System Administration

S&C IntelliTeam® DEM Distributed Energy Management Controller

Table of Contents

Section Page Section Page Overview Installing S&C Application Updates ...... 34 Administration Phases ...... 2 DCR Authorization File...... 35 Factory Software DEM Controller Time Source ...... 36 Manufacturing the SSD Image...... 3 DEM Audio Annunciations ...... 38 Windows Patch Management...... 39 Installation and Commissioning DEM Event and Diagnostic Logs ...... 40 Planning Connectivity...... 5 Oracle Database Troubleshooting...... 47 System Addressing Conventions ...... 6 Communication Port Configuration...... 6 Database Administration Multi-Homed DEM Configuration ...... 7 SQL Developer...... 51 Custom Configuration...... 7 Rebuilding the Oracle Database...... 59 DEM Backup...... 7 Preparing Schemas and Roles...... 60 Pre-Commissioning Completion...... 7 Exporting Dashboard History to Excel ...... 60 Hardware Installation ...... 8 DEM Alarm Notifications and Reports ...... 64 Configuring DEM Software...... 8 Restoring the Oracle Database...... 70 Windows Configuration...... 8 Changing DEM Host Name ...... 75 Device Interface Configuration...... 11 Customizing the DEM...... 79 Final Windows Configuration ...... 15 DEM Reference and Security DEM Storage Organization, Backup, and Windows Server 2008 R2 Features ...... 84 Recovery...... 18 Firewall and Ports In Use...... 84 Disk Partitioning and Volume Assignment ...... 19 Solidifier Administration ...... 84 Normal and Emergency Boot Procedures ...... 19 LGPO Management of DEM Security Controls . . . . . 86 Automated Disk Backup Procedure ...... 20 RDP Connections to DEM ...... 88 System Recovery from Internal Backups ...... 20 Network Configuration ...... 92 Recovery from External USB or Network Backups. . . . 21 DEM Firewall Operation...... 93 Recovery Using a Replacement DEM ...... 21 DEM Software Architecture...... 97 Oracle Database Recovery...... 21 ...... 99 Recreating Boot Menu, Recovery Image, etc ...... 21 System Addressing Template SQL Developer for Single-sign-on Accounts.2 . . 10 DEM System Maintenance...... 23 System Administration Database Schema Table CES_HUB List of Tables...... 103 DEM Backup...... 27 ITSG_COMMON List of Tables...... 104 Adding New Users ...... 30 Deleting Users ...... 34

October 6, 2014© S&C Electric Company Instruction Sheet 1047-521 Overview

The IntelliTeam DEM computer is an application-specific, Microsoft Windows Server 2008 R2-based controller. It is a prepackaged, rack-mounted PC, ready for installation and commissioning, extensively engineered to integrate into a distribution system operations network with minimum reliance on outside systems and network connections. It has a database management system, its own GIS database and system map, and a complete DNP master-slave communications engine. Because the DEM is a self-contained controller it provides a very secure operating environment with a minimum sacrifice of convenience. There are several aspects of this that will be appreciated by security administrators, without creating significant difficul- ties for the users: 1. No connections to the Internet are required for day-to-day operation of the DEM. The only access point to the outside world is through a secure, encrypted Windows Remote Desktop connection. 2. Security settings for thousands of Windows components have been pre-applied using a Windows-specific feature calledGroup Policy Objects or GPOs. 3. Database security and Windows security are unified—when a user logs in, both the Windows security settings and database security settings are automatically applied. The user need not remember any other passwords. All access is controlled at a very granular level, allowing the system to be shared easily between many users with different roles. Each user may be granted a unique collection of roles, or all users can be granted the same roles. 4. Communication channels can be flexibly configured, allowing traffic to be well controlled, based upon security risk. For example, WAN traffic to the CES Units, typically a less-secure environment, can be both physically and logically isolated from other network resources. The DEM has numerous serial and Ethernet ports, each of which can be configured based on customer requirements.

Administration Phases There are distinct administration phases in the DEM installation, from manufacturing to customer operation. • DEM manufacturing—A standard image is loaded onto the DEM SSD drive. This image contains the initial state of the DEM software and database. The generation of this image is described in the DEM Bare Metal Build Manual, an internal S&C document. • DEM pre-ship customer staging—After manufacturing, and before shipment of the DEM to the customer, a few customizations are performed. These include updating windows patches, installing customer/project-specific options such as the map tiles database; and GIS, asset and electrical connectivity data. • DEM initial customer installation—At the time of initial DEM installation, customer specific adjustments will be made: – Configure the two Ethernet ports to customer requirements. – TCP/IP and serial port information will be configured in the Oracle database. – The DEM may be added to the customer domain if desired. Otherwise it will remain as its own unique Windows Workgroup server. – Configure time base to access customer time resource, GPS, NTP server, or domain controller. – Install any customer provided monitoring and logging software clients. – Adjust S&C standard security posture to conform to customer requirements. • DEM ongoing system maintenance—by the customer and S&C. – Add or delete users from Windows and Oracle – Reconstruct Oracle database – Perform Oracle database backups (dumpfile). This document covers initial customer installation, and system maintenance.

2 S&C Instruction Sheet 1047-521 Factory Software

Manufacturing The standard image is loaded onto the DEM SSD drive. It is then updated to include the SSD Image improvements or bug fixes to applications and database contents. It is also updated for the latest Windows and other component and security patches, and verified to be operational. These SSD Image features are important to the system administrator: • Built with Windows Server 2008 R2 SP1. • Includes McAfee Anti-Virus software and the McAfee Solidifier. These are recommended security components. Although they may be removed or replaced with other security components as a customer option, we recommend that the provided components be used. • The image is updated with all Microsoft updates as of the time of preparation for shipment. The automatic Microsoft update mechanism is disabled by configuration. The customer has the option to re-enable automatic updating via the Internet in lieu of the provided manual update process. However, we recommend that these updates only be applied under manual control to avoid random reboots of the DEM, and the corresponding service interruptions. • The computer name is set to DEM on the workgroup DEM-CONTROLLER. The customer has the option of renaming the computer and/or joining the customer’s domain. • Initial roles installed are: Application Server, File Services, and Web Server (IIS). • Initial features installed are: Desktop Experience, Ink and Handwriting Services (required by the desktop experience feature), Remote Server Administration Tools, Windows Process Activation Service, Windows Server Backup, and .NET Frame- work version 4.51. • Password policy is relaxed through group policy. No password complexity requirement, passwords as short as 3 characters are accepted. • Through group policy, the initial logon experience suppresses the automatic startup of Server Manager, and Initial Configuration Tasks control panels. • A collection of default users are added to facilitate S&C customer deployment of the DEM. The following users are added/changed: – The windows standard user id “Administrator” is renamed to be “Support.” – Administrative users: S&C configures several user IDs for its internal support personnel. All of these user IDs have the text: “SandC_” prepended to the name. – The user ID “sandc” is configured for use ONLY by applications requiring administrative rights. This ID should not be assigned to a person and should not be included in the Remote Desktop Users group. – Unprivileged users are not configured before shipment, but can be configured during field deployment. • Six Windows user groups are created corresponding to six Oracle roles: CES_ADMIN, CES_COMMTECH, CES_OPERATOR, CES_PLANNER, CES_SCA- DATECH, and CES_SECADMIN. • The default users are defined to Oracle for single-sign-on usage as follows: – admin all roles – SandC_... all roles NOTE: Other IDs for initial customer use are also configured. The names and initial passwords for all customer-accessible accounts are provided directly to the customer. • The Remote Audio Service is enabled to allow audio cues to be returned to users logged on via Remote Desktop Connection. • Oracle 11g Release 2 (11.2.0.1.0) Standard Edition One database is installed.

S&C Instruction Sheet 1047-521 3 Factory Software

• Oracle 32-bit Data Access Components (ODAC 11.2 Release 2 Client and Tools 11.2.0.1.2) database client tools are installed. • Oracle SQL Developer for 64-bit Windows is installed. • Java SE Development Kit 6 Update 31 is installed. Required for SQL Developer in Single-sign-on environments. Versions of the JDK and JRE later than 6 will not work with SQL Developer. • Third party applications installed: 7-Zip, Adobe Acrobat Reader, Python 2.7.1, and WireShark. • A customer-specific GIS map is configured for the intended target system. • A full complement of the S&C applications, configurations, and data that create the DEM product software are installed. The result is a fully operational DEM based on default data. • An extensive backup strategy is included to provide automatic, separate backups of the system image and the application database. These strategies take full advantage of the DEM’s dual Solid State Disk design.

4 S&C Instruction Sheet 1047-521 Installation and Commissioning

This section describes the normal process of configuring and commissioning the IntelliTeam DEM, based on customer and site-specific requirements. This section contains guidance and a checklist of things to configure, with references to other sections and documents that contain more-detailed information. In particular, see the section Customizing the DEM on page 79, for general information on the DEM’s security- related features, which will be of interest particularly for customers with large systems, or with security-sensitive network environments. Such considerations could drive the selections for network connectivity and addressing options. Once the DEM has been installed and configured, the commissioning process can be completed by testing/verifying the various interfaces. When this is accomplished, commissioning can be considered complete. At that point, the DEM’s energy dispatch functions can be enabled using the DCR user interface and the information provided in Instruction Sheet 1047-570, DEM User’s Guide (available as Help text on the DEM).

NOTICE As with any distribution automation system, company safety and related policies should always be followed when installing components of the CES/DEM system . These procedures should include a process that leaves each CES Unit in Local mode (hardware switch at the CES Unit in Local position) until the DEM, communication system, and CES Unit are configured adequately to begin communication testing . That testing should then be completed, and the addressing to the CES Unit confirmed prior to switching the CES Unit to Remote mode . The confirmation process should include steps to ensure that the DEM is communicating successfully with the specific Unit being configured, rather than a different Unit . It should also verify the DEM’s configuration of the feeder phase the unit is connected to, Unit ratings, and all physical location information stored in the Unit and in the DEM . The DEM’s control loop actively controls all Units that it is connected to, once the Units have been configured . This procedure is to ensure that as soon as a newly configured CES Unit is switched to Remote operating mode, that it is properly controlled by the DEM . If energy management configuration has not been completed at the time of initial commissioning, simply open the Unit Dashboard in the DEM for the Unit being configured, select Manual control mode, and use a suitable manual control setting to test active control from the DEM .

Planning Connectivity Quite a bit of DEM commissioning involves determining access methods for the various device interfaces required, setting up addressing conventions, configuring explicit addressing in the DEM and related devices, and finally testing the various interfaces. Advanced planning is invaluable for preparing for a smooth and problem- free commissioning. To facilitate integration and to provide reliable and consistent operation, the DEM is designed to be as fully self-contained as possible. To this end, configuring access to optional, external systems is to be discouraged. For example, since direct, outbound access to the Internet is not required, preventing access to the Internet reduces the possibility of accidental download of computer viruses, or of undesired applications/application updates. Similarly, the DEM hosts its own database management system which could instead be provisioned in an external database management system. However, this would introduce the potential for very problematic performance, communications, or maintenance-related instability.

S&C Instruction Sheet 1047-521 5 Installation and Commissioning

System Addressing DEM/CES system installation is greatly facilitated by the early establishment of a Conventions system-wide addressing convention, and addressing assignments for all equipment to be initially installed. A diagram of the system with assigned addressing, and addressing conventions is very useful. A template example for producing a system diagram is included in this document on page 100. Please see Instruction Sheet 1047-570 User’s Guide for detailed instructions on configuring the addressing-related data structures. Various considerations affect the selection of system addressing. Remote access will likely require VPNs and security gateways. Access to SCADA master stations must be provided, and master stations have their own media and addressing requirements. Sub- station equipment will also have predefined requirements. The various considerations are discussed below.

Communication Port The DEM has Ethernet and serial communication ports. Depending on customer net- Configuration work topology requirements, one or both Ethernet ports will need to be configured, as will any devices accessed using serial RS232 communication. NOTICE The DEM supports only static IP addresses; do not configure the Ethernet ports with DHCP .

These classes or types of devices may need to be assigned to either Ethernet or serial interfaces: • A Windows Remote Desktop Connection gateway—This will be served by an Ethernet connection, and provides the means by which the DEM is routinely managed and supported by both the customer and by S&C personnel. • One or more SCADA master stations—The master station provides the most- common interface point between the CES system and the customer’s operations center. Often, two master stations are provisioned in the DEM, one as the primary control source, and the second as a standby backup. These may be configured using serial or Ethernet communication. The high communication volume justifies using Ethernet if possible. There are several ways the SCADA master station interface can be configured—please see Instruction Sheet 1047-570User’s Guide for details. • Substation transformer and feeder breaker instrumentation—These devices provide the means for the DEM to monitor feeder and substation power flow, which is often required by DEM energy management and capacity relief algorithms. These devices may be accessible via serial or Ethernet ports. Often, serial communication is used, to reduce the security risk associated with access to substation equipment. • Distribution system communication, wide area network (WAN) gateway— The WAN communication system is often kept physically isolated from other networks or devices for security reasons. WAN communication paths extend outside the substation fence, where access is much more difficult to control. In the System Addressing Template on page 100, each line shown connected to the DEM is a physical hardware-based communication connection. The DEM supports use of these physical connections, either serial or Ethernet, for multiple logical connections using the (logical) Communication Channel construct. For example, as shown in the template, the Ethernet interface carrying communication for one or more Windows Remote Desktop Connections also carries traffic between the DEM and the SCADA Master Station. Most of the DEM-side DNP and IP addresses, and related channel- specific characteristics such as serial BAUD rate, are configured in theCommunication Channel data structure using the DCR. For Ethernet interfaces, the local IP addressing and related configuration must also be configured using the Windowschange adapter settings function at: Network > Network and Sharing Center > Change adapter settings.

6 S&C Instruction Sheet 1047-521 Installation and Commissioning

For logical communication channels running on serial interfaces, the DEM can act as a master, or one or more slaves, but not as both a master and a slave. There can be only one logical communication channel configured per serial interface. The DEM has several serial (COM) interfaces accessible on the back panel. For master ports, the Communication Channel parameters specify the DNP address of the DEM on that channel. For logical communication channels running over Ethernet interfaces, multiple channels can share a given IP address and hardware interface. In this case, channel isolation is achieved by assigning one or more unique IP Port numbers to the local end of the channel. The primary requirement for DEM Ethernet addressing is that each device being accessed must be uniquely addressed in any given hardware interface, with the address consisting of the combination of IP address, IP Port, and DNP address. As long as the combination is unique, the addressing is valid. For example, there is no requirement that all DNP master channels have the same DNP master address. The DNP master address of a DEM, polling a feeder breaker, can be the same address, or a different address for the DEM polling a CES Unit.

Multi-Homed DEM The DEM has two Ethernet hardware interfaces. Two interfaces provide physical secu- Configuration rity and isolation of wide area network (WAN) access points (used for accessing the CES Units) from the customer’s operating network, and from the Internet. Standard networking rules for configuring multi-homed Windows PCs apply: • Only one of the two interfaces should have a gateway IP address assigned. This gateway address might be utilized for maintenance functions, or for other devices not on either of the two interface subnetworks. • At least one static route should be configured for all traffic intended for routing to the WAN, where the CES Units reside.

Custom Configuration A limited amount of customization is required for each DEM/CES system installation. Some of this may be performed by S&C in advance, such as creating a suitable geospatial view, creating Electrical facilities, and creating CES Units. The electrical facilities and Units will be in an “uncommissioned” state initially, but will be visible in the DCR. Some of the following discussion pertains to naming devices, which may already have been done. The DEM Administrator can make changes as desired, even if the system has been preconfigured.

DEM Backup Before commissioning is started, a full image backup should be made to an external media, along with preparation of a system repair disk. At the conclusion of DEM commissioning, a second external backup should be performed and the backup retained for emergency use. The DEM incorporates an automated backup procedure using backup media integral with the DEM hardware. Refer to DEM Backup on page 27 for a detailed description of the backup and recovery systems.

Pre-Commissioning Based on an understanding of local considerations and the information above, read Completion the rest of the commissioning process in this section, then select the desired interfacing methods and protocols, and establish the desired addressing. All DEM addressing and interfacing information can be preconfigured in the DEM prior to installation. However, all the necessary information may not be known at the time of installation, or as is often the case, a certain amount of trial and error may be required. Assuming that the DEM firewall is turned-off, the only required configuration for installation is the Windows-managed Ethernet interface adapter settings (IP address, mask, and default gateway, plus static route(s) if this will be a multi-homed system). Since this information is required for making a Remote Desktop connection, the adapter settings must be configured using the local USB and VGA ports on the DEM. Once these settings are configured, the DEM can be put on the network, the remote desktop connection tested, and all remaining configuration will be performed over the Remote Desktop connection.

S&C Instruction Sheet 1047-521 7 Installation and Commissioning

Hardware Installation Begin on-site commissioning by installing the DEM Controller hardware. See Instruc- tion Sheet 1047-510 Installation. Review this section in detail before configuring the DEM Ethernet ports, or putting it on your network. NOTE: Please be sure to keep the licensing documents sent with the DEM in a safe place—some of these documents contain license keys, that may be needed for maintenance. When ready to begin configuration, power up the DEM, connect to it locally, and start the configuration process. The required local configuration can be performed prior to, or after, hardware installation. Depending on the installation location, it may be appropriate to do most of the configuration prior to installation. An ac power cord is provided with the computer. Configuring DEM There are three configuration categories that need to be completed. These should be Software done in order, with the various Windows-based configurations performed first. This includes configuring IP addresses for the Ethernet adaptors, adding or updating user IDs, and editing the banner which is seen when a user logs in. Next, the DEM database must be configured for the various device interfaces, with their associated addressing parameters, including DNP and IP addresses, IP port assignments, etc. Additional details for configuring these items are described below. Finally, the energy dispatch functions must be configured.

Windows This section covers Microsoft Windows configuration, and other DEM software- Configuration controlled localizations. Modify Banner Text & Title A default login banner is installed as part of the DEM Security Baseline GPO. The Title and Banner statement on the login screen can be changed to more specifically address issues or legalities in the installed environment. Ideally, the banner text should be approved by legal or management to ensure it is factual in that particular deployment. Default Login Text is highly generic: Distributed Energy Management Controller << RESTRICTED ACCESS >> Unauthorized use of this system is strictly pro- hibited and may be subject to criminal prosecution or employee discipline. By accessing and using this computer, you are consenting to monitoring and information retrieval for law enforcement and other purposes. Users should have no expectation of privacy as to any communication on or information stored within the system.” Login Title and Banner text can be modified in theLocal Group Policy Editor, see Configuring the DEM Firewall on page 15. Use these instructions for the LGPO Editor: In the Start Menu type gpedit.msc. Navigate to this path: \Local Computer Policy\Com- puter Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ Interactive logon: Message text for users attempting to log on, or, Interactive logon: Message title for users attempting to log on . Text can be copied from the dialog, edited in Notepad, and then pasted back.

Figure 1. Local Group Policy Editor screen.

8 S&C Instruction Sheet 1047-521 Installation and Commissioning

Update Station Location Name in Database for DSC Title Line The title of the DSC window contains information on the station name and the DEM controller (hub) used to control power at the substation (station). Two data items in the database need to be adjusted to properly reflect the context or environment that the DSC is reporting. The name of the DEM Controller, and the name of the Substation controlled by the DEM can be configured using the DCR’s DEM and Station tabs.

Adjust Password Policy to Customer Requirements Depending on the customer, it may be desirable to adjust the password policy. If the DEM is attached to a customer domain, then the password policy is enforced by the domain controller. If not attached to the customer domain, a local password policy is enforced. The process for reviewing password policy, as well as recommended settings (which have been pre-applied) is: • While logged on as Administrator, or another administrative user included in the Administrators group, click on Start > Administrative Tools > Local Security Policy to open the Local Security Policy control panel. • Expand the left panel tree to show Security Settings > Account Policies > Pass- word Policy. • Right click Password Policy and choose Open. • In the right panel, double click Minimum password length and note that the length is set to 7 characters. If desired, modify the value and click OK to apply the change. • In the right panel, double click Password must meet complexity requirements and set to Enabled if desired. Click OK to apply the change. • Close the open control panel.

Adjust Default Local Users to Customer Requirements The initial list of users configured into the DEM is a minimal set provided for initial configuration. This list should be adjusted to meet customer requirements using the process Adding new users and process Deleting users described in the System Administra- tion Procedures section below. These processes only apply to users local to the DEM, domain users are added/deleted by the customer domain controller. NOTE: S&C strongly recommends that each user of the DEM be provided with their own user ID, and that no IDs be shared among users.

Add DEM to Customer Domain if Desired Attaching the DEM to the customer domain is normally a function performed by the customer’s IT staff. This process requires special permission from the domain administrator. • Click the Start button, then right click the Computer link and choose Properties to bring up the System control panel. • Click the Change Settings link to the right of the Computer Name on the System control panel to bring up the System Properties dialog. • On the Computer Name tab, click the Change… button to the right of the description To rename this computer or change its domain workgroup, click Change. That will open the Computer Name/Domain Changes dialog. • In the Computer name box, change the name “DEM” to the name assigned by the domain administrator. Select Member of Domain and enter the name of the domain in the box. To be recognized by the domain controller, the domain name may require a suffix such as “.local” or “.pri”. Then clickOK . • If you receive an error message that the domain controller cannot be contacted, make sure that the DNS address for the DEM network adapter points to the domain DNS server.

