LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

Remote panel and selective control access through Security with DSC

Solved!
Go to solution

Hi Everyone,

I looked around to see what labview had to offer concerning security of remote panel and all the solutions I've found only propose full access to a remote panel, or none. The login page is not an option for me as everyone on the intranet can access the remote panel for monitoring but not everyone can have control to the buttons on it.

 

With the DSC module, I can give securities to the different controls and it works great with the exe, if I log in or out, the controls appears or disapears. Unfortunately, with remote panels, those controls are always visibles. Furthermore, when I log in from a remote panel, all the other remote panels get logged in with the same username and priviledges. When I log out, same thing, it logs out all the other remote panels. So the last guy who logs in gives its priviledges to every one else who is monitoring the remote panel at that time. when he logs out, he logs everyone out. I used a reentrant vi hoping that this would solve the problem but it didnt.

 

I would like to do what my colleague does with Advantech without any problem. He has only 1 .exe is running on the server and whoever connects to it through webserver, just needs to log in and he has all the priviledges of an guest, operator, admin, etc.. with access to controls and features accordingly. All this without interfering with the other people using the remote panels. This colleague has always been doubtful about the capabilities of labview to do SCADA systems and uptil now, I've been able to prove him wrong.. please help me continue 🙂

 

There are workarounds, using remote desktop to the server instead of webserver but it definitely is not as practical for the client and it will need quite some work to to synchronise all the exes open from the differents sessions, through the use of shared variables, binding and securities.

 

Thank you for your help.

0 Kudos
Message 1 of 10
(3,944 Views)

bump, question still open and trying to get an answer by keeping this thread on 1st page 🙂

0 Kudos
Message 2 of 10
(3,931 Views)

bump

0 Kudos
Message 3 of 10
(3,921 Views)

bump

0 Kudos
Message 4 of 10
(3,905 Views)

Woss,

Will you further explain your setup? Where is your NI security information? On every machine? When you log in from the remote panel is it a network hosted domain you're logging into?

 

I will try to replicate your setup this afternoon in order to see what you're seeing.

 

Jordan

0 Kudos
Message 5 of 10
(3,898 Views)

Thank you very much for your reply Jordan.

 

The NI security info is on the server (local domain with groups and users), and the running exes as well. The remote panel is not supposed to be accessed by internet, at least not yet, but just by the computers on the network and thinkline computers who are directly connected to the servers. the remote panel is accessed through the simple url: http://serverip/Application.html

 

There is no problem with accessing the remote panel of the exes on the server from another computer on the network. But there are several security issues when logging in and out with the NI Security Programmatic Login and logout VIs through the remote panel..

 

The 1st problem occurs when several people access the remote panel at the same time. In my setup, everyone is allowed to check what's happening on the front panel of the running exe, go through the tabs, check the graphs, the tables, etc.. , but only the administrators and the operators can send commands to the machines and the production line through this remote panel. Hence some buttons are accessible to all users, while others are only accessible depending  on the privileges of the person logged in.

 

So like I said in the 1st post, I configured some buttons to be accessible only by the users of the admin group. When the exe runs, it's perfect, if I log in and out with an admin account, the buttons appears and disappear accordingly. But when I check the remote panel, those admin buttons are always visible, even if I am logged in as a guest or even logged out. Is it because the remote panel only needs minimum runtime engine and doesnt use the dsc runtime engine? if so, any work around?

 

Furthermore, another big problem is that if I login as an admin in one remote panel, then login as an guest in another remote panel, and then logout back from the first remote panel, it says: "User Domain/Guest logged out". Hence, my second login logged out my first user. I can actually see the admin buttons appearing and disappearing on the exe when login as admin and guest from the different remote panels.

 

So that's it, I would like my remote panel to behave like a normal scada system, with one exe running in the back (on the server) and with all the users accessing it through web server. Several users might/will access the remote panel at the same time and each of the users have a login/password that grant some of them the privileges to take some actions while giving the others only monitoring rights.

 

 

I hope that I have been more clear in this 2nd post,

Thank you again for your time.

