1 sur 15

Maitre'D Network Settings Guide

Document Revision History

Date

Ver.

Description

Pages

Network Hardware

Network Interface Card (NIC) Drivers

The very first step to ensure top performance from the network is to obtain and install the very latest available driver for your Network Interface Card (NIC). These drivers can be obtained from the manufacturer of the network interface card or networking chipset. Here is a list of some of the most popular brands and manufacturers: • 3Com • Realtek • Intel • D-Link • Netgear • Cisco / Linksys • Belkin • TRENDnet • StarTech • TP-Link

Microsoft Generic drivers

Very often, Windows will install a Microsoft generic driver for a device. While these drivers allow the device to function at a basic level, it may not be able to unlock all the features of the device. Whenever a device is using a Microsoft generic driver, steps should be taken to obtain and install the latest available manufacturer-approved driver.

System Manufacturers

If you own a PC that was manufactured by a major manufacturer such as Dell, HP/Compaq, IBM or others, you may not always have the latest drivers provided by the manufacturer. Always check your PC manufacturer’s site first, and then check your NIC manufacturer’s site, in case a more recent driver is available for your device and operating system

Multiple operating systems on the same network

Having the very latest driver available is crucial, especially if multiple operating systems are in use in your network, such as Windows Embedded POS Ready 2009 and Windows 7

Network equipment firmware

Network equipment, such as hubs, switches and routers have built-in firmware that can be updated. Check the manufacturer’s website to find the latest available firmware for your hardware, and apply these updates.

Hardware type

The hardware chosen plays a big part in network performance. For example, using an Ethernet switch will provide more bandwidth than a hub at the same speed, due to the full-duplex capability and the elimination of network collisions. Network cables are often neglected, yet they play a big part in the performance as well.

For instance, using Cat5e cables on a Gigabit Ethernet network may work, but you may find that the performance of such a network is worse than a 10BaseT network, because the cables are not suitable for the equipment.

Network hardware configuration

Once the latest drivers are installed for the network hardware, all the available settings and features will be unlocked. These settings and features are very often overlooked. Not only can they improve networking performance, but they can also improve general system performance by freeing up memory and CPU time by relieving the operating system of some basic tasks.

There are far too many manufacturers, device types and models to list all possible settings here. For a complete list of settings and features for your specific hardware, please consult your manufacturer’s website and documentation. Here is a quick list of settings that are common to almost all network adapter cards:

Speed settings

For 100Mbps and gigabit adapters, the speed will most likely be set to some kind of “auto detect” setting. The auto-detect feature generates a small amount of unneeded traffic to detect the speed of the network. If you know the actual speed at which your network is running, then make sure to select the same speed everywhere, instead of using the auto-detect feature. For example, if you have 100Mbps switches and adapters everywhere, then select 100Mbps on all your adapters and other network hardware you may have, such as switches, hubs, routers, etc.

Avoid “Throttling down”

Using components of different speeds on the same network or “Throttling down” generates a lot of overhead that will cause slower components to operate even slower than their nominal speeds.

For example, some newer network equipment supports Gigabit Ethernet (1000 Mbps), while some older equipment may still only support up to 100 Mbps. When working with such a mixed environment, make sure to use the highest common denominator, so that all equipment operates at the same speed setting. For instance, if a switch can operate at 10, 100 and 1000 Mbps but your main back-office computer can only support 10 and 100 Mbps, then configure everything to operate at 100 Mbps.

Duplex settings

Typically, available choices are Full Duplex or Half Duplex. An adapter working in Full Duplex can work at full speed while receiving and transmitting at the same time. An adapter working in Half Duplex can work at full speed while receiving, or at full speed when transmitting. If it is doing both at the same time, then the transmit/receive speed is cut in half.

For example, if you have a 100Mbps adapter running in half-duplex, it would be able to transmit at 100Mbps or receive at 100Mbps. However, if it is transmitting and receiving at the same time, then it would transmit at 50Mbps and receive at 50Mbps.

