Knowledge Base

PcVue Web Services driver

PcVue Web Services have been validated for use in an HTTPS environment. It is only a matter of IIS configuration (see below Setting up IIS for the use of SSL).

At the time of designing and implementing the PcVue Web Services driver for Dream Report this constraint had been taken into account and the use of HTTPS is fully configurable through the driver/data source configuration.

Dream Report Web portal

By default, the web portal is accessible using the following URL:
http://DreamReportHostName/DRWeb
where DreamReportHostName is the name or IP address of the server running the Dream Report run time.

This URL denotes the use of HTTP so a communication channel without special security concerns about the identification/authentication of the server and no data encryption (except if the channel is opened over a VPN or another special mechanism).

The following procedure describes steps to secure the communication channel between the web portal server and the client by setting up:

• An SSL certificate on the server (to allow clients to authenticate the server they connect to).
• Data encryption on the channel.

Setting up IIS for the use of SSL

Step 1

Install the SSL certificate on your IIS server (contact your system administrator for more information). Such a certificate must be issued by a trusted third party, and therefore cannot be supplied directly by Arc Informatique / Ocean Data System.

Step 2

Launch the IIS Administration console.

Deploy the tree view and right click on the node Default Web site.

Open the Default Web Site properties, and go to the Directory Security tab.

Click on the Display button to check the SSL certificate.

Note:

On this example, the SSL certificate has been self issued for a host named Arc5. It is valid from 21/11/2007 to 28/11/2007. This certificate will not be trusted by any usual web browsers such as Internet Explorer, FireFox or Opera because it has not been issued by a trusted third party.

Step 3:

Close the SSL certificate display dialog box and click the Modify button to change SSL settings.

In this example, we have activated:

• The use of SSL for server authentication
• Data encryption on the channel

Depending on your security constraints you may also activate client certificate usage (contact your system administrator for more information).

Notes:

• Depending on the list and settings of existing virtual directories, you may be required to validate the changes for some existing objects (inheritance mechanism of IIS).
• Validate and close the IIS Administration console.
• All settings in this tutorial are based on IIS 6.0, that runs on Windows 2003 Server, however similar settings can be applied for IIS 5.x for Windows XP Professional and IIS 7 for Windows Vista.
• IIS Versions that are newer then IIS 6.0 weren’t validated at the time of release of this document.

Step 4:

Launch Dream Studio and open your project.

Go to the menu Project settings. Web Configuration

Select the remote station.

Change HTTP to HTTPS. If necessary, change Alias name, Station name and URL.

Click on Modify and then the OK button to validate changes.

Save the project and launch the Dream Report Runtime.

Step 5:

At startup, Dream Report Runtime creates or recreates the virtual directory using the Default Web Site configuration.

The Web Portal is now accessible using the https URL and data are encrypted on the HTTPS channel.

Notes:

• In the screenshot, a certificate error is mentioned because the certificate is self issued and not trusted by Internet Explorer. This would not happen with an SSL certificate issued by a trusted third party. In that case Internet Explorer also displays a warning page explaining that the server should not be trusted because of the non-trustfull certificate issuer, and the fact that the certificate has been issued for a server named Arc5, and the URL mention a hostname named localhost. Validating this error forces Internet Explorer to exchange data with such a server anyway, and therefore display the Web Portal pages.
• Be careful of the fact that any virtual directory created using Default Web Site properties will use the same SSL settings. It is usually the case when securing a web server (There is no reason for securing a given virtual directory and not the others).