Installation and security constraints

Before installing and using LoriotPro we recommend that you read this document carefully. LoriotPro is not an ordinary application because it can exploit Microsoft Windows operating system resources intensively to collect and process large amounts of data.

The following points are covered in this document.

Installation constraints

The LoriotPro software for heavy configurations with several hundred devices can use extensively the operating system on which it is installed.
To guarantee the performance of the software under these conditions it is imperative that the resources of this system are accessible. LoriotPro must have access to memory, disk access and fast, interference-free network access.

We must therefore proscribe:

  • Antivirus
  • Firewall
  • Or any type of programs intercalating "hook" between LoriotPro and access to these resources.

Without respect for this prerequisite LoriotPro will not be able to carry out the network collections and the management of its log files correctly, it will not be able to keep visual refreshing dynamically and to maintain the tens or even a hundred parallel processes (Multithreading) in their constrained execution time.

For the light configurations usually used with a FREE Edition or a LITE Edition of LoriotPro these constraints are not as critical.

Other installation constraints to take into account are the real and effective rights of LoriotPro for access to resources such as its installation directory and the Windows Registry.

Installation directory

LoriotPro is installed in a single directory, which contains program files and data files as well as configuration files. This initial choice does not respect current Microsoft recommendations, but simplifies product maintenance and backup. In contrast, access rights issues may arise especially if you choose to install the program in the "Program Files" directory.

If you decide to install LoriotPro in "Program Files" you might need to add privileges for the user that is used to run the program. By default LoriotPro must be installed and use the Administrator.

Microsoft introduced with Windows Vista (UAC) some security features for any non-Administrator programs. If such programs try to write to protected locations such as "Program Files" they will get their writes caught and redirected to an alternative "user friendly" location.

To know and define the rights of the program LoriotPro on its directory of installation it is necessary to identify the user used by the program when it is executed.

To know the Windows user used by the LoriotPro program several methods are available.

Beforehand, the LoriotPro program must be started and executed.

Command Line : tasklist /FI "WINDOWTITLE eq LoriotPro*" /V

TaskList windows command

With the Task Manager option: Detail

Knowing the user it is necessary to check the effective rights of this user on the directory of installation of LoriotPro.

Select the directory (in the example below c: \Program Files\ LUTEUS\LoriotPro V8\)

Open the Properties of the directory then select the Security tab. This window shows that the Administrator group has full control rights on the directory. But be careful not to confuse the group and the user, the user might have more restricted rights. It is necessary to verify to be totally safe the user's actual rights.

Click on the Advanced button

Select the Effective Access tab

Select Select User and enter the previously discovered user name with TaskList

Select Check Name to verify that this user exists

Effective access rights on LoriotPro installation dirctory



Exit with Apply and OK

Show effective rights with the View effective access button

Effective access rights

It can be seen that the Administrator user who is a member of the Administrators group inherits its rights to the directory. Full control is required for the LoriotPro application.

It can be seen that the Administrator user who is a member of the Administrators group inherits its rights to the directory. Full control is required for the LoriotPro application.

When compiling LoriotPro V8 the option Administrator privilege mode was imposed.
The icon present for the executable file of LoriotPro indicates it by its attached shield.

LoriotPro icon of executable file
 
If you run the program when you do not have this privilege level then the following window opens asking you to log in as Administrator.

Log as administrator

Applications written with the assumption that the user will be running with administrator privileges experienced problems in earlier versions of Windows when run from limited user accounts, often because they attempted to write to machine-wide or system directories (such as Program Files) or registry keys (notably HKLM).

The user account control (UAC) tries to manage this using File and Registry Virtualization, which redirects writes (and subsequent reads) to a per-user location within the user’s profile.

For example, if an application attempts to write to “C:\program files\appname\settings.ini” and the user doesn’t have permissions to write to that directory, the write will get redirected to “C:\Users\username\AppData\Local\VirtualStore\Program Files\appname\settings.ini”.

Coexistence of LoriotPro with the Microsoft Local Firewall

Regarding the Firewall of the Windows operating system, if it is active at the launch of LoriotPro many alerts like these may appear.

Firewall notification
It is therefore recommended to have a total functioning of LoriotPro to disable the Firewall.

In addition, the Firewall must inspect the incoming and outgoing flows which can be very consistent with LoriotPro on large configurations. Packet analysis by the firewall adds processing time (RTT) and load on the processors that can seriously impair the functionality of LoriotPro or even render it inoperative. This is all the more true for the BROADCAST EDITION which can do real-time processing and send packets over periods of order of the second.

If the firewall is to remain active, here is the list of ports that must be opened to a minimum to ensure that LoriotPro works properly.

Source IP

Source Port

Protocol

Destination IP

Destination Port

LoriotPro

All

UDP/SNMP

All

161

All

161

UDP/SNMP

LoriotPro

All

LoriotPro

All

UDP/SNMP Trap

All

162

All

All

UDP/SNMP Trap

LoriotPro

162

LoriotPro

All

UDP/Event

All

5001

All

5001

UDP/Event

LoriotPro

All

LoriotPro

All

UDP/Syslog

All

514

All

All

UDP/Syslog

LoriotPro

514

All

All

TCP/HTTP

LoriotPro

8010

LoriotPro

8010

TCP/HTTP

All

All

Note that the port on WEB server is 8010 by default. Adjust the rules of the firewall accordingly.

Cohabitation of LoriotPro with Antivirus

For the same reasons as for the Firewall, LoriotPro performance can be significantly impacted by the presence of an antivirus on the system. It is imperative to disable the real-time management of the antivirus on the LoriotPro installation directory. LoriotPro needs efficient disk access to write log files of trap events and syslogs in real time.

It is also imperative to disable the antivirus if it makes real time analysis of network traffic.

Rights to access the Windows Registry for the LoriotPro application

The Windows registry allows you to save application configuration settings. In the case of LoriotPro the registry is used to memorise the characteristics of the graphical interface and the initial layout and style of the windows.

To ensure this memorisation between each launch, LoriotPro must be able to write to the Windows registry. The good level of access rights must be available to the user associated with the LoriotPro application.

To check it, open the Registry Editor program and then search the HKEY_CURRENT_USER directory LoriotPro then view the permissions (Edit -> Permissions)

LoriotPro in windows registry

The permissions of the Administrator user are in Full Control.