Itron 921 Gateway/Telco User Manual Utility Network Operational Manual

Silver Spring Networks Gateway/Telco Utility Network Operational Manual

Contents

Utility Network Operational Manual

Innovatec Utility Software System Organization andRequirementsCompuware Corp.08/09/99 11:13 AM06/16/99 2:46 PMVersion 0.32
2Table of Contents1 OPEN ISSUES...............................................................................................................................42 INTRODUCTION.........................................................................................................................43 PRIMARY REQUIREMENTS....................................................................................................53.1 SUPPORTED DATABASES..........................................................................................................63.1.1 External databases..........................................................................................................63.2 MULTIPLE DATABASE SET SUPPORT .........................................................................................63.3 LOGGING..................................................................................................................................73.4 ARCHITECTURAL CONSTRAINTS...............................................................................................73.5 SERVER DATA MAINTENANCE ..................................................................................................73.6 EXTERNAL DATA DISTRIBUTION .............................................................................................73.7 SECURITY.................................................................................................................................83.7.1 Firewalls .........................................................................................................................93.7.2 Attack methods ................................................................................................................93.7.3 Export restrictions.........................................................................................................113.8 INTERNATIONALIZATION........................................................................................................113.9 FACTORY/DEPOT/INSTALLATION WORK FLOW .....................................................................114 DERIVED REQUIREMENTS ..................................................................................................134.1 SUPPORTED APPLICATIONS ....................................................................................................134.1.1 Supported interactive applications ...............................................................................134.1.2 Supported autonomous applications.............................................................................164.2 SUPPORTED DATABASES........................................................................................................184.2.1 Internal databases.........................................................................................................184.3 COM ACCESS ....................................................................................................................22214.4 REQUIRED REQUIREMENTS ................................................................................................22214.5 INNOVATEC LOOK AND FEEL.............................................................................................22214.5.1 Pluggable Look and Feel ..........................................................................................22214.5.2 Colors........................................................................................................................23224.5.2.1 Foreground/Text.....................................................................................................23224.5.2.2 Background............................................................................................................23224.6 NAVIGATION ......................................................................................................................23224.6.1 Keyboard ...................................................................................................................23224.6.1.1 Mnemonics ............................................................................................................23224.6.1.2 Shortcuts................................................................................................................24234.6.2 Mouse ........................................................................................................................24234.7 COMPONENTS.........................................................................................................................244.7.1 Primary Windows..........................................................................................................244.7.2 Secondary Windows ..................................................................................................25244.7.2.1 Dialogs ..................................................................................................................25244.7.2.2 Login Dialog ..........................................................................................................25244.7.3 Plain Windows...........................................................................................................25244.7.3.1 Splash Screens........................................................................................................25244.7.4 A splash screen should be implemented using com.innovatec.ui.Jsplash. Theapplication name, version and copyright information should appear on all splash screens.Applets..........................................................................................................................................................26254.7.5 Buttons.......................................................................................................................26254.7.5.1 Toolbars.................................................................................................................... 264.7.6 Menus ............................................................................................................................264.7.7 Statusbar .......................................................................................................................264.7.8 Organizing.................................................................................................................27264.7.8.1 Group Boxes ..........................................................................................................2726
34.7.8.2 Tabbed Panes.........................................................................................................27265 CHANGE LOG ...........................................................................................................................27
41 Open Issues• What type of location information will we use (e.g., lat, long,elevation, pole #) for gateways, relays and meters?• What tool will we adopt for network RF planning, and how willwe interface the rest of the system to it?2 IntroductionThe Enterprise Network and Internet Communications (ENICS)system is a set of software applications that allow either utilities orInnovatec acting as a service bureau to manage and operate an Innovateccommunications network. The functions required include the ability toread meters, monitor network operation, install, decommission, swapand test all elements in the communications network and handle alarms.In addition, Innovatec must have a means of planning and laying outcommunications networks, training users and demonstrating the systemto prospective customers. For development it is desirable to have somemeans of exercising the communications network in a more intensivemanner than we have been able to in the past.It will be necessary to update and possibly gather data fromdatabases that are not part of the Innovatec system. For example, autility may have a billing database (and applications that use it) alreadyin place. Data from scheduled reads might be placed into this billingdatabase.Finally, it should be possible to log events of interest for lateranalysis either by utility personnel or applications in the Innovatecsystem.Innovatec plans to eventually use the system for very largeinstallations (on the order of 10 million meters or more). Thus, it isnecessary to architect and build the system in such a way that itsfunctions can be distributed across multiple machines and possiblymultiple servers.In addition, in Innovatec’s role as a service bureau, it may benecessary to site a gateway server and possibly some server functions ata customer site, while the rest are handled at Innovatec’s offices. Forexample, a utility may want to put modems at their site so that calls togateways are local calls, while Innovatec administers the networkremotely.A high level schematic for the Innovatec utility system is shown inFigure 1. In the schematic, each of the applications is shown as if it wasa traditional monolithic program. However, the Innovatec system isbeing designed and implemented as a multitier architecture in which theuser interface is a set of Java applets and HTML pages which use a set ofservants to access various services, such as database access.
