Professional Documents
Culture Documents
User's Guide
277609 Rev. B1
Refer to this publication for complete and accurate information that helps you better operate and service Metso
Automation MAX Controls equipment. Your comments and suggestions are welcome.
Metso Automation MAX Controls, Inc.
1180 Church Road
Lansdale, PA 19446
Attention: Manager, Technical Publications
Restrictions...................................................................................................................................................... 2-13
Troubleshooting Domain Problems..................................................................................................................... 2-14
Using Transport Daemon to Check Communications ..................................................................................... 2-14
Checking on Points Using Point List Facility.................................................................................................. 2-15
RRS Connections ............................................................................................................................................ 2-16
CHAPTER 3.......................................................................................................................3-1
CHAPTER 4.......................................................................................................................4-1
CHAPTER 5.......................................................................................................................5-1
v
Preface
Chapter 5 explains how to use the I/O Configurator tool, a utility that makes
it easier to estimate I/O module requirements taking into account system
limitations.
Overview
Use the maxSTATION to prepare software applications and organize your
system resources. A maxDNA distributed control system is segmented by
domains, consisting of workstations and DPUs. See Chapter 2, Setting up
Domains. Refer to this chapter to become acquainted with the maxDNA
software application environment and its hardware platform, the
maxSTATION.
maxSTATION Basics
maxSTATION, an Intel Pentium-series workstation, running either
Microsoft Windows NT or 2000 operating system, is a high-performance
workstation outfitted with a high capacity hard drive, color monitor,
engineering or operator keyboard, mouse or track ball, and CD-ROM for
loading maxDNA application software.
The Windows video display is called the desktop. Icons representing files,
folders or programs may be placed on the desktop. A window is opened
for each individual program (often called an application) that is executed.
Multiple windows can be open simultaneously, be moved and resized, as
desired.
Physical Configuration
maxSTATION components, normally located in a control room, can be
packaged in either a cabinet, a work desk, or a combination of both.
Normally, RPU cabinets are located close to the processes they are
monitoring and controlling.
Setting up a maxSTATION
A maxSTATION may be set up as an:
Operators Workstation
Engineers Workstation
Dedicated Function
The DPU4E, acting as a server, collects information, stores it, and ultimately
transfers the information to the appropriate maxSTATION clients. The
collected data is comprised of alarm, event, trend, historical, and general
point information.
Real Time Gateway (RTG), required with systems using DPU Bus Modules,
provides an interface between the DBM and the software backplane. The
RTG provides immediate data, trend data, alarm data, and more.
To prepare software, you may need to perform any or all of the following:
General Utilities
History Collection
Click the Start button on the Task Bar, point to Programs and maxDNA to
access maxDNA software or to see additional menus for utility programs,
accessible from separate menus.
The machine settings area of the Registry contains default settings for
several maxDNA applications listed in Publication 277594 Auxiliary
Functions User's Guide. Changes made in machine settings for software
installed on a specific maxSTATION remain in place and are applied
globally regardless of user and associated user logon name.
Changes made in the user settings area are associated with a specific user
and user logon name. Settings in the user setting part of the registry database
are organized by software application:
maxVUE
maxTOOLS
Software backplane
DPUList.ini
wks.ini
Point Browser Uses it to create the tree selection of the listed DPUs.
Healthlog Uses it to provide status of the listed DPUs.
DPUAlarms Uses it to get alarms from the listed DPUs.
DPUEvents Uses it to get events from the listed DPUs.
TimeSync Uses it to determine which DPUs to check time error and allow
time set/sync.
MaxTOOLS4E Uses it to look up the IP address for a given DPU name and
determine if the name references a stand-alone or backup pair
of DPUs. Also used to determine which DPUs get the security
database download if all is selected. Writes to DPUList.ini to
add a new DPU if user requests it.
Database The scope of DPUs from which to get the summaries
Summaries
Download Freeze The list of DPUs available to unfreeze
Check
Find Bad Reference The list of DPUs for checking bad references
MaxTRANSPORT Pre-registers the IP address of the available DPUs.(at this point
it does not pre-register the DPU name).
MaxPROXY Uses it to determine if a data request is directly from a DPU
and allows an extra proxy hop. (normally a proxy will not
forward a request for data to another proxy) .
I/O Inventory List of DPUs available to check list and current state of their
I/O.
DPU Atom List List of DPUs available from which you can get a summary of
(diagnostic utility) atoms by time class.
When this program is started, it reads the two startup.ini files. These text
files contain a list of maxDNA applications that you want the startup
program to launch automatically each time the maxSTATION containing the
startup.ini files is booted.
The startup.ini files may also contain a list of initialization files associated
with specific applications. These files may contain special custom settings
that the startup program reads and puts into effect when the maxSTATION
boots.
