Views Tile (version 22)
The 'Views' service acts as the single endpoint for consuming data out of the historian. Whether clients are connecting via Axiom, the Excel Add-in, the ODBC Connector, or a 3rd party using the Read API, Views acts as the gateway to your data. Given this role, the Views tile allows the user to create Virtual Views on top of the raw data and set up permissions as to who has access to the data. For more information on the Views service see Views Service Overview.
Views Screen
The top level Views screen will display a tile for the 'Local Historian' and any number of 'Virtual Views' that have been created on top of the Local Historian. Double-clicking or selecting the right arrow on the tile will allow the user to drill down into the view. The structure presented here is the same structure that will appear to clients who are browsing for tags.
VIEWS
The 'VIEWS' panel in the upper left displays current status information since the Views service was last started.
- Current Connections - number of connections currently being held by clients
- Total Connections - total number of connections made and released by clients
- Request Count - total requests for information from client connections
- Requests/Sec - number of requests to the Views service each second. A request for data is usually for a group of tags over a specified time period.
- TVQ Count - total number of TVQs (Timestamp, Value, Quality) returned to clients
- TVQ/Sec - number of TVQs being returned to clients each second
VIEWS OPTIONS
Selecting the white down arrow allows the user to 'CREATE NEW VIEW'. (See Creating a Virtual View or Asset Model)
VIEW
The 'VIEW' panel in the bottom left displays properties and settings for the selected view. Different properties will appear depending if the selected view is the Local Historian view...
- Last Update - date/time of when the view was last built and cached to memory. (A view is triggered to rebuild when tags are added or removed from a DataSet(s) that is used to create the view.)
- Server Address - name of the historian server
- Started At - date/time when the view was started
- Up Time - total amount of time the views service has been running since last start
- Total Run Time - total amount of time the views service has been running since installed
- Historian Version
- License - the number of tags the historian is licensed for
- DataSet Count - total number of DataSets in the historian including {Diagnostics}
- Unique Tags Accessed (1/7/30 Days) - the number of unique tags accessed in the view over the last 1/7/30 days
- Historical Requests (1/7/30 Days) - the number of historical requests over the last 1/7/30 days for the selected view
- Last Access Time - the last date/time of when data was requested from the selected view
- Analytics Last Update Time - the last date/time of when the 'Unique Tags Accessed', 'Historical Requests', and 'Last Access Time' properties were updated
...or a Virtual View.
- Last Update - date/time of when the view was last built and cached to memory. (A view is triggered to rebuild when tags are added or removed from a DataSet(s) that is used to create the view.)
- Source Views - the DataSet(s) and/or Virtual Views on which the view is built. Virtual Views can be built on top of the raw data within the historian view or other Virtual Views.
- Properties - any properties that were passed in to create the view
- Tag Count - total number of tags within the view
- Asset Types - one or more assets that are defined within the view and the number of those assets. A view does not necessarily need to have any assets defined in it, although that is one of the primary reasons for creating a Virtual View. In the screenshot above, the Water District Assets view contains 1 Company, 4 Districts, 46 Pumps, 18 Stations, and 18 Towers.
- Unique Tags Accessed (1/7/30 Days) - the number of unique tags accessed in the view over the last 1/7/30 days
- Historical Requests (1/7/30 Days) - the number of historical requests over the last 1/7/30 days for the selected view
- Last Access Time - the last date/time of when data was requested from the selected view
- Analytics Last Update Time - the last date/time of when the 'Unique Tags Accessed', 'Historical Requests', and 'Last Access Time' properties were updated
VIEW OPTIONS
Selecting the yellow down arrow gives the user 4 options:
- EDIT - opens a new screen to modify the current view
- REMOVE - removes the Virtual View. A new menu will appear asking the user to confirm the deletion.
- RENAME - rename the Virtual View
- REBUILD - forces the view to rebuild to pick up any new changes. (Note: A Virtual View will rebuild automatically when the underlying Source Views are updated. Once a view rebuilds, there is then a 5-minute cooldown before it will build again. Clicking the REBUILD button bypasses this cooldown.)
Views (Branch Levels) Screen
Double-clicking on a view tile or selecting the yellow right-arrow allows the user to navigate to deeper levels within the view itself. Tags that exist at that level appear in the 'TAGS' list on the left. The asset or 'Model Type' of the selected tile will be displayed in the 'PROPERTIES' panel.
Users can navigate through the model using the arrows next to the view path at the top of the screen or by clicking on a branch name within the breadcrumb trail.
Views (Tag Level) Screen
Selecting a tag from the 'TAGS' list will populate the right side of the screen with the TVQ's (Timestamp Value Quality) for that tag. The data is displayed using the time zone of the Admin client machine (as opposed to the Historian tile which always displays the data in the time zone of the server). The tag list can be filtered using keywords (not case-sensitive) separated by spaces in the search bar.
The down-arrow next to the search bar will export a csv list of the filtered tags.
- Include parent path - prepends the tag names with the full view path
- Include sub nodes - includes all tags that would fall under the current branch within the view
PROPERTIES
The 'PROPERTIES' panel displays any metadata attached to the selected tag. This could include metadata that is stored in the historian or in an external SQL database. Properties include, but are not limited to:
- Data Type
- First Timestamp
- Historian ItemId - the full tagpath as it appears in the Local Historian view
- ItemID - the full tagpath as it appears in the current Virtual View
- Last Quality
- Last Timestamp
- Last Value
- Source ItemID - the full tagpath as it appears in the Source View used to create the Virtual View. In most cases, this will match the Historian ItemId unless the Virtual View is built on top of another Virtual View.
- NODES - the 'NODES' button only appears when viewing tag records for a tag at a level where other branches still exist. Clicking the button switches back to displaying the branches instead of the tag records.
- FILTER - allows the user to change the time range for displaying the tag records. Users can choose between 'Raw' or 'Processed' data. If Processed data is selected, users can specify the 'Aggregate' and 'Interval'.
- TREND - displays a basic trend of the data currently loaded into the table
- REFRESH - refreshes the tag records in the table if new data has arrived since opening the table
Diagnostics Screen
The 'Diagnostics' screen displays license and usage information for connected clients.
ACTIVITY
- Name - type of client license
- License - count of each license type on the system
- In Use - count of each license type current being used
- Maximum Used - maximum count of each license type used at one time since the Views service started
- Total Issued - total count of each license type issued, released and reused since the Views service started
- Total Denied - count of license requests denied because no more licenses were available since the Views service started
CLIENTS
- Application - client application connected to the Views service
- User - username of the user the client is running under
- Type - name of the license type being used
- Active - True if the connection is actively making requests
- From - timestamp when the connection was established
- Thru - timestamp of the last request +5 minutes. If no requests are made within the next 5 minutes, the license will move to an inactive state.
- Requests - total count of requests made since the connection was established
Security Screen
Permissions
Permissions can be set on any view within the 'BROWSE' panel to limit or grant access to users/groups. Each view can be expanded if wishing to set permissions at a lower level, all the way down to the tags themselves. Ensure permissions are properly in place before enabling security; otherwise, users will not have access to data.
BROWSE
The 'BROWSE' panel contains a hierarchical view of the Local Historian view and any Virtual Views that have been created. Each view can be expanded to show lower subnodes within the model.
EXPLICIT PERMISSIONS
Explicit permissions are permissions that are set by default when the object is created, or by user action. Explicit permissions will take precedence over inherited permission. The users or groups can be arranged by drag and drop of a User within the panel; therefore, the order of the permissions matters. If a user is explicitly added and is also a member of an explicit group, then the user should be listed above the group. If not the message "Unreachable Permission Detected!" would display. Similarly, if a user is a part of two groups, the first group to appear in the list will take precedence over the second.
INHERITED PERMISSIONS
These are permissions that are passed along from the parent object. As stated above, explicit permissions override inherited permissions.
EFFECTIVE PERMISSIONS
Displays the permissions a specified user has within the selected node.
Overview
The 'Overview' screen displays each path in the Views service with a permission applied to it including the user/group and their access.
Settings
The 'Settings' screen allows the user to enable security. Ensure permissions are correctly set prior to enabling it. Enabling security without configuring permissions will prevent any users from accessing data.
