Compass 1.6.5 Installation and Upgrade Guide Compass 1.6.5 Installation & Upgrade Guide 1 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide CONTENTS About Compass 1.6.5 .............................................................................................................................. 5 About this guide....................................................................................................................................... 5 What’s new in Compass 1.6.5.................................................................................................................. 5 Installation specifications ......................................................................................................................... 6 Compass installation overview ................................................................................................................. 7 Primary Compass Workstation (server) ................................................................................................ 8 Compass as a service.......................................................................................................................... 8 Secondary Compass Workstation (client) ............................................................................................. 8 Compass upgrade process ...................................................................................................................... 9 Compass new installation process ......................................................................................................... 10 Compass Config Tool installation process .............................................................................................. 11 Installation overview .............................................................................................................................. 11 Pre-installation....................................................................................................................................... 12 Data gathering ................................................................................................................................... 12 Uninstall Compass............................................................................................................................. 15 Manual housekeeping ........................................................................................................................ 18 Install Compass ..................................................................................................................................... 19 Install Compass from an ISO image ................................................................................................... 19 Upgrading the Primary Compass Workstation (server) ....................................................................... 24 Compass workstation configuration ................................................................................................ 29 Set the LocalAdministrator password ............................................................................................. 30 Primary Compass Workstation (server) .............................................................................................. 30 Installation prerequisites ................................................................................................................ 31 Install Niagara license for a new job ............................................................................................... 32 Install SQL Express ....................................................................................................................... 33 Set or create Rep/Job .................................................................................................................... 36 Obtaining an SSL certificate from a Certificate Authority (CA) ......................................................... 39 Create a self-signed certificate ....................................................................................................... 40 Import certificate into stores ........................................................................................................... 44 Configure BACnet settings ............................................................................................................. 48 Network configuration .................................................................................................................... 49 Configure SQL ............................................................................................................................... 56 Configure LDAP settings (if used) .................................................................................................. 59 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 2 Compass 1.6.5 Installation & Upgrade Guide Configure web sites ....................................................................................................................... 60 The Tools menu ............................................................................................................................. 62 First Launch / configure / verify ...................................................................................................... 66 First launch .................................................................................................................................... 66 Installing the Alerton/Honeywell BACtalk driver manually ............................................................... 68 Configure/verify users and groups .................................................................................................. 70 Create a user ................................................................................................................................. 70 Creating a group ............................................................................................................................ 73 Update / verify privileges ................................................................................................................ 81 Configure/verify system settings..................................................................................................... 82 View top display ............................................................................................................................. 84 Adjusting NRE properties for performance ..................................................................................... 85 Appendix A – Windows authentication vs SQL authentication ................................................................ 86 Appendix B – Suggested maintenance tasks prior to an upgrade ........................................................... 88 Appendix C – Compass config tool in detail ........................................................................................... 89 Introducing the Compass config tool .................................................................................................. 89 Launching the Compass Config Tool.................................................................................................. 89 Menu items .................................................................................................................................... 90 The main interface ............................................................................................................................. 92 Compass Server Configuration ...................................................................................................... 92 Website Configuration .................................................................................................................... 93 Progress bar .................................................................................................................................. 93 SQL Server Settings ...................................................................................................................... 94 Appendix D – Setting up Compass as a Secondary Compass Workstation (client) ................................. 96 Appendix E – Configuring Compass to run as a service ......................................................................... 99 Requirements .................................................................................................................................... 99 Limitations ......................................................................................................................................... 99 Enabling Compass as a service ......................................................................................................... 99 Disabling Compass as s service ...................................................................................................... 103 Starting the Compass service .......................................................................................................... 103 Stopping the Compass service......................................................................................................... 103 Changing the user associated with the Compass service ................................................................. 103 Appendix F – Selecting an SSL option ................................................................................................. 104 Selecting an SSL option ................................................................................................................... 104 3 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Commercial SSL certificate .......................................................................................................... 104 Enterprise SSL certificate ............................................................................................................. 104 Self-signed certificate ................................................................................................................... 104 Disable SSL ................................................................................................................................. 104 Obtaining a commercial SSL certificate ........................................................................................ 105 Appendix G – Configuring Compass to connect to a SQL Server using a non-standard port ................. 116 Appendix H – Impacts of Compass as a BBMD.................................................................................... 118 Appendix I – Troubleshooting .............................................................................................................. 119 Certificate does not install to Niagara certificate stores ..................................................................... 119 Issue:........................................................................................................................................... 119 Symptom: .................................................................................................................................... 119 Workaround: ................................................................................................................................ 119 IIS: Default web site must be removed/disabled before starting Compass ........................................ 121 Issue:........................................................................................................................................... 121 Symptom: .................................................................................................................................... 121 Resolution:................................................................................................................................... 121 Windows drives mapped using a local user account are not visible in the Compass Config Tool....... 122 Issue:........................................................................................................................................... 122 Symptom: .................................................................................................................................... 