Itron 920 Gateway User Manual

Silver Spring Networks Gateway

User Manual

1Utility Network Operational ManualInnovatec Utility Software System Organization andRequirementsCompuware Corp.08/09/99 11:13 AMVersion 0.3
2Table of Contents1 Open Issues ..................................................................................................................................................32 Introduction..................................................................................................................................................33 Primary Requirements.................................................................................................................................43.1 Supported Databases ............................................................................................................................43.1.1 External databases......................................................................................................................... 43.2 Multiple database set support ..............................................................................................................43.3 Logging................................................................................................................................................. 43.4 Architectural constraints ...................................................................................................................... 53.5 Server data maintenance....................................................................................................................... 53.6 External Data Distribution...................................................................................................................53.7 Security.................................................................................................................................................53.7.1 Firewalls ........................................................................................................................................ 63.7.2 Attack methods..............................................................................................................................63.7.3 Export restrictions.........................................................................................................................73.8 Internationalization...............................................................................................................................73.9 Factory/Depot/Installation Work Flow...............................................................................................74 Derived Requirements................................................................................................................................. 84.1 Supported applications......................................................................................................................... 84.1.1 Supported interactive applications ...............................................................................................84.1.2 Supported autonomous applications..........................................................................................114.2 Supported Databases ..........................................................................................................................114.2.1 Internal databases.......................................................................................................................1224.3 COM Access .....................................................................................................................................1444.4 Required Requirements....................................................................................................................1444.5 Innovatec Look and Feel ..................................................................................................................1554.5.1 Pluggable Look and Feel ..........................................................................................................1554.5.2 Colors ..........................................................................................................................................154.5.2.1 Foreground/Text ..................................................................................................................154.5.2.2 Background ..........................................................................................................................154.6 Navigation.........................................................................................................................................1554.6.1 Keyboard......................................................................................................................................154.6.1.1 Mnemonics.........................................................................................................................1554.6.1.2 Shortcuts.............................................................................................................................1654.6.2 Mouse ........................................................................................................................................1664.7 Components......................................................................................................................................1664.7.1 Primary Windows......................................................................................................................1664.7.2 Secondary Windows..................................................................................................................1664.7.2.1 Dialogs................................................................................................................................1664.7.2.2 Login Dialog ......................................................................................................................1664.7.3 Plain Windows ..........................................................................................................................1774.7.3.1 Splash Screens ....................................................................................................................1774.7.4 A splash screen should be implemented using com.innovatec.ui.Jsplash.The application name, version and copyright information should appear on all splash screens.Applets.................................................................................................................................................1774.7.5 Buttons.......................................................................................................................................1774.7.5.1 Toolbars..............................................................................................................................1774.7.6 Menus...........................................................................................................................................184.7.7 Statusbar ......................................................................................................................................184.7.8 Organizing ...................................................................................................................................184.7.8.1 Group Boxes ........................................................................................................................184.7.8.2 Tabbed Panes........................................................................................................................185 Change Log................................................................................................................................................19
