IM02606006E

Server Guide: Foreseer 6.0

Foreseer Server Guide

Foreseer Server Guide

Publication date 5/2012
Copyright 2012 by Eaton Corporation. All rights reserved.
Specifications contained herein are subject to change without notice.
Power Xpert and Foreseer are registered trademarks of Eaton Corporation.
EATON CORPORATION - CONFIDENTIAL AND PROPRIETARY NOTICE TO PERSONS RECEIVING THIS DOCUMENT
AND/OR TECHNICAL INFORMATION THIS DOCUMENT, INCLUDING THE DRAWING AND INFORMATION CONTAINED
THEREON, IS CONFIDENTIAL AND IS THE EXCLUSIVE PROPERTY OF EATON CORPORATION, AND IS MERELY ON
LOAN AND SUBJECT TO RECALL BY EATON AT ANY TIME. BY TAKING POSSESSION OF THIS DOCUMENT, THE RECIPIENT ACKNOWLEDGES AND AGREES THAT THIS DOCUMENT CANNOT BE USED IN ANY MANNER ADVERSE TO
THE INTERESTS OF EATON, AND THAT NO PORTION OF THIS DOCUMENT MAY BE COPIED OR OTHERWISE REPRODUCED WITHOUT THE PRIOR WRITTEN CONSENT OF EATON. IN THE CASE OF CONFLICTING CONTRACTUAL PROVISIONS, THIS NOTICE SHALL GOVERN THE STATUS OF THIS DOCUMENT.
DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY
The information, recommendations, descriptions and safety notations in this document are based on Eaton Corporations
(Eaton) experience and judgment and may not cover all contingencies. If further information is required, an Eaton sales
office should be consulted. Sale of the product shown in this literature is subject to the terms and conditions outlined
in appropriate Eaton selling policies or other contractual agreement between Eaton and the purchaser. THERE ARE NO
UNDERSTANDINGS, AGREEMENTS, WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING WARRANTIES OF FITNESS
FOR A PARTICULAR PURPOSE OR MERCHANTABILITY, OTHER THAN THOSE SPECIFICALLY SET OUT IN ANY EXISTING CONTRACT BETWEEN THE PARTIES. ANY SUCH CONTRACT STATES THE ENTIRE OBLIGATION OF EATON. THE
CONTENTS OF THIS DOCUMENT SHALL NOT BECOME PART OF OR MODIFY ANY CONTRACT BETWEEN THE PARTIES.
In no event will Eaton be responsible to the purchaser or user in contract, in tort (including negligence), strict liability or
otherwise for any special, indirect, incidental or consequential damage or loss whatsoever, including but not limited to
damage or loss of use of equipment, plant or power system, cost of capital, loss of power, additional expenses in the use
of existing power facilities, or claims against the purchaser or user by its customers resulting from the use of the information, recommendations and descriptions contained herein.

Contents
Chapter 1. Foreseer Server Installation......................................................... 1
System Requirements ................................................................................. 1
Software Considerations ............................................................................. 2
Hardware Considerations ............................................................................ 2
Foreseer Server Installation.......................................................................... 3
Program Installation...................................................................................... 3
Chapter 2. Configuring the Foreseer Server............................................... 5
Device Installation......................................................................................... 7
Loading a Set of Devices.............................................................................11
Backing Up the Server Configuration .........................................................12
Automatic Configuration Backups................................................................13
Online Help ................................................................................................13
The Tree View .............................................................................................14
Server Properties.........................................................................................15
Device Properties.........................................................................................16
System Channels .......................................................................................17
Channel Properties.......................................................................................18
User-Defined Channels................................................................................ 21
Administrative Password ........................................................................... 23
Client Connection Password....................................................................... 24
Message Manager...................................................................................... 24
Remote Server ....................................................................................... 29
Heartbeat Server ....................................................................................... 30
Slave Heartbeat Server ............................................................................. 32
Chapter 3.WebViews .................................................................................. 33
Creating WebViews Folders and Pages....................................................... 34
Chapter 4.WebViews Security..................................................................... 39
Authorization Levels.................................................................................... 39
Accounts..................................................................................................... 41
Updating User Groups................................................................................. 41
Chapter 5. WebViews Administration.......................................................... 43
HTTPS (Secure) Web Server ..................................................................... 43
Enabling a WebViews Server...................................................................... 43
Server Admin Menu.................................................................................... 45

System Requirements

Chapter 1. Foreseer Server Installation

Foreseer is designed to manage your critical site or entire enterprise by monitoring power and environmental inputs from equipment, sensors and other systems.
Monitored points include Meter (analog) and Status (digital) inputs which open a
detailed window into the past, present and future performance of your mission-critical
equipment. The unique networked architecture and modular design make Foreseer a
cost-effective approach to managing your site while maintaining unique analysis and
multi-vendor connectivity capabilities. It furnishes a single integrated system that provides real-time and historical views into the operation of the power and environmental
conditions that support your critical operation.
Foreseer is an easy-to-use Windows program consisting of both Server and Client
software modules (which may be installed on the same PC).
The Foreseer Server functions as a centralized storage location for information from
managed Devices and the Foreseer Client acts as a retrieval and display terminal for
that information. Together, the applications allow you to observe real-time data, respond to events and alarms, as well as view historical data and project potential failure
for every data input. Your system has been pre-configured during installation with
equipment, critical data points and other views specific to your operation. The configuration can be readily modified to meet your changing monitoring needs.
Although multiple Clients can access the Server and view its resident data, Foreseer
administrative functions control who has modification privileges to particular program
features. Password authorization can be specified to protect the Server configuration
from inadvertent alteration.

System Requirements

Foreseer has certain hardware and software requirements; exceeding these prerequisites will enhance the performance of the program. The following minimum system configuration is necessary to run the Foreseer Server Application (note that the
recommended system meeting these specifications is an HP Proliant DL380 G5 rack
mounted server):

Microsoft Windows Server 2003, Release 2, and Microsoft Server 2008. Refer
to the Release Notes for a list of newly supported operating systems.

A PC with a 2 GHz dual core processor

17, 1440 x 900, 16-Bit Color Super VGA Monitor with a 64 Mb Video Card

2 Gb of RAM

146 GB SCSI Hot Swap Hard Drives-qty. 2, (mirrored)

CDRW/DVD-ROM Drive

Dual NICs, onboard

Keyboard & Mouse

Optional equipment includes:

RS-232/422 Converters for Device connections exceeding 50 feet

Local Printer for hardcopy outputs

1

Hardware Considerations

Hardware Considerations

Sound Card

Foreseer also has certain hardware and software prerequisites that must be addressed prior to installing the program on the Server. Hardware prerequisites
consist of completing the Configuration Checklist for all of the Devices to be
monitored, then establishing physical connections between the Server and the
Devices to be monitored.

99

It is recommended that you complete the enclosed Configuration Checklist

to use as a reference during program installation.

99

Each monitored Device can be connected to the Server through one of

several interfaces. If the distance between the Foreseer Server and a serially
targeted Device exceeds 50 feet, RS-232/422 converters will be necessary to
adapt the serial signal.

