Embed Size (px)
Citation preview
Page 1
MIS
C.LO
CKS
LIFT
INTE
RCO
MIN
TRU
DER
FIRE
CCTV
sateonDisclaimer
Copyright © 2021, Grosvenor Technology. All rights reserved.
SATEON and the SATEON logo are trademarks or registered trademarks of Grosvenor Technology. All other brands, names, or trademarks appearing in this document are acknowledged as the trademarks of their respective owners.
No part of this document may be reproduced in any form or by any means for any purpose without the written permission of Grosvenor Technology.
While we make every effort to ensure the accuracy of our publications, Grosvenor Technology assumes no responsibility or liability for any errors or inaccuracies that may appear in this document
www.grosvenortechnology.com
Issue 1.0 March 2021
Sateon IT Administrators Guide
Page 2
Contents
Document Version 3Sateon and Silverlight End of Support 4Running Sateon Client in the ‘New’ Edge 5
Requirements to enable Sateon in ‘new’ Edge 5
Enable IE mode for Sateon using Local Group Policy Mode 5
Network Layout 9Typical 9
Separate SQL 10
Separate Comms Engine 11
Ports 12Dual Seat (SQL and APP) 12
Dual Seat Split Comms 12
Client – Server 12
Discovering Controllers from the App Server 13
Discovering Controllers from a Client 13
Bandwidth 14Hardware 14
Legacy / EZ 14
Advance 14
Software 15User Interface Bandwidth Usage 15
Page 3
Document Version
Version Date Notes Author/Editor
1.0 18 March 2021 First version Stephen Woolhead1.1 22 March 2021 Minor edits to first version James Savage1.2 23 March 2021 Minor edits Nathan Pilcher
This document supersedes all previous versions of this document.
Page 4
Sateon and Silverlight End of Support
The UI components of Sateon, the parts that run in the client browser, are based on Microsoft Silverlight. Microsoft have announced that mainstream support and security updates for Silverlight will end on the 12th of October 2021. While this is not ideal, it does not mean that Silverlight will stop working on the 12th; the plugin will keep running as long as the IE11 browser engine is supported on Windows.
The best way to manage this situation is to not use IE11 to access Sateon, but to enable the Enterprise mode in the new, chromium based, Edge browser. This will allow you to configure the browser as shown in the steps below to enable the enterprise support mode of the browser for certain websites. This mode in effect loads the legacy IE11 browser engine in a tab in the same browser window as tabs for sites running the latest standards compliant browsing engine.
As this method allows you to whitelist the sites that can load the Silverlight plugin, it helps reduce the risk from a user browsing with an older browser (IE11) to a site on the public internet, instead restricting them to loading Silverlight content from a single trusted internal server.
This approach combined with other best practices such as antivirus and other advanced threat detection systems routinely deployed to client machines, can help provide a secure environment to run the Sateon solution.
Page 5
Running Sateon Client in the ‘New’ Edge
Microsoft’s new Edge browser is based on the open-source Chromium browser engine. This provides evergreen support for modern web standards. To help provide support of older standards, Microsoft have included the older browser engine from IE11 which can be activated for selected sites. This allows users to browse modern websites and legacy sites within a single browser interface.
Requirements to enable Sateon in ‘new’ Edge � Modern Chromium based Edge (version 77 or later) must be installed. � On the server and each client PC, Microsoft Edge administrative templates must be applied to enable Group Policy changes to appear on the PC. ▪ This policy needs to include a list of URLs that should be enabled for ‘Enterprise Compatibility’ mode ▪ The policy can also be selective using the list above or it can be enabled for all intranet sites.
The group policy changes can either be made direct on the machine using Local Group Policy, or the preferred option is to deploy the policies via domain-based Group Policy under central IT control. Centrally managed deployment is the preferred option for client machines that are multipurpose as the client can only have a single site list.
Enable IE mode for Sateon using Local Group Policy Mode1. Ensure both Windows and the new Chromium based Edge browser are fully up to date.2. Download Group Policy files from the Edge for Business site: https://www.microsoft.com/en-us/edge/
business/download ensuring that the channel / build matches the Edge version being used (in Edge select ‘…’ > Settings > About Microsoft Edge).
3. 3. Extract the policy files. Note: The .cab is understood by windows, you can just double click it to browse it’s content and copy them out.
4. 4. Navigate to the following path inside the (extracted) “MicrosoftEdgePolicyTemplates” folder: windows\admx and copy the msedge.admx file and paste into C:\Windows\PolicyDefinitions
Page 6
Running Sateon Client in the ‘New’ Edge
5. Navigate to the following path inside the (extracted) “MicrosoftEdgePolicyTemplates” folder: windows\admx\en-US and copy the msedge.adml file and paste into C:\Windows\PolicyDefinitions\en-US
6. Once you complete the steps, the new policies to enable or disable IE Mode on Edge Chromium will install in the Group Policy Editor.
7. Open Start.8. Search for gpedit and click the top result to open the Group Policy Editor.9. Browse the following path: Computer Configuration > Administrative Templates > Microsoft Edge10. Double-click the Configure Internet Explorer integration policy.
11. Select the Enabled option to enable IE Mode for Microsoft Edge.12. Under the “Options” section, select the Internet Explorer mode from the dropdown menu.
