PlantPAx System Infrastructure Configuration User Manual

PlantPAx System Infrastructure Configuration User Manual
User Manual
PlantPAx Distributed Control System
Infrastructure Configuration
Important User Information
Read this document and the documents listed in the additional resources section about installation, configuration, and
operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize
themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards.
Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required to
be carried out by suitably trained personnel in accordance with applicable code of practice.
If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be
impaired.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use
or application of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and
requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for
actual use based on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software
described in this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is
prohibited.
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.
WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment,
which may lead to personal injury or death, property damage, or economic loss.
ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property
damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.
IMPORTANT
Identifies information that is critical for successful application and understanding of the product.
Labels may also be on or inside the equipment to provide specific precautions.
SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous
voltage may be present.
BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may
reach dangerous temperatures.
ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to
potential Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL
Regulatory requirements for safe work practices and for Personal Protective Equipment (PPE).
Allen-Bradley, CompactLogix, ControlFLASH, ControlLogix, FactoryTalk, Incuity, Integrated Architecture, INTERCHANGE, Logix5000, NetBIOS, Open Controller, PanelView, PlantMetrics, PlantPAx, PowerFlex,
PowerMonitor, Rockwell Automation, Rockwell Software, RSBizWare, RSLinx, RSLogix 5000, RSMACC, RSView 32, Stratix, Studio 5000, Studio 5000 Architect, Studio 5000 Logix Designer, Trusted, VantagePoint, and
ViewPoint are trademarks of Rockwell Automation, Inc.
Trademarks not belonging to Rockwell Automation are property of their respective companies.
Table of Contents
Preface
Purpose of the User Manual. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Manual Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Action Identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Configure Programs Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 1
Configure Network Infrastructure
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PlantPAx Topology Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Initial Switch Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Verify Workstation IP Address Settings . . . . . . . . . . . . . . . . . . . . . . . .
Configure the Switch Express Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Login to Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable CIP VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable Rapid PVST+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable Precision Time Protocol (PTP) . . . . . . . . . . . . . . . . . . . . . . . . .
Layer 3 Switch Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable Switch Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Smartports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Define Port Descriptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create Routing and Enable HSRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Layer 2 Switch Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Set Up Layer 2 Access Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Controller-level Switches . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable a Device Level Ring (DLR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Layer 2 I/O Switch Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
I/O Connection Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13
14
18
18
19
21
22
24
26
28
29
29
30
34
35
40
40
42
44
45
45
Chapter 2
Configure System Servers
Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure the Parent Domain Controller . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure a Child Domain Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable DHCP in the Domain and Child Controllers . . . . . . . . . . . . . . .
Add DHCP Server Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable DHCP Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Join the Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Confirm Computers in DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . .
Confirm Computers in DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . .
Create Groups and Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Assign Users to Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
47
49
56
63
63
66
68
71
74
77
78
79
82
3
Table of Contents
Chapter 3
Configure Group Policy Management Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Default Domain Controller Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Configuring the NTP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Enforcing the Domain Controller Policy . . . . . . . . . . . . . . . . . . . . . . . 94
Default Domain Policy (NTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Enforcing the Domain Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
PlantPAx Users Policy Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Define Group Access Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
USB Drive Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Software Access Restriction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Chapter 4
Configure FactoryTalk Components
Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure the FactoryTalk Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Define Network Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use FactoryTalk Activation to Apply Licenses . . . . . . . . . . . . . . . . . . . . .
Open Activation Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use FactoryTalk Patches From the PCDC . . . . . . . . . . . . . . . . . . . . . . . .
111
113
115
116
119
119
121
Chapter 5
Configure FactoryTalk Security
4
Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure FactoryTalk Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . .
External Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal Users and Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Define FactoryTalk System Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use Default Terminal Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use the Same FactoryTalk Log In . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Restrict Application Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Security Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Define the Security System Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Define FactoryTalk Product Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
127
129
129
132
135
135
136
137
138
139
141
Table of Contents
Chapter 6
Configure the Controller
Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use Architect for Controller Initiation . . . . . . . . . . . . . . . . . . . . . . . . . . .
Change Controller Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Network Adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Synchronize the Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure RSLinx Classic Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Download the Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable Controller Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create a Controller Logical Name . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Authority Identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Communication Restrictions. . . . . . . . . . . . . . . . . . . . . . .
Configure Data Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Code Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
143
145
147
150
152
153
156
157
159
160
163
164
165
Chapter 7
Configure Time Synchronization
Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Time Sync Via the Clock Sync Tool . . . . . . . . . . . . . . . . . . . .
Configure PTP Time Synchronization for Ethernet Bridges . . . .
Switch Port Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure PTP Time Synchronization for Controllers . . . . . . . . .
Configure GPS Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . .
172
174
176
177
178
179
Chapter 8
Configure the Process Automation
System Server (PASS)
Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Servers on PASS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure the HMI Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Primary HMI Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure the Data Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure the Alarm and Event Server . . . . . . . . . . . . . . . . . . . . . . . .
Commit Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Redundancies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable HMI Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable Data Server Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable Alarm and Event Redundancy . . . . . . . . . . . . . . . . . . . . . . . . .
Create Alarm and Event Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Define HMI Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure FactoryTalk SE Security . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure PanelView Plus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create a FactoryTalk View ME Project. . . . . . . . . . . . . . . . . . . . . . . .
Configure FactoryTalk View ME Security . . . . . . . . . . . . . . . . . . . . .
Configure Time Synchronization for PanelView Terminals . . . . .
Download the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
181
183
183
185
185
188
192
194
195
195
203
206
208
211
211
216
216
223
228
231
5
Table of Contents
Chapter 9
Configure an Application Server
Information Server (AppServ-Info)
Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
FactoryTalk Historian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
FactoryTalk VantagePoint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure FactoryTalk Server Collective . . . . . . . . . . . . . . . . . . . . . . . . . .
Create a Firewall Rule for Primary Historian Server . . . . . . . . . . . .
Create a Firewall Rule for Secondary Historian Servers. . . . . . . . . .
Change the Historian Identification . . . . . . . . . . . . . . . . . . . . . . . . . .
Set Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create a Server Collective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure a FactoryTalk Historian SE Server . . . . . . . . . . . . . . . . . . . . . .
Create a Historian Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Delete the Default Node Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create a Synchronization Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure a Node Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure Primary Node Interface Server. . . . . . . . . . . . . . . . . . . . . .
Configure Secondary Node Interface Server. . . . . . . . . . . . . . . . . . . .
Configure FactoryTalk Live Data Connectors . . . . . . . . . . . . . . . . . . . . .
Configure a FactoryTalk Live Data Primary Connector . . . . . . . . .
Configure a FactoryTalk Live Data Secondary Connector. . . . . . .
Confirm Unit Failover Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure FactoryTalk Historian Connectivity . . . . . . . . . . . . . . . . . . . .
Configure a Microsoft Excel Add-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure FactoryTalk VantagePoint Historian Tags . . . . . . . . . . . . . .
235
235
235
237
237
240
241
243
249
254
254
258
260
262
262
268
268
269
272
278
280
282
287
Chapter 10
Configure Asset Management
(AppServ-Asset)
Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Configure Diagnostic Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
View Audit Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Appendix A
Access the Attachments
Open Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
How to Use Attachments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Appendix B
Define a Workgroup and DeskLock
Utility
Enable the Windows DeskLock Utility (optional). . . . . . . . . . . . . . . . . . 301
Appendix C
Firewall Configurations
Common Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Rockwell AutomationTCP/UDP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Index
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
6
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Preface
The PlantPAx® system provides a modern approach to distributed control by
using common technology (integrated architecture) shared with all other
automation disciplines within the plant. This approach creates a seamless
information flow across the plant to create optimization opportunities and
enables a connected enterprise.
Our scalable platform provides you with the flexibility to implement a system
appropriate for your application. Figure 1 shows the documents (this manual in
the highlighted section) that are available to help design and implement your
system requirements.
Figure 1 - PlantPAx System Implementation and Documentation Strategy
START:
Requirements
Define and
Procure
• Selection Guide
PROCES-SG001
Build
Prep
• Virtualization User Manual • Infrastructure User Manual
9528-UM001
PROCES-UM001
• Reference Manual
PROCES-RM001
Develop
Specific
Application
END:
Completed
System
• Application User Manual
PROCES-UM003
• Reference Manual
PROCES-RM001
• Library of Process Objects
PROCES-RM002
46276
• Define and Procure - Helps you understand the elements of the PlantPAx
system to make sure that you buy the proper components.
• Build - Provides direction on how to implement the PlantPAx system
architecture to help develop your application.
• Prep - Provides guidance on how to get started and learn the best practices
to develop your application.
• Develop Specific Application – Describes the actions and
libraries necessary to construct your application that resides on the
PlantPAx system.
Purpose of the User Manual
This manual provides screen facsimiles and step-by-step procedures to configure
infrastructure components for your system requirements. While flexibility and
scalability are among the strengths of the PlantPAx system, we offer suggestions,
such as how to set IP addresses and naming conventions, to help you get started.
We suggest that you perform the tasks in the order that is outlined in each
chapter. However, we explain each procedure from the start to help you reference
specific topics if you choose to skip around to other chapters.
Each chapter has a flowchart that summaries the topics, similar to a mini
Table of Contents. See page 8 for descriptions of the tools that are used in
the documentation.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
7
Preface
For instructional purposes, this manual uses visual tools to complement the
procedures. Icons that represent system elements are shown at the start of a
section to help identify the system element that is being configured. The
element’s abbreviation is listed with the icon for identification as shown in
the example.
Manual Conventions
Use a domain controller
with these procedures.
System Element Description
System Element Icon
System Element Identifier (see Table 1)
PADCA
See Table 1 for descriptions and abbreviations of the system element icons.
Table 1 - Visual Naming Conventions
Icon
Description
Abbreviation Element Names
Topic Page
Stratix™ switch
• Stratix 5400™ or Stratix 5410™ Layer 2 access switch
• Stratix 5700™ Layer 2 access switch
14, 19, 22, 24, 26, 28,
30, 40, 42, 45
Stratix switch
• Stratix 5400 or Stratix 5410 Layer 3 distribution switch
14, 22, 24, 26, 28, 29,
30, 35
PlantPAx Domain controllers
• PADCA(1) - PlantPAx parent domain controller
• PADCB(2) - PlantPAx child domain controller
47, 49, 56, 63, 66, 77,
79, 89, 94, 96, 100,
102, 106,
PlantPAx workstations
• OWS01(3) - Operator workstation
• EWS01(3) - Engineering workstation
74, 113, 121, 129, 132,
135, 139, 141, 145,
147, 150, 152, 153,
157, 176, 179, 183,
199, 208, 280, 301
PlantPAx Application servers
•
•
•
•
•
•
•
74,113, 185, 188, 192,
201, 203, 211, 235,
237, 241, 243, 249,
254, 278, 287, 287
Firewall
Firewall
115,171, 237, 240, 305
PASS
(Process Automation System Server)
• PASS01 - FactoryTalk® directory
• PASS02A(1) - Primary HMI server
• PASS02B(2) - Secondary HMI server
119, 174, 183, 195,
198, 260, 262, 268,
268, 269, 272
Logix controllers
• LGXC01 - Controller
• LGXC02 - Controller
143, 147, 153, 156,
157, 159, 160, 163,
164, 165, 176, 178,
ASIS01 - AppServ-Info SQL server
ASIH01 - AppServ-Info Historian server
ASIV01 - AppServ-Info VantagePoint server
ASAM01 - AppServ-Asset Management server
ASBM01 - AppServ-Batch server
ASEWS01 - AppServ-Engineering Workstation server
ASOWS01 - AppServ-Operator Workstation server
(1) A = Parent and/or Primary element
(2) B = Child and/or Secondary element
(3) EWS and OWS are used throughout the manual but the same procedures apply for AppServ-EWS and AppServ-OWS.
8
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Preface
Action Identifier
Dialog boxes have red boxes to identify areas that require some type of user
action, such as to type text or click ‘Next’.
Configure Programs Menu
We strongly suggest that you perform the following procedure in the system
computers to group folders under ‘Programs’ on the taskbar. When complete, you
access Windows and software folders by clicking the Programs
1. Click the Windows
symbol.
symbol.
2. Click Control Panel and choose Folder Options.
The Folder Options dialog box appears.
3. On the View Tab, select ‘Show hidden files, folders, and drives’
and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
9
Preface
4. Right-click in the taskbar, click Toolbars, and choose New Toolbar.
5. On the New Toolbar window, designate a path for your Programs folder.
For example:
C:\ProgramData\Microsoft\Windows\StartMenu\Programs.
6. Click Select Folder.
10
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Preface
Additional Resources
These documents contain additional information that concern-related products
from Rockwell Automation.
Resource
Description
PlantPAx Distributed Control System Selection Guide,
publication PROCES-SG001
Provides basic definitions of system elements and sizing
guidelines for procuring a PlantPAx system.
PlantPAx Distributed Control System Reference Manual,
publication PROCES-RM001
Provides characterized recommendations for
implementing your PlantPAx system.
PlantPAx Distributed Control System Application
Configuration User Manual, publication PROCES-UM003
Describes procedures to start development of your
PlantPAx distributed control system.
Rockwell Automation Library of Process Objects,
publication PROCES-RM002
Provides an overview of the code objects, display
elements, and faceplates that comprise the Rockwell
Automation Library of Process Objects.
Activate Rockwell Software® Products,
publication FTA-QS002
Explains how FactoryTalk® Activation generates
activation files and distributes them over the Internet to
activate software.
Converged Plantwide Ethernet (CPwE) Design and
Implementation Guide, publication ENET-TD001
Describes tested and validated industrial network
architectures, recommendations and best practices,
including network resiliency and security
Resilient Converged Plantwide Ethernet Architecture
Technical Data, publication ENET-TD010
Describes design considerations to implement a
scalable and secure CPwE architecture that helps
maximize plant efficiency.
Securely Traversing IACS Data Across the Industrial
Demilitarized Zone Technical Data, publication ENET-TD009
Describes requirements and design considerations to
deploy an Industrial Demilitarized Zone (IDMZ) within
Industrial Automation and Control System (IACS)
plant-wide architectures.
Ethernet Design Considerations Reference Manual,
publication ENET-RM002
Explains the infrastructure components that allow this
open network to communicate seamlessly throughout
a plant, from shop floor to top floor.
Integrated Architecture® and CIP Sync Configuration
manual, publication IA-AT003
Explains CIP Sync technology and how you can
synchronize clocks within the Rockwell Automation®
Integrated Architecture® system.
PlantPAx Virtualization User Manual,
publication 9528-UM001
Describes the catalog numbers and details for using
virtual image templates to configure virtual machines.
Product Compatibility and Download Center at
Website helps you find product-related downloads
http://www.rockwellautomation.com/rockwellautomation/ including firmware, release notes, associated software,
drivers, tools, and utilities.
support/pcdc.page
You can view or download publications at
http://www.rockwellautomation.com/literature/. To order paper copies of
technical documentation, contact your local Allen-Bradley distributor or
Rockwell Automation sales representative.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
11
Preface
Notes:
12
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Chapter
1
Configure Network Infrastructure
Overview
A traditional distributed control system (DCS) is typically limited to a single
model option for servers, workstations, and network switches. A traditional DCS
provides specific configurations that are based on closed and fixed networks. This
traditional approach makes it difficult to manage IT support and integrate with
business systems.
The PlantPAx® system leverages a more
modern approach, being open to
commercial off-the-shelf servers,
workstations, and servers. The PlantPAx
system supports the adoption of the latest
IT technology for automation, including
virtualization. The use of virtualization breaks the dependency between your
server and workstation system elements from the specific hardware that hosts
those elements. By rationalizing to a common IT infrastructure, companies can
mitigate security risks and improve uptime to help protect people, assets,
and information.
However, without specific guidance, poor infrastructure configuration can cause
system performance and functionality of your control system to be degraded. The
PlantPAx System Infrastructure User Manual steps you through the procedures
that are necessary to prepare your system infrastructure, inclusive of operating
systems and network configuration.
The performance of the PlantPAx system is dependent upon following the sizing
guidelines and application rules that are provided by the PlantPAx Reference
Manual. These rules and guidelines are developed through a process called
characterization. Characterization is the activity of measuring system
performance against key operational criteria called Critical System Attributes
(CSA). CSAs provide specific recommendations for application sizing and
system performance. Follow the instructions that are contained in this manual to
help make sure that your control system is built as prescribed by the PlantPAx
Reference Manual and characterization.
If you have more complex requirements, you can take advantage of the flexibility
of the PlantPAx system. The Converged Plantwide Ethernet (CPwE) Design and
Implementation Guide provides a broader set of manufacturing focused reference
architectures. The CPwE manual helps accelerate the deployment of standard
networking technologies and convergence of manufacturing and enterprise/
business networks. You also can engage technical experts by using Network and
Support Services from Rockwell Automation.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
13
Chapter 1
Configure Network Infrastructure
PlantPAx Topology Example
This chapter describes procedures on how to install infrastructure components,
including switches and routers, to serve as a blueprint for commissioning a
PlantPAx network.
Figure 2 is an example of a PlantPAx system topology for high availability. The
map comprises different network layers, including Supervisory, and Controller
and I/O. Each layer has infrastructure components to connect the segments. The
number of components that are required depends on the size of your application.
You can also consider the redundant (Etherchannel) connection between the
distribution switches. We recommend that you follow the CPwE guidelines.
Figure 2 - PlantPAx System Topology Example
VLAN Segmentation
Native - Trunk
Supervisory Network
Star I/O Network
DLR I/O Network
Operator Workstations
Stratix 5400™
Stratix 5410™
Layer 2
Engineering Workstations
SW003
SW004
SW001
Stratix 5400
Stratix 5410
Layer 3
Process Automation
and Application
Servers
Process Automation
and Application
Servers
SW002
SW005
SW006
Stratix 5700™
Layer 2
LGXC01
LGXC02
EWS02
SW007
LGXC01EN02R01
14
LGXC01EN02R02
SW008
Field Devices
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
A VLAN (Virtual Local Area Network) creates network segmentation. VLAN is
a virtual concept that limits broadcast domain within a switched network. It is
essential that you properly configure the VLAN ID to identify network
segments. The grouping of computers into VLANs enables the switches and
routers to control the flow of information and broadcast/multicast traffic in
the network.
IMPORTANT
VLAN segmentation provides efficient management with unique IP addresses.
Network Address Translation (NAT) can also be considered, but we do not
provide guidelines for that network address structure in this manual.
The connections between switches are connected through trunk ports. Trunk
ports send information from multiple VLANs between switches.
A dedicated VLAN called Native VLAN is defined on trunk ports. The native
VLAN is not to have any assigned IP addresses. The Native VLAN is assigned a
VLAN ID of 301 in the example in Table 2 on page 16.
Access ports are assigned to a VLAN within the ID range of 501...509 depending
on the device and your architecture. All computers, controllers, and I/O modules
are connected through access ports.
We recommend to implement physical security, like plugging unused ports and
disabling ports that are not going to be used.
Figure 3 - Switch Connection Examples
TIP
When you use an IP address followed by /24, the number means that there
are 24 bits on the network mask. The last 8 bits on the address are used to
identify the device on the network. In Figure 3, the gateway and network
mask are configured to 255.255.255.0 for the routing functionality to work.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
15
Chapter 1
Configure Network Infrastructure
Table 2 describes typical VLANs and EtherNet/IP address ranges that are
suggested for use on the PlantPAx system. More VLANs can be used depending
on your configuration.
Table 2 - Descriptions for VLAN and EtherNet/IP Address Ranges
VLAN ID/Name
EtherNet/IP Address Range
Description
1
N/A
N/A
Not used
300 (Management VLAN)(1)
172.18.0.1
N/A
Default gateway
172.18.0.2
172.18.0.9
VLAN routing – switch addresses(2)
172.18.0.10
172.18.0.255
Application - switch addresses
301 (Native VLAN)
N/A
N/A
Not to have any assigned IP addresses
501 (Supervisory network)
172.18.1.1
N/A
Default gateway
172.18.1.2
172.18.1.9
VLAN routing
172.18.1.10
N/A
Domain/DNS primary server
172.18.1.11
N/A
Domain/DNS secondary server
172.18.1.12
172.18.1.99
Servers and workstations (DHCP)
172.18.1.100
172.18.1.255
Ethernet interface to controllers for HMI and system communication
172.18.[2…].1
172.18.[…9].1
Default gateway
172.18.[2…].2
172.18.[…9].9
VLAN routing
172.18.[2…].10
172.18.[…9].255
Ethernet interface between controllers and I/O modules (fixed)
502…509 (I/O network)
(1) All networks do not use a dedicated management VLAN, but it is a good practice. A lot of times, a supervisory VLAN is the same as management.
(2) If there are more than eight Layer 3 switches on your system, more IP addresses must be reserved.
IMPORTANT
16
One network range is assigned per VLAN only. For example, the 172.18.1.xxx
network range is assigned to VLAN501. Table 2 identifies nine VLANs for access
ports to provide logical segregation of your system. More VLANS can be used,
if necessary.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
Figure 4 contains the topics that are described in this chapter. Click the page
number or the links for quick access to specific information in each subsection.
Figure 4 - PlantPAx Network Infrastructure Workflow
Start
Configure Initial Switch Settings
See page 18
Layer 3 Switch Configuration
See page 29
Layer 2 Switch Configuration
See page 40
Layer 2 I/O Switch Configuration
•
•
•
•
•
•
•
Verify Workstation IP Address Settings
Configure the Switch Express Setup
Login to Switches
Create a VLAN
Enable CIP VLAN
Enable Rapid PVST+
Enable Precision Time Protocol (PTP)
• Enable Switch Routing
• Configure Smartports
• Create Routing and Enable HSRP
• Set Up Layer 2 Access Switches
• Configure Controller-level Switches
• Enable a Device Level Ring (DLR)
• I/O Connection Settings
See page 45
See Chapter 2
Configure System Servers
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
17
Chapter 1
Configure Network Infrastructure
Configure Initial Switch
Settings
This section describes how to configure the Express Setup for each Stratix™
switch. We recommend that you complete the tasks in the order that they are
listed. These tasks help to define IP addresses, create and assign VLANs, and
enable faster network convergence time with Rapid PVST+.(1)
Use an Engineering Workstation
with these procedures.
Verify Workstation IP Address Settings
EWS
Before you start switch setup, you must verify that no fixed IP address is currently
assigned to the workstation that is being used to configure the switch. You want
the switch to manage the IP address configuration in your computer. Complete
these steps.
1. Click the Windows
symbol.
2. Click Control Panel and choose Network and Sharing Center>Change
adapter settings.
The Network Connections dialog box appears.
3. Right-click the network and choose Properties.
4. Double-click Internet Protocol Version 4 (TCP/IPv4).
The Internet Protocol Version 4 Properties dialog box appears.
5. Select Obtain an IP address automatically and Obtain DNS server address
automatically, and click OK.
You are ready to assign an IP address to the switch by using the express setup.
See page 19.
(1) Default mode (MST) is comparably the same performance as RPVST+, just a different standard.
18
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
Configure the Switch Express Setup
Use Layer 2 and Layer 3 switches with these procedures.
Complete these steps to use the Switch Express setting to configure each switch
in your application. Table 2 on page 14 lists the network IP addresses for
individual switches. Table 3 on page 20 shows an example configuration that is
based on a typical system setup and size.
1. On the Ethernet switch, press the Express Setup button.
Stratix 5410
Layer 3
Stratix 5400
Layer 2
Stratix 5700
Stratix 5700
Layer 2
Stratix 5410
Port 1 (Fa1/1) starts flashing.