Figure 2.1 FORESEER SERVER SETUP PROCEDURE

Complete Configuration Checklist

Verify Server PC meets minimum requirements
Ensure that the Devices are functioning normally
Network Connection

Determine Foreseer Connection Method

1. Locate available network drop within

300 ft.
2. Obtain the IP address.
Consult your Network Administrator if
necessary

Install Network Adapter

Repeat connection and test for each monitored Device

Serial Connection
1. Obtain Serial Port Expander.
2. Obtain RS-232/422 Converters if
distance exceeds 50 ft.

Install Foreseer Server Application

Configure Foreseer Server
Install Devices
Backup Foreseer Server Configuration

Software Considerations

Software prerequisites consist of verifying that the Windows operating system,

TCP/IP Protocol and (if appropriate) Remote Access Server are installed and
enabled. Before starting, determine the unique network address for the Foreseer
Server PC.

99

Ensure that the Windows operating system is installed on the Foreseer

Server PC.

Administration via Remote Desktop

If you are using terminal services to connect to a Foreseer Server, you must be
connected via the console session. If you dont connect through the console
session, some administrative tools, such as the Message Manager utility, wont
work. The server must also be set to access remote desktop connections to use
this approach.
2

Foreseer Server Installation

To launch a remote desktop connection to the console session on a server, type the
following command at the Windows command prompt:
mstsc -v:machine_name /F -admin
Where machine_name is the name of the server.

Foreseer Server
Installation

Foreseer installation and configuration is a three-step process: Program Installation, Server Configuration and Device Configuration. All three steps use a series of
InstallShieldWizards to simplify the procedure and user prompts guide you through
the entire process. Be sure to register your Foreseer Application to ensure that you
are notified about future updates and product enhancements.

Program Installation

Foreseer Server Application installation is performed from the CD-ROM and includes
all of the required files. You are prompted for the drive destination and the application
is placed in the specified location. There are two installation .msi files located in the
Installer folder:

CAUTION:

ForeseerInstaller.msi

If upgrading from a previous version of the Foreseer Server, this procedure

should only be performed
by experienced personnel
under the direction of Eaton technical support. Refer to the Release Update
and the Release Notes for
more information.

MsgManInstaller.msi This can be installed on a separate machine instead of the

Foreseer server. This can be a good strategy as it allows the message manager
to respond should the Foreseer server be down. If you do this, youll need to
configure the Message Manager on the client machine to point to the Foreseer
server (covered in the Message Manager Client Setup Guide) and configure the
Foreseer Server to accept connections from this client (covered in Trusted Message Manager Connections on page 28).

Example: To install Foreseer Server software (the other .msi file installations are
almost identical).
1. Insert the Foreseer Server Application CD into the Server PCs CD-ROM drive.
2. Select Run in the Windows Start menu and that dialog box is displayed.
3. Browse to locate the installation file on the Foreseer Server Application CD, then
click OK. Installation setup begins, its progress reported until complete, at which
time a Welcome dialog box is presented.
Figure 2.2 Running the Foreseer Installation File

Note: Foreseer should be

installed on the local hard
drive with the most available disk space. This may
not be the C: drive.

4. Click Next> to continue; a dialog box is displayed to specify the programs Installation Folder.
5. Type or Browse to identify the desired Installation Folder. Also specify whether
the installation is for anyone using this computer or only you, then click Next> to
continue with the installation.

Program Installation
Figure 2.3 Selecting the Installation Folder (default folder shown)

6. Click Next> to confirm that you wish to install the Foreseer software on your
computer. A status bar reports on the progress of the installation.
7. When complete, click Finish to conclude the installation process. You may be
prompted to reboot the system, although rebooting is not always necessary.
The installer will create a Foreseer program group in the Windows Start menu that
includes the following:
Device Config - Launches the Device Configuration utility, which you can use to add
devices to a running Foreseer Server.
Foreseer Server - Launches the Foreseer Server itself.
Documentation - Links to the various Forseeer manuals. Clicking these launches
Adobe Acrobat (if installed) and loads a PDF copy of the selected guide.

Program Installation

Chapter 2. Configuring the Foreseer

Server
The initial step in setting up Foreseer is to configure the Server. This includes establishing password authorization, if desired, to protect the basic administrative operations governing the maintenance of the application.
To configure the Foreseer Server:
1. After installation, the Foreseer Server is automatically launched. This starts the
configuration sequence.
To manually launch the Foreseer server, select Start > All Programs > Foreseer >
Foreseer Server.
2. Select Install a New Server and click Next>. The Server Configuration Wizard
dialog box is displayed.
3. Make sure a Configuration Checklist at the back of this manual has been completed for each of the connected Devices, then click Next to continue.
Figure 2.1 Foreseer Server Configuration Wizard Dialog Boxes

Program Installation

4. Identify this Foreseer Server for communication and reporting purposes by typing
in a name, up to 29 characters. Click Next> to continue with the Server configuration.
Figure 2.2 SQL Server Configuration

5. You are required to enter the SQL Server connection string, as well as an account
name and a valid password for access authentication. Enter the password a
second time for verification. Asterisks are displayed to maintain system security.
You can specify a Windows account if you are using Windows Authentication
mode for SQL Server. You can also specify the Database File and Transaction Log
Locations, if desired. With the necessary SQL Server information entered, click
the Next> button.
6

Device Installation

6. You may optionally require password authorization before changes can be made
to the Server. Password protection is recommended in critical installations to
prevent inadvertent changes which could adversely affect the Foreseer system.
Again, you must enter the Password in both fields to confirm it. Click Next>.
Figure 2.3 Administrative Password

7. Click <Back to change any of the chosen setup parameters, if necessary. Otherwise, click Finish to save the Server Configuration settings. The Server software
is launched automatically.

Device Installation

The next step in the installation procedure is to populate the Server with the equipment that is to be monitored. New Devices can be added to Forseer one-at-a-time by
the following procedure. See Loading a Set of Devices on page 11 for instructions for batch loading a set of devices via a comma-separated values (CSV) file.

Note: Adding Devices

requires first selecting the
Start Server Configuration
command in the Configuration menu followed by
Install Device.

The Device Installation Wizard guides you through the procedure, prompting the necessary information and applying default parameters based on a standard list of monitored points for each Device. Individual settings for these points may be changed later
(refer to Channel Properties).
To install a Device on the Foreseer Server:
1. Right-click in the Devices window and select Install New Device to access that
dialog box. Locate the Configuration Checklist for the new equipment, then click
Next> to continue.
2. Select the appropriate Device from the list of supported equipment and click
Next>.

Device Installation
Figure 2.4 Selecting a Device

3. Accept the suggested Name for the Device, or enter another unique description,
up to 24 characters, then click Next > to continue.
4. Specify whether the interface between the Server and the Device is a Network
or a Serial Connection, as well as the appropriate type, and click Next>.
Figure 2.5 Selecting Communications Protocol

Note: TCP/IP protocol

must be installed on the
Server PC regardless of
the type of Device connection. When utilizing
a ConnectUPS Network
Adapter, specify a UDP/IP
connection. A VIM II Direct
Serial Connection is used
only when installing legacy
Liebert equipment.

Device Installation

5. Enter the necessary Device Connection information:

For a Network Device, enter its IP Address or URL/Web address. This Address
must be correct or the Server will be unable to communicate with the target
equipment. Click OK to accept the entry and return to the Device Installation
Wizard window.
Selecting Serial Connection prompts additional interface information. A Direct
Serial Connection requires that you specify the COM Port to which the Device is
connected and its communications settings. Accept the displayed serial Port or
assign another from the drop down list of selections in the Serial Communications Port field.
Press the Settings button to display the Ports Properties dialog box containing
additional serial interface parameters. Click OK to enable the displayed parameters and return to the Device Installation Wizard window.