Page 7
Running Sateon Client in the ‘New’ Edge
13. Click the Apply then OK button.14. Double-click the Configure the Enterprise Mode Site List policy.
15. Select the Enabled option and set the site list to the URL https://<mySateonServer>/sites.xml (replace <mySateonServer> with the lower case name of the Sateon server)
16. Click Apply and OK17. In the folder C:\inetpub\wwwroot create a file called sites.xml (Note that the server name MUST be all in
lower case) and paste in the content below (replace the ‘SATEONSERVERNAME’ text with the name of your Sateon server, remembering this must be entered as lower case)
Page 8
Running Sateon Client in the ‘New’ Edge
18. Test that you can download the file by going to the address https://SATEONSERVERNAME/sites.xml in any browser (replace the ‘SATEONSERVERNAME’ text with the name of your sateon server, remembering this must be entered as lower case).
19. Now open Edge and navigate to your Sateon server, i.e. https://SATEONSERVERNAME/sateon/ (replace the ‘SATEONSERVERNAME’ text with the name of your Sateon server, remembering this must be entered as lower case)
20. NOTES: a. The sites file does not have to be placed on a url, it can be:
i. HTTPS location: https://localhost:8080/sites.xmlii. Local network file: \\network\shares\sites.xmliii. Local file: file:///c:/Users/USER-FOLDER-NAME/Documents/sites.xml
b. Check the site list is active edge://policy/c. In this example we only placed a single site in the file, you can put as many as you like, e.g.:
d. Microsoft provide a tool to help you build and manage the site list.e. All these settings can be pushed through Active Directory Group Policy.f. You can only have one site list; on large systems this may have to be co-ordinated with your IT
department.
Page 9
Network Layout
TypicalSingle server either on premises, hosted in the customers own data centre or a 3rd party (for example) Azure.
Example of a relatively small system;
Network Requirements (Software) � Ports 80 / 443 and 4512 between the client and the SATEON Server.
Page 10
Network Layout
Separate SQLSeparate SQL Housing some or all the SATEON databases.
Network Requirements (Software) � Ports 80 / 443 and 4512 between the client and the SATEON Server. � MS-DTC between SATEON Server and SQL Server. � Standard (or reconfigured) SQL ports between SATEON Server and SQL Server.
Page 11
Network Layout
Separate Comms EngineWhere the system is > around 500 Controllers or spread over a large geographical area it is possible to provision multiple Comms engines to handle the local traffic to the controllers.
Network Requirements (Software) � Ports 80 / 443 and 4512 between the client and the SATEON Server. � MS-DTC between SATEON Server and SQL Server. � Standard (or reconfigured) SQL ports between SATEON Server and SQL Server. � Ports 80 / 443 between the Comms Server and the SATEON Server. � MSMQ between the Comms Server and the SATEON Server.
Page 12
Ports
Defaults are assumed unless the customer has specific requirements.
Dual Seat (SQL and APP)
Dual Seat Split Comms
Client – Server
Page 13
Ports
Discovering Controllers from the App ServerWhere the APP server is on the same subnet as the Controller.
Discovering Controllers from a ClientIf the server is clouded and is not seamlessly integrated into your network or resides in a subnet that is different from the subnet of the Controllers the discovery will not work – in this situation the discovery tool (Quickstart) can be run from any machine that is in the same subnet as the controller and can open the Sateon Web Page. During the commissioning process the controller firmware must be to be updated, where the controller cannot make a http connection to the Sateon server this will need to be carried out manually.
Page 14
Bandwidth
Figures based on SATEON Release 2.8.
The bandwidth calculations were based on an average of four readers per user action. The readings show the send and receive request showing the bandwidth in kb.
HardwareLegacy / EZ
Description of operation Bandwidth
1 Box polling no traffic 430 bytes/sec1 Box transaction rate 100 trans/sec 500 bytes/sec5 Boxes polling no traffic 637 bytes/sec5 Boxes transaction rate 100 trans/sec 730 bytes/sec16 Boxes polling no traffic 780 bytes/sec 780 bytes/sec16 Boxes transaction rate 100 trans/sec 875 bytes/sec
The connection for an ECC2 will limit to approx. 1,800 bytes/sec maximum bandwidth.The connection for an IDC-e will limit to approx. 5,400 bytes/sec maximum bandwidth.
Therefore, with five lines and 5 boxes on each line with no transactions you will have a totalbandwidth of 3,185 bytes/sec. With a large amount of traffic, you will see a total of 3,650bytes/sec throughput on the network card.
AdvanceCurrently comparable with Legacy and EZ.
Page 15
Software
User Interface Bandwidth UsageAll the figures are based on a 100 personnel system.
The system has a full set of security rules.
SATEON Function Sent KB Receive KB Total KB
Load SATEON UI 103.95 18,721 18,824.951 Login Process 30.90 670 700.902 Add token 13.99 16.35 30.34Query Token 4.26 14.44 18.70Delete Token 6.79 8.78 15.57Add Personnel 15.34 11.23 26.57Query Personnel 3.95 2.61 6.56Delete Personnel 11.69 15.04 26.73Grant Access Group 21.24 313.54 334.78Revoke Access Group 14.83 314.04 328.87Assign token 8.43 37.51 45.94Revoke Token 10.15 22.66 32.81Control Centre - Per Event 2.07 1.36 3.43Control Centre - Ack Incident 7.97 11.92 19.89Control Centre - Check State Panel
6.02 5.93 11.95
Control Centre - Unlock Door 4.01 3.87 7.88Reports - Initial load 15.36 759 774.36Reports - List Doors 8.44 76.15 84.59
1 The initial load of SATEON loads all the XAP files2 The login process checks all the security rules, languages, module options and the licensing options.
Email: [email protected]: +44 (0)1279 838000Web: www.grosvenortechnology.com
Page 16
Sateon IT Administrators Guide
