TAC Vista

Transkrypt

TAC Vista

TAC Vista
TAC Pangaea
WorkStation
TAC Software
Installation Manual
TAC Vista
TAC Software
Installation Manual
Copyright © 2006-2010 Schneider Electric Buildings AB. All rights reserved.
This document, as well as the product it refers to, is only intended for licensed users. Schneider Electric Buildings AB owns the copyright of
this document and reserves the right to make changes, additions or deletions. Schneider Electric Buildings AB assumes no responsibility for
possible mistakes or errors that might appear in this document.
Do not use the product for other purposes than those indicated in this document.
Only licensed users of the product and the document are permitted to use the document or any information therein. Distribution, disclosure,
copying, storing or use of the product, the information or the illustrations in the document on the part of non-licensed users, in electronic or
mechanical form, as a recording or by other means, including photo copying or information storage and retrieval systems, without the express
written permission of Schneider Electric Buildings AB, will be regarded as a violation of copyright laws and is strictly prohibited.
Trademarks and registered trademarks are the property of their respective owners.
TAC Software, Installation Manual
Contents
Contents
INTRODUCTION
1
About this Manual
1.1
1.2
Structure .....................................................................................................................
Typographic Conventions ..........................................................................................
9
9
10
REFERENCE
2
3
4
TAC Vista Server with Workstation Installation
13
2.1
2.1.1
2.2
2.2.1
2.2.2
2.3
2.4
2.5
2.6
14
14
16
16
16
17
17
18
19
Microsoft SQL Server ................................................................................................
Authentication ............................................................................................................
Connecting to a Remote SQL Server .........................................................................
Starting The SQL Server Browser Service ................................................................
Setting SQL Server to Allow Remote Connections ...................................................
SQL Configuration.....................................................................................................
New TAC Vista Server with Workstation Installation ..............................................
TAC Vista Server with Workstation Upgrade ...........................................................
If You Install from a CD ............................................................................................
Windows Security Settings for TAC Vista
21
3.1
3.2
3.2.1
3.3
3.3.1
3.3.2
3.3.3
3.4
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.5
3.5.1
3.6
22
22
22
24
24
24
26
29
29
29
30
30
34
37
40
40
45
Vista System with One Vista Server ..........................................................................
Vista System with Several Vista Servers ...................................................................
Setting a Windows Firewall Program Exception .......................................................
Vista System with Remote Access on a Domain .......................................................
Setting a Windows Firewall Port Exception ..............................................................
Configuring Access Permissions on My Computer ...................................................
Vista System with Remote Access in a Workgroup or a Non-NT Domain...............
Setting a Windows Firewall Port Exception ..............................................................
Configuring Access Permissions on My Computer ...................................................
Configuring Launch and Activation Permissions on My Computer..........................
Configuring Launch and Activation Permissions on TACOS ...................................
Configuring Access Permissions on TACOS ............................................................
Vista System with Web Access..................................................................................
Configuring Launch and Activation Permissions on My Computer..........................
Restrict User Access to TAC Vista Resources ..........................................................
Installing TAC Vista Webstation
47
4.1
4.2
47
48
Activate ASP.NET 4.0 ...............................................................................................
Activate ASP.NET 2.0 ...............................................................................................
Schneider Electric Buildings AB, Feb 2011
04-00001-05-en
5 (80)
Contents
4.3
4.4
4.4.1
4.5
4.6
4.7
4.8
4.9
4.9.1
5
Webstation Themes ....................................................................................................
SSL – Secure Sockets Layer.......................................................................................
Secure Sockets Layer (SSL) with Dynamic TGML Viewer ......................................
Localization ................................................................................................................
Utilizing HTTP Compression.....................................................................................
Using Vista Webstation Views in Web Portals or as Stand-Alone Browser Views ..
Disabling Worker Process Recycling and Shutdown .................................................
Displaying Dynamic TGML Graphics .......................................................................
Changing TGML Graphics Display Mode .................................................................
48
50
51
61
62
62
63
64
65
SQL Technical Information
67
5.1
5.1.1
5.1.2
5.1.3
5.1.4
5.2
5.2.1
5.2.2
5.2.3
5.3
5.4
5.4.1
67
68
69
69
70
70
70
71
72
73
74
75
Index
6 (80)
TAC Vista and SQL Privileges ..................................................................................
Feature Background....................................................................................................
Typical SQL Configuration........................................................................................
Custom SQL Configuration........................................................................................
Privilege Comparison Chart .......................................................................................
SQL Configuration Troubleshooting..........................................................................
Errors that Require SQL Server Reconfiguration ......................................................
Amendable Errors.......................................................................................................
Select SQL Admin Login or Generate Scripts ...........................................................
Manual Log Database Schema Upgrade ....................................................................
Log Data Migration ....................................................................................................
Reconfiguring SQL Server Settings for TAC Vista ...................................................
77
04-00001-05-en
INTRODUCTION
1
About this Manual
1
1 About this Manual
About this Manual
This manual describes a particular process. For information on certain
products, we refer you to the manual or Help for the product in question.
For information on how to install software, we refer you to the instructions delivered with the software.
For information on third party products, we refer you to the instructions
delivered with the third party product.
If you discover errors and/or unclear descriptions in this manual, please
contact your Schneider Electric representative.
Note
•
We are continuously improving and correcting our documentation. This manual may have been updated.
Please check our Docnet site at www.tac.com for the latest version.
1.1
Structure
The manual is divided into the following parts:
•
Introduction
The Introduction section contains information on how this manual
is structured and how it should be used to find information in the
most efficient way.
•
Reference
The Reference section contains more comprehensive information
about various parts of the Getting Started section. It also provides
you with information on alternative solutions not covered by the
Getting Started section.
04-00001-05-en
9 (80)
1 About this Manual
1.2
Typographic Conventions
Throughout the manual the following specially marked texts may occur.
!
Warning
•
Alerts you that failure to take, or avoid, a specific action might
result in physical harm to you or to the hardware.
Caution
•
Alerts you to possible data loss, breaches of security, or other
more serious problems.
Important
•
Alerts you to supplementary information that is essential to the
completion of a task.
Note
•
Alerts you to supplementary information.
Tip
•
Alerts you to supplementary information that is not essential to
the completion of the task at hand.
Advanced
•
10 (80)
Alerts you that the following information applies to complex
tasks or tasks restricted by access.
04-00001-05-en
REFERENCE
2
TAC Vista Server with Workstation
Installation
3
Windows Security Settings for
TAC Vista
4
5
2
2 TAC Vista Server with Workstation Installation
Installation
TAC Vista Server with Workstation can be downloaded from the
Schneider Electric extranet or installed from a CD.
For more information on how to install TAC Vista Server with Workstation, see Help accessible from the installation program.
It is recommended that you install Microsoft Excel before installing
TAC Vista Server. Excel is required for reports in Vista.
Caution
•
•
If you are going to install TAC Vista Web Applications on the
same computer as TAC Vista Server with Workstation:
•
Remove any certificates installed on the Web server before
installing Vista.
•
Reinstall the certificates after installation.
