MicroSCADA Pro
DMS 600
Windows Settings
for
Remote
OPC C
onnectivity
MicroSCADA Pro
DMS 600
Windows Settings for Remote OPC
C
onnectivity
_________________________________________________________________________________
©Cop
yright ABB
Contents:
1.
Windows
Settings for Remote OPC Connectivity
...........................
4
1.1.
Enabling of Distributed COM
................................
............................
4
1.2.
Defining access permissions
................................
............................
4
1.3.
Defining launch and activation permissions
................................
.....
4
1.4.
Defining DCOM settings for OPC server
................................
..........
5
1.5.
Defining DCOM settings for OPC Server Enumerator
.....................
5
1.6.
Start
-
up of OpcEnum service
................................
............................
6
1.7.
Lo
cal Security Policy settings
................................
...........................
6
1.8.
Data Execution Prevention (DEP)
................................
....................
7
1.9.
Configuring Windows Firewall for Remote Use
................................
7
1.
Windows Settings for Remote OPC Connectivi
ty
1.1.
Enabling of Distributed COM
Default DCOM settings for client and server applications can be adjusted by
following
the instructions given below:
1. Click Start > Settings
>
Control Panel > Administrative Tools.
2. Select Component Services. Expand the
Component Services > Computers
container.
3. Right
-
click My Computer, and then click Properties.
4. Select Default Properties tab, and set Distributed COM enabled on this
computer.
5. Set the Default Authentication Level as Connect and Default Impersonati
on
Level
as Identify.
Note:
When you set the authentication level to Connect
the Windows users on remote
clients must be authenticated on server. If both computers are belonging to a domain
the
user logged in to the OPC client computer
shall be
logged in a
s a domain user and
not a local user.
If the OPC server is not belonging to a domain being
a standalone
computer, it cannot authenticate the users unless you have a matching user
name/password on both the OPC client and
OPC server computer defined.
1.2.
Definin
g access permissions
When the OPC client tries to access the OPC server, the COM security permissions
defined by the Windows operating system will be applied.
These permissions are
defined in the COM Security tab of My Computer
Properties (as mentioned in
Chapter
3.11.1.1. Enabling of Distributed COM).
1. Select COM Security tab > Access Permissions > Edit Limits.
2. Allow both local and remote access permissions to Anonymous Logon,
Everyone,
Interactive, Network and System groups > OK.
3. Click Access Perm
issions > Edit Default.
4. Allow both local and remote access permissions to Anonymous Logon,
Everyone,
Interactive, Network and System groups > OK.
1.3.
Defining launch and activation permissions
When OPC client performs launch and activation towards the OPC S
erver, for
example, automatic DCOM server start
-
up, then the COM security permissions
defined by the Windows operating system will be applied. These permissions are
defined in the COM Security tab of My Computer Properties (steps mentioned in
Chapter 3.11.
1.1. Enabling of Distributed COM).
1. Select COM Security > Launch and Activation Permissions > Edit Limits.
2. Allow both local and remote access permissions to Anonymous Logon,
Everyone,
Interactive, Network and System groups. Click OK.
3. Click Launch a
nd Activation Permissions > Edit Default.
4. Allow both local and remote access permissions to Anonymous Logon,
Everyone,
Interactive, Network and System groups. Click OK.
1.4.
Defining DCOM settings for OPC server
Each OPC server has its own DCOM settings for
contro
lling access to this particular
server.
1. Click Start > Settings Control Panel > Administrative Tools.
2. Click Component Services. Expand the Component Services > Computers >
My
Computer container.
3. Select the DCOM Config, and then browse to your
OPC Server
(ABB
MicroSCADA OPC DA server)
, right
-
click on
it, and select Properties.
4. Select General tab, set the Authentication Level to Connect.
5. Select Security tab > set Customize > Launch and Activation Permissions >
Edit.
6. Allow both local and
remote launch and activation permissions to Everyone,
Interactive, Network and System groups > OK.
7. Set Customize option > Access Permissions > Edit.
8. Allow both local and remote launch and activation permissions to Everyone,
Interactive, Network and
System groups > OK.
9. Select Identity tab. Verify that the user information has been defined correctly. If
not, choose the MicroSCADA user and enter its password > OK
1.5.
Defining DCOM settings for OPC Server Enumerator
OPC Server Enumerator (OpcEnum) is a s
erver application used by OPC clients to
remotely find OPC servers on a computer
using OPC Server names
. This requires
proper DCOM
configuration for OpcEnum.
1. Select the OpcEnum from the list of DCOM Config, right
-
click on it, and
select
Properties.
Note
:
If OpcEnum is not found from the DCOM Config list, it means that
the
component has not been installed. If there is need to install this
component, the
appropriate installation file can be found from the
following location after SYS 600
installation:
\
sc
\
Setup
\
OPC_Core_Components. Copy this file to the target OPC client
computer, and double
-
click the Windows Installer Package file.
2. Select the General tab, set the Authentication Level to Connect.
3. Select the Security tab > set Customize option > Launch
and Activation
Permissions > Edit.
4. Allow both local and remote launch and activation permissions to Everyone,
Interactive, Network and System groups > OK.
5. Set Customize option > click Access Permissions > Edit.
6. Allow both local and remote launch
and activation permissions to Everyone,
Interactive, Network and System groups > OK.
7. Select Identity tab, verify that OpcEnum is either run by the launching user or
the
system account > OK. The DCOM settings on the target machine are now
correct.
1.6.
Start
-
up of OpcEnum service
On the OPC server computer OPC enumerator service shall be running.
Go to
Start > Settings
>
Control Panel > Administrative Tools.
Open Services.
Right
-
click OpcEnum and select Properties.
Change Startup type: Automatic. Press OK.
1.7.
Local Security Policy settings
The following steps may need to be taken in order to establish OPC communication:
1. Select Start > Settings > Control Panel > Administrative Tools > Local
Security Policy.
2. Expand the Security Settings > Local Policies > S
ecurity Options container.
3.
Select DCOM: Machine Access Restrictions in Security…. Right click on it and
Select Properties. Click Edit Security.
Allow both local and remote access permissions
to Everyone, Interactive, Network and System groups > OK.
4
.
Select DCOM: Machine Launch Restrictions in Security…. Right click on it and
Select Properties. Click Edit Security.
Allow both local and remote
Launch and
Activation
permissions to Everyone, Interactive, Network and System groups > OK.
5.
Select Network a
ccess: Let Everyone permissions apply to anonymous users.
Right
-
click on it and select Properties.
Select Enabled > OK.
6
. Select Network access: Sharing and security model for local accounts. Right
click
on it, and select Properties.
Select
Classic
-
loca
l users authenticate as themselves
>
OK.
1.8.
Data Execution Prevention (DEP)
Data Execution Prevention (DEP)
is a set of hardware and software technologies that
perform additional checks on memory to help prevent malicious code from running on
a system. For ex
ample
in Windows XP Service Pack 2 DEP is used. DEP can prevent
many installations from running and it should be disabled for OPC software.
Select My Computer and Properties (or Control Panel and System) and go to the
Advanced tab. Under performance click
Settings button. Select “Turn on DEP for
essential windows programs and services only”. Click OK. At this point it may be
necessary to restart the machine.
1.9.
Configuring Windows Firewall for Remote Use
These instructions are configuration for Windows Firewa
ll to work with OPC between
MicroScada Pro SYS 600 and DMS 600 applications. If there are in use some other
than MicroScada Pro SYS 600 then look instructions from OPC Foundation and
download a pdf
-
file
www.opcf
oundation.org
Downloads
White papers
Using OPC via DCOM with Windows XP Service Pack 2.
1.
Set Windows firewall
on
and
allow
exceptions.
Figure
1
: Windows Firewall starting view
a.
Change to Exceptions tab to add exceptions
Figure
2
: Windows Firewall
–
exceptions tab
2.
Add programs
a.
OPC Server Enumerator 1.10 (from
\
sc
\
prog
\
exec
\
OPCENUM.EXE ) (Only for
Micro SCADA server, not for client)
b.
Micro SCADA Pro DMS Network Editor ( Network Editor)
c.
Micro SC
ADA Pro DMS Workstation (Workstation)
d.
Micro SCADA Pro DMS Server Application ( Server Application)
Figure
3
: Adding a Program for exception list
3.
Add ports:
Table
1
: Exception ports
Name
Port number
TCP
/UDP
TCP_3820
3820
TCP
DCOM
135
TCP
DMSSocketService (*)
51772
TCP
(*)
51772 is valid if
environment variable DMSComPort has not been defined. If DMSComPort
environment variable has been defined then the port is according t
hat value
, see Figure
5.
Figure
4
: Adding a port to exception list
Figure
5
: Environment variables
ABB Oy
Substation Automation Products
P.O. Box 699
FI
-
65101 VAASA
FINLAND
Tel. +358 10 22 11
Fax. +358 10 224 1094
www.abb.com/substationautomation
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο