VTSPortal (Versatile Terminal Service Application Portal) April 23, 2017 CONFIDENTIAL Internal Use only

Human Machine Interfaces Peer-to-peer systems (Like CS 3000 HIS) Each HMI has to install software and is independent Thick Client (Like many competitor systems/PRM/Exaquantum) HMI server (data/graphics) Client PC required on software Web based systems (Like CS3000 Graphic Web) Web server (graphic and trend) Web client does not need additional software Thin Client (Like Remote Desktop and HIS TS) Client PC doesn’t require software Confidential

Remote Connectivity Overview Web Client Thin Client Windows XP Remote Desktop HIS TS Confidential

Remote Connectivity Overview Web Client Thin Client Windows XP Remote Desktop HIS TS Confidential

Web Monitoring Web Server HIS graphic/trend windows are converted into HTML files and Java Applets Graphic windows Trend windows Dial-up Internet Connection Ethernet HIS Control bus Plant monitoring on a business trip, at home, at maintenance office, etc. using Web browser FCS Confidential

CS 3000 Web Monitoring Package Supports CS 3000 graphics and trends. Viewed through Internet Explorer Use Exaopc or Exaopc for HIS to gather graphic data Web server processes data communication Graphics are for monitoring processes. Convert CS 3000 graphics and trends to Java Setting data on DCS not allowed Auto or manual data update. For fast or slow connections Data is updated by using the refresh on browser Auto refresh can be implemented Confidential

Remote Connectivity Overview Web Client Thin Client Windows XP Remote Desktop HIS TS Confidential

Remotely log into Windows XP XP Remote Desktop Remotely log into Windows XP Operate on remote machine just as if you were there locally While logged on remotely, local machine unavailable operation Desktop functions: Remote monitoring and operation Engineering (System View) Confidential

Remote Desktop Configuration Only one user at a time Remote Login Control bus Yokogawa provides simple remote operation by latest technology. Confidential

Remote Connectivity Overview Web Client Thin Client Windows XP Remote Desktop HIS TS Confidential

HIS TS Features HIS TS can operate in a general-purpose network environment without connecting to the control network. The client/server style enables to increase the number of monitoring screens at reasonable cost. Security and user friendliness have been improved by not only using Windows TSE but also by adding remote monitoring functions. Examples: Automatic log out, right-click menu, and different security settings for each user Confidential

HIS TS System Configuration Graphic Faceplate operation Trend view - Alarm monitoring Office LAN Firewall Port: 3389 Ethernet HIS HIS TS Control bus FCS Note that the HIS TS functions as an HIS with the same capacity as regular HISs. Confidential

Installation of some optional software is limited. HIS TS Specification Performance Determined from performance of LAN to which HIS TS clients are connected When LAN provides adequate performance, all screens of 8 clients User friendliness The operator keyboard cannot be connected. Internal beep provided. External tones are also available through a sound board. Messages cannot be printed. Installation of some optional software is limited. Only CS 3000 software Only one system view (builder function) can open Confidential

Remote Connectivity Review Web Monitoring Package Multiple users Simple viewing of CS 3000 graphics and trends Read-only access Windows XP Remote Desktop One user Remote monitoring and operation Engineering (System View) HIS TS Only One user Confidential

VTSPortal (Versatile Terminal Service Application Portal) Confidential

VTSPortal VTSPortal™ is the most complete solution available for providing secure, on-demand access to any production information resource – from anywhere, with any device, over any network. VTSPortal unifies the key access points, capabilities and technologies in a single solution that eliminates the disadvantages of using individual access products from different packages: fragmented management, performance degradation, security gaps, incomplete visibility, vendor support issues, training issues for the IT team, and sizeable custom-integration costs. Confidential

Continuing Digital Evolution VTSPortal Benefits Continuing Digital Evolution Uses only COTS (Commercial Off-the-Shelf) technologies Shortens time-to-market for product updates Keeps up with latest technologies Digital Independence for Reduced TCO Minimized dependence on client devices and network environment Reduces investment for mobile and remote system enhancements Legacy Friendly for Maximizing ROI Leveraging investment in Yokogawa software products Robust Technology Meeting requirements for reliability and security Confidential

