Use through DCOM - OPC Server

8.2.1 Introduction to DCOM

What is DCOM?

COM objects, such as the OPC server, do not necessarily have to be on the same machine as the client. With DCOM (distributed COM), a client can create and use COM objects both on their own system and on other machines. This enables the components of an application to be distributed across the network.

The COM library

A client does not address an object directly to start it or to use it, but goes through the COM library. The latter forms part of the operating system. The COM library manages the data in the register database for all known COM objects in the system.

Transparency

For the client, use of a COM object through DCOM or through the COM mechanisms locally is completely transparent. The operating system, through the COM library, manages the object and determines where it must be instanced according to the configuration associated with the object.

8.2.2 Installation

When implementing the OPC solution in DCOM, you will be undertake the following operations: Establishment of a "server station" (under Windows NT4, Windows 2000 or Windows XP) containing the OPC server and able to be accessed either from a local OPC client (running on the machine), or from a remote OPC client (running on another machine)

Establishment of a "client station" (under Windows NT4, Windows 2000 or Windows XP) interrogating a remote station.

Establishing a "server station"

The OPC server is installed by checking the corresponding option during the installation program. After installation, the OPC server can be accessed from any OPC client running on the local machine. To be sure that this is so, try to connect to the OPC server from the OPC client utility.

Establishing a "client station"

The package of the "OPC server" includes a file PfbOpcServer.reg allowing the server to be registered in the client station in the registers database, thus allowing it to be configured in the utility

dcomcnfg.

To register the OPC server, include the file PfbOpcServer.reg in the register database by double-clicking the file.

Woodhead

8.2.3 Configuring DCOM

The "DCOMCNFG" program

Before a client is able to use a COM object on another machine, the properties of the COM object must be configured in the client machine and in the remote machine. DCOM and the COM objects used are configured using the program supplied with the system, dcomcnfg. After starting the program, for example by entering the command dcomcnfg in the dialogue box of the menu Start>

Execute), four tabs are available for the DCOM configuration.

Specific features for Windows XP

Under Windows XP, the utility dcomcnfg has the following form:

To obtain the box for configuring the general properties, select node ‘My Computer’ in the tree under \Console Root\Component Services\Computers\, and then choose the option Properties in the contextual menu or in the menu Action. The properties box is then similar to that of dcomcnfg under Windows 2000 or NT4 and it contains tabs ‘Default Properties’ and ‘Default COM

Security’. Configuring these parameters is then identical to that described below.

Note

If you reduce the security parameters it will always be necessary to restart the system before they are taken into account.

Woodhead

Warning

The screen copies were made under Windows 2000; under N4 they may be slightly different.

Under Windows XP, the DCOM configuration utility dcomcnfg is slightly different from the one present on a Windows 2000 or NT4 station. These differences will be described in detail if they could pose difficulties in finding the parameters to be configured.

Only the tabs requiring modifications are described.

The parameters specified in this documentation guarantee simply that the DCOM protocol will start. However, most of the security

parameters of Windows NT have been reduced. To satisfy a higher security level, you must comply strictly with parameter settings in agreement with DCOM principles. For more information, refer to article number Q176799, Q158508 and Q169321 in the "Microsoft Knowledge Base".

Woodhead

8.2.3.1 Configuring the DCOM general properties in the server machine and the client machine

"Default properties" tab

The Default properties tab enables the basic DCOM properties to be specified.

To use DCOM with the OPC server:

check Activate Distributed COM (DCOM) on this computer set the parameters to:

Type of network controller Authentication level Identity borrowing level

Workgroup (no domain server available for the authentication)

None Anonymous Domain server Connection Identifier

Woodhead

"Default security" tab

Warning

Do not use this tab. The permissions of the OPC server will be set individually later.

The Default security tab enables the permissions for DCOM operations to be specified. These parameters certify that only clients with the necessary permissions will be able to use the server.

The following default permissions can be set to use DCOM. These permissions can also be set individually for each object and these default properties will then be ignored.

Type of permissions Information

Access permissions The Default access permissions enable it to be specified for all COM objects which user accounts will be able to access the object; in other words, to call its methods.

Execution permissions The Default execution permissions enable it to be specified for all COM objects which user accounts will be able to create a new instance of the object.

Configuration permissions

The Default configuration permissions enable it to be specified for all COM objects which user accounts will be able to modify the register database information.

Woodhead

Specific features for Windows XP

Under the node ‘My Computer’, expand the node ‘DCOM Config’ to obtain all the COM objects available from the machine:

Then select the OPC server Woodhead OPCPfbServer and select the option Properties in the menu Action to start configuring the specific parameters of the OPC server.

The same dialogue box containing the same tabs as under Windows 2000 is then found. Then undertake the same configuration for OpcEnum.

Woodhead

"Applications" tab

The Applications tab displays all the COM objects available from the machine.

Select the OPC server Woodhead.OPCPfbServer and click the button Properties… to start configuring the specific parameters of the OPC server.

Woodhead

8.2.3.2 Configuring 'applicom OPC Server' on the server machine "General" tab

In the General tab you can change the level of authentication of an object.

For the OPC server, leave this property at default

Woodhead

"Location" tab

The Location tab is used to specify the machine in which the server has started.

Woodhead

"Identity" tab

The parameters of the Identity tab specify which accounts will be used to check the user's permissions in relation to this object.

There are several possibilities:

Type Action

The interactive user This choice is the one recommended by default for the OPC server. The account of the user having opened the current session is used. If, however, no user is logged on the machine there is no interactive user and the COM object cannot be created. In this case, select This user.

The launching user The account of the user having initiated the OPC client is used. This user must then have the required permissions, and thus be included in the Security tab. This mode generally causes a server instance to be initiated for each executing user. This option must not be used with the OPC server.

This user The account of the indicated user is used. This user must then have the required permissions, and thus be included in the Security tab. The user must have the default permissions assigned to the Users of the machine group; in other words, must belong to the Users group. This choice must be used for servers where no user is logged.

Woodhead

"Security" tab

You can specify the access permissions for the OPC server from the Security tab. For the three security aspects used by DCOM you can either:

user the default permissions

In this case, the account configured in the Identity tab must have the requisite permissions in the Default security tab (default access permissions, default execution permissions).

use customised permissions for the selected object

If you want one particular user not to be able to access all the available COM objects, you must use customised permissions.

To work with the OPC server, only the access permissions and the execution permissions need to be configured:

Woodhead

Choose Use customised access permissions Press Modify and set the following permissions:

Then choose Use customised execution permissions Press Modify and set the following permissions:

Note

On the server machine and on the client machine, the accounts of both logged persons must exist.

Example: User Alpha is logged on the machine with the server and user Beta is logged on the machine with the client.

To use DCOM a Beta account must exist on the server station (with the same password as on the client machine) and an Alpha account must exist on the client station (with the same password).

If you work with a domain, it is recommended that a group containing user accounts is used. The permissions are then managed from the domain server.

Woodhead

8.2.3.3 Configuring 'applicom OPC Server' on the client machine

For the client part, the screen copies below show a simple configuration enabling the OPC server to be used through DCOM

"General" tab

Woodhead

"Location" tab

Woodhead

"Identity" tab

In the Identity tab you can specify which user account will be used for the client machine. It is logical to specify Interactive user, or in other words, the user logged on the machine.

Woodhead

Access type: Allow access

Access type: Authorise initiation

Woodhead

9 Support

In document OPC Server (Page 45-62)