1. System Requirements
>> elproMONITOR Software - System Requirements
This manual is based on Windows Server 2019 (ENU) and SQL Server 2019 (ENU). If you use other Windows versions, some details may vary from the instructions in this manual.
For Windows Server and client oprating systems like Windows 10/11 only English and German are supported!
1.1. Supplied Program Packets
The list below contains the software packets supplied.
SW Module | Description | Directory | |
---|---|---|---|
elproMONITOR Service | Service which reads the measuring values out of the loggers and writes them to the database. | Program Files\elproMONITOR <VersionNumber>\MonitorService\ | |
elproMONITOR Web Application | elproMONITOR web application called up from the browser. | websites\elproMONITOR <version number>\WebClient | |
elproMONITOR SQL Script | SQL script which is needed to create the schema for the elproMONITOR database. | Setup Files\SQLScripts\CreateMonitorSchema.sql | |
Management Tool | The Management Tool is needed to create the configuration XMLs and to enter and activate the license key. | Program Files\elproMONITOR ManagementTool <Version Number> | |
MSVC Redistributables | Redistributables which are needed to execute elproMONITOR. | Setup Files | |
elproEVENT Application | The elproEVENT application. | Program Files\elproEVENT <Version Number>\Application Folder | |
elproEVENT SQL Script | SQL script which is needed to create the schema for the elproEVENT database. | Setup Files\SQLScripts\CreateEventSchema.sql | |
elproUSER Service | Service that uses rights and user management. | Program Files\elproUSER<Versionsnumber>\UserService | |
elproUSER SQL Script | SQL script which is needed to create the schema for the elproUSER database. | Setup Files\SQLScripts\CreateUserSchema.sql | |
RabbitMQ Service | Service, which communicates with the ECOLOG-PRO Radio Module via MQTT protocol. | Setup Files\RabbitMQ 3.12.10 | |
ProModulConfigurator | Configuration tool for editing the ECOLOGPRO modules | Program Files | |
RBRConfigurator | Config-Tool zum bearbeiten der ECOLOG-PRO RBR Modules | Program Files |
3. Definition of Target System
Before you start the installation, define how the target system should look like.
3.1. Default Proposal to Create New Users
User | Access Rights |
---|---|
elproMonitorDBUser | Dedicated user for the elproMONITOR application database. Has read/write rights to this database. |
elproEventDBUser | Dedicated user for the elproEVENT application database. Has read/write rights to this database. |
elproUserDBUser | Dedicated user for the elproUSER application database. Has read/write rights to this database. In addition, read-only rights must be granted for the following tables in the elproMONITOR and elproEVENT application databases.
|
elproUser | Optionally, you can create a Windows user. Is the executing user of the elproMONITOR Service, elproEVENT, and elproUSER. |
3.2. Default Proposal to Create New Databases
Database | Description |
---|---|
elproMONITOR | Database for the elproMONITOR application. |
elproEVENT | Database for the elproEVENT application. |
elproUSER | Database for the elproUSER application. |
3.3. Default Proposal to Create Directories
Name | Description | Default Path Proposal |
---|---|---|
Program Directory | Programs are installed in the default program directory. | C:\Program Files\ELPRO |
Configuration Directory | Stores database access configurations and licensing data | C:\ProgramData\ELPRO\License |
Web Application Directory | For safety reasons, we urgently advise you to install the web client application in the official web publication directory. It is possible to install the web application together with IIS on a separate computer. The installation directory relates to this computer | C:\ProgramData\ELPRO\Websites |
4. Installing the Basic System
4.1 Server
4.1.1. Server Setup
Standard server installation
Configure server name
Control Panel → System → Change Settings → Computer Name → Change
Enter new name:
e.g. MONITOR
4.1.2. Firewall Configuration
4.1.2.1. Activate Remote Desktop Service
Remote Desktop
Control Panel → System → Change settings → Remote → Remote DesktopAllow
Allow remote connection on this computer only from computers running Remote Desktop with Network Level Authentication.
Firewall Rules
Control Panel → Windows Firewall → Advanced Settings → Inbound RulesAllow
Remote Desktop - User Mode (TCP-In) Profile Public
4.1.2.2. Allow Ping
Firewall Rules
Control Panel → Windows Firewall → Advanced Settings → Inbound RulesAllow
File and Printer Sharing (Echo Request - ICMPv4-In)
4.1.2.3. Firewall ports and protocol overview
Name | Windows Firewal Rule | From | To | Port | Protocol | Comments |
ECOLOG-NET | Incoming | AppServer | Logger | 2101 | TCP | n/a |
ECOLOG-PRO | Incoming | AppServer | Logger | 502 | TCP | n/a |
ECOLOG-PRO Push | Incoming | AppServer | Logger | 1883 | TCP/UDP | unencrypted access |
ECOLOG-PRO Push | Incoming | AppServer | Logger | 8883 | TCP/UDP | encrypted access |
SMS-Modem | Incoming | AppServer | Modem | 10001 | TCP | n/a |
Website Access | Incoming | WebServer | Clients | 80.81 | http | unencrypted access |
Website Access | Incoming | WebServer | Clients | 443 | https | encrypted access |
SQL-Instance | Incoming | SQL-Server | AppServer | 1433 | TCP | Default Instance |
SQL-Browser | Incoming | SQL-Server | AppServer | 1434 | UDP | Named Instance |
WcfBaseAddress | Incoming | AppServer | WebServer | 8000, 8001 | TCP | Webserver is separated |
4.1.2.4. Firewall Rules
http://msdn.microsoft.com/de-ch/library/ms175043.aspx
4.2 IIS Installation
IIS must be installed on the computer on which the web application is to run.
Start Server Manager.
Right-click Roles → Add Roles in order to start the Add Roles Wizard.
Depending on the version of the Windows Server, select Installation Type → Rolebased or feature based installation
Select Web Server (IIS).
Use the following Settings in the Role services section.
Web Server
Common HTTP Features
Static Content
Default Document
Directory Browsing
HTTP Errors
Application Development
ASP.NET (3.5 und 4.5) - only ECOLOG NET relevant
.NET Extensibility (3.5 und 4.5) - only ECOLOG NET relevant
ISAPI Extensions
ISAPI Filters
Health and Diagnostics
HTTP Logging
Request Monitor
Security
Request Filtering
Performance
Static Content Compression
Management Tools
IIS Management Console
NET Framework 7.0 is required. Installation packages of .NET Hosting Bundle and Desktop Runtime are included in the installation package.
4.2.2. Windows Update
Execute Windows Update to ensure that all patches are installed for the .NET Framework.
4.3. MS SQL Server
4.3.1. Basic Installation (for example, with MSSQL 2019 Full Version)
Start SQL Server Installer.
Left-click Installation.
Select New SQL Server stand-alone installation.
Click through the licensing instructions and confirmations.
SQL Server Feature Installation
Select
Database Engine Services
Management tools – Basic
Management Tools - Complete
Define server instance.
e.g. Default instance, InstanceID ELPRODBSERVERIn the section Server Configuration under Service Account, set the Startup Type of the SQL Server Browser to Automatic.
