IM02606006E

Server Guide: Foreseer 3

Foreseer Server Guide
Publication date 1/2016

Copyright © 2016 by Eaton Corporation. All rights reserved.

SDISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY

The information, recommendations, descriptions and safety notations in this document are based on Eaton Corporation’s (“Eaton”)
experience and judgment and may not cover all contingencies. If further information is required, an Eaton sales office should be
consulted. Sale of the product shown in this literature is subject to the terms and conditions outlined in appropriate Eaton selling
policies or other contractual agreement between Eaton and the purchaser.
THERE ARE NO UNDERSTANDINGS, AGREEMENTS, WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING WARRANTIES OF FITNESS FOR
A PARTICULAR PURPOSE OR MERCHANTABILITY, OTHER THAN THOSE SPECIFICALLY SET OUT IN ANY EXISTING CONTRACT BETWEEN
THE PARTIES. ANY SUCH CONTRACT STATES THE ENTIRE OBLIGATION OF EATON. THE CONTENTS OF THIS DOCUMENT SHALL NOT
BECOME PART OF OR MODIFY ANY CONTRACT BETWEEN THE PARTIES.
In no event will Eaton be responsible to the purchaser or user in contract, in tort (including negligence), strict liability or other-wise
for any special, indirect, incidental or consequential damage or loss whatsoever, including but not limited to damage or loss of use
of equipment, plant or power system, cost of capital, loss of power, additional expenses in the use of existing power facilities, or
claims against the purchaser or user by its customers resulting from the use of the information, recommendations and descriptions
contained herein. The information contained in this manual is subject to change without notice.
Contents
Chapter 1.  Foreseer Server Installation......................................................... 1
System Requirements ................................................................................. 1
Hardware Considerations ............................................................................ 1
Software Considerations ............................................................................. 2
Foreseer Server Installation.......................................................................... 2
Program Installation...................................................................................... 2
Chapter 2.  Configuring the Foreseer Server................................................. 5
Device Installation......................................................................................... 7
Loading a Set of Devices.............................................................................11
Backing Up the Server Configuration .........................................................12
Automatic Configuration Backups................................................................12
Online Help ................................................................................................13
The Tree View .............................................................................................14
Server Properties.........................................................................................15
Device Properties.........................................................................................16
System Channels .......................................................................................17
Channel Properties.......................................................................................18
User-Defined Channels................................................................................ 21
Administrative Password ........................................................................... 23
Client Connection Password....................................................................... 24
Message Manager...................................................................................... 24
Remote Server ....................................................................................... 29
Chapter 3. WebViews .................................................................................. 31
Chapter 4.  Security and User Groups.......................................................... 35
Authorization Levels.................................................................................... 35
Accounts..................................................................................................... 37
Updating User Groups................................................................................. 38
Using LDAP with Foreseer.......................................................................... 38
Foreseer User Group Privilege Details........................................................ 43
Chapter 5.  WebViews Administration.......................................................... 45
HTTPS (Secure) Web Server ..................................................................... 45
Enabling a WebViews Server...................................................................... 45
Server Admin Menu.................................................................................... 47
Chapter 6.  Primary and Redundant Servers............................................... 49
Primary Server Setup.................................................................................. 49
Adding the Redundant Server as a Remote on the Primary Server (Web
Configuration Utility)................................................................................... 50
Synchronizing the Redundant Server (Web Configuration Utility)............... 51
 System Requirements

Chapter 1.  Foreseer Server Installation

Foreseer is designed to manage your critical site or entire enterprise by monitor-

ing power and environmental inputs from equipment, sensors and other systems.
Monitored points include Meter (analog) and Status (digital) inputs which open a
detailed window into the past, present and future performance of your mission-critical
equipment. The unique networked architecture and modular design make Foreseer a
cost-effective approach to managing your site while maintaining unique analysis and
multi-vendor connectivity capabilities. It furnishes a single integrated system that pro-
vides real-time and historical views into the operation of the power and environmental
conditions that support your critical operation.
Foreseer is an easy-to-use Windows program consisting of a Server application that
also doubles as a web server.
The Foreseer Server functions as a centralized storage location for information from
managed Devices and the Foreseer Client acts as a retrieval and display terminal for
that information. Together, the applications allow you to observe real-time data, re-
spond to events and alarms, as well as view historical data and project potential failure
for every data input. Your system has been pre-configured during installation with
equipment, critical data points and other views specific to your operation. The configu-
ration can be readily modified to meet your changing monitoring needs.
Although multiple Clients can access the Server and view its resident data, Foreseer
administrative functions control who has modification privileges to particular program
features. Password authorization can be specified to protect the Server configuration
from inadvertent alteration.

System Require- Foreseer has certain hardware and software requirements; exceeding these prerequi-
sites will enhance the performance of the program. It’s essential that you run Foreseer
ments on server class machines. Refer to the Release Notes for the current recommended
minimum hardware, operating system, and database requirements.
Foreseer also has certain hardware and software prerequisites that must be ad-
Hardware Con- dressed prior to installing the program on the Server. Hardware prerequisites consist
siderations of completing the Configuration Checklist for all of the Devices to be monitored, then
establishing physical connections between the Server and the Devices to be moni-
tored.

1
 Software Considerations

99 It is recommended that you complete the enclosed Configuration Checklist to

use as a reference during program installation.
99 Each monitored Device can be connected to the Server through one of several
interfaces. If the distance between the Foreseer Server and a serially targeted
Device exceeds 50 feet, RS-232/422 converters or a Device Server will be neces-
sary to adapt the serial signal.
FORESEER SERVER SETUP PROCEDURE

Complete Configuration Checklist

Verify Server PC meets minimum requirements

Ensure that the Devices are functioning normally

Network Connection Determine Foreseer Connection Method Serial Connection

1. Locate available network drop within 1. Obtain Serial Port Expander.
300 ft. Install Network Adapter
2. Obtain RS-232/422 Converters if
2. Obtain the IP address. distance exceeds 50 ft.
Repeat connection and test for each monitored Device
Consult your Network Administrator if
necessary
Install Foreseer Server Application

Configure Foreseer Server

Install Devices

Backup Foreseer Server Configuration

Software Consid- Software prerequisites consist of verifying that the Windows operating system, TCP/IP
Protocol and (if appropriate) Remote Access Server are installed and enabled. Before
erations starting, determine the unique network address for the Foreseer Server PC.
99 Ensure that the Windows operating system is installed on the Foreseer Server
PC.
Administration via Remote Desktop
If you are using terminal services to connect to a Foreseer Server, you must be con-
nected via the console session. If you don’t connect through the console session,
some administrative tools, such as the Message Manager utility, won’t work. The
server must also be set to access remote desktop connections to use this approach.
To launch a remote desktop connection to the console session on a server, type the
following command at the Windows command prompt:
mstsc -v:machine_name /F -admin
Where machine_name is the name of the server.

Foreseer Server Foreseer installation and configuration is a three-step process: Program Installation,
Server Configuration and Device Configuration. All three steps use a series of wizards
Installation to simplify the procedure and user prompts guide you through the entire process. Be
sure to register your Foreseer Application to ensure that you are notified about future
updates and product enhancements.

