I need IP addresses Of Clients but I am using Microsoft Server 2016 With remote desktops On thin clients

JeremyAdair87 · August 27, 2020, 7:47pm

In ignition all of my thinclients have the same UserName and IP address. They are all the UserName and Ip address of the Microsoft SQL Server that is running the remote desktop VMs.

My problem is that I have an entire line in one project. The customer wants each station of the line to be viewable but locked out.

I have been able to use the client folder’s OSUsername to figure out which client is is active, but then I have problems with security and disabling things. I can use the OSUsername to make the client read only through scripting but I can not use the OSUsername with Security in anyway to lock or unlock screens.

Any Suggestions?

pturmel · August 27, 2020, 10:29pm

Use thin clients that directly connect to Ignition, not via remote desktop. Ignition can only know where its client is running, not where that client’s screen is being redisplayed.

JeremyAdair87 · August 31, 2020, 4:09pm

That has not been an option. The thin clients use an HP version of linux. It is stripped down. I was able to load an unzipping program, install the Java JRE, and get it running, but when the customer saw it was all done with a linux command line it was deemed “Too Complicated”. They went the RDP route.

pturmel · August 31, 2020, 5:03pm

“Too Complicated” ?!? Compared to Windows? A different skill set, yes, but IMNSHO, Linux is way less complicated.

If the customer wants to shoot themselves in the foot like that, it is on them.

pturmel · August 31, 2020, 5:04pm

Not to mention that the RDP server is a single point of failure. No thanks.

lrose · August 31, 2020, 5:53pm

Generally agree with your assessment, and your recommendation is indeed far less “complicated”. That being said, RDP is no more a single point of failure than a non-redundant gateway.

If the customer in this case is insistent on RDP then it should absolutely be set up as a server farm, so that should one server go down the clients can be reconnected to another server in the farm.

Also, my recommendation in this case would be to move towards a VDI type technology (e.g. VM Ware Horizon, Citrix, etc…) where each client has it’s own instance of virtual machine thus allowing for both a windows installation and individual IP addresses. (Note: this is far more complicated (and potentially expensive) than just using a Linux command line.)

pturmel · August 31, 2020, 7:55pm

Agreed, but why have two instead of one?

JeremyAdair87 · September 1, 2020, 12:17pm

So, My problem was to have parts of the HMI program to be locked out. Since I had the ability to know which client was online, I needed to lock and unlock screens. Arguing with my customer was not a solution.

In the end I made a Giant momentary button for my screens that hid the items I wanted to disable. The background color of this button made the button “see through”
On the clients I made 2 tags,
One tag was an if statement of client OSUsernames and gave me a value for each station.
The other tag was a get.Roles to bypass the tag with security if needed.

Next I tied the tag to my giant momentary button’s visibility. I am surprised it worked, and that the components changed on each client (client scope).

When the invisible color button is “visible” it stops all events behind it. When the invisible color button is “not visible” it allows the users to push all of the buttons behind it.

This may help users but here is my expression code on the thin client tag.

if({[System]Client/User/OSUsername}="jadair",0,
if({[System]Client/User/OSUsername}="thinclient2",2,
if({[System]Client/User/OSUsername}="thinclient3",3,
if({[System]Client/User/OSUsername}="thinclient4",4,
if({[System]Client/User/OSUsername}="thinclient5",5,
if({[System]Client/User/OSUsername}="thinclient6",6,
if({[System]Client/User/OSUsername}="thinclient7",7,
if({[System]Client/User/OSUsername}="thinclient8",8,
if({[System]Client/User/OSUsername}="thinclient9",9,
0)))))))))

Here is my code for scripting the security based bypass bit

Roles=system.security.getRoles()
Name=system.security.getUsername()
event.source.parent.parent.getComponent('AccessLevel').getComponent('AccessLabel').text ='User Name: '+ Name

if "Administrator" in Roles:
	event.source.text = 'Access: Admin'
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",1)
elif "Supervisor" in Roles:
	event.source.text = 'Access: Supervisor'
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",1)
elif "Engineer" in Roles:
	event.source.text = 'Access: Engineer'
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",1)
elif "Maintenance" in Roles:
	event.source.text = 'Access: Maintenance'
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",1)
elif "Operator" in Roles:
	event.source.text = 'Access: Operator'
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",0)
else:
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",0)

And here is the code I threw on the button visibility.

//Client tag found in client folder it changes based on what is logged in.
//Station number allowed is the custom property on this template to set the button with.
if({[client]CurrentHMIInUse/ClientNumber}={DisableBox.StationNumberToAllow},0,
if({[client]CurrentHMIInUse/BypassDisableScreens},0,1))

And on the end note… “single point of failure” = Ignition server. The application VM and Ignition VM run on the same blade server.

cbanzet · January 4, 2022, 5:12pm

Thanks for posting your solution to help the rest of us.