ICONICS Worldwide Customer Summit – September 2006

HMI-30Real-Time Data Tunneling over

LAN, WAN and Internet(Without DCOM)

HMI-30Real-Time Data Tunneling over

LAN, WAN and Internet(Without DCOM)

Petr Balda, Rudolf Griessl, Michael HiefnerMike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek ZadakPetr Balda, Rudolf Griessl, Michael HiefnerMike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek Zadak

2

What is the Issue?What is the Issue?

Customers want to network OPC clients and servers running on different platforms, in different domains, and on completely separate networks…

3

OPC Tunneling – What is the Issue and Why?Dan Muller, , Product Development Dir.• The Real DCOM Issue…DataWorX32 OPC Tunneling – The Solution!DataWorX32 OPC Tunneling – Demonstration!The Quiz…

HMI-30 AgendaHMI-30 Agenda

4

In the BeginningIn the Beginning

Life Was Easy

GraphicsAlarmingTrending

5

……And we grew…And we grew…

Then someone else wanted to see…

GraphicsAlarmingTrending

GraphicsAlarmingTrending

6

……And grew…And grew…

Then everyone wanted to

see…

GraphicsAlarmingTrending

GraphicsAlarmingTrending

7

……And the Network ExpandedAnd the Network Expanded

People in Remote facilities wanted to see…

GraphicsAlarmingTrending

OtherBusiness Systems

8

……And Expanded…And Expanded…

The DCOMDCOM Nightmare…

GraphicsAlarmingTrending

OPC/IOServer(s)

Read Only Access

Read & Write Access

OtherBusiness Systems

9

The Real DCOM IssueThe Real DCOM Issue

Presented by

Dan MullerProduct Development DirectorCyberlogic

10

Why is DCOM an Issue?Why is DCOM an Issue?

DCOM and related security issues can prevent OPC communication from working.Latency of DCOM error reporting is unacceptable for real-time systems.

11

Dealing with DCOMDealing with DCOM

““Can’t I just set up the security Can’t I just set up the security settings within Windows?”settings within Windows?”

Yes – in theory. This can be done for small, simple

systems. For complex systems, this can be a

nightmare to administer.

12

The DCOM Problem…The DCOM Problem…

Accessing across domains and workgroups: domains must trust each other.

Some users may not have the privileges needed.

Requirements specific to different operating systems.

13

The DCOM Problem…The DCOM Problem…

Firewalls. System-wide DCOM settings. Callbacks. Access, launch and activation

permissions.

14

The DCOM Problem…The DCOM Problem…

Additional settings required for OPC servers.

Hard-coded security settings.

15

The DCOM Problem…The DCOM Problem…

Coordinating with multiple IT administrators at different locations.

Maintenance as users, networks and systems change.

16

The DCOM Problem…The DCOM Problem…

The latency of DCOM error reporting.

17

The DCOM Solution…The DCOM Solution…

OPC Unified Architecture (UA) should/will eliminate this problem in the future.

A tunneler product solves this problem today, by eliminating DCOM completely.

18

Why ICONICS?Why ICONICS?

Only a handful of companies make tunneling products.One company in Germany and another in Canada offer tunneler products that work with OPC DA only.One company in Tunisia offers one product for OPC DA and one product for OPC A&E.ICONICS DataWorX Tunneler product supports OPC DA, A&E and HDA.

19

ICONICS DataWorX ICONICS DataWorX Tunneler…Tunneler…

Let’s listen to ICONICS’s tunneling product capability with a demonstration, using a Cyberlogic OPC Server.

20

DataWorX V9 – The SolutionDataWorX V9 – The Solution

-Lite Version V9-Lite Version V9-Tunneler Kit (pair)-Tunneler Kit (pair)-Lite Version V9-Lite Version V9-Tunneler Kit (pair)-Tunneler Kit (pair)

-Standard -Standard V9V9-Standard -Standard V9V9

-Professional V9-Professional V9-Redundancy -Redundancy (pair)(pair)

-Professional V9-Professional V9-Redundancy -Redundancy (pair)(pair)

21

DataWorX V9 – The SolutionDataWorX V9 – The Solution

22

So, Why is DCOM an Issue?So, Why is DCOM an Issue?