What Is Different between VTSPortal and HIS TS? Security VTSPortal provides secured access for production system A VTSPortal client does not access directly the Terminal server (VTS Application server) , via the Web server on DMZ’s (Demilitarized Zone). Application Search function VTSPortal supports application search function The search engine web service used to find matching results from CS 3000 HIS/ENG applications. Multi-builder access VTSPortal provides a single HMI interface for all software (HIS, ENG, PRM and Solution Based Packages). Confidential

Satisfies the remote engineering market requirements. VTSPortal Overview Browser-based integration of Yokogawa’s legacy and web-enabled products. Satisfies the remote engineering market requirements. Allows multiple applications running on multiple servers. Can configure different logins to access different published applications Full CS 3000 desktop Multiple users can access builder CS 3000 panels such as maintenance display, tuning panels Software packages such as Exaplog, Exapilot, Exaquantum Confidential

VTSPortal Functions Provides a method to publish and restrict remote access to only CS 3000, PRM, EQ and SBP (Solution Based Package). Provides a method to access and run a published application via a Web browser interface. Applications can be selected or deselected for use Client-by-client basis Provides a Web browser search interface to locate and run published CS 3000 applications using specified search criteria (tag name and window name, etc) Confidential

VTSPortal Functions Published Applications Application Search Security Solution-based Packages Process Information Management Security Management Device Asset Management VTSPortal Confidential

Functional Overview Reference IIS Portal Site VTSPortal Client Explorer/ Internet Explorer RDP Client Terminal Service IIS Application Access TSE Application Application Application Search Portal Site Application Manager Application Database (1) The User selects a prepared application hyperlink in the portal site page for launching. The launch request is sent to the server side ASPX. (2) The server side ASPX retrieves the published RDP template file from the VTSPortal DB for the associated application. If the launch request is associated with a prepared MyApps entry, then the configured parameter settings for the MyApps instance are also retrieved. (3) The selected application’s parameter settings are substituted into the alternate shell setting found in the RDP template file. The now qualified target application command request is then encrypted and set as an argument in the alternate shell setting in the RDP template file. If the user has created a portal site cookie to maintain launch credentials for the Application Server, they are also retrieved and substituted into the User and Password fields in the RDP template. The prepared RDP template is downloaded to the Portal Client as a *.ets file. (4) The VTS Explorer consumes the *.ets file and checks if the requested application is supported by Session Sharing. If it is, it further checks to see if a licensed session is already active for the specified Application Server on the specified virtual channel. If no session is active, it passes the *.ets file to the RDP Client. (5) The RDP Client consumes the *.ets file and establishes a Terminal Services connection with the requested Application Server. Once the session is established, the VTSLauncher is automatically executed as the initial start program. The target application and its parameters are passed as an encrypted command line argument to VTSLauncher. (6) VTSLauncher decrypts the target application command line argument and retrieves the appropriate VTSPortal Client Access License (CAL) for the target application. The CAL is maintained as a keycode file on the Application Server. The CAL specifies the number of licensed concurrent instances of the target application on the Server. If the number of active instances of the application is below the licensed maximum, then the VTSLauncher executes the target application within the session. Otherwise an error is reported and the session is closed. (7) Terminal Services connects the executed target application to the RDP client and establishes the appropriate TS Virtual Channel. VTSPortal Web Server Search Service CS 3000 Database VTSPortal Application Server Confidential

VTSPortal System Architecture for Office LAN Deployment VTSPortal Client Wireless Fidelity Office Network (Ethernet) VTSPortal Web Server Firewall Plant Network (Ethernet) HIS VTSPortal Application Server with HIS TS Control bus FCS Confidential

VTSPortal System Architecture for Internet Deployment VTSPortal Client Firewall for Internet Wireless Fidelity Office Network VTSPortal Web Server Firewall Plant Network HIS VTSPortal Application Server with HIS TS Control bus FCS Confidential

VTSPortal System Architecture for Multi-Plant VTSPortal Client Internet Office DOMAIN 3 Office DOMAIN 2 Office DOMAIN 1 VTS Web VTS Web CCR CCR VTSAP HIS HIS HIS HIS HIS VTSAP Process Control Domain Process Control Domain Process Control Domain Process Control Domain HIS HIS HIS HIS HIS HIS HIS HIS HIS FCS FCS FCS FCS FCS FCS FCS FCS FCS Confidential

