1.6.7   Web Server Security

You must use IIS (Microsoft's Internet Information Server).   WebAccess uses ASP (Active Server Pages) that is only supported by Microsoft Web Servers.   Windows Security affects connection to the Project Node.  WebAccess Security controls access to the SCADA node.

WebAccess supports the following security features in a web site:

·  Anonymous Access - the least secure.  Only use Anonymous Access if you have a large number of Clients.

·   Windows Integrated Security - A user name and password required to connect to the web server (project node) to find the address of the SCADA node and download ASP pages.

·   Firewalls - Three (3) TCP ports are required. Typically port 80 is already open, this is the port for HTTP (web and ASP pages). WebAccess needs two additional ports for file transfer (Primary port, default 4592) and real-time data (Secondary Port, default 14592). See 1.6.1 Firewalls from more information

·  Port Mapping and Network Address Translation (NAT).  Port Mapping allows multiple Private IP addresses of a corporate intranet to use a single public IP address. The same three WebAccess ports described for a firewall must be mapped in NAT also.

·  VPN (Virtual Private Networks) - constructs a private network that "tunnels" through the Internet or other network (the most secure). VPNs are not recommended because of the slow speed of response for Clients.

·         Secure Sockets Layer - Server side certificates and Client side certificates.

·         Only the Project Node is a Web Sever.  SCADA nodes do not need to be Web Servers. 

For more information about determining if IIS is installed on your computer or How to install IIS (Internet Information Server), please see the Troubleshooting Section of this Manual:

Is IIS installed on your computer?

How to install IIS.