122 Workarounds: .............................................................................................................................. 122 Backup cancelled message ............................................................................................................. 123 Issue:........................................................................................................................................... 123 Symptom: .................................................................................................................................... 123 Conditions:................................................................................................................................... 123 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 4 Compass 1.6.5 Installation & Upgrade Guide ABOUT COMPASS 1.6.5 Welcome to Compass, Alerton’s workstation software for BACnet systems. Compass is your command and control center for facility operations--from HVAC equipment to irrigation, lighting, security, and more. Here, you can view and command site equipment and systems with unprecedented flexibility and power. ABOUT THIS GUIDE This guide provides critical information and step-by-step instructions for those who will install or configure a new Compass system or upgrade from an earlier version of Alerton software to Compass 1.6.5. THE COMPASS INSTALLATION AND CONFIGURATION PROCESS HAS CHANGED DRAMATICALLY. PLEASE READ THIS DOCUMENT ENTIRELY TO UNDERSTAND THE WORKFLOW BEFORE ATTEMPTING AN INSTALLATION OR UPGRADE. WHAT’S NEW IN COMPASS 1.6.5 Support for new Smoke Controller to Compass Compass 1.6.5 now supports a new advanced building Smoke controller VGC-S which is a specialized UL 864/UUKL (edition 10) global controller. The VGC-S is an advanced building controller with an alarm process ID setup enabled, which also supports BD3 or BD9. Compass 1.6.5 supports new Alerton UUKL smoke control parts listed below. Compass will recognize and supports them over FSCS network: • VGC-S – Alerton Global Controller UUKL Model 400 • VAV-SD-E-S – VAV SNGL-DUCT BACNET 4-7-0-UUKL • VAV-DD7-E-S – VAV DUAL-DUCT BACNET 4-7-0-UUKL • VLC-1188-E-S – VLC BACNET 11-8-8-UUKL • VLC-16160-E-S – VLC BACNET 16-16-0-UUKL Support for AlerView v1.1 Compass 1.6.5 Device Manager is now compatible with AlerView v1.1 to send APK (application file) to AlerView. Compass also supports sending DeviceConfiguration.zip file, Device Properties, and BACnet Timer Sync. Compass Config Tool now supports install or upgrade to SQL Server Express 2019 Compass 1.6.5 can install or upgrade MS SQL Server Express 2019 from "Compass Config Tool Actions menu". 5 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide INSTALLATION SPECIFICATIONS IMPORTANT! These are Compass specifications only. Your system may require more CPU cores or memory. NOTE: If the SQL Server and Compass are on the same machine, the memory must be increased by 4GB – 16GB (depending on the version) or you may require additional storage. Table 1. Compass Specifications Compass Licenses*** Number of Devices COMPASS-1-ENT up to 3000* 64-bit OS required Windows 10 (Pro or Enterprise) Windows Server 2019 up to 1000 Windows Server 2016 Windows Server 2012 R2 COMPASS -1-XL COMPASS -1-LG up to 450 COMPASS -1-MD up to 150 COMPASS -1-SM up to 50 COMPASS-1-XS*** up to 25 COMPASS-1-XXS*** up to 10 Operating System/ Browser/ Visio Compatibility CPU Cores** Memory** Eight-core 32GB Eight-core 16GB MS-SQL Server 2019 MS-SQL Server 2017 MS-SQL Server 2016 MS-SQL Server 2014 SP2/SP3 (Express, Standard or Enterprise versions) Quad-core 16GB Quad-core 8GB Chrome Quad-core 8GB Quad-core 8GB Quad-core 8GB NOTE: Compass is designed, developed, and tested to function best using the Chrome browser. Other browsers may be compatible; however, Alerton strongly recommends Chrome. Visio 2016 Standard or Pro (32 bit) Visio 2019 Standard or Pro (32 bit) * The number of supported devices in the Enterprise model can be extended in 1000 device increments by applying one or more device packs (COMPASS-1-ENTDP). ** CPU Cores and Memory recommendations are minimums – increasing the number of cores and amount of memory improves performance and provides for a better user experience. *** All Compass licenses support SQL Enterprise database configuration; except for COMPASS-1-XS and COMPASS- 1-XXS. Operating Systems: Alerton strongly recommends using the most up-to-date Windows OS; be it Windows 10 or Windows Server 2019 for the Compass Primary Workstation (server). For Secondary Workstations (client) Alerton recommends Windows 10. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 6 Compass 1.6.5 Installation & Upgrade Guide PREREQUISITES THAT WILL BE INSTALLED DURING INSTALLATION Please note that below list of Prerequisites will be installed or enabled during the Alerton software installation: • Alerton VisualLogic plugin into MS Visio. • Server Roles: Web Server IIS • Server Features: .NET Framework 3.5 Features • IIS URL Rewrite Module 2 • Microsoft .Net Core 2.27 – Windows Server Hosting • Microsoft .Net Core Runtime – 2.2.7 (x64) • Microsoft .Net Core Runtime – 2.2.7 (x86) • Microsoft .Net Framework 4 Multi-Targeting Pack • Microsoft Application Request Routing 3.0 • Microsoft Help Viewer 1.1 • Microsoft ODBC Driver 11 for SQL Server • Microsoft OLE DB Driver for SQL Server • Microsoft Report Viewer 2014 Runtime • Microsoft SQL Server 2008 R2 Management Objects • Microsoft SQL Server 2008 Setup Support Files • Microsoft SQL Server 2012 Native Client • Microsoft SQL Server 2104 (64-bit) Express • Microsoft SQL Server 2014 Policies • Microsoft SQL Server 2014 Setup (English) • Microsoft SQL Server 2014 Transact-SQL Compiler Service • Microsoft SQL Server 2014 Transact-SQL ScriptDom • Microsoft SQL Server System CLR Types • Microsoft System CLR Types for SQL Server 2014 • Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4974 • Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219 • Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219 • Microsoft Visual C++ 2010 x86 Runtime – 10.0.40219 • Microsoft Visual Studio 2010 Shell (Isolated) – ENU • Microsoft VSS Writer for SQL Server 2014 • SAP Crystal Reports runtime engine for .NET Framework (32-bit) • SQL Server Browser for SQL Server 2014 • Visual Studio Prerequisites – English 7 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide COMPASS INSTALLATION OVERVIEW Compass can be installed in three different scenarios: 1. Primary Compass Workstation (server) as an application. 2. Primary Compass Workstation (server) as a service. 3. Secondary Compass Workstation (client). The only difference between the Compass Primary Workstation (Server) and Compass Secondary Workstation (Client) Device Configuration Files (DCF) is that the Niagara BACnet Settings section has been removed from the Client Workstation DCF. This is because Niagara will never run on a Compass Client Workstation. PRIMARY COMPASS WORKSTATION (SERVER) The Primary Compass Workstation, commonly referred to as the server, is the first installation of Compass on a site and will be the installation responsible for the following: • Licensing of Compass • Rep/Job data to include DDC and displays • Connection to the database COMPASS AS A SERVICE In some environments, the Primary Compass Workstation, may be required to run in a secured environment and to launch itself automatically upon the start/restart of the computer/VM. Using a “service manager” Compass can be configured to meet this requirement. Specific prerequisites must be met however in the configuration of this mode of operation. Those prerequisites and the configuration steps are outlined in Appendix E – Configuring Compass to run as a service SECONDARY COMPASS WORKSTATION (CLIENT) The Secondary Compass Workstation, commonly referred to as the client, is any subsequent installation of Compass on a site. As a secondary client installation, it is not responsible for the licensing of Compass nor the connection to the database. Though the Primary Compass Workstation is responsible for the Rep/Job data, the Secondary Compass Workstation can be configured to access this same data by use of a data share – a Windows networking task to share data between computers/Virtual Machines (VMs). 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 8 Compass 1.6.5 Installation & Upgrade Guide COMPASS UPGRADE PROCESS START Gather Information / Settings / Data Points Uninstall Compass or Envision Install Compass Install on existing Workstation? Manual Housekeeping No Restore Rep/ Job from Backup (Full) Yes Primary Compass Server? Yes No Restore Rep/ Job Client Components from Backup Start Compass Config Tool Figure 1. Compass Upgrade Flowchart 9 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide COMPASS NEW INSTALLATION PROCESS START Pre-Installation Gather Information / Settings / Data Points Install Compass Install Compass Start Compass Config Tool Figure 2. Compass New Install Process Flowchart 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 10 Compass 1.6.5 Installation & Upgrade Guide COMPASS CONFIG TOOL INSTALLATION PROCESS Start Config Tool Allow Config Tool to Install PreRequisites Compass and SQL on same PC or VM? New Install or Upgrade to new PC? No No Install SQL Express Install License(s) Select or Create Rep/Job Using SSL or LDAP? Yes Create Self-signed Certificate or get Commercial Certificate No Configure SQL Server Settings Configure BACnet Settings Install Certificate Configure LDAP Settings (If Using) Press Apply to Generate Web Pages Run Verify and Fix Checklist to Validate Setup Figure 3. Compass Config Tool Installation Process Flowchart INSTALLATION OVERVIEW 1. Pre-Installation 2. Install Compass 3. Compass Workstation Configuration 4. First Launch / Complete / Verify 11 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide PRE-INSTALLATION It’s important to have a complete understanding of what you’re dealing with prior to attempting to install Compass 1.6.5. The installation process changes with each release of Compass making it easier to install and deploy. Carefully follow the installation instructions in this guide and do not skip any steps. DATA GATHERING Before starting the Installation process please gather the information mentioned below for New installation and Upgrade process: Table 2. Installation Process - New Install New Installation process Check for System Configuration Have a copy of the Compass 1.6.5 ISO image available. User must have admin access on the machine to install Compass Check User Account Control (UAC) Settings – must be set to anything other than Never notify as this setting will now allow the config tool to work. Administrator account credentials Check for Windows updates install until NO UPDATES PENDING pops up Install .NET3.5. NOTE: For Windows Server Operating Systems this would be done via Server Manager under Features and Roles prior to the installation of Compass. For Windows 10 installations this can be performed when prompted during the Compass installation, but an Internet connection must be available. Check for System License File Check for Internet connection. If it is not available, get the license file from the dealer for manual install. NOTE: If .NET3.5 is not installed, the Compass installation will halt if there is no active Internet connection. Have the system information given below: • Device number • Database • Host Name • Fully Qualified Domain Name (FQDN) • The IP address NOTE: Compass and the Web User Interface (UI) depend on the FQDN being set for name resolution and thus using an IP address in the web browser will not work. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 12 Compass 1.6.5 Installation & Upgrade Guide Compass and SQL can run on the same machine. If not on the same computer/VM, have the following information: • The host name of the SQL Server/VM • Version of SQL and Edition • SQL Instance to be used • Port number if not standard TCP/1433 port. The credentials of an SQL account (like the sa account for SQL Authentication) or a Windows account that has been granted the ‘sysadmin’ role on the SQL Server. Check if the install is Typical or Custom: • If it is a Typical install, then it will be saved on C: drive • If it is Custom install, then it will be saved on a drive of choice on the system. LDAP domain - Contact IT department for this information. NOTE: LDAP is dependent on TLS/SSL. NOTE: Once Compass is installed, run it the first time as an Administrator.s Table 3. Installation Process - Upgrade Upgrade Installation process Check for System Configuration Have a copy of the Compass 1.6.5 ISO image available User must have admin access on the machine to install Compass. Check User Account Control (UAC) Settings – must be set to anything other than Never notify as this setting will now allow the config tool to work. Administrator account credentials Check for Windows updates install until NO UPDATES PENDING pops up Install .NET3.5. NOTE: For Windows Server Operating Systems this would be done via Server Manager under Features and Roles prior to the installation of Compass. For Windows 10 installations this can be performed when prompted during the Compass installation, but an Internet connection must be available. Check for System License File Check for Internet connection. If it is not available, get the license file for manual install. NOTE: If .NET3.5 is not installed, the Compass installation will halt if there is no active Internet connection. 13 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Have the system information given below: • Device number • Database • Host Name • Fully Qualified Domain Name (FQDN) • The IP address NOTE: Compass and the Web User Interface (UI) depend on the FQDN being set for name resolution and thus using an IP address in the web browser will not work. Check if the install is Typical or Custom: • If it is a Typical install, then it will be saved on C: drive • If it is Custom install, then it will be saved on a drive of choice on the system. Archive the below data: • User history • Alarm history database Copy SSL/TSL Certificates, if any. Compass and SQL can run on the same machine. If not on the same computer/VM, have the following information: • The host name of the SQL Server/VM • Version of SQL and Edition • SQL Instance being / to be used • Port number if not standard TCP/1433 The credentials of an SQL account (like the sa account for SQL Authentication) or a Windows account that has been granted the ‘sysadmin’ role on the SQL Server. LDAP domain - Contact IT department for this information. NOTE: LDAP is dependent on TLS/SSL. It is recommended that you back up your job, restore your job, compact the databases, and then run the job. IMPORTANT! If upgrading from Envision, the version of Envision must be at 3.0 or 3.1 before going to Compass 1.6.5. NOTE: Compass automatically attempts to install some prerequisites if they are not already installed. However, Compass may not be able to install prerequisites on some server operating systems. If this is the case, have an Administrator install the required prerequisites. To ensure a successful installation or upgrade of Compass, please ensure the following: • Verify hardware exceeds the minimum requirements for Compass 1.6.5. See Installation Specifications on page 6. • Ensure the host operating system if fully patched and up to date • Verify your Internet connection if you will be licensing Compass over the Internet 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 14 Compass 1.6.5 Installation & Upgrade Guide Identify the appropriate authentication method to be used. See Appendix A – Windows authentication vs SQL authentication NOTE: If you are upgrading to Compass from a version of Envision prior to Envision for BACtalk 3.1, it is highly recommended that you perform a stepped upgrade of Envision to get it to version 3.1 before upgrading to Compass 1.6.5. Please consider performing the following maintenance actions as outlined in Appendix B – Suggested maintenance tasks prior to an upgrade. UNINSTALL COMPASS If you are upgrading from a previous version of Compass, uninstall the previous version first. Press the Windows + I keys on the keyboard to raise the Windows Settings. Click Apps. Figure 4. Windows Settings 15 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide In the Apps & features pane, locate and click Compass to expand it. Click Uninstall, then click Uninstall again. NOTE: In these examples, we are upgrading from Compass 1.6. NOTE: Uninstalling Compass will also uninstall the Compass Config Tool. The BACnet Ethernet Protocol (x64) driver will remain. Figure 5. Windows Apps & Features - Uninstall or Modify If you receive a message that some files or services cannot be updated while running, this is normal. Click OK to continue uninstalling Compass, and then manually reboot the operating system after the uninstall process has completed. Figure 6. Compass Uninstall Warning 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 16 Compass 1.6.5 Installation & Upgrade Guide NOTE: If using the Programs and Features applet available through Control Panel, Windows may not properly refresh the list of installed programs when Compass is uninstalled. Though uninstalled with Compass, the Compass Config Tool may still indicate (falsely) that it is still installed. Exiting the Programs and Features applet and reloading it or clicking the refresh button will refresh the list and resolve the errant entries. This behavior does not exist if using the Apps and Features app from Settings > Apps > Apps and Features for systems running Windows 10. Figure 7. Refresh button in Programs and Features 17 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide MANUAL HOUSEKEEPING After uninstalling Compass: • Delete the Drop-Ins folder • Delete the Config Tool folder • Delete everything from the SYSTEM folder except Licenses, Security, CertManagement and Certificates folders. • If you have custom Lexicon folders or files, back those up too. • Restart the operating system. NOTE: It is recommended to save these folders off someplace else for safe keeping. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 18 Compass 1.6.5 Installation & Upgrade Guide INSTALL COMPASS INSTALL COMPASS FROM AN ISO IMAGE Double-click setup.exe to launch the Compass installer. Figure 8. Setup.exe from root of mounted ISO image 19 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Click Next Figure 9. InstallShield Welcome If you are installing Compass for the first time, it will install prerequisites before starting the installation process. Figure 10. Compass Prerequisite Software Check 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 20 Compass 1.6.5 Installation & Upgrade Guide Read the Readme, click Next Figure 11. Compass Readme Accept the terms in the license agreement, and then click Next. Figure 12. Alerton User Agreement Click Next to accept the default Typical setup type. 21 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Figure 13. Installation Type Selection NOTE: If you require installation of Compass to a location other than C:\Alerton\Compass\1.0, choose Custom for the Setup Type to enable the ability to change the install path. NOTE: If you choose Custom for the Setup Type, you must manually select the BACnet/Ethernet driver for installation. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 22 Compass 1.6.5 Installation & Upgrade Guide Click Install to proceed with the installation Figure 14. Begin Installation Dialog If you are installing the software for the first time, a security dialog box may appear to confirm installation protocol installation. Check the box to “Always trust software from Alerton Inc.” click Install. View the new features in compass 1.6.5 and then click Finish to close the InstallShield Wizard. Figure 15. Successful Installation Dialog 23 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide NOTE: It is not necessary to reboot the operating system after installation unless prompted to do so. UPGRADING THE PRIMARY COMPASS WORKSTATION (SERVER) Certain upgrade scenarios require the restoration of a job backup before the upgrade can continue. If your installation scenario does not match the following, you can proceed to the section Compass workstation configuration: • Upgrading from Envision for BACtalk 3.1 • Upgrading a version of Compass to a new computer/VM • Setting up a Secondary Compass Workstation (client) To restore a job backup, perform the following steps: Press the Windows Key to raise the start menu, locate and expand Alerton, and then click Compass Restore Utility. Figure 16. Compass Restore Utility Menu Selection 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 24 Compass 1.6.5 Installation & Upgrade Guide Click Browse to navigate to the backup file you want to restore. Figure 17. Compass Restore Rep/Job Dialog 25 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Verify that the Restore to field is properly set to the installation of Compass and its Rep/Job folders, and then click Restore. NOTE: If installing a Secondary Compass Workstation (Client), select Client Components from the Restore pulldown Figure 18. Compass Restore Rep/Job - Restore Options NOTE: If the backup being restored is from Envision, the Restore to field will likely state C:\Alerton\BACtalk\3.0\<REP>\<JOB>. If so, it will need to be manually updated to reflect the correct path to Compass, typically C:\Alerton\Compass\1.0\<REP>\<JOB> 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 26 Compass 1.6.5 Installation & Upgrade Guide If the database server is not installed on the machine/computer, User will have to restore it manually. Figure 19. Restore warning if not running from Primary Compass Workstation (Server) 27 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Once the restoration is complete, click OK, and then click Close. Figure 20. Rep/Job restore complete 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 28 Compass 1.6.5 Installation & Upgrade Guide COMPASS WORKSTATION CONFIGURATION NOTE: The Compass Config Tool is used for the configuration of the Primary Compass Workstation (Server) as well as Secondary Compass Workstation (Client) installations. For more information on the latter installation scenario see Appendix D – Setting up Compass as a Secondary Compass Workstation (client). For more details on the Config Tool itself, see Appendix C – Compass config tool in detail. IMPORTANT NOTE: ENSURE YOU HAVE AN ACTIVE INTERNET CONNECTION AVAILABLE TO YOU BEFORE LAUNCHING THE COMPASS CONFIG TOOL FOR THE FIRST TIME. SUBSEQUENT LAUNCHES OF THE TOOL DO NOT REQUIRE IT. Press the Windows key to raise the start menu, locate and expand Alerton, click Compass Config Tool Figure 21. Compass Config Tool menu item 29 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide SET THE LOCALADMINISTRATOR PASSWORD Upon launching the Configuration Tool for the first time, a dialog will appear to set the LocalAdministrator Password. A new check box, “Prompt for Local Administrator Password” has been added to this dialog. This check box allows a user to enable/disable having to enter the LocalAdminstrator password in order to launch the Config Tool. Figure 22. Set LocalAdministrator password dialog NOTE: The password is case-sensitive and must be at minimum of eight and a maximum of 20 characters; any keyboard character is valid. Because the Config Tool is to be used for all Compass installations (Primary Workstation and Secondary Workstations) a prompt will appear asking which type of installation you are running the Config Tool against – a Primary Compass Workstation (server) or Secondary Compass Workstation (client). PRIMARY COMPASS WORKSTATION (SERVER) If this installation is to be the Primary Compass Workstation (server), click Yes. NOTE: If this is not the Primary Compass Workstation (server), please refer to Appendix D – Setting up Compass as a Secondary Compass Workstation (client). Figure 23. Compass Workstation Type Dialog 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 30 Compass 1.6.5 Installation & Upgrade Guide INSTALLATION PREREQUISITES The first launch of the configuration tool will check to see if prerequisites have been installed. Subsequent launches of the Config Tool will not trigger this dialog but can be triggered manually by selecting Tools / Set Workstation Type from the menu. Click OK to install. Figure 24. Config Tool - Prerequisites Not Installed Notice NOTE: It is important to wait for the completion of these prerequisites before attempting any further