0, c:\MCS\Sbp\EvtCollector.exe, EvtCollector
0, c:\MCS\Sbp\DpuEvents.exe, DpuEvents
1, c:\MCS\Sbp\EvtLogger.exe, EvtLogger - EvtLogger.ini, /EvtLogger.ini
;
; The following lines startup the maxSTORIAN. It requires special dongle licencing.
; These lines should be moved to C:\custom\sbp\startup.ini since this file will be
; overwritten during the next update and any changes made to it will be lost.
;
;1, C:\MCS\SBP\MINICONF.EXE, MiniConf, c:\MxsStorageRoom\Configurations\LSSaddSvc.txt
;5, c:\mcs\history\maxSTORIAN.exe, maxSTORIAN
;
; Uncomment one of the following lines depending on the type of maxSTORIAN
;
;w, C:\MCS\SBP\MINICONF.EXE, MiniConf, c:\MxsStorageRoom\Configurations\StandAlone.txt
;w, C:\MCS\SBP\MINICONF.EXE, MiniConf, c:\MxsStorageRoom\Configurations\Primary.txt
;w, C:\MCS\SBP\MINICONF.EXE, MiniConf, c:\MxsStorageRoom\Configurations\Secondary.txt
Logging on As an Administrator
To perform many basic maxSTATION setup functions, such as creating
passwords, configuring process security, setting up domains, and so forth,
you must be recognized by the system as a user with administrative
privileges.
Each account has a profile that maintains information about the desktop for
that account. These profiles contain information about what icons should
appear on the desktop and what programs should be accessible from the Start
menu, in addition to other information.
To log on as an Administrator:
1. Turn on the computer and monitor, if they are not already turned on.
When you turn the computer on, it goes through its normal boot up
routines. When the computer finishes its start up procedures, the
Windows Auto Logon Dialog appears.
2. Press the <Ctrl + Alt + Delete> keys to open the Logon Dialog.
For critical control room applications, such as alarm and event monitoring,
alarm annunciation, etc, select two stations for each application in the event
one or the other station should fail.
In the maxVUE Editor, use the Alarm List Control and Alarm Summary
Control to configure alarm displays which operators may view in maxVUE
Runtime. These are viewable from multiple maxSTATIONs.
Copy the MergeAlm.ini file from Mcs\sbp to Custom\Sbp. Edit the file and
enter the desired alarm providers (See comments in the ini file). The line
PROVIDER = DPU4E is needed for the maxSTATION to get DPU4E
alarms. The MaxMergeAlm program during startup reads the MergeAlm.ini
file.
See the following example of a startup.ini file that starts the necessary
alarming programs and also collects events from DPU4Es. Note the delay
times.
0, c:\MCS\Setup\MCSRegEdit.exe, MCS Registry Editor, /SILENT
0, c:\MCS\Sbp\maxRRS.exe, maxRRS
w, c:\MCS\Sbp\maxLSS.exe, maxDNA Local Status Server
w, c:\MCS\Sbp\maxINIT.exe, maxINIT
;0, c:\MCS\Sbp\RealTimeGateway.exe, MCS Real Time Gateway, /SECURITY
0, c:\mcs\sbp\maxPROXY.exe, maxPROXY - InterDomain Proxy Server
2, c:\MCS\Sbp\maxMERGEDPUALM.exe, maxMERGEDPUALM
8, c:\MCS\Sbp\maxMERGEALM.exe, maxMERGEALM
0, c:\MCS\Sbp\maxTRANSPORT.exe, maxDNA Transport Daemon
;3, c:\MCS\Sbp\Xfertool.exe, Xfertool (No Window), /SILENT
;0, c:\MCS\Sbp\AnnunTask.exe, Annunciator Task, /LSS_ONLY
;4, c:\MCS\Sbp\AnnSetup.exe, Alarm Annunciation Setup, /SILENT
0, c:\MCS\Sbp\EventRuntime.exe, EventRuntime
0, c:\MCS\Sbp\PointPicker.exe, MCS Point Picker
;
;0, c:\MCS\Report\maxHISREPSVR.exe, max History Reports Server - Settings,
/Delay=60
0, c:\MCS\Sbp\EvtCollector.exe, EvtCollector
0, c:\MCS\Sbp\DpuEvents.exe, DpuEvents
1, c:\MCS\Sbp\EvtLogger.exe, EvtLogger - EvtLogger.ini, /EvtLogger.ini
1. Click the Start button, point to Programs, maxDNA, Utilities, and then
click MCS Registry Edit to open the registry editor dialog box.
2. The registry editor dialog contains two tabs, user settings and machine
settings. Click the machine settings tab.
