honeywell forge cybersecurity platform · 2020. 5. 18. · outbound . connecting to a remote access...

HONEYWELL FORGE CYBERSECURITY PLATFORM

1911 (NOV 2019)

Virtual Security Engine (VSE)

Installation Guide

CS-HFCPE501en-1911A

November 2019

DocID CS-HFCPE501en-1911A 2

DISCLAIMER

This document contains Honeywell proprietary information. Information contained

herein is to be used solely for the purpose submitted, and no part of this document or

its contents shall be reproduced, published, or disclosed to a third party without the

express permission of Honeywell International Sàrl.

While this information is presented in good faith and believed to be accurate,

Honeywell disclaims the implied warranties of merchantability and fitness for a

purpose and makes no express warranties except as may be stated in its written

agreement with and for its customer.

In no event is Honeywell liable to anyone for any direct, special, or consequential

damages. The information and specifications in this document are subject to change

without notice.

Copyright 2019 – Honeywell International Sàrl


Notices

Trademarks Experion®, PlantScape®, SafeBrowse®, TotalPlant®, and TDC 3000® are registered

trademarks of Honeywell International, Inc.

OneWireless™ is a trademark of Honeywell International, Inc.

Other trademarks Trademarks that appear in this document are used only to the benefit of the trademark

owner, with no intention of trademark infringement.

Third-party licenses This product may contain or be derived from materials, including software, of third

parties. The third party materials may be subject to licenses, notices, restrictions and

obligations imposed by the licensor.

The licenses, notices, restrictions and obligations, if any, may be found in the materials

accompanying the product, in the documents or files accompanying such third party

materials, in a file named third_party_ licenses on the media containing the product.

Documentation feedback You can find the most up-to-date documents on the Honeywell Process Solutions

support website at:

http://www.honeywellprocess.com/support

If you have comments about Honeywell Process Solutions documentation, send your

feedback to:

[email protected]

Use this email address to provide feedback, or to report errors and omissions in the

documentation. For immediate help with a technical problem, contact your local

Honeywell Process Solutions Customer Contact Center (CCC) or Honeywell Technical

Assistance Center (TAC).

How to report a security vulnerability For the purpose of submission, a security vulnerability is defined as a software defect

or weakness that can be exploited to reduce the operational or security capabilities of

the software.

http://www.honeywellprocess.com/support

mailto:[email protected]


Honeywell investigates all reports of security vulnerabilities affecting Honeywell

products and services.

To report a potential security vulnerability against any Honeywell product, please

follow the instructions at:

https://honeywell.com/pages/vulnerabilityreporting.aspx

Submit the requested information to Honeywell using one of the following methods:

Send an email to [email protected].

or

Contact your local Honeywell Process Solutions Customer Contact Center (CCC) or

Honeywell Technical Assistance Center (TAC) listed in the “Support” section of this

document.

Support For support, contact your local Honeywell Process Solutions Customer Contact Center

(CCC). To find your local CCC visit the website, https://www.honeywellprocess.com/en-

US/contact-us/customer-support-contacts/Pages/default.aspx.

Training classes Honeywell holds technical training classes that are taught by process control systems

experts. For more information about these classes, contact your Honeywell

representative, or see http://www.automationcollege.com.

https://honeywell.com/pages/vulnerabilityreporting.aspx

mailto:[email protected]

https://www.honeywellprocess.com/en-US/contact-us/customer-support-contacts/Pages/default.aspx

https://www.honeywellprocess.com/en-US/contact-us/customer-support-contacts/Pages/default.aspx

http://www.automationcollege.com/


About this Guide

This guide describes how to install and configure the Virtual Security Engine (VSE), an

Honeywell Forge Cybersecurity Platform component that is installed at the remote site

and monitors devices at the site.

Scope This guide provides step-by-step instructions for configuring, installing, using, and

uninstalling the VSE, as well as the steps required for connecting to the Security

Center.

