honeywell forge cybersecurity platform · 2020. 5. 18. · outbound . connecting to a remote access...
TRANSCRIPT
HONEYWELL FORGE CYBERSECURITY PLATFORM
1911 (NOV 2019)
Virtual Security Engine (VSE)
Installation Guide
CS-HFCPE501en-1911A
November 2019
DocID CS-HFCPE501en-1911A 2
DISCLAIMER
This document contains Honeywell proprietary information. Information contained
herein is to be used solely for the purpose submitted, and no part of this document or
its contents shall be reproduced, published, or disclosed to a third party without the
express permission of Honeywell International Sàrl.
While this information is presented in good faith and believed to be accurate,
Honeywell disclaims the implied warranties of merchantability and fitness for a
purpose and makes no express warranties except as may be stated in its written
agreement with and for its customer.
In no event is Honeywell liable to anyone for any direct, special, or consequential
damages. The information and specifications in this document are subject to change
without notice.
Copyright 2019 – Honeywell International Sàrl
DocID CS-HFCPE501en-1911A 3
Notices
Trademarks Experion®, PlantScape®, SafeBrowse®, TotalPlant®, and TDC 3000® are registered
trademarks of Honeywell International, Inc.
OneWireless™ is a trademark of Honeywell International, Inc.
Other trademarks Trademarks that appear in this document are used only to the benefit of the trademark
owner, with no intention of trademark infringement.
Third-party licenses This product may contain or be derived from materials, including software, of third
parties. The third party materials may be subject to licenses, notices, restrictions and
obligations imposed by the licensor.
The licenses, notices, restrictions and obligations, if any, may be found in the materials
accompanying the product, in the documents or files accompanying such third party
materials, in a file named third_party_ licenses on the media containing the product.
Documentation feedback You can find the most up-to-date documents on the Honeywell Process Solutions
support website at:
http://www.honeywellprocess.com/support
If you have comments about Honeywell Process Solutions documentation, send your
feedback to:
Use this email address to provide feedback, or to report errors and omissions in the
documentation. For immediate help with a technical problem, contact your local
Honeywell Process Solutions Customer Contact Center (CCC) or Honeywell Technical
Assistance Center (TAC).
How to report a security vulnerability For the purpose of submission, a security vulnerability is defined as a software defect
or weakness that can be exploited to reduce the operational or security capabilities of
the software.
DocID CS-HFCPE501en-1911A 4
Honeywell investigates all reports of security vulnerabilities affecting Honeywell
products and services.
To report a potential security vulnerability against any Honeywell product, please
follow the instructions at:
https://honeywell.com/pages/vulnerabilityreporting.aspx
Submit the requested information to Honeywell using one of the following methods:
Send an email to [email protected].
or
Contact your local Honeywell Process Solutions Customer Contact Center (CCC) or
Honeywell Technical Assistance Center (TAC) listed in the “Support” section of this
document.
Support For support, contact your local Honeywell Process Solutions Customer Contact Center
(CCC). To find your local CCC visit the website, https://www.honeywellprocess.com/en-
US/contact-us/customer-support-contacts/Pages/default.aspx.
Training classes Honeywell holds technical training classes that are taught by process control systems
experts. For more information about these classes, contact your Honeywell
representative, or see http://www.automationcollege.com.
DocID CS-HFCPE501en-1911A 5
About this Guide
This guide describes how to install and configure the Virtual Security Engine (VSE), an
Honeywell Forge Cybersecurity Platform component that is installed at the remote site
and monitors devices at the site.
Scope This guide provides step-by-step instructions for configuring, installing, using, and
uninstalling the VSE, as well as the steps required for connecting to the Security
Center.
Intended audience This guide is intended for VSE technical personnel responsible for installing,
uninstalling and updating the VSE.
Several sections within the guide describe more complex installation scenarios for
which Support help might be required.
Chapter 8, VSE Packaging, is intended for technical personnel responsible for
preparing the VSE installation package.
Prerequisite skills This guide assumes basic knowledge of the Honeywell Forge Cybersecurity Platform
1911 modules relevant to the Security Center, the VSE, or both, depending on your
specific role.
Conventions used in this guide This guide uses the following conventions:
• v<m.n>
Indicates the software version, with the following variables:
v – a constant that stands for version
m – a variable that indicates a major version number
n – a variable that indicates a minor version number
For example: v4.3
• %<directory>%
DocID CS-HFCPE501en-1911A 6
Indicates an environment variable; for example, from %ProgramFiles% and
%TEMP%.
Related documents The following list identifies publications that may contain information relevant to the
information in this document.
Document Name Document Number
Honeywell Forge Cybersecurity Platform 1911 -
Security Center Getting Started Guide CS-HFCPE400en-1911A
Honeywell Forge Cybersecurity Platform 1911 - Virtual
Security Engine – User Guide CS-HFCPE601en-1911A
Revision history
Revision Supported Release
Date Description
A 1911 November
2019
Upgrade release
A 1909 September
2019
First release of product under the
Honeywell Forge Cybersecurity brand
A Release 510.1 August 2019 This software is an upgrade-only
release from Release 501.1
A Release 500.1 June 2019 First release of product to Honeywell
Enterprise customers
DocID CS-HFCPE501en-1911A 7
Contents 1. SECURITY CONSIDERATIONS ........................................................................................ 11
1.1 Physical security ...................................................................................................................................... 11
1.2 Separate security zone ......................................................................................................................... 11
1.3 Limiting access ........................................................................................................................................ 11 1.3.1 At the VSE level ...................................................................................................................... 11 1.3.2 At the directory or file level ............................................................................................... 11 1.3.3 Ports used by the application ........................................................................................ 12
1.4 Authorization measures ...................................................................................................................... 13
1.5 Encryption and validation................................................................................................................... 13
1.6 Possible security risks .......................................................................................................................... 14
2. TERMS AND DEFINITIONS .............................................................................................. 15
3. VSE OVERVIEW .................................................................................................................... 18
4. PREPARING SITES FOR INSTALLATION ..................................................................... 20
5. INSTALLING THE VSE........................................................................................................ 21
5.1 Deploying Postgres ................................................................................................................................ 21
5.2 Installing the VSE through the wizard .......................................................................................... 22
5.3 Installing the VSE through the Windows console .................................................................. 23
5.4 VSE initialization ...................................................................................................................................... 25
6. UPDATING TO VSE 4.9.50 ................................................................................................ 26
7. UNINSTALLING THE VSE ................................................................................................. 27
7.1 Uninstalling by using the Uninstaller ........................................................................................... 27
7.2 Uninstalling by using the console .................................................................................................. 28
8. VSE PACKAGING .................................................................................................................. 29
8.1 Method ......................................................................................................................................................... 29
8.2 Package contents ................................................................................................................................... 29
8.3 End-user-specific configuration..................................................................................................... 29
8.4 Vendor/enterprise-specific configuration ................................................................................. 30 8.4.1 Branded images .................................................................................................................... 30 8.4.2 Embedded third-party applications............................................................................ 30 8.4.3 Connection to Security Center ...................................................................................... 31 8.4.4 Product Lines ......................................................................................................................... 31 8.4.5 Other installation properties ........................................................................................... 31
8.5 Core VSE software .................................................................................................................................. 32
8.6 Creating a distribution package ...................................................................................................... 32
DocID CS-HFCPE501en-1911A 8
8.6.1 General changes ................................................................................................................... 32 8.6.2 Changes per end-user ....................................................................................................... 33
DocID CS-HFCPE501en-1911A 9
List of Figures FIGURE 5-1. CHOOSE INSTALL FOLDER IN THE VSE CLI INSTALLER........................... 24
FIGURE 5-2. PRE-INSTALLATION SUMMARY IN THE VSE CLI INSTALLER .................. 25
DocID CS-HFCPE501en-1911A 10
List of Tables TABLE 1-1. LIST OF PORTS .................................................................................................................... 12
TABLE 5-1. WINDOWS – CUSTOMER INFORMATION .............................................................. 22
TABLE 8-1. END-USER SPECIFIC DETAILS ................................................................................... 29
TABLE 8-2. BRANDED IMAGES ............................................................................................................ 30
TABLE 8-3. THIRD-PARTY APPLICATIONS ..................................................................................... 30
TABLE 8-4. FILES USED FOR CONNECTING TO SECURITY CENTER .............................. 31
TABLE 8-5. PREPACKAGED PRODUCT LINES ............................................................................. 31
TABLE 8-6. INSTALLATION PROPERTIES ....................................................................................... 31
TABLE 8-7. CORE VSE SOFTWARE ..................................................................................................... 32
SECURITY CONSIDERATIONS
DocID CS-HFCPE501en-1911A 11
1. Security Considerations
This chapter outlines the security measures for the VSE.