For more information see:
http://support.microsoft.com/kb/309398
Tip
•
For information on how to order licenses, see the TAC Licenses
Installation Manual.
•
For more information on how to use licenses, see Help accessible
from the TAC Vista Server with Workstation installation program.
04-00001-05-en
13 (80)
2.1
Microsoft SQL Server
Before starting the TAC Vista Server with Workstation installation, you
should consider which Microsoft SQL Server you want to use:
•
A Microsoft SQL Server 2005 Express Edition installed by the
TAC Vista Server with Workstation installation program
•
A new SQL Server
•
An existing SQL Server
Note
•
Microsoft SQL Server 2005 Express Edition is installed with
SP3, which is required for computers running Windows 7 (32 bit
and 64 bit) or Windows Server 2008 (32 bit and 64 bit) systems.
For more information on the different SQL Server options, see Help
accessible from the TAC Vista Server with Workstation installation
program.
2.1.1
Authentication
When installing a new Microsoft SQL Server, you should consider
which authentication method to use when clients (including TAC Vista)
want to access SQL Server.
There are two options:
•
Mixed mode authentication
•
Windows authentication
Mixed mode authentication
With mixed mode, SQL Server can grant access to applications that
identify themselves using a Windows account or using a SQL login
defined in SQL Server.
If you want SQL Server to allow access to clients, for example, TAC
Vista Server, using SQL authentication, you have to set SQL Server in
mixed mode.
14 (80)
04-00001-05-en
Windows authentication
With Windows authentication, SQL Server only grants access to applications that identify themselves using a Windows account defined in
SQL Server.
Important
•
If you choose to use Windows authentication, it is recommended
that you run Vista Server as a service.
•
If you want to run Vista Server as a service, you need to configure the service to run under a Windows user account set up in
SQL Server.
•
If you do not want to run TAC Vista as a service, you have to log
on to the Vista Server computer with a Windows user account set
up for Vista on SQL Server, and start Vista Server interactively.
Otherwise the storing and reading of log data will not succeed.
•
If you run TAC Vista and SQL Server in a workgroup, it is recommended that you use SQL Server authentication.Connecting
to remote SQL Servers using Windows authentication in workgroups is not supported by TAC Vista.
Note
•
If you are not going to install SQL Server, check with the customer SQL administrator for information on which authentication mode is being used.
If your system requires maximum security, you have to set SQL Server
in Windows authentication mode.
For more information on the different authentication options, see Help
program.
04-00001-05-en
15 (80)
2.2
Connecting to a Remote SQL Server
In order for TAC Vista to be able to connect to a remote SQL Server you
have to make a number of settings:
2.2.1
•
The SQL Server Browser service has to be started
•
SQL Server 2005 has to allow remote connections
Starting The SQL Server Browser Service
The SQL Server Browser service exposes SQL Servers to computers on
the local network.
To start the SQL Server Browser service
1
On the computer running SQL Server, in the Surface Area Configuration window, click Surface Area Configuration for
Services and Connections.
Tip
2.2.2
•
You can access SQL Server 2005 Surface Area Configuration on
the Start menu under Microsoft SQL Server 2005 Configuration
Tools.
2
In the tree structure, under SQL Server Browser, click Services.
3
In the Status type list, click Automatic.
4
Click Apply.
5
Click Start.
6
Click OK.
Setting SQL Server to Allow Remote Connections
In order for TAC Vista to be able to connect, SQL Server needs to allow
remote connections.
To set SQL Server to allow remote connections
1
On the computer running SQL Server, in the Surface Area Configuration window, click Surface Area Configuration for
Services and Connections.
Tip
16 (80)
•
You can access SQL Server 2005 Surface Area Configuration on
the Start menu under Microsoft SQL Server 2005 Configuration
Tools.
2
In the tree structure, under Database Engine, click Remote Connections.
04-00001-05-en
3
Select Local and remote connections.
4
Select Using both TCP/IP and named pipes, and then click OK.
5
Click OK.
Important
•
2.3
You have to restart the SQL Server service for changes in the settings to take effect.
SQL Configuration
Before starting the TAC Vista Server with Workstation installation, you
have to consider how you want to set up the SQL Server configuration
in TAC Vista. There are two SQL configuration options:
•
Typical - the typical SQL configuration settings will be used. The
integrated log database backup/restore functions in TAC Vista will
be available. SQL Server has to be installed on the same computer
as TAC Vista Server with Workstation.
•
Custom - the typical SQL configuration settings will be altered.
The integrated log database backup/restore functions in TAC Vista
will be disabled and log database backup/restore has to be performed in SQL Server.
For more information on the different SQL configuration options, see
Help accessible from the TAC Vista Server with Workstation installation program.
2.4
New TAC Vista Server with Workstation
Installation
There are numerous installation options depending on which SQL
Server you want to use, and how you want it configured.
•
Install Microsoft SQL Server 2005 Express Edition - Typical
•
Use a new Microsoft SQL Server - Custom
•
Use a new Microsoft SQL Server - Typical
For more information on the different installation options, see Help
program.
04-00001-05-en
17 (80)
2.5
TAC Vista Server with Workstation Upgrade
There are numerous installation options depending on the existing SQL
Server and its configuration:
•
Use the existing Microsoft SQL Server - Custom or Typical
•
Upgrade Microsoft SQL Server 2000 Desktop Engine (MSDE) to
SQL Server 2005 Express Edition - Typical
Caution
•
Do not unistall Microsoft SQL Server 2000 Desktop Engine
(MSDE).
The TAC Vista installation requires the existing SQL Server 2000
Desktop Engine to be able to detect the configuration data that
will be used to configure SQL Server 2005 Express Edition. It
also requires the existing SQL Server to detect the location of the
existing log database.
•
Replace Microsoft SQL Server 2000 Desktop Engine (MSDE) Typical
•
Upgrade from a TAC Vista version earlier than 4.3.0
The installation program searches for existing SQL Servers, SQL
Server configurations, and TAC Vista log databases and suggests settings based upon what it has found.
For more information on the different upgrading options, see Help
program.
18 (80)
04-00001-05-en
2.6
If You Install from a CD
You can install the software components on the CD individually. You
can also install multiple software components by running TAC Vista
Batch Installation. The installation automatically runs individual setup
programs for each of the included software components.
There are three installation options:
•
Typical
•
Full
•
Custom
The installation CD setup options include the following programs:
Table 2.1:
Program / Setup Type
Typical
Full
Custom
and TAC Graphics Editor
X
X
X
INet Host Tool
TAC XBuilder
X
X
X
TAC Vista Web Applications
X
TAC Vista OPC Server
X
TAC Vista OPC Server for Danduc
X
TAC Vista OPC Server for I/NET
X
X
Echelon LNS Server
TAC I-talk Collector and Interface
X
X
X
By default, some programs are already selected in the Custom option.
You can clear the selection if you do not want to install the selected programs.
Caution
•
During the CD installation process, you may be asked to restart
the computer after some of the setup programs. Please do not
restart the computer until all of the setup programs (included
in the type of setup you selected) have been installed.
•
When you have completed the installation, you have to restart
your computer.
