MN914009EN, Version 16

Visual T&D - Installation guide

Installation Guide
Notices
For use with version 5.3R3, or later, of the Visual T&D software.
All brand and product names appearing in this document are either trademarks or registered trademarks of
their respective holders.
© 2015-2024 Eaton – All rights reserved.
The information in this document is subject to change without notice.
Eaton's Energy Automation Solutions

1990 5th Street

Suite 220
Levis, Quebec, CANADA
G6W 5M6

Phone: 1.800.815.2258 (English support only)

Phone: 1.877.834.0009 (English and French support)

Fax: +1.514.227.5256

Web: http://www.eaton.com/smartgrid

Email: [email protected]

Technical Assistance: [email protected]

 Notices..........................................................................................................................................................................II
Contents
1 Introduction..................................................................................................................................................................1
1.1 Intended audience.............................................................................................................................................. 1
1.2 Overview............................................................................................................................................................. 1
1.3 Related Visual T&D documentation.................................................................................................................... 3
1.4 Getting assistance.............................................................................................................................................. 4
1.4.1 The Visual T&D Support Assistant.........................................................................................................4
1.4.2 Using the Visual T&D Support Assistant................................................................................................4
1.5 External libraries licensing.................................................................................................................................. 5

2 Visual T&D overview................................................................................................................................................... 6

2.1 Visual T&D software architecture........................................................................................................................6
2.1.1 The Visual T&D server........................................................................................................................... 6
2.1.2 The Visual T&D client applications........................................................................................................ 7
2.1.3 Optional Visual T&D functions............................................................................................................... 7
2.1.4 Visual T&D server redundancy.............................................................................................................. 8
2.1.5 The Visual T&D OPC server.................................................................................................................. 9
2.2 General hardware requirements for the Visual T&D server................................................................................ 9
2.3 Operating systems supported by Visual T&D..................................................................................................... 9
2.4 Database engines supported by Visual T&D...................................................................................................... 9
2.5 Operating system interaction with Visual T&D..................................................................................................10
2.6 Visual T&D license keys................................................................................................................................... 10

3 Visual T&D installation..............................................................................................................................................12

3.1 Visual T&D installation considerations..............................................................................................................12
3.1.1 Visual T&D database installation considerations................................................................................. 12
3.2 Roles and privileges tied to the Visual T&D security model..............................................................................13
3.3 Preparing Windows accounts as part of the Visual T&D deployment...............................................................13
3.3.1 Planning Windows accounts before Visual T&D installation................................................................14
3.4 Deploying a Visual T&D system on the server..................................................................................................17
3.4.1 Deploying a Visual T&D system on the server using the installer........................................................18
3.4.2 Deploying a Visual T&D system on the server using the command line interpreter............................ 19
3.5 Activating Visual T&D....................................................................................................................................... 21
3.5.1 Activating Visual T&D using Eaton License......................................................................................... 21
3.5.2 Activating Visual T&D using the legacy License.................................................................................. 24
3.5.3 Visual T&D demo mode....................................................................................................................... 25
3.6 Installing Visual T&D applications on a client computer................................................................................... 25
3.7 Changing Visual T&D client applications display language.............................................................................. 26
3.8 Upgrade from a previous Visual T&D installation............................................................................................. 26

Contents i
4 Visual T&D configuration..........................................................................................................................................28
4.1 Visual T&D server configuration....................................................................................................................... 28
4.1.1 The Visual T&D Server Agent.............................................................................................................. 28
4.1.1.1 Deactivating Visual T&D Server Agent status notifications................................................. 28
4.1.1.2 Removing the Visual T&D server agent icon from the system tray..................................... 28
4.1.2 The Visual T&D server Control Panel.................................................................................................. 29
4.1.2.1 Accessing the Visual T&D server Control Panel................................................................. 29
4.1.3 Visual T&D and Windows user account privileges...............................................................................30
4.1.3.1 Creating groups to grant privileges to users........................................................................30
4.1.3.2 Modifying an existing privilege group.................................................................................. 31
4.1.4 Visual T&D and Windows user accounts............................................................................................. 31
4.1.4.1 User accounts password requirements............................................................................... 31
4.1.4.2 Modifying password requirements for Visual T&D user accounts....................................... 32
4.1.4.3 Creating a new Visual T&D user account............................................................................ 32
4.1.4.4 Modifying an existing Visual T&D user account.................................................................. 33
4.1.4.5 Creating a Windows user account in Visual T&D................................................................ 33
4.1.4.6 Modifying an existing Windows user account......................................................................34
4.1.4.7 Configuring the Visual T&D authentication mode................................................................34
4.1.4.8 Changing a Visual T&D user account password in Visual T&D Explorer............................ 35
4.1.4.9 Allowing multiple login using the same credentials............................................................. 35
4.1.5 Remote Visual T&D server management............................................................................................ 35
4.1.5.1 Allowing remote Visual T&D server management............................................................... 36
4.1.6 Control operations in Visual T&D......................................................................................................... 36
4.1.6.1 Visual T&D SCADA control interlock................................................................................... 37
4.1.6.2 Activating Visual T&D SCADA control interlock.................................................................. 37
4.1.6.3 Visual T&D control operation privilege timeout....................................................................37
4.1.6.4 Specifying the Visual T&D control operation privilege timeout............................................ 38
4.1.6.5 Deactivating simultaneous control operations from multiple users......................................38
4.1.7 Visual T&D general alarm management settings.................................................................................38
4.1.7.1 Specifying how alarms and events must be managed on a given Visual T&D server........ 38
4.1.8 Visual T&D configuration files management........................................................................................ 39
4.1.8.1 Specifying the folder location to store Visual T&D configuration files..................................39
4.1.9 Visual T&D task management settings................................................................................................ 40
4.1.9.1 Specifying a dedicated account for Visual T&D tasks......................................................... 40
4.1.10 Syslog export module for Visual T&D.................................................................................................. 41
4.1.10.1 Activating the Syslog transmitter......................................................................................... 41
4.1.10.2 Specifying the address of the receiver................................................................................ 41
4.1.10.3 Log category options for the Syslog export module............................................................ 42
4.1.10.4 Selecting which log categories to transmit.......................................................................... 44
4.1.10.5 Adjusting the timestamp of Syslog messages..................................................................... 45
4.2 Visual T&D engine configuration.......................................................................................................................45
4.2.1 The Visual T&D Manager.....................................................................................................................45
4.2.2 The Visual T&D datalog....................................................................................................................... 46
4.2.2.1 Adding an SQL server database to the list of Visual T&D database servers...................... 46
4.2.2.2 Adding a PostgreSQL database to the list of Visual T&D database servers....................... 47

Contents ii
 4.2.2.3 Setting up the Visual T&D datalog.......................................................................................47
4.2.3 MultiSpeak specification interface........................................................................................................48
4.2.3.1 Implemented methods......................................................................................................... 48
4.2.3.2 Setting up Multispeak.......................................................................................................... 49
4.3 Services configuration and control....................................................................................................................50

5 Security hardening.................................................................................................................................................... 52
5.1 Restricting Visual T&D resources access......................................................................................................... 52
5.2 Restricting access to Visual T&D server resources.......................................................................................... 54
5.2.1 Restricting access to Visual T&D server resources through folder properties.....................................56
5.2.2 Add a group or user to a folder security or registry access list............................................................ 56
5.2.3 Remove Windows "Users" group or any other inherited privilege from a folder security or registry
access list.............................................................................................................................................57
5.2.4 Restricting access to Visual T&D server resources through registry settings......................................57
5.2.5 Specifying the Windows logon account for the Visual T&D server service..........................................58
5.2.6 Specifying the Windows logon account for the Visual T&D Engine service.........................................59
5.3 Restricting access to Visual T&D client application resources......................................................................... 60
5.3.1 Restricting Access to Visual T&D Client Application Resources through Folder Properties............... 62
5.3.2 Add a group or user to a folder security or registry access list (client application).............................. 62
5.3.3 Remove Windows "Users" group or any other inherited privilege from a folder security or registry
access list (client application).............................................................................................................. 62
5.3.4 Restricting access to Visual T&D workstation resources through registry settings............................. 63
5.4 Using the database server account with minimal privileges............................................................................. 63
5.5 Exception for communication ports...................................................................................................................63
5.5.1 Allowing communication with the Visual T&D through the firewall.......................................................63
5.5.2 Allowing communication with the Visual T&D server through DCOM ports.........................................65
5.5.3 Restricting access to Visual T&D server DCOM ports.........................................................................65
5.6 DCOM authentication level for communication with Visual T&D server........................................................... 66
5.6.1 Reinforcing data integrity in communications with Visual T&D server................................................. 67
5.6.2 Using DCOM with unidentified access.................................................................................................68
5.7 Displaying appropriate use banner................................................................................................................... 68
5.8 About Windows automatic updates...................................................................................................................69

6 The Visual T&D standalone HMI mode.................................................................................................................... 70

6.1 The Visual T&D Kiosk mode............................................................................................................................. 70
6.2 The Visual T&D Shell Configurator................................................................................................................... 70
6.3 Starting the Visual T&D Shell Configurator.......................................................................................................71
6.4 Visual T&D Standalone HMI mode logon information.......................................................................................71
6.5 Specifying logon information for the Visual T&D Standalone HMI mode..........................................................71
6.6 Configuring applications for Visual T&D Standalone HMI mode...................................................................... 73
6.7 Activating the Visual T&D Standalone HMI mode.............................................................................................74
6.8 Leaving the Visual T&D Standalone HMI mode................................................................................................75
6.9 Deactivating the Visual T&D Standalone HMI mode........................................................................................ 75

Contents iii
7 Visual T&D server maintenance...............................................................................................................................76
7.1 Visual T&D backup and restore operations...................................................................................................... 76
7.1.1 Visual T&D backup considerations...................................................................................................... 76
7.1.2 Backing up a site configuration using Visual T&D Support Assistant.................................................. 76
7.1.3 Restoring a site configuration backed up using Visual T&D Support Assistant................................... 77
7.2 License key management................................................................................................................................. 78
7.2.1 Viewing Current Visual T&D License Information................................................................................ 78
7.2.2 Managing Eaton license key................................................................................................................ 79
7.2.2.1 Migrating your legacy license key to an Eaton license key................................................. 79
7.2.2.2 Upgrading your current Eaton license key...........................................................................79
7.2.2.3 Moving your current Eaton license key to another machine................................................79
7.2.3 Managing legacy license key............................................................................................................... 80
7.2.3.1 How Visual T&D is selecting its license............................................................................... 81
7.2.3.2 The SafeNet Web tool to manage the HASP HL Net key....................................................83
7.2.3.2.1 Verifying the availability of a license key......................................................... 83
7.2.3.2.2 Setting up security for remote configuration access for the HASP HL Net
key................................................................................................................... 84
7.2.3.2.3 Setting up a Visual TD host computer to find HASP HL Net keys...................85
7.2.3.2.4 Setting up remote host computers from the local ACC................................... 86
7.2.3.2.5 Setting up users access from the key's local ACC.......................................... 87
7.2.3.2.6 Consulting active sessions on a specific HASP HL Net key............................88
7.2.3.3 The License Activator utility program.................................................................................. 89
7.2.3.4 Upgrading your current Visual T&D license using License Activator...................................90

8 Eaton product secure configuration guidelines.....................................................................................................92

8.1 Secure Configuration Guidelines...................................................................................................................... 92
8.2 References........................................................................................................................................................97

Appendix.................................................................................................................................................................... 98
External libraries licensing descriptions............................................................................................................ 98

Contents iv
List of Tables
Table 1 : Sections of the document.............................................................................................................................. 2
Table 2 : Related documentation..................................................................................................................................3
Table 3 : Optional Visual T&D functions.......................................................................................................................8
Table 4 : Windows account specifications in reference with the security model........................................................ 13
Table 5 : Windows accounts specifications................................................................................................................ 16
Table 6 : Available options for the installer used in command line interpreter........................................................... 19
Table 7 : Specific issues related to a Visual T&D upgrade.........................................................................................27
Table 8 : Visual T&D and Windows user account privileges...................................................................................... 30
Table 9 : SMP Gateway system data points for SCADA Control Interlock.................................................................37
Table 10 : Log Category Options..................................................................................................................................42
Table 11 : Visual T&D Server resource accesses for different accounts..................................................................... 54
Table 12 : Visual T&D client application resource accesses for different accounts..................................................... 60
Table 13 : Ports opened by Visual T&D....................................................................................................................... 64
Table 14 : Ports used by Visual T&D............................................................................................................................64
Table 15 : DCOM authentication levels supported according to the Visual T&D version.............................................66
Table 16 : Forcing the Visual T&D server to choose a license key with a lower priority.............................................. 82
Table 17 : Cybersecurity guidelines, description of the categories.............................................................................. 92

Contents v
List of Figures
Figure 1 : The Visual T&D software architecture........................................................................................................... 6
Figure 2 : Operating system interaction with Visual T&D............................................................................................ 10
Figure 3 : Visual T&D components with Windows accounts running them..................................................................14
Figure 4 : Planning T&D installation............................................................................................................................ 15
Figure 5 : Visual T&D components with access levels to folders................................................................................ 52
Figure 6 : Planning privileges for each resource......................................................................................................... 53

Contents vi
Introduction Chapter 1

1 Introduction
This is the installation guide of Visual T&D, a software solution that is part of Eaton family of product for energy automa-
tion.
In addition to providing the basic installation procedures for the Visual T&D software components, this document also
proposes some guidance on how to securely deploy a Visual T&D system in a production environment.

1.1 Intended audience

This installation guide is primarily intended for Visual T&D system integrators and administrators.
The Visual T&D system integrator is responsible for the installation, configuration and maintenance of a Visual T&D
complete system.
The network administrator should also be involved to help system administrators and integrators with Windows accounts
and groups configuration and with all operating systems settings related to a secure Visual T&D deployment.
Knowledge requirements
The information contained in this document requires a basic level of understanding in the following fields:

• Computer processes and terminology

• Networking
• Local IT policies
• Computer security concepts and other local infrastructure knowledge
• Features and functionalities of the Visual T&D product (described in provided manuals and guides)

1.2 Overview
This document contains all the information required to install, configure and perform the maintenance of a Visual T&D
complete system.
The guidance provided for the secure deployment of the Visual T&D software components are focused on the Visual
T&D product itself, by pointing which elements of the operating system are used by Visual T&D and guiding the system
administrator and integrator on the most secure way to deploy Visual T&D software components.
This document cannot be used for hardening the whole operating system host. We recommend using this document in
combination with any best-practice guidelines published for your operating system.

Note: The configuration of a Visual T&D site, which includes the specification of data sources, data points settings,
alarms, events and other site-related features, is performed using the Visual T&D Explorer client application.

Visual T&D - Installation guide - Installation Guide page 1

Chapter 1 Introduction

The Visual T&D Installation Guide is divided into the following sections:

Introduction This is the current chapter. It presents the purpose and scope of this document,
indicates how to contact Eaton for assistance, and lists all related documents.

Visual T&D overview This chapter presents the Visual T&D software architecture, its general hardware
and software requirements and, the operating system interaction with the different
Visual T&D software components.

Visual T&D installation This chapter first presents basic elements for the Visual T&D installation planning.

Visual T&D server This chapter presents the different tools to configure the Visual T&D server.
configuration

Security hardening Visual T&D components store application data mainly on the operating file system
and in the registry. The access to those resources can be restricted to specific
Windows accounts or groups to ensure data confidentiality and also minimizing
software attack surface.

The Visual T&D standalone This chapter presents the Visual T&D Standalone HMI mode and explains how to
HMI mode configure Visual T&D, using the Visual T&D Shell Configurator application, to run in
this mode.

Visual T&D server This chapter contains all the information required to perform maintenance of your
maintenance Visual T&D system.

Eaton product secure This chapter provides important guidelines for secure deployment and configuration
configuration guidelines of Visual T&D.

Table 1 : Sections of the document

page 2 Visual T&D - Installation guide - Installation Guide

Introduction Chapter 1

1.3 Related Visual T&D documentation

The following Eaton documents, which are also provided with the Visual T&D software, contain additional information
about the product and its general use:

Visual T&D Explorer User MN914001EN This document presents the Visual T&D Explorer, an application
Manual providing immediate access to all Visual T&D data points in real-
time, in a variety of formats, with minimum configuration effort.
It also explains how to configure these data points and the
various real-time and historical views, but also how to set up
alarms and events based on these data points' values.

Visual T&D Diagram Editor MN914002EN This document presents the Diagram Editor, a Visual T&D
User Guide application allowing the creation of interactive diagrams used to
monitor and operate a substation or an electric grid.

Visual T&D Excel Add-In MN914006EN This document presents the Visual T&D Excel Add-In, a
User Guide Microsoft Excel add-in that allows Visual T&D users to access
® ®

the real-time and historical substation data in Microsoft Excel

spreadsheets, create custom reports based on this data, and
perform advanced calculations on it.

Visual T&D Communication
Server User Guide
MN914007EN This document explains how to set up the Visual T&D
Communication Server, an optional component of Visual T&D
that allows you to connect substation devices to the Visual T&D
server without having to go through an SMP Gateway or an OPC
server.

Visual T&D Cluster MN914008EN This document describes the various operations that must
Configuration Guide be performed to install and set up Visual T&D in a failover
cluster configuration.

Real-Time Monitor User MN914019EN This document contains all the information required to install,
Manual configure and use the Real-Time Monitor Web Solution, an
extension to the Visual T&D software that allows to access a
Web HMI for day-to-day operations.

Integrating Visual T&D to a MN914021EN This technical specification presents all necessary instructions
database server to integrate Visual T&D to a new or existing database server
as well as the technical aspects to consider for a successful
integration.

Table 2 : Related documentation

These documents are found in the Visual T&D installation package. They are installed on the computer hosting Visual
T&D along with the software applications. Some technical notes are also provided.

Note: Documentation related to Windows accounts settings and operating system’s best practices can be found
online on Microsoft sites.

Visual T&D - Installation guide - Installation Guide page 3

Chapter 1 Introduction

1.4 Getting assistance

If you have any question regarding the performance, application or testing of any component of the product, please do
not hesitate to contact us.

Technical Support
Eaton
Energy Automation Solutions

Email for technical assistance: [email protected]

Phone: 1.800.815.2258 (English support only)

Phone: 1.877.834.0009 (English and French support)

Business hours are from 8 a.m. and 5 p.m. CST, Monday to Friday.

1.4.1 The Visual T&D Support Assistant

The Visual T&D Support Assistant is an application that allows the user to fetch the configuration and user data of a
given site, from the Visual T&D server, and store it in a ZIP file.
This file can then be transmitted to Eaton Technical Support team when you request user assistance, to help them
troubleshoot your issues.
You can also use the Visual T&D Support Assistant to backup and restore Visual T&D site configurations.

1.4.2 Using the Visual T&D Support Assistant

The Visual T&D support assistant must be run on both, workstation and server, when the situation calls for it.

1. Select Windows > Programs > Eaton Visual T&D > Support Assistant.
2. In the Visual T&D Support Assistant window, click Create.

3. If the proposed site configuration file is not the one for which you need assistance, click the Browse button, locate
the corresponding site configuration file (.mdb), and then click Open.

page 4 Visual T&D - Installation guide - Installation Guide

Introduction Chapter 1

4. Type the complete path and name of the folder where the ZIP file will be copied, or use the corresponding Browse
button to locate and select that folder.
5. Click Fetch to generate the ZIP file at the specified location.
6. Once the ZIP file was properly generated, click Close.

1.5 External libraries licensing

The Visual T&D software contains some code and class libraries from third party vendors or open source communities.
Refer to the Appendix section External libraries licensing descriptions at the end of this manual for details.

Visual T&D - Installation guide - Installation Guide page 5

Chapter 2 Visual T&D overview

2 Visual T&D overview

This chapter presents the Visual T&D software architecture, its general hardware and software requirements and, the
operating system interaction with the different Visual T&D software components.

2.1 Visual T&D software architecture

Visual T&D implements a client-server architecture.
The Visual T&D server performs all the mission-critical real-time functions of the system. Typically, the Visual T&D server
is hosted on a dedicated computer located directly in the substation, the control center, or the server room.
The user interface to Visual T&D is provided by the Explorer and Diagram Editor client applications. Together, these
programs provide the HMI for the substation. These client applications can be located on any computer with access to
the server through a LAN, WAN or dial-up connection.
The Visual T&D client-server architecture provides any number of users with simultaneous access to all the substation
data, historical or real-time, locally or remotely.

Figure 1 : The Visual T&D software architecture

2.1.1 The Visual T&D server

The server is the main software component of Visual T&D.
It performs all the mission-critical real-time functions such as data acquisition, data logging and alarm management.
Since the server is the central component of the system, it also manages the site configuration and supports the client
programs.
The Visual T&D server supports the following types of data sources:
• SMP Gateways

page 6 Visual T&D - Installation guide - Installation Guide

Visual T&D overview Chapter 2

• OPC servers
• The Visual T&D Communication Server
• Enterprise Gateway
Each of these data sources can itself be connected to large number of binary or analog data points.
In most systems, configuring the data acquisition parameters for each data point is often quite a challenging task. With
Visual T&D, this task is greatly simplified by the built-in capability to query the data sources and automatically import the
configuration of all their data points. Furthermore, once the system is set up, the server can detect changes to the data
sources and update the site configuration accordingly.
Once the data sources are set up and the data points have been identified, the server can immediately start performing
basic data acquisition and data logging functions. With a minimum of effort, you can use Visual T&D to chart and display
significant data related to the substation.
If you provide additional configuration parameters, the server will be able to perform even more advanced functions,
such as scaling analog readings, detecting thresholds, and generating alarms and events.

2.1.2 The Visual T&D client applications

While the Visual T&D server performs the mission-critical real-time aspects of the system, the Visual T&D Explorer and
Diagram Editor client applications provide the HMI functions required to monitor and control the operation of the substa-
tion.
When you run a Visual T&D client application, it connects to the Visual T&D server and retrieves the current state of the
system. It is then continuously notified of all changes, events, alarms, etc. The Visual T&D client-server communication
link is specially designed to provide highly responsive client applications even through a low bandwidth connection, such
as a dial-up modem connection.
This communication link is based on the exchange of short encoded messages. The server sends the minimum
amount of information necessary for the client application to create the required display. In order to implement this
communication link, client applications require an up-to-date copy of the Visual T&D site configuration.
In addition, a Visual T&D Web HMI is available to users for day-to-day operations. This Web interface provides the HMI
functions required to monitor and control the operation of the substation.
For the Visual T&D Web HMI to be working, it is required that the Real-Time Monitor Web solution be installed locally, or
on a dedicated machine. Please refer to the Real-Time Monitor Web solution User Manual, MN912019EN, for details on
how to install and use.

2.1.3 Optional Visual T&D functions

Visual T&D includes a number of optional functions.
Some of these options are installed automatically based on your license. Others, such as OPC Data Access and
Reports, must not only be supported by your license but also require that you select them at installation time.
If you purchase an option after having installed Visual T&D, you must upgrade your license key and install the
corresponding software component, as required.
The optional Visual T&D functions are presented in the following table:

Visual T&D - Installation guide - Installation Guide page 7

Chapter 2 Visual T&D overview

Optional Functions Description

Reports Allows you to generate reports of significant events for a selected time frame.

DFR Allows you to view historical charts of the different channels on a device, subsequent
to a problem that caused the generation of a digital fault record.

Alarm and Event Allows you to notify interested parties, via email, SMS or pager, when significant
Notification events occur.

OPC Data Access Allows you to access the real-time values, quality flags and timestamps of the data
points via an OPC client. Visual T&D then operates as an OPC server supporting
version 2.05a of the OPC Data Access standard.

Communication Server Allows you to connect substation devices to your Visual T&D computer without having
to go through an SMP Gateway or an OPC server.

Redundancy Allows you to install Visual T&D in a cluster for fault tolerance, to ensure high
availability of the Visual T&D server in case of hardware or software failure.

Import of data from Allows you to import data stored in the datalog of a Visual T&D server version 3.7 or
previous Visual T&D earlier.
datalog versions

MultiSpeak Allows you to communicate with external enterprise application software using the
SCADA interface of the MultiSpeak protocol.

Table 3 : Optional Visual T&D functions

2.1.4 Visual T&D server redundancy

Visual T&D can be configured to run on redundant server computers.
Redundancy is based on cluster technology. By definition, a cluster consists of two or more computers, called nodes,
connected together in such a way that they behave like a single computer. Visual T&D is installed on both nodes of the
cluster. Only the server is aware of the cluster; the latter is transparent to the client applications, which can be installed
on one or both computers, or on another computer altogether.
The two cluster computers must have exactly the same hardware configuration, each using the same operating system.
Even if the Visual T&D server is installed on both computers, only one instance runs at any given time. Both share a
common configuration file. If the server is running on one computer and a problem arises, a fallback is made to the
server residing on the other computer.
For additional information about the configuration of a Visual T&D cluster, refer to the Visual T&D Cluster Configuration
Guide, MN914008EN.

page 8 Visual T&D - Installation guide - Installation Guide

Visual T&D overview Chapter 2

2.1.5 The Visual T&D OPC server

The OPC Data Access option allows Visual T&D to operate as an OPC server supporting version 2.05a of the OPC Data
Access standard.
Users can then access the real-time values, quality flags and timestamps of Visual T&D data points, via an OPC client.

Note: To make a Visual T&D data point available through the Visual T&D OPC server, you must select the
Publish OPC setting specific to this data point.
The COM server name (i.e. ProgID) of the Visual T&D OPC server is Cybectec.VisualSubstation.1.

2.2 General hardware requirements for the Visual T&D server

The Visual T&D server must be installed on a computer that has a 1.6 GHz processor (or faster), with at least 4 GB of
RAM memory and a hard drive of at least 250 GB. Eaton recommends the use of 2.8 GHz processor to ensure optimal
performance.
If the Visual T&D server computer also hosts the Visual T&D data log database, refer to the corresponding database
documentation for additional memory and disk space requirements.

Note: If the Visual T&D server must be installed on a failover cluster, refer to the following website to learn the
requirements that apply to this particular scenario:http://technet.microsoft.com/en-us/library/cc771404.aspx

2.3 Operating systems supported by Visual T&D

Visual T&D can be installed on the following Microsoft operating systems:
• Windows 10
• Windows 11
• Windows Server 2016
• Windows Server 2019
• Windows Server 2022
Visual T&D can be installed on the 64-bit versions of the aforementioned operating systems, but will run in Compatibility
mode.

Note: The supported Windows Code Page is 1252 - Windows Latin. The installer will refuse to install Visual T&D if
this specific Code Page is not supported by the Windows version installed on the computer.

2.4 Database engines supported by Visual T&D

The Visual T&D server data log requires a database engine.
The following database engines are supported by Visual T&D:
• PostgreSQL 10.x to 14.x
• Microsoft SQL Server 2012, 2016, 2017 or 2019

Note: The use of a local or remote Microsoft SQL Server or PostgreSQL database does not require a license
option.