S&C Instruction Sheet 1047-521 9 Installation and Commissioning

• Otherwise, the domain controller will be contacted and you will need to enter the security credentials for a domain administrator account. Be sure to preface the user name with the domain name followed by a reverse slash. • You will see the Welcome to the domain message. Click OK. • You will be informed that a restart of the computer will be necessary. Click OK. • Close the System Properties dialog. You will be asked to restart the computer. Click the Restart Now button. • The computer will reboot. If you open the System control panel again, you will see the new computer name, and the domain is shown. • The local user accounts used previously are still maintained. A new layer of domain user accounts is now available. You can selectively logon to local or domain accounts, based on the prefix to the user name entered on the logon dialog. The prefix is separated from the user name by a back slash. Use the machine name as a prefix to logon to a local account. Use the domain name to logon to a domain user account. • In order to use a domain user account with S&C applications such as DCR, the domain user account must be identified to Oracle as described in the section below titled Adding a new user to Oracle. Note that you must be logged into the DEM on a domain administrator account to create or modify domain user credentials using the Oracle Administration Assistant for Windows. DEM local accounts have no ability to modify domain credentials. • After any host name change, review the section Changing the DEM Host Name, on page 75.

Adjust the Default Security Posture as Required Please refer to DEM Reference and Security on page 84 for important information about how to configure or modify security settings. In general, most of the security settings appropriate to the DEM have been pre-configured. Thousands of settings have been applied as part of the standard security architecture. Therefore, in many circumstances, no additional work is necessary.

Test Remote Access The DEM is provided pre-configured for use with Windows Remote Desktop on the standard RDP port. It is pre-licensed for two simultaneous remote users. Customers may purchase licenses for additional users, and apply those licenses to the DEM using the procedure in the section Installing Remote Desktop Services, Licenses, and Com- ponents on page 23. Other than various DNP connections to the DEM, this is the only port and protocol that is generally required for normal operation. A typical RDP login screen is shown in Figure 2:

Figure 2. Remote Desktop Connection screen.

10 S&C Instruction Sheet 1047-521 Installation and Commissioning

The access can be tested by connecting a PC to the LAN and accessing the DEM at its IP address on that LAN. This can be a helpful first step in securing remote access. Once this first step has been successfully achieved, the DEM can be added to a secure RDP gateway. The number of ways this can be accomplished are too numerous to describe here, but should be readily apparent to the IT department.

Device Interface This section discusses the basic configuration required for the DEM to communicate on Configuration its various interfaces, including the ability of the DEM to be monitored by the customer’s SCADA system. Additional information on all of the other, energy-related configuration parameters and interfacing methods is contained in Instruction Sheet 1047-570 DEM User’s Guide.

CES Unit Interface In general, the DEM should be installed about the same time that the first CES Units are installed. Therefore the WAN communication system should be in place, with communication connectivity to at least one or two units. This connectivity can be tested by opening a command window in the DEM and pinging each CES Unit. For this test the unit must be powered-up and have functional communication. The Unit may be in the Disconnect or Local mode. As CES Units are installed, or in preparation for installation, they will need to be configured in accordance with the system addressing diagram. Use S&C IntelliLink CES to set the IP Address, DNP Address, and Gateway at the CES Unit. See IntelliLink Help for details. With the Unit powered-up and properly addressed, attempt to ping it from the DEM. If the ping does not return a valid response, troubleshoot the problem before continuing with commissioning. Troubleshooting should include testing and debugging configuration of the WAN, as well as ensuring that the correct addressing information is configured in the CES Unit. Once you can successfully ping the desired units, commissioning can continue. On the Communication Channels tab of the DCR, locate the channel defined for communication with the CES Units over the WAN. Using the system addressing diagram, configure the following information:

Table 1. Communication Channels configuration. DCR Comm Channels Value Comment Parameter All CES Units communicate with DNP Type UDP encapsulated in UDP Protocol DNP (From Address configured under Windows for DEM Local IP Address system Ethernet interface connected to WAN on which diagram) Units are connected (From Must be unique on the assigned Ethernet Local IP Port system interface diagram) (From DNP Address of the DEM on the Ethernet Own Address system interface diagram)

S&C Instruction Sheet 1047-521 11 Installation and Commissioning

Now go to the Units tab in the DCR and configure the following communications- related information for the one or more CES Units to be commissioned. The Unit dashboard can be used to temporarily put each unit in Manual operation, while waiting for the system configuration to be completed. The parameters in Table 2 affect CES Unit-DEM communication. It is recommended that this interface be configured and tested prior to configuring the DEM for the customer SCADA (Virtual Device) interface. See Instruction Sheet 1047-570 DEM User’s Guide for details on configuring the Virtual Device interface. NOTE: For the DEM to poll a CES Unit, it must be assigned to a Group on the Units tab. Otherwise its status will display as uncommissioned, and it will not be polled or commanded.

Table 2. DCR Units configuration.

DCR Units Parameter Value Comment (From IP Address of the CES Unit (the address you IP Address system can ping from a command prompt) diagram) Generally this will be the DNP Default Address IP Port default of 20000 (From Local IP Address system DNP Address of the Unit diagram) 1-10 The maximum delay expected for a response Comm Timeout seconds from the unit . (typical) Number of times a communication request to the Unit will be resent if a timeout is encountered Retries 1 (typical) on the first read/write . The multiple of Comm Timeout times Retries should be less than Poll Interval on the Application Settings tab .

Once the parameters above are configured and the DCR File/Commit command successfully executed, the DEM should begin attempting to poll and command each of the configured units. To confirm this, open theUnit Dashboard and verify at the bottom of the screen that the Comm Status is Ok. Assuming that the CES Unit can be pinged from a command prompt, if the Unit’s Comm Status is not Ok, check its DNP Address and the DNP Address specified for it in the Units tab, and ensure that the DEM’s firewall is either disabled or not blocking communication, before calling Customer Support. With the CES Unit now communicating with the DEM, all supported features should be working properly. Interface function should be verified by performing fundamen- tal operations, and observing Unit Dashboard performance indicators. See Instruction Sheet 1047-570 DEM User’s Guide for details.

Transformer and Feeder Breaker Interfaces Most, but not all, energy allocation algorithms in the DEM require per-phase, real and reactive power sensing at the Feeder(s) and Transformer breakers. The following energy dispatch algorithms do not require configuration of the transformer or feeder breaker power sensing: • Manual Power (Power set to a fixed value under manual control via theUnit Dashboard). • Fixed Power (Scheduled fixed energy dispatch) • PVI Integration (Scheduled power smoothing with load shifting) If only the algorithms above are required, then the transformer and feeder breaker interfaces can be ignored, by setting their respective communication channels in the DCR to Unconfigured. Otherwise, the next section applies.

12 S&C Instruction Sheet 1047-521 Installation and Commissioning

The sensed data from the Transformer and Feeder Breaker interfaces is acquired as DNP Analog Input Points. The DEM supports two models for accessing this data in the form of configurable DNP-compliant device definitions. In the first model, each physical device (transformer breaker and each of the feeder breakers) is represented as a DNP- addressable entity. In this model, each entity has its own configured DNP definition, specifying the point types, point indexes, and associated analog scaling. While there will be one-and-only-one transformer device definition, each feeder breaker can have its own, unique definition, if the individual breaker controls are dissimilar, or all can share a single definition, if the breaker controls are all of the same model and basic configuration. NOTE: The DEM supports many flexible options for configuring the transformer and feeder interfaces. Please contact S&C Customer Support for assistance. The device definitions are configured using the industry-standard XML language and stored in a directory C:\DEMData\HDE\Config\Device Definitions\. The names of the files are configured in the DCR under theTransformer and Feeders tabs. Standard, released versions of these files are updated occasionally by the installation of new software releases. Therefore, if you need to edit the files, use a unique file name to avoid inadvertent overwriting, or confusion with the unmodified files. An example Analog Input Point definition, extracted from a sample file is shown below (the bold, underlined items are those that you may want to change): 11 FeederMeter_ReactivePowerB Phase B Total Reactive Power, Instantaneous -2147483648 +2147483647 0.0 0.000001 0.000001 KVAR In the first model, presented above, a separate device definition is used for each feeder breaker. In the second model, the device definition represents a superset of the analog points for all substation feeder breakers and the transformer breaker. The file D200.xml provides an example XML representation of such a superset device. In this model, a second mapping file (of type *.XDNPMAP) maps these points from the superset definition to the model of each individual device.

S&C Instruction Sheet 1047-521 13 Installation and Commissioning

The following procedure can be used to configure the ransformerT and Feeder Breaker interfaces: 1. Select or configure a communication channel onthe Comm Channels tab for communication with the substation equipment. If an Ethernet port is used, be sure to use a unique Local IP Port so the traffic is not confused with other traffic, such as that associated with a SCADA master station. If a serial port is used, the port should be dedicated to the feeder and transformer communications. If desired, dedicated channels can be configured for each device. 2. Configure transformer/feeder addressing and channel allocation on the Feeders and Transformers tabs. Make sure each device is configured with unique, unambiguous addressing, and appropriate timeouts and retry counts. As with CES Unit communication, the Poll Loop time on the Application Settings tab must be longer than the longest multiple of timeout (Comm Timeout) times retry counts (Comm Retries) for all devices. 3. Verify that the DNP Definition .XML file specified for each feeder breaker and the transformer breaker has the correct point configuration (see page 13). 4. Commit any configuration changes, and then go to the Feeder and Transformer dashboards to confirm data. 5. If communication to the transformer or feeder breaker interfaces is not successful, inspect the appropriate log file under C:\DEMData\DAS\Logs for the cause of the problem. Find the log file containing timestamps within the time frame from the most-recent DAS re-initialization to the verified lack of communications. Ver- ify that the channel was successfully initialized and determine if the frames were properly sent and received. Verification of addressing or connectivity failure to the devices may be determined if the channel shows continuing Reset Link commands being sent.

SCADA Master Station Interface The SCADA Master Station Interface provides a simplified interface to the customer’s SCADA master station from the DEM. In the DEM, this interface is called a Virtual Device Interface because the entire DNP point map is constructed from configuration data, and only indirectly reflects any true, hardware interface points. Multiple, simultaneous master stations are supported. The interface can be configured to map all of the DEM’s interfacing points into one large map (Megamap or Unified Device Interface) of points accessible at a single DNP device address. Alternatively, the interface can be configured to allow each device to be accessed at a unique device address. In the lat- ter case, uniqueness is defined from the combination of IP address, IP port (or COM channel if serial communication is selected), and DNP device address. Here is the general guidance for configuring this interface: 1. Select or configure a communication channel on the Comm Channels tab for communication with the master station. If an Ethernet port is used, be sure to use a unique Local IP Port so the traffic is not confused with other traffic, such as that associated with DEM-CES communication. If a serial port is used, the port should be dedicated to master station communications, and respond as one or more slave DNP devices. 2. Configure master station addressing and channel allocation on the DNP Master Devices tab. Multiple master stations are supported, primarily for fallback in case one of the master stations ceases operation. Make sure each master station is configured with unique, unambiguous addressing, and the appropriate timeouts and retry counts. 3. In general, the IP Port and DNP Address columns on the Unified Virtual Map Settings tab should be left blank. These refer to alternate DEM-side addressing that can allow the DEM to respond uniquely to requests using the Megamap mapping when they are sent to the same IP address as requests addressing each virtual device at different DNP device addresses.

14 S&C Instruction Sheet 1047-521 Installation and Commissioning

4. If the Megamap is being configured, setup the point map on theUnified Virtual Device Maps tab. 5. Review the reference to the files containing the DNP Definition for the DEM on the DEM tab, and the Virtual Device DNP Definition on the Units tab, and modify if necessary. 6. Commit any configuration changes, and then verify operation at the SCADA master. 7. If communication to the master station is not successful, inspect the appropriate log file underC:\DEMData\DAS\Logs for the cause of the problem. Find the log file containing timestamps within the time frame from the most-recent DAS re-initialization to the verified lack of communication. Verify that the channel was successfully initialized and determine if the frames were properly sent and received. Verifica- tion of addressing, or connectivity failure to the devices may be determined if the channel shows continuing Reset Link commands being sent from the master station.

Final Windows The following items may require attention after the system has been otherwise Configuration configured and basic testing has been completed. Configuring the DEM Firewall Prior to shipment, the DEM Firewall is disabled. It should remain disabled until the system has been tested. This allows all of the interfaces to be tested without the potential for interference from the Firewall. Firewall settings are easily configured by setting them one-at-a-time, and verifying that connectivity has not been impacted. Based on application of the DEM Security Baseline GPO, the Windows Firewall can be configured to block any inbound traffic which does not match a rule. The GPO does not enforce a rule set, or other Firewall specific settings. In other words, the GPO makes sure the firewall is active, but leaves other functions available via the various administrative tools. The recommended configuration for the DEM is to block both inbound AND outbound traffic which is not specifically allowed via pre-defined rules. To configure the firewall to block both inbound and outbound traffic, launch theLocal Group Policy Editor by typing gpedit.msc in the Start Menu. Navigate to the Win- dows Firewall settings shown below, and change the Outbound connection for all three Profiles toBlock . See Figure 3.

Figure 3. Local Group Policy Editor screen.

S&C Instruction Sheet 1047-521 15 Installation and Commissioning

For more flexibility, the outbound connections can be set to Not configured in the Group Policy editor. This allows Blocking to be configured in the more commonly used firewall GUI inServer Manager. This does make the firewall configuration more susceptible to mishandling. The configuration file Baseline FW settings DEM.103.wfw is in C:\DEM Security Baseline\DEM Firewall Config\. This file contains example rules. These settings will be modified to suit the DEM being configured. Open Server Manager and navigate to the Windows Firewall with Advanced Security group under Configuration. See Figure 4, it should look very similar to this example. On the right side of the dialog choose Export Policy and save a copy of the current policy to the desktop, or elsewhere, in case you need to roll back. Choose Import Policy and select the Baseline FW settings DEM.103 file. See Figure 4.

Figure 4. Server Manager screen.

Example CES Connection Configuration After import, select Outbound Rules in the left pane then right click the rule DEM to CES test connection, and choose Properties. Click on the Scope tab in the resulting dialog box. You should see something very similar to Figure 5 on page 17. This is the configuration used for a test system. Additional Remote IP addresses can be entered here. Additional information on firewall configuration can be found in the sectionDEM Firewall Operation on page 93.

16 S&C Instruction Sheet 1047-521 Installation and Commissioning

Figure 5. Server Manager screen Outbound Rules section.

Configure time base to access customer time resource: GPS, NTP server, or domain controller Time synchronization is extremely important for analysis of system performance and for troubleshooting. It is therefore recommended that the CES Units be synchronized to the DEM. In order to compare CES System logs and other corporate performance logs, it is also recommended that the DEM be synchronized to a corporate time server. If that is not possible, then the DEM should be set to use the GPS time source. Refer to the section DEM Controller Time Source on page 36. Refer to IntelliLink Help for configuring CES Units to synchronize to the DEM.

Establish CES System Maintenance and Performance Monitoring Archives CES System Operators will rely on performance data from the DEM and from the CES Units. It is recommended that an orderly file structure be created and maintained to hold and exchange performance data. Records of DEM and CES Unit settings should also be managed in an orderly fashion and kept on the DEM. It is recommended that Unit settings be exported and saved as part of the commissioning process, and then updated when changes are made. This process is also useful as a mechanism to propa- gate settings changes across multiple Units.

Install Any Customer Provided Monitoring and Logging Software Clients This is specified by the customer. Please note that the DEM utilizes a solid-state disk drive and is also sensitive to the addition of significant processing load. Disk logging should be minimized to avoid undue wear on the SSD, and additional monitoring tools should be selected and configured with minimal processing load relative to DEM capabilities.

S&C Instruction Sheet 1047-521 17 DEM Storage Organization, Backup, and Recovery

To support its function as a self-contained energy management controller, the DEM is provided with an integral automated backup system and backup media. The backup system is transparent and entirely self-maintaining. The backup system is built around Windows Volume Shadow Services (VSS), which provides a seamless, transparent way to backup the system without taking it offline or incurring significant performance or reliability impacts. The backups are perfect snapshots of the state of the files and internal data structures such that it can be restored without risk of loss of function or data. The backups are scheduled to run automatically, and Windows Backup recycles space on the backup media automatically, as necessary, replacing the oldest backup first. NOTICE The backup and restore system described in this Section will serve the great majority of system backup requirements . However, it is recommended to perform occasional backups to USB or network-connected storage media . Such backups may be useful in the event of a major system event such as catastrophic loss of the substation or cyber-attack . Two, solid state, SATA III disks (SSDs) are included with the DEM hardware to support the backup functions. An external SSD holds all of the DEMs operating software and data as a self-contained, bootable system. The system boots and runs from this external disk. An internal SSD holds both a fully-bootable recovery media plus backup copies of system and database images. It is visible to the running system but even a complete failure of the internal disk has no direct impact on normal operation of the DEM. The internal SSD is mounted on the motherboard assembly and cannot be removed from the unit. The external SSD is mounted in a removable drawer which is accessible on the front panel of the DEM. The external SSD is secured in place by two knurled knobs. In general, there should not be a need to remove or replace the external SSD. However, in the event that the hardware fails to operate or needs to be replaced for some reason, the external SSD can be removed and re-inserted in a replacement DEM. In summary, the DEM storage and supporting configuration supports the following system recovery scenarios: 1. Recovery from catastrophic failure of the system software/system disk: Replace the disk in the external bay (if necessary), boot from the internal disk and restore the system on the external disk from a suitable backup on the internal disk. 2. Recovery from catastrophic failure of the internal system backup disk: First replace the DEM, retaining the external disk from the failed unit (if the DEM or internal disk is suspected of being defective). Then rebuild the system recovery data structures and partitions on the internal disk (see Section 6.6 below ). 3. Recovery from a failed DEM hardware unit: Remove the external disk bay and insert in a replacement DEM hardware unit. 4. Database issue or database upset. Restore the database using a suitable backup file which should be available on the DEM File Backup volume of the internal disk, using the database recovery procedure identified in Section 7.2 below. 5. Other system software or data issue of any kind: Restore using the system image backups stored on the internal disk as discussed in the section System Recovery from Internal Backups on page 20.

18 S&C Instruction Sheet 1047-521 DEM Storage Organization, Backup, and Recovery

Disk Partitioning and The figure below shows graphically how the DEM’s disks are partitioned into volumes: Volume Assignment

Figure 6. Disk Management screen.

Disk 0 is the external SSD and contains two partitions. “System Reserved” (option- ally assigned drive/volume letter “D”), contains critical boot files including a boot menu that comes up during startup. “External SSD” (assigned drive letter “C”) contains the complete Windows system image including Windows operating system, application programs and Oracle database. Disk 1 is the internal SSD and contains three partitions each with a single volume. “Recovery”, drive letter “E”, contains a minimum-size bootable, Windows recovery disk image. In the unlikely event of a catastrophic failure of the DEM’s external disk, the system will boot from this drive into a recovery mode (see below for a description of operation in this mode). This mode may also be used in the event that the user wishes to restore the DEM to an earlier system state. A second drive, “DEM File Backups”, assigned drive letter “F”, contains database backups which are automatically produced on a daily basis. The drive is large enough to accommodate many other files that the user may wish to save for some reason, entirely at his/her own discretion. A third drive, “DEM System Backups”, assigned drive letter “G”, contains complete Windows image backups of the entire external disk. The image backups are compressed, allowing many of them to be saved on the internal disk. The compression is aided by features of Win- dows Backup which allow subsequent backups to be incremental. The images also allow the system to be restored to a different external disk than the one supplied with the DEM.

Normal and For normal operation, the DEM’s BIOS is configured to boot preferentially off of the Emergency Boot external SSD, utilizing the boot menu mentioned in the Section above. Upon system Procedures power-up or restart, the boot menu comes up on the system console and allows the user to select one of two entries: Windows Server 2008 R2 Recovery If no selection is made within 10-15 seconds, the first entry is selected and the system attempts to boot normally off the external drive. If “Recovery” is selected, the system boots to Drive E which brings up a copy of Windows in recovery mode as if one booted from a Windows CD/DVD Recovery media. Once booted, the user is presented with the standard recovery options discussed in Section 8.3 below. Since the recovery system has access to the backups on Drive G, the external disk can be re-imaged to any of the

S&C Instruction Sheet 1047-521 19 DEM Storage Organization, Backup, and Recovery

prior backups retained on Drive G. Once the restoration is complete, Windows boots the DEM; no further corrective action should be necessary. In the event that the external SSD becomes unresponsive or fails for any reason, the system will automatically boot from the internal drive.

Automated Disk The DEM utilizes the Windows Server standard Backup and Restore feature to make Backup Procedure regular backups of the complete system. Windows Server Backup, when running, is completely transparent to the DEM’s applications. The backup schedule can be changed as per customer requirements. Please refer to the section Making a DEM Image on a Locally Attached Hard Drive on page 27, for a detailed description of a similar backup configuration process. If you wish to modify the backup schedule or need to reconfigure it, follow the steps below: Modifying the existing backup schedule: 1. Invoke the Windows Server Backup configuration tool as per sectionMaking a DEM Image on a Locally Attached Hard Drive on page 27. 2. Select Backup Schedule… from the Actions area at the right side of the window. 3. Select the radio button Modify Backup and click next. 4. Select Custom backup and click next. 5. The next screen should show the following items selected for backup: “Bare metal recovery, System state, External Drive (C:), System Reserved (D:).” If not, modify the list accordingly. Select next to move to the next screen. 6. Modify the schedule as desired and click next. 7. Select Backup to a volume and click next. 8. Select Keep current backup destinations and click next. NOTE: If for some reason you need to recreate the destination entry, select the radio button Modify/ select backup destinations and click next. Use the add and/or remove buttons to set the destination to DEM System Backups (G:) and click next. Configuring a Backup Schedule: In the event that the backup schedule needs to be recreated, the following procedure can be used: 1. Start the backup configuration wizard as described above. When it asks Select items for backup, click on the Add button, and select the check box Bare metal recovery. This will in turn automatically select several items but only those items required for system restoration. 2. Follow the prompts to advance through the wizard. When it allows you to select Specify Destination Type, select Backup to a volume. 3. Continue to follow the prompts to the end of the wizard, selecting DEM System Backups (G:) as the destination.

