The Web server is a tool that allows you to remotely monitor a controller and its application, perform various maintenance activities including modifications to data and configuration parameters, and change the state of the controller.
As standard equipment, the controller provides an embedded Web server with a predefined, built-in website. You can use the website for module setup and control, as well as application diagnostics and monitoring. These pages are ready for use with a Windows Web browser or mobile device. No configuration or programming is required.
The Web server can be accessed by the web browsers listed below:
oGoogle Chrome (version 65.0 or greater)
oMozilla Firefox (version 54 or greater)
oMicrosoft Internet Explorer (version 11 or greater)
The Web server can be accessed by the mobile device web browsers listed below:
oiOS Safari
oAndroid Chrome
You can access the Web server with HTTP (non secured connections) or HTTPS (secure connections). Some actions (User Management) are only possible in secure mode.
The Web server is limited to 10 concurrent users.
The Web server has full access to your application for reading and writing data and controlling the state of the controller. By enabling the Web server, you enable these functions. You can disable the Web server on an interface by deselecting the Web Server active parameter in the Ethernet Configuration tab.
If there are security concerns over these functions, you must, at a minimum, assign a secure password to the Web Server or disable the Web server to prevent unauthorized access to the application. Care must be taken to ensure that the immediate physical environment of the machine and process is in a state that will not present safety risks to people or property before exercising control remotely.
|
|
|
UNINTENDED EQUIPMENT OPERATION |
|
oDefine a secure password for the Web Server and do not allow unauthorized or otherwise unqualified personnel to use this feature. oEnsure that there is a local, competent, and qualified observer present when operating on the controller from a remote location. oYou must have a complete understanding of the application and the machine/process it is controlling before attempting to adjust data, stopping an application that is operating, or starting the controller remotely. oTake the precautions necessary to assure that you are operating on the intended controller by having clear, identifying documentation within the controller application and its remote connection. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
NOTE: The Web server must only be used by authorized and qualified personnel. A qualified person is one who has the skills and knowledge related to the construction and operation of the machine and the process controlled by the application and its installation, and has received safety training to recognize and avoid the hazards involved. No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this feature.
Access to the Web server is controlled by User Rights when they are enabled in the controller. For more information, refer to Users and Groups Tab Description.
If User Rights are not enabled in the controller, you are prompted for a user name and password unique to the Web server. The default user name is Anonymous and no password is required.
NOTE: You cannot modify the default user name and password. To secure the Web server functions, you must do so with Users and Groups.
|
|
|
UNAUTHORIZED DATA ACCESS |
|
oSecure access to the FTP/Web server using User Rights. oIf you do not enable User Rights, disable the FTP/Web server to prevent any unwanted or unauthorized access to data in your application. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
In order to change the password, go to Users and Groups tab of the device editor. For more information, refer to the EcoStruxure Machine Expert Programming Guide.
NOTE: The only way to gain access to a controller that has user access-rights enabled and for which you do not have the password(s) is by performing an Update Firmware operation. This clearing of User Rights can only be accomplished by using a SD card or USB key (depending on the support of your particular controller) to update the controller firmware. In addition, you may clear the User Rights in the controller by running a script (for more information, refer to EcoStruxure Machine Expert Programming Guide). This effectively removes the existing application from the controller memory, but restores the ability to access the controller.
To access the website home page, type the IP address of the controller into the browser.
This figure shows the Web Server site login page:
This figure shows the home page of the Web Server site once you have logged in:
NOTE: Schneider Electric adheres to industry best practices in the development and implementation of control systems. This includes a "Defense-in-Depth" approach to secure an Industrial Control System. This approach places the controllers behind one or more firewalls to restrict access to authorized personnel and protocols only.
|
|
|
UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED MACHINE OPERATION |
|
oEvaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in-Depth, before connecting the automation system to any network. oLimit the number of devices connected to a network to the minimum necessary. oIsolate your industrial network from other networks inside your company. oProtect any network against unintended access by using firewalls, VPN, or other, proven security measures. oMonitor activities within your systems. oPrevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions. oPrepare a recovery plan including backup of your system and process information. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
The Home Page Access menu bar lets you access the main Web server pages.
