Tips for Integrating with an OPC client
72
Building Technologies
048_DMS_MK8000_ICC_MP4.30_A6V10062407_a_en
Fire Safety & Security Products
06.2010
6.2
Using the test client
You may want to use the MK8000 test client on the client stations for commission-
ing and debugging purposes. You can choose to install the test client only during
product installation. Run the MK8000 installation application as usual on the client
and select client from the installation type list.
6.3
Integrating into a network (Distributed configuration)
The key to getting security to work smoothly is to have an administrator account
available on each system. On a workgroup network, just create an admin account
on each computer with the same username/password combination.
DCOM (Distributed COM) settings have to be set properly on both Client and
Server machines to allow the Client to launch and access the Server and to allow
the Server to call back to the Client while providing subscribed values (when Client
and Server are running on different computers).
The first issue is to properly define users and passwords.
Local user/group:
A Local user is an account that is known ONLY to the machine on which the ac-
count was set-up. The same is true for a Local Group. If you need an account to
have access to another machine, and the account is a Local User, you will need to
create a Local user with the
identical upassword
on the remote ma-
chine. For this reason, we recommend running OPC Client - Server set-ups in a
Domain if you can - the maintenance and set-up is easier.
Domain Local user/group:
A Domain User account is one that can be used anywhere within a Windows do-
main as long as the computer is a member of the domain.
A primary domain controller machine handles authentication of the user, thus al-
lowing you to centralise your security management on the user/group level.
A Domain Group is a group that is available to any computer that is a member of
the domain.
We recommend using Domain user accounts and Groups to set-up your DCOM
Configuration permissions when setting up OPC client/server connections - the risk
of problems is lower, and the long-term maintenance is much easier.
What if there
is no Domain?
When a Windows machine is not a member of a Domain, the ONLY user accounts
it will trust are those it finds in its own "local" security database. The issue here is
authentication. In a domain environment, the domain controller holds domain ac-
counts that are valid on all machines that are part of the domain, while a ‘Stand-
Alone machine’ receives authentication from its own Security Account Manager.In
order to avoid permission issues between machines not belonging to the same
Domain there is a workaround:You need to create the EXACT SAME user account
names AND passwords on BOTH machines. This does not mean that you must be
logged in as the same user on both machines to get the system to work, just that
the same user/password combination must be defined on each machine.