System Recovery from To perform a recovery of the system from one of the backups stored on the internal Internal Backups drive, the following procedure can be used: 1. Connect a keyboard, mouse and display to the DEM and restart or boot the machine. 2. Wait for the BIOS prompt to time out and for the boot menu to appear. Without waiting, quickly select Recovery from the menu and hit the enter key. 3. You will see the system appear to start up in Recovery mode as if you had booted from a Windows Server CD/DVD Recovery disk. Within a minute or two you should be prompted for the desired language. Click the Next button. 4. Select Repair your computer which will bring up the next menu. 5. Select Restore your computer using an image you created earlier and click Next.

20 S&C Instruction Sheet 1047-521 DEM Storage Organization, Backup, and Recovery

6. After a delay, you should see the description of the most-recent backup on the internal drive. Either select the radio button Use the latest available system image and click Next, or click on Select a system image to see a list of all backups on the internal drive. If you clicked Select… then the next prompt shows a list of backup locations (only one will be listed). Click Next again, the complete list of backups will appear for your selection. 7. Select one of those backups and click on Next. 8. The screen should now display the backup file name and date to be restored-to, plus one of several possible disk formatting options. If you can, select an option to format the disk. 9. When you click next you should see a list of the options and files that the restore will use. Click Next one more time to start the recovery. 10. At the end of the recovery, the system will automatically restart and be completely recovered to the time and date when the recovery media was created.

Recovery from Use the procedure discussed in the section Recovering the DEM from a Windows External, USB, or Server Backup File Set on page 28, to restore your system from an external backup. If Network Backups the system image came from a different DEM hardware unit, be sure to update the Intel- liLink license file for the change to Ethernet adapters on the DEM being restored. Also check the IP address for potential changes after restoration and update/configure the Recovery volume as described in the section Recreating Boot Menu, Recovery Image, etc. below.

Recovery Using a After preparing the replacement for use, insert the external drive bay from the original Replacement DEM DEM which will contain the correct operating system image. Be sure to update the Intel- liLink license file for the change to Ethernet adapters on the DEM being restored. Also check the IP address for potential changes after restoration and update/configure the Recovery volume as described in the section Recreating Boot Menu, Recovery Image, etc.

Oracle Database Please refer to the section Restoring the Oracle Database from Backup on page 72, Recovery which describes how to restore Oracle database images. You can find the database images on internal drive F, DEM File Backups.

Recreating Boot Menu, As mentioned in the section Normal and Emergency Boot Procedures on page 19, the Recovery Image, etc. DEM hardware is set up as a dual-boot, Windows Server 2008 R2 PC, with the external SSD containing a complete, operating system including all of the DEM applications. The internal SSD boots into a 4GB volume (Recovery, drive E) containing a copy of the Windows Server 2008 R2 Recovery Disk. Whenever the system is rebuilt or restored from a backup that did not originate on the present hardware, the Recovery image must be re-initialized. Under some circumstances, you may want to also recreate the other volumes on the internal drive that are used for backup storage. Otherwise, you might accidentally attempt to restore the system from a backup that was made earlier on a different system. The procedure below performs complete purging and initialization of all three volumes on the internal SSD. 1. Invoke Server Manager and navigate to Server Manager/Storage/Disk Management. 2. Verify that the system is running from the external disk (ADATA IS32-128GT ATA Device) by selecting properties for disk 0 and verifying the above device hardware type. 3. Using the Disk Management window, delete all partitions/volumes on the Internal drive (disk 1) so the space is completely unallocated.

S&C Instruction Sheet 1047-521 21 DEM Storage Organization, Backup, and Recovery

4. On the Internal Drive, using the Disk Wizard, create two new simple volumes, each 4GB in size (4096MB). Take all the defaults, but name the first volumeRecovery , and the second volume DEM File Backups. Now create a third volume occupying all remaining space and name it DEM System Backups. Drive letters E and F, and G should be assigned (assign them explicitly if necessary) and the disks formatted. 5. Using Windows Explorer, copy all the files from the Windows 2008 DVD Installer (7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD) to the Recovery volume. Using copy and paste is sufficient. 6. Invoke the application EasyBCD which is provided on the DEM. 7. Click on Edit Boot Menu. If Recovery is in the menu, select the entry and delete it. 8. Click the button Add New Entry, Under Portable/External Media -> select the WinPE tab, In the Name field, write Recovery“ .” 9. Inside Path navigate to the fileboot.wim previously copied to the Recovery parti- tion. (E:\sources\boot.wim). 10. Click Add Entry -> Message at the bottom should say -> Recovery added to the boot menu successfully! 11. Reboot and verify that the boot menu comes up on startup, and that both boot options work. 12. Configure the backup schedule in Disk Manager as per the section Automated Disk Backup Procedure on page 20, and verify that it works by doing backup once with the same options set.

22 S&C Instruction Sheet 1047-521 DEM System Maintenance

Add or Delete Users from Windows and Oracle Users may be added or deleted to meet customer requirements using the process Adding new users and process Deleting users described in the System Administration section on page 27. These processes only apply to local users of the DEM, domain users are added/deleted by the customer domain controller.

Reconstruct Oracle Database Refer to the section Rebuilding the Oracle Database, on page 59.

Perform Oracle Database Backups (dumpfile) Refer to the section Backing Up the Oracle Database, on page 70.

Installing Remote Desktop Services Licenses and Components The default Windows Server 2008 R2 installation includes “administrative” remote access for up to two simultaneous sessions by users in the Administrators group. Ordi- narily the DEM ships without RDP licenses for any additional simultaneous users. If additional users are required, the procedure in this section can be used to install the Remote Desktop Services role, and several of its component functions. To install the Remote Desktop Services role: • Start the Server Manager by clicking on the icon immediately to the right of the Start button. • Right click the Roles item in the Server Manager tree on the left side. Choose Add Roles to bring up the Add Roles wizard. • Click Next to move past the Before you begin page. • Check the box for the Remote Desktop Services role. • On the Select Role Services page, click on the Next button. • Click on Next to move past the page Introduction to Remote Desktop Services. • On the Select Roles Services page, check the box Remote Desktop Session Host. Click Next to complete this page. • Click Next to move past the Uninstall and Reinstall Applications for Compat- ibility page. • On the Specify Authentication Method for Remote Desktop Session Host page, choose Do not require Network Level Authentication. Click Next. • On the Specify Licensing Mode page, select Per User. Click Next. • On the Select User Groups Allowed Access to this RD Session Host Server page, review the list for accuracy and completeness. This list is populated from those users and groups that are a member of the Remote Desktop Users group. Any user added to this list will also be added to the Remote Desktop Users group. When finished with your review, clickNext . • On the Configure Client Experience page, make sure that the Audio and Video Playback and Desktop Composition check boxes are checked or greyed out. Audio recording redirection should be unchecked. Then click Next. • On the final wizard page,Confirm Installation Selections, click the Install button to install Remote Desktop Services. You will be asked to restart Windows, click the Yes button in the Do you want to Restart now? message box. • After the restart, the Server Manager will automatically resume the role installation process. On the Installation Results page, click Close to exit the wizard. • Note that the Server Manager Roles tree on the left side of the Server Manager control panel now shows the Remote Desktop Services role added.

S&C Instruction Sheet 1047-521 23 DEM System Maintenance

At this point, support for the default two “administrators” has been removed and support for an unlimited number of users as been added for 90 days. Before that time has expired, Remote Desktop Services licenses or CALs must be made available, or remote access to the DEM will be shut down. You may purchase Remote Desktop Services User CALs for each DEM. These CALs can be installed on an RDS License server in the DEM, or added to an RDS License server, already under your control. Before installing the CALs on the DEM with the following procedure, consider whether you want to install the CALs on an external RDS License server instead. Installing RDS licensing can be both complex and time consuming. For more information, refer to Managing Remote Desktop Licensing at this link: http://technet .microsoft . com/en-us/library/cc732605. You can also contact S&C for assistance. To install the Remote Desktop Services User CALs: • Confirm you are connected to the Internet startingInternet Explorer. Internet access is needed to interact with the Microsoft licensing center. • Start the Server Manager by clicking on the icon immediately to the right of the Start button. • Click the Roles | Remote Desktop Services item in the Server Manager tree on the left side. Scroll the right panel down to the Role Services section. Choose Add Role Services to bring up the Select Role Services wizard. • Click to checkmark the Remote Desktop Licensing service. Click Next. • On the Configure Discovery Scope for RD Licensing page, check the box Configure a discovery scope for this license server. Choose the This workgroup option. Click Next. • On the Confirm Installation Selections page, click Install. • On the Installation Results page, you will see a warning that you need to configure the licensing server, which we will do next. Click Close. • Click the Roles | Remote Desktop Services | RD Session Host Configuration: DEM item in the Server Manager tree on the left side. • Under the Edit Settings section, double click the Remote Desktop license servers line. • Close the message box relating to No license server is specified. We will do it next. • On the Licensing tab, select Per User Remote Desktop licensing mode. Click the Add button below the list box Specified license servers:. • In the Add License Server dialog, select the Known license server [Local] DEM. Click the Add button. DEM will then appear in the list of Specified license servers. Click OK. • DEM will now be in the Specified license servers: list box. Click OK. • A warning message regarding Configuration changes have been made can be dismissed with the OK button. • Open the RD Licensing Manager at Start | Administrative Tools | Remote Desktop Services | Remote Desktop Licensing Manager. • In the right panel of the RD Licensing Manger you will see the name DEM described as Not Activated. Right click DEM and select Activate Server to bring up the Activate Server wizard. • Click Next to move past the Welcome to the Activate Server Wizard page. • On the Connection Method page, choose Automatic Connection (recommended) in the Connection Method dropdown box. Click Next.

24 S&C Instruction Sheet 1047-521 DEM System Maintenance

• On the Company Information page, enter the First name, Last name, Company name, and Country or Region. See Figure 6. NOTICE Carefully and permanently record this information . It will be needed to transfer the licenses, or to reinstall them if the DEM needs to be re-imaged at a later date .You will be asked to provide this information if you contact the Microsoft Clearinghouse by telephone for technical support in reactivating the licenses . If this information is lost, you will need to have a long discussion with the Microsoft support center (Microsoft Clearinghouse) to get the licenses reauthorized . Alternately, you will need to buy new license CALs!

• For example, use the following information for DEM’s assigned to S&C internal use, or if a customer has not yet designated the appropriate company information:

Figure 6. Activate Server Wizard screen.

• Click Next to move to the second page of the Company Information. This page may remain empty if desired. Click Next to activate the server with the Microsoft Remote Desktop Licensing center. • On the Completing the Activate Server Wizard page, leave the Install Licenses Wizard now box checked, then click Next. • On the Welcome to the Install Licenses Wizard page, note in the License server settings group box that the company name “S&C Electric” has the ampersand dropped and the company name is reported as SC Electric. This will become an important point if you attempt to reinstall or transfer the licenses by using the Microsoft Clearinghouse. Click Next. • On the License Program page, choose License Pack (Retail Purchase) as the License program. Click Next.

S&C Instruction Sheet 1047-521 25 DEM System Maintenance

• On the License Code page, enter the 25 character license key from the software package containing the certificateWindows Remote Desktop Services Client Access License User Licenses. Click the Add button and the license key will appear in the list box below the Add button. Click Next. • On the Completing the Install Licenses Wizard page you will see the message 5 Windows Server 2008 or Windows Server 2008 R2 Per User client access installed. Click Finish. • In the Server Manger, select Roles | Remote Desktop Services | RD Session Host Configuration: DEM | Licensing Diagnosis. In the center panel, you will see the message Licensing Diagnosis did not identify any problems to report. • You have now installed the RD license server on the DEM, and it is activated to issue licenses for up to five simultaneous users of theDEM Control Room application.

26 S&C Instruction Sheet 1047-521 System Administration

The DEM software is built on the Windows Server 2008 R2 Standard platform. In this section we outline some of the common procedures required to administer this OS platform.

DEM Backup Backups are very important for operating the DEM. There are two levels of backup: Bare metal backup of the External SSD disk—This allows full recovery from a defective SSD, or porting the complete DEM software image from one DEM to another. The information in this section pertains to use of Windows Backup for making backup copies on various external, USB or network-connected media. The DEM also has an integral backup and recovery system that is covered in DEM Storage Organization, Backup, and Recovery on page 18. The present Section covers more generalized use of Windows Backup. See Bare Metal Recovery Image Generation below, and Recovering the DEM from a Windows Server Backup File Set on page 28. Oracle database dump file (.dmp)—This consists of a backup of the schemas CES_ HUB and ITSG_COMMON (data stored in the SYS schema are not copied). This backup can be restored onto a suitably-prepared Oracle database, to completely restore the DEM’s operational data. The information in this section pertains to the use of Oracle database backup capabilities for making backup copies on demand. Please note that the DEM also has an integral backup and recovery system that is covered in DEM Stor- age Organization, Backup, and Recovery on page 18. See the sections Backing up the Oracle Database on page 70, and Restoring the Database from the Backup (.dmp) File on page 72.

Bare Metal Recovery Image Generation This allows full recovery from a defective SSD drive, or porting the complete DEM software image from one DEM to another. The DEM image is recorded with Windows Server Backup, a Feature of Windows Server 2008 R2. To access it, open the Server Manager using the task bar icon next to the Start button. In the left navigation panel, open Server Manger (DEM) | Storage | Windows Server Backup. Windows Server Backup file sets are designed to be usable only by the Windows Server Backup feature or accessible by the Windows Recovery feature on the Windows installation DVD, or Recovery DVD. NOTE: Through use of security ACL’s, most of the backup file sets are made invis- ible to Windows Explorer. The file sets are not easily copied intact to another medium. Attempts to modify the ACL’s tend to prevent successful use of the file set in subsequent recovery operations.

Making a DEM Image on a Locally Attached Hard Drive To make a backup copy of the DEM SSD image to a locally USB attached hard drive: • Connect an external hard drive with sufficient free space to a USB port on the DEM. • Open the Server Manager using the task bar icon next to the Start button. In the left navigation panel, open Server Manger (DEM) | Storage | Windows Server Backup. • On the right side Actions panel, click on Backup Once to start the wizard. • On the Backup Options page, choose Different Options. Click Next. • On the Select Backup Configuration page, choose Custom. Click Next. • On the next screen, click Add Items, and on the following screen, click Bare Metal Backup. This will also select other required items including the boot volume, (Drive C). Review the items in the list to insure that neither the target drive media for the backup, nor any other locally-connected drives are checked. • On the Specify Destination Type page, choose Local Drives. Click Next. • On the Select Backup Destination page, select the backup drive and verify that there is sufficient free space shown. ClickNext .

S&C Instruction Sheet 1047-521 27 System Administration

• On the Confirmation page, verify the backup parameters. Click Backup. • The Backup Progress page will open. The wizard will create a snapshot of the entire SSD using the Windows Shadow Copy or VSS technology. This technology provides precise synchronization of the backup media with the state of the DEM at the start of the snapshot process. Then the synchronized disk image is copied to the external drive. • The copy process takes about ten to fifteen minutes. Then theBackup Progress page will show Completed for all backup segments. Click Close.

Making a DEM Image on a Network Attached Folder This procedure can be used to make a copy of the DEM SSD image to a folder on a server connected to the DEM’s private network. Making a second backup to this folder will overwrite any existing backup file: • The folder where the SSD image is to be stored must exist before starting the backup. Create a subfolder name using the image revision, or other annotation, in this folder. For example create the folder DEM 1.8.1. This subfolder will automatically inherit the Everyone permissions from the parent DEM Image Backup folder, where the Everyone permission is set to Full Control. A storage location of the form: \\10 64. 96. 104\dev-asd404\DEM. Image Backup should be chosen for the network backup, because it is located by IP address, not a domain DNS host name. This becomes important when the image is restored by the Windows bare metal recovery process, which is not connected to the domain. • Open the Server Manager using the taskbar icon next to the Start button. In the left navigation panel, open Server Manger (DEM) | Storage | Windows Server Backup. • On the right side Actions panel, click Backup Once to start the wizard. • On the Backup Options page, choose Different Options. Click Next. • On the Select Backup Configuration page, choose Full server (recommended). Click Next. • On the Specify Destination Type page, choose Remote Shared Folder. Click Next. • On the Specify Remote Folder page, enter a fully-qualified file name as mentioned in the first bullet item above. ForAccess control, select Inherit. Click Next. • For the Provide user credentials for Backup enter the user credentials necessary to access the server folder. • On the Confirmation page, verify the backup parameters. Click Backup. • The Backup Progress page will open. The wizard will create a snapshot of the entire SSD using the Windows Shadow Copy or VSS technology. After that completes, the snapshot is copied to the external drive. • The copy process takes about ten to 15 minutes. Then the Backup Progress page will show Completed for all backup segments. Click Close. • The backup file set is located at the specified target location. Some of the files in this folder are marked hidden by Windows Server Backup.

Recovering the DEM from a Windows Server Backup File Set The following procedure will allow recovering the DEM from a backup file set on an external hard drive, or from a network drive. In this phase, we will load the entire SSD from a DEM software image. This image comprises millions of files and is loaded in block format using some Windows restore tool. • Attach an external DVD reader by attaching its USB cable(s) to any of the USB ports on the DEM.

28 S&C Instruction Sheet 1047-521 System Administration

• Open the DVD reader and insert the DVD labeled Windows Server 2008 R2 SP1 180 Day Trial, and close the drive in preparation for reading. The ISO file to burn this DVD is available from Microsoft at http://technet .microsoft .com/en-us/evalcenter/ dd459137 aspx. . • Reboot the DEM, either via the Windows Start menu Restart option, or by using the DEM front panel Power button. • The computer performs a boot operation. It proceeds to the message Press any key to boot from CD or DVD. You have only a couple of seconds to hit the enter key to start the installation DVD, otherwise the computer will attempt to boot from the SSD. If that occurs, you need to use the Power button on the front panel to shut down the computer. Then press the button again to reboot the computer. Watch carefully for the Press any key to boot from CD or DVD message. Respond quickly by pressing the Enter key to start the installation DVD process. • During the DVD installation, the computer displays the message Windows is loading files… for two or three minutes as it loads a special version of Windows from the DVD. • After loading windows, a screen opens for you to select Language, Time Format, and Keyboard type. Use the defaults, and then click the Next button. • The next screen shows a large Install Now button. Instead, click the smaller Repair your computer link at the bottom left of the screen. • The System Recovery Options screen opens. At this point, if you are restoring from an external hard drive, connect the USB attached external hard drive, that has the DEM disk image, to a USB connector on the back panel of the DEM. If you are restoring from a network drive, attach the LAN cable to the ETH1 connector on the back panel of the DEM. • On the System Recovery Options screen, click the bottom radio button labeled Restore your computer using a system image that you created earlier. Then click Next to open the screen labeled Select a system image backup. If an external hard drive has been attached, the computer will scan it for the DEM system image, and display that image in the selection boxes. Select the appropriate image file, and click Next. • If no hard drive is attached, and you are restoring from a network drive, the message Windows cannot find a system image on this computer will be displayed. Exit the message box by clicking Cancel. Use these steps to obtain the restore image from a network drive: – On the Select a system image backup page, click Next. – On the Select the location for the backup for the computer you want to restore page, the list of backups will be blank because no external hard drive is attached. Click the Advanced… button to open a dialog containing an option to select Search for a system image on the network. Click that option to open the message box Are you sure you want to connect to the network? Click Yes to connect to the network. – On the Re-image Your Computer dialog, enter the network address of the system image. For example, use the network address: \\10 .64 .96 .104\dev-asd404\ DEM Image Backup\Image Name where Image Name is the name of the folder that contains the backup image to restore. The folder Image Name will contain the subfolder WindowsImageBackup. Click OK. – Windows will ask you for credentials for the computer where the image is stored. The backup image will then be located and listed in the list of backups. Select the backup just located, and click Next. – Another dialog will open Select the date and time of the image to restore. Highlight the image in the list, and click Next.

S&C Instruction Sheet 1047-521 29 System Administration

• This opens the screen Choose additional restore options. On this screen, check the box labeled Format and repartition disks, to completely reinitialize the SSD drive. Then click Next. • This opens the screen Re-image your computer. The message Your computer will be restored from the following system image is followed by a description of the image to be used. Click Finish to start image restoration. Answer the pop-up ques- tion box with Yes, and wait for image restoration to complete. • After the SSD reformat and the image load complete, the computer will reboot to the DEM software image now loaded on the SSD. This image load takes about 20 minutes. • If still connected, remove the USB hard drive as soon as the reboot occurs, or later after the operating system boots up. Adding New Users The process of adding new users occurs in two phases. First we add a user to Windows. Second, if the user will utilize Oracle, we identify that user to Oracle, so the Oracle single-sign-on mechanism will operate. You must be logged in as a user with administrative privileges to perform the following tasks.

Adding a New Local User to Windows Domain users must be added by a domain administrator on the domain controller. The following steps are only for adding local DEM user accounts. To add a Windows Local User: • Click Server Manger icon on the task bar immediately to the right of the Start button. This opens the Server Manager control panel. • In the left pane, click on Server Manager (DEM) | Configuration | Local Users and Groups | Users. Then right click Users | New User… in the left pane to open the New User dialog. • Type the user name into the First name and the Full name text boxes. Enter the password, same as the user name, into the Password and Confirm password text boxes. • Uncheck the User must change password at next logon box. Check the User cannot change password and Password never expires boxes. • Click Create to confirm the description of the user, and create the account. The choice of password and options may be modified by the customer when the DEM is installed. The new account(s) you create here are not shown in the user list until you click Close. • Repeat the above process to enter all the Administrative and Unprivileged users. The difference between Administrative and Unprivileged users is determined by the groups to which they are added in the next phase. • When all users have been entered, click Close to exit the dialog and update the list of users. The User Groups determine the privileges accorded to each user. To adjust user group membership: • Double click the user, such as admin, in the list of users to be adjusted. This will open the dialog admin Properties. • Click the Member Of tab to see the list of groups where this user is a member. The Users group is listed by default when a user is created. • Click the Add button, and add groups related to various privileges: – Administrators for administrative privileges – Remote Desktop Users to allow logon using Remote Desktop

30 S&C Instruction Sheet 1047-521 System Administration

– For all added users, except test and sandc, add to the Remote Desktop Users group. – For all users in the Administrative Users list above, add to the Administra- tors group.

Adding a New User to Oracle When the new users have been defined locally to Windows, or to the domain the DEM may be attached to, we must define these users to Oracle, so these users can access the DEM DCR. We use the Oracle tool Administration Assistant for Windows, which is activated by the desktop icon with that name. It can also be found at Start menu | All Programs | Oracle - OraDb11g_home1 | Configuration and Migration Tools. This will open the Oracle Administrative Assistant for Windows dialog. NOTE: You must be logged into the DEM on a Domain Administrator account to create or modify domain user credentials using the Oracle Administration Assistant for Windows. DEM local accounts have no ability to modify domain credentials. Adding Database Administrator Users The first step is to define OS Database Administrators to Oracle. Only the defined Database Administrators can add or modify Oracle external users or roles. To define administrators: • In the left navigation window navigate to Oracle Administration Assistant for Windows | Oracle Managed Objects | Computers | DEM | OS Database Adminis- trators – Computer. Right click OS Database Administrators – Computer and select Add/Remove… to display the control panel. • In the Domain dropbox, select DEM for local users, or the domain name for domain users. In the upper scroll box, select the local users that you wish to add. Click the Add button. The selected users will now appear in the lower scroll box, having been added to the list of OS Database Administrators. Click OK to exit the control panel. • The process may be repeated to add domain users as Oracle database administrators. Activate OS_ROLES Mode Next, we need to allow Oracle interaction with Windows, for mapping Windows user groups into Oracle roles. This is accomplished by setting the Oracle OS_ROLES mode as follows: • Open SQL Developer. Right click the SYS connection and select Open SQL Worksheet. • Enter these two commands into the worksheet: – ALTER SYSTEM SET OS_AUTHENT_PREFIX=’’ SCOPE=spfile; – ALTER SYSTEM SET OS_ROLES=TRUE SCOPE=spfile; – NOTE: The OS_AUTHENT_PREFIX=’’ has two single quote-mark characters, not one double quote-mark character. • Execute the commands by pressing F5. The Script Output window will show: system SET altered. Twice. • We now need to restart the Oracle engine into the OS_ROLES mode. Start the services control panel with Start | Administrative Tools | Services. • Restart the service named OracleServiceORCL. • Close, and then reopen Administration Assistant for Windows. • Connect to the database ORCL. • Right click ORCL and select Properties. Verify that the OS_AUTHENT_PREFIX is two single quote-marks, and that OS_ROLES is TRUE.

S&C Instruction Sheet 1047-521 31 System Administration

Deactivating OS_ROLES Mode Whenever role-related settings involving individual user accounts are changed, it will be necessary to take the database out of OS_ROLES mode using the following steps: • Open up SQL Developer. Right click the SYS connection and select Open SQL Worksheet. • Enter the the following command into the worksheet: ALTER SYSTEM SET OS_ROLES=FALSE SCOPE=spfile; • Execute the command by pressing F5. The Script Output window will show: system SET altered. • From the services control panel menu, Start | Administrative Tools | Services. • Restart the service named OracleServiceORCL. • Open the Administration Assistant for Windows. If already open, close it and then reopen it. • Connect to the database ORCL. • Right click ORCL and select Properties. Verify that OS_ROLES is FALSE. • NOTE: Remember to put the database back into OS_ROLES mode (TRUE) when you are finished making changes.

Configuring External OS Roles in the Database Now, create the equivalence between Oracle external roles and Windows user groups. • Verify that the database is in OS_ROLES mode. • With the database ORCL selected in the left panel tree, right click “External OS Roles” in the right panel and select Create. This will pop up the Create External OS Role Wizard. • Enter the first role CES_ADMIN into the OS role name box, and then click next to open up the System Privileges page. • In the available roles, choose Connect, and then click the Grant button. • Click Finish to add the OS role. • Repeat the above process for each of the remaining OS roles: CES_COMMTECH, CES_OPERATOR, CES_PLANNER, CES_SCADATECH, and CES_SECADMIN.

Additional CES_ADMIN Role Configuration—REQUIRED The following steps must be completed for proper DEM operation. • Open the Administration Assistant for Windows. If already open, close it and then reopen it. • Connect to the database ORCL. Right-click ORCL, choose Connect Database. • Click the plus next to ORCL to expand the navigation tree. • Click the External OS Roles node. • Right-click CES_ADMIN and choose Properties. • Click the Roles tab. • Grant the DATAPUMP_IMP_FULL_DATABASE and RESOURCE roles by finding them in the list of Available Roles and clicking Grant. • Click OK. • Exit and click Yes when asked whether to save the console settings.

32 S&C Instruction Sheet 1047-521 System Administration

• Restart the HDE: 1. Open Control Panel/Services console. 2. Stop the Hub Supervisor. 3. Stop the HDE. 4. Start the Hub Supervisor. Registering Domain Users with the Database With the roles created, we can now register the Windows user accounts with Oracle to enable single signon: • This is the list of Windows local users to identify to Oracle along their appropriate roles; all means CES_ADMIN, CES_COMMTECH, CES_OPERATOR, CES_PLAN- NER, CES_SCADATECH, and CES_SECADMIN; none means do not define to Oracle. – admin all – SandC_(name) all – sandc all • With the database ORCL selected in the left panel tree, right click External OS Users in the right panel, and select Create. This will open the Create External OS User Wizard dialog. • In the Domain dropbox, select DEM for local users, or the domain name for domain users. In the upper listing in the dialog you will see all of the users and groups for the domain chosen in the top drop down selection box. Select the local users in the list above, plus any additional users you wish to add. Then click the Add button. This will bring the user names into the bottom list named New External OS Users. • Click Next to display Step 2 of the Wizard dialog. In the top Assigned Profile dropdown box, choose DEFAULT. Then click Next to display Step 3 of the Wizard dialog. • In the upper list of Available External Roles, highlight all the CES_xxx roles. Then click the Grant button to copy those roles to the bottom list of Granted External OS Roles. • Click the Finish button to add the user to the Oracle database with the granted roles. • Repeat the above process for other users. In Step 3, only highlight the roles appropriate to the user. • The process above may be repeated to identify domain users to the Oracle database. • You can check your work using the Administration Assistant for Windows. Click External OS Users to see the fourteen users you have added. You can right click a user name in the list and select Properties to see the granted roles in the Roles tab. • You can use the Server Manager control panel to observe the Oracle single-sign-on changes. In the left panel tree, click Server Manager (DEM) | Configuration | Local Users and Groups | Groups to show users and groups defined to Oracle by the Oracle Administration Assistant for Windows. You will see the group ora_dba containing all the Windows users you defined as Oracle DBA administrators in the OS Database Administrators – Computer selection. • After a role is defined to at least one user, you can see the role listed as a group in the Active Directory Users and Computers Users listing. For example, the Oracle role name CES_ADMIN is translated to the Windows group name ORA_ORCL_ CES_ADMIN_D. Double click the group name to see all Windows users who are included in that Oracle role. • You can open SQL Developer, expand SYS | Other Users in the left panel, and see the users you defined in the list. They are shown for example asDEM\ADMIN . The Windows user name is forced to upper case, and prefixed by the machine name DEM.

S&C Instruction Sheet 1047-521 33 System Administration

Deleting Users Deleting a user is a two-step process. First the user is deleted from the Oracle database if present there; then deleted from Windows.

Deleting a User from Oracle If a user has previously been identified to Oracle, they must be removed from Oracle before deleting the user in Windows. For that we use the Oracle tool Administration Assistant for Windows which is activated by the desktop icon with that name. It can also be found at Start menu | All Programs | Oracle - OraDb11g_home1 | Configuration and Migration Tools. This will open the Oracle Administrative Assistant for Windows dialog. Follow these steps to delete a Windows user from Oracle: • In the left navigation windows right click on the database ORCL, and then click Connect Database... This will expand the dialog. • Double click External OS Users to show the list of existing Windows users that have been identified to Oracle. This will expand the dialog. • Right click on the user you wish to delete and choose Delete. Click Yes in the pop up dialog asking you to confirm the deletion. The list of users will then be redisplayed, minus the user you just deleted.

Deleting a User from Windows Follow these steps to delete a local Windows user: • Click the Server Manger icon on the task bar immediately to the right of the Start button. This opens the Server Manager control panel. • In the left pane, click on Server Manager (DEM) | Configuration | Local Users and Groups | Users. Then right click on the user you wish to delete and choose Delete. • On the warning message Each user account has a unique identifier…, click Yes. • Deleting a domain user must be done by a domain administrator on a domain controller.

Installing S&C From time to time, the various S&C applications will require updating. The five S&C Application Updates Applications are DAS, DCR, DSC, HDE, and HSV. Three of these applications are Windows services: DAS, HDE, and HSV. The successful operation of these S&C application updates is sensitive to the database version. The revision level of the database must match the versions of the applications, and is checked as part of the application installation process. Typically, if a database update is required, an Oracle script will be provided. You must apply the Oracle script to update the database before installing the application updates. The release note for the application update will indicate what, if any, database updates are required. All of the application updates utilize the Microsoft Installer and for the most part are fully automated. NOTICE Before updating each application, first stop the service, or abort all copies of the application running on all user IDs, then uninstall it using the Programs and Features applet in the Windows Control Panel.

On a machine in service, the most recent version of each application should be placed on the machine under C: \Downloads\S&C Electric\. There is a subfolder with the name of each application, and subdirectories under each application where recent versions are stored.

34 S&C Instruction Sheet 1047-521 System Administration

For the three service applications, HSV, HDE and DAS, some additional configuration is required. Use: Start | Administrative Tools | Services to open the Services control panel. The S&C application name and Windows Service display name equivalence is as follows: Acronym Windows Service Name HSV Hub Supervisor HDE Hub Dispatcher DAS S&C Device Access Server For security reasons, both HSV and HDE should be installed explicitly for operation under a configured Logon. If S&C is administering the software versioning, the Logon ID should be sandc. If S&C is not administering the system, open the Properties of these two services using the Services manager and enter a user name granted administrative rights and also configured inside Oracle (match the privileges granted to the sandc user for reference). The user name should be one that is not explicitly assigned to a person, and cannot be used to logon to the machine—it is used entirely to authenticate critical applications. The service startup type for both is Manual. Set the HSV service startup type to Automatic (Delayed) so that the HSV will startup automatically upon boot up of the DEM. The delay allows the Oracle database services time to complete their initialization before the HSV attempts to access the database. The HSV will in turn start the HDE and the DAS as it starts up.

DCR Authorization File The DEM Control Room (DCR) application requires a software license or Activation File to operate. If this file is not present, the DCR will post and error message and exit. The Activation File contains an expiration date. After that date, the DCR will still function, and it generates a warning message for the operator. The Activation File contains MAC Addresses of the DEM computers where it will enable the DCR. One of the MAC Addresses in the Activation File must match the MAC Address of the LAN adapter being used by the DCR. Activation Files may be requested from the S&C IT Department. The error message generated by the DCR contains only one MAC Address, but you need to add both MAC Addresses to the Activation File because, depending on customer network configuration, the other MAC Address may be used by the DCR in the future. To list both MAC Addresses, open the Command Prompt window and enter the command route print. Scroll back the Command Prompt window, and you will see the two MAC Addresses near the beginning of the route listing. An Activation File covering DEM’s used internally for S&C is available at C:\Downloads\S&C Electric\DCR\ActivationFile xml. . For DEM’s installed at a customer, the customer may obtain the Activation File at the S&C Automation Customer Support Portal, http://sandc .com/support/automation-customer-support-portal .asp. Copy the S&C license activation file ActivationFile.xml to the folder C:\Program Files (x86)\S&C Electric\DEM Control Room\. To avoid the Access Denied message, use the Security tab of folder Properties to add the DEM Control Room folder to the Security Group Users, with full control, before copying the file. The presumption here is that the ActivationFile.xml will contain the MAC Addresses of that DEM. If not, the DCR won’t start, and you will need to request an Activation File from the S&C IT Department, that contains the MAC Addresses for that DEM.

S&C Instruction Sheet 1047-521 35 System Administration

DEM Controller Time This section describes how the GPS receiver is integrated into the DEM Controller Source software. DEM Controller Relationship to the Domain Depending on customer needs, the DEM Controller server can be configured in one of two modes.

Member Server in a Customer Active Directory Domain The DEM Controller server is joined to the customer provided domain as a member server. The Active Directory domain is controlled by a Primary Domain Controller server or PDC. All member computers or servers attached to the domain obtain time information from the PDC. If a LAN connection is temporarily unavailable, the member computer relies on the BIOS clock as a time base. When a connection to the PDC again becomes available, the member computer operating system obtains time information from the PDC, and also updates the BIOS clock with that information. Windows operating systems include a service w32time or Windows Time Service, that by default will look to the PDC for a time reference. On the PDC, the Windows Time Service can be configured to obtain accurate time information from an external source, typically on the Internet, but perhaps from another Network Time Protocol or NTP source, such as an atomic clock or shortwave radio information provided by NIST.

Standalone Server In this case, each DEM Controller is configured as a server-member of the DEM workgroup. The time base can be derived from an NTP server on the internal LAN, the GPS receiver built into the DEM Controller, or the BIOS clock (if GPS information is not available). The GPS receiver outputs NMEA formatted messages over a COM serial port connection (COM3, connected internally on the WinMate PC). Each message is an ASCII text line ending with CR/LF. There are multiple NMEA message types, providing information about time, satellite positions, position, speed, altitude, etc. The standard w32time or Windows Time Service, which is derived from an early version of Network Time Protocol or NTP software, is not designed to accept NMEA formatted messages. So we disable the Windows Time Service and replace it with the Network Time Protocol service. The NTP service is then configured to receive NMEA formatted messages from the COM serial port. The NTP service updates the operating system time, and the BIOS clock with time information received from the GPS satellite.

Configuring an Internal LAN Visible Time Source for a Standalone DEM Controller If the time source is an NTP server, visible on the internal LAN, then the default Windows Time Service can be used to access it. Time sources such as an atomic clock, or shortwave radio information provided by NIST, or GPS receivers can be used if they contain a built in NTP server that attaches to the LAN. The default Windows Time Service can be configured to utilize these external NTP servers as a time source. Windows will communicate with the NTP server via UDP over port 123, both inbound and outbound. Be sure to open this port on any firewalls or gateways between the DEM Controller and the NTP server time source. These steps configure the indowsW Time Service on a standalone DEM Controller configured as a PDC: • Log into the DEM Controller and open the command prompt. • Open the Registry Editor - Type regedit

36 S&C Instruction Sheet 1047-521 System Administration

• Edit the following keys in the register: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config] AnnounceFlags=dword:00000005 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\ Parameters] Type=NTP [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\ TimeProviders\NtpServer] Enabled=dword:00000001 • Close the Registry Editor • Pick a Known Valid Time Source (GPS NTP Clock, NTP Server, etc.) – Open the Date and time Setting – Open the Internet Time tab – Change the settings to the IP of your Valid Time Source – Update and verify that the clock successfully synchronizes • Open the command prompt as administrator and type the following commands (you can skip this step by running the SetNTPDEM.exe) – net start w32time (start the service) – w32tm /config /reliable:yes – w32tm /config /update – w32tm /resync – net stop w32time – net start w32time • Check the Event Viewer for any errors.

Configuring the DEM’s GPS Receiver as a Time Source The DEM comes with a built-in GPS receiver, internally wired to COM3 and communicating at 9600 BAUD. To confirm that the GPS is working, and that an adequate antenna connection has been established, the uCenter user interface (also pre-installed on the DEM) can be used to verify that the GPS is receiving and maintaining time. Simply invoke uCenter, and select the time clock window on the fourth line of the window (second to last icon). Then select View/Packet Console and verify that only one message, GPRMC is being generated, at a one-second rate. Please note that since the GPS is connected via a standard COM port, and since the port cannot be shared simultaneously with a different application, be sure that the NTP service in Windows is stopped before trying to use uCenter, and be sure to exit from uCenter before re-enabling NTP.

Configuring the NTP Service For convenience, the DEM is pre-configured with a current version of NTP. More recent versions, if available, can be downloaded from http://www .meinberg .de/download/ntp. The NTP service is installed but is not configured to start automatically. Changing the start-up type to automatic, starting the service, and insuring that the GPS antenna has adequate signal to lock-on satellites should be all that is necessary to reconfigure the DEM as a system time source. The NTP service is a build of the open source NTP Server source code maintained by http://www .ntp org. .

S&C Instruction Sheet 1047-521 37 System Administration

Status of NTP can be determined using the NTP Time Server Monitor, also provided on the DEM. If the NTP service is operating properly, and the GPS has a satellite lock and is successfully providing time, the following display should be seen in the Status tab: See Figure 7. If the display shows no association, chances are the NTP service is not running. If it does show, but the display is not green on the status line, the antenna is probably not providing an adequate view of the sky. GPS repeaters are available to improve the signal if necessary.

Figure 7. NTP Display screen.

DEM Audio One consideration is that Windows 7 comes with the correct Remote Desktop software Annunciations and configuration. For Windows XP, it also may require an installation of a new Remote Desktop 7.0 client and an operating system configuration adjustment. See Microsoft support page for details on configuration and download links: http://support microsoft. . com/kb/969084. You need to make this adjustment to your Remote Desktop Connection client to hear the audio. See Figure 8 below, and Figure 9 on page 39.

Figure 8. Remote Desktop Connection, Local Resources tab.

38 S&C Instruction Sheet 1047-521 System Administration

Click the remote audio settings, and set this way:

Figure 9. Remote Desktop Connection, Remote Audio screen.

Windows Patch Since the DEM is designed to operate reliably in a secure, stand-alone environment Management isolated from direct access to the Internet, software updates require special attention. Because the DEM is isolated, it is less-susceptible to security compromise from outside influences, thus frequent security patching should not be necessary. However, periodic updates may be desirable, and security threats specific toWindows Remote Desktop or other significant concerns could justify more-timely patching. The following options are available to patch the Windows operating system, and other software components on the DEM when necessary: • Make a temporary internet connection available to the DEM, either by connecting an Internet-accessible modem to the DEM, or buy enabling an internet connection on the network the DEM uses. Then enable and run Windows Update on the DEM, and allow the patches to be applied. Go to Control Panel/Windows Update to initiate the update process. • Note the date when Windows Update was last run on the DEM, then manually download and apply all patches with a more-recent date. The date can be found on the Windows Update window. The patches can be downloaded from the Microsoft web site. • Provide a connection to the DEM from an in-house patch server that can automatically keep the DEM updated. • Save monthly patch image files from Microsoft, and apply all of them, in order, from oldest not yet applied, to newest, at an appropriate time. The link to Microsoft’s monthly patch collection is http://support microsoft. .com/kb/913086 With any of the above options, one or more reboots of the DEM may be required. For this reason, automatic, timed updates of the DEM are unacceptable. Even if reboots are not required, it is possible for updates to not install properly, potentially leaving the DEM in an inoperable state. Thus for a variety of reasons (also see below), unsuper- vised, automatic updating is not recommended after the DEM has been commissioned.

S&C Instruction Sheet 1047-521 39 System Administration

NOTICE Prior to patching the system, the McAfee Solidifier should be fully disabled using the SADMIN DISABLE command, and re-enabled afterwards . Failure to do so can cause system patches to install incorrectly, damaging a working system, or to not install at all . McAfee VirusScan should also be disabled for the same reason . The recommended patching procedure is as follows: 1. Back up the DEM, or verify that a current, bare metal backup is available. See DEM Backup on page 27. 2. Reboot the machine to verify that it comes up normally, and spot check normal operation. 3. Disable McAfee Solidifier(see Solidifier Administration on page 84) andMcAfee VirusScan. 4. Set HSV to manual startup, and reboot the machine again. 5. Apply the necessary patches per one of the options above, using the documentation available on the Microsoft Website. Reboot the machine when prompted by the patch installers. 6. Set HSV back to automatic, delayed startup. 7. Re-enable McAfee Solidifier (see Solidifer Administration on page 84) and McAfee VirusScan. 8. Reboot the machine, and verify normal operation.

DEM Event and The DEM provides extensive diagnostic indications to assist with troubleshooting. To Diagnostic Logs better-understand how to diagnose and troubleshoot problems, first review the Section: DEM Software Architecture, on page 97. Troubleshooting is a complex subject with many potential issues, and many ways to identify and resolve them. This section provides useful information about the most- common issues, troubleshooting tools, and techniques.