3Open IssuesWhat type of location information will we use (e.g., lat, long, elevation, pole #) for gateways, relays and meters?What tool will we adopt for network RF planning, and how will we interface the rest of the system to it?IntroductionThe Enterprise Network and Internet Communications (ENICS) system is a set of software applications that alloweither utilities or Innovatec acting as a service bureau to manage and operate an Innovatec communications network.The functions required include the ability to read meters, monitor network operation, install, decommission, swap andtest all elements in the communications network and handle alarms. In addition, Innovatec must have a means ofplanning and laying out communications networks, training users and demonstrating the system to prospectivecustomers. For development it is desirable to have some means of exercising the communications network in a moreintensive manner than we have been able to in the past. It will be necessary to update and possibly gather data fromdatabases that are not part of the Innovatec system. For example, a utility may have a billing database (andapplications that use it) already in place. Data from scheduled reads might be placed into this billing database.Finally, it should be possible to log events of interest for later analysis either by utility personnel or applications in theInnovatec system. Innovatec plans to eventually use the system for very large installations (on the order of 10 millionmeters or more). Thus, it is necessary to architect and build the system in such a way that its functions can bedistributed across multiple machines and possibly multiple servers. In addition, in Innovatec’s role as a servicebureau, it may be necessary to site a gateway server and possibly some server functions at a customer site, while therest are handled at Innovatec’s offices. For example, a utility may want to put modems at their site so that calls togateways are local calls, while Innovatec administers the network remotely. A high level schematic for the Innovatecutility system is shown in Figure 1. In the schematic, each of the applications is shown as if it was a traditionalmonolithic program. However, the Innovatec system is being designed and implemented as a multitier architecture inwhich the user interface is a set of Java applets and HTML pages which use a set of servants to access variousservices, such as database access. This document supplies a general organization and partitioning for the system aswell as requirements that apply to all applications. The requirements for the various components of the system arecontained in their own requirements documents.Network Configuration DatabaseSW/HW CompatabilityDatabaseNetwork Planning DatabaseAlarm ConfigurationDatabaseLoggingDatabaseBillingDatabase(Legacy)Utility PhysicalAssets Database(Legacy)GatewayServerInnovatecUtilityServerProductionNetwork NetworkEmulator NetworkTestbedField ServiceApplication(Interactive)NetworkConfigurationManager(Interactive)Alarm ConfigurationManager(Interactive)Field ServiceDatabaseField ServiceLaptop or Handheldvia direct TCP/ IP ord i al up PPPNetwork Planningand LayoutconverterBilling Application(Legacy)Physical AssetsTracking(Legacy)MeterReader(Interactive)NetworkExerciser(Autonomous)Network HealthMonitor(Autonomous)Alarm Receiver(Autonomous)Figure 1: High level schematic for the Innovatec utility software system
4Primary RequirementsPrimary requirements are those that ultimately come from the customer or are dictated by the basic nature of theapplication.Supported DatabasesFor the purposes of this specification, the databases in the system are classified into internal and external databases.Internal databases are those that will be built into a stand alone Innovatec system. External (or legacy) databases arethose that are supplied by a particular Innovatec customer or a particular 3rd party application. An interface to anexternal database may be supplied as part of the customization for a particular customer, but the information containedin these databases is not required to run the Innovatec system. Internal databases are specified in section 0.External DatabasesWhile it is possible for the set of external databases to be composed, in principle, of anything or nothing, we anticipatethat the external databases will typically consist of the following for each utility.Database Record Type Item CommentBilling Basic account information Account numberCustomer nameCustomer addressMeter information for acustomer Account numberMeter typeMeter nameMay be multiplerecords for eachcustomerPhysical Assets Data for each meter Account numberMeter nameMeter typeMeter ModelFactory numberMeter brandMeter sizeZoneInstallation dateInstallerInstallation timeLocation informationMultiple Database Set SupportOne of the uses of the utility server software will be Innovatec acting as a service bureau. In order to support this typeof operation, the utility server software shall support multiple sets of independent databases, one for each utilityInnovatec supports. It shall be the responsibility of the Innovatec Utility Server to distinguish between sets ofdatabases for different utilities, given an appropriate utility specification from the various applications.LoggingIt shall be possible to log events of interest into an internal database. These events shall include, but are not limitedto, message transmissions and receptions. It shall be possible for users to configure the number and the age of eventsto be maintained in the log. All attempts by a client application to log into the ENICS system or a remoteconfiguration server to initially contact an ENICS configuration server or a remote redistribution server to initiallycontact an ENICS server should be logged, whether the attempt is successful or not.
5Architectural ConstraintsIt shall be possible to distribute user interface, database and server functions over multiple machines. It shall bepossible for users to remotely access the interactive utility programs from remote desktop computers. It shall bepossible to site the WAN interface hardware on a machine that is physically separate from the machine(s) that host thedatabases and are generally used for network maintenance and other functions.Server data maintenanceTo the extent that is consistent with maintaining the integrity of the various databases, user visible data shall not belost if a server or server machine suffers an ungraceful shutdown.External Data DistributionIn addition to interacting with an Innovatec communications network, it shall be possible for the ENICS system todistribute data to and/or receive data from another ENICS system. This will allow a utility that does not actually ownthe meters for a particular customer to gather data about a meter from the utility that does own the meter. Theinteractions supported in this mode are limited to scheduled reads, on demand reads, informational alarms,informational alarm configuration and basic meter status information. Informational alarms include low flow threshold,prepay alarms and other alarms that indicate usage violations but that are not associated with a possible physicalfailure. Alarms that do indicate a physical failure (such as runaway alarms), shall not be configurable by an externalutility and shall not be distributed to an external utility. It shall be possible to configure access permission for anexternal utility on a meter by meter basis. It shall be possible to configure which alarms may be distributed to orconfigured by an external utility on an alarm by alarm and meter by meter basis. If an external utility has been grantedconfiguration permission for a particular alarm on a particular meter, then the utility that grants that permission will nolonger be able to configure or receive that alarm for that meter. Note that the owner utility will still need to keep trackof the alarms that have been configured by an external utility, in case the meters associated with the external utility orthe gateways associated with those meters are physically modified, reconfigured or replaced. Both the hosting andreceiving ENICS servers shall keep track of the number and types of data sent/received to/from the remote distributionserver for billing purposes.SecuritySecurity considerations for the ENICS system fall into the following four areas:Authentication (is the user or utility really who he, she or it says they are)Authorization (is the user or utility allowed to perform the operation they are requesting)Confidentiality (prevent an outside observer from viewing data that the utility doesn’t want them to view)Auditing (leave a trail so that attempts to compromise the system are tracked for later analysis)The other two areas that are often of concern for browser users in a networked environment, containment andnonrepudiation, are not of much concern to users who may run ENICS applets or applications since all such applets,applications and servers come from a trusted source. Authentication is a concern in two areas. The first is that onlypeople authorized by the utility run the ENICS applets/applications, such as the interactive meter reader, the fieldservice application or the network configuration manager. The second is that data distributed to an outside utility issent only to systems that have been explicitly authorized to receive such data. Authentication in the ENICS systemconsists of two elements. The first is password authentication. All users shall be required to enter a password beforeusing any ENICS application/applet with a user interface. Passwords shall be stored internally in a form that iscryptographically secure. The second is host identification. It shall be possible for system administrators to allowaccess to the ENICS system from an application/applet or a third party using the external data distribution capabilityonly from some designated set of hosts. Thus a user attempting to log in using a valid password from a host that is notin the designated set of hosts would be denied access to the system (with an appropriate reason given). There shall bea means to indicate that access from any host are allowed.
