51
Aloha POS v15.1 Deep Dive
Aloha 15.1:What the Changes Mean to You?
PCI 2.0 vs. 3.1 &Aloha Versions
PCI 2.0 PCI 3.1WHO: Existing customers who use EDC may continue to rollout Aloha versions 12.x, 14.x.
NOTE: audits will be against PCI 3.1 standards so customers should have a plan in place to get PCI 3.1 compliant.
WHAT: POS v12.3-14.2 + EDC with compensating controls (any necessary adjustments they need to implement for a secure environment. This varies by customer.
WHO: New NCR customers must be implement a PCI 3.1 compliant solution.
WHAT: POS v12.3 or higher + Connected PaymentsNOTE: considerations to ensure all products handling payments are upgraded to minimum versions that support CP (e.g. POS, ATO, AO, etc).15.1 Solution with EDC
*Aloha POS v 6.7 will EOL after 31AUG2017 and thus is not referenced as a go-to solution.
What is Least Privilege?• PCI 3.1 requires that services
associated with standard user accounts must run with the fewest permissions required(e.g. “least privilege”)
• Promotes security and protects data and functionality from malicious behavior
• Uses RAL to manage user privileges on the terminals and requires authenticated logons
Why is RAL Now Required with the 15.1 Solution?
• In 15.1 the system now runs normally using a standard account (“terminal account”) with limited permissions
• The system starts the RALAdminHelper service to grant elevated privileges to authorized services when needed.
• When the system no longer requires elevated privileges, the system stops the RALAdminHelper service and restores least privilege permissions.
• RAL is required with the Aloha v15.1 Suite.
• RAL creates user accounts for each Aloha service, each FOH terminal with randomized passwords that rotates automatically.
7
PCI-DSS Requirements and RAL Changes
HOW RAL CHANGED TO MEET PCI 3.1 REQUIREMENTS
RAL is no longer optional it’s required with POS version 15.1 and later
RAL adds a RALAdminHelper service
Replaces traditional User01/Aloha users for terminal logins and replaces them with per terminal user
Terminals can be joined to a Domain for internal support purposes
RAL assigns its own user for CTLSVR and AlohaAlertEngine services Standard User permissions apply
Login user assigned to run FOH will use RAL’s assigned userCannot log in as a Domain user for FOH to run
Accounts running services must log into RAL via BOH to save changes
What Do You Mean the Bootdrv Isn’t Shared?
• Bootdrv share no longer needed to sync files between the FOH and BOH
• Exceptions to change are:
• On FOH the parent directory of %LOCALDIR% is shared as Bootdrv only with EDCSvrUser to support recovery from spooldown mode
• On BOH, RAL creates a temporary Bootdrv shares for RALUpgradeUserto support return to service terminals, that may be running older versions of RAL, to connect to the BOH to obtain a username/password
Aloha 15.1: Prerequisites
10
Overview of 15.1 Solution Prerequisites
• Migration to Aloha Suite Installer
• Remote Auto Loader (RAL) Now Required
• 15.1 Solution Pre-Upgrade Checklist
• Front of House Hardware Requirements & Software Prerequisites
• Back of House Hardware Requirements & Software Prerequisites
• Supported Operating Systems
• Updated Network Configuration Requirements
• Aloha Product Prerequisites
11
15.1 Solution Pre-UpgradeChecklist Tasks
• To ensure a smooth transition to NCR Aloha Suite v15.1 solution, complete a thorough review of your environment prior to upgrading.
• Leveraging the 15.1 pre-upgrade checklist provides a clear outline of pre-upgrade tasks to help ensure your success.
FOH Hardware Requirements & Software Prerequisites
Component Core Core+ 1 Additional App
Processor 1.3 GHz 1.6+ GHz
Storage4 GB (WES & POSReady 2009)16 GB ( POSReady 7)
4 GB (WES & POSReady 2009)16 GB ( POSReady 7)
Memory (RAM) 2 GB 3 GB
Network Interface 10/100/1000 10/100/1000
Software Core Core+ 1 Additional App
.NET Framework v4.5.2 (4.0 on XP-based OS) v4.5.2 (4.0 on XP-based OS)
C++ Redistributable
2012 Update 4 (v11.0.61030) 2012 Update 4 (v11.0.61030)
BOH Hardware Requirements & Software Prerequisites
*Although Microsoft Visual C++ Redistributable 2012 Update 4 is listed as the minimum version, this does not necessarily indicate that the earlier versions 2005 and 2008 C++ redistributables are no longer needed.