Program Installa- Foreseer Server Application installation is performed from the DVD and includes all
of the required files. You are prompted for the drive destination and the application
tion
2

CAUTION:
If upgrading from a previ-
ous version of the Fore-
seer Server, this procedure
should only be performed
by experienced personnel
under the direction of Ea-
ton technical support. Re-
fer to the Release Update
and the Release Notes for
more information.
Note: Foreseer should be
installed on the local hard
drive with the most avail-
able disk space. This may
not be the C: drive.
Program Installation
is placed in the specified location. There are two installation .msi files located in the
Installer folder:
• ForeseerInstaller.msi
• MsgManInstaller.msi This can be installed on a separate machine instead of the
Foreseer server. This can be a good strategy as it allows the message manager
to respond should the Foreseer server be down. If you do this, you’ll need to
configure the Message Manager on the client machine to point to the Foreseer
server (covered in the Message Manager Client Setup Guide) and configure the
Foreseer Server to accept connections from this client (covered in “Trusted Mes-
sage Manager Connections” on page 28).
Example: To install Foreseer Server software (the other .msi file installations are
almost identical).
1. Insert the Foreseer Server Application CD into the Server PC’s CD-ROM drive.
2. Select Run… in the Windows Start menu and that dialog box is displayed.
3. Browse to locate the installation file on the Foreseer Server Application CD, then
click OK. Installation setup begins, its progress reported until complete, at which
time a Welcome dialog box is presented.
Running the Foreseer Installation File
4. Click Next> to continue; a dialog box is displayed to specify the program’s Instal-
lation Folder.
5. Type or Browse… to identify the desired Installation Folder. Also specify whether
the installation is for anyone using this computer or only you, then click Next> to
continue with the installation.
3
 Program Installation

Selecting the Installation Folder (default folder shown)

6. Click Next> to confirm that you wish to install the Foreseer software on your
computer. A status bar reports on the progress of the installation.
7. When complete, click Finish to conclude the installation process. You may be
prompted to reboot the system, although rebooting is not always necessary.
The installer will create a Foreseer program group in the Windows Start menu that
includes the following:
Device Config - Launches the Device Configuration utility, which you can use to add
devices to a running Foreseer Server service and change channel message settings
for Message Management.
Foreseer Server - Launches the Foreseer Server itself.
Documentation - Links to the various Forseeer manuals. Clicking these launches
Adobe Acrobat (if installed) and loads a PDF copy of the selected guide.

4
 Program Installation

Chapter 2.  Configuring the Foreseer

Server

The initial step in setting up Foreseer is to configure the Server. This includes estab-
lishing password authorization, if desired, to protect the basic administrative opera-
tions governing the maintenance of the application.
To configure the Foreseer Server:
1. After installation, the Foreseer Server is automatically launched. This starts the
configuration sequence.
To manually launch the Foreseer server, select Start > All Programs > Foreseer >
Foreseer Server.
2. Select Install a New Server and click Next>. The Server Configuration Wizard
dialog box is displayed.
3. Make sure a Configuration Checklist at the back of this manual has been com-
pleted for each of the connected Devices, then click Next to continue.
Foreseer Server Configuration Wizard Dialog Boxes

5
 Program Installation

4. Identify this Foreseer Server for communication and reporting purposes by typing
in a name, up to 29 characters. Click Next> to continue with the Server configura-
tion.
SQL Server Configuration

5. You are required to enter the SQL Server connection string, as well as an account
name and a valid password for access authentication. Enter the password a
second time for verification. Asterisks are displayed to maintain system security.
You can specify a Windows account if you are using Windows Authentication
mode for SQL Server. You can also specify the Database File and Transaction Log
Locations, if desired. With the necessary SQL Server information entered, click
the Next> button.

6

Device Installa-
tion
Note: Adding Devices
requires first selecting the
Start Server Configuration
command in the Configu-
ration menu followed by
Install Device.
Device Installation
6. You may optionally require password authorization before changes can be made
to the Server. Password protection is recommended in critical installations to
prevent inadvertent changes which could adversely affect the Foreseer system.
Again, you must enter the Password in both fields to confirm it. Click Next>.
Administrative Password
7. Click <Back to change any of the chosen setup parameters, if necessary. Other-
wise, click Finish to save the Server Configuration settings. The Server software
is launched automatically.
The next step in the installation procedure is to populate the Server with the equip-
ment that is to be monitored. New Devices can be added to Forseer one-at-a-time by
the following procedure. See “Loading a Set of Devices” on page 11 for instruc-
tions for batch loading a set of devices via a comma-separated values (CSV) file.
The Device Installation Wizard guides you through the procedure, prompting the nec-
essary information and applying default parameters based on a standard list of moni-
tored points for each Device. Individual settings for these points may be changed later
(refer to Channel Properties).
Note: You cannot install a device that has more than 1000 channels.
To install a Device on the Foreseer Server:
1. Right-click in the Devices window and select Install New Device… to access that
dialog box. Locate the Configuration Checklist for the new equipment, then click
Next> to continue.
2. Select the appropriate Device from the list of supported equipment and click
Next>.
7
 Device Installation

Selecting a Device

3. Accept the suggested Name for the Device, or enter another unique description,
up to 24 characters, then click Next > to continue.
4. Specify whether the interface between the Server and the Device is a Network
or a Serial Connection, as well as the appropriate type, and click Next>.
Note: TCP/IP protocol Selecting Communications Protocol
must be installed on the
Server PC regardless of
the type of Device connec-
tion.

8
 Device Installation

5. Enter the necessary Device Connection information:

For a Network Device, enter its IP Address or URL/Web address. This Address
must be correct or the Server will be unable to communicate with the target
equipment. Click OK to accept the entry and return to the Device Installation
Wizard window.
Selecting Serial Connection prompts additional interface information. A Direct
Serial Connection requires that you specify the COM Port to which the Device is
connected and its communications settings. Accept the displayed serial Port or
assign another from the drop down list of selections in the Serial Communica-
tions Port field.
Press the Settings… button to display the Port’s Properties dialog box containing
additional serial interface parameters. Click OK to enable the displayed param-
eters and return to the Device Installation Wizard window.

6. Once the Device connection is properly configured, click Next> and Foreseer will
attempt to establish connections with the specified equipment.

9
 Device Installation

7. Verify that the information displayed about the Device corresponds to the infor-
mation recorded on your Configuration Checklist. If not, Cancel the installation
and recheck the Device. With the correct Device information displayed, click
Next>.
8. With the target Device and the interface connection defined, click Finish to
complete the installation. The new equipment will appear in the Devices window.
Install any additional Devices, if necessary, using the same procedure for each.
If installation is unsuccessful or the Device information does not appear in the
Identification window, go <Back and check that all configuration entries are
proper and that hardware connections with the equipment are correct. After
verifying the configuration and connections, once again attempt to install the De-
vice. Contact Eaton Corporation - Foreseer Technical Support if Device installation
problems persist.

9. With all Devices properly installed, click No to terminate the installation process.
You may wish to select newly installed equipment in the Server’s Tree View and

10
 Loading a Set of Devices

review the default settings assigned to each of its input channels. The Properties
vary slightly depending on whether it is a Meter (analog) or Status (digital) chan-
nel and they only can be changed by a User with Administrative authorization.
Refer to Channel Properties for more information on these data point settings.