3. Expand the folder in the left directory window, locate and click on the
entry DPU Alarm List Server from the expanded list.
4. When you select this entry, a data entry field appears on the right
containing the current setting. Set this to Yes. This value should be set to
No for non-alarm-list-master stations.
5. Click Apply and OK to make the change and exit from the Registry
Editor.
6. Stop the station and restart the station from the startup program so that
the alarming programs see this registry change.
To activate the Events Package, the path names for each component must be
added to the startup program in each maxSTATION. Additionally, you must
configure the initialization files for the Event Collector, Event Server, and
Event Logger. If you intend to log different events to multiple printers, you
need to create multiple instances of the Event Logger initialization file,
called EvtLogger.Ini. See Publication 277594, maxSTATION Auxiliary
Functions, a Users Guide, Chapter 2, "Understanding the Event Collector,"
"Understanding the Event Server, and "Activating the Events Package."
Setting up Domains
Overview
Use domains in a maxDNA system to functionally divide a system into
operational units. A domain typically contains a group of DPU4Es and
workstations that are engineered, maintained, and operated independently
from equipment in other domains. For example, in an electric generating
plant the control for each generating unit could be configured in a separate
domain. In addition, there may be common equipment shared by two
generators resulting in a third domain.
While items such as live data and historical trends can be retrieved from
other domains, many of the overhead functions would normally be
performed within the domain. For example, database configuration, alarm
management, event collection and logging, time synchronization, and
diagnostic maintenance are functions that are typically restricted to a
domain.
To define domains and assign workstations to specific domains, you will use
a utility called Domain Configurator. As you define domains and make
domain assignments, the utility, in the background, automatically defines
domain addresses and creates a text file, wks.ini, listing domain names and
workstation addresses and the domains these addresses may access. The file
is stored in C:\Custom\Database\Wks.ini file.
A typical wks.ini file created by the Domain Configurator looks like the
following:
; C:\Custom\Database\Wks.ini file
; _______________________________
;
; This File should be identical on all workstations
;
;Domains
;
DOMAIN 4: ALMGEN3, *.*
;
;Stations
;
[172.16.160.4]MCSNT55,, 4
[172.16.160.35]VALIDAT1,, 4
[172.16.160.36]VALIDAT2,, 4
[172.16.160.55]VALIDAT3,, 4
[172.16.160.56]VALIDAT4,, 4
[172.16.160.60]VALIDAT5,, 4
;
1. Copy wks.ini file from the maxSTATION with the master file to each of
your maxSTATIONs.
Important: make sure all your maxSTATIONs have the same wks.ini.
Figure 2-1. This illustration depicts three primary domains. Domains 1 and 2 share a common domain.
This diagram represents how a system with two units plus a unit common
might be configured. The system is set up with three domains representing
each of the two units plus one more for the unit common.
The DPUs in Unit1 can only communicate directly with the workstations in
Unit1. Likewise the DPUs in Unit2 can only communicate directly with
workstations in Unit2. The DPUs in common however can communicate
with workstations in Unit1, Unit2 and UNIT Common. This is because the
Notice that the three virtual SBP lines (three dark lines in the middle of
Figure 2-1) are each assigned a number used to set IP addresses on the
DPUs.
DPUs never write and are given automatic access to all direct connect
domains of the workstations within their own domain that have proxy
servers running. This means that DPUs in Unit1 will have access to data in
UNIT Common but not Unit2. Since there are two proxy servers in each
domain, the proxies are redundant.
Figure 2-2. In this illustration, primary domains 1 and 2 share a third common primary domain. In addition,
auxiliary domains 20 and 21 may access the other primary domains via proxy servers.
range and contain only workstations that may access the information
contained within all the DPUs in a system by going through proxy servers. In
this example, workstations contained in these auxiliary domains are to be
used as supervisory stations that may read data but have no write privileges.
The Domain Configurator establishes these workstations as having indirect,
read only access to the primary domain.
You don't normally see the IP address because a Name Server (DNS) looks
up the address for you, but it is there.
172.16.xx.xx
172.17.xx.xx
Where:
16 is reserved for the A network and 17 for the B network of the redundant
maxNET.
Addressing Scheme
Any DPU4E has two maxNET addresses (actually three if you count the
backup port):
172.16.0D.XX 172.17.0D.XX
Note that the Workstation number on a site must be unique (1 - 254). Use the
Domain Configurator to program which additional channels (domains) the
workstation is tuned to. These addresses are setup by the maxTRANSPORT
program when run in Administrator mode. maxTRANSPORT sets up
addresses in the range:
Cable A
Cable B
2. Assign all workstations a unique number (the last octet of the IP address)
1 to 254.
