Secure Remote Panels?

Similar Messages

• Remote panel and selective control access through Security with DSC

  Hi Everyone,
  I looked around to see what labview had to offer concerning security of remote panel and all the solutions I've found only propose full access to a remote panel, or none. The login page is not an option for me as everyone on the intranet can access the remote panel for monitoring but not everyone can have control to the buttons on it.
  With the DSC module, I can give securities to the different controls and it works great with the exe, if I log in or out, the controls appears or disapears. Unfortunately, with remote panels, those controls are always visibles. Furthermore, when I log in from a remote panel, all the other remote panels get logged in with the same username and priviledges. When I log out, same thing, it logs out all the other remote panels. So the last guy who logs in gives its priviledges to every one else who is monitoring the remote panel at that time. when he logs out, he logs everyone out. I used a reentrant vi hoping that this would solve the problem but it didnt.
  I would like to do what my colleague does with Advantech without any problem. He has only 1 .exe is running on the server and whoever connects to it through webserver, just needs to log in and he has all the priviledges of an guest, operator, admin, etc.. with access to controls and features accordingly. All this without interfering with the other people using the remote panels. This colleague has always been doubtful about the capabilities of labview to do SCADA systems and uptil now, I've been able to prove him wrong.. please help me continue
  There are workarounds, using remote desktop to the server instead of webserver but it definitely is not as practical for the client and it will need quite some work to to synchronise all the exes open from the differents sessions, through the use of shared variables, binding and securities.
  Thank you for your help.
  Solved!
  Go to Solution.

  Thank you very much for your reply Jordan.
  The NI security info is on the server (local domain with groups and users), and the running exes as well. The remote panel is not supposed to be accessed by internet, at least not yet, but just by the computers on the network and thinkline computers who are directly connected to the servers. the remote panel is accessed through the simple url: http://serverip/Application.html
  There is no problem with accessing the remote panel of the exes on the server from another computer on the network. But there are several security issues when logging in and out with the NI Security Programmatic Login and logout VIs through the remote panel..
  The 1st problem occurs when several people access the remote panel at the same time. In my setup, everyone is allowed to check what's happening on the front panel of the running exe, go through the tabs, check the graphs, the tables, etc.. , but only the administrators and the operators can send commands to the machines and the production line through this remote panel. Hence some buttons are accessible to all users, while others are only accessible depending  on the privileges of the person logged in.
  So like I said in the 1st post, I configured some buttons to be accessible only by the users of the admin group. When the exe runs, it's perfect, if I log in and out with an admin account, the buttons appears and disappear accordingly. But when I check the remote panel, those admin buttons are always visible, even if I am logged in as a guest or even logged out. Is it because the remote panel only needs minimum runtime engine and doesnt use the dsc runtime engine? if so, any work around?
  Furthermore, another big problem is that if I login as an admin in one remote panel, then login as an guest in another remote panel, and then logout back from the first remote panel, it says: "User Domain/Guest logged out". Hence, my second login logged out my first user. I can actually see the admin buttons appearing and disappearing on the exe when login as admin and guest from the different remote panels.
  So that's it, I would like my remote panel to behave like a normal scada system, with one exe running in the back (on the server) and with all the users accessing it through web server. Several users might/will access the remote panel at the same time and each of the users have a login/password that grant some of them the privileges to take some actions while giving the others only monitoring rights.
  I hope that I have been more clear in this 2nd post,
  Thank you again for your time.
  Best Regards,
  Tom.

• Problem using Implementing Remote Panel Security with a Login Example Guide

  I'm having issues implementing a Remote Panel protected by username and password using this NI guide:
  Implementing Remote Panel Security with a Login Example
  Remotepanellogin.zip
  After login process using Login.vi, if the user has the right password, his IP will be included in the Webserver allowed access list and the user can open the web site which hosts the Main.vi. Ok.
  But if the user doesn't have the password, his IP will be denied!
  Here is the problem: Will his IP be denied at all including Login.vi? 
  I can't block access to Login.vi because even if the user entered a wrong password, he can still try login again....
  How can I configure a type of Allowed and Denied table using Webserver properties? For example:
  IP: 10.0.0.2 - Login.vi (allowed) - Main.vi (allowed) -> User entered a right password
  IP: 10.0.0.3 - Login.vi (allowed) - Main.vi (denied) -> User entered a wrong password
  Note: Login.vi must be visible and accessible always.
  These are the Implementing Remote Panel Security with a Login Example instructions:
  After you configure the VIs with the Web Publishing Tool, browse to the Remote Panel Login VI and run it. When this VI runs, LabVIEW gives remote panel access to all users, but they can view and control only this VI.
  If a user successfully logs in by supplying the Username of NI and password of labview (both are case sensitive) then LabVIEW gives remote panel access to the IP address specified in the Remote Panel Login VI only. That user can then browse to and run the Main VI.
  Thanks in advance!
  APrado
  Message Edited by APrado on 04-01-2009 08:21 AM