04-00001-05-en
19 (80)
20 (80)
04-00001-05-en
3
3 Windows Security Settings for TAC Vista
Windows Security Settings for TAC
Vista
This instruction is valid for TAC Vista IV and TAC Vista 5 and
describes the necessary settings when TAC Vista runs under Windows
XP with Service Pack 2 (SP2). It also describes the necessary settings
when TAC Vista with Web access runs under Windows Server 2003
Service Pack 1 (SP1).
In Windows XP SP2 and Windows Server 2003 SP1, Microsoft introduces a set of security technologies that improve the computer security.
Some of the changes concern IP and DCOM communication. Since
Vista uses DCOM to communicate, you have to configure COM security settings to enable communication. TAC Vista Servers (Server-toServer communication) use TCP/IP to communicate.
Windows Firewall SP2 (included with Windows XP) and Windows
Firewall SP1 (included with Windows Server 2003), are switched on by
default and stop incoming traffic to the computer. Thus, you have to
configure Windows Firewall to allow Vista to communicate.
Important
•
The instructions assume that you have an unconfigured and preinstalled Windows XP SP2 or Windows Server 2003 SP1.
•
Your Windows Firewall might be controlled by policies and be
turned off or turned on and may not allow any exceptions. In this
case, contact your local IT department.
Note
•
04-00001-05-en
In this instruction My Computer is the designation for the local
system. My Computer does not refer to the local computer
name.
21 (80)
3.1
Vista System with One Vista Server
TAC Vista Server
and Workstation
In a system with a Vista Server and Workstation installed on the local
computer, no changes to the COM security settings are required.
Note
•
3.2
A stand-alone Vista does not communicate over the network. That is,
there is no incoming communication. There is no need to make exceptions in Windows Firewall. When you first start Vista server, Windows
asks if you want to keep blocking the server program (TACOS Application). As long as Vista Workstation runs stand-alone, you can keep
the application blocked.
Vista System with Several Vista Servers
Computer B
Computer A
TAC Vista Server
and Workstation
TAC Vista Server
and Workstation
TCP/IP
In a system with Vista Server and Workstation installed on two or more
computers (remote communication), no changes to the COM security
settings are required. You have to set Windows Firewall to allow
incoming communication to Vista Server.
3.2.1
Setting a Windows Firewall Program Exception
In a system with several Vista Servers, you have to make exceptions for
the TACOS application in Windows Firewall to allow Vista Server to
receive incoming communication.
22 (80)
04-00001-05-en
To set a Windows Firewall exception
1
Start TAC Vista Server.
2
In the Windows Security Alert dialog box, click Unblock.
Important
•
Repeat the procedure for all Vista Servers that participate in network communication.
Notes
•
The Windows Security Alert dialog box only appears the first
time you start Vista Server.
•
When you unblock the Vista Server application (TACOS.exe), it
is added to the Windows Firewall exceptions list. The IP ports on
which Vista communicates are also added to the list.
•
If you want to unblock a blocked application at a later time, you
have to add it to the Windows Firewall exceptions list.
•
To add a program to the Windows Firewall exceptions list, in
Windows Firewall, click the Exceptions tab, click Add Program, browse to TACOS.exe, click OK, and then click OK.
•
In this case, you also have to manually add the IP ports on which
Vista Server communicates to the Windows Firewall exceptions
list.
•
By default, Vista communicates on TCPPORT 45612.
04-00001-05-en
23 (80)
3.3
Vista System with Remote Access on a Domain
Computer B
Computer A
TAC Vista
Workstation
TAC Vista Server
DCOM
DCOM
In a system with Vista Server installed on one computer and Vista
Workstation installed on another computer on a domain, you have to set
Windows Firewall to allow incoming communication to Vista Server.
You also have to change the COM security settings to enable communication over the network.
3.3.1
In a system with remote Vista workstations, you have to make exceptions for the TACOS application in Windows Firewall to allow incoming communication on the computer.
For information on how to unblock Vista Server (that is, add it to the
Windows Firewall exceptions list), see Section 3.2.1, “Setting a Windows Firewall Program Exception”, on page 22.
3.3.2
Setting a Windows Firewall Port Exception
In a system with remote Vista Workstations, you have to make exceptions for port 135 (DCOM) in Windows Firewall to allow communication on the port.
To set a Windows Firewall port exception
1
On the computer running Vista Server, start Windows Firewall.
Tip
24 (80)
•
You can access Windows Firewall in Control Panel.
2
Click the Exceptions tab.
3
Click Add Port.
4
In the Name box, type "DCOM".
5
In the Port Number box, type "135".
04-00001-05-en
6
Click TCP.
7
Click OK.
8
Click OK.
Note
•
In this scenario, you only have to make an exception for port 135
(DCOM), not for Vista TCPPORT.
Repeat the procedure on the computer running the remote Vista Workstation.
04-00001-05-en
25 (80)
3.3.3
Configuring Access Permissions on My Computer
You have to configure the COM security settings to enable communication over the network.
There are two types of COM Security permissions:
•
Access permissions
•
Launch and Activation permissions
Access permissions define the access an account has to a launched
application. You have to set access permissions on both the computer
running Vista Server and the computer running Vista Workstation.
In this scenario, you do not need to configure launch and activation permissions.
To configure access permissions on My Computer
1
On the computer running Vista Server, start Component Services.
Tip
26 (80)
•
You can access Component Services in Control Panel under
Administrative Tools.
2
In the tree structure, right-click Component Services\Computers\My Computer, and then click Properties.
04-00001-05-en
3
Click the COM Security tab.
4
In the Access Permissions area, click Edit Limits.
5
In the Group or user names area, click ANONYMOUS
LOGON.
04-00001-05-en
27 (80)
6
In the Allow column, select Remote Access.
Note
•
By granting the remote account ANONYMOUS LOGON remote
access permissions, you give Vista Workstation the right to
access a Vista Server.
7
Click OK.
Important
•
You have to restart your computer for global changes in DCOM
settings to take effect.
Note
•
28 (80)
On the computers running Vista Workstation, you have to grant
the remote account ANONYMOUS LOGON remote access permissions, to give Vista Server the right to access Vista Workstation (callback).
04-00001-05-en
3.4
Vista System with Remote Access in a Workgroup
or a Non-NT Domain
Computer B
Computer A
TAC Vista
Workstation
TAC Vista Server
DCOM
DCOM
In a system with Vista Server installed on one computer and Vista
Workstation installed on another computer in a workgroup or on a nonNT domain, you have to set Windows Firewall to allow incoming communication to Vista Server. You also have to change the COM security
settings to enable communication over the network.
3.4.1
the TACOS application in Windows Firewall to allow incoming communication on the computer.
For information on how to unblock Vista Server (that is, add it to the
Windows Firewall exceptions list), see Section 3.2.1, “Setting a Windows Firewall Program Exception”, on page 22.
3.4.2
Setting a Windows Firewall Port Exception
port 135 (DCOM) in Windows Firewall to allow communication on the
port. You have to make the exception on all computers running Vista
Server.
For information on how to set a Windows Firewall port exception, see
Section 3.3.2, “Setting a Windows Firewall Port Exception”, on
page 24.