configuration changes otherwise an error may result. On computers/VMs that are configured with minimal resources this could be an extended period. Watch the status and wait for the message stating prerequisites have successfully been installed. NOTE: IN RARE CASES, IT MAY BE NECESSARY TO REINSTALL PREREQUISITES. E.G. IF PREREQUISITES ARE ONLY PARTIALLY INSTALLED DUE TO A WINDOWS UPDATE BEING REQUIRED. IN SUCH CASES PREREQUISITES MAY BE INSTALLED FROM THE ACTIONS MENU. 31 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide INSTALL NIAGARA LICENSE FOR A NEW JOB If upgrading an existing job, you may skip this step. Click the Install Licenses button and either enter your license file or the location on disk of your Niagara license files. Click the Install button on the pop-up dialog. Figure 25. Compass License Installation 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 32 Compass 1.6.5 Installation & Upgrade Guide INSTALL SQL EXPRESS If you are using an existing installation of SQL Express, or SQL Server Standard or Enterprise Editions, you may skip this step. NOTE: Any existing SQL installation must be 2014 or newer. For a new installation of Compass SQL Express must be installed. From the Actions menu select Install SQL Express 2019. Figure 26. Install SQL Express from Actions Menu 33 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide When prompted for the location to extract the SQL Server files to, retain the default location Figure 27. Directory Selection for Extraction of Installation Files SQL Server Express 2014 begins extracting and installing the setup files needed for installation. Figure 28. Setup begins 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 34 Compass 1.6.5 Installation & Upgrade Guide Click OK to close the Finished installing SQL Server Express message. Figure 29. SQL Express Successful Installation 35 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide SET OR CREATE REP/JOB A new installation will need a Rep/Job created. If this is an upgrade, from the pulldown select an existing Rep/Job, otherwise select <create new rep job>. NOTE: If this is an upgrade, the Rep/Job may already be selected Figure 30. New install – Rep/Job does not exist 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 36 Compass 1.6.5 Installation & Upgrade Guide The Create Rep/Job dialog box will appear. Enter the Rep name and Job name. If the Rep/Job is to be located at another location, click Change Location to make that change. Click Create Rep\Job to create the Rep/Job folder structure. Figure 31. Create Rep/Job NOTE: Rep and Job names cannot contain the text substrings SRC, HREF, or PRNT. 37 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide The Compass Config Tool dialog box will appear confirming the successful creation of the Rep/Job folder. Figure 32. Rep/Job Created 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 38 Compass 1.6.5 Installation & Upgrade Guide OBTAINING AN SSL CERTIFICATE FROM A CERTIFICATE AUTHORITY (CA) There are several steps involved in obtaining and installing a commercial SSL certificate from a Certificate Authority: 1. Launch IIS Manager and double click on the Server Certificates icon and then click on Create Certificate Request... in the actions panel 2. Send the certificate request to the chosen Certificate Authority. This may involve emailing the certificate request file to the authority or, perhaps, pasting the contents into a web page, depending on the authority chosen. 3. The response from the authority will at a minimum consist of a response file which may be in one of several formats (.cer, .p7r etc). You need then to click on Complete Certificate Request... in the actions panel and you will be prompted to select the response file received from the authority. In addition, you may have to install any intermediate certificates that the authority has provided. 4. After the certificate has been installed it will appear in the Server Certificates panel in IIS Manager. You will then need to select this certificate and export it to a .pfx file. 5. Finally, in the configuration tool, select and install the exported .pfx file. See Appendix F – Selecting an SSL option. 39 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide CREATE A SELF-SIGNED CERTIFICATE To generate a self-signed certificate, from the Compass Config Tool, select Actions>Create Self-Signed Certificate. Figure 33. Create Self-Signed Certificate 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 40 Compass 1.6.5 Installation & Upgrade Guide The Generate Self-Signed Certificate window is displayed. Figure 34. Self-Signed Certificate Details Enter the following information. Country Code Fully Qualified Domain Name – this should include the hostname and the domain name of the computer/VM – the name used in a URL when using a browser to access this machine. Could be an alias used for DNS resolution. Must be 2 characters. United States = US, Canada = CA. State or Providence Self-explanatory, required field (typically long form, not abbreviation) City Self-explanatory, required field Organization Organization Name – typically a company name. The name that appears on the certificate. Organizational Unit Optional Email Address Enter a valid email at the domain in the Common Name (CN) field. Common Name This will be the name available in the SSL Certificate drop down list. It is recommended to keep this name simple, memorable, and without any special characters to include periods and underscores. Certificate Password Set a password for the certificate. Reenter the password to validate it. FQDN Click Generate after entering the above details. Specify a name and location for the certificate that is saved as a .PFX file. NOTE: It is recommended that all SSL certificates be safeguarded in a secure location regardless if they are self- signed certificates or commercial or enterprise certificates. 41 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Figure 35. Save PFX File Click OK to close the following message. Figure 36. Certificate Generation Time Notice 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 42 Compass 1.6.5 Installation & Upgrade Guide You will be notified once the generated certificate is saved at the specified location. Click OK to close the following message. Figure 37. Certificate Creation Success 43 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide IMPORT CERTIFICATE INTO STORES Click the Install Certificate button. NOTE: If the Enable SSL checkbox is checked the buttons SQL Server Settings, LDAP Settings and Apply will be disabled until a certificate is installed (either self-signed or a certificate purchased from a Certificate Authority) Figure 38. Install Certificates 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 44 Compass 1.6.5 Installation & Upgrade Guide You will see the Import Certificate dialog box Figure 39. Import Certificate Dialog Fill in the following details then click Import: Certificate File: Use the default selection or browse to a location. Certificate Friendly Name: A simple name for the certificate or use the CN used for the certificate. Avoid using special characters to include periods and underscores. (Keep the Certificate Name simple. Don’t keep any space or non-Alpha-Numeric character). Password: Enter the password that you set while generating a self-signed certificate. Also Import Into Trusted Root: Checking this option will also import the certificate into the Trusted store for both Windows and Niagara. This option must be selected for a selfsigned certificate but not for a certificate purchased from a Certificate Authority. 45 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Click OK to clear the message that the certificate was successfully imported. Figure 40. Successful Certificate Import 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 46 Compass 1.6.5 Installation & Upgrade Guide Now user can see the Selected Certificate next to Current SSL Certificate in the Main Config Tool Window Figure 41. Visual Indicator of Current Certificate 47 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide CONFIGURE BACNET SETTINGS Click BACnet Settings. Figure 42. Configure BACnet Settings The BACnet Settings window is displayed. Figure 43. BACnet Settings Window 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 48 Compass 1.6.5 Installation & Upgrade Guide NETWORK CONFIGURATION Select the Network Adapter Figure 44. Network Configuration Maximum APDU length depends on the Network Adapter selected. Figure 45. APDU Setting 49 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Compass BACnet settings Before configuring the Compass BACnet settings, enter Device Instance, Device Name, and Device Description. Figure 46. Compass BACnet Settings Below Compass BACnet Settings, three more settings can be done as shown below: • • • BACnet Ethernet Settings BACnet/IPv4 Settings BACnet/IPv6 Settings NOTE: To aid in first time configuration of devices, which come out of the factory with only BACnet/Ethernet enabled, Compass can now run with BACnet/Ethernet, BACnet/IPv4, and BACnet/IPv6 all enabled. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 50 Compass 1.6.5 Installation & Upgrade Guide BACnet/Ethernet Settings Figure 47. BACnet/Ethernet Settings Enable the BACnet/Ethernet Network number should match the BACnet/Ethernet network number in Global Controller in the same IP subnet. BACnet/IPV4 Settings Figure 48. BACnet/IPv4 Settings Enable the BACnet/IPv4 51 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Network number should match the IPv4 BACnet/IP Virtual Net number in your Global Controller Network Architecture. Compass as BBMD (If Needed) Figure 49. Compass as a BBMD Compass now can be the BBMD in an IP subnet. NOTE: Compass has been updated to support a maximum of 256 BDT entries in the BDT tables up from the current 32. Only the ENTERPRISE license will enable the BDT entries 32 255. This includes an update for migrating the existing compass DCF to support the new maximum size. NOTE: IT IS RECOMMENDED THAT COMPASS NOT BE CONFIGURED TO ACT AS A BBMD, AS DOING SO WILL RESULT IN COMPASS HAVING TO MANAGE BROADCASTS AND ROUTING WHICH CAN ADVERSELY AFFECT THE OVERALL PERFORMANCE OF COMPASS. FOR ADDITIONAL INFORMATION, SEE APPENDIX H – IMPACTS OF COMPASS AS A BBMD 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 52 Compass 1.6.5 Installation & Upgrade Guide IPv4 BDT Figure 50. IPv4 BDT Table IPv4 BDT is limited to IP addresses. The Description property can be used where device instance is # or building. BACnet/IPv6 Settings Figure 51. BACnet/IPv6 Settings Enable the BACnet/IPv6. Network number should match the IPv6 BACnet/IPv6 Virtual Net number in your Global Controller Network Architecture. 53 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide IPv6 BDT Figure 52. IPv6 BDT Table Like IPV4 but IPv6 addresses and DNS names can be used. Niagara BACnet settings Recommended configuration is shown below: Figure 53. Niagara BACnet Settings NOTE: When using this configuration, the Network Number must be unique in the BACnet network (like MS/TP network) since this is an Internal Virtual Network number. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 54 Compass 1.6.5 Installation & Upgrade Guide NOTE: Depending on the Upgrade scenario the Compass BACnet Ip Addresses may have changed – Ensure that you have all the Original General System Setup Compass BACnet and Niagara BACnet settings recorded and available. When using the new default Niagara BACnet settings, you no longer need to define a second BACnet/IP address for the Compass Server NIC. 55 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide CONFIGURE SQL Click Configure SQL. The SQL Server Configuration window is displayed. Fill in the details for the SQL Server as per the information gathering steps completed prior to the beginning of this installation. For a default, Conventional database installation with Compass and SQL on the same Computer/VM, the defaults will likely be enough. Closely review the data you gathered though and adjust accordingly. Click Test Connection. Figure 54. Test SQL Connection 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 56 Compass 1.6.5 Installation & Upgrade Guide For an Upgrade with an existing SQL database you should see Figure 55. Successful SQL Server Test Dialog For a new Job you may see the following dialog. Click Yes Figure 56. Unable to connect dialog A database creation message will appear. Click OK Figure 57. Database successfully created dialog 57 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Back at the SQL Server Settings page, Click Apply. Click OK, once the SQL Server Configuration is updated. Figure 58. SQL Server Configuration Saved 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 58 Compass 1.6.5 Installation & Upgrade Guide CONFIGURE LDAP SETTINGS (IF USED) Click LDAP Settings. The LDAP Settings window is displayed. Fill in the details as per the information gathering steps completed prior to the beginning of this installation. Click OK to save the settings. NOTE: You may need to contact the IT department responsible for the Compass server to obtain this information. Figure 59. LDAP Settings 59 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide CONFIGURE WEB SITES Based on the decision to use SSL or not, Click on Apply to apply changes and deploy the websites. NOTE: To configure websites with the Enable SSL option checked, an SSL Certificate must first be installed. Figure 60. Configure Web Sites NOTE: If you are configured behind a firewall and using port-forwarding, the port to be forwarded to will be the Compass website port (typically port 80 or 443). 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 60 Compass 1.6.5 Installation & Upgrade Guide Once the websites have been created and deployed, click OK to close the dialog box. Figure 61. Web Sites Successfully Deployed Notice After applying all the changes, press CTRL+ALT+DELETE which will trigger the Windows 10 dialog to Sign out. Close all application prior to Signing out of Windows. Sign out of Windows and log in for changes to take effect. Click OK. Figure 62. Restart Required Notice 61 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide THE TOOLS MENU The Tools menu contains a Verify and Fix Checklist option and a Config Tool Logs option. These two options are intended to be used in conjunction to help verify that the installation is complete. Verify and Fix Checklist contains several routines that verify certain aspects of the system’s configuration. Problems are classified as “warning”, which means that normal system operation may be possible, and “error”, which means normal system operation is not possible. If a check results in a warning or error, you can use the Fix button to attempt to fix the problem and then run the verification scan again. If the Fix operation doesn’t resolve the problem, you will need to perform further troubleshooting. Figure 63. Verify & Fix 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 62 Compass 1.6.5 Installation & Upgrade Guide Click on the Verify and Fix Checklist option and the following dialog is displayed. Figure 64. Verify and Fix Checklist Click Scan to run the verification tests. If an error occurs, Click on Fix, and the issue will be scanned and fixed. Figure 65. Verify and Fix Checklist - Scan Complete 63 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide From the Tools menu click on the Config Tool Logs option to display the dialog below Figure 66. Config Tools Log Files Figure 67. Config Tool Logs - View In Folder If the user clicks on View in Folder, a file selection dialog is displayed, and the user can display the contents of the log file may be displayed to help with trouble shooting 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 64 Compass 1.6.5 Installation & Upgrade Guide Double click config-tool to open and view the file. Figure 68. Config Tool - Open and View Generated File This file will contain any error or warning messages output generated by the verify and fix operations as well as other logging information collected in the Compass Config Tool. Figure 69. Config Tool log file analysis NOTE: User can run Config tool while Compass is already running but changes will take place only after next Compass restart. 65 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide FIRST LAUNCH / CONFIGURE / VERIFY After Compass has been installed and the Configuration Tool has been run to configure the system, there are still some configuration and verification steps in Compass that remain before Compass is ready for use. FIRST LAUNCH To Launch Compass for the final configuration steps, from the Compass icon on the desktop, right-click and choose Run as Administrator. NOTE: Run as Administrator for the first launch of Compass is necessary to complete some final administrator-level tasks and finish the installation. Subsequent launches of Compass do not require Run as Administrator and the shortcut for Compass should not be set to do so. Figure 70. First Launch of Compass - as Administrator 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 66 Compass 1.6.5 Installation & Upgrade Guide For this first launch, you must log on as the LocalAdministrator user. Figure 71. Logon as LocalAdministrator first ERROR: Unable to open Ethernet card for BACnet protocol. If you do not have the Alerton/Honeywell BACnet/Ethernet Driver 3.0 protocol driver installed and enabled on the NIC selected under BACnet Settings in the Config Tool and you have Enable BACnet Ethernet checked - then you will see this error on start up. The following message is displayed after you log into Compass. Click OK, which will cause the start up to show Initialization failed. You then need to go to the network card properties and ensure that the Alerton/Honeywell BACnet/Ethernet Driver 3.0 is installed and enabled. If it is not installed, you can manually install it following the steps below. Figure 72. BACnet/Ethernet Error Message 67 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide INSTALLING THE ALERTON/HONEYWELL BACTALK DRIVER MANUALLY Run the compass setup.exe. Click Next. Figure 73. Manual BACtalk driver installation Select Modify and click Next. Figure 74. Maintenance Selection 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 68 Compass 1.6.5 Installation & Upgrade Guide Below BACtalk driver select “This feature, and all sub-features, will be installed on local hard drive” option. After selection of appropriate BACtalk driver, click Next. Figure 75. Feature installation details Click Install and all the settings will be modified for BACtalk driver and user will be able to login and run Compass as an Administrator. Figure 76. Ready to modify dialog 69 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide CONFIGURE/VERIFY USERS AND GROUPS Compass 1.5.1 implemented the change in the requirement for the use of Groups. If upgrading from Compass 1.5.1, this should already be done, and verification is only necessary. For a new install or upgrade from any other version of Compass other than 1.5.1, follow these steps. CREATE A USER When you log in as the Local Administrator and create a new job, the job does not have any user profiles created for it; you must create them from scratch. Until the Local Administrator creates user profiles, only the Local Administrator can access the job (in offline mode). Follow the procedures below to create new user profiles Click Tools and select Users and Groups. Figure 77. Create Users and Groups 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 70 Compass 1.6.5 Installation & Upgrade Guide On the Users tab click Add. Figure 78. Add Users 71 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Enter the User ID, Password, re-type the password to confirm it, and then click OK. Figure 79. Add User detail dialog A warning message will display stating that privileges have not been set for this user. Click OK to clear this message as those will be set at the group level. Figure 80. No privileges assigned warning message 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 72 Compass 1.6.5 Installation & Upgrade Guide CREATING A GROUP Click the Groups tab, and then click Add. Figure 81. Create Group 73 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Enter the Group ID, on the General tab, enter a Description for the group, set the desired Security level, and Starting display. Figure 82. Create Group detail dialog 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 74 Compass 1.6.5 Installation & Upgrade Guide Click the Group Device Access and Privileges Tab. Click the command button next to the Authorized devices field. Figure 83. Group device access and privileges 75 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Enter the list of devices or range of devices. To grant access to all devices, click Add full device range. Click OK. Figure 84. Device list range 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 76 Compass 1.6.5 Installation & Upgrade Guide Check all the Privileges to assign to this group. When finished, click OK Figure 85. Privileges assigned to group 77 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Click the Members tab then click Add a User to Group. Figure 86. Add members to the group 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 78 Compass 1.6.5 Installation & Upgrade Guide Highlight the desired user, and then click Select. Add another user to the group or click OK to finish adding users. Figure 87. Users added to group 79 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Add additional groups or click Close. Figure 88. Users and groups IMPORTANT! Compass uses passwords to authenticate station and platform users, encrypt stored data, and protect data in transmission. It is particularly important to handle passwords correctly. If an attacker acquires a user’s password, then they can access the system with the same permissions as the hacked user. In the worst case, an attacker might gain access to a super user account or platform account and compromise the entire system. If an account like the legacy pass account exists, then remove that account from the system or change the password for it to a strong password. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 80 Compass 1.6.5 Installation & Upgrade Guide UPDATE / VERIFY PRIVILEGES If you are upgrading to Compass 1.6.5 from any of the previous versions and group device access and privileges were set, you will need to update the group privileges to take advantage of newer features. Figure 89. Updating or Verifying Privileges 81 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide CONFIGURE/VERIFY SYSTEM SETTINGS Use the General System Setup (Tools menu) dialog box to define settings that apply to an operator workstation and how it is used within the Compass system. From Tools menu select General System Setup. Figure 90. General System Setup 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 82 Compass 1.6.5 Installation & Upgrade Guide Under Time Sync tab, select the desired Send time sync every period value. Figure 91. Time Sync Click Add to select recipients of the time sync. In this instance, it is a Device Instance. Select the desired Device Instance from the pull down, click OK. Figure 92. Time sync recipients 83 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide VIEW TOP DISPLAY View Top Display option launches the Compass web app in a browser. Select View > Top Display Figure 93. Top display Refer to the Compass Browser Help for more information 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 84 Compass 1.6.5 Installation & Upgrade Guide ADJUSTING NRE PROPERTIES FOR PERFORMANCE Upon the completion of the installation of Compass on the Primary Compass Workstation (server), the NRE Properties may need to be manually adjusted based on the amount of RAM installed in the computer/VM. As per the minimum system requirements for Compass as of this writing, the minimum recommended amount of memory ranges from 4GB to 32GB depending on the model of Compass deployed. There is a parameter that specifies the maximum amount of memory allocated by the Compass-NBT component. If this value is set too low, higher CPU usage will occur. The recommended minimum setting is 25% of the installed memory. The default setting is 2GB (2048M), which is appropriate for all Compass models up to Compass-1-MD. The table below provides guidelines for setting this parameter for each Compass model based on minimum recommended specifications. NOTE: If more RAM is installed in the computer/VM than the minimum recommended, adjust the calculation accordingly using the 25% of installed memory recommendation as noted above. Table 4. Minimum RAM Requirements and NRE Properties Compass Model COMPASS-1-ENT COMPASS-1-XL COMPASS-1-LG COMPASS-1-MD COMPASS-1-SM COMPASS-1-XS COMPASS-1-XXS Processor Eight-core Eight-core Quad-core Quad-core Quad-core Quad-core Quad-core Min Installed Memory 32GB 16GB 16GB 8GB 8GB 8GB 8GB Xmx <parameter> setting Xmx8192M (8GB) Xmx4096M (4GB) Xmx4096M (4GB) Xmx2048 (2GB) Xmx2048 (2GB) Xmx2048 (2GB) Xmx2048 (2GB) The Xmx parameter is within the nre.properties file. Use a text editing utility like Notepad or Notepadd++ to edit this file. The file path is typically C:\Alerton\Compass\1.0\System\Lib\nre.properties for standard installations. Edit the following line: java.options=-Xmx2048M -XX:MaxPermSize=128M -Dfile.encoding=UTF-8 -Xss256K. The parameter setting is indicated in bold (Xmx2048M). 