updates and Connection Time-out, or enter new settings.

4. Specify whether to automatically Connect to this Server at startup and to Syn-chronize the Remote’s clock on connection. You also can Connect (and Discon-

Remote Server

Heartbeat Server

30

nect) the Remote Server manually using the context-sensitive menu in the Tree View.

5. Click OK and the Server attempts connection with the Remote Server. Once connection is established, the new Remote Server appears in the Tree View hierarchy. Its display can be updated on demand by selecting the Update Remote Server command in the Remote Management submenu or in the context-sensi-tive, right-click menu.

6. Choose the End Server Configuration command in the Server’s Configuration menu to return to normal Foreseer operation.

A Backups folder is created containing sub-folders for each Remote Server that is added to the system. If a Remote Server configuration changes, as indicated by the Major Server Version System Channel, the Local Server will request a configuration backup. The resulting archive file is uploaded to the respective Remote’s sub-folder to ensure a current backup is available.

A more direct method of monitoring multiple Foreseer Servers is through the Heart-beat function.

Heartbeat is a recurring signal issued from one or more Slave Servers to a Master Server verifying that they are operational. It is particularly recommended in remote Server installations. Establishing this relationship requires specifying the Master Server and identifying its Slave Servers.

Only one Master Heartbeat Server can be specified to report the Heartbeat status of its Slaves. A digital channel (“Master Status”) is installed as a Device on this Master Server:

1. Choose the Start Server Configuration command in the Configuration menu. The Server Configuration Mode System Channel turns yellow and



2. Select Configure Master Heartbeat Server in the Administration|Heartbeat Serv-ers submenu.

3. Enter a Slave Server Name. The Name must match that which appears in the target Server’s Properties dialog box exactly or the two Servers will not commu-nicate properly.

4. Enter Heartbeat Interval, the number of minutes to elapse between each issu-ance of the Slave Server’s Heartbeat signal.

5. Click Add Slave to include the specified Foreseer Server in the list box.

Heartbeat Server

Heartbeat Server

31

Figure 2.23 Master Heartbeat Configuration Dialog Box

6. Repeat the process, identifying additional Slave Servers and specifying their re-spective Heartbeat Intervals, to include them in the list.

7. Click Finish to complete the Master Heartbeat Server configuration.

8. Select End Server Configuration in the Configuration menu to restore the Fore-seer Master Heartbeat Server to normal operation.

A Master Heartbeat entry is created in the Tree View window. In addition to a Master Status channel, which reflects the current state of this function, the following status channels are reported for each Slave Server when it issues its Heartbeat signal:

• Criticals are its currently active Critical Alarms.

• Cautions are the active Cautionary Alarms.

Figure 2.24 Master Heartbeat Entry and Related Channels

Acks are its currently Acknowledged Alarms. Interval is the Slave Server’s Heartbeat Interval.

Slave Heartbeat Server

32

Countdown is the time remaining before the Slave Server’s next Heartbeat signal is due. It counts down once a minute and will report a Cautionary alarm if the Heartbeat signal is (by default, 10 minutes) overdue.

As with other Channels, any of these Status Properties can be modified to indicate the desired settings. Any changes take effect with the subsequent Heartbeat signal.

A Slave Server can send its Heartbeat signal to the Master Server either via the Local Area Network or through Dial-Up Networking; the latter only attempted if the primary LAN signal fails. At least one Slave Server must be identified to the Master Server to perform this Foreseer function.

To configure a Server as a Heartbeat Slave:

Figure 2.25 Slave Heartbeat Configuration Dialog Box

1. Choose Tree View in the Window menu to display that View if it is not already vis-ible. The Server Configuration Mode System Channel turns yellow and



2. Select Start Server Configuration in the Configuration menu to initiate changes.

3. Select Configure Slave Heartbeat Server in the Heartbeat Servers submenu.

4. Enter the LAN Address and the Dial-Up Address of the Master Heartbeat Server. Also specify the Phonebook Entry to be used for this connection.