Intended audience This guide is intended for VSE technical personnel responsible for installing,

uninstalling and updating the VSE.

Several sections within the guide describe more complex installation scenarios for

which Support help might be required.

Chapter 8, VSE Packaging, is intended for technical personnel responsible for

preparing the VSE installation package.

Prerequisite skills This guide assumes basic knowledge of the Honeywell Forge Cybersecurity Platform

1911 modules relevant to the Security Center, the VSE, or both, depending on your

specific role.

Conventions used in this guide This guide uses the following conventions:

• v<m.n>

Indicates the software version, with the following variables:

v – a constant that stands for version

m – a variable that indicates a major version number

n – a variable that indicates a minor version number

For example: v4.3

• %<directory>%


Indicates an environment variable; for example, from %ProgramFiles% and

%TEMP%.

Related documents The following list identifies publications that may contain information relevant to the

information in this document.

Document Name Document Number

Honeywell Forge Cybersecurity Platform 1911 -

Security Center Getting Started Guide CS-HFCPE400en-1911A

Honeywell Forge Cybersecurity Platform 1911 - Virtual

Security Engine – User Guide CS-HFCPE601en-1911A

Revision history

Revision Supported Release

Date Description

A 1911 November

2019

Upgrade release

A 1909 September

2019

First release of product under the

Honeywell Forge Cybersecurity brand

A Release 510.1 August 2019 This software is an upgrade-only

release from Release 501.1

A Release 500.1 June 2019 First release of product to Honeywell

Enterprise customers


Contents 1. SECURITY CONSIDERATIONS ........................................................................................ 11

1.1 Physical security ...................................................................................................................................... 11

1.2 Separate security zone ......................................................................................................................... 11

1.3 Limiting access ........................................................................................................................................ 11 1.3.1 At the VSE level ...................................................................................................................... 11 1.3.2 At the directory or file level ............................................................................................... 11 1.3.3 Ports used by the application ........................................................................................ 12

1.4 Authorization measures ...................................................................................................................... 13

1.5 Encryption and validation................................................................................................................... 13

1.6 Possible security risks .......................................................................................................................... 14

2. TERMS AND DEFINITIONS .............................................................................................. 15

3. VSE OVERVIEW .................................................................................................................... 18

4. PREPARING SITES FOR INSTALLATION ..................................................................... 20

5. INSTALLING THE VSE........................................................................................................ 21

5.1 Deploying Postgres ................................................................................................................................ 21

5.2 Installing the VSE through the wizard .......................................................................................... 22

5.3 Installing the VSE through the Windows console .................................................................. 23

5.4 VSE initialization ...................................................................................................................................... 25

6. UPDATING TO VSE 4.9.50 ................................................................................................ 26

7. UNINSTALLING THE VSE ................................................................................................. 27

7.1 Uninstalling by using the Uninstaller ........................................................................................... 27

7.2 Uninstalling by using the console .................................................................................................. 28

8. VSE PACKAGING .................................................................................................................. 29

8.1 Method ......................................................................................................................................................... 29

8.2 Package contents ................................................................................................................................... 29

8.3 End-user-specific configuration..................................................................................................... 29

8.4 Vendor/enterprise-specific configuration ................................................................................. 30 8.4.1 Branded images .................................................................................................................... 30 8.4.2 Embedded third-party applications............................................................................ 30 8.4.3 Connection to Security Center ...................................................................................... 31 8.4.4 Product Lines ......................................................................................................................... 31 8.4.5 Other installation properties ........................................................................................... 31

8.5 Core VSE software .................................................................................................................................. 32

8.6 Creating a distribution package ...................................................................................................... 32


8.6.1 General changes ................................................................................................................... 32 8.6.2 Changes per end-user ....................................................................................................... 33


List of Figures FIGURE 5-1. CHOOSE INSTALL FOLDER IN THE VSE CLI INSTALLER........................... 24

FIGURE 5-2. PRE-INSTALLATION SUMMARY IN THE VSE CLI INSTALLER .................. 25


List of Tables TABLE 1-1. LIST OF PORTS .................................................................................................................... 12

