Services

Mouse click on the enable button to enable/disable the service. Click the service name to list the associate parameters.

Autorun scripts from external storage

Enable/Disable the possibility to run the "autoexec.sh" script file when a USB key is plugged into the device. Disable this service if you want to prevent unauthorized access through the USB interface.

Avahi Daemon

Avahi is a system which enables programs to publish and discover services and hosts running on a local network. When it is enabled, the HMI device can be reached even using the device's host name (in alternative to the IP Address).

Avahi Daemon runs on UDP port 5353

On Linux and Apple PCs, the Avahi service comes for free with the OS. On Windows PCs instead, you need to install an Avahi service to be able to reach the panel by his Avahi host name (e.g. you need to install the Apple Bonjour application - Bonjour is a trademark of Apple inc.).

Bridge/Switch Service

Using the bridge service is possible connect together the WAN (eth0) network adapter with the other network interfaces. When used, the two Ethernet interfaces are bridged and both Ethernet interfaces are sharing the same IP address.

Bridge Service creates a Linux-based layer-2 Network Bridge between two or more network interfaces. If both WAN and endpoint devices are attached to such bridge, the two networks will be physically joined and endpoints will be available as if they were directly connected to the WAN (Note: Cloud scenario still requires Router Service to be active)

Cloud / VPN Service

Allow to manage remote HMI devices connected to a centralized server through gateways.

See "Cloud / VPN Service" for additional details.

Device Discovery

If disabled, the HMI device will not be listed in the JMobile discovery feature (see "Download to HMI device").

Parameter Description
Enable Enable the Device Discovery service (default)
Autostart Keep the Device Discovery service enabled when HMI device starts
DHCP Server

Provide the DHCP Server on the selected interfaces.

Parameter Description
Enabled Enable the DHCP Server on the selected interface

Start IP
Stop IP

 IP addresses distributed from the DHCP Server
Gateway The gateway address
Netmask The provided netmask
DNS Server The DNS server address
Lease Time (seconds)

Lease time, default is 86400s (1 day)

Acceptable values are from 60s to 864000s (10 days)
Enable device restore via TAP TAP option

When enabled, it gives the possibility to reset the operator panel in case the administrator password is forgotten. (See.: "Forgot password")

This option is enabled by default. You can disable it to increase the security of the device (this could eliminate the possibility of recovering a forgotten password).

Enable device restore via USB

When enabled, it gives the possibility to reset the operator panel in case the administrator password is forgotten. (See.: "Forgot password")

This option is enabled by default. You can disable it to increase the security of the device (this could eliminate the possibility of recovering a forgotten password).

Enable TAP TAP menu via touchscreen or mouse

Configure whether the taptap menu can be accessed using a mouse or touchscreen.

Keyboard access (via the CANC key on a USB keyboard) will remain unaffected by this setting.

Fast Boot

When fast boot is enabled, at the power up the HMI device will start the HMI application as fast as possible. In this mode, there are not showed diagnostic information (e.g. the loading bar) but only the minimum necessary features are loaded before loading the User Interface (e.g. System Settings, VNC, SSH, etc. will be load after loading the HMI application).

To obtain best performance, in addition of enabling the fast boot mode, it is recommended to:

Firewall Service

When the firewall is enabled, only connections matching the defined rules are allowed. Note that some rules must be enabled for the HMI can to work properly.

Notes:

Source IP or Network

If this field is unspecified, access will be allowed from any source host. Otherwise, access can be restricted to a single IP address (e.g. 192.168.100.123) or a range of IP addresses in CIDR format (e.g. 192.168.100.0/24). For details on valid subnet specifications following such format, please refer to: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

If you enable the Firewall and you need to use the FTP passive mode with JMobile HMI Runtime older than version 2.10.0.280 then you need to open the ports 1024-2048/tcp and 16384-17407/tcp. From version 2.10.0.280 instead, JMobile HMI Runtime uses the ports 18756-18760/tcp that are proposed into Firewall settings by default.

If you are updating from an old BSP version and you don't see the default rules, you have to reset the system settings (see "Update System Components").

Whitelist & Blacklist

By configuring a DNS whitelist, you can restrict network traffic to a specific set of DNS servers. Conversely, the blacklist feature allows you to prevent devices from resolving names using certain DNS servers.

Network Rate Limiter

Rate limiting is a method employed to control the amount of network traffic. By setting limits on the number of requests that can be made within a specific time frame, it prevents users from overwhelming system resources. This technique acts as a safeguard against malicious attacks like Denial of Service (DoS) where attackers flood a system with excessive requests, rendering it inaccessible to legitimate users.

Using this service, you can create rules to limit the maximum number of packets transmitted on network interfaces.

Parameter Description
Active Enable the rule
Name A label that identifies the rule
Source Interface The network interface where the rule is applied
Data Type Choose the network packet type to be subjected to filtering (ETHER, IP, SYN, UNI)
Rate Data rate over a defined time period
Measure

Select the measurement unit

  • Packets per second (Pcks/sec)
  • Packets per minute (Pcks/min)
  • Megabytes per second (MBps)
Port or range You can assign the filter to a single port (like port "20") or a range of ports (such as "20-40") for TCP or UDP protocols
Protocol

Protocol Type

  • IPV4 or ARP using Data Type = ETHER
  • IPV4, TCP, UDP or ICMP using Data Type = IP
NFC Keyboard emulation

When enabled, reading a code via the NFC interface is handled by the BSP, simulating the acquisition of the UID code as if it were coming from a keyboard.

Reserved CPU cores for applications

By default, all CPU cores are used by the BSP. From this section, you can select the CPU cores that should not be used by the BSP to leave them reserved for user applications.

Router / NAT / Port Forwarding

Port forwarding redirects incoming TCP packets requests from WLAN interface from one address and port number combination to another combination of address and port number.

Port Forwarding Rules

1:1 NAT Rules

1:1 NAT, create alias IP on WLAN and forward all packets (or given port range) with that destination IP to another device attached to a LAN

Warning: make sure the value entered for “Source IP” is not the same as real IP address assigned to the physical Ethernet port specified as “Source Interface”.

DNS Relay Proxy

The DNS Relay Proxy will forward DNS requests and response packets between DNS Client and DNS Server.

When enabled, the HMI device will forward DNS requests received from other devices (DNS clients) to the DNS server (configured within the network section) and return the replay to the DNS client that made the request.

Show loading bar during boot

Enable/Disable the display of the loading bar during the boot phase.

SNMP Server

SNMP is a network protocol that allow to manage network infrastructures. It is commonly used to monitor network devices as switches, routers, etc. connected to a LAN network.

When the SNMP service is enabled, an SNMP Manager can retrieve information from the HMI device using the SNMP protocol. Currently, there are not proprietary MIBs available. Only the standard public community MIBs are available in read only mode.

Example:
 

System Name:
System Description:
System UpTime:
Total RAM used:
Total RAM Free:
Idle CPU time (%):

 .1.3.6.1.2.1.1.5.0
.1.3.6.1.2.1.1.1.0
.1.3.6.1.2.1.1.3.0
.1.3.6.1.4.1.2021.4.6.0
.1.3.6.1.4.1.2021.4.11.0
.1.3.6.1.4.1.2021.11.11.0

SNMP Server runs on UDP port 161

For security reasons, do not enable the service if you do not need it.

SSH Server

SSH service provides remote login to HMI device using the secure shell protocol. On PC you can run a SSH Client as, for example, PuTTY that is an open source software distributed under the MIT license.

Parameter Description
Enable Enable the VNC server
Autostart Keep the VNC server enabled when HMI device starts
Inactivity Timeout (seconds) Duration of inactivity before session timeout

This service is designed to be used during the development phase. For security reasons, remember to disable the service before switch to production.

VNC Service

VNC is a service that allows remote access to the display of the HMI device. VNC clients can be used to get the remote control of the HMI device.

X11 HMI Devices (BSP with odd major version)

Parameter Description
Enable Enable the VNC server
Autostart Keep the VNC server enabled when HMI device starts
Port

VNC Server listens for connections on TCP port 5900 (default)
Inactivity timeout (seconds)

“Inactivity timeout” occurs if no user interaction is detected (via keyboard, mouse, transfers or other RFB protocol interactions). The special value 0 indicates that idle timeout is disabled. Default value is 600 (10 minutes).
Multiple clients

Allow multiple sessions on the same port (if disabled, previously logged clients are disconnected upon a new incoming connection)
View only

Do not allow active user interactions (clients can only watch)
Encryption

Activate SSL encryption of connections

Custom certificate (Security/VNC KeyPair)

The HMI device certificate that is necessary to permit the remote VNC client to verify the authenticity of the HMI device. The certificate must contain both the private and the public keys and can be .pem format.

The encryption features are not widely supported, check your VNC client compatibility

Authentication
  • Whether users are authenticated upon session creation. A custom VNC specific password can be set or system passwords can be used (this option is only available if also Encryption is enabled)
    		•

    Example of how to generate a certificate using OpenSSL library:

    @echo off set OpenSSL="C:\Program Files\OpenSSL-Win64\bin\openssl.exe" set CertificateName=HMI-Certificate set DeviceIP=192.168.1.56 rem Create the certificate keys %OpenSSL% req -x509 -newkey rsa -days 365 -nodes -keyout private.pem -out public.pem -subj "/ST=NY/C=US/L=New York/O=CompanyName/OU=Department/CN=%CertificateName%" -addext "subjectAltName=IP:%DeviceIP%" rem Create .pem file copy private.pem + public.pem hmi-certificate.pem echo. echo. pause

    Wayland HMI Devices (BSP with even major version)

    Parameter Description
    Enable Enable the VNC server
    Port

    VNC Server listens for connections on TCP port 5900 (default)
    Authentication

    When authentication is required, a password must be set to access the service

    This service is designed to be used during the development phase. For security reasons, remember to disable the service before switch to production.

    Web Server

    This page will show the parameters available to configure the Web Server. Note that it is not possible to disable the Web Server because it is necessary to allow access to the System Settings of the device.