Warning you must use the Domain Configurator to create at least one
domain. If you do not set up at least one domain:
The output of the Domain Configurator is a text file called wks.ini, located
in c:\custom\database. This file is used at each maxSTATION, in
conjunction with maxTRANSPORT, to set up the proper IP addresses for
Log on as Administrator, click the Start button on the Task Bar, point to
Programs, MAX Administrator Tools and click Domain Configurator to
open the MAX Domain Configure Dialog.
The dialog contains two tabs, Domain and Work Stations. First, use the
Domain tab to define the domains in your system. Then use the Work
Stations tab to assign workstations in your system to one or more domains
and to set up proxy servers.
To configure domains:
1. Open the Domain Configurator dialog to the Domains tab and enter the
name of each domain you intend to establish in the appropriate fields
under Domain.
2. In the Domain Number field, enter a domain number. Click the down
arrow to select a domain number from a drop-down list box. When you
click the arrow, a list of the available domain numbers will drop down.
Do not attempt to enter the number directly in the field.
3. Check the Has DPU checkbox if the specified domain contains DPUs.
The checkbox should be unchecked when workstations in that domain
are going to get their data through proxy servers.
4. Filters If tagnames are unique in each domain, then tagname filters can
be part of the filter set. If not, then just station name filters can be used.
Filters can contain wild cards of "*" for 0-N characters or "?" for a
single character match. Filters are applied from left to right. The default
is *.*.
The filters are used only if the tagname requested is not currently registered
in the local RRS (uploaded from DPUs or workstations that are defined for
direct access). For more details see Using Domain Filters in the following
section.
To configure workstations:
2. In the Work Station field, enter the name of each workstation that exists in
your system. The name is the same name configured under Identification in
Networks in Control Panel.
3. In the Station Number field, just beneath the Work Station field, enter the
last octet of the IP address of that maxSTATION. For example, if the
stations IP address is 1.72.16.160.20, then enter 20 in the Station Number.
4. Check the Run Proxy checkbox to make the associated workstation a proxy
server. A proxy server provides to other stations (outside the domain in
which the proxy server resides) access to its resources.
Note: If the domain is to have a proxy server, then if possible, assign two
maxSTATIONs to be proxy servers. This provides redundancy in the event
that one should fail.
5. In the Domains and Access fields, specify which domain(s) this station is a
member of. Select configured domains (shown by domain number and name)
from the pull-down box.
6. To the left of each Domain and Access field that contains a station name is a
small button. Click on this button to open the Select Access pop-up. Click
one of the four radio buttons to configure access privileges for the associated
station.
When you select an access privilege, the button next to the Domain and
Access field bears a single letter character corresponding to the access
privilege you selected. For instance, if you select direct read/write access,
the letter D appears on the button face.
Click the Copy and Paste buttons to copy and paste a stations information
to easily create stations with like properties.
Click the Sort Names button to perform an alphanumeric sort for all entered
workstation names.
When you are finished editing the Domain Configurator, select one of three
save and exit options available as button choices at the bottom right of the
dialog.
Click the Check and Save button to perform a check of the entries that you
have made to date. The Domain Configurator then updates the wks.ini file.
Click the Quit and Discard button to cancel all of the edits that you made
since the last save, and exit the program.
Click the Exit and Save to save all of your edits to date and exit the
program.
When you have completed and saved all your edits, the Domain
Configurator creates a Wks.ini file, which it stores at
C:\Custom\Database\Wks.ini file. Here is an example wks.ini file created by
the Domain Configurator from the above example:
; C:\Custom\Database\Wks.ini file
; _______________________________
;
; This File should be identical on all workstations
;
;Domains
;
DOMAIN 4: ALMGEN3, *.*
;
;Stations
;
[172.16.160.4]MCSNT55,, 4
[172.16.160.35]VALIDAT1,, 4
[172.16.160.36]VALIDAT2,, 4
[172.16.160.55]VALIDAT3,, 4
[172.16.160.56]VALIDAT4,, 4
[172.16.160.60]VALIDAT5,, 4
;
Filter strings, which you enter in the Filter field appearing on the Domain
Configurator Domains tab, may consists of tag names, HIDs, or a
combination of both. See figure.
If the tagname is not registered, a search is made of the domain filters to see
if there is a match.
The attribute for the default domain (_rrs.setdefaultdomain) can be set and
changed at any time. For example, a display can contain a maxSCRIPT that
changes the default to temporarily default to a specific domain.
