HMI-30 Real-Time Data Tunneling

Download Report

Transcript HMI-30 Real-Time Data Tunneling

HMI-30
Real-Time Data Tunneling over
LAN, WAN and Internet
(Without DCOM)
Petr Balda, Rudolf Griessl, Michael Hiefner
Mike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek Zadak
ICONICS Worldwide Customer Summit – September 2006
What is the Issue?
Customers want to network OPC clients and
servers running on different platforms, in
different domains, and on completely
separate networks…
2
HMI-30 Agenda
OPC Tunneling – What is the Issue and Why?
Dan Muller,
, Product Development Dir.
• The Real DCOM Issue…
DataWorX32 OPC Tunneling – The Solution!
DataWorX32 OPC Tunneling – Demonstration!
The Quiz…
3
In the Beginning
Graphics
Alarming
Trending
Life Was Easy
4
…And we grew…
Graphics
Alarming
Trending
Graphics
Alarming
Trending
Then someone else wanted to
see…
5
…And grew…
Graphics
Alarming
Trending
Graphics
Alarming
Trending
Then everyone wanted to
see…
6
…And the Network Expanded
Graphics
Alarming
Trending
Other
Business
Systems
People in Remote facilities wanted to
see…
7
…And Expanded…
Graphics
Alarming
Trending
Read Only Access
OPC/IO
Server(s)
Read & Write Access
Other
Business
Systems
The DCOM Nightmare…
8
The Real DCOM Issue
Presented by
Dan Muller
Product Development Director
Cyberlogic
9
Why is DCOM an Issue?
DCOM and related security issues can prevent
OPC communication from working.
Latency of DCOM error reporting is
unacceptable for real-time systems.
10
Dealing with DCOM
“Can’t I just set up the security settings
within Windows?”
Yes – in theory.
This can be done for small, simple systems.
For complex systems, this can be a nightmare
to administer.
11
The DCOM Problem…
Accessing across domains and workgroups:
domains must trust each other.
Some users may not have the privileges
needed.
Requirements specific to different operating
systems.
12
The DCOM Problem…
Firewalls.
System-wide DCOM settings.
Callbacks.
Access, launch and activation permissions.
13
The DCOM Problem…
Additional settings required for OPC servers.
Hard-coded security settings.
14
The DCOM Problem…
Coordinating with multiple IT administrators at
different locations.
Maintenance as users, networks and systems
change.
15
The DCOM Problem…
The latency of DCOM error reporting.
16
The DCOM Solution…
OPC Unified Architecture (UA) should/will
eliminate this problem in the future.
A tunneler product solves this problem today,
by eliminating DCOM completely.
17
Why ICONICS?
Only a handful of companies make tunneling
products.
One company in Germany and another in
Canada offer tunneler products that work with
OPC DA only.
One company in Tunisia offers one product
for OPC DA and one product for OPC A&E.
ICONICS DataWorX Tunneler product supports
OPC DA, A&E and HDA.
18
ICONICS DataWorX Tunneler…
Let’s listen to ICONICS’s tunneling product
capability with a demonstration, using a
Cyberlogic OPC Server.
19
DataWorX V9 – The Solution
-Lite Version V9
-Tunneler Kit (pair)
-Standard V9
-Professional V9
-Redundancy (pair)
20
DataWorX V9 – The Solution
21
So, Why is DCOM an Issue?
Complexity to Configure DCOM
DCOM is Not Real-Time
• DCOM can take up to 6 minutes to detect and
notify when a connection failure has occurred
DCOM is Not Firewall Friendly
• Firewall pass through requires many open ports
• Major Security Issue
22
DataWorX32 - OPC Tunneling
Bridges any OPC Server to any OPC
Client
Firewall and Internet friendly
Supports Tunneling of
• OPC DA
• OPC AE
• OPC HDA
Alternative to
conventional
MS DCOM
communications
23
OPC Tunneling Architecture
Based on ICONICS’ patented GenBroker™
communication – versus DCOM
Graphical user interface provides centralized
management of all remote connections
24
OPC Tunneling Architecture
25
OPC Tunneling Key Features
Supports latest OPC Industry Standards
• OPC Data Access 3.0
• OPC Alarm and Events 1.1
• OPC Historical Data Access 1.2
Auto-discovery of remote OPC DA, A/E and
HDA Servers
Simple to set up and configure
Supports OPC browser interfaces over LANs,
WANs, and the Internet
Supports TCP/IP and SOAP/XML
communication protocols
26
OPC Tunneling Security
Most Competitors Have None!
Tunneling Client sends credentials to Server
side of Tunnel
Server Side
• Obtains authentication
• Uses “impersonation” to create the server
under the specified user account
Each Tunneling connection can have it’s own
credentials
27
OPC Tunneling Security
If the specified User does not have access
rights to the destination OPC Server, then the
OPC Tunnel creation fails and an “Access
Denied” is reported
The access is controlled by the DCOM
Configurator at the remote location. (DCOM
in Server, not across the Network)
28
DataWorX32 - OPC Tunneling
DEMONSTRATION!!!
29
ICONICS WWCS Company
Architecture
Wireless
Routers
The Internet
Switches
OPC Servers
OPC Servers
30
4 Simple Steps to Create a Tunnel
Open
Right click, select ‘Make
OPC Tunnel’
Click on OPC Tunnel
icon
Browse to DA, AE or
HDA server
That’s It !
31
DataWorX32 - OPC Tunneling
Bridges any OPC Server to any OPC
Client
Firewall and Internet friendly
Supports Tunneling of
• OPC DA
• OPC AE
• OPC HDA
Alternative to
conventional
MS DCOM
communications
32
DataWorX32 - Resources
DataWorX32 OPC Tunneling.pdf
DataWorX32_Prod_Bulletin.pdf
33
HMI-30
Real-Time Data Tunneling over
LAN, WAN and Internet
(Without DCOM)
The QUIZ!!!
ICONICS Worldwide Customer Summit – September 2006
HMI-30
Real-Time Data Tunneling over
LAN, WAN and Internet
(Without DCOM)
Thank You!!!
Petr Balda, Rudolf Griessl, Michael Hiefner
Mike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek Zadak
ICONICS Worldwide Customer Summit – September 2006