2. Connect the network cable between your workstation and port 1.
3. Open the internet browser and type an IP address of 169.254.0.1
4. Type ‘switch’ for the default password and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
19
Chapter 1
Configure Network Infrastructure
5. Type the switch configuration that is similar to the example shown
in Table 3.
TIP
We highly recommend that you change the default password.
Table 3 - Example Management Network IP Addresses
Host Name/Switch Type
Management (VLAN)
IP Address
Mask
Default Gateway
NTP Server(1)
SW001 (Layer 3)
300 (Management VLAN)
172.18.0.2
255.255.255.0
172.18.0.1
172.18.1.10
SW002 (Layer 3)
172.18.0.3
SW003 (Layer 2)
172.18.0.10
SW004 (Layer 2)
172.18.0.11
SW005 (Layer 2)
172.18.0.20
SW006 (Layer 2)
172.18.0.21
SW007 (Layer 2)
172.18.0.22
SW008 (Layer 2)
172.18.0.30
(1) NTP server can be a different address according to the Time Synchronization application option.
6. Click Submit.
A message appears.
7. Repeat step 1 through step 6 for all Layer 3 switches in your system.
20
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
Login to Switches
You must now login to the switches so you have access to perform the rest of
the configuration.
1. On the workstation that is being used, change your network adapter
address to a fixed mode by following steps 1…5 on page 19 and page 20.
Choose an IP address under the management network range
(172.18.0.xxx)/255.255.255.0/172.18.0.1. See suggestions in Table 3.
2. Connect another switch port.
3. Log in to the switch. Type the switch IP address, and then type the new
user name and password.
4. Click OK.
5. Repeat step 1 through step 4 for all Layer 2 switches in your system.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
21
Chapter 1
Configure Network Infrastructure
Create a VLAN
Use Layer 2 and Layer 3 switches with these procedures.
Stratix 5410
Layer 3
Stratix 5400
Layer 2
Stratix 5700
Layer 2
A VLAN creates network segmentation. The VLAN ID identifies network
devices within the same VLAN. The grouping of computers into VLANs
enables the switches and routers to control the flow of information and
broadcast/multicast traffic.
IMPORTANT
This procedure requires that the VLAN and IP addresses are assigned as
outlined in Table 2 on page 16. Do not use VLAN 1. The following example
is for switch SW001.
1. From the main menu of the Device Manager, click Configure and choose
Network>VLAN Management.
2. Click Add.
3. Create a native VLAN ID and click OK.
Our example is 301.
IMPORTANT
22
A native VLAN is separate from the infrastructure VLANs as well as the
other CIP VLANs that are used.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
4. Repeat step 2 and create a range of VLANS (501…509) and click OK.
The VLANs appear as listed in the graphic.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
23
Chapter 1
Configure Network Infrastructure
Enable CIP VLAN
Use Layer 2 and Layer 3 switches with these procedures.
Stratix 5410
Layer 3
Stratix 5400
Layer 2
The CIP VLAN is used to create infrastructure diagnostics and configurations in
the application level. For our example, CIP VLAN is isolated from the
management VLAN (300).
Table 4 shows example IP addresses to be associated with the switches for
CIP VLAN.
Table 4 - Example CIP VLAN Configuration(1)
Stratix 5700
Layer 2
Host Name/Switch Type
CIP (VLAN)
IP Address
Mask
SW001 (Layer 3)
501 (Supervisory network)
172.18.1.202
255.255.255.0
SW002 (Layer 3)
172.18.1.203
SW003 (Layer 2)
172.18.1.210
SW004 (Layer 2)
172.18.1.211
SW005 (Layer 2)
172.18.1.220
SW006 (Layer 2)
172.18.1.230
SW007 (Layer 2)
172.18.1.221
SW008 (Layer 2)
172.18.1.222
(1) If there are more than eight switches on your system, more IP addresses must be reserved. Additional switch IP addresses start with
a higher number.
Complete these steps to configure CIP VLAN for each applicable switch.
1. From the main menu of the switch Device Manager, click the Admin tab
and choose Device Management>Express Setup.
24
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
2. In the Advanced Settings section, type the information as shown
in Table 4.
T
3. Click Submit.
4. Repeat step 1 through step 3 for each switch on your PlantPAx network.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
25
Chapter 1
Configure Network Infrastructure
Use Layer 2 and Layer 3 switches with these procedures.
Stratix 5410
Layer 3
Stratix 5400
Layer 2
Enable Rapid PVST+
Complete these steps for all switches to enable Rapid Per-VLAN Spanning Tree
Plus (Rapid PVST+). This functionality provides better convergence time
for communication.
IMPORTANT
This procedure requires that the VLAN and IP addresses are assigned as
outlined in Table 3 on page 20. The following example is for SW001.
Stratix 5700
Layer 2
1. From the main menu of the switch Device Manager, click Configure and
choose Network>Spanning Tree>STP Settings.
2. Select Rapid PVST+ from the Spanning Tree Mode pull-down, and click
Submit.
A warning message appears.
26
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
The Spanning Tree of all the VLANs is enabled.
3. Repeat step 1 through step 2 for each switch on your PlantPAx network.
IMPORTANT
If you have non-Cisco/Stratix switches on your network, you cannot use
Rapid PVST+ and convergence time during a fault could be affected.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
27
Chapter 1
Configure Network Infrastructure
Use Layer 2 and Layer 3 switches with these procedures.
Stratix 5410
Layer 3
Stratix 5400
Layer 2
Enable Precision Time Protocol (PTP)
PTP functionality is necessary for end devices to operate in the same time frame
as with the controller that is deemed the Grandmaster clock. This section
describes how to enable PTP in switch ports.
For details on time synchronization, see Chapter 7.
Stratix 5700
Layer 2
1. From the main menu of the switch Device Manager, click Configure and
choose Network>PTP.
2. Select End to End Transparent from the Mode pull-down and
click Submit.
By default, PTP is enabled for the ports.
3. Repeat step 1 through step 2 for each switch on your PlantPAx network.
28
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Layer 3 Switch Configuration
Chapter 1
If different subnets are applicable, Layer 3 switches serve as distribution switches
to the network routing. Two or more Layer 3 switches are required if you plan to
use high availability. Typically, Layer 3 switches are housed with the servers in
a datacenter.
Figure 5 - Layer 3 Network Switches
SW001
Stratix 5400
Stratix 5410
Layer 3
Process
Automation and
Application
Servers
SW002
Enable Switch Routing
Complete these steps for Layer 3 switches only (SW001, SW002). While
switches create the network group, routers connect multiple network layers.
Routers act as dispatchers to choose the best path to travel for faster,
efficient communication.
1. From the main menu of the Device Manager, click Admin and choose
Device Management>SDM-Template.
2. Select Routing from the enable routing pull-down menu and click Submit.
A warning message appears.
3. Click OK.
It can take a few minutes before the template status indicates the
change is successful.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
29
Chapter 1
Configure Network Infrastructure
4. From the main menu of the Device Manager, click Configure and
choose Network>Routing.
5. Check Enable Routing and click Submit.
Use Layer 2 and Layer 3 switches with these procedures.
Configure Smartports
Stratix 5410
Layer 3
Stratix 5400
Layer 2
Smartports help designate the ports that are pre-defined for the application. Port
roles are based on the type of devices to be connected to the switch ports. For
example, the Desktop for Automation port role is specifically for switch ports to
be connected to computers.
Stratix 5700
Layer 2
Table 5 - Available Ports
Smartport
Description
Automation Device
The Automation Device Smartport can be used for any EtherNet/IP devices. Devices include controllers, HMI displays,
distributed I/O, and so forth. The Automation Device Smartport enables the following features:
• Sets the port to host mode
• Enables MAC flooding attack protection
• Sets the VLAN number
• Enables the automation QoS policy
• Configures the output queues
• Enables the alarm profile
• Disables Cisco Discovery Protocol (CDP)
Multiport Automation device
Apply this role to ports connected to multiport EtherNet/IP devices, such as multiport EtherNet/IP devices arranged in a linear or
daisy chain topology. You also can use this role for the following devices:
• 1783-ETAP module (for connection to the device port only)
• Unmanaged switches (such as the Stratix 2000™)
• Managed switches with Rapid Spanning Tree Protocol (RSTP) disabled:
– Port is set to Access mode
– No port security
– Optimize queue management for CIP traffic
30
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
Table 5 - Available Ports
Smartport
Description
Desktop for Automation
The Desktop for Automation Smartport can be used for computers on the Cell/Area zone EtherNet/IP network. Do not use this port
role for any systems that run virtual machines without turning off the port security configuration. The Desktop for Automation
Smartport enables the following features:
• Sets the port in access mode
• Set the VLAN number
• Enables MAC flooding attack protection
• Enables Spanning Tree Portfast
• Enables Spanning Tree BPDU Guard
• Enables the automation QoS policy
• Sets the alarm profile
• Provides up to two MAC addresses per port (physical computer and virtual machine)
VM-Desktop for Automation
Apply this role to ports connected to computers that run virtualization software. This port role can be used with devices that run
more than one MAC address.
IMPORTANT: Do not apply the Virtual Desktop for Automation role to ports that are connected to switches, routers, or
access points.
VM-Desktop for Automation enables the following features:
• Sets the port access mode
• Portfast is enabled
• Set the VLAN number
• CIP-PTP-Traffic Policy enabled
Switch for Automation
The switch for Automation Smartport is used on ports that connect to other managed Ethernet switches that support STP
(Spanning Tree Protocol). The Switch for Automation enables the following features:
• Sets the port in trunk mode
• Sets the native VLAN
• Sets Spanning Tree to use a point-to-point link
• Sets the port to trust QoS policy
• Configures the output queues
• Sets the alarm profile
Complete these steps to set up port configurations for SW001 and SW002.
1. From the main menu of the switch Device Manager, click Configure and
choose Network>Smartports.
2. Select the desired ports (Gi1/1…Gi1/11) and click Edit.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
31
Chapter 1
Configure Network Infrastructure
3. Select Virtual Desktop for Automation from the Role pull-down, and
click submit.
4. Select ports (Gi1/13…Gi1/24 and Te1/25…Te1/28), and click Edit.
Table 6 - Example SW001 and SW002 Port and VLAN Descriptions for the 5410 Switch
Port
Role(2)
VLAN(2)
SW001 Description(3)
SW002 Description(3)
Gi1/1
Switch for Automation
301 (Native VLAN)
HOST01A
HOST01B
HOST02A
HOST02B
Gi1/2
Gi1/3
Virtual Desktop for Automation
501 (Supervisory network)
Gi1/12
None
300 (Management VLAN)
Management
Management
Gi1/13
Switch for Automation
301 (Native VLAN)
SW005-G1/1
SW005-G1/2
SW006-G1/1
SW006-G1/2
Te1/25(1)
SW003-G1/1
SW003-G1/2
Te1/26(1)
SW004-G1/1
SW004-G1/2
Te1/27
SW002-T1/27
SW001-T1/27
Gi1/4
Gi1/5
Gi1/6
Gi1/7
Gi1/8
Gi1/9
Gi1/10
Gi1/11
Gi1/14
Gi1/15
Gi1/16
Gi1/17
Gi1/18
Gi1/19
Gi1/20
Gi1/21
Gi1/22
Gi1/23
Gi1/24
Te1/28
(1) The ports support 10 gigabit SFPs and 1 gigabit SFPs. Make sure that the SFP selection matches the connections.
(2) The Role and VLAN are defined in the Smartport settings.
(3) The Port configuration description is defined in the Port settings.
32
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
5. Select Switch for Automation from the Role pull-down menu, and
click submit.
IMPORTANT
If you have a virtualized system, connect the hypervisor to Switch
for Automation.
6. Select each port, click Edit, and type a Native VLAN.
7. Repeat step 6 by following the port information in Table 6 on page 32.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
33
Chapter 1
Configure Network Infrastructure
Define Port Descriptions
We recommend that you identify each switch with a port description to help with
diagnostics and maintenance. Complete these steps.
1. From the main menu of the switch Device Manager, click Configure and
choose Network>Port Settings.
2. Select a port and click Edit.
3. In the Description text box, type the switch name.
4. Click OK.
The switch description is listed next to the port name.
See Table 6 on page 32.
34
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Use Layer 3 switches with these procedures.
Stratix 5410
Layer 3
Chapter 1
Create Routing and Enable HSRP
This section describes how to create switch routing and enable the Hot Standby
Routing Protocol (HSRP). HSRP provides high availability routing. Different
priorities are defined to select the routing preference in the system.
Our example uses two switches (SW001, SW002), but HSRP can be applied in
several Layer 3 switches.
IMPORTANT
This configuration is not available by using a web interface.
We recommend that you use a terminal emulator, such as
PuTTy, to access the Stratix Command Line Interface (CLI).
Access the switch by using an Ethernet connection (Telnet) or
via a Console (Serial) port. By using Telnet, it’s necessary to be connected
through a management VLAN (300).
Complete these steps for an Ethernet connection.
1. From the PuTTY Configuration dialog box, click the Session category.
PuTTY is an open source software that is available with source code, which
a group of volunteers develops and supports.
2. Type a host name or an IP address.
3. Select Telnet and click Open.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
35
Chapter 1
Configure Network Infrastructure
Complete these steps for a Serial connection.
1. From the PuTTY Configuration dialog box, click the Serial category.
COM5 is an example only.
You must use the COM
port that corresponds to
your specific devices.
2. Use the dialog box options as shown and click Open.
When you click Open with either procedure, the Command Line
Interface (CLI) appears.
36
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
3. Type the password that you set for the Device Manager. See page 20 for
an example.
The host name (SW001) appears.
4. Type ‘enable’ and then type the password again.
The interface (CLI) is enabled when the HOST name followed
by # appears.
5. Type ‘config t’ and press Enter.
Commands like ‘sh config’ (show configuration) and ‘sh VLAN’
(show VLANS) are available.
6. Copy and paste the information in Table 7 into a text editor, such
as Notepad.
Table 7 - SW001 Routing Configuration
SW001
!
interface Vlan300
ip address 172.18.0.2 255.255.255.0
standby 1 ip 172.18.0.1
standby 1 preempt
!
interface Vlan301
no ip address
!
interface Vlan501
ip address 172.18.1.2 255.255.255.0
standby 1 ip 172.18.1.1
standby 1 preempt
cip enable
!
interface Vlan502
ip address 172.18.2.2 255.255.255.0
standby 1 ip 172.18.2.1
standby 1 preempt
!
interface Vlan503
ip address 172.18.3.2 255.255.255.0
standby 1 ip 172.18.3.1
standby 1 preempt
!
interface Vlan504
ip address 172.18.4.2 255.255.255.0
standby 1 ip 172.18.4.1
standby 1 preempt
!
interface Vlan505
ip address 172.18.5.2 255.255.255.0
standby 1 ip 172.18.5.1
standby 1 preempt
!
interface Vlan506
ip address 172.18.6.2 255.255.255.0
standby 1 ip 172.18.6.1
standby 1 preempt
!
interface Vlan507
ip address 172.18.7.2 255.255.255.0
standby 1 ip 172.18.7.1
standby 1 preempt
!
interface Vlan508
ip address 172.18.8.2 255.255.255.0
standby 1 ip 172.18.8.1
standby 1 preempt
!
interface Vlan509
ip address 172.18.9.2 255.255.255.0
standby 1 ip 172.18.9.1
standby 1 preempt
!
ip default-gateway 172.18.0.1
7. If necessary, edit the data and then paste into the PuTTy configuration
software.
IMPORTANT
Do not use the Ctrl+V command to paste the data into the PuTTy
software. Right-click the mouse to paste the information in one,
single file.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
37
Chapter 1
Configure Network Infrastructure
8. Copy and paste the information in Table 8 into a text editor, such
as Notepad.
Table 8 - SW002 Routing Configuration
SW002
!
interface Vlan300
ip address 172.18.0.3 255.255.255.0
standby 1 ip 172.18.0.1
standby 1 priority 30
!
interface Vlan301
no ip address
!
interface Vlan501
ip address 172.18.1.3 255.255.255.0
standby 1 ip 172.18.1.1
standby 1 priority 30
cip enable
!
interface Vlan502
ip address 172.18.2.3 255.255.255.0
standby 1 ip 172.18.2.1
standby 1 priority 30
!
interface Vlan503
ip address 172.18.3.3 255.255.255.0
standby 1 ip 172.18.3.1
standby 1 priority 30
!
interface Vlan504
ip address 172.18.4.3 255.255.255.0
standby 1 ip 172.18.4.1
standby 1 priority 30
!
interface Vlan505
ip address 172.18.5.3 255.255.255.0
standby 1 ip 172.18.5.1
standby 1 priority 30
!
interface Vlan506
ip address 172.18.6.3 255.255.255.0
standby 1 ip 172.18.6.1
standby 1 priority 30
!
interface Vlan507
ip address 172.18.7.3 255.255.255.0
standby 1 ip 172.18.7.1
standby 1 priority 30
!
interface Vlan508
ip address 172.18.8.3 255.255.255.0
standby 1 ip 172.18.8.1
standby 1 priority 30
!
interface Vlan509
ip address 172.18.9.3 255.255.255.0
standby 1 ip 172.18.9.1
standby 1 priority 30
!
ip default-gateway 172.18.0.1
9. If necessary, edit the data and then paste into the PuTTy configuration
software.
IMPORTANT
Do not use the Ctrl+V command to paste the data into the PuTTy
software. Right-click the mouse to paste the information in one,
single file.
10. Press Enter.
38
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
11. In the PuTTY software, type ‘exit’ and press Enter.
12. Type ‘wr’ (write message) and press Enter to write the configuration.
IMPORTANT
If you do not execute step 12 your configuration is lost during a
power cycle.
The configuration creates the standby 1 IP for the default gateway. All the
routers (172.18.0.2, 172.18.0.3, and so forth) use the same standby 1. In
the VLAN 300, the standby is 172.18.0.1.
The command standby 1 preempt is used in the ‘primary switch’ (SW001)
only. The ‘secondary switch’ (SW002) uses standby 1 priority 30, which
can be 1…100, to create the routing preferences. You can configure several
priorities in the system.
13. Type ‘sh running config’ (show running configuration) to verify your
configuration.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
39
Chapter 1
Configure Network Infrastructure
Layer 2 Switch Configuration
This section describes configuration procedures for Layer 2 access switches.
Access switches serve as an uplink from the servers to the workstations. Layer 2
switches also send packets at the controller level from the end devices.
Figure 6 - Layer2 Access Switch Examples
Operator
Workstations
Engineering
Workstations
SW003
SW004
Stratix 5400
Stratix 5410
Layer 2
Set Up Layer 2 Access Switches
Complete these steps to configure Level 2 access switches (SW003 and SW004).
1. From the main menu of the Device Manager, click Configure and
choose Network>Smartports.
IMPORTANT
See page 30 for Smartport descriptions.
2. Select the desired ports (Gi1/1…to Gi1/4) and click Edit.
3. Select Switch for Automation from the Role pull-down and click submit.
4. Use the information in Table 9 to configure switch ports.
40
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
Table 9 - Example SW003 and SW004 Port and VLAN Descriptions
Port
Role(1)
VLAN(1)
SW003 Description(2)
SW004 Description(2)
Gi1/1
Switch for Automation
301 (Native VLAN)
SW001-T1/25
SW001-T1/26
Gi1/2
SW002-T1/25
SW002-T1/26
Gi1/3
SW004-G1/3
SW003-G1/32
Gi1/4
Gi1/5
Desktop for Automation
501 (Supervisory network)
OWS
OWS
None
300 (Management VLAN)
Management
Management
Gi1/6
Gi1/7
Gi1/8
Gi1/9
Gi1/10
Gi1/11
Gi1/12
Gi1/13
Gi1/14
Gi1/15
Gi1/16
Gi1/17
Gi1/18
Gi1/19
Gi1/20
(1) The Role and VLAN are defined in the Smartport settings.
(2) The Port configuration description is defined in the Port settings.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
41
Chapter 1
Configure Network Infrastructure
Use Layer 2 switches with these procedures.
Configure Controller-level Switches
Complete these steps to configure Level 1 switches (SW005 and SW006).
Stratix 5700 switch
1. From the main menu of the Device Manager, click Configure and
choose Network>Smartports.
IMPORTANT
See page 30 for Smartport descriptions.
2. Select the desired ports (Gi1/1 and Gi1/1) and click Edit.
3. Select Automation Device from the Role pull-down menu and click
submit.
4. Use information in Table 10 on page 43 to configure switch ports.
42
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
Table 10 - Example SW005 and SW006 Port and VLAN Descriptions
Port
Role(1)
VLAN(1)
SW003 Description(2)
SW004 Description(2)
Fa1/1
None
300 (Management VLAN)
Management
Management
Fa1/2
Automation Device
501 (Supervisory network)
LGXC01EN01
LGCX02EN01
Fa1/3
LGXC02EN01T
Fa1/4
Fa1/5
502 (I/O network)
LGXC01EN02
301 (Native VLAN)
SW007-G1/1
Fa1/6
Fa1/7
Fa1/8
Fa1/9
Switch for Automation
Fa1/10
SW008-G1/1
Fa1/11
SW006-F1/11
SW005-F1/11
Fa1/12
Fa1/13
None
300 (Management VLAN)
Multiport Automation Device
503 (I/O network)
Fa1/14
Fa1/15
Fa1/16
Fa1/17
LGXC01EN03P1
LGXC01EN03RO1P2
None
300 (Management VLAN)
Switch for Automation
301 (Native VLAN)
Fa1/18
Gi1/19
Gi1/20
SW001-G1/13
SW001-G1/14
SW002-G1/13
SW002-G1/14
(1) The Role and VLAN are defined in the Smartport settings.
(2) The Port configuration description is defined in the Port settings.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
43
Chapter 1
Configure Network Infrastructure
Enable a Device Level Ring (DLR)
Complete these steps to enable a switch for a Device Level Ring (DLR). This
procedure is not to enable the node as a ring supervisor. The Ethernet
communication module acts as the ring supervisor.
1. From the main menu of the switch Device Manager, click Configure and
choose DLR.
2. Select Node from the Mode pull-down.
3. Select the desired ports and click Submit.
IMPORTANT
44
This functionality is available only for some products and ports.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Network Infrastructure
Chapter 1
This section describes configuration procedures for switches at the device level.
The example shows Stratix 5700 Layer 2 switches.
Layer 2 I/O Switch
Configuration
Figure 7 - I/O Layer 2 Switch Examples
LGXC01EN03R01
172.18.3.11/24
SW007
172.18.0.21/24
SW008
172.18.0.22/24
LGXC.MT01001
172.18.2.31/24
LGXC.MT01003
172.18.2.31/24
EWS
Gi1/1
Gi1/1
Fa1/2
Fa1/4
Fa1/9
Fa1/2
LGXC01EN02R01
172.18.2.11/24
Fa1/3
LGXC01EN02R02
172.18.2.12/24
Use Layer 2 switches with these procedures.
Stratix 5700 switch
Fa1/5
LGXC01EN02FF01
172.18.2.21/24
Fa1/5
Fa1/3
Fa1/4
LGXC01EN02PA01
172.18.2.22/24
LGXC.MT01002
172.18.2.32/24
LGXC.MT01004
172.18.2.32/24
I/O Connection Settings
In our example topology, the SW007 switch is used for the I/O connection and
the OWS/EWS access connection. The SW008 switch is used for the MCC
devices connection only. For both switches, the ports Gi1/1 and Gi1/2 are
configured as trunk ports to connect to the controller switch (SW005).
1. From the main menu of the Device Manager, click Configure and
choose Network>Smartports.
IMPORTANT
See page 26 for Smartport descriptions.
