Presentation is loading. Please wait.

Presentation is loading. Please wait.

Petr Balda, Rudolf Griessl, Michael Hiefner

Published byNorman Simpson Modified over 6 years ago

Similar presentations

Presentation on theme: "Petr Balda, Rudolf Griessl, Michael Hiefner"— Presentation transcript:

1 HMI-30 Real-Time Data Tunneling over LAN, WAN and Internet (Without DCOM)
Petr Balda, Rudolf Griessl, Michael Hiefner Mike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek Zadak

2 What is the Issue? Customers want to network OPC clients and servers running on different platforms, in different domains, and on completely separate networks…

3 HMI-30 Agenda OPC Tunneling – What is the Issue and Why?
Dan Muller, , Product Development Dir. The Real DCOM Issue… DataWorX32 OPC Tunneling – The Solution! DataWorX32 OPC Tunneling – Demonstration! The Quiz…

4 In the Beginning Graphics Alarming Trending Life Was Easy

5 Then someone else wanted to see…
…And we grew… Graphics Alarming Trending Graphics Alarming Trending Then someone else wanted to see…

6 Then everyone wanted to see…
…And grew… Graphics Alarming Trending Graphics Alarming Trending Then everyone wanted to see…

7 …And the Network Expanded
Graphics Alarming Trending Other Business Systems People in Remote facilities wanted to see…

8 The DCOM Nightmare… …And Expanded… Graphics Read Only Access Alarming
Trending Read Only Access OPC/IO Server(s) Read & Write Access Other Business Systems The DCOM Nightmare…

9 The Real DCOM Issue Presented by Dan Muller
Product Development Director Cyberlogic

10 Why is DCOM an Issue? DCOM and related security issues can prevent OPC communication from working. Latency of DCOM error reporting is unacceptable for real-time systems. Why is DCOM an Issue? DCOM related security issues can prevent OPC communication from working. Latency of DCOM error reporting is unacceptable for real-time systems. [May takes up to 6 minutes to find out if the network is down.]

11 “Can’t I just set up the security settings within Windows?”
Dealing with DCOM “Can’t I just set up the security settings within Windows?” Yes – in theory. This can be done for small, simple systems. For complex systems, this can be a nightmare to administer. Can’t I just set up the security settings within Windows? Yes – in theory [You can handle this with existing network security tools—in theory.] This can be done for small, simple systems. [What is technically possible is not always practically feasible.] For complex systems, this can be a nightmare to administer [For systems with many computers that have different operating systems, or that cross workgroups, domains or even networks, and with users and groups with different privileges, this can be a nightmare to administer.]

12 The DCOM Problem… Accessing across domains and workgroups: domains must trust each other. Some users may not have the privileges needed. Requirements specific to different operating systems. The DCOM Problem… Accessing across domains and workgroups: domains must trust each other. [Access across domains and workgroups: domains must trust each other and workgroups require duplicate user accounts.] Some users may not have the privileges needed. [Some users, such as guests, may not have the privileges needed to run the needed software, so you may have to use Run As..., making the password public. You will then want to create a dummy account.] Requirements specific to different operating systems. [There are requirements specific to different operating systems: Windows 2000 must be at SP3, Windows XP needs a specific setting for its network access local security setting (it defaults to the wrong setting, so chances are it will have to be changed)]

13 The DCOM Problem… Firewalls. System-wide DCOM settings. Callbacks.
Access, launch and activation permissions. The DCOM Problem… Firewalls. [The Windows firewall will stop the messages from getting through until you specify certain exceptions and open the required ports.] System-wide DCOM settings. [Numerous settings are required in the system-wide DCOM configuration. Some of these are set to the minimum security level.] Callbacks. [If you are using callbacks—and virtually everyone does—you must set some of the server and client system security settings to “None”, or the callbacks will fail.] Access, launch and activation permissions. [You must set up the proper level of access, launch and activation permissions for all users and groups and keep these up-to-date.]

14 The DCOM Problem… Additional settings required for OPC servers.
Hard-coded security settings. The DCOM Problem… Additional settings required for OPC servers. [There are additional settings required for systems running OPC servers.] Hard-coded security settings. [Some applications hard-code some of the security settings by calling CoInitializeSecurity. Because the server and client settings must match, there may be conflicts that are difficult to resolve. You might not even realize that the application is overriding the security configuration you set up.]

15 The DCOM Problem… Coordinating with multiple IT administrators at different locations. Maintenance as users, networks and systems change. The DCOM Problem… Coordinating with multiple IT administrators at different locations. [Remember that all of these settings must be made across the various systems and networks involved. This may mean coordinating with multiple IT administrators at different locations.] Maintenance as users, networks and systems change. [And, once you get everything working, you must be sure to maintain it all as users, networks and systems change.]

16 The DCOM Problem… The latency of DCOM error reporting.
[Even if you get everything configured correctly, DCOM still has the unfortunate property that, if you lose communication, it may take up to six minutes before you will know it.]

17 The DCOM Solution… OPC Unified Architecture (UA) should/will eliminate this problem in the future. A tunneler product solves this problem today, by eliminating DCOM completely. The DCOM Solution… OPC Unified Architecture (UA) will eliminate this problem in the future. [The OPC UA specification has been released quite recently and it will be sometime before UA compliant products appear. Further, even as UA compliant products are released, the issue will not immediately disappear until all components required in a system are UA compliant.] A tunneler product solves this problem today, by eliminating DCOM completely. So, for now—and for the legacy systems that will be with you for years to come—a tunneler can get around much of this nightmare.