85 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide APPENDIX A – WINDOWS AUTHENTICATION VS SQL AUTHENTICATION Figure 94. Authentication Options Option A • • • Standalone computer/virtual machine (VM) – not a member of a Windows domain Windows Authentication SQL & Compass on same computer/VM Option B • • • • • Standalone computers/VMs – not members of a Windows domain SQL Authentication SQL & Compass on separate computers/VMs SQL Server o TCP/IP protocol enabled (SQL Server Configuration Manager) o Inbound Firewall Rule – TCP/1433 (Firewall Manager) Compass as a Service Option C • • • • PCs/VMs both members of a Windows domain Windows Authentication SQL & Compass on separate computers/VMs SQL Server o TCP/IP protocol enabled (SQL Server Configuration Manager 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 86 Compass 1.6.5 Installation & Upgrade Guide o Inbound Firewall Rule – TCP/1433 (Firewall Manager) Option D • • • • • 87 1 computer/VM stand alone, 1 computer/VM member of a Windows domain SQL Authentication Compass or SQL on a standalone computer/VM, the other on a computer/VM that is a Windows domain member SQL Server o TCP/IP protocol enabled (SQL Server Configuration Manager) o Inbound Firewall Rule – TCP/1433 (Firewall Manager) Compass as a Service Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide APPENDIX B – SUGGESTED MAINTENANCE TASKS PRIOR TO AN UPGRADE The following maintenance tasks are strongly recommended to be performed prior to the uninstall of Envision or Compass that is being upgraded to Compass 1.6.5. If upgrading from Envision for BACtalk • • • Check alarm handlers for proper settings o Ensure all alarm handlers have all three Acknowledge popup messages checkboxes checked (Alarm, Fault, and Return to Normal) o Ensure all alarm recipients have all three Handled events checkboxes checked (Alarm, Fault, and Return to Normal) Ensure both selections under Notifications are checked (Send on alarm and Send on fault) In the raw edit for event enrollment objects, ensure all three Enabled event transitions checkboxes are checked (To-offnormal, To-fault, and To-normal) For Conventional database jobs • • • Run the utility Compact Compass Access Database for Compass installations or Compact BACtalk Access Database for Envision for BACtalk installations. Delete any .before-compaction files Copy the tempmdb folder to another location out of the project folder and then Empty the folder. Look for and remove… • • archives from REP/JOB folders any archives in the archive path Create Groups and assign members and privileges. Check FQDN of and verify DNS entries on network – ensure hostname does not contain an underscore “_”. Never change the pc name to avoid causing major issues with Windows folder permissions. It is recommended to contact Alerton Technical Support to find an applicable solution for your situation. Collect network configuration info (BACtalk settings, Niagara BACnet settings). Perform REP/JOB backup. If Auto-Login is used, temporarily disable it during the upgrade procedure. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 88 Compass 1.6.5 Installation & Upgrade Guide APPENDIX C – COMPASS CONFIG TOOL IN DETAIL INTRODUCING THE COMPASS CONFIG TOOL The Compass Config Tool is a new feature in Compass to aid in the initial configuration steps that typically require 2-3 restarts of Compass. The Compass Config Tool provides many of the configuration settings all with a single tool to ensure the installation and configuration of Compass is consistent. The Compass Config Tool is required to be run for all installations of the Primary Compass Workstation (Server) or Secondary Compass Workstation (Client). The configurable settings within the Compass Config Tool are settings that have all been removed from within Compass and now reside within this tool so as not to create any confusion on their use. LAUNCHING THE COMPASS CONFIG TOOL Upon the installation of Compass, the Compass Config Tool can be launched from the Alerton program group. Figure 95. Compass Config Tool Menu Entry 89 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide MENU ITEMS Figure 96. Config Tool Menus 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 90 Compass 1.6.5 Installation & Upgrade Guide Table 5. Menu item descriptions File Exit Self-explanatory Actions Create Self-Signed Certificate This will create a self-signed certificate for SSL use. Reinstall Prerequisites Though prerequisites are installed the first time the Config Tool is launched, should the need arise that anything becomes out of sync, the necessary prerequisites can be re-installed through this menu entry. For initial installations of Compass, SQL Express must be installed. This is not necessary for currently existing installations of SQL Express or SQL Server Standard and Enterprise Editions installed locally or remotely (on another computer/VM). Install SQL Express Change Workstation Type This launches the dialog to alter the installation of Compass from a Primary Compass Workstation (server) to a Secondary Compass Workstation (client) or the opposite. Change LocalAdministrator Password This provides the ability to change the Local Administrator Password from the Config Tool. Tools Verify and Fix Checklist Verify and Fix Checklist contains several routines that verify certain aspects of the system configuration. Problems are classified as “warning”, which means that normal system operation may be possible, and “error”, which means normal system operation is not possible. If a check results in a warning or error, you can use the Fix button to attempt to fix the problem before running the verification scan again. If the Fix operation doesn’t resolve the problem, further troubleshooting will be required. Config Tool Logs This file will contain any error or warning messages output generated by the verify and fix operations as well as other logging information collected in the Compass Config Tool. Help Open Installation and Upgrade Guide 91 Self-explanatory Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide About Compass Config Tool Version Self-explanatory NOTE: Since the Compass Config Tool is decoupled from Compass and will be distributed outside of the Compass release, this version number will change more frequently. The latest version of the Config Tool will be available on the Alerton Support Network (ASN). THE MAIN INTERFACE Figure 97. Config Tool Main Interface COMPASS SERVER CONFIGURATION This group contains the anticipated Fully Qualified Domain Name (FQDN) from the machine or a DNS entry for this machine. This would be the same entry that would appear under the 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 92 Compass 1.6.5 Installation & Upgrade Guide SSL/LDAP tab under General System Setup in earlier versions. The Rep/Job selector here will allow you to select an existing Rep/Job in the case of an upgrade or create a new Rep/Job for a fresh installation. NOTE: Compass and the Web User Interface (UI) are dependent on the FQDN being set for name resolution and thus using an IP address in the web browser will not work. WEBSITE CONFIGURATION This group manages the configuration of the web sites allowing one to select the ports used by each site as well as choosing to use SSL or not. If SSL is used, then an SSL Certificate must be selected. This selection is based on the information gathering phase before installing Compass as to if a self-signed, commercial or enterprise certificate will be used. In any case, the menu item to install certificates is used and will then populate the SSL Certificate pulldown with entries. PROGRESS BAR At the bottom of the screen on the left is the progress bar. During certain operations, a green bar will grow to the right indicating the progress of the current operation. 93 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide SQL SERVER SETTINGS Figure 98. SQL Server Settings Compass database license By default, this is set to Conventional. However, if the small or larger license was purchased, the Enterprise option can be used and all the Compass data will be stored within SQL tables. As of this version of Compass, Alarm Data, Groups, Passwords, Roles and Users are stored in SQL tables if a Conventional database is selected. Compass database This is the connection string information telling Compass where it’s databases are to be created and/or maintained. By default, it will be the same computer/VM that Compass where Compass is installed. If this is not the case based on the information gathering performed before the installation, adjust these settings accordingly. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 94 Compass 1.6.5 Installation & Upgrade Guide SQL Account with admin privileges on the Compass database This interface provides the ability to create databases now removing the necessity to manually create them as before for installations where Compass and SQL were on different computers/VMs and SQL Authentication was required. A SQL Login or Windows account that has been granted the ‘sysadmin’ role and privileges is needed here. The ‘sa’ account can be used. Database authentication These two settings dictate the account that gets used as the IIS account for IIS to interact with SQL. Use Windows authentication If Compass and SQL reside on the same computer or VM, or if the computers or VMs used for Compass and SQL reside within a Windows domain, Windows Authentication should be used. Choosing the appropriate physical configuration from the options below will dictate the IIS User Account used. SQL Server is on the same machine as Compass Self-explanatory SQL Server and Compass are on different machines Self-explanatory IIS user account This is set automatically based on the prior two settings. If it is desired to use an alternative account, it can be manually input here. Use SQL authentication If Compass and SQL are standalone computers/VMs, or if either reside within a Windows domain, but the other remains standalone, then SQL Authentication must be used. The SQL User used here does not have to already exist as a login on the SQL Server as the Config Tool, with the SQL Account with Admin Privileges on the Compass Database that was selected above can create the login and grant it the appropriate privileges. 95 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide APPENDIX D – SETTING UP COMPASS AS A SECONDARY COMPASS WORKSTATION (CLIENT) Install Compass as you would any installation and before launching the Compass Config Tool, launch the Compass Restore Utility and choose Client Files in the Restore pulldown. After the above steps have been completed, launching the Compass Config Tool will prompt to set the LocalAdministrator password for this installation. As this will be a Secondary Compass Workstation (client) installation, click No. Figure 99. Primary versus Secondary Compass Workstation Selection 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 96 Compass 1.6.5 Installation & Upgrade Guide Additionally, selecting from the menu Actions / Change Workstation Type will launch the same dialog. Figure 100. Change Workstation Type from Menu Selection Select the Rep/Job and location and click Apply. 