Adding Advanced Reporting and Dashboards into Web Applications

NOTE: The following instructions are for adding Advanced Reporting and Dashboards Module into the PO Web Applications. To add Advanced Reporting and Dashboards Module into the Power Operation Runtime, see Add Advanced Reporting and Dashboards into Power Operation Runtime.

To add Advanced Reporting and Dashboards Module into Web Applications:

  1. Synchronizing the PO and Advanced Reporting and Dashboards Module users
  2. Adding PO to Advanced Reporting and Dashboards Module allowlist
  3. Specifying the PO Web Applications server location
  4. Adding a tab to PO Web Applications

The detailed steps are provided in the following topics.

TIP: For information on troubleshooting web errors in the Advanced Reporting and Dashboards Module, see Web Applications in the Troubleshooting section.

 

Synchronizing the PO and Advanced Reporting and Dashboards Module users

To use Single Sign-On (SSO) with the Advanced Reporting and Dashboards Module, you must also create the users in the Advanced Reporting and Dashboards Module. For standard users that will use SSO, the login name and password must match in PO and in the Advanced Reporting and Dashboards Module. For Active Directory users, the user or group must be added to the Advanced Reporting and Dashboards Module.

Synchronize the PO and Advanced Reporting and Dashboards Module users:

  1. On the Advanced Reporting Server, log into Web Applications with sufficient privileges.
  2. Open Settings > Users > User Manager.
  3. Add the users or groups.
  4. For standard users, make sure the password matches the one used in PO.

    NOTE: If the Advanced Reporting Server is set up with user groups, add the newly added users or groups to a user group.

    NOTE: If running a multilingual system, make sure the user's language is the same in both PO and Advanced Reports.

For more information on the User Manager, see the Power Monitoring Expert System Guide.

 

Adding PO to Advanced Reporting and Dashboards Module allowlist

NOTE: This step is required only if the Power Operation Server and the Advanced Reporting Server are hosted on different machines.

Add the PO hostname to the allowlist in Advanced Reporting and Dashboards Module so that Advanced Reporting and Dashboards Module can be added to PO Web Applications.

Add PO to the Advanced Reporting and Dashboards Module allowlist:

  1. On the Advanced Reporting Server, log into Web Applications with sufficient privileges.
  2. Open Settings > Integrations > Authorized Hosts.
  3. In Hosts That Can Frame, add the hostname(s) of the Power Operation Server. For example, https://pso.se.com or http://pso.se.com:8080.
  4. Select Save. The changes will take effect within a minute.

Setting up trusted certificates between PO and Advanced Reporting

When hosting an Advanced Reporting (AR) page in Power Operation WebHMI and navigating to that page, a browser warning will be triggered and will report that the web page has an untrusted certificate. This occurs whenever a browser is requesting a page that either:

  • Has a certificate that is signed by an untrusted root Certificate Authority (CA). (The root CA is not present in the machine’s certificate store.)
  • Has an invalid certificate. (The root CA has an incorrect signature, i.e. the certificate is forged.)

This can be resolved by creating a new server certificate that is signed by a public certificate authority (one that any browser will recognize), or by using a self-signed certificate. This requires any client machine accessing the website to have the certificate installed in its Trusted Root store.

To create an AR server certificate signed by the PO root CA:

  1. On the PO machine, open the Application Configuration Utility > Security > Certificate Management.
  2. On the Redundancy Management tab, enter the server name in the Certificate Machine Name field, e.g. AR_SERVER.
  3. Select Export > browse to the location where you want to store the certificates > select OK.
  4. Verify that the Grpc Issuing Authority and Grpc Certificates are exported in your designated location.

Installing and binding security certificates

The certificate authority may provide root certificates and intermediate certificates in addition to the actual server certificate. To install the certificates on the Advanced Reporting (AR) server, follow the instructions provided by the certificate authority, or follow the steps below.

To install a root certificate:

  1. On the AR server, open the Microsoft Management Console (MMC) by running mmc.exe.
  2. Under File > Add/Remove Snap-in, add the Certificates Snap-in.
  3. In the Certificates snap-in dialog:
    1. Select Computer Account > Next.
    2. Select Local computer > Finish.
  4. Select OK to close the Add or Remove Snap-ins dialog window.
  5. In the left pane of the Console 1 window, expand the Certificates folder.
  6. Right-click the Trusted Root Certification Authorities folder and select All Tasks > Import.
  7. In the Certificate Import Wizard, select Next and enter
    1. File name – Select your root certificate. Select Next.
    2. Certificate store – Select Trusted Root Certification Authorities.
    3. Select Next > Finish.
  8. (Optional) Repeat step 5 to install additional root certificates.
  9. Close the MMC.