04-00001-05-en
29 (80)
3.4.3
Configuring Access Permissions on My Computer
application. You have to set access permissions on both the computer
running Vista Server and the computer running Vista Workstation.
Note
•
The access permissions on My Computer in a Vista system with
remote access in a workgroup or a none-NT domain should be
identical to the access permissions on My Computer in a Vista
system with remote access on a domain.
For information on how to configure DCOM access permissions, see
Section 3.3.3, “Configuring Access Permissions on My Computer”, on
page 26.
3.4.4
Configuring Launch and Activation Permissions on My
Computer
You have to configure the COM security settings to enable communication over the network.
There are two types of COM security permissions:
•
Access permissions
•
Launch and Activation permissions
Launch and activation permissions define which account can launch a
COM-based application, for example, TAC Vista Server, either on the
network or locally.
To configure launch and activation permissions on My
Computer
1
Tip
•
30 (80)
04-00001-05-en
2
3
4
In the Launch and Activation Permissions area, click Edit Limits.
5
In the Group or user names area, click ANONYMOUS
LOGON.
04-00001-05-en
31 (80)
6
In the Allow column, select Remote Activation.
Notes
32 (80)
•
By granting the account ANONYMOUS LOGON remote activation permissions, you give Vista Workstation the right to access a
remote Vista Server.
•
the remote account ANONYMOUS LOGON remote activation
permissions in order to give Vista Server the right to access Vista
Workstation (callback).
7
In the Group or user names area, click Everyone.
04-00001-05-en
8
Note
•
By granting the account Everyone remote activation permissions,
you give Vista Workstation the right to activate a remote Vista
Server.
9
Click OK.
Repeat the procedures on all computers running Vista Server.
Note
•
04-00001-05-en
the remote account Everyone remote activation permissions, to
give Vista Server the right to access Vista Workstation (callback).
33 (80)
3.4.5
Configuring Launch and Activation Permissions on TACOS
network or locally.
To configure launch and activation permissions on TACOS
1
Tip
34 (80)
•
2
In the tree structure, right-click Component Services\Computers\My Computer\DCOM Config\TACOS, and then click Properties.
3
Click the Security tab.
4
In the Launch and Activation Permissions area, select Customize, and then click Edit.
04-00001-05-en
5
In the Launch Permissions dialog box, in the Group and users
area, click ANONYMOUS LOGON.
6
04-00001-05-en
35 (80)
7
In the Group or users area, click Everyone.
8
9
Click OK.
36 (80)
04-00001-05-en
3.4.6
Configuring Access Permissions on TACOS
application.
To configure access permissions on TACOS
1
Tip
•
2
In the tree structure, right-click Component Services\Computers\My Computer\DCOM Config\TACOS, and then click Properties.
3
Click the Security tab.
4
In the Access Permissions area, select Customize, and then click
Edit.
5
In the Access Permissions dialog box, in the Group and users
area, click ANONYMOUS LOGON.
04-00001-05-en
37 (80)
6
Notes
38 (80)
•
By granting the account ANONYMOUS LOGON remote access
permissions, you give Vista Workstation the right to access a
remote Vista Server.
•
the remote account ANONYMOUS LOGON remote access permissions, to give Vista Server the right to access Vista Workstation (callback).
7
In the Group or users area, click Everyone.
04-00001-05-en
8
Note
•
By granting the account Everyone remote access permissions,
you give Vista Workstation the right to access a remote Vista
Server.
9
Click OK.
Important
•
04-00001-05-en
39 (80)
3.5
Vista System with Web Access
In a system with Vista Server, Vista Webstation (version 4.3.0 and
later), and Vista ScreenMate (version 4.3.0 and later) installed on one
computer and a Web browser installed another computer, you have to
change the permissions for the NETWORK SERVICE account (or
ASPNET if you are running Windows XP SP2) to enable communication between Webstation and Vista Server.
Computer B
Computer A
TAC Vista Server
Webstation
ScreenMate
Web Browser
Internet
Important
3.5.1
•
Running TAC Vista Webstation on Windows XP in customer
installations is not generally supported.
•
This instruction assumes that you are running TAC Vista on Windows Server 2003 Service Pack 1 (SP1).
Configuring Launch and Activation Permissions on My
Computer
network or locally.
To configure launch and activation permissions on My
Computer
1
!
Tip
•
40 (80)
04-00001-05-en
2
3
4
In the Launch and Activation Permissions area, click Edit
Default.
04-00001-05-en
41 (80)
42 (80)
5
Click Add.
6
In the Select Users and Groups dialog box, click Locations.
7
In the Locations dialog box, click the local computer name, and
then click OK.
04-00001-05-en
8
In the Select Users and Groups dialog box, in the Enter the
object names to select box, type “NETWORK SERVICE”.
Important
•
If you are running Windows XP SP2, type "ASPNET" instead of
“NETWORK SERVICE”.
•
Running TAC Vista Webstation on Windows XP in customer
installations is not generally supported.
Note
•
NETWORK SERVICE and ASPNET are computer accounts
under which the server service is run. The accounts provide the
security context for the service.
9
Click Check Names.
10 Click OK.
04-00001-05-en
43 (80)
11 In the Launch Permission dialog box, select NETWORK SERVICE.
Important
•
If you are running Windows XP SP2, select ASPNET instead of
NETWORK SERVICE.
12 In the Allow column, select Local Activation.
Note
•
By granting the account NETWORK SERVICE or ASPNET
local activation permissions, you give the account the right to
access Vista Server.
13 Click OK.
Important
•
44 (80)
04-00001-05-en
3.6
Restrict User Access to TAC Vista Resources
To increase security and integrity of information related to TAC Vista,
use Windows built-in users and group security functionality to restrict
user access to the following TAC Vista resources (Windows folders,
files, and registry entries used by TAC Vista):
•
•
•
TAC Vista Database
•
Windows Vista – C:\ProgramData\TAC\TAC Vista 5.1.0\Db
•
Windows XP – C:\Documents and Settings\All Users\Application Data\TAC\TAC Vista 5.1.0\Db\
TAC Vista Application Data
•
Windows Vista – C:\ProgramData\TAC\TAC Vista 5.1.0
•
Windows XP – C:\Documents and Settings\All Users\Application Data\TAC\TAC Vista 5.1.0\
TAC Vista Registry
•
HKEY_LOCAL_MACHINE\Software\TAC AB\
If the restrictions are too rigid error messages from TAC Vista may
appear when TAC Vista tries to access or change information subject to
the restriction.
To remove the restriction, perform a Grant Access command in TAC
Vista Server Setup.
Note
•
04-00001-05-en
The Windows user that runs TAC Vista Server needs to have
Full Control permissions.
45 (80)
46 (80)
04-00001-05-en
4
4 Installing TAC Vista Webstation
If you want to run TAC Vista Web Applications on Windows Server
2003 Standard Edition or Window Server 2008 Standard Edition, both
Internet Information Services (IIS) and ASP.NET have to be installed.
Important
•
4.1
Both Internet Information Services (IIS) and ASP.NET have to
be installed before you start installing TAC Webstation.