TABLE 5-1. WINDOWS – CUSTOMER INFORMATION .............................................................. 22

TABLE 8-1. END-USER SPECIFIC DETAILS ................................................................................... 29

TABLE 8-2. BRANDED IMAGES ............................................................................................................ 30

TABLE 8-3. THIRD-PARTY APPLICATIONS ..................................................................................... 30

TABLE 8-4. FILES USED FOR CONNECTING TO SECURITY CENTER .............................. 31

TABLE 8-5. PREPACKAGED PRODUCT LINES ............................................................................. 31

TABLE 8-6. INSTALLATION PROPERTIES ....................................................................................... 31

TABLE 8-7. CORE VSE SOFTWARE ..................................................................................................... 32

SECURITY CONSIDERATIONS


1. Security Considerations

This chapter outlines the security measures for the VSE.

1.1 Physical security

CAUTION

VSE is a mission-critical component.

Take all necessary physical measures to prevent attacks or disasters.

Ensure that the server where the product is installed is located in an approved

physically secure location that is accessible only to authorized personnel.

1.2 Separate security zone VSE contains sensitive information, the loss of which could have severe consequences.

Therefore, there is a need to protect the sensitive information and prevent attacks

against the product. To do that, the VSE software, as well as its related extensions,

must be installed in an internally secured zone such as the site’s layer 3 network, with

strict access control lists and appropriate firewall/routing rules.

Ensure that VSE is installed in a directory that is only accessible to authorized

personnel responsible for the product.

CAUTION

If VSE is installed on one or more servers that are exposed to untrusted networks such as the Internet, protection against denial-of-service (DoS) attacks must be implemented.

1.3 Limiting access It is highly recommended to follow regulatory, industry, and enterprise standards for

limiting access to sensitive information as specified below.

1.3.1 At the VSE level The user management at the host running the VSE must follow the principles of need

to know and least privilege: Only users who absolutely must have access to the

computer are granted access, and these users are assigned the minimal set of

permissions allowing them to perform their job.

1.3.2 At the directory or file level Access to directories and files should also be granted in accordance with the principles

of need to know and least privilege: Only Users who absolutely must have access to the



requested directory and file are granted access, and these Users are assigned the

minimal set of permissions allowing them to perform their job.

Use the built-in file access audit logging of the OS to monitor unauthorized changes to

sensitive files.

1.3.3 Ports used by the application The default ports used the VSE are listed in the table below.

Table 1-1. List of ports

Port Number Port Type Inbound/Outbound Used for

8449 TCP Inbound Computers that reside on the

same network as the VSE.

Note

This number is configurable

and can be defined during the

VSE setup.

443 TCP Outbound

Connecting to a communication

server through a firewall

Note

This setting is configurable

depends on the

communication server settings

444 TCP Outbound

Connecting to a remote access

bridge (RAB) through a firewall

Note

This setting is configurable

depends on the RAB settings

Note

The ports listed below may or may not be used, depending on the VSE’s functionality. For

further details contact your Support team.

22 TCP Outbound Connecting to an SSH server on

the same network



Port Number Port Type Inbound/Outbound Used for

21 TCP Outbound Connecting to an FTP server on

the same network

445 TCP Outbound Connecting through WMI to a

device on the same network

162 UDP Inbound Used for SNMP traps

514 UDP Inbound Used for syslog events

1.4 Authorization measures It is strongly recommended to implement the following security measures:

• Change the default administrative password and delete/disable the default service

accounts as soon as new administrative accounts are created

• Disable any default Administrator/Root user on the computer

• Disable any default Guest user on the computer

• Disable any unauthenticated access to the computer via shared directories etc.

• Ensure that the OS is up to date with the latest security patches provided by the OS

vendor

1.5 Encryption and validation All cryptographic keys generated for the encrypted communication must follow the

current industry standards, including key size, encryption suites, certificate swapping

etc.