Troubleshooting Resources Various applications, files and logs are available to assist with problem diagnosis: • The DCR is the first place to go when problems are suspected. The main screen provides general information on the status of critical real-time tasks. More-impor- tantly, the DCR dashboards all clearly indicate when data is not being updated. This usually indicates abnormal system operation, such as the dispatch engine not running. If the dispatch engine security credentials were to become invalid through an improperly administered change of system passwords, the dispatch engine service would not start, and dashboard data would not be updated. • The DSC presents basic status on all of the DEM’s real-time applications, as well as critical event logs. • The location C:\DEMData contains vital system configuration and logging data. There are three subfolders, DCR, HDE, and DAS for applications of the same name. Sub- folders contain configuration data (ex:C:\DEMData\HDE\config ) and text log data (ex: C:\DEMData\HDE\log) for the respective application. For system debugging, the text logs for HDE and DAS should be checked first by the system administrator. NOTE: The amount of information logged is controlled by user selections that can be viewed or modified from the DSC. • The Windows Event Log also provides critical information useful for debugging. All of the DEM applications write critical error, or other diagnostic information, to this Log. To inspect the logs, open the Server Manager and navigate down the menu

40 S&C Instruction Sheet 1047-521 System Administration

on the left hand side of the screen to Server Manager | Diagnostics | Event Viewer | Windows Logs | Application. Right click on the desired log in the menu, and select Filter to eliminate messages of an undesired nature. • The Windows Services control panel applet provides status and control for the various services of direct interest to the DEM. Certain system problems can prevent critical services such as HSV, HDE, or DAS from running. • The Oracle database provides several troubleshooting resources, most of which are highly detailed and specialized for different components of the database management system. Here are some basic logs that can provide basic direction when a system failure occurs. – C:\app\admin\diag\rdbms\orcl\orcl\trace\alert_orcl.log Typical messages found in the alert log are: database startup, shutdown, log switches, internal errors, space allocation errors, initialization parameter values, and administrative operations. – C:\app\admin\diag\tnslsnr\DEM-SN20\listener\trace\listener.log The listener log contains audit trail information for client connection requests, as well as start, stop, and status events for the listener service. Due to the high volume of activity within the DEM, logging to this file is turned off by default.

Troubleshooting Procedure The following items should be inspected to determine if any abnormal condition is present. The number in the Figure reference is the number shown in the figure. 1. DEM Dispatch Engine Status (Figure 10, #1 on page 43). The text displayed will identify the general nature of the problem: a. Running. This is the normally-displayed contents. If anything else is displayed in the field, an unusual condition exists. b. Not running. This means that the HDE (Hub Dispatcher) service is not running, and/or there is a serious configuration problem preventing it from running. Go to the Services entry in the Server Manager and inspect the service status. If it is not running, attempt to start it from the Services screen. If it starts and then stops, further information on the problem may be found in the log for HDE. c. One or More Transformer Monitors are not Communicating. This usually means the problem is the communication channel to the Transformer sensing points. Perhaps the Ethernet Interface is unplugged, or the IP address for the DEM interface to the Units is incorrect, or some other system-wide problem exists. The Transformer dashboards in the DCR can be used to determine which Transformer Monitor is not communicating. From the DEM, use PING to see if basic connectivity to the device exists. Otherwise, troubleshoot this as a typical communication problem. d. One or More Feeder Monitors are not Communicating. This usually means the problem is the communication channel to the Feeder sensing points. Perhaps the Ethernet Interface is unplugged, or the IP address for the DEM interface to the Units is incorrect, or some other system-wide problem exists. The Feeder dashboards in the DCR can be used to determine which Feeder Monitor is not communicating. From the DEM, use PING to see if basic connectivity to the device exists. Otherwise, troubleshoot as a typical communication problem. e. All CES Units are Not Communicating. This usually means the problem is the communication channel to the CES Units. Perhaps the Ethernet Interface is unplugged, or the IP address for the DEM interface to the Units is incorrect, or some other system-wide problem exists. From the DEM, use PING to see if basic connectivity to one or more units exists. Otherwise, troubleshoot as a typical communication problem.

S&C Instruction Sheet 1047-521 41 System Administration

2. DCR Configuration Validation Status (Figure 10, #2 on page 43). This field provides local status on the DCR-managed DEM configuration. It is updated whenever the DCR configuration is validation tested File/Validate( Configuration), or applied to the real-time system (File/Commit to production DB). If the configuration has a diagnosable error, the field will so indicate, and theErrors/Warnings tab is automatically displayed, showing the details. 3. Dashboard Status (Figure 11 on page 44). There are several useful bits of information on this window (although the graphic image shown is of the CES Unit dashboard, all dashboards are updated with comparable logic). If you are looking for unit-specific issues, you may want to view the dashboard for each of the units in the system—the relevant screen information is below: a. Dashboard refresh timestamp (Figure 11, #1 on page 44). This shows the time and date when the dashboard data was last refreshed from the remote device. If this timestamp is not current, it means the dispatch engine is not running, because the dashboard timestamp is updated even if the CES Unit is not communicating. b. Communication Status (Figure 11, #2 on page 44). If this displays Ok, it means the data shown on the screen actually came from the device. If it shows something like CommunicationError, it means the device did not respond to the most-recent poll, and the Ethernet interface could also be down. If it shows Control Error, it means that the CES Unit is in an inoperable state known as Maintenance Mode. If it shows NotApplicable, it means that the communication channel is not configured. c. Configuration Status (Figure 11, #3 on page 44). This normally shows Unmodified, but will indicate Modified if the configuration has been changed inside the DCR, but the changes have not yet been applied to the real-time system. d. Along the top of the dashboard, a couple of off-normal states are brought to the user’s attention (Figure 11, #4 on page 44). The red colored banner HDE Not Running displays if the HDE has not sent a regular, 10-second heartbeat for over a minute. It will display as purple if the configuration of the DEM has been modified inside the DCR but has not yet applied to the real-time system. It will display blue if the dashboard data is older than the poll interval plus one minute. 4. CES Unit Alarm Status (Figure 12 on page 45). This window is available from the Alarms button on the DCR Unit Dashboard, and provides detailed CES Unit status. The alarms are prioritized, with Information alarms indicating conditions that represent normal operation but may also represent unexpected or undesirable operation, such as unit-initiated islanding. Other than Information alarms, most alarms indicate some form of unusual or abnormal behavior. The alarm screen will be instrumental in identifying unit-related issues. 5. DSC System Status (Figure 13 on page 46). The System Status/Service Status line (Figure 13, #1 on page 46) displays the following indications: a. System Alarm. True if a major system problem is preventing HDE from running. b. Comm Alarm. True if any Feeder Monitor (typically a breaker with exter- nally-visible sensing), or any Transformer Monitor, or all CES Units are not communicating. This means that communication is fundamentally impacting energy dispatch functions. c. Database. False if the database service is not operational. d. HSV. False if the System Supervisor is not up and running. Since the Supervi- sor is responsible for maintaining operational status in an unattended setting, this condition should be investigated, and should not be allowed to persist. Look in the Windows event log for diagnostic information, or attempt to start the service from the Server Manager Services menu.

42 S&C Instruction Sheet 1047-521 System Administration

e. HDE. False if the energy dispatch engine is not operational. This is usually due to either a catastrophic problem of some sort, or the HDE and HSV services were stopped intentionally. Check the end of the most-recent HDE log file in the DEMData directory, then the Windows Event log if the problem is not clear from the contents of the log. f. DAS. Use the same strategy as above for HDE. g. Heartbeat. This indication should be blinking. It indicates that the energy dispatch engine is operational, however that does not preclude the possibility that there is some sort of operational error present. The HDE is responsible for generat- ing the heartbeat indication, and suspends the heartbeat as a means to signal the system supervisor to attempt to restore normal operation by restarting services, and if that does not work, to reboot the DEM. 6. DSC Chat Log (Figure 13, #2 on page 46). The log contains a combination of chat messages, user logon activity, and critical messages from the real-time services. Look in the list of events for indications of major issues. 7. HDE/DAS Event Log Control (Figure 13, #3 on page 46). These two fields allow you to control the amount of log information recorded by DAS or HDE. This information is logged in the text files stored in theDEMData directory tree.

Figure 10. DEM Control Room - Main screen.

S&C Instruction Sheet 1047-521 43 System Administration

Figure 11. CES Unit Dashboard screen.

44 S&C Instruction Sheet 1047-521 System Administration

Figure 12. DEM Control Room - Unit Alarms Dashboard screen.

S&C Instruction Sheet 1047-521 45 System Administration

Figure 13. DEM Session Collaborator - Main screen.

The DEM System Collaborator (DSC) GUI application gives you a high level summary of DEM status. The chat log window contains critical error and status messages from the HSV and HDE. The DSC also provides indicators on the status of the database and the HSV, HDE, and DAS services. The resources listed above can be used to solve the cause of some major failures: • Oracle services not running. Use the Services control panel applet to check that these services are started: – OracleServiceORCL – OracleOraDb11g_home1TNSListener (NOTE: Title may vary slightly.) – OracleMTSRecoveryService – OracleDBConsoleorcl • Improper IP address specification. Use SQL Developer to verify and, if necessary, modify the addresses in the CES_HUB.CONNECTIONS table. See SQL Developer, on page 51. • No LAN connection. The HDE will not start if a LAN connection is not available to DEM back panel ETH1 port, and ETH2 port if configured in the CES_HUB. CONNECTIONS table. Do you have a LAN cable plugged into the ETH port, and is it actually connected to a live network? • HDE, and/or HSV services do not specify a login ID with the appropriate, matching Windows and Oracle administrative access rights. Without that logon, the services will not have access to the Oracle database. NOTICE After reinstalling any of these services with new versions, you must reset the service logon using the Services control panel applet .

• Missing or obsolete DCR authorization license file that matches the MAC addresses of the DEM computer. The DCR will notify you of this at startup. See DCR Authorization File on page 35 for details on how to get and install an updated authorization file.

46 S&C Instruction Sheet 1047-521 System Administration

• Oracle schema revision does not match S&C applications. Examine the HDE and DCR log files located inC:\DEMData for indications of what database elements do not match the S&C application. Use SQL Developer to review the currently installed schema and application revision numbers in the table ITSG_COMMON. APPVERSION. This table also shows the revision’s creation date, and the date the revision was installed.

Oracle Database • First indicators—Services control panel should indicate a status of Started. Troubleshooting – OracleServiceORCL – OracleOraDb11g_home1TNSListener NOTE: The beginning of the title may vary slightly. TNSListener is the operative title.

If either of these services does not show a status of Started, click the Start link in the left portion of the window. See Figure 14.

Figure 14. Oracle Services control panel.

• Deeper dive—Verify that the Oracle database and listener are actively running. – Start Task Manager, see Figure 15.

Figure 15. Start Windows Task Manager.

S&C Instruction Sheet 1047-521 47 System Administration

– On the Processes tab, check Show processes from all users, and find oracle.exe. You may need to sort the processes by clicking the top of the Image Name column. See Figure 16.

Figure 16. Windows Task Manager.

– Find TNSLSNR.EXE, see Figure 17.

Figure 17. Windows Task Manager Processes tab.

48 S&C Instruction Sheet 1047-521 System Administration

• Check whether the listener can be reached, and is configured correctly. – From a command prompt, enter TNSPING ORCL. See Figure 18.

Figure 18. Administrator: Command Prompt window.

– Verify that tnsping returns OK, indicating a successful connection. Common error messages: – TNS-12541: TNS:no listener The listener is not actively running. Try to restart the listener using the Services control panel. – TNS-03505: Failed to resolve name Listener is running, but service name (orcl) was either entered incorrectly at the command prompt, or listener is not configured correctly. Contact S&C for technical support. • Try connecting to the database using SQL Developer. – See the section SQL Developer—Connections, on page 51, for instructions. • Enable the listener log. Due to the high volume of activity within the DEM, listener trace logging is turned off by default. To determine how connection requests are being processed by the listener, temporarily enable listener trace logging. This can only be done by a user with administrative privileges. – Make a backup copy of c:\app\admin\product\11 .2 .0\dbhome_1\NETWORK\ ADMIN\listener .ora – Edit listener.ora using notepad.exe and place a “#” at the beginning of the line containing LOGGING_LISTENER = OFF, then save the file – Restart the listener using the Services control panel – Try connecting to the database using SQL Developer, keeping note of the time during the attempt. You will look for this time value in the next step.

S&C Instruction Sheet 1047-521 49 System Administration

– Open the file C:\app\admin\diag\tnslsnr\DEM\listener\trace\listener .log using notepad.exe, and scroll to the bottom of the file, looking for lines similar to those below, with times close to your attempted connection. The zeroes at the end of the lines indicate successful connections. Note that line breaks (
) were placed within the lines for display purposes within this document. These are normally continuous lines. Connection from SQL Developer 31-JAN-2014 15:16:27 * (CONNECT_DATA=(SID=orcl)(CID=(PROGRAM=SQL Developer)
(HOST=__jdbc__)(USER=your_name))) * (ADDRESS=(PROTOCOL=tcp)(HOST=127 0. 0. .1)
(PORT=58506)) * establish * orcl * 0 Connection HubControl.exe 31-JAN-2014 15:24:11 * (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=orcl)
(CID=(PROGRAM=C:\Program?Files??x86?\S&C?Electric\HubDispatcher\HubControl .exe)
(HOST=DEV-ASD404)(USER=admin))) * (ADDRESS=(PROTOCOL=tcp)(HOST=127 .0 .0 .1)
(PORT=58705)) * establish * orcl * 0

– Remember to disable listener logging by removing the “#” you entered earlier in listener.ora, saving the file, and restarting the listener service.

50 S&C Instruction Sheet 1047-521 Database Administration

The following describes Oracle Database administration as applied to the DEM.

SQL Developer Oracle’s SQL Developer application is a general purpose database querying, updating, and monitoring tool. It can be run directly from the folder where it resides, and unlike most software, it doesn’t need to be installed, although some configuration is needed to use it properly with the S&C database schemas. The setup steps include creation of connections to the database, and setting some preferences.

Connections Connections carry the logon information used to connect to a specific User ID. Three connections are typically needed to support the S&C database: CES_HUB, ITSG_COMMON, and SYS. In Single-sign-on environments, the setup for individual account IDs differs, as shown in the section SQL Developer for Single-sign-on Accounts on page 102. • If the Connections panel is not already visible, open it from the View| Connections menu option. • Click the green Plus icon to open the New Connection window. See Figure 19.

Figure 19. Oracle SQL Developer, New / Select Database Connection window.

• On the New / Select Database Connection screen, see Figure 20, complete the highlighted sections, leaving Connection Type as Basic, Role as default, and all other boxes unchecked. Click the Test button, then click Save if successful.

Figure 20. Database Connection window.

S&C Instruction Sheet 1047-521 51 Database Administration

Adding a SYS Connection When adding a connection for the SYS user ID, you will also need to choose the SYSDBA Role, as shown in Figure 21.

Figure 21. Database Connection window, choose a Role.

Opening Existing SQL Developer Connections • To view and interact with an existing database schema, open the Connections tab. Choose a connection, right-click, and select Connect from the pop-up menu. See Figure 22.

Figure 22. Database Connection window, to select and connect.

52 S&C Instruction Sheet 1047-521 Database Administration

• Alternatively, you may open a connection by clicking on the plus icon to the left of the connection name. Expand sections of the Connections navigation tree to explore the database schemas, and view table data. See Figure 23.

Figure 23. Select a database with the plus icon.

Preferences and Features These preference settings help the application avoid known security issues, aid support of the database, and reduce the resource footprint of the application. They can be accessed through the Tools|Preferences and Tools|Features menu options. • Disable auto-check for extensions (Tools|Features) Prevents unauthorized attempts to access the internet. Uncheck Automatically Check for Updates. under the Check for Updates menu in the upper right corner. See Figure 24.

Figure 24. Disable Check for Updates on the Manage Features and Updates screen.

S&C Instruction Sheet 1047-521 53 Database Administration

• Disable Automatically Check for Updates (Tools|Preferences) An automatic update may make changes that stop operation of the DEM. See Figure 25.

Figure 25. Disable Automatic Updates on the Preferences screen.

• Disable Database Migrations and Version Control (Tools|Features). See Figure 26.

Figure 26. Disable Database Migrations on the Manage Features and Updates screen.

54 S&C Instruction Sheet 1047-521 Database Administration

• Uncheck Database, then expand it to select individual features (Tools| Features) See Figure 26 on page 54. • The only checked features under Database should be: DBA Navigator, File Navigator, Real Time SQL Monitoring, Scheduler, Schema Browser, and Security. See Figure 26 on page 54. • Disable Completion Insight (Tools|Preferences|Code Editor|Completion Insight) Use of Completion Insight can produce unintended spelling changes and can slow down keystrokes in the code editor. Uncheck all options on this page. See Figure 27.

Figure 27. Disable Completion Insight on the Preferences screen.

S&C Instruction Sheet 1047-521 55 Database Administration

• Show Line Numbers (Tools|Preferences|Code Editor|Line Gutter) Showing line numbers in the margin of the Code Editor helps when reviewing scripts with others in support situations. Check Show Line Numbers in the Code Editor:Line Gutter screen. See Figure 28.

Figure 28. Check Show Line Numbers on the Preferences screen.

• Disable Startup Tips and the Start Page (Help|Start Page / Help|Tip of the Day) Prevents the application from unauthorized attempts to access the internet. The Start Page can be closed using the X on its tab. This will prevent it from automatically opening on startup. The Tip of the Day window can be disabled by unchecking Show tips at startup. When needed, each of these windows can be accessed from the Help menu. See Figure 29.

Figure 29. Oracle Start Page Tip of the Day screen.

56 S&C Instruction Sheet 1047-521 Database Administration

Running Scripts and Procedures from SQL Developer SQL Developer can be used to launch SQL commands of various types, from simple queries to display data from the tables or scripts that alter the database structure, to commands that launch complex stored procedures. The primary interface for these actions is the SQL Worksheet. Without getting into a complete tutorial, the basics of launching commands in SQL Developer are simple: they are either run as Statements or as Scripts. Each produces a different kind of output, and each is intended for a different kind of command, but even that can be a matter of preference for some commands. Statements • Run Statement button executes one statement or block of highlighted statements or Ctrl-Enter key combination.

• Statements are terminated by a semicolon or semicolon and forward slash. See Figure 30. • Output of Select statements directed to spreadsheet-style Query Result tabs. • Output of Inserts, Updates, etc., goes to text-style Script Output tab. • Output of a block of statements goes to separate Query Result tabs.

Figure 30. SQL Worksheet screen showing statements.

S&C Instruction Sheet 1047-521 57 Database Administration

Scripts • Run Script button executes all statements on worksheet or block of highlighted statements or F5 key.

• Collection of separate statements. See Figure 31. • Typically very little program flow logic – commands run sequentially to end. • All output from Run Script goes to Script Output tab, including all query output.

Figure 31. SQL Worksheet, Script Output tab.

58 S&C Instruction Sheet 1047-521 Database Administration

Rebuilding the Oracle If a catastrophic failure occurs, you may need to rebuild the Oracle database. This Database means uninstalling and reinstalling the Oracle database software, and then reinstalling the CES_HUB and ITSG_COMMON schemas from the backup ‘data pump’ or RMAN files.

Uninstalling Oracle 11g from Windows Oracle uses its own Universal Installer to manage installation and configuration of multiple Oracle products. A number of additional steps are required after performing a deinstall to clean up files and registry entries that prevent a smooth reinstallation of Oracle 11g. The step by step procedure to deinstall Oracle 11g: • Deinstall the Oracle Client, if present. • Start the Oracle Universal Installer from the Start Menu | Oracle - OraClient11g_ home1 | Oracle Installation Products | Universal Installer. • Click the Deinstall Products… button. • On the Contents tab of the Inventory dialog, check the Oracle Home ‘OraCli- ent11g_home1’ box. • Click Yes on the Confirmation dialog. • Start the Oracle Universal Installer from the Start Menu | Oracle - OraDb11g_ home1 | Oracle Installation Products | Universal Installer. • Click the Deinstall Products… button. • On the Contents tab of the Inventory dialog, check the Oracle Home ‘OraDb11g_ home1’ box. • The Remove button on the bottom right becomes active, click it. • This message box appears. See Figure 32.

Figure 32. Deinstall command warning box.

• Start a Windows Command Prompt window and enter the command given in the message box. • For the prompt Specify the storage type used by the Database ASM:FS []: use FS. • Next use the registry edit tool to delete certain registry entries. As always, the registry editor is a powerful tool that if used incorrectly can corrupt the registry to the point that only a bare metal restore of the entire disk image can remedy. Be careful! • Start a Windows Command Prompt window and enter the command regedit. • Delete the HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE key. This contains registry entries for all Oracle products. • Delete any references to Oracle services that exist in the following part of the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Oracle*. • Reboot your server. • If you wish to retain what remains of your old Oracle installation for post- mortem diagnosis of the log files, renameC:\app to something like C:\app_backup. Otherwise delete C:\app.

S&C Instruction Sheet 1047-521 59 Database Administration

• Delete the C:\Program Files\Oracle directory. • Remove any Oracle desktop icons that remain. • At this point you can now reinstall Oracle 11g database and Oracle 11g client as a new installation. • After these Oracle components are reinstalled, restore the database contents from a recent data pump backup.

Preparing Schemas The two schemas used in the DEM database are ITSG_COMMON, and CES_HUB. Once and Roles the Oracle database software has been installed, these schemas need to be created, configured with appropriate privileges, and provided with some basic administrative procedures. Two scripts should be run in SQL Developer: • SCHEMAS AND EXPORTS [yyyymmdd].sql – Open an SQL Developer connection under the SYS user account. – Open SCHEMAS AND EXPORTS [yyyymmdd].sql. Ensure that the worksheet is set to the correct connection by looking at the Db Connec- tion selector at the right of the window. See Figure 33.

Figure 33. Schemas and Exports screen tool bar.

– Launch, using the Run as Script button , or F5 key. • TSG_ROLE_GRANTS [yyyymmdd].sql– – Open an SQL Developer connection under the ITSG_COMMON user account. – Open ITSG_ROLE_GRANTS [yyyymmdd].sql. – Launch, using the Run as Script button, or F5 key.

Exporting Dashboard To enable offline analysis of dashboard history, a utility program namedDEM DSHB History to Excel to XLSX exports a complete set of dashboard data directly to a Microsoft Excel file. The file can be copied to a separate workstation for viewing and analysis in Excel, and archiving in a suitable location. All time-stamped data captured in the five dashboard tables since the last restart of the Hub Dispatch Engine is exported to the file.

