background image

Password Configuration

Section 3  Configuration

32

3BSE037076-510 D

 

The wildcard character ‘*’ can be used instead of a Windows account name in the 
subscriber system. Use this method only to map to a read-only or Guest user in the 
provider system, since it opens up a system for write from all accounts in the 
subscriber system.

The Security Report in the provider system is extended with a part that documents 
the user mapping for the Remote Access Server.

Password Configuration

Setting a password is highly recommended but not mandatory. A password check 
is not made during a client-server connection. Clients can connect to the server 
without a password.

Figure 12. Set Password Dialog Box

It is recommended to configure a password for the Remote Access Server. 

The selected password must also be given when the Remote Access Client is 
configured. See section 

Remote Access Client Advanced Configuration

 on page 38. 

To configure the password, click the 

Set Password 

button.

Remote Access Server Advanced Configuration

There are two more configurations possible for the Remote Access Server. 

They are configured directly in the Special Configuration tab on the Service Group 
object. 

These configurations are:

Summary of Contents for Ability 800xA Series

Page 1: ...Power and productivity for a better world T System 800xA Multisystem Integration System Version 5 1...

Page 2: ......

Page 3: ...System 800xA Multisystem Integration System Version 5 1...

Page 4: ...assumes no responsibility for any errors that may appear in this document In no event shall ABB be liable for direct indirect special incidental or consequential damages of any nature or kind arising...

Page 5: ...Section 1 Introduction Product Overview 13 Product Scope 13 New in This Release 16 Prerequisites and Requirements 17 Section 2 Installation 800xA Multisystem Integration Installation 19 Recommended H...

Page 6: ...Upload 46 Proxy Objects 51 Proxy Control Connection 53 Proxy Log Configuration 53 Proxy Log Template 53 Miscellaneous Configuration 53 Security Configuration 53 Data Subscription 54 Process Displays...

Page 7: ...tenance Backup and Restore 87 System Alarms and Events 89 Audit Events 90 System Status 91 Upgrade Procedure 96 Appendix A Error Messages Appendix B Fault Tracing Physical Connection and Network Confi...

Page 8: ...Table of Contents 8 3BSE037076 510 D Revision History Introduction 117 Revision History 117 Updates in Revision Index A 118 Updates in Revision Index B 118 Updates in Revision Index C 119...

Page 9: ...tegration makes it possible to connect to one or more 800xA systems and operate them from one single place as if they where one system The user manual consists of the following sections Introduction d...

Page 10: ..._________________________ Feature Pack functionality included in an existing table is indicated using a table footnote Feature Pack Functionality Feature Pack functionality in an existing figure is in...

Page 11: ...ased Process Graphics Provider The 800xA system running the Remote Access Server A complete and comprehensive list of terms is included in System 800xA System Guide Functional Description 3BSE038018 T...

Page 12: ...updated or a new document is released It is in pdf format and is provided in the following ways Included on the documentation media provided with the system and published to ABB SolutionsBank when re...

Page 13: ...ent workgroups The supervised system can be without any local workgroups or be a complete system with its own local operator room The supervising system is called the Subscriber and the supervised sys...

Page 14: ...Network Product Scope Section 1 Introduction 14 3BSE037076 510 D The network between the subscribers and the providers can be anything from a high speed LAN 100 MBit s down to modem connection with a...

Page 15: ...two Providers Network Subscriber system Provider system Provider system Section 1 Introduction Product Scope 3BSE037076 510 D 15 For more information about network configurations refer to System 800x...

Page 16: ...System 800xA Administration and Security 3BSE037410 ___________________________________________________________________________________________ Connect Method for Multisystem Integration If the provid...

Page 17: ...of the provider and subscriber To be able to install 800xA Multisystem Integration the 800xA Core system must be of SV 5 0 SP2 or latest version The version of the Multisystem Integration must belong...

Page 18: ...Prerequisites and Requirements Section 1 Introduction 18 3BSE037076 510 D...

Page 19: ...gration wizard is used to install the 800xA Multisystem Integration Perform the following steps 1 Select Installation media 2 Double click on the Setup exe program 3 Select 800xA Multisystem Integrati...

Page 20: ...stallation 20 3BSE037076 510 D Figure 3 Installation Startup Display Continue the installation and fill in the requested information You can change the path of installation directory 4 Click Browse to...

