How to setup a webserver in DMZ

Find and share HowTos to various installations / configurations!

Post Reply
2 posts • Page 1 of 1
Posts: 33
Joined: Mon Dec 04, 2017 2:28 pm

How to setup a webserver in DMZ

Post by Kirvesmies »

Can anybody share the steps needed to setup a web-server separate from the main WinCC OA servers in a DMZ? The main servers are redundant v3.18.

Are you supposed to create a new project on the web-server machine?
Using which template; standard, legacy, remote driver, remote UI .. and then delete all managers except one ctrl manager?
Should/could the multiplexing proxy be on this machine, how?
Does the web-server ctrl manager need any other option settings than "webclient_http.ctl"?
What settings are needed in the config files?
Or should you only setup some kind of reverse-proxy?

I'll trade you for a simple but effective acknowledge all active alarms script:

Code: Select all

  dyn_dyn_anytype alerts;
  string Tag;
  dpQuery("SELECT ALERT '_alert_hdl.._act_state', '_alert_hdl.._prior'
 	FROM '*' 
	WHERE '_alert_hdl.._act_state' = 1 OR '_alert_hdl.._act_state' = 3 OR '_alert_hdl.._act_state' = 4", alerts);
  for(int z=2;z<=dynlen(alerts);z++)
       Tag = alerts[z][1] +":_alert_hdl.._ack";
       dpSet(Tag, 2);
Sharing is fun as a wise man once here said!

User avatar
Posts: 2622
Joined: Tue Aug 24, 2010 7:28 pm

Re: How to setup a webserver in DMZ

Post by leoknipp »

Possibly the WinCC OA Security Guideline (Download section) can give you information how to configure a web server in a DMZ.
Did you have a look at this document?

I have some remarks to your script example:
-- Instead of dpSet() you should use dpSetWait() and getLastError() to check if acknlowedging the alert was possible
-- Doing a dpSet()/dpSetWait() with the attribute _alert_hdl.._ack acknowledges all pending alerts for a DP element.
If you want to acknowledge a specific alert you have to use alertSet()/alertSetWait()

Best Regards
Leopold Knipp
Senior Support Specialist

Post Reply
2 posts • Page 1 of 1