Thoughts on GE iFIX/Proficy Configuration/Operations Hub?

Seems GE has relatively recently realized they’re being left in the dust with with their aging iFIX product (flat database, dated HMI configuration) - with no support for global UDTs or HMI objects.

I know I’ve threatened to cancel my yearly support contracts a few times.

They’ve been hustling to remedy this. Looks like they’re pulling inspiration heavily from Ignition. New web-based configuration that supports templating and responsive web-based HMI development tools in new Configuration Hub and Operations Hub tools. OPC-UA support is new as well.

Unfortunately it looks like the pretty front-end still connects to an outdated backend - for example presumably the tag UDT “templating” tool still creates individual tags in the flat database, presumably using part of the tag name to reflect the UDT hierarchy. And I believe this is still a one-time template - existing instances don’t get updated if the template is modified.

I like the web-based (as opposed to JVM based) design decision, but presumably that limits it to Windows installs, though i think i remember from a webinar that they’re looking into container-based functionality as well.

I’d appreciate any other opinions/input?

I avoid recommending anything that requires Windows. Just too big an attack surface with all the office machines around. Hardly any organization is disciplined enough to keep malware and ransomware from spilling over onto the production side.

Linux isn’t perfect, by any means (Looking at you Linksys and Netgear, among others), but most serious security flaws in Linux are made impractical to exploit by the proliferation of distros with varying kernel compile options, combinatorial explosions of library versions and patches, and the disconnect between kernel and GUI. Most linux distros have been applying address space layout randomization on both kernel and shared objects for several years. Many have SELinux enforcing by default.

Self-deployed and pruned Linux installs are very difficult to target. More secure than anything else out there, IMNSHO.

Edit: Running containers on Windows via its Linux Subsystem is popular in many tech circles, but I think that’s just inviting the fox into the henhouse.

1 Like

watching webinar now… They’re comparing themselves against Inductive