*iProtect™ Maintenance Box

Open

Installation Manual | IM-20210309-TP-27 iProtect Access / Security | Installation |

Open

This manual represents the knowledge at the above-mentioned time. TKH security works non-stop to improve her products. For the most recent technical information please contact your consultant or dealer.

1 Enter System Maintenance

Enter System Maintenance
The iProtect™ Maintenance Page is to manage the iProtect™server. The use of the terminal program (e.g. PuTTY) with the necessary knowledge of Unix/Linux will not be needed.

The following basic functions are available:

• Updating the system

• View logs on server level

• Change netwerk settings

• Create backup settings

• Close/restart server in a simple and correct manner

• Direct (non-automatic) firmware updates to network devices

• Re-install or delete old iProtect™ versions after installing a new iProtect™ version

• Downloading log files in a simple manner, e.g. to send them to our Supportdesk.

Turning on/off the iProtect™ Maintenance Page

• When it's necessary to turn off the iProtect maintenance page, open a secure telnet connection (e.g. PuTTY) to the iProtect server and use the command: noserverbox77

• When it's necessary to turn on (if switched off) the iProtect maintenance page, open a secure telnet connection (e.g. PuTTY) to the iProtect server and use the command: serverbox77

Workstation requirements
For using the maintenance page Internet Explorer 8.0 has to be installed on your workstation.
The complete user interface of the maintenance page can only be viewed, when the resolution is at least 1,280 x 800 pixels.

Logging in
You can open the iProtect™ Maintenance Page as follows:

• Open the Internet Explorer.

• Enter in the URL the protocol or 'https:' and then the ip-address, where iProtect™ is installed.

• The iProtect™ login page opens.

Function

This window shows the following options:

• Login to iProtect™

• Open the maintenance page when pressing the gear button

1.1 Use System Maintenance

After pressing the gear button on the iProtect™ login screen you can login into the maintenance page.

• You can login with the default username atlas and the matching password.

After a successful login the below system status page will show, explanation from this page in the system menu.

About the server box:

The "?" mark in the left green part will access this help file.

When a result is invissible due to screen resolution, you can press the maximize button in the right part of the result bar.

Results from command may either apear in the result screen or colored in the top of the screen. Green color is ok, Red color is a failure.

Functions

The System Maintenance window displays the following menu buttons:

The iProtect™ button gives access to:

• Configuration or status overview of the iProtect™ services.

• Creating a certificate for the iProtect server

• Downloading system and server information, logging and core files (in case of malfunction)

• Start or change Backup settings

The Server button gives access to:

• Server shutdown, reboot, hostid information (for the iProtect™ license) and raid status (if available).

• Network settings overview and configuration, trace an IP address.

• Date and Time settings, including setting of an NTP server.

• Possibilities to add additional route settings

The network device button gives access to:

• possibilities to ping an IP address, empty and display ARP (Address Resolution Protocol) entries.

• Upload non automated uploads to Network devices like IPU-8, Polyx, Apollo and Future equipment.

The UPS button give access to:

• Show status and start or stop the communication between server and (optional) Uninterruptible Power Supply.

The software button gives access to:

• Posting a new iProtect™ to the iProtect™ server

• Reinstall (in case of problems) or remove (in case of low disk space) an older version.

The logging button gives access to:

• See real time or download logging of the user interface process.

• See or download all or only the latest log files

• See real time system messages.

The system buttons shows a quick overview of the current system information.

1.1.1 iProtect ™

The iProtect™ Menu gives access to the following items:

Configuration and status overview of the iProtect™ services.

Creating, show or import a certificate.

Download system, server, logging and core files.

Start a backup or change backup settings.

1.1.1.1 iProtect™ Services

The iProtect™ services page shows you and let you configure the services from iProtect™ database.

iProtect™ Services General

Process list button

When choosing the iProtect™ services page, automatic the process list from iProtect™ will be visible, for an update of the information you can press the Process list button.