6Authorization shall be supported by access control lists. It shall be possible to assign permissions on a user by user,utility by utility (for external data distribution) and application by application basis. Thus, a user might be allowedfull access to the interactive meter reader, but no access to the network configuration manager. All ENICSapplications shall consult the access control list before performing any operation that might be forbidden by the accesscontrol list. Applications/applets should provide a visual indication of forbidden operations (e.g., grayed out controls)if a set of operations is not allowed for a user.Confidentiality shall be supported through encryption of any communication between ENICS servers (for external datadistribution) or between ENICS servers and applications/applets that involved confidential data. If private keyexchange is required (e.g., to use a DES algorithm), then the private keys shall be encrypted when they are exchanged(e.g., with a public key encryption technique).Auditing shall be supported by the logging facility. All attempts to access (i.e., log into) the system by a user or by anexternal agent shall be logged, whether they are successful or not. As much data as possible should be captured,particularly for unsuccessful logins, including the login name and the machine name from which the login attempt ismade.FirewallsIt is anticipated that an ENICS system will typically operate behind a firewall. The firewall is set up to deny access tounauthorized users contacting the system from outside the local network (e.g., through the Internet). ENICSapplications, applets and servers are neither required nor encouraged to defeat firewall security using HTTP tunnelingor other techniques. This implies that it will be necessary for ENICS system administrators to explicitly allow firewallaccess to outside users on specified ports. It shall be possible for an ENICS system administrator to configure theport number(s) used to contact enics servers. This does not imply that such configuration necessarily must be done ona server by server basis.Attack MethodsThe following potential attacks should be considered in the design of the ENICS software:Monitoring. A cracker could monitor the data stream in an attempt to find authorized user names and passwords. Autility competitor could attempt to monitor the stream of meter reads to determine which customers could be “cherrypicked”. Monitoring can be defeated through encryption of the data stream, including any interactions in whichpasswords are passed.Password guessing, dictionary or exhaustive scan (particularly if driven by a computer program). Password choicerules plus the use of a reasonably large salt (to complicate reverse dictionary construction by an insider) should makethis very difficult. Note some part of the enforcement of good password choices (e.g., don’t use your wife’s maidenname) must be addressed by internal utility processes.A legitimate user attempts operations that he or she is not authorized to perform. This is addressed by access controlpermissions.A legitimate user attempts operations from a suspicious location (e.g., a disgruntled former employee who was anetwork administrator tries to shut down the Innovatec communications network by deregistering all the meters fromthe gateways and erasing them from the utility database from his home computer). This is addressed using hostidentification in addition to passwords. Note that internal utility processes are responsible for making sure that onlycorrect hosts are identified as legitimate sources to the ENICS system.A computer cracker attempts to gain access to the ENICS system by running an applet or application that claims to bea standard ENICS applet. This is handled by keeping password and host identification contained on the server (anyauthentication contained in a client would have been bypassed because a real ENICS client isn’t being used).A computer cracker attempts to gain access to the ENICS system by running an applet or application that claims to bean ENICS configuration server portal. This is handled by host identification. The cracker may attempt to defeat hostidentification by assigning his machine the same host address as a legitimate ENICS server. This can be defeated byconfiguring a firewall to refuse incoming packets from a host that has the same address as an internal ENICS server.A computer cracker attempts to gain access to meter data and some alarm configuration capability by running anapplet or application that claims to be a ENICS server that is set up for external data distribution. This is handledusing host identification. The cracker may attempt to defeat host identification by assigning his machine the same host
