Installation Manual | IM-20250214 iProtect Access / Security | Installation |

Table of contents

This manual represents the knowledge at the above-mentioned time. TKH security works non-stop to improve her products. For the most recent technical information please contact your consultant or dealer.

1. Introduction

iProtect maintenance page is a page where only IPROTECT Application related issues can be set, queried or updates can be performed. Server and OS related settings are set through Cockpitpanel.

2. Maintenanace page

Within Cockpit, you must enable the iProtect Maintenance page. For security reasons, this is off by default.

Open a web browser and go to https://{ipaddress/hostname}/cockpitpanel

1. Log in using your server administrator username and password.

2. If administrative access is required, switch to administrator mode when prompted.

3. Go in the menu bar to iProtect Maintenance

4. Enable the functions by sliding the button.

5. Login as user atlas or browse to https://{ipaddress/hostname}/maintenance/servbox.html

3. Details of the features

3.1 IPROTECT

3.1.1 Services

You have two options. General or Configurartions.

3.1.1.1 General

When choosing the iProtect™ services page, automatic the process list from iProtect™ will be visible, for an update of the information you can press the Process list button.

The process list:

PID TTY STAT TIME COMMAND
629774 ? Sl 682:00 /home/atlas/active-version/bin/kp77ln
629781 ? Sl 1550:26 /home/atlas/active-version/bin/kp77db -s0
629926 ? Sl 960:40 /home/atlas/java-17.0.0/bin/java -Dnop -Djava.util.logging.manager=org.
630114 ? Sl 332:37 /home/atlas/active-version/bin/kp77node 16

From the above 4 processes only kp77node is optional and depending on the configuration, the 3 other processes are required for a good functioning normal iProtect™ system.
When a 'S' is displayed (Below STAT) the process running and waiting for an event,

• if an 'r' is displayed, the process is running and processing events.

• If iProtect™ is not running on the server, you will see 'no iProtect™ Processes'

If you are in doubt about the status contact the support desk.

Restart user interface

If for one reason you and other system users cannot log in to iProtect™ and the line with java is not shown in the process list you can press this button to restart the User interface. After a couple of seconds you can log in again.

Stop database

This commend stopts the database properly

Start database

Start the iProtect™ database. (Because the software of iProtect™ automatically starts by switching the server on this command is rarely used.)

Reindex

Re-builds the database index files (e.g. when the database is corrupt.)

3.1.1.2 Configuration

In active services you can select the processes running on this local server. In some cases it might be useful to disable some services, please consult you local dealer.

Database: The Database is normally running local, you can also choose to let the database run on a remote server, in this case choose for remote and enter the IP address of the remote server.
(The box to enter the IP address of the remote server will appear when selecting remote).

Video: when using camera's you can set the video services to yes, If you use a external video server you can leave this option to no. In the user interface you can give the ip adress of this server.

User Interface: When 'yes' is selected the user interface of this server is running. If this is a remote database server (see Database) you can disable the user interface.

After changing setting press the save button.

You can enter the maximum percentage the JAVA process may use. After changing setting press the save button.

3.1.2 Certificate

The iProtect™ certificate windows let you configure the security certificates of iProtect. You have two options. General or Configurartions.

3.1.2.1 General

Without any values pressing the list button shows the certificates:

For example:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Mar 20, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1):
1D:33:77:FE:B6:04:AC:FE:06:A7:5D:C7:0D:3C:AE:2D:E1:3A:2E:97

Default certificate name is tomcat (based on the -in iProtect™- used webserver), when you fill in 'tomcat' based on the name of de as an alias more specified certificate info is displayed about this tomcat certificate.

Alias name: tomcat
Creation date: Mar 20, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=192.168.0.6, OU=iProtect, O=TKH-Keyprocessor, L=Amsterdam,
ST=Netherlands, C=nl
Issuer: CN=192.168.0.6, OU=iProtect, O=TKH-Keyprocessor, L=Amsterdam,
ST=Netherlands, C=nl
Serial number: 61615e53
Valid from: Thu Mar 20 15:39:35 CET 2014 until: Thu Apr 19 16:39:35 CEST 2018
Certificate fingerprints:
MD5: 15:70:89:2A:22:53:AF:A1:81:43:99:2E:EA:62:F5:A4
SHA1: 1D:33:77:FE:B6:04:AC:FE:06:A7:5D:C7:0D:3C:AE:2D:E1:3A:2E:97
SHA256:
13:15:2F:DD:59:91:13:62:DE:CB:8D:86:DA:AF:F6:83:AB:07:1D:11:4D:10:02:59:E9:
68:51:28:38:AD:D6:44
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8E 94 39 E2 89 9A 65 17 48 1F E3 95 3B 00 38 6D ..9...e.H...;.8m
0010: 84 E3 64 EE ..d.
]

]

3.1.2.2 Configuration

With create certificate you can create a default 'tomcat' certificate.

er you can delete the default 'tomcat' certificate.

Delete certificate with options is to delete a non default certificate.
Import certificate is to import own certificate, this certificate has to be created by a certificate authority. To create the certificate files for the certificate authority please contact your dealer.

3.1.3 Download

The iProtect™ backup menu let you configure the backup settings from the database.

