I need IP addresses Of Clients but I am using Microsoft Server 2016 With remote desktops On thin clients

In ignition all of my thinclients have the same UserName and IP address. They are all the UserName and Ip address of the Microsoft SQL Server that is running the remote desktop VMs.

My problem is that I have an entire line in one project. The customer wants each station of the line to be viewable but locked out.

I have been able to use the client folder’s OSUsername to figure out which client is is active, but then I have problems with security and disabling things. I can use the OSUsername to make the client read only through scripting but I can not use the OSUsername with Security in anyway to lock or unlock screens.

Any Suggestions?

Use thin clients that directly connect to Ignition, not via remote desktop. Ignition can only know where its client is running, not where that client’s screen is being redisplayed.

That has not been an option. The thin clients use an HP version of linux. It is stripped down. I was able to load an unzipping program, install the Java JRE, and get it running, but when the customer saw it was all done with a linux command line it was deemed “Too Complicated”. They went the RDP route.

“Too Complicated” ?!? Compared to Windows? A different skill set, yes, but IMNSHO, Linux is way less complicated.

If the customer wants to shoot themselves in the foot like that, it is on them.

Not to mention that the RDP server is a single point of failure. No thanks.

Generally agree with your assessment, and your recommendation is indeed far less “complicated”. That being said, RDP is no more a single point of failure than a non-redundant gateway.

If the customer in this case is insistent on RDP then it should absolutely be set up as a server farm, so that should one server go down the clients can be reconnected to another server in the farm.

Also, my recommendation in this case would be to move towards a VDI type technology (e.g. VM Ware Horizon, Citrix, etc…) where each client has it’s own instance of virtual machine thus allowing for both a windows installation and individual IP addresses. (Note: this is far more complicated (and potentially expensive) than just using a Linux command line.)

Agreed, but why have two instead of one?

So, My problem was to have parts of the HMI program to be locked out. Since I had the ability to know which client was online, I needed to lock and unlock screens. Arguing with my customer was not a solution.

In the end I made a Giant momentary button for my screens that hid the items I wanted to disable. The background color of this button made the button “see through”
On the clients I made 2 tags,
One tag was an if statement of client OSUsernames and gave me a value for each station.
The other tag was a get.Roles to bypass the tag with security if needed.

Next I tied the tag to my giant momentary button’s visibility. I am surprised it worked, and that the components changed on each client (client scope).

When the invisible color button is “visible” it stops all events behind it. When the invisible color button is “not visible” it allows the users to push all of the buttons behind it.

This may help users but here is my expression code on the thin client tag.

if({[System]Client/User/OSUsername}="jadair",0,
if({[System]Client/User/OSUsername}="thinclient2",2,
if({[System]Client/User/OSUsername}="thinclient3",3,
if({[System]Client/User/OSUsername}="thinclient4",4,
if({[System]Client/User/OSUsername}="thinclient5",5,
if({[System]Client/User/OSUsername}="thinclient6",6,
if({[System]Client/User/OSUsername}="thinclient7",7,
if({[System]Client/User/OSUsername}="thinclient8",8,
if({[System]Client/User/OSUsername}="thinclient9",9,
0)))))))))

Here is my code for scripting the security based bypass bit

Roles=system.security.getRoles()
Name=system.security.getUsername()
event.source.parent.parent.getComponent('AccessLevel').getComponent('AccessLabel').text ='User Name: '+ Name

if "Administrator" in Roles:
	event.source.text = 'Access: Admin'
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",1)
elif "Supervisor" in Roles:
	event.source.text = 'Access: Supervisor'
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",1)
elif "Engineer" in Roles:
	event.source.text = 'Access: Engineer'
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",1)
elif "Maintenance" in Roles:
	event.source.text = 'Access: Maintenance'
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",1)
elif "Operator" in Roles:
	event.source.text = 'Access: Operator'
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",0)
else:
	system.tag.write("[client]CurrentHMIInUse/BypassDisableScreens",0)

And here is the code I threw on the button visibility.

//Client tag found in client folder it changes based on what is logged in.
//Station number allowed is the custom property on this template to set the button with.
if({[client]CurrentHMIInUse/ClientNumber}={DisableBox.StationNumberToAllow},0,
if({[client]CurrentHMIInUse/BypassDisableScreens},0,1))

And on the end note… “single point of failure” = Ignition server. The application VM and Ignition VM run on the same blade server.

1 Like