18 Why ICONICS? Only a handful of companies make tunneling products.
One company in Germany and another in Canada offer tunneler products that work with OPC DA only. One company in Tunisia offers one product for OPC DA and one product for OPC A&E. ICONICS DataWorX Tunneler product supports OPC DA, A&E and HDA. A handful of companies make tunneling products. One company in Germany and another in Canada offer tunneler products that work with OPC DA only. One company in Tunisia offers both OPC DA and A&E support. ICONICS tunneler product supports OPC DA, A&E and HDA.

19 ICONICS DataWorX Tunneler…
Let’s listen to ICONICS’s tunneling product capability with a demonstration, using a Cyberlogic OPC Server.

20 DataWorX V9 – The Solution
-Lite Version V9 -Tunneler Kit (pair) -Standard V9 -Professional V9 -Redundancy (pair)

21 DataWorX V9 – The Solution

22 So, Why is DCOM an Issue? Complexity to Configure DCOM
DCOM is Not Real-Time DCOM can take up to 6 minutes to detect and notify when a connection failure has occurred DCOM is Not Firewall Friendly Firewall pass through requires many open ports Major Security Issue

23 DataWorX32 - OPC Tunneling
Bridges any OPC Server to any OPC Client Firewall and Internet friendly Supports Tunneling of OPC DA OPC AE OPC HDA Alternative to conventional MS DCOM communications

24 OPC Tunneling Architecture
Based on ICONICS’ patented GenBroker™ communication – versus DCOM Graphical user interface provides centralized management of all remote connections

25 OPC Tunneling Architecture

26 OPC Tunneling Key Features
Supports latest OPC Industry Standards OPC Data Access 3.0 OPC Alarm and Events 1.1 OPC Historical Data Access 1.2 Auto-discovery of remote OPC DA, A/E and HDA Servers Simple to set up and configure Supports OPC browser interfaces over LANs, WANs, and the Internet Supports TCP/IP and SOAP/XML communication protocols

27 OPC Tunneling Security
Most Competitors Have None! Tunneling Client sends credentials to Server side of Tunnel Server Side Obtains authentication Uses “impersonation” to create the server under the specified user account Each Tunneling connection can have it’s own credentials

28 OPC Tunneling Security
If the specified User does not have access rights to the destination OPC Server, then the OPC Tunnel creation fails and an “Access Denied” is reported The access is controlled by the DCOM Configurator at the remote location. (DCOM in Server, not across the Network)

29 DataWorX32 - OPC Tunneling
DEMONSTRATION!!!

30 ICONICS WWCS Company Architecture
Boston, MA Prague, Czech Wireless Routers The Internet Switches OPC Servers OPC Servers Foxboro, MA

31 4 Simple Steps to Create a Tunnel
Click on OPC Tunnel icon Open Browse to DA, AE or HDA server Right click, select ‘Make OPC Tunnel’ That’s It !

32 DataWorX32 - OPC Tunneling
Bridges any OPC Server to any OPC Client Firewall and Internet friendly Supports Tunneling of OPC DA OPC AE OPC HDA Alternative to conventional MS DCOM communications

33 DataWorX32 - Resources DataWorX32 OPC Tunneling.pdf
DataWorX32_Prod_Bulletin.pdf

34 HMI-30 Real-Time Data Tunneling over LAN, WAN and Internet (Without DCOM) The QUIZ!!!

35 HMI-30 Real-Time Data Tunneling over LAN, WAN and Internet (Without DCOM) Thank You!!!
Petr Balda, Rudolf Griessl, Michael Hiefner Mike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek Zadak

Download ppt "Petr Balda, Rudolf Griessl, Michael Hiefner"

Similar presentations

Lecture 10 Sharing Resources. Basics of File Sharing The core component of any server is its ability to share files. In fact, the Server service in all.

Lecture 10 Sharing Resources. Basics of File Sharing The core component of any server is its ability to share files. In fact, the Server service in all.
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Expanding your Data Redundancy Options Presenters: Renee Sikes, Product Support Engineer Win Worrall, Product Support Engineer and Developer  OPC DataHub.

Expanding your Data Redundancy Options Presenters: Renee Sikes, Product Support Engineer Win Worrall, Product Support Engineer and Developer  OPC DataHub.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
OPC DA Tunnelling Presenters: Colin Winchester, VP Operations Win Worrall, Application Engineer  OPC DA Tunnelling  PC to PC without DCOM  Encryption.

OPC DA Tunnelling Presenters: Colin Winchester, VP Operations Win Worrall, Application Engineer  OPC DA Tunnelling  PC to PC without DCOM  Encryption.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Vision/Benefits/Introduction Randy Armstrong (OPC Foundation)

Vision/Benefits/Introduction Randy Armstrong (OPC Foundation)
Configuring Routing and Remote Access(RRAS) and Wireless Networking

Configuring Routing and Remote Access(RRAS) and Wireless Networking
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Chapter 7: Using Windows Servers to Share Information.

Chapter 7: Using Windows Servers to Share Information.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.

Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.
Enforcing Concurrent Logon Policies with UserLock.

Enforcing Concurrent Logon Policies with UserLock.
Chapter 9: Novell NetWare

Chapter 9: Novell NetWare
Common Devices Used In Computer Networks

Common Devices Used In Computer Networks
OPC.NET 3.0 Technical Overview. OPC.NET 3.0 or Xi OPC Xi was renamed to OPC.NET 3.0 to better reflect its purpose – to provide a.NET interface for OPC.

OPC.NET 3.0 Technical Overview. OPC.NET 3.0 or Xi OPC Xi was renamed to OPC.NET 3.0 to better reflect its purpose – to provide a.NET interface for OPC.
An Introduction to IBM Systems Director

An Introduction to IBM Systems Director

Similar presentations

Ads by Google