Page 21: ...xA Multisystem Integration the system extension must be loaded The Configuration Wizard is used to install 800xA Multisystem Integration System Extensions 5 Select System Administration 6 Select syste...

Page 22: ...fails to start If Visual Basic based Process Graphics VBPG is used with Multisystem Integration install Visual Basic as a prerequisite on all the nodes running the Remote Access Client in order to de...

Page 23: ...ent configurations used for a small and medium large systems There are no special hardware requirements for 800xA Multisystem Integration except the requirements for the 800xA Core system software The...

Page 24: ...rectory servers It is not recommended to run on an operative workplace on the same node Figure 6 Small Configuration Figure 7 Medium Size Configuration Aspect Directory Server Connectivity Server Remo...

Page 25: ...s of these three basic configurations can also be used For example if the provider system is small but the subscriber system is connected to a lot of provider systems the configuration for a small sys...

Page 26: ...Medium Large Configuration Section 2 Installation 26 3BSE037076 510 D...

Page 27: ...emote Access Server in the provider must match the configuration of the Remote Access Client in the subscriber system The information to configure is TCP IP addresses for all nodes mandatory Password...

Page 28: ...7076 510 D Creation of a Remote Access Server The Configuration Wizard is used to create the Remote Access Server in the provider system Perform the following steps 1 Select the System Administration...

Page 29: ...Section 3 Configuration Creation of a Remote Access Server 3BSE037076 510 D 29 2 Select Remote Access Server option click Next see Figure 10 Figure 10 Create Remote Access Server...

Page 30: ...e Remote Access Server service provider If the connected clients will get a read only connection If the Remote Access Server and Client is running in the same Windows domain If the provider and subscr...

Page 31: ...ber and the provider systems belong to the same Windows domain or not If the users in the subscriber system and provider system belong to the same Windows domain the Common Windows domain check box sh...

Page 32: ...ighly recommended but not mandatory A password check is not made during a client server connection Clients can connect to the server without a password Figure 12 Set Password Dialog Box It is recommen...

Page 33: ...b To specify the port number to use enter the port number in the Port to use field Default port is 3340 Ensure the port selected is free to use Consult your network responsible for information It is p...

Page 34: ...old password must be given before a new password is accepted A user with administrative rights can change the password The remote access server caches information about OPC properties to speed up data...

Page 35: ...ly communicates with one Remote Access Server The Remote Access Client service is automatically created when the Remote System object is created Creation of a Remote Access Client The Remote System ob...

Page 36: ...ccess Client Section 3 Configuration 36 3BSE037076 510 D 2 Enter the Name and click Next the system displays Additional Arguments dialog see Figure 16 The name given for the Remote System object will...

Page 37: ...ser specified should be a local user or a domain user Domain user can be used when the provider and subscriber system belongs to the same Windows domain The provider and subscriber belongs to differen...

Page 38: ...mote Access Server and click OK 7 Click Add Remote Access Clients and click Create see Figure 16 The Remote System Object is created Remote Access Client Advanced Configuration The configuration of th...

Page 39: ...mote Access Client nodes and the Remote Access Service AfwRAS exe node For a redundant system the password must be set four times that is twice for the Remote Access Client and twice for the Remote Ac...

Page 40: ...on Section 3 Configuration 40 3BSE037076 510 D 2 Specify the Account used to connect to the Remote Access Server Provider and click OK See Figure 20 3 Click Set Password see Figure 19 Password only ha...

Page 41: ...can start you must specify what part of the provider system that should be uploaded This configuration is done in the Upload Configuration tab of the Remote System object Select the System Connection...

Page 42: ...objects of the selected object select or deselect the Include children check box appropriately The Follow references check box controls if objects needed by an uploaded aspect should be included in th...

Page 43: ...rences and Child Count after an upload The order in which structures are uploaded is significant for the VBPG if any of the graphics or references uploaded have a composite structure Any structures co...

Page 44: ...three ways to treat an aspect category when it is uploaded by 800xA Multisystem Integration 800xA system extensions have predefined this setting so it is very rare that this setting has to be changed...

Page 45: ...nd will not remove the object ID mappings for the uploaded objects A new upload will continue to have the same object ID as the previous upload so the displays in the subscriber system that has refere...

Page 46: ...nstances in the Control Structure the objects must be uploaded explicitly to the control structure Running Upload Before an upload is started a complete consistency check should be performed in the pr...