Activate ASP.NET 4.0
2008 Standard Edition, both Internet Information Services (IIS) and
ASP.NET 4.0 have to be installed and activated (disabled by default).
Important
•
You have to be logged in as a local administrator to be able perform this procedure.
To activate ASP.NET 4.0
1
In Control Panel, click Administrative Tools and then click IIS
Server Manager.
2
Right-click Roles and then click Add roles.
3
Select Web Server (IIS) and then click Next.
4
Click Add Required Features.
5
Click Next twice.
6
Select ASP.net.
7
Click Add Required Role Services and then click Next.
8
Click Install to install ASP.net 4.0.
9
Install TAC Vista Server.
10 Install TAC Vista Webstation.
11 On the Start menu, click Run.
12 In the Open box, type “cmd”to open the command prompt.
04-00001-05-en
47 (80)
13 At the command prompt, type: “C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i enable” to run the ASP.NET IIS Registration Tool
(Aspnet_regiis.exe) for ASP.NET version 4.0.
4.2
Activate ASP.NET 2.0
2003 Standard Edition, both Internet Information Services (IIS) and
ASP.NET 2.0 have to be installed and activated (disabled by default).
Important
•
You have to be logged in as a local administrator to be able perform this procedure.
To activate ASP.NET 2.0
1
In Control Panel, click Administrative Tools and then click
Internet Information Services (IIS) Manager.
2
In the Internet Information Services (IIS) Manager dialog box,
in the Internet Information Services tree, expand the tree under
the server where TAC Vista Web Applications is installed (usually
only the local computer is listed here), and then click Web Service
Extensions.
3
In the Web Service Extensions pane, click ASP.NET v2.0.
4
Click Allow.
The status for ASP.NET 2.0 changes from Prohibited to Allowed.
5
4.3
Close the Internet Information Services (IIS) Manager dialog
box.
Webstation Themes
In addition to the Webstation/ScreenMate themes included, you can add
and configure your own themes.
The Style folder in the TAC Vista Web Applications install folder contains folders with various themes.
To create a new theme
48 (80)
1
Browse through the theme folders, select the one that is closest to
your new theme, and then copy it.
2
Rename the new folder with the theme name you want to see in
the themes list in TAC Vista Web Settings and in TAC Vista Webstation.
3
Open the new folder.
04-00001-05-en
All pages use the Webstation.css file for common layout issues.
Edit the Webstation.css file for global layout changes.
In addition to this file, every Webstation/ScreenMate page uses a
specific CSS file, the file’s purpose can be deduced from its name.
Edit this file for local changes.
4
You can edit CSS files to suit your style. A thorough knowledge of
HTML and CSS is required.
5
Start TAC Vista Web Settings and click Theme - Colors and
Fonts.
You can now click the Theme list to check that the newly created
theme is added to the list.
If you select the new theme, the preview image will be wrong. This
is corrected later.
6
Click OK to accept the new theme.
7
Exit TAC Vista Web Settings.
8
Start Webstation and check the result.
9
If you are satisfied with the result, make a screen shot of a suitable
view and save it as a .gif file in the images sub folder in your
newly created theme folder. The file must be named preview.gif.
There is probably a preview.gif file already from when you copied
the Default theme folder with all its contents. Before you overwrite
the existing preivew.gif file, check the dimensions of the existing
preview.gif file and save your new screen shot with the same
dimensions.
10 Start TAC Vista Web Settings and click Theme - Colors and
Fonts.
You can now click the Theme list to check that the newly created
theme has a preview attached.
11 Exit TAC Vista Web Settings.
12 Open the images subfolder in your theme folder and change the
images to suit your needs.
13 Turn on Thumbnails mode in Windows to view miniatures of the
images.
Do not change the dimensions of these images.
If you look at the images and Webstation at the same time, you can see
where the images are used. If you would like to preview your theme as
you work with it, start TAC Vista Webstation and select the theme you
are working with. You can refresh the screen periodically to see the
changes.
04-00001-05-en
49 (80)
4.4
SSL – Secure Sockets Layer
To increase security while sending information between a Web browser
and a Web server, encrypted communications using HTTPS should be
set up using SSL (Secure Sockets Layer).
Before SSL can be used, an SSL certificate must be created and registered with the Web server, in our case, Internet Information Server (IIS).
Normally, when SSL is used in applications that can be accessed by the
public, a trusted SSL certificate is purchased from an accredited company such as Verisign. For temporary protection or testing, a self-signed
certificate may be used. Technically, this certificate offers the same
encryption as a certificate issued by a CA (Certification Authority);
however, it may be perceived as less safe because the server ownership
has not been verified by the CA. Self-signed certificates may generate
warning messages in Web browsers.
One convenient method of creating a self-signed certificate is to use a
tool called SelfSSL. SelfSSL has been developed by Microsoft and is
supplied with a IIS 6 Resource Kit. The programs can be downloaded
from the Microsoft Web site.
To download SelfSSL, visit www.microsoft.com and search for SelfSSL. Download the IIS 6.0 Resource Kit Tools and follow the installation instructions.
When you have completed the installation you should run SelfSSL.exe
with the appropriate parameters to install a certificate and register it
with IIS. For example,
selfssl.exe /V:365
will install a certificate that is valid for 365 days.
More help is given by writing
selfssl.exe /?
on the command line.
Once the program has been installed you can browse using HTTPS and
the standard HTTP. If you wish to restrict browsing to HTTPS this must
be set up in IIS. For more details, see the Microsoft documentation for
IIS.
Note
•
50 (80)
The first time you log in to a TAC Webstation that is installed on
a server using SelfSSL, you will get a message saying something
like Certificate not signed by a trusted authority. Accept the
certificate.
04-00001-05-en
4.4.1
Secure Sockets Layer (SSL) with Dynamic TGML Viewer
To be able to use the dynamic TGML viewer in TAC Vista Webstation,
you need to:
•
Install a certificate and a keystore on the IIS server
•
Set up the IIS to use SSL
To install the certificates
1
Server Manager.
2
Click the root machine node in the left-hand tree-view explorer
and then click the Server Certificates icon in the feature pane to
the right.
3
In the Actions pane, click the certificate creation action you want
to perform. For example, a self-signed certificate.
04-00001-05-en
51 (80)
4
52 (80)
Specify a name for the certificate.
04-00001-05-en
5
04-00001-05-en
When the certificate has been created, select it and click View to
the left in the Actions pane.
53 (80)
6
54 (80)
On the Details tab, click Copy to File and then click OK.
04-00001-05-en
7
In the Certificate Export Wizard, click Next to create a certificate
.CER file.
8
Click No, do not export the private key and then click Next.
04-00001-05-en
55 (80)
9
Click DER encoded binary X.509 (.CER) format and click Next.
10 Specify a name for the CER file and a location for the CER file
and click Next.
56 (80)
04-00001-05-en
11 Click Finish to create the .CER file.
12 Browse to the folder where the .CER file has been created.
13 Run the Java keytool program to create a keystore file, by typing:
"C:\Program Files\Java\jdk1.6.0_20\bin\keytool.exe" -import trustcacerts -keystore VistaWebstation_keystore -file VistaWebstationCert.cer at the command prompt..
