Multiple Domains, one server

This is the first time I’ve posted. I’m building a module-tracking overview of a factory with some very basic machine status information and WIP levels. There are currently 97 devices set up, with over 74,000 tags. It’s nearly done and I wanted to let others view it. That’s where the difficulty came in.

My factory has a bifurcated network. The MFG network is for the manufacturing factory floor, while the FS network is for the corporate environment. The server hosting Ignition is in the MFG side. Since I work in IT, I’m set up as a special case and can access the MFG network from the FS network without issue. But this application will have to be viewed from both domains, and I cannot make every user a “special case” like me, or else why do we have the networks bifurcated in this way?

Anyway - has anyone else had an issue like this, and how did you solve it?

Fairly common problem, as bifurcated networks are a very good idea. (Crazy not to have this setup, in my not so humble opinion.) The most common solution is to dual-home the Ignition server. Which requires significant effort to manage security. At the very least, Ignition must be set up with a proper SSL cert for https. I won’t take responsibility for such systems if a Windows box. It does have the advantage that the DB can be anywhere on the corporate network, managed by IT pros.
The less common solution is to configure a suitable firewall to route traffic just to the Ignition server on the MFG network from the corporate network’s subnet(s). Instead of the special case for someone like you on the FS network to access the MFG network, the special case is for the bulk of the FS network to access the one target (one or two ports on one or two IP addresses) on the MFG network. I strongly recommend this approach for Ignition hosted on Windows.

1 Like