WIXLIB

Aloha POS v15.1 Deep Dive

Aloha 15.1:What theChanges Mean to You?

PCI 2.0 vs. 3.1 &Aloha VersionsPCI 2.0WHO:Existing customers who use EDC maycontinue to rollout Aloha versions 12.x, 14.x.NOTE: audits will be against PCI 3.1standards so customers should have aplan in place to get PCI 3.1 compliant.WHAT:POS v12.3-14.2 EDC with compensatingcontrols (any necessary adjustments theyneed to implement for a secureenvironment. This varies by customer.PCI 3.1WHO:New NCR customers must be implement aPCI 3.1 compliant solution.WHAT:POS v12.3 or higher Connected PaymentsNOTE: considerations to ensure all productshandling payments are upgraded tominimum versions that support CP (e.g. POS,ATO, AO, etc).15.1 Solution with EDC*Aloha POS v 6.7 will EOL after 31AUG2017 and thus is not referenced as a go-to solution.

What is Least Privilege? PCI 3.1 requires that servicesassociated with standard useraccounts must run with the fewestpermissions required(e.g. “leastprivilege”) Promotes security and protects dataand functionality from maliciousbehavior Uses RAL to manage user privilegeson the terminals and requiresauthenticated logons

Why is RAL Now Required withthe 15.1 Solution? In 15.1 the system now runs normally using a standard account(“terminal account”) with limited permissionsThe system starts the RALAdminHelper service to grantelevated privileges to authorized services when needed.When the system no longer requires elevated privileges, thesystem stops the RALAdminHelper service and restores leastprivilege permissions.RAL is required with the Aloha v15.1 Suite.RAL creates user accounts for each Aloha service, each FOHterminal with randomized passwords that rotates automatically.

PCI-DSS Requirements and RALChangesHOW RAL CHANGED TO MEET PCI 3.1 REQUIREMENTSRAL is no longer optional it’s required with POSversion 15.1 and laterRAL adds a RALAdminHelper serviceReplaces traditional User01/Aloha users forterminal logins and replaces them with perterminal userTerminals can be joined to a Domain forinternal support purposesRAL assigns its own user for CTLSVR andAlohaAlertEngine services Standard Userpermissions applyLogin user assigned to run FOH will use RAL’sassigned userCannot log in as a Domain user for FOH to runAccounts running services must log into RAL viaBOH to save changes7

What Do You Mean theBootdrv Isn’t Shared? Bootdrv share no longer needed tosync files between the FOH and BOH Exceptions to change are: On FOH the parent directory of%LOCALDIR% is shared as Bootdrvonly with EDCSvrUser to supportrecovery from spooldown mode On BOH, RAL creates a temporaryBootdrv shares for RALUpgradeUserto support return to service terminals,that may be running older versions ofRAL, to connect to the BOH to obtain ausername/password

Aloha 15.1: Prerequisites

Overview of 15.1 SolutionPrerequisites Migration to Aloha Suite InstallerRemote Auto Loader (RAL) Now Required15.1 Solution Pre-Upgrade ChecklistFront of House Hardware Requirements & Software PrerequisitesBack of House Hardware Requirements & Software PrerequisitesSupported Operating SystemsUpdated Network Configuration RequirementsAloha Product Prerequisites10

15.1 Solution Pre-UpgradeChecklist Tasks To ensure a smooth transition toNCR Aloha Suite v15.1 solution,complete a thorough review ofyour environment prior toupgrading. Leveraging the 15.1 pre-upgradechecklist provides a clear outlineof pre-upgrade tasks to helpensure your success.11

FOH Hardware Requirements &Software PrerequisitesComponentCoreCore 1 Additional AppProcessor1.3 GHz1.6 GHzStorage4 GB (WES & POSReady 2009)16 GB ( POSReady 7)4 GB (WES & POSReady 2009)16 GB ( POSReady 7)Memory (RAM)2 GB3 GBNetwork Interface10/100/100010/100/1000SoftwareCoreCore 1 Additional App.NET Frameworkv4.5.2 (4.0 on XP-based OS)v4.5.2 (4.0 on XP-based OS)C Redistributable2012 Update 4 (v11.0.61030)2012 Update 4 (v11.0.61030)

