Within the v11 Upgrade, OFS have addressed a number of smaller items. This article attempts to summarise these smaller changes.
These changes are fairly technical in nature and the information provided here is general in nature, intended only to provide familiarity with some of the "under the hood" work that OFS have done to improve the relability, availability and quality of experience in v11.OPC-DA DCOM Compatibility
In March 2023, Microsoft made permanent changes to the security levels permitted within the Remote Procedure Call (RPC) framework, increasing the minimum security for each packet exchanged between servers and clients to level 5 - Integrity.
OPC-DA, a technology used by some OFS clients to collect manufacturing data over a network, uses a technology called DCOM (Distributed COM), which is built off of RPC, is affected by these changes.
The implementation of these additional security controls by Microsoft was staged between 2021 and 2023, with the final implementation on March 14, 2023. After this time, there is no way to disable the additional security controls, and OFS has delivered upgrades to ensure full compatibility with the new security protocols.
Between 2021 and 2023, OFS completed upgrades, testing and validation with clients to ensure that all active OPC-DA deployments were 100% compliant with Microsoft's changes. Impacted customers have already been upgraded to use the new application code in v11 onwards.
Websocket Qualify Frames
To enable multithreaded connections between web clients and OFS software, OFS uses Websocket connections. These are used for example in OFS Analytics to enable multiple dashboards to simultaneously query data from different APIs.
To keep connections active, the client and server are programmed to send `qualify` messages which simply tell the other party "I'm still here!".
OFS identified certain circumstances where these qualify messages could cross connection boundaries, and have introduced a per-thread broadcasting option which can selectively be enabed in v11.0 onwards.
This bug poses no risk to customer data, as the qualify frame contains no sensitive information, but we have chosen to investigate and provide upgrades to minimise any possibility of this issue causing loss of service to clients.
iOS Safari - Websocket Double Authentication
For the websocket connections made by OFS software between clients and the server interfaces, authentication is required to ensure that information is disclosed only to authorised users.
It has been identified that iOS Webkit content parsing engine behaves unusually and does not follow the conventions established for HTTP Basic Authentication. This results in users being prompted to enter their credentials twice when using OFS v10.9 or earlier.
In v11.0, OFS introduced some new configuration which directs iOS clients to connect without the websocket interface, falling back to long polling, to avoid this double prompt for authentication.
PDF Export Bugs
In OFS v10.9 and earlier, when a user generates a PDF via the PDF Export feature in OFS Analytics and in OFS Flow Form interfaces, the PDF is displayed successfully in the web browser, but attempts to save the PDF yield an empty file.
This is because of the way that Google Chrome handles caching of PDF content yielded from HTTP POST APIs. Because OFS PDFs are generated by sending data (e.g. a report body) from the browser to a PDF generation API, repeated calls do not send the same data (a convention of HTTP POST requests, where repeated submission may repeat an action).
In response to this unusual behavior in Google Chrome (noting that it did not occur in other major browsers), OFS have published a new set of behaviors which circumvent this problem by selecting a single action - view or download for generated PDFs when the link is opened.
Fusion-Manager Version Numbers
OFS Fusion-Manager now shows a visible version number in the top left corner, so users can be sure that their Fusion deployment is running the same/latest version of OFS software as expected.
Terms of Use
OFS Terms of Use have been similified and now reflect a web URL to our website.