5This document supplies a general organization and partitioning forthe system as well as requirements that apply to all applications. Therequirements for the various components of the system are contained intheir own requirements documents.3 Primary RequirementsPrimary requirements are those that ultimately come from thecustomer or are dictated by the basic nature of the application.Network Configuration DatabaseSW/HW CompatabilityDatabaseNetwork Planning DatabaseAlarm ConfigurationDatabaseLoggingDatabaseBillingDatabase(Legacy)Utility PhysicalAssets Database(Legacy)GatewayServerInnovatecUtilityServerProductionNetwork NetworkEmulator NetworkTestbedField ServiceApplication(Interactive)NetworkConfigurationManager(Interactive)Alarm ConfigurationManager(Interactive)Field ServiceDatabaseField ServiceLaptop or Handheldvia direct TCP/ IP ord i al up PPPNetwork Planningand LayoutconverterBilling Application(Legacy)Physical AssetsTracking(Legacy)MeterReader(Interactive)NetworkExerciser(Autonomous)Network HealthMonitor(Autonomous)Alarm Receiver(Autonomous)Figure 1: High level schematic for the Innovatec utility software system
61.13.1 Supported DatabasesFor the purposes of this specification, the databases in the systemare classified into internal and external databases. Internal databasesare those that will be built into a stand alone Innovatec system. External(or legacy) databases are those that are supplied by a particularInnovatec customer or a particular 3rd party application. An interface toan external database may be supplied as part of the customization for aparticular customer, but the information contained in these databases isnot required to run the Innovatec system.Internal databases are specified in section 4.2.1.3.1.1 External databasesWhile it is possible for the set of external databases to becomposed, in principle, of anything or nothing, we anticipate that theexternal databases will typically consist of the following for each utility.Database Record Type Item CommentBilling Basicaccountinformation• Account number• Customer name• Customer addressMeterinformationfor acustomer• Account number• Meter type• Meter nameMay bemultiplerecords foreachcustomerPhysical Assets Data for eachmeter • Account number• Meter name• Meter type• Meter Model• Factory number• Meter brand• Meter size• Zone• Installation date• Installer• Installation time• Locationinformation3.2 Multiple database set supportOne of the uses of the utility server software will be Innovatecacting as a service bureau. In order to support this type of operation, the
7utility server software shall support multiple sets of independentdatabases, one for each utility Innovatec supports.It shall be the responsibility of the Innovatec Utility Server todistinguish between sets of databases for different utilities, given anappropriate utility specification from the various applications.3.3 LoggingIt shall be possible to log events of interest into an internaldatabase. These events shall include, but are not limited to, messagetransmissions and receptions. It shall be possible for users to configurethe number and the age of events to be maintained in the log.All attempts by a client application to log into the ENICS system ora remote configuration server to initially contact an ENICS configurationserver or a remote redistribution server to initially contact an ENICSserver should be logged, whether the attempt is successful or not.3.4 Architectural constraintsIt shall be possible to distribute user interface, database andserver functions over multiple machines. It shall be possible for users toremotely access the interactive utility programs from remote desktopcomputers. It shall be possible to site the WAN interface hardware on amachine that is physically separate from the machine(s) that host thedatabases and are generally used for network maintenance and otherfunctions.3.5 Server data maintenanceTo the extent that is consistent with maintaining the integrity ofthe various databases, user visible data shall not be lost if a server orserver machine suffers an ungraceful shutdown.3.6 External Data DistributionIn addition to interacting with an Innovatec communicationsnetwork, it shall be possible for the ENICS system to distribute data toand/or receive data from another ENICS system. This will allow a utilitythat does not actually own the meters for a particular customer to gatherdata about a meter from the utility that does own the meter. Theinteractions supported in this mode are limited to scheduled reads, ondemand reads, informational alarms, informational alarm configurationand basic meter status information. Informational alarms include lowflow threshold, prepay alarms and other alarms that indicate usageviolations but that are not associated with a possible physical failure.Alarms that do indicate a physical failure (such as runaway alarms),shall not be configurable by an external utility and shall not bedistributed to an external utility.
8It shall be possible to configure access permission for an externalutility on a meter by meter basis. It shall be possible to configure whichalarms may be distributed to or configured by an external utility on analarm by alarm and meter by meter basis. If an external utility has beengranted configuration permission for a particular alarm on a particularmeter, then the utility that grants that permission will no longer be ableto configure or receive that alarm for that meter. Note that the ownerutility will still need to keep track of the alarms that have beenconfigured by an external utility, in case the meters associated with theexternal utility or the gateways associated with those meters arephysically modified, reconfigured or replaced.Both the hosting and receiving ENICS servers shall keep track ofthe number and types of data sent/received to/from the remotedistribution server for billing purposes.3.7 SecuritySecurity considerations for the ENICS system fall into the followingfour areas:• Authentication (is the user or utility really who he, she or itsays they are)• Authorization (is the user or utility allowed to perform theoperation they are requesting)• Confidentiality (prevent an outside observer from viewing datathat the utility doesn’t want them to view)• Auditing (leave a trail so that attempts to compromise thesystem are tracked for later analysis)The other two areas that are often of concern for browser users ina networked environment, containment and nonrepudiation, are not ofmuch concern to users who may run ENICS applets or applications sinceall such applets, applications and servers come from a trusted source.Authentication is a concern in two areas. The first is that onlypeople authorized by the utility run the ENICS applets/applications,such as the interactive meter reader, the field service application or thenetwork configuration manager. The second is that data distributed toan outside utility is sent only to systems that have been explicitlyauthorized to receive such data.Authentication in the ENICS system consists of two elements. Thefirst is password authentication. All users shall be required to enter apassword before using any ENICS application/applet with a userinterface. Passwords shall be stored internally in a form that iscryptographically secure. The second is host identification. It shall bepossible for system administrators to allow access to the ENICS systemfrom an application/applet or a third party using the external datadistribution capability only from some designated set of hosts. Thus a
9user attempting to log in using a valid password from a host that is notin the designated set of hosts would be denied access to the system (withan appropriate reason given). There shall be a means to indicate thataccess from any host are allowed.Authorization shall be supported by access control lists. It shall bepossible to assign permissions on a user by user, utility by utility (forexternal data distribution) and application by application basis. Thus, auser might be allowed full access to the interactive meter reader, but noaccess to the network configuration manager. All ENICS applicationsshall consult the access control list before performing any operation thatmight be forbidden by the access control list. Applications/appletsshould provide a visual indication of forbidden operations (e.g., grayedout controls) if a set of operations is not allowed for a user.Confidentiality shall be supported through encryption of anycommunication between ENICS servers (for external data distribution) orbetween ENICS servers and applications/applets that involvedconfidential data. If private key exchange is required (e.g., to use a DESalgorithm), then the private keys shall be encrypted when they areexchanged (e.g., with a public key encryption technique).Auditing shall be supported by the logging facility. All attempts toaccess (i.e., log into) the system by a user or by an external agent shallbe logged, whether they are successful or not. As much data as possibleshould be captured, particularly for unsuccessful logins, including thelogin name and the machine name from which the login attempt is made.1.1.13.7.1 FirewallsIt is anticipated that an ENICS system will typically operate behinda firewall. The firewall is set up to deny access to unauthorized userscontacting the system from outside the local network (e.g., through theInternet). ENICS applications, applets and servers are neither requirednor encouraged to defeat firewall security using HTTP tunneling or othertechniques. This implies that it will be necessary for ENICS systemadministrators to explicitly allow firewall access to outside users onspecified ports. It shall be possible for an ENICS system administrator toconfigure the port number(s) used to contact enics servers. This doesnot imply that such configuration necessarily must be done on a serverby server basis.1.1.23.7.2 Attack methodsThe following potential attacks should be considered in the designof the ENICS software:• Monitoring. A cracker could monitor the data stream in anattempt to find authorized user names and passwords. A utilitycompetitor could attempt to monitor the stream of meter readsto determine which customers could be “cherry picked”.
10Monitoring can be defeated through encryption of the datastream, including any interactions in which passwords arepassed.• Password guessing, dictionary or exhaustive scan (particularly ifdriven by a computer program). Password choice rules plus theuse of a reasonably large salt (to complicate reverse dictionaryconstruction by an insider) should make this very difficult.Note some part of the enforcement of good password choices(e.g., don’t use your wife’s maiden name) must be addressed byinternal utility processes.• A legitimate user attempts operations that he or she is notauthorized to perform. This is addressed by access controlpermissions.• A legitimate user attempts operations from a suspiciouslocation (e.g., a disgruntled former employee who was a networkadministrator tries to shut down the Innovatec communicationsnetwork by deregistering all the meters from the gateways anderasing them from the utility database from his homecomputer). This is addressed using host identification inaddition to passwords. Note that internal utility processes areresponsible for making sure that only correct hosts areidentified as legitimate sources to the ENICS system.