A platform connection is different than a station connection. When connected to a Niagara platform, Workbench communicates (as a client) to that host’s platform daemon (also known as “niagarad” for Niagara daemon), a server process.
Unlike a station connection that uses the Fox protocol, a client platform connection ordinarily requires full Workbench, meaning it is unavailable using a standard Web browser (i.e. “Web Workbench” applet).
Browser access of a Supervisor station can provide platform connectivity, albeit indirectly, through its ProvisioningService. See Provisioning versus platform interface.Also, Workbench can “tunnel” a platform connection to a JACE through a station connection to a Supervisor—providing that the Supervisor host is licensed for web tunneling. However, note that full Workbench is still
required. For details, see Platform Tunneling.
The following sections provide more details on a platform connection:
Starting in AX-3.7, it is now possible to open a secure (encrypted, SSL or TLS) platform connection to most[1] types of NiagaraAX hosts, providing each host is properly configured. The platform-connection session icon appears in the Nav tree with a small padlock to indicate this connection type, that is:
either 
for secure (“platformssl”), or 
for regular (unencrypted).
For best security, use of SSL is always recommended whenever possible. In AX-3.8 Workbench, default “Open Platform” and “Open
Station” (Fox) dialogs assume an SSL type connection, where to connect in a regular (unencrypted) fashion you must change
the connection “Type” first.
Once platform connected, the available platform functions are identical—regardless of connection method. Workbench 3.7 or later provides a right-click “Session Info” action on any platform connection, as well as any station (Fox) connection.
Figure 2 shows an example of this client session info from a secure (SSL) platform connection. In this example, the identity of the (server JACE) has been verified by a signed certificate, and all data on this connection is being encrypted.
If a regular (unencrypted) platform connection, the Session Info dialog would look similar to Figure 3.
For complete details on SSL configuration, refer to the NiagaraAX SSL Connectivity Guide.
The platform daemon is an executable that runs independently from Niagara core runtime, and is pre-installed on every JACE controller as factory-shipped, and runs whenever the JACE boots up.
Starting in AX-3.7, on most newer JACE platforms (JACE-6, JACE-7, any NPM6E-based or JACE-3E series) as well as any Windows-based platform), the platform daemon is Java-based—running in its own Hotspot Java VM (Virtual Machine). An additional (and separate) Hotspot Java VM is used for the running the station process.
Note that older JACE platforms (JACE-2, JACE-4, JACE-5 series) still use a platform daemon written in “native code”, which runs without a Java VM. A single J9 Java VM is used for the station process.
The newer (Java-based) platform daemon facilitates the extended SSL support starting in AX-3.7, which remains unavailable in the older (“J9 JACE”) controllers. Note that apart from the additional SSL support (and in AX-3.8 support for IEEE 802.1X), the Java-based platform daemon functions the same as the previous “native code” platform daemon—thus this change should be largely “transparent”. For additional platform difference details, see About platform differences.
A Niagara host’s platform daemon monitors a different TCP/IP port for client connections than does any running station. By default, this TCP port is either:
-
3011 - for a “regular” (un-encrypted)
Platform connection.
-
5011 - for a secure (SSL or TLS)
Platform connection (if available).
If necessary, you can change either TCP port monitored to a different (non-default) port during Niagara platform configuration. See Platform Administration.
Finally, as a platform client, you sign on using “host level” credentials for authentication. This means a user account and password separate from any station user account. Consider it the highest level access to that host.
A new JACE controller ships with default platform credentials that are “widely known”—and if left unchanged the JACE is extremely susceptible to being hacked. During
the startup commissioning process, you should always change platform credentials from defaults to something known only to your company and/or customers. In AX-3.8, measures were added
to alert you (and other platform users) to any JACE running with default platform credentials. For related details, see Update Authentication.
A station user with admin-level permissions on the “Services” container (in the component Config space) of a running station also has access to a special subset of platform functions, via “Platform Services.” For details about this different type of platform access, see Platform Services.
When you install NiagaraAX on your PC, one of the last “Would you like to?” install options is:
Install and Start Platform Daemon
The default selection is to install. You need the platform daemon locally installed and running for either of the following:
-
To host a Niagara station on your local PC, such as for a Supervisor. This lets you open a Workbench client platform connection to your local (“My Host”) platform. It also allows remote client platform connections to your PC as well.
-
For a PC to run as a SoftJACE, essentially a JACE running on a PC dedicated to this application. (Note that the SoftJACE Install wizard automatically installs and starts the platform daemon. Also, in this particular case, Workbench is not licensed to run locally at that PC.)
Once installed and started on a PC, you can see the platform daemon listed as a Niagara service from the Windows Control Panel, by selecting ->.
Alternatively, after NiagaraAX installation on your PC, you can install and start the platform daemon at any time, if needed.
From the Windows Start menu, do this with ->->-> (shortcut for “plat.exe installdaemon”).
In summary, your Workbench PC’s local platform daemon is not necessary for making client connections to other Niagara hosts, only to provide the ability to run a station locally on your PC.
[1] Platform and Fox SSL not supported on JACE models running the IBM J9 JVM (JACE-2, JACE-4, JACE-5 series).