Post on 18-Mar-2018
transcript
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 1 WinCC Competence Center Mannheim
PM-LOGON
PM-LOGON allows login on via e.g. RFID Card in:
• WinCC 7 and PCS 7 with Simatic Logon
• WinCC V13 SP1 Advanced Runtime via Soap Server
• WinCC V13 SP1 Comfort Runtime via Soap Server
• WinCC WebNavigator Client (WinCCViewerRT.exe)
PM-LOGON consists of:
• PM-LOGON Configurator
• PM-LOGON Runtime
• PM-LOGON Runtime (for WinCC V7, PCS 7 and WinCC V13 Prof. RT)
• PM-LOGON Runtime for Panels (for WinCC V13 Comfort and Advanced RT)
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 2 WinCC Competence Center Mannheim
PM-LOGON
• Operation of PM-LOGON requires at least 1 Configurator.
• The configurator includes1 Client
• Together with the free of charge trial version ideal for testing
• The runtime can be installed as many times as needed and does not require a license
• Client packages can be added as required by the project
• The Client packages define the maximum number of different users the can login
MLFB Type L-Price
9AE7123-1SC00-1AA0 Client Package 10 1.740,- EUR
9AE7123-1SC01-1AA0 Client Package 50 4.960,- EUR
9AE7123-1SC02-1AA0 Client Package 100 8.400,- EUR
9AE7123-1SS01-1AA0 Configurator incl. 1 Client 2.480,- EUR
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 3 WinCC Competence Center Mannheim
PM-LOGON
PM-LOGON Configurator
The Configurator defines the
assignment of the user and the
corresponding card
The logon credentials can be stored in
• Active Directory (Domain)
• Windows user management
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 4 WinCC Competence Center Mannheim
PM-LOGON
PM-LOGON Runtime
The PM-LOGON Runtime offers the following functions:
• Querying the unique ID of the RFID Karte from
the configured RFID reader device
• Determination of user name + password from:
• Active Directory (Domain controller)
• Windows user management
• Remote PM-LOGON Runtime
• Login of the user via
• Simatic Logon
• WinCCViewerRT
Read
• Admitto Reader
• Omnikey
• …
Authenticate
• Active Directory Domain Controller
• Windows user management
• …
Login
• Simatic Logon
• WinCCViewerRT
• …
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 5 WinCC Competence Center Mannheim
PM-LOGON
PM-LOGON Runtime
The PM-LOGON Runtime is structured into
modules and is easily extensible for
additional
• Identification devices
• User repositories
• Login Provider
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 6 WinCC Competence Center Mannheim
Plant 1 Plant 2 Plant 3
PM-LOGON (WinCC, PCS 7, RT Professional)
System structure (Example)
Redundant Domain
Controller Pair
Redundant OS
Server Pair
Redundant Domain
Controller Pair
Redundant OS
Server Pair
Redundant Domain
Controller Pair
Redundant OS
Server Pair
OS Clients OS Clients OS Clients
Common Active Directory Domain
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 7 WinCC Competence Center Mannheim
PM-LOGON (WinCC, PCS 7, RT Professional)
Function principle
Domain Controller
OS Client/Server
Microsoft Active Directory
SIMATIC Logon
PM-LOGON Configurator
PM-LOGON Runtime 2. Read Unique ID
3. Send Unique ID
4. Get User Information for
Unique ID of card
5. Retrieve
Username/Password
6. Logon with
Username/Password
7. Authenticate User
ADMITTO-A-3100-D-
DESFire USB CDC
Mifare DESFire EV1
1. Assign User to Unique ID of
RFID card
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 8 WinCC Competence Center Mannheim
PM-LOGON (WinCC, PCS 7, RT Professional)
Function principle
1. Required users are created in the active directory on the domain controller and are added to the
appropriate user groups. (Standard SIMATIC Logon procedure.)
2. Each RFID-Transponder has a unique ID. This ID is linked to a user from the active directory.
3. Username and password are stored in encrypted format together with the transponder ID in attributes of
the Microsoft Active Directory of the domain.
4. When a transponder is detected by a RFID reader, its ID is read by the PM-LOGON Runtime and a query
is run against the Active Directory to find the associated user.
5. The currently active domain controller retrieves the associated user and sends the encrypted user name
and password back to the PM-LOGON Runtime.
6. The PM-LOGON Runtime performs the login against SIMATIC Logon with the credentials retrieved
7. If the transponder leaves the scope of the RFID reader the previously logged in user is automatically
logged out .
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 9 WinCC Competence Center Mannheim
Active Directory Domain
PM-LOGON for Panels
System structure (Example)
Redundant Domain
Controller Pair
Redundant OS Server
Pair
SIMATIC HMI
Comfort Panels
OS Clients
with PM-LOGON
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 10 WinCC Competence Center Mannheim
SIMATIC Logon
Remote Access
PM-Logon Client PC
PM-LOGON (Comfort Panels)
Function principle
Domain Controller
SIMATIC HMI Comfort Panel
Microsoft Active Directory
SIMATIC Logon
PM-LOGON Configurator
PM-LOGON Runtime
for Panels
2. Read Unique ID
4. Send Unique ID
5. Get User Information for
Unique ID of card
6. Retrieve
Username/Password
8. Transfer
Username/Password
into HMI Tags
10. Authenticate User
ADMITTO-A-3100-D-
DESFire USB CDC
Mifare DESFire EV1
1. Assign User to Unique ID of
RFID card
9. Authenticate User
PM-LOGON Runtime 3. Send Unique ID
7. Retrieve
Username/Password
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 11 WinCC Competence Center Mannheim
PM-LOGON (Comfort Panels)
Function principle
1. Required users are created in the active directory on the domain controller and are added to the
appropriate user groups. (Standard SIMATIC Logon procedure.)
2. Each RFID-Transponder has a unique ID. This ID is linked to a user from the active directory.
3. Username and password are stored in encrypted format together with the transponder ID in attributes of
the Microsoft Active Directory of the domain.
4. When a transponder is detected by a RFID reader, its ID is read by the PM-LOGON Runtime for Panels
and sent to another PM-LOGON Runtime (on a PC) which runs a query against the Active Directory to find
the associated user.
5. The currently active domain controller retrieves the associated user and sends the encrypted user name
and password back to the PM-LOGON Runtime which relays it back to the PM-LOGON Runtime for
Panels.
6. The SIMATIC RFID Logon Runtime for Panels transfers the username and password into tags on the
Panel where a standard script function performs the login process.
2016-05-10
© Siemens AG 2016 All rights reserved.
Page 12 WinCC Competence Center Mannheim
Contact
Hans-Juergen Burath
WinCC Competence Center Mannheim RC-DE PD SO SOU
Dynamostr. 4
68165 Mannheim
Phone: +49 (621) 456 4186
Fax: +49 (621) 456 3334
Mobile: +49 (172) 6219325
E-mail:
hansjuergen.burath@siemens.com
siemens.com/process-management