The process list:

From the above 6 processes only kp77node is optional and depending on the configuration, the 5 other processes are required for a good functioning normal iProtect™ system.
When a 'S' is displayed (Below STAT) the process running and waiting for an event,

if an 'r' is displayed, the process is running and processing events.

If iProtect™ is not running on the server, you will see 'no iProtect™ Processes'

If you are in doubt about the status contact the support desk.

If for one reason you and other system users cannot log in to iProtect™ and the line with java is not shown in the process list you can press this button to restart the User interface. After a couple of seconds you can log in again.

Stops the iProtect™ database.

Start the iProtect™ database. (Because the software of iProtect™ automatically starts by switching the server on this command is rarely used.)

Re-builds the database index files (e.g. when the database is corrupt.)

iProtect™ Services Configuration

In active services you can select the processes running on this local server. In some cases it might be useful to disable some services, please consult you local dealer.

Database: The Database is normally running local, you can also choose to let the database run on a remote server, in this case choose for remote and enter the IP address of the remote server.
(The box to enter the IP address of the remote server will appear when selecting remote).

Video: when using camera's you can set the video services to yes, If you use a external video server you can leave this option to no. In the user interface you can give the ip adress of this server.

User Interface: When 'yes' is selected the user interface of this server is running. If this is a remote database server (see Database) you can disable the user interface.

After changing setting press the save button.

You can enter the maximum percentage the JAVA process may use. After changing setting press the save button.

1.1.1.2 iProtect™ Certificate

The iProtect™ certificate windows let you configure the security certificates of iProtect™.

iProtect™ Certificate General

Without any values pressing the list button shows the certificates:

For example:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Mar 20, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1):
1D:33:77:FE:B6:04:AC:FE:06:A7:5D:C7:0D:3C:AE:2D:E1:3A:2E:97

Default certificate name is tomcat (based on the -in iProtect™- used webserver), when you fill in 'tomcat' based on the name of de as an alias more specified certificate info is displayed about this tomcat certificate.

Alias name: tomcat
Creation date: Mar 20, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=192.168.0.6, OU=iProtect, O=TKH-Keyprocessor, L=Amsterdam,
ST=Netherlands, C=nl
Issuer: CN=192.168.0.6, OU=iProtect, O=TKH-Keyprocessor, L=Amsterdam,
ST=Netherlands, C=nl
Serial number: 61615e53
Valid from: Thu Mar 20 15:39:35 CET 2014 until: Thu Apr 19 16:39:35 CEST 2018
Certificate fingerprints:
MD5: 15:70:89:2A:22:53:AF:A1:81:43:99:2E:EA:62:F5:A4
SHA1: 1D:33:77:FE:B6:04:AC:FE:06:A7:5D:C7:0D:3C:AE:2D:E1:3A:2E:97
SHA256:
13:15:2F:DD:59:91:13:62:DE:CB:8D:86:DA:AF:F6:83:AB:07:1D:11:4D:10:02:59:E9:
68:51:28:38:AD:D6:44
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8E 94 39 E2 89 9A 65 17 48 1F E3 95 3B 00 38 6D ..9...e.H...;.8m
0010: 84 E3 64 EE ..d.
]

]

iProtect™ Certificate General configuration

With create certificate you can create a default 'tomcat' certificate.

er you can delete the default 'tomcat' certificate.

Delete certificate with options is to delete a non default certificate.
Import certificate is to import own certificate, this certificate has to be created by a certificate authority. To create the certificate files for the certificate authority please contact your dealer.

1.1.1.3 iProtect™ Download

The iProtect™ backup menu let you configure the backup settings from the database.

The screens shows the following buttons:

Download a backup from your iProtect™ server to your pc.

If the database runs on a different server than the GUI (graphic user interface) or the iNVR-server, you can download here a .taz-file from the database server and upload it (with 'upload to server') to the iNVR/ GUI server.

Download all relevant server information (e.g. for our supportdesk) to your pc.

The file obtains:
• uname -a (OS version)
• Ubuntu release
• iPuntu release
• iProtect version
• Server date
• Bios date
• Timezone
• Uptime
• prstat / top
• netstat –n

• netstat –r
• df –h
• messages (last 2000)
• tomcat log (last 1000)
• Process list
• Show devices
• Samba backup settings
• Medium
• hostid
• RAID status
• Server settings
• Physical available server

memory
• ARP show
• UPS status
• vmstat77

Download the iPuntu- and tomcat log from the iProtect server to your PC.

Download the core files from the iProtect server to your PC. in case of big problems core files need to send to the support desk.

1.1.1.4 iProtect™ Back up

The iProtect™ backup menu let you configure the backup settings from the database.

iProtect™ Back up Genera

By pressing the start button you can start the backup according to the settings in configuration.

iProtect™ Back up Configuration

When selecting "local" at location the backup wil be stored on the local harddisk of the iProtect™ server.
This option is not very safe, when the hard disk crashes, also the backup may be lost.

When selecting "Samba client" at location the backup wil be stored on a remote samba client.

• Name of the server for backups (including share)
• IP address of the samba server
• User name
• Password

• The workgroup or domain name
• Possibly a subdirectory in the share
• The maximum amount of backups. If you enter e.g. 7 here, the first backup will be overwritten on day 8.

1.1.2 Server

The Server Menu gives access to the following items:

For information about the hostid of the server, this is important for you License.
Start and stop the server and check the optional raid controller settings.

Change network settings of the server.

Date and time settings.

See and create additional routing for the network interface.

1.1.2.1 Server Server

The server menu gives information about hostid of the server, it also alows you to reboot, restart and check the raid status of the server.

Displays the hostid on which the license of iProtect™ is based.

Stops database and operating system.

Stops database, operating system en restarts server.

Displays the raid- and disc status. Only to be used for RAID functionality.

1.1.2.2 Server Network

In the network page you can see and change settings about network related items.

Server Network General

Show all network interface card settings.

Example:

Current interface config:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.0.6
network 192.168.0.0
netmask 255.255.255.0

auto eth1
iface eth1 inet static
address 212.123.220.220
network 212.123.220.0
netmask 255.255.255.0
dns-nameservers 8.8.8.8

gateway 212.123.220.20

auto eth2
iface eth2 inet static
address 192.168.3.1
network 192.168.3.0
netmask 255.255.255.0

auto eth3
iface eth3 inet static
address 192.168.4.1
network 192.168.4.0
netmask 255.255.255.0

Current network status:
eth0 Link encap:Ethernet HWaddr bc:30:5b:d0:11:01
inet addr:192.168.0.6 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::be30:5bff:fed0:1101/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4076333 errors:0 dropped:0 overruns:0 frame:0
TX packets:648130 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:382569008 (382.5 MB) TX bytes:91340614 (91.3 MB)

eth1 Link encap:Ethernet HWaddr bc:30:5b:d0:11:02
inet addr:212.123.220.220 Bcast:212.123.220.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:138864565 errors:0 dropped:0 overruns:0 frame:0
TX packets:138864565 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12585569446 (12.5 GB) TX bytes:12585569446 (12.5 GB)

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 212.123.220.20 0.0.0.0 UG 100 0 0 eth1
localnet * 255.255.255.0 U 0 0 0 eth0
212.123.220.0 * 255.255.255.0 U 0 0 0 eth1

Trace route:

You can enter an IP address to trace the route to the device, so you can see if a
remote device
can be reached with the current network settings, if not you must analyse the
result of this command.

Server Network configuration

In the top select the network interface you want to change and change the settings.
Only at one network interface a gateway or DNS (1/2) is allowed To remove the gateway or dns remove the ip address and save.

1.1.2.3 Server Date and Time

In the date and time screen it's possible to see and change date and time settings of the iProtect server.

Server Date and Time General

With this button you can see the server bios time.

Server Date and Time Configuration

Here you can enter the time settings, please select your Timezone, and enter the correct time, it is also possible to enter an NTP server.

1.1.2.4 Server Route

In the route screen it is possible to add or remove additional network routers.