Operators and other personnel who have a low authorization level are advised to

ensure that they only run software provided from the Headquarters as a code-signed

execution file, such as Hyper Tunnel installer. A code-signed software displays the

signed by notification when it starts to run.

It is recommended to use a valid certificate issued by a trusted Certificate Authority

(CA), either the organization’s internal CA or an external CA.



1.6 Possible security risks The VSE machine must reside in a secured environment because, as the VSE has

access to the entire network, a compromised VSE machine would result in a severe

breach of security to the other machines in the network.

In normal operation, these risks are mitigated as the VSE only has two outbound

connections to the Security Center. A security breach can therefore only take place if

the attacker infiltrates the remote site or someone has configured the VSE machine to

be open to the Internet. The VSE connects to the Communication Server in a secured

tunnel, by default on port 443.

The only inbound connections are:

• 8449 – used for Web Server UI access

• 514 – used for syslog events

• 162 – used for SNMP traps

TERMS AND DEFINITIONS


2. Terms and Definitions

NOTE

The terms and definitions are listed in alphabetical order

Term Definition

asset Any site component that is connected to the network and is

accessible from the VSE

Communication Server (CS)

The Communication Server provides secure communication

between the Security Center and the VSEs and, optionally,

between the VSEs themselves.

compliance Whether the device meets the organization policy

compromised computer

Any computing resource whose confidentiality, integrity or

availability has been adversely impacted, either intentionally

or unintentionally, by an untrusted source. A compromise can

occur either through manual interaction by the untrusted

source or through automation.

DB Database server component

device A representation of a physical or virtual server or machine in

the VSE

discovery engine A VSE utility that represents the Honeywell Forge

Cybersecurity Active Discovery mechanism, which detects

and classifies network assets, and, optionally, adds them as

devices to the VSE.

ESP Essential Security Policy: A collection of scripts related to one

logical area, such as machine security status, hardware

information, event logs, or storage information; these scripts

can either be run on demand (Diagnose Routine or Corrective

Action) or based on a predefined schedule.

execution profile A collection of scripts related to one logical area, such as

machine security status, hardware information, event logs, or

storage information; these scripts can either be run on

demand (Diagnose Routine or Corrective Action) or based on

a predefined schedule.



Term Definition

exposure level The extent to which the specific device is critical to ongoing

site operation; the predefined value options for the exposure

levels are one of the following:

• High

• Medium

• Low

heartbeat A periodic message sent between the VSE and the master

Security Center, to verify that the connection is alive

HQ Headquarters; the physical location of the Security Center

Lite product line The most basic product line, pre-packaged with the VSE

installer, which can enable accessing the system and

performing the most basic operations such as Send File and

Remote Access

Master Security Center

The only Security Center that handles heartbeat messages,

and from which the VSE receives remote activities. There can

be only one Master per VSE.

monitoring profile (MP)

An execution profile configured to run at set time intervals,

such as Every day at 18:00.

product line

A set of actions and scripts that together instruct the VSE to

perform certain procedures on devices that are defined in the

VSE.

Remote Access Bridge (RAB)

A Honeywell Forge Cybersecurity Platform component

installed externally to the SC which enables secure remote

access between the SC and the VSE. On receiving

communication requests from the VSE and the RAG, it

creates a secure bridge between them, thereby enabling a

secure communications tunnel from the SC to the VSE, and

from there to the required device.

Remote Access Gateway (RAG)

The Remote Access Gateway is part of Honeywell Forge Cybersecurity Platform’s remote access solution. When initiated, the Remote Access Gateway automatically pulls the connection details from the Security Center database. For each request to access a remote site, the Remote Access Gateway establishes a secure connection to the Remote Access Bridge to enable a secure communications tunnel.



Term Definition

reverse tunnel A secured connection initiated by the VSE to the Security

Center.