1.1 Physical security
CAUTION
VSE is a mission-critical component.
Take all necessary physical measures to prevent attacks or disasters.
Ensure that the server where the product is installed is located in an approved
physically secure location that is accessible only to authorized personnel.
1.2 Separate security zone VSE contains sensitive information, the loss of which could have severe consequences.
Therefore, there is a need to protect the sensitive information and prevent attacks
against the product. To do that, the VSE software, as well as its related extensions,
must be installed in an internally secured zone such as the site’s layer 3 network, with
strict access control lists and appropriate firewall/routing rules.
Ensure that VSE is installed in a directory that is only accessible to authorized
personnel responsible for the product.
CAUTION
If VSE is installed on one or more servers that are exposed to untrusted networks such as the Internet, protection against denial-of-service (DoS) attacks must be implemented.
1.3 Limiting access It is highly recommended to follow regulatory, industry, and enterprise standards for
limiting access to sensitive information as specified below.
1.3.1 At the VSE level The user management at the host running the VSE must follow the principles of need
to know and least privilege: Only users who absolutely must have access to the
computer are granted access, and these users are assigned the minimal set of
permissions allowing them to perform their job.
1.3.2 At the directory or file level Access to directories and files should also be granted in accordance with the principles
of need to know and least privilege: Only Users who absolutely must have access to the
SECURITY CONSIDERATIONS
DocID CS-HFCPE501en-1911A 12
requested directory and file are granted access, and these Users are assigned the
minimal set of permissions allowing them to perform their job.
Use the built-in file access audit logging of the OS to monitor unauthorized changes to
sensitive files.
1.3.3 Ports used by the application The default ports used the VSE are listed in the table below.
Table 1-1. List of ports
Port Number Port Type Inbound/Outbound Used for
8449 TCP Inbound Computers that reside on the
same network as the VSE.
Note
This number is configurable
and can be defined during the
VSE setup.
443 TCP Outbound
Connecting to a communication
server through a firewall
Note
This setting is configurable
depends on the
communication server settings
444 TCP Outbound
Connecting to a remote access
bridge (RAB) through a firewall
Note
This setting is configurable
depends on the RAB settings
Note
The ports listed below may or may not be used, depending on the VSE’s functionality. For
further details contact your Support team.
22 TCP Outbound Connecting to an SSH server on
the same network
SECURITY CONSIDERATIONS
DocID CS-HFCPE501en-1911A 13
Port Number Port Type Inbound/Outbound Used for
21 TCP Outbound Connecting to an FTP server on
the same network
445 TCP Outbound Connecting through WMI to a
device on the same network
162 UDP Inbound Used for SNMP traps
514 UDP Inbound Used for syslog events
1.4 Authorization measures It is strongly recommended to implement the following security measures:
• Change the default administrative password and delete/disable the default service
accounts as soon as new administrative accounts are created
• Disable any default Administrator/Root user on the computer
• Disable any default Guest user on the computer
• Disable any unauthenticated access to the computer via shared directories etc.
• Ensure that the OS is up to date with the latest security patches provided by the OS
vendor
1.5 Encryption and validation All cryptographic keys generated for the encrypted communication must follow the
current industry standards, including key size, encryption suites, certificate swapping
etc.
Operators and other personnel who have a low authorization level are advised to
ensure that they only run software provided from the Headquarters as a code-signed
execution file, such as Hyper Tunnel installer. A code-signed software displays the
signed by notification when it starts to run.
It is recommended to use a valid certificate issued by a trusted Certificate Authority
(CA), either the organization’s internal CA or an external CA.
