Publicly Accessing Vision Project via URL

#1

I have some clients working with Vision project remotely, which they can do over VPN. Is there a way to make the project publicly accessible? My understanding is that there are 2 options: Recreate project in Perspective or use WebDev module to create front end website that will execute queries on the gateway and send data back and forth via API.

Problem with Perspective, is almost all the windows in the Vision project use power tables with extension functions which doesn’t seem to have a counterpart in Perspective.

Thanks,

Josh

0 Likes

Ignition access thru the internet
#2

Hey Josh,

This is more of an IT/Networking question, since neither using Perspective or the WebDev module will make the screens publicly accessible. Even if you converted to Perspective or the WebDev module your clients would still not be able to use the screens without a VPN since the organization’s network is isolated from the public.

The (kind of) good news is you can solve this issue without moving away from Vision, by placing the Ignition Gateway in the Cloud or in a DMZ. This would allow your clients to install and use the Vision screens from anywhere in the world. It’s important to note that this is inherently insecure and definitely not recommended because anyone can now attempt to hack into the SCADA system from anywhere in the world without needing VPN credentials. This is what a VPN was invented for and it’s recommended to use it as is.

I would recommend talking to the IT department about this. They will most likely not feel comfortable exposing the SCADA gateway, but may have other options, such as temporary logins, to make it easier for outside users to see the screens.

Anthony

1 Like

#3

Anthony,

Thanks for the input. We actually moved away from client side soft VPN to having clients connect to a wireless access point connected to a Meraki Z3 gateway with a 24/7 VPN tunnel to the cloud server where the gateway lives.

Just did some testing yesterday and looks like it is working. This eliminates hassle clients deal with setting up VPN with IT help desk, domain password changes effecting VPN, and general client side VPN issues. All the clients have to do now is connect to Wifi SSID and they are already in the tunnel (outbound/inbound allowed for port 8088). Performance appears to be good in terms of read/write in SQL.

  • Josh
2 Likes