Professional Documents
Culture Documents
Public Information
Document Updates
Revision Location Description
Updated to state CSV to Live Data configuration moved to the
Variables Tab
R Live Data.csv File Interface
Updated the figure displaying the CSV To Live Data item in Variables
tab Tree View
Updated the installation folder location containing the LiveVarsToCsv.
exe and updates to include the OPC UA server
Q Live Data.csv File Interface
Updated the figure displaying the CSV To Live Data item in Variables
tab Tree View
New Chapter describing the Enable Client Security By User property,
P OPC DA Client Privileges
used to enable or restrict OPC DA or OPC UA user client privileges
Added a new .csv file format column, updated the existing screenshot,
N Live Data.csv File Interface
and added a paragraph providing the variable name formats
OOS Out-of-service
OPC A standard for data exchange in the industrial environment
2 Features
The OPC server is OPC DA 2.05 and 3, as well as Ethernet Global Data (EGD) 3.04 compliant. The OPC DA 2.05 and 3.0
compliance is verified using the OPC Foundation Compliance Test Tool. It is a Class 4 EGD server, which means that it can
respond to EGD configuration HyperText Transfer Protocol (HTTP) requests, using all Communication Center of Excellence
(CoE) .xml configuration formats (Class 3) and is able to adapt to EGD configuration changes to consumed EGD nodes
(Class 4). It also:
Note Changes to configuration using the ToolboxST* application do not require a service restart, but are made through a
WorkstationST* device download and requires the ToolboxST application to produce .xml files.
Note The OPC DA server listens to EGD messages on the EGD port, which conflicts with older versions (prior to release
V02.03.03C) of the EGD Integrated Control Network (ICN) service. Refer to the section EGD ICN Service with
WorkstationST.
• DeviceName.variable
• DeviceName.program.variable
• DeviceName.program.block.variable
Note With the release of the ToolboxST application version 4.0, a variable can be configured with an alias property (alias
name). This adds alias names to the OPC DA server browsable namespace.
The variable name in the OPC DA server is the same as the name used by the ToolboxST application.
Note When displaying public variables in a Mark VIe device, the device name at the start of the variable does not display.
However, the device name displays when the variable is viewed from another component.
• 5000 Boolean variables changed at 640 ms, and updated on one EGD exchange at 1000 ms
• 10000 floating point variables changed at 32 ms, and updated on 40 EGD exchanges at 1000 ms
• 100 floating point variables changed at 32 ms, and updated on one EGD exchange at 100 ms
The server maximum client connection rate was set to 10 ms and one client with one group was connected with a rate of 100
ms. With the client connected, the OPC DA server used between 20 and 30 percent of a Pentium® 4 2.6 GHz CPU. Without
the client connected, the CPU utilization was around 10 percent.
➢ To open the GE OPC DA Server Monitor screen: from the Start menu, select Programs, GE ControlST, OPC
DA Server, and GE OPC DA Server Monitor.
Argument Definition
/help Display this help
/build Bind the EGD configuration from SDB and EGD Configuration Server, build
configuration files needed by OPC DA Server Service and request service to read
configuration (if no errors on bind)
/useWithErrors Request service to read configuration even if there are errors on bind
Select components to be built into the configuration. All audible EGD variables are placed in the OPC DA server. Variables
are audible if the EGD exchange on which they reside is being sent to a destination (broadcast, directed, or multicast) that the
server can hear.
Note The address and subnet mask settings should match a network adapter used by the OPC DA server computer.
The Producer Device Name displays in the lower-left corner of the window. If the producer information cannot be obtained
from the EGD Configuration Server, click the Edit PC Network Settings icon to change the settings for this computer. For
example, if you wanted to consume an EGD component that was broadcasting a page to 172.20.255.255 on the network Unit
Data Highway (UDH), you could add a network in the Edit PC Network Settings dialog box, then enter the address, subnet
mask, and network name to hear this broadcast (for example, 172.20.100.10 mask, 255.255.0.0 network name UDH).
Note If the EGD Generic Device editor is installed, the Launch Generic EGD Editor button displays.
Note For Class 3 devices, data retrieval is attempted from the device. If that fails, a retrieval is attempted from the EGD
Configuration Server.