SECURITY CONSIDERATIONS
DocID CS-HFCPE501en-1911A 14
1.6 Possible security risks The VSE machine must reside in a secured environment because, as the VSE has
access to the entire network, a compromised VSE machine would result in a severe
breach of security to the other machines in the network.
In normal operation, these risks are mitigated as the VSE only has two outbound
connections to the Security Center. A security breach can therefore only take place if
the attacker infiltrates the remote site or someone has configured the VSE machine to
be open to the Internet. The VSE connects to the Communication Server in a secured
tunnel, by default on port 443.
The only inbound connections are:
• 8449 – used for Web Server UI access
• 514 – used for syslog events
• 162 – used for SNMP traps
TERMS AND DEFINITIONS
DocID CS-HFCPE501en-1911A 15
2. Terms and Definitions
NOTE
The terms and definitions are listed in alphabetical order
Term Definition
asset Any site component that is connected to the network and is
accessible from the VSE
Communication Server (CS)
The Communication Server provides secure communication
between the Security Center and the VSEs and, optionally,
between the VSEs themselves.
compliance Whether the device meets the organization policy
compromised computer
Any computing resource whose confidentiality, integrity or
availability has been adversely impacted, either intentionally
or unintentionally, by an untrusted source. A compromise can
occur either through manual interaction by the untrusted
source or through automation.
DB Database server component
device A representation of a physical or virtual server or machine in
the VSE
discovery engine A VSE utility that represents the Honeywell Forge
Cybersecurity Active Discovery mechanism, which detects
and classifies network assets, and, optionally, adds them as
devices to the VSE.
ESP Essential Security Policy: A collection of scripts related to one
logical area, such as machine security status, hardware
information, event logs, or storage information; these scripts
can either be run on demand (Diagnose Routine or Corrective
Action) or based on a predefined schedule.
execution profile A collection of scripts related to one logical area, such as
machine security status, hardware information, event logs, or
storage information; these scripts can either be run on
demand (Diagnose Routine or Corrective Action) or based on
a predefined schedule.
TERMS AND DEFINITIONS
DocID CS-HFCPE501en-1911A 16
Term Definition
exposure level The extent to which the specific device is critical to ongoing
site operation; the predefined value options for the exposure
levels are one of the following:
• High
• Medium
• Low
heartbeat A periodic message sent between the VSE and the master
Security Center, to verify that the connection is alive
HQ Headquarters; the physical location of the Security Center
Lite product line The most basic product line, pre-packaged with the VSE
installer, which can enable accessing the system and
performing the most basic operations such as Send File and
Remote Access
Master Security Center
The only Security Center that handles heartbeat messages,
and from which the VSE receives remote activities. There can
be only one Master per VSE.
monitoring profile (MP)
An execution profile configured to run at set time intervals,
such as Every day at 18:00.
product line
A set of actions and scripts that together instruct the VSE to
perform certain procedures on devices that are defined in the
VSE.
Remote Access Bridge (RAB)
A Honeywell Forge Cybersecurity Platform component
installed externally to the SC which enables secure remote
access between the SC and the VSE. On receiving
communication requests from the VSE and the RAG, it
creates a secure bridge between them, thereby enabling a
secure communications tunnel from the SC to the VSE, and
from there to the required device.
Remote Access Gateway (RAG)
The Remote Access Gateway is part of Honeywell Forge Cybersecurity Platform’s remote access solution. When initiated, the Remote Access Gateway automatically pulls the connection details from the Security Center database. For each request to access a remote site, the Remote Access Gateway establishes a secure connection to the Remote Access Bridge to enable a secure communications tunnel.
TERMS AND DEFINITIONS
DocID CS-HFCPE501en-1911A 17
Term Definition
reverse tunnel A secured connection initiated by the VSE to the Security
Center.
Security Center (SC) Honeywell Forge Cybersecurity Platform component that is
installed at the corporate data center. The security center is
composed of various software components, which enable to
remotely collect, analyze, view, manage, and store data
retrieved from the VSEs. This data refers to the monitored
network assets and devices found at the VSE’s sites.