2. Select the desired ports (Gi1/1 and Gi1/2) and click Edit.
3. Select Switch for Automation from the Role pull-down and click submit.
4. Use the information in Table 11 to configure switch ports.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
45
Chapter 1
Configure Network Infrastructure
Table 11 - Example SW007 and SW008 Port and VLAN Descriptions
Port
Role(1)
VLAN(1)
SW003 Description(2)
SW004 Description(2)
Fa1/1
None
300 (Management VLAN)
Management
Management
Fa1/2
Automation Device
502 (I/O network)
LGXC01EN02R01
LGCX01EN02MT011001
Fa1/3
LGXC01EN02R02
LGXC01EN02MT011002
Fa1/4
LGXC01EN02FF01
LGXC01EN02MT011003
Fa1/5
LGXC01EN02PA01
LGXC01EN02MT011004
Fa1/6
Fa1/7
Fa1/8
Fa1/9
Desktop for Automation
501 (Supervisory network)
Fa1/10
None
300 (Management VLAN)
Switch for Automation
301 (Native VLAN)
EWS
Fa1/11
Fa1/12
Fa1/13
Fa1/14
Fa1/15
Fa1/16
Fa1/17
Fa1/18
Gi1/19
SW005-F1/9
Gi1/20
(1) The Role and VLAN are defined in the Smartport settings.
(2) The Port configuration description is defined in the Port settings.
46
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
SW005-F1/10
Chapter
2
Configure System Servers
This chapter describes how to configure a Windows domain, which centralizes
the administration of users, policies, and security. Use of a Windows domain also
improves performance, especially for larger systems. We recommend that all
PlantPAx® system servers and workstations be a member of a domain.
A domain is a collection of computers that share rules and procedures. These
computers comprise a central directory database, which is the active directory.
The sharing of network objects creates a unified base to manage users, groups,
and security settings.
We recommend that you configure at least two domain controllers: one
parent, one child. The domain controllers replicate automatically to provide
high availability.
IMPORTANT
To perform tasks in this chapter, you must verify the naming conventions of
your computers or use the names as shown in the examples. You cannot
change computer names in the middle of the procedures for a parent or child
domain controller.
Rockwell Automation® does not support the installation of application software
on a computer that is configured as a domain controller.
For additional server recommendations, see the PlantPAx® Distributed Control
System Reference Manual, publication PROCES-RM001.
Considerations
Consider the following suggestions before starting this chapter:
• Our recommendation is to use domain controllers. But, if you want to
create a workgroup, see the procedures in Appendix B.
• This chapter describes how to set up a dedicated domain for your
PlantPAx system. If you are adding your PlantPAx system to an existing
domain and DHCP server, skip to page 63 for details.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
47
Chapter 2
Configure System Servers
Figure 8 contains the topics that are described in this chapter. Click or see the
page number for quick access to a section.
Figure 8 - PlantPAx System Server Workflow
Start
Configure the Parent Domain Controller
See page 49
Configure a Child Domain Controllers
See page 56
Enable the DHCP Server in the Domain
and Child Controllers
See page 63
Join the Domain
•
•
•
•
Add DHCP Server Role
Configure DHCP Server
Enable DHCP Scope
Configure Failover
• Confirm Computers in DNS Server
• Confirm Computers in DHCP Server
See page 74
Create Groups and Users
• Assign Users to Group
See page 79
See Chapter 3
48
Configure Group Policy Management
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Configure the Parent Domain
Controller
Use a domain controller with
these procedures.
Chapter 2
Windows Active Directory (AD) domains include the concept of a ‘forest’ that
can consist of one ‘parent’ domain tree and multiple ‘child’ domain trees. This
section describes how to configure the root domain of the forest.
Before you begin to configure a parent domain controller, you must assign a fixed IP
address to the domain controller, such as 172.18.1.10. Complete the following steps.
1. Click the Windows
symbol.
2. Click Control Panel and choose Network and Sharing Center>Change
adapter settings.
Parent Controller
(PADCA)
The Network Connections dialog box appears.
3. Right-click the network and choose Properties.
4. Double-click Internet Protocol Version 4 (TCP/IPv4).
The Internet Protocol Version 4 Properties dialog box appears.
5. Type an IP address, default gateway address, and a Preferred DNS
(Domain Name System) server address.
IMPORTANT
127.0.0.1 is a special purpose address that is reserved for use on each
computer (computer loopback address).
Typically, the alternate DNS server is your child domain controller.
6. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
49
Chapter 2
Configure System Servers
After defining the IP address, complete these steps to configure the parent
domain controller.
1. From the Server Manager, click Manage and choose Add Roles and
Features.
2. Click Next on each of the successive installation wizard dialog boxes to do
the following:
• Review Before You Begin
• Select Installation Type
50
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
3. Click ‘Select a server from the server pool’ and select your parent domain
(PADCA in the example).
4. Click Next.
5. Choose Active Directory Domain Services, and then click Add Features.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
51
Chapter 2
Configure System Servers
6. Make sure 'Active Directory Domain Services' is checked and click Next.
7. Click Next.
8. Click Next and then click Install.
The installation can take a few minutes. Do not close the Wizard.
52
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
9. Click Promote this server to a domain controller.
10. On the Configuration wizard, select Add a new forest, and type a root
domain name.
11. Click Next.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
53
Chapter 2
Configure System Servers
12. Type the Directory Services Restore Mode (DSRM) password, confirm
the password, and click Next.
TIP
We recommend that you document these credentials and store them
in a secure location. For security, the domain controller verifies
passwords for all users and computers in the PlantPAx network. The
domain controller also authenticates the installation and upgrade of
network software.
13. Do not specify DNS Delegation options and click Next.
14. In the NetBIOS™ Domain Name text box, make sure the domain name
is ‘System’ and click Next.
15. Click Next on the successive two windows to do the following:
• Accept the location of the AD DS database, log files, and SYSVOL
• Review selections
54
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
16. Click Install.
The installation can take a few minutes before the computer
automatically restarts.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
55
Chapter 2
Configure System Servers
Configure a Child Domain
Controller
The child domain controller is a replication of the Active Directory (AD) and
runs the alternate DNS server. We recommend that you configure a second
domain controller as a backup to the parent domain for high availability.
You must assign a fixed IP address to the child domain controller.
Use a domain controller with
these procedures.
Complete the following steps.
1. Click the Windows
Child Controller
(PADCB)
symbol.
2. Click Control Panel and choose Network and Sharing Center>Change
adapter settings.
The Network Connections dialog box appears.
3. Right-click the network and choose Properties.
4. Double-click Internet Protocol Version 4 (TCP/IPv4).
The Internet Protocol Version 4 Properties dialog box appears.
5. Type an IP address that matches the parent domain controller IP address as
the preferred DNS server.
This child domain server is the alternate DNS server for this
system infrastructure.
6. Click OK.
56
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
After defining the IP address, complete these steps to create the child domain.
1. From the Server Manager, click Manage and choose Add Roles
and Features.
2. Click Next on each of the successive dialog boxes to do the following.
• Verify that certain tasks have been completed
• Select an installation type
3. Click Select a server from the server pool, and select your child domain
(PADCB in the example).
4. Click Next.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
57
Chapter 2
Configure System Servers
5. Click Active Directory Domain Services, and then click Add Features.
6. Click Next on each of the successive dialog boxes to do the following.
• Verify selected server role
• Confirm installation selections
• Verify ‘Things to note' concerning AD DS
7. Confirm your installation selections and click Install.
58
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
8. Click Promote this server to a domain controller.
9. Click Add a domain controller to an existing domain and click Select.
10. Type a user name under the domain, type the password, and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
59
Chapter 2
Configure System Servers
11. Select the domain and click OK.
12. On the Configuration wizard, click Next.
60
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
13. Type the Directory Services Restore Mode (DSRM) password, confirm,
and click Next.
14. Click Next on the DNS Options window.
15. From the Replicate from pull-down menu, select
PADCA.System.PlantPAx.local.
16. Click Next on each of the successive windows to do the following:
• Accept the location of the AD DS database, log files, and SYSVOL
• Review selections
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
61
Chapter 2
Configure System Servers
17. Click Install.
The computer automatically restarts.
62
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Enable DHCP in the Domain
and Child Controllers
Use a parent and child domain
controller with these procedures.
Chapter 2
There are two ways of configuring IP addresses: static (manually) or dynamic (via
server). Both options are supported within a PlantPAx system. By using the
Dynamic Host Configuration Protocol (DHCP) server, you do not need fixed
IP addresses for application servers and workstations. But, you must define a
range and the system manages the IP addresses and names. We are applying
DHCP in PlantPAx computers only.
Add DHCP Server Role
PADCA
PADCB
If adding DHCP server roles for the domain controllers, you must do this
procedure for the parent and child servers.
In the parent domain, complete the following steps.
1. From the Server Manager, click Manage and choose Add Roles
and Features.
2. Click Next on each of the successive windows to do the following:
• Verify that certain tasks have been completed
• Select an installation type
3. Click Select a server from the server pool, select the desired server
(PADCA and PADCB), and click Next.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
63
Chapter 2
Configure System Servers
4. Select DHCP Server and click Add Features.
5. Click Next on each of the successive dialog boxes to do the following:
• Verify selected server role
• Confirm installation selections
• Verify 'Things to note' concerning DHCP server
6. To confirm installation selections, click Install.
64
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
7. Click Complete DHCP configuration. The DHCP PostInstall
configuration wizard window appears.
8. Click Next.
9. Click Commit to authorize the configuration and then click Close.
The DHCP Post-Install configuration wizard window closes.
IMPORTANT
Authorize DHCP servers to help avoid damage that is caused by
running incorrect configurations or by using the wrong network with
DHCP servers.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
65
Chapter 2
Configure System Servers
10. In the Add roles and Features Wizard window, click Close.
11. Repeat step 1 through step 10 to add the child server (PADCB).
Configure DHCP Server
Use a parent domain controller
with these procedures.
Complete the following steps to configure the DHCP server.
1. From the Server Manager, click Tools and choose DHCP.
PADCA
66
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
2. Right-click DHCP and choose Add Server.
3. To find the parent domain controller, click Browse.
The Add Computer dialog box appears.
4. Click Advanced and then Find Now for the child domain controller.
The domain controller servers appear in the Search results.
5. Select the PADCB server and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
67
Chapter 2
Configure System Servers
6. To add the child domain controller, click OK on the following
dialog boxes.
Enable DHCP Scope
Complete these steps to define the IP address range for the domain controllers.
A scope distributes the IP addresses to the computers on your network.
1. From the Server Manager, click Tools and choose DHCP.
2. In the Parent Domain, right-click on IPv4 and choose New Scope.
68
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
3. Click Next, type a name for the scope, and click Next.
A description is optional.
4. Type the Start and End IP address range, the length of the range, and
click Next.
5. Click Next on each of the successive dialog boxes to accept the defaults:
• Add Exclusions and Delay
• Lease Duration
• Confirm 'Configure DHCP Options now'
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
69
Chapter 2
Configure System Servers
6. Type the gateway IP address that is used in this VLAN and click Add. The
gateway address is added to the list.
7. Click Next.
8. To select the alternate DNS server, type the child domain controller IP
address and click Add. The IP address is added to the list.
TIP
The primary IP address is already in the list (172.18.1.10 in the example).
9. Click Next.
70
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
The WINS Servers dialog box appears.
10. (Optional) To enable WINS servers, type an IP address for a server and
click Add. The IP address is added to the list.
11. Click Next.
The Activate Scope dialog box appears.
12. To activate the Scope, click Next and then Finish.
Configure Failover
Complete these steps to configure high availability for your domain controllers.
1. From the Server Manager, click Tools and choose DHCP.
2. In the Parent Domain, right-click on IPv4 and choose Configure Failover.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
71
Chapter 2
Configure System Servers
3. Click Next and then Add Server.
4. Select the backup server, select 'padcb', click OK, and then Next.
72
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
5. Select Hot standby from the Mode pull-down, and type a shared secret.
6. Click Next.
7. Click Finish and Close.
Proceed to page 74 to group the settings for the workstations and servers under
one authority.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
73
Chapter 2
Configure System Servers
Join the Domain
Use all servers and workstations
with these procedures.
When you join the system elements into a single domain, the control and
communication of the infrastructure is seamless. The domain centralizes all
administrative settings for the workstations and servers in your application.
1. Click the Windows
symbol.
2. Click Control Panel and choose System>Change Settings.
3. Click Change, select Domain, and then type the domain name and
click OK.
74
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
4. Type a user name and password to add this computer to the domain and
click OK on the dialog boxes.
If you have the correct access, the computer is accepted into
the domain.
5. To accept the changes and restart the computer, do the following:
• Click OK in the first warning dialog box
• Click close in the Systems Properties dialog box
• Click Restart Now in the second warning dialog box
6. After restarting the computer, press Ctrl+Alt+Delete to log in.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
75
Chapter 2
Configure System Servers
7. Click Switch User, choose Other User, and type [Domain Name]\user,
such as System\Administrator, followed by the password.
8. Repeat step 1 through step 7 for all system computers.
76
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
Confirm Computers in DNS Server
Use the primary server with
these procedures.
When all system computers are in the domain, you can confirm the addresses on
the Domain Controller DNS server.
Complete the following steps.
1. From the Server Manager, click Tools and choose DNS.
PADCA
The DNS Manager dialog box appears.
2. Select DNS><parent domain>>Forward Lookup Zone><parent domain
name> (System.PlantPAx.local in our example).
The Data column displays the IP addresses.
IMPORTANT
The same IP address is not expected for more than one server or workstation.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
77
Chapter 2
Configure System Servers
Confirm Computers in DHCP Server
You can confirm all computers in the DHCP server by accessing the Address
Leases folder.
Complete the following steps.
1. From the Server Manager, click Tools and choose DHCP.
The DHCP dialog box appears.
2. Select DHCP><domain controller>>IPv4>Scope>Address Leases.
The Name column lists the computers.
IMPORTANT
The IP address that is assigned to all system computers needs to match the
IP addresses in the DNS list.
Proceed to page 79 to place the users and groups into the Active Directory.
78
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Create Groups and Users
Use a domain controller
with these procedures.
Chapter 2
From operators and maintenance personnel to engineers, the domain controller
manages groups in the active directory.
Complete these steps for only a parent domain controller.
1. From the Server Manager, click Tools and choose Active Directory Users
and Computers.
PADCA
2. On the Active Directory Users and Computers dialog box, expand the
domain folder (System.PlantPAx.local).
3. Right-click Users and choose New>Group.
4. Type the group name and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
79
Chapter 2
Configure System Servers
5. Repeat step 4 for all application groups, including the following:
• PlantPAx Operating Supervisor
• PlantPAx Maintenance
• PlantPAx Maintenance Supervisor
• PlantPAx Manager
• PlantPAx Engineering
• PlantPAx Administrator
6. On the Active Directory Users and Computers dialog box (with the Users
folder still selected), right-click New and choose User.
The New Object User dialog box appears.
7. Type the name of a user and initials.
Our example shows ‘Jorge’. For better tracking and auditing, we suggest
that you use the names of the personnel operating your system.
IMPORTANT
We do not recommend using 'generic users' such as 'Operator' or 'Admin' to
share on the system.
8. Type a user logon name and click Next.
80
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
9. Type the initial user password twice.
10. Click ‘User must change password at next logon’ and click Next.
This procedure gives a user a unique password that, for security purposes, a
user can change any time.
TIP
You can consider checking the ‘Password never expires’ box to prevent
from being locked out if the password expires.
11. Click Finish.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
81
Chapter 2
Configure System Servers
Assign Users to Group
The created users are not yet members of any group. Complete the following
steps to assign the users to a group.
Assign a User to the PlantPAx Operators Group
In this section, individual users are assigned to the PlantPAx Operators group.
1. In the Active Directory Users and Computers window, choose the Users
folder, right-click on a group and choose Properties.
Our example group is PlantPAx Operators.
The PlantPAx Operators Properties dialog box appears.
82
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
2. In the PlantPAx Operators Properties dialog box, click the Members tab.
This tab shows the members of the PlantPAx Operators group. (Our
example shows no members.)
3. Click Add.
4. Type the user name ( Jorge in our example) in the text box and click OK.
5. Repeat step 3 and step 4 to add more users.
TIP: To search for a user name, type a few letters
of the name into the text box and click
Check Names.
6. The PlantPAx Operators Properties dialog box now shows all users that
you added in the previous steps. ( Jorge in our example.)
IMPORTANT
Do not use more than one PlantPAx group for a single user to prevent being
denied access. The following dialog boxes show how to identify members that
are assigned to groups.
7. Click OK to close the PlantPAx Properties dialog box.
The following confirms the user assigned groups.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
83
Chapter 2
Configure System Servers
8. In the Active Directory Users and Computers window, right-click on an
individual user name ( Jorge in our example) and choose Properties.
The Operator Properties dialog box appears. The 'Member of ' tab shows
the groups that 'Jorge' is a member of (PlantPAx Operators in our
example).
9. Click OK to close the Operator Properties dialog box.
84
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure System Servers
Chapter 2
Assign a User to the PlantPAx Administrator Group
IMPORTANT
In the previous procedure, a user was added to a group by using the group
properties.
In this procedure, a user is added to a group by using the individual user
properties.
1. In the Active Directory Users and Computers dialog box, choose the Users
folder, right-click on a user (Harry in our example) and choose Properties.
The Properties dialog box appears and 'Harry' is not a member of
any groups.
2. Click Add.
3. Type the group name in the text box and click OK.
TIP: To search for a user name, type a few letters
of the name into the text box and click
Check Names.
'Harry' is now a member of the PlantPAx Administrator group.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
85
Chapter 2
Configure System Servers
4. Click OK.
IMPORTANT
86
We recommend for a production environment to disable the Windows
Administrator account and use a new PlantPAx Administrators Users
Group. Do not use default passwords.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Chapter
3
Configure Group Policy Management
We recommend group policy management as a part of the infrastructure design.
Policies help reduce the maintenance and complexity when you add new users
and computers into the PlantPAx® system. Once that you have configured specific
policies on a domain controller, you do not have to configure the same policies on
the domain computers.
The policies determine what users can and cannot do, such as password
maintenance or to restrict folder access. The same approach applies for how to
define server maintenance.
By carefully planning the control of multiple policies in the Active Directory
environment, you can reduce the cost of system ownership. Group Policy Objects
(GPOs) administer the set of policies that centralize all settings.
This chapter describes procedures to manage configurations for your domain
controller. The optional techniques include the following:
• Windows Time Service with an NTP server
• Group access level definition
• USB drive protection
The settings that are outlined are recommendations; your business, IT, and
security requirements could require additional policies.
Figure 9 on page 88 shows the topics that are described in this chapter.
Considerations
Consider the following suggestions before starting this chapter:
• Although this chapter offers optional configurations for domain
controllers, we strongly encourage the use of the techniques for a
centralized administration.
• This layer of protection does not supersede any anti-virus protection or
other protection methods. It is best practice to have antivirus software that
is installed on your PlantPAx servers and workstations.
See Knowledgebase Answer ID 35330 at
http://www.rockwellautomation.custhelp.com for more information on
compatibility and considerations when you install antivirus software.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
87
Chapter 3
Configure Group Policy Management
Figure 9 contains the topics that are described in this chapter. Click or see the
page number for quick access to a section.
Figure 9 - Group Policy Management Workflow
Start
Default Domain Controller Policy
• Configuring the NTP Server
See page 89
Default Domain Policy (NTP)
See page 96
• Enforcing the Domain Policy
PlantPAx Users Policy Object
See page 102
• Define Group Access Level
• USB Drive Protection
• Software Access Restriction
See Chapter 4
88
Configure FactoryTalk® Components
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Default Domain Controller
Policy
Use a domain controller
with these procedures.
PADCA
Chapter 3
This section describes how to configure Windows Time Service as a Network
Time Protocol (NTP) server and client. The domain is responsible to propagate
and enforce the clock time to the domain computers. This policy functionality
helps verify that all computers are synchronized with the NTP server.
For your convenience, the procedures are presented in two subsections:
• Configuring the NTP Server
• Enforcing the Domain Controller Policy
Configuring the NTP Server
Complete these steps to edit the default domain policy to define the NTP server.
1. Click
to open the Server Manager.
2. Click Tools and choose Group Policy Management.
The Group Policy Management dialog box appears with the
system domain.
3. Right-click Default Domain Controllers Policy and choose Edit.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
89
Chapter 3
Configure Group Policy Management
The Group Policy Management Editor dialog box appears.
4. Click to expand the Computer Configuration folder and choose
Policies>Administrative Templates>System.
5. In the System folder, click Windows Time Service.
6. Click to expand Windows Time Service and click Time Providers.
7. In the Time Providers folder, choose Configure Windows NTP Client.
90
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Chapter 3
The Configure Windows NTP Client dialog box appears with default
information for the NTP server.
8. Click Enabled and type information as shown in the sample box.
The configuration data propagates the GPS signal through the NTP server
to the domain computer.
Default information
9. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
91
Chapter 3
Configure Group Policy Management
10. In the Time Providers folder, choose Enable Windows NTP Client.
11. Click Enabled and then click OK.
92
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Chapter 3
12. Click Enable Windows NTP Server.
13. Click Enabled and then click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
93
Chapter 3
Configure Group Policy Management
The Group Policy Management Editor reappears with the NTP server
states ‘enabled’
14. Close the Group Policy Management Editor dialog box.
Enforcing the Domain Controller Policy
Use a domain controller
with these procedures.
This section describes how to enforce the domain computers to use the NTP
server settings (see page 91).
Complete these steps.
PADCA
1. Repeat step 1 and step 2 on page 89 to access the Group Policy
Management dialog box.
2. Expand the Domain Controllers folder and click Default Domain
Controllers Policy.
3. Choose Authenticated Users in the Security Filtering box and
click Remove.
94
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Chapter 3
A warning pop-up box could appear.
4. Click OK.
5. Click Add, Domain Controllers, and then OK.
6. Right-click Domain Controllers and choose Enforced.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
95
Chapter 3
Configure Group Policy Management
A pop-up window appears.
7. Click OK.
Default Domain Policy (NTP)
Use a domain controller
with these procedures.
This section describes how to configure and enforce all servers and workstations
to be connected to the domain controller as an NTP client server. The clock time
is synchronized with the domain controller.
Complete these steps.
1. Repeat step 1 and step 2 on page 89 to access the Group Policy
Management dialog box.
2. Right-click Default Domain Policy and choose Edit.
PADCA
96
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Chapter 3
The Group Policy Management Editor dialog box appears.
3. Click System and choose Windows Time Service.
4. Click to expand Windows Time Service and click Time Providers.
5. In the Time Providers folder, choose Configure Windows NTP Client.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
97
Chapter 3
Configure Group Policy Management
6. Click Enabled and type information as shown in the sample box.
The configuration data associates the domain controllers with the
NTP client server.
98
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Chapter 3
7. Click Time Providers (in the Windows Time Service folder) and click
Enable Windows NTP Client.
The Enable Windows NTP Client dialog box appears.
8. Click Enabled and then click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
99
Chapter 3
Configure Group Policy Management
The Group Policy Management Editor reappears with the NTP
Client-server states ‘enabled.’
9. Close the Group Policy Management Editor dialog box.
Enforcing the Domain Policy
Use a domain controller
with these procedures.
This section describes how to enforce the servers and workstations that are
associated with the domain controller to use the NTP client settings (see
page 98).
Complete these steps.
PADCA
1. Repeat step 1 and step 2 on page 89 to access the Group Policy
Management dialog box.
2. Expand the domain folder and click Default Domain Policy.
3. Choose Authenticated Users in the Security Filtering box and
click Remove.
