Restoring FabGuard Computers for 24/7 Sustaining

Dan Barad – Sr. Applications Engineer, FabGuard Applications and Controls Engineering, Austin TX

FDC, like all factory systems, requires 100% up time and fast recovery if there are hardware, operating system, or software problems. FabGuard has some tools that make it easier and faster to restore its monitoring, whether it is running on virtual machines or on individual physical computers. A new Web Application Programming Interface (API) also allows a script to programmatically execute the restore function.

Requirement for FabGuard restore

FabGuard must have a backup of the configuration to restore from. In 18.11.00, we have removed Backup Configuration tasks from the Executive Tasking System and implemented an automatic configuration backup for each connected IPM. See the article in this newsletter Simplifying FabGuard Configuration Backup for setup.

General considerations for FabGuard restore

  • Test the replacement (target) computer's ability to accept the backup configuration using the restore process before a hardware failure.
  • Consider using high quality hard drives and power supplies for physical computers, or provide redundancy through VMs to minimize hardware failures and prevent the need to restore FabGuard.
  • Consider scripting the restore process using the new FabGuard Executive Web Application Programming Interface (API), available in versions 18.05.00 and higher.

The restore function

Here is a simplified description of the current restore function that FabGuard Executive runs based on the last configuration backup:

  1. If the Global Preference for IPM Parent Path is set as the default then appropriate junction and shares are made during the restore.
  2. If the Global Preference for IPM Parent Path is not set as the default then C:\Inficon is used as the installation directory and the C drive is shared.
  3. If the target IP Address or Computer Name is changed during restore, then the restore function loads and modifies the last FabGuard backup configuration by replacing all instances of
    • \\SourceIp\ with \\TargetIp\
    • \\SourceComputerName\ with \\TargetComputerName\
    • SourceToolId with TargetToolId
    The restore function then saves these configurations to the target computer.
  4. The restore function copies all other configuration files from the last FabGuard backup to the target computer. If the FabGuard SECS Multiplexer configuration already exists, this is skipped. The Windows registry hive for INFICON applications is restored.
  5. The restore function executes FabGuard_UpgradeSilent.exe on target computer. If the FabGuard SECS Multiplexer was installed previously and does not already exist on the target computer, then it installs this application. It always reinstalls the FabGuard Acquisition application (i.e., FabGuard IPM).

Note that restore will use the Windows credentials of the currently running Executive, unless specified.

Restore common causes of failure

There are a number of things that can block the restore function from completion. Verify that the replacement computer has the following image settings. See FabGuard Help topic “FabGuard PC Configuration Recommendations and Security Settings” for details.

Requirement

Reason

Recommendation

Windows permissions

The FabGuard Executive needs to perform Windows Administrator actions to install and configure the target computer.

Run the FabGuard Executive as the same domain user that all FabGuard applications will use. That user should be a local administrator on the target computer. Alternatively, this user should be in the Domain Admins group which by default is in all local admin groups.

Windows policies

Make sure local or group policies do not:

  • Allow login banners. They prevent AutoStartProgram to complete Auto Logon
  • Allow Windows 10 update service restart
  • Disable the admin$ share

Test restore on a new image that has been connected and trusted on the network for at least 24 hours. This ensures that regular update checks and policy changes are captured and applied before fully testing restore.

Antivirus and Firewall

Need access to the target computer, to allow changes and run an installer.

Have exceptions set up to allow FabGuard to run installers and copy files to the new computer.

PSEXEC and admin$

The silent upgrade installer must be run locally, started by Windows System Internals' PSEXEC.EXE.

Make sure the admin$ share has not been disabled and that psexec.exe is not blocked from running. Do NOT create this share manually, but set the registry to enable and reboot the computer.

IPM Installation
Parent Path for C share
and junctions (if used)

Saves time and can have custom share permissions.

Configure the Parent Path in FabGuard Executive >> Global Preferences >> Miscellaneous >> IPM Installation Parent Path.

RemoteRegistry Service

The InficonRegistry.hiv must be restored using the RemoteRegistry service.

It is preferred to run this service on all FabGuard systems, since this is also used for backing up the INFICON registry hive.

Web service for restore

The following URL installs a FabGuard IPM on a target computer and configures it using a previously backed up configuration.

URL http://HOSTNAME/FabGuardDll/FgWebDll.dll?

755=86&

804=2&

740=MachineIdFrom&

803=ToolId&

717=MachineIdTo&

775=WindowsUserDomain&

776=WindowsUserName&

777=WindowsUserPassword

URL Parameters

  • HOSTNAME - The network name or IP address of the FabGuard Executive computer running FabGuard Web.
  • MachineIdFrom - IP address of the FabGuard IPM whose backup to use.
  • ToolId - Tool ID of the FabGuard IPM.
  • MachineIdTo - IP address of the FabGuard IPM to install to. If not specified, Machine ID is taken from the backup.
  • WindowsUserDomain - Windows domain of the user performing the restore.
  • WindowsUserName - Windows login name of the user performing the restore.
  • WindowsUserPassword - Password required for this user to log into Windows.

(MachineIdFrom and ToolId are optional but at least one must be specified so that the backup can be identified.)