Self-monitoring product line
A product line that is prepackaged with the VSE installer and
contains several collection routines. When customers need to
send certain information to Support, such as audit logs and
system configuration, running the relevant collection routine
ensures that only the required data is collected.
SEPM Symantec Endpoint Protection Manager. Symantec Endpoint
Protection is a security software suite that includes intrusion
prevention, firewall, and anti-malware features.
SID Security Identifier; a string of characters and numbers.
tunnel A secure connection established from the Security Center to
the VSE.
VSE The Honeywell Forge Cybersecurity Platform component that
is installed at the remote site, monitors the devices at the
site, and provides additional functionalities such as remote
access.
VSE OVERVIEW
DocID CS-HFCPE501en-1911A 18
3. VSE Overview
Honeywell Forge Cybersecurity Platform enables an organization to remotely collect,
analyze, and view security data and other data retrieved from supported field-deployed
devices.
The system architecture consists of the following software components:
• Virtual Security Engine (VSE)
The Honeywell Forge Cybersecurity Platform component that is installed at the
remote site, monitors the devices at the site, and provides additional
functionalities such as remote access
• Security Center
The Honeywell Forge Cybersecurity Platform component that is installed at the
corporate data center. The security center is composed of various software
components, which enable to remotely collect, analyze, view, manage, and store
data retrieved from the VSEs. This data refers to the monitored network assets and
devices found at the VSE’s sites.
The Security Center is deployed at the customer’s headquarters or center. It
receives and stores device data transmitted by the VSEs.
• Communication Server
The Communication Server provides secure communication between the Security
Center and the VSEs and, optionally, between the VSEs themselves..
The Communication Server is located at the customer’s headquarters or center, in
a location accessible from the outside world, and provides secure communication
between the VSEs and the Security Center.
The following are some of the key features of the VSE:
• VSE follows rules defined by the organization to collect only data required for
solving issues.
The organization downloads to the VSEs collection routines that define the
following:
The data to collect
The protocol used
The collection frequency
VSE OVERVIEW
DocID CS-HFCPE501en-1911A 19
The location from which data items are to be to collected
• The VSE can gather transient data based on different events or on-site run-time
analysis of previously collected data.
• The VSE allows data sources and collection methods to be changed dynamically,
both remotely and locally.
• The VSE supports a variety of communication protocols, including: SNMP,
Telnet/SSH, Syslog Server, TL1, FTP, WMI, DBA, and custom protocols.
• Honeywell Forge Cybersecurity Platform supports scripting languages
(PowerShell, Perl, and VBScript). This enables various advanced collection
functions that do not fit within the regular UI-based system features, including
intelligent, dynamic collection based on previous collected values, advanced
parsing, sophisticated analysis and triggering, and filtered collection results.
• The VSE is designed to give the end-users in the site complete control over the
data that enters or leaves their network. Collection routines must be approved by
the end-user before they are installed on the VSE.
PREPARING SITES FOR INSTALLATION
DocID CS-HFCPE501en-1911A 20
4. Preparing Sites for Installation
For details about the system requirements such as supported operating systems,
browsers, and minimum hardware configuration, see the Honeywell Forge
Cybersecurity Platform Software Change Notice.
INSTALLING THE VSE
DocID CS-HFCPE501en-1911A 21
5. Installing the VSE
This section describes installation procedures for installing VSE Windows. Before
initiating any of the procedures set out here, ensure that all site preparation
requirements listed in the Software Change Notice (SCN) have been met.
CAUTION
Before starting with the VSE installation procedure, you need to deploy the Postgres database in accordance with the instructions provided below. If you fail to do so the VSE installation cannot be completed.
5.1 Deploying Postgres
NOTE
Deploying Postgres requires having Visual C++ 2015 or a higher version installed.
To deploy Postgres:
1. Copy the pgsql.zip file, which is provided as part of the installation ISO.
2. Extract this ZIP file anywhere on your computer.
3. From the extracted folder, open command line as administrator.
4. Run the file vse_pg_reg.bat.
5. Open the Services pane, either from the taskbar or by running Services.msc, and
ensure that the PostgreSQL service is displayed with the status Running.