Device Installation

6. Once the Device connection is properly configured, click Next> and Foreseer will
attempt to establish connections with the specified equipment.

7. Verify that the information displayed about the Device corresponds to the information recorded on your Configuration Checklist. If not, Cancel the installation
and recheck the Device. With the correct Device information displayed, click
Next>.
8. With the target Device and the interface connection defined, click Finish to
complete the installation. The new equipment will appear in the Devices window.
Install any additional Devices, if necessary, using the same procedure for each.
If installation is unsuccessful or the Device information does not appear in the
Identification window, go <Back and check that all configuration entries are
proper and that hardware connections with the equipment are correct. After
verifying the configuration and connections, once again attempt to install the De10

Loading a Set of Devices

vice. Contact Eaton Corporation - Foreseer Technical Support if Device installation

problems persist.

9. With all Devices properly installed, click No to terminate the installation process.
You may wish to select newly installed equipment in the Servers Tree View and
review the default settings assigned to each of its input channels. The Properties
vary slightly depending on whether it is a Meter (analog) or Status (digital) channel and they only can be changed by a User with Administrative authorization.
Refer to Channel Properties for more information on these data point settings.

Loading a Set of
Devices

As an alternative to loading a single device via the wizard, you can load a set of devices by predefining these in a comma-separated values (CSV) file. This device list
file has the following format:
device_type,device_name,vi_file_name,IP_address,driver_specific_info
Where:
device_type is either Modbus3, SnmpManager2, PowerSNMP, or Nothing. These are
not case sensitive. The Nothing driver is provided as a device you can use when installing derived channels. Note that for the SnmpManager2 device, you must have the
TrapManager installed prior to adding devices. Failure to do this will require that you
manually add the devices to the TrapManager (these devices will not communicate
until this step is done).
device_name is the name that will be used in Foreseer for the device.
vi_file_name is the filename of the driver file for that device. This file is stored in
the install_path/Foreseer/vi folder. Note that some driver file names may have a
single comma. Foreseer will handle this correctly.
IP_address is the IP address for that device. Set this to none for the Nothing driver.
driver_specific_info is either the device ID (for Modbus) or the read community
string for SNMP. Set this to none for the Nothing driver.
For example, the following .csv file loads five separate devices Powerware UPS 5125
devices:
PowerSNMP,5125-1,5-Powerware UPS 5125 Xslot SNMP.vi,10.22.50.32,public

11

Backing Up the Server Configuration

PowerSNMP,5125-2,5-Powerware UPS 5125 Xslot SNMP.vi,10.22.50.35,public
PowerSNMP,5125-3,5-Powerware UPS 5125 Xslot SNMP.vi,10.22.50.31,public
PowerSNMP,5125-5,5-Powerware UPS 5125 Xslot SNMP.vi,10.22.50.142,public

You can load the .csv file into Foreseer through any of the following methods:

The Foreseer Web Configuration Utility (see the help/manual for that utility for
specific instructions). Note that the Web Configuration Utility expects the device
list file to be in the install_path/Foreseer/vi folder.

The Device Config Utility (see the help/manual for that utility for specific instructions).

The Foreseer Server. Instructions for loading the device list file follows:

To load a device list file through the Foreseer Server:

1. In the Configuration menu, click Start Server Configuration.
2. In the Configuration menu, click Install Devices from List.
3. In the Select CSV File dialog box, browse to the CSV file.
4. Click Open.
The file will be validated and, if no errors are found, loaded. Should errors be detected
in the device list file, refer to the error dialog boxes and the log report.

Backing Up the
Server Configuration

It is strongly recommended that a backup be performed after initial system configuration as well as before and after any significant modifications to ensure maximum
disaster recovery capability.
Significant changes are signaled via the Major Server Version System Channel.
The Backup archive includes the Foreseer Server configurationdata files are not
backed up in this procedure. Automatic data backups can be scheduled under the Database menu (see Database Backups), but do not include information about the Server
configuration.
To backup a Foreseer Server configuration:
1. Select Configuration Backup in the Configuration menu to display the Save
Server Configuration Backup As dialog box.
2. Enter a File name for the backup, specify a different destination directory if necessary, then click Save to create the archive file.

12

Automatic Configuration Backups

3. Click OK to continue once the backup is reported Completed Successfully.

Automatic Configuration Backups

Note: You can either coordinate the configuration

archiving process with an
existing tape backup program or copy it to another
drive, if desired.

You can schedule the configuration backups automatically at specified intervals.

A network drive is the recommended backup destination.
To schedule regular backups:
1. Select Backup in the Servers Configuration menu.

2. Specify when the backup is to be performed. The Start Time is based on a 24hour clock: for example, 5:00 p.m. is entered as 17:00. Note that the backup
cannot occur within ten minutes of midnight and that there are restrictions based
on the type of backup media. The Start Timeplus the duration of the archive cannot extend through midnight if archiving to a tape drive and it cannot be within
the half hour preceding midnight if archiving to another disk drive.
3. Check the Day(s) of the Week on which the backup is performed. At least one day
must be checked to enable this automatic feature.
4. Enter or browse to the desired backup path.
5. Click OK to enable the displayed Data Backup settings. Archiving will be performed automatically at the scheduled time on the selected day(s).

Online Help

Much of the operation of Foreseer should be familiar to those who have used the
Microsoft Windows Operating System. Foreseers online help facility furnishes more

13

Online Help

comprehensive information on program operation. You are urged to consult the Foreseer Server online help files to learn more about all aspects of the application.
Hotspots within the various Help topics pop up specific information or quickly jump to
related topics simply by clicking on them. These hypertext links are identified by their
green color if they are textual, or the cursor changing to a pointing finger if they are
graphic.
To access help, Select Help Index in the programs Help menu to conduct a search of
subjects. A subsequent Help window organizes assistance by Contents.

The Tree View

The Tree View, also available on the Client, provides a hierarchical display of the Server
configuration much like Windows Explorer. If it is not displayed, select Tree View in the
Window menu.
The left pane of the Tree View lists all associated Foreseer Servers as well as their
subordinate Devices and Channels. The list, like Windows Explorer, is expanded and
contracted by clicking on the + and preceding the desired icon.
Selecting a Server, Device or Channel displays summary information about its constituent components in the right pane of the window. Listed Server information includes
the Name, Address, frequency of Alarm and Channel Updates, whether the connection is Enabled, whether the software Needs Updating and when the Last Update
Check was performed. Device information lists its resident channels as well as the
State, Value and Type of each.
Figure 2.6 Tree View

Note: The use of leading

characters (such as *
and !) in list names are
used to ensure critical
elements sort at the top
of the list in larger Server
configurations.

14

Selecting an individual channel similarly identifies its current State, Value and Type.
Any of these listings may be resorted by clicking on the desired column heading. To
sort Device channels alphabetically by Type, for example, click on that column heading;
clicking the column header a second time resorts them in reverse order. Selecting a
Server, Device or Channel and right-clicking presents a context-sensitive menu that
allows Foreseer actions and responses to be performed depending on the chosen system component. The Tree View also provides an <Alarm Management> summary in
the right window and allows <Reports> to be created and viewed on the Server. The
available Report formats are the same as those offered through WebViews.

