LUTRON Enterprise Vue IT Implementation Guide

Overview

This document outlines the IT requirements for Enterprise Vue. Use this document in conjunction with the IT guides for the individual systems managed by Enterprise Vue to get the full set of IT requirements for your Lutron system:

• Quantum (PN 040423 Revision D or greater)
  http://www.lutron.com/TechnicalDocumentLibrary/040423.pdf
• Vive Vue (PN 040437 Revision B or greater)
  http://www.lutron.com/TechnicalDocumentLibrary/040437.pdf
• Limelight By Lutron (PN 040438 Revision A or greater)
  http://www.lutron.com/TechnicalDocumentLibrary/040438.pdf

System Architecture

Enterprise Vue is a web page, hosted in IIS, that connects to Lutron Quantum, Vive, and Limelight systems so that the user can centrally manage all systems from one user interface. The server that hosts the Enterprise Vue software will securely connect to all servers running Quantum Vue and Vive Vue systems. Enterprise Vue will also automatically sign in to Limelight systems which are hosted on a public web site on the Internet.

General Requirements

• A campus overview map is required from the customer to create the navigation images for Enterprise Vue. Accepted image formats are PDF, JPG, JPEG, and PNG.
• For system requirements and limits refer to the Enterprise Vue Specification Submittal: http://www.lutron.com/TechnicalDocumentLibrary/3691076.pdf

Server Requirements

Operating System and Server requirements can be found in the following document: http://www.lutron.com/TechnicalDocumentLibrary/QS-A-CMP-SBO-0.pdf

DNS Host Names

Each system’s webpage (Enterprise, Quantum, and Vive) requires a FQDN (Fully Qualified Domain Name) for the system web page. Depending on the configuration, there can be multiple systems and servers. On the local DNS server, each of the FQDNs should have an associated forward lookup pointing to the respective server. If no DNS server exists locally, these FQDNs may be entered into the local Windows “Hosts” file on both the server and any workstation needing to access Enterprise, Quantum and Vive Vue. Each server associated to Enterprise Vue must be able to resolve the FQDN of each and every Instance of Enterprise, Quantum, and Vive Vue. This includes multiple servers in the same location and multiple servers across multiple locations. In IIS, the FQDN will be entered into the Host name field on the site binding for each IIS site. This Virtual Hosting allows multiple instances of Vue to be run from the same IP/Port.

• If IT networking is not yet available during commissioning of the system, default FQDNs will be assigned to each instance, and these names will be added to the Windows Hosts file so that Enterprise, Quantum and Vive Vue can be accessed. These may be changed later once the IT networking is setup.
  • Enterprise Vue: evue.lutron.com
  • Quantum Vue: qxx.lutron.com (xx is the instance number from 1 through 99)
  • Vive Vue: vxx.lutron.com (xx is the instance number from 1 through 99)
• FQDN examples:
  • Enterprise Vue on Server #1 – enterprise.lutron.com
  • System 1: Quantum Vue on Server #1 – library.lutron.com
  • System 2: Quantum Vue on Server #1 – gymnasium.lutron.com
  • System 3: Quantum Vue on Server #1 – stadium.lutron.com
  • System 4: Vive Vue on Server #1 – northofficebuilding.lutron.com
  • System 5: Vive Vue on Server #2 – southofficebuilding.lutron.com
  • System 6: Quantum Vue on Server #2 – cafeteria.lutron.com

SSL Certificates

By default, installations of Enterprise Vue will use server self-signed SSL Certificates. Users will see a browser security warning when accessing Enterprise Vue. It is recommended that certificates trusted by devices be loaded into the IIS site for each instance of Enterprise, Quantum, and Vive Vue. These certificates should contain the FQDN for the respective instance to which they’re assigned.

TLS 1.2 Cipher Suites

Required Cipher Suites

• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Cipher Suites to be Disabled

• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_RSA_WITH_AES_256_GCM_SHA384
• TLS_RSA_WITH_RC4_128_SHA
• TLS_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_RSA_WITH_RC4_128_SHA
• TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
• TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
• TLS_RSA_WITH_NULL_SHA256
• TLS_RSA_WITH_NULL_SHA
• SSL_CK_RC4_128_WITH_MD5
• SSL_CK_DES_192_EDE3_CBC_WITH_MD5
• TLS_RSA_WITH_RC4_128_MD5

Installed Lutron Software

The Lutron installer will create the following entry in Programs and Features.

• Enterprise Vue x.x.xx – Publisher: Lutron Electronics Co., Inc.