To install the VSE:
1. Close any running applications.
2. If a previous version of the VSE is installed, verify that the Site Server service and
the Site Server Watchdog service have been stopped.
3. Extract (unzip) the installation package into its own directory.
4. Proceed according to the selected installation method, as detailed in the following
sections:
5.2, Installing the VSE through the wizard
5.3, Installing the VSE through the Windows console
INSTALLING THE VSE
DocID CS-HFCPE501en-1911A 22
5.2 Installing the VSE through the wizard
To perform the installation by using the wizard:
1. Go to the directory into which the installation package has been extracted.
2. Double-click install_VSE.exe to launch the VSE InstallAnywhere wizard.
3. Click Next in the Introduction window.
4. In the License Agreement screen, read the license agreement carefully, select the
check box I accept the terms in the license agreement, and click Next.
5. In the Choose the Postgres Folder screen, choose the folder where the Postgres
is installed; namely, the folder to which the pgsql.zip file was extracted earlier.
If you provide another path, the installation wizard will display the following error
message:
The path provided does not contain Postgres. If Postgres is not installed, leave the
wizard open, install Postgres and then proceed with the installation wizard.
6. In the Choose Install Folder screen, change the installation location or leave the
default location, and click Next to proceed.
7. Use the Get Customer Information wizard screen to enter the details listed in the
table below and click Next.
Table 5-1. Windows – Customer Information
Parameter Description
License Key A unique key for this VSE. If the license key is part of the
installation files, it appears in the field. Otherwise, the field is
blank, and you must get the license string separately.
The license key is decrypted into an ID number for the VSE as
part of the installation process.
VSE Name The VSE name within the Security Center user interface.
Port The HTTP server port to be used for browser connection to the
VSE (mandatory). The default port is 8449.
The installation program checks the port (the default port 8449, or the port you
typed in) to see if the port is available. If the port is not available, you will not be
able to continue the installation until you enter a port that is free and can be used
by the VSE.
INSTALLING THE VSE
DocID CS-HFCPE501en-1911A 23
NOTE
For all fields, error messages notify if the value entered is not valid.
All fields on this panel can be predefined prior to installation.
8. In the Create Shortcuts screen, select whether to display the Site Login icon on
your desktop and Start menu and then click Next to display the Pre-Installation
Summary screen.
9. Review the installation details. If needed, click Previous to change the details.
When all details are correct, click Install to proceed to the Installing screen.
When the installation is complete, the Install Complete window appears.
10. Click Done.
The following happens:
a. The installation wizard closes.
b. The VSE starts running in the background. In some cases, you must restart
your machine to launch the VSE.
c. The following shortcuts are added to the Windows Start menu under
Programs:
o VSE Login
o Start VSE in batch mode
o Uninstall VSE
d. If you chose to add a shortcut to your desktop, the Site Login icon appears
there.
5.3 Installing the VSE through the Windows console The VSE installer is also available in console mode.
To install VSE through the console:
1. Open a console window (terminal).
2. Go to the directory to which the installation package has been extracted.
3. Run the command install_VSE.exe -I console to display the Introduction screen.
4. Press Enter to display the text of the license agreement and proceed to the
question Do you accept the terms of this license agreement?
5. Type Y to accept or N to decline and press Enter.
After the agreement is accepted, the Choose Install Folder step is displayed.
INSTALLING THE VSE
DocID CS-HFCPE501en-1911A 24
6. Type a destination folder for the VSE installation or accept the default folder, and
press Enter.
7. Use the Customer Information step that appears now to fill-in the requested
information. All information entered in the various fields will be validated.
8. If one of the fields is invalid, you will be prompted to retype all the fields.
NOTE
All fields can be predefined prior to installation.
If the License Key exists in the installation package, it will be set from the file
Install/Specific/v<m.n>/License/license.dat.
The VSE Name and Port will be set from the CustomActions/install.properties
if it exists in the installation package.
9. Click Enter to display the Pre-Installation Summary text.
Figure 5-1. Choose Install Folder in the VSE CLI installer
INSTALLING THE VSE
DocID CS-HFCPE501en-1911A 25
10. After reviewing the installation details press Enter.
After the installation is completed, the Install Complete screen appears.
