Mobile Thin Client Computing Made Easy

 App Story, Education, General, iOS, Real World ThinManager  No Responses »
Jul 032012
 

ThinManager Mobile for iOS is an iPhone or iPad app that can be downloaded for free from the Apple App Store. It allows you to connect to your ThinManager and manage it from your iPhone or iPad. You can shadow clients, change their configuration, restart, or disable them from the palm of your hand.

To use the ThinManager Mobile iOS app, simply visit the ThinManager Mobile page to download the Proxy Server.  After downloading, click the .exe file and the Proxy Server will install itself on your ThinManager Server and function as a service that will allow your mobile devices to talk to the SQL database.

After you have finished the Proxy Server installation, you can visit the iTunes store to download the mobile app.  Once installed on your iOS mobile device, ThinManager Mobile will allow your device to talk to your ThinManager Server via the Proxy Server, as well as continulously downloading current configuration settings from the SQL database.  This not only allows the user to change client configurations from anywhere, but its default setting is to continue running in the background so that there is always an updated connection available.

To see a video demonstration of ThinManager Mobile iOS visit  ThinManager TV

For more information click here to view the full ThinManager Mobile Tech Notes

Real Security Is About Prevention Not Recovery

 App Story, Real World ThinManager, Security  No Responses »
Jun 202012
 

Over the last few months, we have been hearing more and more about the Stuxnet Worm.  Originating in 2007, it became a topic of conversation in the main stream media after its global deployment in 2010.  At the time, Symantec reported that less than 2% of all known Stuxnet infections were on machines in the United States.  Now, almost two years later, it is once again front and center for both its relationship to the newly discovered Flame malware, and recent surge in infecting new networks and machines.

Unlike most malware, Stuxnet does little harm to computers and networks that do not meet specific configuration requirements. “The attackers took great care to make sure that only their designated targets were hit.  It was a marksman’s job,” stated Ralph Langer, an independent security expert who was one of the first to decode Stuxnet.  While the worm is destructive, it makes itself inert if specific industrial control software is not found on infected computers and contains safeguards to prevent infected computers from spreading the worm to more than three others.

For its targets, Stuxnet contains code for an attack that replicates industrial process control sensor signals so an infected system does not shut down due to abnormal behavior. It is initially spread using infected removable drives such as USB flash drives, and then uses other exploits and techniques such as peer-to-peer RPC to infect and update other computers inside private networks that are not directly connected to the Internet.  Such complexity is very unusual for malware and one of the reasons why it continues to spread today.

The entirety of the Stuxnet code has not yet been disclosed, but it targets only those SCADA configurations that meet criteria it is programmed to identify.  Stuxnet installs malware into a memory block of the PLC that monitors the messaging bus of the system.  When certain criteria are met, it periodically modifies the frequency, and thus affects the operation of the connected motors by changing their rotational speed.  It also installs a rootkit that hides the malware on the system and masks the changes in rotational speed from monitoring systems.

Many companies such as Siemens and Symantec have developed tools for detection and removal of Stuxnet.  The worm’s ability to reprogram external PLCs may complicate the removal procedure. Experts warn that fixing the operating system may not completely solve the infection, and a thorough audit of PLCs may be necessary. Prevention of viral infections like Stuxnet is a topic that is currently being addressed in both the public and the private sector.  Several industry organizations and professional groups have recently published standards and best practice guidelines providing direction and guidance for control system end-users on how to establish a proper security management program.

While there is a big increase in both delivery of Stuxnet via Flame into new host networks and discussion about how to best protect against future infections, there has been very little conversation about this in ThinManager headquarters.  Fortunately, ThinManager is uniquely qualified to provide protection from attacks originating both outside, as well as inside, any industrial network.  The ThinManager Platform default configuration does not allow a mountable USB device to be read or used at any thin client within its network.  As such, these new viruses and threats that are becoming more and more common with the advent of BYOD policies have no default point of entry into a ThinManager network.

ThinManager also provides additional layers of internal protection via their TermSecure function, which allows administrators to keep Windows user login information hidden from end users.  This additional layer of security means that even if a user’s information were compromised or stolen, it could only provide access to the thin clients, which do not contain any stored data.  TermSecure can also limit specific user access to specific terminals throughout any facility.  This feature ensures that a single employee can’t infect multiple machines through external access or third party devices.  Additional hardware is also supported for those looking to implement an RFID or FOB protocol.  By delineating specific user access, ThinManager greatly reduces your risk of infection.

In the world of malware, viruses, and hackers, the cure is often found too late to prevent catastrophic loss to an industrial facility.  Using a secure platform to operate your modern factory floor operations should be the first consideration when developing your network. A platform that PREVENTS intrusion like ThinManager, instead of one that will respond well to fixes and patches after the fact, should be the standard because security is now more important than ever.

Chevron North America Exploration & Production using ThinManager to power production

 App Story, General, News  1 Response »
Mar 122012
 

Since 1879, Chevron has been on the cutting edge of exploration and innovation. Over the years they have grown and changed with the times and have always continued to evolve along with the needs of the world. Today, they are not only one of the largest companies in the world; they are a global leader in technology. When Chevron needed a new technology for plant management, they chose ThinManager.