100
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Chapter 3
A warning pop-up box could appear.
4. Click OK.
5. Click Add, type an object (Domain Computers), and then click OK.
6. Right-click the domain and choose Enforced.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
101
Chapter 3
Configure Group Policy Management
A pop-up window could appear.
7. Click OK.
PlantPAx Users Policy Object
Use a domain controller
with these procedures.
You can create policies for a group of users that restricts privileges and site access.
This section describes how to select a group and enforce a policy. For example, a
selected group of users cannot use USB drives for system security.
Define Group Access Level
Complete these steps to select a specific group of users to link to a policy.
1. Repeat step 1 and step 2 on page 89 to access the Group Policy
Management dialog box.
PADCA
2. In the system domain folder, right-click Group Policy Objects and
choose New.
3. Type a name for the Group Policy Object and click OK.
4. Open Group Policy Objects and click the name that you create in step 3.
102
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Chapter 3
5. Select Authenticated Users in the Security Filtering box and click Remove.
6. A pop-up window could appear.
7. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
103
Chapter 3
Configure Group Policy Management
8. Click Add, type a group (PlantPAx Operators as an example), and
click OK.
9. Right-click the domain and choose Link an Existing GPO.
104
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Chapter 3
10. Select a users group name and click OK.
11. Right-click the domain and choose Enforced.
12. Right-click the domain (in the left pane), click New Window from Here,
and then click the Linked Group Policy Objects tab.
The policy and the affected group are confirmed as enforced and linked.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
105
Chapter 3
Configure Group Policy Management
Use a domain controller
with these procedures.
USB Drive Protection
Complete these steps to restrict a group of users from using a USB drive.
1. Repeat step 1 and step 2 on page 89 to access the Group Policy
Management dialog box.
PADCA
2. In the system domain folder, right-click PlantPAx Users Policy Objects
and choose Edit.
The Group Policy Management Editor dialog box appears.
3. Click to expand the User Configuration folder and choose
Policies>Administrative Templates>System.
4. In the System folder, click Removable Storage Access and choose All
Removable Storage classes: Deny all access.
106
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Chapter 3
5. Click Enabled and OK.
Software Access Restriction
Complete these steps to restrict a group of users from using
non-approved software.
1. Repeat step 1 and step 2 on page 89 to access the Group Policy
Management dialog box.
2. In the system domain folder, right-click PlantPAx Users Policy Objects
and choose Edit.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
107
Chapter 3
Configure Group Policy Management
The Group Policy Management Editor dialog box appears.
3. Click to expand the User Configuration folder and choose
Policies>Administrative Templates>System.
4. In the System folder, double-click Don’t run specified Windows
applications.
5. Click Enabled, Show, and then type any application software to create an
access restriction.
108
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Group Policy Management
Chapter 3
6. Click OK.
The Don’t run specified Windows application dialog box confirms
the policy setting.
7. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
109
Chapter 3
Configure Group Policy Management
Notes:
110
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Chapter
4
Configure FactoryTalk Components
In the FactoryTalk® architecture, there are two separate directory types: Local and
Network. The Network Directory coordinates the communication between the
system elements on multiple clients and servers, such as data servers, HMI
servers, and alarm and event servers. If all of your products reside on one
computer, you can use the Local Directory.(1)
In a PlantPAx® system, the FactoryTalk Directory (FTD) centralizes and shares
information across multiple computer systems. The FTD makes this information
available through a lookup service to all software products that participate in
an application.
Windows Domain
FactoryTalk
Directory
IMPORTANT
It is required to have a user name and password with administrator privileges
to install FactoryTalk software and to specify an FTD location. Use the
same user name and password for all FactoryTalk installations on the
PlantPAx system.
See Figure 10 on page 112 for the topics that are described in this chapter.
Considerations
Consider the following suggestions before starting this chapter:
• The FTD server does not require redundancy to maintain availability of
the system if the FTD server fails. The FTD information is cached on each
computer that is participating in a distributed application as long as the
computer had previously accessed the FTD server.
• For compatibility purposes, you must install software components, such as
FactoryTalk® Services Platform. You also can use the Product
Compatibility and Download Center (PCDC) at
http://www.rockwellautomation.com/global/support/pcdc.page.
(1) Some FactoryTalk products, such as FactoryTalk® VantagePoint®, can address multiple FactoryTalk Directories.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
111
Chapter 4
Configure FactoryTalk Components
Figure 10 contains the topics that are described in this chapter. Click or see the
page number for quick access to a section.
Figure 10 - FactoryTalk Components Workflow
Start
Configure the FactoryTalk Directory
• Enable Windows Firewall
• Define Network Directory
See page 113
No
Virtual
Environment
Yes
Virtual Image Templates
User Manual,
publication 9528-UM001
License FactoryTalk® Activation
• Open Activation Manager
See page 119
No
Patches
Yes
Use FactoryTalk Patches From the PCDC
See page 121
See Chapter 5
112
Configure FactoryTalk® Security
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Components
Configure the FactoryTalk
Directory
Use servers and workstations
with these procedures.
Chapter 4
The PlantPAx system is integrated as a directory to all system computers as
defined by the FTD. The following procedures must be completed for all
computers in the PlantPAx system.
1. Click the Programs symbol and choose Rockwell
Software®>FactoryTalk Tools>FactoryTalk Directory
Configuration Wizard.
All Servers and Workstations
2. Select ‘Configure the FactoryTalk Network Directory’ and click Next.
IMPORTANT
The FactoryTalk Local Directory is optional. But, you must use
FactoryTalk® View Machine Edition (ME) software with the
Local directory.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
113
Chapter 4
Configure FactoryTalk Components
3. Type any Windows administrator user name and password for the
Network Directory, and click Next.
Use the same user name and password for Network and Local directories.
4. Click Close.
114
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Components
Chapter 4
Enable Windows Firewall
Although an option, we suggest that you configure the Windows Firewall utility.
This utility creates necessary firewall rules to provide communication between
system elements. Complete these steps.
1. Click the Programs symbol and choose Rockwell
Software>FactoryTalk Tools>Windows Firewall Configuration Utility.
2. Click Accept and select ‘On with Exceptions’ for the new Firewall state.
3. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
115
Chapter 4
Configure FactoryTalk Components
Define Network Directory
The Network Directory must be the same for all system computers. Any PASS
server can be used as the FTD server.
1. Click the Programs symbol and choose Rockwell
Software>FactoryTalk Tools>Specify FactoryTalk Directory Location.
2. Click Browse (ellipsis ‘…’) on the FactoryTalk Directory Server Location
Utility dialog box.
3. Type the same user name and password (with Administrator privileges)
that you used to configure the Network and Windows Directory.
4. Click OK.
116
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Components
Chapter 4
5. Select Remote computer and type the FactoryTalk Directory server.
For example, PASS01. You also can browse for a network name.
6. Verify the desired FactoryTalk server appears in the computer hosting text
box, and click OK.
7. Click OK on the message box.
This message is a reminder to restart the computer after you finish
adding all servers and workstations to the FactoryTalk Directory.
8. Log on by using the server user name and password as shown in step 3.
9. Restart the computer.
10. Repeat step 5 through step 8 for all servers and workstations in the
PlantPAx application.
11. Shut down and restart the computer.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
117
Chapter 4
Configure FactoryTalk Components
When complete, the FTD computers appear in the FactoryTalk®
Administration Console.
Proceed to page 119 to activate software licenses.
118
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Components
Use FactoryTalk Activation to
Apply Licenses
Use the PASS with
these procedures.
Chapter 4
FactoryTalk Activation software provides a secure, software-based system to
apply Rockwell Automation® licenses for continuous use of FactoryTalk software
and other Rockwell Automation® software products.
With FactoryTalk Activation software, there is no need for a physical
master disk or any physical media. Instead, activation files are generated and
distributed electronically.
Open Activation Manager
PASS01
On the selected Activation Manager computer, start the activation process by
opening the FactoryTalk Activation Manager.
1. Click the Programs symbol and choose Rockwell
Software>FactoryTalk Activation>FactoryTalk Activation Manager.
The FactoryTalk Activation Manager window appears.
2. Click Help to use the instructions to complete the activations.
For additional instructions and information on activation types, host IDs,
and how to use a plug-and-play dongle, see Activate Rockwell Software
Products, publication FTA-QS002.
You also can use the website at https://activate.rockwellautomation.com.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
119
Chapter 4
Configure FactoryTalk Components
Table 12 provides some guidelines after you activate the software.
Table 12 - Activation Considerations
Consideration
Details
Software that is not activated
If the components you have installed cannot be activated, for example, because the activation server is unavailable,
then the software continues to run for up to seven days. The seven-day grace period provides time to correct the
problem with acquiring activations, without disrupting critical applications. If activation is restored within seven days,
normal operations resume. If activation is not restored, the grace period expires. After the grace period expires, if you
restart the components and activation remains unavailable, the software runs for two hours in Demo mode.
Location of activation server
The PASS is the primary choice for activation management and is recommended to be the location of the activation
server. In the instance that the PASS is not an acceptable location, for example, when you make use of a redundant PASS
solution, the EWS is the secondary choice. In this instance, the EWS can be a dedicated station with a permanent
Ethernet connection to the system. The FactoryTalk Activation software can be configured to run as both a server and
client utility.
Options for adding activation files to the PASS
To make concurrent floating activations available to activation clients, first you must download the activation files to
the activation server computer, from the Rockwell Automation Activation window.
If the PASS has internet access, see Open Activation Manager on page 119.
If the PASS does not have internet access, the activations can be downloaded on another computer with internet
connectivity and then transferred to the PASS.
Protect activation files
Activation files are simple text files that must have a .lic extension.
As long as the .lic extension is retained, you can copy or rename an activation file without harming it. However,
tampering with text inside the activation file can disable your Rockwell Software® products.
If an activation file is damaged or deleted, contact Rockwell Automation Technical Support.
For safekeeping, keep an original set of your activation files on back-up media. Use descriptive names for the files, so
that you can identify them later, and copy them back to the appropriate computers.
Activation files are locked to the Host IDs of the computers (or dongles) that need them. Activation fails for Rockwell
Software products on a computer where the specified Host ID is not recognized by the activation file.
Proceed to page 121 to learn how to access and configure software patches.
120
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Components
Use FactoryTalk Patches
From the PCDC
Use a workstation with
these procedures.
Chapter 4
We recommend that you periodically review and update the available software
patches and firmware updates for the Rockwell Automation components on your
PlantPAx system. Before implementing Rockwell Automation updates, we
recommend that you verify them on a non-production system, or when the
facility is non-active. Verification helps to make sure that there are no unexpected
results or side effects.
You must restart a computer after installing each patch.
All Computers
IMPORTANT
If you are installing a new PlantPAx system, we recommend that you use the
specifications in the PlantPAx Selection Guide, publication PROCES-SG001.
1. Click http://www.rockwellautomation.com/rockwellautomation/
support/downloads.page to open the Product Compatibility and
Download Center (PCDC).
You also can access the PCDC link from the ab.com website.
2. Under Download, click Find Downloads.
3. In the Product Search text box, type Patches.
The search results appear under the Search text boxes.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
121
Chapter 4
Configure FactoryTalk Components
4. Double-click the search results.
Our example is FactoryTalk View Patch Rollup CPR SRx.
The latest version appears in the right column.
5. Do one of the following items:
• If you need an earlier version, click the search results to access a list.
Select a desired category and click Downloads.
• To use the current version, click Downloads.
122
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Components
Chapter 4
6. Click the Show Downloads button.
7. In the Downloads list, click each box to add the item to the
Download Cart.
The number of items in the cart increase proportionally to the number of
boxes that you click. To remove an item from the cart, click a box to
remove a check mark.
8. Click the Download Cart and then click Download Now.
You need a user name and password to download files.
9. Read the software license agreement and click Accept.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
123
Chapter 4
Configure FactoryTalk Components
There are two ways to download the patches: managed or direct (browser).
10. We recommend that you click Managed Download.
11. Click Run.
The Download Manager opens.
A progress bar shows the installer path to the download folder.
12. Click Open underneath the progress bar (next to the download
folder path).
Copy the downloaded patch folder to all PlantPAx servers and
workstations for which the patch applies.
13. Right-click InstallAllPatches and click Run as administrator.
124
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Components
Chapter 4
14. Click Y (yes) to install the patches.
The Patch File Validator dialog box appears with the correct validator
selection and status ‘Step 4 - Press Validate’.
TIP
Be patient for this automatic validation can take a few minutes.
The patch indicators are the following:
• No check mark – Patch not installed
• Green check mark – Patch installed
• Red check mark – Incorrect installation
15. Click Close.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
125
Chapter 4
Configure FactoryTalk Components
Notes:
126
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Chapter
5
Configure FactoryTalk Security
FactoryTalk® Security provides access restriction to only those individuals who
legitimately need access to specific automation assets. FactoryTalk Services
Platform (FTSP) includes the FactoryTalk Administration Console that provides
the interface for configuring your system.
This chapter describes how to administer privileges to users and groups to define
who can access hardware devices and software products. Permissions authenticate
a person's identity and authorize that person to access that resource and perform
only allowed actions. The centralized security system with a modern DCS, such
as the PlantPAx® system, helps to make sure the data that is being received and
processed is from a trusted source.
The Users and Groups in the FactoryTalk View console lets you control who
accesses the FactoryTalk system and from which computer. Access can be
restricted to a single user or group of users to help simplify the administration of
permissions.
When setting up security, create groups first and grant the appropriate
permissions to the group. With groups, you create a security structure without
needing to know exactly the users that comprise the groups. When users are
added to the group, they inherit the permissions that are granted to the group.
Considerations
As shown in Figure 11, there are groups that require separate configuration:
• External – Involves Windows-linked user groups in a domain controller
• Internal – Includes users not in a domain but grouped in the
FactoryTalk Directory (FTD).
The overlap between these two groups creates a hybrid group.
Figure 11 - Users and Groups Example
Hybrid
External
IMPORTANT
Internal
Even if your application has a domain, we highly recommend that you
configure a hybrid group. The internal connections, via the hybrid, permit
operations to continue in the event of the loss of a domain connection.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
127
Chapter 5
Configure FactoryTalk Security
Figure 12 contains the topics that are described in this chapter. Click or see the
page number for quick access to a section.
Figure 12 - FactoryTalk Security Workflow
Start
Configure FactoryTalk Users and Groups
See page 129
Define FactoryTalk System Policies
See page 135
• External Users and Groups
• Internal Users and Groups
•
•
•
•
•
Use Default Terminal Client
Use the Same FactoryTalk Log In
Use Default Terminal Client
Restrict Application Authorization
Audit Security Actions
Define the Security System Policy
See page 139
Define FactoryTalk Product Policies
See page 141
See Chapter 6
128
Configure Controller Security
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Security
Configure FactoryTalk Users
and Groups
Chapter 5
The FTD stores information about which users have access to the parts of a
control system. During the logon, FactoryTalk security uses this information to
verify the user’s identity and then permissions that are assigned to the user.
Authorized users can then access secured parts of the application.
Use an Engineering Workstation
with these procedures.
External Users and Groups
EWS
This section includes procedures for creating Windows-linked user accounts.
These accounts exist in a Windows domain but you must assign access rights to
validate that the users are authorized for the work that is approved for the group.
(Domains are explained in Chapter 2.)
Complete these steps.
1. Click the Programs symbol and choose Rockwell Software®
>FactoryTalk Administration Console.
2. Select the network directory and click OK.
3. Under the Network Directory, click System and then Users and Groups to
expand both folders.
4. Right-click User Groups and choose New>Windows-Linked User Group.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
129
Chapter 5
Configure FactoryTalk Security
5. Click Add and then Advanced on the following screens.
6. To search for the PlantPAx groups in the domain, click Locations and
choose Entire Directory>System.PlantPAx.local.
7. Click OK.
130
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Security
Chapter 5
8. Click Advanced and then Find Now to select PlantPAx groups.
9. Select all desired windows-linked groups and click OK.
10. To accept the selections, click OK on the following dialog boxes.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
131
Chapter 5
Configure FactoryTalk Security
All of the domain groups are listed under the FTD User Groups.
Internal Users and Groups
Use an Engineering workstation
with these procedures.
This section describes how to create an internal and a hybrid users group for
smaller systems that don’t have a domain infrastructure. A hybrid group, which is
composed of external (domain) and internal (FTD) users, is recommended for
continued operation if the domain connection is lost.
Complete these steps.
EWS
1. Click the Programs symbol and choose Rockwell Software
>FactoryTalk Administration Console.
2. Select the network directory and click OK.
3. Under the Network Directory, click System and then Users and Groups to
expand both folders.
4. Right-click User Groups and choose New>User Group.
132
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Security
Chapter 5
5. Type a new user group name and click OK.
6. Right-click the Users folder, and choose New>User.
7. Type a new user name and description.
8. Enter a password and then type the same password as confirmation.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
133
Chapter 5
Configure FactoryTalk Security
9. In the Group Membership tab, choose Add, and then select a group to be
linked to the new user.
10. Click OK.
11. Repeat step 4 through step 10 to add a new local group and users to
the system.
You also can create guest users with known passwords to control this type
of access on the system.
Proceed to page 135 to set up user permissions.
134
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Security
Define FactoryTalk System
Policies
Chapter 5
This optional section describes how to use Remote Desktop Services (RDS) to
access FactoryTalk applications, such as thin clients.
Use Default Terminal Client
Use an Engineering Workstation
with these procedures.
You have two server options: terminal client or server computer; terminal being
the default.
1. On the network directory (see steps 1…2 on page 132) under System>
Policies>System Policies, double-click Security Policy.
EWS
2. On the Policy Settings dialog box under Computer Policy Settings, leave
terminal client as the default for remote desktop services to be available.
TIP
Select Server computer from the pull-down menu and click OK if you
want external client computers to be able to log in to the FTD without
any pre-configuration. This option, however, does not let you track
specific actions from the terminal client.
3. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
135
Chapter 5
Configure FactoryTalk Security
Use the Same FactoryTalk Log In
You have options to enable/disable access to multiple FactoryTalk products with
the same FTD log in.
1. On the network directory (see steps 1…2 on page 132) under
System>Policies>System Policies, double-click Security Policy.
2. Scroll down to Single Sign-On Policy Settings and leave Enabled as
the default.
This setting lets you use the same FactoryTalk log in for multiple products.
TIP
Select Disabled from the pull-down menu if you want separate logins
to be used for each FactoryTalk product.
3. Click OK.
136
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Security
Chapter 5
Restrict Application Authorization
You can verify and configure FactoryTalk Services application authorization.
1. On the network directory (see steps 1…2 on page 132) under
System>Policies>System Policies, double-click Application Authorization.
2. In the (lower) Settings section of the dialog box, use the ‘Enable Default
Access’ default.
This setting automatically authorizes application access.
3. If you want to require application verification, click ‘Verify Publisher Info’
and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
137
Chapter 5
Configure FactoryTalk Security
Audit Security Actions
You can enable an audit to track configurations and security.
1. On the network directory (see steps 1…2 on page 132) under
System>Policies>System Policies, double-click Audit Policy.
2. Under Audit Policy Settings, select Enabled from the Audit security access
successes pull-down menu.
3. Click OK.
Proceed to page 139 to determine security permissions for groups and
users.
138
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Security
Define the Security System
Policy
Use an Engineering Workstation
with these procedures.
Chapter 5
This section describes how to configure permissions for groups and users to
perform actions that are based on their security levels. The access level can be
based in the domain or local groups, however, the user needs to be a member of
only one single group. For example, if you are a member of the Administrators
and the Operators groups and you are denied access, you lose Administrator
permissions. You have the lowest security access in both groups.
Complete these steps.
EWS
1. On the network directory (see steps 1…2 on page 132) under
System>Policies, right-click System Policies and choose Security.
2. On the Permissions tab of the Security Settings for Systems Policies dialog
box, click Add.
The Select User and Computer dialog box appears.
3. Select a PlantPAx group and click OK.
4. Repeat step 3 to add each group.
5. When all groups are added, select one group at a time in the top half of the
Security Settings for System Policies dialog box.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
139
Chapter 5
Configure FactoryTalk Security
6. In the lower half of the dialog box, do one of the following actions:
• Click the ‘Allow’ or ‘Deny’ box for a bold-faced category to select all
the boxes.
• Click ‘+’ in front of a bold-faced category to display a list of
subcategories. Click each ‘Allow or ‘Deny’ box.
If Deny is selected, a warning message appears.
7. Click ‘Yes’ to verify a permission that is being denied, if applicable.
8. Click OK when finished.
Table 13 is an example of security permissions per group classification.
Table 13 - Group Security Levels
System Policies
Operator
Operator
Supervisor
Maintenance
Maintenance
Supervisor
Manger
Engineer
Administrator
Configure Security
Deny
Deny
Deny
Deny
Deny
Allow
Allow
Create Children
Delete
Execute
List Children
Read
Write
See Appendix A for a Microsoft Excel spreadsheet that contains suggested
security permissions. The tabs include permissions for System Policies, Product
Policies, Computer and Groups, Network and Devices, Users and Groups and
Connections.
140
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure FactoryTalk Security
Define FactoryTalk Product
Policies
Use an Engineering Workstation
with these procedures.
Chapter 5
This section describes how to define users and groups with controller security in
FactoryTalk software. Complete these steps.
1. On the network directory, click System>Policies>Product
Policies>RSLogix 5000®>Feature Security.
You also can configure feature security by clicking System>Policies,
right-click Product Policies and choose Feature Security.
2. On the Policy Settings tabs, click Controller Secure.
EWS
3. Click Browse (…).
4. Click Add, select a PlantPAx group, and then click OK.
5. Repeat step 4 to add all desired groups.
6. Click the ‘Allow’ or ‘Deny’ box.
7. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
141
Chapter 5
Configure FactoryTalk Security
Notes:
142
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Chapter
6
Configure the Controller
This chapter describes how to enable system communication and security
enhancements for PlantPAx® system controllers. We assume that you have a basic
understanding of the operation of Rockwell Automation® controllers. We do
recommend that you review the sizing guidelines in the PlantPAx® Distributed
Control System Selection Guide, publication PROCES-SG001, to use the
controller that fits your system requirements
To help mitigate the risk of data intrusion, controllers have enhanced protection
with the Studio 5000 Logix Designer® application. The layer of device protection
is independent of FactoryTalk® software security.
The security enhancements include the following (with the last three being
independent of FactoryTalk):
• Security Server Validation—To access a secured controller or project file,
the application verifies via the FactoryTalk Directory that you are
authorized for such use.
• Restricted Communication—ControlLogix® controllers accept
communication only through selected slots.
• Restricted External Data Access—External Access and Constant tag
attributes control access to tags and safeguard against changes to
their values.
• Source Protection—A source key can be applied to routines and
Add-On Instructions to guard against code from being edited inside the
Logix Designer environment.
Considerations
Consider the following suggestions before starting this chapter:
• Prioritize your system security level to match the authorized users in
FactoryTalk Security.
• If you choose code restriction, you must install the Source Protection
option that is included with the Studio 5000 environments.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
143
Chapter 6
Configure the Controller
Figure 13 shows the topics that are described in this section. Click or see the page
number for quick access to a section.
Figure 13 - Controller Security Workflow
Start
Use Architect for Controller Initiation
See page 145
Change Controller Properties
See page 147
Configure Network Adapters
See page 150
Synchronize the Project
See page 152
Configure RSLinx® Classic Software
See page 153
Download the Controller
See page 156
Enable Controller Security
See page 157
See Chapter 7
144
•
•
•
•
•
Create a Controller Logical Name
Configure Authority Identifier
Configure Communication Restrictions
Configure Data Restrictions
Configure Code Restrictions
Configure Time Synchronization
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Use Architect for Controller
Initiation
Use an Engineering Workstation
with these procedures.