Security Center (SC) Honeywell Forge Cybersecurity Platform component that is

installed at the corporate data center. The security center is

composed of various software components, which enable to

remotely collect, analyze, view, manage, and store data

retrieved from the VSEs. This data refers to the monitored

network assets and devices found at the VSE’s sites.

Self-monitoring product line

A product line that is prepackaged with the VSE installer and

contains several collection routines. When customers need to

send certain information to Support, such as audit logs and

system configuration, running the relevant collection routine

ensures that only the required data is collected.

SEPM Symantec Endpoint Protection Manager. Symantec Endpoint

Protection is a security software suite that includes intrusion

prevention, firewall, and anti-malware features.

SID Security Identifier; a string of characters and numbers.

tunnel A secure connection established from the Security Center to

the VSE.

VSE The Honeywell Forge Cybersecurity Platform component that

is installed at the remote site, monitors the devices at the

site, and provides additional functionalities such as remote

access.

VSE OVERVIEW


3. VSE Overview

Honeywell Forge Cybersecurity Platform enables an organization to remotely collect,

analyze, and view security data and other data retrieved from supported field-deployed

devices.

The system architecture consists of the following software components:

• Virtual Security Engine (VSE)

The Honeywell Forge Cybersecurity Platform component that is installed at the

remote site, monitors the devices at the site, and provides additional

functionalities such as remote access

• Security Center

The Honeywell Forge Cybersecurity Platform component that is installed at the

corporate data center. The security center is composed of various software

components, which enable to remotely collect, analyze, view, manage, and store

data retrieved from the VSEs. This data refers to the monitored network assets and

devices found at the VSE’s sites.

The Security Center is deployed at the customer’s headquarters or center. It

receives and stores device data transmitted by the VSEs.

• Communication Server

The Communication Server provides secure communication between the Security

Center and the VSEs and, optionally, between the VSEs themselves..

The Communication Server is located at the customer’s headquarters or center, in

a location accessible from the outside world, and provides secure communication

between the VSEs and the Security Center.

The following are some of the key features of the VSE:

• VSE follows rules defined by the organization to collect only data required for

solving issues.

The organization downloads to the VSEs collection routines that define the

following:

The data to collect

The protocol used

The collection frequency

VSE OVERVIEW


The location from which data items are to be to collected

• The VSE can gather transient data based on different events or on-site run-time

analysis of previously collected data.

• The VSE allows data sources and collection methods to be changed dynamically,

both remotely and locally.

• The VSE supports a variety of communication protocols, including: SNMP,

Telnet/SSH, Syslog Server, TL1, FTP, WMI, DBA, and custom protocols.

• Honeywell Forge Cybersecurity Platform supports scripting languages

(PowerShell, Perl, and VBScript). This enables various advanced collection

functions that do not fit within the regular UI-based system features, including

intelligent, dynamic collection based on previous collected values, advanced

parsing, sophisticated analysis and triggering, and filtered collection results.

• The VSE is designed to give the end-users in the site complete control over the

data that enters or leaves their network. Collection routines must be approved by

the end-user before they are installed on the VSE.

PREPARING SITES FOR INSTALLATION


4. Preparing Sites for Installation

For details about the system requirements such as supported operating systems,

browsers, and minimum hardware configuration, see the Honeywell Forge

Cybersecurity Platform Software Change Notice.

INSTALLING THE VSE


5. Installing the VSE

This section describes installation procedures for installing VSE Windows. Before

initiating any of the procedures set out here, ensure that all site preparation

requirements listed in the Software Change Notice (SCN) have been met.

CAUTION

Before starting with the VSE installation procedure, you need to deploy the Postgres database in accordance with the instructions provided below. If you fail to do so the VSE installation cannot be completed.

5.1 Deploying Postgres

NOTE

Deploying Postgres requires having Visual C++ 2015 or a higher version installed.

To deploy Postgres:

1. Copy the pgsql.zip file, which is provided as part of the installation ISO.

2. Extract this ZIP file anywhere on your computer.

3. From the extracted folder, open command line as administrator.

4. Run the file vse_pg_reg.bat.

5. Open the Services pane, either from the taskbar or by running Services.msc, and

ensure that the PostgreSQL service is displayed with the status Running.