• A computer cracker attempts to gain access to the ENICSsystem by running an applet or application that claims to be astandard ENICS applet. This is handled by keeping passwordand host identification contained on the server (anyauthentication contained in a client would have been bypassedbecause a real ENICS client isn’t being used).• A computer cracker attempts to gain access to the ENICSsystem by running an applet or application that claims to be anENICS configuration server portal. This is handled by hostidentification. The cracker may attempt to defeat hostidentification by assigning his machine the same host addressas a legitimate ENICS server. This can be defeated byconfiguring a firewall to refuse incoming packets from a hostthat has the same address as an internal ENICS server.• A computer cracker attempts to gain access to meter data andsome alarm configuration capability by running an applet orapplication that claims to be a ENICS server that is set up forexternal data distribution. This is handled using hostidentification. The cracker may attempt to defeat hostidentification by assigning his machine the same host addressas a legitimate machine that is the target for external datadistribution. This cannot be defeated using firewallconfiguration, since external access for on-demand reads and
11alarm configuration is necessary. There is currently no effectiveanswer in these specifications for this form of attack. There is nopotential for harm to the source utility databases or the Innovateccommunications network, however meter data that was set up forexternal data distribution could be monitored.• A computer cracker runs a program that bombards the ENICSsystem with random packets or bogus login attempts. By usingup the available bandwidth, access to the ENICS system bylegitimate users is prevented (i.e., a denial of service attack).There is no way to automatically defeat this type of attack.Rejects of improper access attempts to the ENICS systemshould be logged, including the host name of the source of theattempt. Care should be taken that repeated illegal accessattempt by the same source do not fill up the logging database.This log will aid in tracking down the offending party.3.7.3 Export restrictionsSome of the strong cryptographic algorithms that we plan to use toprotect data confidentiality are export restricted. This means that if anENICS system is deployed outside of the borders of the United Statesthat it may be necessary to plug in a different set of weaker algorithms tomeet export restrictions. The software shall be structured in such a waythat it is possible to easily produce an export version that uses differentcryptographic algorithms than the regular ENICS software.3.8 InternationalizationThere are no plans to export the ENICS software to non Englishspeaking countries. Internationalization of the ENICS servers,applications or applets is not required.3.9 Factory/Depot/Installation Work FlowIMUs, relays and gateways are expected to follow a certain workflow during their lifetimes, as shown in Figure 2Figure 2Figure 2.IMUs, relays and gateways are assembled at the factory. At thispoint IMUs and relays are assigned a Utility Serial Number (i.e., pin #)and a channel. Gateways should have their WANs activated, if possible.IMUs, relays and gateways should be tested via the RF and (in the case ofgateways) via the WAN interface (see Gateway Node Noninvasive TestProcedure Specification). The tool used to perform these functions is theFactory Commissioning and Test tool.IMUs, relays and gateways are manufactured in response toprojected demand, rather than for a specific utility order. Therefore, atthe factory utility serial numbers (i.e., pin numbers) are assignedsequentially, but not associated with any specific Innovatec customer.
12IMUs, relays and gateways are forwarded to a utility depot. At thispoint they must be associated with a certain customer (for IMUs) or acertain location and set of IMUs (for relays and gateways), the associationloaded into the network configuration database and work ordersgenerated and IMUs registered with their respective gateways. Thesefunctions are preformed (directly or indirectly) using the DepotCommissioning tool. In addition, the units may be tested again using theField Maintenance and Diagnosis tool.FactoryGateway &Relay PoleLocationsUtilityCustomerSiteUtilityDepotIMU, Relay,GatewayIMUIMU(failed orreused)Relay,GatewayRelay,Gateway(failed orreused)FactoryCommisioning& Test ToolDepotCommisioningToolENICS Server Field ServiceApplicationFieldMaintainence& DiagnosisToolFieldMaintainence& DiagnosisToolFieldMaintainence& DiagnosisToolFigure 2: IMU, Relay and Gateway work flowGateways and relays will move from the depot to their polelocations. Gateways and relays are installed and tested using the FieldMaintenance and Diagnosis tool. Once gateways and relays have beeninstalled, the IMUs move from the depot to customer sites, where theyare installed, tested and their installation in the gateways verified usingthe Field Service Application tool.At some point in their lives IMUs, relays or gateways may bereplaced due to suspected failure or other reasons. These units go backto the depot. Suspected failures may be explored using the FieldMaintenance and Diagnosis tool.While both the depot commissioning tools and the networkconfiguration manager modify the network configuration database, thedepot commissioning tool is limited to filling in id (e.g., IMU utility serialnumber) and address fields (e.g., WAN addresses) for units that havealready been entered into the network configuration database. This
13implies that a unit must have already been added into the system by thenetwork configuration manager before the depot commissioning tool canbe used to modify its data, and that a null entry for certain fields mustbe allowed in the network configuration database for IMUs, relays andgateways that are marked as not installed.4 Derived RequirementsDerived requirements are those that are driven by the primaryrequirements, but are imposed on ourselves.1.14.1 Supported applicationsFor those applications whose user interfaces are implementedusing Java applets, designers/implementers should strive to keep theapplets small, and implement any heavy duty operations in the serversrather than in the applets themselves.1.1.14.1.1 Supported interactive applicationsInteractive applications are those whose functions are primarilydriven by an explicit user request, such as a meter read or a request toupload a database from a field service application.The Innovatec utility server system implements services for thefollowing user visible applications. These “applications” are notnecessarily implemented as monolithic applications in the traditionalsense, but they appear that way to end-users.“Application” Purpose Required server functionalityField ServiceApplication Install, decommission,swap, calibrate, andtest meters in the field.The primary users arefield service people.Operates on a fieldservice laptop orhandheld computerthat may be out ofcommunication withthe rest of the systemfor long periods of time.• Specify set of service orders fora particular service person (orservice id).• Specify what is to be done foreach service order.• Allow basic IMUcommunications parameterconfiguration (e.g., set thechannel number).• Perform basic tests of metercommunication.• Check that necessary networksetup has been completed toallow service order function toproceed for a given meter.• Download service orders toindividual service laptops.• Upload modified informationfrom individual service laptops