Changes to a component’s configuration that do not effect the EGD exchange are still sometimes required by the OPC DA
server or some other feature of the WorkstationST application. For example, a configuration may be downloaded to a Mark
VIe component with new alarm information or data logging information. Mark VIe components have the application minor
revision on the status page for the R, S, and T controllers. Mark VIe components also have the Dynamic Data Recorder
(DDR) revision on the default EGD page for R, S, and T controllers. The OPC DA server monitors the EGD variable values
for MinorRevisionX (X = R, S, or T) and DDRRevisionX. When the OPC DA server’s revision (kept in the EGD symbol table
for each component) does not match at least one of the R, S, or T revisions, the OPC DA server requests a configuration
update for the EGD symbol table for that component.
Note The period, which is user-configured as an exchange on a page, is the rate at which the exchange is sent.
➢ To show redundancy: From the WorkstationST Component Editor EGD tab, select the Produced Page to
check.
Health Timeout Multiplier can be configured for each Produced Page. If the health timeout multiplier is greater than 0, and
at least one page variable is written by a data source within the timeout multiplied by the page period, the page is sent by the
primary producer (or the secondary if the primary is not producing). A flag allows the first variable in the page (the one at
offset 0.0) to be the only variable monitored to determine the data source health.
With the release of ControlST software suite V04.05, the Client Driven Variables item was moved to the new Variables tab
and renamed WorkstationST Variables as displayed in the following figure.
The WorkstationST OPC DA server provides EGD and other data to OPC DA clients. If redundant data must be sent to
multiple OPC DA clients, multiple WorkstationST computers can be configured and each OPC DA client can connect to a
different WorkstationST OPC DA server. The OPC DA client must determine page health and select the best source.
10 TCI Plug-in
If the Mark V feature in a WorkstationST component is enabled, then it starts the GeCssTci System Service to communicate
with Mark V controllers. The OPC DA server uses the TCI data plug-in to communicate with the GeCssTci System Service to
retrieve the list of variables in the Mark V controllers and to exchange real time data and commands. There are no additional
configuration steps required for this plug-in. The Mark V feature creates the required symbol table automatically from the
Mark V configuration files. This plug-in also makes Mark V communication status available in the Additional Information
section of the OPC DA server in the WorkstationST Status Monitor.
When the OPC DA or OPC UA server is enabled, and whenever the specified .csv file is changed, the live values are read and
set to the variables specified in the .csv file. The variables can be any writable variables to which the WorkstationST has
access. For example, a client-driven variable can be defined and put onto an EGD Produced Page. This variable’s value is
then updated from the .csv file values. Any errors display in the Component InfoView Status tab.
If CSV Uses New Format is True, the .csv file format is a variable name with a value on each line, for example:
Var1, 3.7
Var2, true
Var3, 4.5
If CSV Uses New Format is False, the .csv file format is one line of variable names and a second line of data values, for
example:
Var1,Var2,Var3
3.7,true,4.5
The utility LiveVarsToCsv.exe, which is located in the WorkstationST Features installation folder, is used to read a snapshot
of live values and write them to an output .csv file. The command line utility’s syntax is as follows:
LiveVarsToCsv [options] <varCfgFileName |
var1,var2,var3...> <outputFileName>
• Error
• Warning
• Online
In addition to the network monitor variables, each WorkstationST computer and MarkVIe controller provides a default
_Status page on EGD. The WorkstationST computer monitors the variables on the _Status page and provides their live values
to OPC DA clients.
The ToolboxST application uses an SDI live connection to obtain live values from the WorkstationST OPC DA server. A new
live updated status message provides the ToolboxST application access to the above network status. Using this list between
the ToolboxST application and a local WorkstationST computer does not create any additional network traffic. The OPC DA
server obtains the status information through EGD updates of _Status pages and from the Network Status Monitor Client
feature.
Attribute Description
AlarmAckCmd If the variable is an alarm, write to this attribute to acknowledged the alarm.
AlarmAckNeeded True if the variable is an alarm and the alarm needs to be acknowledged.
AlarmActive True if the variable is an alarm and the alarm is active.
AlarmConfigured True to indicate the variable is configured for an alarm.
AlarmIsOutOfSvc True when an alarm is currently out-of-service
AlarmIsShelved True when an alarm is currently shelved.
AlarmLocked True if the variable is an alarm and the alarm is locked.
AlarmOutOfSvcEnabled True if out-of-service has been enabled for this system using the ToolboxST system overview.
AlarmPriority The priority for the alarm. Analog alarm priority can be changed based on the alarm level.
AlarmResetCmd If the variable is an alarm write to this attribute to reset the alarm.
AlarmResetNeeded True if the variable is an alarm and the alarm can be reset.
AlarmShelvingEnabled True if shelving is enabled for this alarm. Shelving is enabled for a ToolboxST system in the
properties in the system overview and additionally each variable’s alarm shelving can be
enabled.
AlarmState The alarm state text for an alarm variable.
AlarmSymbolKey A string representing the alarm symbol to be used for this alarm. BQ = Bad quality or alarm
client not connected to alarm server. OO = out-of-service. AS = Shelved alarm.
<alarmClass>AU = active unacknowledged for specified class. <alarmClass>AUB = active
unacknowledged for specified class (class configured to blink). <alarmClass>AA = active
acknowledged for specified class. <alarmClass>alarmClass>NA = returned to normal and
acknowledged for specified class. <alarmClass>NU = returned to normal and
unacknowledged for specified class.
AlarmText The alarm text for an alarm variable.
AlarmTimeStamp The device time stamp for an alarm variable.
• The destination variable must be writable. (Note, if the destination variable is a writable consumed EGD data point or a
point in an external OPC DA or OPC UA server, the consumed EGD device or external OPC UA/DA server may limit
the rate at which writes are allowed. If the rate is reached, you should see write errors in the OPC UA or OPC DA server
detail logs.)
• This feature is implemented in the OPC UA server if the UA server has been enabled. Otherwise it is implemented in the
OPC DA server.
• The data type must match between the source and the destination of each mapped variable.
16 Configure DCOM
The Distributed Component Object Model (DCOM) utility allows components to communicate across network boundaries
but is also involved with client to server interaction on the same computer. DCOM is configured for both the server and client
computers using dcomcnfg.exe.
Note This does not apply to computers using Windows workgroups. Refer to the section Windows Workgroups Example.
DCOM must be configured to allow the client user access to the server computer, and the server user access to the client
computer. The server user is the system account on the server computer. Adding DOMAIN\ComputerName into the access
permissions allows access by the server to the client.
➢ To configure default properties: from the Component Services screen, right-click My Computer and select
Properties.
Click OK .
This configuration is the default. The Default Authentication Level on the client computer should either match, or be more
restrictive than the authentication level on the server. When a DCOM connection is attempted, the higher of the two levels is
used. If the server is configured for Connect level, and the client is configured for None, the client is rejected. This
authentication process occurs before any other DCOM security is checked.
Note Windows defaults the access permissions to allow access for both system and self. To allow any client to connect, you
must add Interactive with Allow Access permissions to the Default Access permissions.
The server is configured to run as a service and, by default, runs as a system. To receive live data updates, the client computer
must allow the system account from the server computer remote access.
Click OK .
Enter the computer name and click Check Names to verify the computer exists in
the domain .
Click OK .
In the above example, the computer named Corsair contains the OPC server. Corsair is added with access to this computer.
Add the same computer setting to the Limits for Access, Limits for Launch and Activation, and to Default for Launch and
Activation. Repeat this procedure for both Client and Server computers.
If the logon was changed to a different user, add the user computer rather than the server computer. Refer to the
WorkstationST OPC AE Server Instruction Guide (GEI-100624), the section Changing the OPC AE Server DCOM Settings.
Note The System user is not the same as the Administrator user.
When a client running as System tries to connect to another computer in a workgroup, that client has no network credentials.
If the computers were in the same Windows domain, the client System user can be identified, but when using workgroups, the
remote server computer cannot identify the client user. Under these conditions, the client is seen by the server as Anonymous
Logon user.
Note Permissions must be applied to the server computer to allow the client to communicate to the server (connect, browse,
read, write). For the server to respond with data change notifications, the settings must be applied to the client computer.
Ensure that the Authenticate Users as Themselves local security policy has been set correctly.
Both the computers must be in the same workgroup and have an identical account and password on each. This common
account is the account under which the OPC DA client runs. This account should be included in the Default Access and
Default Launch and Activation Privileges with Remote Access enabled.
The default properties of the computer are left as the Windows default. For information on running dcomcnfg.exe and
changing computer properties. Refer to the WorkstationST OPC AE Server Instruction Guide (GEI-100624), the section
Configuring DCOM.
