Proficy* Workflow - GE Customer Center

Proficy* Workflow - GE Customer Center

Proficy* Workflow

Powered by Proficy SOA

G

ETTING

S

TARTED

Version 1.5

August 2010

All rights reserved. No part of this publication may be reproduced in any form or by any electronic or mechanical means, including photocopying and recording, without permission in writing from GE Intelligent

Platforms, Inc.

Disclaimer of Warranties and Liability

The information contained in this manual is believed to be accurate and reliable. However, GE Intelligent

Platforms, Inc. assumes no responsibilities for any errors, omissions or inaccuracies whatsoever. Without limiting the foregoing, GE Intelligent Platforms, Inc. disclaims any and all warranties, expressed or implied, including the warranty of merchantability and fitness for a particular purpose, with respect to the information contained in this manual and the equipment or software described herein. The entire risk as to the quality and performance of such information, equipment and software, is upon the buyer or user. GE Intelligent

Platforms, Inc. shall not be liable for any damages, including special or consequential damages, arising out of the use of such information, equipment and software, even if GE Intelligent Platforms, Inc. has been advised in advance of the possibility of such damages. The use of the information contained in the manual and the software described herein is subject to GE Intelligent Platforms, Inc. standard license agreement, which must be executed by the buyer or user before the use of such information, equipment or software.

Trademarks

© 2010, GE Intelligent Platforms, Inc. All rights reserved. * Trademark of GE Intelligent Platforms, Inc. All other brands or names are property of their respective holders. Any other trademarks referenced herein are used solely for purposes of identifying compatibility with the products of GE Intelligent Platforms, Inc.

Notice

GE Intelligent Platforms, Inc. reserves the right to make improvements to the products described in this publication at any time and without notice. We want to hear from you. If you have any comments, questions, or suggestions about our documentation, send them to the following email address: [email protected]