Important
•
Do not change the name of the keystore file. It has to be
“VistaWebstation_keystore”
14 Enter a password when prompted and repeat it.
04-00001-05-en
57 (80)
15 Click Yes to confirm that you trust the certificate.
16 Zip the keystore file.
Important
•
Do not change the file name VistaWebstation_keystore.zip.
17 Move the .zip file to the subfolder (Components\JavaTgmlViewer)
where you have installed TAC Vista Webstation, for example,
C:\Inetpub\wwwroot\TACVistaWeb515\Components\JavaTgmlViewer\VistaWebstation_keystore.zip.
To set up the IIS to run SSL
58 (80)
1
Server Manager.
2
Browse to the web site where you have installed TAC Vista Webstation.
04-00001-05-en
3
In the Actions pane, to the left in the pane, click Bindings
4
Click Add.
5
Select type: https and then select the SSL certificate you created
earlier.
04-00001-05-en
59 (80)
6
Click OK.
To only accept SSL requests
This procedure should be performed right after setting up the IIS to run
SSL.
1
Browse to the Webstation application.
2
In the feature pane, click SSL Settings.
3
Check Require SSL and then click Apply in the Actions pane.
Important
•
60 (80)
This will prevent the users from connecting to Webstation using
http.
04-00001-05-en
Note
4.5
•
When attempting to view a .tgml graphic in TAC Vista Webstation, the is now going to be asked a few security confirmation
questions.
•
The first question is asked when the user logs in to Webstation
(continue to the web site).
•
The second question is asked when the user clicks a .tgml
graphic (confirm to load the Java applet, since the Schneider
Electric certificate does not match your self-signed certificate) to
confirm that you trust the publisher.
•
The third question is asked directly after the second, whether or
not to not block the loading of the zip-file containing the keystore file (needed by the Java applet to be trusted by the web
site).
Localization
Localization is added by installing the corresponding language pack. A
language pack defines both the language and the country/region. If a
language pack is not yet available for your country/region you can still
change the date format and so on. The language cannot be changed
without a language pack. Localization installations are based on
Microsoft Windows.
To change or set the country/region, use Vista WebApplications Settings. Available localizations are shown in the Localization list on the
Localization page.
You can add a localization to the list by creating an empty folder with a
specified name syntax. The name must follow the RFC 1766 standard
in the format "<language code>-<country/region code>", where <language code> is a lowercase two-letter code according to ISO 639-1 and
<country/region code> is an uppercase two-letter code according to ISO
3166.
For example, U.S. English is "en-US" and Finnish-Swedish is "sv-SF";
this type of format is called a "localization pair".
In cases where a two-letter language code is not available, a three-letter
code according to ISO 639-2 is used; for example, the three-letter code
"div" is used for communities that use the Dhivehi language.
The localization pair must conform with the localization list in
Microsoft .NET:
http://../webstation/CultureInfoNames.aspx
where .. is replaced with the network address to Vista Webstation.
04-00001-05-en
61 (80)
To add a localization
1
Use Windows Explorer to browse to the localization folder for
Vista Webstation, usually
C:\Inet- pub\wwwroot\TACVistaWeb401\Bin
2
Create a new folder where the folder name is in the format:<language code>-<country/region code>
The file name must conform with the localization code given in the
file
http://../webstation/CultureInfoNames.aspx
where .. is replaced with the network address to Vista Webstation.
The new folder can be left empty.
3
4.6
Start Vista Web Applications Settings and set the new localization.
Utilizing HTTP Compression
If your sites use a lot of bandwidth, or if you would like to make more
effective use of your bandwidth, you can enable HTTP compression.
HTTP compression speeds up transmission time between compressionenabled browsers and IIS. You can compress only static files, or both
static files and dynamic application responses. If your network bandwidth is restricted and your processor utilization is already very high,
HTTP compression can be beneficial. This is particularly the case for
static files.
For more information about HTTP Compression, visit
www.microsoft.com and search for "Utilizing HTTP Compression",
"IIS 6.0 Compression with Windows Server 2003", and "HOW TO:
Specify Additional Document Types for HTTP Compression".
4.7
Using Vista Webstation Views in Web Portals or
as Stand-Alone Browser Views
All views that have an "Add to Favorites" icon on the toolbar can be
used as stand-alone views or as integrated parts of, for example, a Web
portal.
The Vista Webstation link needs to be slightly modified before you can
use it.
To extract and modify the link
62 (80)
1
Open the view in Vista Webstation.
2
On the view’s toolbar, click Add to Favorites.
3
Use your browser to help you save the link.
04-00001-05-en
4
Use your browser to locate the link among your Favorites and
open the link properties. A typical link looks like this:
http://.../webstation/DefaultPage.aspx?frameset=true&page=...
5
In "frameset=false", change true to false, in our example:
http://.../webstation/DefaultPage.aspx?frameset=false&page=...
The favorite can now be used as a stand-alone view. The link can also
be used for a Web portal. Consult you local Webmaster for further
details.
4.8
Disabling Worker Process Recycling and
Shutdown
If Webstation and/or ScreenMate is rarely used, you can experience
occasional delays when loading the login page.
You can increase the performance by keeping WebStation or ScreenMate applications in the server’s memory by disabling unloading of the
applications.
To disable worker process recycling
1
In the IIS Manager, expand the local computer, expand Application Pools, right-click the application pool you want to configure,
and then click Properties.
2
On the Recycling tab, click to clear the Recycle worker processes (in minutes) check box.
3
Click OK.
To disable worker process shutdown
1
In the IIS Manager, expand the local computer, expand Application Pools, right-click the application pool you want to configure,
and then click Properties.
2
On the Performance tab, under Idle timeout, click to clear the
Shutdown worker process after being idle for (time in minutes) check box.
3
Click OK.
Note
•
04-00001-05-en
These settings will affect all applications in the changed application pool.
63 (80)
4.9
Displaying Dynamic TGML Graphics
Webstation can display TGML graphics in two different viewer modes,
dynamic or static. In the Dynamic Mode all TGML graphics are displayed in the same way as in TAC Vista. All animations, scalability and
user interactivity are displayed in Webstation. In the Static Mode a
static version of the TGML graphic is displayed in Webstation.
To be able to use the Dynamic Mode, Java must be installed on the
client computer.
There are three different alternatives in the TAC Vista Web Settings
dialog box:
Table 4.1: TGML Viewer Mode
Viewer Mode
Auto-detect
(default mode)
Action
The web browser selects if TGML will be
displayed dynamically or statically.
If Java is not installed Static mode is selected.
If Java is installed Dynamic Mode is selected.
Static
Static display of TGML graphics.
Dynamic
Dynamic display of TGML graphics.
If dynamic is selected Java has to be installed. When you open a TGML
graphic in the web browser you will be prompted to install Java. A link
64 (80)
04-00001-05-en
will direct you to the appropriate Java version stored at TAC. When the
Java is installed, TGML graphics will be displayed dynamically.
Fig. 4.1: Java download page
You can at any time change from dynamic to static or from static to
dynamic display of TGML graphics using the TAC Vista Web Settings
dialog.