Component Minimum Recommended Recommended PLUS*
Processor1.8 GHz Multi Core
3.0 GHz Multi Core 3.0 GHz Multi core
Storage 80 GB 160 GB 160 GB
Memory (RAM) 4 GB 4 GB 8GB
Network Interface Required Required Required
Software Minimum Version
.NET Framework .NET 4.5.2
C++ Redistributable
2012 Update 4 (v11.0.61030)
Supported Operating Systems
FOH Core Core+ 1 Additional App
OS
Windows Embedded Standard Windows Embed POSReady 2009Windows Embed POSReady 7Windows 10
Windows Embedded Standard Windows Embed POSReady 2009Windows Embed POSReady 7Windows 10
BOH Minimum Recommended Recommended PLUS*
OSWindows Svr 2008 R2 Windows 7 Pro
Windows Svr 2012 R2 StdWindows 10 Professional
Windows Svr 2012 R2 StdWindows 10 Professional
Updated Network Configuration Requirements
• Updates to Windows, Hardware, and Network firewalls should be applied and tested prior to upgrading your solution
• Antivirus software and whitelisting applicationsshould also be updated accordingly.
• It is recommended to open the required ports in Windows Firewall, even if disabled by default.
15.1 Solution Product Upgrade Prerequisites
Aloha 15.1: Solution Upgrade Process
Aloha Suite Installer INTRO
Introduction to the Aloha
Suite Installer
• The new installer protects Cardholder Data by complying with the PCI 3.1 Security Standards
• This new installation process also accommodates *PA-DSS Requirement 3.4
• Aloha Suite Installer is used to download and install POS Aloha 15.1 as this release is PCI 3.1/PA-DSS 3.4 compliant
• Uses RAL for installing Front of House products on terminals
• Examines prerequisites and products and
• Prevents the selection and installing of incompatible versions
• Streamlines Product Installation
Benefits of the Aloha
Suite Installer
• Generates multi-product installation packages and links for use with CMC Deploy
• Installs will now validate and/or installs on the BOH required prerequisites prior to, or as a part of, the solution upgrade process
• Application version compatibility logic now built into the Aloha Suite Installer
• Required applications automatically populate with the recommended versions
• Optional applications selected will display the recommended / compatible versions
Benefits of the Aloha
Suite Installer
(continued)
• Improved reporting details on failed installs and prerequisites validation
• CMC will now display return codes with a two-digits number to represents the specific application that failed
• Installation logs are now maintained in the TMP folder and all start with “NCR_” for easy identification.
• Debout.NCR_InstallServices_YYYYMMDDHHSS.log
• Debout.NCR_InstallServices_YYYYMMDDHHSS_product.exe.log
• When installing Interactively (with UI), errors are displayed in plain English for understandability rather than numerically.
Suite Installer packages
Aloha Suite Installer
Packages
Aloha Suite Installer - Active Validation
• Aloha Update prevents selecting incompatible product versions
• Product versions appear available based on prior selections
• EDC version will always be > POS version
Aloha Suite Installer – Passive Validation
Dependencies that appear in red are a reminder that these versions are necessary for the product
What Does the Aloha Suite Installer Launch?
• After downloading an installer package, a folder is created
• Package must be selected to create a folder with contents
• Launches Setup.exe automatically
What Does the Aloha
Suite Installer Launch?
• Setup.exe checks for Prerequisites
• Evaluates environment variables
• Shows the EULA for acceptance
• Shows the installation type
• Determines service users
• Examines Aloha.ini
• Checks the RAL manifest for products to install
Aloha Suite Installer Launch Process
(continued)
• Installs needed prerequisites
• Stops all NCR Aloha services
• Installs products in order
• POS, EDC, RAL, ATG, AK, ATO, OP, FPS
• Waits for ‘exit’ for all installers
• Copies New Data folder to Data
• Restarts Services
• View Process report for results
Aloha Suite Installer Return Codes
What are Return Codes?
A return code is the exit status of a process, and it may include any of the broad categories for error reporting.
How Are Return Codes Used?
We use return codes to help determine if an installation was successful or unsuccessful for our team.
These codes are often associated to a generic message, especially in the case of any unforeseen errors that may have occurred during installation.
A return code for a successful installation is shown as the numerical value of: 0
Aloha Suite Installer Return Codes
(continued)
Conversely, a return code for an unsuccessful installation lead to an error message that is generated and added to the logs.
To help find a resolution for any error-based return codes, we also apply a product code. This two-digit product code is appended to the end of the return code, so that we can better diagnose the error instance.
