Configuring OPC connectivity

The usage of OPC communication between OPC client and server requires that Distributed COM (DCOM) has been configured accordingly in the Windows operating systems.

The following figure describes all the different locations, where OPC connectivity can be reached via OPC client and server software with the SYS 600.

A071132

Fig. 3.11.-1 OPC Summary

3.11.1. DCOM settings

During the SYS 600 installation, the DCOM settings for the usage of OPC communication has been configured automatically into the target computer.

The role of DCOM settings is to make distributed applications secure by using the extensible security framework provided by Windows operating systems. This is possible via storing the access control lists for detailed components into registry of target computer. It is possible to see the DCOM settings by using the DCOM configuration tool (Start > Run > DCOMCNFG). The following chapters describe the detailed steps required for the DCOM settings.

3.11.1.1. Enabling of Distributed COM

Default DCOM settings for client and server applications can be adjusted by following the instructions given below:

1. Click Start > Settings Control Panel > Administrative Tools.

2. Select Component Services. Expand the Component Services > Computers container.

3. Right-click My Computer, and then click Properties.

4. Select Default Properties tab, and set Distributed COM enabled on this computer.

5. Set the Default Authentication Level as Connect and Default Impersonation Level as Identify.

When you set the authentication level to Connect, verify the following:

* the user logged in to the OPC client computer is logged in as a domain user and not a local user.

* the OPC server computer actually belongs to the domain. If it's a standalone computer, it cannot authenticate the users unless you have a matching user name/

password on both the OPC client and OPC server computer.

3.11.1.2. Defining access permissions

When the OPC client tries to access the OPC server, the COM security permissions defined by the Windows operating system will be applied.

These permissions are defined in the COM Security tab of My Computer Properties (as mentioned in Chapter 3.11.1.1. Enabling of Distributed COM).

1. Select COM Security tab > Access Permissions > Edit Limits.

2. Allow both local and remote access permissions to Anonymous Logon, Everyone, Interactive, Network and System groups > OK.

3. Click Access Permissions > Edit Default.

4. Allow both local and remote access permissions to Anonymous Logon, Everyone, Interactive, Network and System groups > OK.

3.11.1.3. Defining launch and activation permissions

When OPC client performs launch and activation towards the OPC Server, for example, automatic DCOM server start-up, then the COM security permissions defined by the Windows operating system will be applied. These permissions are defined in the COM Security tab of My Computer Properties (steps mentioned in Chapter 3.11.1.1. Enabling of Distributed COM).

1. Select COM Security > Launch and Activation Permissions > Edit Limits.

2. Allow both local and remote access permissions to Anonymous Logon, Everyone, Interactive, Network and System groups. Click OK.

3. Click Launch and Activation Permissions > Edit Default.

4. Allow both local and remote access permissions to Anonymous Logon, Everyone, Interactive, Network and System groups. Click OK.

3.11.1.4. Defining DCOM settings for OPC server

Each OPC server has its own DCOM settings for controlling access to this particular server.

1. Click Start > Settings Control Panel > Administrative Tools.

2. Click Component Services. Expand the Component Services > Computers >

My Computer container.

3. Select the DCOM Config, and then browse to your OPC Server, right-click on it, and select Properties.

4. Select General tab, set the Authentication Level to Connect.

5. Select Security tab > set Customize > Launch and Activation Permissions >

Edit.

6. Allow both local and remote launch and activation permissions to Everyone, Interactive, Network and System groups > OK.

7. Set Customize option > Access Permissions > Edit.

8. Allow both local and remote launch and activation permissions to Everyone, Interactive, Network and System groups > OK.

9. Select Identity tab. Verify that the user information has been defined correctly. If not, choose the MicroSCADA user and enter its password > OK.

3.11.1.5. Defining DCOM settings for OPC Server Enumerator

OPC Server Enumerator (OpcEnum) is a server application used by OPC clients to remotely find OPC servers on a computer. This requires proper DCOM

configuration for OpcEnum.

1. Select the OpcEnum from the list of DCOM Config, right-click on it, and select Properties.

If OpcEnum is not found from the DCOM Config list, it means that the component has not been installed. If there is need to install this component, the appropriate installation file can be found from the following location after SYS 600 installation: \sc\Setup

\OPC_Core_Components. Copy this file to the target OPC client computer, and double-click the Windows Installer Package file.

2. Select the General tab, set the Authentication Level to Connect.

3. Select the Security tab > set Customize option > Launch and Activation Permissions > Edit.

4. Allow both local and remote launch and activation permissions to Everyone, Interactive, Network and System groups > OK.

5. Set Customize option > click Access Permissions > Edit.

6. Allow both local and remote launch and activation permissions to Everyone, Interactive, Network and System groups > OK.

7. Select Identity tab, verify that OpcEnum is either run by the launching user or the system account > OK. The DCOM settings on the target machine are now correct.

3.11.2. Local Security Policy settings

The following steps may need to be taken in order to establish OPC communication:

These changes may compromise the security of your system. If this happens, contact your network administrator.

1. Select Start > Settings > Control Panel > Administrative Tools > Local Security Policy.

2. Expand the Security Settings > Local Policies > Security Options container.

3. Select Network access: Let Everyone permissions apply to anonymous users.

Right-click on it, and select Properties.

4. Select Enabled > OK.

5. Select Network access: Sharing and security model for local accounts. Right-click on it, and select Properties.

6. Select Classic - local users authenticate as themselves > OK.