Application Launch Sequence Processing Reference VTSPortal Client 1 VTS Explorer 4 RDP Client 3 5 TS Virtual Channel IIS 7 6 VTS Launcher 2 Portal Site Application (1) The User selects a prepared application hyperlink in the portal site page for launching. The launch request is sent to the server side ASPX. (2) The server side ASPX retrieves the published RDP template file from the VTSPortal DB for the associated application. If the launch request is associated with a prepared MyApps entry, then the configured parameter settings for the MyApps instance are also retrieved. (3) The selected application’s parameter settings are substituted into the alternate shell setting found in the RDP template file. The now qualified target application command request is then encrypted and set as an argument in the alternate shell setting in the RDP template file. If the user has created a portal site cookie to maintain launch credentials for the Application Server, they are also retrieved and substituted into the User and Password fields in the RDP template. The prepared RDP template is downloaded to the Portal Client as a *.ets file. (4) The VTS Explorer consumes the *.ets file and checks if the requested application is supported by Session Sharing. If it is, it further checks to see if a licensed session is already active for the specified Application Server on the specified virtual channel. If no session is active, it passes the *.ets file to the RDP Client. (5) The RDP Client consumes the *.ets file and establishes a Terminal Services connection with the requested Application Server. Once the session is established, the VTSLauncher is automatically executed as the initial start program. The target application and its parameters are passed as an encrypted command line argument to VTSLauncher. (6) VTSLauncher decrypts the target application command line argument and retrieves the appropriate VTSPortal Client Access License (CAL) for the target application. The CAL is maintained as a keycode file on the Application Server. The CAL specifies the number of licensed concurrent instances of the target application on the Server. If the number of active instances of the application is below the licensed maximum, then the VTSLauncher executes the target application within the session. Otherwise an error is reported and the session is closed. (7) Terminal Services connects the executed target application to the RDP client and establishes the appropriate TS Virtual Channel. Terminal Service VTSPortal Database VTSPortal Web Server VTSPortal Application Server Confidential

VTSPortal Web Framework Integrated Plant Sites Confidential

My Application Page Launch Confidential

Multiple Applications Confidential

Application Search Feature Links to launch Apps Launch Issue reference search Save Apps for re-use App Search results

Advanced Application Search Reference Confidential

Roadmap of Portal Solution Portal Function Reference Phase 3 Application Collaboration Data Integration New Portal DIF DIF Viewer <Production Information Portal> 3rd Party HMI and data Integration Application collaboration Single Sign on Phase 2 VTSPortal Yokogawa Global Product Phase 1 VTSPortal <YOKOGAWA PAS Portal> Enhancement Search function for all Application HMI Aggregation Phase 0 ETSPortal <CS3000 Portal> Search function for CENTUM Personalize (favorite menu) HMI Aggregation Thin Client YCA Product Target Application CS3000,EQ PRM, SBP All Yokogawa PAS Product 3rd Party System Confidential

Enhance Real-time Information Visibility Reference HMI flexibly configured based on mission, task and work scope of each individual. Foundation of Decision Making Process Engineers Maintenance Engineers Operators Field Engineers Production Managers Integrated Real-time Views Solution Offerings Process Analysis Instruments Monitoring Process Monitoring Operation Guidance Performance Monitoring APC Process Model Normal/Abnormal Operation Knowledge Handling Archiver Functional Modules Inclination Analysis Abnormal Condition Analysis Operations Analysis Alarm Management Scheduler Data Information Floor (DIF) Plant Information Sources Plant database Files DCS/NCS Barcode Reader Maintenance Data PLC Confidential

User Security Confidential

User Security – Portal Web Access to the VTSPortal Site is controlled by Windows User Group membership. User is authenticated into the Portal Site using standard Windows User account. The authenticated User must also be an assigned member of one of the following User Groups on the Web server: VTSPortalGuest VTSPortalUser VTSPortalAdmin If not, connection to the Portal Site is refused. Confidential