14and integrate it into thedatabases at the utility end.• Calibrate water metersFieldMonitoring andDiagnosis ToolMonitors RF traffic.Performs diagnostictests of meters, relaysand gateways.• Display all RF messagesreceived (should we allow forfiltering parameters?)• Invoke diagnostic tests forIMUs, relays and gateways viathe RF interface.• Reprogram IMUcommunications parameters(e.g., meter utility id, channelnumber, power).• Query for all meters on achannel.• Scan channels for a meter• Download gateway error andevent logs via RF.• Perform pings via the WANfrom a gateway to the utility(for WAN problem diagnosis),invoked via the RF interface?FactoryCommissioning& Test toolChecks IMUs andrelays to make surethey’re properlyprogrammed with thecorrect Utility SerialNumber, producesfactory log, performsnoninvasive gatewaytesting.• Checks IMUs and relays forcorrectly programmed UtilitySerial Number and defaultchannel• Performs noninvasive gatewaytest.• Generates factory log.• If the meter supports aninternal record of factorycommissioning, update thatrecord once tests andconfiguration have beencompleted.DepotCommissioningtoolConnects specific IMU,relay and gateway ids tocustomer accounts andlocations. Permitsgateways, relays andIMUs to be replacedwith identical units.InteractiveMeter ReaderQuery meter readingsand status interactively.The primary users are• Isolate particularcustomer/meter• Read meter
15utility customer servicepeople. • Query meter status• Inform user when result ofoperation is available.NetworkconfigurationmanagerConfigure Innovateccommunicationsnetwork, performnetwork diagnostics,manage hardware andsoftware versions,support field serviceoperations. Theprimary users arenetwork maintainers atthe utility.• View network logically.• Supply data relating tocharacteristics of acommunications path.• Supply meter and gatewaystatistics and logged history.• Set up service orders• Integrate modified serviceorder data into databases.AlarmconfigurationmanagerConfigure which alarmsshould be recognizedfor specific IMUs.• Activate/deactivate alarmnotification.• Specify notification method(e.g., on screen, hip pager).NetworkEmulator Emulates an Innovateccommunicationsnetwork. Allows theintroduction of alarmsor fault conditions (e.g.,WAN link goes down)interactively. Primaryusers are utilitytrainers and Innovatecsales people.• Replaces the gateway server’sgateway agent.• Reads network configurationfrom a network configurationdatabase.• Displays logical view of thenetwork.• Allows a trainer or salesperson to interactivelyintroduce alarms and faultconditions.SystemadministrationtoolAllows a systemadministrator toview, configureand control theENICS serversand clients.• View server configurationinformation• View active clients• Startup/shutdown servers andclients• Add new hosts to ENICSsystem, add or rearrangeutility servers in ENICSsystem.• View loading statistics.• Add or delete users.• Add or delete remoteredistribution servers.Event logviewer Allows data in the eventlog tables to be viewed. • Filters events by type, dateand auxiliary characteristics
16Allows archived eventlog data to be viewed. specific to the event type.NetworkPlanning andLayout toolContains RFpropagation modelsthat allow an Innovateccommunicationsnetwork to be laid out(e.g., site gateways andrelays given meterlocations, taking intoaccount RF propagationcharacteristics).Primary users arenetwork planners.This tool will be boughtrather than built.• Off the shelf tool will have itsown file formats and views.NetworkPlanningDatabaseconverterConverts from the fileformats used by thenetwork planning andlayout tool and importsthe data into theinternal InnovatecNetwork and Planningdatabase.• 1.1.24.1.2 Supported autonomous applicationsAn autonomous application is one that runs without significantuser intervention, such as the automatic health monitor.Application Purpose Required serverfunctionalityNetwork exerciser Test the networksoftware and gatewayserver, in house. Theprimary users aredevelopers and testers• Accepts set ofmessages andtiming from a scriptfile.• May be possible topurchase this toolrather than build it.Network healthmonitor Determines when anelement of the networkhasn’t been heard of insome time. Pingselements of thenetwork that may notbe responding.• Ability to associateIMUs with relaysand gateways.• Ability to send pingmessages to thecommunicationsnetwork.
17• Ability to notifyusers whenproblems aredetected.ENICS Health Monitor Periodically scans theevent log looking forsuspicious patterns ofactivity, such asmultiple blocked loginattempts. Monitorsthe internal health ofENICSprocesses/threads todetermine if amalfunction hasoccurred.• Tells the alarmreceiver when asuspicious patternof activity isdetected or amalfunction occurs.Message Monitor Moves journaledsent/receivedmessages from thegateway server into thelogging database forsubsequent use byother applications.• Ability to accessrecord of allmessages sent andreceived.Logged Event Pruner Deletes data from thelogging database thatis older than someconfigurable maximumage. The data mayoptionally be logged toan external mediumsuch as CD-ROM ortape, rather thandeleted.• Ability to do queriesand deletes on thelogging database.Gateway Logged EventGathererPeriodically gathers upthe error and eventlogs maintained in thegateway nodes.• Alarm receiver Acts when an alarm isreceived.Notified when aninternal ENICScomponent wants toraise an alarm.• Ability to causealarm displayapplet to beupdated.• Ability to cause 3rdparty devices (suchas hip pagers) to beactivated.