The Web Server contains the following pages:
|
Menu |
Page |
Description |
|---|---|---|
|
Home |
Home page of the controller Web server page. Provides access to the tabs: oMonitoring oDiagnostics oMaintenance oMachine Assistant |
Home page menu descriptions:
|
Menu |
Submenu |
Description |
|---|---|---|
|
Monitoring |
Lets you display and modify controller variables. |
|
|
Shows the module with module I/O values. |
||
|
Displays 2 variables in the form of a recorder-type time chart. |
||
|
Diagnostics |
Displays controller status. |
|
|
Displays Ethernet diagnostic. |
||
|
Displays expansion module status. |
||
|
Displays expansion module status. |
||
|
Displays serial line status. |
||
|
Displays Ethernet status. |
||
|
Sercos |
Displays Sercos diagnostic. |
|
|
Maintenance |
Lets you access the post configuration file saved on the controller. |
|
|
Lets you change actual user password and customize login message. Possible in secure mode (HTTPS) only. |
||
|
Lets you modify the firewall configuration. |
||
|
Lets you access log files generated by the controller. |
||
|
Lets you access controller messages. |
||
|
Lets you send Run and Stop commands to the controller. |
||
|
Lets you access memory usage, temperature and slave devices information. |
||
|
Lets you customize certificates owned by an M262 controller. |
||
|
Lets you set the date and time. |
||
|
Machine Assistant |
List View |
Displays the configuration in list view. |
|
Graphic view |
Displays the configuration in graphic view. |
|
|
Lets you scan the devices configured. |
||
|
Lets you clear the scan. |
||
|
Lets you upload a .semdt file after scan. |
||
|
Lets you export the scan results in your local SD Card. |
||
|
Log out |
Lets you log out. |
The Web server allows you to remotely monitor a controller and its application, and to perform various maintenance activities including modifications to data and configuration parameters, and change the state of the controller. Ensure that the immediate physical environment of the machine and process is in a state that will not present safety risks to people or property before exercising control remotely.
|
|
|
UNINTENDED EQUIPMENT OPERATION |
|
oConfigure and install the RUN/STOP input for the application, if available for your particular controller, so that local control over the starting or stopping of the controller can be maintained regardless of the remote commands sent to the controller. oDefine a secure password for the Web Server and do not allow unauthorized or otherwise unqualified personnel to use this feature. oEnsure that there is a local, competent, and qualified observer present when operating on the controller from a remote location. oYou must have a complete understanding of the application and the machine/process it is controlling before attempting to adjust data, stopping an application that is operating, or starting the controller remotely. oTake the precautions necessary to assure that you are operating on the intended controller by having clear, identifying documentation within the controller application and its remote connection. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
NOTE: The Web server must only be used by authorized and qualified personnel. A qualified person is one who has the skills and knowledge related to the construction and operation of the machine and the process controlled by the application and its installation, and has received safety training to recognize and avoid the hazards involved. No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this feature.
Monitoring Web Server Variables
To monitor Web server variables, you must select the variables in the Symbol Configuration Editor.
Monitoring: Data Parameters Submenu
The Data Parameters submenu allows you to display and modify variable values:
|
Element |
Description |
|---|---|
|
Add |
Adds a list description or a variable |
|
Del |
Deletes a list description or a variable |
|
Refresh period |
Refreshing period of the variables contained in the list description (in ms) |
|
Refresh |
Enables I/O refreshing: oGray button: refreshing disabled oOrange button: refreshing enabled NOTE: Without enabling Refresh, when a variable's value is changed in the table the modification is directly sent to the controller. |
|
Load |
Loads saved lists from the controller internal Flash to the Web server page |
|
Save |
Saves the selected list description in the controller (/usr/web directory) |
NOTE: The IEC objects (%MX, %IX, %QX) are not directly accessible. To access IEC objects you must first group their contents in located registers (refer to Relocation Table).
