Envision for BACTalk – Migration to a Virtual Machine
Migration of an Envision for BACTalk (Alerton) device running software and a security license key to a virtual machine can be a daunting task. In my case, we had a Dell SFF PC which had been running since 2014-2015 with Windows 7 and Envision for BACTalk 2.0. Due to the age of the computer, it was decided to explore options to either upgrade or have a retention plan in the event this device were to stop working. Fortunately, a copy of the original software was still available in the form of a CD and we had a working security key, but we did not have access to the original job/rep which contained a vast majority of the configuration.
I had some success getting BACTalk to install on a brand-new VM running Windows 10, however, I was never able to get the correct drivers installed for the HardLock security/license key. I decided to try out Disk2VHD in an attempt to clone the working device and create a .vhdx file which would allow me to virtualize the existing computer. After doing this and attempting to boot the .vhdx file, I was met with a blue-screen with error code 0x0000007B. Some research suggested that this was due to the computer using ISCSI drives rather than IDE, as Hyper-V uses.
To resolve this, I had to make a registry edit on the .vhdx file. To do this, you will first need to mount the .vhdx file by opening it up like you would with any other file. Once done, open registry edit (regedit.exe) as an Administrator, and select the HKEY_LOCAL_MACHINE folder. From there, you can go to File > Load Hive and search for “Windows\System32\config\system”. You will be prompted to select a name, and this is for your own reference. In my case, I selected “HVAC”.
You will next want to navigate to HKEY_LOCAL_MACHINE\recovery\ControlSet1\Services\intelide on the new hive you have added. It should be listed as an option under whatever name you’ve assigned for the hive. Once you’ve accessed intelide, look for a field named “Start”. You will want to change this value to 1. In my case, it was set to 3. Next, you’ll want to go back to the HKEY_LOCAL_MACHINE folder and go back to File > Unload Hive. You can now unmount/eject the mounted file system.
Creating the VM in Hyper-V is fairly simple. You will first want to create a new network for BACTalk to communicate with your Alerton system. This can be found under the “Virtual Switch Manager”. I created a new switch with the name “HVAC Network” selected external, and then selected the NIC which connects to the HVAC port. I unchecked the option to “Allow management operating system to share this network adapter”. You will then create a new Virtual Machine, and rather than booting from an ISO image, you will select the .vhdx file you saved. Make sure this file is located somewhere where it won’t be accidentally deleted.
Hyper-V should then boot-up and allow you to access the Windows 7 login screen. We’re not quite done yet, though. We still need to find a way to pass through the BAKTalk security/license USB and change some settings within Envision for BACTalk to utilize the new network adapter. You should verify that you are able to access the virtual machine before beginning the setup for the next steps.
Hyper-V does not natively support USB passthrough, unlike VMWare. This means we will have to use software to do this, which requires a second virtual switch/network to be attached, in-addition to the dedicated NIC for interfacing with Alerton. You can use a USB network adapter for this purpose. There may be a way to pass this through using COM1/COM2 and a specific adapter, but I decided to go a different route.
For testing, I spun up a trial of “USB Over Network Server” on the server and the “USB Over Network Client” on the virtual machine. As previously mentioned, this required setting up a second virtual switch. I used the “Default Network” which is an internal network with the “Allow management operating system to share this network adapter” option selected this time. From there, I was able to point the Client to the Servers IP and share the device “AKS Hardlock USB” with the client. No drivers were needed on the server side for this to work. To verify this, I opened Envision for BACTalk and was no longer receiving an error that no key was attached.
It should be noted that the software used was a temporary solution and used to ensure during this process that I was able to get communication working successfully for Envision for BACTalk to operate normally. I have since ordered a SEH Dongle Server which allows me to secure the USB in a purpose-built device designed for these types of applications. While the “USB Over Network” software would have likely worked just fine, this is for a commercial building and would not work in the event we setup HA (High Availability) for the VM.
Next, we need to go in and change the network adapter settings to ensure that BACTalk protocol is enabled on the correct interface, and then go into the Envision for BACTalk software to set the Ethernet interface. By navigating to the network settings and then “adapter settings”, I was able to find the interface belonging to the HVAC Network. Select “Properties” and ensure that the AlertOn/Honeywell BACnet/Ethernet Driver 3.0 option is selected on that interface. For good measure, I went to the other interface and disabled this option. This step is likely not required.
You should receive a 169.X.X.X IP Address on the HVAC Network. You can verify this by opening up command prompt and typing “ipconfig /all”, referencing the specific adapter being used.
Finally, login to Envision for BACTalk. You will need an account which has permission to access “General System Setup” available under the Tools menu option. You will then want to navigate to the Network tab. You will then see an option to select the primary ethernet adapter. Select the HVAC Network adapter, press OK, and restart the software. Upon logging back in, you should now have communication with the security key and no longer receive the error message “Unable to open Ethernet card for BACnet protocol”.
Side note: The account I had did not have privileges for “General System Setup” but fortunately was given permission to grant myself access to these menus. If your account does not have this level of privilege, you may need to seek assistance from a third-party. There are some default usernames/passwords available for the system, but if these have been changed, you may need to reach out to someone with that level of access.
Migrating to a virtual machine has a number of advantages, though it may not be the best option for everyone. By running this on our servers, we are able to ensure a higher level of redundancy on the machine as it is connected to battery backups and a generator, amongst having RAID and nightly backups. This would also allow for us to isolate it in a DMZ (demilitarized zone) which would allow us to isolate it from the network and provide strict access policies, enabling remote access. Our install did not include a WebTalk server, which meant any changes would have to be performed on the physical device or VM. This change allows that machine to be accessed by select users internally from anywhere in the building.
A physical computer could also be configured in the exact same manner, and that is how testing was performed in my instance. I initially used my laptop with the Windows 7 clone running as a VM as a proof of concept, before migrating this over to our server and purchasing the SEH DongleServer for the USB security/license key.
I am not an installer or technician for these types of systems, and unable to provide support for these systems. I am simply providing a post with my journey migrating this physical machine over to a VM.
No Comment! Be the first one.