User Security – Portal Web Membership to Portal User Groups defines portal site privileges. VTSPortalGuest members of this Group are granted access to the portal but are not able to maintain a personal My Apps view. The only My Apps entries that they can utilize are those created for them by a Portal Administrator. VTSPortalUser members of this Group are granted access to the portal and have permissions to edit and construct their personal My Apps view. VTSPortalAdmin members of this Group are granted access to the portal with full access rights. In addition to constructing their personal My Apps view, they can define and edit My Apps entries to be contained on all users’ My Apps view. Confidential

User Security – Application Access Access to published applications is dictated by User Group membership. An Application Server’s installed and licensed applications are published to the Portal database. User Groups on the Portal Web server are selectively assigned to each published application. The Portal User is only able to access those published applications that are further assigned to User Groups of which he/she is a member. Application access filters are applied in My Apps View (even My Apps entries created for “all” users) Applications, Products, and Categories Views Apps Search results Confidential

User Security – Application Launch During Application Launch, the user must be authenticated into the Application server. Pass-thru (automatic) login can be enabled by setting up launch credentials for the Application servers. A Portal User’s launch credentials are maintained within a portal site cookie. Therefore, they are valid for a specific User/Client PC combination. If launch credentials exist, then the Portal User will not be required to re-enter a User name and password during Application Launch. Confidential

User Security – HIS TS Reference During launch of a HIS TS panel application, the User will be required to login via the User In dialog (e.g. ONUSER, ENGUSER, etc.). Alternate User Group mapping is provided to restrict User’s privileges during remote access. Create an alternate User Group definition for remote access (e.g. DEFGRP_) and set desired privileges. When a User logs in via local session, their primary User Group settings will be used (DEFGRP). When a User logs in via remote session, their alternate User Group settings will be used (_DEFGRP). Confidential

Competitor Information Confidential

Competitor’s Portal Competitors have provided remote access or product information portal solution. Emerson Process Management Delta-V Remote Client Honeywell Workcenter PKS Matrikon ProcessNet ICONICS PortalWorx OSIsoft RtPM (RtPortal) Intellusion iClientTS Wonderware SuiteVoyager Confidential

VTSPortal Position Local HMI Remote HMI VTSPortal Exa Series Exa TS Honeywell Workcenter OSISoft RtPM Wonderware SuiteVoyager Data Integration HMI Aggregation ICONICS PortalWorX Matrikon ProcessNet Portal VTSPortal YOKOGAWA IA Products HMI Aggregation Other Vender’s Products HMI Intellusion iClientTS EPM Delta-V Remote Client Exa Series Exa TS Non Portal PRM PRM TS CS3000 Web Monitoring HIS HIS TSE Exaquantum Web Local HMI Remote HMI Confidential

Schedule and Ordering Information Confidential

VTSPortal Release Schedule Sales release On July 15, 2005 Order acceptance Begins on July 15, 2005 Start of shipment On End of November, 2005 Confidential

Schedule for Sales Promotional Documents GS: July 18, 2005 PS: July 15, 2005 IM: Issued on shipment of the new product Confidential

VTSPortal Software License Providing VTSPortal function utilizing Windows TSE (Terminal Server Edition) Optional packages LPC7800 (VTSPortal Basic Pack) Standard edition with 10 clients LPC7801 (VTSPortal Multiple Client Access Builder License) Software media LPCAM80 (Software Media for VTSPortal) Electronic IM is included in this media No need for the license of electronic IM Platform Windows 2003 Server with Terminal Server LPC7800 doesn’t include CS 3000 software, such as LHS1150 (Server for Remote Operation and Monitoring Function). Confidential

HIS TS Package Reference Providing remote HIS function utilizing Windows TSE (Terminal Server Edition) Name: HIS TS (Terminal Service) Optional package* LHS1150 (Server for Remote Operation and Monitoring Function) standard edition with 4 clients extended edition with 8 clients Platform Windows 2003 Server with Terminal Server * In addition to LHS1150, the HIS Standard Operation and Monitoring (LHS1100) is required for operation and monitoring, and the standard builder function (LHS5100) and graphic builder (LHS5150) for engineering. Confidential

GOOD SELLING! Confidential