In the section Database Engine Configuration under Server Configuration → Authentication Mode, select the option Mixed Mode (SQL Server authentication and Windows authentication) and define a password for “SA” users.
Click through to Installation and then close.
Start SQL Server Configuration Manager.
Navigate to SQL Server Network Configuration → Protocols for MSSQLSERVER and check if TCP/IP is set to Enabled.
Double-click on TCP/IP to open Properties.
a Change to the IP Addresses tab and in the section IP2, check the following settings and adapt, if necessary:
IP Address: <Server IP address>
TCP Dynamic Ports: <empty>
TCP Port: 1433If changes to the settings have been made, save them by clicking Apply.
Close SQL Server Configuration Manager and reboot the Windows Server.
4.4. Copy Program and Webclient files
Source directory | Destination directory | Comment |
---|---|---|
<Setupdirectory>\Program Files\elproMONITOR <Versionnumber> | <Programdirectory>\elproMONITOR <Versionnumber> | |
<Setupdirectory>\Program Files\elproEVENT <Versionnumber> | <Programdirectory>\elproEVENT <Versionnumber> | |
<Setupdirectory>\Program Files\elproUSER <Versionnumber> | <Programdirectory>\elproUSER <Versionnumber> | |
<Setupdirectory>\websites\elproMONITOR | <Webapplicationsdirectory>\elproMONITOR | On the same machine where IIS has been installed. |
<Setupdirectory>\websites\elproUSER | <Webapplicationsdirectory>\elproUSER | On the same machine where IIS has been installed. |
4.5. Installing Redistributables
4.5.1. Installation MSVC 2013 Redistributables
Execute …\Setup Files\MSVC 2013 Redistribuatable\vcredist_x64.exe.
Select the checkbox "I agree to the license terms and conditions" and press Install.
The redistributable is installed. After installation, confirm with Close.
4.5.2. Installation MSVC 2015 Redistributables
Execute directory …\Setup Files\ MSVC 2015 Redistribuatable \vc_redist.x64.exe.
Select the checkbox "I agree to the license terms and conditions" and press Install.
The redistributable is installed. After installation, confirm with Close.
4.6. RabbitMQ Installation
Find these prerequisite Installation FIle in the Release package or download here:
RabbitMQ 3.12.10 - download from https://github.com/rabbitmq/rabbitmq-server/releases
Erlang/OTP 26.1.2 - download from https://www.erlang.org/downloads
4.6.1. Install Erlang/OTP
Download the installer and run the exe file. Installer wizard help you through the install process.
4.6.2. Download rabbitmq_message_timestamp plugin
Is no longer necessary with RabbitMQ 3.12.10
4.6.3. Install RabbitMQ
Enable the RabbitMQ Management web interface and MQTT
"c:\Program Files\RabbitMQ Server\rabbitmq_server-3.12.10\sbin\rabbitmq-plugins.bat" enable rabbitmq_management "c:\Program Files\RabbitMQ Server\rabbitmq_server-3.12.10\sbin\rabbitmq-plugins.bat" enable rabbitmq_mqtt "c:\Program Files\RabbitMQ Server\rabbitmq_server-3.12.10\sbin\rabbitmq-service.bat" stop "c:\Program Files\RabbitMQ Server\rabbitmq_server-3.12.10\sbin\rabbitmq-service.bat" start
4.6.4. Apply the advanced configurations
Stop the service
"c:\Program Files\RabbitMQ Server\rabbitmq_server-3.12.10\sbin\rabbitmq-service.bat" stop
Copy the file RabbitMQ.conf from installation package to destination folder.
destination folder:c:\Programdata\ELPRO\RabbitMQ
Start the service
"c:\Program Files\RabbitMQ Server\rabbitmq_server-3.12.10\sbin\rabbitmq-service.bat" start
4.6.5. Settings to set in elproMONITOR’s database (dbo.Settings table)
Default values are shown below:
RabbitMQPortAMQP 5672 unencrypted or 5671 encrypted
RabbitMQPortMQTT 1883 unencrypted or 8883 encrypted
4.6.6. Import the RabbitMQ configuration on the management UI
Open the >> RabbitMQ management interface - http://<IP-Address>:15672 (
Login (Standard admin credentials User: guest, Password: guest)
Navigate to Overview and select Import definitions
Import the following file: (change credentials if needed)
{ "rabbit_version": "3.12.10", "rabbitmq_version": "3.12.10", "product_name": "RabbitMQ", "product_version": "3.12.10", "users": [ { "name": "mqtt-anonymous-user", "password_hash": "I6aekaYGkw8lzLTd162z123gM9l0komfZLGoVN16yH6tKUNT", "hashing_algorithm": "rabbit_password_hashing_sha256", "tags": "management" }, { "name": "guest", "password_hash": "V/VMfaMiD8rqX5XUj/j6MelP0uYZ5wJOvZhNNu/9oMwT5+yl", "hashing_algorithm": "rabbit_password_hashing_sha256", "tags": "administrator" } ], "vhosts": [ { "name": "/" } ], "permissions": [ { "user": "mqtt-anonymous-user", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*" }, { "user": "guest", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*" } ], "topic_permissions": [], "parameters": [], "global_parameters": [ { "name": "cluster_name", "value": "rabbit@WIN-2KUAD2N2RAI" }, { "name": "internal_cluster_id", "value": "rabbitmq-cluster-id-orZSP-j34Bgdonr8S46dEw" } ], "policies": [], "queues": [ { "name": "uplink.module.measurements", "vhost": "/", "durable": true, "auto_delete": false, "arguments": { "x-queue-type": "classic" } }, { "name": "uplink.module.others", "vhost": "/", "durable": true, "auto_delete": false, "arguments": { "x-queue-type": "classic" } }, { "name": "uplink.bridge", "vhost": "/", "durable": true, "auto_delete": false, "arguments": { "x-queue-type": "classic" } } ], "exchanges": [ { "name": "rbr.uplink", "vhost": "/", "type": "direct", "durable": true, "auto_delete": false, "internal": false, "arguments": {} } ], "bindings": [ { "source": "rbr.uplink", "vhost": "/", "destination": "uplink.bridge", "destination_type": "queue", "routing_key": "~uplink.bridge", "arguments": {} }, { "source": "rbr.uplink", "vhost": "/", "destination": "uplink.module.measurements", "destination_type": "queue", "routing_key": "~uplink.module.measurements", "arguments": {} }, { "source": "rbr.uplink", "vhost": "/", "destination": "uplink.module.others", "destination_type": "queue", "routing_key": "~uplink.module.others", "arguments": {} } ] }
4.6.7. Configure RabbitMQ manually
Create the new user for the anonymous MQTT connections (change credentials if needed)
rabbitmqctl.bat add_user "mqtt-anonymous-user" "Password1234" rabbitmqctl.bat set_permissions -p / "mqtt-anonymous-user" ".*" ".*" ".*" rabbitmqctl.bat set_user_tags "mqtt-anonymous-user" management
This user is set up to be an administrator and has management access. Permissions and tags have to be fine-tuned.
