Application developers can allow certain operators the ability to write to specific SCADA nodes only. This prevents the possibility of access from unknown or unauthorized nodes. This is an important feature to ensure that operators are positioned physically close to the equipment they are manipulating.
By default, iFIX nodes accept connections from any remote node over TCP/IP. You can restrict access from unknown or unauthorized nodes using the accept_unknown_host parameter in the NETWORK.INI file. The configuration shown in the following figure illustrates one method to restrict access to a SCADA server.
In this example, the accept_unknown_host parameter restricts access to the main SCADA server, SCADA01. Access is restricted to iClients iClient01 and iClient10, and to a second SCADA server, SCADA02. SCADA02 duplicates the information on SCADA01 so that the Terminal Server, TServer, can provide the data to remote nodes. However, direct access from the Internet to SCADA01 is not provided. This feature keeps SCADA01 secure from unauthorized nodes.
Restricting Access from Unauthorized Nodes
For more information about restricting access from remote nodes, refer to the section Disabling Connections from Unauthorized Nodes in the Setting up the Environment manual.