Note: if there is more than one domain filter for a given domain then a
tagname match on any filter constitutes a match for that domain.
where:
<alias name> - any valid service name or hid. Typically different from the
original by prefix. For example 1PID101 may become 15PID101 where 15
is a common domain, and 1 is the domain where the point originates
Examples:
15,15pid101,1pid101
15,/unit15/fuel/air/point1,1pid101
Security
The proxy point is accessible by any station with read/write or read access to
the domain in which the alias is registered. The security token must be valid
as in remote or proxied access. That is either the level 9 password, or the
currently logged in password needs to be the same between the client station
and the station with the proxy for a write to be allowed.
Restrictions
There are no alarms for the alias point displayed on the station with alias
access.
Before using these two facilities to investigate problems, make sure the
wks.ini file is distributed throughout your system. A missing file is the
number one reason for lack of communications.
Designate a station as the master for wks.ini and DPUlist.ini. This should be
the station normally used to configure the system, as maxTOOLS4E
automatically updates DPUlist.ini. Propagate this file to all other stations
whenever a Workstation or DPU is added or removed.
Use the Transport Daemon dialog to find useful information for debugging
communications problems. The dialog should contain two happy faces for
Network A and Network B for each DPU or maxSTATION with which you
intend to communicate.
Figure 2-3 shows that Network B is not installed; the ? indicates that the
station has never communicated over this network. You can see both the
device name, and the IP address that is being used to communicate.
2. Click the Point List button at the top of the dialog to access the
GetSortList dialog. The dialog shows a list of points (normally one page
at a time) that this station recognizes.
List of Points
Type a partial
tag name here
to filter the
list
If the point you are expecting to see is not here, determine whether you are
communicating with the device that contains the point, and that the point is
actually installed there. If it is a workstation you can use its point list to
confirm its presence. If you see it on the machine where it resides, but not on
other machines, perhaps it was not exported.
RRS Connections
Many destinations will be that of L2 Transports. You can track them back
by the main RRS dialog. You need to match up the connection listed in the
point list with the RRS connection in some cases to track down problems. In
the following example, (Figure 2-5), a point created in the station whose
address ends with 160.60 would, in the point list, have a connection number
of 21, and a quality of 80.
Connection
Number
Last two
digits of IP
address
Connection
on that box
Connection
Quality
Overview
Security Edit, a utility accessible only to the Administrator login, allows
system administrators to change maxSTATION passwords at any level, and
to select the default security levels for the operator and engineer groups.
The passwords, and the default levels, are stored in the stations Registry. As
part of this utility, the administrator can export (via floppy or other means)
the passwords and default levels and propagate them from one
maxSTATION to another so that like stations can be set up in a similar way.
The default passwords in effect when the software is installed are maxn,
where n is a single digit between 1and 9.
Modify passwords
Modify the default security levels
Export the passwords and levels to propagate them to another
maxSTATION.
Indicate if passwords are required when the user attempts to go to a
lower numbered security level.
Click the Export button in the Save to File area of the Security
Administration Dialog to open a dialog box to designate the path and
filename for the exported data. The default path, A:\Security.reg, writes the
data to a diskette to port to other maxSTATIONs.
You may choose another path, including the local hard drive, but to avoid
problems, use the same file extension. The passwords are encrypted in the
file, so if the file were to be edited, the passwords cannot be easily read.
Use Windows Explorer to point to the file, and then double-click on the file.
Because the files extension is .reg, the file will be recognized by Windows
Registry Editor, which will process the file, and then post a dialog box
stating that the data were entered into the stations registry.
NOTE: all of the maxSTATIONs that will be sharing data MUST have the
same passwords for any given security level. If they do not, then a station
may not be able to see the points that were exported from another
maxSTATION.
When this option is checked, password entry will not be required when
changing to a security level that is lower than the current level. In this mode
security level changes will behave like the earlier MAX-supplied systems.
When the box is unchecked, a password will be required when selecting a
level less than the current, except for the situations shown in the following
table.
From To
Current Level Selected Level Password required
9 Any No
Any 0 No
Overview
Security in a maxDNA system uses a multitiered approach consisting of:
Process Security
Domain Security; see "maxPROXY Inter Domain Security Issues."
Remote Access: see "Remote Server Security Issues."
Process Security addresses the issue of who can write to what. Essentially,
process level security controls a write action to a Software Backplane ID. It
is the DPU that ultimately determines whether to grant or deny a write
request. The decision is based on a security scheme that relates the security
level of the source station that made the request to the security attributes of
the target Id (service.attribute). A service is an Atomic Block or Custom
Block.
The Security Scheme is contained in special Atomic Blocks that are within a
DPU and is the same for all DPUs within a system. MAMC supplies a
default version of the scheme that was designed to fit most needs. MAMC
also supplies the tools to view, and if necessary, modify it to meet your
specific needs.