Page 47: ...load messages window The list of aspect categories shown in the Upload Execution tab is the aspects with the Copy at upload check box selected However it is possible to override the It is not possible...

Page 48: ...ll continue even if the Plant Explorer is closed To abort an on going upload click the Abort button After an upload is complete the result can be viewed either in the Upload messages window or in the...

Page 49: ...ver there is a way to see if there are any changes in the provider compared to the state in the subscriber and it is to use the compare function The compare function compares the configuration from th...

Page 50: ...alog shown below Clean should be used if structures has been removed in the upload configuration between different uploads The System Connection aspect also has a Consistency Check tab The consistency...

Page 51: ...clicked it will try to correct the inconsistencies If it fails a new upload must be performed Proxy Objects The proxy objects created in the subscriber system are mirrors of the objects uploaded from...

Page 52: ...es For example the definition of the name format is found as aspects Object Handling Profile Values variable Name Format and Workplace Profile Values variable Plant Explorer Settings tab Name Composer...

Page 53: ...resents a log configuration in the provider system It has the same behavior as a log configuration in the subscriber system but it is read only Proxy Log Template A Proxy Log Template aspect represent...

Page 54: ...ity 3BSE037410 Advanced Access Control If the advanced access control functions re authentication and double authentication are used in the provider system it must also be activated in the subscriber...

Page 55: ...e delay is only affecting the cyclic data i e a faceplate will get data directly when it is brought up These values must not overlap i e 0 10 5 20 is not allowed and only whole seconds can be specifie...

Page 56: ...stem Integration this is easily achieved since the uploaded proxy aspect works identically with all other aspects with OPC data This means that to create a new process display with values from any con...

Page 57: ...ays are also transferred with their log configuration during an upload the references are changed to the uploaded proxy objects Building a new trend or log configuration is done in the same way as for...

Page 58: ...When an upload is performed event categories are uploaded to this collection definition object Alarms from the provider system will be collected for objects that have been uploaded only Alarm and Eve...

Page 59: ...ms it is important that the Alarm Manager configuration is properly configured The following recommendation for the Special Configuration must be followed 1 Use the same settings for Alarm Handling in...

Page 60: ...the provider will also affect the subscriber and vice versa Feature Pack Functionality______________________________________________________________________ Point of Control Support This section appl...

Page 61: ...bling Point of Control section in System 800xA Administration and Security 3BSE037410 Execute one of the following methods to enable the Point of Control 1 Select Point of Control from Start ABB Indus...

Page 62: ...Engineer Configure permission is required to configure the Section Definition aspects Add the System Engineer to the Application Engineer group or explicitly provide the Configure permission to the Sy...

Page 63: ...the provider and imported to the subscriber Node Configuration Figure 39 Node Configuration Before uploading the Section Definition aspect to the subscriber all nodes should be configured in the Sect...

Page 64: ...Using Asset Optimization with Multisystem Integration the Condition Reporting and Monitoring and Work Order Management functions can be performed remotely from the subscriber system For more informati...

Page 65: ...ration can be changed using the Asset Optimization Configuration aspect Asset Optimization Configuration Aspect The Asset Optimization Configuration aspect is added to the Remote System Object that re...

Page 66: ...HTTP protocol When HTTP protocol is used the data passed between Subscriber and Provider is not encrypted The HTTP Communication Protocol must be selected only after assessing the security requirement...

Page 67: ...Changing the IP address 3 Click Apply to save the settings This configuration change does not require an upload of objects HTTPS Communication Protocol This section describes the steps to be performed...

Page 68: ...erNode to allow the HTTPS communication in the Provider system Execute the following to configure the HTTPS binding using the SSL certificate with the CN WD 03 AO 1 Open the Internet Information Servi...

Page 69: ...issuing Certificate Authority must be added to the Trusted Root Certification Authorities store on the Asset Optimization Client and Server Nodes in the Subscriber system Execute the following steps...

Page 70: ...Section 3 Configuration 70 3BSE037076 510 D 2 Select File Add Remove Snap in The Add or Remove Snap ins dialog appears Figure 45 Add or Remove Snap ins 3 Select Certificates and click Add The Certifi...

Page 71: ...10 D 71 4 Select an account and click Finish 5 Right click Trusted Root Certification Authorities and select All Tasks Import from the context menu Figure 47 Importing Trusted Root Certification Autho...