Create the exchanges
Open the >> RabbitMQ management interface - http://<IP-Address>:15672
Navigate to the Exchanges tab, and add the following exchanges:
Name: rbr.uplink Type: direct Durability: durable Auto-delete: false Internal: false Arguments: empty Name: rbr.uplink.measurements Type: direct Durability: durable Auto-delete: false Internal: false Arguments: empty
Create the queues
Open the >> RabbitMQ management interface - http://<IP-Address>:15672
Navigate to the Queues tab, and add the following queues:
Name: uplink.module.measurements Type: classic Durability: durable Auto-delete: false Arguments: empty Name: uplink.bridge Type: classic Durability: durable Auto-delete: false Arguments: empty Name: uplink.module.others Type: classic Durability: durable Auto-delete: false Arguments: empty
Create the bindings
Open the >> RabbitMQ management interface - http://<IP-Address>:15672
Navigate to the Queues tab, and add the following queues:
Select the uplink.bridge queue and add the following bindings
From exchange: rbr.uplink Routing key: ~uplink.bridge Arugments: empty
Select the uplink.module.others queue and add the following bindings
From exchange: rbr.uplink Routing key: ~uplink.module.others Arugments: empty
Select the uplink.module.measurements queue and add the following bindings
From exchange: rbr.uplink Routing key: ~uplink.module.measurements Arugments: empty
5. Creating Databases
5.1 Create Application-Specific DB Logins
Start SQL Server Management Studio and login to the database as DB Administrator.
Create Login names:
elproMonitorDBUser
elproEventDBUser
elproUserDBUser
5.1.2. Procedure to create new Login names
Carry out these 5 steps for each of the three Login names.
Right-click <server name> → Security → Logins → New Login… to open the window to create a new user.
Select the option SQL Server authentication, enter <Login name> under Login name:, and enter a password (e.g. elpro).
Alternatively select Windows authentication and then select the required Windows User. Finally omit the next two steps.Untick the following checkbox:
User must change password at next login
IF THE OPTION "ENFORCE PASSWORD EXPIRATION" IS SELECTED, IT MAY CAUSE THE APPLICATION TO FREEZE IF YOU FAIL TO CHANGE THE PASSWORD IN GOOD TIME.
4. Left-click on Server Roles and tick the checkboxes for public in the list.
5. Create login by clicking OK.
5.2. Setting up elproMONITOR
5.2.1. Create the New elproMONITOR Database
Start SQL Server Management Studio and login to the database as DB Administrator.
Right-click Databases → New Database.
Enter the database name under Database name. (e.g. elproMONITOR)
If required, change DB Owner and the memory location for the database file and the database logfile (under Path).
Create database by clicking on OK.
5.2.2. Create New Main User in elproMONITOR Database
Start SQL Server Management Studio and connect to the database as DB Administrator.
Right-click <server name> → Databases → <elproMONITOR> → Security → Users → New User… to open the window to create a new user
Define the database user on the General page. As login name, use the previously entered, application-specific login name for elproMONITOR.
User type | SQL user with login |
User name | elproMonitorDBUser |
Login name | elproMonitorDBUser |
Default schema | dbo |
In the list on the Membership page, select the entries db_datareader and db_datawriter.
Create User by clicking OK.
5.2.3. Create Database Schema
Start SQL Server Management Studio and login to the database as DB Administrator.
Double-click on<Setupdirectory>\SetupFiles\SQLScripts\ MonitorSchema3.0.0.sql to open.
Click in the window of the open script. Call Query → Specify Values for Templates Parameters…(Ctrl+Shift+M) and enter the name of the previously created database. (e.g.: DatabaseName elproMONITOR)
Close the Template Parameters window by clicking OK.
Click Execute(F5) to execute the script.
5.2.4 Remove Duplicate Null Measurements (Gap filler)
What is done with this script:
Delete duplicate entries with measured value NULL
Delete entries with date 1900
ELPRO.elproMONITOR.RemoveDuplicateNullMeasurements.sql
For new installations Execute the script eM_new-installations_duplicate-null-removal_220-and-221_v3.sql
For existing installations Execute the script eM_existing-installations_duplicate-null-removal_220-and-221_v3.sql
5.2.5. Create elproUserDBUser in the elproMONITOR Database and Assign User Rights
Start SQL Server Management Studio and log in to the database as a DB Administrator.
Right-clickthe<servername>folder→Databases→<elproMONITOR>→Security →Users→New User… to open the window for the creation of a new user.
Define the database user on the General page. As login name, use the previously entered, application-specific login name for elproUSER.
User type | SQL user with login |
User name | elproUserDBUser |
Login name | elproUserDBUser |
Default schema | dbo |
On the Securables page, click Search….
In the following Add Objects window, select the option Specific objects… and click OK.
In the following Select Objects window, click top right on the button Object Types…, tick the checkbox in Tables in the new Select Object Types window, and close the window by clicking OK.
Back in the Select Objects window, right-click on Browse…. In the new Browse for Objects window appearing, tick the following checkboxes:
[dbo].[Applications]
[dbo].[FunctionNames]
[dbo].[Functions]
[dbo].[Languages]
[dbo].[Resources]
Click OK to close the Browse for Objects and the Select Objects windows.
Under Permissions for dbo….: tick the checkbox for Grant for these 5 tables in the following entries:
Select
View DefinitionCreate User by clicking OK.
5.3. Setting up elproEVENT
5.3.1. Create New elproEVENT Database
Start SQL Server Management Studio and login to the database as DB Administrator.
Right-click Databases → New Database.
Enter the database name under Database name. (e.g.: elproEVENT)
If required, change DB Owner and the memory location for the database file and the database logfile (under Path).
Create database by clicking OK.
5.3.2. Create New Main User in elproEVENT Database
Start SQL Server Management Studio and log in to the database as a DB Administrator.
Right-click the <server name> folder → Databases → <elproEVENT> → Security → Users → New User… to open the window for the creation of a new user.
Define the database user on the General page. As login name, use the previously entered, application-specific login name for elproEVENT.
User type | SQL user with login |
User name | elproEventDBUser |
Login name | elproEventDBUser |
Default schema | dbo |
In the list on the Membership page, select the entries db_datareader and db_datawriter.
Create User by clicking OK.
5.3.3. Create Database Schema
Start SQL Server Management Studio and login to the database as DB Administrator.
Double-click on<Setupdirectory>\Setup Files\SQLScripts\EVENTSchema2015.2.P5.sql to open.
Click in the window of the open script. Call Query → Specify Values for Templates Parameters…(Ctrl+Shift+M) and enter the name of the previously created database. (e.g. elproEVENT)
Close the Template Parameters window by clicking OK.
Click Execute (F5) to execute the script.
5.3.4. Create elproUserDBUser in the elproEVENT Database
Start SQL Server Management Studio and login to the database as DB Administrator.
Right-click the <server name> folder → Databases → <elproEVENT> → Security → Users → New User… to open the window for the creation of a new user.
Define the database user on the General page. As login name, use the previously entered, application-specific login name for elproUSER.