Note: if you are logged on as Administrator, you may also activate the
program using Windows menus. Click the Start button on the Windows
2. Review the default scheme and modify it if necessary. This may include
the following:
Download the configuration and security scheme to the DPU; now the DPU
will enforce the security scheme as part of its normal activity.
A system generally consists of multiple DPU4E pairs, each with their own
configuration and a copy of the Security Scheme Database that is the same
across all DPUs. Systems are shipped with the default Security Scheme. You
may view and modify the database using the security scheme utility,
however default database settings provide an out-of-the-box security
policy to cover the majority of users.
(Note: for each security level, ASC, or scheme, a Unique Name may be
assigned for readability and easy identification. Internally the values for each
of the elements are stored as a number within the range shown in
parenthesis).
0. Guest
1. LabData
2. Technician
3. Operator 1
4. Operator2
5. Supervisor
6. Tuner
7. Engineer1
8. Engineer2
9. ByPass
Except for level 9, these levels, used in combination with Attribute Security
Classes and schemes, suggest what areas of a process database such users
should be granted access. The default names may be edited or customized to
meet specific organizational needs.
1. From the Windows Task Bar, click Start and point to Programs, maxDNA,
Utilities, and click SetSecurity.exe to access the following pop-up:
2. Select a level and enter the password associated with that level.
The passwords for each level as well as the default Engineering and default
Operator levels are set via the MCS Security Edit utility. See Chapter 3.
Note: to run Security Edit, the currently logged on user must be a member of
the Windows Administrator group.
Changing security levels may not require a password, and depends on the
current and selected passwords, and the Password Entry mode selected via
the Security Edit program. The following table describes when a password is
required to change:
From To
Current Level Selected Level Password required
9 Any No
0 Any Yes
Any non-zero Default level for currently No
logged in user
Any non-zero A higher level Yes (unless selected level is the
default)
Any non-zero Any non-zero lower level Yes (unless the Password Entry
mode is set to allow lowering of
security levels without entering a
password).
In a typical process environment, users issuing writes tend to fall into a small
number of groups. To further enhance process security, it is possible to
group writeable points by a user/application class.
ModeChange
Targets/Commands
Ack Alarm
AlarmLimit
Tune/Adjust
Configuration
The eight MAMC-supplied ASCs cannot be changed. However, you may use
the Security Scheme Editor Utility to create up to eight additional ASCs that
can be applied to attributes of Custom Blocks and overrides of Atomic
Function attributes. Any new ASCs that you create become part of a
security database and are available from a maxTOOLS4E list box containing
known ASCs.
Use maxTOOLS4E to override the ASC associated with the attribute for a
specific Atomic Block using references. See "Reassigning Attribute
Security Classes." Use maxTOOLS4E to assign an ASC to the attributes of
a Custom Block. See Assigning Attribute Security Classes in Custom
Blocks.
To view ASCs:
1. Open the Point Browser and in the tree view expand the Online
Configuration folder and select the Atom Types by Station /Atl DLL
node.
The Attribute Security Class is the right-most column. The ASCs are shown
with the numeric values and the corresponding text as of the last
configuration download via maxTOOLS4E.
1. Open maxTOOLS4E and select a Custom Block from the Tree View
pane on the left to open its tabular detail.
2. Click on the Attribute Security Class field and click the down arrow to
open a drop-down box listing available ASCs.
>exposedName.newCategory
>exposedName.newCategory.newASC
Where newASC is the number of the desired ASC (0 15). The number
should correspond to one that has been assigned a name in the Security
Schemes Editor.
<newASC
Using Schemes
Schemes define, for each of the ASCs, the Security Levels that are write
enabled. Use maxTOOLS4E to assign a scheme to each Function Block. A
security database may consist of up to 16 individual schemes. Systems are
supplied with five default schemes that should cover most needs. Use the
Assigning Schemes
Every Function Block has the attribute SvcSecScheme, which contains the
security scheme value. When an instance of a Function Block is created the
SvcSecScheme is assigned a value of 0. See the following figure. Note
although numeric values are stored internally, their corresponding scheme
names, assigned via the Security Schemes Editor, are displayed in the
dropdown list box. Use maxTOOLS4E to change values and assign new
values.
To configure schemes:
1. Invoke maxTOOLS4E and open the tabular detail for a specific Atomic
Block.
Normal(0)
NonCritical(1)
Calibration(2)
LockedMode(3)
Secure points(4)
Bypass(5)
Note: when you click in a field containing this attribute, you may click a
down arrow to select from a list of available schemes.
When you first open the utility, the editor dialog opens in Scheme view. To
open the dialog in Attribute Security Class view or Level view, click the
appropriate buttons under Select View, appearing in the lower right corner of
the dialog. See Figure 4-1.