Complexity to Configure DCOMDCOM is Not Real-Time• DCOM can take up to 6 minutes to detect

and notify when a connection failure has occurred

DCOM is Not Firewall Friendly• Firewall pass through requires many open

ports• Major Security Issue

23

DataWorX32 - OPC DataWorX32 - OPC TunnelingTunneling

Bridges any OPC Server to any OPC ClientFirewall and Internet friendlySupports Tunneling of • OPC DA• OPC AE• OPC HDA

Alternative to conventional MS DCOM communications

24

OPC Tunneling ArchitectureOPC Tunneling Architecture

Based on ICONICS’ patented GenBroker™ communication – versus DCOMGraphical user interface provides centralized management of all remote connections

25

OPC Tunneling ArchitectureOPC Tunneling Architecture

26

OPC Tunneling Key OPC Tunneling Key FeaturesFeatures

Supports latest OPC Industry Standards• OPC Data Access 3.0• OPC Alarm and Events 1.1• OPC Historical Data Access 1.2Auto-discovery of remote OPC DA, A/E and HDA ServersSimple to set up and configureSupports OPC browser interfaces over LANs, WANs, and the Internet

Supports TCP/IP and SOAP/XML communication protocols

27

OPC Tunneling SecurityOPC Tunneling Security

Most Competitors Have None!Tunneling Client sends credentials to Server side of TunnelServer Side• Obtains authentication• Uses “impersonation” to create the

server under the specified user accountEach Tunneling connection can have it’s own credentials

28

OPC Tunneling SecurityOPC Tunneling Security

If the specified User does not have access rights to the destination OPC Server, then the OPC Tunnel creation fails and an “Access Denied” is reportedThe access is controlled by the DCOM Configurator at the remote location. (DCOM in Server, not across the Network)

29

DataWorX32 - OPC DataWorX32 - OPC TunnelingTunneling

DEMONSTRATION!!!DEMONSTRATION!!!

30

ICONICS WWCS Company ICONICS WWCS Company ArchitectureArchitecture

OPC Servers

Switches

OPC Servers

Wireless

Routers

The Internet

31

4 Simple Steps to Create a 4 Simple Steps to Create a Tunnel Tunnel

OpenClick on OPC Tunnel icon

Browse to DA, AE or

HDA server

Right click, select ‘Make OPC Tunnel’

That’s It !That’s It !

32

DataWorX32 - OPC DataWorX32 - OPC TunnelingTunneling

Bridges any OPC Server to any OPC ClientFirewall and Internet friendlySupports Tunneling of • OPC DA• OPC AE• OPC HDA

Alternative to conventional MS DCOM communications

33

DataWorX32 - ResourcesDataWorX32 - Resources

DataWorX32 OPC Tunneling.pdfDataWorX32_Prod_Bulletin.pdf

ICONICS Worldwide Customer Summit – September 2006

HMI-30Real-Time Data Tunneling over

LAN, WAN and Internet(Without DCOM)

The QUIZ!!!

HMI-30Real-Time Data Tunneling over

LAN, WAN and Internet(Without DCOM)

The QUIZ!!!

ICONICS Worldwide Customer Summit – September 2006

HMI-30Real-Time Data Tunneling over

LAN, WAN and Internet(Without DCOM)

Thank You!!!

HMI-30Real-Time Data Tunneling over

LAN, WAN and Internet(Without DCOM)

Thank You!!!

Petr Balda, Rudolf Griessl, Michael HiefnerMike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek ZadakPetr Balda, Rudolf Griessl, Michael HiefnerMike Hilligas, Zhi Wei Li, Pavel Tucek, Zdenek Zadak