Loading a Set of As an alternative to loading a single device via the wizard, you can load a set of de-
vices by predefining these in a comma-separated values (CSV) file. This “device list”
Devices file has the following format:
device_name,vi_file_name,IP_address,port_number,driver_specific_info
Where:
device_name is the name that will be used in Foreseer for the device.
vi_file_name is the filename of the driver file for that device. This file is stored in
the install_path/Foreseer/vi folder. Note that some driver file names may have a
single comma. Foreseer will handle this correctly.
IP_address is the IP address for that device. Set this to none for the Nothing driver.
port_number is the port portion of the device address. Leave blank to use the default
port for that specific device protocol or enter a valid port number.
driver_specific_info is either the device ID (for Modbus) or the read community
string for SNMP. Set this to none for the Nothing driver.
Examples:
Modbus device installs:
PX Meter 1, 6-PowerXpert Meter 4000 TCP.vi, 10.22.50.30, 502, 1

PX Meter 2, 6-PowerXpert Meter 150 TCP.vi, 10.22.50.50, 951, 1

SNMP device installs:

PW 5125 1, 6-Powerware UPS 5125 SNMP.vi, 10.22.50.32, 161, public

PW 5125 2, 6-Powerware UPS 9395 SNMP.vi, 10.22.50.75, , public

BACnet IP device installs:

PX Meter 3, 6-PowerXpert Meter 2000 BACnetIP.vi, 10.22.50.100, 47808, 1

PX Meter 4, 6-PowerXpert Meter 2000 BACnetIP.vi, 10.22.50.101, , 1

Nothing device installs:

Nothing 1, 6-Nothing.vi

You can load the .csv file into Foreseer through any of the following methods:
• The Foreseer Web Configuration Utility (see the help/manual for that utility for
specific instructions). Note that the Web Configuration Utility expects the device
list file to be in the install_path/Foreseer/vi folder.
• The Device Config Utility (see the help/manual for that utility for specific instruc-
tions).
• The Foreseer Server. Instructions for loading the device list file follows:
To load a device list file through the Foreseer Server:
1. In the Configuration menu, click Start Server Configuration.

11
 Backing Up the Server Configuration

2. In the Configuration menu, click Install Devices from List.

3. In the Select CSV File dialog box, browse to the CSV file.
4. Click Open.
The file will be validated and, if no errors are found, loaded. Should errors be detected
in the device list file, refer to the error dialog boxes and the log report.

Backing Up the It is strongly recommended that a backup be performed after initial system configu-
ration as well as before and after any significant modifications to ensure maximum
Server Configu- disaster recovery capability.

ration Significant changes are signaled via the Major Server Version System Channel.
The Backup archive includes the Foreseer Server configuration—data files are not
backed up in this procedure. Automatic data backups can be scheduled under the Da-
tabase menu (see Database Backups), but do not include information about the Server
configuration.
To backup a Foreseer Server configuration:
1. Select Configuration Backup… in the Configuration menu to display the Save
Server Configuration Backup As… dialog box.
2. Enter a File name for the backup, specify a different destination directory if nec-
essary, then click Save to create the archive file.

3. Click OK to continue once the backup is reported “Completed Successfully.”

Automatic Con- You can schedule the configuration backups automatically at specified intervals. A
network drive is the recommended backup destination.
figuration Back- Important! Make certain that the user account used by Foreseer has Full Control
ups permission for all of the directories under the Foreseer installation directory.
Otherwise, the backup process may fail.
To schedule regular backups:
1. Select Backup… in the Server’s Configuration menu.

12
 Online Help

Note: You can either co- 2. Specify when the backup is to be performed. The Start Time is based on a 24-
ordinate the configuration hour clock: for example, 5:00 p.m. is entered as “17:00.” Note that the backup
archiving process with an cannot occur within ten minutes of midnight and that there are restrictions based
existing tape backup pro- on the type of backup media. The Start Timeplus the duration of the archive can-
gram or copy it to another not extend through midnight if archiving to a tape drive and it cannot be within
drive, if desired. the half hour preceding midnight if archiving to another disk drive.
3. Check the Day(s) of the Week on which the backup is performed. At least one day
must be checked to enable this automatic feature.
4. Enter or browse to the desired backup path.
5. Click OK to enable the displayed Data Backup settings. Archiving will be per-
formed automatically at the scheduled time on the selected day(s).

Online Help Much of the operation of Foreseer should be familiar to those who have used the
Microsoft Windows Operating System. Foreseer’s online help facility furnishes more
comprehensive information on program operation. You are urged to consult the Fore-
seer Server online help files to learn more about all aspects of the application.
Hotspots within the various Help topics pop up specific information or quickly jump to
related topics simply by clicking on them. These hypertext links are identified by their
green color if they are textual, or the cursor changing to a pointing finger if they are
graphic.
To access help, Select Help Index in the program’s Help menu to conduct a search of
subjects. A subsequent Help window organizes assistance by Contents.

13

The Tree View
Note: The use of leading
characters (such as “*”
and “!”) in list names are
used to ensure critical
elements sort at the top
of the list in larger Server
configurations.
14
The Tree View
The Tree View, also available on the Client, provides a hierarchical display of the Server
configuration much like Windows Explorer. If it is not displayed, select Tree View in the
Window menu.
The left pane of the Tree View lists all associated Foreseer Servers as well as their
subordinate Devices and Channels. The list, like Windows Explorer, is expanded and
contracted by clicking on the “+” and “–” preceding the desired icon.
Selecting a Server, Device or Channel displays summary information about its constit-
uent components in the right pane of the window. Listed Server information includes
the Name, Address, frequency of Alarm and Channel Updates, whether the connec-
tion is Enabled, whether the software Needs Updating and when the Last Update
Check was performed. Device information lists its resident channels as well as the
State, Value and Type of each.
Tree View
Selecting an individual channel similarly identifies its current State, Value and Type.
Any of these listings may be resorted by clicking on the desired column heading. To
sort Device channels alphabetically by Type, for example, click on that column heading;
clicking the column header a second time resorts them in reverse order. Selecting a
Server, Device or Channel and right-clicking presents a context-sensitive menu that
allows Foreseer actions and responses to be performed depending on the chosen sys-
tem component. The Tree View also provides an <Alarm Management> summary in
the right window and allows <Reports> to be created and viewed on the Server. The
available Report formats are the same as those offered through WebViews.
 Server Properties

Server Proper- The Server Properties dialog box, accessed through the Server Properties… command
in the Administration menu, allows a number of general settings to be specified. They
ties are organized under four tabs:
General provides the name of the Foreseer Server whenever it is reported, such as in
Message Management and in Report titles. It also quantifies the information that is
written to the Log file. Other settings permit the Server to be enabled as a password-
protected user rather than a local system account when running as a service, enabling
a delay in startup, and Watchdog Processing support to ensure ongoing system opera-
tion.
Remote settings allow Webviews Administrative users to restart the Foreseer ap-
plication on the Server, perform a complete reboot of the Foreseer Server computer,
and upload newer releases of Foreseer software and Device Drivers to the Foreseer
Server.
Database specifies a Retry Time, in seconds, after which Foreseer will attempt to
reconnect to SQL Server. Foreseer will continue to retry connections, using the speci-
fied interval between tries, until a connection is established. The retry attempts can be
temporarily disabled to avoid nuisance alarms, or this feature can be disabled entirely
through the check box.
Redundant System identifies the Server as a backup to ensure continued site moni-
toring in the event the principal Server fails. A single redundant Server is designated
as a Stand-Alone. In instances where there is more than one such Server, it must be
identified as the Primary or Secondary Redundant in the backup system.