Time to Upgrade

For years, Chevron had used custom built remote units for their facilities to work within custom parameters specific to their industry regulations. After years of dealing with the added resource cost in cash and labor, a project manager made the suggestion to switch to thin clients as a hardware solution at a specific plant. The suggestion was met with approval and they began the task of searching for a thin client management platform that could meet their needs.

Another Great Discovery

After using the same HMI over the last decade for their basic platform and integration services, it was time to look beyond the known and find the next piece of the puzzle. While searching and calling around to other software companies and integrators, they encountered the answer in their own backyard. The ThinManager Roadshow came to town, and after experiencing the hands-on demonstration and seeing ThinManager in action, the decision was made to begin implementation. The decision to change from PC “fat clients” to a complete thin client install was made for them by the sheer effectiveness of the ThinManager platform demonstration they attended.

Measure Twice, Cut Once

Deciding to not rush into anything, Chevron decided to move forward with a single plant deployment of ThinManager. “My intent with this project was to get the most out of every piece of technology,” said B.K. Wallace, the Infrastructure Server Analyst overseeing the project. He brought in new servers and updated to InTouch 10 and Windows server 2008. Then, with the help of his current HMI integrator, he began tying together all his systems to take advantage of the ThinManager MultiMonitor feature. After initial testing, everything worked well together and full test deployment was underway.

Planning for Success

The goal for the planned integration was to install two Terminal Servers and thin clients in place of eight PC “fat clients” and to deploy ThinManager in conjunction with their HMI software. By making use of MultiMonitor, IP Cameras, and TermSecure, they planned to set up an efficient and secure operation by using Smart HID cards to create an audit trail while allowing for a supervisor to view what was happening at every station via a centralized terminal that could display 5 client screens simultaneously. “Before, we could only shadow a single HMI with our old brick,” stated B.K. Wallace.

More than Affordable

Even while looking to build the most modern system available, cost was still a factor. Over the course of deployment, they were able to sell their old licenses to defray upgrade costs. By purchasing a Mirrored 5-Pack of ThinManager 5.0 XLi licenses from ACP, they were able to take advantage of every available ThinManager feature. With the additional purchase of COMP Support for 1 year, they not only receive one year of support, but also get all version upgrades at no cost. “The first thing I plan to do when we complete deployment is to upgrade our other plants with ThinManager 6.0.”

What about Tomorrow?

Even though they are still completing their test deployment by running the platform in parallel to their current system, they are already looking into the future. With a process control group that spans from Alabama to Wyoming, and 180 servers, there is room for a massive deployment in the future. “This plant will be the footprint for all our CO2 plants around the country.”

Upgrading a Glass Coating Plant

 App Story, News  No Responses »
Jun 072000
 

Several years ago, a glass manufacturer was building a new glass coating facility. They wanted to use all the latest technology, especially for the control and monitoring system. It was decided that one of the new MS-Windows based HMI packages, Wonderware, would be used.

The operator interface screens (HMI or Human Machine Interface) were used to monitor every aspect of the coating operation. A particular challenge in this application is that the customer wanted almost all of the points needed for process monitoring displayed at the same time. This resulted in a main display consisting of tiled InTouch screens showing about 1500 points. These screens are displayed almost all of the time

The control system consisted of 3 industrial computers in the main control room and 2 on the manufacturing floor. Each computer ran Microsoft’s Windows 3.1 and WonderWare’s Intouch HMI package. Two large PLCs were responsible for controlling the manufacturing process – one PLC for each of the manufacturing floor PCs – with Ethernet communications between the PC and the PLC. All required data was then distributed to the other PCs via NetDDE. The system performed very well, but over the time many limitations were discovered. The following is a list of the major issues:

  1. The PCs had frequent hardware failures. The Disk Drives were especially prone to failure.
  2. Windows 3.1 was not stable in this application. A PC may run for a couple days or weeks, but eventually it would crash. This included frequent NetDDE crashes because of the excessive NetDDE traffic.
  3. When one of the PCs crashed it was necessary to turn off all PCs and restart them in a specific order.
  4. When making WonderWare changes, the PCs had to be brought down and the changes had to be copied to all PCs.
  5. A full backup of each PC had to be maintained.

Because of system age and reliability problems, this company decided that it was time to upgrade the control and monitoring system. The main goal of the replacement system was to eliminate the problems of the old system, and they picked Automation Control Products (ACP) Thin Client computers to replace the Industrial PCs.

A PC running Windows NT Terminal Server was located in a climate controlled computer room, with ACP’s Thin Clients replacing the existing Industrial PCs in the control room and on the manufacturing floor. The server was responsible for communicating to both PLCs via Ethernet. This new system resolved the problems of the old system as follows:

  1. ACP’s Thin Clients have no disk drives (or other moving parts) so the reliability is significantly increased.
  2. System uptime has improved. In the first three months of operation, there have been no Thin Client related failures and, more importantly, no loss of production as a result of the new system.
  3. No Thin Clients have failed. If a Client was to fail, however, it can simply be replaced without impacting the rest of the system.
  4. WonderWare changes only have to be made on the Server PC – the new screens are displayed when the Clients visit them, and no computer has to be restarted.
  5. Only one backup of the Server PC needs to be performed. This single backup takes care of the entire system.

This company is now looking forward to the continued benefits of Thin Client technology, and the ease of future system expansions.