11. Press Enter to exit the installation.
5.4 VSE initialization After the installation process is finished, the VSE initializes.
The progress bar indicates the stage of the initialization and displays messages such
as Starting the VSE..., Checking configuration parameters..., and Executing custom
actions...
When the initialization is completed the login screen appears, allowing you to use the
following default username and password:
• Username: admin
• Password: admin
It is advisable to change the default credentials.
Figure 5-2. Pre-Installation Summary in the VSE CLI installer
UPDATING TO VSE 4.9.50
DocID CS-HFCPE501en-1911A 26
6. Updating to VSE 4.9.50
You can perform an update to 4.9.50 only through software distribution.
For details, see section Distributing software in the Security Center Getting Started
Guide.
CAUTION
VSE version 4.9.50 only supports installation on machines running 64-bit operating systems.
UNINSTALLING THE VSE
DocID CS-HFCPE501en-1911A 27
7. Uninstalling the VSE
This chapter provides instructions for uninstalling the VSEs in either of the methods
described in the following sections:
• 7.1, Uninstalling by using the Uninstaller
• 7.2, Uninstalling by using the console
7.1 Uninstalling by using the Uninstaller The VSE can be uninstalled by using the Uninstaller.
NOTES
Uninstalling the VSE automatically removes the VSE application and registry entries, as well as VSE Watchdog.
You can also choose to remove directories and files that were added following the installation.
To uninstall by using the Uninstaller in Windows:
1. Access the Uninstall VSE file by using the method relevant to your OS.
In Windows 7:
i. Click the Windows Start icon.
ii. Click All Programs.
iii. Click VSE and then the go the directory that contains the most recent VSE
version.
In Windows 10:
i. Click VSE in the search bar.
NOTE
Ensure that the search filter is set to All.
ii. Find Uninstall VSE in the Apps section.
2. Click Uninstall VSE.
3. To remove all files and directories, select the checkbox Remove files and folders
created after the installation.
4. Click Uninstall.
5. When the uninstallation completes, select whether to allow the wizard to restart
the system or to restart the system yourself at a later stage.
UNINSTALLING THE VSE
DocID CS-HFCPE501en-1911A 28
6. If you selected to restart the system yourself, click Done to exit the wizard and
restart the computer at the convenient time for you.
7.2 Uninstalling by using the console
To uninstall by using the console:
1. Open console window (terminal), and browse to the Uninstaller directory
<VSE Installation
directory>\VSESupport\InstallInfo\v<m.n>\Uninstall_VSE
2. Type the following command:
<VSE_Uninstaller> -i console
3. To uninstall in silent mode, run the following command:
<VSE_Uninstaller> -i silent
VSE PACKAGING
DocID CS-HFCPE501en-1911A 29
8. VSE Packaging
This section describes the steps required for creating a single-file installer for branding
under another name.
8.1 Method Technical Support prepares most of the VSE single-file distribution package
beforehand.
The vendor needs to make very few changes, such as changing the license string
before distributing the VSE to the end-user for installation.
The end-user only needs to run the VSE package. No additional steps are required.
8.2 Package contents A distribution package includes the following components:
• End-user-specific configuration
This component changes for each installation at the end-user’s premises.
• Vendor-specific configuration
This component may change for different divisions, for example.
• Core VSE software
This component never changes.
8.3 End-user-specific configuration This section varies with the VSE installation of each site.
Table 8-1. End-user specific details
Parameter Description
VSE License Install/Specific/v<m.n>/License/license.dat
Note
The License Key may not exist in the installation package, in which case
the License folder is empty.
VSE Name CustomActions/install.properties
SITENAME property
VSE PACKAGING
DocID CS-HFCPE501en-1911A 30
8.4 Vendor/enterprise-specific configuration In most cases, this section is the same for all end-user installations.
8.4.1 Branded images The distribution package contains the following images. Typically, these images
remain the same for all distribution packages.