Bundled and Installed 3rd Party Software
The Lutron software utilizes the following third party software modules, which are installed by the Quantum Prerequisites Installer on the machine running Enterprise Vue. These modules are required for the software to install and function correctly.

• Microsoft .NET Framework 3.5 SP1 – Publisher: Microsoft Corporation
• Microsoft Visual C++ 2010 Redistributable – Publisher: Microsoft Corporation
• Microsoft .NET Framework 4.6.1 Full – Publisher: Microsoft Corporation
• Microsoft Windows PowerShell for Windows Server 2008 – Publisher: Microsoft Corporation
• Erlang OTP 19 – Publisher: None Listed
• RabbitMQ Server – Publisher: Pivotal Software, Inc.
• OpenSSL 1.1.0f Light – Publisher: OpenSSL Win32 Installer Team

MicrosoftR WindowsR Services and Executables
The Composite Lutron Service Manager is a Windows service that runs Enterprise Vue server, provides status on services running in the background, and also starts the services every time the machine is restarted. The Composite Lutron Service Manager UI application is used to interact with the Composite Lutron Service Manager. It can be opened using the small blue “gears” icon in the system tray or the Windows Services App. The Enterprise Vue will show up as “CompositeServiceManager x.x.x” where x.x.x represents the version number of Enterprise Vue that is installed on the machine. If the system was upgraded there may be multiple versions listed, only the latest version service should be running on the system. The “BuildingService” executable is a service that may be seen in the task manager. This service is directly managed by the Composite Lutron Service Manager. Enterprise Vue uses the following executables:

Lutron Software

• Lutron.Gulliver.QuantumGateway.BuildingService.exe
• Lutron.Gulliver.CompositeServiceManagerUI.exe
• Lutron.Gulliver.CompositeServiceManager.exe (CompositeServiceManager x.x.xx Service) Erlang OTP/RabbitMQ
• Epmd.exe
• Erl.exe
• Erlsrv.exe (RabbitMQ Service)
• Inet_gethost.exe
• Win32sysinfo.exe

User Accounts and Authentication
Enterprise Vue has two methods for user authentication – local authentication by the server or Microsoft Active Directory (LDAP) authentication. If the server is joined to an LDAP domain, both local and LDAP user accounts may be created to allow access to Enterprise Vue. No special configuration needs to be done to use LDAP user accounts. Once Enterprise Vue is linked to Quantum and Vive Vue, user account management for those systems can be done through Enterprise Vue. User level permissions are provided to allow multiple levels of access for those using the system. The available permissions are: Monitor, Control Only, Control & Edit, and Admin. In addition to these permission levels, users may be assigned access to specific Quantum or Vive buildings down to the area. Refer to the respective system’s User Manual for a system specific description of the access provided at each permission level.
When Enterprise Vue is added to existing installations of Quantum and Vive Vue, all existing user accounts are automatically synced to Enterprise Vue. This syncing occurs after adding a building to Enterprise Vue when the Enterprise Composite Service Manager is restarted. Existing Admin users of Quantum and Vive Vue are automatically assigned the Admin role in Enterprise Vue. Existing users which are not Admin are assigned the same privileges from the existing installation of Quantum and Vive Vue. If the same user name exists on multiple systems, Enterprise uses the role from the first Quantum system to which it connects.

Email Functionality
Enterprise Vue can utilize a SMTP server to send emails to users. This functionality is used to send an email to users for the password reset feature available on the login screen when using local Enterprise Vue user accounts. Additionally, this functionality is used to send email notification of system alerts to users. The fields below must be filled in to allow the system to send emails:

• Server Name (IP or FQDN)
• Port
• Sender Email
• Sender Name
• Optional Settings:
  • Mail Server Requires SSL Encryption
  • Mail Server Requires Authentication
  • Username
  • Password

After configuration of SMTP server in Enterprise Vue, settings can be verified by using the provided email test function to send a test email to an entered address.

SQL Server Requirements

• Enterprise Vue may share use of an existing SQL Server Express instance already running with Quantum 3.4. This Instance is typically called “LUTRON2017 or LUTRON2019.”
• Enterprise Vue and other Lutron Applications require the “sa” user and “sysadmin” permission levels on the SQL Server. Enterprise Vue software needs the following permissions: backup, restore, create new, delete and modify under normal use. The username and password can be changed but the privileges are required.
• Upon installation of Quantum and Enterprise Vue, the SQL Server “sa” account password is randomized for security.
• Only SQL authentication is supported.

SQL Databases

Enterprise Vue utilizes several databases to store user configuration data as well as logging data. Typically, each database is capped at 10 GB when using SQL Server 2017 Express edition. If this database is deployed to a licensed edition of SQL Server supplied by the customer, the 10 GB limit does not apply and the policy for data retention can be specified using Enterprise Vue configuration options. The following databases are used by Enterprise Vue:

• CompositeElmahx.x.x (Initial Size 72 MB, Transaction Log 8 MB, Autogrowth by 64 MB)
  • Provides error logging
• CompositeVuex.x.x (Initial Size 8 MB, Transaction Log 8 MB, Autogrowth by 64 MB)
  • Storage for system configuration
• EnterpriseCompositeDataStore (Initial size 8 MB, Transaction Log 2 GB, Autogrowth by 16 MB)
  • Storage for logs and alerts

IIS Role Configuration

This table defines the IIS roles which are required for Enterprise Vue.

Role Name	Required	Description
Web Server
Common HTTP Features
Static Content	Yes	Serves htm, html, and image files from a website
All Others	No
Health and Diagnostics
HTTP Logging	Yes	Enables logging of website activity for this server
Custom Logging	Yes	Enables support for custom logging for web servers, sites, and applications
Logging Tools	Yes	Installs IIS logging tools and scripts
Request Monitor	Yes	Monitors server, site, and application health
Tracing	Yes	Enables tracing for ASP NET applications and failed requests
All other Roles	No	Remainder of roles in Health and Diagnostics not defined
Performance
All Roles	No	All roles in Performance
Security
Request Filtering	Yes	Configures rules to block selected client requests
All other Roles	No	Remainder of roles in Security not defined
Application Development
NET Extensibility	Yes	Enables web server to host NET framework managed module extensions
ASP NET	Yes	Enables web server to host ASP NET applications
ISAPI Extensions	Yes	Allows ISAPI extensions to handle client requests
ISAPI Filters	Yes	Allows ISAPI filters to modify web server behavior
All other Roles	No	Remainder of roles in Application Development not defined
FTP Server
All Roles	No	All roles in FTP Server
Management Tools
IIS Management Console	Yes	Installs web server Management Console which supports management of local and remote web servers
IIS 6 Management Compatibility
All Roles	No	All roles in IIS 6 Management Compatibility
IIS Management Scripts and Tools	Yes	Manages a local web server with IIS configuration scripts
IIS Management Service	Yes	Allows this web server to be managed remotely from another computer via the web server Management Console

Firewall/Routing Requirements

Enterprise Vue software requires the ports listed in the table below be opened between the Enterprise Vue server and Quantum/Vive Vue servers. Depending on the configuration of your Quantum and Vive Vue systems, the ports used may vary. Lutron Field Service will provide a document detailing ports utilized for each Instance of Quantum and Vive Vue.