The Scheme Editor utility operates in two modes. If the currently logged-on
user is a member of the Windows Administrators group then the Editor
executes in read/write mode. Read/write mode allows the database to be
modified. Otherwise the editor executes in Read mode, allowing only view
access.
Note: While in Read mode the editor does allow modification of the screen
data; however the means of saving the edits to the database are disabled.
Each view uses a similar format, but the information is organized differently.
Each of the three views features tabs across the top of the dialog, which may
be scrolled horizontally using the left/right arrow buttons.
When you select a view, tab entries appear for that specific view. For
instance, when the dialog opens in Scheme view, tabs representing each
available scheme appear. When you select Attribute Security Class view,
tabs for each available ASC appear.
On any given view the fields that are editable have a white background,
while non-editable fields have a gray background.
In Levels view and Schemes View, rows for Attribute Security Classes
appears on the left. In Attribute Security Classes view, a Schemes row
appears on the left.
The Security Scheme Editor Utility dialog is opened to Schemes view. This
view displays the settings for one scheme at a time. A scheme is selected
from the tabs at the top of the screen. From that view, the ASCs are listed
vertically and the Security Levels are listed horizontally, in a grid-type form.
The corresponding number of each name field is shown along side of it.
For example, on the scheme named Normal suppose Level 3 is the only
level enabled for ASC ModeChange. Also suppose that the Atom XYZ
was assigned to Scheme Normal via its SvcSecScheme attribute. Then at a
workstation with a Security Level 3, an operator can write to any attribute of
atom XYZ that has an ASC of ModeChange. If the workstation is changed
to any other Security Level, Write access to these same attributes would fail.
1. Open the Security Scheme Editor Utility dialog and select a view:
2. Select a tab at the top of the dialog and click on checkboxes in the two-
dimensional table to toggle the state of a specific setting.
3. In read/write mode, click the Save button to permanently save database edits.
4. Click the Exit button to close the dialog. If any edits have not been saved,
you are prompted to save or discard them.
The Name elements can be edited only from their respective views. For
instance, Scheme names can be changed only from the Scheme view; it is
grayed-out on other views. Note: the first eight ASC names are reserved for
MAMC use and cannot be changed.
In the various views, a text field associated with a number may contain a
corresponding Unique Name. For example, under schemes the numbers 00
correspond to the scheme called Normal. Under workstation security levels,
the numbers 03 correspond to Operator1. Additionally, in cases where a
user-defined class or scheme has not been defined, the name field appears
blank.
C:\MCS\Displays\MN\SecuritySchemeView\SecuritySchemeView.mn
The display reads the Security Atoms from the selected DPU and presents
the data in exactly the same format as the MCSSecuritySchemesEditor. The
only difference is that all fields are grayed out indicating that no changes can
be made.
Note: Although the display is supplied with the maxVUE Runtime software,
you must set up the screen navigation to access this from their system
displays.
For sbpIds that are not listed in Proxy.ini, the second factor applies which is
that the passwords for the nine security levels must be the same in both
stations. If so, the sbp write will be accepted and passed on the destination.
Otherwise, it will be rejected and sent back to the source station with an sbp
error status of SBP_E_AUTHENTICATION_REJECTED (0x86).
After maxPROXY passes the sbp write onto the destination station, the third
factor applies which is the standard process security assigned to the target
sbpId (i.e. tag.attribute). The security level of the source maxSTATION, the
scheme of the service and the ASC of the attribute will determine if it is
accepted or rejected by the destination DPU4E.
The second factor that applies is that the passwords for the levels in the
levels=field must be the same in the remote maxSTATION and the
maxSTATION running RemoteServ. If so, then a change to this security
level will be accepted. Otherwise, it will be rejected and sent back to the
source station with an sbp error status of
SBP_E_INCORRECT_PASSWORD.
After RemoteServe modifies the sbp write message to contain the remote
stations current security level, it passes the sbp write onto the destination
station. The third factor would then be applied which is the standard process
security assigned to the target sbpId (i.e. tag.attribute). The security level of
the source maxSTATION, the scheme of the tab, and the ASC of the
attribute will determine if it is accepted or rejected by the destination
DPU4E.
If Security Level of Source Station is write enabled for this attrASC in svcScheme
then allow the write (Status = SBP_OK)
else reject write (status = SBP_E_OPERATION_DISALLOWED)
Overview
The maxPAC Input/Output System links the maxDNA Distributed Control
System to real world process control inputs and outputs. The number and
mix of I/O modules that may be configured depend on your specific
application requirements, DPU loading, and physical limitations associated
with a maxDNA system. To make it easier and quicker to estimate the
number of I/O modules required, taking into consideration system limits, use
the I/O Configurator estimation tool.