BOH Hardware Requirements &Software d PLUS*Processor1.8 GHz MultiCore3.0 GHz Multi Core3.0 GHz Multi coreStorage80 GB160 GB160 GBMemory (RAM)4 GB4 GB8GBNetwork InterfaceRequiredRequiredRequiredSoftwareMinimum Version.NET Framework.NET 4.5.2C Redistributable2012 Update 4 (v11.0.61030)*Although Microsoft Visual C Redistributable 2012 Update 4 is listed as the minimum version, this does notnecessarily indicate that the earlier versions 2005 and 2008 C redistributables are no longer needed.

Supported Operating SystemsFOHCoreCore 1 Additional AppOSWindows Embedded StandardWindows Embed POSReady 2009Windows Embed POSReady 7Windows 10Windows Embedded StandardWindows Embed POSReady 2009Windows Embed POSReady 7Windows 10BOHMinimumOSWindows Svr 2012 R2Windows Svr 2008 R2 Windows Svr 2012 R2 Std StdWindows 7 ProWindows 10 Professional Windows 10ProfessionalRecommendedRecommended PLUS*

Updated NetworkConfiguration Requirements Updates to Windows, Hardware,and Network firewalls shouldbe applied and tested prior toupgrading your solution Antivirus software andwhitelisting applicationsshould also be updatedaccordingly. It is recommended to open therequired ports in WindowsFirewall, even if disabled bydefault.

15.1 Solution Product UpgradePrerequisites

Aloha 15.1: SolutionUpgrade Process

Aloha SuiteInstaller INTRO

Introductionto the AlohaSuiteInstaller The new installer protects Cardholder Data bycomplying with the PCI 3.1 Security Standards This new installation process alsoaccommodates *PA-DSS Requirement 3.4Aloha Suite Installer is used to download andinstall POS Aloha 15.1 as this release is PCI3.1/PA-DSS 3.4 compliantUses RAL for installing Front of House productson terminals Examines prerequisites and products andPrevents the selection and installing ofincompatible versionsStreamlines Product Installation

Benefits ofthe AlohaSuiteInstaller Generates multi-product installationpackages and links for use with CMC DeployInstalls will now validate and/or installs onthe BOH required prerequisites prior to, oras a part of, the solution upgrade processApplication version compatibility logic nowbuilt into the Aloha Suite Installer Required applications automaticallypopulate with the recommended versions Optional applications selected will displaythe recommended / compatible versions

Benefits ofthe AlohaSuiteInstaller(continued) Improved reporting details on failed installs andprerequisites validation CMC will now display return codes with a twodigits number to represents the specificapplication that failed Installation logs are now maintained in the TMPfolder and all start with “NCR ” for easyidentification. Debout.NCR InstallServices YYYYMMDDHHSS.log Debout.NCR InstallServices YYYYMMDDHHSSproduct.exe.log When installing Interactively (with UI), errors aredisplayed in plain English for understandabilityrather than numerically.

Suite Installerpackages

Aloha SuiteInstallerPackages

Aloha Suite Installer - ActiveValidation Aloha Update preventsselecting incompatibleproduct versions Product versions appearavailable based on priorselections EDC version will alwaysbe POS version

Aloha Suite Installer – PassiveValidationDependencies thatappear in red are areminder that theseversions are necessaryfor the product

What Does the Aloha SuiteInstaller Launch? After downloading an installerpackage, a folder is created Package must be selected tocreate a folder with contents Launches Setup.exeautomatically

What Doesthe AlohaSuiteInstallerLaunch? Setup.exe checks for Prerequisites Evaluates environment variables Shows the EULA for acceptance Shows the installation type Determines service users Examines Aloha.ini Checks the RAL manifest for products toinstall

