web.direct Settings: Browser -> mdex Gateway

This description applies to the web.direct integrated in DevicePro and mCOP 2.0, which is a further development of the original web.direct (Legacy).

Contents:
Connection Settings
   Port / Protocol
   Caching
   Path (URL)
   Session Timeout (Minutes)
   Security Settings

Authentication
   Visibility
   Hash (Predefined)
   Hash Generation
   Link Timeout (Minutes)

More web.direct settings

Browser → mdex Gateway

Here the connection settings from the web browser (PC, smartphone, tablet, ...) to the mdex Gateway are configured.

Connection Settings

Port / Protocol

It is recommended to conduct data transmission from the browser to the mdex Gateway via an encrypted HTTPS connection on port 443.

Please note that this setting should not be confused with the required port/protocol setting for remote access to the end device, which is made under Gateway → Device. 

• 443 /HTTPS
  For most applications, an encrypted connection between the browser and the mdex Gateway via the HTTPS port 443 is recommended. A padlock symbol is then integrated in the above graphic.
• 80 /HTTP
  Unencrypted connection between browser and mdex Gateway via HTTP port 80. This setting should only be used if there are, for example, problems with remote access using the encrypted connection. 
• Force Port
  This option ensures that the connection between the browser and the gateway occurs exclusively via the configured protocol. For example, if port 443/HTTPS is set, access is only possible via the web.direct URL https://... and not via http://... .

Due to technical reasons, there may be short-term downtimes of up to 5 minutes when the 'Port/Protocol' setting is changed.

The padlock symbol in the graphic indicates whether an unencrypted (insecure) HTTP connection or an encrypted (secure) HTTPS connection has been established between the browser and the mdex Gateway.

Information about the Realm: 
The realm is usually "mdex". Only if the user uses a 'Mdex Private Network' (MPN) in projects must the ports/protocols of the desired realm be selected. The respective realm is also displayed in the portal under "Details" for the respective access. 

Caching

The browser cache settings determine whether and how the browser caches web page content to reduce data transmission and improve access times. It is important to configure the cache settings correctly to ensure that cached content is up to date.

• No Caching
  No caching of web page content takes place; instead, it is always updated. Regular updating results in increased data consumption. 
• Default
  The browser's cache settings are used. 
• HTML Only: 
  Only HTML content is updated, but no scripts or images.

Path (URL)

This path is appended to the URL of the web.direct link to access, for example, specific pages on the end device. The path must begin with a forward slash /, for example /motor. This directly accesses the page .../motor on the end device.

Session timeout (minutes)

Maximum validity of a web.direct link in minutes. After the set time period expires, the session is disconnected. This prevents unwanted data consumption if, for example, a browser was forgotten to be closed after accessing live images/videos of a webcam.

Security settings

Authentication

Setting the desired authentication when calling the web.direct link. Changes to authentication technically cause short downtimes of max. 5 minutes.

• None (Direct Link)
  The web.direct link can be accessed without the user having to authenticate. Since this makes the web server of the end device directly accessible without authentication, the end device should definitely be protected with a secure login password and the link should contain a Hash. 

• Global Password
  When calling the web.direct link, the user must generally authenticate with the set global password. It does not matter whether the user is logged into the portal or uses the URL of the web.direct link outside the portal. The global password is identical for all web.direct links of this access/device. 

  Note that when the global password is changed, all other web.direct links of this access/device with the authentication "Global Password" must also use this new password. 

• Link Password
  When calling the web.direct link, the user must generally authenticate with the set link password to use the web.direct link.
  It does not matter whether the user is logged into the portal or uses the URL of the web.direct link outside the portal. 
  The link password is set when the link is added and is only valid for this link. Changes to the password do not affect other links.
  • No password generation: A password must be set manually.
  • Password generation (12 characters): A 12-character password is automatically generated.
  • From access: The preset web.direct password is used.

• Portal Account
  If the user is logged into the DevicePro or mCOP 2.0 portal and the web.direct link is called with the 'Open' button, no additional authentication is required to use the web.direct .

