In an effort to create a more unified support experience, we have moved support of our Knowledgebase to Rockwell Automation Tech Support.

If you would like to speak with one of our engineers, please Submit a Question or give us a call at the phone number here. In North America, To route your phone support request directly to a technical support engineer, call toll free 1-888-382-1583 or 1-440-646-3434, select Option 3 (Technical Support), then select Option 5 (More Options). When prompted, enter the ThinManager Direct Dial Code 201.

Difference between revisions of "TermSecure and View SE Security"

From ThinManager Knowledge Base
Jump to: navigation, search
 
Line 32: Line 32:
 
** Scroll down to find the TermMon control.
 
** Scroll down to find the TermMon control.
 
** Click OK.
 
** Click OK.
* Right click the newly added TermMon control and select Property Panel.
+
* Right click the newly added TermMon control and select Property Panel. (This is below the Properties for the ActiveX)
 
* Click the Properties tab.
 
* Click the Properties tab.
 
* Change the ExposeToVBA property to VBA Control.
 
* Change the ExposeToVBA property to VBA Control.

Latest revision as of 21:32, 22 February 2018

Overview

TermSecure is an additional layer of security provided by ThinManager. It can either hide applications from un-authorized users, called SecureAccess, or it can grant access to a user’s personal applications at any location, called SmartContext. Administrators may often want to integrate TermSecure with their HMI platform(s). In other words, when a user logs into TermSecure, they are automatically logged into the HMI environment as well with the proper credentials. In this article, two methods for this integration are described for Rockwell's FactoryTalk View SE human machine interface (HMI). Each TermSecure user can be configured to login to Windows in 1 of 4 ways using the TermSecure User Configuration Wizard (Windows Log In Information page of the wizard):

  1. Manually: User must manually enter Windows credentials when the session is launched.
  2. Automatically - Use Terminal Configuration Login Information: User is automatically logged into the session with the credentials specified for the Terminal Configuration.
  3. Automatically - Use TermSecure Username and Password: User is automatically logged into the session with the TermSecure username and password. This requires that a Windows user with the same credentials be created on the terminal server(s).
  4. Automatically - Specify a Windows Username and Password: User is automatically logged into the session with a separate set of credentials specified in the TermSecure User Configuration Wizard. This is an example of username and password obfuscation, which is an RSA security measure.
TermSecure User Configuration Wizard
TermSecure User Configuration Wizard – Windows Log In Information

Without TermMon ActiveX Control

Each Windows user that is associated with a TermSecure user must then be added as a linked user account within FactoryTalk Security. This can be accomplished using the FactoryTalk Administration Console. Right click the Users folder (under Network | System | Users and Groups) and select New | Windows-Linked User. Click the Add button from the New Windows-Linked User popup window. Browse or enter the desired Windows username. The newly created Windows-Linked User can then be added to the necessary FactoryTalk User Groups as desired. The security accounts are linked as such TermSecure User -> Windows User <- FactoryTalk Windows-Linked User. Within View Studio, the newly created Windows-Linked Users can be added to a View SE application and configured using the Runtime Security feature. From Runtime Security, Security Codes can be allowed or denied.


Note: In this scenario, when a new TermSecure user logs in, a new View SE session is launched. This is not the case when using the TermMon ActiveX Control (see below).


With TermMon ActiveX Control

  • Copy the TermMon.ocx to a location on each of your View SE terminal servers. The TermMon.ocx is included on the ThinManager install media when you purchase the product. If you are working from a demo license, it can be download from here: http://downloads.thinmanager.com
  • Register the TermMon.ocx ActiveX control on each your View SE terminal servers.
    • Open a command prompt as an Administrator.
For 32-bit OS, run:
c:\windows\system32\regsvr32 c:\Path\TermMon.ocx
For 64-bit OS, run:
c:\windows\syswow64\regsvr32 c:\Path\TermMon.ocx
  • Open View Studio.
  • Add the TermMon.ocx to a Window that is always visible within the View SE application (like a Navigation or Status bar).
    • In View SE 7.0, click the Objects menu item, then the ActiveX Control menu item.
    • Drag and size the control onto the selected window. It should be noted that the control renders invisible within View Studio.
    • Scroll down to find the TermMon control.
    • Click OK.
  • Right click the newly added TermMon control and select Property Panel. (This is below the Properties for the ActiveX)
  • Click the Properties tab.
  • Change the ExposeToVBA property to VBA Control.
  • Close the Property Panel.
  • Right click an empty part of the screen where you are placing the ActiveX control, and select VBA Code. This will open the VBA Editor.
  • Notice the Display item selected from the drop down list above the VBA Editor.
  • Select the Load event from the drop down list to the right. This will create a new Display_Load event subroutine. This event will fire when the display is first loaded,
  • Inside this event, enter the following: TermMonControl1.Enable (assumes the name of your control is TermMonControl1).
  • Select the Unload event from the adjacent drop down list. This will create the Display_Unload event subroutine event. This event will fire when the display is unloaded.
  • Inside this event, enter the following: TermMonControl1.Disable (assumes the name of your control is TermMonControl1).
  • Select TermMonControl1 from the drop down list at the top and the OnEvent event from the adjacent drop down list. This will create the TermMonControl1.OnEvent event. See the sample code below to see how to detect TermSecure security events, and in turn login/logout of View SE programmatically.
Private Sub Display_Load()

    ‘ Enable the ActiveX Control.
    TermMonControl1.Enable
    
End Sub

Private Sub Display_Unload()

    ‘ Disable the ActiveX Control.
    TermMonControl1.Disable
    
End Sub

' This event will fire automatically by the ActiveX control.
Private Sub TermMonControl1_OnEvent(ByVal EventCode As Integer)

    Dim password As String
    
    ' EventCode 8 => a new user has logged into TermSecure.
    If EventCode = 8 Then
    
        ' We will assume the TermSecureUsername is the same as the View SE username.
        ' If not, you would have to add a second assignment for the correct username
        ' in each Case statement below.
        
        ' Based on the TermSecure username, assign the correct password.
        Select Case TermMonControl1.TermSecureUsername
        
            Case "user1"
                
                password = "user1password"
            
            Case "user2"
        
                password = "user2password"
            
            Case "user3"
        
                password = "user3password"
                            
        End Select
            
        ' As long as the TermSecure username is not an empty string (which would imply
        ' a logoff has occurred), log the user into View SE.
        If TermMonControl1.TermSecureUsername <> "" Then
        
            Application.Login TermMonControl1.TermSecureUsername, password
            
        Else
        
            Application.Logout
            
        End If
                
    End If

End Sub