350 likes | 476 Views
HMI-30 Real-Time Data Tunneling over LAN, WAN and Internet (Without DCOM). Petr Balda, Rudolf Griessl, Michael Hiefner Mike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek Zadak. What is the Issue?.
E N D
HMI-30Real-Time Data Tunneling over LAN, WAN and Internet(Without DCOM) Petr Balda, Rudolf Griessl, Michael Hiefner Mike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek Zadak
What is the Issue? • Customers want to network OPC clients and servers running on different platforms, in different domains, and on completely separate networks…
HMI-30 Agenda • OPC Tunneling – What is the Issue and Why? • Dan Muller, , Product Development Dir. • The Real DCOM Issue… • DataWorX32 OPC Tunneling – The Solution! • DataWorX32 OPC Tunneling – Demonstration! • The Quiz…
In the Beginning Life Was Easy Graphics Alarming Trending
…And we grew… Then someone else wanted to see… Graphics Alarming Trending Graphics Alarming Trending
…And grew… Then everyone wanted to see… Graphics Alarming Trending Graphics Alarming Trending
…And the Network Expanded People in Remote facilities wanted to see… Graphics Alarming Trending Other Business Systems
…And Expanded… Graphics Alarming Trending The DCOM Nightmare… Read Only Access OPC/IO Server(s) Read & Write Access Other Business Systems
The Real DCOM Issue Presented by Dan Muller Product Development Director Cyberlogic
Why is DCOM an Issue? • DCOM and related security issues can prevent OPC communication from working. • Latency of DCOM error reporting is unacceptable for real-time systems.
Dealing with DCOM “Can’t I just set up the security settings within Windows?” • Yes – in theory. • This can be done for small, simple systems. • For complex systems, this can be a nightmare to administer.
The DCOM Problem… • Accessing across domains and workgroups: domains must trust each other. • Some users may not have the privileges needed. • Requirements specific to different operating systems.
The DCOM Problem… • Firewalls. • System-wide DCOM settings. • Callbacks. • Access, launch and activation permissions.
The DCOM Problem… • Additional settings required for OPC servers. • Hard-coded security settings.
The DCOM Problem… • Coordinating with multiple IT administrators at different locations. • Maintenance as users, networks and systems change.
The DCOM Problem… • The latency of DCOM error reporting.
The DCOM Solution… • OPC Unified Architecture (UA) should/will eliminate this problem in the future. • A tunneler product solves this problem today, by eliminating DCOM completely.
Why ICONICS? • Only a handful of companies make tunneling products. • One company in Germany and another in Canada offer tunneler products that work with OPC DA only. • One company in Tunisia offers one product for OPC DA and one product for OPC A&E. • ICONICS DataWorX Tunneler product supports OPC DA, A&E and HDA.
ICONICS DataWorX Tunneler… • Let’s listen to ICONICS’s tunneling product capability with a demonstration, using a Cyberlogic OPC Server.
DataWorX V9 – The Solution -Lite Version V9 -Tunneler Kit (pair) -Standard V9 -Professional V9 -Redundancy (pair)
So, Why is DCOM an Issue? • Complexity to Configure DCOM • DCOM is Not Real-Time • DCOM can take up to 6 minutes to detect and notify when a connection failure has occurred • DCOM is Not Firewall Friendly • Firewall pass through requires many open ports • Major Security Issue
DataWorX32 - OPC Tunneling • Bridges any OPC Server to any OPC Client • Firewall and Internet friendly • Supports Tunneling of • OPC DA • OPC AE • OPC HDA • Alternative to conventional MS DCOM communications
OPC Tunneling Architecture • Based on ICONICS’ patented GenBroker™ communication – versus DCOM • Graphical user interface provides centralized management of all remote connections
OPC Tunneling Key Features • Supports latest OPC Industry Standards • OPC Data Access 3.0 • OPC Alarm and Events 1.1 • OPC Historical Data Access 1.2 • Auto-discovery of remote OPC DA, A/E and HDA Servers • Simple to set up and configure • Supports OPC browser interfaces over LANs, WANs, and the Internet • Supports TCP/IP and SOAP/XML communication protocols
OPC Tunneling Security • Most Competitors Have None! • Tunneling Client sends credentials to Server side of Tunnel • Server Side • Obtains authentication • Uses “impersonation” to create the server under the specified user account • Each Tunneling connection can have it’s own credentials
OPC Tunneling Security • If the specified User does not have access rights to the destination OPC Server, then the OPC Tunnel creation fails and an “Access Denied” is reported • The access is controlled by the DCOM Configurator at the remote location. (DCOM in Server, not across the Network)
DataWorX32 - OPC Tunneling DEMONSTRATION!!!
The Internet ICONICS WWCS Company Architecture Boston, MA Prague, Czech Wireless Routers Switches OPC Servers OPC Servers Foxboro, MA
4 Simple Steps to Create a Tunnel Click on OPC Tunnel icon Browse to DA, AE or HDA server Open Right click, select ‘Make OPC Tunnel’ That’s It !
DataWorX32 - OPC Tunneling • Bridges any OPC Server to any OPC Client • Firewall and Internet friendly • Supports Tunneling of • OPC DA • OPC AE • OPC HDA • Alternative to conventional MS DCOM communications
DataWorX32 - Resources • DataWorX32 OPC Tunneling.pdf • DataWorX32_Prod_Bulletin.pdf
HMI-30Real-Time Data Tunneling over LAN, WAN and Internet(Without DCOM) The QUIZ!!!
HMI-30Real-Time Data Tunneling over LAN, WAN and Internet(Without DCOM)Thank You!!! Petr Balda, Rudolf Griessl, Michael Hiefner Mike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek Zadak