web.direct 2.0 Setup: Browser -> mdex Gateway

Browser → mdex Gateway

The connection settings from the web browser (PC, smartphone, tablet, ...) to the mdex gateway are set here.


Connection settings

Port / protocol

It is advised to use an encrypted HTTPS connection on port 443 for transferring data from the browser to the mdex gateway.

Please note that this is not the setting for the required remote access port/protocol to the terminal device which can be found here Gateway → Terminal device

Selection: Description:
• 443 /HTTPS For most applications, an encrypted connection connection between browser and mdex gateway via HTTPS port 443 is recommended.
• 80 /HTTP Unencrypted connection between browser and mdex Gateway via HTTP port 80. Should only be used if, for example, there are problems using remote access via encrypted connection.

Due to technical reasons, there might be brief period of downtime up to 5 minutes when the port/protocol is modified.

The lock symbol in the graphic indicates whether the connection between browser and mdex gateway is secure or insecure. It shows if the connection is encrypted using HTTPS or unencrypted using HTTP.

Information about the realm: The default realm is usually 'mdex'. However, for specific projects 'Mdex Private Network' (MPN) realm may be in use. In this case ports/protocols of the specific realm must be used. The corresponding realm is also shown in the portal under 'Details' for each device.

Caching

The browser cache settings control how the browser stores and retrieves website content. This helps to reduce data transmissions and to improve access speed. It is essential to configure cache settings accurately to ensure that any stored content is always up-to-date.

Selection: Description:
• No caching: Web pages are continuously updated without any intermediate storage. The regular updates lead to increased data consumption.
• Default: The browser's cache settings are used.
• HTML only: Only HTML content is refreshed, while scripts and images remain unchanged.

 

Path (URL) This path is appended to the the web.direct URL link, for example to access a specific page in the terminal device. The path must begin with begin with a slash /, for example /motor - thus the page .../motor in the terminal device is accessed directly.
Session timeout (minutes) Maximum validity time of the web.direct link session in minutes. The session will be disconnected when exceeding this timeout. This can prevent unwanted data consumption in case a user forgets to close the browser after retrieving live images/videos of a webcam.

Security settings

Authentication

Sets the desired authentication when accessing the web.direct link. Changes to authentication lead to short timeouts of max. 5 minutes for technical reasons.

Selection: Description:
• None (direct link):

The web.direct link can be accessed without authentication.

Since the web server of the device can be accessed directly without authentication, the terminal device should be protected through a secure login password and the link should contain a hash.
• Global password: When accessing the web.direct link, the user must authenticate by using specified global password. The global password is applied in the link settings. Please note that changing the global password in link setting requires all other links using ‘Global password’ authentication to also use the same new password.
• Link password: When accessing the web.direct link, the user must authenticate by using the specific link password. The link password is applied in the link settings and only valid for this link. Changes to the password do not affect other links.
- no password generation: password must be set manually.
- password generation (12 characters): a 12-character password is generated automatically.
- from device: the preconfigured web.direct password is used.
• Portal account (OTP required):

When calling up the web.direct link, the user must authenticate using their mCOP portal access credentials (user name & password) and an additional one-time password for two-factor authentication (OTP).

All link usages (authentications) will be logged in the link ‘History’ window of the respective web.direct link.

Attention: If two-factor authentication has not been set up yet in the portal, these links cannot be used!

• Portal Account:

When calling up the web.direct link, the user must authenticate by using their mCOP portal access credentials (username & password).

All link usages (authentications) will be logged in the link ‘History’ window of the respective web.direct link.

 

Visibility /
Access

Mandatory entry: here you can specify either the visibility in the portal or the use (access) of the web.direct links. This depends on authentication settings described in section above:

Authentication:

Functionality:

• None (direct link)
• Global password
• Link password

= Visibility (Defines which user authorisation level can see the link in the portal).

• Portal account (OTP required)
• Portal account

= Access (Defines which user authorisation level can use the link. All link usages (authentications) are logged the link ‘History’ window of the respective web.direct link).

Authorisations:
As a rule, authorisations can be left with their default settings. However, it is also possible to restrict the use of web.direct for certain users based on user groups. Each partner can create user groups and users in the portal. The desired authorisations can be granted to user groups. The user group is then assigned to the respective user. One or more authorisations can be selected in web.direct links. A user granted access to this web.direct link according to the user group authorisation settings.

Selection: Description:
• WebDirect: Access web.direct links.
• WebDirectAdmin: Administrate web.direct links (customise or modify).
• WebDirectTemplateAdmin: Administrate web.direct templates.
• WebPortalAccess: Use the portal (mCOP).
• WebServiceAccess: Calling web.direct links.
• WebDirectAccessAdmin: Using web.direct links as ‘Administrator’ user.
• WebDirectAccessDealer: Using web.direct links as ‘Dealer’ user.
• WebdirectAccessDistributor: Using web.direct links as ‘Distributor’ user.
• WebDirectAccessLevel1-3: Using web.direct links as ‘Level 1, 2 or 3’ user.
• WebdirectAccessManufacturer: Using web.direct links as ‘Manufacturer’ user.
• WebDirectAccessService: Using web.direct links as ‘Service’ user.
• WebDirectAccessUser: Using web.direct links as normal ‘User’ user.

 

Example:

User A is assigned ‘WebDirectAdmin’ and ‘WebDirectService’ authorisations. User B is assigned just ‘WebDirectService’ authorisation.

If a link is setup with a link password and the visibility ‘WebDirectAdmin’, only user A can see the link. However, user A could pass the link password along with the link to user B, who could then also access the link.

If access is to be setup selectively, the link can be created using a portal account with ‘WebDirectAdmin’ access authorisation. In this case, only user A would be able to see and use the link, because the user need to login to the link using the portal access credentials.

The number of users and user groups authorised by the selected permissions is displayed to the right of the selection menu. The authorised users or user groups are displayed by clicking on the respective user icon or user group icon.

Hash (Predefined) A hash is used to cryptically obfuscate data so that it is no longer displayed in plain text.
A predefined hash can be set here, which is applied to every newly created web.direct link. For security reasons, it is recommended in particular if Authentification: ‘None (direct link)’ has been set.
Hash generation

The hash generation method can be defined here, so that every time a new web.direct link is created, it is automatically generated from optional Hash (Predefined).

Selection: Description:
• No hash: Only the optional Hash (predefined) is used.
• Hashes per link: The hash is generated based on the web.direct link.
(Each web.direct link has an individual hash.)
• Hashes per Device: The hash is generated based on the Device.
(All web.direct links of a Device have the same hash).
• Hashes per access hash: This method is outdated and should no longer be used!
• Hashes per template: The hash is generated based on the web.direct template.
(All web.direct links created using the template have the same hash).
• Hashes per VHOST:

The hash is generated based on the mdex realm.
(All web.direct links of a realm have the same hash).

Information: The realm is usually ‘mdex’. Only when using ‘Mdex Private Network' (MPN), the ports/protocols of desired realm must be selected. The respective realm is also displayed in the portal under ‘Details’ for the respective Device.

Link timeout (minutes) Optional: You have the option to set a time limit for the validity of a web.direct link. This allows you to create temporary links that can only be used for a specific number of minutes. Once this time limit is reached, the link will automatically be deactivated. To show this, a watch symbol is displayed in the graphics of such link.

 

More web.direct settings:

Templates
Link Presenation
Browser -> mdex Gateway
mdex Gateway -> Device

 

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section