Table of Contents

Table of Contents

Getting Started ____________________________________ 1

Installation Requirements ____________________________ 2

Hardware Requirements

Server

Client

Reporting Database

Software Requirements

Server Installation

Client-only Installation

Proficy Reporting Database Installation

Proficy Host / Embeddable Proficy Host Installation 7

6

7

3

4

4

2

2

3

The Hardware Key _________________________________ 9

Hardware Key Installation

License and Key Checking

Hardware Key Installation Troubleshooting

Troubleshooting the Aladdin HASP Key

To reinstall Proficy Licensing

Defective Hardware Key Replacement

Common Questions About Hardware Keys

Installing Proficy Workflow __________________________ 14

To install Proficy SOA Server and Client

To install Proficy Client

To uninstall Proficy Workflow

Post-Installation Server Configuration

To modify the server name

20

20

To modify the Microsoft Active Directory Services 21

To modify the SQL Server 22

15

18

20

11

12

13

9

10

11

11

i

To modify administrator credentials 23

Command Line Installation ___________________________ 24

Logging on to the Proficy Client _______________________ 26

Running with a Standard Windows User Account __________ 27

Upgrading Proficy Workflow _________________________ 30

Data Item Links

To upgrade custom forms

30

31

Proficy Real-Time Information Portal ___________________ 34

To install Proficy Portal 35

Proficy Reporting Database ___________________________ 37

To install the reporting database

To configure Component Services

To uninstall the reporting database

Proficy Host / Embeddable Proficy Host ________________ 43

37

39

41

To install hosts

To add a host instance

To remove a host instance

To configure the Proficy SOA Server certificate

To uninstall hosts

Task Controls in Proficy HMIs ________________________ 49

44

46

47

47

48

Proficy Task List Configuration

Server Name

Server Authentication

To install task list controls

To modify Task List installation configurations

49

50

50

51

52

Key Concepts _____________________________________ 54

One-Click Deployment ______________________________ 67

ii Proficy* Workflow

Table of Contents

Supported Regional Settings __________________________ 69

Daylight Saving Time _______________________________ 71

Special Keyboard Buttons ____________________________ 72

SQL Server Backup and Restore _______________________ 73

Proficy Workflow Security ___________________________ 74

Introducing Security

System Protection

Security Concepts

Security Status

Understanding Security

Users

Groups

Design and Plan Security

Assign Key Sets

Login to Individual Workstations

Using Security

Manual Login and Logout

Security Log File

Windows Security

Configuring Windows User Accounts

Setting passwords to expire

Limiting the number of invalid login attempts

Adding user accounts that log into Windows

Domain Users Logging into Windows

Contact Information ________________________________ 91

85

86

87

87

80

82

83

84

85

88

88

89

90

74

74

75

76

77

79

General

Technical Support

Americas

Europe, Middle East, and Africa

91

91

91

92

iii

Asia Pacific 92

Index ___________________________________________ 93

iv Proficy* Workflow

Getting Started

Getting Started

Welcome to Proficy Workflow–Powered by Proficy SOA!

Before you begin installing our product, please take some time to review the Getting Started guide. This guide includes information about the following:

Installation Requirements (software, hardware, and the hardware key)

Installing Proficy Workflow with the Proficy SOA Server and

Client

Installing Proficy Real-Time Information Portal

Installing the Proficy Reporting Database

Installing the Proficy Host / Embeddable Proficy Host

Installing the Task List in HMIs

Proficy Workflow Security

IMPORTANT: Please read the

Important Product Information

including new features, system requirements, and release notes.

on your installation DVD for the latest information about Proficy Workflow,

1

Installation Requirements

This chapter provides general information you need in order to install

Proficy Workflow.

Before you begin installing your Proficy Workflow software, we highly recommend that you start by clicking Important Product Information on the installation DVD. This opens an online help file where you can read the latest release notes and the most current information about

Proficy Workflow.

Hardware Requirements

The minimum Proficy Workflow hardware requirements are:

Server

2.6 GHz Core Duo computer with 3 GB RAM (minimum)

50 GB hard disk space (minimum)

CD-ROM Drive

Network interface software for network communications. The

TCP/IP network protocol is required.

One free direct-connect USB port

XGA or better color monitor and a 100% IBM-compatible 24bit graphics card capable of 1024x768 resolution and at least

65535 color

Two-button mouse with scroll wheel or compatible pointing device (such as a touch screen)

2 Proficy* Workflow

Installation Requirements

Client

2 GHz Pentium 4-based computer with 2 GB RAM

(minimum)

20 GB hard disk space (minimum)

CD-ROM Drive

Network interface software for network communications. The

TCP/IP network protocol is required.

SVGA or better color monitor and a 100% IBM-compatible

24-bit graphics card capable of 1024x768 resolution and at least 65535 colors

Two-button mouse with scroll wheel or compatible pointing device (such as a touch screen)

Reporting Database

2.6 GHz Core™ 2 Duo Processor with 3 GB RAM

(minimum)

50 GB hard disk space (minimum)

CD-ROM Drive

Network interface software for network communications. The

TCP/IP network protocol is required.

One free direct-connect USB port

XGA or better color monitor and a 100% IBM-compatible 24bit graphics card capable of 1024x768 resolution and at least

65535 colors

Two-button mouse with scroll wheel or compatible pointing device (such as a touch screen)

3

Software Requirements

This section describes the minimum software requirements for your installation, including the recommended operating system and database.

Server Installation

The following list describes the software required to install and use

Proficy Workflow and the Proficy SOA Server.

One of the following operating systems:

Windows 7 Professional (32 or 64-bit).

Windows Server 2008 R2 (64-bit).

Windows Server 2008 SP2 (32-bit).

Windows Server 2003 SP2 or greater (32 or 64-bit).

Windows XP Professional SP2 or greater (32-bit only).

One of the following SQL Server systems:

Microsoft SQL Server 2008 Standard, Professional, or

Enterprise Edition (32 or 64-bit).

Microsoft SQL Server 2005 Standard SP2, Professional

SP2, or Enterprise Edition SP2 (32-bit only).

Microsoft SQL Server 2008 Express.

NOTE:

The SOA project is installed into this SQL Server database. SQL Server can be installed on a different computer that is also on the domain or workgroup; however, users must ensure that network configurations allow appropriate machine communication.

