AP-0500-0023 Connecting Remotely To DeltaV v7.2 and Later Through OPC

Knowledge Base Article
Connecting Remotely to DeltaV v7.2 and Later Through OPC

Article ID: AP-0500-0023
Publish Date: 28 May 2013
Article Status: Approved
Article Type: General Product Technical Information
Required Action: Information Only
User Discipline: Configuration/Installation
Recent Article Revision History:
Revision/Publish Description of Revision
28 May 2013
Added procedures regarding creation of Local Account for Item
2.3 and reiterated that there is no need to add any other user to
the properties of the FRSOPCDV DCOM object.
(See end of article for a
complete revision history
listing.)
Affected Products:
Product Line Category Device Version
DeltaV Workstation Software VE2223 OPC Remote Services v10.x
DeltaV Workstation Software VE2223 OPC Remote Services v11.3.x
DeltaV Workstation Software VE2223 OPC Remote Services v12.3
This Knowledge Base Article, AP-0500-0023, provides information to customers who want to
connect remotely to OPC in DeltaV v7.2 and later. To communicate with a DeltaV v7.2 system or
later using OPC from a non-DeltaV machine running Windows NT or later operating system, the
client machine must be installed with an application called OPCRemote. Furthermore, you must
add user accounts to the DeltaV system and to the remote machine where you will run the OPC
client. The user may need to verify the DCOM settings with those presented in this KBA.
1 Installing the OPCRemote Software on the Remote Client
Machine
To ensure that the remote client has the correct OPCRemote file version required to
communicate with the DeltaV OPC server, insert the appropriate disk depending on the DeltaV
version you have and perform the following steps:
1. To start the installation procedure, click Start | Run then type Explorer. Browse to the
DV_EXTRAS\OPCREMOTE folder on the CD and double-click OPCRemote.exe.
Note The disk location of this folder varies depending on the DeltaV version.
For DeltaV v7.3 and v7.4, it is found in DeltaV CD 2. Users will find two instances of
OPCRemote in the DV_EXTRAS folder. OPCRemote is intended for Windows XP
Page 1 of 14 Customer KB AP-0500-0023: Connecting Remotely to DeltaV v7.2 and Later Throug...
13/3/2014 http://sms.na.emersonprocess.com/xml/IR_Report.asp?cmd=get&doctype=kba_custom...
and higher operating systems while the OPCRemoteForWinNT is for Windows NT
and Windows 2000.
For DeltaV v7.4.1, v7.4.2, v8.4, v8.4.1, v8.4.2, it is found in DeltaV CD 4.
For DeltaV v9.3 and later, it is in DeltaV DVD 1.
2. During the installation, the user will see the following message:
If you are going to connect to a DeltaV OPC Server, enter the name of the DeltaV
workstation. Otherwise, enter the name of the computer on which you are installing this
software:
3. Enter the node name of the computer that will be the OPC server machine (e.g., a DeltaV
Application Station or ProfessionalPLUS Station).
Note If you encounter the error messages shown below when you install
OPCRemote, simply ignore the messages and continue with the installation. The
error messages will occur because the DeltaV and DVBHisAdmin groups do not
exist on the non-DeltaV node.
The password for the DeltaVAdmin account on the client machine must match the
password on the server machine for unsolicited callbacks to work properly. This is
because the DeltaV OPC server is running as DeltaVAdmin on the server machine and
the DeltaVAdmin account is automatically created by the DeltaV OPCRemote
installation. The DeltaV Server Password Utility is automatically run when OPCRemote is
installed on the remote machine to synchronize the password of the DeltaVAdmin
account on the server machine and client machine. If the DeltaVAdmin account
password is changed in the server machine, it must also be changed on the client
machine. On the client machine, go to c:\Program Files\FRS\OPCRemote folder and run
ServPwd.exe (DeltaV Server Password Utility) to re-synchronize the DeltaV Admin
account password to the server machine.
x DeltaV v7.2 DeltaV Server Password Utility
x DeltaV v7.3 (and later) DeltaV Server Password Utility: the Set Password to
Default button is available for the reset of the DeltaVAdmin password to the
original password
Note If you are upgrading a DeltaV system, it is necessary to remove OPCRemote
from the OPCRemote machine and then reinstall OPCRemote on the remote client
machine from the disk that comes with the newer version of DeltaV.
2 Configuring User Accounts for the DeltaV OPC Server
Machine and the Remote OPC Client
OPC uses Microsoft DCOM technology to allow a client to connect to a server running across a
network that uses TCP/IP. Any two machines configured for DCOM communications can be
setup to run as a DeltaV OPC client and server.
