Table of Contents | ||
---|---|---|
|
An OPC DA server is identified on a machine by its OPC Server ID. Both the NETx BMS Plattform Platform and the NETx MP Server report as
...
Typically, an OPC client application provides means for server discovery in the network and/or manual connection configuration.
The NETx Server is able to handle multiple OPC client connections at the same time in an independent way. Each connect or disconnect request of an OPC client is logged in the server log.
DCOM configuration
Note |
---|
Starting with June 8, 2021, Microsoft has hardened the security changes of DCOM. While these changes can be disabled in the Windows registry, they will become mandatory at March 14, 2023 – disabling it is not possible anymore. However, the products of NETxAutomation are not affected. Using this article, OPC DA communication via DCOM is still working. |
In case of an OPC DA connection through the network, make sure to configure DCOM accordingly.
...
Info |
---|
Configuring Windows DCOM can be complex and time consuming. In addition, OPC DA communication may not be possible at all if, for example, the OPC server and the OPC clients are not in the same LAN. Therefore, NETxAutomation Software GmbH provides a solution called NETx Tunneller. The NETx Tunneller is a software tool that tunnels the OPC communication through a VNET connection. VNET is a proprietary protocol provided by NETxAutomation Software GmbH. VNET is based on a TCP/IP connection and thus a time consuming Windows DCOM configuration is not necessary. More information about the NETx Tunneller can be found at the website of NETxAutomation Software GmbH (http://www.netxautomation.com ) /wiki/spaces/PLATFORM/pages/1533247489. |
This documentation shows the necessary configuration steps for setting up such a remote OPC DA 2.05a connection. The remote OPC client that shall connect to the NETx Server can be an OPC DA 2.05a client from any vendor. For the rest of this article, a remote OPC DA 2.05a client is simply referred to as OPC client.
Info |
---|
As OPC client, clients that support OPC DA 3.0 can be used too, since these clients are backward compatible to OPC DA 2.05a. |
...
Note |
---|
Please keep in mind that this documentation shall only act as an example of how an OPC connection can be established. It is not guaranteed that this documentation is complete and that the described configuration steps fulfill the safety and security requirements of the IT infrastructure where it is applied. Changes to configuration settings could result in insufficient safety and security. Therefore, any change has to be reviewed and approved by the local system/security administrator. |
...
Info |
---|
Depending on the operating system and on the used configuration, one or more DCOM-In rules can exist. If on one rules existexists, create two inbound rules to allow TCP port 135 and UDP port 135. |
Creating a rule for OPC
...
Enum
Note |
---|
These steps have to be performed at the OPC server side only. |
...
In the next step, select the executable file of the OPC enum Enum process . It is located at:
32 bit operating sytemsystem: C:\Windows\System32\OpcEnum.exe
64 bit operating sytemsystem: C:\Windows\SysWOW64\OpcEnum.exe
...
As next step, select the network profile(s) for with which the rule shall be active.
...
Finally, specify a name for the rule (e.g. “OPC enum”Enum”).
...
After having confirmed the last step, a new rule is created and activated immediately.
...
Note |
---|
The rule that is automatically added by the setup is activated for the network profiles “Private” and “Domain”only“Domain” only. If the connected network is defined as “Public”, the rules has to be changed accordingly. |
...
In order to allow OPC communication, the local security policy has to be changed. Open the configuration dialogue (“Control panel –> → System and Security –> → Administrative Tools –> → Local Security Policy”) and navigate to “Security Settings –> → Local Policies –> “Security → Security Options” and enable the option “Network access: Let Everyone permissions apply to anonymous users”.
...
To be able to establish an OPC connection between a NETx Server and an OPC client, the user management must be configured accordingly. In general, it is necessary that both PCs must have at least one common Windows user. This Windows user must use the same user name and password and it must have local administrator rights at both machines. The NETx Server process does not need to run under the common user. It can be run under the user “SYSTEM” (default for NETx Servers) or any user that has administrator rights. However, the OPC client itself must run under the common user – otherwise the OPC communication will not work. Depending on the used environment, the following configuration steps may be possible:
Both machines are member of the same Windows domain
Since both machines are member of the same Windows domain, they are using the same user database. This means any domain user can be used as common user. However, the common user must have local administrator rights at both machines. To add local administrator rights, open the Computer Management dialogue (“Control Panel –> → System and Security –> → Administrative Tools”) and select “Computer Management –> → System Tools –> → Local Users and Groups –> → Groups”. Double click “Administrators” and add the common user to the local administrator group.
...
Configure default DCOM settings
Configure DCOM settings of OPC enum Enum
Configure DCOM settings of NETx Server
...
First, the general DCOM settings have to be changed. Within the DCOM configuration dialogue, right click at “My Computer”, select “Properties”, and change to the tab “Default Properties”. Within this tab, ensure that the “Authentication Level” is set to “None”.
...
Afterwards, the changes have to be confirmed by pressing the “OK” button.
Configure DCOM settings of OPC
...
Enum
As next, the DCOM security settings of the OPC enum Enum process have to changed. Within the DCOM configuration dialogue, open the tree “DCOM Config” and locate the entry “OPCEnum”“OPC Enum”. Right click at the entry, select “Properties”, and change to the tab “General”. Within this tab, ensure that the “Authentication Level” is set to “None”.
...
The DCOM configuration of the OPC enum Enum process is finished now and the dialogue can be closed again.
Configure DCOM settings of NETx Server
NormallyUsually, changing the DCOM configuration for a NETx Server is not necessary since the DCOM setting are automatically created during the installation process of the NETx Server. However, if the OPC connection between the OPC client and the NETx Server is not working, it is recommended to verify whether the DCOM settings are correct.
The required DCOM configuration for a NETx Server is identical to the settings of the OPC enum Enum process. To verify them, open the tree “DCOM Config” within the DCOM settings dialogue and locate the entry “NETxBMSCoreServer40” for the NETx Server.
...
DCOM configuration at the OPC client side
The DCOM configuration of the OPC client side is easier than at the NETx Server side, since only the default DCOM settings have to be changed. The required default DCOM settings at the client side are identical to the settings at the NETx Server side. Therefore, open the DCOM configuration dialogue and apply the same settings as described above.
...