To install the VSE:

1. Close any running applications.

2. If a previous version of the VSE is installed, verify that the Site Server service and

the Site Server Watchdog service have been stopped.

3. Extract (unzip) the installation package into its own directory.

4. Proceed according to the selected installation method, as detailed in the following

sections:

5.2, Installing the VSE through the wizard

5.3, Installing the VSE through the Windows console

INSTALLING THE VSE


5.2 Installing the VSE through the wizard

To perform the installation by using the wizard:

1. Go to the directory into which the installation package has been extracted.

2. Double-click install_VSE.exe to launch the VSE InstallAnywhere wizard.

3. Click Next in the Introduction window.

4. In the License Agreement screen, read the license agreement carefully, select the

check box I accept the terms in the license agreement, and click Next.

5. In the Choose the Postgres Folder screen, choose the folder where the Postgres

is installed; namely, the folder to which the pgsql.zip file was extracted earlier.

If you provide another path, the installation wizard will display the following error

message:

The path provided does not contain Postgres. If Postgres is not installed, leave the

wizard open, install Postgres and then proceed with the installation wizard.

6. In the Choose Install Folder screen, change the installation location or leave the

default location, and click Next to proceed.

7. Use the Get Customer Information wizard screen to enter the details listed in the

table below and click Next.

Table 5-1. Windows – Customer Information

Parameter Description

License Key A unique key for this VSE. If the license key is part of the

installation files, it appears in the field. Otherwise, the field is

blank, and you must get the license string separately.

The license key is decrypted into an ID number for the VSE as

part of the installation process.

VSE Name The VSE name within the Security Center user interface.

Port The HTTP server port to be used for browser connection to the

VSE (mandatory). The default port is 8449.

The installation program checks the port (the default port 8449, or the port you

typed in) to see if the port is available. If the port is not available, you will not be

able to continue the installation until you enter a port that is free and can be used

by the VSE.

INSTALLING THE VSE


NOTE

For all fields, error messages notify if the value entered is not valid.

All fields on this panel can be predefined prior to installation.

8. In the Create Shortcuts screen, select whether to display the Site Login icon on

your desktop and Start menu and then click Next to display the Pre-Installation

Summary screen.

9. Review the installation details. If needed, click Previous to change the details.

When all details are correct, click Install to proceed to the Installing screen.

When the installation is complete, the Install Complete window appears.

10. Click Done.

The following happens:

a. The installation wizard closes.

b. The VSE starts running in the background. In some cases, you must restart

your machine to launch the VSE.

c. The following shortcuts are added to the Windows Start menu under

Programs:

o VSE Login

o Start VSE in batch mode

o Uninstall VSE

d. If you chose to add a shortcut to your desktop, the Site Login icon appears

there.

5.3 Installing the VSE through the Windows console The VSE installer is also available in console mode.

To install VSE through the console:

1. Open a console window (terminal).

2. Go to the directory to which the installation package has been extracted.

3. Run the command install_VSE.exe -I console to display the Introduction screen.

4. Press Enter to display the text of the license agreement and proceed to the

question Do you accept the terms of this license agreement?

5. Type Y to accept or N to decline and press Enter.

After the agreement is accepted, the Choose Install Folder step is displayed.

INSTALLING THE VSE


6. Type a destination folder for the VSE installation or accept the default folder, and

press Enter.

7. Use the Customer Information step that appears now to fill-in the requested

information. All information entered in the various fields will be validated.

8. If one of the fields is invalid, you will be prompted to retype all the fields.

NOTE

All fields can be predefined prior to installation.

If the License Key exists in the installation package, it will be set from the file

Install/Specific/v<m.n>/License/license.dat.

The VSE Name and Port will be set from the CustomActions/install.properties

if it exists in the installation package.