4 Proficy* Workflow

Installation Requirements

If you are using SQL Server Express with the Proficy

SOA Server, you cannot use the Reporting Database.

Microsoft .NET Framework 3.5 SP1.

Microsoft AD LDS (Active Directory Lightweight Directory

Service) or ADAM (Active Directory Application Mode) with

SP1 (available from http://www.microsoft.com/ downloads/details.aspx?familyid=9688f8b9-1034-

4ef6-a3e5-2a2a57b5c8e4&displaylang=en

).

NOTE: If you are using Windows XP or Windows Server 2003,

ADAM is required. If you are using Windows 7 or Windows

Server 2008, AD LDS is required. In Windows Server 2003,

Windows 7, and Windows Server 2008, these can be added as

Windows components/features in the Programs applet of the

Control Panel.

Microsoft Excel 2007 and its Primary Interop Assemblies (for

Import/Export operations). For more information, see:

 http://msdn.microsoft.com/en-us/library/ kh3965hw.aspx

 www.microsoft.com/downloads/details.aspx?famil

yid=59DAEBAA-BED4-4282-A28C-

B864D8BFA513&displaylang =en

 http://technet.microsoft.com/en-us/library/ cc179091.aspx

Internet Explorer 6 or greater.

Other software:

VMWare Server or VMWare ESX Server.

NOTE: VMWare servers are supported to use any of the supported operating systems.

5

IMPORTANT: Advanced features of ESX Server (that is,

VMotion, VMWare VMFS, and Clustering support) are not supported.

Proficy Portal 3.0 with SP1 (included on the installation DVD) or greater.

Java Run-time plug-in v6.0 or greater (to view Proficy

Portal displays).

Proficy Historian 3.5 or greater.

Client-only Installation

A client-only machine contains only the Proficy Client application and must connect to another machine that has the Proficy Server installed.

One of the following operating systems: :

Windows 7 Professional (32 or 64-bit).

Windows Server 2008 R2 (64-bit).

Windows Server 2008 SP2 (32-bit).

Windows Server 2003 SP2 or greater (32 or 64-bit).

Windows XP Professional SP2 or greater (32-bit only).

Microsoft .NET Framework 3.5 SP1.

Microsoft Excel 2007 and its Primary Interop Assemblies (for

Import/Export operations). For more information, see:

 http://msdn.microsoft.com/en-us/library/ kh3965hw.aspx

 www.microsoft.com/downloads/details.aspx?famil

yid=59DAEBAA-BED4-4282-A28C-B864D8BFA513

&displaylang=en

6 Proficy* Workflow

Installation Requirements

 http://technet.microsoft.com/en-us/library/ cc179091.aspx

Internet Explorer 6 or greater.

Proficy Reporting Database Installation

One of the following operating systems: :

Windows 7 Professional (32 or 64-bit).

Windows Server 2008 R2 (64-bit).

Windows Server 2008 SP2 (32-bit).

Windows Server 2003 SP2 or greater (32 or 64-bit).

Windows XP Professional SP2 or greater (32-bit only).

One of the following SQL Server systems:

Microsoft SQL Server 2008 Standard, Professional, or

Enterprise Edition (32 or 64-bit).

Microsoft SQL Server 2005 Standard SP2, Professional

SP2, or Enterprise Edition SP2 (32-bit only).

NOTE:

SQL Server Integration Services must be installed with

SQL Server.

If you are using SQL Server Express with the Proficy

SOA Server, you cannot use the Reporting Database.

Internet Explorer 6 or greater.

Proficy Host / Embeddable Proficy Host Installation

One of the following operating systems: :

7

Windows 7 Professional (32 or 64-bit).

Windows Server 2008 R2 (64-bit).

Windows Server 2008 SP2 (32-bit).

Windows Server 2003 SP2 or greater (32 or 64-bit).

Windows XP Professional SP2 or greater (32-bit only).

Microsoft .NET Framework 3.5 SP1.

Internet Explorer 6 or greater.

8 Proficy* Workflow

The Hardware Key

The Hardware Key

The hardware key supports USB port configurations. The hardware key you use to run the Proficy SOA Server:

Controls and enables software options available to your installation.