Note If ANONYMOUS LOGON is not on the list of Group or user names, refer to the section Add an Anonymous User to
add it.
Repeat these steps for Edit Default in Access Permissions, Edit Limits and Edit Default in Launch and Activation
Permissions, verifying that all Allow check boxes are selected for each user or group.
O pc E num d i sp l a ys a f t e r t h e W o rkst a t i o n ST
a p p l i ca t i o n i s i n st a l l e d .
Click OK .
Note If you change the Logon As setting, you must also change the DCOM identity setting to match.
16.5.1 Abstract
OPC server vendors have two approaches to networking:
• The client can connect to a local server to use the existing proprietary network scheme. This approach will commonly be
used by vendors who are adding OPC capability to an existing distributed product.
• The client can connect to the desired server on a target machine, then use DCOM for networking. This approach may be
used in conjunction with the above approach.
Using DCOM for remote OPC client/server communications is necessary for cross-vendor interoperability. Consequently,
there are several issues that surface in the design, development, implementation, and deployment of distributed
(DCOM-enabled) OPC components.
DCOM can make distributed applications secure without any security-specific coding or design in either the client or the
component. Just as the DCOM programming model hides a component's location, it also hides the security requirements of a
component. The same (existing or off-the-shelf) binary code that works in a single-machine environment, where security may
be of no concern, can be used in a distributed environment in a secure fashion.
DCOM achieves this security transparency by letting developers and administrators configure the security settings for each
component. Just as the Windows NT File System lets administrators set access control lists (ACLs) for files and directories,
DCOM stores Access Control Lists for components. These lists simply indicate which users or groups of users have the right
to access a component of a certain class. These lists can easily be configured using the DCOM configuration tool
(DCOMCNFG) or programmatically using the Windows NT registry and Win32® security functions.
Whenever a client calls a method or creates an instance of a component, DCOM obtains the client's current username
associated with the current process (actually the current thread of execution). Windows NT guarantees that this user
credential is authentic. DCOM then passes the username to the machine or process where the component is running. DCOM
on the component's machine then validates the username again using whatever authentication mechanism is configured and
checks the access control list for the component (actually for the first component run in the process containing the
component).
If the client's username is not included in this list (either directly or indirectly as a member of a group of users), DCOM
rejects the call before the component is ever involved. This default security mechanism is completely transparent to both the
client and the component and is highly optimized. It is based on the Windows NT security framework, which is probably one of
the most heavily used (and optimized!) parts of the Windows NT operating system: on each and every access to a file or even
to a thread-synchronization primitive like an event or semaphore, Windows NT performs an identical access check. The fact
that Windows NT can still compete with and beat the performance of competing operating systems and network operating
systems shows how efficient this security mechanism is.
There are three main issues: authentication, launch (activation) permission, and access (call) permissions, which all operate
more or less independently of each other.
The first thing Windows NT does is to authenticate the user (as in the figure above). Whether or not this is done depends on
the authentication level defined in DCOMCNFG. This level is specified by both the client and server machines: the server
specifies the minimum required authentication level for incoming calls (any call that comes in below this is automatically
rejected via E_ACCESSDENIED), and the client specifies it’s required authentication level for each interface call. COM
automatically uses the higher of the two settings. More information on these settings can be found in the HELP file for
DCOMCNFG.
Once the user has been authenticated, two additional types of security are defined in DCOM: activation security
(permissions) and call security (permissions).
Activation security controls which classes a client is allowed to launch and retrieve objects from, and is automatically applied
by the Service Control Manager of a particular machine. Upon receipt of a request from a remote client to activate an object,
the Service Control Manager of the machine checks the request against activation setting information stored within it’s
registry.
DCOM Overview
Note For new applications, when assigning IP addresses, the computer network connection's primary IP address should be
assigned to the WorkstationST computer. Other processes can use secondary addresses. It is important for the WorkstationST
computer to have the first address if it has been configured to produce EGD containing read/writable variables. If the
WorkstationST computer is not producing EGD, or is not producing any read/writable variables, this note does not apply.
Note In order for the EGD Command messages to be correctly routed, it is necessary for the primary (first) network
connection address to be the WorkstationST computer address.
When a download occurs, the EGD server portion of WorkstationST computer attempts to bind to the specified addresses.
Public Information