Internet Realms

The word"realm" in VTScada has two meanings:

  • It is a name given to configuration options that include the connection protocol (HTTP) and port (usually 80). Without a realm there will be no port for Internet communications.
  • It is a security grouping.

This chapter refers to realms that identify an application on a VTScada Internet Server. Realms are required and used by:

  • VTScada Thin Client Server operations including VIC and Mobile Internet Client connections.
  • ODBC Interface to VTScada History
  • Web services via the REST interface
  • Realm-Area Filtering

Do not name any realm, "Rest" or "SQLQuery". Doing so will interfere with remote access to VTScada data.

Any number of realms can be created, and any application can be placed into one or more realms. Each realm can contain only one application.

When connecting to an application, the name of the realm is included as part of the connection URLClosed Uniform Resource Locator. The address of a web page..

Ports

The default port number is 80, the standard Hypertext Transfer Protocol (HTTP) port. If you are using Transport Layer Security (TLS), you must first have obtained an X590 certificate (see X.509 Certificates), and installed it. Supply the TLS standard port number of 443, in this case, and look at the "Secure" check box. If this check box is disabled, you need to supply the host + domain name for the certificate in VTScada's Setup.ini configuration file (located in the installation directory). Add the following line to the [SYSTEM] section:

SSLCertName = <host+domain>

where <host+domain> is the host and domain name you specified when obtaining an X.509-compliant certificate. (Do not include the angle brackets.) This must exactly match the "CN=" field of your certificate. After modifying the Setup.ini configuration file, you must stop and restart VTScada for your change to take effect.

If connecting from a public network (e.g. the Internet), you will likely have to traverse firewalls and other security mechanisms. Configuring a realm or VTScada Thin Client Server to operate on other than the standard ports (port 80 for plain text HTTP, or port 443 for secured HTTPS), will likely require special configuration of such interposing security mechanisms. It is therefore advisable to operate on the standard ports whenever possible.

 

Note that there is no requirement that the port(s) used by your realms match those used in the server tab. The port on the realm is used to configure the address to which the client will connect to authenticate. After successful authentication, an XML packet will be passed back to the client, which will include the list of servers as configured on the servers tab. The client will use that list to connect to a server.

Security Realm Sign-ins with Thin Client Realms

If you are using security realms (groups) and realm-area filtering, then you must create a thin client realm having the same name as each security realm. Operators who would normally logon using their group name, account name, and password will instead open a URL having a realm that matches the group name and sign in using just their account name and password. They will not be allowed to connect to any other realm.

Super users, who are not members of any security realm, will not be able to sign in over the Internet unless the application property RootNamespace (RootNamespace) is added and its value set to the name of a thin client realm created for the use of these accounts.