7address as a legitimate machine that is the target for external data distribution. This cannot be defeated using firewallconfiguration, since external access for on-demand reads and alarm configuration is necessary. There is currently noeffective answer in these specifications for this form of attack. There is no potential for harm to the source utilitydatabases or the Innovatec communications network, however meter data that was set up for external datadistribution could be monitored.A computer cracker runs a program that bombards the ENICS system with random packets or bogus login attempts.By using up the available bandwidth, access to the ENICS system by legitimate users is prevented (i.e., a denial ofservice attack). There is no way to automatically defeat this type of attack. Rejects of improper access attempts tothe ENICS system should be logged, including the host name of the source of the attempt. Care should be taken thatrepeated illegal access attempt by the same source do not fill up the logging database. This log will aid in trackingdown the offending party.Export RestrictionsSome of the strong cryptographic algorithms that we plan to use to protect data confidentiality are export restricted.This means that if an ENICS system is deployed outside of the borders of the United States that it may be necessary toplug in a different set of weaker algorithms to meet export restrictions. The software shall be structured in such a waythat it is possible to easily produce an export version that uses different cryptographic algorithms than the regularENICS software.InternationalizationThere are no plans to export the ENICS software to non English speaking countries. Internationalization of the ENICSservers, applications or applets is not required.Factory/Depot/Installation Work FlowIMUs, relays and gateways are expected to follow a certain work flow during their lifetimes, as shown in Figure 2.IMUs, relays and gateways are assembled at the factory. At this point IMUs and relays are assigned a Utility SerialNumber (i.e., pin #) and a channel. Gateways should have their WANs activated, if possible. IMUs, relays andgateways should be tested via the RF and (in the case of gateways) via the WAN interface (see Gateway NodeNoninvasive Test Procedure Specification). The tool used to perform these functions is the Factory Commissioningand Test tool.IMUs, relays and gateways are manufactured in response to projected demand, rather than for a specific utility order.Therefore, at the factory utility serial numbers (i.e., pin numbers) are assigned sequentially, but not associated withany specific Innovatec customer.IMUs, relays and gateways are forwarded to a utility depot. At this point they must be associated with a certaincustomer (for IMUs) or a certain location and set of IMUs (for relays and gateways), the association loaded into thenetwork configuration database and work orders generated and IMUs registered with their respective gateways. Thesefunctions are preformed (directly or indirectly) using the Depot Commissioning tool. In addition, the units may betested again using the Field Maintenance and Diagnosis tool.
8FactoryGateway &Relay PoleLocationsUtilityCustomerSiteUtilityDepotIMU, Relay,GatewayIMUIMU(failed orreused)Relay,GatewayRelay,Gateway(failed orreused)FactoryCommisioning& Test ToolDepotCommisioningToolENICS Server Field ServiceApplicationFieldMaintainence& DiagnosisToolFieldMaintainence& DiagnosisToolFieldMaintainence& DiagnosisToolFigure 2: IMU, Relay and Gateway work flowGateways and relays will move from the depot to their pole locations. Gateways and relays are installed and testedusing the Field Maintenance and Diagnosis tool. Once gateways and relays have been installed, the IMUs move fromthe depot to customer sites, where they are installed, tested and their installation in the gateways verified using theField Service Application tool. At some point in their lives IMUs, relays or gateways may be replaced due tosuspected failure or other reasons. These units go back to the depot. Suspected failures may be explored using theField Maintenance and Diagnosis tool. While both the depot commissioning tools and the network configurationmanager modify the network configuration database, the depot commissioning tool is limited to filling in id (e.g., IMUutility serial number) and address fields (e.g., WAN addresses) for units that have already been entered into thenetwork configuration database. This implies that a unit must have already been added into the system by the networkconfiguration manager before the depot commissioning tool can be used to modify its data, and that a null entry forcertain fields must be allowed in the network configuration database for IMUs, relays and gateways that are marked asnot installed.Derived RequirementsDerived requirements are those that are driven by the primary requirements, but are imposed on ourselves.Supported ApplicationsFor those applications whose user interfaces are implemented using Java applets, designers/implementers should striveto keep the applets small, and implement any heavy duty operations in the servers rather than in the appletsthemselves.Supported Interactive ApplicationsInteractive applications are those whose functions are primarily driven by an explicit user request, such as a meterread or a request to upload a database from a field service application. The Innovatec utility server systemimplements services for the following user visible applications. These “applications” are not necessarily implementedas monolithic applications in the traditional sense, but they appear that way to end-users.