9. Click Enter to display the Pre-Installation Summary text.

Figure 5-1. Choose Install Folder in the VSE CLI installer

INSTALLING THE VSE


10. After reviewing the installation details press Enter.

After the installation is completed, the Install Complete screen appears.

11. Press Enter to exit the installation.

5.4 VSE initialization After the installation process is finished, the VSE initializes.

The progress bar indicates the stage of the initialization and displays messages such

as Starting the VSE..., Checking configuration parameters..., and Executing custom

actions...

When the initialization is completed the login screen appears, allowing you to use the

following default username and password:

• Username: admin

• Password: admin

It is advisable to change the default credentials.

Figure 5-2. Pre-Installation Summary in the VSE CLI installer

UPDATING TO VSE 4.9.50


6. Updating to VSE 4.9.50

You can perform an update to 4.9.50 only through software distribution.

For details, see section Distributing software in the Security Center Getting Started

Guide.

CAUTION

VSE version 4.9.50 only supports installation on machines running 64-bit operating systems.

UNINSTALLING THE VSE


7. Uninstalling the VSE

This chapter provides instructions for uninstalling the VSEs in either of the methods

described in the following sections:

• 7.1, Uninstalling by using the Uninstaller

• 7.2, Uninstalling by using the console

7.1 Uninstalling by using the Uninstaller The VSE can be uninstalled by using the Uninstaller.

NOTES

Uninstalling the VSE automatically removes the VSE application and registry entries, as well as VSE Watchdog.

You can also choose to remove directories and files that were added following the installation.

To uninstall by using the Uninstaller in Windows:

1. Access the Uninstall VSE file by using the method relevant to your OS.

In Windows 7:

i. Click the Windows Start icon.

ii. Click All Programs.

iii. Click VSE and then the go the directory that contains the most recent VSE

version.

In Windows 10:

i. Click VSE in the search bar.

NOTE

Ensure that the search filter is set to All.

ii. Find Uninstall VSE in the Apps section.

2. Click Uninstall VSE.

3. To remove all files and directories, select the checkbox Remove files and folders

created after the installation.

4. Click Uninstall.

5. When the uninstallation completes, select whether to allow the wizard to restart

the system or to restart the system yourself at a later stage.

UNINSTALLING THE VSE


6. If you selected to restart the system yourself, click Done to exit the wizard and

restart the computer at the convenient time for you.

7.2 Uninstalling by using the console

To uninstall by using the console:

1. Open console window (terminal), and browse to the Uninstaller directory

<VSE Installation

directory>\VSESupport\InstallInfo\v<m.n>\Uninstall_VSE

2. Type the following command:

<VSE_Uninstaller> -i console

3. To uninstall in silent mode, run the following command:

<VSE_Uninstaller> -i silent

VSE PACKAGING


8. VSE Packaging

This section describes the steps required for creating a single-file installer for branding

under another name.

8.1 Method Technical Support prepares most of the VSE single-file distribution package

beforehand.

The vendor needs to make very few changes, such as changing the license string

before distributing the VSE to the end-user for installation.

The end-user only needs to run the VSE package. No additional steps are required.

8.2 Package contents A distribution package includes the following components:

• End-user-specific configuration

This component changes for each installation at the end-user’s premises.

• Vendor-specific configuration

This component may change for different divisions, for example.

• Core VSE software

This component never changes.

8.3 End-user-specific configuration This section varies with the VSE installation of each site.

Table 8-1. End-user specific details

Parameter Description

VSE License Install/Specific/v<m.n>/License/license.dat

Note

The License Key may not exist in the installation package, in which case

the License folder is empty.

VSE Name CustomActions/install.properties

SITENAME property

VSE PACKAGING


8.4 Vendor/enterprise-specific configuration In most cases, this section is the same for all end-user installations.

8.4.1 Branded images The distribution package contains the following images. Typically, these images

remain the same for all distribution packages.