15
 Device Properties

Server Properties Tabs

Device Proper- The Device Properties dialog box furnishes operational information on each monitored
piece of equipment. In addition to the standard tabbed settings, there may also be a
ties Device-specific tab.
To view Device Properties:
Note: Alteration of Device 1. Choose the Tree View command in the Window menu to display that system
settings must be done view.
with the Device disabled,
which requires Administra- 2. Expand the left pane if necessary to locate the desired Device and click on it to
tive Authorization. highlight it.
3. Right-click and choose Properties… from the context-sensitive menu to display
the General Device Properties dialog box.

16
 System Channels

4. Click on the appropriate tab(s) to access those Device Properties. They can be
viewed in a read-only mode.
A typical Device Properties Page

System Channels Separate from individual Device inputs, Foreseer provides predefined System Chan-
nels to monitor critical Server operations. Grouped together in the Tree View, they
have predefined Properties that may be modified as desired, although alteration is not
recommended:

Active Client Connections
Archive Elapsed Time
Configuration Backup
Database Archiving
Database Backup
Database Status
Digital Transition Rate
Disk Free Space
indicates the number of Foreseer Clients currently com-
municating with the Server.
reports the time between high-resolution data archives.
indicates when the backup of the Server configuration is
no longer current: a system backup is recommended.
reports an alarm when data are not being logged into the
Server database.
alarms when a scheduled data backup was unsuccessful.
reports the current condition of the Server’s database.
This channel alarms if any problems are detected in ac-
cessing the database.
reports the number of digital transitions per hour and
sets the data type to be archived.
displays the amount of disk space available on the
local hard drive on which the Foreseer application is
installed. This channel alarms when its value drops be-
low the Lo Caution and Critical Limits set in its Basic
Channel Properties dialog box.

17
 Channel Properties

Major Server Version indicates consequential changes to the Version Server

configuration such as the addition or deletion of a De-
vice or channel. It is strongly recommended a Configu-
ration Backup be performed when this channel reports
changes have been.

Message Manager Local indicates local Message Manager connection status.

Message Manager Remote
Minor Server Version
Server Configuration Mode
System Alarm
System Warning
indicates remote Message Manager connection sta-
tus.
indicates incidental changes such as the Version
alteration of a channel’s properties have been made. A
Configuration Backup typically is not necessary when
this channel reports changes.
shows if changes are currently being made to the server.
indicates a system-wide problem not associated with
database operations. The Log file can provide addition-
al information on this condition.
indicates a minor system problem has been detected.
The Log file can provide additional information on this
condition.

Channel Proper- Foreseer is shipped with some pre-configured Device settings. These parameters are
defined during Server Device installation. You may selectively enter your own settings,
ties if desired. Although any channel’s Properties reside at the Foreseer Server, they are
available for display and/or modification by authorized Webviews users.

Note: If specified during To alter Channel Properties:

Foreseer program instal-
1. Expand the list if necessary by clicking on the “+” preceding its associated
lation, Administrative
Device’s name, then select the desired channel within the Tree View. A Meter
Authorization is required
(analog) channel is identified by a circle, a Status (digital) channel is a square, a
to change Channel Proper-
text channel is indicated by a “T” and a clock symbol designates a date channel.
ties.
2. Right-click to display the context-sensitive menu and select Properties… to ac-
cess its Channel Properties dialog box.

18

Note: A channel’s scal-
ing values should only be
changed at the direction of
Eaton personnel.
Channel Properties
3. Click on the desired tab in order to access those Channel Properties. The tabs dif-
fer slightly depending on whether it is a Meter (analog) or a Status (digital) chan-
nel.
The Meter Channel Properties dialog box defines an analog channel’s operational
parameters:
• General Channel Properties identify the individual input as well as its display
and archiving characteristics. Settings include a Description of the data point, its
display Units and Archive rate. There are also selections to Disable and/or Disarm
the channel.
• Basic Channel Properties define the data point’s Alarm Limits and correspond-
ing Messages. It also assigns the channel Priority for alarm sorting functions. If
you have created a derived channel that can be referenced by other channels for
alarm settings, you can specify that derived channel as well.
To set up a derived channel for alarm referencing, first either create a derived
Analog channel or use an existing Analog channel and then set the alarm values.
You can reference these through another channel by selecting Use Global Alarm
Limits. You can then use the Global Channel browse button to reference the Ana-
log channel. Once you’ve referenced an Analog channel its alarm values appear in
the Basic tab, although you must enable them before they become active.
Analog Channel - Basic Channel Properties Tab
Advanced Channel Properties (shown) enable various responses to an alarm including
Ack-Holdoff, Re-Arm and Delay Alarm intervals. These intervals postpone alarm re-
sponse for the user-specified period. Alarm Latching can be enabled, if Alarm Latch-
ing is not enabled then a Hysteresis value may be assigned. Hysteresis determines
the threshold Value before a new alarm is reported for this channel. The Hysteresis
setting is used to eliminate nuisance alarms when the channel’s current reading is
near its set Alarm Limits. When an alarm occurs, the reading must drop below or rise
above the threshold Value, then exceed the Limit once again before a new alarm is
reported. Note that the Hysteresis setting is only available for non-Latching alarms. En-
19
 Channel Properties

able Scaling allows you to apply a linear scaling factor to the channel’s Minimum and
Maximum Raw and Scaled Values.
Advanced Channel Properties Tab

Digital Channel - Basic Properties Tab

The Status Channel Properties dialog box defines a digital channel’s operational pa-
rameters:
General Channel Properties identify the individual input as well as its display character-
istics. Settings include a Description of the data point, its display True and False String.
There are provisions to Disable and Disarm the channel.
Basic Channel Properties (shown) enable the data point’s Alarm and its corresponding
Message. You also can specify if the channel Alarm Value is True or False, whether the
condition is Cautionary or Critical, and its relative Priority for alarm sorting functions.
Advanced Channel Properties enable various responses to a detected alarm. They
include Ack-Holdoff, Re-Arm and Delay Alarm intervals, which postpone those alarm
responses for the user-specified period.
Alarm Latching can be disabled if desired.

20

User-Defined
Channels
Note: If specified during
Foreseer program instal-
lation, Administrative
Authorization is required to
change the Server Con-
figuration.
User-Defined Channels
User-defined channels can be analog, digital, text or date-based to address specific
monitoring needs. A Text Channel is used to enter a text string (or optionally a User-
defined channel can be used to assign a text string to a text channel), such as the
Device’s serial number for quick retrieval. A Date Channel can be used, for example,
to generate an alarm notification that it is time to perform a scheduled maintenance
procedure.
To create a User-Defined Channel:
1. Choose the Start Server Configuration command in the Configuration menu. The
Server Configuration Mode System Channel turns yellow and
“********SERVER CONFIGURATION MODE********”
is displayed in the window’s title bar to confirm operational status.
2. If not already displayed, select Tree View in the Window menu.
3. Click on the desired Device icon on the left side of the Tree View, then right-click
and select Add User-defined Channel… from the context-sensitive menu. The
New User Defined Channel dialog box is displayed.
New User Defined Channel Dialog Box
4. Enter a unique Name for the new data point and specify if it is an Analog, Digital,
Text or Date Channel, then click OK to display its corresponding Channel Proper-
ties dialog box.
5. Enter the necessary General, Basic and Advanced Channel Properties as appropri-
ate to define the channel’s settings. Date Channels present the standard analog
Channel Properties while Text channels only have General Channel Properties.
21
 User-Defined Channels