User type | SQL user with login |
User name | elproUserDBUser |
Login name | elproUserDBUser |
Default schema | dbo |
On the Securables page, click Search….
In the following Add Objects window, select the option Specific objects… and click OK.
In the following Select Objects window, click top right on the button Object Types…, tick the checkbox in Tables in the new Select Object Types window, and close the window by clicking OK.
Back in the Select Objects window, right-click on Browse…. In the new Browse for Objects window application-specific login name for elproUSER.
[dbo].[Applications]
[dbo].[FunctionNames]
[dbo].[Functions]
[dbo].[Languages]
[dbo].[Resources]
Click OK to close the Browse for Objects and the Select Objects windows.
Under Permissions for dbo….: tick the checkbox for Grant for these 5 tables in the following entries:
Select
View DefinitionCreate User by clicking OK.
5.4. Setting up elproUSER
5.4.1. Setting up elproUSER
Start SQL Server Management Studio and login to the database as DB Administrator.
Right-click Databases → New Database.
Enter the database name under Database name. (e.g. elproUSER)
If required, change DB Owner and the memory location for the database file and the database logfile (under Path).
Create database by clicking OK.
5.4.2. Create New Main User in elproUSER Database
Start SQL Server Management Studio and log in to the database as a DB Administrator.
Right-click the <server name> folder → Databases → <elproUSER> → Security → Users → New User… to open the window for the creation of a new user.
Define the database user on the General page. As login name, use the previously entered, application-specific login name for elproEVENT.
User type | SQL user with login |
User name | elproUserDBUser |
Login name | elproUserDBUser |
Default schema | dbo |
In the list on the Membership page, select the entries db_datareader and db_datawriter.
Create User by clicking OK.
5.4.3. Create Database Schema
Start SQL Server Management Studio and login to the database as DB Administrator.
Double-click on<Setupdirectory>\Setup Files\SQLScripts\USERSchema2021.3.P4.sql to open.
Click in the window of the open script. Call Query → Specify Values for Templates Parameters…(Ctrl+Shift+M) and enter the name of the previously created database. (e.g. elproUSER)
Close the Template Parameters window by clicking OK.
Click Execute (F5) to execute the script.
6. Installation und Konfiguration
The following sections must be executed as Windows Administrator:
>> 6.1. Setup Windows Event Display for elproEVENT
>> 6.2. Setting up the elproMONITOR Web Application
>> 6.3. Setting up the elproUSER Web Application
>> 6.4 Creating and Configuring Dedicated Windows UserIf a dedicated Windows user is created to execute the elproUSER and elproEVENT programs (>> 6.4 Creating and Configuring Dedicated Windows User), the steps from >> 6.5 Configurations Using the elproMONITOR Management Tool can be executed via login with this user.
6.1. Setup Windows Event Display for elproEVENT
Open Windows Powershell (powershell.exe) (by right-clicking → Run as administrator).
Enter the following command: New-EventLog -LogName Application -Source "elproEVENT Library"
6.2. Setting up the elproMONITOR Web Application
6.2.1. Set up elproMONITOR Service
As preparation, create the configuration directory.
e.g. C:\ProgramData\ELPRO\License
In newer operating systems, the ProgramData folder is hidden as standard and cannot be selected in Explorer and in the Management Tool. For this, go to Folder Options and change "Hidden files, folders and drives" to "Show".
Execute the batch processing file <Programdirectory>\elproMONITOR<Versionnumber>\MonitorService\Install.bat (by right-clicking → Run as administrator).
Complete the requests for required values in the prompt. Only enter a name without spaces for Service Name.
Example for cmd prompt | Please enter the Service name (no spaces allowed): elproMONITOR |
Wait until the installation is complete and the prompt displays the following feedbacks:
CreationService SUCCESS
ChangeServiceConfig2 SUCCESS
6.2.2. Set up Web Client (IIS)
6.2.2.1. Preparation
Open file <Webapplicationdirectory>\WebClient\Web.config in Text Editor.
e.g. C:\programdata\ELPRO\websites\elproMONITOR\WebClient\Web.configSearch for Tag forms. Set the value of the associated Attribute name to the Service Name.
Additional step if the WebClient is running on a different machine to the Service. (The connection from the web application to the elproMONITOR Service is defined via WcfBaseAddress.)
Search for key="WcfBaseAddress". The value of the associated attribute must be adjusted as follows. If the web application and the Service are not being run on the same computer, the IP address must be set to the value of the elproMONITOR Service computer.
The default port number (8000) can be optionally changed. If the default port number is changed, this also has to be changed in the elproMONITOR table: Setting entry Keyname WcfBaseAddress.
e.g. <add key="WcfBaseAddress"value="net.tcp://<Adresse>:<Portnumber>"/>
<forms cookieless="UseCookies" loginUrl="~/Account/Login" name="elpro-MONITOR" />Save the changes.
6.2.2.2. Configure IIS
Start IIS Manager (inetmgr.exe).
Double-click to expand the <System Servername> of the Connections list.
If a pop-up window with a query appears at this point, close the window by clicking No.
Expand Sites by double-clicking.
Delete the entry Default Web Site.
Right-click Sites → Add Web Site …
Enter a name for the website under Site name: and a path to the web application directory under Physical path:
e,g, Site name: elproMONITOR, Physical path: C:\programdata\ELPRO\websites\elproMONITOR <VersionNumber>\WebClientThe remaining values may be left with the default values.
Optional: The settings for Type, IP address, Port and Host name can be changed as required, (for example multi-tenant capability across various ports, connection to DNS, etc.)
Exit the configuration and create new website by clicking OK.
The remaining steps can be skipped under Windows Server 2019.
Click Application Pools (on left of window).
Right-click elproMONITOR → Advanced Settings …
Change property .NET Framework Version to V4.0 and confirm by clicking OK.
Start command prompt with Command Prompt → Run as administrator.
Enter
cd C:\Windows\Microsoft.NET\Framework\v4.0.30319Enter
aspnet_regiis –iWait for prompt feedback
Finished installing ASP.NET
6.3. Setting up the elproUSER Web Application
6.3.1. Set up the elproUSER Service
As preparation, create the configuration directory.
e.g.C:\ProgramData\ELPRO\License
In newer operating systems, the ProgramData folder is hidden as standard and cannot be selected in Explorer and in the Management Tool. For this, go to Folder Options and change "Hidden files, folders and drives" to "Show".
Execute the batch processing file <Programdirectory>\elproUSER<Versionnumber>\Install.bat (by right-clicking → Run as administrator).
Complete the requests for required values in the prompt. Only enter a name without spaces for Service Name.
Example of the command prompt | Please enter the Service name (no spaces allowed): elproUSER |
Wait until the installation is complete and the prompt displays the following feedbacks:
CreationService SUCCESS
ChangeServiceConfig2 SUCCESS
6.3.2. elproUSER Set up API (IIS)
6.3.2.1. Preparation
Open file <Webapplicationdirectory>\elproUSER API\Web.config in Text Editor.
e.g. C:\programdata\ELPRO\websites\elproUSER\WebApi\Web.configAdditional step if the Web API is running on a different machine to the Service. (The connection from the web application to the elproUSER service is defined via WcfBaseAddress.)