EWS
Chapter 6
The Studio 5000 Architect™ application provides a controller with pre-defined
functionality that is based on the selected system template. Once you select a
template and create a project, you must configure RSLinx® software to
communicate the software data to the controller.
There are three templates available depending on the size and scope of
your project:
• Distributed Architecture– Multiple Process Servers: Contains two
PASS servers; multiple Operator Workstations (OWSs), and an
Engineering Workstation (EWS).
• Distributed Architecture – Single Process Server: Contains one PASS
server; multiple Operator Workstations (OWSs), and an Engineering
Workstation (EWS).
• Process Skid with Logix Batch Sequence Manager: Skid-based
equipment that includes three CompactLogix™ controllers and one
PanelView™ terminal to be integrated into overall system.
Complete these steps to select a template.
1. Click the Programs
Studio 5000®.
symbol and choose Rockwell Software®>
The Studio 5000 Common Launcher appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
145
Chapter 6
Configure the Controller
The New Project dialog box appears.
2. Under Project Types, click to select Architect and then click the second
template (Distributed Architect - Single Process Server for this example).
TIP
The Common Launcher dialog box is used for all products in Studio
5000 environments. The product types that appear in the left pane
depend on the products that are installed for your workstation.
3. Type a program name and click Finish.
146
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Chapter 6
The Architect canvas appears with a layout of the architecture and a
pre-defined controller for the selected template.
For a detailed description of the Architect application, see the
PlantPAx Distributed Control System Application User Manual,
publication PROCES-UM003.
Change Controller Properties
Use an Engineering Workstation
with these procedures.
This section shows how to use the Studio 5000 Logix Designer® application
inside the Architect project to modify a controller. Changes include how to select
another controller type, assign a name, and to enable redundancy, if applicable.
Complete the following steps.
1. In the top, left pane of the Architect project, right-click a controller
(LGXC01 in our example) and select Open Project in Designer.
EWS
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
147
Chapter 6
Configure the Controller
Wait a short time while the Logix Designer application opens.
2. Click the controller icon
.
The Controller Properties dialog box appears.
You can modify the controller name in the Name field. The template
default is ‘LGXC01’.
If you change the name to a specific area, for example ‘Boiler’, that is the
controller name after the application is synchronized.
148
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Chapter 6
3. To select another controller type, click Change Controller.
4. Click the pull-down menu, select another controller from the list, and
click OK.
5. If you are using a redundant controller, click the Redundancy tab.
6. Check the Redundancy Enabled box (only if you are configuring this
controller for redundancy) and click OK.
7. Click the Save icon
at the top of the Logix Designer window.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
149
Chapter 6
Configure the Controller
Configure Network Adapters
Use an Engineering Workstation
with these procedures.
A local communication adapter added to a Logix controller provides for
communicate with PASS servers and workstations at the Supervisory level.
Complete these steps.
1. Open a Logix Designer project.
2. In the Controller Organizer, right-click the controller backplane and
choose New Module.
EWS
The Select Module Type dialog box appears.
3. Select a communication adapter for your application (Ethernet module in
our example) and click Create.
150
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Chapter 6
The New Module dialog box appears.
4. Type an adapter name and IP address.
See Table 14 for details.
5. Click Change.
6. On the Module Definition dialog box, select Time Sync and Motion from
the Time Sync Connection pull-down.
7. Click OK.
8. Repeat step 2 through step 7 for each slot in the local chassis of the
target controller.
You must synchronize your project to update the changes with the
existing controller information. This option sends the modified project
from Logix Designer back to the Architect application. See page 152.
IMPORTANT
Table 14 - Network Adapter Information
Name
IP Address
Architecture
Cat. No.
LGXC01EN01
172.18.1.101
Star
1756-EN2T
LGXC01EN02
172.18.2.10
Star
1756-EN2T
LGXC01EN03
172.18.3.10
Device Level Ring
1756-EN2TR
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
151
Chapter 6
Configure the Controller
Synchronize the Project
Use an Engineering Workstation
with these procedures.
Complete these steps to update controller information in the
Architect application.
1. In the Architect application, right-click the controller and select
Synchronize Project.
EWS
The Synchronize Summary dialog box appears.
2. To see a preview of the synchronized changes, click ‘+’ to expand
the project.
The changes appear in the Message box.
3. Click OK.
The Ethernet Configuration dialog box appears.
4. Leave the devices and their port configuration as is, and click OK.
A wait message appears while the project is being synchronized.
152
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Configure RSLinx Classic
Software
Chapter 6
Complete these steps to configure RSLinx® Classic software, which is a
communication interface between the controller and FactoryTalk View
software products. Examples show how to configure two drivers: EtherNet/IP
and Ethernet.
Use an Engineering Workstation
with these procedures.
1. Click the Programs
RSLinx Classic.
symbol and choose Rockwell Software>RSLinx>
EWS
The RSLinx Classic dialog box appears.
2. Click the Communications tab and choose Configure Drivers.
The Configure Drivers dialog box appears.
3. From the Available Driver Types pull-down menu, select the EtherNet/IP
Driver and click Add New.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
153
Chapter 6
Configure the Controller
4. To complete the driver selection, click OK and then Close on the
following dialog boxes.
The EtherNet/IP devices in the network appear under the
network communication driver.
154
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Chapter 6
5. To add an Ethernet driver for routing in another network, repeat step 1
and step 2.
6. Select Ethernet devices and click Add New.
7. Click OK and type IP addresses.
8. Click OK.
The Ethernet devices in the network appear under the
network communication driver.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
155
Chapter 6
Configure the Controller
Download the Controller
Complete these steps to download the controller.
1. Open the controller application that your created in Logix Designer.
2. Click the Who Active button.
3. Browse the controller through the communication path (this action
updates the path).
4. Click Download Project Documentation and Extended Properties and
then click Download.
The Download Project Documentation and Extended Properties box
enables multiple parties to share information.
156
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
5. Click the controller
Chapter 6
symbol and select Run mode.
6. Click Yes.
Enable Controller Security
Use an Engineering Workstation
with these procedures.
You must be an authorized user to administer controller security.
IMPORTANT
This procedure requires that you have defined FactoryTalk product policies.
See page 141.
Complete these steps.
EWS
1. In the Controller Organizer of the Logix Designer application,
double-click the controller icon to open the properties.
2. Click the Security tab.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
157
Chapter 6
Configure the Controller
3. From the Tools menu, right-click Security and choose Log On.
4. Type an authorized user name and password and click OK.
See page 116 to configure users with controller security.
5. Click Yes on successive dialog boxes to confirm the project.
6. In the Controller Organizer, double-click the controller to open the
properties dialog box; click the Security tab.
158
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Chapter 6
7. Select FactoryTalk Security Directory from the Security Authority
pull-down menu.
8. Click Use only the selected Security Authority for Authentication and
Authorization and click Apply.
A warning message appears.
Create a Controller Logical Name
Complete these steps to create a name for the controller in the
FactoryTalk Directory.
1. Click the Programs symbol and choose Rockwell
Software>FactoryTalk Administration Console.
2. Browse to the controller and then browse to the communication driver.
3. Right-click the communication driver and choose Properties.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
159
Chapter 6
Configure the Controller
4. On the Device Properties dialog box, click the pull-down and select the
controller name.
If the name does not appear in the Networks and Devices tree, open
RSLinx Classic and go to the controller resource with RSWho. When you
navigate to the resource in RSLinx Classic the controller path
information updates in RSLinx Classic.
TIP
.
5. Click OK.
Configure Authority Identifier
This optional procedure is necessary only if you want to access a controller
project from outside the system and still use FactoryTalk security. Projects that
are secured to a specific Security Authority cannot be recovered if the identifier
of the FTD that is used to secure the project no longer exists.
IMPORTANT
We recommend that you back up the FTD and save unsecured versions of the
project file to a secure location.
Complete these steps.
1. Click the Programs symbol and choose Rockwell Software>FactoryTalk
Administration Console.
2. Click the Tools menu and choose FactoryTalk Security
Authority Identifier.
160
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Chapter 6
3. Click Backup on the message window.
We recommend that you encrypt the file and enter a passphrase that you
use during the restore process.
4. On the Backup dialog box, click ‘Encrypt file contents’ and type a
passphrase; click OK.
Complete these steps to restore a project on another computer.
1. Repeat step 1 and step 2 on page 160.
2. Click Restore on the message window.
3. Select a file and click Next.
4. Type the Restore passphrase and click OK.
5. Select ‘Restore Security Authority in Identifier Only’.
6. Click Finish.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
161
Chapter 6
Configure the Controller
The Logix Designer application can be opened now in a different system
directory. Observe the check in the box for ‘Use only the selected Security
Authority for Authentication and Authorization.’
The following steps are required if the file is returned and the authority identifier
does not work.
1. Click the Programs symbol and choose Rockwell
Software>FactoryTalk Administrative Console.
2. Click the Tools menu and choose FactoryTalk Security
Authority Identifier
3. Click Generate ID.
4. Click Close.
162
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Chapter 6
Configure Communication Restrictions
This section describes how to restrict non-authorized communication modules
from being added to a ControlLogix backplane.
1. In an Architect project, right-click a controller and choose Open Project
in Designer.
2. Under the I/O Configuration folder in the Controller Organizer,
double-click the controller.
The Controller Properties dialog box appears.
3. Click the Security tab.
4. Click Restrict Communication Except Through Selected Slots and then
select each number that represents an authorized communication module
slot in the controller.
Slot positions appear dimmed when selected.
5. Click Apply.
New data communication modules must have authorized access to be
installed in the selected slots.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
163
Chapter 6
Configure the Controller
Configure Data Restrictions
This section describes how to program Logix data tags to control external
application access, such as HMI applications. The three external access tags are
the following:
• Read/Write
• Read Only
• None
1. In an Architect project, right-click a controller and choose Open Project
in Designer.
2. Double-click Controller Tags.
The tags appear in the right pane of the project.
3. To create a write restriction, click Constant to create a Read Only tag.
A Constant tag cannot have its values changed programmatically.
A Constant tag symbol
164
appears in the Value column for the selected tag
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Chapter 6
The Logix Designer compiler prevents write data in the reserved data.
Configure Code Restrictions
Source Protection is applied to routines and Add-On Instructions to prevent
third-party access to components. This section shows how to apply Source keys,
which are user-generated, case-sensitive passwords.
IMPORTANT
You must install the Source Protection tool (Rs5KSrcPtc) on the
Studio 5000 software.
Complete these steps in Offline mode to enable a source key.
1. In an Architect project, right-click a controller and choose Open Project
in Designer.
2. Click the Tools menu and choose Security>Configure Source Protection.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
165
Chapter 6
Configure the Controller
3. To specify a source key location, click Yes on the message window and then
Browse (ellipsis ‘…’) to the path and click OK.
4. Click Yes to confirm the source key file creation (sk.dat).
5. Select any desired routine or Add-On Instruction to be protected, and
then click Protect.
6. Type a source key (and jot down) to be applied and then type the name as
shown in the example graphic, ‘PlantPAxKeyName.’
7. Click OK.
166
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Chapter 6
The source key name appears in the Source Key column.
The source key file (sk.dat) is recorded in the path that you designated
in step 3.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
167
Chapter 6
Configure the Controller
If the source key file is moved from the designated file location, the
component cannot be viewed.
8. To view the component, right-click the source key and choose Make
Viewable.
9. Click Close.
The source key configuration is independent of the FactoryTalk View
security. The source key file (sk.dat) creates a secondary line of
code protection.
168
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Controller
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Chapter 6
169
Chapter 6
Configure the Controller
Notes:
170
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Chapter
7
Configure Time Synchronization
In a PlantPAx® automation system, time synchronization is essential for
controllers, workstations, and servers to reference the same time for any event or
alarm that occurs. To provide accuracy for sequence of events and historical data,
several protocols are available to control and monitor the clocks. The internal
clock deemed the reference is called the Grandmaster clock.
This chapter describes procedures for configuring time-synch applications by
using two common protocols:
• Network Time Protocol (NTP)
• Precision Time Protocol (PTP)
NTP synchronizes time over the plant floor on an Ethernet network. As shown
in Figure 14 and Figure 15, the NTP network uses a time source from the
internet cloud, such as an atomic clock. The NTP server distributes the time
across the network via a domain controller. A firewall rule allows the time source
to be updated by using the external NTP server.
Figure 14 - System Time Synchronization Example Using an External NTP Server
Operator
Workstations
Engineering
Workstations
NTP
External NTP
Time Server
NTP
Domain
Controller
All Switches
NTP Clients
NTP
NT5DS
NTP
Process Automation
and Application Servers
Firewall
UDP
Port123
NTP
Additional Domain Controllers
PTP
NTP
PTP
PTP
LGXC01
PDC
Emulator
Process Automation
and Application Servers
NTP
Clock Sync
Service
Internet
PTP
Clock Sync
Service
PTP
PTP
LGXC02
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
171
Chapter 7
Configure Time Synchronization
The Clock Sync Service can be installed on the PASS servers in the PlantPAx
system. The software tool synchronizes the computer time with the process
controller time. The controller that is synced with the Grandmaster clock
propagates the PTP protocol through the Ethernet communication card
(1756-EN2T, 1756-EN2TR) to the field devices. It’s possible to create a High
Availability system time synchronization by using the Clock Service in more
than one server.
GPS uses a global positioning system for high precision time accuracy. All
components, as shown in Figure 15, with real-time clocks follow the same
reference. However, a 1756HP-TIME module propagates directly to computers,
controllers, and other devices via Ethernet switches.
For more information on time synchronization and CIP Sync, see the Integrated
Architecture® and CIP Sync Configuration manual, publication IA-AT003.
Figure 15 - 1756 Time Example (GPS Reference)
Operator
Workstations
Engineering
Workstations
NTP
NTP
Domain
Controller
All Switches
NTP Clients
NTP
NTP
Process
Automation
and Application
Servers
Process
Automation
and Application
Servers
NTP
NTP
NTP
PTP
PTP
GPS
Antenna
PTP
Considerations
172
Consider the following suggestions before starting this chapter:
• Decide which network time source — external NTP or GPS reference —
that you are going to use. For additional information, see Chapter 1 and
Chapter 3 for switch address configuration and domain controller
connections with an NTP server, respectively.
• To enable CIP Sync functionality in a ControlLogix® controller, select
Time Synchronization in Ethernet adapters by using Logix
Designer software.
• Determine where the Clock Sync Service is going to be installed. We
suggest all PASS servers.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Time Synchronization
Chapter 7
Figure 16 contains the topics that are described in this chapter. Click or see the
page number for quick access to a section.
Figure 16 - Time Synchronization Workflow
Start
Configure Time Sync Via Clock Sync Tool
See page 174
• Configure PTP Time Synchronization for Ethernet Bridges
• Switch Port Modes
• Configure PTP Time Synchronization for Controllers
Configure GPS Time Synchronization
See page 179
See Chapter 8
Configure the PASS
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
173
Chapter 7
Configure Time Synchronization
Configure Time Sync Via the
Clock Sync Tool
The Clock Sync Configuration Tool is a free software tool that is provided by
Rockwell Automation®. The tool, which runs as a service on a personal computer
or a server, synchronizes the computer time with the process controller time.
IMPORTANT
Use any PASS with
these procedures
PASS01, PASS02A,
PASS02B
The Clock software tool version 1.0 is compatible only with physical computers.
WallClockTime is used to set and track the time of day. It is a 64-bit counter that
counts in microseconds. The Clock Sync tool synchronizes the Wall Clocks on
Logix controllers and I/O devices that have CIP Sync capabilities. The clock time
is distributed to the entire system.
Complete these steps.
1. Click the Programs symbol and choose Rockwell Automation®>Studio
5000® Clock Sync Service>Studio 5000® Clock Sync Config Tool.
The Clock Sync Configuration Tool dialog box appears.
2. In the Clock Sync Configuration tab, use the exact information that is
shown, including the PASS01 name.
3. Click Apply.
174
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Time Synchronization
Chapter 7
To enforce the Time Sync Grandmaster, it is necessary to change the local
priority (lower number is a higher priority).
Server
Priority 1(1)
Priority 2
PASS01
125
124
PASS02A
126
125
PASS02B
127
126
(1) Default is 128/128.
If you use the priority values in the table for the servers, it is not necessary
to change the adapters and controllers, which default to 128. The servers
handle the propagation accordingly.
4. Use the exact information for PASS02A and PASS02B.
5. Click Apply.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
175
Chapter 7
Configure Time Synchronization
Configure PTP Time Synchronization for Ethernet Bridges
Use an Engineering Workstation
with these procedures.
EWS
Precision Time Protocol (PTP) enables precise synchronization of clocks in
measurement and control systems. PTP generates a Master-Slave relationship
among the clocks in the system. Clocks, which are synchronized over the
EtherNet/IP network, derive their time from a clock that is selected as the
Grandmaster clock. The Time Sync and Motion option must be enabled for
Ethernet bridge modules to propagate time through the network via switches.
1. In the Architect application, right-click a controller and choose Open
Project in Designer.
2. On the General tab of the Module Properties dialog box, make sure that
‘Time Sync and Motion’ is selected for the connection.
See page 151 for procedures on how to change a Module Definition.
176
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Time Synchronization
Chapter 7
3. If online, click the Time Sync tab to confirm Grandmaster clock settings.
Switch Port Modes
By default, PTP is disabled on all Fast Ethernet and Gigabit Ethernet ports. The
switch supports the following Synchronization Clock modes:
• End-to-End Transparent — In this mode, all switch ports are enabled by
default. The switch transparently synchronizes all slave clocks with the
master clock connected to the switch. This mode causes less jitter and error
accumulation than Boundary mode.
• Boundary — Use this mode for networks with fewer than four layers of
cascaded devices to avoid jitters and errors. The switch becomes the parent
clock to which the other devices that are connected to the switch
synchronize their internal clocks.
• Forward (default) — Traffic is forwarded through the switch (while being
prioritized by QoS) but is not acted on by the switch.
CIP Sync time synchronization supports Boundary and End-to-End Transparent
modes. End-to-End Transparent mode synchronizes all switch ports with the
Grandmaster clock by using the IEEE 1588V 2 End-to-End Transparent clock
mechanism, and is the preferred mode.
For more information, see the Stratix™ Managed Switches User Manual,
publication 1783-UM007.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
177
Chapter 7
Configure Time Synchronization
Configure PTP Time Synchronization for Controllers
A Logix controller that is CIP Sync enabled and designated the Grandmaster
clock is the real-time source for the control system. The controller synchronizes
with the PTP between the controllers and networks. Complete these steps.
1. Using Logix Designer, click the Open Controller™ Properties symbol.
The Controller Properties dialog box appears.
2. On the Date/Time tab, click Enable Time Synchronization.
IMPORTANT
Use your local time to configure the Time Zone and Adjust for
Daylight Saving.
3. Click Advanced.
The status ‘Is a synchronized slave’ appears
when the controller is synchronized.
The Grandmaster clock reference can be confirmed.
4. Click OK.
178
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Time Synchronization
Configure GPS Time
Synchronization
Use an Engineering Workstation
with these procedures
EWS
Chapter 7
The 1756HP-TIME Module is used in the examples for this section. The module
receives the Global Positioning System (GPS) time reference and propagates the
time to the computers by using NTP to the automation devices through PTP
(CIP Sync).
The 1756HP-TIME module obtains time from various sources and provides
time synchronization on other devices, thus acts as a gateway between different
time synchronization methods.
Complete these steps.
1. Using the Logix Designer application, add the 1756HP-TIME module
to your project.
2. Right-click the module to access the Module Properties dialog box.
3. Click the Configuration tab.
4. From the Source pull-down menu, select Internal GPS (Receiver).
5. In the Time Output area, select the desired Time Sync method.
The CIP Sync priority can be changed for the desired Time Sync method.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
179
Chapter 7
Configure Time Synchronization
6. Click the Advanced tab.
You can follow the Master status in the Advanced tab.
7. Click the Time Sync tab.
This tab lets you confirm the Grandmaster Clock and the actual
time status.
180
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Chapter
8
Configure the Process Automation System
Server (PASS)
The Process Automation System Server (PASS) is a required system element for
the PlantPAx® system. The PASS hosts essential software components that run
the system, including the FactoryTalk® Directory (FTD).
This chapter describes how to configure these components that comprise
the PASS:
• HMI server – Stores HMI project components, such as graphic
displays, and provides these components to Operator Workstations
(OWS) upon request
• Data server – Accesses information from the process controllers and
provides information to servers and workstations in the PlantPAx
system
• Alarm and Event server – Provides alarm information from the
controllers and servers to the OWSs upon request.
Considerations
Consider the following suggestions before starting this chapter:
• The PASS server or servers must be deployed before doing the procedures
in this section.
– For templates based on your system requirements, see the PlantPAx
Virtualization User Manual, publication 9528-UM001.
• Determine how many PASS servers are required for your architecture.
– See ‘Determining the Number of PASS Servers’, in the PlantPAx
Distributed Control System Selection Guide,
publication PROCES-SG001.
• PASS servers can be configured as redundant for HMI servers, data
servers, and/or alarm servers.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
181
Chapter 8
Configure the Process Automation System Server (PASS)
Figure 17 shows the topics that are described in this chapter. Click or see the page
number for quick access to a section.
Figure 17 - PASS Workflow
Start
Configure Servers on PASS
See page 183
•
•
•
•
•
Configure the Application
Configure the HMI Server
Primary HMI Server
Configure the Data Server
Configure the Alarm and Event Server
Commit Project
See page 194
Configure Redundancies
See page 195
• Enable HMI Redundancy
• Enable Data Server Redundancy
Create Alarm and Event Database
See page 208
Define HMI Security
See page 211
Configure PanelView™ Plus
See page 216
See Chapter 9
182
• Configure FactoryTalk SE Security
•
•
•
•
Create a FactoryTalk View ME Project
Configure FactoryTalk View ME Security
Configure Time Synchronization for PanelView Terminals
Download the Application
Configure an Application Server
Information Server (AppServ-Info)
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Configure Servers on PASS
Use an Engineering Workstation
with these procedures
Chapter 8
In this section, you configure the human machine interface (HMI) server, data
server, and the Alarms and Events server.
Configure the Application
In this section, you configure the application on an EWS.
Complete the following steps:
EWS01
1. Click the Programs
Studio 5000®.
symbol and choose Rockwell Software®>
The Studio 5000 splash screen appears.
2. Select an existing project (PlantPAx in the example).
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
183
Chapter 8
Configure the Process Automation System Server (PASS)
IMPORTANT
If you want to change the application and/or area name, complete
step 3 on page 184 through step 6 on page 184. If you want to keep
‘PlantPAx’ as the application name and 'Area' as the area name,
continue to Configure the HMI Server on page 185.
3. In the Logix tree, double-click PlantPAx>Projects>PlantPAx.
4. Click OK to accept the default application name 'PlantPAx'.
5. In the Logix tree, double-click PlantPAx>Projects>PlantPAx>Area.
6. If desired, change the Area name and click OK; otherwise click OK to
accept the default Area name 'Area'.
184
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
Configure the HMI Server
The HMI server is configured within your Studio 5000 Architect and
FactoryTalk® View Site Edition (SE) application. The HMI server stores HMI
project components, such as graphic displays, and serves these components to
OWSs upon request. The HMI server can also manage tag databases and log
historical data. Multiple HMI servers can exist on the PlantPAx system.
Use an Engineering Workstation
with these procedures
Primary HMI Server
Complete the following steps.