4.9.1
Changing TGML Graphics Display Mode
The settings for the display modes of TGML graphics can be changed
in the TAC Vista Web Settings dialog at any time. The TAC Web Settings is installed on the Server computer together with TAC Webstation.
To change the TGML graphics display mode
1
04-00001-05-en
In All Programs, point to TAC, point to TAC Vista Web Applications, and then click TAC Vista Web setting.
65 (80)
66 (80)
2
In the TAC Vista Web Settings dialog, click TGML Viewer
Mode.
3
In the Select viewer mode for TGML box, select the mode you
want to use.
4
Click OK.
04-00001-05-en
5
5 SQL Technical Information
Before setting up TAC Vista, it can be useful to know the basics about
SQL privileges and the roles that provide the SQL database user with
these privileges.
If you have an existing Microsoft SQL Server 2000 Desktop Engine or
SQL Server 2005 Express Edition log database and want to change to a
SQL database with more storage capacity, you probably want to migrate
the log data from the existing log database to a new one.
5.1
TAC Vista and SQL Privileges
TAC Vista allows two configuration modes for its SQL Server:
•
Typical
•
Custom
The typical configuration gives TAC Vista full control of the SQL
Server installation, and generally uses SQL Server 2005 Express Edition as its storage engine on the local machine.
The custom configuration, however, lets you set up the log database in
Microsoft SQL Server 2000 Standard/Enterprise Edition or Microsoft
SQL Server 2005 Workgroup/Standard/Enterprise Edition.
Reasons to choose a custom configuration may be:
•
The site already has an existing SQL Server that serves a number
of different applications.
•
The site organization is security-conscious, and wants to lock
down its SQL Server attack surface as much as possible.
•
The SQL Server Express Edition 4GB limit per database risks
becoming a capacity issue.
This section describes what privileges TAC Vista requires in the respective modes, and why.
04-00001-05-en
67 (80)
5.1.1
Feature Background
There are currently two major features with high-privilege requirements:
•
Integrated backup/restore
•
Automatic schema upgrade
Integrated Backup/Restore
TAC Vista provides a minimal backup agent that can perform SQL
backups on the same time schedule as the one that performs Vista database backups.
SQL Server has to be located on the same computer as TAC Vista
Server for the integrated backup to work.
At restore time, the database needs to be post-processed to be accessible
by TAC Vista. A restore function ensures the restored data is prepared
for use. To be able to prepare the database, TAC Vista needs to connect
to SQL Server with sysadmin privileges.
If you select Typical SQL configuration, the installation program automatically sets up a SQL login with the sysadmin server role.
The SQL database schema is the logical structure of the log database at
a given time.
The database schema may be changed between TAC Vista versions.
Whenever the database schema is changed, the changes need to be integrated into running systems when TAC Vista is upgraded to the new
version.
At start-up, TAC Vista Server checks the current schema version of its
attached log database and if the schema version does not match the
expected, the server runs one or more upgrade scripts in order to make
the schema compatible.
This way, improvements can be made to the log database without disturbing the existing installation. The existing installation will self-adjust
to the new schema.
In order for TAC Vista Server to be able to perform the upgrade steps,
its SQL database user needs to hold at least the database roles
db_ddladmin and db_datawriter.
68 (80)
04-00001-05-en
5.1.2
Typical SQL Configuration
If you choose Typical SQL configuration, the TAC Vista installation
program takes care of the settings based on whether or not there have
been previous SQL settings.
The TAC Vista setup program installs Microsoft SQL Server 2005
Express Edition on the local computer, and uses fixed names for the
server instance and database. The database is configured so that TAC
Vista connects with a SQL database user that is a member of the
sysadmin server role.
This gives TAC Vista the opportunity to enable both the integrated
backup/restore and automatic schema upgrade features.
Typical SQL configuration is intended for sites where:
5.1.3
•
The organization wants to avoid license costs for a commercial
edition of SQL Server.
•
You want TAC Vista to manage SQL maintenance tasks.
•
The expected log database requirements do not exceed 4GB.
Custom SQL Configuration
For organizations with more specific requirements as to their log storage, Custom SQL configuration gives more options - at the expense of
more responsibility.
In this mode, the setup program does not force server names and locations, database names, or connection details. You can install and configure SQL Server at any time and have TAC Vista access it using either
SQL or Windows authentication, and with a minimum of privileges.
As a consequence, TAC Vista can no longer do integrated backups, as
there is no guarantee that SQL Server is located on the same computer.
This means that organizations have to set up a maintenance plan on SQL
Server, separate from TAC Vista.
By default, automatic schema upgrade is unavailable. An administrator
can enable it by adding the db_ddladmin and db_datawriter
roles to the TAC Vista SQL database user. There is a simple trade-off
between security and convenience, and the default choice is to favor
security.
If automatic schema upgrade fails due to insufficient privileges or other
issues, an upgrade script is generated so that you can manually upgrade
the schema with any SQL tool.
04-00001-05-en
69 (80)
5.1.4
Privilege Comparison Chart
The table shows the differences in privilege requirements for the typical
vs. custom configuration modes.
Table 5.1: Privilege Comparison Chart
Configuration Mode
Role
For What?
Optional
Typical
sysadmin
Integrated backup/restore,
automatic schema upgrade
No
Custom
db_ddladmin
Yes
db_datawriter
5.2
SQL Configuration Troubleshooting
If you run into problems when configuring SQL Server for TAC Vista,
there can be a number of causes.
5.2.1
Errors that Require SQL Server Reconfiguration
Some errors will stop you from continuing the installation, because the
final setup will not work, as TAC Vista is configured to communicate
with SQL Server in ways that SQL Server was not configured to allow.
SQL Server is Not Configured to Support SQL Server
Authentication
This error occurs if you have selected SQL Server authentication and
attempted to connect to a SQL Server that is not configured to support
SQL Server authentication.
To solve the problem, you can either select Windows authentication for
your Vista installation or configure SQL Server to allow mixed-mode
authentication. For information on authentication, see Section 2.1.1,
“Authentication”, on page 14.
SQL Server Cannot be Found
If you are sure that you typed the name of the SQL Server instance correctly in the SQL Server name box, it is possible that SQL Server does
not allow remote connections. For information on how to configure
SQL Server to allow remote connections, see Section 2.2, “Connecting
to a Remote SQL Server”, on page 16.
70 (80)
04-00001-05-en
5.2.2
Amendable Errors
If the problem is neither caused by SQL Server authentication configuration nor by SQL Server not allowing remote connections, the installation program allows you to try to remedy the problem and then
continue. These problems could be solved on the SQL Server side, but
can also be worked around in the installation.
Error messages of this kind are presented in the Select SQL Admin
Login or Generate Scripts dialog box.
Listed below are the most common types of amendable errors.
Login failures
If the error message mentions login failures, you may want to investigate whether:
•
Your SQL login information is correct.
•
Your Windows account is added as a login in SQL Server.
•
You are using Windows authentication but not using a domain
account when attempting to connect to a remote SQL Server. This
is not a supported configuration. You must either use SQL Server
authentication or a domain account.