181.24.2 Supported DatabasesWhile the general set of data present in the internal databases isderived from the primary requirements, its partition into specificdatabases is a high level architecture decision.1.1.14.2.1 Internal databasesThe utility server software shall support access to andmaintenance of the following internal databases, independently for eachutility supported. The databases referred to in this section are abstractentities introduced for the purposes of requirements analysis and will notnecessarily be implemented as databases in the sense of an JDBC (orother protocol) database entity. The assignment of data to specific tablesand the assignment of tables to specific databases will be done in part inthe system architecture design and in part in the utility server design.Database Record Type Item CommentNetwork Configuration,Network Planning Gateway • Gateway id• Gateway WAN Type• Hardware revisionnumber• Software revisionnumber• Operating systemrevision number• Gateway application(gw.zip) revisionnumber• Classes.zip revisionnumber• Patch file contentsand revision numbers• Location informationPatch filemay be aseparaterecord typeor even in aseparatetable.Locationinformationmay includelat, long,elevationand pole # .Relay • Relay id• Relay hardwarerevision number• Relay softwarerevision number• Location informationLocationinformationmay includelat, long,elevationand pole # .Meter • Utility Id (AKA utilityserial number, pinnumber)• Meter type• Location information• Calibration Factor (forwater meters)Locationinformationmay includelat, long,elevationand pole # .SupportedWANs • WAN type designation• WAN PIN numberGateway-IMU • Gateway id
19associationinformation • IMU id that isregistered withgateway• Option relay id thatIMU is registered withSoftware/Hardwareversion compatibility Use to keeptrack of whichgateways,relays andmeter versionsare compatiblewith otherversions.• This isintended toact as anerrorcheckingmechanism.Thisdatabase isstatic fromthe utilitiespoint ofview, andwould besupplied byInnovateceach time anewgateway,relay or IMUversion cameout.Alarm configuration Alarm activityinformation • IMU id• Alarm type• Alarm active orinactive• Time of last activation(or should this be analarm history?)Alarmnotificationinformation• IMU id• Alarm type• Notification typespecificationNotificationtype record.Typicallythere’ll be oneof these foreverynotificationdestination/destination type.E.g., one foreach pager thatcould benotified that analarm hasarrived.• Notification type• Device specific data(e.g., PIN number fora pager, displaydevice for on screennotification)Logging Keeps track ofinteresting • Time event was logged• Event typeThe designof this
20events thathappen in thesystem. Thisincludes but isnot restricted tomessagetransmissionsand receptions.• Auxiliary information database isnot likely tobe onemonolithictable, as the“auxiliaryinformation”may be usedto dolookups inother tables.Authorized users Keeps track ofauthorized usernames,passwords andauthorizedhosts.• Authorized external datadistribution targets. Keeps track ofother ENICSservers towhich data maybe distributed.• Extern data distributionmeter configuration table Keeps track ofwhat alarmsand status areavailable to anexternal utilityand whatalarms may beconfigured.• External data distributiontarget transaction log Keeps track ofthetransactionsperformed byan externalutility (e.g.,number meterreads) forbillingpurposes.• Meter utility id• Transaction type• Number transactions• Field Service ApplicationDatabase Keeps track ofwork ordersthat have beengenerated oruploaded• Service order number• Installer• Open/close dates• IMU information• Customer information• IMU locationinformation• Time stamps for asfound/as left changesApplication ConfigurationDatabase Keeps track ofuser settableoptions for thevariousapplications• Application Name• User nameIt may makesense tokeep thisdata in theNT registry
21(possibly on aper user basis,where thatmakes sense).on theserver.However theinterface theapplets andapplicationssee shouldbe through aservant.4.3 PermissionsAccess control permissions (or just permissions) in the ENICSsystem apply to all applications (including both Java applications andapplets) that may be initiated outside of the server environment.Applications that are initiated by and run under the control of the ENICSserver environment (such as the network health monitor) do not requireaccess permissions. Access permissions are assigned out of the availableoptions on a user by user basis.Each application has three sets of permissions. The first “set”determines whether a user is allowed to access the ENICS server whilerunning a particular application. For example, a user may be grantedpermission to run the Interactive Meter Reader, but not the NetworkConfiguration Manager. This is not a security measure, since the onlyway the ENICS server has to know what application is being run is forthe application to tell it. Thus, this sort of permission won’t be able todeter a cracker who writes his or her own application, but