Page 72: ...e display resides both in the functional structure and the control structure the control structure should be uploaded before the functional structure Aspect Link Control Aspect link control dynamicall...

Page 73: ...ame for the subscriber and all providers It is not possible to have different lock policies on different systems The Power Plant libraries for PI and PT cannot be used together Section 3 Configuration...

Page 74: ...Limitations Section 3 Configuration 74 3BSE037076 510 D...

Page 75: ...shows additions and deviations in operation for Multisystem Integration compared to ordinary operation See System 800xA Operations 3BSE036904 Process Displays Figure 48 Remote Object Tooltip Object Di...

Page 76: ...in the same way as a trend for local objects but with the name and the tool tip changed the same way as for faceplates and process displays If a trim curve from a remote system displays values in the...

Page 77: ...the provider The system name column shows the name of the system from which the alarms are emitted This is typically useful when configuring alarm and event lists in the subscriber system that shows b...

Page 78: ...ntrol Summary Aspect in the Provider System Figure 50 Point of Control Summary Aspect in the Subscriber System The Point of Control Summary aspect displays the responsibility status of all configured...

Page 79: ...e information refer to Transfer of Responsibility section in System 800xA Operations 3BSE036904 Request Responsibility The responsibility of a section can be requested using the object context menu Wh...

Page 80: ...4 Operation 80 3BSE037076 510 D 2 Type the message in the Message describing the reason for the responsibility request The message will be shown to the responsible user and stored in the audit list 3...

Page 81: ...done on a Remote Access Service RAS Section 4 Operation Transfer of Responsibility 3BSE037076 510 D 81 After the request for the section is sent the Handover Responsibility dialog appears to the curr...

Page 82: ...Request is Taken Transfer of Responsibility Section 4 Operation 82 3BSE037076 510 D If the responsible user accepts the request the responsibility is immediately transferred and a confirmation is sent...

Page 83: ...subscriber Figure 54 Request Responsibility after the Request is Denied Section 4 Operation Transfer of Responsibility 3BSE037076 510 D 83 If the user in the subscriber system is not mapped in the pro...

Page 84: ...Reporter with System Status Asset Reporter Web View Fault Report Submitter Fault Report Submitter Web View CMMS View s CMMS Web View s During the upload operation Asset Optimization aspects that provi...

Page 85: ...dule CMMS Web View View Spare Parts CMMS Web View View Work Order History CMMS Web View Table 4 SAP Integration Provider System Subscriber System SAP View Active Work Orders CMMS Web View SAP View Equ...

Page 86: ...vided when calling up the Web View aspect in the Subscriber system This is required in the following scenarios When the Provider and Subscriber system are in different domain If a different set of use...

Page 87: ...in the Backup and Restore The backup configuration is done in the Maintenance structure Select the Backup Definition object and create an object below it of type Full Backup A recommendation is to in...

Page 88: ...t Directory data and the additional Remote Access Client service proxy object data For a description about how to make a restore of the Aspect Directory data refer to System 800xA Administration and S...

Page 89: ...the task manager System Alarms and Events 800xA generates a number of system alarms and events Table 5 shows under what conditions they are generated Table 5 System Messages Message Description Extend...

Page 90: ...ovider and the subscriber The audit events configurable as system alarms are The protocol PROTOCOL was not found APPL NOD E Failed to load a protocol This message is generated for the system that fail...

Page 91: ...vider system to use when the audit trail is generated System Status The system status function is extended to facilitate fault tracing of a remote system connection The overview part is the same as in...

Page 92: ...ame color scheme to indicate if there are any problems with the services A difference between the Remote Access Server Remote Access Client and other services is that the service can work correctly bu...

Page 93: ...nts Similar information can be viewed on the Remote Access Client Detailed information about the communication between the Remote Access Client and the Remote Access Server is available in the Connect...

Page 94: ...Maintenance 94 3BSE037076 510 D Table 7 describes each field Table 7 Remote Access Client Connection Tab Description Item Description IP Address Numeric or symbolic IP Address of the Remote Access Ser...

Page 95: ...client to the Remote Access Client service Received from client Number of bytes received from a local client to the Remote Access Client service Sent bytes Number of bytes sent to the Remote Access Se...

Page 96: ...mote Access Server The same tabs with the same information are also available for the Remote Access Server Upgrade Procedure When you upgrade the software for the Multisystem Integration to a new rele...

