1

What considerations are needed when creating a web app that is intended to be used in an industrial plant setting for a company? My specific use case is an industrial facility with several different production plants that would each have its own device for the application interface.

  1. How do companies enforce the usage of such apps on a monitor/tablet? For example, could I prevent them from using other stuff on the tablet?
  2. Importantly, how would security work? They'd share a device. There may be multiple operators that use the app in a given shift. Would they all use the same authentication session (this is not preferable, as I'd like to uniquely identify the active user)? Obviously I could use standard username/passwords with token based sessions that expire, however, this leaves a lot of potential for account hijacking. Ideally, they'd be able to log on very quickly (PIN, perhaps?) and their session would end when they are done.
  3. As long as there is internet connection, I would presume that there isn't much pro/con regarding the use of native applications versus web based or progressive web apps. Is this assumption correct?
  4. What's the best way of identifying which device the application is being run on?
  5. Is this a common thing to do in general? What other technologies are used to create software that obtains input from industrial operators?

--

Update - this is a good higher level consideration of the question at hand, however, it has become apparent why focused, specific questions are helpful. As such, I will follow up with questions that are specific.

Identifying the Area/Device a Web Application is Accessed On

Enforcing Specific Application Use on Tablets

Best Practices for Web App Authentication in Industrial Settings

karns
  • 5,391
  • 8
  • 35
  • 57

2 Answers2

2

I'm not able to answer everything in great detail but here are a few pointers. In the environment as you describe we usually see these two options. 1) you tell them what you need, internet, security, if they give you device and how it will be configured 2) they tell you exactly what you need to deliver.

  1. I do not think you can 100% prevent them. We did it by providing the tablet( well laptops in our case) and the OS configuration took care of that, downside we had few devices to support. You seem to hint that there is always an internet connection so I guess you can collect all info about the system and send it back to you daily?

  2. We were allowed to "tap" into their attendance SW and when you entered the facility you were able to use your 4 digit pin to log in if you were out of premisses you could not log in at all. I can imagine the following: you log in with your username and password - this does full verification, after that, you can use 4 digit pin to login for next n hours.

  3. maybe, kinda, depends on what you are doing. Does the browser have all features you need? Our system needs multicast to perform really fast, so we have a native app

  4. touched on this in 1. You could also use device enrolment process. You can also contractually force them that there will be only your software and it may invalidate support contract. It really depends on your creativity. My favourite( and it works - just tell them, there will only be installed my software and if not you will pay me double for support. I only saw one customer who installed some crap on the device when there were told not to

  5. it really depends on what industry you are talking about, every industry is different. We almost always build a custom solution

Sedy Vlk
  • 565
  • 4
  • 12
  • Thanks for your input. I suppose it would be better to break this down into more focused questions. Do you think it belongs in stack overflow or a different forum? – karns Jul 13 '20 at 12:17
  • I do not have a problem with this being on SO and yes it is more about design, process but that should not be a big deal. I guess you would need to provide more context and detail about the industry you are talking about - not sure you can. My experience is mainly that systems for automated processing plants and utilities companies are very old school without much will to embrace modern approaches. We also most of the time need NDAs to even talk to them what they need. – Sedy Vlk Jul 13 '20 at 12:44
  • I'm going to post specific, focused questions pertaining to each bullet to allow for more focused/specific answers. Much appreciation for the input. Stay tuned. – karns Jul 14 '20 at 13:33
1

  1. The enforcement of the device/app usage depends on the customer, if the customer asked for help in the enforcement, then you can provide guide, training and workshops. If the customer serious about the enforcement then it will be a policy that's adapted by all the organization from top to down. Usually seniors will resist a workflow change more than juniors, so top management/executive should deal with that. Real life story: SAP team took 6 months to transform major newspaper workflow, during that few seniors got fired because they refuse to adapt the change.

  2. Security shouldn't handicap the users, usually in industrial environment the network is isolated or at least restricted through VPN to connect multiple sites (plants in your case), regarding the active user: we usually provide guide/training/workshop for the users and inform them that using colleague account or device will prevent the system from tracking your accomplishment/tasks, so each user is responsible to make sure the active account/device is the one assigned to him/her.

  3. It depends, with native you have more controls than web, but if the app is just doing monitoring then most of today apps use web for monitoring and the common way to receive input is REST APIs (even if the industrial devices doesn't support REST API, a middleware could be written to transform the output). If you need more depth about native vs web you need to ask new question with more details about the requirements.

  4. Depends on the tech you are using (native or web), and things I mentioned in point 2: you can use whitelist of devices that's allowed to run the app. overall there are many best ways to track down the device.

  5. How common in general? I think such information can only be achieved by survey, the world full of variations. And having something common not mean its safe or best, our industry keep changing at all levels. So to stay in the loop, we must keep learning and self-updating without reboot.

Jawad Al Shaikh
  • 2,475
  • 2
  • 28
  • 41
  • Thanks so much, you are generous with your time and knowledge. I believe it was my poor question format (generic) that led to more generic answers, hence, I do not want to mislead people by accepting an answer. I'm going to split out the bullets to more specific, focused questions. Please stay tuned! – karns Jul 14 '20 at 13:32