Server Properties

Server Properties

The Server Properties dialog box, accessed through the Server Properties command
in the Administration menu, allows a number of general settings to be specified. They
are organized under four tabs:
General provides the name of the Foreseer Server whenever it is reported, such as in
Message Management and in Report titles. It also quantifies the information that is
written to the Log file. Other settings permit the Server to be enabled as a passwordprotected user rather than a local system account when running as a service and
Watchdog Processing support to ensure ongoing system operation.
Remote settings allow connected Clients to restart the Foreseer application on the
Server, perform a complete reboot of the Foreseer Server computer, and upload
newer releases of Foreseer software and Device Drivers to the Foreseer Server.
Database specifies a Retry Time, in seconds, after which Foreseer will attempt to
reconnect to SQL Server. Foreseer will continue to retry connections, using the specified interval between tries, until a connection is established. The retry attempts can be
temporarily disabled to avoid nuisance alarms, or this feature can be disabled entirely
with a Retry Time setting of 0.
Redundant System identifies the Server as a backup to ensure continued site monitoring in the event the principal Server fails. A single redundant Server is designated
as a Stand-Alone. In instances where there is more than one such Server, it must be
identified as the Primary or Secondary Redundant in the backup system.

15

Device Properties
Figure 2.7 Server Properties Tabs

Device Properties

The Device Properties dialog box furnishes operational information on each monitored
piece of equipment. In addition to the standard tabbed settings, there may also be a
Device-specific tab.
To view Device Properties:

Note: Alteration of Device

settings must be done
with the Device disabled,
which requires Administrative Authorization.

1. Choose the Tree View command in the Window menu to display that system
view.
2. Expand the left pane if necessary to locate the desired Device and click on it to
highlight it.
3. Right-click and choose Properties from the context-sensitive menu to display
the General Device Properties dialog box.

16

System Channels

4. Click on the appropriate tab(s) to access those Device Properties. They can be
viewed in a read-only mode.
Figure 2.8 A typical Device Properties Page

System Channels

Separate from individual Device inputs, Foreseer provides predefined System Channels to monitor critical Server operations. Grouped together in the Tree View, they
have predefined Properties that may be modified as desired, although alteration is not
recommended:
Active Client Connections

indicates the number of Foreseer Clients currently communicating with the Server.

Archive Elapsed Time

reports the time between high-resolution data archives.

Configuration Backup

indicates when the backup of the Server configuration is

no longer current: a system backup is recommended.

Database Archiving

reports an alarm when data are not being logged into the
Server database.

Database Backup

alarms when a scheduled data backup was unsuccessful.

Database Status

reports the current condition of the Servers database.

This channel alarms if any problems are detected in accessing the database.

Digital Transition Rate

reports the number of digital transitions per hour and

sets the data type to be archived.

Disk Free Space

displays the amount of disk space available on the

local hard drive on which the Foreseer application is
installed. This channel alarms when its value drops below the Lo Caution and Critical Limits set in its Basic
Channel Properties dialog box.

17

Channel Properties
Major Server Version

indicates consequential changes to the Version Server

configuration such as the addition or deletion of a Device or channel. It is strongly recommended a Configuration Backup be performed when this channel reports
changes have been.

Minor Server Version

indicates incidental changes such as the Version

alteration of a channels properties have been made. A
Configuration Backup typically is not necessary when
this channel reports changes.

Server Configuration Mode

shows if changes are currently being made to the server.

System Alarm

indicates a system-wide problem not associated with

database operations. The Log file can provide additional information on this condition.

System Warning

indicates a minor system problem has been detected.

The Log file can provide additional information on this
condition.

Channel Properties

Foreseer is shipped with some pre-configured Device settings. These parameters are
defined during Server Device installation. You may selectively enter your own settings,
if desired. Although any channels Properties reside at the Foreseer Server, they are
available for display and/or modification by authorized Clients.

Note: If specified during

Foreseer program installation, Administrative
Authorization is required
to change Channel Properties.

To alter Channel Properties:

1. Expand the list if necessary by clicking on the + preceding its associated
Devices name, then select the desired channel within the Tree View. A Meter
(analog) channel is identified by a circle, a Status (digital) channel is a square, a
text channel is indicated by a T and a clock symbol designates a date channel.
2. Right-click to display the context-sensitive menu and select Properties to access its Channel Properties dialog box.

18

Channel Properties

3. Click on the desired tab in order to access those Channel Properties. The tabs differ slightly depending on whether it is a Meter (analog) or a Status (digital) channel.
The Meter Channel Properties dialog box defines an analog channels operational
parameters:

General Channel Properties identify the individual input as well as its display
and archiving characteristics. Settings include a Description of the data point, its
display Units and Archive rate. There are also selections to Disable and/or Disarm
the channel.

Basic Channel Properties define the data points Alarm Limits and corresponding Messages. It also assigns the channel Priority for alarm sorting functions. If
you have created a derived channel that can be referenced by other channels for
alarm settings, you can specify that derived channel as well.
To set up a derived channel for alarm referencing, first create a derived Analog
channel and then set the alarm values. You can reference these through another
channel by selecting Use Global Alarm Limits. You can then use the Global Channel browse button to reference the derived channel youve created. Once youve
referenced a derived channel its alarm values appear in the Basic tab, although
you must enable them before they become active.

Figure 2.9 Analog Channel - Basic Channel Properties Tab

Note: A channels scaling values should only be

changed at the direction of
Eaton personnel.

Advanced Channel Properties (shown) enable various responses to an alarm including

Ack-Holdoff, Re-Arm and Delay Alarm intervals. These intervals postpone alarm response for the user-specified period. Alarm Latching can be enabled, if Alarm Latching is not enabled then a Hysteresis value may be assigned. Hysteresis determines
the threshold Value before a new alarm is reported for this channel. The Hysteresis
setting is used to eliminate nuisance alarms when the channels current reading is
near its set Alarm Limits. When an alarm occurs, the reading must drop below or rise
above the threshold Value, then exceed the Limit once again before a new alarm is
reported. Note that the Hysteresis setting is only available for non-Latching alarms. En-

19

Channel Properties

able Scaling allows you to apply a linear scaling factor to the channels Minimum and
Maximum Raw and Scaled Values.
Figure 2.10 Advanced Channel Properties Tab

Figure 2.11 Digital Channel - Basic Properties Tab

The Status Channel Properties dialog box defines a digital channels operational parameters:
General Channel Properties identify the individual input as well as its display characteristics. Settings include a Description of the data point, its display True and False String.
There are provisions to Disable and Disarm the channel.
Basic Channel Properties (shown) enable the data points Alarm and its corresponding
Message. You also can specify if the channel Alarm Value is True or False, whether the
condition is Cautionary or Critical, and its relative Priority for alarm sorting functions.
Advanced Channel Properties enable various responses to a detected alarm. They
include Ack-Holdoff, Re-Arm and Delay Alarm intervals, which postpone those alarm
responses for the user-specified period.
Alarm Latching can be disabled if desired.
20

User-Defined Channels

User-Defined
Channels

User-defined channels can be analog, digital, text or date-based to address specific

monitoring needs. A Text Channel is used to enter a text string (or optionally a Userdefined channel can be used to assign a text string to a text channel), such as the
Devices serial number for quick retrieval. A Date Channel can be used, for example,
to generate an alarm notification that it is time to perform a scheduled maintenance
procedure.
To create a User-Defined Channel:

Note: If specified during

Foreseer program installation, Administrative
Authorization is required to
change the Server Configuration.