Aloha SuiteInstallerLaunchProcess(continued) Installs needed prerequisites Stops all NCR Aloha services Installs products in order POS, EDC, RAL, ATG, AK, ATO, OP, FPS Waits for ‘exit’ for all installers Copies New Data folder to Data Restarts Services View Process report for results

Aloha suiteinstallerintro

What are Return Codes?A return code is the exit status of a process, andit may include any of the broad categories forerror reporting.Aloha SuiteInstallerReturnCodesHow Are Return Codes Used?We use return codes to help determine if aninstallation was successful or unsuccessful forour team.These codes are often associated to a genericmessage, especially in the case of anyunforeseen errors that may have occurredduring installation.A return code for a successful installation isshown as the numerical value of: 0

Conversely, a return code for an unsuccessfulinstallation lead to an error message that isgenerated and added to the logs.Aloha SuiteInstallerReturnCodes(continued)To help find a resolution for any error-basedreturn codes, we also apply a product code. Thistwo-digit product code is appended to the end ofthe return code, so that we can better diagnosethe error instance.Example: Return Code (1406) Product Code(2)Error message result: 14062Explanation: “Could not write value [2] tokey [3]. System error [4]” on “POS”.The product code links to multiple services weoffer in our Aloha Suite.

Upgradewith Alohasuiteinstaller

Aloha Suite Installer PackageLink Copy link if you want todownload laterLink expires in 30 daysMaximum size with allproducts 240MB

Troubleshooting

Trouble shooting ATG 17.x and higher no longer creates anATG folder on the FOH terminal; you willalso no longer see ATG running as aservice or process on the FOH Aloha Loyalty customer’s should migratefrom AlohaLoyalty Providersconfiguration to the newAlohaEnterpriseLoyalty configuration

Leverage RAL to setcredentials for the builtin Admin accountHow toAccess theFOH as anAdministratorin 15.1 Launch RAL on theBOH, then select BOHConfig Within the ‘WindowsUser Account’ group,click ChangeAdministratorPassword for allTerminals. Enter the Password andConfirm38

How to Access the FOH as anAdministrator in 15.1 Use CMC and VNC toSwitch to anAdministrator Accounton the terminal Use the same methodonce you’ve finishedyour administrativetasks to disable the user

Aloha 15.1: Best PracticesNCR Synergy 2017: Confidential

Planning Is EverythingCurrent SolutionAssessmentPhased UpgradeApproach Hardware Phase 1 – CFC, CMC,NBO, ASV, Insight Environment Phase 2 - Store-sideProducts, Loyalty Version Mix New Features Migration PlanningEnvironment PreparationNew Site Deployments Hardware Refresh Hardware ImageUpdates Pre-upgrade Checklist HASP Key Updates Software Prereqs New Feature Selection Update StagingProcesses Leverage New HardwareOptions (RecoveryPartition)

Available to All PartnersSelf HelpTools &Utilities Pre-Upgrade Checklists (NCRU) Diagnostic Utility (Aloha Update) Image Builder (Aloha Update) – AutomatedImage Creation & Staging Application Aloha Suite Installer Training Classes Documentation Posted on NCRU

Self Help Tools & UtilitiesPre-Upgrade Checklist Available on NCRU for download To ensure a smooth transition toNCR Aloha Suite v12.3 andhigher, pre-upgrade checklistsare available to guide usersthrough a thorough review of theenvironment prior to the upgrade. The pre-upgrade checklistsprovide a clear outline of preupgrade tasks to help ensurecustomer’s success

Self Help Tools & UtilitiesDiagnostic Utility Available on Aloha Update Use the Diagnostic Utility todiscover and validate systeminformation against pre-definedrules to diagnose discrepanciesor errors in your systemenvironment Assists in troubleshootingissues in the field without theneed for customer intervention. Outputs information to an easyto read log file

Self Help Tools & UtilitiesImage Builder/Staging App Available on Aloha Update fordownload Image Builder (IB) application can beleveraged to fully configure the properenvironment for an Aloha Suite BOHmachine IB simplifies the lengthy process ofbuilding a base image into a fewminutes Can be used to automate staging amachine to a specific site or validatethe configuration of one