Remote OPC Client Machine User Setup
The OPC client application runs using a valid Windows account and DeltaV account on the
server machine. The server is set up differently depending on whether the computers are in a
workgroup or domain. The following sections describe the various setup options. The term
opcuser is used as an example user account name.
2.1 Both OPC Client machine and DeltaV OPC Server Machine are in a
Workgroup
The opcuser account runs as a local user if both the OPC client machine and DeltaV OPC
server machine are in a workgroup.
To set up the opcuser on the DeltaV OPC server machine:
1. Use the DeltaV User Manager on the DeltaV OPC server machine to create a user
account (opcuser account) and assign it the same password as that of the OPC client
machine.
2. Make opcuser both an Operating System Account and a DeltaV Database Account.
3. Grant proper DeltaV groups (at least OPERATE group) and DeltaV locks (at least Control
key) to opcuser.
4. Download the DeltaV machine.
2.2 The OPC Client Machine is in a Domain and the DeltaV OPC Server
Machine is in a workgroup
The opcuser account runs as a Domain User in Domain A and the DeltaV OPC Server
machine is in a Workgroup.
To set up the user on the DeltaV OPC server machine:
1. Use the DeltaV User Manager on the DeltaV OPC server machine to create a user
account (for example, opcuser) and assign it the same password as that of the domain
user account used on the OPC client machine.
3. Grant proper DeltaV groups (at least OPERATE group) and DeltaV locks (at least Control
key) to opcuser.
2.3 The OPC client machine is in a workgroup and the DeltaV OPC
server machine is in a domain.
The opcuser account runs as Local User (in a workgroup) and the DeltaV OPC server
machine is in a Domain (Domain A).
To set up the user on the DeltaV OPC Server Machine:
1. Open DeltaV User Manager to create a user account with the same name and password
as the local user account (opcuser account) of the OPC client machine.
Note Starting in DeltaV v10.3, the computer/domain selection must be set to
<unspecified> for the opcuser account so that OPC communication will work.
3. Grant proper DeltaV groups (at least OPERATE Group) and DeltaV locks (at least Control
key) to this user.
4. Create a local user on the DeltaV Application Station that has exactly the same user name
and password as the elected opcuser via Local Users and Computers on Windows
Operating System.
Note This is applicable to a member server, i.e. not a domain controller.
Alternatively, use Windows User Manager application to perform the following tasks on
the DeltaV OPC Server Machine:
1. Create a local user account (opcuser account).
2. Assign it the same password as that of the OPC client machine.
3. Add it to the local DeltaV group.
4. Open DeltaV User Manager and create a DeltaV Database account with the same name
as the local user account (opcuser account).
key) to this user.
2.4 The OPC Client Machine is in Domain A and the DeltaV OPC Server
Machine is in Domain B - Domain A has a Trust Relationship With
Domain B
Scenario 1:
The opcuser account runs as Domain A User and the DeltaV OPC Server is in Domain B,
and Domain B trusts Domain A.
Since a two-way trust exists between the two domains, use either Windows User Manager
in the DeltaV OPC Server machine to create a local user account or Active Directory Users
and Computers to add the OPC clients opcuser account (Domain A) to the DeltaV OPC
Server (Domain B) machine. In addition, be sure to do the following:
1. Use Active Directory Users and Computers to add Domain A\opcuser to the DeltaV group
of the DeltaV domain; or use Windows User Manager to add the local user account to the
local DeltaV group.
2. Use the DeltaV User Manager to create opcuser as a DeltaV Database account.
key) to this user.
Another way to set up the opcuser account on the DeltaV OPC Server domain would be to
do the following:
1. Open DeltaV User Manager on the DeltaV OPC Server machine to create a user account
with the same name and password as the domain user account (opcuser account) as that
of the OPC client machine.
key) to opcuser.
Scenario 2:
The Client Runs as Domain A User and the Server is in Domain B, and Domain B does not
trust Domain A.
To set up the user on the DeltaV OPC Server Machine set-up as a domain member, use
Windows User Manager to do the following:
1. Create a local user account (opcuser account).
2. Assign it the same password as the OPC client machine.
3. Make the opcuser account a member of a DeltaV group.
4. Create a DeltaV Database account with the same name as the local user account
(opcuser account).
key) to the opcuser account.
Another way to set up the opcuser account on the DeltaV OPC Server machine set-up as
either a domain member or domain controller would be to do the following:
1. Open DeltaV User Manager on the DeltaV OPC Server machine to create a user account
with the same name and password as the domain user account (opcuser account) as that
of the OPC client machine.
key) to opcuser.
Note The one-way trust configuration will not work if the OPC client machine is also
a domain controller and the OPC Server machine is not a domain controller. In this
case, it is required that a two-way trust be established for OPC communication to
work.
3 DCOM Setup
Distributed Component Object Model (DCOM) is an application level protocol for object-oriented
remote procedure calls. This is useful for distributed, component-based systems of all types.
Furthermore, it is useful to OPC in that it allows a client to connect to a server running across a
network that uses TCP/IP.
To use DCOM, do the following steps:
1. Connect two machines on a network with TCP/IP network protocol.
2. Enable DCOM on both machines (normally DCOM is enabled automatically during the
operating system installation).
3. Set the DCOM security to allow the client to connect to the server application.
Windows provides a utility called dcomcnfg.exe. This utility provides a user interface where the
necessary DCOM registry settings could be configured.
3.1 Enabling DCOM on the PC
If DCOM is not enabled, you can enable it by doing the following steps on both the server and
client machines:
1. Go to Start | Run. Type in dcomcnfg.exe and then press ENTER.
2. When the Component Services window appears, right-click on My Computer icon and
then Select the Default Properties tab.
3. Select the checkbox Enable Distributed COM on this computer.
4. Changing this value requires a reboot.
The EnableDCOM registry key is set to Y when this box is checked. If DCOM is not enabled,
then all cross-machine calls are rejected (the caller, typically, gets an
RPC_S_SERVER_UNAVAILABLE return code).
3.2 Setting the Location of the OPC Data Server
On the server machine, the DeltaV OPC Data Server application must be set to run on the local
machine.
2. Select the entry FrsOpcDv from the applications list and select the Properties button.
3. Select the Location tab.
4. Select the Run application on this computer checkbox.
On the client machine, the DeltaV OPC Data Server application must be set to run on the server
machine. This is set up automatically when DeltaV OPC Remote is installed. This can be verified
by following these steps:
2. Select the entry DeltaV OPC Server from the applications list and select the Properties
Page 10 of 14 Customer KB AP-0500-0023: Connecting Remotely to DeltaV v7.2 and Later Thro...
button.
3. Select the Location tab.
4. Select the checkbox Run application on the following computer.
5. Type in the name of the server machine.
3.3 Setting DCOM Properties
On both the server and client machines, the DeltaV OPC Data Server application must have the
correct properties.
then Select the Default Properties tab to view the default DCOM Communication
Properties.
3. The Default Authentication Level should be set to Connect.
4. The Default Impersonation Level should be set to Identify.
Once access is permitted, COM will check security for each call. There are two categories,
AuthenticationLevel and ImpersonationLevel.
The Authentication Level dictates how secure the communication is between the client and the
server. The negotiated authentication level is the highest for client and server. It can not be
RPC_C_AUTHN_LEVEL_NONE if the caller wants to know who the caller is.
The Impersonation Level indicates the degree of authority that is granted to the calling
application or server for it to use the identity of the client.
3.4 Setting DCOM Security
On the client machine, COM security needs to be modified to make callbacks work.
Note Clients that call the CoInitializeSecurity() function to determine the security
settings to be used by the application DO NOT require this change.
then Select the Default COM Security tab to view the default COM Security.
3. Edit the Default Access Permissions by selecting the Edit Default button.
4. Add the DeltaVAdmin user in the list of users with local and remote access permissions.
3.5 Access and Launch Permissions
In order for DeltaV OPC Server service to run, the DCOM access and launch permissions must
have been set on the server machine. This is set up automatically when DeltaV software is
installed. This can be verified by following these steps:
1. Go to Start | Run, type in dcomcnfg.exe and then press ENTER.
2. Select the entry FrsOpcDv from the applications list and select the Properties button.
3. Select the Security tab.
4. The Access permissions should include the accounts that need to connect to the DeltaV
OPC Server. The SYSTEM account is the only account with Launch permission. The