1. Choose the Start Server Configuration command in the Configuration menu. The
Server Configuration Mode System Channel turns yellow and
********SERVER CONFIGURATION MODE********
is displayed in the windows title bar to confirm operational status.
2. If not already displayed, select Tree View in the Window menu.
3. Click on the desired Device icon on the left side of the Tree View, then right-click
and select Add User-defined Channel from the context-sensitive menu. The
New User Defined Channel dialog box is displayed.
Figure 2.12 New User Defined Channel Dialog Box

4. Enter a unique Name for the new data point and specify if it is an Analog, Digital,
Text or Date Channel, then click OK to display its corresponding Channel Properties dialog box.
5. Enter the necessary General, Basic and Advanced Channel Properties as appropriate to define the channels settings. Date Channels present the standard analog
Channel Properties while Text channels only have General Channel Properties.

21

User-Defined Channels
Figure 2.13 User Defined Settings

For more information about

User Defined Equations,
you can request training as
well as a Technical Support Bulletin from Eatons
Foreseer Customer Service
group.
22

User-Defined Analog and Digital Channels include a User Defined Equation tab
which specifies the calculation used to determine their value (refer to the Foreseer Server Online Help for a complete listing of available mathematical operators
and conditional statements). It also allows the reported Values of other channels
to be used in its calculation. Click on the Insert Channel button then locate it in

Administrative Password

the Select Channel dialog box. Highlight the desired channel and press OK to
insert it into the Equation at the cursor location.
Figure 2.14 User Defined Channels in the Tree

6.

Note: Renaming or deleting existing channels

or Devices can have an
adverse effect on Foreseer
Client configurations.

Administrative
Password

6. With the channels settings specified, click OK and the channel is created under
the designated Device in the Tree View. Analog channels are identified by a circle
icon, digital channels by a square, text channels by a T and date channels by a
clock.
7. Choose End Server Configuration in the Configuration menu to finish the editing session and restore normal monitoring operations. Standard Meter (analog)
and Status (digital) channels are similarly added to the Server configuration in
response to new inputs using the Add Channel command in the Edit menu. You
can also Rename or Delete individual channels (or entire Devices) from the list by
selecting them and choosing the appropriate command in the right-click menu.
Refer to the Foreseer Server Online Help file for more information on all of these
topics.

The Administrative Password may be changed, or assigned if one was not specified
during initial Server configuration. This authorization is altered through the Change
Passwords dialog box.
To change the Administrative Password:
1. Select the Change Passwords command in the Administration menu to display
the Change Passwords dialog box.
Figure 2.15 Change Passwords Dialog Boxes

23

Client Connection Password

Note: Passwords are casesensitive; thus, USER,

User and user are
all recognized as different
entries.

2. Click on the Change Administrative Password button to display the appropriate

dialog box.
3. Enter the Old Password (asterisks are displayed to maintain system security). If
no Password was previously assigned, simply skip to the New Password field.
4. Enter the desired New Password.
5. Type the same character string in the Verify New Password field to validate the
entry.
6. Click OK to save the New Password.

Client Connection Password

Note: Foreseer is shipped with
special as the default Client
Connection Password. DO NOT
specify a Client Connection
Password on a network hosting
Clients running a prior version
of Foreseer, or they will not be
able to communicate with the
Foreseer Server.

A Client Connection Password is used to prevent an unauthorized Foreseer Client

from accessing the Server and modifying its configuration, such as changing Channel
Properties. This password must agree with the Server Password entry on the Client
or the two computers will not be able to establish communications. The Connection
Password may be modified by a User with Server Administration privileges.
To change the Client Connection Password:
1. Select the Change Passwords command in the Administration menu to display
the Change Passwords dialog box.
2. Click on the Change Client Connection Password button to display that dialog box.
3. Enter the New Password, then again in the Confirm field in order to verify the
change. Observe the same naming conventions as those used for other Foreseer
passwords, such as case sensitivity.
4. Click OK to implement the New Password. Be aware that all subscribing Foreseer
Clients must know and enter the New Password locally or they will not be able to
access the Server.
Figure 2.16 Changing the Client Password

Message Manager

There are four configuration tasks for the message manager within the Foreseer
Server:
Setup: Defines which devices or individual channels send alerts through Message
Management as well as the configuration for various alarms and actions. You can also
define the SNMP behavior.
Configure Required Connections: Identifies which Foreseer systems are required to
be connected to this Server in instances where the Client normally performs Message Management functions. If any one of the listed systems becomes disconnected

24

Message Manager

from the Server, Foreseer Message Management begins its messaging routine to
alert personnel of alarms.
SNMP Properties: Sets global SNMP resend properties.
Trusted Connections: Defines a set of trusted machines that are permitted to connect to the Message Manager.
For instructions about how to configure the Message Manager through its configuration utility, see the Message Manager Client Setup Guide.

Setup
Use this to configure Message Manager settings for the server, devices, or individual
channels.
1. Select the Setup command from the Administration > Message Management >
submenu.
2. Right-click any server, device, or channel in the list, and click Edit.
3. For individual channels, you can set whether or not to use the default Notification
List (this checkbox is under the Default tab). For channels, devices, and servers
you can set behavior for Critical and Cautionary alarms, as well as when an alarm
is acknowledged or normal status is attained. You can specify:

The notification list to use.

Whether to send a message if required connections are missing.

Parameters for Alpha Messages. You can either choose to use the standard
message and configure it with the checkboxes or select Use Custom Message (under Alpha Message). If you are using the standard message, you
can select to include the Server Name, Device Name, Channel name, as well
as a user defined message.
If you choose Use Custom Message, you have access to all of the Message
Manager variables. Click Edit the Custom Message to access the message
editor dialog box.
When creating a custom message, you can use the following variables to
provide additional alarm information:
$SERVER_NAME$ - returns the server issuing the alarm.
$DEVICE_NAME$ - returns the name of the device issuing the alarm.
$CHANNEL_NAME$ - returns by the name of the channel
$ALARM_MSG$ - returns the alarm message.
$DATE$ - returns the current date.
$SERIAL#$ - returns the serial number of the device that issued the alarm.
$ACKED_BY$ - returns the user name that acknowledged the alarm.
$CHANNEL_VALUE$ - returns the current value of the channel.
$CHANNEL_UNITS$ - returns the units used by the channel.
$ALARM_VALUE$ - returns the channel value at the time of the alarm.
$ALARM_STATE$ - returns the current state of the alarm.

25

Message Manager

$ALARM_PRIORITY$ - returns the alarm priority.

$ACK_NOTE$ - returns the text, if any, that was entered as a note when the
alarm was acknowledged.

The command line to use for the Command Line service. This allows you to
change the command line issued for each alarm state or status.

Once these are configured, you can copy the settings to the other alarm or status
tabs using the buttons at the bottom of the dialog box.
Figure 2.17 Channel Message Settings Dialog Box

4. If you are also configuring SNMP traps, click the SNMP tab:
a. For both Critical Alarm and Cautionary Alarm, select one of the 25 predefined
traps or leave the setting at Do not send a Trap.
b. Set the Alarm Events parameters. You can choose to also send a trap on alarm
acknowledgement or return to normal.
5. Click OK.