9“Application” Purpose Required server functionalityField ServiceApplication Install, decommission, swap,calibrate, and test meters in thefield. The primary users are fieldservice people. Operates on afield service laptop or handheldcomputer that may be out ofcommunication with the rest of thesystem for long periods of time.Specify set of service orders for a particular serviceperson (or service id).Specify what is to be done for each service order.Allow basic IMU communications parameterconfiguration (e.g., set the channel number).Perform basic tests of meter communication.Check that necessary network setup has beencompleted to allow service order function toproceed for a given meter.Download service orders to individual servicelaptops.Upload modified information from individual servicelaptops and integrate it into the databases at theutility end.Calibrate water metersField Monitoringand DiagnosisToolMonitors RF traffic. Performsdiagnostic tests of meters, relaysand gateways.Display all RF messages received (should we allowfor filtering parameters?)Invoke diagnostic tests for IMUs, relays andgateways via the RF interface.Reprogram IMU communications parameters (e.g.,meter utility id, channel number, power).Query for all meters on a channel.Scan channels for a meterDownload gateway error and event logs via RF.Perform pings via the WAN from a gateway to theutility (for WAN problem diagnosis), invoked viathe RF interface?FactoryCommissioning &Test toolChecks IMUs and relays to makesure they’re properly programmedwith the correct Utility SerialNumber, produces factory log,performs noninvasive gatewaytesting.Checks IMUs and relays for correctly programmedUtility Serial Number and default channelPerforms noninvasive gateway test.Generates factory log.If the meter supports an internal record of factorycommissioning, update that record once tests andconfiguration have been completed.DepotCommissioningtoolConnects specific IMU, relay andgateway ids to customer accountsand locations. Permits gateways,relays and IMUs to be replacedwith identical units.Interactive MeterReader Query meter readings and statusinteractively. The primary usersare utility customer servicepeople.Isolate particular customer/meterRead meterQuery meter statusInform user when result of operation is available.
10“Application” Purpose Required server functionalityNetworkconfigurationmanagerConfigure Innovateccommunications network, performnetwork diagnostics, managehardware and software versions,support field service operations.The primary users are networkmaintainers at the utility.View network logically.Supply data relating to characteristics of acommunications path.Supply meter and gateway statistics and loggedhistory.Set up service ordersIntegrate modified service order data into databases.AlarmconfigurationmanagerConfigure which alarms should berecognized for specific IMUs. Activate/deactivate alarm notification.Specify notification method (e.g., on screen, hippager).NetworkEmulator Emulates an Innovateccommunications network. Allowsthe introduction of alarms or faultconditions (e.g., WAN link goesdown) interactively. Primaryusers are utility trainers andInnovatec sales people.Replaces the gateway server’s gateway agent.Reads network configuration from a networkconfiguration database.Displays logical view of the network.Allows a trainer or sales person to interactivelyintroduce alarms and fault conditions.Systemadministration tool Allows a system administrator toview, configure andcontrol the ENICS serversand clients.View server configuration informationView active clientsStartup/shutdown servers and clientsAdd new hosts to ENICS system, add or rearrangeutility servers in ENICS system.View loading statistics.Add or delete users.Add or delete remote redistribution servers.Event log viewer Allows data in the event logtables to be viewed. Allowsarchived event log data to beviewed.Filters events by type, date and auxiliarycharacteristics specific to the event type.Network Planningand Layout tool Contains RF propagation modelsthat allow an Innovateccommunications network to belaid out (e.g., site gateways andrelays given meter locations,taking into account RFpropagation characteristics).Primary users are networkplanners. This tool will be boughtrather than built.Off the shelf tool will have its own file formats andviews.Network PlanningDatabaseconverterConverts from the file formatsused by the network planning andlayout tool and imports the datainto the internal InnovatecNetwork and Planning database.
11Supported Autonomous ApplicationsAn autonomous application is one that runs without significant user intervention, such as the automatic health monitor.Application Purpose Required server functionalityNetwork exerciser Test the network software andgateway server, in house. Theprimary users are developers andtestersAccepts set of messages and timing from a scriptfile. May be possible to purchase this tool ratherthan build it.Network healthmonitor Determines when an element ofthe network hasn’t been heard ofin some time. Pings elements ofthe network that may not beresponding.Ability to associate IMUs with relays and gateways.Ability to send ping messages to thecommunications network.Ability to notify users when problems are detected.ENICS HealthMonitor Periodically scans the event loglooking for suspicious patterns ofactivity, such as multiple blockedlogin attempts. Monitors theinternal health of ENICSprocesses/threads to determine ifa malfunction has occurred.Tells the alarm receiver when a suspicious patternof activity is detected or a malfunction occurs.Message Monitor Moves journaled sent/receivedmessages from the gateway serverinto the logging database forsubsequent use by otherapplications.Ability to access record of all messages sent andreceived.Logged EventPruner Deletes data from the loggingdatabase that is older than someconfigurable maximum age. Thedata may optionally be logged toan external medium such as CD-ROM or tape, rather than deleted.Ability to do queries and deletes on the loggingdatabase.Gateway LoggedEvent Gatherer Periodically gathers up the errorand event logs maintained in thegateway nodes.Alarm receiver Acts when an alarm is received.Notified when an internal ENICScomponent wants to raise analarm.Ability to cause alarm display applet to be updated.Ability to cause 3rd party devices (such as hippagers) to be activated.Supported DatabasesWhile the general set of data present in the internal databases is derived from the primary requirements, its partitioninto specific databases is a high level architecture decision.