1. Open the Architect application and a project.
EWS01
2. In the Project Explorer area, right-click Application>Hardware
Diagrams>Process Area>PASS01 and choose Properties.
The Computer Graphics Properties dialog box appears in the
Process Area layout page of an Architect project.
TIP
The following step does not change the name of the actual server, just
the name of the graphical representation of the server.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
185
Chapter 8
Configure the Process Automation System Server (PASS)
3. In the General tab, change the server name to the project name.
4. In the Device tab, type the computer name that hosts the PASS and
click OK.
For example, PASS02
It is also necessary to change,
by hand, the name of the
graphical representation to
the name of the PASS host.
186
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
5. If you need to change the name of the HMI server, click
Projects>PlantPAx>AreaPlantPAx_HMI.
6. Type the new name and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
187
Chapter 8
Configure the Process Automation System Server (PASS)
Configure the Data Server
Use an Engineering Workstation
with these procedures
In this section, we create shortcuts on data servers (RSLinx® Enterprise) to
connect controllers. The communication path to network devices is
automatically updated in a Studio 5000 Architect or FactoryTalk View project.
Complete the following steps.
EWS01
1. If you need to change some configuration, right-click PlantPAx_DAT in
the Project Explorer and choose Properties, to specify the server in the
graphical process display; otherwise, continue with the next step.
Observe in the Communication pane (bottom, left corner) that there is no
connection.
2. Drag the communication module from the LGXC01 chassis and drop it
onto the PASS02A computer.
When the communication module is dropped onto the PASS server, the
Configure Module dialog box appears.
188
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
3. (Optional) Type a Description.
4. Accept the rest of the defaults and click OK.
The communication shortcut is updated with the Adapter name.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
189
Chapter 8
Configure the Process Automation System Server (PASS)
5. Drag the controller from the LGXC01 chassis and drop it into the
PASS02A computer.
The Add New or Modify Existing Shortcut dialog box appears.
An Architect project uses the template controller name by default.
Our example is LGXC01.
We do not recommend that you change the shortcut name.
190
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
6. Accept the defaults and click OK.
The shortcut is created for the controller.
7. Save your work.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
191
Chapter 8
Configure the Process Automation System Server (PASS)
Configure the Alarm and Event Server
Use an Engineering Workstation
with these procedures
The Alarms and Events server is configured within the Studio 5000 Architect
and FactoryTalk View SE application. This server publishes information from
controllers and servers available to all subscribing OWSs.
In this section, we describe how to configure alarm and event servers for
tag-based alarms. We also show how to set the alarm severity.
EWS01
1. If you want to change some Alarm and event configuration, right-click
Projects>PlantPAx>Area>Alarm>PlantPAx_AE in the Project Explorer.
The Tag Alarm and Event Server Properties dialog box appears.
An Architect project defaults the alarm name and host computer.
2. (Optional) In the General tab, type a description and click OK.
192
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
3. In the Priorities tab, accept the defaults and click OK.
For more information on alarm severity, see Appendix B in the Rockwell
Automation® Library of Process Objects Reference Manual, publication
PROCES-RM002.
4. Save your project.
Proceed to page 194 to commit your project.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
193
Chapter 8
Configure the Process Automation System Server (PASS)
Commit Project
When you commit a project, all data is sent from the Architect project to the
FactoryTalk View application. The data is updated in the server for the respective
servers: HMI, Data, and Alarms and Events.
Complete the following steps:
1. In the Project Explorer, right-click PlantPAx>Projects>PlantPAx and
choose Commit Project.
2. In the Commit Summary dialog box and click OK to perform the
commit process.
3. Once a check mark appears next to your project in the Committing
Projects dialog box, the configuration of the servers is complete.
4. To close the Committing Projects dialog box, click Close.
Proceed to page 195 to configure redundancies for the HMI, Data, and Alarms
and Events servers.
194
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Configure Redundancies
Chapter 8
This section creates redundancies for the HMI, Data, and Alarm and Event
servers.
Enable HMI Redundancy
Use a PASS with
these procedures.
This section describes how to copy the primary HMI server application folder to
the secondary HMI server. This procedure is performed only the first time the
primary HMI server is copied.
Copy the Primary HMI Server to the Secondary
PASS02A
In this section, you copy the primary HMI server to a location on the secondary
server.
Complete the following steps:
1. Click the Programs symbol and choose Rockwell
Software>FactoryTalk View>Tools>HMI Server backup and Restore.
The Select Operation dialog box appears.
2. Click 'Backup HMI Server'.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
195
Chapter 8
Configure the Process Automation System Server (PASS)
The HMI server backup dialog box appears.
3. Click Browse for the Source HMI server.
4. Navigate to the primary HMI server that was created earlier and choose
the .sed file.
5. Click Open.
6. Click Browse for the Destination backup path.
The destination is on the same physical machine as the Source HMI
Server. 'Desktop' is a good choice because it's convenient and easy to access.
196
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
7. Choose any destination path and click OK.
‘Desktop’ is our example.
8. Check 'Exclude the dialog filesets'.
9. Click Start Backup.
When the backup is complete, the 'HMI server backup complete' dialog
box appears.
10. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
197
Chapter 8
Configure the Process Automation System Server (PASS)
Copy Primary Folder to Secondary Server
Use a PASS with
these procedures.
The destination folder has to be cut from the primary physical machine and
pasted on the secondary HMI server physical machine.
1. Navigate to the destination folder just created (Desktop in our example),
right-click the folder name, and choose Cut.
PASS02A
2. Paste the HMI server folder into the secondary server folder (Site Edition
(SE) HMI Projects folder).
The default path is:
C:\Users\Public\Public Documents\RSView Enterprise\SE\HMI projects.
198
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Use an Engineering Workstation
with these procedures
Chapter 8
Set Up HMI Redundancy
1. Click the Programs
5000.
symbol and choose Rockwell Software>Studio
The Studio 5000 splash screen appears.
EWS01
2. In the Studio 5000 splash screen, select an existing project (PlantPAx in
the example).
3. In the Project Explorer, right-click PlantPAx>Projects>PlantPAx and
choose Open Project in Designer.
4. In FactoryTalk View Studio, right-click the HMI server name and
choose Properties.
The HMI Server Properties dialog box appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
199
Chapter 8
Configure the Process Automation System Server (PASS)
5. On the General tab, click 'Load and run startup components when
operating system initializes'.
6. Click Apply.
7. Click the Redundancy tab.
8. Check 'Provide redundancy using a secondary server'.
9. Click Browse (ellipses, …) and select the Secondary server.
10. Click OK.
200
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
Server Status
In this section, you verify the status of the Primary and secondary servers.
1. In FactoryTalk View Studio window, right-click the HMI server name and
choose Server Status
2. In the Server Status dialog Box, verify the following:
• The Primary server is correct and 'Active'
• The Secondary server is correct and 'Standby'.
3. Click OK.
Replicate Primary to Secondary
In this section, you replicate the Primary properties from the Primary server to
the Secondary server.
IMPORTANT
Every change that is made in the Primary server must be replicated.
The replication process is always from the Primary to the Secondary.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
201
Chapter 8
Configure the Process Automation System Server (PASS)
1. In FactoryTalk View Studio window, right-click the HMI server name and
choose Properties.
The HMI server properties dialog box appears.
2. On the Redundancy tab, click 'Replicate Primary to Secondary'.
A replication warning appears.
3. Click Yes.
A progress bar shows the status of the copy process.
After the copy process is complete, the Secondary HMI Server
automatically reboots.
202
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
Enable Data Server Redundancy
Set Up Data Redundancy
Complete the following steps:
1. Open your project (PlantPAx in the example). See step 1 on page 199
through step 3 on page 199 for more information.
2. In FactoryTalk View Studio, right-click the Data server name and choose
RSLinx® Enterprise Server.
3. In the Explorer, right-click PlantPAx>Area>Data>PlantPAx_DAT and
choose Properties.
The RSLinx Enterprise Server Properties dialog box appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
203
Chapter 8
Configure the Process Automation System Server (PASS)
4. In the Redundancy tab, check ‘Provide redundancy using a secondary
server’ box.
5. Click Browse and select the secondary server.
6. Click 'Switch over to primary server when it becomes available again'.
7. Click OK.
8. If necessary, expand the primary Data server (PlantPAx_DAT in the
example).
9. Double-click Communication Setup.
204
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
The Communication Setup window appears.
10. Click the shortcut (LGXC01 in the example).
11. Click the Primary tab and verify the presence of the server
(1756-L75, LGXC01 in the example.
Configure the Secondary
This section describes how to configure the secondary.
Complete the following steps:
1. Click the Secondary tab.
2. Navigate to and click the same controller as the primary controller.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
205
Chapter 8
Configure the Process Automation System Server (PASS)
3. Click OK.
4. Review the summary of changes and click Yes to apply.
Click No to discard your changes and return to the Communication
Setup window.
5. Right-click the primary Data server name (PlantPAx_DAT in the
example) in the Explorer tree and choose Server Status.
The Server Status dialog box appears.
6. Click OK.
Enable Alarm and Event Redundancy
1. In FactoryTalk View Studio, right-click
PlantPAx>Area>Alarm>PlantPAx_AE and choose Properties.
The Tag Alarm and Event Server Properties dialog box appears.
206
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
2. On the Redundancy tab, check ‘Provide redundancy using a
secondary server.
3. From the pull-down menu, select the Secondary server.
4. On the Priorities and History tab, verify the severity ranges and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
207
Chapter 8
Configure the Process Automation System Server (PASS)
Create Alarm and Event
Database
Use an Engineering Workstation
with these procedures
You must create a database to enable Alarm and Event history.
Complete the following steps:
1. In FactoryTalk View Studio Explorer, right-click
System>Connections>Databases and choose New Database.
EWS01
The Alarm and Event Historian Database Properties dialog box appears.
2. Configure the new database.
a. Type a definition name.
b. Click the type of SQL Server you want to use.
c. Type the Computer name or click Browse (ellipsis ‘…’) to navigate to
the computer name.
208
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
d. Type a Database user name.
e. Type the Database password.
f. Type the Database name or click Browse (ellipsis ‘…’) to navigate to the
database name.
3. Click OK.
4. Type the user name ('sa' for the dedicated database).
5. Type the password and click OK.
A pop-up window appears and asks if you want to create the database.
6. Click Yes.
The SQL Server Log On dialog box appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
209
Chapter 8
Configure the Process Automation System Server (PASS)
7. Right-click the Alarm and Event server.
The Server Properties dialog box appears.
8. On the Priorities and History tab, check 'Enable history'.
9. From the pull-down menu, select the database definition.
10. Accept the default Cache file path.
11. From the pull-down menu, select the Log Language.
12. Click OK.
210
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Define HMI Security
Chapter 8
This section describes how to configure security for the FactoryTalk View
Site Edition (SE)
Use an Engineering Workstation
with these procedures.
Configure FactoryTalk SE Security
EWS01
Runtime security must be set up to provide each account or user group with the
correct FactoryTalk View security codes. The security codes verify that operators,
maintenance personnel, and engineers have permission to run secured
commands, open secured graphic displays, or write to secured tags at runtime.
IMPORTANT
See Rockwell Automation Library of Process Objects, publication
PROCES-RM002, for a list of security codes and descriptions.
Complete the following steps:
1. Click the Programs symbol and choose Rockwell
Software>Studio 5000.
The Studio 5000 splash screen appears.
2. In the Studio 5000 splash page, select a recent project (PlantPAx in
the example).
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
211
Chapter 8
Configure the Process Automation System Server (PASS)
3. In the Project Explorer, right-click PlantPAx>Projects>PlantPAx and
choose Open Project in Designer.
4. In the FactoryTalk View Studio window, double-click PlantPAx>Runtime
Security.
The Runtime Security panel appears on the right side of the window.
5. Click Security Accounts
.
The Security Settings dialog box appears.
212
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
6. Click Add.
The Select User and Computer dialog box appears.
7. Click a PlantPAx group and click OK.
The group name appears in the top half of the Security Settings dialog box.
8. Repeat step 6 and step 7 until all PlantPAx groups are selected.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
213
Chapter 8
Configure the Process Automation System Server (PASS)
9. Select 'All Users' and click Remove.
You can assign security to each PlantPAx group based on letters (A…P).
10. Select a group from the Users list.
The default is that all FactoryTalk View Security Codes are checked Allow.
11. Click the Deny checkbox beside the FactoryTalk View Security Codes that
you do not want to allow permission for the selected account.
12. Click OK.
13. Repeat step10 through step 12 for each user or group account that you
want to set up with runtime security.
214
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
The PlantPAx groups that you set up with runtime security appear in the
Account section of the Runtime Security dialog box.
14. Click Save.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
215
Chapter 8
Configure the Process Automation System Server (PASS)
Configure PanelView Plus
Use an Engineering Workstation
with these procedures
This section describes how to configure the HMI Machine Edition software for
use with PanelView™ applications.
Create a FactoryTalk View ME Project
In this section, you create a FactoryTalk View ME project.
Complete the following steps:
EWS01
1. Click the Programs symbol and choose Rockwell
Software>Studio 5000.
The Studio 5000 splash screen appears.
2. In the Studio 5000 splash page, select a recent project (PlantPAx in
the example).
216
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
3. Drag the desired PanelView object (2711P-K15C4A9 in the example)
from the Library Management panel and drop it in the Process Area panel.
The new graphic dialog box for the PanelView object you selected (1500
PanelView Plus 6 in the example) appears.
4. Type the name of the PanelView graphic (PVS001 in the example).
5. Type the IP address of the PanelView object and click OK.
The new project dialog box for the PanelView object you selected appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
217
Chapter 8
Configure the Process Automation System Server (PASS)
6. Type the name of the PanelView project (PVS001 in the example) and
click OK.
7. Connect any port on the switch to the PanelView.
Connection
218
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
8. Drag the communications module from the chassis (LGXC02 in the
example) and drop it on the PanelView.
The Configure Module dialog box appears.
9. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
219
Chapter 8
Configure the Process Automation System Server (PASS)
10. Drag the controller module from the chassis (LGXC02 in the example)
and drop it on the PanelView module.
The Add New or Modify Existing Shortcut dialog box appears.
11. Click OK.
220
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
12. In the Project Explorer panel, right-click the project name (PVS001 in the
example) and choose Commit Project.
The Commit Summary dialog box appears.
13. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
221
Chapter 8
Configure the Process Automation System Server (PASS)
14. Click Close to close the Committing Projects dialog box.
15. In the Project Explorer panel, right-click the project name (PVS001 in the
example) and choose Open Project in Designer.
The FactoryTalk View Studio window appears.
TIP
222
Do not close this window as it is used in later procedures.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
Configure FactoryTalk View ME Security
1. If the FactoryTalk View Studio window is not already open, do the
following:
a. Click the Programs symbol and choose
Rockwell Software>Studio 5000.
b. In the Studio 5000 splash page, select the PanelView project.
c. In the Project Explorer, right-click on the PanelView project and
choose Open Project in Designer.
2. In the Explorer panel of the FactoryTalk View Studio window,
double-click PVS001>PVS001>PVS001>System>Runtime Security.
The Runtime Security window appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
223
Chapter 8
Configure the Process Automation System Server (PASS)
3. Click Add to insert local users groups.
4. Choose Create New>User group in the Select User or Group window to
create PlantPAx user groups.
The New User Group dialog box appears.
5. Type the user group name and click OK.
6. Repeat step 4 and step 5 for all desired PlantPAx user groups.
224
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
7. Click ‘Show users only’ and then click Create New>User to create a user.
8. In the General tab of the New User dialog box, type the PanelView user
name followed by a password.
9. Type OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
225
Chapter 8
Configure the Process Automation System Server (PASS)
10. In the Group Membership tab, click Add.
IMPORTANT
It is important to note that the selected group is being added to the user; the
user is not being added to the group.
11. Select a PlantPAx group and click OK.
12. Repeat step 8 through step 11 for all desired users.
13. Click Add to insert all PlantPAx user groups.
226
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
14. In the Select User or Group dialog window, select a User Group and
click OK.
The group name appears in the Account list.
15. Repeat step 13 and step 14 for all desired groups.
We recommend that you remove the default security codes if you are using
the Process Library objects. For more information, see the Rockwell
Automation Library of Process Objects Reference Manual,
publication PROCES-RM002.
16. For each of the user groups, click a user group in the account section and
type ‘Y’ (yes) or ‘N’ (no) for the respective security codes.
17. Click Close when all security codes are assigned to the groups.
18. When asked, confirm that you want to save Runtime Security.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
227
Chapter 8
Configure the Process Automation System Server (PASS)
Configure Time Synchronization for PanelView Terminals
PanelView terminals are used for applications that monitor, control, and display
information graphically. The terminals provide operators a quick and efficient
status of their application.
Complete the following steps for the controller project:
1. If Logix Designer is not already open, do the following:
a. Click the Programs symbol and choose
Rockwell Software>Studio 5000.
b. In the Studio 5000 splash page, select the controller project.
c. In the Project Explorer, right-click on the controller project and choose
Open Project in Designer.
2. When not using the 1756HP -TIME module, create a Get System Value
(GSV) instruction to capture the controller clock, according to the
example that follows.
• Class Name – WallClockTime
• Attribute Name – LocalDateTime
• Dest – Create a DINT array [7] (LocalDateTime[0]…[6])
TIP
We recommended that this GSV instruction be triggered every minute
(60 seconds).
Complete the following steps for the PanelView project:
1. If FactoryTalk View Studio is not already open, do the following:
a. Click the Programs symbol and choose
Rockwell Software>Studio 5000.
b. In the Studio 5000 splash page, select the PanelView project.
c. In the Project Explorer, right-click on the PanelView project and
choose Open Project in Designer.
228
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
2. In the FactoryTalk View Studio window, double-click
PVS001>PVS001>PVS001>System>Global Connections.
The Global Connections panel appears in right side of the window.
The following steps create Remote Time references.
3. For the first remote connection, click the Browse button (ellipsis ‘…’).
4. Find the proper tag and click Open.
The tag appears in the Tag expression column.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
229
Chapter 8
Configure the Process Automation System Server (PASS)
5. Repeat step step 3 on page 229 and step 4 on page 229 for the rest of the
remote connections.
When using the 1756HP -TIME module, information is available at
230
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
Download the Application
This procedure downloads the runtime application file from the workstation to
the PanelView.
Complete the following steps:
1. If the FactoryTalk View Studio window is not already open, do the
following:
a. Click the Programs symbol and choose
Rockwell Software>Studio 5000.
b. In the Studio 5000 splash page, select the PanelView project.
c. In the Project Explorer, right-click on the PanelView project and
choose Open Project in Designer.
2. Choose Create Runtime Application from the Application menu.
The Create Runtime Application dialog box appears.
3. Click Save to accept the default file name.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
231
Chapter 8
Configure the Process Automation System Server (PASS)
4. In the FactoryTalk View Studio ME window, click the Transfer Utility
icon.
The Transfer Utility window appears.
5. Verify the Source file default path and select the destination
PanelView terminal.
6. The first time that you download this file, click Replace Communications.
7. Click Download.
232
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure the Process Automation System Server (PASS)
Chapter 8
8. When the download is complete, a dialog box notifies you that the
download completed successfully.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
233
Chapter 8
Configure the Process Automation System Server (PASS)
Notes:
234
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Chapter
9
Configure an Application Server Information
Server (AppServ-Info)
IMPORTANT
Before starting this chapter, make sure that the FactoryTalk® Historian
template has been deployed and configured.
This chapter describes procedures for configuring the Information Management
application server (AppServ-Info) with the FactoryTalk® View Historian Site
Edition (SE) software and the FactoryTalk® VantagePoint® server.
The Historian SE tool lets you collect, manage, and analyze real-time data from
the PlantPAx® system.
IMPORTANT
We do not recommend installing data management (Historian) and decision
reporting (VantagePoint) software on the same AppServ-Info server for
small-scale applications. Use separate servers to maximize performance.
The VantagePoint software tool helps make informed business decisions with the
plant floor data used as a gauge of the manufacturing process.
You can use the VantagePoint software with mobile devices, tablets, and phones
to generate reports via importing historical data tags. The software connectivity
with FactoryTalk Historian helps to reduce operational costs, optimize
production capabilities, and monitor resources.
Considerations
Consider the following suggestions before starting this chapter:
FactoryTalk Historian
• When you plan your FactoryTalk Live Data location, be sure to enable
buffering and high availability with failover capability.
• Consider a collective if you want high availability with redundant
Historian servers.
FactoryTalk VantagePoint
Although the procedures in this chapter only expose historical data, you must
decide the type of report variables that are required to generate your
manufacturing intelligence.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
235
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Figure 18 shows the topics that are described in this chapter. Click or see the page
number for quick access to a section.
Figure 18 - AppServ-Info (Historian) Workflow
Start
No
High
Availability?
Yes
Configure FactoryTalk Server Collective
See page 237
Configure a FactoryTalk Historian SE Server
See page 254
Configure a Node Interface
•
•
•
•
•
Create a Firewall Rule for Primary Historian Server
Create a Firewall Rule for Secondary Historian Servers
Change the Historian Identification
Set Security Settings
Create a Server Collective
• Create a Historian Server
• Delete the Default Node Interface
• Create a Synchronization Path
• Configure Primary Node Interface Server
• Configure Secondary Node Interface Server
See page 262
Configure FactoryTalk Live Data Connectors
See page 268
• Configure a FactoryTalk Live Data Primary Connector
• Configure a FactoryTalk Live Data Secondary Connector
• Confirm Unit Failover Diagnostics
Configure FactoryTalk Historian Connectivity
See page 280
Configure a Microsoft Excel Add-in
See page 282
FactoryTalk VantagePoint Historian Tags
See page 287
Chapter 10
236
Configure Asset Management (AppServ-Asset)
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Configure FactoryTalk Server
Collective
Use the Historian servers
with these procedures.
ASIH01A
ASIH01B
Chapter 9
A server collective consists of two FactoryTalk Historian SE servers (primary and
secondary) that have the same configuration database. The collective provides the
same association between the key values in the FactoryTalk Historian SE tables
on all servers. The collective also helps ensure that the archive data files have the
same structure on all servers.
Keep the following in mind regarding server collectives:
• When creating a server collective, you must always us fully qualified host
names, not IP addresses. Therefore, the name resolution functionality
must work on the network.
• If you make one or more FactoryTalk Historian SE servers members of a
collective, you must restart them after the server collective is created.
Otherwise, FactoryTalk Administration Console does not recognize any of
the third-party tag licenses you have on your servers.
• To create a server collective on computers that have the Windows Firewall
turned on, you must manually open the TCP 445 port between the two
computers. See the Microsoft documentation for more information.
• The Windows user that configures server collectives must be a domain
user and must be mapped to the piadmin user.
• The same 'Windows user to piadmin user mapping' must be performed on
both the primary and secondary server in the collective.
• Activate your server collective in the FactoryTalk Administration Console.
Create a Firewall Rule for Primary Historian Server
This section describes how to create an inbound rule for your Windows firewall
on the primary Historian server (ASIH01A)
Complete the following steps.
1. In the bottom left corner of the Windows Desktop, click the Windows
icon.
2. Click Control Panel and choose Windows Firewall.
The Windows Firewall Window appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
237
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
3. Click Advanced Settings.
The Windows Firewall with Advanced Security window appears.
4. Right-click Inbound Rules and choose New Rule.
The New Inbound Rule Wizard - Rule Type window appears.
238
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
5. Click Port and then click Next.
The New Inbound Rule Wizard - Protocol and Ports window appears.
