A security concept made to order

A security concept made to order

The separation of WinCC servers and web servers already ensures greater security and availability, and this can be even further enhanced by means of independent web servers on two independent SCADA clients. The operator stations on the web are included in the user administration of the plant on-site. Different authorization levels govern who has which access rights.The operator can either just view the plant (view only) or partially/ fully operate it, depending on the configuration of his access rights. Every login and logout can be traced by means of a system alarm. An optional logout after a configurable period of time is another security feature in addition to the option of disabling certain key combinations, and this allows the use of WinCC/Web- Navigator even where FDA requirements must be met. Furthermore, the WebNavigator supports all of the standard security mechanism that can be used for applications on the Internet such as routers, firewalls, proxy servers, SSL encryption and VPN technologies.

Thin-Client solutions

Via thin client solutions with MS Terminal Services, simple PCs under a Windows operating system (e.g. Windows 9x/ME), rugged on-site devices (e.g. SIMATIC Thin Client) and mobile clients (PDA – Personal Digital Assistant) under Windows CE can also be connected. Such solutions have few hardware requirements, because the clients only provide the screen display, while the application itself, i.e. the WebNavigator client, runs on the terminal server under Windows. Up to 25 thin clients can be connected to one terminal server.In contrast to typical WebNavigator installations, the thin clients are generally located on the same LAN as the server. Access via WAN, RAS and even via the intranet/Internet are, however, also permitted. Mobile devices can be connected via various media, such as mobile radio links or wireless LAN.

Fig. Thin-Clients on the Terminal Server

Server farms with load balancing

If a great many web operator stations are needed at the same time, server farms can be configured with several web servers. This requires a Load Balancing license for the participating web servers. With Load Balancing, a compensation of the load is possible by means of which newly connected web clients are automatically assigned to the web server with the currently lowest load. The web servers all have access to one and the same WinCC project and each can have up to 50 web clients assigned. In all, there can be several hundred operator stations on the web. If the assigned web server fails, the clients attempt to connect to another web server in the server farm

Fig. Load-Balancing with several web servers

Licenses as required

The WebNavigator client software can be installed as many times as required without the need for a license. A corresponding (server-based) license is required in order to use the WebNavigator server. Licenses are available for simultaneous access to the web server by 3, 10, 25, or 50 clients.
PowerPacks are available for upgrading the number of simultaneously active clients.

In addition, the diagnostics clients licensing is ideal for system integrators who are responsible for maintenance and service of widely distributed plants. WinCC/WebNavigator diagnostics clients have, regardless of the number of current accesses, guaranteed access to all web servers with the WinCC/WebNavigator license or the cost-effective WinCC/WebNavigator diagnostics server license.