12Internal DatabasesThe utility server software shall support access to and maintenance of the following internal databases, independentlyfor each utility supported. The databases referred to in this section are abstract entities introduced for the purposes ofrequirements analysis and will not necessarily be implemented as databases in the sense of an JDBC (or otherprotocol) database entity. The assignment of data to specific tables and the assignment of tables to specific databaseswill be done in part in the system architecture design and in part in the utility server design.Database Record Type Item CommentNetworkConfiguration,Network PlanningGateway Gateway id.Gateway WAN TypeHardware revision numberSoftware revision numberOperating system revision number Gatewayapplication (gw.zip) revision number Classes.ziprevision number Patch file contents and revisionnumbers Location informationPatch file may be aseparate record typeor even in a separatetable. Locationinformation mayinclude lat, long,elevation and pole #.Relay Relay idRelay hardware revision numberRelay software revision numberLocation informationLocation informationmay include lat, long,elevation and pole #.Meter Utility Id (AKA utility serial number, pinnumber)Meter typeLocation informationCalibration Factor (for water meters)Location informationmay include lat, long,elevation and pole #.SupportedWANs WAN type designationWAN PIN numberGateway-IMUassociationinformationGateway idIMU id that is registered with gatewayOption relay id that IMU is registered withSoftware/Hardware versioncompatibilityUse to keeptrack of whichgateways,relays andmeter versionsare compatiblewith otherversions.This is intended toact as an errorchecking mechanism.This database isstatic from theutilities point of view,and would besupplied by Innovateceach time a newgateway, relay orIMU version cameout.Alarmconfiguration Alarm activityinformation IMU idAlarm typeAlarm active or inactiveTime of last activation (or should this be analarm history?)AlarmnotificationinformationIMU idAlarm typeNotification type specification
13Database Record Type Item CommentNotification type record.Typically there’ll be one of thesefor every notification destination/destination type. E.g., one for eachpager that could be notified that analarm has arrived.Notification typeDevice specific data (e.g.,PIN number for a pager,display device for onscreen notification)Logging Keeps track of interesting eventsthat happen in the system. Thisincludes but is not restricted tomessage transmissions andreceptions.Time event was loggedEvent typeAuxiliary informationThe design of thisdatabase is not likely tobe one monolithic table,as the “auxiliaryinformation” may beused to do lookups inother tables.Authorized users Keeps track of authorized usernames, passwords and authorizedhosts.Authorizedexternal datadistributiontargets.Keeps track of other ENICSservers to which data may bedistributed.Extern datadistribution meterconfigurationtableKeeps track of what alarms andstatus are available to an externalutility and what alarms may beconfigured.External datadistribution targettransaction logKeeps track of the transactionsperformed by an external utility(e.g., number meter reads) forbilling purposes.Meter utility idTransaction typeNumber transactionsField ServiceApplicationDatabaseKeeps track of work orders thathave been generated or uploaded Service order numberInstallerOpen/close datesIMU informationCustomer informationIMU location informationTime stamps for asfound/as left changesApplicationConfigurationDatabaseKeeps track of user settableoptions for the various applications(possibly on a per user basis,where that makes sense).Application NameUser name It may make sense tokeep this data in the NTregistry on the server.However the interfacethe applets andapplications see shouldbe through a servant.