  I'm thinking about using the option Reentrant Execution (VI property > Category > Execution).
  Could anyone help me?
  Thanks.

• Workaround for Sophos anti-virus blocking remote panel

  Hello, I was hoping if anyone had some suggestions regarding working around an antivirus.
  I'm trying to have a PC act as a web server for some Labview embedded remote panels. Unfortunately whenever I tried to load it in browser on both the local host and other computers connected to the network (even very simple test VIs), I get the 0% downloaded problem people have had in the past. Since I have admin privileges on the host computer I have discovered that by disabling the antivirus (Sophos Endpoint Security and Control, ver. 10.2) completely fixed the problem for that machine.
  My problem is that I intend for students to use the VIs and they do not have the access rights to disable Sophos so they too will be able to use the panel. Faculty IT are unwilling to modify the antivirus for the computer lab PCs so it is down to what I can do on the server PC to fix this problem.
  Does anyone have any suggestions to work around it? I've tried a couple of different ports for the web server (8000 & 5000) with no luck. Snapshots come through fine, it is only the embedded ones that get blocked.
  Any help would be appreciated.
  Specs:
  Labview 2011 with Run-Time Engine 6.1
  Windows 7 (64 bit)
  Anti virus: Sophos Endpoint Security and Control, ver. 10.2. On-access scanning is causing the issue.

  I guess you have to ask IT which ports you can use, e.g. 8080, from the top of my mind.
  /Y
  LabVIEW 8.2 - 2014
  "Only dead fish swim downstream" - "My life for Kudos!" - "Dumb people repeat old mistakes - smart ones create new ones."
  G# - Free award winning reference based OOP for LV

• Streaming Video in Remote Panel

  Desired Functionality:  Our laboratory uses LabVIEW 2011 to make science instrumentation such as digital microscopes, spectrometers, etc., available to college students to do remote laboratory assignments.  We need to be able to choose a live video stream from a number of cameras and display it on a VI front panel that is being served up by the LabVIEW web server.  We also need allow the users to pan/tilt or zoom the camera using the VI.  The purpose of this video stream is to allow remote users of the VI to see what is going on in the laboratory in real time.  The video must have low latency and be reasonably high resolution so there is no lag in viewing what is happening as the users control instruments and equipment in the laboratory.
  Current Solution:  We use a DataVideo SE-800 video switcher to take in the feeds from up to 4 Sony EVI-D70 cameras.  The switcher can be controlled through LabVIEW in order to allow selection of one of the video feeds.  The selected video is sent to a MOXA V-Port 461 streaming appliance.  When the VI is loaded in a browser by a user, a piece of code placed in the html file uses JAVA to layer the video stream from the MOXA over top of the front panel.  A cartoon showing this physical connectivity is attached as “Current Connectivity.pdf”  The limitations of this are that JAVA introduces some additional complexity and also is a potential security risk.
  Desired Solution:  We would like to display the live video feed directly in the Remote Panel, without having to layer it with an external application.  The use of the video switcher and video streamer are not requirements, although it is nice to pull the video from an IP address and it gives us more control over the quality and frame rate of the video stream using the MOXA.  Also, the Sony camera model we are currently using is not a requirement – any pan/tilt/zoom controllable camera will do just as well, but must be high resolution, as these cameras are.  So, if there was a way to connect 1 to 4 cameras directly to the LabVIEW server and select a video feed from any one of them to display in the front panel of the VI, that would be fine.
  Attachments:
  Current Connectivity.pdf ‏63 KB

  Hi danbranan,
  Have you attempted to write any code in LabVIEW for this yet? I've included a couple of links below that might help. One is a forum thread talking about how to stream video in a remote panel. The second is an overview of Remote Panels. Using Remote Panel may not be fast enough to get the quality that you want due to throughput limitations of Remote Panels.
  How to streaming video in remote panel:
  http://forums.ni.com/t5/LabVIEW/How-to-streaming-video-in-remote-panel/td-p/758512
  Remote Panels in LabVIEW:
  http://www.ni.com/white-paper/4791/en
  Hope this helps!
  Robert B
  Applications Engineer
  National Instruments

• FieldPoint WEB Remote Panel Tab Control

  Using a TAB control on Fieldpoint (FP 2000) and Labview 7.1
  I wanted to implement a password feature mainly for the Web browser
  remote panel feature for my Filedpoint application, as suggested in "Developing Remote Front Panel LabVIEW Applications"
  http://zone.ni.com/devzone/conceptd.nsf/2d17d611efb58b22862567a9006ffe76/e789515b9976253786256b1f007e039b?OpenDocument#5
  (see bottom of the page)
  "Alternatively, you can program security into the VI itself. For
  example, you can require a user to log in when the VI first runs, and
  disable all other aspects of the VI until you verify the login. To do
  so, place a login field on one page of a tab control, the other
  controls on subsequent pages, and enable the other pages after the user
  successfully logs in.
  I find that I can "Hide tabs" using the "Page Selector Visible" feature
  if the Remote panel is hosted by Labview in Development Mode but this
  feature does function with the Web remote panel mode. In fact you can
  use the Tab Control normally from the Web remote panel.
  I find that I can disable a specific tab if the Remote panel is hosted by Labview in Development Mode but this feature is ignored by the Web remote panel mode.
  Thus: -
    Do you know of any limitations (a list would be usefull, if there are specific limitations)?
    If its a limitation, is it of FieldPoint or the Web remote panel or the Runtime Engine installed in the Browser or ...?
    Do you know of a better way of getting a password feature.
      ( I am aware of IP security available - the IP
  addresses are DHCP supplied - " 'Doh' says Homer Simpson", the P.C's
  will change as well)
  I lookforward to any insights..., wisdom or experiences you may have had

  This discussion covers some restrictions placed by LabVIEW-RT:
  http://forums.ni.com/ni/board/message?board.id=170&message.id=133674#M133674
  Regards,
  -Khalid

• Some users get forbidden error when trying to connect to remote panel

  I have an application that is running LV 8.2.1 and using DSC.  The application can be viewed and controlled through a remote panel.  The issue is that certain people cannot access the webpage, even though I have not restricted it.
  I have traced it down to one subnet in our factory that cannot view the panel (the panel can only be viewed internally to the company).  I can set up anyone else in the building on different subnets, and they can view it perfectly, but this one subnet cannot get access.  My IT department says that there is no special firewall or security settings on any of the subnets, and that they are all the same, just have the subnets set up to better know what part of the building the user is in (ie subnet 27 is purchasing, 28 is engineering, etc).
  I have tried rebooting the computer, unplugging the ethernet cable and replugging it back in while restarting (NI said that should clear any blocked ip address from the remote server).
  Has anyone else had a similar issue??
  Kenny

  Hi Kenny,
  This is an interesting problem.  Could you try running a different VI on the malfunctioning subnet just to make sure that there isn't something odd in your code that is causing this?  I would be interested to know if you can get anything at all to function on that particular subnet.  Also, are you guys using Windows XP across the board?
  Stephen S.
  National Instruments
  1 Test is worth 1000 expert opinions

• Remote Panel launching applications

  When you have a remote panel connection and do something like "Export Data to Excel" on a table - which computer launches the application - server or client?
  I suppose I could test it out, but I don't have a second computer handy right now.
  Edit: A secondary question is:  which computer is actually running the VI, and using its resoruces (processor / ram)?  Also, if the server computer has access to network shares that the client computer doesn't, can the client access those files through remote panel?  ... etc.
  Edit2: Found that in the documentation. It is being run on the server, which likely means it can access the server's network shares as well.