26

Message Manager
Figure 2.18 SNMP Settings

SNMP Resend Parameters

Through this dialog box you can globally set the trap resend behavior. These settings
apply to all channels, devices, and server for which SNMP traps are configured. To
access it, select the SNMP Properties command from the Administration > Message
Management > submenu.
Figure 2.19 SNMP Properties Dialog Box

27

Message Manager

Required Connections
1. Select the Configure Required Connection command from the Administration >
Message Management > submenu to display the Required Connection Settings
dialog box.
Figure 2.20 Required Connection Strings Dialog Box

2. Click on the Add button to access the Enter Client IP Address dialog box.
3. Furnish either the Foreseer message management host network address or computer name and click OK.
4. Check the box preceding the address to enable server access by that client.
5. Specify the Startup Delay during which the server will ignore any clients that
become disconnected. This delay is in effect whenever the server is initialized, or
when modifications have been made to the system.
6. Repeat the process to add other Foreseer clients to the list.
7. Click OK to accept the displayed settings.

Trusted Message Manager Connections

When setting up the Message Manager on client machines, you must define them as
having trusted IP addresses or machine names within the Foreseer Server. To access
the dialog box, select the Trusted Connections command from the Administration >
Message Management > submenu Click the Add button to add machines to the list.
Select an entry and click Remove to delete it. Use the Edit button to change an entry.

28

Remote Server
Figure 2.21 Trusted Message Manager Connections Dialog Box

Remote Server

A local Foreseer Server can serve as host to a remote Foreseer Server. Once defined,
the Remote Server appears on the Tree View as another computer and can be modified locally. A Password provision adds another layer of security by restricting access
to authorized personnel.
To add and connect to a Remote Server:
1. With the Servers Tree View displayed, choose Start Server Configuration in the
Configuration menu. The Server Configuration Mode System Channel turns yellow and
*******SERVER CONFIGURATION MODE*******
is displayed in the windows title bar to confirm operational status. Select Add
Remote in the Configuration|Remote Management submenu (or right-click in
the left pane of the Tree View) to view that dialog box.
Figure 2.22 Add a Remote Dialog

2. Identify the Server by entering its Name and Address followed by the valid Password.
3. Accept the defaults for Alarm,Channel Updates and Connection Time-out, or enter
new settings.
4. Specify whether to automatically Connect to this Server at startup and to Synchronize the Remotes clock on connection. You also can Connect (and Discon-

29

Heartbeat Server

nect) the Remote Server manually using the context-sensitive menu in the Tree
View.
5. Click OK and the Server attempts connection with the Remote Server. Once
connection is established, the new Remote Server appears in the Tree View
hierarchy. Its display can be updated on demand by selecting the Update Remote
Server command in the Remote Management submenu or in the context-sensitive, right-click menu.
6. Choose the End Server Configuration command in the Servers Configuration
menu to return to normal Foreseer operation.
A Backups folder is created containing sub-folders for each Remote Server that is
added to the system. If a Remote Server configuration changes, as indicated by the
Major Server Version System Channel, the Local Server will request a configuration
backup. The resulting archive file is uploaded to the respective Remotes sub-folder to
ensure a current backup is available.

Heartbeat Server

A more direct method of monitoring multiple Foreseer Servers is through the Heartbeat function.
Heartbeat is a recurring signal issued from one or more Slave Servers to a Master
Server verifying that they are operational. It is particularly recommended in remote
Server installations. Establishing this relationship requires specifying the Master
Server and identifying its Slave Servers.
Only one Master Heartbeat Server can be specified to report the Heartbeat status of
its Slaves. A digital channel (Master Status) is installed as a Device on this Master
Server:
1. Choose the Start Server Configuration command in the Configuration menu. The
Server Configuration Mode System Channel turns yellow and
********SERVER CONFIGURATION MODE********
is displayed in the windows title bar to confirm operational status.
2. Select Configure Master Heartbeat Server in the Administration|Heartbeat Servers submenu.
3. Enter a Slave Server Name. The Name must match that which appears in the
target Servers Properties dialog box exactly or the two Servers will not communicate properly.
4. Enter Heartbeat Interval, the number of minutes to elapse between each issuance of the Slave Servers Heartbeat signal.
5. Click Add Slave to include the specified Foreseer Server in the list box.

30

Heartbeat Server
Figure 2.23 Master Heartbeat Configuration Dialog Box

6. Repeat the process, identifying additional Slave Servers and specifying their respective Heartbeat Intervals, to include them in the list.
7. Click Finish to complete the Master Heartbeat Server configuration.
8. Select End Server Configuration in the Configuration menu to restore the Foreseer Master Heartbeat Server to normal operation.
A Master Heartbeat entry is created in the Tree View window. In addition to a Master
Status channel, which reflects the current state of this function, the following status
channels are reported for each Slave Server when it issues its Heartbeat signal:

Criticals are its currently active Critical Alarms.

Cautions are the active Cautionary Alarms.

Figure 2.24 Master Heartbeat Entry and Related Channels

Acks are its currently Acknowledged Alarms.

Interval is the Slave Servers Heartbeat Interval.

31

Slave Heartbeat Server

Countdown is the time remaining before the Slave Servers next Heartbeat signal is
due. It counts down once a minute and will report a Cautionary alarm if the Heartbeat
signal is (by default, 10 minutes) overdue.
As with other Channels, any of these Status Properties can be modified to indicate
the desired settings. Any changes take effect with the subsequent Heartbeat signal.

Slave Heartbeat
Server

A Slave Server can send its Heartbeat signal to the Master Server either via the Local
Area Network or through Dial-Up Networking; the latter only attempted if the primary
LAN signal fails. At least one Slave Server must be identified to the Master Server to
perform this Foreseer function.
To configure a Server as a Heartbeat Slave:
Figure 2.25 Slave Heartbeat Configuration Dialog Box

1. Choose Tree View in the Window menu to display that View if it is not already visible. The Server Configuration Mode System Channel turns yellow and
********SERVER CONFIGURATION MODE********
is displayed in the windows title bar to confirm operational status.
2. Select Start Server Configuration in the Configuration menu to initiate changes.
3. Select Configure Slave Heartbeat Server in the Heartbeat Servers submenu.
4. Enter the LAN Address and the Dial-Up Address of the Master Heartbeat Server.
Also specify the Phonebook Entry to be used for this connection.
5. Check Enable the Slave Heartbeat Function.
6. Click OK to return to the Tree View.
7. Select End Server Configuration in the Configuration menu to restore the Slave
Heartbeat Server to normal Foreseer operation.

32

Slave Heartbeat Server

Chapter 3. WebViews
Note: Refer to Foreseer Server Online Help,
the WebViews Editor Guide, and the WebViews Users Guide for information on the
available WebViews tools and their use.

WebViews allows you to custom design all aspects of your site through an extensive
collection of drawing tools and view it through Microsoft Internet Explorer. You can
create as much complexity as you like without learning the intricacies of web design.
The first thing to remember when starting any project is to plan. The more planning
you do initially, the less trouble you will encounter during the course of the project.