14PermissionsAccess control permissions (or just permissions) in the ENICS system apply to all applications (including both Javaapplications and applets) that may be initiated outside of the server environment. Applications that are initiated byand run under the control of the ENICS server environment (such as the network health monitor) do not require accesspermissions. Access permissions are assigned out of the available options on a user by user basis. Each applicationhas three sets of permissions. The first “set” determines whether a user is allowed to access the ENICS server whilerunning a particular application. For example, a user may be granted permission to run the Interactive Meter Reader,but not the Network Configuration Manager. This is not a security measure, since the only way the ENICS server hasto know what application is being run is for the application to tell it. Thus, this sort of permission won’t be able todeter a cracker who writes his or her own application, but it will give the system administrator control over who canrun applications under normal circumstances.The second set controls access to the various database tables in the system. An application may have read, modifyand append permission for a table. Append is a restricted type of write access that allows an application to add newrecords to a table, but not to either modify or read records that already exist. Modify access implies both read andappend access. For databases that contain information that is associated with particular users, users may be grantedpermission to read or modify data for themselves only or for all users.The third set of permissions controls access to the communications network. The first access permission is “networkuse”. This allows an application to interact with the communications network. If it is not set, then the application isnot allowed to interact with the communications server. The second network access permission is IMU read/modify,which determine which types of messages that can get or set IMU information are allowed to be sent. The thirdnetwork access permission is network read/modify, which determines which messages can be sent that may readinformation from or modify gateways and relays. Please note that even an application that has no explicit networkaccess may invoke an operation that will cause the ENICS server to access the network.COM AccessIn order to support miscellaneous analysis and data gathering capabilities, a COM interface to the ENICS businessobjects shall be implemented. This will allow programs to be written in Visual Basic that can retrieve informationfrom the ENICS system. The COM interface shall be design in such a way that it shall not be possible to compromiseENICS server or Innovatec network communications using the interface. A set of standard Visual Basic applicationsshould be implemented for common operations such as gathering reads from a predefined group of meters andgathering time of use information. These standard applications will serve to get Innovatec customer’s started using themore exotic functions of the system quickly and also server as examples for Innovatec customer IT departments thatwish to implement their own data analysis programs.Required RequirementsAll application requirements documents shall include the following:1. Startup2. Shutdown3. I/O interfaces, if any.4. Required services.5. Behavior in the event of errors, including but not limited to internal program errors, communications errors,database access errors and server access errors.6. Mechanism for notifying users when a problem is detected (e.g., dialog box, logged event).7. Which events should be logged (e.g., significant user actions)
15Innovatec Look and FeelPluggable Look and FeelAll enics applications should implement the com.innovatec.plaf.InnovatecLookAndFeel look and feel.import com.innovatec.plaf.InnovatecLookAndFeel;...static{try{UIManager.setLookAndFeel( newInnovatecLookAndFeel() );}catch( Exception e ){}}ColorsForeground/TextForeground colors should contrast extremely with the background. Since most of our background colors are very light,labels, and text areas will have black foreground colors. Buttons on the other hand have very dark backgrounds, sotheir text will normally be white.BackgroundBackgrounds for panels should be light and change in color and or image with different concept area. For example ifthere are two panels on one screen that represent different ideas, utility record and meter status, they should be ofdifferent colors to make them easily distinguishable.Since colors cannot be completely relied upon due to color blindness, images with different subtle textures should beused as well. Images can be added by using com.innovatec.ui.BasicPanel instead of JPanel, and setting the imagethrough BasicPanel.setBackgroundImage.Navigation KeyboardIn general, navigating between components follows these rules.• Tab or Ctrl-Tab. Moves keyboard focus to the next component or to the first member of the next group ofcomponents. Use Ctrl-Tab when the component itself accepts tabs, as in text fields, tables, and tabbed panes.• Shift-Tab. Moves keyboard focus to the previous component or to the first component in the previous group ofcomponents.• Arrow keys. Moves keyboard focus within the individual components of a group of components, for example,within menu items in a menu or within radio buttons in a group of radio buttons.Most of the keyboard navigation is taken care of by Java, some changes in tab order may need to be implementedby specifying the next focusable component to a component. This can be accomplished byJComponent.setNextFocusableComponent.MnemonicsMnemonics are another keyboard alternative to the mouse. Mnemonics can be used to navigate menus.Rules of thumb for creating mnemonics:1. If the mnemonic does not appear in the table of common mnemonics, choose the first letter of the menu item.For instance, choose J for Justify.2. If the first letter of the menu item conflicts with those of other menus, choose a prominent consonant. Forinstance, the letter S has already been designated as the mnemonic for the Style command. Therefore, choosethe letter Z as the mnemonic for the Size command.3. If the first letter of the menu item and the prominent consonant conflict with those of other menu items, choosea prominent vowel.Mnemonics can be set by AbstractButton.setMnemonic.Mnemonics can also be added to any item with a label. This can make it very easy to go directly to a component andadd information. A mnemonic can be added to a component via the label by JLabel.setLabelFor andJLabel.setDisplayMnemonic.