Uses a utility to electronically reprogram options you choose to upgrade or change (for HASP M4 keys only).

Proficy Workflow runs in demo mode, which limits you to two clients if the key is not installed or found.

Be sure to file your hardware key packing slip in a safe location. The codes on this slip are necessary for us to quickly duplicate the key in case it is damaged or misplaced. You can verify that your serial number matches the serial number on the hardware key packing slip by using the Proficy License Viewer utility to detect and display your hardware key settings. For more information, see the License and Key Checking section.

Hardware Key Installation

A hardware key is included with your Proficy Workflow software. You must install your hardware key in order to access all the components of the Proficy Workflow software you purchased.

Typically, you install your hardware key as you install the Proficy

Workflow product. Refer to the Installing Proficy Workflow section for more details.

If you insert the key after you install Proficy Workflow, it should be detected automatically when the software starts. It is recommended that you shut down your computer before plugging in a new hardware key.

9

IMPORTANT: Do not remove the hardware key from your node while

Proficy Workflow is running. If you do, some features will shut down and you will need to restart Proficy Workflow. You may also damage the hardware key if you remove it while the software is running.

We support the installation of the USB port hardware key only on systems running Windows 7 (32 and 64-bit), Windows Server 2008 (32 and 64-bit), Windows Server 2003 (32 and 64-bit), or Windows XP (32bit only). At this time, we do not support USB keys connected through an external USB hub.

On new installs on Windows XP SP1, we recommend that you insert your USB key after you run the Proficy Workflow install.

License and Key Checking

To use Proficy Workflow and other Proficy products, you must purchase the product with the desired options from us. Depending on the options you buy, you may need to replace your current key or run an update program on your existing key to enable the options.

If you want to determine the options that are enabled on the computer you are currently working on use the Proficy License Viewer to view the options enabled.

TIP: The Proficy License Viewer programs can be used to provide technical support personnel with information about your hardware key.

1. From the Start menu, point to Programs, Proficy Common, and then click License Viewer.

10 Proficy* Workflow

The Hardware Key

2. In the Proficy Products list, select the Proficy Workflow product. The License and Key Diagnostics area should display the available options. For information on upgrading your key to add other options, contact us. We will provide the steps for upgrading your Proficy license file when you purchase new options or products.

Hardware Key Installation Troubleshooting

If the hardware key does not install properly, you may see a message displayed on the Client at startup.

First, check to see that your hardware key is firmly attached. Next, uninstall and reinstall the driver for the hardware key. If this driver has been incorrectly uninstalled, it may behave unpredictably.

Troubleshooting the Aladdin HASP Key

If the Aladdin HASP USB key does not appear to be working, you can reinstall the licensing to recover from the improper install. When the

Aladdin HASP key is not communicating correctly, you will notice that the indicator light at the end of the key is off.

To reinstall Proficy Licensing

1. Click the

ProficyClientInstaller.exe

file in the License folder on the Proficy Workflow product installation CD to reinstall the license.

2. Click Finish when the licensing install completes.

11

Defective Hardware Key Replacement

A defective hardware key causes your Proficy product to run in demo mode.

Be sure to check that the key is firmly attached to your USB or parallel port before assuming it is defective. Additionally, for USB keys, if the indicator light at the end of the key is off, then the key is not communicating correctly.

You can also use the License Viewer to determine if the hardware key is defective. If your hardware key is defective, the License Viewer does not display the proper enabled options. Or, an error message stating that a hardware key is required to view the enabled options may appear.

For more information on using the License Viewer, refer to the

License

and Key Checking section.

We replace defective keys as quickly as possible. To obtain a replacement hardware key:

Call your local Technical Support representative. The support representative will instruct you to FAX a completed copy of a

Merchandise Return Authorization form. On receipt of the form, we can program a new hardware key and send it to you overnight.

When you receive the hardware key, you must return the old one along with a copy of the form sent with the new hardware key. We reserve the right to invoice you for defective hardware keys that are not returned.

12 Proficy* Workflow

The Hardware Key

Common Questions About Hardware Keys

This section describes some frequently asked questions about Proficy hardware keys.

What does the light at the end of the USB key indicate?

