Scribd
Upload
14 views

It Cod Com Settings

DCOM

Uploaded by

Sneider Castañeda
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

It Cod Com Settings

DCOM

Uploaded by

Sneider Castañeda
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

European Laboratory for Particle Physics Laboratoire Europen pour la Physique des Particules CH-1211 Genve 23 - Suisse

OPC Support IT-CO recommended DCOM settings for OPC


Document Version: Document Issue: Document Date: Document Status: Document Author: 4.1 0 11 July 2008 Final Jean-Pierre Puget, Renaud BARILLERE, Mark Beharrell

Abstract
This document presents the DCOM settings recommended by IT-CO for the use of OPC servers at CERN on the NICE infrastructure. This recommendation is based on documents [1]& [2] internally published by the OPC foundation. The procedure described hereafter has been used to install several OPC servers for tests in laboratories and for production applications at CERN.

1 Pre-requisite
1. Operating Systems

These procedures have been developed for Windows XP SP2. 2. Privileges

In order to be able to set all the required DCOM properties one has to be logged with administrator privileges. 3. OPC servers installations

The OPC servers have been installed on the PC. Although servers can be installed by any users having administrator privileges, we recommend to install them being logged as the local administrator. 4. OPCEnum installation

With the OPC DA v2+ specifications, it has been recommended to use the OPCEnum application to let OPC clients browse the available OPC servers. This application is usually provided with the COTS

Final

page 1

OPC Support 2 Disclaimer

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

OPC servers, if not, the application is made available by the OPC foundation to all its members (CERN is one of them). It is assumed that OPCEnum has been installed. It is not required that it is installed as a service. We will assume here after it has been installed as a standard application. 5. User groups

If several users shall be granted access rights to a given OPC server, we recommend the creation of a group of users. As it is, a priori, not possible for local administrators to create group valid in the CERN domain, we suggest to create local groups. This would obviously imply to duplicate this group creation on all the PCs where the OPC Server will be installed. The creation of local groups requires (usually?) administrator privileges.

2 Disclaimer
We have tested these settings with ISEG,Wiener, CAEN, Matricon Simulator and Semantic Net OPC servers on a varity of PCs. Whilst we have found the settings to work in the majority of cases, there have been occasions when this has not been the case. If you should continue to have any problems with the running of an OPC client or server after following the steps outlined in this document - please contact [email protected] for further assistance.

page 2

Final

OPC Support 3 The firewall.

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

3 The firewall.
When setting up the OPC server/client we recommend that you initially switch the firewall off. After you have a working configuration you should restart the firewall and add to the exception list (1) the dcom port (2 & 3) by selecting the add port button (4)

Figure 1

Final

page 3

OPC Support 3 The firewall.

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

Then by using the Add Program button (5), add to the exception list each client (6) and server (7) running on the computer.

Figure 2

page 4

Final

OPC Support 4 OPC Server settings

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

4 OPC Server settings


OPC security is based on DCOM security, therefore the default security settings selected for the OPC servers and clients machine will affect all the DCOM compents on that machine. This document recommends settings that minimise changes to default DCOM settings thus reducing the chance of breaking some other component when configuring an OPC server. To assist us in this task we use the DCOM configuration tool: dcomcfng.exe, which is available in XP installations.

4.1 Specific OPC server settings


Here our goal is to have a restricted the number of users that have permission to access a specific OPC server. The example used in this document is the ISEG OPC server.

a. b.

Firstly we create a local group (i.e. ISEGOPCUSERS) that contains a list of all the users who are to be able to access the OPC server. Now we start dcomcnfg.exe (1) and select the OPC server we want to configure, from the list of DCOM entries (2).

Figure 3

Final

page 5

OPC Support 4 OPC Server settings

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

c.

We right click on our selected item (3) and select the properties item from the pull down menu that appears. In the window that appears select the General tab (4) and make sure the authernitcation level field (5) is set to Connect.

Figure 4

d.

Now we select the identity tab (6) and in the panel enter the user whos id the OPC is to run under (7) - note that it is essential that this user id has sufficient access writes to access the resources (i.e. Hardware) used by the OPC server.Apply the settings.

Figure 5

page 6

Final

OPC Support 4 OPC Server settings

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

e.

Now select the security tab (8), we customise the Launch and Activate permissions by adding all the opc user group we created eariler, to the list and giving all permissions to that group (9 - 13).

Figure 6

f.

We repeat this process with for the Access permissions (14-18)

Figure 7

Final

page 7

OPC Support 4 OPC Server settings

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

g.

Right click on My Computer and select Properties from the menu that appears (3). Select the Default properties tab (4) and ensure the fields are filled as shown below (5 & 6).

Figure 8

h.

Now selecting the COM security tab (7), edit the default settings for access permissions (8) by adding Anonymous Logon (9) and giving it all access permissions (10). Repeat steps 9 & 10 for edit limits (11).

Figure 9

page 8

Final

OPC Support 4 OPC Server settings

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

i.

Now edit the default settings for the launch and activation permissions (12) by adding Anonymous Logon (13) and giving it all permissions (14). Repeat steps 13 & 14 for edit limits (15).

Figure 10

At this point we have completed the configuration of the OPC server - you should close the dcomcnfg program and restart the OPC server so that the new settings can take effect.

Final

page 9

OPC Support 4 OPC Server settings

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

4.2 OPCEnum settings


OPCEnum is a COM component that allows a remote opc Client to browse the local machine to identify OPC servers that are installed on it.

Figure 11

We configure this as we would a specific OPC server, by following the steps a) - f) detailed above. The sole exception to this is insteps g) & f) where we add each local OPC user group (such as ISEGOPCUSRES in the above example) to the list of autherised users (thus allowing all OPC users to browse the local host for OPC servers).

page 10

Final

OPC Support 5 Settings for the Client side.

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

5 Settings for the Client side.


a. Start the dcomcnfg tool (1) and navigate to My Computer (2).

Figure 12

b.

Right click on My Computer and select Properties from the menu that appears (3). Select the Default properties tab (4) and ensure the fields are filled as shown below (5 & 6).

Figure 13

Final

page 11

OPC Support 5 Settings for the Client side.

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

c.

Now selecting the COM security tab (7), edit the default settings for access permissions (8) by adding Anonymous Logon (9) and giving it all access permissions (10). Repeat steps 9 & 10 for edit limits (11).

Figure 14

d.

Now edit the default settings for the launch and activation permissions (12) by adding Anonymous Logon (13) and giving it all permissions (14). Repeat steps 13 & 14 for edit limits (15).

Figure 15

Now stop the dcomcnfg tool and restart and OPC clients that are running.

page 12

Final

OPC Support 6 Reference

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

6 Reference
1 2 Demonstration Guidelines, 4th draft version, by the OPC foundation. http://www.igearonline.com/print/OPCXPSP2.pdf

This document has been prepared using the SDLT Single File Template that have been prepared by the IPT Group (Information, Process and Technology), IT Division, CERN (The European Laboratory for Particle Physics). For more information, go to http://framemaker.cern.ch/.

Final

page 13

OPC Support 6 Reference

IT-CO recommended DCOM settings for OPC Version/Issue: 3.1/0

page 14

Final

You might also like