Web Server

Introduction

As standard equipment, the controller provides an embedded Web server with a predefined, built-in website. You can use the pages of the website for module setup and control as well as application diagnostics and monitoring. These pages are ready to use with a Web browser. No configuration or programming is required.

The Web server can be accessed by the web browsers listed below:

  • Google Chrome (version 87 or greater)

  • Mozilla Firefox (version 62 or greater)

The Web server can maintain 10 simultaneous open sessions.

NOTE: The Web server can be disabled by unchecking the Web server active parameter in the Ethernet Configuration tab.

The Web server is a tool for reading and writing data, and controlling the state of the controller, with access to all data in your application. However, if there are security concerns over these functions, you must at a minimum assign a secure password to the Web server or disable the Web server to prevent unauthorized access to the application. By enabling the Web server, you enable these functions.

The Web server allows you to monitor a controller and its application remotely, to perform various maintenance activities including modifications to data and configuration parameters, and change the state of the controller. Care must be taken to ensure that the immediate physical environment of the machine and process is in a state that will not present safety risks to people or property before exercising control remotely.

 WARNING
UNINTENDED EQUIPMENT OPERATION
  • Configure and install the RUN/STOP input for the application, if available for your particular controller, so that local control over the starting or stopping of the controller can be maintained regardless of the remote commands sent to the controller.
  • Define a secure password for the Web Server and do not allow unauthorized or otherwise unqualified personnel to use this feature.
  • Ensure that there is a local, competent, and qualified observer present when operating on the controller from a remote location.
  • You must have a complete understanding of the application and the machine/process it is controlling before attempting to adjust data, stopping an application that is operating, or starting the controller remotely.
  • Take the precautions necessary to assure that you are operating on the intended controller by having clear, identifying documentation within the controller application and its remote connection.
Failure to follow these instructions can result in death, serious injury, or equipment damage.

Web Server Access

Access to the Web server is controlled by User Rights when they are enabled in the controller. For more information, refer to Users and Groups Tab Description.

To access the Web server you must first connect to the controller with EcoStruxure Machine Expert or Controller Assistant.

 WARNING
UNAUTHORIZED DATA ACCESS
  • Secure access to the FTP/Web server using User Rights.
  • If you disable User Rights, disable the FTP/Web server to prevent any unwanted or unauthorized access to data in your application.
Failure to follow these instructions can result in death, serious injury, or equipment damage.

In order to change the password, go to Users and Groups tab of the device editor. For more information, refer to the EcoStruxure Machine Expert Programming Guide.

NOTE: The only way to gain access to a controller that has user access-rights enabled and for which you do not have the password(s) is by performing an Update Firmware operation. This clearing of User Rights can only be accomplished by using a SD card or USB key (depending on the support of your particular controller) to update the controller firmware. In addition, you may clear the User Rights in the controller by running a script (for more information, refer to EcoStruxure Machine Expert Programming Guide) . This effectively removes the existing application from the controller memory, but restores the ability to access the controller.

Home Page Access

To access the website home page, type in your navigator the IP address of the controller.

This figure shows the Web server site login page:

This figure shows the home page of the Web server site once you have logged in:

NOTE: Schneider Electric adheres to industry best practices in the development and implementation of control systems. This includes a "Defense-in-Depth" approach to secure an Industrial Control System. This approach places the controllers behind one or more firewalls to restrict access to authorized personnel and protocols only.
 WARNING
UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED MACHINE OPERATION
  • Evaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in-Depth, before connecting the automation system to any network.
  • Limit the number of devices connected to a network to the minimum necessary.
  • Isolate your industrial network from other networks inside your company.
  • Protect any network against unintended access by using firewalls, VPN, or other, proven security measures.
  • Monitor activities within your systems.
  • Prevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions.
  • Prepare a recovery plan including backup of your system and process information.
Failure to follow these instructions can result in death, serious injury, or equipment damage.

Monitoring: Data Parameters

Monitoring Web Server Variables

To monitor Web server variables, you must add a Web Data Configuration object to your project. Within this object, you can select all variables you want to monitor.

This table describes how to add a Web Data Configuration object:

Step

Action

1

Right click the Application node in the Applications tree tab.

2

Click Add Object > Web Data Configuration....

Result: The Add Web Data Configuration window is displayed.

3

Click Add.

Result: The Web Data Configuration object is created and the Web Data Configuration editor is open.

NOTE: As a Web Data Configuration object is unique for a controller, its name cannot be changed.

Web Data Configuration Editor

Click the Refresh button to be able to select variables, this action will display all the variables defined in the application.

Select the variables you want to monitor in the Web server:

NOTE: The variable selection is possible only in offline mode.

Monitoring: Data Parameters Submenu

The Data Parameters submenu allows you to create and monitor some lists of variables. You can create several lists of variables (maximum 10 lists), each one containing several variables of the controller application (maximum 20 variables per list).