For the Aladdin HASP USB key, the light indicates that the key and the software are communicating. If this light is off, it indicates a problem with the key.

If I move the USB key to another port, is it automatically detected?

Yes. The USB key is automatically detected when moved to another

USB port. There are no additional screens requesting software to be installed for the the Aladdin HASP USB key.

13

Installing Proficy Workflow

The steps that follow outline how to install Proficy Workflow with the

Proficy SOA Server and Client from the product installation DVD.

IMPORTANT:

Workgroups and Windows domains are both supported; however, users must ensure that network configurations allow appropriate machine communication. Also, Windows authentication for security is supported only on a domain.

Any resolvable computer name or IP address can be used when installing Proficy Workflow; however, the same name or IP address must be used consistently for a machine in all configurations on any server, client, or host machine.

Before you begin the Proficy Workflow installation, make sure that you have installed the following (for more information, see

Software

Requirements):

Microsoft AD LDS (Active Directory Lightweight Directory

Service) or ADAM (Active Directory Application Mode) with

SP1.

Note: For demo, evaluation, or pilot systems, you can use

Simulated Driectory mode rather than using ADAM or AD

LDS. In this mode, the system functions the same way.

However, you must use ADAM or AD LDS to run large systems that have hundreds of clients connecting simultaneously.

Microsoft .NET Framework 3.5 SP1.

Microsoft SQL Server 2008 or 2005 SP2, or SQL Server

Express.

14 Proficy* Workflow

Installing Proficy Workflow

The SQL Server can be installed on a different computer than the one Proficy Workflow is installed on.

The person used for SQL authentication must have authority to create new databases.

To install Proficy SOA Server and Client

The following information guides you through the Proficy Workflow and Proficy SOA Server and Client installation process.

During this process you are required to create an Administrator user.

This Administrator user is automatically assigned all permissions, which will allow you to create and define your users, groups, and key sets, and to set up your production security.

1. Place the installation DVD in the DVD drive. If you have

Autoplay enabled, the installation launcher splash screen appears.

NOTE: If it does not appear, run

SetupWorkflow.exe

on the root directory of the Proficy Workflow DVD.

2. Click Install Proficy Workflow. The Proficy Workflow Setup wizard appears.

3. Click Full Server. The License Agreement page appears.

4. Review the license agreement, and then click I Agree. The

Choose Install Location page appears.

5. Accept the default destination folder or browse for a new location, and then click Next. The Configure AD LDS

Integration page appears.

15

6. If Active Directory Lightweight Directory Services (AD LDS) is not installed, the Configure AD LDS Integration page displays a message regarding its use. If AD LDS is not required, click

Next.

7. If Active Directory Lightweight Directory Services (AD LDS) is installed, but this installation is to be used in a test and/or development server environment, select the

Do not use

Microsoft Directory Services check box, and then click

Next.

8. If this installation is to be used in a production environment, do the following: a) Clear the Do not use AD LDS check box. b) In the Directory Instance: Name field, enter an instance name for the ADAM directory. c) In the Port (LDAP) and Port (SSL) fields, enter valid port numbers. d) In the User Credentials: Name field, enter the name of a user that is a member of the local computer’s

Administrators Group. e) In the User Credentials:

Domain field, enter the name of your company’s domain. f) In the User Credentials: Password field, enter the password for the user you entered in the Name field

9. Click Next. The Configure SQL Server page appears.

10. If your SQL server is installed locally and uses Windows

Authentication, select the

Use a local SQL database with

Windows Authentication check box, and then click Next.

16 Proficy* Workflow

Installing Proficy Workflow

11. If your SQL server is either local or remote and uses either

Windows or SQL Authentication, clear the

Use a local SQL

database with Windows Authentication check box, and enter the following information:

IMPORTANT: You must install SQL Server 2008 or SQL

Server 2005 SP2 before you install Proficy Workflow. For detailed information, see

Software Requirements

.

a) In the Server field, enter or select the name of the SQL server you want to connect to. If the SQL server is installed locally, you can enter localhost. b) In the Database field, enter the name of the SQL database, or click the drop-down arrow to search for all databases located on the specified server. If the specified database does not exist, it will be created for you. c) From the Authentication list, select the type of authentication you want to use. d) If you select Windows Authentication, click Next. e) If you select SQL Authentication, enter the user name and password configured for SQL Authentication on the

SQL server you want to connect to.

