WebAccess supports the following security features in a web site:
· Anonymous Access - the least secure, but supported for large campuses or other facilities with very large numbers of users
· Windows Integrated Security - A user name and password required to connect to the web sever (project node) to find the address of the SCADA node. This requires Windows Security recognize all users, just to connect. Very secure.
· Firewalls - two TCP ports required for WebAccess. Any user- defined ports can be used.
· VPN (Virtual Private Networks) - constructs a private network that "tunnels" through the Internet or other network (the most secure).
· Secure Sockets Layer - Server side certificates and Client side certificates.
· Plug-in required to View Data. Restricted distribution of the OCX (Active-X control) will restrict who can see real-time data. The Client Plug-in is required to view real-time data. You can restrict how this is distributed.
· Only Project Node is a Web Sever. SCADA nodes do not need to be Web Servers. The SCADA nodes are the real-time data and run-time nodes. An initial connection to the web server is required only to download an ASP page and a "deploy file" that identifies the address of the SCADA node.
· WebAccess Security and Passwords. Beyond Windows Security, Web Access provides its own security. Area and Level restrict the ability to change data. User types restrict the ability to view data.
· Restricted Users. These users are limited to viewing only the graphic displays assigned to them. Both the full-animation Client and the Thin Client limit Restricted Users to assigned displays and tags. The ability to acknowledge alarms and change values can also be restricted for each user on an individual display basis.
For an overview of Security, see Security Considerations in Section 1.6.
The following sections describe WebAccess security. Windows Security is described in the section after WebAccess security features. Add User and Add a Project User are at the end of this section.