Initial Configuration

Access Configuration

Once the Web Vision module has been instantiated, the first step is to assign permissions to the roles previously created in the Roles section of WebUI.

The following options are available for each user:

• Enabled: When set to true, the user is enabled.
• Time zone: User time zone, which is applied to all timestamps shown in the graphical interface. Choose from 4 options:
  • UTC (default): All timestamps are shown in UTC.
  • User: The time zone is automatically obtained from the system running the web browser. 
  • Server: The time zone is automatically obtained from the system running Web Vision.
  • Custom: Select a specific time zone.
• Permissions: Sets the access level for different parts of the module:
  • Designer: Sets permissions for accessing the designer:
    • None: User cannot access the designer.
    • View: User can view the configuration.
    • Edit: User can modify and save configurations.
  • Viewer: Sets permissions for accessing the HMI/SCADA application:
    • Read: User can access and navigate through the application.
    • Write: User can modify tag values and send commands from the HMI.
  • Tag access:
    Note:

    This feature is available from N3uron version 1.21.5.
    • TagFilterPath: Tag filter path access is used to select which tags from the tag model will be available to visualize for the corresponding role. 
      Note:

      It is mandatory to add a filter even when the whole model is going to be published.
      Multiple filters can be applied to the tags: 
      • Mode: Select whether the filter must include or exclude tags.  
      • Path: Specifies the path of the tag or group of tags to be filtered. 
      • Regex pattern: This is a regular expression to filter the tags that will be included. By default, it is set to .*, which means that no filter is applied. Readers can find further information about regular expressions at RegExr.
        • Example: If the RegEx pattern is ALARM|WARNING only tags containing ALARM or WARNING in its tag path will be included in the exported file.
          

Module Configuration

The next step is to configure the main Web Vision options:

• Session timeout (seconds): Time of inactivity or offline status that needs to elapse before considering the session concluded.
  • Inactivity: User sessions will expire after this period of inactivity. A value of “0” disables the inactivity check so that the session will never be closed due to inactivity.
  • Offline: When the connection between the Web Vision server and the web browser is interrupted, the session data will be retained in the memory for reconnection. Session data is erased after the Session timeout period elapses. “0“ sets a default timeout of 12 hours to avoid memory leaks.

• Config lock timeout (seconds): Time the user can maintain a configuration locked without making modifications. This lock is automatically released when the user's session expires.
• Title: The name displayed in the web browser tab for project identification.
• Default expanded levels: Specifies the depth of expanded levels for tag picker controls when opened for the first time.
• Global font: Default font applied to visual components.
• Maximum execution time: Maximum execution time for expressions and functions before the executing script is automatically stopped to avoid infinite loops. This value is expressed in milliseconds.
• Server:
  • Mode: Web Vision supports traditional non-secure HTTP connections and secure HTTPS connections.
  • Network interface: Specifies the interface through which the module will be accessible via HTTP. All interfaces are configured by default (0.0.0.0). The option to browse and discover a network interface is also available by clicking on the button to the right.   

    
    
    

  • HTTP: Select the port and network interfaces accepting connections.
    • TCP port: Port number to open the web interface. The valid range is 1 to 65535. The default value is 8004.
      Note:

      Please make sure the port is not used by any other application running on the same machine.
  • HTTPS: Select the port and network interfaces accepting connections. Users can set which hosts should be included in the digital certificate and download the digital certificate for installation on the web browser to avoid the security warning.
    • TCP port: HTTPS port number to open the web interface. The valid range is 1 to 65535. The default value is 8444.
      Note:

      Please make sure the port is not used by any other application in the same machine.
    • Network interface: Specifies the interface through which the module will be accessible via HTTPS. All interfaces are configured by default (0.0.0.0). The option to browse and discover a network interface is also available by clicking on the button to the right.   

      
      

    • Certificate type: Selects the server HTTPS certificate:
      • Self signed: The server will create and sign a certificate automatically using an internal certification authority that can be downloaded below. This certification authority is valid for all the module instances and must be imported in each system/web client that will access the module via HTTPS. This certificate can be downloaded by clicking on the ellipsis button of the right side of the Self signed certificate field, as shown below: 

        
        

      • Embedded: Users are required to provide both the key and certificate files.
        
        Note:

        This feature is available from N3uron version 1.21.7.
        
        The key for the embedded certificate files will be secure and cannot be downloaded.

      • File path: The user is required to specify the paths for both the key and certificate files, relative to the module data/<instance name>/cert folder. Additionally, specify the certificate reload interval in seconds if changes to the files are detected. Set this field to 0 to disable.
    • Self signed certificate: The user can choose either to download the certificate or copy the certificate link to the clipboard.

      
      

      • Certificate hosts: Comma-separated host list (domains/host names and/or IPs) that will be included in the autogenerated SSL certificate. It is important to include all the hosts where the module will be accessed so the web client doesn't throw any errors. Hosts 127.0.0.1, localhost and system hostname will be automatically added to the certificate.
• Login:
  • Logo: The selected logo will be displayed in the login view. If no logo is chosen, a default one will be loaded.
  • Text: A text shown at the bottom of the logo. You can add linefeed with <\r><\n>.

Installing the digital certificate on your browser

When accessing Web Vision using HTTPS, the web browser may display a security warning to notify users that the digital certificate is not recognized as valid. In order to avoid this message, the digital certificate can be imported and installed on the client's machine.

1. Include the certified hosts (all urls, domains, and IP addresses used to access Web Vision from other systems). Localhost and 127.0.0.1 are included by default.
2. Save the new settings by selecting “restart the module” when prompted.
3. Export the certificate by clicking the button to the right of the HTTPS entry on the configuration settings tree.
4. Install the certificate in the web browser to the Trusted Root Certification Authorities group. More information available in the appendix.

Web Vision Full Product Details