SoftJACE platform administration

The Platform Administration view is one of several views for any platform, listed under the platform in the Nav tree side bar (Figure 20).

Figure 20. Platform Administration is one of several platform views

Included in this view are commands and related dialogs in which you can:

Set the date and time in the SoftJACE.

Typically, this is needed only if you did not choose to “sync” with your local system date and time when running the Commissioning Wizard.
Change the HTTP port used by the SoftJACE for a “non-SSL” connection to its Niagara platform daemon (platform server), if used. The default port is 3011.
Change SSL settings used by the SoftJACE to enable/disable and otherwise specify a secure connection (SSL and/or TLS) to its Niagara platform daemon (platformssl server). The default port is 5011.
View a simple text summary of the SoftJACE’s current software configuration, including its OS level, JVM version, installed modules, lexicons, licenses, certificates, and so on.
Use debug-level tools to change logging levels and view platform daemon output.
Perform other platform tasks available using the Commissioning Wizard, such changing platform authentication (platform’s username and password), and so on.

For more details, see the Platform Administration section in the Platform Guide. For a procedure specific to a new SoftJACE, see the next section Administer the SoftJACE platform.

Administer the SoftJACE platform

To perform platform administration

From your Workbench PC, with the SoftJACE already commissioned using the Commissioning Wizard:

Open a platform connection to the SoftJACE, if not already opened.

Use the procedure Open a SoftJACE platform connection, except use any changed IP address, port, or credentials (if applicable).
In the SoftJACE platform’s Nav Container View, double-click Platform Administration.

The Platform Administration view appears (Figure 20).
As needed, click the following buttons to review or make changes:
- View Details — For a platform summary that you can copy to the Windows clipboard.
- Update Authentication — For platform daemon authentication dialog to change platform login authentication method (as previously included as step in commissioning wizard).
- Change HTTP Port — For a dialog to change the HTTP port for “non-SSL” connections to the SoftJACE’s platform daemon from port 3011 to some other port. See HTTP Port. Note this port is not used if specifying “SSL only” for platform connections,
- Change SSL Settings — Provides a dialog to enable/disable secure SSL/TLS connections to the host’s platform daemon, specify the TCP port used for such connections, plus specify other related settings. See SSL Settings.
- Change Date / Time — For dialog to change the SoftJACE’s current date, time, and time zone (as previously included as step in commissioning wizard).
- Change Log Settings — Provides dialog to change the log level of different processes that can appear in the platform daemon output.
- View Daemon Output — Provides window in which you can observe debug messages from platform daemon processes in real time. Also includes ability to pause or load.
- Set Module Filter — Provides dialog to change the module content level of the SoftJACE (as previously included as step in commissioning wizard).
- Backup — Make a complete backup of all configuration on the connected host platform, including all station files as well as other Niagara configuration (typically unnecessary for any host just started up).
- Commissioning — Another way to re-launch the Commissioning Wizard, as previously used in the initial commissioning of the SoftJACE.
- Reboot — Provides a method to reboot the SoftJACE PC, which restarts all software including the OS and JVM, then the platform daemon, then (if so configured in the Application Director) the installed station. If you click this, a confirmation dialog appears.
  
  If you reboot, your platform connection is lost, and it is typically a couple of minutes until you can reconnect to this host. Note that a reboot is not necessary if you manually stopped the SoftJACE station from the Application Director (unlike with a QNX-based JACE, you can Start it again without a reboot).

Change HTTP Port

This step is optional, and the default port 3011 is typically used in many Niagara installations. However, for reasons of additional security or perhaps firewall issues, you may need to change the HTTP port used by the SoftJACE’s platform daemon.

If you change this port, you may be unable to reopen a platform connection without first adjusting the firewall on the SoftJACE, particularly if it was previously set to port 3011 (see Figure 2). In addition, for the strongest security it is best to configure the SoftJACE for “SSL only” platform connections, making this selection less important. See SSL Settings for further details.

To change HTTP port

From the Platform Administration view (Figure 20):

Click the Change HTTP Port button.

A dialog appears showing the current HTTP port number highlighted.
Type in the new HTTP port number and click OK.

In a current (non-SSL) platform connection, the Platform Administration view refreshes in a few seconds, and the SoftJACE platform node remains opened in the Nav tree, showing the new HTTP port number (:n) in parenthesis by the platform icon.

Before closing the host (removing it from Nav tree), carefully note the new (non-default) port number you entered. You must specify that port number whenever reopening the SoftJACE platform.

Note any station running on the SoftJACE tracks both the configured port number and SSL port number used to access the platform daemon, as read-only properties of the station’s PlatformServices container:

Platform Daemon Port
Platform Daemon SSL Port

For an example showing these two properties, see Figure 23.

Change SSL Settings

This step is optional, but necessary for the strongest security. We recommended to not just enable platform SSL on the SoftJACE, but to further configure it for “SSL Only” connections.

Figure 21. Change SSL settings dialog (default settings for AX-3.8 SoftJACE shown)

By default in AX-3.8, a SoftJACE installation has SSL enabled, referencing its local self-signed “tridium” certificate (automatically generated upon installation). Default SSL settings are as shown above. This differs from an AX-3.7 SoftJACE, where the default platform SSL state is “Disabled”.

The following procedure includes brief descriptions of choices in the Platform SSL Settings dialog. Find complete details about NiagaraAX SSL usage in the NiagaraAX SSL Connectivity Guide.

To change SSL settings

From the Platform Administration view (Figure 20):

Click the Change SSL Settings button.

A Platform SSL Settings popup appears showing a number of settings.
Set State to one of the following:
- Disabled — Secure platform connections not possible (only regular platform connections).
- Enabled — Secure platform connections permitted, as well as regular platform connections.
- Ssl Only — Only secure platform connections are allowed. Any attempt to open a regular platform connection either goes unresolved (AX-3.8), or else in AX-3.7 is automatically redirected to the port servicing secure platform connections.
Specify Port to use for secure platform connections, where port 5011 is the default.
If you change this port, you may be unable to reopen a platformssl connection without first adjusting the firewall on the SoftJACE, particularly if it was previously set to port 5011 (see Figure 2).
In Certificate, you select the server certificate “alias” in the SoftJACE’s “key store” to use for platformssl. The default (and only) available certificate in a newly-installed SoftJACE is a self-signed one named tridium. If another certificate is imported (later) into the key store, you can select it using the drop-down control. For complete details, refer to the document NiagaraAX SSL Connectivity Guide.
Set Protocol to specify the protocol used for secure platform connections, as either:
- SSLv3 — Only SSL version 3 (Secure Socket Layer) is used.
- TLSv1 — Only TLS version 1 (Transport Layer Security) is used. Automatically set for any AX-3.8 SoftJACE configured for FIPS 140. For details, see the NiagaraAX FIPS 140 Configuration Guide.
- SSLv3+TLSv1 — (Default) Either TLS version 1 or SSL version 3 can be used for the platform connection. This is the default, and is typically recommended.
Click Save.

Note if you changed Port during a current platformssl connection, another “Identity Verification” popup warning may appear. See SSL and certificate notes in AX-3.8. After you accept, the Platform Administration view momentarily refreshes, and the SoftJACE platform node remains opened in the Nav tree, showing the new HTTP port number (:n) in parenthesis by the secure platform icon.

Before closing the host (removing it from Nav tree), carefully note the new (non-default) port number you entered. You must specify that port number whenever reopening the SoftJACE platform with SSL.

Platform Daemon Port
Platform Daemon SSL Port

For an example showing these two properties, see Figure 23.