Thin Client for Java

Alex - that thin client looks good to me. I would opt for the one with 2 Gigs of RAM instead of 1. Running the gateway all the time shouldn’t cause much strain on the thin client. Your architecture resembles the emergency model. For your situation, I would keep the local (panel) projects simple so that you don’t have to keep updating the project on every station with every minor change.

Dennis - that worm looks pretty specific to Siemens S7 products running on Windows. Could you describe what happened on your network?

Nathan: Thanks looking at the Java thin client stuff.

We have not had an infestation of that particular worm. We only have Modicon and AB in our plants. The Windows security issues are the reason I have been looking into Ignition on Linux and for a Linux thin client.

There has to be a better way and I believe Ignition is a part of that.

Thanks

Dennis

Dennis - my .02 and industrial security 101: You can create a secure network on either platform. With Windows this involves a lot of patching - something that scares a lot of Industrial Software vendors for compatibility reasons. Linux requires some, but less, and tends to be less vulnerable to the common malware going around. If these systems are rarely updated, which is far from ideal, but common in our industry, I would say Linux takes the advantage. Users are less likely to be able to tinker, but your support staff may not be familiar with it.

The key is to follow basic (IT) industry good security practices. First and foremost, let your IT department do their job - use the products and standards that they’re comfortable with. This will take you much farther than “magic bullet” products or ideas. Isolate your control network when possible, use VPNs for remote access, apply firewalls/IDS/IPS, have an antivirus/removable media policy, backup/recover plan, etc, etc. Your largest security vulnerability will likely come in the form of “legacy” - that old system running NT or Windows 2000, network accessible PCs running DCOM (OPC-DA) applications, reliance on software with hard coded passwords (like the worm exploits). Most likely you’ll have a few of these, just do your best to mitigate the vulnerabilities - use OPC tunnellers, put “high risk” machines in a DMZ and PLCs on a separate network, update your OS and antivirus signatures, etc. The game is balancing your operational requirements with risk to a point of acceptance.

Thin clients are a great strategy for HMI/SCADA clients in a controls network. Besides a lower initial price tag, they offer additional benefits in terms of total cost of ownership - the lifecycle is about 2 years longer than a standard PC, plus they require less IT effort to support. You can certainly achieve as secure a network as you need with Ignition - on whatever operating system and platform suits your environment.

Dennis - You are fortunate that you have the leeway to play around with other systems, and I definitely know what you mean about the “issues” with Windows.

Alex - We have tried running the full version of Ignition (less the DB) on a thin client - it works on the one with larger memory (2GB/4GB) but not on the smaller (1GB/2GB) because of the lack of memory. Java itself takes up most of the memory requirements when running. Well worth it to always purchase the larger memory unit, because it’s less than $100 more and gives you much more flexibility.

It’s time to poll the troops again on this.

What’s new?

What’s working?

What’s inexpensive?

What’s self-contained?

Experiences to share?

Thanks

Dennis

Well of course now you have the Mobile Module to work with, which doesn’t require JavaSE. All it requires is a capable web browser, so your options are greatly expanded to a whole new class of consumer-oriented mobile devices (tablets/phones)

Granted, Mobile is nice and is necessary, but I am looking for panels to mount to a machine. We have hundreds of HMIs, which would be better served with thin clients.

I posted the message to prompt sharing of information.

A really inexpensive solution would be to mount an iPad2 on every machine, but theft and the cost of the back end would be a problem.

We are looking forward to the 2D design and “compound objects” stuff that comes in the future.

Any possibility of assignment of rights to tags/folders in the realtime tag database? If Barney Rubble, who has administrator rights includes a set of tags, then Fred Flinstone, who also has administrator rights should not be able to remove them.

Maybe this makes the case for more granularity in the authenication system. You need a set of Tag/Folder Owner privilages. Something to think about.

You also need Device Owner privilages.

I hope you have a good weekend.

Yeah, more fine-grained control over designer-oriented tasks would be a good idea.

Dennis,

We have not tried the Linux version. The Windows unit comes completely licensed. We get the 2GB/4GB model. All we have to do is load Java and the touch screen drivers, and it’s ready to go. If you try the Linux model, please post your thoughts, we’d be interested in hearing if you like it better. Thanks.

scott_st:

You are still referring to the C90LEW?

I’ve started using Foxconn’s Nettop PC’s:

http://www.newegg.com/Product/Product.aspx?Item=N82E16856119034

With 2GB Ram and 32GB SSD, that puts me at about 280 dollars. Add about 140 dollars if you stick Win7 Pro on it, although you can still get XP OEM versions for about 80.

I also have a few boxes with Ubuntu on it. They run dipslay boards that have no ActiveX requirements. If it wasn’t for the ActiveX thing, they’d all be on Ubuntu!

The XP machines are running Panel Edition with no issues as of this writing, but I’ll be sure to tell you if there is.

Dennis,
I was still referring to the C90LEW. Also, we have been using the Hope Industrial touch screens, which the [Elo] drivers are apparently (I wasn’t aware) loaded on all of Wyse’s thin clients except the C90LEW. But supposedly they can be loaded from the factory.

Anyone have any experience with Mysaifu JVM? It is an open source JVM for WinCE.

Dennis

[quote=“DennisWomack”]Anyone have any experience with Mysaifu JVM? It is an open source JVM for WinCE.

Dennis[/quote]

Warning, we use the following super-duper-unreliable-not-guaranteed-to-be-there JVM options:

-XX:PermSize
-XX:MaxPermSize
-XX:+UseConcMarkSweepGC
-XX:+CMSClassUnloadingEnabled
-XX:+CMSPermGenSweepingEnabled

Other JVMs likely don’t have these options, and Ignition’s stability is not guranteed on them!

So, Kevin help me understand your message.

Are you saying Ignition is normally used with the Sun/Oracle JRE with those command line options you mentioned?

Or, are you saying if we try to use the Mysaifu with WinCE, then we need to set those command line options?

I was wondering if anybody had even tried Mysaifu to see if Ignition would work with it.

Still looking for a touch panel, WinCE based, configured by the vendor, that could support Ignition.

I guess my preference would be to be able to by a standard product that could have the JRE installed and we just install Ignition. This is looking at Panel Edition as a fallback mode.

Thanks for all your hard work.

Dennis

[quote=“DennisWomack”]So, Kevin help me understand your message.

Are you saying Ignition is normally used with the Sun/Oracle JRE with those command line options you mentioned?

Or, are you saying if we try to use the Mysaifu with WinCE, then we need to set those command line options?

I was wondering if anybody had even tried Mysaifu to see if Ignition would work with it.

Still looking for a touch panel, WinCE based, configured by the vendor, that could support Ignition.

I guess my preference would be to be able to by a standard product that could have the JRE installed and we just install Ignition. This is looking at Panel Edition as a fallback mode.

Thanks for all your hard work.

Dennis[/quote]

We normally use it with the Sun/Oracle JRE and those options set. I don’t believe other JRE’s even have those options.

Ignition would probably still run, but you would be in uncharted territory because those options affect garbage collection and memory usage/leaks related to soft restarts.

That’s what I expected.

Thanks, Kevin.

Linux may still be the best option. I know it will work.

Dennis

Hi,

I have one application where we would like to put in place some linux based thin clients as part of a redundant controls scheme for a Water treatment Plant. Ideally I’d like for it to be a touch screen so that I can package it completely inside a control panel without having to worry about the attached keyboard and mouse.

Does anyone know if there are industrial touch screens out there that have linux drivers available? Otherwise we may have to go with either a non-touchscreen option, or install a Win XP option such as the Wyse thin client mentioned previously in this thread.

Thoughts?

Alex

Have you tried Advantech?

Just did an entire line using their 19" touchscreen touch monitors along with the Foxconn Nettop PC I mentioned earlier. Got the Penmount driver working under Ubuntu without a hiccup.

Unfortunately, I had to go to XP because I was having issues routing through the wireless connection to the hard-wired PLC connection and keeping it stable-- admittedly the problem was probably between the chair and the keyboard on that one! :unamused:

Aside from my infrastructure issues, though, I was very pleased with this setup under Ubuntu-- and I was able to put it together for about $1280 each! :smiley:

Monitor: $990
PC: $170
2Gb Memory: $30
32Gb SSD: $90