The screens shows the following buttons:

Download a backup from your iProtect™ server to your pc.

If the database runs on a different server than the GUI (graphic user interface) or the iNVR-server, you can download here a .taz-file from the database server and upload it (with 'upload to server') to the iNVR/ GUI server.

Download all relevant server information (e.g. for our supportdesk) to your pc.

The file obtains:
• uname -a (OS version)
• Ubuntu release
• iPuntu release
• iProtect version
• Server date
• Bios date
• Timezone
• Uptime
• prstat / top
• netstat –n

• netstat –r
• df –h
• messages (last 2000)
• tomcat log (last 1000)
• Process list
• Show devices
• Samba backup settings
• Medium
• hostid
• RAID status
• Server settings
• Physical available server

memory
• ARP show
• UPS status
• vmstat77

Download the iPuntu- and tomcat log from the iProtect server to your PC.

Download the core files from the iProtect server to your PC. in case of big problems core files need to send to the support desk.

3.1.4 Back up

The iProtect™ backup menu let you configure the backup settings from the database.

3.1.4.1 General

By pressing the start button you can start the backup according to the settings in configuration.

3.1.4.2 Configuration

When selecting "local" at location the backup wil be stored on the local harddisk of the iProtect™ server.
This option is not very safe, when the hard disk crashes, also the backup may be lost.

When selecting "Samba client" at location the backup wil be stored on a remote samba client.

• Name of the server for backups (including share)
• IP address of the samba server
• User name
• Password

• The workgroup or domain name
• Possibly a subdirectory in the share
• The maximum amount of backups. If you enter e.g. 7 here, the first backup will be overwritten on day 8.

3.1.4.3 Download

Encrypted backup: Download a full (encrypted) backup, including GDPR data.

Technical backup: Download a backup without GRPR data (Hardware setup).

Key backup: Download a Key file.

3.2 Server

3.2.1 Server

For information about the hostid of the server, this is important for you License. Start and stop the server and check the optional raid controller settings.

3.2.2 Services

Please consult this manual: *iProtect™ Stand-by Server

3.3 Network devices

3.4 UPS

In this menu it is possible to check if iProtect™ sever has a good connection to an additional UPS, when a power failure occurs the server will continue running for a certain time.

Show the status of the ups if supported
UPS is connected

Starts the UPS demon

Stops the UPS demon

3.5 Install

In this menu it is possible to upgrade the software of the iProtect™ server, in case of problems after an update you can also decide to go back to an earlier version.

3.5.1 Upgrade

3.5.1.1 General

Use this button is to download upgrade
information.

3.5.1.2 Configuration

To upgrade a iProtect™ systen to another version you can go to the upgrade configuration tab and upload* the combination packet of gui and database (1) First select the file and then press the post button, while uploading the text "uploading..." will be visible.

• please note in the file-path name it might happen 'fakepath' is visible, this is because of some code issues in your browser, and is absolutely no problem.

After a successful upload the result is:

Success
Your request was processed successfully :
File upload succeeded, starting autorun...

Installing iprotectdb080113
Start installing new servbox
Now upload the new license file.
For non English, Dutch or German systems upload the new language
file.
Upgrade check started. Select 'Check requirements' for the results
Select 'Check requirements' later again if you want the
requirements 'rechecked'
end of autorun

After uploading the package a new serverbox version will be installed and you will be
redirected to this new serverbox version.

After uploading it is also possible to upload the license file (step2) and an additional language file (step3).

This button will start important checks to see if it is safe to do an update.

Green items are OK
Orange items are not OK, but wont block an update, for example not uploading a new license.
Red items are not OK and will block an update, for example an non communicating line with an active checkbox, the nodemanager can't be updated in this situation, so this will block the update.

Checked items:
Checking for panic messages.
Checking space
Checking java/tomcat version
Checking iPuntu version
Checking apache certificate.
Checking package architecture.
Checking backup.
Checking time settings.
Checking system state.
Checking presence of discontinued stellars.
Checking lines.

Checking nodes.
Checking Readers.
Checking current license.
Checking licenses.
When the update is blocked and you have red items, fix them in the current installed version, and then check requirements again.
When there are no red items you can do an upgrade bij pressing the start upgrade button.

After waiting about a minute you can try to login to iProtect, while the system is still restoring.

3.5.2 Previous version

Downgrade to Previous version:

After an upgrade in case of problems you can reinstall an old version, by selecting the version In the Reinstall menu and press the start button.

It is also possible to remove old versions from the system to create disc space.

3.6 Logging

The logging page is used for logging system events in case of problems, may time the supportdesk niet information from the log files.

There are several logs possible to show and download this may be helpfull when calling the support desk.

• User interface, this log show problems with the user interface and the java engine from the user interface

• All log files, this log shows all logs of user interface and server

• Last log file of the server

• Realtime logging, the realtime logging cannot be downloaded, if nessecery download the last log file.

If you want to refresh the log press the refresh button, if you want to download them press the download button.

3.7 System

This page shows the status of the iProtect™ server and the iProtect™ processes.

System Status overview

This screen shows technical and software information of the server and the iProtect™ system, this may be helpful when you are contacting the support desk. It also show when the last backup is made, the settings of the NTP server etc.