wVijeo Connect

EIO0000002451 02/2017

EIO

0000

0024

51.0

3

www.schneider-electric.com

Vijeo ConnectUser GuideFor Security Setting02/2017

The information provided in this documentation contains general descriptions and/or technical characteristics of the performance of the products contained herein. This documentation is not intended as a substitute for and is not to be used for determining suitability or reliability of these products for specific user applications. It is the duty of any such user or integrator to perform the appropriate and complete risk analysis, evaluation and testing of the products with respect to the relevant specific application or use thereof. Neither Schneider Electric nor any of its affiliates or subsidiaries shall be responsible or liable for misuse of the information contained herein. If you have any suggestions for improvements or amendments or have found errors in this publication, please notify us. No part of this document may be reproduced in any form or by any means, electronic or mechanical, including photocopying, without express written permission of Schneider Electric.All pertinent state, regional, and local safety regulations must be observed when installing and using this product. For reasons of safety and to help ensure compliance with documented system data, only the manufacturer should perform repairs to components.When devices are used for applications with technical safety requirements, the relevant instructions must be followed. Failure to use Schneider Electric software or approved software with our hardware products may result in injury, harm, or improper operating results.Failure to observe this information can result in injury or equipment damage.TRADEMARKSSchneider Electric has made every effort to supply trademark information about company names, products, and services mentioned in this manual.Vijeo Designer, Vijeo XD, Vijeo XL, Vijeo Design'Air and SoMachine are either registered trademarks or trademarks of Schneider Electric.iPC (Industrial Personal Computer) is either registered trademark or trademark of Schneider Electric.Microsoft, Windows, Windows Vista, Windows Server, Internet Explorer, Windows Media, Excel, Visio, DirectX, Visual Basic, Visual C++, and Visual Studio are registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.GateManager, LinkManager, SiteManager, are registered trademarks of Secomea A/S.All other brands and products referenced in this document are acknowledged to be the trademarks or registered trademarks of their respective holders.© 2017 Schneider Electric. All Rights Reserved.

2 EIO0000002451 02/2017

Table of Contents

Safety Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5About the Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Password Strength for Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 2 GateManager Portal Login . . . . . . . . . . . . . . . . . . . . . . . 11Secure Login Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Create Administrator Accounts with X.509 Certificate. . . . . . . . . . . . . 15

Chapter 3 LinkManager Mobile Login . . . . . . . . . . . . . . . . . . . . . . . 17Secure Login Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Chapter 4 LinkManager Windows Client . . . . . . . . . . . . . . . . . . . . . 19Handling Certificate When Installed In LinkManager. . . . . . . . . . . . . . 19

Chapter 5 SiteManager Configuration GUI . . . . . . . . . . . . . . . . . . . 21Login Settings for Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

EIO0000002451 02/2017 3

4 EIO0000002451 02/2017

Safety Information

Important Information

NOTICERead these instructions carefully, and look at the equipment to become familiar with the device before trying to install, operate, service, or maintain it. The following special messages may appear throughout this documentation or on the equipment to warn of potential hazards or to call attention to information that clarifies or simplifies a procedure.

EIO0000002451 02/2017 5

PLEASE NOTEElectrical equipment should be installed, operated, serviced, and maintained only by qualified personnel. No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this material.A qualified person is one who has skills and knowledge related to the construction and operation of electrical equipment and its installation, and has received safety training to recognize and avoid the hazards involved.

Before You Begin

WARNINGUNINTENDED EQUIPMENT OPERATION Only use software approved by Schneider Electric for use with this equipment. Update your application program every time you change the physical hardware configuration.Failure to follow these instructions can result in death, serious injury, or equipment damage.

6 EIO0000002451 02/2017

About the Book

At a Glance

Document ScopeThis document describes the connection setup, connection status, and operation of Vijeo Connect. The Vijeo Connect provides secure remote access to our customers as if you were on site (allow remote programming just as you are on site to save travel cost and reduce machine downtime).NOTE: Read and understand this document and all related documents before installing, operating, or maintaining your Vijeo Connect.The Vijeo Connect users should read through the entire document to understand all features.