Setup • Files needed: – C:\Downloads\S&C Electric\DB\dem_dshb_to_xlsx_2 .0 zip. – C:\DEMData\DB\dshb_template .xlsx – C:\DEMData\DB\DSHBExportConfig .xml – C:\DEMData\DB\DSHB_Export_Rotate cmd. – C:\DEMData\RunDshbExportRotate xml. – C:\DEMData\ RunDSHBExports xml. • Extract dem_dshb_to_xlsx_1.0.zip to folder: C:\Downloads\S&C Electric\DB\dem_dshb_to_xlsx_1 .0

60 S&C Instruction Sheet 1047-521 Database Administration

• Create a shortcut to the following file on the desktop: – C:\Downloads\S&C Electric\DB\dem_dshb_to_xlsx_1 0\dem_dshb_to_xlsx\dem_. dshb_to_xlsx_run .bat • Add two tasks, RunDSHBExports and RunDshbExportRotate, to the Server Manager’s Task Scheduler – Expand the Server Manager navigation tree to Configuration/Task Scheduler/Task Library, and right-click on Task Library . Select Import Task… – Choose C:\DEMData\DB\RunDSHBExports .xml – Click OK, then enter the password for the DEM\sandc user – Repeat these steps for RunDshbExportRotate xml. • The Rotate process copies the newest compressed file to the archive folder on F: and drops the oldest file. • The task schedules are preconfigured with the export starting at 12:30 a.m., and the Rotate process starting at 12:55 a.m. These schedules may be adjusted as needed, but please allow ample time for the export to complete before the scheduled Rotate.

Exporting Dashboard History to Excel Files • Run dem_dshb_to_xlsx_run.bat by clicking its shortcut on the desktop. Progress for the export is displayed as shown in Figure 34, with total counts for the five dashboard tables given as they are placed into the Excel workbook.

Figure 34. Dashboard export command.

• The resulting Excel file names include the date and time of the export in the format: dshb_export_[yyyymmddhhmiss]; e .g ., dshb_export_20140128163001 .xlsx . • The Excel file is compressed in the 7-zip format to for easy transfer to another workstation for analysis in Excel. Excel is not installed on the DEM. – The latest compressed file is located in the folder C:\DEMData\DB. – Archive file names include the creation date and time in the format:dshb_ export_[yyyymmddhhmiss]; e g. ,. dshb_export_20140128163001 7z. . – Archive files from a scheduled nightly exportare placed in F:\DSHBBackups, with up to 30 days of archives, depending on available space.

S&C Instruction Sheet 1047-521 61 Database Administration

• Due to the extremely large size of these files, some exceeding 100MB, it is recommended that they are only opened on workstations that are not running critical applications. • Dashboard workbook The DSHB Export workbook contains a detail tab for each of the five dashboards, plus a brief summary tab. The detail data is largely unformatted to save space and to avoid masking data anomalies. All data columns from the tables are included. Additionally, some supporting data columns from configuration tables, such as unit names, are included to aid in analysis. – The Summary tab is intended to provide a brief look at the scope of data contained in the workbook. It does not summarize events or values found in the historic data. See Figure 35.

Figure 35. Dashboard workbook Summary tab.

s RowCount: Number of data rows in sheet. s ColumnCount: Number of data columns extracted from the source table, and any supporting data columns that may have been included. s BeginDate / EndDate: The dates and times may be different for each table, as the extracts are taken from tables that are constantly updating. – Minimal formatting is applied to the dashboard tabs. Some columns have been moved from their original positions within the tables to help in analysis. See Figure 36.

Figure 36. Dashboard workbook format.

62 S&C Instruction Sheet 1047-521 Database Administration

s REC_TIME is on the left of every tab, to aid in sequentially viewing events. s Identifying columns, such as feeder_id and unit_id, are located to the right of rec_time. s Freeze Panes has been applied to the time and ID columns, as well as the top-row title cells. s Alternating green and white bars are applied to make the data easier to read. s Column widths have been set to match the width of the data, as opposed to the title width. These may easily be changed by the user, when necessary. – Excel’s Filter capability (Ctrl+Shift+L) may be used to sort, find, and work with a subset of data. Click on cell A1 before activating filters to make sure the entire set of data is included. Please consult the Excel Help reference for more information. See Figure 37.

Figure 37. Excel Filter dialog box.

S&C Instruction Sheet 1047-521 63 Database Administration

DEM Alarm E-mail notifications for four major alarm conditions can be enabled to alert stakeholders Notifications and when such events occur. The Oracle database constantly monitors for Communica- Reports tion status, Inhibit, Isolate, and Trip Offline alarms, and uses its internal mail utility to send messages when alarms are issued or cleared. A 12-hour alarm summary report is also available on a scheduled basis. Multiple notification recipients can be enrolled for any combination of the four alarm conditions or report. The notification and reporting functions require the presence of a separate SMTP mail server to relay their messages.

Alarm Notification Example Alarm notifications are initiated at the Hub level of the DEM, triggered by changes in four critical alarm indicators in the DSHB_HUB table: COMM_ALARMS, INHIBIT_ ALARMS, ISOLATE_ALARMS, and TRIPPED_ALARMS. These indicators are roll-ups of corresponding alarms at the more detailed CES-unit level. When the database detects a hub-level change, it searches the DSHB_UNIT table to identify the units affected by the alarm conditions and sends an e-mail to recipients enrolled for the currently active alarm conditions (see Enroll Notification Recipients on page 66). The message includes both the system time and the alarm record’s time-stamp, for use in analyzing log files. Affected units are listed by the alarm type and whether the alarm has just been issued or cleared. See Figure 38.

Figure 38. Example of Alarm Notifications.

Alarm Summary Report Example The Alarm Summary report provides an enhanced view of unit alarm activity that inter- mittent notifications cannot. By viewing summarized alarm activity at regular intervals, administrators and operators can become aware of developing patterns and spot potential issues before they become problems. The preset reporting schedule launches the reporting procedure twice a day, providing counts and timings of the alarms that were issued and cleared during the preceding 12-hour period (see Configure Alarm Report Schedule on page 67). The procedure formats the report within an e-mail message and sends it to recipients enrolled for the report in the NOTIFY_RECIPIENTS table (see Enroll Notification Recipients on page 66). See Figure 39 on page 65 and Figure 40 on page 66. Summarized Information for all unit-level Comm Alarms, Inhibit Alarms, Isolate Alarms, and Tripped Alarms: • Count of alarms issued, by unit • Count of inactive periods, by unit • Total duration of active alarms, by unit • Average duration alarms were active, by unit • Total time alarms were inactive, by unit • Average time alarms were inactive, by unit.

64 S&C Instruction Sheet 1047-521 Database Administration

Figure 39. Example of Alarm Summary Report.

S&C Instruction Sheet 1047-521 65 Database Administration

Alarm Notification Example Enabling alarm notifications will require coordination with the customer’s IT staff messaging administrator, executing a SQL script in the database, and gathering a list of recipients, organized by alarm condition. • Configure SMTP Server The following information will be exchanged with the messaging administrator: – Send the DEM’s IP address to the administrator. – Obtain the SMTP server host and port from the administrator Port default=25. Lower port and Upper port may also be specified. • Edit and Run SQL script – SQL Developer, log in to the database using a SYSDBA role. – Open and edit C:\Downloads\S&C Electric\DB\DEM Alarm Notification Setup.sql s The four lines to be edited are marked by —EDIT BEFORE RUNNING s The SMTP server’s host address (on two lines) s For testing only, your own e-mail address, as Sender and Recipient (on two lines) s Save the script, then run it using the Run Script icon , or the F5 key.

• Enroll Notification Recipients Multiple notification recipients can be enrolled for any combination of the four alarm conditions or the alarm summary report. In SQL Developer, find the NOTIFY_RECIPIENTS table and click on it to open its data worksheet. See Figure 40.

Figure 40. The SQL Developer Notify Recipients screen.

66 S&C Instruction Sheet 1047-521 Database Administration

Users can be added in any order, and there is no limit to the number of users that can be added to an alarm group. There is no restriction on which users receive notifications. Recipients do not need to be enrolled as users of the DEM. Group e-mail addresses, such as DEM_administrators@ my_company.com may also be entered, if supported by the customer’s e-mail system. Alarm and report names are entered into the ALARM_NAME column. Valid names are: s COMM_ALARMS s INHIBIT_ALARMS s ISOLATE_ALARMS s TRIPPED_ALARMS s ALARM_SUMMARY_REPORT Alarm names must be uppercase and contain no spaces. Four editing buttons, see Figure 41, are available while enrolling your notification recipients: s Insert Row – for adding a record s Selected Row(s) – for removing existing records s Commit Changes – for saving your work s Rollback Changes – for canceling unwanted changes.

Figure 41. The data worksheet edit buttons.

Configure Alarm Report Schedule By default, the Alarm Summary Report is scheduled to run twice each day, at 5:00 A.M. and 5:00 P.M., seven days a week. This schedule can be adjusted within SQL Developer. Find and expand the Scheduler, then expand Schedules (see Figure 42 on page 68), and right-click on the ALARM_SUMMARY schedule and select Edit (see Figure 43 on page 68).

S&C Instruction Sheet 1047-521 67 Database Administration

Figure 42. Select Scheduler on the Connections screen.

Figure 43. The Edit Schedule dialog box, for Alarm Summary.

The Repeat Interval controls the times to launch the report. By default, it carries the following value: FREQ=DAILY;BYHOUR=5,17;BYMINUTE=0;BYSECOND=0

68 S&C Instruction Sheet 1047-521 Database Administration

Figure 44. The Repeat Interval dialog box.

Repeat Interval is edited by clicking the Pencil button, to the right. See Figure 44 The two parameters most likely to need adjustment are BYHOUR and BYMINUTE. BYHOUR, the Hours portion of the parameter, is preset to “5,17”, which will launch the report at hours 5 (5:00 a.m.) and 17 (5:00 p.m.). BYMINUTE is the Minutes portion of the hour, so if the report needs to be launched at 5:15, change BYMINUTE to 15. To change these values, use the hr:min:sec edit selector. An example will best explain how to change the schedule. Example: Launch reports at 6:30 a.m. and 4:30 p.m. • Click on the Clear button to erase the existing parameters. • Click on the Hours portion of the edit selector, then on the up or down arrows to change the hour to 6. • Click the Add button to save your choice to the parameter window, on the right. • Click on the Hours portion again, and change the number to 16 (4 p.m.), then click Add. • Click on the Minutes portion and change the number to 30, then click Add. • Do not add additional Minutes values, as this causes the report to run multiple times each hour. • Click the OK button to save your schedule parameters, and close the Repeat Interval window. • Click the Apply button to save these changes to the Alarm_Summary schedule.

S&C Instruction Sheet 1047-521 69 Database Administration

Restoring the Oracle Backing up the Oracle Database Database Nightly database backups are scheduled to run at 3:00 a.m., local time. These backups are archived as described in the section Restoring the Database from a Backup (.dmp) File on page 73. As needed, manual backups can also be created as an alternative to the scheduled backups, using the EXPORT_SCHEMA procedure described later. The goal of the DEM database backup strategy is not to back up the entire Oracle database, which contains an immense control overhead, but to back up the DEM operational schemas to create a logical, as opposed to a physical backup. A logical backup extracts structural descriptions and data values from the database, not the physical disk sectors. The CES_HUB and ITSG_COMMON schemas are backed up in these processes, but not SYS and other overhead schemas. The overhead schemas are specific to each installation of the database—created, controlled, and maintained by the database itself—and would consume an enormous amount of backup storage space for no purpose. The resulting DEM backup (.dmp) file contains sufficient information to effectively restore the DEM operational and configuration data. As a logical backup, it is more portable than a physical backup for restoration to a new server.

Prerequisites for Database Backup and Restoration • Check to see whether an export directory has been defined in the database. – Verify that the C:\TEMP directory exists, using Windows Explorer. – Open a SYS connection in SQL Developer. See Adding a SYS Connection on page 52. – In the Sys connection’s SQL worksheet, enter the following command: SELECT * FROM ALL DIRECTORIES WHERE DIRECTORY NAME LIKE ‘%EXPDP DIR%’; – Run the command using the Run Statement icon , or the Ctrl-Enter key combination, and review its output. It should contain the following, see Figure 45:

Figure 45. The Run Statement dialog for this step.

– If EXPDP_DIR does not exist, define it by running the following commands: s Create directory EXPDP_DIR as ‘C:\TEMP’; s Grant read-write on directory EXPDP_DIR to system, ces hub, itsg common; s Grant EXP FULL DATABASE TO system; s Grant IMP FULL DATABASE TO system.

• Check to see whether the SYS.EXPORT_SCHEMA stored procedure exists. – In the Sys connection’s SQL worksheet, enter the following command: SELECT OWNER, OBJECT_NAME, OBJECT_TYPE, AUTHID FROM ALL_PROCEDURES WHERE OBJECT_NAME LIKE ‘%EXPORT_SCHEMA%’; – Run the command using the Run Statement icon , or the Ctrl-Enter key combination, and review its output. It should contain the following, see Figure 46:

Figure 46. The Run Statement dialog for this step.

70 S&C Instruction Sheet 1047-521 Database Administration

– If EXPORT_SCHEMA does not exist, the procedure can be created by running the ‘EXPORT_SCHEMA 20140405’ script. Open it in an SQL Developer SYS connection, and run it using the Run Script icon , or the F5 key.

Changing the backup schedule Scheduled backups use Oracle’s command-line utility EXPDP.EXE, which can be executed from a DOS command prompt or from a batch file. The Windows Task Scheduler controls the execution of a task named Backup_dbSchemas, which is configured to be run each day at 3:00 a.m. by the system user account DEM\sandc. To make changes to the schedule, follow these steps, see Figure 47:

Figure 47. Changing the Backup_dbSchemas schedule.

• Open the Windows Server Manager, navigate to the Task Scheduler Library, and choose Backup_dbSchemas. • Right-click on Backup_dbSchemas and choose Properties. • Click on the Triggers tab, then click the Edit button. • Make the necessary changes in the Edit Trigger window and click OK to complete. • Backup_dbSchemas may also be run manually, disabled, or copied using its Right- Click menu.

To Manually Backup the Database • Open a SYS connection in SQL Developer. See Adding a SYS Connection on page 52. • Run the following command to launch the EXPORT_SCHEMA procedure: execute export_schema (‘CES_HUB,ITSG_COMMON’); • The schemas may be backed up individually by changing the export_schema parameter, i.e., (CES_HUB) or (ITSG_COMMON).

S&C Instruction Sheet 1047-521 71 Database Administration

• The result of the export_schema command procedure is a dump (.dmp) and a log (.txt) file in the C:\TEMP directory. These file names include the server name, the schemas included (CES_HUB and ITSG_COMMON) and the date and time when the dump export occurred. The date is formatted as YYYYMMDDhhmmss. For example: DEM-SN20_ITSG_COMMON_CES_HUB_20140325121004.DMP DEM-SN20_ITSG_COMMON_CES_HUB_20140325121004.TXT • The size of these two files combined can be over 15 megabytes. ithW compression, they can be reduced to a single file about one tenth that size for portability. • The backup can be taken with Oracle OS_ROLES mode on or off.

Restoring the Oracle Database from Backup Describing how to restore the database from the a backup or dump file is a bit more complicated than describing the process to create a backup file, because there are more unknown details about the circumstances of the restoration. This may be a new installation, an upgrade, or we could be restoring after a failure. The backup file may have come from a set of scheduled backups, or it may have been created manually. Each of these situations will require different steps.

Preparing the Database for Restoration When restoring to an established, in-use database, any existing data in two schemas of interest (CES_HUB and ITSG_COMMON) are deleted. The basic data structure in these two schemas is also regenerated, which covers the case of a brand new installation of Oracle. • Verify the prerequisites in the section Prerequisites for Database Backup and Restoration on page 70. • Use the Windows Task Manager to stop the DSC. • Use the Windows Services applet to stop the HSV, then the HDE and DAS services. • Start SQL Developer and open a SYS connection. See the section Adding a SYS Connection on page 52. • Turn off OS_ROLES mode by entering and executing this command in the SQL worksheet: ALTER SYSTEM SET OS_ROLES=FALSE SCOPE=spfile; You will get the response ALTER SYSTEM SET succeeded. • Oracle must be restarted to complete changing the OS_ROLES mode. Open the Services applet, and then perform a restart on the OracleServiceORCL service. • Open the Oracle application Administration Assistant for Windows to check the state of OS_ROLES. See Figure 48 on page 73. – On the left-side navigation tree, open Oracle Managed Objects > Computers > DEM > Databases. Right click ORCL, then select Connect Database… – Right click ORCL again, and select Properties. Within the ORCL Properties window, OS_ROLES should be FALSE.

72 S&C Instruction Sheet 1047-521 Database Administration

Figure 48. Oracle Administrative Assistant screen.

Restoring the Database from a Backup (.dmp) File Database backup (.dmp) files for the DEM are available from two backup methods – scheduled or manual. A scheduled nightly process creates backup archives (.7z) which are available in a drive labeled “DEM File Backups”, typically the F: drive, in a folder named F:\DBBackups. Archive file names include the date and time of the export in the format: DEMArchive_[yyyymmddhhmiss]; e g. ,. DEMArchive _20140128163001 7z. . If the F: drive is unavailable, the most recent copy of DEMArchive_[date].7z may be found in the C:\DEMData\DB folder. Manual backups are named to include the host name, the schemas involved, and the date and time of the backup. For example: DEM SN20_ITSG_COMMON_CES_ HUB_20140325121004.DMP. Manual backup files may be found in the C:\Temp folder. • Copy the .dmp backup file from its original location to the folder C:\Temp. • Archived backups are in the 7-Zip (.7z) format. Backup files may be extracted by right-clicking on the archive files in indowsW Explorer. The archive files are found in the E:\DBBackups folder. See Figure 49.

Figure 49. Oracle DBBackups screen.

– Right-click and choose 7-Zip, then Extract files. See Figure 49 above.

S&C Instruction Sheet 1047-521 73 Database Administration

Figure 50. Oracle Extract dialog box.

– Change the Extract to: box to C:\TEMP, then click OK. See Figure 50 above. • Open a Windows Command Prompt window and enter this command, all on one line, making substitutions where highlighted: impdp ‘sys/password@orcl AS SYSDBA’ DIRECTORY=expdp_dir EXCLUDE=grant SCHEMAS=ces_hub,itsg_common DUMPFILE=DEV-ASD404_ITSG_COMMON_CES_HUB_20140316195812 dmp. LOGFILE=DEM_IMPORT .txt TABLE_EXISTS_ACTION=REPLACE • This may take about five to 15 minutes to complete. The log file, which contains the same output seen while the restoration is in progress, will list several errors for tables and other objects, with statements such as already exists or name is already used by an existing object. These messages are normal warnings and may be ignored. • Turn on OS_ROLES mode by entering and running this command in the SQL worksheet using the Run Statement icon , or the Ctrl-Enter key combination:

ALTER SYSTEM SET OS_ROLES=TRUE SCOPE=spfile;

You will get the response ALTER SYSTEM SET succeeded .

• Oracle must be restarted to complete changing the OS_ROLES mode. Open the Services applet, and then perform restart on the OracleServiceORCL service.

• When the Oracle restart has completed, the SYS connection in SQL Developer must be reconnected. Right click on the SYS connection and choose Disconnect, then right click again and choose Connect.

• Enter the following command in the SQL worksheet and run it using the Run Statement icon , or the Ctrl-Enter key combination:

exec ITSG_COMMON .ITSG_ROLE_GRANTS;

• See the section Connections on page 51, to create connections in SQL Developer for the CES_HUB and ITSG_COMMON schemas, if they don’t already exist.

• If you have moved the database from one server to another, you will need to update the IP addresses in the CES_HUB.CONNECTIONS table to reflect the IP address of the new server.

74 S&C Instruction Sheet 1047-521 Database Administration

Upgrading the S&C Database Schemas When it becomes necessary to upgrade the S&C database schemas, usually in conjunction with application upgrades, SQL scripts are used to perform the process. In addition to applying structural changes to tables and adding new procedural code, the scripts also launch the backup process, update the AppVersion table, and maintain security changes corresponding to the revised structure. • The database schema is typically updated with an upgrade script, located in a Proj- ect Locker folder at https://svn .projectlocker .com/SANDC/ITSG/svn/DBMS/CES_Hub. Schema-revision script names follow a convention which includes the schema name, upgrade or downgrade designation, and revision number path from one version to another: [SchemaName]_[UP/DN]_[FromVersion]_TO_[ToVersion].sql, e.g.; CES_HUB_UP_1_15_0_TO_2_0_0.sql • Downgrade scripts, while rarely needed, are designed to back out structural changes while preserving configurations and data presently residing in the database. Restoration from a backup of the prior version, which may be a valid option in some circumstances, will destroy data collected after the upgrade.

Changing DEM Host Any changes to the DEM host name will disable normal operation of the database. Core Name configuration parameters are dependent on the host name in environments where databases are housed on multiple hosts. This dependency holds true even for single-host databases such as the DEM. The following procedure should be performed after any DEM host name is changed. Allow at least ½ hour to complete these manual steps, in which the Database Control repository is dropped and recreated using the new host name.

Preparation The following information should be gathered prior to starting this procedure. Default values are listed beside each item. • ORACLE_HOME = C:\app\admin\product\11.2.0\dbhome_1 • ORACLE_HOSTNAME = DEM-SN20 • ORACLE_UNQNAME = orcl • Database SID = orcl • Listener port number = 1521 • Passwords for SYS, SYSMAN, and DBSNMP These passwords are the same, as configured at the factory

Environment Setup The DEM database is normally set to authenticate users through the operating system, a mode referred to earlier as single-sign-on, but some database operations can only be done while in Database-authentication mode. These steps will be performed in a command prompt environment. Please open the command prompt as an administrator to prevent the operating system from rejecting the changes. A separate command prompt window will be used for running database commands in Oracle’s SQL*Plus. • Open two command prompts, one that will become your Command window, the other that will become your SQL*Plus window. – Start menu > Accessories, right-click on Command Prompt, select Run as administrator. • In your Command window, enter: emctl stop dbconsole [return]

S&C Instruction Sheet 1047-521 75 Database Administration

• In your SQL*Plus window, enter: sqlplus at the command prompt, then sys as sysdba as the user name, then the current password for the database. See Figure 51.