Table 8-2. Branded images
Icon Size Image Path
VSE Initializing 460x275
96dpi
Install/Generic/v<m.n>/UI/Pictures/Site/
Initialization/initializing.png
Top of About Window 350x380
96dpi
Install/Generic/v<m.n>/UI/Pictures/Site/
aboutBackground-VSE.png
Login Screen 465x301
96dpi
Install/Generic/v<m.n>/UI/Pictures/Site/l
oginScreen.png
Debug Screen 465x301
96dpi
Install/Generic/v<m.n>/UI/Pictures/Site/
debugScreen.png
Upper right side of the UI
100x91
96dpi
Install/Generic/v<m.n>/UI/Pictures/Site/
uppderBanner-right.gif
Login logo and upper left side of the UI
120x89
96dpi
Install/Generic/v<m.n>/UI/Pictures/Cust
om/CustomerLogo_LoginPage.gif
8.4.2 Embedded third-party applications The necessary third-party applications listed below are embedded as part of the VSE
installation.
Table 8-3. Third-party applications
Application Path
TightVNC CustomActions/tightvnc-2.7.10-32bit.msi
Perl Perl/ActivePerl-24.2.2403.exe
VSE PACKAGING
DocID CS-HFCPE501en-1911A 31
8.4.3 Connection to Security Center To define Security Centers as part of the VSE installation, ensure that the connection
information files listed below are located in the path specified in the table.
Table 8-4. Files used for connecting to Security Center
File Path
RemoteSupportServers.nne
(Remote Servers)
Install/Generic/v<m.n>/Data/Configuration/
vendorscert
(Servers’ Certificate)
Install/Generic/v<m.n>/Data/Configuration/
8.4.4 Product Lines The table below lists product lines to be imported and installed at the VSE
NOTE
Product Line name must begin with PL_, must end with .nnz, and must be
exported from the Security Center in site format.
Table 8-5. Prepackaged product lines
Product Line Path
Lite Product Line Install/Generic/v<m.n>/Install/PL_Lite.nnz
Self-Monitoring Install/Generic/v<m.n>/Install/PL_SelfMonitoring.nnz
8.4.5 Other installation properties The table below lists properties that allow you to customize the VSE name and
installation directory.
Table 8-6. Installation properties
Properties Description
Installation Properties CustomActions/install.properties
SITEPORT
INSTALLDIR
VSE PACKAGING
DocID CS-HFCPE501en-1911A 32
8.5 Core VSE software This section is the same for all end-user installations.
Table 8-7. Core VSE software
Software File
VSE Installer Windows: install_VSE.exe
Silent Installer Windows: install.cmd
VSE Utilities CustomActions directory, except for install.properties file
(for details, see section 8.4.5, Other installation properties)
8.6 Creating a distribution package
To create a VSE distribution package:
1. Prepare most changes in a predefined directory that has the specific structure
required by the VSE installer.
2. Make the necessary changes per VSE.
3. Create the distribution package by preparing a compressed file.
4. Send the package.
8.6.1 General changes
To create and distribute general changes:
1. Create and copy images to their target directories, as described in section 8.4.1,
Branded images.
2. Copy connection-related files from a properly working VSE to their target
directories, as described in section 8.4.3, Connection to Security Center.
3. Export relevant product lines in site format to their target directories. For details
see section 8.4.4, Product Lines.
NOTE
Product Line name must begin with PL_, must end with .nnz, and must be
exported from the Security Center in site format.
VSE PACKAGING
DocID CS-HFCPE501en-1911A 33
8.6.2 Changes per end-user
To create and distribute an end-user-specific changes:
1. Edit and replace the license file, as described in section 8.3, End-user-specific
configuration.
2. Change VSE name, as described in section 8.4.5, Other installation properties.
3. Compress or combine all distribution package components.
4. Send the customized distribution package to the end-user.
CS-HFCPE501en-1911A November 2019 © 2019 Honeywell International Sàrl
Honeywell Process Solutions
1250 W Sam Houston Pkwy S #150, Houston,
TX 77042
Honeywell House, Skimped Hill Lane
Bracknell, Berkshire, RG12 1EB Building #1, 555 Huanke Road, Zhangjiang
Hi-Tech Park,
Pudong New Area, Shanghai, China 201203
www.honeywellprocess.com