Validity NoteThis document has been updated for the release of Vijeo Designer V6.2 SP5.1, SoMachine V4.3 and Vijeo XD V2.4.

Related Documents

Title of Documentation Reference NumberVijeo Connect User Guide for GateManager EIO0000002449 (ENG)

EIO0000002563 (FRE)EIO0000002564 (GER)EIO0000002565 (SPA)EIO0000002566 (ITA)EIO0000002567 (CHA)

Vijeo Connect Troubleshooting Guide for LinkManager (Starting and Connecting)

EIO0000002450 (ENG)EIO0000002568 (FRE)EIO0000002569 (GER)EIO0000002570 (SPA)EIO0000002571 (ITA)EIO0000002572 (CHS)

EIO0000002451 02/2017 7

You can download these technical publications and other technical information from our website at http://www.schneider-electric.com/en/download

Vijeo Connect Troubleshooting Guide for SiteManager EIO0000002452 (ENG)EIO0000002578 (FRE)EIO0000002579 (GER)EIO0000002580 (SPA)EIO0000002581 (ITA)EIO0000002582 (CHS)

Title of Documentation Reference Number

8 EIO0000002451 02/2017

Vijeo Connect

EIO0000002451 02/2017

Introduction

Chapter 1Introduction

Password Strength for Accounts

There is ongoing debate about what constitutes a strong password.Combined with the fact that most accounts on GateManager login are based on two factor login. It was decided that the GateManager will not enforce password strength or length when creating accounts.By release 7.0 of the GateManager, the minimum password strength for manually created passwords follows an algorithm based on the following: Upper case characters, Lower case characters, Digits (numbers), Special characters.By default, a manually created password is enforced to contain at minimum, the following: For passwords 4 to 7 characters long, all of the above must exist, For passwords 5 to 8 characters long, 3 of the above must exist, For passwords 9 characters or longer, 2 of the above must exist.For example, the following passwords are allowed: 1aB#, 1111aaaaa, 11aaBBB.

EIO0000002451 02/2017 9

To set up a more secure password, create the password following the steps below.1. Select the Auto password check box. This ensures a password of: 12 characters consisting of numbers and lower and upper case letters for administrator and

LinkManager accounts. 10 characters consist of lower case letters followed by digits for LinkManager Mobile

accounts.

2. If you have reason to define the password manually, at a minimum, set up the passwords where the entry field turns green (by combining upper/lower case letters, numbers and symbols). By default, you cannot create a weak password (field color: orange).

NOTE: When a user changes the password from the My Account tab, GateManager by default requires a minimum nine characters with letters and numbers for the password.

10 EIO0000002451 02/2017

Vijeo ConnectGateManager Portal LoginEIO0000002451 02/2017

GateManager Portal Login

Chapter 2GateManager Portal Login

What Is in This Chapter?This chapter contains the following topics:

Topic PageSecure Login Method 12Create Administrator Accounts with X.509 Certificate 15

EIO0000002451 02/2017 11

GateManager Portal Login

Secure Login Method

OverviewWhen logging into the Vijeo Connect portal, confirm the address line of the browser that indicates a secure website, and the address line matches with your email account. Follow this precaution to minimize Man-in-the-middle attacks.

12 EIO0000002451 02/2017

GateManager Portal Login

If an https Web server certificate has not been installed on the GateManager, temporarily you may have to accept logging into an untrusted GateManager server.

EIO0000002451 02/2017 13

GateManager Portal Login

Always verify with your GateManager administrator that this is acceptable.

14 EIO0000002451 02/2017

GateManager Portal Login

Create Administrator Accounts with X.509 Certificate

With GateManager, you can create an administrator account without a X.509 certificate. Do this only for initial internal testing before placing the server into production.Change all administrator accounts to use X.509 certificate before placing into production.

You may have reasons for creating accounts with username and password authentication only. For instance, if you need to login from a tablet, it cannot store reference files.Confirm that the access to account is limited to only what is relevant for the administrator account.Do not create a username/password only account for a server administrator account. If you are a server administrator on your own GateManager, a new GateManager installation includes a default temporary server administrator account with username/password only. Always follow the instructions in the installation guides to either change or delete this account.