System account will also have Access permission.
The accounts that need to connect are the ones that will actually be running the client
application. If these are not Domain accounts then the user name and password must match on
both the server and client machines for Windows to recognize the users as the same account.
The user name must also be a DeltaV System user on the server machine (defined by running
DeltaV User Manager).
Note Once the server is running, launch permission setting is not used. The only
user that launches the server is SYSTEM. Any other client accessing the server
bypasses launch permissions and requires Access permission only.
The elected common OPCUSER does not need to be added to the DCOM object
properties. Running workstation configuration should revert all DeltaV-related
DCOM object properties to the recommended settings.
Additionally, the Identity tab, which tells COM how to launch the server, should be properly set
up. There are three options in this tab:
z Interactive User - Server is launched as user who is currently logged on the machine. If
nobody is logged on, launch fails.
z Launching User - Server is launched with account running the client application on the
other machine.
z This User - DCOM logs on the specific user in the background and starts server using
caller's token. This is the setting needed for the DeltaV OPC Data Server. This option
should be selected and DeltaVAdmin should be the user name.
4 Checking the User Accounts
1. Log into both machines to verify the above account name and password using the new
account.
2. On the DeltaV machine (ProfessionalPLUS or Application workstation), log into the system
and log into DeltaV as well.
Start | DeltaV | Engineering | Flexlock | Select the new account and login.
3. Use OPCWatchit on the DeltaV machine and verify that you can browse to a diagnostic
parameter and read the value:
Start | Run | OPCWatchit | click BrowsePath | browse to
Diagnostics/AppStationNodeName/FREMEM.CV
(where the AppStationNodeName is replaced by the name of the relevant DeltaV
computername)
If you get a value returned in the value box and a Get item succeeded: 0 in the status box,
then your OPC server is working.
If the browse does not work, try clicking on the TypePath button and enter the following:
AppStationNodeName/FREMEM.CV
1. Log on to XP on the remote OPC client machine using the new account created.
2. Attempt to browse to and read a parameter from the DeltaV application.
Note It may take a minute or so for the OPCWatchit to make the initial connection.
3. Click Start | Programs | FRS OPCRemote | OPCWatchit | Click BrowsePath |
4. Browse to Diagnostics/AppStationNodeName/FREMEM.CV
If value is returned in the value box and a Get item succeeded: 0 is displayed in the
status box, then your OPCWatchit has succeeded in connecting to the remote DeltaV
OPC server.
If the browse button does not work, try clicking on the TypePath button, then type in the
following:
AppStationNodeName/FREMEM.CV
Contact Information
Services are delivered through our global services network. To contact your Emerson local
service provider, click Contact Us. To contact the Global Service Center, click Technical Support.
Complete Article Revision History:
Revision/Publish Description of Revision
28 May 2013
Added procedures regarding creation of Local Account for Item 2.3 and
reiterated that there is no need to add any other user to the properties of the
FRSOPCDV DCOM object.
05 May 2010
Included information about DCOM changes needed for clients not using
CoInitializeSecurity and about setting up users starting with DeltaV v10.3
26 Aug 2005 Original release of article
Emerson Process Management 2012. All rights reserved. For Emerson Process Management trademarks and service
marks, click this link to see trademarks. All other marks are properties of their respective owners. The contents of this
publication are presented for informational purposes only, and while every effort has been made to ensure their accuracy,
they are not to be construed as warrantees or guarantees, express or implied, regarding the products or services
described herein or their use or applicability. All sales are governed by our terms and conditions, which are available on
request. We reserve the right to modify or improve the design or specification of such products at any time without notice.
View Emerson Products and
Services: Click This Link

AP-0500-0023 Connecting Remotely To DeltaV v7.2 and Later Through OPC

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

AP-0500-0023 Connecting Remotely To DeltaV v7.2 and Later Through OPC

Cargado por

Copyright:

Formatos disponibles

Knowledge Base Article

Connecting Remotely to DeltaV v7.2 and Later Through OPC

También podría gustarte