If one piece of ICONICS software is trying to get data from another piece and ICONICS security is enabled on the server side, then the client side needs to authenticate using ICONICS security. When the piece acting as a client has a GUI (such as Workbench or GraphWorX64), then it can show the login dialog and ask the user for credentials. However, when the client is a "background" process or service (such as Hyper Historian, FrameWorX, or AlarmWorX64 Server), it cannot interact with the user and ask for credentials. In these cases, it uses the credentials supplied on the Passwords tab.
The Passwords tab must be configured on the client side. For example, if you have Hyper Historian reading data from a remote AssetWorX, then you would configure the Passwords tab on the Hyper Historian machine.
You must use a username and password that will be accepted on the server side. Using the above example (Hyper Historian reading from a remote AssetWorX), the username and password must be one that is accepted by the security on the AssetWorX machine. Furthermore, the user must be granted permission to see the points or assets that Hyper Historian is trying to log. A good way to test this would be to log into the server machine (in this example, the AssetWorX machine) with that user and see if you can see the points that the client is trying to access.
If each machine is using its own FrameWorX server (the most common configuration), then you will want to configure a FWX -> FWX Service Type. In our example, Hyper Historian is getting data from its own local FrameWorX, which is connecting across the network to the FrameWorX on the AssetWorX machine to get the AssetWorX data.
For the FWX -> FWX Service Type, you can configure a Service Address. By default, it is configured with an asterisk wildcard, which means these credentials will be used any time this FrameWorX server attempts to get data from a remote FrameWorX server. However, if you wanted to use a different set of credentials for a different FrameWorX server or if you wanted to restrict the system into only sending these credentials to one remote FrameWorX server, you could put a server name or IP address in the Service Address column.
The Service Address should match the node name in the point name the client is using. In our example, if the Hyper Historian was trying to log points that started with \\MyAssetServer\ac:pointname, then you would want to use MyAssetServer in the Service Address field. Wildcards can be used for parts of the node name.
For other "Something -> FWX" service types, the Service Address is not needed because those other clients will only ever connect to one FrameWorX server at a time; with their default FrameWorX server as configured in the FrameWorX Server Location dialog. This also means that the "Something -> FWX" service types are usually only needed if your default FrameWorX server is not local. (See more about Unrestricted Servers below.)
Not all of the service types apply to ICONICS security. FWX -> OPC XML DA specifies the credentials to be used when FrameWorX connects to an OPC XML DA server, and FWX -> Camera specifies the credentials when accessing a camera. The username and password supplied in these cases must be credentials that will be accepted by the third-party OPC XML DA server or camera.
In addition to the Passwords tab, you can use the Unrestricted Servers tab of Platform Services Configuration to designate client machines whose server modules (such as AlarmWorX64 Server or Hyper Historian) are granted unrestricted access to this server. By default, the local IP addresses are entered, which means that, by default, server modules do not need to provide security credentials in order to get data from local modules. For example, Hyper Historian does not need to provide credentials in order to get data from its local FrameWorX Server, and FrameWorX Server does not need to provide credentials to get data from its local AssetWorX.
Unlike with the Passwords tab, the Unrestricted Servers tab must be configured on the server side.
In the above example, where Hyper Historian is trying to get data from a remote AssetWorX, as an alternative to configuring the Passwords tab you could go to the AssetWorX machine and configure the Unrestricted Servers tab to include the Hyper Historian machine. Hyper Historian could then get any data it wanted from the AssetWorX machine without providing any credentials.
Note that only server modules are allowed unrestricted access via this setting. Client modules, such as GraphWorX64 and Workbench, still need to authenticate. In our example, if the user were to launch GraphWorX64 on the Hyper Historian machine, he would still need to log in, in order to get the same AssetWorX data that Hyper Historian has unrestricted access to.
See Also:
Platform Services Configuration