 

Best Regards,

Tom.

0 Kudos
Message 6 of 10
(3,895 Views)

Tom,

I have been able to replicate the same behavior you were experiencing with your .exe, however, I have been unable to get any permissions to work on the remote front panels. How did you go about this and would you be able to post screenshots of your code or your VIs? Our Web User Interface Builder is a more updated version of remote front panels and is more actively developed. Do you have the WUIB?

I do believe there is a work around regarding these security issues, though. But it might involve some heavy coding changes. You could build a headless VI by copying your current front panel and creating a Guest VI and an Admin VI. The Guest VI front panel would contain the indicators and the Admin would contain both controls and indicators. Then on the block diagrams you could replace the controls with shared variables and incorporate remote panel login coding similar to this example:

http://zone.ni.com/devzone/cda/epd/p/id/3797

 

Also, maybe you could architect your program so that admins get .exe and guests have access to a remote front panel where access is limited.

 

I realize this is quite the workaround. I will be looking into other options for you and will continue to try to replicate your setup.

 

Jordan

0 Kudos
Message 7 of 10
(3,878 Views)

I did not understand what you meant with not getting any permission to work on the remote panel so here is an exemple vi that I just put together to show you what I mean.

- the Init part just get the domain infos and the list of users.

- the login - logout part just does that: login/logout users.

- get user info gives the groups to which this user is part of.

- Finally the Admin button part is composed of 2 buttons. The first one is a control whose security is set to admin full control. It is also bound to a shared variable whose security is set to read/write granted to admins but only read to everyone else. The 2nd button is an indicator with no security but binded to the same shared variable, hence, it shows when the shared variable changes.

 

Now if you run the vi as "nobody", the admin button disapear. If you go to localhost/vi.html and login as an admin, the button reappear on the vi. If you press the button several times on the remote panel, you can see the shared variable indicator changing accordingly.

If you log out from the remote panel, the admin button disappear from the vi, but not from the remote panel. Now if you press the admin button from the front panel, the indicator doesnt change anymore. So the shared variable security is doing it's job, no problem here.

 

The problem still is that the last person to login, logs out the previous one. And I cant do 2 vis because I would then need one admin vi, another one for the supervisors, the workers, the guests and a few other special one. Furthermore, the supervisors/admins can come and log in and out from the worker's computer anytime.

It's a normal scada system so only having the possibility to have one user logged in at a time is a bit of a bummer. Does WUIB gives the possibility to have several users simultaneously? And my program is quite big, the main vi of this part of the scada system is more than 3 Mb and I dont know how big it is with all the subvis but I dont feel like redoing everything on the web ui builder. Is there a way to convert our .lvproj into web ui .lvprojx?

 

 

0 Kudos
Message 8 of 10
(3,869 Views)
Solution
Accepted by topic author Woss

I have finally found a workaround.

Just forget about control button security and shared variable security. With only 1 user at a time, those securities are useless and just get in the way.

 

The vis being reentrant, a clone is created for each remote panel and those clones are not influenced by each others, apart from bound buttons to shared variables. So what I did was to look for all the groups in the domain and create a boolean array of the same size. When a user logs in, I change the booleans of this array according to the groups this user is a member of.

 

From there, I just need to create a "mouse down?" event for the admin button and check this array to know if the user of a particular remote panel is an admin, supervisor or else. And depending on that, I change the corresponding shared variable or discard it. It will need a bit more work but I feel Im on the good track.

 

However, it is really unfortunate that I didnt succeed to use the security module the way it is supposed to. I still dont know if I did smt wrong or if this feature is not implemented yet but if it isnt, it really should be. It is a basic function that other competitors programming with advantech, siemens, etc.. uses all the time.

 

I am posting the vi using this last method to better explain what I meant in this post.

Thank you for your time.

0 Kudos
Message 9 of 10
(3,865 Views)

This guy made an easy solution at http://www.juliano.com.br/dsc/

0 Kudos
Message 10 of 10
(3,633 Views)