it will give thesystem administrator control over who can run applications undernormal circumstances.The second set controls access to the various database tables inthe system. An application may have read, modify and appendpermission for a table. Append is a restricted type of write access thatallows an application to add new records to a table, but not to eithermodify or read records that already exist. Modify access implies bothread and append access. For databases that contain information that isassociated with particular users, users may be granted permission toread or modify data for themselves only or for all users.The third set of permissions controls access to thecommunications network. The first access permission is “network use”.This allows an application to interact with the communications network.If it is not set, then the application is not allowed to interact with thecommunications server. The second network access permission is IMUread/modify, which determine which types of messages that can get orset IMU information are allowed to be sent. The third network accesspermission is network read/modify, which determines which messagescan be sent that may read information from or modify gateways andrelays. Please note that even an application that has no explicit network
22access may invoke an operation that will cause the ENICS server toaccess the network.1.34.4 COM AccessIn order to support miscellaneous analysis and data gatheringcapabilities, a COM interface to the ENICS business objects shall beimplemented. This will allow programs to be written in Visual Basic thatcan retrieve information from the ENICS system. The COM interfaceshall be design in such a way that it shall not be possible to compromiseENICS server or Innovatec network communications using the interface.A set of standard Visual Basic applications should be implementedfor common operations such as gathering reads from a predefined groupof meters and gathering time of use information. These standardapplications will serve to get Innovatec customer’s started using the moreexotic functions of the system quickly and also server as examples forInnovatec customer IT departments that wish to implement their owndata analysis programs.1.44.5 Required RequirementsAll application requirements documents shall include the following:1. Startup2. Shutdown3. I/O interfaces, if any.4. Required services.5. Behavior in the event of errors, including but not limited tointernal program errors, communications errors, databaseaccess errors and server access errors.6. Mechanism for notifying users when a problem is detected (e.g.,dialog box, logged event).7. Which events should be logged (e.g., significant user actions).4.54.6 Innovatec Look and Feel4.5.14.6.1 Pluggable Look and FeelAll enics applications should implement thecom.innovatec.plaf.InnovatecLookAndFeel look and feel.import com.innovatec.plaf.InnovatecLookAndFeel;...static{try{UIManager.setLookAndFeel( new InnovatecLookAndFeel() );}catch( Exception e ){}}
231.1.24.6.2 Colors4.5.2.14.6.2.1 Foreground/TextForeground colors should contrast extremely with the background.Since most of our background colors are very light, labels, and text areaswill have black foreground colors. Buttons on the other hand have verydark backgrounds, so their text will normally be white.1.1.1.24.6.2.2 BackgroundBackgrounds for panels should be light and change in color and orimage with different concept area. For example if there are two panels onone screen that represent different ideas, utility record and meter status,they should be of different colors to make them easily distinguishable.Since colors cannot be completely relied upon due to colorblindness, images with different subtle textures should be used as well.Images can be added by using com.innovatec.ui.BasicPanel instead ofJPanel, and setting the image throughBasicPanel.setBackgroundImage.1.64.7 Navigation4.6.14.7.1 KeyboardIn general, navigating between components follows these rules.• Tab or Ctrl-Tab. Moves keyboard focus to the next component or tothe first member of the next group of components. Use Ctrl-Tab whenthe component itself accepts tabs, as in text fields, tables, and tabbedpanes.• Shift-Tab. Moves keyboard focus to the previous component or to thefirst component in the previous group of components.• Arrow keys. Moves keyboard focus within the individual componentsof a group of components, for example, within menu items in a menuor within radio buttons in a group of radio buttons.Most of the keyboard navigation is taken care of by Java, somechanges in tab order may need to be implemented by specifying thenext focusable component to a component. This can be accomplishedby JComponent.setNextFocusableComponent.1.1.1.14.7.1.1 MnemonicsMnemonics are another keyboard alternative to the mouse.Mnemonics can be used to navigate menus.Rules of thumb for creating mnemonics:1. If the mnemonic does not appear in the table of commonmnemonics, choose the first letter of the menu item. For instance,choose J for Justify.