For an additional route you can select the Network card and fill in the IP address range, netmask en the additional gateway reachable by the specified Network card. For deleting an additional route just press the delete button.

1.1.3 Network Device

In this menu it is possible to check if iProtect™ network devices can be reached over the network, You can also send software to iProtect™ network devices.

Ping the IP address of the network device and look if it exists and is a live.

ARP show, shows the mac addressed linked to the an ip address.

ARP remove, Removes the link between specified IP address and mac address,

This is useful when replacing hardware with the same IP address.

For uploading the nodemanager software specifie the IP address of the networkdevice and push the button with the devicename or type. For a polyx D+ only upload the keystore with the keystore button.

1.1.4 UPS

In this menu it is possible to check if iProtect™ sever has a good connection to an additional UPS, when a power failure occurs the server will continue running for a certain time.

Show the status of the ups if supported
UPS is connected

Starts the UPS demon

Stops the UPS demon

1.1.5 Install

In this menu it is possible to upgrade the software of the iProtect™ server, in case of problems after an update you can also decide to go back to an earlier version.

Install General

Use this button is to download upgrade
information.

Install Configuration

To upgrade a iProtect™ systen to another version you can go to the upgrade configuration tab and upload* the combination packet of gui and database (1) First select the file and then press the post button, while uploading the text "uploading..." will be visible.

• please note in the file-path name it might happen 'fakepath' is visible, this is because of some code issues in your browser, and is absolutely no problem.

After a successful upload the result is:

Success
Your request was processed successfully :
File upload succeeded, starting autorun...

Installing iprotectdb080113
Start installing new servbox
Now upload the new license file.
For non English, Dutch or German systems upload the new language
file.
Upgrade check started. Select 'Check requirements' for the results
Select 'Check requirements' later again if you want the
requirements 'rechecked'
end of autorun

After uploading the package a new serverbox version will be installed and you will be
redirected to this new serverbox version.

After uploading it is also possible to upload the license file (step2) and an additional language file (step3).

This button will start important checks to see if it is safe to do an update.

Green items are OK
Orange items are not OK, but wont block an update, for example not uploading a new license.
Red items are not OK and will block an update, for example an non communicating line with an active checkbox, the nodemanager can't be updated in this situation, so this will block the update.

Checked items:
Checking for panic messages.
Checking space
Checking java/tomcat version
Checking iPuntu version
Checking apache certificate.
Checking package architecture.
Checking backup.
Checking time settings.
Checking system state.
Checking presence of discontinued stellars.
Checking lines.

Checking nodes.
Checking Readers.
Checking current license.
Checking licenses.
When the update is blocked and you have red items, fix them in the current installed version, and then check requirements again.
When there are no red items you can do an upgrade bij pressing the start upgrade button.

After waiting about a minute you can try to login to iProtect, while the system is still restoring.

Downgrade to Previous version

After an upgrade in case of problems you can reinstall an old version, by selecting the version In the Reinstall menu and press the start button.

It is also possible to remove old versions from the system to create disc space.

1.1.6 Logging

The logging page is used for logging system events in case of problems, may time the supportdesk niet information from the log files.

There are several logs possible to show and download this may be helpfull when calling the support desk.

• User interface, this log show problems with the user interface and the java engine from the user interface

• All log files, this log shows all logs of user interface and server

• Last log file of the server

• Realtime logging, the realtime logging cannot be downloaded, if nessecery download the last log file.

If you want to refresh the log press the refresh button, if you want to download them press the download button.

1.1.7 System

This page shows the status of the iProtect™ server and the iProtect™ processes.

System Status overview

This screen shows technical and software information of the server and the iProtect™ system, this may be helpful when you are contacting the support desk. It also show when the last backup is made, the settings of the NTP server etc.

When the total status is green everything is ok, if one of the items at services is not green the status will become red.

Green: Satus ok

Yellow: Status ok but with warnings (For example lines are not communicating because they are set inactive).

Red: Status is not ok. (For example nodes are set active but are not communicating).