Before Eton Ingenious can be installed, some requirements must be met.
Server
Server should be scaled so that the machine is performant in tasks and leaves a good amount of headroom for Eton Services to run undisturbed. The server should be dedicated to only Eton Services software and dependencies, and if using a virtual server have a dedicated bandwidth to ensure performance at all times.
Server including related equipment is supplied by the Customer.
Dedicated virtual or physical machine placed in house, in a protected environment
Cabled ethernet access to rest of system, WiFi is not supported
Power through Uninterruptible power supply (UPS)
Remote access via TeamViewer, configured for unattended access
- Screen resolution of at least 1920x1080 for remote access
- Set up for unattended access. See install guide, follow step "Install TeamViewer Host manually" then configure it for unattended access
- Password must be persistent through reboot
Open inbound/outbound network ports according to specification
Server: Recommendation for medium/large system
- Windows Server 2019 or later, English language version
- CPU with equivalent or better performance of Intel Xeon 5118
- 4 or more dedicated CPU cores assigned to virtual machine
- 32 GB DDR4 RAM or more
- Main SSD Hard drive 500GB or more
- Highly recommended to use a local drive instead of a network storage device
- Secondary drive for backup mirroring, at least 250 gb
- Alternately running virtual server with snapshots
Computer: Recommendation for medium/large system
- Windows Server 2019 or Windows 10, English language version
- CPU with equivalent or better performance of Core-i9 12900K
- 4 or more CPU cores
- 32 GB DDR4 RAM or more
- Main SSD Hard drive 500GB or more
- Highly recommended to use a local drive instead of a network storage device
- Secondary drive for backup mirroring, at least 250 gb
Software
Antivirus scans
The performance and functionality of the software may be adversely affected if critical folders are not excluded from antivirus scans. The recommended exclusions are:
- C:/Eton
- C:/Program Files/MongoDb
- EtonService.exe
- Eton Updater.exe
- MeltdownService.exe
Eton reserves the right to include additional exceptions beyond those listed and utilizes other third-party software that may fall under these exceptions. Customers are advised to exercise discretion and avoid overly restrictive server limitations that could affect software functionality.
Failure to follow these recommendations may result in suboptimal performance, data loss, or corruption.
The responsibility for configuring antivirus exclusions lies with the customer.
Known conflicts with 3rd party applications
Software: Datto Backup
Issue: Datto Backup causes SQL timeouts.
Impact: The main production database and associated programs become non-functional.
Resolution: Outside of production-hours, ensure the Eton-service is gracefully shut down before initiating the Datto backup. Start Eton-service when backup is complete.
Software: Kaspersky Endpoint Security
Issue: Kaspersky Endpoint Security locks MongoDB diagnostic files.
Impact: The MongoDB service fails to start, resulting in reports and historical logging being unavailable.
Resolution: Exclude the MongoDB folder (C:/Program Files/MongoDb) from Kaspersky Endpoint Security scans.
Server access
Eton Systems needs server access to provide proper support. If there are any issues with production we often need to look at server logs and other historical data to determine how to remedy the problem.
We usually use Teamviewer for accessing customer's servers. If that is unavailable the customer needs to set up a VPN connection that can be used.
Please contact the Eton Support Team about instructions how to install TeamViewer.
Frequently asked questions:
- Do I have to get a Teamviewer account or pay for a subscription?
- No, you do not need an account. Eton Systems has an account that will be used.
- Can you set this up for us?
- No, since the responsibility for server installation lies with the customer.
- Our company policy prohibits us from allowing unattended access. Is that a requirement?
- Yes and no. We know from experience that not allowing unattended access is usually a problem, especially when there is a timezone difference. Please be aware that Eton Systems might not be able to give support and help with ongoing issues if we cannot access the server.
- It is possible to use TeamViewer's Quicksupport application which works as a supervised session that needs to be accepted by both sides. The application does not have to be installed and is only active for the ongoing session.
Networking
The server should be assigned a fixed IP address, and be able to communicate directly with the ICU unit, which should be on the same network - preferably even same subnet.
It is vitally important that the network connection between the ICU and server is reliable. If the network experiences abnormal latency or dropped packages the communication and functionality of the system will be impacted. The customer provides the network hardware (routers, cables, etc) and personnel to maintain the network. Eton Systems cannot be held liable for outages caused by networking issues.
To enable encrypted communication as well as easy access to the Eton UI, a local DNS entry may be created for the server. This should be set up with the domain eton.systems pointing to the server IP. The same thing can be done for the ICU devices, this time like icu1.eton.systems, icu2.eton.systems and so on.
If you try to access this domain outside of a production network you will instead be shown a warning about this, since this domain is only meant for internal network use.
Virtual Machines (VM)
It is recommended (but not a requirement) to use a virtual machine for the server instead of a physical machine.
A virtual machine enables making backups of the whole machine instead of for instance just the databases.
Make sure any system backups are done outside of production hours to not cause disruptions in the software.
Make sure to give the virtual machine sufficient resources, preferably should run on a dedicated server to ensure a performant system.
If using a virtual machine through for example Hyper-V, make sure to use the IP address of the virtual machine instead of the physical server, when setting up external access, opening up addresses and ports in the firewall etc.
Firewall
Some ports must be opened on the Eton API server to allow essential communication on the local network:
Inbound traffic
| Port | Protocol | Comment |
|---|---|---|
| 1883 | TCP (MQTT) | Used for communicating between server and ICU |
| 80 | TCP (HTTP) | Used for communicating between server and clients |
| 443 | TCP (HTTP) | Used for communicating between server and clients |
| 6040 | TCP (updater, HTTP) | Used for downloading software update packages for server and ICU |
| 6041 | TCP (updater, HTTPS) | Used for downloading software update packages for server and ICU |
In addition, some hosts must be made available for outgoing traffic for updates and system health monitoring:
Outbound traffic
| Domain | Comment |
|---|---|
| ingenious.etonsystems.com | Used for documentation site as well as the Tracker (system health monitoring) |
| etonsystems.pkgs.visualstudio.com | Used for downloading software update packages for server and ICU |
Backup
Backups of production databases (and customer specific databases where applicable) are taken on a regular basis. How often and where they are stored is configured through the Ingenious UI.
Our recommendation is to store backup files on a separate harddrive, in case of for instance hardware failure. We also recommend to combine this with backups of the server itself.
Eton can help with setting up backup scripts, but responsibility for the server/computer itself lies with the customer.
⚠️ If using external backup software, make sure it is set up so that backups are not being run during production hours. Eton Ingenious backs up the most critical data itself every half hour, and external backup software may lock the drive and prevent the database from working properly which can lead to a host of other issues.
Licenses
- Windows or Windows Server - Required
- TeamViewer - No license required as Eton is holding the license for connection.
- SQL Server - Not required
Required licenses are supplied by the Customer
ICU Preparation
The ICU (Ingenious Control Unit) is a device for bridging the CAN network with the Ethernet network. There can be one or more devices in the physical system. These devices will be provided by Eton Systems during the installation of the production system.
The physical location(s) for the ICU should be specified on the blueprints provided by Eton, but they are always close to the production system.
ICU is supplied by Eton.
Checklist
- Power outlet at each location, 110-230V
- Ethernet outlet or Ethernet cable at each location. The ICUs need to have a cabled ethernet connection to the Eton API server, WiFi is not supported.
- Dedicated IP address for each ICU device. These should be allotted well in advance of installation, since the devices may be configured in advance.
- A bitmask representing the subnet mask. It's recommended to keep the ICU on the same subnet as the Ingenious server.
- Gateway IP address
- DNS IP address
Clients
Clients can be computers, tablets, mobiles or any device able to use a web browser. Clients should be able to connect to the API server via WiFi (or cable) on the same network.
No installation is needed on clients, since the user interface is reached via web browser.
For users of mobile devices, Android and Chrome browser is recommended.
If many client devices (bundle tracking clients, web terminals, laptops, tablets, etc) are expected to connect to the server through Wi-Fi, the clients and router should support the Wi-Fi 6 standard to ease network congestion and ensure reliability.
Client devices are supplied by the Customer.