Andon Visualization Always-on by Auto-Login Proxy¶

Introduction¶

Dashboard Designer based on Grafana visualization enables customers to monitor the key information, status, KPIs of their machines, production process, manufacturing shifts, shopfloor environments via dashboards using Insights Hub gateway authentication for login.

However, this gateway authentication mechanisms including 30-minute session expiration and mandatory re-login every 12 hours create significant friction for shopfloor personnel who need dashboards to remain operational 24/7 without manual intervention.

The Andon Board is provided for the system's need for continuous display on shopfloor computers, addressing session expiration issues with a proxy solution. This solution involves deploying a dedicated package as Docker Image on customer-hosted computer and a proxy-based solution to ensure continuous, uninterrupted display of Andon visualization on shopfloor computers. The approach addresses the challenge of session and cookie expiration from Insights Hub, which previously required manual re-authentication. By centralizing session management through a proxy, the system maintains active sessions and streamlines credential handling.

The Auto Login Refresher is a key component of the Auto Refresh Session Proxy architecture for the Andon board visualization. Its primary role is to ensure that authentication sessions and cookies used by all dashboard display browsers remain valid and do not expire, thereby providing uninterrupted access to Insights Hub.

Prerequisites¶

Before implementing the proxy package deployment, ensure the following prerequisites are met:

• Host Machine:
  • The host must be running Windows 11.
  • Use Microsoft Edge or Chrome(version higher than V110)
  • Hardware specification:
    • CPU: 4 cores
    • RAM: 8GB
  • Docker Desktop or Rancher Desktop must be installed and running on the host machine.
• Network Requirements:
  • The host machine must be able to access the Internet and have the egress IPv4 address on public internet.
  • Egress IPv4 Whitelisting:
    • Egress IPv4 address must be whitelisted for the proxy to authenticate with the Insights Hub gateway.
    • To request whitelisting, raise an Insights Hub support ticket via https://support.sw.siemens.com/en-US/support-case/open?product=268530510 or by clicking the "Support Center" link under "Information" on the Insights Hub OSBar.
    • In the ticket, include keywords like "Andon" and "whitelist" in the subject.
    • Add the specific IPv4 address(es) that need to be whitelisted into the description (you can include multiple IP addresses if you plan to install the proxy on several local host machines).
    • Whitelisting approval and enablement typically takes 2-4 working days.
  • The host needs to allow access on Port 3128.
  • The shopfloor browser must be able to access this host machine on Port 8080.
• Identity Provider (IDP) Support:
  • The current release only supports Siemens IDP.
  • If your current login does not use Siemens IDP (required support for a Custom IDP), raise a support ticket request to the Support Team for activation of both Siemens IDP and Custom IDP.
• The Andon Visualization is available for download on the Siemens Industry Online Support (SIOS) Portal.
  • The Andon modules are bundled into an installer ZIP file.
  • Unzip the downloaded file.
  • Click "start-deployment.bat" and start the deployment of the containers.
  • Check and confirm the status of all the containers working properly in your Docker Desktop or Rancher Desktop app.

Configuration procedure¶

This involves the initial configuration required to make the proxy operational after proxy installation and deployment. Before configuring the application, raise Insights Hub customer support ticket to whitelist the IPv4 address of this proxy server.For more information, refer to Prerequisites

To configure the application, follow these steps:

1. Access the configuration page by opening a web browser and navigating to Local host.

2. Enter the Basic Settings:

   Parameter	Description
   Login URL (Mandatory)	The URL of the tenant's Dashboard Designer. For example, https://presiot-dashboarddesigner.eu1.mindsphere.io
   User Email (Mandatory)	- The username (email) for the Insights Hub account used to log in. - Note: Using an account with the viewer role (mdsp:core:dashboarddesigner.viewer) of Dashboard Designer application for login, allows the user to only read dashboard.
   User Password (Mandatory)	The password corresponding to the User Email for authentication with the Login URL. This field is typically masked for security.
   Auto Login Interval (seconds)	- Defines the frequency in seconds, at which the proxy's background process will attempt to re-authenticate or refresh the remote session. This helps prevent sessions from expiring due to inactivity. - Typical Range 3600 seconds (1 hour) to 43200 seconds (12 hours) - Default Value: 36000 seconds (10 hours) - Format: Integer
   Enable 2FA autofill during login(Optional)	Check this box for the proxy to automatically handle Two-Factor Authentication (2FA) prompts during the login process, provided a 2FA key is registered.
   Advanced Settings	This is a collapsible section containing settings for ignoring specific login step detections. These settings are intended for special cases and should only be modified under direct instruction from a support engineer.
   Proxy Server Address	The IP address or hostname of the proxy server that will be used to route the Insights Hub URLs.
   Input URL	A text field where a user can paste an Insights Hub URL. The system will then process this URL to generate a proxy-compatible version.
   Converted URL	This field is visible once an Insights Hub URL is pasted in Input URL. For more information, refer to Generating Converted URLs.

3. To apply the configuration, click "Save".

4. Verify the setup by checking the Session Status Indicator and the Current Config (Masked) panel.

   

Diagnosis¶

This section provides instructions for checking the Session Status Indicator and Verifying the Configuration (health of the proxy).

Session Status Indicator¶

The following table describes the indicator at the top of the configuration UI provides the real-time session status:

Verifying the Configuration¶

The Current Config (Masked) panel on the right side of the UI displays the configuration currently in use by the proxy. For security purposes, sensitive fields such as passwords will be masked. Use this panel to confirm that your saved changes have been successfully applied.

Maintenance¶

This section describes ongoing maintenance of Updating Configuration tasks and Generating Converted URLs for the proxy.

Updating Configuration¶

To update the Configuration of credentials (password) or the login URL change, follow these steps:

1. Access the configuration UI by navigating to Local host.
2. Update the fields in the "Basic Settings" section. For more information, refer to Configuration procedure.
3. To apply the configuration, click "Save".
4. Monitor the session status indicator to ensure that proxy successfully logs in with the new credentials (it should turn from Yellow to Green).

Generating Converted URLs¶

To add a new dashboard in Andon display, its URL must be converted. Use the URL Converter utility located on the right side of the configuration page. This tool uses the Proxy Server Address (if configured in Basic Settings) to help convert standard Insights Hub URLs into proxy-compatible URLs that can be used in the shop floor browsers. To open multiple dashboards, you need to copy and convert multiple urls.