Table 8-2. Branded images

Icon Size Image Path

VSE Initializing 460x275

96dpi

Install/Generic/v<m.n>/UI/Pictures/Site/

Initialization/initializing.png

Top of About Window 350x380

96dpi


aboutBackground-VSE.png

Login Screen 465x301

96dpi

Install/Generic/v<m.n>/UI/Pictures/Site/l

oginScreen.png

Debug Screen 465x301

96dpi


debugScreen.png

Upper right side of the UI

100x91

96dpi


uppderBanner-right.gif

Login logo and upper left side of the UI

120x89

96dpi

Install/Generic/v<m.n>/UI/Pictures/Cust

om/CustomerLogo_LoginPage.gif

8.4.2 Embedded third-party applications The necessary third-party applications listed below are embedded as part of the VSE

installation.

Table 8-3. Third-party applications

Application Path

TightVNC CustomActions/tightvnc-2.7.10-32bit.msi

Perl Perl/ActivePerl-24.2.2403.exe

VSE PACKAGING


8.4.3 Connection to Security Center To define Security Centers as part of the VSE installation, ensure that the connection

information files listed below are located in the path specified in the table.

Table 8-4. Files used for connecting to Security Center

File Path

RemoteSupportServers.nne

(Remote Servers)

Install/Generic/v<m.n>/Data/Configuration/

vendorscert

(Servers’ Certificate)

Install/Generic/v<m.n>/Data/Configuration/

8.4.4 Product Lines The table below lists product lines to be imported and installed at the VSE

NOTE

Product Line name must begin with PL_, must end with .nnz, and must be

exported from the Security Center in site format.

Table 8-5. Prepackaged product lines

Product Line Path

Lite Product Line Install/Generic/v<m.n>/Install/PL_Lite.nnz

Self-Monitoring Install/Generic/v<m.n>/Install/PL_SelfMonitoring.nnz

8.4.5 Other installation properties The table below lists properties that allow you to customize the VSE name and

installation directory.

Table 8-6. Installation properties

Properties Description

Installation Properties CustomActions/install.properties

SITEPORT

INSTALLDIR

VSE PACKAGING


8.5 Core VSE software This section is the same for all end-user installations.

Table 8-7. Core VSE software

Software File

VSE Installer Windows: install_VSE.exe

Silent Installer Windows: install.cmd

VSE Utilities CustomActions directory, except for install.properties file

(for details, see section 8.4.5, Other installation properties)

8.6 Creating a distribution package

To create a VSE distribution package:

1. Prepare most changes in a predefined directory that has the specific structure

required by the VSE installer.

2. Make the necessary changes per VSE.

3. Create the distribution package by preparing a compressed file.

4. Send the package.

8.6.1 General changes

To create and distribute general changes:

1. Create and copy images to their target directories, as described in section 8.4.1,

Branded images.

2. Copy connection-related files from a properly working VSE to their target

directories, as described in section 8.4.3, Connection to Security Center.

3. Export relevant product lines in site format to their target directories. For details

see section 8.4.4, Product Lines.

NOTE

Product Line name must begin with PL_, must end with .nnz, and must be

exported from the Security Center in site format.

VSE PACKAGING


8.6.2 Changes per end-user

To create and distribute an end-user-specific changes:

1. Edit and replace the license file, as described in section 8.3, End-user-specific

configuration.

2. Change VSE name, as described in section 8.4.5, Other installation properties.

3. Compress or combine all distribution package components.

4. Send the customized distribution package to the end-user.

CS-HFCPE501en-1911A November 2019 © 2019 Honeywell International Sàrl

Honeywell Process Solutions

1250 W Sam Houston Pkwy S #150, Houston,

TX 77042

Honeywell House, Skimped Hill Lane

Bracknell, Berkshire, RG12 1EB Building #1, 555 Huanke Road, Zhangjiang

Hi-Tech Park,

Pudong New Area, Shanghai, China 201203

www.honeywellprocess.com

honeywell forge cybersecurity platform · 2020. 5. 18. · outbound . connecting to a remote access...

Documents