97 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Figure 101. REP/JOB Selection PLEASE NOTE: STATIONS SETUP AS A SECONDARY COMPASS WORKSTATION (CLIENT) MUST NOT HAVE A LICENSE FILE PRESENT OR STRANGE BEHAVIOR WILL RESULT. The following dialog will appear. Click OK. Figure 102. .ini Update Notice Compass should now be launched using Run as Administrator (only for the first launch) and then log in normally. Once started you can then close Compass and start it normally. NOTE: If it is required to be able to edit DDC or Displays a drive mapping needs to be established within Windows that maps back to the Primary Compass Workstation (server) where a share has been established. NOTE: For very large sites with numerous displays (2000+), mapping a drive for a Secondary Compass Workstation (client) in order to edit displays is discouraged for performance reasons. If this is a requirement it is advised to synchronize display folders between computers/VMs. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 98 Compass 1.6.5 Installation & Upgrade Guide APPENDIX E – CONFIGURING COMPASS TO RUN AS A SERVICE Compass does not run as a native Windows service, instead it uses Non-Sucking Service Manager (NSSM). REQUIREMENTS • • • • • You must be running Windows 10 or later. You must be running Compass 1.0 or later. You must have Administrator privileges on the local computer because this procedure installs system software. Compass must have auto-login enabled since services need to start without user interaction. To enable this, go to the Startup/Shutdown tab of the General System Setup dialog, and check Enable for Auto Login. Then specify a User ID and a Password. This is the user account that Compass will run under when running as a service. Since services must start without user interaction, the welcome dialog that displays at startup should be suppressed. This can be done by editing the bactalk.ini file that resides in the Compass installation directory. Under the [BACtalk] group, add the following line: BYPASS_WELCOME=Y LIMITATIONS The default account associated with starting the software as a service is the LocalSystem account. It is highly recommended that the user is changed to a different one that has the minimum privileges required to run the application. Some software features are not available when it is running as a service. These include Editing Graphic Displays, VisualLogic, ActiveX, Set Rep/Job, and BACtalk Builder. Because of these limitations, run Compass as an application when you design and engineer jobs, and then run the software as a service after the job is up and running. If you need to use these features after setting up the software to run as a service, stop the service (see Stopping the Compass Service), run the software as an application, make the changes, exit the application, and then restart the service (see Starting the Compass Service). ENABLING COMPASS AS A SERVICE If you want Compass to run automatically when the server is started, you can enable the software as a service. Download a copy of the latest release of NSSM (https://nssm.cc/download) and extract the files (such as C:\nssm) Use NSSM to create the service, click All Programs, click Accessories, right-click Command Prompt, and then select Run as Administrator. Within the Command Prompt, navigate to the NSSM 64 bit executable. 99 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Type in nssm install CompassService, and then press ENTER. Figure 103. CMD Prompt The NSSM service installer will pop up. In the Application tab click on the “…” next to the Path text field. Navigate to the Compass System directory (default path is C:\Alerton\Compass\1.0\System\) and select the bactalk.exe. Figure 104. NSSM Service Installer 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 100 Compass 1.6.5 Installation & Upgrade Guide Click the Details tab, type the Display name Compass Service, and type Compass Service using NSSM as the description. Select Startup type Automatic. Figure 105. Service Installer Details Tab Click the Log on tab, select Local System account. Figure 106. Service Installer Log On Tab 101 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Go to the Shutdown tab and unselect the Generate Control-C. Figure 107. Service Installer Shutdown Tab Click the Exit actions tab, and then type 60000 in the Throttling section. In the Restart section, select Restart application, and then type 60000 in the Delay restart by text field. Figure 108. Service Installer Exit Actions Tab Click Install. Click OK to close the “Service “CompassService” installed successfully!”message. Start the Compass service (see Starting the Compass Service). Each time the system is restarted, the software launches automatically. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 102 Compass 1.6.5 Installation & Upgrade Guide DISABLING COMPASS AS S SERVICE If you no longer want Compass to run as a service, then disable it. • • • • Select Start > Settings > Control Panel > Administrative Tools > Services. The Services utility opens. Select CompassService. Click Action and then click Properties. Set Startup type: to Disabled. The service will not start the next time the server is rebooted. STARTING THE COMPASS SERVICE To start the service, use the Control Panel. • • • Select Start > Settings > Control Panel > Administrative Tools > Services. The Services utility opens. Select CompassService. Click Action and then click Start. STOPPING THE COMPASS SERVICE During troubleshooting or at other times, you may want to stop the Compass service. The software will run as a service when you restart the service or when the server starts up. • • • Select Start > Settings > Control Panel > Administrative Tools > Services. The Services utility opens. Select CompassService. Click Action and then click Stop. This will still allow Compass to run as an application, but will stop the service until you restart it or reboot the server. CHANGING THE USER ASSOCIATED WITH THE COMPASS SERVICE Once the service has been created, to change the user, use Control Panel. • • • • 103 Select Start > Settings > Control Panel > Administrative Tools > Services. The Services utility opens. Select CompassService. Right-click and select Properties. Go to the Log On tab. Select the This account radio button, enter the user account and password, and then click OK. (Note that the BACtalk account is just an example, the actual user name can be anything you want.) Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide APPENDIX F – SELECTING AN SSL OPTION SELECTING AN SSL OPTION You have these options for SSL implementation: • • • • Use a commercial SSL certificate Use an enterprise SSL certificate supplied by your corporate IT department Use a self-signed SSL certificate Disable SSL NOTE: The only difference between an Enterprise certificate and a Commercial certificate is who signed your certificate. The process is the same for both. COMMERCIAL SSL CERTIFICATE Select a certificate authority and familiarize yourself with their certificate issuing process. Many Certification Authorities (CA) require a specific email address at your domain ([email protected], for example). Consider this requirement when selecting a CA. You will need to purchase a certificate from a CA. Most CA's web sites include useful information about using SSL and the process of obtaining a certificate. Another good resource is openssl.org. ENTERPRISE SSL CERTIFICATE Suitable for use when the Web server will be accessed from the Internet or intranet by corporate workstations. Also suitable for workstations that have the specific signer pubic root certificate installed in their certificate store(s). Engage your corporate IT professionals to determine if this is an option and to manage certificates. This approach provides a seamless experience for corporate users that already have the signer root certificate in their certificate store. It may require distribution of signer root certificate to noncorporate workstations SELF-SIGNED CERTIFICATE Using a self-signed certificate eliminates the SSL-related warnings encountered when using the web interface of Compass at the Primary Compass Workstation (Server). DISABLE SSL Use this option only if your system is behind a firewall on a closed and trusted network. Running Compass with SSL disabled is highly not recommended and should only be considered as a last resort. Web browsers are starting to display a warning when a user visits a site that isn't using HTTPS, which could be disconcerting to the user and could result in support inquiries. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 104 Compass 1.6.5 Installation & Upgrade Guide NOTE: LDAP requires SSL to be enabled to allow users to log into the system from a web browser. OBTAINING A COMMERCIAL SSL CERTIFICATE The easiest method to begin the process of obtaining a commercial SSL certificate is by using the IIS Manager to generate a Certificate Request file to be sent off to a Certificate Authority (CA). NOTE: If unsure about this process, it is recommended to use tool provided by the CA of your choice to ensure you are making the proper request. Launch the Internet Information Server (IIS) Manager utility. Ensure the correct server is selected from within the Connections pane. Double-click on the Server Certificates icon. Figure 109. Internet Information Services (IIS) Manager 105 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Within the Actions pane, select Create Certificate Request. Figure 110. Create Certificate Request 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 106 Compass 1.6.5 Installation & Upgrade Guide Input the Distinguished Name Properties and click Next (NOTE: “Common name” is your FQDN) Figure 111. Distinguished Name Properties 107 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Choose a cryptographic service provider and bit length and click Next. Figure 112. Cryptographic Service Provider Properties 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 108 Compass 1.6.5 Installation & Upgrade Guide Specify a file name and location for the request. Click Finish. Figure 113. Write Certificate Request to File 109 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide A quick review of the file output reveals a txt file like the following: Figure 114. Contents of the Certificate Request Once a response has been received from the CA, on the same computer/VM the request was made perform the following steps. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 110 Compass 1.6.5 Installation & Upgrade Guide Launch IIS Manager. Ensure the correct server is selected in the Connections Pane. In the Actions Pane select Complete Certificate Request. Figure 115. Complete Certificate Request Select the file returned by the CA, provide a friendly name, select Personal for the certificate store for the new certificate and click OK. 111 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Figure 116. Specify CA Response Note that in addition to specifying the Certificate Authority Response you may need to install one or more intermediate certificates. If this is necessary, then the Certificate Authority will provide full instructions. After ensuring that all required intermediate certificates are installed, then return to the IIS Manager Server Certificates display and select the installed certificate for export: 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 112 Compass 1.6.5 Installation & Upgrade Guide Figure 117. IIS Manager Server Certificates 113 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Choose name, location and password for the .pfx file you are exporting and click OK. Figure 118. Export Certificate Launch the configuration tool and enter the LocalAdministrator password, and then, when the main window is displayed, click on Install Certificate. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 114 Compass 1.6.5 Installation & Upgrade Guide When the dialog box is displayed select the .pfx file you have previously exported, enter the friendly name and the password and click Import. Note it is not necessary to check the Also Import into Trusted Root checkbox for a certificate purchased from a Certificate Authority. Figure 119. Config Tool Import Certificate 115 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide APPENDIX G – CONFIGURING COMPASS TO CONNECT TO A SQL SERVER USING A NON-STANDARD PORT Installations of Compass may be required to connect to an already present SQL Server using SQL Authentication but is utilizing a port other than 1433 as provided by the SQL DBA or IT Department. When connecting to the SQL Server in question, using SQL Authentication, append the nonstandard port number to the name of the server connecting to. NOTE: When using SQL Authentication, the database must already be created and the login name and password established ensuring that login is the owner of the database. See the SQL DBA or IT Department for assistance in creating. In this example of a conventional job, port 8384 is appended to the server name entry: SQLSERVER\SQLEXPRESS,8384 Figure 120. SQL Conventional Job, Alternative Port Number 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 116 Compass 1.6.5 Installation & Upgrade Guide In this example of an enterprise job, port 8385 gets appended to the server name entry: SQLSERVER ,8385 Figure 121. SQL Enterprise Job, Alternative Port Number 117 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide APPENDIX H – IMPACTS OF COMPASS AS A BBMD When the BBMD capability was added to Compass, a Device Cache was implemented. The Device Cache contains a list of all devices and their respective net-mac address and is used to inform the Niagara portion of Compass of the devices in the system. The Device Cache was created to reduce the amount of Who-Is traffic broadcast across the entire BACnet internetwork when the Niagara station starts as well as when Niagara does this periodically. The Device Cache is built automatically when a Device Scan is performed, and the results saved to the Device Manager table. If a known device’s net-mac address is changed, its Device Cache entry becomes invalid resulting in data from the device showing either <NR> or an incorrect value, i.e. displayed point value is read from another device. Should an entry in the Device Cache become invalid, there are three methods to correct: 1. Perform a device scan within Device Manager and save the results. 2. Run Repair Device Cache from the Advanced tab within Device Manager – this will rebuild the Device Cache for all devices. 3. From within the Web User Interface, using the Reinitialize Device icon from the vertical menu on the left. This allows for the reinitialization of a single device and does not require one to be at the Primary Compass Workstation (server). NOTE: Another use case for the use of the Reinitialize Device icon is when the state text values of a Multi-State Value object are updated, and it is not desirable to wait the 60 seconds for the update to become effective. Possible error messages observed within the Web User Interface should a device’s Device Cache entry become invalid, its cause and resolution: Symptom No Entry Cause Appears if the device is not in Device Manager. Limit Exceeded Appears when the number of devices in the Niagara Device List is greater than the Compass License device limit. This can happen when adding and deleting devices in Device Manager and viewing those devices in the Web User Interface. This can also happen if a net-mac address is swapped with a device that already exist within Device Manager. Resolution Perform a Device Scan >> Save results to table Restart Compass IMPORTANT! TO ENSURE ALIGNMENT BETWEEN DEVICE MANAGER AND THE NIAGARA DEVICE LIST IT IS STRONGLY RECOMMENDED THAT WHEN DEPLOYING NEW DEVICES TO A JOB, I.E. ADDING/DELETING DEVICES, RENUMBERING DEVICES, CHANGING NETMAC ADDRESSES; THE FINAL STEPS BE… RESTART COMPASS >> PERFORM A DEVICE SCAN >> SAVE RESULTS TO TABLE. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 118 Compass 1.6.5 Installation & Upgrade Guide APPENDIX I – TROUBLESHOOTING CERTIFICATE DOES NOT INSTALL TO NIAGARA CERTIFICATE STORES ISSUE: Install certificates does not install certs into the Niagara certificate stores. Something prohibits the importing of the certificates into the Niagara certificate stores and instead sets the certificate to “Allowed Hosts”; in this state, it will not work. SYMPTOM: Figure 122. Top Display Oops Error Typical symptom is when doing View / Top Display, browser launches but Compass comes up with statement that Compass is not running. You may also see entries within the NBTlog.txt file similar to the following: ERROR [17:46:49 04-Apr-18 PDT][web.server] HTTPS server failed to start on port [446] invalid server certificate requested ERROR [17:46:50 04-Apr-18 PDT][crypto] No trusted certificate found WORKAROUND: Create a user named “Admin” and set its password – that is all that is needed. Do not set a security level or assign to any group. In General System Setup, beneath the SSL and LDAP tab, click the Certificate Manager button. Use this newly created account to login to the Certificate Manager. Review the tabs for Key Store and Trust Store and the certificate is likely not there. Review of the Allowed Hosts tab should reveal the entry. 119 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Remove the certificate from the Allowed Hosts tab. Close Compass. Launch the Config Tool, repeat only the install Certificate step done before using the same certificate. Upon successful install, exit the Config Tool – do not perform any other action. Re-Launch Compass, View Top Display should now be functional. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 120 Compass 1.6.5 Installation & Upgrade Guide IIS: DEFAULT WEB SITE MUST BE REMOVED/DISABLED BEFORE STARTING COMPASS ISSUE: A port conflict may exist if the default website is present for an IIS installation that was installed prior to the installation of Compass. During a fresh installation of Compass, IIS will be installed as part of the prerequisites. Compass is set by default to run at port 80. If IIS was installed prior to Compass being installed, its default web site will already be bound to port 80. You must resolve this conflict before Compass can run. (REF #KERMI-9618) (REF # KERMI-9622) SYMPTOM: Attempts to install Compass results in a warning message that a port conflict exists. RESOLUTION: There are several possible resolutions to this issue, choose the one that best suits your situation. Option 1: Alter the port binding of the default web site within IIS Manager setting it to an alternative port that isn’t planned to be used by Compass. Option 2: Stop the default site from running. This option may also require that the port binding be changed prior to disabling the site. Option 3: Delete the default web site. This should be the last option tried if there is any uncertainty regarding the use of the default site. NOTE: The Compass Config Tool will automatically remove the default site from an IIS installation that it performs. The above necessary steps are only required when a pre-existing IIS installation is present. 121 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide WINDOWS DRIVES MAPPED USING A LOCAL USER ACCOUNT ARE NOT VISIBLE IN THE COMPASS CONFIG TOOL ISSUE: When a user maps a drive, Windows only allows the user who mapped the drive to see it. However, the Configuration Tool runs with elevated privileges, which is a different user account than the one who created the mapped drive. This means that the user must select the UNC file path instead of the mapped drive. SYMPTOM: Using the Compass Config Tool, attempts to reference any mapped drive for a field input may result in the drive not being listed. Example: The rep/job path for a Primary or Secondary Compass Workstation. (REF #KERMI-9933) WORKAROUNDS: Option 1: Use Universal Naming Convention (UNC) syntax for providing the path to the rep/job Example: \\HostName\SharedFolder Figure 123. UNC for REP/JOB Location Option 2: Update the Registry to allow sharing mapped drives across user accounts. Resources: Microsoft: Mapped drives are not available from an elevated prompt when UAC is configured to “Prompt for credentials” in Windows Microsoft: Programs may be unable to access some network locations after you turn on User Account Control in Windows Vista or newer operating systems 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 122 Compass 1.6.5 Installation & Upgrade Guide BACKUP CANCELLED MESSAGE ISSUE: When attempting to perform a job backup, upon clicking the “Backup” button, results in immediate Backup Cancelled message. SYMPTOM: Backup cancelled message. (REF #KERMI-8271) CONDITIONS: We have identified several different conditions where this issue might arise. Condition1: Enterprise Job that was converted from a Conventional database configuration. Enterprise configuration with Compass on one machine, SQL Server running on another. • • SQL Server running on remote PC – not local. SQL Express is still installed locally and the conversion to an Enterprise Job results in the connection string being altered (manually) to reflect this change. However, Compass still apparently wishes to reference in some way the SQL Express installation. Resolution1: Delete the [Express] stanza and the lines beneath it (up to the next stanza) from the profile.ini of the REP/JOB. NOTE: This appears to only affect configurations as noted above and so far, only upgraded – not fresh installations. ### Condition2: Conventional job that was upgraded on another PC, a backup performed, then restored to the new or upgraded PC. The file ownership of the REP\JOB\database\REP JOB.bak file is owned by another nonexistent user and thus the service account used by SQL Server is unable to overwrite it due to the lack of authority to do so. Resolution2: Once the backup has been restored and data validated to be sound within the running system, delete or rename the C:\Alerton\Compass\1.0\<REP>\<JOB>\database\REPJOB.bak file in the REP/JOB folder. ### 123 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Condition3: Conventional job with SQL Express installed locally. Through a Group Policy deployment or other means, the file level permissions to the Alerton\Compass\1.0\REP\JOB folder structure has been changed and the “Authenticated User” either removed or permissions changed from MODIFY (M) to READ (R) or READ/EXECUTE (RX). A quick run of “iCACLS C:\Alerton\Compass\1.0” should reveal any negative changes to the file or folder permissions. Figure 124. ICACLS Output Resolution3: 1. 2. 3. 4. 5. Open a File Explorer window and traverse the file system until you get to the installation location of Compass – typically C:\Alerton\Compass\1.0 Highlight the REP folder for the REP\JOB in question. Right-click and select Properties. Select the Security tab and select Authenticated Users in the Group or user names window. Click the Advanced button. On the permissions tab of the Advanced Security Settings window, click the Add button beneath the Permission entries box. 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 124 Compass 1.6.5 Installation & Upgrade Guide Figure 125. Directory Access Privileges 6. 7. 8. 9. 125 Click on the Select a principal link. Type in Authenticated Users in the Enter the object name to select window. Click the Check Names button. If the object is found, it will turn into a hyperlink in the window. Click OK. Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide Figure 126. Permission Entry, Select a User 10. 11. Back at the Permission Entry window, ensure for the Authenticated Users principal that the type is set to Allow and Applies to is set to This folder, subfolders and files. Next, ensure the basic permissions is set to Modify which would mean Modify, Read & execute, List folder contents, Read, & Write should all be checked. Click OK. Figure 127. Basic Permissions 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 126 Compass 1.6.5 Installation & Upgrade Guide 12. 13. 14. 15. Back at the Advanced Security Settings window, click the Enable inheritance button and ensure the check box is checked for “Replace all child object permission entries…” Click Apply. A Windows Security dialog will appear warning of the change in settings regarding inherited permissions. Click OK. Again, back at the Advanced Security Settings window, Click OK. Figure 128. Enable Inheritance 127 Compass 1.6.5 Installation & Upgrade Guide| Sept 2020 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide 31-00314-02 ©2020 Honeywell Compass 1.6.5 Installation & Upgrade Guide | Sept 2020 128