5. Check Enable the Slave Heartbeat Function.

6. Click OK to return to the Tree View.

7. Select End Server Configuration in the Configuration menu to restore the Slave Heartbeat Server to normal Foreseer operation.



33

Chapter 3. WebViews

WebViews allows you to custom design all aspects of your site through an extensive collection of drawing tools and view it through Microsoft Internet Explorer. You can create as much complexity as you like without learning the intricacies of web design. The first thing to remember when starting any project is to plan. The more planning you do initially, the less trouble you will encounter during the course of the project.

The Foreseer WebViews editor is relatively simple to learn. A user with a basic back-ground in web design and image creation software should be proficient on the soft-ware in less than a day. Keep in mind that you can create many of the assets that you need inside the WebViews, but some elements such as .jpg, .gif, .png, and flash components require additional software to create.

Right-clicking WebViews in the Tree View produces a context menu with commands to:

• Create a WebViews Folder (and its associated page)

• Create WebViews pages (or entire “branches” within the tree) using pre-defined template files.

• Re-create WebViews pages (or entire branches within the tree), restoring them to their default settings. This is valuable if you corrupt one or more pages.

Note: Refer to Foreseer Server Online Help, the WebViews Editor Guide, and the Web-Views Users Guide for information on the available WebViews tools and their use.

Creating WebViews Folders and Pages

34

Creating FoldersWhen you create a new WebViews folder (and its related WebViews page), it is actu-ally created as a child of the current location under WebViews in the Tree. For exam-ple, if you have selected the top of the Tree (<WebViews>), the folder is created under that. If you’ve selected an existing folder, the new folder is created as a child of the selected folder.

To create a new folder (and page):

1. Right-click a Location in the WebViews tree.

2. Select New Folder.

Using Templates to Create a Page or TreeTemplates provide a way to build WebViews pages quickly by using one page as a model for others. The following section outlines how to create templates. The Tem-plates menu provides the following functions:

The Create Page from Template/Create Tree from Templates commands create a Web-Views page or a section of the WebViews tree from the specified Template file. The page(s) can include specified Devices and their Channels.

To create a WebViews page or tree section from a template file:

1. Right-click the location for the page in the WebViews tree and select Templates Create Page from Template or Create Tree from Template

2. Select the .tpf template file to use. Template files for the currently selected folder in the templates tree are in the right pane. You can navigate through the tree (left pane) to select files in other locations in the tree.

3. Click Open.

4. Select Use the same objects that are in the template to link to these objects au-tomatically (if they are still available on the server). Selecting this option prepopu-

Creating Web-Views Folders and Pages


35

lates the Device to Use field in the next dialog box. If you wish to select another device at that point, you still can even if this option is selected.

5. In this step, you must select the device in the template and match that to an existing device in the server. The Device to Use field shows the currently select-ed device. You can select the server in the left pane and any device on the right pane. If you do not select a device identical to what was in the template, objects in the WebViews page will not have matching Channels and must be manually relinked.

Creating TemplatesIf you’re using Create Single Template the resulting template file is based on the se-lected WebViews page. This file will can then be used to create a copy of this Web-Views page at different locations in the tree. If you’re using Create Templates for Tree, the resulting template file can be used to create a copy of the selected WebViews page and all of its children. You can use this function to rapidly recreate repeating tree structures throughout the WebViews tree. For both functions, you can specify the device to use when specifying attached channels.

To create a template file:

1. Right-click a folder in the WebViews tree and select TemplatesCreate Single Template or TemplatesCreate Templates for the Tree. If you are using the Create Templates for Tree function, all of the child folders will also be included in the template file.

2. Select a location in the Web Templates tree and specify a file name for the .tpf template file. You can use the New Folder button to create a new folder as a child of the folder currently selected in the Web Templates tree. This simply creates a folder in the Foreseer Server file system (under \Program Files (x86)\Eaton Corpo-ration\Foreseer\Web Templates).