Visual T&D - Installation guide - Installation Guide page 9

Chapter 2 Visual T&D overview

2.5 Operating system interaction with Visual T&D

In our present-day world, security practices have become an important factor in software system deployment. In the spe-
cific Visual T&D case, actions can be taken to restrict as much as possible operating system resources’ usage by Visual
T&D components.
More specifically, aspects assessed to impose some restrictions are the following:
• Windows accounts running components
• Visual T&D data access
• Visual T&D communication channels

Figure 2 : Operating system interaction with Visual T&D

2.6 Visual T&D license keys

A Visual T&D license key is provided with the Visual T&D software to specify the options and characteristics that are
supported by the Visual T&D application you purchased.
In addition to the list of optional Visual T&D functions you purchased, the license key specifies:
• the number of users that can use Visual T&D client programs simultaneously
• the maximum number of data points that can be configured in a Visual T&D site configuration
• the maximum number of data sources that can be configured in a Visual T&D site configuration
If you purchase an option after having installed Visual T&D, you must upgrade your license key and install the
corresponding software component, as required.
A license key upgrade is also required if you want to increase the maximum number of users, data points, or data
sources supported by your Visual T&D license.

page 10 Visual T&D - Installation guide - Installation Guide

Visual T&D overview Chapter 2

The Visual T&D Maintenance Plan provides you with continuous access to the latest version of the Visual T&D software:
• Free access to software releases. You will have free access to new software releases. A minimum of one update
per year is planned.
• Notifications. You will receive notifications of updates, patches, and fixes to existing versions of your covered
software products (Subject to product life cycle policy).
Software maintenance is included with all new software purchase. You will be notified by the software when the
maintenance period is about to expire.
Please contact our inside sales department for a quote based on your needs at [email protected].

Visual T&D - Installation guide - Installation Guide page 11

Chapter 3 Visual T&D installation

3 Visual T&D installation

This chapter first presents basic elements for the Visual T&D installation planning.
It describes the different roles and privileges tied to the Visual T&D security model for the software components
deployment. A guide is also included to help prepare Window accounts according to the needs. Finally, the Visual T&D
installation instructions are following.

Note: If you are installing redundant Visual T&D servers, refer to the Visual T&D Cluster Configuration Guide,
MN914008EN, rather than using the procedure described in this chapter.

3.1 Visual T&D installation considerations

Before proceeding with the installation of the Visual T&D software, a Visual T&D system administrator must take some
factors into account.
Multiple deployment scenarios are possible:
• The Visual T&D server components (including the datalog database) and the client programs can all be installed on
the same computer.
• The Visual T&D server components and the client programs can be installed on separate computers, thus
implementing a true server-client architecture.
Multiple database configurations are also possible:
• The Visual T&D server can be configured to use a corporate PostgreSQL database.
• The Visual T&D server can be configured to use a corporate Microsoft SQL Server database.

Note: The installer is used to perform offline installation of the Visual T&D software, which means that it does
not require an internet connection: it contains everything that needs to be installed, including third-party software
components.

3.1.1 Visual T&D database installation considerations

The Visual T&D server components and the Visual T&D datalog database can be installed on the same computer. How-
ever, it is recommended to install them on different computers or, at least, on different disk drives.
Before proceeding with the installation of a new Visual T&D server, or the migration of an existing Visual T&D server,
verify the availability of existing corporate PostgreSQL or MS SQL Server database servers with your IT department.
Authentication Considerations
The Visual T&D server can access its database through one of the following authentication methods:
• Database Server Authentication
• Windows Authentication

Note: Regardless of the selected authentication method, roles and privileges are managed using local database
accounts.
If Windows Authentication is selected, refer to section Planning Windows accounts before Visual T&D installation to
plan and configure users executing Visual T&D services. In that case, the service account will be used to connect to the
historian database.

page 12 Visual T&D - Installation guide - Installation Guide

Visual T&D installation Chapter 3

3.2 Roles and privileges tied to the Visual T&D security model
In Visual T&D, the security model relies on specific roles and privileges to describe its intended security deployment.
Privileges are tied to a physical person and give the right to run or access a specific software component or function.
Groups associate together user privileges, they are used for the permission to access a specific set of resources
belonging to an application; they confine security rules and apply the least privilege principle. Depending on the
customer’s policies and local organization, two or more roles can be assumed by the same physical person.
The following table resumes the Windows account specifications in reference to the security model defined for the Visual
T&D system and according to the physical person involved and its role and relation with the Visual T&D system.

Physical person (role) Physical person's tasks Windows account specification

Visual T&D administrator (integrator) • Install Visual T&D product Tied to a local machine privilege
• Configure all settings for a right
successful deployment

Network administrator
Help the Visual T&D administrator to Tied to a domain administrator
configure every request related to: account
• Windows accounts and groups
• Administrator settings that are
part of the deployment

Visual T&D operators Use the Visual T&D system on a day Tied to a Windows account with
to day basis credentials for each user

Visual T&D engineer In charge of Visual T&D system Tied to a Windows account
configuration (operational)

Table 4 : Windows account specifications in reference with the security model

3.3 Preparing Windows accounts as part of the Visual T&D

deployment
This section is intended to help create requirements for the network administrator to prepare Windows accounts needed
as part of a complete Visual T&D software deployment.
The following diagram shows the Visual T&D components and the different Windows accounts tied to the system
deployment.

Visual T&D - Installation guide - Installation Guide page 13

Chapter 3 Visual T&D installation

Figure 3 : Visual T&D components with Windows accounts running them

3.3.1 Planning Windows accounts before Visual T&D installation

The following information will help you plan your Visual T&D installation.
You must first establish your needs; the following diagram will help you decide which Visual T&D accounts are needed.

page 14 Visual T&D - Installation guide - Installation Guide

Visual T&D installation Chapter 3

Figure 4 : Planning T&D installation

Using the table below as a guide will help you for the creation of required and optional accounts, if they do not already
exist in your network environment.

Visual T&D - Installation guide - Installation Guide page 15

Chapter 3 Visual T&D installation

Windows Required/ Specifications Account Usage

Account Optional

Local machine R Must be a member of the local group: • Install the product
administrator • Administrators • Access Visual T&D security
settings located in the Visual
T&D Server Control Panel.

Visual T&D R • Non administrative Windows account • One account for each physical
Operator • Can be member of a domain group person accessing Visual T&D via
called "VTD Operators" product client application.

Visual T&D R Must be a member of the local group: • Visual T&D configuration in an
Engineer • Administrators operational standpoint.
• Access to Visual T&D security
settings located in the Visual
T&D Server Control Panel.

Visual T&D R • Non -Administrative Windows account • Execute the configured “start an
Task • Must have the following privilege: application” type task (launched
- Execute (for the executable by Visual T&D Server).
location set in the configured

Visual T&D O Non-administrative account • This account is needed to restrict

Server Service • Dedicated Windows Service account resources access of Visual T&D
(to run Visual T&D Server) Server to its minimum.
• Must have the following local security • By default, the Visual T&D Server
policies enabled: runs as “Local System” account.
- Change the system time
- Change the time zone,
- Profile System performance
If you plan to create scheduled tasks of
type “Start an application":
• Must be member of administrator
group
• Must have the following local security
policies enabled:
- Security privilege "Replace a
process level token"
- Security privilege “Adjust

Visual T&D O Non-administrative account • This account is needed to restrict

Service Layer • Dedicated Windows Service account (to
run Visual T&D Service Layer)
resources access of Visual T&D
Service Layer to its minimum.
• By default, the Visual T&D
Service Layer runs as “Local
System” account.

Table 5 : Windows accounts specifications

page 16 Visual T&D - Installation guide - Installation Guide

Visual T&D installation Chapter 3

Windows Required/ Specifications Account Usage

Account Optional

Visual T&D R Non-administrative account

Engine Service • Dedicated Windows Service account • By default, the Visual T&D Engine
(to run Visual T&D Engine) automatically Service runs as “VTD” account.
created by the Visual T&D installer.

Table 5 : Windows accounts specifications

These required and optional Windows accounts, if they do not already exits, will be configured as the Visual T&D
component installation process evolves.

3.4 Deploying a Visual T&D system on the server

Visual T&D deployment can be done using the Visual T&D installer, which provides option choices during the installation
process or using the command line interpreter which is done without user intervention with imposed options.
Before you begin:

• Verify that you have administrative privileges on the server computer.

• Make sure the Visual T&D installer is copied on the server computer.
• Determine if you will use a Microsoft SQL Server or a PostgreSQL database.
• If your Visual T&D license is on a legacy hardware key, you should connect it to the server computer before
proceeding with the Visual T&D installation.
• It is recommended to unload all antivirus programs that are installed on the server computer. Installation errors that
are caused by the presence of an active antivirus program are hard to detect and troubleshoot. You can restart such
programs at the end of the installation process.

Note: It is possible to install Visual T&D in silent mode, for example in an automated installation. To do that, a
script is necessary and this script must take into account all visual T&D installation parameters as well as all the
Visual T&D product prerequisites. This installation method is not yet documented; if you want to install Visual T&D
system in silent mode, please contact our Technical Support at Getting assistance, and we will be happy to assist
you with this task.
With both installation methods, once the installation competed, it is possible to consult the installation log. To do that:
• Find the host computer temporary directory (e.g.: C:\Windows\Temp\)
• In this directory, open the MSI log file. The file is identified as VTD_M.m.b.sp where:

M= Major version number

m= Minor version number

b= Sequential build number

sp = Service pack number

Ex: VTD_4.3.9.0 (the number is different from the software version identification, e.g.: 5.3R3)

Visual T&D - Installation guide - Installation Guide page 17

Chapter 3 Visual T&D installation

3.4.1 Deploying a Visual T&D system on the server using the installer
The following instructions explain how to install and deploy a Visual T&D system using the Visual T&D installer.

1. In Windows Explorer, double-click the installer file.

2. Select the server installation language, and then click OK.

Note: Visual T&D applications are installed both in English and French. Although it is possible to change
the client applications language at runtime, the server data always remains in the same language, which is
determined at installation time.
3. Components selection
a. Select components to install.

b. If the Visual T&D Communication Server module is required, click on the corresponding icon and select
This feature will be installed on local hard drive.
c. For each selected feature, you can also click Change to change the installation folder of that feature.
d. Once finished with the selection of the feature to install, click Next to continue.
4. In the final pane, click Create shortcuts to Visual T&D client applications on your desktop if you want to create
shortcuts to the Visual T&D Explorer and Visual T&D Diagram Editor programs on the server computer desktop.
5. Click Install to start the installation process.

The installer will proceed with the installation of the selected Visual T&D components, along with third-party software
components that are required by Visual T&D.
6. If required by the installer, restart the computer to complete the installation process. Once the installation completes
successfully, click Done.

The Visual T&D Server should start automatically, and a startup notification message should be displayed in the
Windows system tray by the Visual T&D Server Agent.

Note: If a problem occurs when installing the Microsoft Redistributable VC90 component, try the following
procedure:
a. Using the Regedit application, create the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE
\Cybectec\Common.
b. Created the following DWORD value: Release_VC9.0Redist and set the DWORD value to 1.
c. Close the Regedit application and restart the installation.

page 18 Visual T&D - Installation guide - Installation Guide

Visual T&D installation Chapter 3

3.4.2 Deploying a Visual T&D system on the server using the command line
interpreter
The following instructions explain how to install and deploy a Visual T&D system using the command line interpreter.
This installation is performed without any user intervention and uses predefined option choices included in the syntax.
The options that are not specified are using the default settings.

1. Open the command line interpreter by clicking on Windows Start button.

2. Type cmd.exe in the search program and files field.
3. Start the installer on the command line interpreter using the following syntax:

Visual T&D.exe [/LValue]/v"/qr [OPTIONS=value]..."

Option Choice Description

/L 1033 Sets the programs language in English.

3084 Sets the programs language in French.

/s Optional Installs Visual T&D silently. Must be used in conjunction with the /gn
option (see section Product specific options below)

/v" " Mandatory Introduces the product specific options.

Note: The double quote strings after /v include parameters

passed to the msiexec service. Do not add a space beside the
first double quote string (").

Important: Add a backslash before reserved characters (\ and ")

when inside the /v"...options...

Product specific options

/gn, /gr, /gb or /gf Refer to the documentation of user interface levels for Microsoft MSI
installer: none, reduced, basic and full.

Table 6 : Available options for the installer used in command line interpreter

Visual T&D - Installation guide - Installation Guide page 19

Chapter 3 Visual T&D installation

Option Choice Description

ADDLOCAL Diagram Installs all specified components. Separate the values

with a comma, without space. The default installation is:
ExcelAddIn ADDLOCAL=Diagram,ExcelAddIn,Explorer,Server,
CommunicationServer,OPCServer
Explorer

Server

Communication
Server

OPCServer

INSTALLDIR Visual T&D installation directory. The default installation directory is C:

\Program Files (x86)\Eaton\

COMMSERVER_ Communication server installation directory. The default installation

INSTALLDIR directory is C:\Program Files (x86)\Eaton\

NO_EXCEL_BY_ 1 Defines the ExcelAddIn component as not installed by default.

DEFAULT
0 This is the default value, it places the ExcelAddIn component as
installed by default.

DESKTOP_ 1 Desktop shortcuts are created for the installed components.

SHORTCUT
0 This is the default value. No desktop shortcuts are created for the
installed components.

FORCE_INSTALL In the case when one value related to the options is affected, it
ignores the operation validation result that require a reboot before
proceeding with the installation procedure.

IS_NET_API_LOGON Mandatory Visual T&D local account password that will be either verified or
_PASSWORD created to run VTDEngine service.

IS_NET_API_NEW 1 The value 1 is mandatory when installing without user interface

_USER_VALIDATED dialogs during which the Visual T&D local account is normally created
or validated.

KEEPSERVICES 1 or 0 Set this property to 1 to avoid affecting the services logon

configuration during a reinstall or upgrade operation. In such a case,
the services will not be removed or reinstalled. This option can be
used for Visual T&D version 5.2R1 and later.

Table 6 : Available options for the installer used in command line interpreter

page 20 Visual T&D - Installation guide - Installation Guide

Visual T&D installation Chapter 3

Option Choice Description

SERVICE_NAME_ This parameter allows to specify a given prefix to all "Visual T&D
PREFIX Server" services names. All characters must be included in the
specified prefix, including the space character if needed.
For example: SERVICE_NAME_PREFIX="YFA - "

Table 6 : Available options for the installer used in command line interpreter

Note: The Visual T&D installer has been developed using MSI technology. To learn more about basic options
for a MSI installer in command line interpreter, run the following command: msiexec /?.

Following is an example of a Visual T&D installation in command line interpreter.

"Visual T&D.exe" /L1033 /s /v"/qn /norestart ADDLOCAL=Diagram,Explorer,Server
FORCE_INSTALL=1 IS_NET_API_LOGON_PASSWORD=Passw0rd! IS_NET_API_NEW_USER_VALIDATED=1
KEEPSERVICES=1"
In this example, Visual T&D is installed silently, in English, and the services of the previously installed version are kept
with their actual logon role information.
Note that the Visual T&D installer does not allow product reconfiguration using the usual REINSTALL or REINS-
TALLMODE properties. The following command line or any usage of REINSTALL, REINSTALLMODE property or /f com-
mand line options will produce an error message:
"Visual T&D.exe" /L1033 /s /v"/qb /norestart REINSTALL=Diagram,Explorer,Server
FORCE_INSTALL=1 IS_NET_API_LOGON_PASSWORD=Passw0rd! IS_NET_API_NEW_USER_VALIDATED=1
KEEPSERVICES=1 REINSTALLMODE=vomus"
The error message associated with the previous command line: “Visual T&D does not support automatic silent reconfig-
uration or repair. Please execute installer manually to repair the product if needed.”
To correctly reinstall Visual T&D, do not use REINSTALLMODE nor REINSTALL and use KEEPSERVICES=1 property
to avoid affecting the services logon configuration.

3.5 Activating Visual T&D

3.5.1 Activating Visual T&D using Eaton License

This procedure explains how to proceed to generate a software key for your Visual T&D using the Visual T&D Manager
application.
The initial Visual T&D activation must be perform offline. Subsequent renewals or updates may be performed online if
the Visual T&D server machine has Internet access. Otherwise, the offline activation process can be used.
To activate Visual T&D using Eaton License:

1. Access the Visual T&D Manager.

2. Select the Licensing tab, select the Activation page.

Visual T&D - Installation guide - Installation Guide page 21

Chapter 3 Visual T&D installation

3. In the Activation ID(s) section, simply cut and paste the activation ID copied from the email you received into the
empty field. Be careful not to copy any leading or trailing spaces. Press the Enter key and repeat the same process
for all activation IDs.

4. If the Visual T&D server does not have Internet access or you are activating the Eaton license for the first time,
follow these instructions. Otherwise, go to the next step:
a. In the Offline section, click the Export button. This will generate a "capability request" file.
b. Using another computer that has access to Internet, open the following Eaton licensing website: https://
eaton.flexnetoperations.com/flexnet/operationsportal/logon.do and click the Register
link. You can get to this URL by clicking on the Open licensing website button.

c. Enter your registration information in the form, and select Complete when finished. Please note that we
may contact you in the future regarding updates and/or renewal of the Visual T&D software. Your contact
information will not be used for marketing purposes without your express consent and opt-in.

page 22 Visual T&D - Installation guide - Installation Guide

Visual T&D installation Chapter 3

d. Using the menu, navigate to Device > Offline Device Management.

e. Verify that the option Generate license is selected. Then, click the Choose file button to browse and select
the Capability request file that you generated using Visual T&D Manager.
f. Click Upload. When the process is completed, a message area will be displayed near the top of your
browser window with a link to download a Capability response file.
g. Click the link to download the Capability response file.
h. Return to Visual T&D Manager and click on the Import button to select and upload the capability response
file that you previously downloaded.
i. Click Apply.

Visual T&D - Installation guide - Installation Guide page 23

Chapter 3 Visual T&D installation

5. If the Visual T&D server has Internet access and you are not activating the license for the first time, you can activate
your license from Visual T&D Manager using the online mode:
a. In the Options section, select the Online mode option.
b. Click Apply.

Note: If the Visual T&D server machine uses a proxy for outgoing connections, you must
open the following file: C:\Program Files (x86)\Eaton\Visual T&D\Engine
\VTD.Engine.exe.config, uncomment the proxy settings section and specify the proxy address in
the relevant settings section. The URL must have the following format : http://proxy.abc.com:8080.
6. Select the Options page, to verify that the required license options are activated for your Visual T&D system.

3.5.2 Activating Visual T&D using the legacy License

This procedure only applies to legacy Visual T&D license keys, which were issued for version 5.2 or earlier of the Visual
T&D software.
Before you begin:

The License Activator program must be installed on the Visual T&D server computer.

Note: License Activator is automatically installed with the Visual T&D server components.
License key activation is only required for software key, or license key upgrades; hardware keys do not need to be acti-
vated.

1. Start License Activator.

2. Click Collect C2V.

page 24 Visual T&D - Installation guide - Installation Guide

Visual T&D installation Chapter 3

License Activator will collect some hardware characteristics of the computer; these characteristics are required to
generate the software key, and will be stored in a .c2v file.
3. Select a location for .c2v file, type its name, and then click Save.
4. Send the .c2v file to the following email address : [email protected].

An Eaton representative will send you the corresponding .v2c file.

5. Save the .v2c file on the Visual T&D server computer.
6. In License Activator, click Apply V2C.
7. Select the .v2c file received from Eaton, and then click OK.
8. Restart the Visual T&D Server.

What to do next:

Using License Activator, generate a new .c2v file and send it to Eaton to the aforementioned email address. This will:
• Inform us that the activation process was successfully completed;
• Help us providing you with a new license key faster if you purchase new options for your current Visual T&D
installation.

3.5.3 Visual T&D demo mode

The Visual T&D demo mode allows users to work with Visual T&D without a license key.
When the Visual T&D server starts and cannot detect a valid license key, it automatically enters demo mode. This mode
contains all the functionalities, except that data acquisition is stopped. Thus, despite the fact that this system cannot be
used in production, the user can create, configure and test a site configuration.
Visual T&D Explorer and Visual T&D Diagram Editor use the Status Bar to display the demo mode current state.

3.6 Installing Visual T&D applications on a client computer

Before you begin:

Make sure the Visual T&D installer is copied on the client computer.
The Visual T&D Explorer and Visual T&D Diagram Editor client applications can also be installed on computers that do
not host a Visual T&D server.
To install Visual T&D applications on a client computer:

1. In Windows Explorer, double-click the installer file.

2. In the Visual T&D InstallShield Wizard, follow the first instructions until you reach the components selections pane.

Visual T&D - Installation guide - Installation Guide page 25

Chapter 3 Visual T&D installation

3. Select Visual T&D client applications, and then click Next.

4. In the final pane, click Create shortcuts to Visual T&D client applications on your desktop if you want to create
shortcuts to the Visual T&D Explorer and Visual T&D Diagram Editor programs on the server computer desktop.
5. Click Install to start the installation process.

The installer will proceed with the installation of the selected Visual T&D components, along with third- party soft-
ware components that are required by Visual T&D.
6. Once the installation completes successfully, click Done.

3.7 Changing Visual T&D client applications display language

Although the Visual T&D server language is determined at installation time, you can change the display language of the
Visual T&D client applications through Visual T&D Explorer and Diagram Editor.
To change Visual T&D client applications display language:

1. Start Visual T&D Explorer or Visual T&D Diagram Editor.

2. To switch from English to French, select Tools > Switch language > French.
3. To switch from French to English, select Outils > Changer la langue de Visual T&D > Anglais.

3.8 Upgrade from a previous Visual T&D installation

If you run the installer on a computer where Visual T&D is already installed, the installer will prompt you to confirm the
removal of the previous installation and its replacement by the new version.
During an upgrade, the installer preserves the configuration data and only replaces the Visual T&D server and client
software components. The following table points to specific issues related to a Visual T&D upgrade. For the Visual T&D
version you are using, verify if any of the listed issues apply to your situation.

page 26 Visual T&D - Installation guide - Installation Guide

Visual T&D installation Chapter 3

Issues Affected Explanations References

versions

Data log feature 5.0 and With version 4.0 of the Visual T&D software, Technical specification:
earlier the Visual T&D data log feature was redesigned Integrating Visual T&D
to store the data in a professional third-party to a database server
database engine. Data log files transfer (MN914021EN)
from previous versions does not take place
automatically. To do so, you need to use the
Visual T&D Server Configuration application.
Note that this step is required before upgrading
to version 5.1 or later database schema.
With version 5.1 of the Visual T&D software,
the Visual T&D data log feature was
redesigned for scalability improvements. If the
datalog version is between 4.0 and 5.0 then
the Visual T&D Database Migration Tool must
be used.

DCOM 4.3 and Visual T&D uses the DCOM authentication level Using DCOM with
unidentified earlier CALL by default. The DCOM authentication unidentified access
access level NONE is required if the Visual T&D Server
computer cannot recognize the calling Windows
account coming from the Visual T&D Explorer
or Diagram application. Usually it is the case
if computers are not part of a domain network,
where accounts definitions are centralized.

Communication 5.2 and later With version 5.1 and earlier of the Visual T&D
Server feature Communication Server, the configuration file
in SMP Config used an SMP 16 automation
platform by default. This platform is not
recognized anymore in the latest version of
SMP Config; therefore, it must to be manually
changed for an SMP SG-42xx automation
platform.
To make this change, you must use the SMP
Config tool installed with the latest SMP Tools
package. In addition, you have to delete the
previous versions of the configuration file
located under: C:\Users\<username>
\AppData\Roaming\Cooper Power
Systems\Visual T&D\Explorer\Param
\<sitename>\.

Table 7 : Specific issues related to a Visual T&D upgrade

Visual T&D - Installation guide - Installation Guide page 27

Chapter 4 Visual T&D configuration

4 Visual T&D configuration

This chapter first presents Visual T&D server configuration as well as Visual T&D engine configuration and services con-
figuration and control.

4.1 Visual T&D server configuration

The Visual T&D server itself has no specific user interface.
It provides its current status through the Visual T&D Server Agent, which is visible in the Windows system tray, and it is
essentially configured using the Visual T&D Server Control Panel application.

Note: The configuration of a Visual T&D site, which includes the specification of data sources, data points settings,
alarms, events and other site-related features, is performed using the Visual T&D Explorer client application.

4.1.1 The Visual T&D Server Agent

The Visual T&D Server Agent is a process that provides status information about the Visual T&D server.
It is the only visible interface to the server, publishing notification messages through an icon in the Windows system tray.
Users should keep an eye on this icon for server status updates. To get the current status of the server, move the mouse
pointer over the icon: the status will appear in a tooltip.
For example, the following notification message is displayed while the server is starting up:

4.1.1.1 Deactivating Visual T&D Server Agent status notifications

To deactivate Visual T&D Server Agent status notifications:

1. Right-click the Visual T&D Server Agent icon in the Windows system tray.
2. If there is a check mark beside the Show status changed notifications command, click the command to deactivate
such notifications.

Note: To reactivate these notifications, click the Show status changed notifications command again to
make the check mark appear beside it.

4.1.1.2 Removing the Visual T&D server agent icon from the system tray

To remove the Visual T&D server agent icon from the system tray:

1. Right-click the Visual T&D Server Agent icon in the Windows system tray.
2. Click the Remove Agent Icon command.

Note: To restore the icon, select Windows > Programs > Eaton > Visual T&D > Visual T&D Server Agent.

page 28 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

4.1.2 The Visual T&D server Control Panel

The Visual T&D server Control Panel application is available on the Visual T&D server computer, through the Windows
Control Panel or Windows Start menu > Eaton Visual T&D > Visual T&D Server Configuration.
It is used to configure the general behavior of the Visual T&D server, by specifying the following settings:
• Groups configuration used to group together privileges that can then be assigned to Visual T&D and Windows user
accounts.
• Visual T&D user accounts including the password policy that applies to it and Windows user accounts.
• Remote operation privileges, control operation settings, and alarm management details.
• Some redundancy-specific settings, which apply to Visual T&D systems installed in a failover cluster configuration.
• Dedicated Windows account configuration in Visual T&D to be used by the Task Manager tool (Windows account:
Visual T&D Task).
• Syslog messages configuration, options and settings.

4.1.2.1 Accessing the Visual T&D server Control Panel

Before you begin:

To be able to access the Visual T&D server Control Panel and set up Visual T&D server properties, you must log on to
the computer with a user account that has administrative privileges.
To access the Visual T&D server Control Panel:

1. Select Windows > Control Panel.

2. In the Control Panel window, click System and Security, and then click Visual T&D Server Configuration.

Visual T&D - Installation guide - Installation Guide page 29

Chapter 4 Visual T&D configuration

4.1.3 Visual T&D and Windows user account privileges

The following table presents the various privileges that can be granted to Visual T&D and Windows users. These privi-
leges are grouped together in privilege groups that are then used when creating or modifying the user accounts.

Privilege Description

User can edit site Allow the user to edit site configurations, and to update the current site configuration
configuration on the Visual T&D server.

User can perform control Allow the user to perform control operations through Visual T&D.
operations

User can simulate data Allow the user to put the Visual T&D server into Simulation mode, in order to simulate
transitions on the data points for engineering and commissioning purposes.

User can acknowledge Allow the user to acknowledge and clear alarms.
and clear alarms

User can set silent, Allow the user to set alarms as silent, permanent or blocked.
permanent and blocked
alarms

User can manage tags Allow the user to tag data points.

User can manage tags Allow the user to edit and delete tags that were created by other users.
added by other users
Note: This privilege can only be granted to users who have the User can man-
age tags privilege.

User can create user Allow the user to create and edit its own user events.
events and modify its own
events

User can modify user Allow the use to edit user events that were created by other users.
events created by other
users Note: This privilege can only be granted to users who have the User can create
user events and modify its own events privilege.

Table 8 : Visual T&D and Windows user account privileges

4.1.3.1 Creating groups to grant privileges to users

Before you begin:

It is recommended to define privilege Groups before creating new Users.

To create groups to grant privileges to users:

1. Access the Visual T&D server Control Panel.

2. Select the User Management tab.

page 30 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

3. Under User List, click on the Groups folder, the name of the already configured Visual T&D groups are displayed in
the right pane.
4. Click Add; a new group is created and called New Group by default. Change the name.
5. Select this newly created group and, in the right pane, select the privileges you want to assign to this group.
6. Click OK.

4.1.3.2 Modifying an existing privilege group

To modify an existing privilege group:

1. Access the Visual T&D server Control Panel.

2. Select the User Management tab.
3. Under User List, in the Groups folder, select the group and then click Modify.
4. Change the desired settings as required.
5. Click OK.

4.1.4 Visual T&D and Windows user accounts

User accounts configured in Visual T&D define the actions that a user can perform in Visual T&D. Visual T&D gives the
possibility for a user to authenticate using a Visual T&D user account or a Windows user account that has been config-
ured in Visual T&D.
Each user account has a user name, a password, and a list of groups of privileges that are granted to the user.
Visual T&D user accounts are normally set up by the Visual T&D system administrators, Windows user accounts are
however, create by the network administrator but the Visual T&D system administrator needs to add and configure these
accounts in Visual T&D.

4.1.4.1 User accounts password requirements

A password must be assigned to each Visual T&D and Windows user account.
The network administrator creates the Windows accounts and therefore, will set the passwords with their requirements
for theses accounts.
For the Visual T&D user accounts, the Visual T&D system administrators can set the passwords' minimum length; this
length value must be larger than or equal to 6.
Visual T&D system administrators can also enforce passwords to meet specific complexity requirements, by requiring
each password to contain characters from each of the 3 following categories:
• alphabetic high caps (A to Z) or small caps (a to z)
• numeric (0 to 9)
• special characters (ex: !$%?&*)
Unless it is configured to never expire, a Visual T&D user account password expires after 42 days. If the user connects
to the Visual T&D server during the 7-day period prior to the password expiration date, the Visual T&D client application
informs him about this matter and offers him to change his password.

Visual T&D - Installation guide - Installation Guide page 31

Chapter 4 Visual T&D configuration

4.1.4.2 Modifying password requirements for Visual T&D user accounts

To modify password requirements for Visual T&D user accounts:

1. Access the Visual T&D server Control Panel.

2. Select the User Management tab.
3. Under Settings, type the minimum length of all Visual T&D user accounts' passwords in the Minimum password
length box.
4. Select Password must meet complexity requirements if you want to enforce the use of complex passwords,
according to section User accounts password requirements.

Note: Activating password complexity requirements does not invalidate existing passwords, thus users will be
affected only when they will change their current password.
5. Select Enable account lock if you want the account to automatically lock for 30 minutes after three (3) failed login
attempts.
6. Click OK.

4.1.4.3 Creating a new Visual T&D user account

Before you begin:

It is recommended to define the password requirements for Visual T&D user accounts before creating any new account.
To create a new Visual T&D user account:

1. Access the Visual T&D server Control Panel.

2. Select the User Management tab.
3. Under User List, click on the Users folder, the name of the already configured Visual T&D users are displayed in
the right pane.
4. Click Add.

5. Type a User name for this account.

6. Type a Password that meets the password requirements selected by your Visual T&D system administrator; type it
a second time in the Confirm password box.
7. Specify the following optional user account settings:
a. If you want the user to change its password next time he will log on to the Visual T&D server, select User
must change password at next logon.

page 32 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

b. If you want to prevent the user from being able to change his password, select User cannot change
password.
c. If you want to prevent the password from expiring, select Password never expires; otherwise, the
password will expire after 42 days.
d. If you want to temporarily deactivate this account, select Account is disabled.

Note that a user with a disabled account will remain deactivated, even if this user is also part of an active
user group.
8. Click OK.

The user newly created is added in the list under the Users folder, in the left pane.
What to do next:

You must now grant privileges to the newly created Visual T&D user. To do that, in the right pane, under Group , select
the groups that the user should be given access to.

4.1.4.4 Modifying an existing Visual T&D user account

To modifying an existing Visual T&D user account:

1. Access the Visual T&D server Control Panel.

2. Select the User Management tab.
3. Under User List, in the Users folder, select the account to modify and then click Modify.
4. Modify the desired settings as required.
5. Click OK.

4.1.4.5 Creating a Windows user account in Visual T&D

Before you begin:

Windows authentication is configured as single sign-on account. You can create more than one Windows Users
accounts but the currently signed-on Windows account, the one the user used to logon to its Windows session, is the
default one. To logon with another Windows user account, the user must use the “Run as a different user” Windows
function to override the current Windows user.
To create a Windows user account in Visual T&D:

1. Access the Visual T&D server Control Panel.

2. Select the User Management tab.
3. Under User List, click on the Windows Users folder, the name of the already configured Windows users are
displayed in the right pane.
4. Click Add.

Visual T&D - Installation guide - Installation Guide page 33

Chapter 4 Visual T&D configuration

5. Using the Select Users or Groups window, find the Windows account you want to configure as a Windows user
account in Visual T&D.
6. Click OK.

The user account newly created is added in the list under the Windows Users folder, in the left pane with a user
name corresponding to its corresponding Windows account name.
What to do next:

You must now grant privileges to the newly created Windows User. To do that, in the right pane, under Group, select the
groups that the user should be given access to.

4.1.4.6 Modifying an existing Windows user account

To modifying an existing Windows user account:

1. Access the Visual T&D server Control Panel.

2. Select the User Management tab.
3. Under User List, under the Windows Users folder, select the account to modify and then click Modify.
4. The only setting you are allowed to modify is the Account is disabled setting. Select it if you want to temporarily
deactivate this account in Visual T&D.

Note: This applies at the Visual T&D server authentication level. It does not disable the Windows account
itself.
5. Click OK.

4.1.4.7 Configuring the Visual T&D authentication mode

In Visual T&D, two different authentication modes are allowed for Explorer and Diagram authentication.
To configure which authentication modes are allowed in Visual T&D:

1. Access the Visual T&D server Control Panel.

2. Select the User Management tab.
3. Under Settings, in the Authentication mode box, select one of the following options:

• Visual T&D and Windows (default)

• Visual T&D only
• Windows only
4. Click OK.

page 34 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

4.1.4.8 Changing a Visual T&D user account password in Visual T&D Explorer

When a user authenticated himself with a Visual T&D user account in Visual T&D Explorer, It is possible for this user to
change its password in Visual T&D Explorer.
To change a Visual T&D user account password in Visual T&D Explorer:

1. Start Visual T&D Explorer.

2. Select Server > Change Password.

3. Type the password to replace in the Old Password box.

4. Type the new password in the New Password and Confirm New Password boxes.
5. Click OK.

4.1.4.9 Allowing multiple login using the same credentials

It is possible, for a user, to logon from different workstations with the same user account.

Note: This option does not apply to the Visual T&D web HMI. With the web interface, it is always possible to use
the same credentials from different workstations.

To allow multiple login using the same credentials:

1. Access the Visual T&D server Control Panel.

2. Select the User Management tab.
3. Under Settings, select Allow multiple login using the same credential from different workstation.
4. Click OK.

4.1.5 Remote Visual T&D server management

You can also authorize or prevent management of the Visual T&D server from a remote computer through the Visual
T&D server Control Panel.
Three type of management operations can be performed remotely:
• Control operations performed on the Visual T&D binary or analog output points
• Alarm management operations, such as the acknowledgment of active alarms
• Tag management operations on the Visual T&D data points
By default, all remote control and management operations can only be performed locally, i.e. from the Visual T&D server
computer.

Visual T&D - Installation guide - Installation Guide page 35

Chapter 4 Visual T&D configuration

4.1.5.1 Allowing remote Visual T&D server management

To Allow remote Visual T&D server management :

1. Access the Visual T&D server Control Panel.

2. Select the Server Management tab.

3. Under Remote Privileges, select which operations Visual T&D users will be able to perform from a remote
computer, if they have the required privileges.
4. Click OK.

4.1.6 Control operations in Visual T&D

Visual T&D is used not only as a specialized Human-Machine Interface (HMI) and for historical data archiving of power
substations, but also for supervisory control operations.
Both Visual T&D Diagram Editor and Visual T&D Explorer client applications can be configured to perform control
operations. Visual T&D Explorer can be set up to perform operations in a few minutes, whereas Visual T&D Diagram
Editor needs a little bit more engineering, but is more flexible. When engineering cost is a major concern in setting up a
system, Visual T&D Explorer is the preferred solution for control operations.

page 36 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

4.1.6.1 Visual T&D SCADA control interlock

The Visual T&D SCADA Control Interlock mechanism is used with an SMP Gateway data source, to allow or forbid con-
trol operations from local substations, that is, from Visual T&D.
The SMP Gateway provides two system data points that are used by the mechanism:

System Data Point Name Description

_smp___localControl This binary input point indicates the state of the local control lock.
When this point has a value of 1, local control is enabled; when the value is 0, local
control is locked.

_smp___setLocalControl This binary output point is used to modify the local control lock state, from
Visual T&D or from the SCADA.

Table 9 : SMP Gateway system data points for SCADA Control Interlock

4.1.6.2 Activating Visual T&D SCADA control interlock

This procedure explains how to activate the Visual T&D SCADA Control Interlock mechanism, not to perform the Inter-
lock operation itself; once activated, users can then operate the corresponding SMP Gateway system data point to tog-
gle between the Local and Local/Remote operation modes.
To activate Visual T&D SCADA control interlock:

1. Access the Visual T&D server Control Panel.

2. Select the Server Management tab.
3. Under Control Operations Settings, select Enable SCADA Control Interlock.
4. Click OK.

4.1.6.3 Visual T&D control operation privilege timeout

The Visual T&D server can automatically suspends the control operation privilege of a user if his workstation remains
inactive for a certain amount of time.
This function prevents unauthorized persons from performing control and tag operations in the Visual T&D Diagram
Editor or Explorer programs. After the specified timeout period, the user has to reenter his password to re-establish his
privileges.
The aforementioned timeout period can be configured using the Visual T&D server Control Panel.
To deactivate the control operation privilege timeout feature, specify a value of 0 for the timeout value.

Note: This function only works when the current user is authenticated with a Visual T&D account. Since Visual
T&D does not directly manage Windows-authenticated Visual T&D accounts, other operating system features (e.g.
Windows screen saver lock ) can be used in these situations.

Visual T&D - Installation guide - Installation Guide page 37

Chapter 4 Visual T&D configuration

4.1.6.4 Specifying the Visual T&D control operation privilege timeout

To specify the Visual T&D control operation privilege timeout:

1. Access the Visual T&D server Control Panel.

2. Select the Server Management tab.
3. Under Control Operations Settings, in the Control operations privilege timeout box, type the number of minutes
after which a connected user loses control operation execution privileges if his workstation remains inactive.
4. Click OK.

4.1.6.5 Deactivating simultaneous control operations from multiple users

In a setup where multiple users have privileges over control operations, it is possible to limit control operations to a sin-
gle user at a time. In such a case, users will need to gain exclusive access before being able to perform control opera-
tions.
To deactivate simultaneous control operations from multiple users:

1. Access the Visual T&D server Control Panel.

2. Select the Server Management tab.
3. Under Control Operations Settings, clear the check box beside the Enable simultaneous control operations
from multiple users option.
4. Click OK.

4.1.7 Visual T&D general alarm management settings

The Visual T&D server generates alarms that required specific user attention and operations.
The Visual T&D general alarm management settings define how all alarms must be acknowledged and cleared, and in
which order. These settings are specified via the Visual T&D server Control Panel, and apply to all sites configured on a
given Visual T&D server.

4.1.7.1 Specifying how alarms and events must be managed on a given Visual T&D server

To specifying how alarms and events must be managed on a given Visual T&D server:

1. Access the Visual T&D server Control Panel.

2. Select the Server Management tab.
3. Under Alarm and Event Management, select how alarms and events generated on this Visual T&D server, for all
sites, must be managed by Visual T&D users. The following options are available:
• You can select Alarms must be acknowledged and recalled in the order they occurred; in this case, the
Alarms and Events toolbar will contain the Ack and Clear All, Ack Oldest, and Clear Oldest tool buttons.
• You can also select Alarms can be acknowledged and recalled in any order; in this case, the Alarms and
Events toolbar will contain the Ack & Clear All, Acknowledge, and Clear tool buttons.
• You can also select the Custom option, which allows you to choose which buttons will appear in the Alarms and
Events toolbar.
• You can select Events on analog transitions triggered when deadband is exceeded; in this case, an event

page 38 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

will be triggered immediately when an analog transition exceeds the configured deadband.
4. If you selected the Custom option, click Customize.

a. Select the buttons you want to see on the toolbar.

b. Use the Up and Down buttons to change their order of appearance.
c. Click OK.
5. In the Temporary chime duration box, specify the duration, in seconds, of the alarm chime for alarms triggered on
data points whose Chime Duration setting is set to Temporary.
6. Click OK.

4.1.8 Visual T&D configuration files management

You can specify the folder location where configuration files are stored through the Visual T&D Server Control Panel.
This feature provides more flexibility for users having to cope with folder access restrictions.

4.1.8.1 Specifying the folder location to store Visual T&D configuration files

To specify the folder location to store Visual T&D configuration files:

1. Access the Visual T&D Server Control Panel.

2. Select the Server Management tab.
3. Under Configuration, specify the folder path where the Visual T&D configuration files will be stored.

• The specified path must exist and can be local or on a mapped network drive.
• Click Browse to navigate to the desired folder.
• Click Default to select the default folder path, which is set to: C:\ProgramData\Eaton\Visual T&D
\Server\.
4. Click OK.

An automatic copying process of the configuration files will then be launched and the Visual T&D server will be restarted.
If the copying process fails, the specified folder will automatically rollback to the previous folder path setting.

Visual T&D - Installation guide - Installation Guide page 39

Chapter 4 Visual T&D configuration

4.1.9 Visual T&D task management settings

The Visual T&D server can perform automated tasks on a scheduled basis or when a specific event occurs.
Since Windows Vista, Visual T&D tasks that are used to start applications can no longer be automatically performed by
the Windows System account unless a local Windows session is opened on the server: a dedicated account must be
created and assigned to the Visual T&D Task Manager, via the Visual T&D server Control Panel.

4.1.9.1 Specifying a dedicated account for Visual T&D tasks

This procedure explains how to proceed to create a Windows account dedicated to Visual T&D automated task execu-
tion, via the Visual T&D server Control Panel.
This configuration procedure is only required if you need Visual T&D to perform automated tasks that start applications.
Such tasks are configured in Visual T&D Explorer, using the Task Manager.

1. Access the Visual T&D server Control Panel.

2. Select the Task Management tab.

3. In the User name and Password boxes, type the name and password of the Windows account that will be
dedicated to Visual T&D task execution.
4. In the Domain box, select the corresponding workgroup or domain of the account.
5. Click Validate.
6. If the account does not exist, you will be prompted to create the account (if you have sufficient privileges to do so).

The Credentials are valid message will appear if the specified credentials are those of a valid account or if the specified
account was successfully created.

Note: Specific privileges tied to this account may be required. The need for these privileges depends if the task
of type “Launch an application” is needed for the account. This is specified in the table from section Planning
Windows accounts before Visual T&D installation.

page 40 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

4.1.10 Syslog export module for Visual T&D

Syslog is a method for delivering log information from a sender to a receiver. In the Visual T&D case, the event mes-
sages transmission uses a UDP/IP connection. Syslog can be used to integrate log data from many different types of
systems into a central repository. It is then possible for the system administrator to dispatch these messages to emails or
SMS systems, for example.
Visual T&D sends its Event messages, to a single receiver that is configured via the Visual T&D server Control Panel.
The messages are not encrypted by the Syslog export module.

4.1.10.1 Activating the Syslog transmitter

This configuration is performed from the Visual T&D server Control Panel.

1. Access the Visual T&D server Control Panel.

2. Select the Syslog tab.

3. Under Syslog Configuration, select Enable Transmission of Syslog messages.

4.1.10.2 Specifying the address of the receiver

This operation is performed from the Visual T&D server Control Panel and the Syslog transmitter must be activated.

1. Access the Visual T&D server Control Panel.

2. Select the Syslog tab.
3. Under Receiver Parameters, in the Receiver address box, type the IP address of the message recipient.

Visual T&D - Installation guide - Installation Guide page 41

Chapter 4 Visual T&D configuration

4. Still under Receiver Parameters, in the Port number box, type the port number used for the Syslog message
transmission. The default port number is 514.
5. Click OK.

4.1.10.3 Log category options for the Syslog export module

The following table presents the various categories of logs that can be generated by Visual T&D with the suggested Sys-
log facility and severity levels to use for each category:

Category Event type Description Syslog Facility Syslog Severity

(default) (default)

Events generated by the server in certain

Information Visual T&D local use 0 Informational
situations for information purposes

Events and alarms generated by the server

in situations that require user intervention,
Warnings Visual T&D but where the system is still functional (ex.: local use 0 Warning
data source out of synchronization with the
server).

Events and alarms generated by the server

in situations that require immediate user
Errors Visual T&D local use 0 Error
intervention and where the system is no
longer functional (ex.: data log full).

Events generated by the server when

security/
Security Audits the latter refuses user authentication or
Visual T&D authorization Warning
Denials operation execution because of improper
messages
privileges.

Events generated by the server when an security/

Authentication Visual T&D user authentication succeeded and when a authorization Warning
user terminated a session. messages

Events generated when actual Visual T&D

User Accounts
Visual T&D user accounts or their related privileges are local use 0 Informational
Configuration
modified.

Events generated when the Visual T&D

server configuration is modified; this
Server includes all parameters affecting the
Visual T&D local use 0 Informational
Configuration system behavior, regardless of the loaded
site. For example: tasks, notifications,
password complexity.

Table 10 : Log Category Options

page 42 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

Category Event type Description Syslog Facility Syslog Severity

(default) (default)

Events generated when a Visual T&D

Site site configuration is modified. It includes
Visual T&D local use 0 Informational
Configuration the site parameters update and the site
associated diagram update.

Events generated when a control operation

Control User is performed on a configured data point,
local use 3 Informational
Operations initiated such as when a breaker is opened, for
example.

Alarm Events generated when an alarm is

User
Management acknowledged or cleared. local use 5 Informational
initiated
Operations

User Events generated when an entry is added

User Log local use 6 Informational
initiated in the User Log.

User Events generated when values are

Data Simulation local use 0 Informational
initiated simulated on data points.

Events generated by the server whenever

Events from Data file it receives a data file that it recognizes as
local use 6 Informational
Event Records acquisition significant to the application (ex.: a DFR file
in COMTRADE format).

Alarms generated by the server whenever

Alarms from Data file
it receives a data file that it recognizes as local use 6 Notice
Event Records acquisition
significant to the application.

Alarms generated by an external device

External Device
and acquired by Visual T&D. Reserved for local use 6 Warning
Failures
custom applications.

Expert System Diagnostic events generated by the

Events optional Visual T&D Expert System local use 7 Informational
component.

Expert System Alarms generated by the optional Visual local use 7

Notice
Alarms T&D Expert System component.

Table 10 : Log Category Options

Visual T&D - Installation guide - Installation Guide page 43

Chapter 4 Visual T&D configuration

Category Event type Description Syslog Facility Syslog Severity

(default) (default)

Operation diagnostics generated by

the optional Visual T&D Expert System
Expert System component. Operation diagnostics are
local use 7 Informational
Operations generated by the expert system in order
to report unusual operating conditions that
require operator intervention.

Tag Operation Events generated when a tag is set or

User
Events cleared. Sub-categories are available for all local use 6 Informational
initiated
Control Inhibited and Information tags.

Events from Process Events generated by the server which are

local use 6 Informational
transitions related associated with a transition on a data point.

Alarms from Process Alarms generated by the server which are

local use 5 Notice
points related associated with a data point.

Table 10 : Log Category Options

A Syslog message is composed of:

• The message's Syslog Facility code indicates the system category that generated the message, the Syslog Facility
codes are standard codes. In the Log Categories Options, each Visual T&D Event Category is set to a default Syslog
Facility value but the user can configure the Syslog Facility to any available Facility using the scrolling menu.
• The message's Syslog Severity code is a value between 0 and 7 that correspond to the Syslog Severity defined
in the Log Categories Options. Each Visual T&D Event category is set to a default Syslog Severily level but the user
can configure it to any available Severity level using the scrolling menu.
• The Priority code which is equal to the (Facility code *8) + the Severity code.
• Timestamp of the Event.
• The Event message: Visual T&D Event description + point name (optional) + value (optional).

4.1.10.4 Selecting which log categories to transmit

This operation is performed from the Visual T&D server Control Panel and the Syslog transmitter must be activated.

1. Access the Visual T&D server Control Panel.

2. Select the Syslog tab.
3. Under Log Category Options, for each category of log entries:
a. Make sure the corresponding Enabled check box is selected for each category of log entries that you want
to transmit.
b. Make sure the corresponding Enabled check box is cleared for each category of log entries that you do not
want to transmit.
4. If you have completed the configuration of the Syslog transmitter, click OK.

page 44 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

4.1.10.5 Adjusting the timestamp of Syslog messages

Timestamp of Syslog messages are adjusted to the time zone of the receiver to display messages in local time at the
receiver side.
This operation is performed from the Visual T&D server Control Panel. The Syslog transmitter must be activated and the
Receiver Parameters must be configured.

1. Access the Visual T&D server Control Panel.

2. Select the Syslog tab.
3. Under General Parameters, in the Time zone box, select the Time zone used by the Syslog receiver.
4. Under General Parameters, select Adjust to Daylight Saving Time for daylight saving time schedule adjustments.
5. If you have completed the configuration for the Syslog transmitter, click OK.

4.2 Visual T&D engine configuration

4.2.1 The Visual T&D Manager

The Visual T&D Manager application is available on the Visual T&D server computer, through the Windows Start menu >
Eaton Visual T&D > Visual T&D Manager.
It is used to configure the general behavior of the Visual T&D engine service, by specifying Visual T&D data log
database location and related settings.

Note: To be able to open the Visual T&D Manager, you must log on to the computer with a user account that has
administrative privileges.

Visual T&D - Installation guide - Installation Guide page 45

Chapter 4 Visual T&D configuration

4.2.2 The Visual T&D datalog

The Visual T&D engine service can record data on a continuous basis in a database called the Visual T&D Data Log.
All recorded data is time-stamped and tagged for quality. The datalog allows you to reconstruct the sequence of events
and to see the data point transitions, using the Historical Data display.
More specifically, Visual T&D data log records the following data items:
• All events
• All transitions (binary point state changes and sampled analog point values) on data points for which the Need Log
setting is selected

Note: By default, the Need Log setting is selected for all binary points added to a site configuration; this is not
the case for newly added analog points, which can generate a large amount of transitions.
The Visual T&D server components and the Visual T&D datalog database can be installed on the same computer.
However, it is recommended to install them on different computers or, at least, on different disk drives.

4.2.2.1 Adding an SQL server database to the list of Visual T&D database servers

This procedure explains how to add a corporate Microsoft SQL server database to the list of Visual T&D database
servers in the Visual T&D Manager.
Before you begin:

• If the SQL Server database is installed on a separate computer:

• Using SQL Server Management Studio, make sure that the database server properties allow remote
connections.
• Using SQL Server Configuration Manager, in the SQL Server Network Configuration settings branch, verify
that the TCP/IP and Named Pipes protocols are enabled for the corresponding database instance.
To add an SQL server database to the list of Visual T&D database servers:

1. Access the Visual T&D Manager.

2. Select the Data Logging tab.
3. Under Database Connection, Click Add.
4. Enter an appropriate Name for the connection.
5. Select Microsoft SQL Server, specify the database connection settings and the authentication settings:
a. In the Server box, type the network name or IP address of the SQL Server host computer.
b. In the Authentication box, select the authentication method that the Visual T&D engine will use to connect
with the database server.

Note: If Windows Authentication is selected, make sure that the corresponding Windows account is
assigned to the Visual T&D engine service.
Otherwise, if Database authentication is selected, make sure that the database server is configured to
allow mixed authentication (SQL Server and Windows Authentication).

page 46 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

In both scenarios, using SQL Server Management Studio, verify that:

• the corresponding account is granted permission to connect to the database engine
• this account can be used to login to the database
• the account is granted the sysadmin role
c. Enter the credentials of the corresponding account in the Login and Password boxes.
6. Modify the Database name if needed.
7. To use this database for the Visual T&D datalog, click Is active.
8. Click Apply.

4.2.2.2 Adding a PostgreSQL database to the list of Visual T&D database servers

This procedure explains how to add a corporate PostgreSQL database to the list of Visual T&D database servers in the
Visual T&D Manager.
To add a PostgreSQL database to the list of Visual T&D database servers:

1. Access the Visual T&D Manager.

2. Select the Data Logging tab.
3. Under Database Connection, click Add.
4. Enter an appropriate Name for the connection.
5. Select PostgreSQL, specify the database connection settings, and the authentication settings:
a. In the Server box, type the network name or IP address of the PostgreSQL host computer.
b. In the Port box, type the PostgreSQL port.

Note: The default PostgreSQL port is 5432. The default PostgreSQL port in a earlier Visual T&D
installation is 5433.
c. In the Authentication box, select the authentication method that the Visual T&D engine will use to connect
with the database server.

Note: If Windows Authentication is selected, make sure that the corresponding Windows account is
assigned to the Visual T&D engine service.
d. Enter the credentials of the corresponding account in the Username and Password boxes
6. Modify the Database name if needed.
7. To use this database for the Visual T&D datalog, click Is active.
8. Click Apply.

4.2.2.3 Setting up the Visual T&D datalog

This procedure explains how to configure the Visual T&D datalog settings.
To purge old data automatically:

1. Access Visual T&D Manager.

Visual T&D - Installation guide - Installation Guide page 47

Chapter 4 Visual T&D configuration

2. Select the Data Logging tab.

3. Under Settings, select Keep only the last X days.
4. Enter the number of days of data you want to keep in the database; the system will automatically delete data older
than the specified number of days.
5. Click Apply.

4.2.3 MultiSpeak specification interface

The MultiSpeak specification is a standard for integrating enterprise application software commonly used by utilities. It
®

defines standardized communications among servers in the utility domain. Visual T&D supports MultiSpeak Specification
versions 4 and 5 which are accessible using the following URLs:

• http://<VTD server>:8095/multispeak/v4/SCADA_Server
• http://<VTD server>:8095/multispeak/v5/SCADA_Server
Where <VTD server> is the UNC name or IP addresss of the Visual T&D server.
Visual T&D implements the Supervisory Control and Data Acquisition (SCADA) Web Service endpoint. This endpoint
provides status detection, logging of analog information, and control of remote power system equipment, typically within
a substation.
Similar functionality is provided for down line devices by the distribution automation (DA) endpoint. Usually SCADA
devices are inside the substation fence and distribution automation devices are outside of the substation, but this
distinction is somewhat arbitrary and an application implementing either the SCADA or the DA endpoint could control
and monitor devices anywhere on the power system.
Please visit www.multispeak.org for more information on the MultiSpeak 4 and 5 specifications.

4.2.3.1 Implemented methods

The following MultiSpeak methods are implemented:

Ping URL
This method is implemented for every interface supported by Visual T&D. PingURL is used to verify the interface is
setup correctly and is communicating. This method simply returns an array of ErrorObjects if a connection cannot be
established.
GetMethods
This method is implemented for every interface supported by Visual T&D. GetMethods is used to retrieve a list of all
methods supported by a vendor for each interface. This method simply returns an array of Strings representing the
method names supported.

page 48 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

GetAllSCADAPoints
This method is implemented for every interface supported by Visual T&D. This method requests a list of SCADA point
definitions.
GetSCADAStatusBySCADAPointID
This method is only implemented in Visual T&D for version 4 of the MultiSpeak specification. This method requests the
most recent SCADA statuses for specific SCADA Status points by SCADAPointID.
GetSCADAAnalogsByDateRangeAndPointID
This method is only implemented in Visual T&D for version 4 of the MultiSpeak specification. This method Requests
history records for a specific SCADA Analog point by SCADAPointID within a defined time range.
RequestRegistrationID
This method is only implemented in Visual T&D for version 4 of the MultiSpeak specification. This service requests
from the publisher a unique registration ID that would subsequently be used to refer unambiguously to that specific
subscription. The return parameter is the registrationID, which is a string-type value. It is recommended that the server
do not implement registration in such a manner that one client can guess the registrationID of another. For instance, the
use of sequential numbers for registrationIDs is strongly discouraged.
RegisterForService
This method is only implemented in Visual T&D for version 4 of the MultiSpeak specification. This method establishes
a subscription using a previously requested registrationID. Subsequent calls to RegisterForService on an existing
subscription replace prior subscription details in their entirety - they do NOT add to an existing subscription. The client
should first obtain a registrationID and then register for service.
UnregisterForService
This method is only implemented in Visual T&D for version 4 of the MultiSpeak specification. This method deletes a
previously established subscription (registration for service) that carries the registration identifier listed in the input
parameter registrationID.
GetPublishMethods
This method is only implemented in Visual T&D for version 4 of the MultiSpeak specification. The requester requests the
list of methods that are supported by the publisher. Responder returns information about failed transactions using the
result element of the response message header.
GetRegistrationInfoByID
This method is only implemented in Visual T&D for version 4 of the MultiSpeak specification. This method requests
the return of existing registration information (that means the details of what is subscribed on this subscription) for a
specific registrationID. Responder returns information about failed transactions using the result element of the response
message header. The server should return a SOAPFault if the registrationID is not valid.

4.2.3.2 Setting up Multispeak

To set up the MultiSpeak interface:

Important: You must first contact Eaton if you want to purchase the Multispeak option.

1. Using a text editor, open the following file:

C:\Program Files (x86)\Eaton\Visual T&D\Engine\VTD.Engine.exe.config

Visual T&D provides the following configuration parameters:

<add key="CompanyName" value="Eaton" />

Visual T&D - Installation guide - Installation Guide page 49

Chapter 4 Visual T&D configuration

<add key="ApplicationName" value="VisualTD" />

<add key="ApplicationVersion" value="5.1" />
<!-- MultiSpeak Outgoing Authentication -->
<add key="MSPOutgoingUsername" value="" />
<add key="MSPOutgoingPassword" value="" />
<!-- MultiSpeak Incoming Authentication -->
<add key="MSPIncomingUsername" value="" />
<add key="MSPIncomingPassword" value="" />
<!-- Maximum Records returned, Default = 10000 -->
<add key="MSPMaxReturnRecords" value="10000" />
2. To secure incoming communications, provide a username and password by configuring MSPIncomingUsername
and MSPIncomingPassword parameters. By default, no username and password are required.
3. To secure outgoing communications, provide a username and password by configuring MSPOutgoingUsername
and MSPOutgoingPassword parameters. By default, no username and password is required.
4. Restart the Visual T&D Engine service for new parameters to take effect.

4.3 Services configuration and control

For maintenance purposes, you may need to stop or restart Visual T&D services or configure them to run under specific
user accounts to enforce secure access to resources such as the historian database.
Controlling services
Stopping services manually should normally be performed in the following sequence:
1. Visual T&D Service Layer
2. Visual T&D Server
3. Visual T&D Engine
Starting services manually should normally be performed in the opposite sequence.
If Visual T&D installer should fail to properly stop services during the uninstall or update process, perform services
control in specified sequence. If it still fails, you can force the services to stop by using the following commands from an
elevated command prompt:
taskkill /im VTD.Layer.ServiceSelfHost.exe /f
taskkill /im vssserver.exe /f
taskkill /im vtd.engine.exe /f
Setting up services Log On execution
Refer to the following sections:
• Planning Windows accounts before Visual T&D installation: to plan and configure users executing Visual T&D
service.
• The Visual T&D datalog: to specify a user account under which an Integrated Authentication (or “Windows”
authentication) will be used to access the historian database for Visual T&D.
• Specifying the Windows logon account for the Visual T&D server service: for steps required to configure execution
account on services.
Setting up services recovery
As Visual T&D is often seen as a critical system, it is suggested to configure the services to start automatically and to
restart by themselves when a failure occurs. This can be set in the Services Windows administrative tool.

page 50 Visual T&D - Installation guide - Installation Guide

Visual T&D configuration Chapter 4

Visual T&D - Installation guide - Installation Guide page 51

Chapter 5 Security hardening

5 Security hardening
Visual T&D components store application data mainly on the operating file system and in the registry. The access to
those resources can be restricted to specific Windows accounts or groups to ensure data confidentiality and also mini-
mizing software attack surface.

5.1 Restricting Visual T&D resources access

The following diagram shows the different Visual T&D components with their access levels to available folders.

Figure 5 : Visual T&D components with access levels to folders

Note: Accounts and prescribed access rights are focusing on Visual T&D environment. Other Windows generic
and administrative accounts are usually part of the described assets. On the other hand, public and other users’
accounts should not have access to those.
Planning privileges for each resource in a restricting access mindset
To help plan the privileges for your Visual T&D environment, you must first establish your needs; the following diagram
will help you in your decision making.

page 52 Visual T&D - Installation guide - Installation Guide

Security hardening Chapter 5

Figure 6 : Planning privileges for each resource

Visual T&D - Installation guide - Installation Guide page 53

Security hardening Chapter 5

5.2 Restricting access to Visual T&D server resources

Using the table below as a guide will help you through the access restriction process to Visual T&D server resources.

Server resources Accounts

VTD
VTD VTD VTD Windows
Resource Operator Database
Resource Required/Optional Server Service Engine "Users"
icon and VTD Service
Service Layer Service group
Engineer

\%ProgramData%\Eaton\Visual Full Full Full

Required No access No access No access
T&D\ control control control

(default)
"Read &
\%ProgramFiles(X86)%\Eaton Full Full Full execute", "
Required No access No access
\Visual T&D\ control control control List folder
content",
"Read"

Required. This
folder can be set
during installation,
No No No Full
\[Database Data]\ or afterwards. No access No access
access access access control
Default value is
[INSTALL_DRIVE]
\Visual TD Datalog\

HKLM\SOFTWARE
Full No Full
\Wow6432Node \Cybectec Required No access No access No access
control access control
\Visual Substation Server\

Table 11 : Visual T&D Server resource accesses for different accounts

Visual T&D - Installation guide page 54

Security hardening Chapter 5

Server resources Accounts

(default)
"Read &
HKLM\SOFTWARE
Full No Full execute", "
\Wow6432Node \Cybectec Required No access No access
control access control List folder
\Visual Substation\
content",
"Read"

Optional. Only
If Visual T&D is
Full No No
USB Port deployed with a No access No access (Default)
control access access
hardware license
dongle key.

Optional. Only
If Visual T&D is "Read", "Read",
not deployed "List No "List
\%ProgramData%\Cybectec\ No access No access No access
with a hardware folder access folder
license dongle key. content" content"
(Developer mode)

Optional. This folder

is set by the VTD
Administrator, when Full No No
\[Target IMS]\ No access No access No access
configuring an control access access
“Export events to
IMS” task.

Optional. This folder

is set by the VTD
Administrator, when Full No No
\[Source DFR]\ No access No access No access
configuring Visual control access access
T&D for processing
DFR files.

Table 11 : Visual T&D Server resource accesses for different accounts

Visual T&D - Installation guide page 55

Chapter 5 Security hardening

5.2.1 Restricting access to Visual T&D server resources through folder

properties
To restrict access to Visual T&D server resources through folders properties, logon to the Visual T&D server with admin-
istrative privileges.
For each folder described in the table located in section Restricting access to Visual T&D server resources (previous
section):

1. Using Windows Explorer, locate the folder.

2. Right-click on the folder then click Properties.
3. In the folder Properties dialog, select the Security tab.
4. Verify that the accounts displayed with “No access” are not listed in the Group or user names pane.
5. Verify that the accounts displayed with specific authorizations are listed in the Group or user names pane, and that
their authorizations are set as listed in the table.

Note:
• Folders locations \[Target IMS]\ and \[Source DFR]\ are chosen by the Visual T&D Administrator.
Consider those resources only if you plan to use the “DFR” and “Export to IMS” features.
• When a resource is “optional” and does not apply to your planned Visual T&D usage, grant no access to
the corresponding account.

5.2.2 Add a group or user to a folder security or registry access list

To add a group or user to a folder security or registry access list, logon to the Visual T&D server with administrator privi-
leges.
For each folder described in the table located in section Restricting access to Visual T&D server resources :

1. Using Windows Explorer, locate the folder.

2. Right-click on the folder then click Properties.
3. In the folder Properties dialog, select the Security tab.
4. Click on the Edit button.
5. On the Permissions for Visual T&D window, click on the Add… button.
6. Using the security object browser, locate the user or group to add and click OK.
7. In the Permission for the folder dialog window, select the added group or user.
8. In the Permission for the selected “Group or user names” pane, select the according permissions wanted for the
user. Click OK

page 56 Visual T&D - Installation guide - Installation Guide

Security hardening Chapter 5

5.2.3 Remove Windows "Users" group or any other inherited privilege from
a folder security or registry access list
To remove Windows "Users" group or any other inherited privilege from a folder security or registry access list, logon to
the Visual T&D server with administrator privileges.
For each folder described in the table located in section Restricting access to Visual T&D server resources :

1. Using Windows Explorer, locate the folder.

2. Right-click on the folder then click Properties.
3. In the folder Properties dialog, select the Security tab.
4. Click on the Advanced button.
5. Click on the Change Permissions… button.
6. In the Advanced Security Settings dialog window, uncheck the box Include inheritable permissions from the
object’s parents.
7. In the Windows Security pop up dialog, click Add.
8. Click OK on both Advanced Security Settings dialog windows.
9. In the Security tab of the folder properties window, click the Edit… button.
10. In the Permission for the selected folder window, under the “Group or user names” pane, select the “Users”
group.
11. Click the Remove button. Click OK .

5.2.4 Restricting access to Visual T&D server resources through registry

settings
To restrict access to Visual T&D server resources through registry settings, logon to the Visual T&D server with adminis-
trator privileges.
For each registry described in the table located in section Restricting access to Visual T&D server resources:

1. Using Windows Regedit application, locate the registry key.

2. Right-click on the selected key and select Permissions.
3. Verify that the accounts displayed with “No access” are not listed in the Group or user names pane.
4. Verify that the accounts displayed with specific authorizations are listed in the Group or user names pane of
allowed users, and that their authorizations are set as listed in the table (Permissions for Users pane).

Visual T&D - Installation guide - Installation Guide page 57

Chapter 5 Security hardening

5.2.5 Specifying the Windows logon account for the Visual T&D server
service
If the Visual T&D server must connect to the database server using a Windows account, plan and configure users exe-
cuting Visual T&D services by referring to the following sections:
• Planning Windows accounts before Visual T&D installation
• Adding an SQL server database to the list of Visual T&D database servers
Also, refer to the following sections for detailed characteristics of this account.

• Planning Windows accounts before Visual T&D installation

• Restricting access to Visual T&D server resources
To specify the Windows logon account for the Visual T&D server service:

1. Select Windows > Administrative Tools > Services.

2. In the Services (Local) pane, select the Visual T&D Server service.
3. Select Action > Stop.
4. Select Action > Properties.
5. In the General tab, set the Startup type to Automatic.
6. Select the Log On tab.

7. Under Log on as:

a. Select This account, and type the name of the Windows account dedicated for the Visual T&D server
service.

Note: Eaton recommends to use an account whose password never expires.

b. Type the corresponding account password in the Password and Confirm Password boxes.
8. Click OK. The account will automatically be granted the log on as a service right.
9. Select Action > Start to restart the service.

page 58 Visual T&D - Installation guide - Installation Guide

Security hardening Chapter 5

5.2.6 Specifying the Windows logon account for the Visual T&D Engine
service
Refer to the following sections for detailed characteristics of this account:
• Planning Windows accounts before Visual T&D installation
• Restricting access to Visual T&D server resources
To specify the Windows logon account for the Visual T&D Engine service:

1. Select Windows > Administrative Tools > Services.

2. In the Services (Local) pane, select the Visual T&D Engine service.
3. Select Action > Stop.
4. Select Action > Properties.
5. In the General tab, set the Startup type to Automatic.
6. Select the Log On tab, under Log on as:
a. Select This account, and type the name of the Windows account dedicated for the Visual T&D Engine
service.

Note: Eaton recommends to use an account whose password never expires.

b. Type the corresponding account password in the Password and Confirm Password boxes.
7. Click OK. The account will automatically be granted the log on as a service right.
8. Select Action > Start.

Note: If you are using the Multispeak interface, you must add access rights by using the following commands from
an elevated command prompt:
Netsh http delete urlacl url=http://+:8095/multispeak/v4/SCADA_Server/
Netsh http add urlacl url=http://+:8095/multispeak/v4/SCADA_Server/
user="<username>"
Netsh http delete urlacl url=http://+:8095/multispeak/v5/SCADA_Server/
Netsh http add urlacl url=http://+:8095/multispeak/v5/SCADA_Server/
user="<username>"
Where <username> must be replaced by the VTD Engine service account name. Then, restart the service.

Visual T&D - Installation guide - Installation Guide page 59

Security hardening Chapter 5

5.3 Restricting access to Visual T&D client application resources

Using the table below as a guide will help you through the access restriction process to Visual T&D client application resources.

Workstation Accounts

VTD
VTD VTD VTD Windows
Resource Operator Database
Resource Required/Optional Server Service Engine "Users"
icon and VTD Service
Service Layer Service group
Engineer

\%ProgramData%\Eaton\Visual No No No
Required Full control No access No access
T&D\ access access access

Below is for informational purpose only, those should be default values

(default)
"Read &
"Read &
Execute", "
\%ProgramFiles(X86)%\Eaton No No No execute", "
Required List folder No access
\Visual T&D\ (see note below) access access access List folder
content",
content",
"Read"
"Read"

No No No
%AppData%\Eaton\Visual T&D\ Required Full control No access No access
access access access

HKCU\Software\Cybectec\Visual No No No
Required Full control No access No access
Substation Diagram\ access access access

HKCU\Software\Cybectec\Visual No No No
Required Full control No access No access
Substation Explorer\ access access access

Table 12 : Visual T&D client application resource accesses for different accounts

Visual T&D - Installation guide page 60

Security hardening Chapter 5

Workstation Accounts

HKCU\Software\Cybectec\Visual No No No
Required Full control No access No access
Substation\ access access access

Optional. Based
on local needs, No No No
Print system resources Full control No access No access
depends on local IT access access access
policies.

Table 12 : Visual T&D client application resource accesses for different accounts

Note: The Visual T&D installer sets “Write” permission to the sub folder “Program Files (x86)\Eaton\Visual T&D\Client\Libraries” for Visual T&D Diagram
Editor to manage shape libraries.

Visual T&D - Installation guide page 61

Chapter 5 Security hardening

5.3.1 Restricting Access to Visual T&D Client Application Resources

through Folder Properties
To restrict access to Visual T&D client application resources through folders properties, logon to the Visual T&D server
with administrative privileges.
For each folder described in the table located in section Restricting access to Visual T&D client application resources
(previous section):

1. Using Windows Explorer, locate the folder.

2. Right-click on the folder then click Properties.
3. In the folder Properties dialog, select the Security tab.
4. Verify that the accounts displayed with “No access” are not listed in the Group or user names pane.
5. Verify that the accounts displayed with specific authorizations are listed in the Group or user names pane, and that
their authorizations are set as listed in the table.

5.3.2 Add a group or user to a folder security or registry access list (client
application)
To add a group or user to a folder security or registry access list, logon to the Visual T&D server with administrator privi-
leges.
For each folder described in the table located in section Restricting access to Visual T&D client application resources :

1. Using Windows Explorer, locate the folder.

2. Right-click on the folder then click Properties.
3. In the folder Properties dialog, select the Security tab.
4. Click on the Edit button.
5. On the Permissions for Visual T&D window, click on the Add button.
6. Using the security object browser, locate the user or group to add and click OK.
7. In the Permission for the folder dialog window, select the added group or user.
8. In the Permission for the selected “Group or user names” pane, select the according permissions wanted for the
user. Click OK.

5.3.3 Remove Windows "Users" group or any other inherited privilege from
a folder security or registry access list (client application)
To remove Windows "Users" group or any other inherited privilege from a folder security or registry access list, logon to
the Visual T&D server with administrator privileges.
For each folder described in the table located in section Restricting access to Visual T&D client application resources :

1. Using Windows Explorer, locate the folder.

page 62 Visual T&D - Installation guide - Installation Guide

Security hardening Chapter 5

2. Right-click on the folder then click Properties.

3. In the folder Properties dialog, select the Security tab.
4. Click on the Advanced button.
5. Click on the Change Permissions… button.
6. In the Advanced Security Settings dialog window, uncheck the box Include inheritable permissions from the
object’s parents.
7. In the Windows Security pop-up dialog, click Add.
8. Click OK on both Advanced Security Settings dialog windows.
9. In the Security tab of the Folder properties window, click the Edit button.
10. In the Permission for the selected folder window, under the “Group or user names” pane, select the “Users”
group.
11. Click the Remove button. Click OK.

5.3.4 Restricting access to Visual T&D workstation resources through

registry settings
For each registry described in the table located in section Restricting access to Visual T&D client application resources:

1. Using Windows Regedit application, locate the registry key.

2. Right-click on the selected key and select Permissions.
3. Verify that the accounts displayed with “No access” are not listed in the Group or user names pane.
4. Verify that the accounts displayed with specific authorizations are listed in the Group or user names pane of
allowed users, and that their authorizations are set as listed in the table (Permissions for Users pane).

5.4 Using the database server account with minimal privileges

To restrict to a minimum the operating system resources usage by Visual T&D components, some actions can be taken;
one of them involves setting the database server account with minimum privileges. Please refer to the technical note In-
tegrating Visual T&D to a database server, MN914021EN for details on how to proceed.

5.5 Exception for communication ports

Some communication ports must stay opened in the firewall to allow communication with the server.

5.5.1 Allowing communication with the Visual T&D through the firewall
The following tables list the communication ports used by Visual T&D and the Visual T&D server. These tables will help
you through the access restriction process to Visual T&D server resources.

Visual T&D - Installation guide - Installation Guide page 63

Chapter 5 Security hardening

Ports opened by Visual T&D

Opened for Dedicated channel, port Recommendations

See following section Allowing communication with the

Explorer, Diagram TCP 135 + Dedicated range Visual T&D server through DCOM ports for detailed steps
to follow.

Allow this port on the Visual T&D server machine if you

Excel Add In TCP 16102
plan to use the Visual T&D Excel AddIn.

HASP HL Net license Allow this port on the Visual T&D server when the HASP
TCP 1947
key HL Net key is used for the Visual T&D application.

Allow this port on the Visual T&D server machine if you

Service Layer TCP 8090
plan to use the Visual T&D Web HMI.

Allow this port on the Visual T&D server machine if you

Multispeak interface TCP 8095
plan to use the MultiSpeak interface.

Table 13 : Ports opened by Visual T&D

Ports to which Visual T&D server connects

Opened for Dedicated channel, port Recommendations

Only configure mail server options if Visual T&D

Notification TCP 25
notifications are used.

TCP 1432 (default) Allow this port on the server where the database
PostgreSQL database TCP 1433 ( if installed with server resides, only if you plan to use the PostgreSQL
server an earlier version of Visual database engine.
T&D)

Allow this port on the server where the database server

Microsoft SQL
TCP 1433 (default) resides, only if you plan to use the Microsoft SQL
database server
database engine.

See following section “DCOM Settings for restricted

Communication Server TCP 135 + Dedicated range
access” for detailed steps to follow.

Allow this port on the HASP HL Net license key host

HASP HL Net license
TCP 1947 computer when the type of key is used for the Visual
key's host computer
T&D application.

Allow this port on the Visual T&D server machine if you

Service Layer TCP 8090
plan to use the Visual T&D Web HMI.

Table 14 : Ports used by Visual T&D

page 64 Visual T&D - Installation guide - Installation Guide

Security hardening Chapter 5

5.5.2 Allowing communication with the Visual T&D server through DCOM
ports
To allow communication with the Visual T&D server through a restricted range of DCOM ports, follow these in-
structions:

1. Decide how many TCP ports you want to allocate to DCOM processes. Visual T&D will use as many ports as DCOM
connections with the Visual T&D Server. We recommend using a range of at least 100 ports (Recommended by
Microsoft). Other DCOM components residing on the server are also to consider. Consider a range of 20 000 and
more; refer to Microsoft sites for more information on the subject.
2. To start Dcomcnfg.exe
a. Click Windows Start button and type Dcomcnfg.exe in the search program and files field.
b. Then press Enter.
c. On the left pane from the Component Services window, browse through Component
services>Computers>My Computer.
d. In the right pane, click on the more actions arrow and select Properties from the pop up menu.
e. Select the Default Protocols tab, click on the Properties button for the DCOM Protocols section.
f. Set the desired port range.
g. Verify that the Port range assignment and Default dynamic port allocation are both set to Internet range.
3. Configure your corporate Firewall according to the previously specified port range, to allow the remote
communication for administration through UDP and TCP exception ports.

5.5.3 Restricting access to Visual T&D server DCOM ports

If you took the decision to restrict Visual T&D DCOM access to only Visual T&D client applications, execute the following
configuration steps for every Visual T&D server version, update and installation, on the workstation.
To restrict access to Visual T&D server DCOM ports:

1. Click Windows Start button and type Dcomcnfg.exe in the search program and files field.
2. Then press Enter.
3. On the left pane from the Component Services window, browse through Component services>Computers>My
Computer.
4. In the right pane, Click on the more actions arrow and select Properties from the pop up menu.
5. Select the COM Security tab, click on the Edit limits button under the Access Permissions pane.
6. Verify that every non administrator Windows users or groups containing non administrator users (e.g. VTD
Operators group) are included for Remote Access. These users or groups should not be given access to the Visual
T&D Server for security purposes, but only to DCOM Servers via the DCOM Edit Limits properties.
7. In the COM Security tab, click on the Edit limits button under the Launch and Activation Permissions pane.
8. Verify that every non administrator Windows users or groups containing non administrator users (e.g. VTD
Operators group) are included for Remote Launch and Remote Activation . These users or groups should not be
given access to the Visual T&D Server for security purposes, but only to DCOM Servers via the DCOM Edit Limits
properties.

Visual T&D - Installation guide - Installation Guide page 65

Chapter 5 Security hardening

9. Click OK to close the two windows to come back to the Component services window.
10. In the left pane, in the tree control , browse through Component services>Computers>My Computer>DCOM
configuration.
11. In the middle pane, from the component list, select Cybectec Visual Substation Server and right click on it.
12. Select Properties and then select the Security tab.
13. In the Access Authorization pane, select Customize and click the Edit button.
14. Add VTD Operator group (or users) to the list and set both local and Remote privileges to Allow.
15. Remove ANONYMOUS LOGON and any other non-admin users and groups from the list.

5.6 DCOM authentication level for communication with

Visual T&D server
Both the Visual T&D client application and the server have a DCOM authentication level setting in the registry.
The following table summarizes the DCOM authentication levels supported by different Visual T&D versions and the
authentication type supported. The table also specifies for which Visual T&D version, DCOM unidentified access is
supported.

Visual T&D Supported DCOM Visual T&D Windows Unidentified

version authentication level authentication authentication access

4.2 and earlier 1 - NONE (default) Supported Not supported Supported

0 - DEFAULT

3 - CALL (default)

4.3R1 and Supported (CALL

4 - PKT Supported Not supported
4.3R2 level required)

5 - INTEGRITY

6 - PRIVACY

0 - DEFAULT

1 - NONE

2 - CONNECT Supported
Supported (CALL (Visual T&D
4.3R3 to 5.0 Supported
3 - CALL (default) level required) authentication
only)
4 - PKT

5 - INTEGRITY

Table 15 : DCOM authentication levels supported according to the Visual T&D version

page 66 Visual T&D - Installation guide - Installation Guide

Security hardening Chapter 5

Visual T&D Supported DCOM Visual T&D Windows Unidentified

version authentication level authentication authentication access

6 - PRIVACY

0 - DEFAULT

1 - NONE

2 - CONNECT
Supported
Supported (CALL (Visual T&D
5.1R1 and later 3 - CALL Supported
level required) authentication
only)
4 - PKT

5 - INTEGRITY

6 - PRIVACY (default)

Table 15 : DCOM authentication levels supported according to the Visual T&D version

Note: The actual DCOM authentication level used in a Visual T&D client/server connection is set by the highest
setting between the two of them.

5.6.1 Reinforcing data integrity in communications with Visual T&D server

If you took the decision to reinforce data integrity and privacy for data exchanged with the Visual T&D Server, you must
change the DCOM authentication level to a more restrictive level.
In a DCOM client/server connection, the highest authentication level setting becomes the utilized authentication level, so
if the authentication level of the server is set to the most restrictive level (PRIVACY), any DCOM communication with the
server will then use the PRIVACY authentication level.
The default authentication level for Visual T&D versions 5.0 and earlier is set to CALL, which correspond to the number
3 setting. To set the authentication level for the Visual T&D server to the PRIVACY level, which correspond to the num-
ber 6 setting, follow these instructions:

1. Using the Regedit application, locate and select the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE
\Wow6432Node\Cybectec\Visual Substation.
2. Create the following Dword value : DcomAuthenticationLevel
a. Set the DWORD to the value 6. This value correspond to the PRIVACY authentication level (the most
restrictive authentication level).
b. Close the Regedit application.
3. Restart the Visual T&D service.

Visual T&D - Installation guide - Installation Guide page 67

Chapter 5 Security hardening

5.6.2 Using DCOM with unidentified access

The DCOM authentication level NONE is required if the Visual T&D Server computer cannot recognize the calling Win-
dows account coming from the Visual T&D Explorer or Diagram application. Usually it is the case if computers are not
part of a domain network, where accounts definitions are centralized.
Unidentified access will not work by default in Visual T&D versions 4.3R3 and later. To be able to access the server
unidentified, you need to change the DCOM authentication level to NONE, which correspond to the setting equal to 1, on
both the client computer and server. To do that, you must follow these instructions:

1. On the client computer, for each utilized Windows profile:

a. Open the Regedit application.
b. locate and select the following registry key: HKEY_CURRENT_USER\Software\Cybectec\Visual Substation.
If the registry key does not exist, you must create such a key.
c. Create the following Dword value : DcomAuthenticationLevel.
d. Set the DWORD to the value 1. This value correspond to the NONE authentication level (the less restrictive
authentication level).
e. Close the Regedit application.
f. Restart the Explorer and Diagram applications.
2. On the server computer, open the Regedit application.
a. Locate and select the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node
\Cybectec\Visual Substation.
b. Create the Dword value : DcomAuthenticationLevel.
c. Set the DWORD to the value 1. This value correspond to the NONE authentication level (the less restrictive
authentication level).
d. Close the Regedit application.
e. Restart the Visual T&D service.

5.7 Displaying appropriate use banner

An appropriate use banner can be displayed upon each interactive access attempt to Visual T&D server using Visual
T&D Explorer or Visual T&D Diagram applications.
By default, no appropriate use banner is configured on the Visual T&D computer.
To set up an appropriate use banner:

1. Create a text file named Banner.txt. The file should have the following form:

• [Title] <Insert the Appropriate Use Banner dialog box title here>
• [Text] <Insert the appropriate use banner text here>
2. Under Title, type a title for the dialog box that may be used to display the banner.
3. Under Text, type the banner text required by the security policies of your company.
4. To display the banner, copy the banner file to the configuration files folder as set in Visual T&D Server Configuration
application.

page 68 Visual T&D - Installation guide - Installation Guide

Security hardening Chapter 5

Note: By default, the configuration files folder is set to .\ProgramData\Eaton\Visual T&D\Server.

The following screenshot presents an example of an appropriate use banner that is displayed when connecting to the
Visual T&D server.

5.8 About Windows automatic updates

NERC Standard CIP-007 requires that utilities establish and document a security patch management program.
As security patches can have unforeseen effects, it is a security best practice to turn off Windows Automatic Updates on
the computer that hosts the Visual T&D system, and to implement a security patch management process that includes
thorough testing.
As part of its program to help utilities meet NERC CIP requirements, Eaton tests and evaluates the applicability of
Microsoft security updates to its products with the goal of providing utilities with a recommendation within 10 days of
each release.
For additional information, visit Eaton’s website at the following URL: www.eaton.com/us/en-us/products/utility-grid-
solutions/grid-automation-system-solutions/microsoft-security-update-recommendations.html

Visual T&D - Installation guide - Installation Guide page 69

Chapter 6 The Visual T&D standalone HMI mode

6 The Visual T&D standalone HMI mode

Visual T&D is typically used as a normal Windows application, but it can also be configured to run as a standalone HMI.
In this special mode, the computer is dedicated to run Visual T&D. All the usual Windows user interface functions are
deactivated so that the end user can only use Visual T&D.
The Visual T&D Standalone HMI mode is easy to set up, and allows the execution of non-Visual T&D applications. It
supports both the Visual T&D Diagram Full Screen display setting and the Kiosk mode, the latter restricting the access
to Visual T&D configuration functionalities.
When the Standalone HMI is activated, the computer enters this mode at startup. The workstation automatically
starts Visual T&D, without prompting the user for a Windows or Visual T&D login, as it uses dedicated Windows and
Visual T&D accounts.
To configure and activate the Visual T&D Standalone HMI mode, you must use the Visual T&D Shell Configurator, which
is a separate configuration tool that is installed with Visual T&D. The use of this application is restricted to users that
have Windows administrative privileges.

Note:
There is a difference between the activation of the Standalone HMI mode, and the action of the computer that
enters this mode.
When the Standalone HMI mode is active, you can still log on using a Windows account that is not the dedicated
one, allowing you to use all of Windows usual functions.
The computer enters the Standalone HMI mode when you log on using the dedicated Windows account, or simply
when the computer restarts.

6.1 The Visual T&D Kiosk mode

The Kiosk mode is an additional operation mode available when Visual T&D is configured in the Standalone HMI mode.
When Visual T&D Diagram Editor is in the Kiosk mode:
• you cannot switch to the Design mode: the diagram is always animated;
• all contextual menus are disabled; however, the F1 key, which triggers the online help, is functional;
• the diagram is always displayed using the Full Screen display setting.
The Kiosk mode cannot be activated at runtime: its activation must be specified during the Standalone HMI mode
configuration process.

6.2 The Visual T&D Shell Configurator

The Visual T&D Shell Configurator is a separate configuration tool installed with Visual T&D that is used to configure and
activate the Visual T&D Standalone HMI mode.
The configuration and activation of Visual T&D as a standalone HMI requires the following steps:
1. As the Standalone HMI mode requires dedicated Windows and Visual T&D accounts, complete logon information
must be specified at configuration time.
2. By default, the only applications that are started and usable in the Standalone HMI mode are Visual T&D Explorer
and Visual T&D Diagram Editor. Non-Visual T&D applications can also be started, when specified at configuration
time.

page 70 Visual T&D - Installation guide - Installation Guide

The Visual T&D standalone HMI mode Chapter 6

3. You must also decide whether to run the Diagram Editor application in the Full Screen and Kiosk modes.
4. When the Standalone HMI mode is correctly configured, all that is left is the activation of this mode, which becomes
effective upon the computer’s next startup.

6.3 Starting the Visual T&D Shell Configurator

Before you begin:

You must have Windows administrative privileges to start this application.

To start the Visual T&D Shell Configurator:

1. Select Windows > Programs > Eaton Visual T&D > Visual T&D Shell Configurator.

6.4 Visual T&D Standalone HMI mode logon information

The Visual T&D Standalone HMI mode restricts access to Windows functions, but it does not mean that it is no longer
connected to your network domain: Windows logon information must still be provided at startup.
The same applies to Visual T&D client applications, to connect to the Visual T&D server. These logon operations are
performed automatically at the computer startup, when the Standalone HMI mode is active.
A Windows account must be dedicated to the computer that will run Visual T&D as a standalone HMI. There is no
privileges requirement for this account. By “dedicated”, we mean that this account cannot be the same that is used to
configure and activate the Standalone HMI mode.
There is no specific requirement for the Visual T&D account that will be used in the Standalone HMI mode. However, we
recommend that you create a specific account for this matter, with the required privileges.

6.5 Specifying logon information for the Visual T&D Standalone

HMI mode
Before you begin:

If the Visual T&D Standalone HMI mode is currently active, you must first deactivate it to access these logon information
settings.
To specifying logon information for the Visual T&D Standalone HMI mode:

1. In the Visual T&D Shell Configurator, click Configure.

Visual T&D - Installation guide - Installation Guide page 71

Chapter 6 The Visual T&D standalone HMI mode

2. Select the Logon Information tab.

3. Under Windows Logon Information, enter the credentials of the dedicated Windows account:
a. Type the user name, without the domain information.
b. Type the corresponding password.
c. In the Domain box, enter the name of the network domain. If the computer is not in a domain-based
network, but in a workgroup, enter the workgroup name instead.

Note: If the computer is in a workgroup and the specified account does not exist, the application will
offer to create the account for you. If you accept, you must type the password again, and then type it
another time to confirm it.
d. Click Validate.

If the credentials are not valid, an error message appears besides the validation button; review the creden-
tials you provided and correct any mistake.
If these credentials are specified for a given network domain, make sure a corresponding account exists.
4. Under Visual T&D Logon Information, enter the credentials of the dedicated Visual T&D account:
a. Type the user name.
b. Type the corresponding password.
c. Click Validate.

If the credentials are not valid, an error message appears besides the validation button; review the creden-
tials you provided and correct any mistake.

Note: Make sure the account exists on the Visual T&D server, as you cannot create such an account
from the Visual T&D Shell Configurator.
5. Click OK to save the logon information and close this window.

page 72 Visual T&D - Installation guide - Installation Guide

The Visual T&D standalone HMI mode Chapter 6

6.6 Configuring applications for Visual T&D Standalone HMI mode

Before you begin:

If the Visual T&D Standalone HMI mode is currently active, you must first deactivate it to access these application set-
tings.
You must decide at configuration time which applications are available while in the Visual T&D Standalone HMI mode.
By default, both Visual T&D Explorer and Visual T&D Diagram Editor will be available, but you can select not to start one
of those two applications. You can also select some other non-Visual T&D applications.
To configuring applications for Visual T&D Standalone HMI mode:

1. In the Visual T&D Shell Configurator, click Configure.

2. Select the Applications tab.

3. Under Startup Information, select the Visual T&D client applications that you want to use while in the Standalone
HMI mode. By default, both Explorer and Diagram Editor should be selected (with a check mark). If you do not want
to start either application, clear the check box that appears beside the corresponding application name.

Note: At least one of Visual T&D client applications must be selected.

4. Select which application should be displayed on the top of the others at startup. There is no easy way to guarantee
that a specific application will appear topmost at startup, but a mechanism is provided that can help you achieve it.
You must first decide following which order the applications will be started:
a. Select an application in the list.
b. Click Move up if you want the selected application to be started after the application that is currently above
the selected one.

Note: The topmost application is the one that will be started last.
c. Click Move down if you want the selected application to be started before the application that is currently
under the selected one.

Note: The bottommost application is the one that will be started first.
d. Repeat for each application as required.

Visual T&D - Installation guide - Installation Guide page 73

Chapter 6 The Visual T&D standalone HMI mode

5. Under Startup Information, to add a non-Visual T&D application to the list:

a. Click Add.

b. In the Name box, type the name of the application, as it should appear in the list.
c. In the Executable file name and path box, type the complete name and path of the application executable
file.
d. Click OK to add the application to the list.
e. Move up or down the application in the list to specify when it should be started compared to others.
f. Repeat the steps above for each application to add to the list.
6. Under Startup Information, to remove an application from the list:
a. Select the application to remove.
b. Click Remove.

Note: Visual T&D client applications cannot be removed from the list. If you want one of those not to be
started, clear its corresponding check box.
7. Under Visual T&D Diagram Options, select Start in Full Screen mode if you want Visual T&D Diagram Editor to
start in the Full Screen display mode.
8. If you selected Start in Full Screen mode, you also have the possibility to activate the Kiosk mode by selecting
Kiosk mode.
9. Click OK to save the changes.

6.7 Activating the Visual T&D Standalone HMI mode

Before you begin:

Standalone HMI settings must have been specified.

There is a difference between the activation of the Standalone HMI mode, and the action of the computer that enters this
mode.
When the Standalone HMI mode is active, you can still log on using a Windows account that is not the dedicated one, al-
lowing you to use all of Windows usual functions.
The computer enters the Standalone HMI mode when you log on using the dedicated Windows account, or simply when
the computer restarts.
To activating the Visual T&D Standalone HMI mode:

1. In the Visual T&D Shell Configurator, click Enable Standalone HMI Mode.
2. Confirm the password of the current Windows account (the one you are currently logged on under) when requested
to do so.

page 74 Visual T&D - Installation guide - Installation Guide

The Visual T&D standalone HMI mode Chapter 6

3. From there, you have three options:

• If you want to enter the Standalone HMI mode immediately, click Restart. The computer will reboot and will enter
the Standalone HMI mode.
• If you want to log on using another account and wait before entering the Standalone HMI mode, click Log Off.
• If you want to continue to operate under the current Windows account, click Later.

Note: Note that if you log off and enter the credentials of the Windows dedicated account, the computer will
enter the Standalone HMI mode.

6.8 Leaving the Visual T&D Standalone HMI mode

You can leave the Visual T&D Standalone HMI mode anytime to perform normal Windows functions. To do so, you must
log off, and then log on again using any Windows account that is not the dedicated one.
You must also first leave the Visual T&D Standalone HMI mode in order to deactivate this mode; to do that:

1. In Visual T&D Explorer or Visual T&D Diagram Editor, select File > Exit and log off.

Note: You can also leave the Standalone HMI mode by pressing and holding the SHIFT key during Windows’
startup to bypass the Windows automatic logon. At the end of the startup, instead of entering the Standalone
HMI mode, the computer will ask you enter your user name and password.
2. If the dedicated Windows account does not have administrative privileges, the Visual T&D Shell application asks for
administrative credentials. Enter the user name, password and domain of an account with such privileges, and then
click OK to log off.

Note: Since the Standalone HMI mode is still active, the computer will reenter it upon next computer restart, or
the next time you log on using the dedicated Windows account credentials.

6.9 Deactivating the Visual T&D Standalone HMI mode

Leaving the Visual T&D Standalone HMI mode, by logging using a different account, is not sufficient to deactivate this
mode: you must use the Visual T&D Shell Configurator application to deactivate it; otherwise, the computer will reenter it
upon next computer restart.
To deactivate the Visual T&D Standalone HMI mode:

1. Leave the Visual T&D Standalone HMI mode.

2. Log on using a Windows account with administrative privileges.
3. Start the Visual T&D Shell Configurator.
4. Click Enable Windows Application Mode.
5. Confirm the current account password when requested to do so.

Visual T&D - Installation guide - Installation Guide page 75

Chapter 7 Visual T&D server maintenance

7 Visual T&D server maintenance

This chapter contains all the information required to perform maintenance of your Visual T&D system.

7.1 Visual T&D backup and restore operations

This section contains all the information required to successfully backup and restore a Visual T&D site configuration.

7.1.1 Visual T&D backup considerations

Making frequent backups of your Visual T&D site configurations and data log should be part of your Visual T&D mainte-
nance strategy, in order to be able to restore them on a new computer or hard drive in case of hardware failure.
Visual T&D server site configurations that are stored on the Visual T&D server are located in the following folder:
.\ProgramData\Eaton\Visual T&D\Server\Param
Each site configuration is stored in its own folder and can be backed up by copying the corresponding configuration files
to an external media. The Visual T&D Support Assistant can also be used for that matter, but also to restore the backed
up site configuration.
To back up the corresponding data log of the site, you must refer to the technical note Integrating Visual T&D to a
database server, MN914021EN for details on how to proceed.

7.1.2 Backing up a site configuration using Visual T&D Support Assistant

To back up a site configuration using Visual T&D Support Assistant:

1. Select Windows > Programs > Eaton Visual T&D > Support Assistant.
2. In the Visual T&D Support Assistant window, click Create.

3. If the proposed site configuration file is not the one that you want to back up, click the Browse button, locate the
corresponding site configuration file (.mdb), and then click Open.
4. Type the complete path and name of the folder where the backup (.zip) file will be copied, or use the corresponding
Browse button to locate and select that folder.

page 76 Visual T&D - Installation guide - Installation Guide

Visual T&D server maintenance Chapter 7

5. If you don't want to include system information, unselect the Include system information check box. System
information includes hardware description, list of installed drivers and other running services that the Eaton
Technical Support representative may need in order to help you.
6. Click Fetch to generate the ZIP file at the specified location.
7. Once the ZIP file was properly generated, click Close.
8. Keep a copy of the file in a secure location, per your company's backup policy.

7.1.3 Restoring a site configuration backed up using Visual T&D Support

Assistant
To restore a site configuration backed up using Visual T&D Support Assistant:

1. Select Windows > Programs > Eaton Visual T&D > Support Assistant.
2. In the Visual T&D Support Assistant window, click Recover.

3. In the File to recover box, type the complete path and name of the backup (.zip) file, or browse the computer to find
it.
4. Select which backed up content you want to restore:
a. To restore the site configuration that was stored on the server, select Recover server files.
b. To restore the client-specific files, such as local views and queries, select Recover client files.

Note: Only client files associated to the account of the user who performed the backup will be
restored.
c. To restore custom diagram libraries that were created on this computer, select Recover Visual T&D
Diagram libraries.

Note: Unlike other client files, all diagram libraries that were created by all users will be restored.
5. To replace existing server or client files with the restored files, select Overwrite existing files; otherwise, if some of
these files already exist, the Visual T&D Support Assistant will detect file conflicts and the restore process will fail.
6. To rename the restored site and save it into a new folder (named after the new site name), select Rename the
recovered site and the new name into the corresponding box.
7. When you are ready to start the restore process, click Recover.
8. Once the restore process is completed, click Close.

Visual T&D - Installation guide - Installation Guide page 77

Chapter 7 Visual T&D server maintenance

7.2 License key management

This section contains all the maintenance procedures related to Visual T&D license keys.

7.2.1 Viewing Current Visual T&D License Information

The maximum number of concurrent users is defined as follows:
• A user running multiple client applications from a single Windows session will use a single license.
• A user running client applications from 2 different computers (or 2 different Windows session) will use two (2)
licenses.
The Maximum number of data points and Maximum number of data sources fields apply to a single site configura-
tion.
To view Current Visual T&D License Information:

1. In Visual T&D Manager:

a. Select Licensing > Options.

2. In Visual T&D Explorer:

a. Select Tools > Licensing Options.

page 78 Visual T&D - Installation guide - Installation Guide

Visual T&D server maintenance Chapter 7

7.2.2 Managing Eaton license key

7.2.2.1 Migrating your legacy license key to an Eaton license key

This procedure explains how to proceed to migrate an existing Legacy license key towards an Eaton license key.
To migrate your legacy license key to an Eaton license key:

1. Generate a .c2v file using the Start License Activator application.

2. Send the .c2v file and the following email address: [email protected].

You will then receive an email with the new activation ID(s) for the Eaton license.
3. Follow the procedure in section Activating Visual T&D using Eaton License to activate the license options.

You will receive another email which includes the corresponding .v2c file. This .v2c file will be used to deactivate the
legacy license key.
4. Save the .v2c file on the Visual T&D server computer.
5. In License Activator, click Apply V2C.
6. Select the .v2c file received from Eaton, and then click OK.
7. Restart the Visual T&D Server.
8. Using License Activator, generate a new .c2v file and send it to Eaton to the email address mentioned in step 2. This
last step will confirm that the legacy license key was correctly deactivated.

7.2.2.2 Upgrading your current Eaton license key

This procedure explains how to upgrade an existing Eaton license key using the Visual T&D Manager application.
To upgrade your current Eaton license key:

1. Contact Eaton to purchase the desired options.

You will receive an email from Eaton with new activation ID(s).
2. Retrieve the information containing the new activation ID(s) received from Eaton and send it back along with the
desired new options.
3. Follow the procedure in section Activating Visual T&D using Eaton License to activate the new options.

Note: If the Visual T&D server has Internet access, the online activation option can be used to accelerate the
process.

7.2.2.3 Moving your current Eaton license key to another machine

This procedure explains how to proceed to move an existing Eaton license key to another machine.
To move your current Eaton license key to another machine:

1. On the current machine:

a. Access Visual T&D Manager.

Visual T&D - Installation guide - Installation Guide page 79

Chapter 7 Visual T&D server maintenance

b. Select the Licensing tab.

c. In the Activation ID section, click the Add button and enter the activation ID that must be transferred to
another machine. Be careful not to copy any leading or trailing spaces. Repeat the same process for all
activation IDs.

Note: The list of activation IDs can be found in the Options page. Make sure to copy all the activation
IDs for future reactivation.
d. In the Options section, check the option Deactivate License.
e. Use the online or offline mode to apply the license deactivation.
f. In the Options page, you can verify that the license options are deactivated for your existing Visual T&D
system.
2. On the new machine:
a. Access Visual T&D Manager.
b. Select the Licensing tab.
c. In the Activation ID section, click the Add button and enter the activation ID that must be reactivated on
this new machine. Be careful not to copy any leading or trailing spaces. Repeat the same process for all
activation IDs.
d. Make sure to uncheck the option Deactivate License
e. Use the online or offline mode to apply the license activation.
f. In the Options page, you can verify that the license options are activated for your new Visual T&D system.

7.2.3 Managing legacy license key

This section only applies to legacy Visual T&D license keys, which were issued for version 5.2 or earlier of the Visual
T&D software.
Visual T&D supports three types of license keys. Depending on your requirements, you can choose from the following
license keys:
• The HASP HL key, which is a hardware key (also known as a dongle). This key must be installed on the computer
hosting the Visual T&D server.
• The HASP SL key, which is a software key generated by Eaton based on specific characteristics of the Visual T&D
server computer hardware.
• The HASP HL Net key, which is a hardware key that can be installed on a server that is accessible to the computer
hosting the Visual T&D server. The SafeNet web tool is used to manage the HASP HL Net key. Refer to the section
The SafeNet Web tool to manage the HASP HL Net key for details about this web tool.

page 80 Visual T&D - Installation guide - Installation Guide

Visual T&D server maintenance Chapter 7

Unavailability of the license key in use:

If a HL type license key becomes unavailable because it was either removed or, in the case of a HL Net key, is
unreachable; due for example to a network communication problem: a tolerance period is accepted before declaring
the license invalid. These tolerance periods are set to 5 minutes for the HL key and 12 hours for the HL Net key, with a
warning after a one hour period.
If the key becomes available again before the end of the tolerance period, the system remains licensed. For the HL
Net key, a system point (_vss__keyTimeoutTolerance) is also available to display the key's remaining time before the
license becomes invalid. This system point can be used to set different alarms related to the availability of the license.
The system point is set to -1 when another type of license key is used.

Restriction:
• Hasp SL Software keys are available for Visual T&D versions 4.1 or later.
• Hasp HL Net Hardware keys are available for Visual T&D 4.3R4 or later.
Visual T&D license keys are activated and upgraded using the License Activator utility program.

7.2.3.1 How Visual T&D is selecting its license

This section describes how the Visual T&D program is selecting its license depending on available keys and their valid-
ity.
An HL type license key that was used on a previous Visual T&D session is set as a persistent key (the key ID is used as
reference). It is preferable not to switch from one license key to another when many license keys are accessible from a
given Visual T&D host system because license options may be different from one license key to another.
For this reason, when more than one license key are available for a given Visual T&D host system, the priority goes to
the persistent license key. If another key type is temporarily used, the HL persistent key ID will be remembered by Visual
T&D so that the next time the server starts, the priority will be given to persistent key. It is however possible to remove
access to the persistent key to force the system to select another license key with lower priority.

Visual T&D - Installation guide - Installation Guide page 81

Chapter 7 Visual T&D server maintenance

Note: In order for the Visual T&D application to change the license key already in use, the Visual T&D server
service must be stopped and restarted (Windows > Administrative Tools > Services).
The key selection process is the following:
• When the Visual T&D server starts, it first checks for a persistent HL type key ID. If such a key is accessible, the
Visual T&D application is licensed with the HL type key (HL or HL Net).
• If there is no persistent key, the priority goes first to a HL key and then to a HL Net key.

Note: If there is an accessible HL Net key but no session on that key is available, then the Visual T&D
application is not licensed. There will be no search performed for a legacy or SL license key.
• If no HL type key is accessible, the system looks for a HL legacy key. If such a key is accessible, the Visual T&D
application is licensed with a HL legacy key.
• If still no valid HL key was found, the system then looks for a valid SL key. If a SL key is found, the Visual T&D
application is licensed with a SL key.
• Finally, if no valid SL key was found, the Visual T&D application is not licensed. The system falls into developer
mode.

Selected license key type What needs to be done to force the use of a lower priority license key

Remove the key from the USB port, then stop and restart the Visual T&D server
HASP HL
service and restart the Visual T&D server.

You can either:

• Remove the key from the USB port of the key's hosting computer
• Access the Visual T&D host computer' ACC and remove the access to remote
License Managers (refer to section Setting up a Visual TD host computer to find
HASP HL Net HASP HL Net keys)
• Deny the Visual T&D host computer access to the license key ( refer to section
Setting up remote host computers from the local ACC
Then stop and restart the Visual T&D server service, restart the Visual T&D server.

Remove the key from the USB port, then stop and restart the Visual T&D server
HL Legacy
service. Restart the Visual T&D server.

Stop the Sentinel LDK license Manager service (Windows > Administrative Tools >
HASP SL Services), then restart the Visual T&D server. Because no license will be found, the
system will fall into developer mode.

Table 16 : Forcing the Visual T&D server to choose a license key with a lower priority

What to do when a license becomes invalid:

When a license becomes invalid, for a reason other that the lack of available session on a HL Net key, the user should
restart the Visual T&D application in order for the server to go through the license search process. If no valid key is
found, the system will fall into developer mode.

page 82 Visual T&D - Installation guide - Installation Guide

Visual T&D server maintenance Chapter 7

7.2.3.2 The SafeNet Web tool to manage the HASP HL Net key

The SafeNet web tool called the Sentinel Admin Control Center (ACC) is installed by the Visual T&D installer and
accessible at the following URL: http://127.0.0.1:1947. For the Visual T&D application, the web tool is mainly used to
manage access, control sessions and troubleshoot problems with the HASP HL Net license key. It is however possible
to also visualize the availability of the HASP SL and HL license keys locally and on the network.
The next sections describe how to use the ACC for the Visual T&D usage; they explain how to:
• Validate the availability of a HASP license key (SL, HL and HL Net keys)
• Setup security for remote configuration access for the HASP HL Net key
• Setup the Visual T&D host computer to find HASP HL Net keys on the network
• Setup remote Visual T&D host computers to access the HASP HL Net key
• Setup users allowed to access the HASP HL Net key
• Consult active sessions on a HASP HL Net key

Note: The SafeNet web tool provides a comprehensive help feature. For this reason, detailed explanations about
the web tool content is not provided in this manual.

7.2.3.2.1 Verifying the availability of a license key

Use this procedure to verify the availability of a HASP license key locally and on the network. For the Visual T&D appli-
cation, we are looking for license keys of type SL, SL Legacy, HL or HL Net.
Before you begin:

To be able to visualize available license keys, Visual T&D computers and users must be allowed access to the License
Manager of the computer hosting the license key. Refer to sections Setting up remote host computers from the local
ACC and Setting up users access from the key's local ACC for information on how to manage these accesses.
To verify the availability of a license key:

1. Connect to the SafeNet web tool called the ACC at the following URL: http://127.0.0.1:1947.
2. On the Options field, on the left side of the web page, select Configuration.
3. Select the Network tab, then on the Network Visibility pane, select All Network Adapters.
4. On the Options field, on the left side of the web page, select Sentinel Keys.
5. The table, displayed on the web page, shows all license keys that the Visual T&D host system has access to.
6. The Actions column, displays different buttons to provide further information about the specific key.

Note: In the Key Type column, if the key is an HL type, the specific model is displayed

Visual T&D - Installation guide - Installation Guide page 83

Chapter 7 Visual T&D server maintenance

7.2.3.2.2 Setting up security for remote configuration access for the HASP HL Net key
Use this procedure to allow or remove remote access to the ACC of the computer where the HASP HL Net key is physi-
cally connected (local). When remote access is enabled, remote users can access and perform actions on the HASP HL
Net key' ACC.
Before you begin:

To allow remote access to the ACC of the computer hosting the HASP HL Net key, the user must access the ACC
locally. However, removing the remote access can be performed from a remote computer.
To Set up security for remote configuration access for the HASP HL Net key:

1. Connect to the SafeNet web tool called the ACC at the following URL: http://127.0.0.1:1947.
2. On the Options field, on the left side of the web page, select Configuration.
3. Select the Basic Settings tab.
4. Allowing access to the key's local ACC to remote users must be performed locally: If you want remote ACC to
access the local ACC,
a. Select Allow Remote Access to ACC.
b. Click on the Submit button.
c. Select the Network tab.
d. On the Network Visibility pane, select All Network Adapters.
e. Click on the Submit button.

Note: Other configuration settings can be adjusted according to the user's needs, refer to the SafeNet web
tool's help documentation for that matter.
5. To remove access to the HASP HL Net key's local ACC to remote users (can be performed remotely):
a. Unselect Allow Remote Access to ACC
b. Click on the Submit button.

page 84 Visual T&D - Installation guide - Installation Guide

Visual T&D server maintenance Chapter 7

7.2.3.2.3 Setting up a Visual TD host computer to find HASP HL Net keys

Use this procedure to set the ACC of the Visual T&D host computer to be able to search for Sentinel License Managers
on the local network.
Before you begin:
The remote access of the ACC on the computer hosting the HASP HL Net key must first be authorized. To do that, refer
to section Setting up security for remote configuration access for the HASP HL Net key.
To set up a Visual TD host computer to find HASP HL Net keys:

1. Connect to the SafeNet web tool called the ACC at the following URL: http://127.0.0.1:1947.
2. On the Options field, on the left side of the web page, select Configuration.
3. Select the Access to Remote License Managers tab.
4. Select Allow Access to Remote Licenses.
5. Various options can be chosen to search for remote licenses, they are:
a. Select Broadcast Search for Remote Licenses to enable the computer to search for remote License
Managers on the local network.

Note: The broadcast uses random UDP port, this may be an issue with certain firewalls.
b. Define specific computers that may be searched on the local network by writing the IP address or machine
name of these computers in the Specify Search Parameters field, using a different line for each computer.
c. Combine option a and option b.
6. Click the Submit button.

Note: The Aggressive Search for Remote Licenses parameter can also be selected in case of trouble with
firewalls.

Visual T&D - Installation guide - Installation Guide page 85

Chapter 7 Visual T&D server maintenance

7.2.3.2.4 Setting up remote host computers from the local ACC

This procedure must be performed on the license key's local ACC. It is used to define if remote computers are allowed
to access the Sentinel License Manager of the computer hosting the HASP HL Net key. When access is allowed, restric-
tions can be defined to allow or deny access to certain computers.
Before you begin:

When enabled, access is allowed by default to all computers. If computer restrictions are to be set, the specific IP
address or computer name of the computer(s) you want to give or deny access to must be entered in the Access
Restrictions field, before the allow=all line. Examples will be shown for both cases.
To set up remote host computers from the local ACC:

1. Connect to the SafeNet web tool of the computer hosting the HASP HL Net key, called the ACC, at the following
URL: http://127.0.0.1:1947.
2. On the Options field, on the left side of the web page, select Configuration.
3. Select the Access from Remote Clients tab.
4. Select Allow Access from Remote Clients.
5. To allow access only to specific computers (by default access is allowed to all computers):
a. You must know the IP addresses or computer names of the computer(s) you want to give access to. The
Show Recent Client Access button can be helpful to select these computers if they already accessed
the License Manager. In this case, click on the allow button next to the IP address or computer name.
Otherwise, write the IP addresses or computer names manually.
b. Then, the line deny=all must be added before the allow=all line, to cancel the allow=all line, which is
permanent.

The example below shows a configuration that allow access only to Computer A and Computer B.

c. Click on the Submit button to accept the change.

6. To deny access only to specific computers (by default access is allowed to all computers):
a. You must know the IP addresses or computer names of the computers you want to deny access to. The
Show Recent Client Access button can be helpful to select these computers if they already accessed
the License Manager. In this case, click on the deny button next to the IP address or computer name.
Otherwise, write the IP addresses or computer names manually.

page 86 Visual T&D - Installation guide - Installation Guide

Visual T&D server maintenance Chapter 7

The example below show a configuration that allow access to all computers except for Computer A and
Computer B.

b. Click on the Submit button to accept the change.

7. If you did not change the Access Restrictions, click on the Submit button.

7.2.3.2.5 Setting up users access from the key's local ACC

This procedure must be performed on the license key's local ACC. It is used to define which users are allowed to access
the Sentinel License Manager of the computer hosting the HASP HL Net key.
Before you begin:

Access is allowed by default to all users. If user restrictions are to be set, the specific usernames, hostnames or
user@host names you want to give or deny access to must be entered in the User Restrictions field, before the
allow=all @all line. Examples will be shown for both cases.
To set up users access from the key's local ACC:

1. Connect to the SafeNet web tool of the computer hosting the HASP HL Net key, called the ACC, at the following
URL: http://127.0.0.1:1947.
2. On the Options field, on the left side of the web page, select Configuration.
3. Select the Users tab.
4. To allow access only to specific users (by default access is allowed to all users):
a. You must know the usernames, hostnames or user@host names you want to give access to. The Show
Recent Users button can be helpful to select users if they already accessed the License Manager. In this
case, click on the allow button next to the username, hostname or user@host name. Otherwise, write the
names manually.
b. Then, the line deny=all must be added before the allow=all line, to cancel the allow=all line, which is
permanent.

The example below shows a configuration that allow access only to User A and system users.

Visual T&D - Installation guide - Installation Guide page 87

Chapter 7 Visual T&D server maintenance

c. Click on the Submit button to accept the change.

5. To deny access only to specific users (by default access is allowed to all users):
a. You must know the usernames, hostnames or user@host names you want to deny access to. The Show
Recent Users button can be helpful to select users if they already accessed the License Manager. In this
case, click on the allow button next to the username, hostname or user@host name. Otherwise, write the
names manually.

The example below show a configuration that allow access to all users except for User A and User B.

b. Click on the Submit button to accept the change.

7.2.3.2.6 Consulting active sessions on a specific HASP HL Net key

Use this procedure to consult the ACC for Visual T&D active sessions for a specific HASP HL Net license key.
Before you begin:
To be able to access the Visual T&D sessions page for a selected key, the key's local ACC from the local computer
(where the license key is physically connected) must be remotely accessible, refer to section Setting up security for
remote configuration access for the HASP HL Net key for that matter.
To consult active sessions on a specific HASP HL Net key:

1. Connect to the SafeNet web tool called the ACC at the following URL: https://127.0.0.1:1947.
2. On the Options field, on the left side of the web page, select Sentinel Keys.

page 88 Visual T&D - Installation guide - Installation Guide

Visual T&D server maintenance Chapter 7

3. Locate the HASP HL Net key (Red key logo) associated with the targeted Visual T&D system (the Vendor or Key ID
can be helpful for identifying the right key).
4. The number of open sessions for the selected key is displayed under the Sessions column. When there is at least
one active session, a Sessions button is available under the Actions column of the key's local ACC.

Note: The Visual T&D system offers different options and characteristics, these are identified as features for a
given product on the SafeNet web tool pages. The number of sessions displayed under the Sessions column
correspond to the number of Visual T&D features multiplied by the number of users logged in. For example,
if three (3) users are using Visual T&D, all with eight (8) features, the number displayed under the Sessions
column would be twenty-four (24).
5. Under the # Location column, verify, for the selected key, if the key is local or on a remote computer. If it is on
a remote computer, the machine name of the computer is displayed. To be able to access the key's Visual T&D
sessions page, the user must access the key's local ACC.
6. If you are already local, jump to step 8. If you are remote, click on the machine name of the selected key to open
the key's local ACC in a new window. If you are denied permission to the key's local ACC, refer to sections Setting
up security for remote configuration access for the HASP HL Net key, Setting up a Visual TD host computer to find
HASP HL Net keys and Setting up users access from the key's local ACC .
7. In the newly open window, locate the Hasp HL Net key associated with the targeted Visual T&D system. Under the #
Location column, it should be written Local. Now you have access to the Session page located under the Actions
column .
8. Under the Actions column, click on the Sessions button. For the specific key, active sessions for each features are
displayed.

7.2.3.3 The License Activator utility program

The License Activator utility program is provided by Eaton for the generation of license keys for Eaton software products.
Two types of license keys are available: hardware keys and software keys.
A hardware key does not require to be activated: you just need to connect it to the computer that hosts the Eaton
software. However, you must use the License Activator program if you need to upgrade the license of such a key (for
example, when you purchase an additional software option or increase the maximum number of data points supported
by the software).

Visual T&D - Installation guide - Installation Guide page 89

Chapter 7 Visual T&D server maintenance

Software keys are generated based on hardware characteristics of the computer that hosts the Eaton software product.
As a result, you must use the License Activator program to generate a customer-to-vendor (.c2v) file that will include that
information and send this file to Eaton. In response, you will receive a vendor-to-customer (.v2c) file that includes the
software key information: using License Activator, you can then use this .v2c file to activate the software key. License
upgrades are performed the same way.

7.2.3.4 Upgrading your current Visual T&D license using License Activator

The following procedure explains how to proceed to upgrade an existing Visual T&D license key using the License Acti-
vator program.
Before you begin:

• Contact Eaton to purchase the desired options.

• If the license key to upgrade is a hardware key, make sure it is currently connected to the Visual T&D Server
computer for the HASP HL key and to the appropriate computer for the HASP HL Net key.
• If the license to upgrade is a hardware key, the license activator must be launched from the computer hosting the
hardware key.
This procedure applies to all types of license keys (hardware or software). It can also be used to upgrade a legacy hard-
ware key to the current license key format.
To upgrade your current Visual T&D license:

1. Start License Activator.

2. Click Collect C2V.
3. If a HL hardware key is connected to the Visual T&D Server computer, License Activator will prompt you to select
the target license key. Unless you intend to change the type of license key (from hardware to software, or vice-
verse), select the same type that you are currently using, and then click OK.

4. Select a location for .c2v file, type its name, and then click Save.
5. Send the .c2v file to the following email address : [email protected].

A Eaton representative will send you the corresponding .v2c file.

6. Save the .v2c file on the Visual T&D server computer.
7. In License Activator, click Apply V2C.
8. Select the .v2c file received from Eaton, and then click OK.
9. Restart the Visual T&D Server.

page 90 Visual T&D - Installation guide - Installation Guide

Visual T&D server maintenance Chapter 7

What to do next:

Using License Activator, generate a new .c2v file and send it to Eaton to the aforementioned email address. This will:
• Inform us that the activation process was successfully completed;
• Help us providing you with a new license key faster if you purchase new options for your current Visual T&D
installation.

Visual T&D - Installation guide - Installation Guide page 91

Chapter 8 Eaton product secure configuration guidelines

8 Eaton product secure configuration guidelines

Visual T&D is designed with cybersecurity as an important consideration.
This section provides important guidelines for secure deployment and configuration of Visual T&D.

8.1 Secure Configuration Guidelines

Visual T&D has been designed with cybersecurity as an important consideration. A number of features are offered
in the product to address cybersecurity risks. These Cybersecurity Recommendations provide information to help
users to deploy and maintain the product in a manner that minimizes the cybersecurity risks. These Cybersecurity
Recommendations are not intended to provide a comprehensive guide to cybersecurity, but rather to complement
customers’ existing cybersecurity programs.
Eaton is committed to minimizing the cybersecurity risk in its products and deploying cybersecurity best practices in its
products and solutions, making them more secure, reliable and competitive for customers.
The following whitepapers are available for more information on general cybersecurity best practices and guidelines:
Cybersecurity Considerations for Electrical Distribution Systems (WP152002EN): http://www.eaton.com/ecm/
groups/public/@pub/@eaton/@corp/documents/content/pct_1603172.pdf
Cybersecurity Best Practices Checklist Reminder (WP910003EN): http://www.cooperindustries.com/content/dam/
public/powersystems/resources/library/1100_EAS/WP910003EN.pdf
Cybersecurity Best Practices for Modern Vehicles - NHTSA
https://www.nhtsa.gov/staticfiles/nvs/pdf/812333_CybersecurityForModernVehicles.pdf

Category Description

Intended Use & The guidance provided for the secure deployment of the Visual T&D software components
Deployment Context are focused on the Visual T&D itself, by pointing which elements of the operating system
are used by Visual T&D and guiding the system administrator and integrator on the most
secure way to deploy Visual T&D software components.

Asset Management Keeping track of software and hardware assets in your environment is a per-requisite
for effectively managing cybersecurity. Eaton recommends that you maintain an asset
inventory that uniquely identifies each important component. To facilitate this, Visual T&D
supports the following identifying information: publisher, name and version.
This information is available on the What’s new page of the Visual T&D installation.

Table 17 : Cybersecurity guidelines, description of the categories

page 92 Visual T&D - Installation guide - Installation Guide

Eaton product secure configuration guidelines Chapter 8

Category Description

Defense in Depth Defense in Depth basically means applying multiple counter-measures for mitigating
risks, in a layered or step wise manner. A layered approach to security as shown in the
below diagram is what is recommended. Defense in Depth is the responsibility of both the
manufacturer and the customer.

Risk Assessment Eaton recommends conducting a risk assessment to identify and assess reasonably
foreseeable internal and external risks to the confidentiality, availability and integrity of the
system | device and its environment. This exercise should be conducted in accordance
with applicable technical and regulatory frameworks such as IEC 62443 and NERC-CIP.
The risk assessment should be repeated periodically.

Physical Security An attacker with unauthorized physical access can cause serious disruption to system/
device functionality. Additionally, Industrial Control Protocols don’t offer cryptographic
protections, making ICS and SCADA communications especially vulnerable to threats to
their confidentiality. Physical security is an important layer of defense in such cases. Visual
T&D is designed to be deployed and operated in a physically secure location. Following
are some best practices that Eaton recommends to physically secure your system/device:
• Secure the facility and equipment rooms or closets with access control mechanisms
such as locks, entry card readers, guards, man traps, CCTV, etc. as appropriate.
• Restrict physical access to cabinets and/or enclosures containing Visual T&D and the
associated system. Monitor and log the access at all times.
• Physical access to the telecommunication lines and network cabling should be
restricted to protect against attempts to intercept or sabotage communications. It’s a
best practice to use metal conduits for the network cabling running between equipment
cabinets.
• Do not connect removable media (e.g., USB devices, SD cards, etc.) for any operation
(e.g., firmware upgrade, configuration change, or boot application change) unless the
origin of the media is known and trusted.
• Before connecting any portable device through a USB port or SD card slot, scan the
device for malware and viruses.

Table 17 : Cybersecurity guidelines, description of the categories

Visual T&D - Installation guide - Installation Guide page 93

Chapter 8 Eaton product secure configuration guidelines

Category Description

COTS Platform Eaton recommends that customers harden third-party commercial off-the-shelf (COTS)
Security operating systems or platforms that are used to run Eaton applications / products (e.g.,
third party hardware, operating systems and hypervisors, such as those made available by
Dell, Microsoft, VMware, Cisco, etc.).
• Eaton recommends that customers refer to the COTS vendor’s documentation for
guidance on how to harden these components.
• Vendor-neutral guidance is made available by the Center for Internet Security https://
www.cisecurity.org/

Irrespective of the platform, customers should consider the following best practices:
• Install all security updates made available by the COTS manufacturer.
• Change default credentials upon first login.
• Disable or lock unused built-in accounts.
• Limit use of privileged generic accounts (e.g., disable interactive login).
• Change default SNMP community strings.
• Restrict SNMP access using access control lists.
• Disable unneeded ports & services.

Account Management Logical access to the system/device should be restricted to legitimate users, who should
be assigned only the privileges necessary to complete their job roles/functions. Some of
the following best practices may need to be implemented by incorporating them into the
organization’s written policies:
• Ensure default credentials are changed upon first login. Visual T&D should not be
deployed in production environments with default credentials, as default credentials
are publicly known.
• No account sharing – Each user should be provisioned a unique account instead of
sharing accounts and passwords. Security monitoring/logging features in the product
are designed based on each user having a unique account. Allowing users to share
credentials weakens security.
• Restrict administrative privileges - Attackers seek to gain control of legitimate
credentials, especially those for highly privileged accounts. Administrative privileges
should be assigned only to accounts specifically designated for administrative duties
and not for regular use.
• Leverage the roles / access privileges to provide tiered access to the users as per
the business /operational need. Follow the principle of least privilege (allocate the
minimum authority level and access to system resources required for the role).
• Perform periodic account maintenance (remove unused accounts).
• Ensure password length, complexity and expiration requirements are appropriately
set, particularly for all administrative accounts (e.g., minimum 10 characters, mix of
upper- and lower-case and special characters, and expire every 90 days, or otherwise
in accordance with your organization’s policies).
• Enforce session time-out after a period of inactivity.

See section: Visual T&D and Windows user account privileges.

Table 17 : Cybersecurity guidelines, description of the categories

page 94 Visual T&D - Installation guide - Installation Guide

Eaton product secure configuration guidelines Chapter 8

Category Description

Time Synchronization Many operations in power grids and IT networks heavily depend on precise timing
information.
Ensure the system clock is synchronized with an authoritative time source (using manual
configuration, NTP, SNTP, or IEEE 1588).

Network Security Visual T&D supports network communication with other devices in the environment.
This capability can present risks if it’s not configured securely. Following are Eaton
recommended best practices to help secure the network. Additional information about
various network protection strategies is available in Eaton Cybersecurity Considerations
for Electrical Distribution Systems [R1].
Eaton recommends segmentation of networks into logical enclaves, denying
traffic between segments except that which is specifically allowed, and restricting
communication to host-to-host paths (for example, using router ACLs and firewall rules).
This helps to protect sensitive information and critical services and creates additional
barriers in the event of a network perimeter breach. At a minimum, a utility Industrial
Control Systems network should be segmented into a three-tiered architecture (as
recommended by NIST SP 800-82[R3]) for better security control.
Eaton recommends opening only ports that are required for operations and protect the
network communication using network protection systems like firewalls and intrusion
detection systems / intrusion prevention systems. Use the information below to configure
your firewall rules to allow access needed for Visual T&D to operate smoothly.
See section: Exception for communication ports.

Remote Access Remote access to devices/systems creates another entry point into the network. Strict
management and validation of termination of such access is vital for maintaining control
over overall ICS security.
See section: Remote Visual T&D server management.

Logging and Event • Eaton recommends logging all relevant system and application events, including all
Management administrative and maintenance activities.
• Logs should be protected from tampering and other risks to their integrity (for example,
by restricting permissions to access and modify logs, transmitting logs to a security
information and event management system, etc.).
• Ensure that logs are retained for a reasonable and appropriate length of time.
• Review the logs regularly. The frequency of review should be reasonable, taking into
account the sensitivity and criticality of the system | device and any data it processes.

See section: Syslog export module for Visual T&D.

Table 17 : Cybersecurity guidelines, description of the categories

Visual T&D - Installation guide - Installation Guide page 95

Chapter 8 Eaton product secure configuration guidelines

Category Description

Vulnerability Scanning It is possible to install and use third-party software with Visual T&D . Any known critical
or high severity vulnerabilities on third party component/libraries used to run software /
applications should be remediated before putting the system/device into production.
• Eaton recommends running a vulnerability scan to identify known vulnerabilities for
software used with the product. For COTS components (e.g., applications running
on Windows), vulnerabilities can be tracked on the National Vulnerability Database
(NVD), available at https://nvd.nist.gov/.
• Keep software updated by monitoring security patches made available by COTS
vendors and installing them as soon as possible.

Note: Many compliance frameworks and security best practices require a monthly
vulnerability review. For many non-COTS products vulnerabilities will be communi-
cated directly through the vendor site.

Malware Defenses Eaton recommends deploying adequate malware defenses to protect the product or the
platforms used to run the Eaton product.

Secure Maintenance The system/device includes documentation to allow a service engineer with help from site
administrator to trouble shoot the system/device functionality.
See section: Visual T&D server maintenance.
Best Practices
Update software prior to putting the system/device into production. Thereafter, apply
software patches and updates regularly.
Eaton publishes patches and updates for its products to protect them against
vulnerabilities that are discovered. Eaton encourages customers to maintain a consistent
process to promptly monitor for and install new firmware updates.
Please check Eaton’s cybersecurity website for information bulletins about available
firmware and software updates.
See section: About Windows automatic updates.

Business Continuity / Plan for Business Continuity / Cybersecurity Disaster Recovery

Cybersecurity Disaster Eaton recommends incorporating Visual T&D into the organization’s business continuity
Recovery and disaster recovery plans. Organizations should establish a Business Continuity Plan
and a Disaster Recovery Plan and should periodically review and, where possible,
exercise these plans. As part of the plan, important system/device data should be
backed up and securely stored, including:
• Updated software for Visual T&D . Make it a part of standard operating procedure to
update the backup copy as soon as the latest software is updated.
• The current configuration.
• Documentation of the current permissions / access controls, if not backed up as part
of the configuration.

Sensitive Information Eaton recommends that sensitive information (i.e. connectivity, log data, personal
Disclosure information) that may be stored by Visual T&D be adequately protected through the
deployment of organizational security practices.

Table 17 : Cybersecurity guidelines, description of the categories

page 96 Visual T&D - Installation guide - Installation Guide

Eaton product secure configuration guidelines Chapter 8

8.2 References
[R1] Cybersecurity Considerations for Electrical Distribution Systems (WP152002EN):http://www.eaton.com/ecm/
groups/public/@pub/@eaton/@corp/documents/content/pct_1603172.pdf
[R2] Cybersecurity Best Practices Checklist Reminder (WP910003EN):http://www.cooperindustries.com/content/
dam/public/powersystems/resources/library/1100_EAS/WP910003EN.pdf
[R3] NIST SP 800-82 Rev 2, Guide to Industrial Control Systems (ICS) Security, May 2015:
https://ics-cert.us-cert.gov/Standards-and-References
[R4] National Institute of Technology (NIST) Interagency “Guidelines on Firewalls and Firewall
Policy, NIST Special Publication 800-41”, October 2009: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/
nistspecialpublication800-41r1.pdf
[R5] NIST SP 800-88, Guidelines for Media Sanitization, September 2006:http://ws680.nist.gov/publication/
get_pdf.cfm?pub_id=50819
[R6] Cybersecurity Best Practices for Modern Vehicles - NHTSAhttps://www.nhtsa.gov/staticfiles/nvs/
pdf/812333_CybersecurityForModernVehicles.pdf
[R7] A Summary of Cybersecurity Best Practices - Homeland Securityhttps://www.hsdl.org/?view&did=806518
[R8] Characterization of Potential Security Threats in Modern Automobiles - NHTSA
https://www.nhtsa.gov/DOT/NHTSA/NVS/Crash%20Avoidance/Technical
%20Publications/2014/812074_Characterization_PotentialThreatsAutos(1).pdf
[R9] Threat Modeling for Automotive Security Analysishttp://nvlpubs.nist.gov/nistpubs/Legacy/SP/
nistspecialpublication800-41r1.pdf

Visual T&D - Installation guide - Installation Guide page 97

Appendix Appendix

Appendix
External libraries licensing descriptions
The Visual T&D software contains some code and class libraries from third party vendors or open source communi-
ties.
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
Npgsql
Copyright (c) 2002-2023, Npgsql
Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and
without a written agreement is hereby granted, provided that the above copyright notice and this paragraph and the
following two paragraphs appear in all copies.
IN NO EVENT SHALL NPGSQL BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,
OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS
SOFTWARE AND ITS DOCUMENTATION, EVEN IF Npgsql HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
NPGSQL SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE
PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND Npgsql HAS NO OBLIGATIONS TO PROVIDE
MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
ImageMagick
Copyright 1999-2021 ImageMagick Studio LLC, a non-profit organization dedicated to making software imaging
solutions freely available.

1. Definitions.
License shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1
through 9 of this document.
Licensor shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
Legal Entity shall mean the union of the acting entity and all other entities that control, are controlled by, or are
under common control with that entity. For the purposes of this definition, control means (i) the power, direct or
indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership
of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
You (or Your) shall mean an individual or Legal Entity exercising permissions granted by this License.
Source form shall mean the preferred form for making modifications, including but not limited to software source
code, documentation source, and configuration files.
Object form shall mean any form resulting from mechanical transformation or translation of a Source form,
including but not limited to compiled object code, generated documentation, and conversions to other media
types.
Work shall mean the work of authorship, whether in Source or Object form, made available under the License,
as indicated by a copyright notice that is included in or attached to the work (an example is provided in the
Appendix below).
Derivative Works shall mean any work, whether in Source or Object form, that is based on (or derived from)
the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a
whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works

Visual T&D - Installation guide page 98

External libraries licensing descriptions Appendix

that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works
thereof.
Contribution shall mean any work of authorship, including the original version of the Work and any modifications
or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion
in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the
copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written
communication sent to the Licensor or its representatives, including but not limited to communication on
electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on
behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that
is conspicuously marked or otherwise designated in writing by the copyright owner as Not a Contribution.
Contributor shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been
received by Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby
grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to
reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work
and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to
You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such
license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was
submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit)
alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent
infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the
date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any
medium, with or without modifications, and in Source or Object form, provided that You meet the following
conditions:
a. You must give any other recipients of the Work or Derivative Works a copy of this License; and
b. You must cause any modified files to carry prominent notices stating that You changed the files; and
c. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent,
trademark, and attribution notices from the Source form of the Work, excluding those notices that do not
pertain to any part of the Derivative Works; and
d. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You
distribute must include a readable copy of the attribution notices contained within such NOTICE file,
excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the
following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source
form or documentation, if provided along with the Derivative Works; or, within a display generated by the
Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE
file are for informational purposes only and do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text
from the Work, provided that such additional attribution notices cannot be construed as modifying the
License.
You may add Your own copyright statement to Your modifications and may provide additional or different license
terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works
as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions
stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for

Visual T&D - Installation guide page 99

External libraries licensing descriptions Appendix

inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any
additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of
any separate license agreement you may have executed with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or
product names of the Licensor, except as required for reasonable and customary use in describing the origin of
the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the
Work (and each Contributor provides its Contributions) on an AS IS BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks
associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract,
or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in
writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or
consequential damages of any character arising as a result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction,
or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility
of such damages.
9. Accepting Warranty or Additional Liability.
While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for,
acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License.
However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility,
not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor
harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting
any such warranty or additional liability.

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
Apache
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1
through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the
License.
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are
under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or
indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership
of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including but not limited to software
source code, documentation source, and configuration files.
"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form,
including but not limited to compiled object code, generated documentation, and conversions to other media
types.

Visual T&D - Installation guide page 100

External libraries licensing descriptions Appendix

"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License,
as indicated by a copyright notice that is included in or attached to the work (an example is provided in the
Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from)
the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a
whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works
that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works
thereof.
"Contribution" shall mean any work of authorship, including the original version of the Work and any
modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for
inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf
of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal,
or written communication sent to the Licensor or its representatives, including but not limited to communication
on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on
behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that
is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been
received by Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby
grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to
reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work
and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to
You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such
license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was
submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit)
alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent
infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the
date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any
medium, with or without modifications, and in Source or Object form, provided that You meet the following
conditions:
a. You must give any other recipients of the Work or Derivative Works a copy of this License; and
b. You must cause any modified files to carry prominent notices stating that You changed the files; and
c. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent,
trademark, and attribution notices from the Source form of the Work, excluding those notices that do not
pertain to any part of the Derivative Works; and
d. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You
distribute must include a readable copy of the attribution notices contained within such NOTICE file,
excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the
following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source
form or documentation, if provided along with the Derivative Works; or, within a display generated by the
Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE
file are for informational purposes only and do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text
from the Work, provided that such additional attribution notices cannot be construed as modifying the
License.

Visual T&D - Installation guide page 101

External libraries licensing descriptions Appendix

You may add Your own copyright statement to Your modifications and may provide additional or different license
terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works
as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions
stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for
inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any
additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of
any separate license agreement you may have executed with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or
product names of the Licensor, except as required for reasonable and customary use in describing the origin of
the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the
Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks
associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract,
or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in
writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or
consequential damages of any character arising as a result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction,
or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility
of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof,
You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability
obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree
to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against,
such Contributor by reason of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
MIT
Permission is hereby granted, free of charge, to any person obtaining a copy of _____ (the "Software"), to deal in
the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute,
sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies
or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL _____ BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Visual T&D - Installation guide page 102

External libraries licensing descriptions Appendix

Code Project
THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CODE PROJECT OPEN
LICENSE ("LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW.
ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS
PROHIBITED.
BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HEREIN, YOU ACCEPT AND AGREE TO BE BOUND
BY THE TERMS OF THIS LICENSE. THE AUTHOR GRANTS YOU THE RIGHTS CONTAINED HEREIN IN
CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. IF YOU DO NOT AGREE TO
ACCEPT AND BE BOUND BY THE TERMS OF THIS LICENSE, YOU CANNOT MAKE ANY USE OF THE WORK.
1. Definitions.
a. "Articles" means, collectively, all articles written by Author which describes how the Source Code and
Executable Files for the Work may be used by a user.
b. "Author" means the individual or entity that offers the Work under the terms of this License.
c. "Derivative Work" means a work based upon the Work or upon the Work and other pre-existing works.
d. "Executable Files" refer to the executables, binary files, configuration and any required data files
included in the Work.
e. "Publisher" means the provider of the website, magazine, CD-ROM, DVD or other medium from or by
which the Work is obtained by You.
f. "Source Code" refers to the collection of source code and configuration files used to create the
Executable Files.
g. "Standard Version" refers to such a Work if it has not been modified, or has been modified in accordance
with the consent of the Author, such consent being in the full discretion of the Author.
h. "Work" refers to the collection of files distributed by the Publisher, including the Source Code, Executable
Files, binaries, data files, documentation, whitepapers and the Articles.
i. "You" is you, an individual or entity wishing to use the Work and exercise your rights under this License.
2. Fair Use/Fair Use Rights. Nothing in this License is intended to reduce, limit, or restrict any rights arising from
fair use, fair dealing, first sale or other limitations on the exclusive rights of the copyright owner under copyright
law or other applicable laws.
3. License Grant. Subject to the terms and conditions of this License, the Author hereby grants You a worldwide,
royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in
the Work as stated below:
a. You may use the standard version of the Source Code or Executable Files in Your own applications.
b. You may apply bug fixes, portability fixes and other modifications obtained from the Public Domain or
from the Author. A Work modified in such a way shall still be considered the standard version and will be
subject to this License.
c. You may otherwise modify Your copy of this Work (excluding the Articles) in any way to create a
Derivative Work, provided that You insert a prominent notice in each changed file stating how, when and
where You changed that file.
d. You may distribute the standard version of the Executable Files and Source Code or Derivative Work in
aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software
distribution.
e. The Articles discussing the Work published in any form by the author may not be distributed or
republished without the Author's consent. The author retains copyright to any such Articles. You may use
the Executable Files and Source Code pursuant to this License but you may not repost or republish or

Visual T&D - Installation guide page 103

External libraries licensing descriptions Appendix

otherwise distribute or make available the Articles, without the prior written consent of the Author.
Any subroutines or modules supplied by You and linked into the Source Code or Executable Files of this Work
shall not be considered part of this Work and will not be subject to the terms of this License.
4. Patent License. Subject to the terms and conditions of this License, each Author hereby grants to You a
perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent
license to make, have made, use, import, and otherwise transfer the Work.
5. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following
restrictions:
a. You agree not to remove any of the original copyright, patent, trademark, and attribution notices and
associated disclaimers that may appear in the Source Code or Executable Files.
b. You agree not to advertise or in any way imply that this Work is a product of Your own.
c. The name of the Author may not be used to endorse or promote products derived from the Work without
the prior written consent of the Author.
d. You agree not to sell, lease, or rent any part of the Work. This does not restrict you from including the
Work or any part of the Work inside a larger software distribution that itself is being sold. The Work by
itself, though, cannot be sold, leased or rented.
e. You may distribute the Executable Files and Source Code only under the terms of this License, and
You must include a copy of, or the Uniform Resource Identifier for, this License with every copy of the
Executable Files or Source Code You distribute and ensure that anyone receiving such Executable
Files and Source Code agrees that the terms of this License apply to such Executable Files and/or
Source Code. You may not offer or impose any terms on the Work that alter or restrict the terms of this
License or the recipients' exercise of the rights granted hereunder. You may not sublicense the Work.
You must keep intact all notices that refer to this License and to the disclaimer of warranties. You may
not distribute the Executable Files or Source Code with any technological measures that control access
or use of the Work in a manner inconsistent with the terms of this License.
f. You agree not to use the Work for illegal, immoral or improper purposes, or on pages containing illegal,
immoral or improper material. The Work is subject to applicable export laws. You agree to comply with all
such laws and regulations that may apply to the Work after Your receipt of the Work.
6. Representations, Warranties and Disclaimer. THIS WORK IS PROVIDED "AS IS", "WHERE IS" AND "AS
AVAILABLE", WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS OR GUARANTEES.
YOU, THE USER, ASSUME ALL RISK IN ITS USE, INCLUDING COPYRIGHT INFRINGEMENT, PATENT
INFRINGEMENT, SUITABILITY, ETC. AUTHOR EXPRESSLY DISCLAIMS ALL EXPRESS, IMPLIED OR
STATUTORY WARRANTIES OR CONDITIONS, INCLUDING WITHOUT LIMITATION, WARRANTIES OR
CONDITIONS OF MERCHANTABILITY, MERCHANTABLE QUALITY OR FITNESS FOR A PARTICULAR
PURPOSE, OR ANY WARRANTY OF TITLE OR NON-INFRINGEMENT, OR THAT THE WORK (OR ANY
PORTION THEREOF) IS CORRECT, USEFUL, BUG-FREE OR FREE OF VIRUSES. YOU MUST PASS THIS
DISCLAIMER ON WHENEVER YOU DISTRIBUTE THE WORK OR DERIVATIVE WORKS.
7. Indemnity. You agree to defend, indemnify and hold harmless the Author and the Publisher from and against
any claims, suits, losses, damages, liabilities, costs, and expenses (including reasonable legal or attorneys’ fees)
resulting from or relating to any use of the Work by You.
8. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL
THE AUTHOR OR THE PUBLISHER BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE
OR THE USE OF THE WORK OR OTHERWISE, EVEN IF THE AUTHOR OR THE PUBLISHER HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9. Termination.
a. This License and the rights granted hereunder will terminate automatically upon any breach by You of

Visual T&D - Installation guide page 104

External libraries licensing descriptions Appendix

any term of this License. Individuals or entities who have received Derivative Works from You under this
License, however, will not have their licenses terminated provided such individuals or entities remain in
full compliance with those licenses. Sections 1, 2, 6, 7, 8, 9, 10 and 11 will survive any termination of this
License.
b. If You bring a copyright, trademark, patent or any other infringement claim against any contributor over
infringements You claim are made by the Work, your License from such contributor to the Work ends
automatically.
c. Subject to the above terms and conditions, this License is perpetual (for the duration of the applicable
copyright in the Work). Notwithstanding the above, the Author reserves the right to release the Work
under different license terms or to stop distributing the Work at any time; provided, however that any
such election will not serve to withdraw this License (or any other license that has been, or is required to
be, granted under the terms of this License), and this License will continue in full force and effect unless
terminated as stated above.
10. Publisher. The parties hereby confirm that the Publisher shall not, under any circumstances, be responsible for
and shall not have any liability in respect of the subject matter of this License. The Publisher makes no warranty
whatsoever in connection with the Work and shall not be liable to You or any party on any legal theory for any
damages whatsoever, including without limitation any general, special, incidental or consequential damages
arising in connection to this license. The Publisher reserves the right to cease making the Work available to You
at any time without notice
11. Miscellaneous.
a. This License shall be governed by the laws of the location of the head office of the Author or if the Author
is an individual, the laws of location of the principal place of residence of the Author.
b. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the
validity or enforceability of the remainder of the terms of this License, and without further action by the
parties to this License, such provision shall be reformed to the minimum extent necessary to make such
provision valid and enforceable.
c. No term or provision of this License shall be deemed waived and no breach consented to unless such
waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent.
d. This License constitutes the entire agreement between the parties with respect to the Work licensed
herein. There are no understandings, agreements or representations with respect to the Work not
specified herein. The Author shall not be bound by any additional provisions that may appear in any
communication from You. This License may not be modified without the mutual written agreement of the
Author and You.
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
Librdkafka
Copyright (c) 2012-2022, Magnus Edenhill.
https://github.com/edenhill/librdkafka
librdkafka is a C library implementation of the Apache Kafka protocol, providing Producer, Consumer and Admin
clients. It was designed with message delivery reliability and high performance in mind, current figures exceed 1
million msgs/second for the producer and 3 million msgs/second for the consumer.
librdkafka is licensed under the 2-clause BSD license.
KAFKA is a registered trademark of The Apache Software Foundation and has been licensed for use by librdkafka.
librdkafka has no affiliation with and is not endorsed by The Apache Software Foundation.
We warrant that you will receive ongoing free email support, one year free bugs fixing and one year free upgrades to
new versions.

Visual T&D - Installation guide page 105

External libraries licensing descriptions Appendix

SqlApi++
SQLAPI++ Library License Agreement and Warranty
You should carefully read the following terms and conditions before using this software. Your use of this software
indicates your acceptance of this license agreement and warranty.
License Agreement
You have the non-exclusive right to use the library. The Company retains all title and ownership of the library.
Evaluation
The SQLAPI++ library is distributed as shareware. You can use the library for evaluation purposes without charge
for unlimited period. The evaluation version has no limits or functional differences from registered version, but it will
display registration messages occasionally.
While in evaluation you may not distribute your applications written with trial version of SQLAPI++ library.
Registered Versions
You have to purchase SQLAPI++ Personal license for every developer, or one Site license for up to 10 developers in
your company or one Site+ license for unlimited number of developers in your company.
You may distribute, directly and indirectly, applications written with SQLAPI++ (including SQLAPI++ run-time) without
any additional charge.
You may not distribute SQLAPI++ source codes (original or modified).
Registered version (Personal license)
One registered copy of SQLAPI++ library may be used by a single person who uses it personally on one or more
computers.
You may access the registered version of SQLAPI++ library through a network, provided that you have obtained
individual licenses for the software covering all developers that will access the software through the network.
Registered version (Site license)
One registered copy of SQLAPI++ may be used by up to 10 developers in the same company.
Registered version (Site+ license)
One registered copy of SQLAPI++ may be used by any number of developers in the same company.
Warranty and limitation of liability
We warrant that you will receive ongoing free email support, one year free bugs fixing and one year free upgrades to
new versions.
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
Zlib
zlib.h -- interface of the 'zlib' general purpose compression library
Version 1.2.13, October 13th, 2022
Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable
for any damages arising from the use of this software.
Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter
it and redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software.

Visual T&D - Installation guide page 106

External libraries licensing descriptions Appendix

If you use this software in a product, an acknowledgment in the product documentation would be appreciated but
is not required.
2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original
software.
3. This notice may not be removed or altered from any source distribution.
Jean-loup Gailly Mark Adler
[email protected] [email protected]
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
OPC Redistributables
Version 1.3, February 06, 2017, OPC Foundation
The terms and conditions of the Agreement apply to the Software Deliverables including without limitation any OPC
Foundation:
• updates,
• supplements
• Internet-based services, and
• support services
for the Software Deliverables, unless OPC Foundation specifies that any other terms accompany such items, in
which case the alternate terms specified by OPC Foundation would apply.
BY USING THE SOURCE DELIVERABLES, YOU ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT
ACCEPT THE TERMS OF THIS AGREEMENT, DO NOT USE THE SOFTWARE DELIVERABLES.
If you comply with this Agreement, you have the rights below.
1. INSTALLATION AND USE RIGHTS.
You may install and use any number of copies of the Software Deliverables.
2. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS.
Distributable Code. The Software Deliverables contain compiled code that you are permitted to distribute with
programs you develop if you comply with the terms below.
• i. Right to Use and Distribute.
• You may copy and distribute all files that are part of this Software Deliverables.
• Third Party Distribution. You may permit distributors of your programs to copy and distribute the
Software Deliverables as part of those programs.
• ii. Distribution Requirements. For any Software Deliverables you distribute, you must:
• iii. add significant primary functionality to it in your programs;
• iv. require distributors and external end users to agree to terms that protect it at least as much as this
Agreement;
• v. display your valid copyright notice on your programs; and
• vi. indemnify, defend, and hold harmless the OPC Foundation from any claims, including attorneys’ fees,
related to the distribution or use of your programs.

Visual T&D - Installation guide page 107

External libraries licensing descriptions Appendix

• vii. Distribution Restrictions. You may not:

• alter any copyright, trademark or patent notice in the Software Deliverables;
• use the OPC Foundation’s trademarks in your programs’ names or in a way that suggests your
programs come from or are endorsed by the OPC Foundation;
• include Software Deliverables in malicious, deceptive or unlawful programs;
• modify or distribute the source code of any Software Deliverables so that any part of it becomes
subject to an Excluded License. An Excluded License is one that requires, as a condition of use,
modification or distribution, that (1). the code be disclosed or distributed in source code form; or (2)
permit or otherwise allow others to have the right to modify such Software Deliverables; or
• create additional software components that directly link or directly load the Software Deliverables
without accepting the corresponding source license for that Software Deliverable.
3. SCOPE OF LICENSE.
The Software Deliverables are licensed, not sold. This Agreement only gives you some rights to use the
Software Deliverables. The OPC Foundation reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the software only as expressly permitted in this Agreement. In doing
so, you must comply with any technical limitations in the Software Deliverables that only allow you to use it in
certain ways. You may not:
• disclose the results of any benchmark tests of the Software Deliverables to any third party without OPC
Foundation’s prior written approval;
• work around any technical limitations in the Software Deliverables;
• reverse engineer, decompile or disassemble the Software Deliverables, except and only to the extent that
applicable law expressly permits, despite this limitation;
• make more copies of the Software Deliverables than specified in this Agreement or allowed by applicable
law, despite this limitation;
• publish the Software Deliverables for others to copy; or
• rent, lease or lend the Software Deliverables.
4. BACKUP COPY.
You may make one backup copy of the Software Deliverables. You may use such copy only to reinstall the
Software.
5. DOCUMENTATION.
Any person that has valid access to your computer or internal network may copy and use the documentation
related to the Software Deliverables for your internal reference purposes.
6. EXPORT RESTRICTIONS.
The Software Deliverables are subject to United States export laws and regulations. You must comply with all
domestic and international export laws and regulations that apply to the Software Deliverables. These laws
include restrictions on destinations, end users and end use.
7. SUPPORT SERVICES.
Because you accept the Software3 Deliverables from OPC Foundation “as is,” OPC Foundation may not provide
support services for it.
8. ENTIRE AGREEMENT.
This Agreement, and the terms for supplements, updates, Internet-based services and support services that you
use, are the entire Agreement for the Software Deliverables and support services.
9.
10. LEGAL EFFECT
This Agreement describes certain legal rights. You may have other rights under the laws of your country. This

Visual T&D - Installation guide page 108

External libraries licensing descriptions Appendix

Agreement does not change your rights under the laws of your country if the laws of your country do not permit it
to do so.
11. DISCLAIMER OF WARRANTY.
THE SOFTWARE DELIVERABLES ARE LICENSED “AS-IS.” YOU BEAR THE RISK OF USING THE
SPECIFICATIONS. THE OPC FOUNDATION MAKES NO WARRANTY OF ANY KIND, EXPRESSED OR
IMPLIED, WITH REGARD TO THE SOFTWARE DELIVERABLES, INCLUDING BUT NOT LIMITED TO ANY
WARRANTY OF TITLE OR OWNERSHIP, IMPLIED WARRANTY OF MERCHANTABILITY, OR WARRANTY
OF FITNESS FOR A PARTICULAR PURPOSE OR USE.YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS
UNDER YOUR LOCAL LAWS THAT THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED
UNDER YOUR LOCAL LAWS, THE OPC FOUNDATION EXCLUDES THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
IN NO EVENT SHALL THE OPC FOUNDATION BE LIABLE FOR ERRORS CONTAINED IN THE SOURCE
DELIVERABLES OR FOR DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, RELIANCE OR
COVER DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR USE, INCURRED BY ANY USER
OR ANY THIRD PARTY IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THE
SOFTWARE DELIVERABLES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE ENTIRE
RISK AS TO THE QUALITY AND PERFORMANCE USING THE SOFTWARE DELIVERABLES IS BORNE BY
YOU AND/OR THE USER.
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
GNU
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your freedom to share and change it. By contrast,
the GNU General Public License is intended to guarantee your freedom to share and change free software--to
make sure the software is free for all its users. This General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to using it. (Some other Free Software
Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your
programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed
to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish),
that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new
free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that
forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain
responsibilities for you if you distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all
the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show
them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal
permission to copy, distribute and/or modify the software.

Visual T&D - Installation guide page 109

External libraries licensing descriptions Appendix

Also, for each author's protection and ours, we want to make certain that everyone understands that there is no
warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to
know that what they have is not the original, so that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that
redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To
prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it
may be distributed under the terms of this General Public License. The "Program", below, refers to any such program
or work, and a "work based on the Program" means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated
into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee
is addressed as "you". Activities other than copying, distribution and modification are not covered by this License;
they are outside its scope. The act of running the Program is not restricted, and the output from the Program is
covered only if its contents constitute a work based on the Program (independent of having been made by running
the Program). Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium,
provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and
disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and
give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the
physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the
Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you
also meet all of these conditions:
a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any
change.
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the
Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this
License.
c) If the modified program normally reads commands interactively when run, you must cause it, when started running
for such interactive use in the most ordinary way, to print or display an announcement including an appropriate
copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users
may redistribute the program under these conditions, and telling the user how to view a copy of this License.
(Exception: if the Program itself is interactive but does not normally print such an announcement, your work based
on the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from
the Program, and can be reasonably considered independent and separate works in themselves, then this License,
and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute
the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be
on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and
every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights
to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or
collective works based on the Program.

Visual T&D - Installation guide page 110

External libraries licensing descriptions Appendix

In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on
the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this
License.
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable
form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under
the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than
your cost of physically performing source distribution, a complete machine-readable copy of the corresponding
source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software
interchange; or,
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This
alternative is allowed only for noncommercial distribution and only if you received the program in object code or
executable form with such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making modifications to it. For an executable
work, complete source code means all the source code for all modules it contains, plus any associated interface
definition files, plus the scripts used to control compilation and installation of the executable. However, as a special
exception, the source code distributed need not include anything that is normally distributed (in either source
or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the
executable runs, unless that component itself accompanies the executable.
If distribution of executable or object code is made by offering access to copy from a designated place, then offering
equivalent access to copy the source code from the same place counts as distribution of the source code, even
though third parties are not compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License.
Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate
your rights under this License. However, parties who have received copies, or rights, from you under this License will
not have their licenses terminated so long as such parties remain in full compliance.
5. You are not required to accept this License, since you have not signed it. However, nothing else grants you
permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do
not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program),
you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or
modifying the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives
a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions.
You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not
responsible for enforcing compliance by third parties to this License.
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited
to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict
the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute
so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a
consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free
redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you
could satisfy both it and this License would be to refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the
section is intended to apply and the section as a whole is intended to apply in other circumstances.

Visual T&D - Installation guide page 111

External libraries licensing descriptions Appendix

It is not the purpose of this section to induce you to infringe any patents or other property right claims or to
contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software
distribution system, which is implemented by public license practices. Many people have made generous
contributions to the wide range of software distributed through that system in reliance on consistent application
of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other
system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted
interfaces, the original copyright holder who places the Program under this License may add an explicit geographical
distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus
excluded. In such case, this License incorporates the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time
to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new
problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a version number of this License
which applies to it and "any later version", you have the option of following the terms and conditions either of that
version or of any later version published by the Free Software Foundation. If the Program does not specify a version
number of this License, you may choose any version ever published by the Free Software Foundation.
10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are
different, write to the author to ask for permission. For software which is copyrighted by the Free Software
Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be
guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the
sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE
PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN
WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE
RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM
PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY
COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM
AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE
OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE
WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
PowerPage
Object Code License. Subject to the terms and conditions of this Agreement, Tanner & Associates grants Company a
nonexclusive, nontransferable license to link Object Code.

Visual T&D - Installation guide page 112

External libraries licensing descriptions Appendix

Source Code License. Subject to the terms and conditions of this Agreement, Tanner & Associates grants Company
a nonexclusive, nontransferable license to use, modify, and compile Source Code. Company may not use, disclose,
sell, copy, license or distribute Source Code in any other form or for any purpose whatsoever. Company may use and
maintain a copy of Source Code on a single CPU for general development purposes (the "Designated CPU").
Derivative Software Product License. Subject to the terms and conditions of this Agreement, Tanner & Associates
grants Company a nonexclusive, nontransferable license to reproduce and distribute the Derivative Software Product
as a component part of Company Products.
Company shall not assign, transfer or sublicense this license (or any right granted herein) in any manner to any
third party. In the event Company should need to transfer distribution rights for Object Code, Source Code, and/
or Documentation to third party, third party is required to contact Tanner & Associates directly in order to purchase
separate license.
Ownership of Proprietary Rights. This Agreement does not grant to Company any title or right of ownership in or to
the Object Code or Source Code or related portion of the Derivative Software Product. Company agrees to provide
Tanner & Associates a copy of Source Code enhancements and modifications on demand.
Company will only distribute the Derivative Software Product under license. Company will take all steps necessary to
protect Tanner & Associates' proprietary rights in the Derivative Software Product. This agreement does not convey a
license to any third party who may create derivative software products based on Company's product.
Documentation. Company may reproduce operating instructions, user manuals or other Documentation listed in
Exhibit A. Documentation.
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
PostgreSQL
PostgreSQL is released under the PostgreSQL License, a liberal Open Source license, similar to the BSD or MIT
licenses.
PostgreSQL Database Management System
(formerly known as Postgres, then as Postgres95)
Portions Copyright © 1996-2023, The PostgreSQL Global Development Group
Portions Copyright © 1994, The Regents of the University of California
Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and
without a written agreement is hereby granted, provided that the above copyright notice and this paragraph and the
following two paragraphs appear in all copies.
IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT,
SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE
USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND THE UNIVERSITY OF
CALIFORNIA HAS NO OBLIGATIONS TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS,
OR MODIFICATIONS.
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Visual T&D - Installation guide page 113

External libraries licensing descriptions Appendix

Stingray Studio
IMPORTANT – READ CAREFULLY: THIS SOFTWARE LICENSE AGREEMENT (THE “LICENSE AGREEMENT”)
IS A LEGAL AGREEMENT BY AND BETWEEN YOU AND ROGUE WAVE SOFTWARE, INC., A SUBSIDIARY
OF PERFORCE SOFTWARE, INC. (“ROGUE WAVE”). IF YOU ARE INSTALLING THE LICENSED SOFTWARE
FOR PERSONAL USE, THIS LICENSE AGREEMENT APPLIES TO AND BINDS YOU PERSONALLY. IF YOU ARE
INSTALLING THE LICENSED SOFTWARE AS PART OF YOUR WORK FOR AN ORGANIZATION, THIS LICENSE
AGREEMENT APPLIES TO AND BINDS SUCH ORGANIZATION. “LICENSEE” OR "YOU" AND “YOUR” REFER
TO THE PERSON OR ENTITY THAT IS LICENSEE OF THE LICENSED SOFTWARE. BY INSTALLING, COPYING,
OR OTHERWISE USING THE LICENSED SOFTWARE THAT ACCOMPANIES THIS LICENSE AGREEMENT,
YOU OR SUCH ORGANIZATION AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS LICENSE
AGREEMENT. IF YOU OR SUCH ORGANIZATION DOES NOT AGREE TO BE BOUND BY THIS LICENSE
AGREEMENT, YOU MAY NOT USE, COPY, OR INSTALL THE LICENSED SOFTWARE.
1. DEFINITIONS.
1.1 “Application” means a software application that makes use of or incorporates the RW Libraries in its
implementation without exposing any part of the Licensed Software application programming interface either directly
or indirectly.
1.2 “Licensed Developer” means a natural person, employed by, or under contract to, Licensee, for whom
Licensee has designated as a “Licensed Developer,” and for whom Licensee has paid the applicable development
license fees required to authorize such natural person to use the Licensed Software to develop Applications on
Licensee’s behalf. Licenses for Licensed Developers are priced on a per natural person, and per product, or per
module, of the Licensed Software basis.
1.3 “Licensed Software” means the Rogue Wave software components, in source code or binary form, for which
Licensee has paid the applicable per product or per module license fees, together with the user guides, build guides,
reference manuals and other documentation accompanying such software components or otherwise made available
by Rogue Wave (collectively, the “Documentation”), any executables delivered with the software components
and any modified or updated versions of any of the foregoing made available to Licensee pursuant to Licensee’s
purchase of Maintenance and Support. Licensed Software does not include any third-party software products that
may be embedded in or bundled with the Licensed Software, which products are separately licensed by the copyright
holder.
1.4 “Order” means, collectively, a duly authorized quotation issued by Rogue Wave to Licensee that specifies the
Licensed Software and may include other terms and conditions governing such Licensed Software (such as the fees
and the term of the license) and a purchase order, if applicable, issued by Licensee to Rogue Wave in response
to and reflecting such quotation (with no additional or different terms, unless such additional or different terms are
expressly accepted by Rogue Wave in writing).
1.5 “Maintenance and Support” means the technical support and software maintenance services on the Licensed
Software for which Licensee has paid the applicable Maintenance and Support fees, either separately for perpetual
licenses of the Licensed Software, or as included in the subscription license fee for the Licensed Software, as
applicable.
1.6 “RW Libraries” means any Licensed Software library, in binary form, intended to be embedded in an Application
or used in the execution of an Application.
2. LICENSE GRANTS.
2.1 Development License Grant. Subject to the terms and conditions of this License Agreement, including
Licensee’s agreement to pay the applicable fees, for the applicable term (perpetual or subscription/time-limited) as
is set forth in an Order, Rogue Wave grants to Licensee a nonexclusive, nontransferable, limited right and license to:
(a) permit Licensed Developers to install and use the Licensed Software, on a per product or per module basis, for
the sole purpose of creating Applications; (b) permit a reasonable number of other persons employed by or under
contract to Licensee to install and use the Licensed Software for the sole purpose of building the RW Libraries,

Visual T&D - Installation guide page 114

External libraries licensing descriptions Appendix

and to use the RW Libraries for the sole purpose of linking, compiling, or testing Applications created by Licensed
Developers; and (c) copy or have copied the Licensed Software and RW Libraries as necessary for the purpose
of exercising the rights granted under this Section 2.1 or for back-up or disaster recovery purposes, provided, that
Rogue Wave’s copyright notice and other proprietary rights notices are reproduced on each copy.
2.2 Deployment and Distribution License Grant. Subject to the terms and conditions of this License Agreement,
for the applicable term (perpetual or subscription/time-limited) as is set forth in an Order, Rogue Wave grants to
Licensee a nonexclusive, nontransferable, royalty-free, limited right and license to: (a) install and use the RW
Libraries in connection with the execution of Applications created in compliance with Section 2.1, on physical
hardware or virtual machines owned or leased by Licensee or by contractors under Licensee’s control that are
located at facilities owned or leased by Licensee or by contractors under Licensee’s control; (b) distribute and grant
to Licensee’s customers pursuant to a license agreement at least as protective of the rights of Rogue Wave as this
License Agreement the right to install and use the RW Libraries in connection with the execution of Applications
created in compliance with Section 2.1, on physical hardware or on virtual machines owned or leased by the
customer or by contractors under the customer’s control that are located at facilities owned or leased by the
customer or by contractors under the customer’s control; and (c) copy or have copied the RW Libraries embedded
in or used in the execution of Applications as necessary for the purpose of exercising the rights granted under this
Section 2.2 or for back-up or disaster recovery purposes, provided, that Rogue Wave’s copyright notice and other
proprietary rights notices are reproduced on each copy.
3. LICENSE RESTRICTIONS AND LICENSEE RESPONSIBILITIES.
3.1 Development Restrictions. The development rights granted to Licensee in Section 2.1 may only be exercised
by individual developers employed by or under contract to Licensee that Licensee has designated as “Licensed
Developers” and for whom Licensee has paid the applicable per product or per module development license fees.
If one Licensed Developer ceases to be employed by or under contract to Licensee or permanently ceases work
on projects involving the Licensed Software, then Licensee may designate an alternate developer to replace such
Licensed Developer at no additional cost. However, the development license is not a concurrent license that may be
used by numerous developers in shifts or on an outsourced basis for a temporary period. Licensee may not create
a programmatic interface that makes use of the Licensed Software application programming interfaces for use by
any party other than Licensed Developers and must ensure that persons other than Licensed Developers do not
have programmatic access to the Licensed Software or RW Libraries either directly or indirectly. Nothing herein
shall grant Licensee the right to grant its customers the right to programmatically use or grant others the right to
programmatically use the Licensed Software or RW Libraries.
3.2 General Use Limitations. All rights not specifically granted herein are retained by Rogue Wave. Licensee may
not, nor may Licensee permit any other person or entity to use, copy, modify, or distribute the Licensed Software
(electronically or otherwise), or any copy, adaptation, transcription, or merged portion thereof (including the RW
Libraries), or the Documentation except as expressly authorized by Rogue Wave. Licensee may not modify or
port the Licensed Software or RW Libraries to operate on or deploy the RW Libraries or Applications on platforms
or architectures other than those for which it has paid the appropriate fees. Licensee may not, nor may Licensee
permit any other person or entity to, reverse assemble, reverse compile, or otherwise translate any binary forms
of the Licensed Software, except to the extent applicable laws specifically prohibit such restriction. Licensee’s
rights may not be transferred, leased, assigned, or sublicensed except as expressly authorized by Rogue Wave in
writing. No service bureau work, multiple-user license, or time-sharing arrangement is permitted, except as expressly
authorized by Rogue Wave. If Licensee uses, copies, or modifies the Licensed Software or RW Libraries or transfers
possession of any copy, adaptation, transcription, or merged portion thereof to any other party in any way not
expressly authorized by Rogue Wave, all licenses under this License Agreement are automatically terminated.
3.3 Proprietary Protection. Rogue Wave shall have sole and exclusive ownership of all right, title, and interest
in and to the Licensed Software and all modifications and enhancements thereof (including ownership of all trade
secrets and copyrights pertaining thereto), subject only to the rights and privileges expressly granted to Licensee
herein by Rogue Wave. This License Agreement does not provide Licensee with title or ownership of the Licensed
Software, but only a right of limited use. Licensee must keep the Licensed Software free and clear of all claims, liens,
and encumbrances.

Visual T&D - Installation guide page 115

External libraries licensing descriptions Appendix

3.4 Compliance Verification. Licensee must have a commercially reasonable process in place to track the
number of developers using the Licensed Software in order to ensure that the appropriate license fees have been
paid. Licensee will, upon Rogue Wave’s request, certify in writing the number developers using the Licensed
Software, on a per product or per module basis, as of the date of the request. In the event Licensee fails to provide
such certification within thirty (30) days of Rogue Wave’s request, or, if Rogue Wave reasonably believes that a
certification provided by Licensee is inaccurate or that Licensee is otherwise not in compliance with the terms of this
License Agreement, Licensee will permit Rogue Wave, or a mutually-approved independent representative, to enter
Licensee’s premises, during regular business hours, to verify Licensee’s compliance with the terms of this License
Agreement.
3.5 Confidentiality.
(a) Confidentiality General Terms. Each party to this License Agreement agrees to keep confidential and to use only
for purposes of performing its obligations under this License Agreement, any proprietary or confidential information
of the other party disclosed pursuant to this License Agreement that is marked as confidential, is identified at the
time of disclosure as confidential, or that would reasonably be considered confidential or proprietary in nature. The
obligation of confidentiality shall not apply to information that is publicly available through authorized disclosure,
or information that is required to be disclosed by law, government order, or request to be disclosed (provided that
the receiving party shall give reasonable advance written notice to the other party prior to such disclosure and
an opportunity, at the objecting party’s expense, to take legal steps to resist or narrow such request). Licensee
acknowledges and agrees that the Licensed Software and its source code shall be deemed as Rogue Wave’s
confidential information, as more particularly provided in Section 3.5(b) of this License Agreement. Each party's
obligations of nondisclosure with regard to proprietary or confidential information are effective as of the date such
proprietary or confidential information is first disclosed to the receiving party and will expire five (5) years thereafter;
provided, however, that with respect to any proprietary or confidential information that constitutes a trade secret (as
determined under applicable laws), such obligations of nondisclosure will survive the termination or expiration of
this License Agreement for as long as such proprietary or confidential information remains subject to trade secret
protection under applicable laws.
(b) Confidentiality of Source Code. Licensee agrees to maintain in confidence the source code version of the
Licensed Software by using at least the same physical and other security measures as Licensee uses for its own
confidential technical information and documentation, but in no case less than reasonable measures. Licensee
further agrees not to disclose the source code version of the Licensed Software, or any aspect thereof (including,
without limitation, header files), to anyone other than employees or contractors who have a need to know or obtain
access to such information in order to support Licensee’s authorized use of the Licensed Software and are bound
to protect such information against any other use or disclosure. These obligations shall not apply to any information
generally available to the public, ascertainable based on the operation of the binary code version of Applications,
independently developed or obtained without reliance on Rogue Wave's information, or as approved for release in
writing by Rogue Wave without restriction.
3.6 Development of Applications. The Licensed Software is intended for use by sophisticated developers.
Licensee is responsible for selecting persons who are qualified to use the Licensed Software on Licensee’s
own equipment and are familiar with the Licensed Software. Licensee is also responsible for ensuring a proper
environment and proper utilities for the development and execution of Applications utilizing the Licensed Software.
Licensee represents that it has the requisite expertise to evaluate the suitability of the Licensed Software and that
it has undertaken its own investigation of the suitability of the Licensed Software in the Applications. Licensee
represents that it has relied upon its own skill and judgment in selecting the Licensed Software and developing the
Applications.
3.7 Relationship with End Users. There are no third-party beneficiaries to this License Agreement. Consequently,
Rogue Wave provides no warranty at all to any person, other than the limited warranty provided to Licensee
hereunder. Licensee will be solely responsible for the development of the Applications authorized by this License
Agreement and for providing all support or services required or requested by end users of the Applications. Licensee
will not make any representations or warranties to its employees, customers, end users or any other third party
on Rogue Wave’s behalf. Rogue Wave assumes no responsibility under this License Agreement, either directly

Visual T&D - Installation guide page 116

External libraries licensing descriptions Appendix

or indirectly, for damages to Licensee or third parties resulting from the direct or indirect use of the Applications
created by or on behalf of Licensee and Licensee shall defend and hold harmless Rogue Wave from any such
damages. Licensee hereby agrees to indemnify and hold harmless Rogue Wave from and against all claims, actions,
or demands arising with respect to Applications developed and/or distributed by Licensee, with the sole exception of
those matters for which Rogue Wave bears responsibility under Section 7 of this License Agreement. The foregoing
indemnity shall be contingent upon Rogue Wave: (a) giving written notice to the Licensee of any claim, demand, or
action for which indemnity is sought; (b) fully cooperating in the defense or settlement of any such claim, demand, or
action; and (c) obtaining the prior written agreement of the Licensee to any settlement or proposal of settlement.
3.8 Remedies. Licensee acknowledges that, in the event of Licensee’s breach of any of the foregoing provisions,
Rogue Wave will not have an adequate remedy in money or damages. Rogue Wave will therefore be entitled to
obtain an injunction against such breach from any court of competent jurisdiction immediately upon request without
posting a bond. Rogue Wave’s right to obtain injunctive relief shall not limit its right to seek further remedies.
4. MAINTENANCE AND SUPPORT OF LICENSED SOFTWARE. Rogue Wave or its authorized resellers shall
provide Maintenance and Support on the Licensed Software at the level and for the period for which Licensee has
paid the applicable fees as specified in on the Order. Maintenance and Support services provided by Rogue Wave
are provided in accordance with Rogue Wave’s standard maintenance and support and obsolescence policies, which
are subject to change. Maintenance and Support is limited to platforms listed on Rogue Wave’s current product
support matrix, which is also subject to change. Licensee is responsible for ensuring that its development and
deployment environment is on the current product support matrix. Off-matrix support is available from Rogue Wave
for an additional fee.
5. FEES AND PAYMENT. License fees and Maintenance and Support fees will be as set forth on the applicable
Order. All license fees and Maintenance and Support fees that are invoiced to Licensee will be payable by Licensee
in United States Dollars, unless otherwise set forth on the Order. All invoices shall be due and payable within thirty
(30) days after the invoice date. If Licensee fails to pay any amounts due under this License Agreement by the
due date, Rogue Wave will have the right to charge interest at a rate equal to the lesser of 1.5% per month, or the
maximum rate permitted by applicable law, until Licensee pays all amounts due. Licensee is required to pay any
sales, use GST, value-added withholding, or similar taxes or levies, whether domestic or foreign, other than taxes
based on the income of Rogue Wave. Rogue Wave may adjust the fees charged to Licensee hereunder on notice
(electronic notice is sufficient) delivered to Licensee at least forty-five (45) days prior to the end of the then-current
subscription term, or Maintenance and Support term (and such fees will take effect beginning on the start of the
next term). Notwithstanding the foregoing, Rogue Wave may increase the fees for any term over the fees from
the preceding term by the greater of 5% and CPI. Except as expressly set forth in Section 6.1, all fees are non-
refundable.
6. LIMITED WARRANTY, DISCLAIMER AND LIMITATION OF LIABILITY.
6.1 Limited Warranty. Rogue Wave warrants to Licensee that the unaltered Licensed Software, when used as
permitted under the License Agreement and in accordance with the instructions in the Documentation, will operate
substantially as described in the Documentation for a period of thirty (30) days from the date of delivery (the
“Software Warranty Period”). The Licensed Software is provided to Licensee as source code and is for use by
sophisticated software developers, and Rogue Wave does not warrant that use of the Licensed Software will be
uninterrupted or error-free, that all errors will be corrected, or that use of the Licensed Software will meet Licensee’s
needs. Rogue Wave will, at its own expense and as its sole obligation and Licensee’s sole and exclusive remedy for
any breach of this warranty, use commercially reasonable efforts to correct any reproducible error in the Licensed
Software reported to Rogue Wave by Licensee in writing during the Software Warranty Period; provided, however,
that no such error correction provided to Licensee will extend the original Software Warranty Period. If Rogue Wave
determines that it is unable to correct the error, Rogue Wave may, upon approval by Licensee, refund to Licensee
the fees paid by the Licensee for the defective Licensed Software and terminate the License Agreement and all
licenses granted herein. In the event Licensee does not approve of such refund and termination of the License
Agreement, Licensee will be entitled to keep the Licensed Software and use it pursuant to the licenses granted
herein; provided, however, that Rogue Wave will not be obligated to provide Maintenance and Support for the
Licensed Software that is impacted by the reported defect.

Visual T&D - Installation guide page 117

External libraries licensing descriptions Appendix

6.2 Exclusions. The limited warranty set forth above will not apply to defects resulting from, or because of,
modifications made to the Licensed Software by anyone other than Rogue Wave, misuse, failure of media not
furnished by Rogue Wave, operation with media, software or equipment not authorized by Rogue Wave in the
Documentation or not meeting or not maintained in accordance with the supplier’s specifications or causes other
than ordinary use. The warranty set forth above will not be enlarged, diminished, or affected by, and no obligation
or liability will arise from, Rogue Wave’s rendering of technical advice, assistance or service in connection with
Licensee’s selection or use of the Licensed Software. Certain open source or other-vendor software may be
distributed with the Licensed Software or recommended in connection with its installation and use. Such products
are provided or recommended for Licensee’s convenience only. Rogue Wave makes no representation or warranty
of any kind regarding such products. Rogue Wave offers no support for such products and shall have no liability
associated with their use. Licensee’s use of these products shall be in accordance with the licenses for such
products, copies of which are included with the products and/or in the Rogue Wave documentation.
6.3 DISCLAIMER. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 6.1 ABOVE, THE
LICENSED SOFTWARE IS PROVIDED “AS IS,” WITHOUT REPRESENTATIONS OR WARRANTIES OF
ANY KIND. ROGUE WAVE SPECIFICALLY DISCLAIMS ALL OTHER PROMISES, REPRESENTATIONS OR
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AND ANY
IMPLIED WARRANTY ARISING FROM COURSE OF PERFORMANCE OR COURSE OF DEALING.
6.4 LIMITATION OF LIABILITY. THE CUMULATIVE LIABILITY OF ROGUE WAVE TO LICENSEE FOR ALL
CLAIMS RELATING TO THE LICENSED SOFTWARE AND THIS LICENSE AGREEMENT, INCLUDING ANY
CAUSE OF ACTION SOUNDING IN CONTRACT, TORT, OR STRICT LIABILITY, SHALL NOT EXCEED THE
TOTAL AMOUNT OF ALL LICENSE FEES PAID TO ROGUE WAVE HEREUNDER. THIS LIMITATION OF
LIABILITY IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS
LICENSE AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE. THIS LIMITATION OF
LIABILITY SHALL NOT APPLY TO THE INDEMNIFICATION PROVIDED IN SECTION 5 HEREOF. ROGUE
WAVE SHALL HAVE NO LIABILITY FOR LOSS OF DATA OR DOCUMENTATION, IT BEING UNDERSTOOD
THAT LICENSEE IS RESPONSIBLE FOR REASONABLE BACK-UP PRECAUTIONS. IN NO EVENT SHALL
ROGUE WAVE BE LIABLE FOR ANY LOSS OF PROFITS; ANY INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES; OR ANY CLAIMS OR DEMANDS BROUGHT AGAINST LICENSEE, EVEN IF
ROGUE WAVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH CLAIMS OR DEMANDS. THIS LIMITATION
UPON DAMAGES AND CLAIMS IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER
PROVISIONS OF THIS LICENSE AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE.
LICENSEE MAY HAVE ADDITIONAL RIGHTS UNDER CERTAIN LAWS (E.G., CONSUMER LAWS) THAT DO
NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, OR THE EXCLUSION OR LIMITATION OF CERTAIN
DAMAGES. IF SUCH LAWS APPLY, CERTAIN EXCLUSIONS OR LIMITATIONS MAY NOT APPLY TO LICENSEE;
HOWEVER, ALL OTHER RESTRICTIONS AND LIMITATIONS SHALL REMAIN IN EFFECT.
7. INDEMNIFICATION. Rogue Wave agrees to defend Licensee from and against any third-party claims alleging that
the Licensed Software furnished and used within the scope of this Agreement infringes or misappropriates a U.S.
patent issued as of the Effective Date, copyright, trademark or trade secret and will pay all final judgments awarded
or settlements entered into on such claims. The foregoing indemnity obligation shall not extend to any claims of
infringement arising out of or related to (i) a modification of a Licensed Software by anyone other than Rogue Wave
or its duly authorized agent; (ii) the incorporation into the Licensed Software of any information provided by or
requested by Licensee; (iii) a combination of the Licensed Software with any third party software or equipment not
specified in the Documentation and where such combination is the cause of such infringement; or (iv) the use of
a version of a Licensed Software other than the then-current version if the infringement would have been avoided
by using of the then-current version. In the event the Licensed Software is held or is believed by Rogue Wave to
infringe, Rogue Wave may, at its sole option and expense, elect to (a) modify the Licensed Software so that it is non-
infringing; (b) replace the Licensed Software with non-infringing Licensed Software which is functionally equivalent;
(c) obtain a license for Licensee to continue to use the Licensed Software as provided hereunder; or if none of
(a), (b), or (c) is commercially reasonable, then (d) terminate the license for the infringing Licensed Software and
refund the license fees paid for that Licensed Software, prorated over a five (5) year term from the Effective Date.

Visual T&D - Installation guide page 118

External libraries licensing descriptions Appendix

THIS SECTION 7 STATES ROGUE WAVE’S ENTIRE LIABILITY AND LICENSEE’S SOLE AND EXCLUSIVE
REMEDY FOR ANY INFRINGEMENT OF THIRD-PARTY PROPRIETARY RIGHTS OF ANY KIND. Rogue Wave’s
indemnification obligations under this Section 7 are conditioned upon the Licensee: (a) giving prompt notice of the
claim to Rogue Wave; (b) granting sole control of the defense or settlement of the claim or action to Rogue Wave;
and (c) providing reasonable cooperation to Rogue Wave and, at Rogue Wave’s request and expense, assistance in
the defense or settlement of the claim.
8. TERMINATION.
8.1 Term. The term of this License Agreement will begin as of the date that Licensee receives the Licensed Software
and will remain in effect perpetually unless terminated under this Section 8.
8.2 Termination for Cause. Rogue Wave may terminate this License Agreement if Licensee breaches its obligations
hereunder. Rogue Wave will begin the termination process by giving Licensee notice of termination, specifying
therein the alleged breach. If the breach is curable, Licensee will have a grace period of thirty (30) days after such
notice is served to cure the breach described therein. If the breach is cured within the thirty (30) day grace period,
then this License Agreement will remain in effect; otherwise, this License Agreement will automatically terminate
upon the conclusion of the thirty (30) day grace period.
8.3 Effect of Termination. Upon termination of the License Agreement for any reason the following terms shall apply:
(a) all rights granted under this License Agreement will immediately terminate and Licensee must immediately stop
all use of the Licensed Software; (b) Licensee must return to Rogue Wave or destroy all copies of the Licensed
Software provided to or made by or on behalf of Licensee, and will, within ten (10) days after the effective date of
termination, provide Rogue Wave with written certification that all such copies have been returned or destroyed; and
(c) all provisions of this License Agreement with the exception of the licenses granted in Section 2 and Maintenance
and Support obligations set forth in Section 4 will survive termination of this License Agreement for any reason.
Termination of the License Agreement will not affect Licensee’s obligation to pay all amounts accrued hereunder
prior to the effective date of termination.
9. MISCELLANEOUS.
9.1 Severability. If any term or provision of the License Agreement is found to be invalid under any applicable
statute or rule of law, then, that provision notwithstanding, the License Agreement will remain in full force and effect,
and in such event, such provision will be changed and interpreted so as to best accomplish the objectives of such
unenforceable or invalid provision within the limits of applicable law or applicable court decisions.
9.2 Force Majeure. Neither party will be deemed to be in breach of this License Agreement, nor otherwise liable
to the other, by reason of any delay in performance or non-performance of any of its obligations under this License
Agreement arising out matters beyond the reasonable control of a party, including, war, strikes, lock outs, or
industrial disputes (except in relation to a party's own workforce), outbreak of hostilities, riots, civil disturbances,
pandemics, epidemics, or quarantines, acts or orders of any government department or constituted body, fire,
explosion, earthquake, flood, acts of God, or acts of terrorism; provided, however, that no event will be treated as
beyond the reasonable control of a party if it is attributable to a willful act or omission by such party, or any failure
by such party to take reasonable precautions or any failure to mitigate or take reasonable steps to overcome such
event. If the performance of the impacted party is prevented for a period of thirty (30) days or more, the party not
affected may terminate this License Agreement upon providing seven (7) days’ advance written notice to the affected
party.
9.3 Governing Law/Forum Selection. The License Agreement and the parties’ rights and obligations hereunder
shall be solely and exclusively construed, interpreted and enforced under and in accordance with the laws of the
State of Delaware, United States of America, without any reference to conflicts of law principles. The parties agree
that the U.N. Convention on the International Sale of Goods shall not apply to the License Agreement. All disputes
between the parties shall be brought and resolved solely and exclusively in the state or federal courts located in
the State of Delaware, United States of America. Both parties hereby irrevocably consent to the jurisdiction of such
courts and service of process in connection therewith. Any judgment rendered by such courts may be entered and

Visual T&D - Installation guide page 119

External libraries licensing descriptions Appendix

enforced by any court having jurisdiction over the party against which an award is entered or its assets. Both parties
hereby irrevocably waive any objections to the jurisdiction of such courts based on any ground, including without
limitation improper venue or forum non conveniens.
9.4 No Joint Venture. Nothing contained in the License Agreement will be construed so as to make the parties
partners or joint venturers or to permit either party to bind the other party to any agreement or purport to act on
behalf of the other party in any respect.
9.5 Waiver and Modifications. Failure by either party to enforce any rights under this License Agreement will not
be construed as a waiver of such rights, and a waiver by either party of a default hereunder in one or more instances
will not be construed as constituting a continuing waiver or as a waiver in other instances. No modification of this
License Agreement shall be binding unless it is in writing and is signed by an authorized representative of the party
against whom enforcement of the modification is sought.
9.6 Import/Export Law. Licensee may not import, use, or otherwise export or re-export the Licensed Software
except as authorized by United States law and the laws of the jurisdiction in which the Licensed Software was
obtained.
9.7 Taxes. License fees and Maintenance and Support fees are exclusive of, and Licensee will pay, all shipping
charges and all taxes, duties and other charges or fees imposed by governmental authorities arising out of the
License Agreement or the use of the Licensed Software by Licensee and its Licensed Developer(s). In addition, if
any Licensed Software will be delivered to points outside of the United States, all export duties, import duties, tariffs,
value added taxes, licenses and other similar taxes, duties and fees will be paid by Licensee. If Licensee is required
by the laws of any jurisdiction to deduct or withhold from any payment to Rogue Wave any income taxes which
may be levied against Rogue Wave, then Licensee’s payment shall be increased to an amount equal to the pre-tax
payment due divided by a factor equal to one minus the applicable foreign tax rate. The tax shall then be applied to
and deducted from the increased payment.
9.8 U.S. Government Rights. The Licensed Software is a “commercial item” as that term is defined at 48 C.F.R.
2.101, consisting of “commercial computer software” and “commercial computer software documentation” as
such terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through
227.7202-4, all U.S. Government end users acquire the Licensed Software with only those rights set forth in this
License Agreement.
9.9 Assignment. This License Agreement, or any of your rights and obligations under this License Agreement,
cannot be assigned or otherwise transferred in whole or in part, and any such attempted assignment or transfer by
Licensee in violation of the foregoing will be null and void.
9.10 Entire Agreement. This License Agreement, including all invoices hereunder, constitutes the sole and entire
agreement of the parties with respect to the subject matter hereof and supersedes and cancels any prior and
contemporaneous oral or written proposals, promises, or agreements. There are no promises, covenants, or
undertakings other than those expressly set forth in this License Agreement. If Licensee issues a Licensee purchase
order, or any other Licensee-generated documentation, and the terms and conditions conflict with this License
Agreement, the terms and conditions contained in this License Agreement, including all invoices incorporated
hereunder, will control. For purposes of clarity, no terms, or conditions, including any pre-printed or boilerplate terms
and conditions, stated in any Licensee purchase order, or in any other Licensee documentation, will be incorporated
into or form any part of this License Agreement, and all such terms or conditions will be null and void and of no force
and effect.
9.11 English Language. The parties hereto have expressly required that the present License Agreement be drawn
up in the English language. / Les parties aux présentes, ont expressément exigé que la présente Convention soient
rédigées en langue anglaise.
10. EVALUATION LICENSE. The terms of this Section 10 shall solely apply to Licensed Software licensed for
purposes of Evaluation (the “Evaluation Software”). The terms of Sections 2, 6.1, 6.2, 6.3 and 8 shall not apply to the
parties’ rights and obligations with respect to Evaluation Software.

Visual T&D - Installation guide page 120

External libraries licensing descriptions Appendix

10.1 Rights and Restrictions.

• (a) Rogue Wave grants Licensee a non-exclusive, non-transferable license to (i) install the Evaluation Software
on Licensee’s internal server in the country to which such Evaluation Software is delivered, and (ii) use the
Evaluation Software for the sole purpose of internally evaluating the Evaluation Software, for a period agreed to
in writing between Licensee and Rogue Wave, or the period specified in the applicable license key delivered to
Licensee for the Evaluation Software and any extensions thereto (the “Trial Period”). Licensee may not make use
of the Evaluation Software and the Output for any commercial or production purposes. Licensee shall not make
the Evaluation Software, and the Output available to any third parties.
• (b) Rogue Wave may provide Licensee with limited installation support for the Evaluation Software during the Trial
Period.
• (c) Upon the expiration of the Trial Period, the license granted in Section 10.1(a) above shall terminate, and
Licensee shall uninstall and cease use of the Evaluation Software. Rogue Wave may also include a "time bomb"
within the Evaluation Software that shall prevent use of the Evaluation Software after the Trial Period has expired.
Notwithstanding the Trial Period, this License Agreement shall terminate immediately upon notice from Rogue
Wave if Licensee fails to comply with any provision of this License Agreement.
10.2 Exclusion of Warranties. ALL EVALUATION SOFTWARE AND MAINTENANCE SUPPORT SERVICES
THAT ARE PROVIDED BY ROGUE WAVE OR ANY OF ITS AFFILIATES ARE PROVIDED “AS IS.” NO
WARRANTIES OR COMMITMENTS, EXPRESS OR IMPLIED, ARE MADE WITH RESPECT TO THE
EVALUATION SOFTWARE OR MAINTENANCE AND SUPPORT SERVICES SUPPLIED BY ROGUE WAVE
HEREUNDER, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, SYSTEMS INTEGRATION, TITLE, SATISFACTORY QUALITY
AND NON-INFRINGEMENT. THE SOLE REMEDY OF LICENSEE FOR ANY ASSERTED DEFECT, ERROR,
OR OTHER SHORTCOMING IN THE EVALUATION SOFTWARE IS THAT LICENSEE MAY REQUEST
MAINTENANCE AND SUPPORT SERVICES FOR EVALUATION SOFTWARE.
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Visual T&D - Installation guide page 121