Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84546members
353802posts

Auto-logon to remote ClearSCADA Server WebX/VVX

EcoStruxure Geo SCADA Expert Forum

Find out how SCADA systems and networks, like EcoStruxure Geo SCADA Expert, help industrial organizations maintaining efficiency, processing data for smarter decision making with IoT, RTU and PLC devices.

du5tin
Lieutenant
Lieutenant
0 Likes
3
1194

Auto-logon to remote ClearSCADA Server WebX/VVX

Hi,

 

We have several clients that are using a distributed ClearSCADA architecture. Larger remote facilities have local ClearSCADA HMIs and then they have a large central ClearSCADA system for small remote wells and little sites that have remote monitoring. Everything is provided to users via WebX (and in the future VVX). Operators and users of the system start at the large central ClearSCADA system and logon. From here the user can navigate to the remote ClearSCADA systems using a vbscript that opens an Internet Explorer window (only way we could 'open a new tab') and then they have to log in again.

 

Is there a way to pass that user's credentials over to the remote ClearSCADA system from the Central one so when they navigate the user is not prompted to log in again? 

 

Thanks, 

-D

 

 

3 Replies 3
BevanWeiss
Spock
Spock
0 Likes
2
1184

Re: Auto-logon to remote ClearSCADA Server WebX/VVX

Not in a secure manner, no. (and hence it's unlikely any such way would be supported).

 

The recommendation here would be to use VVX, or ViewX itself, and configure the appropriate connections.

Then when the user logs in for the first time, they would log into all the systems (securely).

 

Another way is horribly hacky, and from a cyber security perspective you should ABSOLUTELY NOT CONSIDER THIS.

Which is to use a landing page, which is accessible to Everyone.  That page would prompt for user credential via a VBscript form, and would cache them somewhere... you would then call the ViewX Logon method and supply the username/password that you just cached.  The cached passwords would be stored IN THE CLEAR and in no way encrypted or otherwise protected, they would be trivially accessible to anyone with any technical knowledge and the likelihood of them being inadvertently released externally is astronomical.


Lead Control Systems Engineer for Alliance Automation (VIC).
All opinions are my own and do not represent the opinions or policies of my employer, or of my cat..
du5tin
Lieutenant
Lieutenant
0 Likes
1
1164

Re: Auto-logon to remote ClearSCADA Server WebX/VVX

Thanks Bevan. This makes sense. VVX with multiple connections would be okay... but one customer has 40+ remote HMIs (GeoSCADA) over higher latency cell connections and not all operators in all areas should have access to all remote HMI systems. Running it all through one or more central VVX server(s) would be cumbersome. Needs more research.

 

One thought I had was using mimic_load on the remote system to "auto-logon" the operator. Those systems often use generic passwords instead. The user would go to the Central host first, logon with the username/domain password to be fully authenticated there. If they are logged on (username <> guest) then on navigate to the remote system we can send them to read-only, non-browsable mimic with a mimic_load subroutine that logs them into the remote system with generic credentials (operator/operator). This still is not a great solution though, probably worse than what you have described. 

 

If there was a way we could store and pass the username and some hash of the password of the remote system centraller and have the remote WebX system pick it up on navigation, accept the user name and decoded hashed password that maybe has potential too? At least then the password is not stored or sent clear text. But... most hashes we can perform in the scripting wouldn't be hard to backwards engineer and now it starts sounding too complicated to manage easily. 

 

Maybe @sbeadle will see this thread and guide me to the right path.  

AdamWoodland
Commander Commander
Commander
0 Likes
0
1155

Re: Auto-logon to remote ClearSCADA Server WebX/VVX

Running it all through one or more central VVX server(s) would be cumbersome

 

Also remember that ViewX runs on the VVx server so connecting from the central server over the high latency links might not be as performance happy as you might want.