Page 97: ...upgrading the Multisystem Integration also Process Portal A and all used system extensions should be upgraded to the same service pack or release Section 5 Maintenance Upgrade Procedure 3BSE037076 510...

Page 98: ...Upgrade Procedure Section 5 Maintenance 98 3BSE037076 510 D...

Page 99: ...shown in upload logs or as message boxes possible to receive from the 800xA system with its own set of messages The table below lists the error messages and a short explanation of the cause All error...

Page 100: ...consistency BAD_ID Internal error Bad identifier used in multiple places BAD_PASSWORD The passwords defined for the Remote Access Server and Client pair do not match each other Define the password ag...

Page 101: ...story server linked adaptor not initialized before use HDA_REFERENCE_NOT_FOUND A referenced aspect in a history log configuration is not found in the provider INITED Internal error Object is re initia...

Page 102: ...come by redoing the upload of the full structure specified for the remote object connection NO_PROXY No proxy found when expected Run upload clean and then upload everything to rebuild consistent memo...

Page 103: ...em Use Import Export to move the permission from the provider to the subscriber PROTOCOL_NOT_FOUND One of the protocols used to communicate between the Remote Access Server and Remote Access Client ca...

Page 104: ...with the remote system connection object This can be possibly be corrected through the consistency checker auto correction function UPDATE_RUNNING A new update operation can not be started as one is...

Page 105: ...ct the ABB support organization In case the error is presented as a hexadecimal figure like 8ABB0091 the program AfwErrorLookup exe could often be used to get a description of the error AfwErrorLookup...

Page 106: ...Appendix A Error Messages 106 3BSE037076 510 D...

Page 107: ...mmand window run ping provider IP address If there is a time out check both with numeric address and symbolic address If no connection can be established with ping there is a network problem that need...

Page 108: ...e subscriber and the provider select the Remote Access Client Connection tab and check the row Time difference This row will show the time difference between the subscriber and provider To perform tim...

Page 109: ...rrect Alarm with Object GUID Instead of Object Name Alarms from objects that has been uploaded but later not uploaded will be presented as object GUID instead of the object name To correct this the Re...

Page 110: ...e Figure 62 Figure 62 System Alarm 2 Select Default System Config aspect from the Aspects of System Messages list 3 Select Disconnected from the Messages list Click to include the Disconnected message...

Page 111: ...pendix B Fault Tracing No System Alarm in the Provider System 3BSE037076 510 D 111 Figure 63 Messages that will generate System Alarms 5 Select Inactive At Acknowledge option 6 Click Apply see Figure...

Page 112: ...No System Alarm in the Provider System Appendix B Fault Tracing 112 3BSE037076 510 D...

Page 113: ...ion 84 Audible Alarms 60 B Backup 87 C Common Windows domain 31 Compare 49 Composite Graphics 72 Configuration Alarm and Event 58 Faceplates 56 Process Displays 56 Trends 57 Configuration Wizard 28 Co...

Page 114: ...30 32 Change 34 ping 107 Port number 33 Process Display configuration 56 Provider 13 27 Provider services 45 93 Proxy aspect 45 Proxy Control Connection aspect 53 Proxy Log Configuration 53 Proxy Log...

Page 115: ...pload Execution tab 47 System Connection aspect 41 System events 89 System status 91 SystemName 59 77 T TCP IP addresses 27 Time Synchronization 76 to 77 90 95 108 Time synchronization 23 Tool tip 75...

Page 116: ...Index 116 3BSE037076 510 D Index 116 3BSE037076 510 D...

Page 117: ...s User Manual The revision index of this User Manual is not related to the 800xA 5 1 System Revision Revision Index Description Date First version published for 800xA 5 1 June 2010 A Updated for 800xA...

Page 118: ...ss Client Added the procedure for configuring the Connect Method for Multisystem Integration Section 3 Composite Graphic Added information note on large uploads should be divided into smaller parts Up...

Page 119: ...ser Manual for 800xA 5 1 Feature Pack 4 Updated Section Sub section Description of Update Section 1 New in This Release Added a new subsection Asset Optimization with Multisystem Integration Section 3...

Page 120: ...Updates in Revision Index D 120 3BSE037076 510 D...

Page 121: ......

Page 122: ...ol Technologies Mannheim Germany Phone 49 1805 26 67 76 e mail marketing control proucts de abb com www abb de controlsystems Power and productivity for a better worldTM Contact us ABB Pte Ltd Control...

Reviews: