Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

1.5. Defining DCOM settings for OPC Server Enumerator

advertisement 
MicroSCADA Pro
DMS 600
Windows Settings for Remote OPC Connectivity
MicroSCADA Pro
DMS 600
Windows Settings for Remote OPC
Connectivity
Contents:
1. Windows Settings for Remote OPC Connectivity ....................... 4
1.1.
1.2.
1.3.
1.4.
1.5.
1.6.
1.7.
1.8.
1.9.
Enabling of Distributed COM .......................................................... 4
Defining access permissions .......................................................... 4
Defining launch and activation permissions .................................... 4
Defining DCOM settings for OPC server ........................................ 5
Defining DCOM settings for OPC Server Enumerator .................... 5
Start-up of OpcEnum service ......................................................... 6
Local Security Policy settings ......................................................... 6
Data Execution Prevention (DEP) .................................................. 7
Configuring Windows Firewall for Remote Use............................... 7
_________________________________________________________________________________
©Copyright ABB
1.
Windows Settings for Remote OPC Connectivity
1.1.
Enabling of Distributed COM
Default DCOM settings for client and server applications can be adjusted by following
the instructions given below:
1. Click Start > Settings > Control Panel > Administrative Tools.
2. Select Component Services. Expand the Component Services > Computers
container.
3. Right-click My Computer, and then click Properties.
4. Select Default Properties tab, and set Distributed COM enabled on this computer.
5. Set the Default Authentication Level as Connect and Default Impersonation Level
as Identify.
Note: When you set the authentication level to Connect the Windows users on remote
clients must be authenticated on server. If both computers are belonging to a domain
the user logged in to the OPC client computer shall be logged in as a domain user and
not a local user. If the OPC server is not belonging to a domain being a standalone
computer, it cannot authenticate the users unless you have a matching user
name/password on both the OPC client and OPC server computer defined.
1.2.
Defining access permissions
When the OPC client tries to access the OPC server, the COM security permissions
defined by the Windows operating system will be applied. These permissions are
defined in the COM Security tab of My Computer Properties (as mentioned in Chapter
3.11.1.1. Enabling of Distributed COM).
1. Select COM Security tab > Access Permissions > Edit Limits.
2. Allow both local and remote access permissions to Anonymous Logon, Everyone,
Interactive, Network and System groups > OK.
3. Click Access Permissions > Edit Default.
4. Allow both local and remote access permissions to Anonymous Logon, Everyone,
Interactive, Network and System groups > OK.
1.3.
Defining launch and activation permissions
When OPC client performs launch and activation towards the OPC Server, for
example, automatic DCOM server start-up, then the COM security permissions
defined by the Windows operating system will be applied. These permissions are
defined in the COM Security tab of My Computer Properties (steps mentioned in
Chapter 3.11.1.1. Enabling of Distributed COM).
1. Select COM Security > Launch and Activation Permissions > Edit Limits.
2. Allow both local and remote access permissions to Anonymous Logon, Everyone,
Interactive, Network and System groups. Click OK.
3. Click Launch and Activation Permissions > Edit Default.
4. Allow both local and remote access permissions to Anonymous Logon, Everyone,
Interactive, Network and System groups. Click OK.
1.4.
Defining DCOM settings for OPC server
Each OPC server has its own DCOM settings for controlling access to this particular
server.
1. Click Start > Settings Control Panel > Administrative Tools.
2. Click Component Services. Expand the Component Services > Computers > My
Computer container.
3. Select the DCOM Config, and then browse to your OPC Server (ABB
MicroSCADA OPC DA server), right-click on it, and select Properties.
4. Select General tab, set the Authentication Level to Connect.
5. Select Security tab > set Customize > Launch and Activation Permissions > Edit.
6. Allow both local and remote launch and activation permissions to Everyone,
Interactive, Network and System groups > OK.
7. Set Customize option > Access Permissions > Edit.
8. Allow both local and remote launch and activation permissions to Everyone,
Interactive, Network and System groups > OK.
9. Select Identity tab. Verify that the user information has been defined correctly. If
not, choose the MicroSCADA user and enter its password > OK
1.5.
Defining DCOM settings for OPC Server Enumerator
OPC Server Enumerator (OpcEnum) is a server application used by OPC clients to
remotely find OPC servers on a computer using OPC Server names. This requires