242. If the first letter of the menu item conflicts with those of othermenus, choose a prominent consonant. For instance, the letter Shas already been designated as the mnemonic for the Stylecommand. Therefore, choose the letter Z as the mnemonic for theSize command.3. If the first letter of the menu item and the prominent consonantconflict with those of other menu items, choose a prominent vowel.Mnemonics can be set by AbstractButton.setMnemonic.Mnemonics can also be added to any item with a label. This canmake it very easy to go directly to a component and add information.A mnemonic can be added to a component via the label byJLabel.setLabelFor and JLabel.setDisplayMnemonic.1.1.1.24.7.1.2 ShortcutsAll common commands should have a short cut key strokes, theseshould be clearly labeled on the menu and or button for that command.The same shortcut key cannot refer to different actions in theapplication. Here is partial list of shortcut keys and their purpose:Common Shortcut combinations include:Ctrl-N New (File Menu)Ctrl-O Open (File Menu)Ctrl-S Save (File Menu)Ctrl-P Print (File Menu)Ctrl-Z Undo (Edit Menu)Ctrl-X Cut (Edit Menu)Ctrl-C Copy (Edit Menu)Ctrl-V Paste (Edit Menu)Ctrl-F Find (Edit Menu)Ctrl-A Select All (Edit Menu)F1 HelpCtrl-Q Exit Application1.1.24.7.2 MouseA user can navigate through applications with the mouse.Specifically clicking once on an enabled button should cause thatbuttons action to occur. Clicking once on an editable text componentshould cause the text caret to be placed and put the text component ininsert mode.1.74.8 Components4.7.14.8.1 Primary WindowsA primary window is a window used as primary communicationwith the user by the application. This is where the user will return to inorder initiate different functionality. A Primary Window shall consist of a
25Titlebar giving the name of the application, frame, and what is beingdone.1.1.24.8.2 Secondary Windows4.7.2.14.8.2.1 DialogsDialogs are small windows used to concisely communicate with theuser.1.1.1.24.8.2.2 Login DialogPrompt the user for login name and password.Use com.innovatec.ui.LoginDialog.1.1.34.8.3 Plain Windows4.7.3.14.8.3.1 Splash ScreensA splash screen is a window with no standard window decorations(titlebar, close, minimize, maximize icons) that informs the user that thesoftware is loading and what exactly the program is.A splash screen in ENICS shall consist of the Innovatec logo, animage for the application, the application logo, version, and copyrightinformation.
261.1.44.8.4 A splash screen should be implemented usingcom.innovatec.ui.Jsplash. The application name, version and copyrightinformation should appear on all splash screens.AppletsApplets can be broken down into two types, simple and complex.How an applet is displayed depends on what type of applet it is. A simpleapplet would consist of one screen, no menus, no toolbars, no status bar.This type of applet should be displayed within the browser window andshould not add the confusion of creating another frame.A complex applet is one that needs to be interacted with fromanother frame. A separate frame allows clear delineation between theapplet’s menus, toolbars, statusbar, and the browser’s equivalent. Acode snippet for a complex applet’s frame could look like this:public void init(){...frame = new JFrame();frame.getContentPane().add( panel );...}public void start(){...frame.setVisible( true );...}public void stop(){...frame.setVisible( false );...}This will make the applet a non-visual component, and the visualcomponents are added the frame itself.1.1.54.8.5 ButtonsButtons should be different colors from each other and thebackground, colors can be repeated, but as far from a button of the samecolor as possible.1.1.1.14.8.5.1 ToolbarsIcons on toolbars will match icons for buttons and or menus.1.1.64.8.6 MenusAll commands available should also be made available by menu.As much as possible all menus should have shortcut keys and ormnemonic associated with them. If a menu shares functionality with abutton is should share the same label.1.1.74.8.7 StatusbarSmall bar at the bottom used to convey information to the user.The status bar should be used before a dialog box if at all possible. Error
27messages should be in Red. Successful completion should be indicatedwith black.For implementation use com.innovatec.ui.StatusBar.1.1.84.8.8 Organizing4.7.8.14.8.8.1 Group BoxesUsed to group like concepts. Group boxes should used sparinglyand group boxes within group boxes should be avoided, they can becomeconfusing very fast and add very little to the organization of the screen.Instead of Group boxes consider having titles for areas, labels thatextend slightly more left than the rest.1.1.1.24.8.8.2 Tabbed PanesTabbed panes are the preferred method of breaking large hunks ofdata that are only tied together by a process.5 Change LogDate Applications/SubsystemsAffectedDescription of changes5/17/99, Revision0.2 Changed revision number to 0.2 from0.1.925/17/99, Revision0.2 Remove action item for authenticationof remote redistribution servers. Itwas decided in requirements review
28that host identification and the risks itpresents were tolerable and the way togo.5/17/99, Revision0.2 Added meter model to physical assetsdatabase.5/17/99, Revision0.2 Moved PIN number and calibrationfactor data out of the specs for thephysical assets database and into thenetwork configuration database.5/18/99, Revision0.2 Added logging for remote distributionserver applications.5/18/99, Revision0.2 Added alarm by alarm and meter bymeter configuration for remote datadistribution.5/18/99, Revision0.2 Added use of factory commissioningsignature in IMU for factorycommissioning tool if the metersupports it.5/18/99, Revision0.2 Remove requirements for physicaldisplay of Innovatec communicationsnetwork.5/18/99, Revision0.2 Updated shortcut keys: Changed ExitApplication from F4 to Ctrl-Q.Assigned find to Ctrl-F and Paste toCtrl-V which is Windows standard.5/18/99, Revision0.2Changed typo in Statusbar area thatsaid successful messages should be inred, should be in black.6/4/99, Revision0.2 Add requirements for ENICS Healthmonitor, add requirement for alarmmonitor to allow for server generatedalarms (in addition to alarmmessages).6/4/99, Revision0.2 Added requirements for COMinterface.6/4/99, Revision0.2 Add field service application databaseto internal database requirements.6/15/99 Revision0.2 Signoff complete

Navigation menu