In NiagaraAX, all folders and files are installed and created/maintained under a single Sys Home directory. For example, for a Windows PC platform that directory is: C:\niagara\niagara-3.8.111. This directory includes runtime files and executables (modules, JRE, bin) along with configuration data files (stations, Workbench options and registry).

To improve security, these files and folders are relocated in Niagara 4. See Platform and station file systems.

In NiagaraAX, each software module typically contains multiple content levels: “runtime”, “user interface” (ui), and sometimes “doc”. When installing modules in JACE controllers that are unable to utilize all levels, AX platform tools “filter” out unneeded content levels at install time. However, Niagara 4 uses the Java Security Manager, which does not support this model. So, software modules in Niagara 4 were refactored, essentially split into two or more separate modules JAR files that differ by runtime profile (-rt, -ux, -wb, -se, -doc). This also simplifies future module updates.

The N4 migration tool addresses refactoring when converting an AX station. However, if you have stations that use custom or third-party modules, those modules must be refactored the same way before starting a migration.

A number of changes to a station’s UserService and child User components occurred in Niagara 4, which provide easier ways to manage large groups of station users. Coupled with new “Role” components and “Tagged Categories”, permissions management is more logical and flexible. A related new AuthenticationService architecture allows the flexibility to specify the “authentication scheme” to use for station access at the user level. Among other things, this lets you integrate LDAP users into a station’s standard UserService, (no special LDAP or Active Directory user service required).

The FoxService component in Niagara 4 was relocated to each station’s main Services container, rather than existing as a frozen slot under the NiagaraNetwork component. Other related authentication changes were made as well.

As part of increased security in Niagara 4, the station process in all JACE controllers runs as an “unprivileged process”, where such processes cannot bind to TCP/UDP ports less than 1024. This affected some services and network types operating as servers using standard ports in this range.

To accommodate this, a new “Server Port” component architecture is used, where client requests to the standard privileged ports are automatically redirected to other (higher) unprivileged ports. Most notably, the default HTTP and HTTPS ports of 80 and 443 for a station’s WebService are now automatically redirected to ports 8080 and 8443. For related details, see “Server Port model” in the NiagaraAX Platform Guide.