The Foreseer WebViews editor is relatively simple to learn. A user with a basic background in web design and image creation software should be proficient on the software in less than a day. Keep in mind that you can create many of the assets that
you need inside the WebViews, but some elements such as .jpg, .gif, .png, and flash
components require additional software to create.
Right-clicking WebViews in the Tree View produces a context menu with commands
to:

Create a WebViews Folder (and its associated page)

Create WebViews pages (or entire branches within the tree) using pre-defined
template files.

Re-create WebViews pages (or entire branches within the tree), restoring them to
their default settings. This is valuable if you corrupt one or more pages.

33

Creating WebViews Folders and Pages

Creating WebViews Folders

and Pages

Creating Folders
When you create a new WebViews folder (and its related WebViews page), it is actually created as a child of the current location under WebViews in the Tree. For example, if you have selected the top of the Tree (<WebViews>), the folder is created under
that. If youve selected an existing folder, the new folder is created as a child of the
selected folder.
To create a new folder (and page):
1. Right-click a Location in the WebViews tree.
2. Select New Folder.

Using Templates to Create a Page or Tree

Templates provide a way to build WebViews pages quickly by using one page as a
model for others. The following section outlines how to create templates. The Templates menu provides the following functions:
The Create Page from Template/Create Tree from Templates commands create a Web
Views page or a section of the WebViews tree from the specified Template file. The
page(s) can include specified Devices and their Channels.
To create a WebViews page or tree section from a template file:
1. Right-click the location for the page in the WebViews tree and select Templates
Create Page from Template or Create Tree from Template
2. Select the .tpf template file to use. Template files for the currently selected folder
in the templates tree are in the right pane. You can navigate through the tree (left
pane) to select files in other locations in the tree.
3. Click Open.
4. Select Use the same objects that are in the template to link to these objects automatically (if they are still available on the server). Selecting this option prepopu-

34

Creating WebViews Folders and Pages

lates the Device to Use field in the next dialog box. If you wish to select another
device at that point, you still can even if this option is selected.
5. In this step, you must select the device in the template and match that to an
existing device in the server. The Device to Use field shows the currently selected device. You can select the server in the left pane and any device on the right
pane. If you do not select a device identical to what was in the template, objects
in the WebViews page will not have matching Channels and must be manually
relinked.

Creating Templates
If youre using Create Single Template the resulting template file is based on the selected WebViews page. This file will can then be used to create a copy of this WebViews page at different locations in the tree. If youre using Create Templates for Tree,
the resulting template file can be used to create a copy of the selected WebViews
page and all of its children. You can use this function to rapidly recreate repeating tree
structures throughout the WebViews tree. For both functions, you can specify the
device to use when specifying attached channels.
To create a template file:
1. Right-click a folder in the WebViews tree and select TemplatesCreate Single
Template or TemplatesCreate Templates for the Tree. If you are using the Create
Templates for Tree function, all of the child folders will also be included in the
template file.
2. Select a location in the Web Templates tree and specify a file name for the .tpf
template file. You can use the New Folder button to create a new folder as a child
of the folder currently selected in the Web Templates tree. This simply creates a
folder in the Foreseer Server file system (under \Program Files (x86)\Eaton Corporation\Foreseer\Web Templates).

Running Foreseer and the Message Manager as a Service

After configuring the Foreseer Server, it and the Message Manager must be run as
a Service within the Windows operating system under the local system (User Name
and Password ) account. In rare installation instances, the Server initially may have
to be defined as a Service, or it may be desirable to uninstall it as a Service for other
reasons. The Server Service Setup dialog box allows installation and removal of the
Server as a service.
To launch the Service Setup dialog box, navigate to the C:\Program Files\Eaton Corporation\Foreseer folder and double click the ServiceSetup.exe file. Select Install or
Uninstall and click OK to execute the desired function.

35

36

UPS #1 COM 2 9600 8 1

Example

1. An IP Address is required if using a network connection.

2. Serial Communications Settings must be configured on both the Device and within Foreseer if using serial connections.

32

31

30

29

28

27

26

25

24

23

22

21

20

19

18

17

Device
Name

Device
Number

N/A

IP
Address
Serial Port

N/A

Network
Settings
Baud
Rate

None

Parity

Serial Settings

Configuration Checklist

Data
Bits

Stop
Bits

Disabled / None

Handshaking
Flow Control

Creating WebViews Folders and Pages

Creating WebViews Folders and Pages

Device
Number

Example

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

Device
Name

UPS #2

Configuration Checklist

Serial Port

N/A

Baud
Rate

N/A

Parity

N/A

Data
Bits

N/A

Stop
Bits

N/A

Handshaking
Flow Control

Serial Settings

IP
Address

N/A

Network
Settings

189.100.150.22

37

Creating WebViews Folders and Pages

38

Chapter 4. WebViews Security

WebViews allows a user to view installed devices on the Foreseer Server and the
system status via Internet Explorer (version 7, 8 or 9). A users visual access level and
rights can be closely controlled through WebViews authentication and authorization.
Viewing access can be granted to the entire system or to the granularity of viewing
a single page. Control of the system can be broad-based or locked down entirely. The
WebViews server can be enabled over the HTTP protocol (non-secure), the HTTPS
protocol (128-bit encryption using SSL) or both.
Figure 4.26 Web Server Protocol Options from the Foreseer Server

Authorization
Levels

The authorization level granted to a user will depend on the authorization options that
are in effect for the HTTP and HTTPS servers and the credentials the user presents to
the server. Under no circumstances will the WebViews HTTP(S) server allow access
to any file or folder above the root of the WebViews folder.
Authentication requires that a user provides both a Username and Password (their
credentials). The users credentials are passed to the Windows default security provider for validation. The credentials must represent a valid Windows user account and
depending on the Security Policies at your site, the account may need the Log on
locally permission on the computer where the server is running. After the credentials
have been validated, the server then checks to see what Groups the user is a member
of.
The WebViews server currently provides three classes of authorization: ADMIN,
ROOT and TOP (or Branch). The ADMIN authorization class grants the user all rights.
ROOT authorization grants an account the right to View the Tree and View Alarms. TOP
(Branch) authorization grants a user the ability to view a specific branch of the tree.
A TOP level folder is defined as a folder that is a direct child of /WebViews (the root
folder). When an account has TOP authorization, they have access to the TOP (branch)
folder and all channels and folders under (or descendants of) the branch folder. If an
account has membership in both the TOP group and the ROOT group, the user will be
granted the higher-level ROOT authorization (or rights).
ADMIN authorization is requested by using the root path of /WebAdmin/ instead of /
WebViews/. An account that is a member of the ADMIN group (PXSauthAPPADMIN)
will be granted all rights.