Search for key="WcfBaseAddress". The value of the associated attribute must be adjusted as follows. If the web application and the Service are not run on the same computer, the IP address must be set to the value of the elproUSER Service computer.
The default port number (8001) can be optionally changed. If the default port number is changed, this must also be changed in the elproUSER table: Setting entry Keyname WcfBaseAddress.
e.g. <add key="WcfBaseAddress"value="net.tcp://<Adresse>:<PortNumber>"/>Save the changes.
6.3.2.2. Configure IIS
Start IIS Manager (inetmgr.exe).
Double-click to expand the <System Servername> of the Connections list.
If a pop-up window with a query appears at this point, close the window by clicking No.
Expand Sites by double-clicking.
Right-click on elproMONITOR → Add Application …
Under Alias:, enter a name for the API and under Physical path:, enter the path to the web application directory.
e.g. Alias: user-api, Physical path: C:\programdata\ELPRO\websites\elproUSER\WebApiExit the configuration and create the new alias by clicking OK.
elproUSER Set up Client (IIS)
6.3.3.1. Preparation
Open file <Webapplicationdirectory>\elproUSER Client\config.json in Text Editor.
e.g. C:\programdata\ELPRO\websites\elproUSER\WebClient\config.jsonUnder "suffix", enter the suffix for the elproUSER API using the schema “/User-API”.
If the standard port 80 is not used, enter the port of the elproMONITOR additionally under “port”.
e.g. „port“: 80,"suffix":/user-apiSave the changes.
6.3.3.2. Configure IIS
Start IIS Manager (inetmgr.exe).
Double-click to expand the <System Servername> of the Connections list.
If a pop-up window with a query appears at this point, close the window by clicking No.
Expand Sites by double-clicking.
Right-click on elproMONITOR → Add Application …
Under Alias:, enter a name for the API and under Physical path:, enter the path to the web application directory.
e.g. Site name: elproUSER, Physical path: C:\programdata\ELPRO\websites\elproUSER\WebClientExit the configuration and create the new alias by clicking OK.
6.4 Creating and Configuring Dedicated Windows User
Creating a dedicated Windows user is optional and can be used if the execution of elproEVENT and elproUSER applications is configured as non-administrator.
Create a Windows user with default user rights. (e.g. ElproOperator)
Read-only and write rights must be set for the configuration directory. (e.g. C:\ProgramData\ELPRO)
>> 11.2 Access Rights to Configuration Directory
In a multi-tenant system, a tenant can be protected against accesses by other tenants by setting exclusive rights.
6.5 Configurations Using the elproMONITOR Management Tool
The elproMONITOR Management Tool configures database connection settings for ELPRO applications and activates the basic license for elproMONITOR.
6.5.1 Start the elproMONITOR Management Tool
Double-click on the elproMONITOR Management Tool <Setupdirectory>\Program Files\elproMONITOR ManagementTool\elproMonitorManagementTool.exe to start.
First a browser appears for you to select the configuration directory.
e.g. C:\ProgramData\ELPRO\License
In newer operating systems, the ProgramData folder is hidden as standard and cannot be selected in Explorer and in the Management Tool. For this, go to Folder Options and change "Hidden files, folders and drives" to "Show".
Then you access the main dialog.
6.5.2. Configure Database Connection Settings for elproMONITOR
Under Create XML Setting, click elproMONITOR….
Enter the service names and database information from the preceding installation steps in the elproMONITOR XML Settings window.
Server | <Database server address> |
Database | elproMONITOR |
Authentication | Use SQL Server Authentication |
User name | elproMonitorDBUser |
Password | elpro |
Depending on the configuration of the SQL Server, also enter the instance name in the Server field.
The version number has to be entered completely and without mistake!
Click Test Connection to check whether the configuration you entered works.
Close Window
6.5.3. Configure Database Connection Settings for elproEVENT
Under Create XML Setting, click elproEVENT….
Enter the service names and database information from the preceding installation steps in the elproEVENTS XML Settings window.
Server | <Database server address> |
Database | elproEVENT |
Authentication | Use SQL Server Authentication |
User name | elproEventDBUser |
Password | elpro |
Depending on the configuration of the SQL Server, also enter the instance name in the Server field.
The version number has to be entered completely and without mistake!
Click Test Connection to check whether the configuration you entered works.
Close window.
6.5.4. Configure Database Connection Settings for elproUSER
Under Create XML Setting, click elproUSER….
Enter the service names and database information from the preceding installation steps in the elproEVENTS XML Settings window.
Server | <Database server address> |
Database | elproUSER |
Authentication | Use SQL Server Authentication |
User name | elproUserDBUser |
Password | elpro |
Depending on the configuration of the SQL Server, also enter the instance name in the Server field.
The version number has to be entered completely and without mistake!
Click Test Connection to check whether the configuration you entered works.
Close window.
6.5.5. Load Activation and License file for elproMONITOR
Start the service elproMONITOR
Open the Login Page (Website) of elproMONITOR
Login with initial credentials (username: admin, password: elpro)
You will be prompted to load the Activation file to activate elproMONITOR
Install the Activation file
You will be forwarded to the License page of elproMONITOR to load a License file
Install the License file
6.6. elproEVENT Create Program Links
Create a link to the desktop for the application <Programdirectory>\elproEVENT<Versionnumber>\Application Folder\elproEVENT.exe.
Right-click on this link to open the Properties window.
In the Shortcut tab, go to the Target: field and add the parameter –tenant <Configurationdirectory>
e.g. "C:\Program Files\elproEVENT<VersionNumber>\Application Folder elproEVENT.exe" -tenant "C:\ProgramData\ELPRO\License"
7. Multi-Tenant System Setup
elproMONITOR is capable of processing several tenants. This means that optionally, several elproMONITOR systems can be installed and operated in parallel on a computer system.
elproMONITOR systems run fully autonomously and completely separately from systems installed in parallel. Each system may have different program module versions. Programs and databases can each be operated by separate users so that they are protected against attacks.
Execute the following steps to set up several tenants on a computer system. Note that all name issues referring to a tenant (DB name, DB user, Service name, etc.) must be unique to ensure isolation between individual tenants.
A separate database for the elproMONITOR, elproEVENT, and elproUSER applications must be created for each tenant. Accordingly, separate DB logins and DB users must be created.
>> 5. Creating DatabasesConfigurations must be created in a separate configuration directory for each tenant.
e.g. C:\ProgramData\ELPRO\Tenant<TenantName>The configuration for each tenant must be made separately using the Management Tool.
If different versions of elproEVENT and elproUSER are to be used, the corresponding libraries must also be imported to the Global Assembly Cache.
>> 6.1. Importing Libraries in Global Assembly CachePro Mandant muss je eine Webapplikation in ein eigenes Webapplikationsverzeichnis kopiert werden. Dies gilt auch falls es sich um eine komplett identische Version handelt
e.g. C:\inetpub\ELPRO\Tenant<TenantName>\elproMONITOR <VersionNumber>\
Never make a difference between web application tenant names by simply changing uppercase and lowercase letters.