6. Click Specific local ports, enter '445' in the text box, and then click Next.
The New Inbound Rule Wizard - Action window appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
239
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
7. Click Next on each of the successive dialog boxes to do the following:
• Allow the connection
• Apply the rule to the Domain, Private, and Public
The New Inbound Rule Wizard - Name appears.
8. Type a name for this rule (Collective Connection in the example) and
click Finish.
You are now finished creating an inbound rule for your firewall.
Create a Firewall Rule for Secondary Historian Servers
This section describes how to create an inbound rule for your Windows firewall
on all secondary Historian servers.
Repeat step 1 on page 237 through step 8 on page 240 for all other
Historian servers.
240
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Use a Historian server
with these procedures.
Change the Historian Identification
IMPORTANT
ASIH01A or ASIH01B
Chapter 9
Perform this section only if you are running VMware Template or if you have
cloned a FactoryTalk Historian server.
Otherwise, continue to Set Security Settings on page 243
In this section, you create a ServerID for one of the FactoryTalk Historian servers.
Complete the following steps.
1. In Windows desktop, click File Explorer and navigate to
c:\Program Files\Rockwell Software\FactoryTalk Historian\Server\adm.
2. Type 'cmd' and press Enter.
The Command window appears and is in the c:\Program Files\Rockwell
Software\FactoryTalk Historian\Server\adm directory.
IMPORTANT
Make sure that you press 'Enter' after typing each command in the
following table.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
241
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
See Figure 19 on page 242 for reference as you type the commands in the
following table:
Command
piconfig
table piserver
mode edit
istr name, serverID
<hostname>, <new serverID>
@exit
Figure 19 - Command Window
If you have connected before, the next time you access this FactoryTalk Historian
server, you see the following window.
3. Click 'Accept the new ID' and click OK.
242
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Use the Historian servers
with these procedures.
Chapter 9
Set Security Settings
In this section, the security settings for the primary and secondary FactoryTalk
Historian servers are set.
Security Settings for the Primary Historian Server
ASIH01A
ASIH01B
Set the security settings for the primary FactoryTalk Historian servers.
Complete the following steps.
1. Click the Programs symbol and choose Rockwell
Software®>FactoryTalk Historian SE>System Management Tools.
The 'Security Settings - PI System Management Tools (Administrator)'
window appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
243
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
2. Under Collectives and Servers, check the server that you want to set the
security settings for.
3. Under System Management Tools, choose Security>Security Settings.
The Security Settings slider appears on the right side of the window.
4. Set the slider to its lowest point and click Save.
5. In the Windows desktop, click the Programs
Administrative Tools>Services.
244
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
symbol and choose
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
6. Right-click PI Base Subsystem and choose Restart.
The PI Base Subsystem service restarts. When the status is 'running',
continue with the next step.
7. Close the Services and Administrative Tools windows.
Security Settings for the Secondary Historian Server
In this section, the security settings for the secondary FactoryTalk Historian
server are set.
Repeat step 1 on page 243 through step 7 on page 245 for the secondary
Historian server.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
245
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Connect Primary Historian Server to Secondary Historian Server
Use the Historian server
with these procedures.
In this section, you make a connection from the primary Historian server
(ASIH01A) to the secondary Historian server (ASIH01B).
Complete the following steps:
1. Right-click in the Collectives and Servers section and
choose Connections.
ASIH01A
The PI Connection manager window appears.
2. Right-click on the server and choose Add Server.
The Add Server dialog box appears.
3. Type the server name (ASIH01B in the example) in the Network Node
text box according to the following:
When you configure server ASIH01A, type ASIH01B.
4. Accept the rest of the default entries and click OK.
246
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
5. In the PI Connection Manager window, right-click on an unneeded server
and choose Remove Selected Server.
Repeat this step for all unnecessary servers.
6. Once you have deleted all unnecessary servers, the PI Connection
Manager window looks similar to the following figure.
7. Click Close to close the PI Connection Manager window.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
247
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
8. In the 'Security Settings - PI System Management Tools (Administrator)'
window, make sure both FactoryTalk Historian servers (ASIH01A and
ASIH01B in the example) are checked. The window appears similar to the
following figure.
Use the Historian server
with these procedures.
Connect Secondary Historian Server to Primary Historian Server
In this section, you make a connection from the secondary Historian server
(ASIH01B) to the primary Historian server (ASIH01A).
Repeat step 1 on page 246 through step 8 on page 248 on the secondary
server (ASIH01B).
ASIH01B
IMPORTANT
248
When repeating step 3 on page 246, type ASIH01A
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Use the Historian servers
with these procedures.
Chapter 9
Create a Server Collective
In this section you create a FactoryTalk Historian collective (ASIH01) that
includes FactoryTalk Historian servers ASIH01A and ASIH01B.
Create Collective and Add Historian Servers
ASIH01A
Complete the following steps.
1. In the Windows desktop, click the Programs symbol and choose
Rockwell Software>FactoryTalk Historian SE>FactoryTalk Historian SE
System>Collective Manager.
The PI Collective Manager (Administrator) window appears.
2. Click File and choose Create New Collective.
The Create New Collective dialog box appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
249
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
3. Check both boxes and click Next.
The Existing or New Primary dialog box appears.
4. Check 'A newly installed PI server' and click Next.
The Select Primary and Collective Name dialog box appears.
5. Select the primary FactoryTalk Historian server from the pull-down list.
If the server name does not appear in the pull-down list, click the ellipses
and select the server from the Connection Manager dialog box.
6. (Optional) Type a description for the collective primary.
7. Type a unique name for the new collective.
8. (Optional) Type a description for the collective and click Next.
The Select Secondary Servers dialog box appears.
250
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
9. Select the secondary FactoryTalk Historian server from the pull-down list.
If the server name does not appear in the pull-down list, click the ellipses
and select the server from the Connection Manager dialog box.
10. (Optional) Type a description for the collective secondary.
11. Click Add.
The server is added to the server list.
12. (Optional) Add additional secondary servers by repeating step 9 through
step 11 with a different server.
13. When you are finished adding secondary servers, click Next.
The Select Archives dialog box appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
251
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Complete New Collective process
Now that the Historian servers have been added to the new collective, we can
complete the process.
Complete the following steps:
1. Click Next on each of the successive dialog boxes to do the following:
• Accept the default number of archives to be copies
• Accept the default location for the temporary backup
The Verify Selections dialog box appears.
2. Verify the information on this screen and click Next.
The Conversion Process dialog box appears.
The Conversion Process page displays the status and individual steps of the
conversion process.
3. When the process is complete, click Next.
252
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
The Server ID Mismatch window appears.
4. Click 'Accept the new ID' and click OK.
The Finished page appears.
5. Click Finish to complete the Create New Collective process.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
253
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Configure a FactoryTalk
Historian SE Server
This section describes how to create a FactoryTalk Historian SE server.
Create a Historian Server
IMPORTANT
Use the Historian server
with these procedures.
Make sure that you have completed step 1 on page 243 through
step 7 on page 245.
This section describes how to configure, test, and name a Historian
server connection.
1. Click Start and choose Rockwell Software>FactoryTalk Administration
Console.
ASIH01 or ASIH01A (If
working with a collective)
The Select FactoryTalk Directory dialog box appears.
2. Click Network and then click OK.
The FactoryTalk Administration Console dialog box appears.
254
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
3. In the FactoryTalk Administration Console, right-click
Network>System>Connections>Historical Data and choose New
Historian Server Connection.
The 'New Historian Server Connection' dialog box appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
255
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
4. Type the server name.
5. From the pull-down, select the Server or Collective Name.
6. Click 'Test Server Connection'.
If the connection is good, a green check mark appears along with the text
'Server Found'.
If the connection is not good, a yellow triangle appear along with the text
'No server found'.
TIP
If the connection to the server is not good:
• Make sure that the correct Historian Server is called out.
• Make sure that the Historian server is installed correctly.
7. Click Finish.
IMPORTANT
256
This step also creates an instance of the FactoryTalk Live Data (FTLD)
interface on the host.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
8. In the FactoryTalk Administration Console, right-click
Network>PlantPAx®>Connections>Historical Data>'<Production
Historian>'> and choose Properties.
The '<Historian> - Historian Server Connection Properties' dialog
box appears.
9. Click the Licensing tab.
10. Type '1' in the Assigned column and click Apply.
The 'Historian Server Connection Properties' dialog box now shows both
the Primary and Secondary servers.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
257
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
11. Click OK to close the 'Historian Server Connection Properties'
dialog box.
Delete the Default Node Interface
Use the Historian server
with these procedures.
Node interface FTLD1 is automatically created when the Historian server is
created. This interface must be deleted and two new interfaces created on the
proper servers.
1. In the FactoryTalk Administrative Console, right-click on FTLD1 and
choose Delete.
ASIH01 (no collective)
ASIH01A (with collective)
2. To create an interface to collect data, right-click the Historian server and
choose 'New Data Collection Interface'.
The Data Collection Interface Properties dialog box appears.
258
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
3. On the General tab, select the computer hosting the interface (PASS02A
in the example) from the pull-down list and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
259
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Create a Synchronization Path
A common folder is used for files that are used for handshaking and redundancy.
Use a PASS server with
these procedures.
IMPORTANT
We recommend that you use a server that is not running LiveData.
Complete the following steps.
1. In File Explorer, right-click 'Local Disk (C:)' and choose New>Folder.
PASS01
2. Name the new folder 'FTHSE_Failover'.
3. Right-click the new folder and choose Share with>Specific people.
The File Sharing dialog box appears.
260
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
4. Select 'Everyone' from the pull-down list and click Add.
5. Right-click Everyone and choose Read/Write.
Everyone now has Read/Write access to the new folder.
6. Click Share.
Proceed to page 262 to configure the Node Interface.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
261
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Configure a Node Interface
Use a PASS server
with these procedures.
This section describes how to configure FactoryTalk Live Data (FTLD)
connectors. The FTLD interface is a FactoryTalk Live Data client that enables
process data to be passed between a FactoryTalk Live Data server (for example,
RSLinx® Enterprise) and a FactoryTalk Historian server. Each instance of the
FTLD Interface can provide data to a single FactoryTalk Historian SE server
or collective.
Configure Primary Node Interface Server
PASS02A
In this section, you connect to the PASS02A servers and configure buffering for
the server.
Configure Server Connection
Complete the following steps:
1. Click the Programs symbol and choose Rockwell
Software>FactoryTalk Historian SE>FactoryTalk Historian SE
System>AboutPI-SDK.
The PI SDK Utility window appears.
262
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
2. Right-click on PI SDK>Connections and choose Add Server.
The Add PI Server dialog box appears.
3. Type the Network Path (If you are using a collective, type the primary
machine name) and click OK.
4. Click the box next to the new server (ASIH01 in the example).
If the connection is successful, the connection information appears in the
same window.
5. Click Save.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
263
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
6. If there are servers listed that are not required, right-click the server name
and choose 'Remove selected server'.
7. When asked if you want to delete the server, click Yes.
8. Close the PI SDK Utility window.
Configuring the Interface
Complete the following steps to configure buffering for the server you
just connected:
1. Click the Programs symbol and choose Rockwell
Software>FactoryTalk Historian SE>Interface Configuration Utility.
The PI Interface Configuration Utility window appears.
264
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
2. From the Tools menu, choose Buffering.
The Buffering dialog box appears.
3. Click 'Enable buffering with PI Buffer Subsystem' and click OK.
4. Click 'Enable buffering with PI Buffer Subsystem' and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
265
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
The following messages appear to create PIBufss dependency and select
the buffered server.
5. Click Yes and OK to confirm the PIBufss dependency.
6. In the Tools area, make sure that Buffered Server is selected.
7. From the pull-down list, choose your server (ASIH01 in the example).
8. Click OK.
9. When you are warned about restarting the PI Buffer Subsystem service,
click OK.
266
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
10. In the PI Interface Configuration Utility window, choose Options from
the Tools menu.
The Options dialog box appears.
11. Check 'Load interfaces from a selected list of PI servers'.
12. Make sure that the server is checked.
13. Click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
267
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Configure Secondary Node Interface Server
Use a PASS server
with these procedures.
In this section, you connect to the PASS02A servers and configure buffering for
the server.
Configure Server Connection
Repeat step 1 on page 262 through step 8 on page 264 for the PASS02B server.
PASS02B
Configure the Interface
Repeat step 1 on page 264 through step 13 on page 267 for the PASS02B server
Configure FactoryTalk Live
Data Connectors
Use PASS servers
with these procedures.
PASS02A
PASS02B
UniInt (Universal Interface) provides generic functions required by most
interfaces, such as establishing a connection to the Historian Server node and
monitoring the Historian Point Database for changes.
To minimize data loss during a single point of failure within a system, UniInt
provides two failover schemas: (1) synchronization through the data source
(Phase 1) and (2) synchronization through a shared file (Phase 2).
Phase 1 UniInt Failover uses the data source itself to synchronize failover
operations and provides a hot failover, no data loss solution when a single point of
failure occurs.
Phase 2 UniInt Failover uses a shared file to synchronize failover operations and
provides for hot, warm, or cold failover. The Phase 2 hot failover configuration
provides a no data loss solution for a single point of failure similar to Phase 1.
IMPORTANT
In this section, only Phase 2 UniInt Failover is addressed.
The UniInt failover scheme requires the data source be able to communicate and
service data to two interfaces simultaneously. Additionally, the failover
configuration requires that the interface supports outputs. A redundant solution
requires two separate interface nodes communicating with the data source.
In a hot failover configuration, the interface copy that is in a backup role
collects and queues data in parallel to the interface that is in the primary role.
The interface in the backup role does not send the data that is collected to the
Historian server. However, if a failover occurs, the interface immediately sends its
data to the Historian server.
268
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
Configure a FactoryTalk Live Data Primary Connector
Use a PASS Server with
these procedures.
The FactoryTalk Live Data 1 (FTLDInt1) is in the primary server (PASS02A in
the example).
Complete the following steps.
PASS02A
1. Click the Programs symbol and choose Rockwell
Software>FactoryTalk Historian SE>Interface Configuration Utility.
2. In the PI Interface Configuration Utility window, choose
'FTLDint1 (FTLDInt1)->ASIH01' from the Interface pull-down list.
3. If the Interface ID is not already ‘1’, change it to ‘1’.
4. Select Failover from the list on the left.
5. Check Enable UniInt Failover.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
269
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
6. Click 'Phase 2'.
7. From the UFO Type pull-down list, choose HOT.
8. Click Browse to search for the Synchronization File path for the secondary
instance.
The 'Select UFO synchronization file' dialog box appears.
9. Navigate to the Network>pass01>FTHSE_Failover directory and click
Open.
270
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
The 'Select UFO synchronization file' dialog box closes.
10. Right-click in the tag area and choose 'Create UFO_State Digital Set on
Server ASIH01'.
11. When you receive the Successfully created Digital Set 'UFO_State' on
server ASIH01 message, click OK.
12. Right-click in the tag area and choose 'Create all points (UFO Phase 2').
13. When the status for FTLDInt1_UFO2_ActionID tags change to
'Created', click Apply.
14. When you receive the 'UniInt Failover configuration will not be complete
until the 'Other' interface is selected' message, click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
271
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Configure a FactoryTalk Live Data Secondary Connector
Use a PASS server with
these procedures.
In this section you configure FactoryTalk Live Data Secondary connector.
Complete the following steps.
1. In the PI Interface Configuration Utility window, click the folder symbol
(Create a New Interface instance from a .BAT file).
PASS02B
The Open Interface Configuration File dialog box appears.
2. Select LDInterface and click Open.
272
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
3. Select the 'FTLDInt_FTLD.bat.bak' file and click Open.
The Select Host PI Server dialog box appears.
4. Select the Host PI Server (ASIH01) from the pull-down list and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
273
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
5. Select Service from the list on the left of the PI Interface Configuration
Utility - FTLDInt1 window.
6. Type 'FTLD1' for the Display name and click Create.
7. Make sure that General is selected.
8. If the Interface ID is not already '1', change it to '1'.
9. Select Failover from the list on the left.
10. Check 'Enable UniInt Failover'.
274
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
11. Check 'Phase 2'.
12. From the UFO Type pull-down list, choose HOT.
13. Click Browse to search for the UFO synchronization File Path.
14. Navigate to the Network>pass01>FTHSE_Failover directory and click
Open.
The Select UFO synchronization file dialog box closes.
15. Set the Failover IDs as shown in the following image.
16. Click Browse to search for the secondary instance.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
275
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
17. Select FTLDInt1 (under PASS02A in the example) and click OK.
18. In the PI Interface Configuration Utility window, click Apply.
19. In the PI Interface Configuration Utility window, click Browse.
Use a PASS server with
these procedures.
PASS02A
The Browse for other FTLDInt IniInt Failover Interface dialog
box appears.
20. Select the 'FTLDInt1 (PS=FTLD) (ID=1) (Phase=2)' line under
PASS02B and click OK.
276
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
21. In the PI Interface Configuration Utility window, click Apply and then
Play to start the primary service.
22. When asked 'Would you like ICU to start this service for you?', click Yes.
Use a PASS server with
these procedures.
23. Select the Interface that is shown in the following image and click Play
to start the secondary service.
PASS02B
24. When asked 'Would you like ICU to start this service for you?', click Yes.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
277
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Use an AppServ-Info server
with these procedures.
Confirm Unit Failover Diagnostics
1. In the Windows desktop, click the Programs symbol and choose
Rockwell Software>FactoryTalk Historian SE>System
Management Tools.
ASIH01A
The PI System Management Tools (Administrator) window appears.
2. Click Data>Current Values.
3. Click the Tag Search
icon.
The Tag Search window appears.
278
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
4. Type 'FTLD' inside the asterisks of the Tag Mask and click Search.
All 'FTLD' tags are displayed.
5. Click Select All and OK.
The Tag Search window closes and all 'FTLD' tags are displayed in the
Current Values - PI System Management Tools (Administrator) window
along with their values.
6. If desired, click Play
to see the online status.
Proceed to page 280 to configure the FactoryTalk Historian connectivity.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
279
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Configure FactoryTalk
Historian Connectivity
This section describes how to connect the system elements with the
Historian server.
Complete the following steps.
Use all workstations
with these procedures.
1. On the Windows desktop, click the Programs symbol and choose
Rockwell Software>FactoryTalk Historian SE>FactoryTalk Historian SE
System>AboutPI-SDK.
EWS01 and OWS01
The PI SDK Utility window appears.
2. Click the ‘+’ to expand the PI SDK folder, right-click Connections and
choose Add Server.
The Add PI Server dialog box appears.
3. Type the Network Path and click OK.
280
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
4. Click the box next to the new server.
If the connection is successful, the connection information appears in the
same window.
5. Click Save.
6. If there are other servers listed that are not required, right-click on the
server name and choose 'Remove selected server'.
7. When asked if you want to delete the server, click Yes.
8. Close the PI SDK Utility window.
Proceed to page 282 to configure the FactoryTalk Historian Microsoft
Excel Add-in.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
281
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
Configure a Microsoft Excel
Add-in
Use an Engineering Workstation
with these procedures.
The Engineering Workstation can be used to connect the FactoryTalk Historian
SE server to Microsoft Excel software. By integrating this link, you can generate
Excel spreadsheet reports based on the data in FactoryTalk Historian SE.
IMPORTANT
Microsoft Excel must be installed for these procedures.
This section uses Microsoft Excel 2010. Your version could be different.
Complete these steps.
EWS01
1. Open your version of Microsoft Excel.
2. In Excel, choose File>Options.
The Excel Options dialog box appears.
3. In the Excel Options dialog box, choose Add-ins.
282
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
The Add-ins panel appears.
4. Make sure 'Excel Add-ins' is selected in the Manage pull-down list and
click Go.
An Add-ins dialog box appears with a list of available add-ins.
5. Click Browse.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
283
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
6. Navigate to c:\Program Files (x86)\Rockwell Software\FactoryTalk
Historian\PIPC\SMT, choose 'PITagCnf ', and click OK.
After adding the add-ins, 'PI Tag Configurator' appears in the Add-ins
dialog box.
7. Click OK.
284
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
8. Choose Add-ins>PI-SMT>Import Tags.
The Import PI Tags dialog box appears.
9. Make sure that the server is chosen in 'Import from'.
10. Leave the rest of the options as shown and click OK.
The Import PI Tags dialog box closes and the tags and parameters appear
in the excel workspace. The PI Tag Configurator dialog box also appears.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
285
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
11. In the PI Tab Configurator dialog box, click OK.
12. Click File and choose File>PI-SMT>Settings.
13. Check 'Allow tag deletion'; click OK.
14. Click OK.
286
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Configure FactoryTalk
VantagePoint Historian Tags
Use the Reporting Application
server with these procedures.
Chapter 9
This section shows how to import FactoryTalk Historian data tags. Data from
multiple Historian SE servers can be brought together into a single decision
support system by using VantagePoint as the information reporting software.
IMPORTANT
Before proceeding with this section, make sure that FactoryTalk Historian is
installed and configured.
Complete the following steps.
ASIV01
1. On the Windows desktop, click the Programs symbol and choose
Rockwell Software>FactoryTalk VantagePoint>Manager.
The VantagePoint Manager window appears.
2. In the directory tree under Sources, right-click FactoryTalk and choose
New>Item.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
287
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
The New FactoryTalk Connector - Connector Information dialog
box appears.
3. Type the VantagePoint user password and click Next.
4. Click 'Yes, please' and Finish.
The FactoryTalk Import - Import Choices dialog box appears.
5. Click 'I would like to import FactoryTalk Historian tags', and then
click Next.
288
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure an Application Server Information Server (AppServ-Info)
Chapter 9
The Historian Import dialog box appears.
6. Check the Historian that you want to use and click Next.
7. If you are not using an ME connector, click Finish.
8. When the 'Import successfully completed' dialog box appears, click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
289
Chapter 9
Configure an Application Server Information Server (AppServ-Info)
9. To confirm the import, click
System>Sources>FactoryTalk>pass01>Historians><Production
Historian> and look for 'Tags', where:
– Server = pass01
– Your Historian = Production Historian in the example.
IMPORTANT
Adding new Historian points in the system requires a synchronization action.
10. To synchronize the Historian, right-click
System>Sources>FactoryTalk><server>>Historians> <your Historian>
and choose Synchronize.
Synchronizing lets you update the VantagePoint references.
You are finished configuring the FactoryTalk VantagePoint Historian tags
and synchronizing the Historian.
290
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Chapter
10
Configure Asset Management (AppServ-Asset)
The Asset Management server (AppServ-Asset) provides a centralized tool to
secure, manage, and track asset-related information. The pool of information
provides analysis of system resources, including source controls, audits, and
change notifications.
This section describes how to configure an audit log. The log monitors and
records user interactions with FactoryTalk® software products. For example, if
an operator changes a setpoint in a controller, the change is logged for
future reference.
FactoryTalk AssetCentre software includes Device Type Manager interfaces
and disaster recovery back-up files. For procedures on these tools, see Chapter 8
in the PlantPAx® System Application Configuration User Manual,
publication PROCES-UM003.
Considerations
Consider the following suggestions before starting this chapter:
• For more information on the PanelView™ audit log, refer to
Knowledgebase Answer ID 58977, Using FactoryTalk AssetCentre
to receive audits from a PanelView™ Plus,
at http://www.rockwellautomation.custhelp.com.
• We strongly recommend additional licensing for disaster recovery that
automatically backs up supported devices.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
291
Chapter 10 Configure Asset Management (AppServ-Asset)
Figure 20 shows the topics that are described in this chapter. Click or see the page
number for quick access to a section.