Each list has a name, and a refresh period. The lists are saved in the non-volatile memory of the controller, so that a created list can be accessed (loaded, modified, saved) from any Web client application accessing this controller.

The Data Parameters submenu allows you to display and modify variable values:

Element

Description

Add

Adds a list description or a variable

Del

Deletes a list description or a variable

Refresh period

Refreshing period of the variables contained in the list description (in ms)

Refresh

Enables I/O refreshing:

  • Gray button: refreshing disabled

  • Orange button: refreshing enabled

Load

Loads saved lists from the controller non-volatile memory to the Web server page

Save

Saves the selected list description in the controller (/usr/web directory)

NOTE: The IEC objects (%IX, %QX) are not directly accessible. To access IEC objects you must first group their contents in located registers (refer to Relocation Table).
NOTE: Bit memory variables (%MX) cannot be selected.

Monitoring: IO Viewer Submenu

The IO Viewer submenu allows you to display and modify the I/O values:

Element

Description

Refresh

Enables I/O refreshing:

  • Gray button: refreshing disabled

  • Orange button: refreshing enabled

1000 ms

I/O refreshing period in ms

<<

Goes to previous I/O list page

>>

Goes to next I/O list page

Monitoring: Oscilloscope Submenu

The Oscilloscope submenu can display up to 2 variables in the form of a recorder time chart:

Element

Description

Reset

Erases the memorization

Refresh

Starts/stops refreshing

Load

Loads parameter configuration of Item0 and Item1

Save

Saves parameter configuration of Item0 and Item1 in the controller

Item0

Variable to be displayed

Item1

Variable to be displayed

Min

Minimum value of the variable axis

Max

Maximum value of the variable axis

Period(ms)

Page refresh period in milliseconds

Diagnostics: Ethernet Submenu

This figure shows the remote ping service:

Diagnostics: Scanner Status Submenu

The Scanner Status submenu displays status of the Modbus TCP I/O Scanner (IDLE, STOPPED, OPERATIONAL) and the health bit of up to 64 Modbus scanned devices.

For more information, refer to EcoStruxure Machine Expert Modbus TCP User guide.

Diagnostics: EtherNet/IP Status Submenu

The EtherNet/IP Status submenu displays the status of the EtherNet/IP Scanner (IDLE, STOPPED, OPERATIONAL) and the health bit of up to 16 EtherNet/IP target devices.

For more information, refer to EcoStruxure Machine Expert EtherNet/IP User guide.

Maintenance Page

The Maintenance page provides access to the controller data for maintenance capabilities.

Maintenance: Post Conf Submenu

The Post Conf submenu allows you to update the post configuration file saved on the controller:

Step

Action

1

Click Load.

2

Modify the parameters.

3

Click Save.

NOTE: The new parameters will be considered at next Post Configuration file reading.

Log Files

This page provided access to the /usr/Syslog/ folder of the controller non-volatile memory.

Maintenance: EIP Config Files Submenu

The file tree only appears when the Ethernet IP service is configured on the controller.

Index of /usr:

File

Description

My Machine Controller.gz

GZIP file

My Machine Controller.ico

Icon file

My Machine Controller.eds

Electronic Data Sheet file

Maintenance: User Management Submenu

The User Management submenu displays a screen that allows you to access two different actions, all restricted by using secure protocol (HTTPS):

  • User accounts management:

Allows you to manage user accounts management, removing all password and returning all user accounts on the controller to default settings.

Click Disable to deactivate all user rights on the controller. (Passwords are saved and are restored if you click Enable.)

Click OK on the window that appears to confirm. As a result:

  • Users no longer have to set and enter a password to connect to the controller.

  • FTP, HTTP, and OPC UA server connections accept anonymous user connections. See Login and passwords table.

NOTE: The Disable button is only active if the user has administrator privileges.

Click Enable to restore the previous user rights saved on the controller.

Click OK on the window that appears to confirm. As a result, users have to enter the password previously set to connect to the controller. See Login and passwords table.

NOTE: The Enable only appears if the user rights were disabled and the user rights backup file is available on the controller.

Click Reset to default to return all user accounts on the controller to their default setting state.

Click OK on the window that appears to confirm.

NOTE: Connections to FTP, HTTP, and the OPC UA server are blocked until a new password is set.

  • Clone management:

Allows you to control whether user rights are copied and applied to the target controller when cloning a controller with an SD Card.

Click Exclude users rights to exclude copying user rights to the target controller when cloning a controller.

NOTE: By default, the users rights are excluded.

Click Include users rights to copy user rights to the target controller when cloning a controller. A popup prompts you to confirm copying the user rights. Click OK to continue.

NOTE: The Exclude users rights and Include users rights buttons are only active if the current user is connected to the controller using a secure protocol.

  • System use notification:

Allows you to customize a message which will be displayed at login.