Figure 51. Oracle DBBackups screen.

• At the SQL> prompt, enter: ALTER SYSTEM SET OS_ROLES=FALSE SCOPE=SPFILE; • In your Command window, restart the database using the following two commands: – net stop OracleServiceORCL – net start OracleServiceORCL

Drop Existing Database Control Repository • Change your Command prompt’s directory to the BIN folder under your current ORACLE_HOME directory. Enter: cd C:\app\admin\product\11.2.0\dbhome_1\ BIN [return] • Enter: set ORACLE_HOSTNAME= [return] • The Enterprise Manager Configuration Assistant (EMCA) will be used to drop and recreate the Database Control repository. Enter: emca -deconfig dbcontrol db -repos drop [return] • The EMCA will ask you a series of questions. Please answer as follows, from the information gathered: Enter the following information: Database SID: ORCL Listener port number: 1521 Password for SYS user: Password for SYSMAN user: Password for SYSMAN user: (This duplicate can be ignored.) ------WARNING : While repository is dropped the database will be put in quiesce mode. ------Do you wish to continue? [yes(Y)/no(N)]: Y • After about three minutes, EMCA will report that the configuration completed successfully.

76 S&C Instruction Sheet 1047-521 Database Administration

Recreate Database Control Repository with a New Host Name With your Command prompt’s directory still at C:\app\admin\product\11.2.0\ dbhome_1\BIN, enter the following commands: • set ORACLE_HOSTNAME=DEM-SN20 • SET ORACLE_UNQNAME=orcl • emca -config dbcontrol db -repos recreate • EMCA will ask the following questions: Enter the following information: Database SID: orcl Listener port number: 1521 Listener ORACLE_HOME [ c:\app\admin\product\11.2.0\dbhome_1 ]: Password for SYS user: Password for DBSNMP user: Password for SYSMAN user: Password for SYSMAN user: (This duplicate can be ignored.) E-mail address for notifications (optional): Outgoing Mail (SMTP) server for notifications (optional): • After about 12 minutes, EMCA will report that the configuration completed successfully.

Cleanup Following Recreation of Database Control Repository The database will have to be returned to its Single-Sign-On (OS authentication) mode and restarted to complete this procedure. • In the SQL*Plus window, exit and re-enter SQL*Plus, following the login steps from above. • At the SQL> prompt, enter: ALTER SYSTEM SET OS_ROLES=TRUE SCOPE=SPFILE; [return] • At the Command (c:) prompt, enter the following four commands: – net stop OracleServiceORCL – emctl stop dbconsole – net start OracleServiceORCL – emctl start dbconsole • Recompile all triggers, procedures, and functions. – In SQL Developer, log in as CES_HUB. – Separately, right-click on the Procedures, Functions, and Triggers folders, and choose Recompile All. Note any errors. Expand the folders and find any marked with a red, circled X. – Repeat these steps for the ITSG_COMMON schema. • Run the ITSG_ROLE_GRANTS procedure, logged in as CES_HUB.

S&C Instruction Sheet 1047-521 77 Database Administration

Reconfigure Oracle Administration Assistant for Windows Renaming the host also requires changing the configuration for the Oracle Administra- tion Assistant for Windows. This is a prerequisite for re-creating users. • Open Administration Assistant (Start/Oracle-OraDb11g_home1/Configuration and Migration Tools/Administration Assistant for Windows). • Expand the Oracle Managed Objects folder, and the Computers folder. • Delete the existing computer entry. • Right-click on the Computers folder and choose New … Computer. • The new host name should appear. Click OK. • Expand the new folder for the computer, then expand the Databases folder. • Right-click on the ORCL database icon and choose Connect Database…, then log in as SYS.

Recreate Users Within the database, single-sign-on user account names are prepended with the host name, for example, DEM\SANDC_BILL. When the host name is changed, these names do not change. Renaming them is not an option, so the users must be dropped and recreated. Follow the steps in the section Adding a New User to Oracle on page 31, to configure all roles and users in Windows, as well as in Oracle Administration Assistant.

Oracle 11g Editions

The DEM makes use of Oracle 11g Standard Edition One. It supports basic replication, which is read-only, updateable materialized view. A detailed comparison of Oracle 11g editions is available at this web link: http://docs . oracle com/cd/B28359_01/license. 111/b28287/editions. htm. .

Oracle Database References Security Guide - 11g Release 1 (11.1) http://download .oracle com/docs/cd/B28359_01/network. .111/b28531 .pdf

Administrator’s Guide - 11g Release 1 (11.1) http://download .oracle com/docs/cd/B28359_01/server. .111/b28310 .pdf

Platform Guide - 11g Release 2 (11.2) for Microsoft Windows http://download .oracle com/docs/cd/E11882_01/win. .112/e10845 .pdf

2 Day DBA - 11g Release 1 (11.1) http://download .oracle com/docs/cd/B28359_01/server. .111/b28301 .pdf

Active Directory and Windows Security Integration with Oracle Database http://www .oracle com/technetwork/topics/dotnet/tech-info/ow2010-activedir-windows. security-177301 pdf.

78 S&C Instruction Sheet 1047-521 Customizing the DEM

In this section we describe how the DEM can be customized for a particular substation, and collection of managed CES battery units.

Map Tile Generation The map tiles that are required per customer are generated by using the tilecache_cache.py script on the map server. Please see the document Creating Map Base for HMI Software for instructions on how to generate tiles.

Importing GIS, Asset and Electrical Connectivity Data To configure and display the DEM and CES units, the DEM relies on the customer’s GIS and asset data. To enable the process of entering this data into the DEM database, an inventory of several place holders for assets; CES units, feeders, transformers, etc.; has been pre-loaded. Final configuration consists of entering the customer-specific information into the relevant database tables. The information to be supplied by the customer consists of two main items—name and location.

The DEM database accommodates two asset naming formats that may be in use within customer systems: system-specific, orexternal identifiers, and commonly under- stood names. For example, 151-CES-28399 may be the main identifier for a CES unit in an asset database, or External ID, and Oak Drive CES 2 may be its commonly used name, or External Name. Both name types are used in several parts of the DEM user interface and reports, and are meant to provide a meaningful tie back to the customer’s overall distribution system. It is the customer’s choice whether both of these formats are used. If only one format is chosen, it will be placed in both the External ID and External Name fields.

Asset location is stored as latitude and longitude coordinates in the DEM database. The format of these values can vary among GIS systems, and must be consistent with the coordinate system used to generate the customer’s map tiles. See the section Map tile generation above, for more information. As an alternative to gathering coordinates from the customer’s GIS system, coordinates may be manually derived using the generated map within the DCR application.

Boarding Assets Onto the DEM Database • Preconfigured assets for easy configuration A starter kit of preconfigured assets is available to aid in quickly configuring a complete DEM environment. Residing in the ITSG_COMMON.PHYSICALOBJECT table, it includes the necessary database records to support the mapping of assets in the DCR. See Figure 52.

Figure 52. Preconfigured assets aid configuration of a complete DEM environment.

S&C Instruction Sheet 1047-521 79 Customizing the DEM

An asset mapping record is configured by locating an unused record of the proper type and customizing it with information about the asset in the user’s DEM environment. As each asset mapping record is configured, a corresponding detail record is created in an asset-specific table for later configuration. For example, configuring a Transformer in the PHYSICALOBJECT table creates a new record in the TRANS- FORMERS table, populated with the ID and name of that transformer. Changes to the ID or name on an existing record in either table will update the other table. • Asset types to be configured Substation DEM Transformer Feeder CES Unit • Information needed LATITUDE and LONGITUDE Map location of an asset. Format must be consistent with the coordinate system used to generate the customer’s map tiles. Coordinates of assets that are located in the same place, i.e, a DEM located at a substation, may be adjusted for clarity on the map. See the section Placing Assets on the DCR Map on page 81. EXTERNALOBJECTID Formal identifier for an asset as it exists in the customer’s GIS, DMS, or other system. OBJECTSOURCE Data source of the assets being configured. Should include customer name and the name or type of source system. EXTERNALNAME Commonly used name for an asset. May include combinations of street name, feeder or group name, partial IDs. Preferably brief, recognizable, and distinct from other assets.

Configuring New Assets • Open the ITSG_COMMON schema in SQL Developer and locate the PHYSICALOB- JECT table. • You may see a list of the columns when opening the table, instead of the actual data. Click on the Data tab above the worksheet to display and edit the asset data. • Locate an unused asset record of the correct type. Unused records contain SANDC_ Default in the OBJECTSOURCE column. The asset type can be found at the end of the names in the EXTERNALOBJECTID and EXTERNALNAME columns. • Do not change the values in the OBJECTID, VISUALOBJECTID, or OBJECTTYPEID columns. These are key fields. Changing them will cause errors in the DEM software. • Changing the values in each of the five customer-related fields is much like editing cells of an Excel spreadsheet. – Use arrow keys to move among the cells and rows. – F2 key to edit the contents of a cell, or double-click on the cell. – To finish editing a cell, use theEnter key or click in another cell. – Values may be copied and pasted to other cells. For instance, to copy the same OBJECTSOURCE value to all new asset records, copy one cell as the source, highlight the destination cells, and paste. See Figure 53 on page 81.

80 S&C Instruction Sheet 1047-521 Customizing the DEM

Figure 53. Changing the values for physical objects.

• Changed rows are marked in the row number column on the left of the worksheet. None of these changes have been saved to the database yet.

• CANCEL your changes with the Rollback button if you are unsure of any changes. This will cancel all changes to the marked rows.

• SAVE your changes to the database with the Commit button.

Placing Assets on the DCR Map If coordinates are not readily available from the ata’s GIS, but approximate locations are known, the map already configured in the DCR can be used to quickly find reason- able substitute coordinates. For instance, if a map of the CES unit locations is readily available and has easily identifiable landmarks, those unit locations can be found in the DCR’s map. Those location coordinates can be entered into the database for each asset.

As the mouse cursor travels over the map, longitude and latitude coordinates, expressed in decimal degrees, are displayed in the lower right corner of the map. The two values are separated by a comma, e.g., -122.27330, 37.78134, with longitude in the first position, latitude second. The map’s zoom level may be adjusted for greater accuracy. See Figure 54.

Figure 54. Placing assets on the DCR Map.

S&C Instruction Sheet 1047-521 81 Customizing the DEM

Open the ITSG_COMMON.PHYSICALOBJECTS table in SQL Developer, and for each asset, locate its record in the table and enter the screen coordinates into the

LATITUDE and LONGITUDE columns. Save these entries by clicking on the Commit Changes button.

Note that the position of Latitude and Longitude may be reversed in the table. To avoid confusion while entering data, the column positions can be switched by clicking on the column name and dragging the column to the desired position. This does not affect the columns’ actual positions in the database.

Electrical Connectivity Data—DEM does support mapping electrical connectivity from substation feeders out to CES units, however this mapping is not required for the DEM to control the CES units. Users wishing to include such mapping should consult with the factory for assistance.

Software Versioning and Compatibility This section describes the application versioning system that has been implemented in the DEM. The purpose of this system is to ensure that only compatible software components are allowed to interoperate. The system protects: • Application programs, • Application service modules, and • The database schema from the installation or interoperation of incompatible components. Each component is built with four different versioning fields: Major Release—The most basic designation of the application. The Major Release number of all applications must match perfectly with the value stored in the IT-SG Application APPVERSION table. If this number is different between two software components it means that the components are totally incompatible with each other. Minor Release—The minor release number is an upwardly-compatible indication of consistency. Versions with newer features will have this component incremented. Newer features should be implemented such that older features are preserved in their original form from the standpoint of compatibility. Version—The version number will be different for each version of the component. It usually will indicate that a bug fix has been added. Build Number—This number will not be displayed in most circumstances. Each time the software is built, this number will change and it may not increment monotonically. The build number for some components will be displayed in Help/About, where present, or in the APPVERSION database table. Database schema are not built as applications, and therefore do not contain a build number. The application versioning appears in the Control Panel, in the fieldVersion under the category Programs and Features, and in applications such as the DCR (as opposed to services) in the Help/About menu item. It also appears in the APPVERSION table of the ITSG_COMMON database. During installation of software components, the installer updates the APPVERSION table row containing version information for the component. Then, upon execution of the component, the component’s code will check the versioning information for compatibility and prevent execution if the check fails. For security reasons, the Installers require that the person installing the new software be a member of the SandC Installers group. In addition, the database must be functional for the Installer to operate.

82 S&C Instruction Sheet 1047-521 Customizing the DEM

One additional issue can come up with regard to installing new software components in the DEM. Each DNP device is represented in an XML file who’s name is configured into the database. The name of the file includes version information for the XML file contents. When installing new software, if the new software requires a change to the XML file(s), the file will be installed, but the reference in the database must be updated by the person doing the installation.

S&C Instruction Sheet 1047-521 83 DEM Reference and Security

Windows Server Windows Server 2008 R2 is a comprehensive operating system with many features. The 2008 R2 Features following roles and features are the minimum set in normal DEM usage. Roles: • Application Server • File Services • Remote Desktop Services • Web Server (IIS) Features: • Desktop Experience • Ink and Handwriting Services • Remote Server Administration Tools • Windows Process Activation Service • Windows Server Backup Features • .NET Framework 3.5.1 Features

Firewall and Windows Server 2008 R2 includes a firewall that is an important part of the security Ports in Use posture of the DEM. The firewall configuration can be imported and exported as CSV files. Sample CSV filesDEM Inbound Rules.csv and DEM Outbound Rules.csv are available at \\10.64.96.104\dev-asd404\Downloads\Firewall\.

Solidifier All binary executables (for example, .exe,.dll), and scripts (.bat, .cmd, .vbs) on the DEM Administration have been whitelisted or Solidified. In order to successfully make changes to the system you must enter Update Mode with Administrator privileges as shown below. The system should be taken out of Update Mode when changes are complete.

Entering the Update Mode The Update Mode allows a user to bracket all update actions including addition, removal, or modification of software on the system. It provides a mechanism to automatically update the Solidifier Inventory and ensure that only those executables that are added or modified during theUpdate Mode are solidified. This enables the new or modified software to execute when the system returns to normal operation after the execution of the sadmin end-update command. Update Mode for Installing and Solidifying New Software C:\Windows\system32>sadmin bu McAfee Solidifier is entering update mode.

C:\Windows\system32>sadmin eu McAfee Solidifier exiting from update mode.

Solidifier Operational Synopsis Solidification is the name for the mechanism that takes an initial snapshot of the software implemented on a system, and creates a Solidifier File Inventory (inventory) of program code, including binary executables (for example, .exe,.dll), and scripts (.bat, .cmd, .vbs) for Windows platform. The inventory is closed, i.e., only the fixed set of software that is allowed to run on the host computer is enumerated. The members of this inventory are called authorized or solidified program code. Solidification does not change the files that are listed in the inventory. 84 S&C Instruction Sheet 1047-521 DEM Reference and Security

The Solidifier employs solidification for enforcing the following types of control over program code in execution, or resident on the disk:

Type of Control Effect Execution Control Only authorized code can run Memory Control Vulnerabilities in authorized code that is running cannot be exploited Tamper-proofing Prevent deletion, renaming, overwriting of authorized code

Once a system has been solidified and the Solidifier is enabled, the system is said to be in the Solidified Mode. In this mode, only programs contained in the inventory are allowed to execute. Any other programs are considered unauthorized and their execution is prevented, and their failure to execute is logged. This enforcement prevents unauthorized programs such as worms, viruses, spyware, etc., which install themselves, from executing illegitimately.

Memory Control protects running processes from malicious attempts to hijack them. Unauthorized code injected into a running process is trapped, halted and logged. In this fashion, attempts to gain control of a system through buffer overflow and similar exploits are rendered ineffective, and logged.

Tamper-proofing prevents intentional and unintentional changes to files that are in the inventory, by users or programs.

Unsolidified Code When a foreign application is executed on a Solidified system a dialog similar to the one below will pop up. See Figure 55. The dialogs vary depending on what type of execut- able and where it was launched from.

Figure 55. Windows Installer warning notification.

Basic Administrative Commands for Management of a Solidified System To solidify a volume C:\Windows\system32>sadmin so c: Solidifying volume c:\ 00:15:00: Total files scanned 129874, solidified 35167 NOTE: This is generally done once, after setup, but is also used when new volumes are mounted.

After solidification, this enables protection C:\Windows\system32>sadmin enable McAfee Solidifier will be enabled without Memory Protection on service Memory Protection will be available on next reboot.

S&C Instruction Sheet 1047-521 85 DEM Reference and Security

To diagnose errors C:\Windows\system32>sadmin diag

To place diagnosed fixes C:\Windows\system32>sadmin diag fix -f

To completely disable solidifier for troubleshooting, etc. C:\Windows\system32>sadmin disable McAfee Solidifier will be disabled on next reboot.

Update mode for installing and solidifying new software C:\Windows\system32>sadmin bu McAfee Solidifier is entering update mode.

C:\Windows\system32>sadmin eu McAfee Solidifier exiting from update mode.

NOTE: Any changes to the system should be done in Update Mode. Enabled Mode is for production operations. While the system is in Update Mode it is vulnerable. The system should not be left in Update Mode longer than necessary. Microsoft patches, or security-related patches of any kind should be performed with the Solidifier turned off.

LGPO Management of Background on Microsoft Policy Management DEM Security Controls The majority of security controls on the DEM are managed via Group Policy Objects, or GPOs. While previously associated with policies applied over a Microsoft Active Directory infrastructure, there are now tools to manage GPOs on standalone Windows systems. This Local Group Policy Object (LGPO) functionally is the basis for Windows security management on the DEM. Group Policy Objects represent hundreds of individual settings which control many major areas of the Windows operating system and related software. Settings such as Require Complex Passwords, Block All Incoming Network Connections, or even Set the System Time Source would normally be modified by manually checking boxes and entering data in a GUI. With the use of GPOs these myriad settings are able to be modified all at once by importing a set of pre-configured settings files. These settings can be exported from a fully configured master system, or generated with a tool like the Microsoft Security Compliance Manager (SCM).

Group Policy and the DEM Security Baseline In establishing the DEM Security Baseline a number of industry standard references, or benchmarks, were used as guidance. Translating generic requirements such as Passwords must contain a minimum of 8 characters to actual system settings was facilitated by the use of the Security Compliance Manager. The SCM tool matches security configuration standards to the appropriate settings on a given Microsoft OS. In this way dozens, or even hundreds of changes to a system configuration can be managed efficiently through a single interface, and then exported to a GPO package containing various settings files. In a development project such as the DEM, the ability to accurately and efficiently apply a set of changes to a system is important, but one of the key aspects of the SCM is the ability to track changes and review configuration versions. DEM Baseline GPO development generated numerous Alpha versions and 6 Beta versions each containing hundreds of individual settings. Various versions can be directly compared to verify changes and track anomalies. The use of the SCM also facilitated documentation. A given Baseline can be exported to a spreadsheet for review and reference.

86 S&C Instruction Sheet 1047-521 DEM Reference and Security

Applying and Managing Local GPOs on the DEM In the past, Group Policy was managed over the network via the Active Directory infrastructure. It was intended to facilitate the management of large groups of computers and users, hence the name. The ability to leverage Group Policy Objects on a standalone computer is facilitated by a piece of software called LocalGPO. In DEM development the LocalGPO utility is installed on the target DEM. In a production environment the LGPO utility can be part of a scripted package which does not require installation. The primary advantage of installing the utility is the ability to save a copy of the machine’s current configuration before applying the new Baseline settings. This Export capability can also be used to create a gold master GPO package from a fully tested system. The following is a representation of how the LGPO utility is used in DEM development. ======1. In C:\DEM Security Baseline\ DEM Baseline 1.5 setup\ are the folder Baseline1.5, which contains the current GPO export for the DEM, and LGPO Setup which contains the installer for the LocalGPO utility. 2. Install LGPO. This creates a group in the Start Menu. 3. Create the folder C:\GPOBackups. This is the default destination for LGPO tool data. The directory can be elsewhere but the instructions to follow assume the default. 4. Place the Baseline1.5 folder in C:\GPOBackups 5. In the Start menu the LocalGPO folder is under > All Programs. Launch LocalGPO Command-line (a CMD icon) as Administrator. 6. Run the standard command string: cscript LocalGPO.wsf /Path:C:\GPObackups / Export 7. This will place an export of the current system policy with a long name like {20d0d500-6e4c-4cad-a2b2-bf7639542225} in C:\GPObackups. That export can be used to roll back the system if needed. The Restore command in LGPO should not be used. It resets the system to an undefineddefault configuration. Better to apply the previous known good policy if needed. 8. Run the command string: cscript LocalGPO.wsf /Path:C:\GPObackups\Baseline1.5 9. After a restart the system will have all the modified policies. ======The LGPO utility has some additional features, but it is a very simple tool. These and other standard commands are displayed on the screen for copy and paste utilization. In a production environment a standalone GPOPack can be created which contains the GPO settings files and the LGPO utility with a script which updates the system automatically. This type of package can be used to update numerous systems efficiently.

DEM Security Configuration Not Managed via GPO There are a few areas of the DEM which are not managed via GPO, some by design and some by necessity. While the Windows Firewall can be managed to some extent via GPO, in practice it will be better to have more accessible manual controls. The ability to change Firewall settings efficiently will be key in keeping the majority of the firewall policies in place rather than have them all taken down to facilitate changes. Fortunately the Firewall system can export it’s configuration to a settings file, so default and custom configurations can be applied or restored as needed much like with a GPO. In other cases third party software such as Oracle and McAfee are not readily controlled via GPO, but as their configuration needs are not nearly as complex as the Windows OS, they can still be managed efficiently.