Figure 20 - AppServ-Asset Workflow
Start
Configure Diagnostic Settings
• View Audit Log
See page 293
End
292
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Asset Management (AppServ-Asset)
Configure Diagnostic
Settings
Use all servers and workstations
with these procedures.
Chapter 10
The Audit Log monitors FactoryTalk-enabled software products and logs user
actions. Complete these steps to configure the Audit Log so that it can be viewed
in FactoryTalk AssetCentre.
TIP
All servers and workstations must be configured by using FactoryTalk
Administration Console or FactoryTalk View Studio. The examples in this
section use the FactoryTalk Administration Console.
1. Click the Programs symbol and choose Rockwell
Software®>FactoryTalk Administration Console.
The Select FactoryTalk Directory dialog box appears.
2. Select Network and click OK.
The FactoryTalk Administration Console window appears.
3. Right-click Tools>FactoryTalk Diagnostics and choose Setup.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
293
Chapter 10 Configure Asset Management (AppServ-Asset)
The Diagnostics Configuration window appears.
4. In the Message Routing section, click FT View Diagnostics List.
5. In the 'Message categories' section, configure the desired level
of diagnostics.
TIP
Click Help for details on message categories.
6. Click Apply and then click OK.
The Diagnostics Configuration window closes.
View Audit Log
A log of activity lets you view the messages. Complete these steps.
1. Click the Programs symbol and choose Rockwell
Software>FactoryTalk AssetCentre Client>AssetCentre Client.
294
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Configure Asset Management (AppServ-Asset)
Chapter 10
2. Click Logs and then Audit Log.
3. Click ‘X’ to Close.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
295
Chapter 10 Configure Asset Management (AppServ-Asset)
Notes:
296
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Appendix
A
Access the Attachments
The Microsoft Excel and text files that are attached to this PDF file contain
security and switch information to customize application requirements. Each tab
in the Excel spreadsheet has specific ‘Allow’ and ‘Deny’ security permissions.
To use a Microsoft Excel or .txt file, click the Attachments link (the paper clip)
and double-click the desired file.
See How to Use Attachments on page 298.
Open Content
As a precaution when you open programs or files, select one of the choices
and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
297
Appendix A
Access the Attachments
How to Use Attachments
The Excel spreadsheet contains several tabs to access security permissions for
policy groups. Click a desired tab and use the suggested security along with the
procedures in Define the Security System Policy on page 139.
The eight text files contain switch configuration information. Double-click
the .txt file to open the respective file in a text editor, such as Notepad. Copy
and paste the switch configuration data into the CLI interface in the
PuTTy software.
See Create Routing and Enable HSRP on page 35 for procedures.
298
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Appendix
B
Define a Workgroup and DeskLock Utility
Use all system computers
with these procedures.
If you don’t use a domain, you must configure a workgroup to make sure that the
name resolution is correct for the network. Workgroups are supported for
systems with 10 or fewer workstations and servers.
This appendix also includes procedures for how to enable an optional
DeskLock Utility.
Complete the following steps.
1. In Windows Notepad, open the file
C:\Windows\System32\Drivers\Etc\host and enter the IP addresses and
machine names for the computers in the workgroup.
Use a tab between each IP address and machine name.
2. Copy the revised host file to all computers in the system.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
299
Appendix B
Define a Workgroup and DeskLock Utility
3. Configure each server network adapter with the correct IP address.
4. Use a ping command to test name resolution, for example, ping PASS01.
5. Click ‘X’ to close.
300
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Define a Workgroup and DeskLock Utility
Enable the Windows
DeskLock Utility (optional)
Use all workstations
with these procedures.
Appendix B
The FactoryTalk® View DeskLock utility, which is available for any workstation
computer, provides control options for smaller environments that do not use
domain management.
DeskLock is installed with FactoryTalk View software.
Complete these steps.
EWS, OWS
1. Click the Programs symbol and choose Rockwell Software®>FactoryTalk
View>Tools>DeskLock.
2.
3. Click Set Up DeskLock.
4. Login and click the Desktop tab.
5. Select ‘Replace existing desktop with DeskLock’ and click OK.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
301
Appendix B
Define a Workgroup and DeskLock Utility
6. In the popup window, type the name of the application option in the
Name text box.
For example, type ‘Client’ if FactoryTalk View Client is to be
an application.
You can enable up to 10 applications in the DeskLock.
7. Click the Password tab to configure local password management.
8. Click the Behavior tab to configure Hot Key settings and the
Ctrl+Alt+Del options.
302
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Define a Workgroup and DeskLock Utility
Appendix B
9. To open the DeskLock under the Local Computer Policy, click Microsoft
Management Console.
10. To enable DeskLock options and settings, restart your computer.
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
303
Appendix B
Define a Workgroup and DeskLock Utility
Notes:
304
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Appendix
C
Firewall Configurations
Table 15 shows the most common ports that need to be considered during the
firewall configuration.
Common Ports
Table 15 - Common Firewall Port Descriptions
Port
Type
Usage
25
TCP
SMTP mail
80
TCP
Standard WWW port
123
UDP
Network Time Protocol
135
TCP
Remote process calls
137
UDP
File and printer sharing
138
UDP
139
TCP
445
TCP
Use in the Collective configuration and file and print sharing
1433
TCP
Communication to SQL server
1434
UDP
Browsing for SQL server
21060
UDP
Rockwell Automation® trace diagnostics
21061
UDP
Table 16 shows the TCP/UDP ports for Rockwell Automation® firmware and
software products.
Rockwell Automation
TCP/UDP Ports
For periodic updates, see the Knowledgebase Answer ID 29402
at http://www.rockwellautomation.custhelp.com.
Table 16 - TCP/UDP Port Descriptions
Port
Type
Protocol
Products
Comments
23
TCP
Telnet
Trusted®
AADvance before release 1.3
Diagnostic command line interface
(see also 55555)
25
TCP
SMTP
1769-L35E, 1769-L32E,1756-ENBT,
1756-EN2T,1756-EWEB,1768-ENBT,
1768-EWEB,1788-ENBT,1763-L16x
1766-L32x,FactoryTalk® AssetCentre, FactoryTalk
Transaction Manager, RSSQL
Outbound email only
67…68
UDP
DHCP/BOOTP
1756-ENET,1756-ENBT,1756-EWEB,
1756-EN2T,1794-AENT,1734-AENT,
1769-L35E, 1769- L32E,1788-ENBT,
1761-NET-ENI,1785-LXXE,1785-ENET
,1791ES,1763-L16x,1766-L32x, PowerFlex®
Drives, PowerMonitor™ 3000, PanelView™
Client only
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
305
Appendix C
Firewall Configurations
Table 16 - TCP/UDP Port Descriptions
Port
Type
Protocol
Products
Comments
69
UDP
TFTP
5820-El
For binary download, used in conjunction
with BOOTP
80
TCP
HTTP
1756-ENET,1756-ENBT,1756-EWEB,
1794-AENT,1734-AENT,1769-L35E,
1769-L32E,1788-ENBT,1761-NET- ENI
1785-LXXE,1785-ENET,1747-L55x,
1763-L16x,1766-L32x, PowerFlex Drives,
PowerMonitor 3000, PanelView, RSBizWare™,
RSView®32, FactoryTalk View SE, FactoryTalk®
VantagePoint®, FactoryTalk ViewPoint
FactoryTalk ViewPoint and VantagePoint EMI
server can use any other custom assigned port
123
UDP
NTP
PowerMonitor 3000, AADvance
Network time protocol
135
TCP
RPC/Endpoint Mapper
FactoryTalk, RSMACC™
DCOM endpoint mapper
161
UDP
SNMP
1756-ENET,1756-ENBT,1794-AENT,
1734-AENT, 1769-L35E, 1769-L32E,
1788-ENBT, 1761-NET-ENI, 1785- LXXE,
1785-ENET,1747-L55x,1766- L32x,
5820-EI, PowerFlex Drives, PowerMonitor 3000,
PanelView
300…400
UDP
Proprietary
PowerMonitor 3000
Master/slave configuration
400…402
TCP
RPC
FactoryTalk Transaction Manager, RSSQL
Transaction manager, compression server,
and configuration server
443
TCP
HTTPS
FactoryTalk ViewPoint
When using web server with secure certificate
502
TCP
ModbusTCP
AADvance, Trusted®
Master or slave (AADvance),
Slave only (Trusted)
1001…1009
UDP
Proprietary
1426 PowerMonitor 5000
Waveform synchronized broadcast
Dynamic
(1024…65535+)
TCP
DCOM
FactoryTalk
DCOM dynamic ports
1089
TCP/UDP
ff-annunc
1788-EN2FFR
FOUNDATION Fieldbus
1090
ff-fmx
1091
ff-sm
1132
TCP
SNCP
AADvance
Safety Network Control Protocol, used by OPC,
workbench debugger, and binding networks
1330
TCP
rnaprpc
FactoryTalk
Object RPC
1331
TCP
rnaserv
FactoryTalk
Service control
1332
TCP
rnaserveping
FactoryTalk
Server health
1433
TCP
N/A
FactoryTalk® AssetCentre (server),
FactoryTalk VantagePoint RSMACC
SQL server communication (default port)
1434
UDP
N/A
FactoryTalk AssetCentre (server),
FactoryTalk VantagePoint
Recommended static destination port for MSSQL
to minimize the number of ports open on a
firewall.
See the Knowledgebase Answer ID 287932 at
http://www.rockwellautomation.custhelp.com
1947
TCP/UDP
N/A
SafeNet Sentinel Local License Manager
Windows Service installed by Sentinel USB HASP
driver. This service is not required for USB dongle
to function.
See the Knowledgebase Answer ID 570831 at
http://www.rockwellautomation.custhelp.com
2000
TCP
Modbus RTU
AADvance (Slave only), Trusted (Master or slave,
used for OPC and SOE)
RTU packaged in serial stream. Other ports ca
be assigned
2010…2011
UDP
Discover tool
AADvance
Used to configure systems. The tool sends
broadcast to 2010 and systems reply to port 2011
306
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Firewall Configurations
Appendix C
Table 16 - TCP/UDP Port Descriptions
Port
Type
Protocol
Products
Comments
2222
UDP
EtherNet/IP
1756-ENBT,1794-AENT,1734-AENT,
1769-L35E, 1769-L32E,1788-ENBT
I/O communication that is used by products that
only support I/O over EtherNet/IP
2222
TCP
CSP
1785-Lxxe,1785-ENET,1771-DMC(x),
1747-L55x,5820-EI, PowerMonitor II,
RSLinx Classic, INTERCHANGE™
This is the source port for connections
3060
TCP
rnadirft
FactoryTalk
Directory server file transfer
3622
TCP/UDP
ff-Ir-port
1788-EN2FFR
FOUNDATION Fieldbus
4000
UDP
Peer-to-peer
Trusted
Original simplex protocol
4120
TCP
RPC
RSBizWare
Production server
4121
Server manager
4122
PlantMetrics™ server
4123
Task manager
4124
Scheduler server
4125
Scheduler CTP server
4446
TCP
TCP/IP
FactoryTalk Diagnostics (CPR SR3)
See the Knowledgebase Answer ID 68260 at
http://www.rockwellautomation.custhelp.com
5000
UDP
Peer-to-Peer
Trusted, AADvance
Enhanced (new) protocol
5241
TCP
TCP/IP
FactoryTalk Diagnostics (CPR9 SR4 and greater)
See the Knowledgebase Answer ID 68260 at
http://www.rockwellautomation.custhelp.com
5450
TCP
FactoryTalk Historian Site Edition
PI network manager
5454
Analysis Framework v1.x
5455
5456
ACE 2 scheduler
5457
Asset Framework server
5458
PI notifications
5459
Asset Framework to OLEDB Enterprise
6000
TCP
Workbench
Trusted
Online debugger
6543
TCP
rnaalarming
FactoryTalk
Alarming server
7002…7004
TCP
FactoryTalk AssetCentre (default)
FactoryTalk AssetCentre services
7600
TCP
FactoryTalk
Event multiplexor
7700
Event server
7710
Directory server
7720
TCP
RSView SE,
FactoryTalk View SE
7721
HMI server
Server Framework
7722
HMI activation
7723
Historical Data Log reader
8080
TCP
HTTP
RSBizWare
8081
Production server, reports
Server manager
8083
TCP
HTTP
CTP Server
10001…10006
TCP
Serial data
AADvance
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Transparent communication interface, where an
Ethernet host can talk through AADvance to a
serial port
307
Appendix C
Firewall Configurations
Table 16 - TCP/UDP Port Descriptions
Port
Type
Protocol
Products
Comments
27000…27009
TCP
TCP/IP
FactoryTalk® Activation Server,
FactoryTalk Activation Manager
Foir more application required to run
FLEXSVR,exe. an d LMGRD,exe, see the
Knowledgebase Answer ID 35717 and 184922 at
http://www.rockwellautomation.custhelp.com
44818
TCP/UDP
EtherNet/IP
1756-ENET,1756-ENBT,1756-EWEB,
1794-AENT,1734-AENT,1769-L35E,
1769-L32E,1788-ENBT,1761-NET- ENI,
1785-LXXE,1785-ENET,1747- L55x,
1763-L16x,1766-L32x, PowerMonitor3000,
PanelView, RSLinx Classic, RSLinx Enterprise,
INTERCHANGE (rsicd)
Messaging, data transfer, upload/download, peer
messaging, and so forth; used mainly by RSLinx
49281
TCP
TCP/IP
FactoryTalk Live Data,
FactoryTalk View SE HMI tag server
HMI tag server
55555
TCP
Telnet
AADvance from release 1.3
Diagnostic command-line interface
60093
TCP
TCP/IP
FactoryTalk Diagnostics (CPR9 SR2 and earlier)
See the Knowledgebase Answer ID 68260 at
http://www.rockwellautomation.custhelp.com
65207
TCP
TCP/IP
FactoryTalk VantagePoint
Incuity® server advertiser
308
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Index
A
access
layer 2 switch 40
level
define for group 102
software restriction 107
activation
FactoryTalk 119
manager 119
adapter
local communication 150
network configuration 150
additional resources 11
alarm and event
database 208
enable redundancy 206
server creation 192
AppServ
Info Historian 235
assets
central analysis 291
central analysis tracking 291
server configuration 293
workflow 292
assign
users to groups 82
audit 138
view audit 294
authority
identifier 160
C
canvas
Logix 5000 Architect 147
central directory
FactoryTalk 113
child domain controller
configuration 56
CIP VLAN
enable 24
clock update tool 174
code
restrictions 164, 165
communication
restriction 163
restrictions 160
components
FactoryTalk architecture 111
computers
DHCP server 78
DNS server 77
configuration
asset management 291
child domain controller 56
code restrictions 164, 165
communication restriction 163
communication restrictions 160
controller security 143
data restrictions 163, 164
DHCP server 63, 66
DLR 44
Excel add-in 282
FactoryTalk components 111
FactoryTalk groups 129
FactoryTalk security 127
FactoryTalk users 129
failover 71
GPS time sync 179
group policies 87
Historian server 235
HMI server 185
initial switch setting 18
IP address 49, 56
layer 2 switch 40, 45
layer 3 switch 29
live data connectors 268
network overview 13
node interfaces 262
NTP server 89
PanelView Plus 216
parent domain 49
PASS 181
primary node interface server 262
PuTTY software 39
reporting server 287
secondary node interface server 268
smartports 30
switch 20
switch express setup 19
system servers 47
time sync 171
users and groups 79
workgroup 299
connection
switch example 15
connectivity
Historian server 268, 280
connectors
live data connctors
configuration 268
controller
child domain 56
directory name 159
enable security 157
modify properties 147
PTP time sync 178
security 141, 143
security workflow 144
switches 42
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
309
Index
conventions
manual 8
copy
primary HMI folder 198
create 35
alarm and event server 192
data server 188
routing and HSRP 35
VLAN 22
D
data
restrictions 163, 164
server
configure secondary redundancy 205
enable redundancy 203
server shortcut 188
database
alarm and event 208
default
domain controller policy 89
domain policy (NTP) 96
terminal server 135
description 30
ports 30, 34
SW001 and SW002 32
SW003 and SW004 41
SW005 and SW006 43
SW007 and SW008 46
desklock
Windows utility 301
Device Level Ring (DLR) 44
DHCP
enable scope 68
server
computers 78
domain controller 63
server configuration 66
directory
FactoryTalk 113
disaster recovery
software 291
DLR
enable 44
DNS server
computers 77
document
conventions 8
purpose 7
domain
controller
default policy 89
DHCP 63
enforce policy 94
users and groups 79
join 74
NTP policy default 96
policy enforcment 100
310
drive
USB protection 106
E
enable
CIP VLAN 24
controller security 157
DHCP scope 68
PTP 28
Rapid PVST+ 26
switch routing 29
Ethernet
bridges PTP 176
Excel
add-in configuration 282
express setup
switch 19
external
security 127
users and groups 129
F
FactoryTalk
activation 119
directory
configuration 111
controller name 159
ME configure security 223
patches 121
product security 141
same log on 136
SE security 211
security 127
workflow 112
failover
configuration 71
firewall
Windows 115
FTD
configuration 111, 113
controller name 159
network directory 116
PASS 181
G
GPS
time sync 179
time sync example 172
group
add to group membership 226
define access level 102
membership
add groups 226
policy
management 87
workflow 88
security levles 140
user assignment 82
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Index
H
Historian
configuration 235
connectivity 268, 280
create synchronization path 260
workflow 236
HMI
security 211
server
configuration 185
enable redundancy 195
primary 185
hot standy routing
protocol 35
hybrid group
security 127
I
I/O connection settings 45
identifier
authority 160
interface
delete node default 258
internal
security 127
users and groups 132
IP address
check setting 18
configuration 49, 56
VLAN 16
J
M
management
group policy 87
manager
activation 119
manual
conventions 8
modify
controller property 147
N
naming
controller directory 159
conventions 8
network
adapter 150
directory 111
directory definition 116
overview 13
node interface
configuration 262
delete default 258
primary server configuration 262
secondary server configuration 268
NTP
default domain policy 96
server configuration 89
time sync example 171
O
overview
configuration network 13
join
domain 74
L
layer 2
access switch 40
switch 22, 24, 26, 28, 30, 42
switch configuration 40, 45
switches 19
layer 3
switch 22, 24, 26, 28, 30
switch configuration 29
switches 19
local directory 111
log
view audit 294
log on
FactoryTalk 136
Logix 5000 Architect
canvas 147
lookup
FactoryTalk directory 113
P
PanelView
configure time sync 228
download runtime application 231
Plus
configuration 216
parent domain
configuration 49
PASS
configuration 181
configure HMI server 185
FTD 181
workflow 182
patches
FactoryTalk 121
PCDC 121
PCDC
patches 121
PlantPAx
infrastructure
workflow 17
system topology 14
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
311
Index
policy
domain controller default 89
enforce domain 100
enforce domain controller 94
FactoryTalk security 141
PlantPAx users object 102
security 139
port 30
description 34
Precision Time Protocol (PTP) 28
primary
copy folder to secondary 198
HMI server 185
product
FactoryTalk policies 141
property
controller modification 147
protection
USB drive 106
protocol
hot standy routing 35
PTP
controllers 178
enable 28
Ethernet bridges 176
purpose
document 7
PuTTY
configuration 39
R
Rapid PVST+
enable 26
redundancy
data server 203
data server secondary 205
enable on alarm and event server 206
HMI server 195
reference
manual scope 7
report
server configuration 287
spreadsheet 282
restrict
code 164, 165
communication 160, 163
data 163, 164
system access 137
restriction
software access 107
routing
and HSRP 35
enable switch 29
hot standby 35
runtime
download to PanelView 231
security 227
312
S
scope
DHCP 68
reference manual 7
security 138
audit 138
configure FactoryTalk View ME 223
controller 143
enable controller 157
FactoryTalk 127
FactoryTalk SE 211
HMI 211
hybrid group 127
levels for group 140
runtime 227
system policies 139
workflow 128
server
NTP configuration 89
system configuration 47
setting
check IP address 18
configure switch 18
I/O connection 45
shortcut
data server 188
smartports
configuration 30
software
access restriction 107
spreadsheet
reports 282
Stratix
5400,5700,5410 switch icons 14
SW001
routing configuration 37
SW001 and SW002
description 32
SW002
routing configuration 38
SW003 and SW004
description 41
SW005 and SW006
description 43
SW007 and SW008
description 46
switch
check IP address 18
configuration 20
connection example 15
controller 42
enable routing 29
express setup 19
initial setting 18
Layer 2 access 40
layer 2 configuration 45
layer 3 configuration 29
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Index
sync
clock update 174
time configuration 171
synchronization path
Historian 260
system
access restrictions 137
security policies 139
server
configuration 47
workflow 16, 48
T
terminal server
default 135
time
GPS sync 179
PTP synced controllers 178
sync 171
clock update tool 174
configure for PanelView 228
Ethernet bridges 176
workflow 173
topology
PlantPAx system 14
track
assets 291
workflow
asset management 292
controller security 144
FactoryTalk
components 112
security 128
group policy 88
Historian server 236
PASS 182
PlantPAx
infrastructure 17
system servers 16, 48
time sync 173
workgroup
configuration 299
U
USB drive
protection 106
user manual
overview 13
users
assignment groups 82
PlantPAx policy object 102
users and groups
configuration 79, 129
external 129
internal 132
V
visual
naming conventions 8
VLAN
creation 22
IP address range 16
SW001 and SW002 32
SW003 and SW004 41
Sw005 and SW006 43
SW007 and SW008 46
W
Windows
desklock utility 301
firewall 115
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
313
Index
Notes:
314
Rockwell Automation Publication PROCES-UM001A-EN-P - March 2016
Rockwell Automation Support
Rockwell Automation provides technical information on the Web to assist you in using its products.
At http://www.rockwellautomation.com/support you can find technical and application notes, sample code, and links to
software service packs. You can also visit our Support Center at https://rockwellautomation.custhelp.com/ for software
updates, support chats and forums, technical information, FAQs, and to sign up for product notification updates.
In addition, we offer multiple support programs for installation, configuration, and troubleshooting. For more
information, contact your local distributor or Rockwell Automation representative, or visit
http://www.rockwellautomation.com/services/online-phone.
Installation Assistance
If you experience a problem within the first 24 hours of installation, review the information that is contained in this
manual. You can contact Customer Support for initial help in getting your product up and running.
United States or Canada
1.440.646.3434
Outside United States or Canada
Use the Worldwide Locator at http://www.rockwellautomation.com/rockwellautomation/support/overview.page, or contact your local
Rockwell Automation representative.
New Product Satisfaction Return
Rockwell Automation tests all of its products to help ensure that they are fully operational when shipped from the
manufacturing facility. However, if your product is not functioning and needs to be returned, follow these procedures.
United States
Contact your distributor. You must provide a Customer Support case number (call the phone number above to obtain one) to your
distributor to complete the return process.
Outside United States
Please contact your local Rockwell Automation representative for the return procedure.
Documentation Feedback
Your comments will help us serve your documentation needs better. If you have any suggestions on how to improve this
document, complete this form, publication RA-DU002, available at http://www.rockwellautomation.com/literature/.
Rockwell Automation maintains current product environmental information on its website at
http://www.rockwellautomation.com/rockwellautomation/about-us/sustainability-ethics/product-environmental-compliance.page.
Rockwell Otomasyon Ticaret A.Ş., Kar Plaza İş Merkezi E Blok Kat:6 34752 İçerenköy, İstanbul, Tel: +90 (216) 5698400
Publication PROCES-UM001A-EN-P - March 2016
Copyright © 2016 Rockwell Automation, Inc. All rights reserved. Printed in the U.S.A.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement