MicroSCADA Pro DMS 600

marlinlineInternet και Εφαρμογές Web

31 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

262 εμφανίσεις

MicroSCADA Pro

DMS 600

Windows Settings
for
Remote
OPC C
onnectivity




























MicroSCADA Pro

DMS 600



Windows Settings for Remote OPC
C
onnectivity



_________________________________________________________________________________

©Cop
yright ABB

Contents:

1.

Windows
Settings for Remote OPC Connectivity

...........................
4

1.1.

Enabling of Distributed COM

................................
............................

4

1.2.

Defining access permissions

................................
............................

4

1.3.

Defining launch and activation permissions

................................
.....

4

1.4.

Defining DCOM settings for OPC server

................................
..........

5

1.5.

Defining DCOM settings for OPC Server Enumerator

.....................

5

1.6.

Start
-
up of OpcEnum service
................................
............................

6

1.7.

Lo
cal Security Policy settings

................................
...........................

6

1.8.

Data Execution Prevention (DEP)

................................
....................

7

1.9.

Configuring Windows Firewall for Remote Use
................................

7





1.

Windows Settings for Remote OPC Connectivi
ty


1.1.

Enabling of Distributed COM

Default DCOM settings for client and server applications can be adjusted by

following
the instructions given below:


1. Click Start > Settings
>
Control Panel > Administrative Tools.

2. Select Component Services. Expand the

Component Services > Computers

container.

3. Right
-
click My Computer, and then click Properties.

4. Select Default Properties tab, and set Distributed COM enabled on this

computer.

5. Set the Default Authentication Level as Connect and Default Impersonati
on

Level
as Identify.

Note:
When you set the authentication level to Connect

the Windows users on remote
clients must be authenticated on server. If both computers are belonging to a domain
the
user logged in to the OPC client computer
shall be
logged in a
s a domain user and

not a local user.

If the OPC server is not belonging to a domain being
a standalone

computer, it cannot authenticate the users unless you have a matching user
name/password on both the OPC client and

OPC server computer defined.

1.2.

Definin
g access permissions

When the OPC client tries to access the OPC server, the COM security permissions

defined by the Windows operating system will be applied.

These permissions are
defined in the COM Security tab of My Computer

Properties (as mentioned in
Chapter
3.11.1.1. Enabling of Distributed COM).

1. Select COM Security tab > Access Permissions > Edit Limits.

2. Allow both local and remote access permissions to Anonymous Logon,

Everyone,
Interactive, Network and System groups > OK.

3. Click Access Perm
issions > Edit Default.

4. Allow both local and remote access permissions to Anonymous Logon,

Everyone,
Interactive, Network and System groups > OK.

1.3.

Defining launch and activation permissions

When OPC client performs launch and activation towards the OPC S
erver, for

example, automatic DCOM server start
-
up, then the COM security permissions

defined by the Windows operating system will be applied. These permissions are




defined in the COM Security tab of My Computer Properties (steps mentioned in

Chapter 3.11.
1.1. Enabling of Distributed COM).

1. Select COM Security > Launch and Activation Permissions > Edit Limits.

2. Allow both local and remote access permissions to Anonymous Logon,

Everyone,
Interactive, Network and System groups. Click OK.

3. Click Launch a
nd Activation Permissions > Edit Default.

4. Allow both local and remote access permissions to Anonymous Logon,

Everyone,
Interactive, Network and System groups. Click OK.

1.4.

Defining DCOM settings for OPC server

Each OPC server has its own DCOM settings for
contro
lling access to this particular
server.

1. Click Start > Settings Control Panel > Administrative Tools.

2. Click Component Services. Expand the Component Services > Computers >

My
Computer container.

3. Select the DCOM Config, and then browse to your

OPC Server

(ABB
MicroSCADA OPC DA server)
, right
-
click on

it, and select Properties.

4. Select General tab, set the Authentication Level to Connect.

5. Select Security tab > set Customize > Launch and Activation Permissions >

Edit.

6. Allow both local and

remote launch and activation permissions to Everyone,

Interactive, Network and System groups > OK.

7. Set Customize option > Access Permissions > Edit.

8. Allow both local and remote launch and activation permissions to Everyone,

Interactive, Network and
System groups > OK.


9. Select Identity tab. Verify that the user information has been defined correctly. If

not, choose the MicroSCADA user and enter its password > OK

1.5.

Defining DCOM settings for OPC Server Enumerator

OPC Server Enumerator (OpcEnum) is a s
erver application used by OPC clients to

remotely find OPC servers on a computer

using OPC Server names
. This requires
proper DCOM

configuration for OpcEnum.

1. Select the OpcEnum from the list of DCOM Config, right
-
click on it, and

select

Properties.

Note
:
If OpcEnum is not found from the DCOM Config list, it means that

the
component has not been installed. If there is need to install this

component, the



appropriate installation file can be found from the

following location after SYS 600
installation:
\
sc
\
Setup
\
OPC_Core_Components. Copy this file to the target OPC client

computer, and double
-
click the Windows Installer Package file.

2. Select the General tab, set the Authentication Level to Connect.

3. Select the Security tab > set Customize option > Launch

and Activation

Permissions > Edit.

4. Allow both local and remote launch and activation permissions to Everyone,

Interactive, Network and System groups > OK.

5. Set Customize option > click Access Permissions > Edit.

6. Allow both local and remote launch
and activation permissions to Everyone,

Interactive, Network and System groups > OK.

7. Select Identity tab, verify that OpcEnum is either run by the launching user or

the
system account > OK. The DCOM settings on the target machine are now

correct.

1.6.

Start
-
up of OpcEnum service

On the OPC server computer OPC enumerator service shall be running.

Go to
Start > Settings
>
Control Panel > Administrative Tools.


Open Services.

Right
-
click OpcEnum and select Properties.

Change Startup type: Automatic. Press OK.

1.7.

Local Security Policy settings

The following steps may need to be taken in order to establish OPC communication:

1. Select Start > Settings > Control Panel > Administrative Tools > Local

Security Policy.

2. Expand the Security Settings > Local Policies > S
ecurity Options container.

3.
Select DCOM: Machine Access Restrictions in Security…. Right click on it and
Select Properties. Click Edit Security.
Allow both local and remote access permissions
to Everyone, Interactive, Network and System groups > OK.


4
.
Select DCOM: Machine Launch Restrictions in Security…. Right click on it and
Select Properties. Click Edit Security.
Allow both local and remote
Launch and
Activation
permissions to Everyone, Interactive, Network and System groups > OK.




5.
Select Network a
ccess: Let Everyone permissions apply to anonymous users.

Right
-
click on it and select Properties.

Select Enabled > OK.

6
. Select Network access: Sharing and security model for local accounts. Right

click

on it, and select Properties.

Select
Classic
-

loca
l users authenticate as themselves

>
OK.

1.8.

Data Execution Prevention (DEP)

Data Execution Prevention (DEP)

is a set of hardware and software technologies that
perform additional checks on memory to help prevent malicious code from running on
a system. For ex
ample

in Windows XP Service Pack 2 DEP is used. DEP can prevent
many installations from running and it should be disabled for OPC software.

Select My Computer and Properties (or Control Panel and System) and go to the
Advanced tab. Under performance click

Settings button. Select “Turn on DEP for
essential windows programs and services only”. Click OK. At this point it may be
necessary to restart the machine.

1.9.

Configuring Windows Firewall for Remote Use

These instructions are configuration for Windows Firewa
ll to work with OPC between
MicroScada Pro SYS 600 and DMS 600 applications. If there are in use some other
than MicroScada Pro SYS 600 then look instructions from OPC Foundation and
download a pdf
-
file
www.opcf
oundation.org



Downloads


White papers


Using OPC via DCOM with Windows XP Service Pack 2.


1.

Set Windows firewall
on

and
allow
exceptions.






Figure
1
: Windows Firewall starting view


a.

Change to Exceptions tab to add exceptions





Figure
2
: Windows Firewall


exceptions tab

2.

Add programs

a.

OPC Server Enumerator 1.10 (from
\
sc
\
prog
\
exec
\
OPCENUM.EXE ) (Only for
Micro SCADA server, not for client)

b.

Micro SCADA Pro DMS Network Editor ( Network Editor)

c.

Micro SC
ADA Pro DMS Workstation (Workstation)

d.

Micro SCADA Pro DMS Server Application ( Server Application)






Figure
3
: Adding a Program for exception list


3.

Add ports:

Table
1
: Exception ports


Name

Port number

TCP

/UDP

TCP_3820

3820

TCP

DCOM

135

TCP

DMSSocketService (*)

51772

TCP


(*)
51772 is valid if
environment variable DMSComPort has not been defined. If DMSComPort
environment variable has been defined then the port is according t
hat value
, see Figure
5.






Figure
4
: Adding a port to exception list




Figure
5
: Environment variables



ABB Oy

Substation Automation Products

P.O. Box 699

FI
-
65101 VAASA

FINLAND

Tel. +358 10 22 11

Fax. +358 10 224 1094

www.abb.com/substationautomation