Adapters should always be set to Full Duplex. If that setting is not available, see if a driver update is available, or simply replace the network adapter with one that supports full duplex.

TCP/IP offloading

TCP/IP offloading should be enabled on all adapters that support it. This setting forces the network adapter to take care of TCP/IP transmit and receive checksums, instead of the operating system. This frees up CPU time as well as memory, and the adapter card performs much better than the operating system at these tasks. It can improve networking performance as well as general system performance.

Windows Updates

Microsoft periodically releases updates for its operating systems through an automated engine known as Windows Updates or Microsoft Updates. In many restaurants, workstations simply don’t have Internet access, and are therefore unable to get these important updates. These updates are absolutely necessary to ensure smooth operation of your system, and all updates labeled as “Critical” by Microsoft are absolutely necessary in order to maintain PCI-DSS compliance.

Manual updates

Whenever possible, the back-office PC should be allowed to install Windows updates automatically. However, even with automatic updates, some important updates (often called “recommended updates”) may not be installed. For this reason, you must run Windows Update manually from time to time, and install all recommended updates, not only the critical ones.

POS Workstation Updates

Just like the main back-office PC, POS workstations also need to be updated through Windows Updates. If the POS workstations don’t have direct internet access, make sure to get them connected at least periodically so they get all the latest updates and fixes. As with the main back-office PC, make sure to periodically run Windows Updates manually, and install any and all recommended updates in addition to critical updates.

Maitre’D 8 and Microsoft SQL Server 2008 R2

Windows Updates / Microsoft Updates will also update other Microsoft products you may have. If you are using Maitre’D 8, you also have Microsoft SQL Server 2008 R2 installed. Be sure to manually run Microsoft Updates periodically and be on the lookout for available updates and service packs for this product as well.

Advanced Network Settings (Windows 7)

Reorder and optimize protocols

1- Click the Windows 7 Orb, and select the Control Panel option.

2- Under Network and Internet, click on View network status and tasks.

3- On the left-hand side, click on Change adapter settings.

4- Select the Local Area Connection, or any connection you use to connect to the Maitre’D network, and click the Advanced menu.

a. If you can’t see the menu bar, click on the Organize button, point to Layout and click on the Menu Bar option.

5- From the Advanced menu, select the Advanced Settings… option.

6- As the Advanced Settings window opens on the Adapters and Bindings tab, locate the Local Area Connection in the top part of the window.

7- Select the Local Area Connection, and click the green up-arrow button to move it towards the top of the list.

8- Make sure that the Local Area Connection is at the very top of the list.

9- Make sure that the Local Area Connection remains selected. Then, using the same method as described above, make sure that the Internet Protocol Version 4 (TCP/IPv4) is listed first under each binding.

10-Repeat step #9 for each connection. For example, if you have multiple NIC cards, wireless adapters or VPN connections, make sure that the TCP/IPv4 protocol comes first for each of them.

11-Click on the Provider Order tab, and locate the Microsoft Windows Network provider.

12-Select the Microsoft Windows Network provider, and click the green up-arrow until it reaches the top of the list.

13-Click OK to save your settings and close this window.

14-Repeat these steps for each and every connection you use for Maitre’D on this PC, if there is more than one.

15-Repeat these steps on all Windows 7 PCs across your network.

Disable TCP/IPv6

The 128 bit TCP/IPv6 is the protocol that is meant to replace the current 32 bit TCP/IPv4 protocol. However, as of November 2016, TCP/IPv6 traffic barely represents 16% of all the Internet traffic monitored by Google1 . Furthermore, TCP/IPv6 used in conjunction with TCP/IPv4 on the same system is known to have caused communication issues.

For these reasons, it is recommended that the TCP/IPv6 be disabled on all systems that support it. These include:

• Windows 7 • Windows 8.1 • Windows 10 • Windows Server 2008

Warning!

Before disabling the TCP/IPv6 protocol, please ensure that it is not used within the organization and that there are no plans to do so in the near future. Also, please confirm this information with the local IT department or system administrator. Note that disabling the TCP/IPv6 is not permanent. It can very easily be re-enabled should it be required in the future.

1- Click the Windows 7 Orb, and select the Control Panel option.

2- Under Network and Internet, click on View network status and tasks

3- On the left-hand side, click on Change adapter settings.

4- Right-Click the Local Area Connection, or any connection you use to connect to the Maitre’D network, and select the Properties option.

5- The Local Area Connection Properties window will open. Remove the check mark from Internet Protocol Version 6 (TCP/IPv6).

6- Click OK to save the changes, and close all other remaining windows.

If there is a need to re-enable Internet Protocol Version 6 (TCP/IPv6), simply follow the exact same steps as described above to reach the local area connection properties, and re-enable the checkmark.

Windows Firewall Rules (exclusions)

Normally, all the required exceptions are automatically added to the Windows firewall the first time you start Maitre’D. However, to ensure fluid communications between multiple operating systems, additional firewall rules could be setup.

Here are the instructions to create rules in the Windows Firewall under Windows XP Professional. These steps are somewhat similar to those of Windows 7. Of course, there are other Firewalls available, but there are far too many to give detailed instructions about all of them. For more details on setting up rules for other firewalls, please consult the documentation that was provided with the software that you purchased.

1- Click the Windows Start button, and select the Control Panel option.

NOTE: The screenshots were taken on Windows XP. Settings for Windows 7, 8.1 and 10 are similar.

2- Double-click on Windows Firewall

3- Click on the Exceptions tab.

4- Click on Add Program…

5- Click Browse…

6- Browse to C:\POSERA\MaitreD\PRG, select the file called bosrv.exe, and click Open.

7- The program will be displayed in the list.

8- Repeat the above steps for the following programs, which are all located under C:\POSERA\MaitreD\PRG.

a. Bosrveft.exe b. Boreport.exe

9- Click OK to close this window.

10-You will be back to the Exceptions tab. Now, click on Add Port.

11- You will be opening port 1001 on the firewall. This port is used for Workstation communication. Therefore, give a meaningful name to this rule, such as “Maitre’D Workstations”, and type in 1001 in the port number field.

12- Select the TCP option, and then click OK to save this rule. 13-Create another port rule for port 1002 using the same steps as above. 14-Lastly, click OK to save your settings and close the Windows Firewall configuration window.

If you have a different firewall or if you are using a different version of Windows, please consult the relevant documentation which came with your software to learn how to setup exceptions and rules.

Please read the next section for a complete list of ports and applications used in Maitre’D 7.05 and Maitre’D 8.

Data Execution Prevention

Description

Windows Server 2003, Windows Server 2008 and Windows Server 2012 all have the Data Execution Prevention (DEP) security tool enabled for all programs and services by default. This feature is required for security purposes, and should never be disabled for any reason. This feature prevents applications from running malicious code on your server and is essential for its protection. It is also required for PCI-DSS compliance.

However, Maitre’D processes and executable files need to be excluded from DEP in order for some Maitre’D features to work properly. This section will explain how to exclude Maitre’D files and processes from DEP.

NOTE: On Windows XP, Windows 7 and Windows 8, DEP is enabled only for essential Windows programs and services by default. Therefore, the configuration explained in the following section does not need to be applied to these operating systems.

Excluding Maitre’D Processes from DEP

1- Click the Windows Server 2008 Start button, and select Control Panel.

2- Select System and Security.

3- Select System

4- On the left-hand side, click on Advanced System Settings.

5- The System Properties window will open on the Advanced tab. Click the Settings… button located in the Performance section.

6- Click the Data Execution Prevention tab, and click the Add… button.

7- Select the executable file to be excluded from DEP, and click the Open button.

8- A new entry will be added to the DEP list as Maitre’D Suite.

9- Repeat the process for all Maitre’D executables that need to be excluded from DEP. They will all be listed as Maitre’D Suite. This is normal.