EIO0000002451 02/2017 15

GateManager Portal Login

16 EIO0000002451 02/2017

Vijeo ConnectLinkManager Mobile LoginEIO0000002451 02/2017

LinkManager Mobile Login

Chapter 3LinkManager Mobile Login

Secure Login Method

OverviewWhen logging into the GateManager portal login, confirm the address line of the browser that indicates a secure website, and the address line matches with your email account. Follow this precaution to minimize Man-in-the-middle attacks.

The email account omits the \app\ path as GateManager automatically launches LinkManager Mobile if the server is accessed without a path.

If an https Web server certificate has not been installed on the GateManager, temporarily you may have to accept logging into an untrusted GateManager server.

EIO0000002451 02/2017 17

LinkManager Mobile Login

Always verify with your GateManager administrator that this is acceptable.

18 EIO0000002451 02/2017

Vijeo ConnectLinkManager Windows ClientEIO0000002451 02/2017

LinkManager Windows Client

Chapter 4LinkManager Windows Client

Handling Certificate When Installed In LinkManager

After the X.509 certificate file (*.lmc) received in the account information email is installed in the LinkManager, you may delete the certificate from your hard drive.The LinkManager executable is signed by a certificate that is issued by VeriSign and is pre-approved by Windows. As a result, when installing or upgrading LinkManager, the Open File - Security Warning dialog box should not appear. If such warning is displayed during installation, cancel the installation and notify the supplier of the software package about that unexpected behavior.

EIO0000002451 02/2017 19

LinkManager Windows Client

20 EIO0000002451 02/2017

Vijeo ConnectSiteManager Configuration GUIEIO0000002451 02/2017

SiteManager Configuration GUI

Chapter 5SiteManager Configuration GUI

Login Settings for Remote Access

GateManager administrator or LinkManager user with access to the domain where the SiteManager is located, can remotely access the SiteManager GUI (Graphical User Interface).You can limit access, so remote access to the configuration requires the local password, or you can prevent remote access entirely.From the menu, select GateManager → General, click [more>>], and then change the Go To Appliance setting.

NOTE: Be careful if you are considering this, as your remote service partner may require remote access to assist you in configuring the SiteManager. Additionally, all remote access is logged on the GateManager server.

EIO0000002451 02/2017 21

SiteManager Configuration GUI

22 EIO0000002451 02/2017

Vijeo ConnectGlossaryEIO0000002451 02/2017

Glossary

AAgent

Generic term for display units and external devices that SiteManager Embedded allowed to connect to the network. The number of units (Agents) you can register differs depending on your license.

Ddevice/PLC

Indicates a device, such as a PLC (Programmable Logic Controller), that connects to a display unit.

display unitIndicates a touch-panel display unit manufactured by Schneider Electric for displaying the screen interface designed in Screen Editor & Logic Program Software.

GGateManager

It is used for user administration and access control for LinkManagers, and acts as communication broker between LinkManagers and SiteManagers.

LLinkManager

The software installed on your computer, allows remote access to SiteManager and/or devices represented by agents on the SiteManager.

LinkManager MobileA service on the GateManager, allows remote access to web enabled and VNC/RDP (Virtual Network Computing/Remote Desktop Protocol) devices from a browser.

EIO0000002451 02/2017 23

Glossary

SSiteManager

Refers to display units on the work site connected to the Vijeo Connect network.

SiteManager EmbeddedSoftware used to set up access to the Vijeo Connect network. This software may not be required as you can set up the network connection from the offline screen of some display units.

SiteManager Embedded BasicOne of the license formats required to use SiteManager Embedded. Allows access to the display unit and registration of up to two agents.

SiteManager Embedded ExtendedOne of the license formats required to use SiteManager Embedded. Allows access to external IP devices – such as PLCs, IPCs, server, Web camera, and so on, on the same network as the display unit, and registration of five agents or more.

screen editor & logic program softwareIndicates WebGate for Vijeo Designer.

24 EIO0000002451 02/2017