User Defined Settings

For more information about

User Defined Equations,
you can request training as
well as a Technical Sup-
port Bulletin from Eaton’s
Foreseer Customer Service
group.
User-Defined Analog and Digital Channels include a User Defined Equation tab
which specifies the calculation used to determine their value (refer to the Fore-
seer Server Online Help for a complete listing of available mathematical operators
and conditional statements). It also allows the reported Values of other channels
to be used in its calculation. Click on the Insert Channel button then locate it in

22
 Administrative Password

the Select Channel dialog box. Highlight the desired channel and press OK to
insert it into the Equation at the cursor location.
User Defined Channels in the Tree

6.
6. With the channel’s settings specified, click OK and the channel is created under
the designated Device in the Tree View. Analog channels are identified by a circle
icon, digital channels by a square, text channels by a “T” and date channels by a
Note: Renaming or de- clock.
leting existing channels
or Devices can have an 7. Choose End Server Configuration in the Configuration menu to finish the edit-
adverse effect on Foreseer ing session and restore normal monitoring operations. Standard Meter (analog)
Webviews links. and Status (digital) channels are similarly added to the Server configuration in
response to new inputs using the Add Channel… command in the Edit menu. You
can also Rename or Delete individual channels (or entire Devices) from the list by
selecting them and choosing the appropriate command in the right-click menu.
Refer to the Foreseer Server Online Help file for more information on all of these
topics.

Administrative The Administrative Password may be changed, or assigned if one was not specified
during initial Server configuration. This authorization is altered through the Change
Password Passwords dialog box.
To change the Administrative Password:
1. Select the Change Passwords… command in the Administration menu to display
the Change Passwords dialog box.
Change Passwords Dialog Boxes

23

Note: Passwords are case-
sensitive; thus, “USER,”
“User” and “user” are
all recognized as different
entries.
Client Connec-
tion Password
Note: Foreseer is shipped with
“special” as the default Client
Connection Password. DO NOT
specify a Client Connection
Password on a network hosting
Clients running a prior version
of Foreseer, or they will not be
able to communicate with the
Foreseer Server.
Message Man-
ager
24
Client Connection Password
2. Click on the Change Administrative Password button to display the appropriate
dialog box.
3. Enter the Old Password (asterisks are displayed to maintain system security). If
no Password was previously assigned, simply skip to the New Password field.
4. Enter the desired New Password.
5. Type the same character string in the Verify New Password field to validate the
entry.
6. Click OK to save the New Password.
A Client Connection Password is used to prevent an unauthorized Foreseer Client
from accessing the Server and modifying its configuration, such as changing Channel
Properties. This password must agree with the Server Password entry on the Client
or the two computers will not be able to establish communications. The Connection
Password may be modified by a User with Server Administration privileges.
To change the Client Connection Password:
1. Select the Change Passwords… command in the Administration menu to display
the Change Passwords dialog box.
2. Click on the Change Client Connection Password button to display that dialog box.
3. Enter the New Password, then again in the Confirm field in order to verify the
change. Observe the same naming conventions as those used for other Foreseer
passwords, such as case sensitivity.
4. Click OK to implement the New Password. Be aware that all subscribing Foreseer
Clients must know and enter the New Password locally or they will not be able to
access the Server.
Changing the Client Password
There are four configuration tasks for the message manager within the Foreseer
Server:
Setup: D efines which devices or individual channels send alerts through Message
Management as well as the configuration for various alarms and actions. You can also
define the SNMP behavior.
Configure Required Connections: Identifies which Foreseer systems are required to
be connected to this Server in instances where the Client normally performs Mes-
sage Management functions. If any one of the listed systems becomes disconnected
 Message Manager

from the Server, Foreseer Message Management begins its messaging routine to
alert personnel of alarms.
SNMP Properties:Sets global SNMP resend properties.
Trusted Connections: D
 efines a set of trusted machines that are permitted to con-
nect to the Message Manager.
For instructions about how to configure the Message Manager through its configura-
tion utility, see the Message Manager Client Setup Guide.

Setup
Use this to configure Message Manager settings for the server, devices, or individual
channels.
1. Select the Setup command from the Administration > Message Management >
submenu.
2. Right-click any server, device, or channel in the list, and click Edit.
3. For individual channels, you can set whether or not to use the default Notification
List (this checkbox is under the Default tab). For channels, devices, and servers
you can set behavior for Critical and Cautionary alarms, as well as when an alarm
is acknowledged or normal status is attained. You can specify:
ƒƒ The notification list to use.
ƒƒ Whether to send a message if required connections are missing.
ƒƒ Parameters for Alpha Messages. You can either choose to use the standard
message and configure it with the checkboxes or select Use Custom Mes-
sage (under Alpha Message). If you are using the standard message, you
can select to include the Server Name, Device Name, Channel name, as well
as a user defined message.
If you choose Use Custom Message, you have access to all of the Message
Manager variables. Click Edit the Custom Message to access the message
editor dialog box.
When creating a custom message, you can use the following variables to
provide additional alarm information:
$SERVER_NAME$ - returns the server issuing the alarm.
$DEVICE_NAME$ - returns the name of the device issuing the alarm.
$CHANNEL_NAME$ - returns by the name of the channel
$ALARM_MSG$ - returns the alarm message.
$DATE$ - returns the current date.
$TIME$ - returns the current time.
$ACKED_BY$ - returns the user name that acknowledged the alarm.
$CHANNEL_VALUE$ - returns the current value of the channel.
$CHANNEL_UNITS$ - returns the units used by the channel.
$ALARM_VALUE$ - returns the channel value at the time of the alarm.
$ALARM_STATE$ - returns the current state of the alarm.

25
 Message Manager

$ALARM_PRIORITY$ - returns the alarm priority.

$ACK_NOTE$ - returns the text, if any, that was entered as a note when the
alarm was acknowledged.
ƒƒ The command line to use for the Command Line service. This allows you to
change the command line issued for each alarm state or status.
Once these are configured, you can copy the settings to the other alarm or status
tabs using the buttons at the bottom of the dialog box.
Channel Message Settings Dialog Box

4. If you are also configuring SNMP traps, click the SNMP tab:
a. For both Critical Alarm and Cautionary Alarm, select one of the 25 predefined
traps or leave the setting at Do not send a Trap.
b. Set the Alarm Events parameters. You can choose to also send a trap on alarm
acknowledgement or return to normal.
5. Click OK.

26
 Message Manager

SNMP Settings

SNMP Resend Parameters

Through this dialog box you can globally set the trap resend behavior. These settings
apply to all channels, devices, and server for which SNMP traps are configured. To
access it, select the SNMP Properties command from the Administration > Message
Management > submenu.
SNMP Properties Dialog Box

27
 Message Manager

Required Connections
1. Select the Configure Required Connection command from the Administration >
Message Management > submenu to display the Required Connection Settings
dialog box.
Required Connection Strings Dialog Box

2. Click on the Add button to access the Enter Client IP Address dialog box.
3. Furnish either the Foreseer message management host network address or com-
puter name and click OK.
4. Check the box preceding the address to enable server access by that client.
5. Specify the Startup Delay during which the server will ignore any clients that
become disconnected. This delay is in effect whenever the server is initialized, or
when modifications have been made to the system.
6. Repeat the process to add other Foreseer clients to the list.
7. Click OK to accept the displayed settings.

Trusted Message Manager Connections

When setting up the Message Manager on client machines, you must define them as
having trusted IP addresses or machine names within the Foreseer Server. To access
the dialog box, select the Trusted Connections command from the Administration >
Message Management > submenu Click the Add button to add machines to the list.
Select an entry and click Remove to delete it. Use the Edit button to change an entry.

28
 Remote Server

Trusted Message Manager Connections Dialog Box

Remote Server A local Foreseer Server can serve as host to a remote Foreseer Server. Once defined,
the Remote Server appears on the Tree View as another computer and can be modi-
fied locally. A Password provision adds another layer of security by restricting access
to authorized personnel.
To add and connect to a Remote Server, you will need to use the web configuration
utility. To access the Web Configuration Application, you must:
• run Microsoft Internet Explorer version 10 or 11:
• have a user account that is a member of the PXSauthAPPADMIN Windows user
group.
You can access the Web Configuration Utility at the following URL: http://machine/
Support/WebConfig.htm
Where machine is either the machine name or IP address of the machine on which
Foreseer is installed. When accessing the web page, you may be challenged to pro-
vide your user ID and password.
If you must designate a specific port for communicating with the WebViews server,
the syntax of the URL will be slightly different:
http://machine:port_number/Support/WebConfig.htm
Server Config mode must be active to run this command. Activate Config mode
by right-clicking server and selecting Start Server Config Mode. The **** CONFIG
MODE **** message should be displayed above the tree.
To add a remote server:
1. Select Add Remote in the server right-click menu.
2. Identify the remote server by entering its Name and Remote Address; requiring
Connection Password security is optional. If a password is specified for remote
server access, the password must be entered a second time in the Verify Pass-
word field. If no password is specified, it defaults to special.
3. Either accept the 2 second default for Updates (sec) or enter a new setting.

29
 Remote Server

Remote Server Setup

4. Specify whether to automatically Connect to this Remote Server at startup and to

Synchronize the Remote’s clock on connect. You can also specify whether or not
this server is redundant and if it sends waveform data.
5. Click OK and the Server attempts connection with the Remote Server. Once con-
nection is established, the new Remote Server appears in the Tree View hierarchy.

30

Note: Refer to Foreseer Server Online Help,
the WebViews Editor Guide, and the Web-
Views Users Guide for information on the
available WebViews tools and their use.
Remote Server
Chapter 3.  WebViews
WebViews allows you to custom design all aspects of your site through an extensive
collection of drawing tools and view it through Microsoft Internet Explorer. You can
create as much complexity as you like without learning the intricacies of web design.
The first thing to remember when starting any project is to plan. The more planning
you do initially, the less trouble you will encounter during the course of the project.
Running Foreseer and the Message Manager as a Service
After configuring the Foreseer Server, it and the Message Manager must be run as
a Service within the Windows operating system under the local system (User Name
and Password ) account. In rare installation instances, the Server initially may have
to be defined as a Service, or it may be desirable to uninstall it as a Service for other
reasons. The Server Service Setup dialog box allows installation and removal of the
Server as a service.
To launch the Service Setup dialog box, navigate to the C:\Program Files\Eaton Cor-
poration\Foreseer folder and double click the ServiceSetup.exe file. Select Install or
Uninstall and click OK to execute the desired function.
31
32
Configuration Checklist

Network
Serial Settings
Settings
Device Device IP Baud Data Stop Handshaking
Serial Port Parity
Number Name Address Rate Bits Bits Flow Control

Example UPS #1 COM 2 9600 8 1 N/A None Disabled / None

17
18
19
20
21

1. An IP Address is required if using a network connection.

22
23
Remote Server

24
25
26
27
28
29
30

2. Serial Communications Settings must be configured on both the Device and within Foreseer if using serial connections.
31
N/A
32
 33
Configuration Checklist
Network
Serial Settings
Settings
Device Device IP Baud Data Stop Handshaking
Serial Port Parity
Number Name Address Rate Bits Bits Flow Control
Example UPS #2 189.100.150.22 N/A N/A N/A N/A N/A N/A
17
18
19
20
21
Remote Server

22
23
24
25
26
27
28
29
30
31

32
 Remote Server

34
Chapter 4.  Security and User Groups

WebViews allows a user to view installed devices on the Foreseer Server and the
system status via Internet Explorer (see the Release Notes for supported versions). A
user’s visual access level and rights can be closely controlled through WebViews au-
thentication and authorization. Viewing access can be granted to the entire system or
to the granularity of viewing a single page. Control of the system can be broad-based
or locked down entirely. The WebViews server can be enabled over the HTTP protocol
(non-secure), the HTTPS protocol (128-bit encryption using SSL) or both.
Web Server Protocol Options from the Foreseer Server

Authorization The authorization level granted to a user will depend on the authorization options that
are in effect for the HTTP and HTTPS servers and the credentials the user presents to
Levels the server. Under no circumstances will the WebViews HTTP(S) server allow access
to any file or folder above the root of the WebViews folder.
Authentication requires that a user provides both a Username and Password (their
credentials). The user’s credentials are passed to the Windows default security pro-
vider for validation. The credentials must represent a valid Windows user account and
depending on the Security Policies at your site, the account may need the Log on
locally permission on the computer where the server is running. After the credentials
have been validated, the server then checks to see what Groups the user is a member
of.
The WebViews server currently provides three classes of authorization: ADMIN,
ROOT and TOP (or Branch). The ADMIN authorization class grants the user all rights.
ROOT authorization grants an account the right to View the Tree and View Alarms. TOP
(Branch) authorization grants a user the ability to view a specific branch of the tree.
A TOP level folder is defined as a folder that is a direct child of /WebViews (the root
folder). When an account has TOP authorization, they have access to the TOP (branch)
folder and all channels and folders under (or descendants of) the branch folder. If an
account has membership in both the TOP group and the ROOT group, the user will be
granted the higher-level ROOT authorization (or rights).
ADMIN authorization is requested by using the root path of /WebAdmin/ instead of /
WebViews/. An account that is a member of the ADMIN group (PXSauthAPPADMIN)
will be granted all rights.

35
 

When a user has been authorized at the Branch level, they may not view or access
any data or pages outside of the branch they have been authorized for.
The WebViews server will cache the last credentials that were presented and the
rights associated with the credentials. As long as the Internet Explorer session per-
sists, WebViews will check the credentials presented by the browser with the current
request against the cached credentials. If they match, the WebViews server can skip
the time-consuming step of further Authentication and Authorization.
When a new session is started or the cached rights are not sufficient for the current
request, WebViews will reply to the request with an HTTP 401 status code. A 401 sta-
tus is known as an Authorization Challenge. When the browser receives a challenge,
it will present the user with a Logon dialog. The user has three tries (the three-strike
rule) to provide credentials that the server will accept. If the user cannot provide valid
credentials, the browser typically displays a blank page. The WebViews server uses
HTTP Basic Authentication. The browser encodes the credentials supplied by a user
and sends it to the WebViews server in the HTTP Authorization header field.
Caution: As the credentials are only encoded (not encrypted), they are subject to
being intercepted and decoded. To keep credentials secure it is highly recommended
that the site uses the HTTPS (secure) server when authorization is enabled. The
HTTPS server uses 128-bit encryption which guarantees that even if the information
that is sent is intercepted, it cannot be decoded.
A WebViews folder tree can be graphically represented as such:

WEBVIEWS /webviews

BASEMENT /webviews/basement
UPS 1 /webviews/basement/ups
1
ATS 1 /webviews/basement/ats
1

FLOOR 1 webviews/floor 1
GEN A webviews/floor 1/gen a
GEN B webviews/floor 1/gen b

FLOOR 2 webviews/floor 2
AC 1 webviews/floor 2/ac 1
AC 2 webviews/floor 2/ac 2
AC North webviews/floor 2/ac
north

WEBVIEWS is at the Root level. BASEMENT, FLOOR 1, and FLOOR 2 are the Top
level. The devices would be at the Branch level.
A TOP level folder is a direct child of the root folder (WebViews in the example tree).
TOP folders define a branch which includes the TOP folder and all folders that are
descendents of the TOP folder. Basement, Floor 1, and Floor 2 are all TOP folders.
The Floor 1 branch includes the following folders: /WebViews/Floor 1, /WebViews/
Floor 1/Gen A and /WebViews/Floor 1/Gen B.

36


Accounts Accounts are managed by Windows and may be Local Users or Domain accounts. To
allow a specific right, create a Local Group (local to the computer where the Foreseer
Server is installed and running) from the following Foreseer Group Names:

User/Security Group Details

PXSauthNONE • Disables all authentication requirements, including access to the Web
Configuration utility.

• A user login will not be required to view pages, edit pages, acknowledge/
rearm alarms, change channel properties, etc.

• Grants admin permission to everyone.

This group should be used with extreme care. It grants full access to
everyone that can connect to Foreseer with Internet Explorer.

PXSauthADMIN
• All rights, except access to Web Configuration utililty

• Members have all rights in WebViews

• Members can edit (Webadmin URL) if licensed

PXSauthAPPADMIN • Members can access the Web Configuration Utility and gain all rights (the
same as PXSauthADMIN)
PXSauthROOT • View all branches with view alarm permission

• Members can view all WebViews pages (full access to the WebViews
tree)

• Members can view Alarms, Reports, and Channel Properties

PXSrightViewTree View all branches of the tree
PXSrightViewAlarms • Members can view the Alarm Management page but cannot acknowl-
edge/rearm alarms

• Members can view all WebViews pages

• Grants permission to view active alarms

PXSrightViewProps • Grants permission to view a channel’s properties

• Members can view all WebViews pages

PXSrightAlarmActs • Grants permission for alarm management (ack/rearm)

• Members can acknowledge/rearm alarms from Alarm Management

• Members can view all WebViews pages (full access to the WebViews
tree)
PXSrightControl • Grants permission to access a channel’s control ability

• Members can access dialogs to change Setpoint, Tri-State, and Two-State

Control channels and activate Switch LED or Switch Rocker ActiveX
Controls
PXSrightEditProps • Grants permission to edit a channel’s properties

• Members can view Channel Properties

• Members can view all WebViews pages

PXSrightAppAdmin • Members can access the Web Configuration Utility and gain all rights (the
same as PXSauthADMIN)

Some of the rights also imply others as follows:

• PXSrightViewAlarms......................PXSrightViewTree
• PXSrightAlarmActs.........................PXSrightViewAlarms, PXSrightViewTree
• PXSrightEditProps..........................PXSrightViewProps, PXSrightViewTree
• PXSrightViewProps........................PXSrightViewTree

37
 

The table at the end of this chapter lists the various user group privileges in more
detail.
Note: You can test each account if you wish through the Authentication tab on either
the HTTP or HTTPS server dialog box. Click the Account Test button and then enter
the Username and Password for a Windows User. If you wish, you can also specify a
branch of the Webviews tree to test for access privileges.
Foreseer queries the list of users and groups at startup, therefore if you make a
Updating User change to either the list of users or to groups this won't be read until the next time
Groups the Webviews Server starts. To force a query of the list of users and groups, you can
do one of two things:
• Restart the Foreseer Server itself.
• In the Foreseer Server, select the Webviews server through Administration >
Webviews Server. In the General tab, click the OK button. This restarts the Web-
views server.

Using LDAP with You can connect Foreseer to LDAP for delegated user authentication. This allows you
to use LDAP to manage access to Forseer via membership in LDAP user groups.
Foreseer Using this feature requires that you are familiar with LDAP, its query syntax, and LDIF
syntax. If you aren’t, you’ll need help from a member of the IT staff familiar with LDAP
queries.
Note: To use this feature, you must have an account that can log on to the LDAP
server and that account must have a password which doesn’t expire.
The LDAP Configuration dialog box has four tabs, each of which has its own configura-
tion.

38


LDAP Setup Tab

To enable LDAP authentication to Foreseer, you’ll need to:

• Select Use LDAP as the Primary Security Provider

• Select whether your LDAP server uses Kerberos or Plaintext to authenticate.

• Choose if your LDAP server uses user principle name for user accounts.

You must also specify the credentials for the account that’s used to access the LDAP
server, including the domain, user name, and user password.

39
 

Directory Search

You must set the base distinguished name (dn) that Foreseer will use to run queries
on the directory server. The subtree search starts from this distinguished name. You
must also set the query depth (Search Scope).
The filter that’s preloaded in the Search Filter was designed to find user objects in
most situations. However, you can enter your own string tailored to your system. The
example shown in the following figure has such a string.
The final field specifies the attribute that will return all groups to which a user belongs.
If you use a different attribute you’ll need to replace the default string.

40


Binding and Authorization

This tab associates groups to which a user belongs to Foreseer groups, granting
that user rights within Foreseer. Essentially, you specify the attribute that returns the
distinguished name in the user DN Attribute field and then map objects that define
user groups in LDAP in the appropriate Foreseer group field. Typically, you’ll be match-
ing on common name (CN) objects, as is shown in the example. If you wish to grant
membership in a Foreseer group to multiple LDAP user groups, separate these object
definitions with a comma.
For a description of the various Foreseer groups, see "Accounts" on page 37. For a
detailed look at the groups, see "Foreseer User Group Privilege Details" on page 43.

41
 

Shortcuts

Foreseer has two “superuser” groups: PXSauthADMIN and PXSauthROOT. You can
also map these to LDAP user groups. For more about these, see "Accounts" on page
37 and "Foreseer User Group Privilege Details" on page 43.

42


Foreseer User Group Privilege Details

Privileges

View- Alarm man-

View all Branches

Channel’s Control

Edit all Branches

Edit(Ack/rearm)
Alarm manage-

Edit Channel’s
Foreseer web-

View-Channel

View reports
of webviews

of webviews
View Active
WebAdmin

Webviews

Add Chnls
Properties

Properties
agement

Analysis

Analysis
Alarms

ability
config

pages

pages
ment

Data

Data
Foreseer User group
PXSauthADMIN No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
PXSauthROOT No No Yes Yes No Yes No Yes No Yes No Yes Yes Yes
PXSrightViewTree No No Yes No No No No No No Yes No Yes Yes1 Yes
PXSrightViewAlarms No No Yes Yes No No No Yes No Yes No Yes Yes1 Yes
PXSrightViewProps No No Yes No No Yes No No No Yes No Yes Yes1 Yes
PXSrightAlarmActs No No Yes Yes Yes No No Yes No Yes No Yes Yes1 Yes
PXSrightControl No No No No No No No No Yes No No No No No
PXSrightEditProps No No Yes No No Yes Yes No No Yes No Yes Yes1 Yes
PXSrightAppAdmin Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
PXSauthAPPADMIN Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
PXSbranch+folder No No No No No No No No No No Yes No Yes No

1Requires additional User group memberships to have this control.