S&C Instruction Sheet 1047-521 87 DEM Reference and Security

RDP Connections to Remote Desktop Protocol is the primary user interface on the DEM. While the over- DEM all reliability and security of Remote Desktop has improved over the years, there are a number of configuration and use policies which are required to meet the level of security required. The protocol specifications required are inherent in the default configuration of the Remote Desktop Connection client on Windows 7. Windows XP SP3 and Vista can be configured for DEM compatibility. There is a section at the end of this document on Windows compatibility settings. While the default communication settings on Windows 7 are appropriate, there are a number of changes to the client software which are required to meet DEM security policy and practice. Upon opening the Remote Desktop Connection client, if the interface is minimized, click the Options button to reveal the General tab of configuration options. On the General tab the first step is to make sureAllow me to save credentials is unchecked. See Figure 56.

Figure 56. Remote Desktop Connection screen, General tab.

88 S&C Instruction Sheet 1047-521 DEM Reference and Security

On the Local Resources tab uncheck Printers and Clipboard. The clipboard setting may be allowed if the DEM antivirus software is set to work with this data channel. Click More to go to the full Local devices and resources page. See Figure 57.

Figure 57. Remote Desktop Connection screen, Local Resources tab.

S&C Instruction Sheet 1047-521 89 DEM Reference and Security

On the Local devices and resources page ensure that the client system fixed and optical disks are not checked. The optimal method for file transfer to the DEM is to mount a small volume, such as a flash drive containing the data. This allows the anti-virus software to only scan required files, reducing the load on an active system considerably. Mounting the entire C: volume, or a DVD, could slow down the system for an extended time while scanning takes place. See Figure 58.

Figure 58. Local Devices and resources page.

NOTE: Due to the implementation of whitelisting technology and strict access control, the requirements for antivirus / antimalware scanning are narrowed to only data which comes via Remote Desktop or locally mounted volumes such as USB drives plugged into the system for maintenance. Click OK to go back to the Tabbed view and select the General tab. From here you can click Save As to save a connection file containing these settings. You can then launch a connection to the DEM by double clicking the file from a convenient location. Clicking Save makes these new settings default for the client software, which is convenient if you are only connecting to the DEM, or if the settings do not conflict with other Remote Desktop activity.

Configuring Windows XP and Vista for DEM Connectivity Windows XP SP3 and Vista can be configured for DEM access with the following changes. More detail on these changes is available if needed.

For both XP SP3 and Vista the RDC 7.x client must be installed: http://support .microsoft com/kb/969084. On Windows XP SP3 the Credential Security Support Provider (CredSSP) must be enabled: http://support .microsoft com/kb/951608. These are just the basic steps. There may be many other factors, especially with older systems. Ideally, if there are only a small number of incompatible clients it would be best to troubleshoot and bring them up to spec. If there are a large number of incompatible clients in an environment and re-mediation isn’t practical, then changes can be made to the DEM security configuration, but this would pose considerable risk. Older RDP protocols are highly susceptible to compromise.

90 S&C Instruction Sheet 1047-521 DEM Reference and Security

Remote Desktop User Information The Remote Desktop Connection client to access the DEM, requires a specific configuration. As there are dozens of settings in theOptions pane of the Remote Desktop Connections dialog, so finding and configuring the right ones might be an imposition. The DEM can be accessed via pre-configured RDP connection files. This file can be double clicked from the desktop, see Figure 59, and it will connect the user to the DEM automatically, with the proper settings for a successful, secure, session.

Figure 59. RDP Connection File icon. One of the key benefits of using RDP as the primary interface for the DEM is that we can also use it to transfer files without needing a separate file-share or mapped drive. Below is an example of an option pane in the Remote Desktop Connection. Fortunately with the pre-configured settings file most users will never need to bother with this, but it’s useful to illustrate a key security component. Only specific drives are allowed to redirect to the DEM. See Figure 60.

Figure 60. RDP Device Redirection screen.

Transferring Data over RDP The RDP client can re-direct a range of components to the remote machine. In many cases this is very handy. In the case of a system like the DEM which needs a higher than average level of security, all these various components may create trouble. The antivirus system on the DEM scans newly mounted volumes, so if a user were to re-direct their C: drive, the resulting scan could take a long time and slow down the DEM. If there is malicious code on the User system, it would likely be on C:.

S&C Instruction Sheet 1047-521 91 DEM Reference and Security

To avoid the problems and delays caused by mounting an entire hard drive over RDP, the recommended method of file transfer is to use a USB thumb drive, as you would use if taking the files to the DEM in person: • Attach a USB thumb drive to the workstation • Copy the DEM files to the thumb drive and remove it • Start an RDP connection to the DEM • Plug the USB thumb drive back in. The drive will show up on the DEM right away, and the antivirus scan will be very quick. The USB drive may seem a bit cumbersome, but it has several advantages. Rather than plugging the thumb drive directly into the DEM, it is plugged into your workstation. This results in a virus scan, both when connecting the thumb drive to the workstation, and again when the drive is mounted on the DEM over RDP.

Non-Administrator Access to DEM This message opens if an attempt is made to log into the DEM with non-administrator credentials at the local console. Non-administrative users can only connected via RDP. See Figure 61.

Figure 61. Message shown for a non-administrator login at the DEM Computer.

Network Configuration Security of Network Interfaces Along with a tightly controlled firewall policy, there are a number of other configuration changes which help to harden the network interface. Default communication port numbers for critical processes can be changed. Various applications and services which may interact with external devices such as CES Units have configuration options allowing fine-grained control of communications. The DEM default configuration has minimal network access, both inbound and outbound. Access from the network is restricted for the usual reasons, to make it harder to gain unauthorized access to the system, or render it inoperable. The standalone nature of the DEM allows for additional network hardening, in that many common infrastructure and management ports are not used. Network connections from inside the DEM are also tightly controlled. Blocking access to the internet for web browsers greatly reduces the chance of a “drive by” exploit, and also reduces traffic on the local network, which might interest a hacker trying to enumerate systems. One of the key advantages of the Windows firewall in the DEM is the ease and flexibility of management. Large scale firewall configurations can be applied via Group Policy or with local firewall configuration files. Individual settings and adjustments can be done via command line, or within a well-designed Graphical User Interface.

92 S&C Instruction Sheet 1047-521 DEM Reference and Security

DNP Interfaces The DEM can communicate with CES end points and other SCADA infrastructure via Serial or Ethernet ports. DNP connections over Ethernet are managed both through communication channels within the DEM infrastructure, and via rules in the Host Based Firewall. The recommended configuration is to have one Ethernet port used for TCP/ IP Corporate LAN communications, and the other used for links to DNP devices via radio or wired connections. Firewall rules and DEM communications settings can be configured for discrete access to either port, providing an additional layer of role-based security.

DEM Firewall In its standard configuration the DEM is largely self-contained which facilitates config- Operation uring the Windows Firewall with a small number of specific communication rules. IP addresses and ports for communication with CES components, and for end-user access, can be strictly defined. The firewall system provides a range of configuration control features and robust logging which combine to allow efficient monitoring and management of network traffic. As the system design does not require access to the Internet, Outbound traffic is blocked by default, with any number of site specific rules in place to facilitate operation. Along with the more commonly found inbound rules, communication is tightly controlled. Site specific configuration will vary widely depending on the CES infrastructure, and other management and monitoring connectivity required. By default the DEM firewall is set to allow Domain, Public, and Private network profiles. Normally only one of these profiles will be used, but there are circumstances where the system might straddle Domain and Private networks, for example. Additional information on Windows Firewall administration can be found here: http://msdn .microsoft .com/en-us/library/windows/desktop/bb736278(v=vs .85) .aspx The example rule set included with the DEM is intended as a starting point. The .wfw configurationfiles are an easy way to save multiple configurations, and apply them as needed. This is especially useful during initial system configuration.

Configuring the DEM Firewall After application of the DEM Security Baseline GPO, the Windows Firewall is configured to block any inbound and outbound traffic which does not match a rule. The GPO does not enforce a rule set, or other Firewall specific settings. In other words, the GPO makes sure the firewall is active, but leaves other functions available via the various administrative tools. In C:\DEM Security Baseline\DEM Firewall Config\ is the configuration fileBaseline FW settings DEM.103.wfw. This file contains the Firewall settings for the Test DEM at 10.64.99.103. These settings will be modified to suit the DEM being configured. Open Server Manager and navigate to the Windows Firewall with Advanced Secu- rity group under Configuration. It should look very similar to Figure 62 on page 94. On the right side of the dialog choose Export Policy and save a copy of the current policy to the desktop or elsewhere in case you need to roll back. Choose Import Policy and select the Baseline FW settings DEM.103 file.

S&C Instruction Sheet 1047-521 93 DEM Reference and Security

Figure 62. Windows Firewall with Advanced Security group.

Example Configuration After import, select Outbound Rules in the left pane then right click the top rule in the list “DEM to CES test connection” and choose Properties. Click on the Scope tab in the resulting dialog box. You should see something very similar to Figure 63. Shown here is the configuration used for the Security Test DEM. Additional Remote IP addresses can be entered here.

Figure 63. DEM to CES test connection Properties window.

94 S&C Instruction Sheet 1047-521 DEM Reference and Security

This single outgoing connection has worked well for testing. If there are to be a number of test connections, it may make sense to open a range of UDP/DNP ports, and indicate a larger scope for IP addresses. This example is for illustration, and is an exceedingly wide scope. Individual subnets are more secure, and individual addresses are even better. Large comma-delimited lists of IP addresses can be imported via the command line Firewall utility. For more information about the CLI Firewall tool: http://technet .microsoft .com/en-us/library/cc771920(v=ws .10) The next section shows how to reconfigure a firewall rule to accommodate a large number of random systems over a fixed range of ports. On the Scope tab, where the Local IP address was changed in the last step, select the Remote IP address and click the Remove button. See Figure 64.

Figure 64. Removing a Remote IP address.

S&C Instruction Sheet 1047-521 95 DEM Reference and Security

Click the Add button and in the resulting dialog box enter the subnet which represents the target systems. Click OK to go back to the main dialog. See Figure 65.

Figure 65. Specifying an IP address or subnet.

On the main dialog select the Protocols and Ports tab. Verify that the Protocol type is set to UDP. Enter the Port range of 20000-20020 for both Local port and Remote port. See Figure 66

Figure 66. Protocol and port range selection window.

This example configuration will allow the DEM to connect to anything in the subnet within that port range. If inbound DNP connections are required, the same rule set can be applied to the inbound configuration.

96 S&C Instruction Sheet 1047-521 DEM Software Architecture

This is a graphical representation of the general organization of the DEM (Figure 67):

Figure 67. The overall general organization of the DEM.

There are five S&C custom applications, three of which are Windows services, and two are desktop applications. • DEM System Collaborator (DSC)—This GUI application provides real-time system status regarding user activity and logins, facilitates chat conversations between logged in users, provides overall system status, and provides audible and visual notification when system conditions change. • DEM Control Room (DCR)—This is the main GUI interface application which provides additional system status, dashboard-based system real-time control, and management of system configuration—all in a secure, database-driven environment. • DEM (Hub) Supervisor (HSV)—This is a Windows service that constantly monitors system operation including the HDE, DAS, and Oracle database services. It restarts the HDE and/or the DAS services if they become inoperative. It also operates a hardware watchdog timer that will reboot the DEM computer if the Windows OS becomes inoperative.

S&C Instruction Sheet 1047-521 97 DEM Software Architecture

• DEM (Hub) Dispatch Engine (HDE)—This is a Windows service that operates the energy dispatch control loop. It sends control commands to the CES Units via the DAS to adjust CES Unit energy consumption or generation. • Device Access Server (DAS)—This is a Windows service that sends and receives DNP data to the CES Units and any SCADA control equipment that may be attached to the DEM. The primary communication mechanism for the S&C custom applications is implemented through interaction with the Oracle 11g database. The NTFS file system is used to provide communication via XML files for configuration and control. Detailed operational logs are maintained as text files in the NTFS file system. Oracle also maintains a separate log system in the database itself. The location C:\DEMData contains vital system configuration and logging data. There are three subfolders, DCR, HDE, and DAS for the applications of the same name. Each subfolder contains configuration data, and text log data for the respective application. For system debugging, the text logs are a primary source of information for the system administrator. The Windows Remote Desktop Service provides the means for operators located at remote computers to log into the system. Most operators will routinely use the DEM Control Room (DCR) and the DEM System Collaborator (DSC) applications for their work.

98 S&C Instruction Sheet 1047-521 System Addressing Template

During deployment of a new system, many addressing details must be established or finalized. To assure a smooth and efficient implementation process, a system diagram with all of the relevant addressing information should be prepared. This section provides a template for preparing the diagram. See Figure 67 on page 97, Figure 68 on page 100, and Figure 69 on page 101. 1. Addressing shown for CES Units is for a total of three units (1-3). Unit 2 is shown, with Units 1 and 3 in parentheses. For example, if an Ethernet address for Unit 2 is 192.168.2.1, and the corresponding addresses for Units 1 and 3 are 192.168.1.1 and 192.168.3.1 respectively, then the values in parentheses are shown as (1.1, 3.1). 2. This system is shown using SpeedNet™ radios, or other Ethernet-based radios, and serial communication for the substation equipment. Other communication media, such as serial lines for CES Unit communication, can be configured, although serial communication transport media will probably not provide a scalable solution for communication with CES Units. 3. This is a multi-homed DEM Controller for security reasons—on the Ethernet interface for communication to CES Units in the DEM, no gateway should be specified. However, a static route must be provided to direct CES traffic to the correct interface. To do this for the present example, in a DOS command window, type: route –p add 192.168.0.0 mask 255.255.0.0 192.168.100.1 4. A gateway should be specified for the SCADA master (supported using the DEM’s virtual device interface), and Remote Desktop port in the DEM. 5. Addressing information need not be provided for the Transformer or Feeder breaker devices if these are not accessed or included in the system.

S&C Instruction Sheet 1047-521 99 System Addressing Template

Figure 68. Top section of the System Addressing Template.

100 S&C Instruction Sheet 1047-521 System Addressing Template

Figure 69. Bottom section of the System Addressing Template.

S&C Instruction Sheet 1047-521 101 SQL Developer for Single-sign-on Accounts

In the Single-sign-on environment, users do not specify Username or Password to logon to their personal database user accounts. The operating system authenticates users in this environment, not the database. Use the following steps to set up SQL Developer connections for personal accounts: 1. Enter a Connection Name. This can be any descriptive string. A name close to the personal account name would help distinguish this from system-related connections. 2. Choose the Advanced connection type, which disables the Username and Pass- word text boxes. These are not needed in the Single-sign-on environment. 3. Enter jdbc:oracle:oci:/@orcl as the Custom JDBC URL. 4. Check the OS Authentication box. 5. For users with SYSDBA roles, create separate connections for logging in under the Default or SYSDBA role, using the Role dropdown box, as shown in Figure 70.

Figure 70. Data entry for Single-sign-on screen.

The custom JDBC URL requires the Java Runtime Environment, part of the Java SE Development Kit 6 Update 31 which is installed in the DEM Manufacturing SSD Image. Versions of the JDK and JRE later than 6 will not work with current versions of SQL Developer.

102 S&C Instruction Sheet 1047-521 Database Schema Table

CES_HUB Table 3. CES_HUB List of Tables. List of Tables Table Name Description CES_GROUPS A customer-specified means to organize the CES fleet into a collection of Units running the same algorithm with the same settings . CES_HOLIDAY List of holidays and their dates . Used in conjunction with scheduling functions . CES_HUB_COMMANDS Hub-level control point for restarting the hub, enabling Real and Reactive power dispatch, enabling PVI, and Sequence Down Power Control . CES_HUB_COMMANDS_ Hub-level control point for SCADA control of Sequence SCADA Down Power Control mode . CES_PVI_SCHEDULE PVI-specific scheduling for daily storage and release of energy relative to sunup and sundown . CES_SCHEDULE Schedules for daily control of storage and release of energy, with variations for charge, discharge, and reactive power compensation schedule types . CES_UNITS Unit configuration settings . CES_UNITS_COMMANDS Unit-level control point for digital output points: Reset Alarms, Real and Reactive Power Clamp, Islanding Request or Inhibit, enable/disable requests . CES_UNITS_ Unit-level control point for SCADA control of digital output COMMANDS_SCADA points: Reset Alarms, Real and Reactive Power Clamp, Islanding request or inhibit, enable/disable requests . CONNECTIONS External communications attributes . DNP_MASTER_DEVICES Configuration of DNP Masters . DNP_MASTER_MAP_ DNP Master Map settings . SETTINGS DNP_MEGAMAP_ Configuration and enumeration of DNP points, with all MAPPINGS virtual devices mapped into one point list per device type . DSHB_FEEDER Feeder-related data for dashboards . Timestamped collection of DNP points . CDSHB_GROUP Group-related data for dashboards . Timestamped collection of DNP points . DSHB_HUB Hub-related data for dashboards . Timestamped collection of DNP points . DSHB_HUB_ALARMS Present state of alarm data from the DSHB_HUB table, used for notification function . DSHB_TRANSFORMER Transformer-related data for dashboards . Timestamped collection of DNP points . DSHB_UNIT Unit-related data for dashboards . Timestamped collection of DNP points . FEEDERS Feeder-level communication and configuration attributes . FEEDER_SIMULATION_ Selection of feeder data collected from DSHB_FEEDER DATA for use in simulations . HUBS Hub-level communication and configuration attributes . HUB_APPLICATION_ Hub application settings for polling and simulation control . SETTINGS HUB_CONTROL Hub-level control point for initiating enumerated command sequences through the HDE . HUB_DISPATCH_INFO Present state of real and reactive power dispatch and PVI enablement . HUB_GATES Configuration attributes for SCADA gateway control .

S&C Instruction Sheet 1047-521 103 Database Schema Table

Table Name Description HUB_SIMULATION_STATE Present state of the HDE in simulation mode . HUB_STATUS Present state of key hub operational indicators . HUB_VCS Hub version control system . NOTIFY_RECIPIENTS List of e-mail addresses associated with specific alarms, for use in notification function . STATIONS Station-level configuration attributes . TRANSFORMERS Transformer-level communication and configuration attributes . UNIT_SIMULATION_DATA Selection of unit data collected from DSHB_UNIT for use in simulations . VISUALCESUNIT Visual rendering attributes for CES Units . VISUALGROUP Visual rendering attributes for groups of CES Units . VISUALHUB Visual rendering attributes for Hubs . XFMR_SIMULATION_DATA Selection of transformer data collected from DSHB_ TRANSFORMER for use in simulations .

ITSG_COMMON Table 4. ITSG_COMMON List of Tables. List of Tables Table Name Description APPVERSION Application and schema version information currently installed . APPVERSION_HISTORY Historic application and schema version information . BOXANNOTATION Elements for rendering visual boxes within the circuit . COLUMN_SECURITY Role-based column-level and table-level update and delete specifications . COLUMN_SECURITY_ User role names for column-level security . ROLES CONFIGURATION Customer-specific attributes . CONNECTIVITY Allows for normally connecting wires to objects or wires to wires . CUSTOMER_ Subsets of IntelliTeam configurations and NetList CONFIGURATION snapshots . DEVICE_SWITCH IntelliTeam attributes of switching devices . IMAGEANNOTATION Elements for rendering images within the circuit . ITSG_ Used for saving the circuit and the diagram file needed for CIRCUITSCHEMATIC the circuit . ITSG_ Coordinates for schematic visual layout of the objects and CIRCUITSCHEMATIC wires in a circuit . LAYOUT ITSG_MAP Maps covering the entire system . ITSG_MAPPROJECTION Map coordinates used in rendering objects and wires in a circuit schematic . LINEANNOTATION Elements for rendering visual lines within the circuit . LOGGING Command log . (Not implemented at this time .) LOGIN User login status for non-SSO systems . NET_CONFIG_FILES IntelliTeam NetList file contents in XML format . OBJECT Allows for defining similar sets of objects that exist CONNECTIVITYSET separately within a large system .

104 S&C Instruction Sheet 1047-521 Database Schema Table

Table Name Description OBJECTTYPE Distribution system object types . PHYSICALOBJECT Contains all physical electrical objects needed for connectivity . PHYSICALWIRESEGMENT Describes the physical wire segments that make up the connectivity between physical objects . SUBSTATION_SOURCE Substation operational attributes . SUB_TEAM_ATTRIBUTE IntelliTeam attributes of substation teams . SWITCHING_DEVICE Communication attributes of switching devices . SWITCHING_DEVICE_ Types of switching devices . TYPE SW_TEAM_ATTRIBUTE IntelliTeam attributes of switch teams . SYSTEM_NODE Array of unique IntelliTeam node IDs . TEAM IntelliTeam attributes of all team types . TEAM_MEMBER IntelliTeam attributes of team members . TEAM_MEMBER_ Operational attributes of team members . ATTRIBUTE TEXTANNOTATION Elements for rendering text within the circuit . TRANSFORMER_METER Associates meters with transformers . USERAPPROLE User application roles for non-SSO systems . USERLOGIN User login configuration for non-SSO systems . VISUALOBJECT The main table for referencing all visual objects to be displayed in a map or circuit schematic . VISUALSUBSTATION Visual rendering attributes for substations . VISUAL_SWITCH Visual rendering attributes for switching devices . VISUAL_TEAM Visual rendering attributes for teams . V_GEO_SCHEMATIC IntelliTeam rendering attributes for geo-schematic layout . V_SCHEMATIC IntelliTeam rendering attributes for schematic layout .

S&C Instruction Sheet 1047-521 105