Example: Return Code (1406) + Product Code (2)
Error message result: 14062
Explanation: “Could not write value [2] to key [3]. System error [4]” on “POS”.
The product code links to multiple services we offer in our Aloha Suite.
Aloha Suite Installer Package Link
• Copy link if you want to download later
• Link expires in 30 days
• Maximum size with all products 240MB
Troubleshooting
Trouble -shooting
• ATG 17.x and higher no longer creates an ATG folder on the FOH terminal; you will also no longer see ATG running as a service or process on the FOH
• Aloha Loyalty customer’s should migrate from AlohaLoyalty Providers configuration to the new AlohaEnterpriseLoyalty configuration
38
How to Access the FOH as an
Administrator in 15.1
• Leverage RAL to set credentials for the built-in Admin account
• Launch RAL on the BOH, then select BOH Config
• Within the ‘Windows User Account’ group, click Change Administrator Password for all Terminals.
• Enter the Password and Confirm
How to Access the FOH as an Administrator in 15.1
• Use CMC and VNC to Switch to an Administrator Account on the terminal
• Use the same method once you’ve finished your administrative tasks to disable the user
NCR Synergy 2017: Confidential
Aloha 15.1: Best Practices
Planning Is EverythingCurrent Solution Assessment
• Hardware
• Environment
• Version Mix
• New Features
• Migration Planning
Phased Upgrade Approach
• Phase 1 – CFC, CMC, NBO, ASV, Insight
• Phase 2 - Store-side Products, Loyalty
Environment Preparation
• Hardware Refresh
• Pre-upgrade Checklist
• HASP Key Updates
• Software Prereqs
• New Feature Selection
New Site Deployments
• Hardware Image Updates
• Update Staging Processes
• Leverage New Hardware Options (Recovery Partition)
• Pre-Upgrade Checklists (NCRU)
• Diagnostic Utility (Aloha Update)
• Image Builder (Aloha Update) – Automated Image Creation & Staging Application
• Aloha Suite Installer
• Training Classes
• Documentation Posted on NCRU
Self Help Tools & Utilities
Available to All Partners
Self Help Tools & Utilities
Pre-Upgrade Checklist• Available on NCRU for download
• To ensure a smooth transition to NCR Aloha Suite v12.3 and higher, pre-upgrade checklists are available to guide users through a thorough review of the environment prior to the upgrade.
• The pre-upgrade checklists provide a clear outline of pre-upgrade tasks to help ensure customer’s success
Self Help Tools & UtilitiesDiagnostic Utility
• Available on Aloha Update• Use the Diagnostic Utility to
discover and validate system information against pre-defined rules to diagnose discrepancies or errors in your system environment
• Assists in troubleshooting issues in the field without the need for customer intervention.
• Outputs information to an easy to read log file
Self Help Tools & UtilitiesImage Builder/Staging App
• Available on Aloha Update for download
• Image Builder (IB) application can be leveraged to fully configure the proper environment for an Aloha Suite BOH machine
• IB simplifies the lengthy process of building a base image into a few minutes
• Can be used to automate staging a machine to a specific site or validate the configuration of one
Self Help Tools & Utilities
Aloha Suite Installer
• Generates multi-product install packages deployable via link
• Built-in prerequisite and required applications validation
• Aloha BOH prereqs are now installed as part of this install process
• Application version compatibility logic built into the Suite Installer
• Req. applications auto-populate with the recommended ver.
Self Help Tools & UtilitiesAloha Suite Installer (continued)
• Optional applications selected will display compatible ver.
• Improved reporting details on prereqs & installs validation
• CMC will now display return codes with a two-digits number to represents the specific application that failed
• When installing Interactively (with UI), errors are displayed in plain English rather than numerically
Self Help Tools & Utilities
Online Training Classes• Available since March,
2017
• Look for Dates/Times in eWeekly
• New recordings on NCRU
Self Help Tools & Utilities
Documentation Posted on NCRU• Reference Guides
• Enhancements Guide
• Installation Guide
• Pre-Upgrade Checklist
• and more…
In summary…
• 15.1 gives you a great story to help your customers navigate compliance and PCI
• A big change to the architecture of how Aloha works
• A version that has never had so much testing before it reaches you
• Our most stable Aloha POS version in our history, driving down your cost of support
• A toolkit of checklists, documentation and best practices to make you successful
Event AppProvide feedback and participate – gain rewards
Sessions: Check into each session
Take Survey
Get Points
Code: E064
What’s next?
Summary
Thank You!Questions?