Configuration Screen
Endpoints
The Views service has several connection points depending if the client is local or remote and the type of security required. Remote listening ports have default values but can be changed to allow user defined ports.
- Net.Pipe - Windows (Local Only) - used when the connection is from a client on the local machine. Windows Authentication uses logon information of the current user.
- Net.Pipe - Anonymous (Local Only) - allows any local user access without credentials
- Net.TCP - Windows - uses the Windows credentials of the client user to make a secure connection through the default port 55234
- Net.TCP - Username - uses username/password credentials entered by the client to make a secure connection through the default port 55234
- Net.TCP - Secure - uses the machine credentials of a remote computer (when connecting with the Mirror or Publisher service) to make a secure connection through the default port 55234
- Net.TCP - Anonymous - allows any remote user access without credentials through the default port 55231
- Https - Username - deprecated
- Http - Anonymous - deprecated
- Https - Username (Web API) - allows clients using the web API to read data from the historian using a secure connection
- Http - Anonymous (Web API) - allows clients using the web API to read data from the historian using an anonymous connection
CERTIFICATE (Secure/Username)
This certificate is used when making a secure connection to the Views service. By default, Canary generates its own self-signed certificate, but can be configured to use another certificate if it is installed on the server.
- Store Name - the file location of the client certificate within the machine's certificate store
- Find Type - criteria by which the Views service searches for the certificate
- FindBySubjectName
- FindByThumbprint
- Subject Name - the value of the Subject Name or Thumbprint
Access
The 'Access' screen allows the user to grant access to specific users/groups which can then be given specific permissions within the 'Security' tab. By default, Everyone and ANONYMOUS LOGON have full access. The top ALLOW/DENY lists are designated for users/groups querying the historian, whereas the bottom ALLOW/DENY lists are for machine clients (using the Mirror or Publisher service) wishing to access data.
- ALLOW - users or groups allowed to connect to the Views web service
- ADD - click to add users or user groups to the ALLOW list
- REMOVE - click to remove a user or user group from the ALLOW list
- DENY - specify particular users or user groups to limit access
- ADD - click to add users or user groups to the DENY list
- REMOVE - click to remove a user or user group from the DENY list
- ALLOW (Secure Endpoint) - this panel displays credentials of machine clients granted access to connect to Views through the Secure or Username endpoint
- DENY - by selecting an existing clients credentials from the list an Administrator can deny the client connection to Views. This will move the credentials to the DENY list where they can be removed or allowed again.
DENY (Secure Endpoint) - when a secure client connection is received it automatically goes into the DENY list where an administrator must allow the client access or remove it
- ALLOW - after selecting a credential from the DENY list, clicking the ALLOW button will grant this client a secure connection
- REMOVE - after selecting a credential from the DENY list, clicking the REMOVE button will clear it from the list of clients requesting a secure connection
- REFRESH - the DENY LIST does not update automatically. You must click the REFRESH button to see any new clients requesting a secure connection.
Tokens
The 'Tokens' screen allows the user to create long-term access tokens which can then be used to query the historian using the Read API. A user account and password must be provided to link to the generated token; therefore, it is essential to protect the existence of the token as it can be used to access data on behalf of the user account. If the password of the account changes, the token authentication will fail and need updated.
Note: When making an API call, the parameter 'accessToken' must be used in place of 'userToken' if wishing to use the generated access token.
- Expiration policy - the token can be set to 'Expired', 'Never', or a specified 'Date'
- User Account/PW - the account and password on which the token will be linked to
- Comments - (not required)
Historians
From the 'Historians' screen a user can add a remote historian view into the Views service (uncommon). By default, the Views service contains the local historian view. The user, however, may want to add a remote historian view if wishing to split up Canary services among different servers. (See How to Add a Remote Historian Views)
CREDENTIALS
- GUID - this string will appear in the DENY/ALLOW Access list of the remote Historian it is connecting to if making a secure connection
HISTORIANS
By default, the machine name of the local historian is included. Historians, whether local or remote, can be added or removed.
- ADD - opens a dialogue box to add a remote historian. The 'Historian name' can be anything the user specifies. The 'Historian server address' must be the actual server name of the remote historian or its IP address.
- REMOVE - removes the selected Historian from the list