Source	Source Application	Destination	Port	Protocol	Destination Application	Description
Enterprise Vue Server	IIS	Enterprise Vue Server	15672	TCP	Local RabbitMQ Server Service	RabbitMQ management panel for Enterprise Vue 1 0 47 and below
Enterprise Vue Server	IIS	Enterprise Vue Server	15671	TCP	Local Rabbit MQ Server Service	RabbitMQ management panel for Enterprise Vue 1 1 5 and above
Enterprise Vue Server	CSM	Enterprise Vue Server	8090- 8092	TCP	Alert Service	Alert service within CSM
Enterprise Vue Server	CSM	Enterprise Vue Server	5555- 5557	TCP	Alert Service	Alert service within CSM
Enterprise Vue Server	CSM	Enterprise Vue Server	7204- 7206	TCP	Alert Service	Alert service within CSM
Enterprise Vue Server	CSM	Enterprise Vue Server	6686	TCP	Composite Service	Used by CSM to establish a TCP connection
Enterprise Vue Server	CSM	Enterprise Vue Server	8110	TCP	Composite Service	Used to establish a TCP connection to the enterprise system
Enterprise Vue Server	CSM	Enterprise Vue Server	8790	TCP	Composite Gateway	Used to tie together other systems into Enterprise
Enterprise Vue Server	CSM	Enterprise Vue Server	5328- 5331	TCP	Composite Gateway	Used to establish a TCP connection to existing systems
Enterprise Vue Server	CSM	Enterprise Vue Server	5444- 5447	TCP	Composite Gateway	Used to establish a TLS connection to existing systems
Enterprise Vue Server	CSM	Enterprise Vue Server	8909- 8911	TCP	Composite Gateway	Used to establish a TCP listening connection to existing systems
Enterprise Vue Server	CSM	Enterprise Vue Server	4444- 4446	TCP	CSM	LutronServiceManagerRemotingPort
Enterprise Vue Server	CSM	Enterprise Vue Server	2661	UDP	CSM	MulticastPort
Quantum Vue Server	Quantum LSM	Enterprise Vue Server	7303- 7305	TCP	Enterprise CSM	Alert and Reporting service used by Quantum instances
Enterprise Vue Server	CSM	Enterprise Vue Server	9998- 10000	TCP	Other LSM and CSM instances	Used to communicate with Reporting Services of other systems
Enterprise Vue Server	CSM	Enterprise Vue Server	8889- 8892	TCP	Runtime Service	Used to start the Runtime Service in CSM
Enterprise Vue Server	LSM	Enterprise Vue Server	5327	TCP	LSM	Used by Q-Gateway to establish a TCP connection
Enterprise Vue Server	LSM	Enterprise Vue Server	5443	TCP	LSM	Used by Q-gateway to establish a TLS connection
LAN	Web Browser	Enterprise Vue Server	443	TCP IPv4	IIS	Used to access the Enterprise Vue webpage over HTTPS
Enterprise Vue Server	IIS	Enterprise Vue Server	5671	TCP IPv4	Local Rabbit MQ Server Service	Exchanges messages between Local Lutron Services and IIS
Enterprise Vue Server	Lutron Enterprise Vue Composite Gateway	Quantum Vue Server	36000- 36029	TCP IPv4	Lutron Quantum Gateway Service (GatewayService TCPListernerPort)	– Each Instance of Quantum utilizes a single specific port to which Enterprise Vue connects – Used to add Quantum servers to Enterprise Vue during setup

Firewall/Routing Requirements (continued)

Source	Source Application	Destination	Port	Protocol	Destination Application	Description
Enterprise Vue Server	Lutron Enterprise Vue Composite Gateway	Vive Vue Server	41000- 41029	TCP IPv4	Lutron Vive Vue Composite Gateway Service (Composite GatewayLap Port)	– Each Instance of Vive Vue utilizes a single specific port to which Enterprise Vue connects – Used to add Vive Vue servers to Enterprise Vue during setup
Enterprise Vue Server	Lutron Enterprise Vue Composite Gateway	Vive Vue & Quantum Vue Server	5671	TCP IPv4	Remote RabbitMQ Server Service	Used to relay commands to Quantum/Vive Vue servers
Enterprise Vue Server	Lutron Enterprise Vue Composite Gateway	www limelightbylutron com*	443	TCP IPv4	Limelight Web Server HTTPS	This is used to interface Enterprise Vue to Limelight * It is highly recommended to allow connection to the FQDN as opposed to a specific IP, as the IP address may change
Enterprise Vue Server	IIS	Vive Vue & Quantum Vue Server	443	TCP IPv4	IIS	Used to access pages directly on Vive & Quantum Vue servers
Enterprise Vue Server	IIS	Customer Provided SMTP Server	Varies based on SMTP server	TCP IPv4	SMTP Server	This allows the system to send users password reset emails

Configuration Examples

The below diagrams depict some of the various configurations in which Enterprise Vue may be configured.

Single Server

Configuration Examples (continued)

Mulitple Servers

Customer Assistance
If you have questions concerning the installation or operation of this product, call Lutron Customer Assistance. Please provide the exact model number when calling. The model number can be found on the product packaging.

Example: SZ-CI-PRG U.S.A., Canada, and the Caribbean: 1.844.LUTRON1 Other countries call: +1.610.282.3800

Fax: +1.610.282.1243 Visit us on the web at www.lutron.com The Lutron logo, Lutron, Enterprise, Enterprise Vue, Quantum, Quantum Vue, Vive, Vive Vue, and Limelight are trademarks or registered trademarks of Lutron Electronics Co., Inc. in the US and/or other countries. Microsoft and Windows are trademarks of the Microsoft Corporation in the United States and other countries.

• 2019-2022 Lutron Electronics Co., Inc. P/N 040449 Rev. B 08/2022
• Lutron Electronics Co., Inc. 7200 Suter Road Coopersburg, PA 18036 USA

Documents / Resources

LUTRON Enterprise Vue IT Implementation Guide [pdf] User Manual 040449, Enterprise Vue IT Implementation Guide, Enterprise Vue IT

References

• User Manual