List of executables to exclude from DEP

All versions

• C:\POSERA\MaitreD\PRG\BoSrv.exe • C:\POSERA\MaitreD\PRG\BoSrvEFT.exe • C:\POSERA\MaitreD\PRG\Bo.exe • C:\POSERA\MaitreD\PRG\Boar.exe • C:\POSERA\MaitreD\PRG\Bocnfg.exe • C:\POSERA\MaitreD\PRG\Bodeliv.exe • C:\POSERA\MaitreD\PRG\Boeft.exe • C:\POSERA\MaitreD\PRG\Bofloor.exe • C:\POSERA\MaitreD\PRG\Bogl.exe • C:\POSERA\MaitreD\PRG\Boinv.exe • C:\POSERA\MaitreD\PRG\Bopos.exe • C:\POSERA\MaitreD\PRG\BoReport.exe • C:\POSERA\MaitreD\PRG\BoTa.exe • C:\POSERA\MaitreD\PRG\Converter.exe • C:\POSERA\MaitreD\PRG\Mapper.exe • C:\Windows\System32\Crypserv.exe • C:\ProgramData\Posera\Maitre'D\8(or 7)\Crp32002.ngn

Maitre’D 7.05 only

• C:\POSERA\MaitreD\PRG\BoUtil.exe

Maitre’D 8.0 only

• C:\POSERA\MaitreD\PRG\DatabaseCenter.exe • C:\POSERA\MaitreD\PRG\BoSafe.exe • C:\POSERA\MaitreD\PRG\MDAgent.exe • C:\POSERA\MaitreD\PRG\MDEODMonitor.exe • C:\POSERA\MaitreD\PRG\MDMonitor.exe • C:\POSERA\MaitreD\PRG\MDProcessor.exe

User Accounts Control (UAC)

What is UAC?

User Account Control (UAC) is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012 and Windows 10. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorizes it.

Disabling UAC

DO NOT disable UAC. Before installing Maitre’D, make sure that UAC is active and set to the default (Recommended) level. As a security feature, UAC is required to operate at all times on all Windows systems that support it. This is also necessary to maintain PCI-DSS compliance on all systems using Electronic Funds Transfer, even in EMV environments.

NOTE: In Windows 8.1 and Windows 10, disabling UAC will cause some operating system features to stop working. Also, installing any software in a “non-UAC” environment and re-enabling UAC afterwards WILL cause issues. For instance, automatic End of Day may not work, or you may be unable to start or stop the Maitre’D Back-Office server from the Server Control module.

Ports / Process List for Maitre’D 7

Here is a list of all default ports and processes commonly used in Maitre’D 7. Use this list to help in building rules and exception for firewalls and Anti-Virus software.

TCP Ports

TCP Port 1001

Traffic: Inbound and Outbound Protocol: TCP Services: Applications Applications: BOSRV.EXE, POS.EXE, STARTER.EXE. Network: LAN only This is the default port used by the Maitre’D Back-Office server to initiate communication with the workstations and needs to be open for inbound and outbound traffic on the local network only. This port is user-configurable in Server Control / View / Options / Advanced / TCP/IP Port.

TCP Port 1002

Traffic: Inbound and Outbound Protocol: TCP Services: Applications Applications: All Maitre’D applications Network: LAN only This port is used by workstations to initiate communication with the Maitre’D Back-Office server and needs to be open for inbound and outbound traffic on the local network only. This port number could change depending on what has been configured as default communication port. The port number will always be Default Port + 1. For instance, if the default port is set to 5000, then workstations will use TCP port 5001 to initiate communications.

Ports for Electronic Funds Transfer (EFT)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, BOSRVEFT.EXE, varies according to service provider. Network: LAN and Internet Ports used for EFT vary according to processors / acquirers. Please review the documentation provided by your EFT processor / acquirer to learn which ports need to be opened. For some interfaces, the TCP port is user-configurable through EFT / View / Options / Interface. In all cases, ports used need to be opened for inbound and outbound traffic over the local network as well as over the internet.