  Only when using the URL of the web.direct link outside the portal is it necessary for the user to authenticate with their portal login data (username and password) for SIMPro/DevicePro or mCOP 2.0.

  The use of web.direct (authentication) is logged for the respective web.direct link in the "History" window.

• Portal Account (OTP required)
  If the user is logged into the DevicePro or mCOP 2.0 portal and the web.direct link is called with the 'Open' button, no additional authentication is required to use the web.direct .

  Only when using the URL of the web.direct link outside the portal is it necessary for the user to authenticate with their SIMPro or mCOP portal login data (username and password as well as the 'One-Time Password' (OTP) of two-factor authentication).

  If mdex mCOP users have not yet set up two-factor authentication, a dialog for setting up two-factor authentication will first appear. 

  For SIMPro/DevicePro users, two-factor authentication is only required if it has already been set up for the respective user in SIMPro.

  The use of web.direct (authentication) is logged for the respective web.direct link in the "History" window.

Visibility

Required input: Here either the visibility in the portal or the use (access) of the web.direct links is set. This depends on the authentication set above:

• None (Direct Link) / Global Password / Link Password = Visibility (With which permission this link is displayed in the portal for users.)
• Portal Account (OTP required) / Portal Account = Access (With which permission the link can be used. The link usage (authentication) is logged for the respective web.direct link in the "History" window.)

Displayed Permissions
As a rule, the preselection of permissions can be left as is. However, there is also the possibility to restrict the use of web.direct for certain users based on user groups. Each partner can create user groups and users in the portal. The desired permissions can be assigned to the user groups. The user group is then assigned to the respective user. For the web.direct links, one or more permissions can be selected. A user can then use this web.direct link according to the granted permission (according to the user group).

Example:
User A has the permissions "WebDirectAdmin" and "WebDirectService". User B has only the permission "WebDirectService".

If a link with a link password and the visibility "WebDirectAdmin" is set up, only user A can see the link. However, user A could share the link password together with the link with user B, who could then also access the link.

If, however, an access is to be set up selectively, a link with a portal account and access permission "WebDirectAdmin" can be created. In this case, only user A would see and be able to use the link, as they log in with their portal access data at the link.

The number of users and user groups authorised by the selected permissions is displayed to the right of the selection menu. By clicking on the respective user icon or user group icon, the authorised users or user groups are displayed.
 

Hash (Predefined)

A hash cryptographically obscures data so that it is no longer displayed in plain text.
Here a predefined hash can be set, which is applied to every newly created web.direct link. This is recommended for security reasons, especially if "None (Direct Link)" is set under Authentication.
 

Hash Generation

Here the method for hash generation can be defined so that a hash is automatically generated for every newly created web.direct link from the optional Hash (Predefined) and this method.

• No Hash
  Only the optional Hash (Predefined) is used. 
• Hashes per Link
  The hash is generated based on the web.direct link.
  (Each web.direct link has an individual hash.) 
• Hashes per Access
  The hash is generated based on the access.
  (All web.direct links of one access have the same hash.) 
• Hashes per Access Hash
  This method is obsolete and should no longer be used! 
• Hashes per Template
  The hash is generated based on the web.direct template.
  (All web.direct links created via template have the same hash.) 

• Hashes per VHOST
  The hash is generated based on the mdex realm.
  (All web.direct links of one realm have the same hash).

  Information: The realm is usually "mdex". Only if the user uses a 'Mdex Private Network' (MPN) in projects must the ports/protocols of the desired realm be selected. The respective realm is also displayed in the portal under "Details" for the respective access.

Link validity (minutes)

Optional: Here you can specify how long a web.direct link should be valid after it has been created. This timeout allows temporary links to be created that can only be used for a certain number of minutes. After this time expires, the link is automatically deactivated. To indicate this, a stopwatch symbol is displayed in the graphic.

More web.direct settings

Templates
Link presenation
Browser -> mdex Gateway
mdex Gateway -> Device