To install the server certificate:

  1. On the AR server, open the Internet Information Services (IIS) Manager.
  2. In the Connections pane, select the server.
  3. In the Home pane:
    1. Select Features View at the bottom of the window.
    2. In the IIS section, open Server Certificates.
  4. In the Actions pane, select Complete Certificate Request.
  5. In the Complete Certificate Request dialog, enter
    1. File name – Select your server certificate.
    2. Friendly name – Enter the name under which the certificate will be displayed in Windows menus and UIs, e.g. AR_SERVER.
    3. Certificate store – Select Personal.
    4. Select OK to close the Certificate wizard.
  6. Close IIS Manager.

To create an HTTPS binding:

  1. On the AR server, open the Internet Information Services (IIS) Manager.
  2. In the Connections pane, expand server name > Sites > Default Web Site.
  3. Right-click Default Web Site and select Edit Bindings from the context menu.
  4. In the Site Bindings dialog, select Add to add a new binding.
  5. In the Add Site Binding dialog:
    1. Set Type to https.
    2. Set IP address to All Unassigned.
    3. Set Port to 443.
    4. Set Host name to the name shown in the "Issued To" property of the security certificate.

      5. TIP: To find the “Issued To” name of the certificate, select View after selecting the certificate in the drop-down (step f).

    5. Leave the Require Server Name Indication box unchecked.
    6. Set SSL certificate to the security certificate you want to use with AR.
    7. Select OK to close the Add Site Binding dialog.
  6. In the Site Bindings dialog, remove any existing http binding. Close the dialog.
  7. Select Default Web Site in the Connections pane.
  8. In the Home pane:
    1. Select Features View at the bottom of the window.
    2. In the IIS section, open SSL Settings.
  9. In the SSL Settings window:
    1. Select the Require SSL checkbox.
    2. Set Client certificates to Ignore.
    3. In the Actions pane, select Apply.
  10. Close IIS Manager.

Specifying the PO Web Applications server location

Add a configuration setting in PO Web Applications to specify the location of the Advanced Reporting server.

Specify the PO Web Applications server location:

  1. Locate the configuration file HmiConfiguration.json under Program Files. For example, C:\Program Files (x86)\Schneider Electric\Power Operation\v2024\Applications\Web\SystemDataService\App_Data\Configuration\HmiConfiguration.json.
  2. Add the following item (after confirming it isn't already there) to the HmiConfiguration.json file.

    3. {
    "ItemType": "Integration",
    "ItemIdentifier": "PME",
    "ItemKey": "HttpRoot",
    "OwnerIdentityId": "GlobalSetting",
    "Value": "ADVANCED-REPORTS-URL"
    }

    Where ADVANCED-REPORTS-URL is the protocol, host name, and port (if non-standard) of the Advanced Reporting Server as a user of PO would see in their browser. For example: https://pme.se.com

    NOTE: The Value should not include a trailing slash or anything after the server name. For example: https://pme.se.com/web will result in a Permission Denied error.

  3. Save and close HmiConfiguration.json.

 

Adding a tab to PO Web Applications

You can add any custom tab to PO Web Applications. You can add tabs that show the entire Advanced Reporting and Dashboards Module. You can also add tabs that show a specific WebReach diagram or a specific report.

Prerequisites

Add a tab to the PO Web Applications:

  1. Locate the configuration file ApplicationMenuConfig.json under Program Files. For example, C:\Program Files (x86)\Schneider Electric\Power Operation\v2024\Applications\Web\SystemDataService\App_Data\Configuration\ApplicationMenuConfig.json.
  2. Identify the relative URL for the application to show in the tab and convert it to an encoded URL.

    3. The following table lists example encoded URLs:

    Advanced Reporting and Dashboards ModuleExample Encoded URL
    Dashboards/psodataservice/pme/auth?returnUrl=%2fdashboards
    Reports/psodataservice/pme/auth?returnUrl=%2freporter
    Diagram/psodataservice/pme/auth?returnUrl=%2fION%2fdefault.aspx%3Fdgm%3DOPEN_TEMPLATE_DIAGRAM%26node%3DTest.PM8k
    Specific report/psodataservice/pme/auth?returnUrl=%2Freporter%2FDefault.aspx%23lib%2Faaabf223-d776-4919-b110-2f07abc14768

    For more information on encoded URLs, see https://www.urlencoder.org.

  3. Add the following entry to the ApplicationMenuConfig.json file, replacing the example values highlighted in yellow with the relevant values.

    Advanced Reporting and Dashboards Module

    {
    "Id": "PmeDashboards",
    "Description": "PME Dashboards",
    "DisplayName": "Dashboards",
    "ResourceSet": null,
    "Enabled": true,
    "Target": "/psodataservice/pme/auth?returnUrl=%2fdashboards",
    "IsFactoryApplication": false,
    "RequiredPrivilege": null
    }

    The following table describes the fields in the JSON file:

    FieldDescription
    Id

    A relevant and unique id for the tab.

    NOTE: The Id cannot contain spaces.

    Description A description of the tab.
    DisplayName

    The text that will display in the user interface for the new tab.

    Target The encoded URL.
  4. Save and close ApplicationMenuConfig.json.