Running Foreseer and the Message Manager as a ServiceAfter configuring the Foreseer Server, it and the Message Manager must be run as a Service within the Windows operating system under the local system (User Name and Password ) account. In rare installation instances, the Server initially may have to be defined as a Service, or it may be desirable to uninstall it as a Service for other reasons. The Server Service Setup dialog box allows installation and removal of the Server as a service.

To launch the Service Setup dialog box, navigate to the C:\Program Files\Eaton Cor-poration\Foreseer folder and double click the ServiceSetup.exe file. Select Install or Uninstall and click OK to execute the desired function.


36

Han

dsh

akin

g

Flow

Co

ntr

ol

Disa

bled

/ N

one

Sto

p

Bit

s

UPS

#1 C

OM 2

960

0 8

1

Dat

a

Bit

s

Non

e

Pari

ty

Bau

d

Rat

e

Ser

ial P

ort

Co

nfi

gu

rati

on

Ch

eckl

ist

Ser

ial S

etti

ng

s

Net

wo

rk

Set

tin

gs

Ad

dre

ss

N/A

IP

Dev

ice

N

ame

Exa

mp

le

Nu

mb

er

Dev

ice

19

20

21

22

23

24

25

26

27

28

29

30

31

32

17

18

1. An IP Address is required if using a network connection.

2. Serial Communications Settings must be configured on both the Device and within Foreseer if using serial connections.

N/A


37

Exam

ple

Nu

mb

er D

evice

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

UPS #2

Device

Nam

e

189.100.150.22

Netw

ork

Ad

dress

Settin

gs

IP

Serial Po

rt B

aud

R

ate

Serial S

etting

s

Parity

N/A

Data

Bits

Sto

p

Bits

Han

dsh

aking

Flow

Co

ntro

l

Co

nfi

gu

ration

Ch

ecklist

N/A

N/A

N/A

N/A

N/A


38

WebViews allows a user to view installed devices on the Foreseer Server and the system status via Internet Explorer (version 7, 8 or 9). A user’s visual access level and rights can be closely controlled through WebViews authentication and authorization. Viewing access can be granted to the entire system or to the granularity of viewing a single page. Control of the system can be broad-based or locked down entirely. The WebViews server can be enabled over the HTTP protocol (non-secure), the HTTPS protocol (128-bit encryption using SSL) or both.

Figure 4.26 Web Server Protocol Options from the Foreseer Server

The authorization level granted to a user will depend on the authorization options that are in effect for the HTTP and HTTPS servers and the credentials the user presents to the server. Under no circumstances will the WebViews HTTP(S) server allow access to any file or folder above the root of the WebViews folder.

Authentication requires that a user provides both a Username and Password (their credentials). The user’s credentials are passed to the Windows default security pro-vider for validation. The credentials must represent a valid Windows user account and depending on the Security Policies at your site, the account may need the Log on locally permission on the computer where the server is running. After the credentials have been validated, the server then checks to see what Groups the user is a member of.

The WebViews server currently provides three classes of authorization: ADMIN, ROOT and TOP (or Branch). The ADMIN authorization class grants the user all rights. ROOT authorization grants an account the right to View the Tree and View Alarms. TOP (Branch) authorization grants a user the ability to view a specific branch of the tree.

A TOP level folder is defined as a folder that is a direct child of /WebViews (the root folder). When an account has TOP authorization, they have access to the TOP (branch) folder and all channels and folders under (or descendants of) the branch folder. If an account has membership in both the TOP group and the ROOT group, the user will be granted the higher-level ROOT authorization (or rights).

ADMIN authorization is requested by using the root path of /WebAdmin/ instead of /WebViews/. An account that is a member of the ADMIN group (PXSauthAPPADMIN) will be granted all rights.

Authorization Levels

Chapter 4. WebViews Security

04/27/12 - Foreseer Server Guide 39

40 WebViews User's Guide - 04/27/12

When a user has been authorized at the Branch level, they may not view or access any data or pages outside of the branch they have been authorized for.

The WebViews server will cache the last credentials that were presented and the rights associated with the credentials. As long as the Internet Explorer session per-sists, WebViews will check the credentials presented by the browser with the current request against the cached credentials. If they match, the WebViews server can skip the time-consuming step of further Authentication and Authorization.

When a new session is started or the cached rights are not sufficient for the current request, WebViews will reply to the request with an HTTP 401 status code. A 401 sta-tus is known as an Authorization Challenge. When the browser receives a challenge, it will present the user with a Logon dialog. The user has three tries (the three-strike rule) to provide credentials that the server will accept. If the user cannot provide valid credentials, the browser typically displays a blank page. The WebViews server uses HTTP Basic Authentication. The browser encodes the credentials supplied by a user and sends it to the WebViews server in the HTTP Authorization header field.

Caution: As the credentials are only encoded (not encrypted), they are subject to being intercepted and decoded. To keep credentials secure it is highly recommended that the site uses the HTTPS (secure) server when authorization is enabled. The HTTPS server uses 128-bit encryption which guarantees that even if the information that is sent is intercepted, it cannot be decoded.

A WebViews folder tree can be graphically represented as such:

WEBVIEWS /webviews

BASEMENT /webviews/basement

UPS 1 /webviews/basement/ups 1

ATS 1 /webviews/basement/ats 1

FLOOR 1 webviews/floor 1

GEN A webviews/floor 1/gen a

GEN B webviews/floor 1/gen b

FLOOR 2 webviews/floor 2

AC 1 webviews/floor 2/ac 1

AC 2 webviews/floor 2/ac 2

AC North webviews/floor 2/ac north

WEBVIEWS is at the Root level. BASEMENT, FLOOR 1, and FLOOR 2 are the Top level. The devices would be at the Branch level.

A TOP level folder is a direct child of the root folder (WebViews in the example tree). TOP folders define a branch which includes the TOP folder and all folders that are descendents of the TOP folder. Basement, Floor 1, and Floor 2 are all TOP folders. The Floor 1 branch includes the following folders: /WebViews/Floor 1, /WebViews/Floor 1/Gen A and /WebViews/Floor 1/Gen B.

04/27/12 - WebViews User's Guide 41

Accounts

Accounts are managed by Windows and may be Local Users or Domain accounts. To allow a specific right, create a Local Group (local to the computer where the Foreseer Server is installed and running) from the following choices:

• PXSauthADMIN - All rights, except access to Web Configuration utililty.

• PXSauthAPPADMIN - Access to the Web Configuration utility.

• PXSauthROOT – View all branches with view alarm permission

• PXSbranch+folder – View specified branch and folder

• PXSrightViewTree – View all branches of the tree

• PXSrightViewAlarms – Grants permission to view active alarms

• PXSrightViewProps – Grants permission to view a channel’s properties

• PXSrightAlarmActs – Grants permission for alarm management (ack/rearm)

• PXSrightControl – Grants permission to access a channel’s control ability

• PXSrightEditProps – Grants permission to edit a channel’s properties

Some of the rights also imply others as follows:

• PXSrightViewAlarms .....................PXSrightViewTree

• PXSrightAlarmActs ........................PXSrightViewAlarms

• PXSrightEditProps .........................PXSrightViewProps

To disable authorization completely, define the following group. The presence of this group is all that's required, you do not need to add any accounts to it.

• PXSauthNONE – Grants admin permission to everyone.

Note: You can test each account if you wish through the Authentication tab on either the HTTP or HTTPS server dialog box. Click the Account Test button and then enter the Username and Password for a Windows User. If you wish, you can also specify a branch of the Webviews tree to test for access privileges.

Updating User Groups

Foreseer queries the list of users and groups at startup, therefore if you make a change to either the list of users or to groups this won't be read until the next time

42 WebViews User's Guide - 04/27/12

the Webviews Server starts. To force a query of the list of users and groups, you can do one of two things:

• Restart the Foreseer Server itself.

• In the Foreseer Server, select the Webviews server through Administration > Webviews Server. In the General tab, click the OK button. This restarts the Web-views server.

04/27/12 - WebViews User’s Guide 43

Note: To maintain security in critical site applications, it is recommended that there be only one System Administrator per Web Server.

Administration features which control access to several WebViews functions are established on the Web Server and applied globally to all WebViews users. User login and password privileges are individually assigned by the System Administrator via indi-vidual users’ memberships in various Windows Users Groups. Refer to the Webviews Security chapter for a list of user groups and the privileges they grant.

Enabling a WebViews ServerAs noted, WebViews is an extension of the Foreseer Server application. Thus, a Foreseer Server must be enabled as a WebViews Server in order to be able to display WebViews.

To establish a Foreseer Server as a WebViews Server:

1. On the Foreseer Server, select WebViews Server in the Administration menu. Note that there are two types of WebViews Servers in the submenu: HTTP (non-secure) and HTTPS (secure). The procedure is identical for both types.

2. Choose the appropriate WebViews Server type and its Properties dialog box is displayed.

3. Click on the General tab, check Enable the…WebViews Server and click OK to activate WebViews.

Figure 5.1 Webview Server Dialog Box

Note: You can use the Authentication tab to test the privileges (Windows user group memberships) for any Windows user.

Safeguarding the information stored in the Foreseer Server database while allowing Internet access can present problems if the data is sensitive. Increasingly, organiza-tions are using digital Server Certificates to ensure confidential communications

HTTPS (Secure) Web Server

Chapter 5. WebViews Administration

44 WebViews User’s Guide - 04/27/12

between the Server and Client. Foreseer has implemented a Secure Sockets Layer (SSL) protocol which can be used to authenticate both Client and Server, as well as encrypting the information they exchange through the HTTPS Server feature. Use of the secure Foreseer HTTPS Server requires a Private Key Password and a Server Certificate.

User authentication and access control historically are based on a name/password scheme. But this approach requires management of a name/password database and provides limited security. A digital Certificate is a type of identification in the form of a data file that links an organization’s identity to their ownership of a Public Key. This Public Key, embedded in the Certificate, is uniquely linked to a corresponding Private Key Password to which only the owner of the Certificate has access. The two Keys and the corresponding Certificate are used not only for user authentication and access control, but also for such security measures as message integrity. Such an approach affords a secure form of authentication on both ends of the connection.

Certificates of Authentication can be self-signed or purchased from a third-party source, depending on individual corporate policy. Third-party Certificate Authorities specialize in Certificate issuance and subsequent management. They take responsibil-ity for ensuring that the company requesting the Certificate actually is the company it claims to be, as well as verifying anyone attempting to access the resident database. A utility is provided in the Server folder to facilitate obtaining third-party certification.

The Foreseer HTTPS Web Server is enabled almost identically to the HTTP Web Server. The exception is an additional tab which requires the Private Key Password be entered to ensure any secure communications between the Server and Client.

04/27/12 - WebViews User’s Guide 45

If you have administrative privilege, you can access some administrative functions directly from a Webviews page. Right-click to produce the short-cut menu and then select Server Admin.

Figure 5.2 The Server Admin Menu

The Server Admin menu provides the following capabilities:

Start Database: Begin data archiving for the Foreseer Server.

Stop Database: Halt data archiving for the Foreseer Server.

Config Backup: This creates a backup of the current Foreseer system configuration, and should be done after the initial system configuration and after any significant modifica-tions.

Restart Foreseer: This restarts the Foreseer Applications/Service on the Foreseer server machine. Restart occurs five seconds after issuing this command.

Restart Windows: This restarts Microsoft Windows on the Foreseer server machine. A Windows Restarts is initiated five seconds after this command is issued.

New Logfile: Starts writing system information to a new log file.

Get Logfile: Runs a Logfile report.

Upload File: Uploads files (useful for system updates).

Server Admin Menu

46 WebViews User’s Guide - 04/27/12

foreseer server guide (1)

Documents