proper DCOM configuration for OpcEnum.
1. Select the OpcEnum from the list of DCOM Config, right-click on it, and select
Properties.
Note: If OpcEnum is not found from the DCOM Config list, it means that the
component has not been installed. If there is need to install this component, the
appropriate installation file can be found from the following location after SYS 600
installation: \sc\Setup\OPC_Core_Components. Copy this file to the target OPC client
computer, and double-click the Windows Installer Package file.
2. Select the General tab, set the Authentication Level to Connect.
3. Select the Security tab > set Customize option > Launch and Activation
Permissions > Edit.
4. Allow both local and remote launch and activation permissions to Everyone,
Interactive, Network and System groups > OK.
5. Set Customize option > click Access Permissions > Edit.
6. Allow both local and remote launch and activation permissions to Everyone,
Interactive, Network and System groups > OK.
7. Select Identity tab, verify that OpcEnum is either run by the launching user or the
system account > OK. The DCOM settings on the target machine are now correct.
1.6.
Start-up of OpcEnum service
On the OPC server computer OPC enumerator service shall be running.
Go to Start > Settings > Control Panel > Administrative Tools.
Open Services.
Right-click OpcEnum and select Properties.
Change Startup type: Automatic. Press OK.
1.7.
Local Security Policy settings
The following steps may need to be taken in order to establish OPC communication:
1. Select Start > Settings > Control Panel > Administrative Tools > Local
Security Policy.
2. Expand the Security Settings > Local Policies > Security Options container.
3. Select DCOM: Machine Access Restrictions in Security…. Right click on it and
Select Properties. Click Edit Security. Allow both local and remote access permissions
to Everyone, Interactive, Network and System groups > OK.
4. Select DCOM: Machine Launch Restrictions in Security…. Right click on it and
Select Properties. Click Edit Security. Allow both local and remote Launch and
Activation permissions to Everyone, Interactive, Network and System groups > OK.
5. Select Network access: Let Everyone permissions apply to anonymous users. Rightclick on it and select Properties. Select Enabled > OK.
6. Select Network access: Sharing and security model for local accounts. Right click
on it, and select Properties. Select Classic - local users authenticate as themselves >
OK.
1.8.
Data Execution Prevention (DEP)
Data Execution Prevention (DEP) is a set of hardware and software technologies that
perform additional checks on memory to help prevent malicious code from running on
a system. For example in Windows XP Service Pack 2 DEP is used. DEP can prevent
many installations from running and it should be disabled for OPC software.
Select My Computer and Properties (or Control Panel and System) and go to the
Advanced tab. Under performance click Settings button. Select “Turn on DEP for
essential windows programs and services only”. Click OK. At this point it may be
necessary to restart the machine.
1.9.
Configuring Windows Firewall for Remote Use
These instructions are configuration for Windows Firewall to work with OPC between
MicroScada Pro SYS 600 and DMS 600 applications. If there are in use some other
than MicroScada Pro SYS 600 then look instructions from OPC Foundation and
download a pdf-file www.opcfoundation.org  Downloads  White papers 
Using OPC via DCOM with Windows XP Service Pack 2.
1. Set Windows firewall on and allow exceptions.
Figure 1: Windows Firewall starting view
a. Change to Exceptions tab to add exceptions
Figure 2: Windows Firewall – exceptions tab
2. Add programs
a. OPC Server Enumerator 1.10 (from \sc\prog\exec\OPCENUM.EXE ) (Only for
Micro SCADA server, not for client)
b. Micro SCADA Pro DMS Network Editor ( Network Editor)
c. Micro SCADA Pro DMS Workstation (Workstation)
d. Micro SCADA Pro DMS Server Application ( Server Application)
Figure 3: Adding a Program for exception list
3. Add ports:
Table 1: Exception ports
Name
TCP_3820
DCOM
DMSSocketService (*)
Port number
3820
135
51772
TCP /UDP
TCP
TCP
TCP
(*) 51772 is valid if environment variable DMSComPort has not been defined. If DMSComPort
environment variable has been defined then the port is according that value, see Figure 5.
Figure 4: Adding a port to exception list
Figure 5: Environment variables

ABB Oy
Substation Automation Products
P.O. Box 699
FI-65101 VAASA
FINLAND
Tel. +358 10 22 11
Fax. +358 10 224 1094
www.abb.com/substationautomation
Related documents
1b. Revised Project Plan C
1b. Revised Project Plan C
PPT - Halldale
PPT - Halldale
- Western and Central Pacific Fisheries Commission
- Western and Central Pacific Fisheries Commission
NORTHPOINTE BEHAVIORAL HEALTHCARE SYSTEMS
NORTHPOINTE BEHAVIORAL HEALTHCARE SYSTEMS
Sharepoint 101
Sharepoint 101
Robotics
Robotics
OPC Minutes 09.16.14
OPC Minutes 09.16.14
Download
advertisement