Each individual web application must be set up separately. In particular, each application must be mapped to a separate port and assigned to the corresponding configuration directory.
>> 6.2.2 Set up Web Client (IIS)A separate service instance of elproMONITOR must be set up for each tenant. Here each separate Service instance must have a port applied to it (8000 is standard for the first instance). This port is first defined in the elproMONITOR database in the "Setting" table in the Keyname WcfBaseAddress entry. Secondly, the same port must be configured in the file: Web.config of the web application in the WcfBaseAddress entry.
>> 6.2.1 Set up elproMONITOR ServiceOptionally, a dedicated Windows user, under which the application runs, can be set up with the appropriate access rights for each tenant.
>> 6.4 Creating and Configuring Dedicated Windows UserThe database connection settings must be configured for each tenant using the elproMONITOR Management Tool.
>> 6.5.1. Start the elproMONITOR Management Tool bis >> 6.5.3 Configure Database Connection Settings for elproUSERThe program links must be set up for each tenant accordingly.
>> 6.6. elproEVENT Create Program Links
8. System Settings
System settings may be made in the following databases. Usually, settings only need to be made once and are therefore not included in the Settings.
8.1. Settings elproMONITOR - To Check
8.1.1. Tabelle "Setting" Section "UserInterface"
Name | Defaults | Description |
---|---|---|
AutoLogin | False | Checkbox for Autologin function is not visible |
CalibrationColor | #fadcc5 | Background color for calibration period |
CalibrationColorOpacity | 100 | Opacity of background color for calibration period |
CalibrationTimeoutInHours | 18 | Maximum calibration time |
ChartColors | #0000ff,#008000,#ff0000,#00c0c0,#ff00ff,#c0c000,#000080,#00ff02,#800000,#ff8000 | Chart color for sensors |
CommentTextRequired | True | The user must enter a comment when acknowledging a deviation. |
DateFormat | dd.MMM.yyyy | Date Format |
DeactivatedColor | #e1e1e1 | Background color for sensor alarm deactivated |
DeactivatedColorOpacity | 100 | Opacity of background color for sensor alarm deactivated |
DeleteButtonActive | False | Delete function for sensors and digital inputs deactivated |
EcologProBaseMaintenanceUri |
| URL for ECOLOG-PRO Base Maintenance software (must be specified as absolute path http://<IP address>/Maintenance or as relative path /Maintenance) |
EcologProBaseVersion | False | |
ElectronicSignature | True | The user must repeat his password entry for Activate sensors alarm, Deactivate sensor alarm, and Acknowledge deviation |
ElectronicSignatureLoginRequired | False | Login Name must be entered along with the password when confirming deviations |
ElproUserUri |
| URL for elproUSER software (must be specified as absolute path http://<IP address>/ elproUSER or as relative path /elproUSER) |
FirstDayOfWeek | Sunday | Sunday is defined as the first day of the week (Sunday or Monday, depending on the country setting of the server |
InstallationDate | 11/15/2016 12:44:44 | Date of installation This date is set automatically when the system is first installed |
LongTermProcessTimeoutMinutes | 20 | Timeout for processes that last too long |
MaxAnalysisSensors | 25 | Maximum number of sensors that are displayed in the chart |
MaxCalibrationSensors | 10 | Maximum number of sensors which can be calibrated simultaneously |
NumberDecimalSeparator | . | Delimiter character for floating point numbers |
PollingInterval | 15000 | Refresh interval for MONITOR / DEVIATION page in milliseconds |
ReloadedColor | #dae6dc | Background color for sensor values reloaded |
ReloadedColorOpacity | 100 | Opacity of background color for sensor alarm reloaded |
ReportTimeoutMinutes | 20 | Timeout (minutes) to generate a report |
SessionTimeout | 20 | Session timeout (minutes) |
TenantName |
| Name which is displayed along with the login name to distinguish an instance |
Use24HourTimeFormat | True | The 24-hour time format is used (with False, the 12-hour format is used) |
ValueDateTimeSeparator | ; | Character between measurement value and date |
MinSnrValue | 0 | Minimum signal to noise ratio value |
MaxSnrValue | 100 | Maximum signal to noise ratio value |
BadSnrValue | 10 | Industrial Standard for bad signal to ratio value |
WeakSnrValue | 25 | Industrial Standard for bad signal to ratio value |
8.1.2. Tabelle "Setting" Section "System”
Name | Defaults | Description |
---|---|---|
AlarmInterfaceRetryCount | 3 | Maximum number of communication retries to the Alarm Interface |
AlarmInterfaceTimeoutMs | 2000 | Timeout (milliseconds) for communication to Alarm Interface |
ConnectionFibonacciDelays | 0,1,2,3,5,8,13,24 | Delay Numbers for connection (using Fibonacci numbers) |
ConnectionWaitTime | 3600 | Waiting for connection |
CriticalDeviceErrorCycleCount | 3 | Number of cycles for deviation of critical device errors |
DbTimeoutSeconds | 30 | Database time-out (in seconds) |
DbTimeoutSensorDelete | 60 | Delete the database time-out for sensor (in seconds) |
DbTimeoutWriteNC | 60 | Write database time-out for NC values (in seconds) |
DO-WatchdogTimeOutInSeconds | 60 | Timeout for ECOLOG-PRO Watchdog (seconds) |
ExportPdfFilenameForAllSensors | %TimestampUTC%;%ScheduleTaskName% | File name when the automatically generated PDF report contains all selected sensors |
IntervalLengthDeviationTolerance | 10 | Tolerated interval length deviation in seconds |
Language | en | The language setting is used for Audit Trail entries, deviation messages, and automatic reports |
LaunchApplicationTimeout | 00:01:00 | Waiting time during program start |
LoggerConnectRetryCount | 3 | Maximum number of connection retries to a logger |
LoggerConnectTimeoutMs | 2000 | Timeout (milliseconds) for logger connection |
LoggerReadRetryCount | 3 | Maximum number of retries to read out data from a logger memory |
LoggerReadTimeoutMs | 5000 | Timeout for reading out data from a logger memory |
LoggerReconnectDelayMs | 5000 | Delay time (milliseconds) until next connection retry to a logger |
MaxDataSafetyClearanceMonths | 24 | Maximum number of months for data safety clearance period |
MaxEcologNetReloadThreads | 30 | Maximum number of threads to reload data for ECOLOG-NET Loggers If more than 30 ECOLOG-NET loggers are used, set the value to 999. |
MaxEcologProReloadThreads | 1 | Maximum number of threads to reload data for ECOLOG-PRO modules |
MaxLoggerReadThreads | 30 | Maximum number of threads to read measured values |
MktActivationEnergyKjMol | 83.14 | Activation energy for MKT calculation |
MustConfirmAlarms | True | Alarm must be acknowledged |
MustConfirmWarnings | True | Warning must be acknowledged |
NewStartNcTimeRangeDays | 7 | Maximum number of days for recalculation of NC values after server downtime |
NumberAllowedIntervalLengthDeviations | 10 | Number of permitted deviations in internal length |
NumberOfAcknowledgements | 1 | "Four-eyes-principle" number of acknowledgements needed for a deviation |
PerformaceLogHistoryLengthDays | 7 | Number of days after which data is deleted from the PerformanceLog table. |
RawValueBackupTimeRangeMonths | 24 | Number of months after which data is deleted from the MeasureRawValueBackup table. |
ReloadDelayMs | 1000 | Delay time (milliseconds) before reload starts |
SkippedCycleAlarms | False | |
TimestampUTCFormat | yyyyMMddHHmmssfff | Time stamp format |
UseIpV6 | False | The Internet Protocol Version 4 is used by default. IPV6 is not currently supported |
WcfBaseAddress | net.pipe://localhost | The address specifies where the Service Listener is located |
8.1.2. Tabelle "Setting" Section "Plugin”
Name | Defaults | Description |
---|---|---|
OrganisationsId | 0 | Uniqe Id (number) of the tenant organisationId (autogenerated, do not change) |
AutomaticIoModuleCreation | False | Adding Io modules automatically after pairing |
AutomaticSensorCreation | False | Adding a sensor automatically after pairing |
AutomaticSensorCreationGroupName | Auto-generated | Group name for the automatically created sensors |
AutomaticSensorCreationIntervalMinutes | 10 | Interval in minutes for automatically created sensors |
RabbitMQPortAMQP | 5672 | AMQP port |
RabbitMQPortMQTT | 1883 | MQTT port |
RabbitMQUsername | guest | Chosen user name for RabbitMQ |
RabbitMQPassword | guest | Chosen password for RabbitMQ |
SlidingWindowLength | 2 | Sliding window length (valid values from 2 to 5) |
8.2. Settings elproEVENT
8.2.1. "Setting" Table
Name | Defaults | Description |
---|---|---|
DateFormat | dd.MMM.yyyy | Date format |
TenantName |
| Name which can be displayed together with application names to distinguish an instance. |
Use24HourFormat | True | 24 or 12 hour time format |
Language | en | The language setting is used for EVENT and Details entries. |
UseIpV6 | False | If true, IP V6 should be made for Event entries, if IP V6 is available. Otherwise, IP V4. |
8.3. Settings elproUSER
8.3.1. "AppSettings" Table
Name | Defaults | Description |
---|---|---|
AccessTokenExpireTimeSpanInMinutes | 5 | Timeout (minutes) between Client and Web Server |
ActiveDirectoryEnabled | True | Active directory is enabled |
ClientSessionTimeoutInMinutes | 20 | Must be identical to session timeout. |
DateFormat | dd.MMM.yyyy | Date Format |
EcologProBaseMaintenanceUri |
| URL for ECOLOG-PRO Base Maintenance software (must be specified as absolute path http:// <IP address>/Maintenance or as relative path / Maintenance) |
EcologProBaseVersion | True | Tab ECOLOG-PRO Base. |
ElproMonitorUri |
| URL for elproMONITOR software (must be specified as absolute path http://<IP address>/ elproMONITOR or as relative path /elproMONITOR) |
Language | en | The language setting is used for Audit Trail entries, deviation messages, and automatic reports |
RefreshTokenExpireTimeSpanInMinutes | 43800 |
|
SessionTimeout | 20 | Session timeout of server |
TenantName |
| Name which is displayed together with the login name to distinguish an instance. |
TimeZoneString | UTC;true | Time zone; daylight saving time |
Use24HourFormat | True | 24-hour time format is used (if false, 12-hour format is used) |
UseIPv6 | False | Internet Protocol version 4 is used by default, currently IPV6 is not supported. |
WcfBaseAddress | net.tcp://localhost | The address specifies where the service listener is located. |
9. Operation
9.1. Start
Ensure that the Monitor Service is running and the web application was started in IIS. The applications can be started from the Windows Administrator account.
To check this, start Internet Explorer and enter the address http://localhost. The elproMONITOR login page appears. Login using the user previously created in elproUSER (for example, admin).
After service start when the web application is started for the first time, it may take more than a minute for the login dialog to appear in the browser.
When you start the Monitor Service for the first time, the elproMONITOR default settings are written to the database. You can change the settings in the dbo.Settings table of the elproMONITOR database. Please refer to the Operator's Manual for more details.
9.1.1. Enter elproUSER URL in elproMONITOR Database
Requirement: elproMONITOR Service is started!
Start SQL Server Management Studio and log in to the database as DB Administrator.
e.g. /elproUSERIn the elproMONITOR database, open the table dbo.Setting for Editing and in ElproUserUri , enter the web client alias from >> 6.3.3 elproUSER Client einrichten (IIS).
After the changes in the table dbo.Setting, the following actions are necessary:
Restart of elproMONITOR Service
Restart of IIS
9.1.2. Set RabbitMQ credentials in the elproMONITOR Database
Requirement: elproMONITOR Service is started!
Start SQL Server Management Studio and log in to the database as DB Administrator.
e.g. /elproUSERIn the ElproMONITOR Settings table set the RabbitMQUsername and RabbitMQPassword according to the credentials which was defined in 4.6
After the changes in the table dbo.Setting, the following actions are necessary:
Restart of elproMONITOR Service
Restart of IIS
9.2. First Start-up of elproUSER
Start elproUSER using the link you just created.
Login to elproUSER for the first time using the following data:
Username: admin
Password: elpro
You can then change the password immediately after.
If you require integration in AD, click Application → Options to open the Application Settings window and open the "Active Directory":
Enter the Active Directory server name.
Enter the user name and password of an AD user with read-only rights to AD.
Click the "..." button and select the required subnode for user and groups. (If in doubt, simply select the root node.)
Click OK to save the changed settings.
10. elproMONITOR Management Tool
Configuring the basic settings of elproMONITOR is performed using the elproMONITOR Management Tool.
The elproMONITOR software requires a path to a so-called tenant list. When the management tool is started, specify this path as the start parameter. If you leave out the parameter, a window pops up for you to enter the path.
If other configurations already exist in this path, they are read out and displayed as defaults.
elproMONITOR is capable of handling several tenants, so several instances can be configured using a tenant list.
This procedure is always identical in elproMONITOR, elproUSER, and elproEVENT.
10.1. Create XML Setting
11. Additional Features
11.1. Creating Windows User
11.1.3. Windows Server 2019
Open the Control Panel.
Go to User Accounts and click Change account type.
Click Add a user account.
Enter name, password, and password hint for the new user. Use the tenant's name by preference.
User name: Customer01
Password: MonitorCustomer1
Reenter password: MonitorCustomer1
Password hint: <Passwort Hint>
12. FDA CFR 21 Part 11 Compliance
If elproMONITOR is to be operated in compliance with FDA CFR 21 Part 11 Revision April 1, 2013, certain measures must be fulfilled.