16ShortcutsAll common commands should have a short cut key strokes, these should be clearly labeled on the menu andor button for that command. The same shortcut key cannot refer to different actions in the application. Hereis partial list of shortcut keys and their purpose:Common Shortcut combinations include:Ctrl-N New (File Menu)Ctrl-O Open (File Menu)Ctrl-S Save (File Menu)Ctrl-P Print (File Menu)Ctrl-Z Undo (Edit Menu)Ctrl-X Cut (Edit Menu)Ctrl-C Copy (Edit Menu)Ctrl-V Paste (Edit Menu)Ctrl-F Find (Edit Menu)Ctrl-A Select All (Edit Menu)F1 HelpCtrl-Q Exit ApplicationMouseA user can navigate through applications with the mouse. Specifically clicking once on an enabled button shouldcause that buttons action to occur. Clicking once on an editable text component should cause the text caret to beplaced and put the text component in insert mode.ComponentsPrimary WindowsA primary window is a window used as primary communication with the user by the application. This is where theuser will return to in order initiate different functionality. A Primary Window shall consist of a Titlebar giving thename of the application, frame, and what is being done.Secondary WindowsDialogsDialogs are small windows used to concisely communicate with the user.Login DialogPrompt the user for login name and password.Use com.innovatec.ui.LoginDialog.
17Plain WindowsSplash ScreensA splash screen is a window with no standard window decorations (titlebar, close, minimize, maximize icons) thatinforms the user that the software is loading and what exactly the program is.A splash screen in ENICS shall consist of the Innovatec logo, an image for the application, the application logo,version, and copyright information.A splash screen should be implemented using com.innovatec.ui.Jsplash. The application name, version andcopyright information should appear on all splash screens.AppletsApplets can be broken down into two types, simple and complex. How an applet is displayed depends on what type ofapplet it is. A simple applet would consist of one screen, no menus, no toolbars, no status bar. This type of appletshould be displayed within the browser window and should not add the confusion of creating another frame.A complex applet is one that needs to be interacted with from another frame. A separate frame allows cleardelineation between the applet’s menus, toolbars, statusbar, and the browser’s equivalent. A code snippet for acomplex applet’s frame could look like this:public void init(){...frame = new JFrame();frame.getContentPane().add( panel );...}public void start(){...frame.setVisible( true );...}public void stop(){...frame.setVisible( false );...}This will make the applet a non-visual component, and the visual components are added the frame itself.ButtonsButtons should be different colors from each other and the background, colors can be repeated, but as far from abutton of the same color as possible.ToolbarsIcons on toolbars will match icons for buttons and or menus.
18MenusAll commands available should also be made available by menu.As much as possible all menus should have shortcut keys and or mnemonic associated with them. If a menu sharesfunctionality with a button is should share the same label.Status BarSmall bar at the bottom used to convey information to the user. The status bar should be used before a dialog box ifat all possible. Error messages should be in Red. Successful completion should be indicated with black. Forimplementation use com.innovatec.ui.StatusBar.OrganizingGroup BoxesUsed to group like concepts. Group boxes should used sparingly and group boxes within group boxes shouldbe avoided, they can become confusing very fast and add very little to the organization of the screen.Instead of Group boxes consider having titles for areas, labels that extend slightly more left than the rest.Tabbed PanesTabbed panes are the preferred method of breaking large hunks of data that are only tied together by aprocess.
19Change LogDate Applications/Subsystems Affected Description of changes5/17/99, Revision 0.2 Changed revision number to 0.2 from 0.1.925/17/99, Revision 0.2 Remove action item for authentication of remoteredistribution servers. It was decided in requirementsreview that host identification and the risks it presentswere tolerable and the way to go.5/17/99, Revision 0.2 Added meter model to physical assets database.5/17/99, Revision 0.2 Moved PIN number and calibration factor data out ofthe specs for the physical assets database and intothe network configuration database.5/18/99, Revision 0.2 Added logging for remote distribution serverapplications.5/18/99, Revision 0.2 Added alarm by alarm and meter by meterconfiguration for remote data distribution.5/18/99, Revision 0.2 Added use of factory commissioning signature in IMUfor factory commissioning tool if the meter supports it.5/18/99, Revision 0.2 Remove requirements for physical display ofInnovatec communications network.5/18/99, Revision 0.2 Updated shortcut keys: Changed Exit Application fromF4 to Ctrl-Q. Assigned find to Ctrl-F and Paste toCtrl-V which is Windows standard.5/18/99, Revision 0.2 Changed typo in Statusbar area that said successfulmessages should be in red, should be in black.6/4/99, Revision 0.2 Add requirements for ENICS Health monitor, addrequirement for alarm monitor to allow for servergenerated alarms (in addition to alarm messages).6/4/99, Revision 0.2 Added requirements for COM interface.6/4/99, Revision 0.2 Add field service application database to internaldatabase requirements.6/15/99 Revision 0.2 Signoff complete

Navigation menu