This tool takes the guesswork out of configuration estimating, since it checks
for known system limitations, and even warns you when you enter a
configuration mix that approaches or exceeds these limits.
Once you use the tool to specify an I/O configuration that stays within
system limits, it may be saved and exported to a text file, reloaded for
additional editing, or imported to maxTOOLS4E.
Addressing limitations
Maximum number of I/O modules by type
Addresses per module
Electrical bus limitations
Burst limits
Service time base
Bus Extender Module (BEM) limitations
Software version
While a DPU supports up to 60 I/O per location, as noted, a link delay exists
that is proportional to distance. The Extender circuits themselves introduce
very little delay.
The distance factor primarily impacts Digital Input modules set for SOE
operation. This is caused by the need to scan all SOE cards every 1 ms.
For example, at 2,500 feet, a DPU 4E can have 14 DI modules set for SOE.
No other restrictions limiting the number of cards exist. For instance, the
number of thermocouple or analog cards does not decrease because of
distance.
AIs TCs
The sum of the "burst cards" for each Service Time Base cannot exceed the
table size for that Service Time Base.
(Alternatively, from the Windows task bar, click Start, point to Programs,
DPU4E Utilities and click I/O Bus Configuration Limits).
The dialog consists of areas for specifying options and for entering I/O
modules types organized by service time base, normal, high, and critical.
The balance of the dialog consists of percentage bars that indicate how much
of the system resources are used by the configuration.
The percentage bars are colored green to indicate that the configuration is
within system limits. If any percentage bar exceeds 90 percent, the bar graph
turns yellow. If any percentage bar exceeds 100 percent, the bar graph turns
red.
The two Resources bars represent IOP cycle time and address capacity. The
IOP processor in the DPU processes I/O every millisecond. The millisecond
percentage bar represents the percent of the 1msec cycle consumed by the
current configuration load.
The dequeue rate percentages bars measure how fast queue items, processed
by the IOP, are moving through five separate queues. The rate that queue
items enter a queue cannot exceed the rate that queue items leave the queue.
Should this occur, an overflow condition exists.
Dequeue rates are directly related to service time base selections (Normal,
High, and Critical). If any queue shows an overflow condition, make
adjustments to time base assignments.
The burst table space and queue space percentage bars represent the size of
the queue space consumed. The burst table space represents the address
space consumed by I/O modules defined as burst cards. Under Normal and
Critical, up to 32 addresses are permitted, respectively. Burst cards should
not be assigned to the critical time base category.
The Errors status area, in the upper right corner of the dialog, summarizes
the status of resources that the I/O Configurator monitors, consisting of:
When a resource in any of these four categories exceeds its limit, the field
next to the category name turns from green to red and the word bad appears.
1. In the Options area of the dialog, select a software version that matches
the version installed on your system. Click the drop-down arrow to
select 2.X or 3.X.
2. In the field labeled #BEMs, enter the number of Bus Extender Modules
(BEMs) you plan to use. Enter a number from 0 to 8.
3. Note: when you specify a BEM range, the tool adds a BEM tab to the
dialog for each BEM.
4. In the timer fields, enter a range in milliseconds for the service time
base. Use the following ranges or accept the default entries:
5. In the Card Select column, click the drop-down arrow next to each
available window field to select an I/O module.
6. For each selected module type, enter how many of that module type will
be needed by scheduling priority as Normal, High, or Critical. As you
enter numbers under each column, a subtotal appears at the bottom of the
columns. Additionally, a grand total appears beneath the subtotals.
Note: you may specify up to 60 modules per DPU. If you also specified
BEM requirements, each BEM is deducted from the total, since a BEM
counts as a module.
In the Options area, specify the number of BEMs you will require. When
you specify a BEM quantity, the I/O Configurator creates BEM tabs for the
quantity specified.
Use the Local tab to specify I/O module types. In the Card Select column,
click the drop-down arrow next to each available window field to select an
I/O module.
Click a desired BEM tab and specify the distance between the remote BEM
rack and the DPU.
On the BEM tab specify a module quantity by type and service time base
(normal, high, critical).
To save a configuration:
Create a configuration using the I/O Configurator and click the Save button
at the bottom of the dialog.
A dialog prompts you to save any current edits to the configuration. Click
Yes or No. If you click No, current I/O Configurator edits will be lost.
A new dialog appears allowing you to save the configuration with an .ibc
(I/O bus configuration) extension or a .dat extension. Assign a name to the
configuration file, select a directory location, (or accept the default location),
and click Save.
A dialog asks if you would like the ability to import the saved file to
maxTOOLS4E. Click Yes or No.
To reload the configuration, click the Load button to access a directory and
double-click on the desired file name. The file will open in the I/O
Configurator.