Verweis CFR 21 Part 11 | Original Text | Action |
---|---|---|
Subpart A § 11.1 Scope (e) | (e) Computer systems (including hardware and software), controls, and attendant documentation maintained under this part shall be readily available for, and subject to, FDA inspection. | ELPRO is willing to allow audits by customers. The operator is responsible for performing audits as required. |
Subpart B §11.10 Controls for closed systems (c) | (c) Protection of records to enable their accurate and ready retrieval throughout the records retention period. | The operator is responsible for ensuring that data is preserved in its IT environment, e.g. through backups, intrusion and malware protection, redundant hardware etc. |
Subpart B §11.10 Controls for closed systems (e) | (e) Use of secure, computer generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying. | The operator is responsible that changes to the AuditTrail database by IT personnel are prevented. Resp. that manipulations are recorded on system level. e.g. by activating the Change Data Capture function. The databases must be set up with the restrictions described in the installation instructions. |
Subpart B §11.10 Controls for closed systems (i) | (i) Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks. | For maintenance, the operator must train his personnel accordingly. |
Subpart B §11.10 Controls for closed systems (j) | (j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. | Establish standards that holds individuals accountable for misuse of signatures. |
Subpart B §11.10 Controls for closed systems (k1) | (1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. | The operator is responsible to document the operation of the IT system and to control the documentation. |
Subpart C §11.100 General requirements (a) | (a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. | Each account must be set up individually per user. Accounts may not be recycled. |
Subpart C §11.100 General requirements (b) | (b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual's electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. | The operator is responsible for ensuring the identity of each user. |
Subpart C §11.100 General requirements (c) | (c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures. | The operator is responsible for ensuring that each user is aware of the importance of electronic signatures. Users must attest to this. |
Subpart C §11.100 General requirements (c1) | (1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC100), 5600 Fishers Lane, Rockville, MD 20857. | Individuals' hand-signed attestation must be sent in hard copy to the Office of Regional Operations (HFC-100). |
Subpart C §11.100 General requirements (c2) | (2) Persons using electronic signatures shall, upon agency request provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer's handwritten signature. | Additional attestations must be provided upon request. |
Subpart C §11.200 General requirements (a1i) | (a)(1)(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. | In the Settings table the setting ElectronicSignature = True must be set. |
Subpart C §11.200 General requirements (a1ii) | (a)(1)(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components. | In the Settings table the setting Autologin = False must be set. |
Subpart C §11.200 General requirements (a2) | (a)(2) Electronic signatures that are not based upon biometrics shall be used only by their genuine owners. | Only the authenticated owner may use his identification. |
Subpart C §11.300 Controls for identification codes/passwords (b) | (b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging). | The operator must set the rules of password assignment that they must be renewed regularly. |
13. EudraLex Volume 4 - Annex 11 Compliance
If elproMONITOR is to be used in compliance with EudraLex Volume 4 - Annex 11 Revision 1, 30 June 2011, certain measures must be fulfilled.
Verweis Annex 11 | Original Text | Action |
---|---|---|
Principle | The application should be validated; IT infrastructure should be qualified. | The operator is responsible for validating his system. |
Principle | Where a computerised system replaces a manual operation, there should be no resultant decrease in product quality, process control or quality assurance. There should be no increase in the overall risk of the process. | The operator must carry out a risk assessment on the entire system. The risk assessment must also include processes and SOPs. |
General Risk Management 1 |
| The operator is responsible for conducting a risk analysis on the entire system. |
General Personell 2 |
| The operator is responsible for training users. |
General Suppliers and Service Providers 3.4 | 3.4 Quality system and audit information relating to suppliers or developers of software and implemented systems should be made available to inspectors on request. | ELPRO is willing to approve audits conducted by customers. The operator is responsible for conducting audits as required. |
General Project Phase 4.4 | 4.4 User Requirements Specifications should describe the required functions of the computerised system and be based on documented risk assessment and GMP impact. User requirements should be traceable throughout the lifecycle. | The operator must describe the system requirements. |
General Project Phase 4.5 | 4.5 The regulated user should take all reasonable steps, to ensure that the system has been developed in accordance with an appropriate quality management system. The supplier should be assessed appropriately. | The operator must validate that a suitable quality system was used for development. ELPRO is willing to approve audits conducted by customers. |
General Data Storage 7.1 | 7.1 Data should be secured by both physical and electronic means against damage. Stored data should be checked for accessibility, readability and accuracy. Access to data should be ensured throughout the retention period. | The operator is responsible for ensuring data storage in his IT environment, e.g. by means of backups, intrusion and malware protection, redundant hardware, etc. |
General Data Storage 7.2 | 7.2 Regular back-ups of all relevant data should be done. Integrity and accuracy of backup data and the ability to restore the data should be checked during validation and monitored periodically. | The operator is responsible for backing up data at regular intervals. The possibility of data restoration must be validated and monitored at regular intervals. |
General Change and Configuration Management 10 | 10. Any changes to a computerised system including system configurations should only be made in a controlled manner in accordance with a defined procedure. | The operator is responsible for carrying out changes according to a defined process. |
General Periodic evaluation 11 | 11. Computerised systems should be periodically evaluated to confirm that they remain in a valid state and are compliant with GMP. Such evaluations should include, where appropriate, the current range of functionality, deviation records, incidents, problems, upgrade history, performance, reliability, security and validation status reports. | The operator is responsible for validating the system periodically. |
General Security 12.1 | 12.1 Physical and/or logical controls should be in place to restrict access to computerized system to authorised persons. Suitable methods of preventing unauthorised entry to the system may include the use of keys, pass cards, personal codes with passwords, biometrics, restricted access to computer equipment and data storage areas. | The operator must guarantee that no unauthorized persons may gain access to the system. |
General Security 12.2 | 12.2 The extent of security controls depends on the criticality of the computerised system. | The operator must carry out risk analyses for relevance. |
General Incident Management 13 | 13. All incidents, not only system failures and data errors, should be reported and assessed. The root cause of a critical incident should be identified and should form the basis of corrective and preventive actions. | The operator must evaluate audit trails and, if necessary, escalate events by forwarding them to ELPRO. |
General Electronic Signature 14 | 14. Electronic records may be signed electronically. Electronic signatures are expected to: a. have the same impact as hand-written signatures within the boundaries of the company, b. be permanently linked to their respective record, c. include the time and date that they were applied. | The setting ElectronicSignature = True must be set in the Settings table. Signature recognition must be regulated internally. |
General Batch release 15 | 15. When a computerised system is used for recording certification and batch release, the system should allow only Qualified Persons to certify the release of the batches and it should clearly identify and record the person releasing or certifying the batches. This should be performed using an electronic signature. | The operator must ensure that only identified persons may release batches. |
General Business Continuity 16 | 16. For the availability of computerised systems supporting critical processes, provisions should be made to ensure continuity of support for those processes in the event of a system breakdown (e.g. a manual or alternative system). The time required to bring the alternative arrangements into use should be based on risk and appropriate for a particular system and the business process it supports. These arrangements should be adequately documented and tested. | The operator must make sure that business continuity is ensured in case of system failure. |