Insufficient privileges to create or reconfigure log database
The selected authentication mode decides whose privileges are used to
create or reconfigure the log database on the specified SQL Server.
When you have selected SQL Server authentication, the installation
attempts to create or reconfigure the log database using the provided
SQL Server login and password. If it turns out that this user does not
have enough privileges to perform the installation tasks, the installations falls back and uses the logged-on Windows account to connect to
SQL Server.
When you have selected Windows authentication, there is no such fallback. The Windows account used to log on to the computer is always
used for creating or reconfiguring, and never the Windows account provided for TAC Vista log database access.
If the error message says that you do not have sufficient privileges to
create or reconfigure the selected log database, this means that the login
used by the installation is not a sysadmin on SQL Server.
04-00001-05-en
71 (80)
5.2.3
Select SQL Admin Login or Generate Scripts
In the Select SQL Admin Login or Generate Scripts dialog box you
can do either of the following:
•
Type name and password for a SQL login with sysadmin rights
on SQL Server.
•
Generate SQL scripts that you can give to a SQL administrator
who can run the script on SQL Server and solve the problem.
Use a SQL login with sysadmin rights
Select the Use a SQL admin login option to give the installation a SQL
Server login and password it can use to complete its work. TAC Vista
is still configured to use the login information you provided earlier, but
the installation will be able to create or reconfigure the log database
using this sysadmin login.
Note
•
This requires that the SQL Server be configured to accept Mixed
mode authentication. For information on authentication, see
Section 2.1.1, “Authentication”, on page 14.
Generate SQL scripts
Select this option when you do not have a SQL Server login with
sysadmin privileges. SQL Server may be managed by someone else,
such as the customer’s IT department. You can generate an installation
script that matches your settings and give it to the customer SQL administrator, who can run the script on SQL Server.
The TAC Vista installation requires that the log database is created or
reconfigured using the appropriate script, before the installation program is run again. Write down the connection details, so you can use the
same information next time you run the installation.
72 (80)
04-00001-05-en
5.3
Manual Log Database Schema Upgrade
The SQL database schema is the logical structure of the log database at
a given time.
The database schema may be changed between TAC Vista versions.
Whenever the database schema is changed, the changes need to be integrated into running systems when they are upgraded to the new version.
At start-up, TAC Vista Server checks the current schema version of its
attached log database and if the schema version does not match the
expected, the server runs one or more upgrade scripts in order to make
the schema compatible.
If this process fails, TAC Vista Server generates a single upgrade script,
which you can use to upgrade your log database manually.
TAC Vista Server cannot run if the schema version is incorrect, so if the
automatic upgrade fails, it will show the following message and immediately shut down:
You can use the generated script to upgrade the log database to the version matching TAC Vista Server.
Make sure that you run the script on the SQL Server and in the database
configured for the same TAC Vista Server that showed the failure message. You can find the SQL Server name and log database name in TAC
Vista Server Setup.
Use a generic SQL tool to run the script, for example. OSQL.EXE or
SQL Server Management Studio.
04-00001-05-en
73 (80)
5.4
Log Data Migration
If you want to move your log data from one SQL Server to another, for
example, because you need more storage capacity, you have to start by
migrating the data from the existing log database to the new log database.
Migration means that you move the database from one location to
another. You do this in a generic SQL tool by using either backup/
restore or detach/attach.
Important
•
You have to backup the database to a folder to which SQL Server
has write permissions.
•
The default Backup folder under the SQL Server installation
folder is prepared with the correct permissions by the SQL
Server setup.
•
Use an account with SYSADMIN privileges to connect.
Note
•
74 (80)
Usually, you have to change the file names and paths to match
the SQL Server’s data directory and database name.
04-00001-05-en
5.4.1
Reconfiguring SQL Server Settings for TAC Vista
In order for TAC Vista to find the migrated log data, you also have to
reconfigure the SQL Server settings for TAC Vista. This is done in TAC
Vista Server Setup.
To reconfigure SQL Server Settings for TAC Vista
1
In TAC Vista Server Setup, click the SQL Server tab.
2
In the SQL configuration area, select the SQL Server name box.
Note
•
If you are using Typical SQL configuration, the name of the SQL
Server instance is TACVISTA.
3
Select the new SQL Server.
4
In the Log database name box, type the name of the backed up
log database.
Notes
•
If you are using Typical SQL configuration, the name of the log
database is taclogdata.
•
If you are using Custom SQL configuration, select Authentication, type a SQL login or Windows account and a password.
5
Click OK.
Note
•
If TAC Vista Server Setup asks if you want to reconfigure the log
database, click Yes.
For more information on how to configure the SQL Server Settings for
TAC Vista, see Help in TAC Vista Server Setup.
04-00001-05-en
75 (80)
76 (80)
04-00001-05-en
Index
A
Access Permissions 26, 30, 37
ANONYMOUS LOGON 28, 32
ASPNET 43–44
Authentication 14
authentication mode 15
authentication options 15
Automatic schema upgrade 68
B
Batch Installation 19
C
capacity 67
certificates 13
Custom 17, 19, 67, 70
Custom SQL Configuration 69
D
Docnet 9
Domain 24
F
Full 19
G
Generate scripts 72
I
Install from a CD 19
Insufficient privileges 71
Integrated Backup/Restore 68
Integrated backup/restore 68
L
Launch and Activation Permissions 30, 34, 40
licenses 13
limit 67
M
Microsoft SQL Server 14
Microsoft SQL Server 2000 67
04-00001-05-en
Index
Microsoft SQL Server 2005 67
Mixed mode authentication 14, 72
My Computer 26, 30, 40
N
NETWORK SERVICE 43–44
New installation 17
Non-NT Domain 29
P
Port Exception 24, 29
Privilege 70
Program Exception 22, 24, 29
R
Reconfigure SQL Server 75
Remote 16
Remote Access 24, 29
remote connections 16
Remote SQL Server 15–16
restart 19
S
schema version 68
SQL administrator 15
SQL Configuration 17
SQL Configuration Troubleshooting 70
SQL Privileges 67
SQL Server Authentication 70
SQL Server Browser Service 16
SQL Server Browser service 16
SQL Server Settings 75
storing and reading of log data 15
SYSADMIN 74
T
TAC Vista version earlier than 4.3.0 18
TAC Vista Web Applications 13
taclogdata 75
TACOS 34, 37
Troubleshooting 70
Typical 17–19, 67, 69–70
Typical SQL Configuration 69
U
Upgrade 18
77 (80)
Index
Use a SQL login 72
V
Vista Server as a service 15
W
Web Access 40
Windows authentication 14–15
Windows Firewall 22, 24, 29
Windows user account 15
Windows XP 21
Workgroup 15, 29
78 (80)
04-00001-05-en
Copyright © 2006-2011, Schneider Electric Buildings AB
All brand names, trademarks and registered trademarks are
the property of their respective owners. Information contained within this document is subject to changewithout notice. All rights reserved.
04-00001-05-en
For more information visit
www.schneider-electric.com/buildings
Last Manual Page

TAC Vista

Transkrypt

Podobne dokumenty