Clients/SYRWCD/slack/2026/01/2026-01-16_syrwcd.md

# #syrwcd — 2026-01-16 **09:54 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586056385959):** @Mason Radke what do you recommend we use for secure remote access to the client VM for the operator tablets? **09:54 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586077196399):** tailscale **09:55 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586100107039):** tailscale then remote desktop? **09:55 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586128044429):** dont they just run a client? its geo scada right? the lab PC doesnt need to RDP right? **09:55 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586135970569):** at buellton **09:55 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586156303919):** true. **09:56 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586200421899):** they have a virtual ViewX license. I am checking to see if SY has one. I don't think they do, but I will recommend that they add one. I like that method for remote access **09:56 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586215116749):** thats the browser based one? **09:57 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586221661829):** yes **09:57 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586230482699):** is there a fat client as well? **09:57 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586239348599):** a program that can be installed? **09:57 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586250703599):** yes **09:57 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586260254679):** if its cheaper that can also be an option i think **09:58 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586305569299):** I like the Virtual ViewX because they can have multiple users on one license, whereas the straight ViewX client is single use **09:58 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586314194349):** that makes sense **09:59 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586390156009):** then we don't need a separate VM for remote access to a client. I'm liking this idea more and more **10:02 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586521024129):** remote access to a client? instead of running the client on the tablets? **10:02 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586530022059):** web based is easier. **10:02 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586536936589):** 100% **10:02 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586556682639):** in that case we could set up firewall rules (if they have a static IP) for remote access **10:02 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586569809609):** or just use the VPN which is zero config. much easier to set up, just as secure if not more secure. **10:02 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586573665879):** probably more secure **10:03 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586580113759):** since ports will not need to be open to the world **10:04 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586663191999):** yes, everyone likes hearing they have a VPN for secure access **10:06 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586779320829):** before going with server 2025 here we should verify Geo can run on it **10:07 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768586840214089):** 2025 i very new and not officially supported yet. 2022 would be safer **10:07 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768586859891019):** copy **10:19 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768587560241279):** Here's the rough draft of our scope Our scope of work includes: 1) Purchase and commission a new HP enterprise grade server with Microsoft Windows Server 2022 operating system. 2) Create a virtual machine environment using Hyper-V on the new server 3) Build a VM for the GeoSCADA server and transfer the existing server to this VM 4) Provide and install a GeoSCADA Virtual ViewX license on the server VM. The Virtual ViewX will be used for the Operators to view and operate SCADA using a standard web browser on tablets and laptops with a secure VPN connection to the Server. The advantage of the Virtual ViewX is security and allows for multiple remote users to interact with SCADA simultaneously. 5) Purchase and build a desktop PC to be located in the Operations office. This PC will be used by the Operators to view and operate SCADA through a ViewX client. This method allows for a more secure and safe interface to SCADA versus the existing method of operating SCADA directly from the Server. 6) Connect and validate network and data transfers. 7) Setup operator tablets for secure VPN connection to the Server 8) Provide training to staff on the simple connection to the VPN and to the Virtual ViewX client. **10:19 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768587578508589):** should I add or change anything? **10:20 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768587609478479):** sounds good to me! **10:20 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768587641398759):** think we are looking at 30 hours? **10:22 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768587738875549):** that sounds reasonable **10:26 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768588016884669):** I'm going to add a Synology for backup. https://www.neweggbusiness.com/product/product.aspx?item=9siv0zkkju8506 **10:27 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768588064151479):** And an Altaro license **10:27 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768588074391459):** Actually **10:28 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768588080350089):** Its free for 2 vms **10:28 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768588083439819):** Or used to be **11:54 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768593264994799):** *Executive Summary* This proposal outlines a comprehensive modernization of the District’s SCADA infrastructure, moving from a legacy standalone architecture to a robust, virtualized server environment. The scope represents a shift toward industry best practices, prioritizing system longevity, data integrity, and secure operational flexibility. Our design delivers four key strategic advantages: • *Resilience via Virtualization:* By implementing Microsoft Hyper-V on Enterprise-grade hardware, we decouple the critical SCADA software from the physical hardware. This "hardware independence" ensures that future upgrades are seamless and that the system can be easily recovered or migrated without rebuilding the entire operating environment. • *Enhanced Security Architecture:* The design physically and logically separates the "Server" from the "Operator." By placing the SCADA server in a secure virtual environment and providing a dedicated Desktop PC for the Operations Office, we eliminate the risk of operators unintentionally altering core server files. • *Secure, Flexible Remote Access:* The implementation of *GeoSCADA Virtual ViewX* allows for simultaneous, multi-user access via standard web browsers over VPN. This eliminates the need for insecure direct desktop connections (RDP), allowing staff to safely monitor and control the system from tablets and laptops anywhere with internet connectivity. • *Disaster Recovery Assurance:* The inclusion of a dedicated NAS and *Altaro VM Backup* software ensures that the District owns a completely localized, automated disaster recovery solution. In the event of a catastrophic failure, the entire system state can be restored rapidly, minimizing downtime and data loss. This approach ensures the District receives not just a hardware replacement, but a scalable, secure, and resilient control system platform designed for the next decade of operation. **11:55 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768593358286389):** *Scope of Work: SCADA Server Virtualization & Upgrade* 1. *Hardware Supply:* Purchase and commission a new HP Enterprise-grade server. Specifications to include [Insert Specs, e.g., RAID redundancy, Dual Power Supplies] and Microsoft Windows Server 2022 Standard operating system. 2. *Virtualization Setup:* Configure the host server with the Microsoft Hyper-V virtualization role to allow for future scalability and easy system recovery. 3. *SCADA Migration:* Provision a new Virtual Machine (VM) running Windows Server 2022. Install the latest compatible version of GeoSCADA. Migrate the existing SCADA database, configuration, and historical data from the legacy server to the new VM. 4. *Virtual ViewX Implementation:* Provide and install a GeoSCADA Virtual ViewX license on the server VM. _Function:_ This enables operators to view and operate SCADA using standard web browsers on laptops and tablets via a secure VPN connection to the server. _Advantage:_ This method enhances security and allows for multiple remote users to interact with the SCADA system simultaneously. 5. *Workstation Setup:* Purchase and configure a new dedicated Desktop PC for the Operations office. Install the GeoSCADA ViewX Client software for direct operator access. _Benefit:_ Isolates the server in a secure location while providing operators a dedicated, secure interface (Air-gapped from direct server OS access). 6. *Backup & Disaster Recovery:* Supply and commission a Network Attached Storage (NAS) device and Altaro VM Backup software. _Configuration:_ Configure automated local backups of the SCADA server VM to the dedicated NAS. _Benefit:_ Ensures data integrity and provides a rapid restoration capability (RTO) in the event of hardware failure or corruption. 7. *Network Integration:* Connect the new server to the *PLC Network* for local control data communication. Connect the new server to the *Office Network* to provide internet connectivity for remote access. *Note:* Configuration of the network firewall and associated security policies will be performed by the District's IT department. 8. *Remote Access:* Configure Operator tablets with secure VPN client software to facilitate encrypted connection to the Virtual ViewX interface. 9. *Training & Handoff:* Provide instruction to staff on utilizing the new ViewX Client and establishing secure VPN connections for remote access. **12:02 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768593742147539):** Beautiful **12:03 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768593781516329):** Gemini and I do a pretty good job with these proposals **12:03 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768593815515209):** Not a bad tool **12:04 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768593866189899):** ![[F0A9CHXQB9S_image.png]] **12:06 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768594019582299):** We are up to 47 hours. I think that's reasonable here since we are adding some things like Virtual ViewX and NAS backup **12:08 [Mason Radke](https://slack.com/archives/C0A8K7Q7N1M/p1768594115147599):** Yeah. I always get nervous of the unknowns. One hang up can chew up lots of hours. But I guess that's a risk in any job **12:43 [Kevin](https://slack.com/archives/C0A8K7Q7N1M/p1768596207223059):** indeed