  Hello,
  The Client opens the front panel on the Server. When you open a front panel remotely from a client, the Web Server sends the front panel to the client, but the block diagram and all the subVIs remain on the server computer, thus the Server would launch the application. If you grant access to the Server, you would have to institute specific security measures (such as passwords) to prevent the client from accessing the excel sheet.
  Here are two helpful articles that detail the server/client relationship more thoroughly.
  http://www.ni.com/white-paper/4431/en/
  http://www.ni.com/white-paper/4433/en/
  Warm Regards,
  Josh

• Remote Panel and Internet Explorer

  Hello. I have a problem with a Remote Panel and Internet Explorer. I create a measurement system in LabVIEW. It�s composed of a main front panel and a few subVIs with independent front panels opened from main Front Panel when I press appropriate button. As a local system everything works ok but I try to create a web version of this system. I decide that I can use a Remote Panel. In Web Publishing Tool I was creating a web page for each of Front Panel. I try to have the same functionality as in local system, so when in Front Panel (opened in Internet Explorer window) I press appropriate button I want to open secondary Internet Explorer window with a subVI inside. And now I�m stuck because I can�t open this secondary window in a network w
  orkstation. Has anyone have an idea how can I do it?

  > Hello. I have a problem with a Remote Panel and Internet Explorer. I
  > create a measurement system in LabVIEW. It?s composed of a main front
  > panel and a few subVIs with independent front panels opened from main
  > Front Panel when I press appropriate button.
  I think you have two options. You can open most modal subVI panels
  directly on a remote machine. The popup panels won't be in a web page,
  but it will work with few changes.
  A second approach would be to change the app slightly. The buttons that
  launch the subVIs will turn into URL links. The links will open a web
  page with a different embedded panel.
  Greg McKaskle

• Open url in a remote panel

  HI.
  I want to put a button that launch a webpage. I works fine locally, when I click OK button, a  new internet window browser is open with the URL.
  But if I take the control in other PC client (using Web Publishing Tool) and I click OK button a internte window browser is open in THE HOST. I want to open the new window in the Client.
  Thanks.
  I attach the VI (open_google.vi) and the HTML file created by WPT (test.txt)
  Raymundo Cassani
  Attachments:
  open_google.vi ‏11 KB
  test.txt ‏2 KB

  Hello,
  When you view or control a VI using Remote Panels that VI is executing on the host side. The VI will not be able to interact with the operating system on a remote panel client. This means that it will not be possible to use this approach to open a browser window on the client side.
  You could take another approach- at least the way I would do it is thusly:
  Instead of putting the button that launches the page in the VI you could put it in the html file that the remote panel is hosted in.
  Using javascript you could pop up a new browser window with the URL you need.
  If you need to control what URL is viewed from within the VI you could make the button point to a URL that will be handled by your VI that can redirect to the URL you need. This would be easy to do in 8.6 as you could simply export the VI as a web service. Pre-8.6 you would either have to use the G web server or build a minimal web server yourself (this would be easier than it sounds since the server would have to do nothing but redirect).
  I should add that this approach would require some knowledge of HTTP/HTML/JavaScript.
  Let me know how it goes.
  Nathan
  Message Edited by NathanK on 10-15-2008 11:07 AM

• Remote Panel not working in Windows 7 Starter

  Hi all,
  We have an application that can be controlled via remote panel. This is working fine in Windows XP PC. But when I try to access the same by opening Internet Explorer in a PC running Windows 7 Starter OS, I only get the 'Downloading 0.00% of 0 bytes'. I have disabled the Windows Firewall and there is no antivirus software also. What could be the reason for this? How could I solve this?
  Thanks in advance,
  Priyadarsini
  Solved!
  Go to Solution.

  The system which had the problem was a netbook that came with Windows 7 Starter. We found out recently that there was some parental controls utility in the netbook that prevented the LabVIEW Remote Panel access. We were not aware of its presence & it had not shown any indication that it had blocked Remote Panel communication. We uninstalled this utility & the Remote Panel started working as intended. Thanks again for your help.

• Invalid server IP address for Remote Panels under LV 8.0.1

  The other messages for troubleshooting the "invalid server IP address" were very helpful with getting my EXE to operate as a remote panel.  But there is still one issue that I cannot resolve that seems to be caused by the 8.0.1 upgrade.
  The remote panel work perfectly using IE6 on a computer that has the LV 8.0.1 FDS or PDS installed.  When I use a computer that has LV 7.1 or no LV at all, the invalid server IP address appears inside the border of where the VI should appear on the HTML page.  The connection to the remote computer is correct, the HTML file is delivered by the web server in LV, but the panel part of the page returns the error. 
  Does the part of the HTML that loads the Run Time Engine need to be updated for 8.0.1?  Will the LV 8.0 RTE work for a remote panel on an EXE compiled for LV 8.0.1?
  The code is:
  var obj = '<OBJECT ID="LabVIEWControl" CLASSID="CLSID:A40B0AD4-B50E-4E58-8A1D-8544233807AD" WIDTH=1216 HEIGHT=915 CODEBASE="ftp://ftp.ni.com/support/labview/runtime/windows/8.0';
  if (lng.indexOf("fr") != -1) { obj = obj + '/French'; }
  else if (lng.indexOf("de") != -1) { obj = obj + '/German'; }
  else if (lng.indexOf("ja") != -1) { obj = obj + '/Japanese'; }
  obj = obj + '/LVRunTimeEng.exe">';
  Michael Munroe, ABCDEF
  Certified LabVIEW Developer, MCP
  Find and fix bad VI Properties with Property Inspector

  Thanks for the suggestion, Tunde.  After further experimentation, it seems that 8.0.1 was not the problem.  I worked perfectly when I removed the <parameter server=...  > line that I added manually.
  Michael Munroe, ABCDEF
  Certified LabVIEW Developer, MCP
  Find and fix bad VI Properties with Property Inspector

• Can multiple PCs access one remote panel at the same time?

  I've written a program in labview 7.1 to monitor/control a labview application running in the test cell through Remote Panel. I and my coworker can remotely monitor and/or control this labview application individually. But if my coworker has the remote panel displayed on his PC and I try to get the remote panel on my PC, I get a labview error (63) as below:
  "LabVIEW:  Serial port receive buffer overflow.
  LabVIEW:  The network connection was refused by the server."
  My question is: Can multiple PCs access one remote panel at the same time?
  Thanks in advance!
  Y

  Sorry I wasn't clear. The remote panel license is separate from the number of LabVIEW development licenses. Pricing information on remote panel licenses can be found here.

• How can I disable messages generated by Remote Panel?

  I created an application (EXE) to server its panel to other network clients.
  I used the Tools > Web Publishing Tool to generate a HTML code to create two different web pages to access this application using Web server:
  - Embedded (for some users who need visualize the panel in real time).
  - Monitor (to display panel snapshots to users updated every 1 second).
  I don't need anyone controlling the remote panel, so I used this option:
  Tools > Options > Web Server: Browser Access and checked Allow Viewing (not controlling) for every client connected.
  Ok, both are working fine. But it a user try to Request control of VI on the Embedded page (right click in the remote panel), the application running in the server displays a message: Denied control request from XXX: Check permissions.
  The embedded page stills working fine, but in the Monitor page that message appears in a box (see attached picture below)..
  Is there a way to disable all messages in the remote panel? I realized that I need to access the computer where the application EXE is running to close the message.
  I'm thinking in two solutions:
  - Unable the right click menu in the embedded page to avoid clients request control of the remote panel.
  - Run a code in the application to erase messages generated.
  Has anyone an idea how to solve this?
  Thanks in advance,
  Klein
  Message Edited by Klein on 08-06-2008 12:54 PM
  Attachments:
  Remote Panel message.jpg ‏10 KB

  Hi Dpcamargo,
  I'm already using monitor with a delay of 1 second and this doesn't seems real time like remote panel visualization.
  But you sent me a good tip: use java code to cancel right clicks at all....
  I will try this solution. 
  Hey, we are both brazilians! So, thank you so much, Dpcamargo.

• Blink while alarm on using shared variables with remote panel

  I am creating an application where I have front panel indicators data bound to shared variables.  I also set it up to have them blink when the alarm is on.  I am using the DSC module.
  This works great under the development environment.  But when I connect using the remote panel, I can no longer see the blinking indicator if there is an alarm.  I can see the blinking indicator on the machine that is running the program, but no on any of the remote panels (I have no problems connecting to the remote panel and controlling the program).
  I have the remote panel set as embedded, since I want the user to be able to change some settings over the network.
  I am sure I am missing something simple, any ideas??
  thanks
  Kenny

  I have been using IE6 and Firefox, and I have found that the blinking does show up, if you refresh the page.  And then if the alarm stops and the blinking stops, you will not notice it until you refresh again.
  Kenny