You must add the I/Os in the Symbol Configuration Editor to get them visible in the IO Viewer. Refer to Symbol Configuration Editor.
The IO Viewer submenu allows you to display the current I/O values:
|
Element |
Description |
|---|---|
|
Refresh |
Enables I/O refreshing: oGray button: refreshing disabled oOrange button: refreshing enabled |
|
Period (ms) |
I/O refreshing period in ms |
|
<< |
Goes to previous I/O list page |
|
>> |
Goes to next I/O list page |
Monitoring: Oscilloscope Submenu
The Oscilloscope submenu can display up to 2 variables in the form of a recorder time chart:
|
Element |
Description |
|---|---|
|
Reset |
Erases the memorization |
|
Refresh |
Starts/stops refreshing |
|
Load |
Loads parameter configuration of Item0 and Item1 |
|
Save |
Saves parameter configuration of Item0 and Item1 in the controller |
|
Item0 |
Variable to be displayed |
|
Item1 |
Variable to be displayed |
|
Min |
Minimum value of the variable axis |
|
Max |
Maximum value of the variable axis |
|
Period(ms) |
Page refresh period in milliseconds |
Diagnostic: Controller Submenu
The Controller submenu displays information about the current status of the controller:
The Ethernet submenu displays the Ethernet ports status and access to the remote ping service:
Diagnostics: TM3 Expansion Submenu
The TM3 Expansion viewer submenu shows the expansion module status:
Diagnostics: TMS Expansion Submenu
The TMS Expansion viewer submenu shows the expansion module status:
Diagnostics: Scanner Status Submenu
The Scanner Status submenu displays status of the Modbus TCP I/O Scanner (IDLE, STOPPED, OPERATIONAL) and the health bit of up to 64 Modbus slave devices:
For more information, refer to EcoStruxure Machine Expert Modbus TCP User guide.
Diagnostics: EtherNet/IP Status Submenu
The EtherNet/IP Status submenu displays the status of the EtherNet/IP Scanner (IDLE, STOPPED, OPERATIONAL) and the health bit of up to 64 EtherNet/IP target devices:
For more information, refer to EcoStruxure Machine Expert EtherNet/IP User guide.
The Maintenance page provides access to the /usr folders of the controller flash memory and various informations that are useful for device maintenance purposes.
|
Step |
Action |
|---|---|
|
1 |
Click Load. |
|
2 |
|
|
3 |
Click Save. NOTE: The new parameters will be considered at next Post Configuration file reading. |
Maintenance: Post Conf Submenu
The Post Conf submenu allows you to update the post configuration file saved on the controller:
Maintenance: User Management Submenu
The User Management submenu allows you to change the password and customize a message which will be displayed at login:
NOTE: The option to clear all user accounts is only active if the current user has administrative privileges.
The Firewall submenu allows you to modify the default firewall configuration file:
Maintenance: System Log Files Submenu
The System Log Files submenu provides access to log files generated by the controller:
Maintenance: Message Logger Submenu
The Message Logger submenu displays latest controller log messages:
Maintenance: Run/Stop Controller Submenu
The Run/Stop Controller submenu allows you to manually stop and restart the controller:
Maintenance: SelfAwareness Submenu
The SelfAwareness submenu allows you to access memory usage, temperature and slave devices information:
Maintenance: Certificates Submenu
The Certificates submenu allows the customization of certificates owned by an M262 controller, and manual setting of client certificates to trust:
Maintenance: Date / Time Submenu
The Date / Time submenu displays the current date and time and allows setting of the date and time manually:
The Machine Assistant submenu allows you to configure the controller:
For more information on buttons, refer to Industrial Plug and Work.