NOTE: A lot of providers use TCP Port #443 (HTTPS), but some may use other ports as well.

Room Charge Interface (TCP/IP based protocols only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, varies according to service provider. Network: LAN only The TCP port used for the Room Charge / Hospitality / PMS interface is userconfigurable from Server Control / View / Options / Room Charge / Communication / IP Port. Please review the documentation provided by your Room Charge / Hospitality / Property Management software provider.

Frequent Diner Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, varies according to service provider. Network: LAN and Internet The TCP port used for the Frequent Diner interface is user-configurable from Server Control / View / Options / Frequent Diner / Communication / TCP Port. Please review the documentation provided by your Frequent Diner interface provider.

Gift Certificate Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, BOSRVEFT.EXE, varies according to service provider. Network: LAN and Internet The TCP port used for the Gift Certificate interface is user-configurable from Server Control / View / Options / Gift Certificate / Communication / TCP Port. Please review the documentation provided by your Gift Certificate interface provider.

Table Management Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, MDProcessor.exe, varies according to service provider. Network: LAN and Internet The TCP port used for the Table Management interface is user-configurable from Server Control / View / Options / Table Management / Port. Please review the documentation provided by your Table Management interface provider.

Schedule Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, MDProcessor.exe, varies according to service provider. Network: LAN and Internet The TCP port used for the Schedule interface is determined by the service provider. In Maitre’D, a URL to communicate with the service provider is configured in Time & Attendance / View / Options / Schedule Interface. Please review the documentation provided by your Table Management interface provider.

Note on Threaded Communication

If your system has the Threaded Communication enabled (ThreadedComm=2 in the bo.ini) more ports are actually used by Maitre’D to communicate with workstations. With this option enabled, Maitre’D receives data over ports 1001 and 1002, and then replies to the workstation over another port so that TCP Ports 1001 and 1002 remain free.

The port number that will be used by Maitre’D to reply to the workstation is determined by the Windows network driver. Typically, the first available port will be used. These extraneous ports are used for outbound communication only, so they should not be blocked by your local firewall.

Processes / Applications

In order to ensure smooth operations, rules should be added to firewalls and anti-virus software so that the following processes and applications are never blocked or scanned:

Bosrveft.exe

This is the process managing all Electronic Funds Transfer (EFT) transactions. This process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

BoReport.exe

This application is actually the Report Center module. It does not need to communicate through firewalls, but it does need to be excluded from virus scans or other software which may interpret BoReport.exe’s behavior as a threat.

GHServer.exe

This is the process that manages E-Global Head-Office server communication with restaurants. If used, this process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

GHClient.exe

This is the process that manages E-Global communication from the restaurant to the Head-Office server. If used, this process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

MDProcessor.exe

This is the process that manages the Maitre’D Schedule and Table Management Interfaces. If used, this process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

Certificate validation

On corporate networks with high levels of security and restrictions, Security Alerts about security certificates like the examples below may appear:

NOTE: Dialog boxes may differ slightly depending on your Windows version and your language settings.

To resolve this issue :

1- Ask the network administrator or IT department to unblock / whitelist the following

URL: http://ocsp.pki.goog

Once you receive confirmation from your IT department or network administrator that the URL has been unblocked or whitelisted, you can confirm that the issue is resolved by following these steps:

1- open an internet browser window (Google Chrome, Microsoft Edge, Firefox, etc…), then copy the URL below and paste it into your browser’s address bar:

http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUA BBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ% 2BuksCEAMtBRMuCmJTJfoYmAg9mqk%3D

2- A prompt to download a file should appear.

NOTE: The appearance of the dialog may differ depending on your browser and Windows version used.

3- Click the Cancel button. (There is no need to actually download this file. The simple fact that the download prompt comes up is enough to tell that the URL was correctly unblocked.)

The issue is now resolved.

Ports / Process List for Maitre’D 8

Here is a list of all default ports and processes commonly used in Maitre’D 8. Use this list to help in building rules and exception for firewalls and Anti-Virus software.