04/27/12 - Foreseer Server Guide

39

When a user has been authorized at the Branch level, they may not view or access
any data or pages outside of the branch they have been authorized for.
The WebViews server will cache the last credentials that were presented and the
rights associated with the credentials. As long as the Internet Explorer session persists, WebViews will check the credentials presented by the browser with the current
request against the cached credentials. If they match, the WebViews server can skip
the time-consuming step of further Authentication and Authorization.
When a new session is started or the cached rights are not sufficient for the current
request, WebViews will reply to the request with an HTTP 401 status code. A 401 status is known as an Authorization Challenge. When the browser receives a challenge,
it will present the user with a Logon dialog. The user has three tries (the three-strike
rule) to provide credentials that the server will accept. If the user cannot provide valid
credentials, the browser typically displays a blank page. The WebViews server uses
HTTP Basic Authentication. The browser encodes the credentials supplied by a user
and sends it to the WebViews server in the HTTP Authorization header field.
Caution: As the credentials are only encoded (not encrypted), they are subject to
being intercepted and decoded. To keep credentials secure it is highly recommended
that the site uses the HTTPS (secure) server when authorization is enabled. The
HTTPS server uses 128-bit encryption which guarantees that even if the information
that is sent is intercepted, it cannot be decoded.
A WebViews folder tree can be graphically represented as such:
WEBVIEWS

/webviews

BASEMENT

/webviews/basement

UPS 1

/webviews/basement/ups
1

ATS 1

/webviews/basement/ats
1

FLOOR 1

webviews/floor 1

GEN A

webviews/floor 1/gen a

GEN B

webviews/floor 1/gen b

FLOOR 2

webviews/floor 2

AC 1

webviews/floor 2/ac 1

AC 2

webviews/floor 2/ac 2

AC North

webviews/floor 2/ac
north

WEBVIEWS is at the Root level. BASEMENT, FLOOR 1, and FLOOR 2 are the Top
level. The devices would be at the Branch level.
A TOP level folder is a direct child of the root folder (WebViews in the example tree).
TOP folders define a branch which includes the TOP folder and all folders that are
descendents of the TOP folder. Basement, Floor 1, and Floor 2 are all TOP folders.
The Floor 1 branch includes the following folders: /WebViews/Floor 1, /WebViews/
Floor 1/Gen A and /WebViews/Floor 1/Gen B.

40

WebViews User's Guide - 04/27/12

Accounts
Accounts are managed by Windows and may be Local Users or Domain accounts. To
allow a specific right, create a Local Group (local to the computer where the Foreseer
Server is installed and running) from the following choices:

PXSauthADMIN - All rights, except access to Web Configuration utililty.

PXSauthAPPADMIN - Access to the Web Configuration utility.

PXSauthROOT View all branches with view alarm permission

PXSbranch+folder View specified branch and folder

PXSrightViewTree View all branches of the tree

PXSrightViewAlarms Grants permission to view active alarms

PXSrightViewProps Grants permission to view a channels properties

PXSrightAlarmActs Grants permission for alarm management (ack/rearm)

PXSrightControl Grants permission to access a channels control ability

PXSrightEditProps Grants permission to edit a channels properties

Some of the rights also imply others as follows:

PXSrightViewAlarms......................PXSrightViewTree

PXSrightAlarmActs.........................PXSrightViewAlarms

PXSrightEditProps..........................PXSrightViewProps

To disable authorization completely, define the following group. The presence of this
group is all that's required, you do not need to add any accounts to it.

PXSauthNONE Grants admin permission to everyone.

Note: You can test each account if you wish through the Authentication tab on either
the HTTP or HTTPS server dialog box. Click the Account Test button and then enter
the Username and Password for a Windows User. If you wish, you can also specify a
branch of the Webviews tree to test for access privileges.

Updating User Groups

Foreseer queries the list of users and groups at startup, therefore if you make a
change to either the list of users or to groups this won't be read until the next time

04/27/12 - WebViews User's Guide

41

the Webviews Server starts. To force a query of the list of users and groups, you can
do one of two things:

42

Restart the Foreseer Server itself.

In the Foreseer Server, select the Webviews server through Administration >
Webviews Server. In the General tab, click the OK button. This restarts the Webviews server.

WebViews User's Guide - 04/27/12

Chapter 5. WebViews Administration

Note: To maintain security in critical site applications, it is recommended that there be
only one System Administrator per Web Server.
Administration features which control access to several WebViews functions are
established on the Web Server and applied globally to all WebViews users. User login
and password privileges are individually assigned by the System Administrator via individual users memberships in various Windows Users Groups. Refer to the Webviews
Security chapter for a list of user groups and the privileges they grant.

Enabling a WebViews Server

As noted, WebViews is an extension of the Foreseer Server application. Thus, a
Foreseer Server must be enabled as a WebViews Server in order to be able to display
WebViews.
To establish a Foreseer Server as a WebViews Server:
1. On the Foreseer Server, select WebViews Server in the Administration menu.
Note that there are two types of WebViews Servers in the submenu: HTTP (nonsecure) and HTTPS (secure). The procedure is identical for both types.
2. Choose the appropriate WebViews Server type and its Properties dialog box is
displayed.
3. Click on the General tab, check Enable theWebViews Server and click OK to
activate WebViews.
Figure 5.1 Webview Server Dialog Box

Note: You can use the Authentication tab to test the privileges (Windows user group
memberships) for any Windows user.

HTTPS (Secure)
Web Server

Safeguarding the information stored in the Foreseer Server database while allowing
Internet access can present problems if the data is sensitive. Increasingly, organizations are using digital Server Certificates to ensure confidential communications

04/27/12 - WebViews Users Guide

43

between the Server and Client. Foreseer has implemented a Secure Sockets Layer
(SSL) protocol which can be used to authenticate both Client and Server, as well as
encrypting the information they exchange through the HTTPS Server feature. Use
of the secure Foreseer HTTPS Server requires a Private Key Password and a Server
Certificate.
User authentication and access control historically are based on a name/password
scheme. But this approach requires management of a name/password database and
provides limited security. A digital Certificate is a type of identification in the form of
a data file that links an organizations identity to their ownership of a Public Key. This
Public Key, embedded in the Certificate, is uniquely linked to a corresponding Private
Key Password to which only the owner of the Certificate has access. The two Keys
and the corresponding Certificate are used not only for user authentication and access
control, but also for such security measures as message integrity. Such an approach
affords a secure form of authentication on both ends of the connection.
Certificates of Authentication can be self-signed or purchased from a third-party
source, depending on individual corporate policy. Third-party Certificate Authorities
specialize in Certificate issuance and subsequent management. They take responsibility for ensuring that the company requesting the Certificate actually is the company it
claims to be, as well as verifying anyone attempting to access the resident database.
A utility is provided in the Server folder to facilitate obtaining third-party certification.
The Foreseer HTTPS Web Server is enabled almost identically to the HTTP Web
Server. The exception is an additional tab which requires the Private Key Password be
entered to ensure any secure communications between the Server and Client.

44

WebViews Users Guide - 04/27/12

Server Admin
Menu

If you have administrative privilege, you can access some administrative functions
directly from a Webviews page. Right-click to produce the short-cut menu and then
select Server Admin.
Figure 5.2 The Server Admin Menu

The Server Admin menu provides the following capabilities:

Start Database: Begin data archiving for the Foreseer Server.
Stop Database: Halt data archiving for the Foreseer Server.
Config Backup: This creates a backup of the current Foreseer system configuration, and
should be done after the initial system configuration and after any significant modifications.
Restart Foreseer: This restarts the Foreseer Applications/Service on the Foreseer server
machine. Restart occurs five seconds after issuing this command.
Restart Windows: This restarts Microsoft Windows on the Foreseer server machine. A
Windows Restarts is initiated five seconds after this command is issued.
New Logfile: Starts writing system information to a new log file.
Get Logfile: Runs a Logfile report.
Upload File: Uploads files (useful for system updates).

04/27/12 - WebViews Users Guide

45

46

WebViews Users Guide - 04/27/12