43
 

44


Chapter 5.  WebViews Administration

Note: To maintain security in critical site applications, it is recommended that there be

only one System Administrator per Web Server.
Administration features which control access to several WebViews functions are
established on the Web Server and applied globally to all WebViews users. User login
and password privileges are individually assigned by the System Administrator via indi-
vidual users’ memberships in various Windows Users Groups. Refer to the Webviews
Security chapter for a list of user groups and the privileges they grant.

Enabling a WebViews Server

As noted, WebViews is an extension of the Foreseer Server application. Thus, a
Foreseer Server must be enabled as a WebViews Server in order to be able to display
WebViews.
To establish a Foreseer Server as a WebViews Server:
1. On the Foreseer Server, select WebViews Server in the Administration menu.
Note that there are two types of WebViews Servers in the submenu: HTTP (non-
secure) and HTTPS (secure). The procedure is identical for both types.
2. Choose the appropriate WebViews Server type and its Properties dialog box is
displayed.
3. Click on the General tab, check Enable the…WebViews Server and click OK to
activate WebViews.
Webview Server Dialog Box

Note: You can use the Authentication tab to test the privileges (Windows user group
memberships) for any Windows user.

HTTPS (Secure) Safeguarding the information stored in the Foreseer Server database while allowing
Internet access can present problems if the data is sensitive. Increasingly, organiza-
Web Server tions are using digital Server Certificates to ensure confidential communications

45
 

between the Server and Client. Foreseer has implemented a Secure Sockets Layer
(SSL) protocol which can be used to authenticate both Client and Server, as well as
encrypting the information they exchange through the HTTPS Server feature. Use
of the secure Foreseer HTTPS Server requires a Private Key Password and a Server
Certificate.
User authentication and access control historically are based on a name/password
scheme. But this approach requires management of a name/password database and
provides limited security. A digital Certificate is a type of identification in the form of
a data file that links an organization’s identity to their ownership of a Public Key. This
Public Key, embedded in the Certificate, is uniquely linked to a corresponding Private
Key Password to which only the owner of the Certificate has access. The two Keys
and the corresponding Certificate are used not only for user authentication and access
control, but also for such security measures as message integrity. Such an approach
affords a secure form of authentication on both ends of the connection.
Certificates of Authentication can be self-signed or purchased from a third-party
source, depending on individual corporate policy. Third-party Certificate Authorities
specialize in Certificate issuance and subsequent management. They take responsibil-
ity for ensuring that the company requesting the Certificate actually is the company it
claims to be, as well as verifying anyone attempting to access the resident database.
A utility is provided in the Server folder to facilitate obtaining third-party certification.
The Foreseer HTTPS Web Server is enabled almost identically to the HTTP Web
Server. The exception is an additional tab which requires the Private Key Password be
entered to ensure any secure communications between the Server and Client.

46


Server Admin If you have administrative privilege, you can access some administrative functions
directly from a Webviews page. Right-click to produce the short-cut menu and then
Menu select Server Admin.
The Server Admin Menu

The Server Admin menu provides the following capabilities:

Start Database: B
 egin data archiving for the Foreseer Server.
Stop Database: H
 alt data archiving for the Foreseer Server.
Config Backup: T
 his creates a backup of the current Foreseer system configuration, and
should be done after the initial system configuration and after any significant modifica-
tions.
Restart Foreseer: T
 his restarts the Foreseer Applications/Service on the Foreseer server
machine. Restart occurs five seconds after issuing this command.
Restart Windows: T
 his restarts Microsoft Windows on the Foreseer server machine. A
Windows Restarts is initiated five seconds after this command is issued.
New Logfile: S
 tarts writing system information to a new log file.
Get Logfile: R
 uns a Logfile report.
Upload File: Uploads files (useful for system updates).

47
 

48
 Primary Server Setup

Chapter 6.  Primary and Redundant Servers

When you synchronize a Redundant Server from a Primary Server, a partial configura-
tion backup is transferred to the redundant server. This backup contains all device con-
figuration parameters and includes Webviews as well. It does not change items such
as the Database connection settings. Note that the Redundant Server will perform a
restart in order to restore and implement the updates from the primary server. Also
note that both server names must be identical.

Primary Server Setup

1. On the Primary Server, open the ‘Server Properties’ selection under the ‘Adminis-
tration’ menu.
2. Navigate to the ‘Redundant System’ tab and select the ‘Primary Redundant’
setting, then fill in the computer name or IP address of the Primary Redundant
system.

3. On the Redundant Server, open the ‘Server Properties’ selection under the ‘Ad-
ministration’ menu.
4. Navigate to the ‘Redundant System’ tab and select the ‘Secondary Redundant’
setting.

49
 Adding the Redundant Server as a Remote on the Primary Server (Web Configuration Utility)

5. Restart both the Primary and Redundant servers.

6. Add devices to be monitored on the Primary server.

Adding the Redundant Server as a Remote on the Pri-

mary Server (Web Configuration Utility)
To add and connect to a Remote Server, you will need to use the web configuration
utility. To access the Web Configuration Application, you must:
• run Microsoft Internet Explorer version 10 or 11:
• have a user account that is a member of the PXSauthAPPADMIN Windows user
group.
You can access the Web Configuration Utility at the following URL: http://machine/
Support/WebConfig.htm
Where machine is either the machine name or IP address of the machine on which
Foreseer is installed. When accessing the web page, you may be challenged to pro-
vide your user ID and password.
If you must designate a specific port for communicating with the WebViews server,
the syntax of the URL will be slightly different:
http://machine:port_number/Support/WebConfig.htm
Server Config mode must be active to run this command. Activate Config mode
by right-clicking server and selecting Start Server Config Mode. The **** CONFIG
MODE **** message should be displayed above the tree.
To add a remote server:
1. Select Add Remote in the server right-click menu.
2. Identify the remote server by entering its Name and Remote Address; requiring
Connection Password security is optional. If a password is specified for remote

50
 Synchronizing the Redundant Server (Web Configuration Utility)

server access, the password must be entered a second time in the Verify Pass-
word field. If no password is specified, it defaults to special.
3. Either accept the 2 second default for Updates (sec) or enter a new setting.
4. Specify to automatically Connect to this Remote Server at startup and to Synchro-
nize the Remote’s clock on connect. Also, designate this as a Redundant Server.
5. Click OK and the Server attempts connection with the Remote Server. Once con-
nection is established, the new Remote Server appears in the Tree View hierarchy.

Synchronizing the Redundant Server (Web Configura-

tion Utility)
Note that not all changes on the Primary server will set the ‘Needs Sync’ flag under
the ‘Needs Update’ header. Typically, channel properties will not set the ‘Needs Sync’
flag, but you can always perform a synchronization to ensure the systems have identi-
cal settings.
1. Right click on the ‘Redundant Server’ selecting the ‘Remote
Management>Synchronize Redundant Server’.
2. At this time a partial configuration backup is generated from the Primary server,
transferred to the Redundant server, and a restart of the Redundant server is initi-
ated. The following image is displayed at the Primary server.

51
 Synchronizing the Redundant Server (Web Configuration Utility)

During the startup of the Redundant server a database fix and check occurs in order to
implement any changes to devices or channels that may be necessary.

52