12. Click

Next. The Configure Security page appears.

13. Enter the following information: a) In the Administrator Name field, accept the default name or enter a name for the Administrator user. b) In the Administrator Password field, enter a password for the Administrator user. c) In the Confirm Password field, re-enter the password for the Administrator user.

17

14. Click Next. If the computer you are installing on has an enabled firewall, the Firewall Detected page appears.

15. If required, make note of the port number to open on the firewall, and then click

Next.

IMPORTANT: If your system uses a firewall, you must follow the instructions on the Firewall Detected page and open port

8201 to incoming TCP traffic. For information on opening a port in your firewall, see the online help for your Windows operating system.

NOTE: At any time during the installation configuration process, you can click Back to go to a previous page to change your settings.

The Ready to Install page appears.

NOTE: At any time during the installation configuration process, you can click Back to go to a previous page to change your settings.

16. Click Install. The Installing Proficy Workflow page appears, displaying the status of each installation step.

17. If a Security Warning dialog box appears, click Run.

18. Click Exit.

NOTE: If the installation fails, or you want to change a configuration setting after installation completes, you can open the appropriate standalone component to configure the required information. For more information, see

Post-

Installation Configuration

in the online help.

To install Proficy Client

This information guides you through the process of installing the

Proficy Client on a different machine than the Proficy Server.

18 Proficy* Workflow

Installing Proficy Workflow

You must have installed the Proficy SOA Server before you can install a Client, as you require an available server to connect to.

1. Place the installation DVD in the DVD drive. If you have

Autoplay enabled, the installation launcher splash screen appears.

NOTE: If it does not appear, run

SetupWorkflow.exe

on the root directory of the Proficy Workflow DVD.

2. Click

Install Proficy Workflow. The Proficy Workflow Setup wizard appears.

3. Click

Client Only. The License Agreement page appears.

4. Review the license agreement, and then click I Agree. The

Choose Install Location page appears.

5. Accept the default destination folder or browse for a new location, and then click Next. The Proficy Workflow Server

Configuration page appears.

6. Enter the name of the server you want to connect to. You can also use the server’s IP if it uses a static IP address.

NOTE: At any time during the installation configuration process, you can click Back to go to a previous page to change your settings.

7. Click Install. The Installing Proficy Workflow page appears, displaying the status of each installation step.

8. If a Security Warning dialog box appears, click Run.

9. Click Exit.

19

To uninstall Proficy Workflow

1. From Control Panel, double-click Add or Remove Programs.

The Add or Remove Programs dialog box appears, displaying all of the programs installed on the computer.

2. If applicable, select ADAM Instance SOAAdam, and then click

Remove.

3. In the confirmation message box, click Yes.

4. Select Proficy Workflow, and then click Remove.

5. In the confirmation message box, click Yes.

Post-Installation Server Configuration

If the installation fails, or you want to change a configuration setting after installation completes, you can open each of the installation wizard configuration pages as a standalone dialog box and make the required changes. The configuration pages are accessed from the program group:

Start > All Programs > Proficy > Proficy

Workflow > Configuration

.

NOTE: Making post-installation configuration changes can be performed only for a server and client installation; you cannot make post-installation changes for a client-only installation.

To modify the server name

You use the Configure Server utility to synchronize any changes you may have made to your local computer name with the Proficy SOA

Server.

Note: You must ensure that the computer name and server name are both the same.

20 Proficy* Workflow

Installing Proficy Workflow

1. Click Start, point to

All Programs > Proficy > Proficy

Workflow > Configuration

, and then click

Configure

Server. The Proficy Workflow Server Configuration page appears.

2. Click Save to synchronize the Proficy Workflow server name with the name of the local computer.

3. Click Exit.

To modify the Microsoft Active Directory Services

1. Click Start, point to

All Programs > Proficy > Proficy

Workflow > Configuration

, and then click

Configure

Directory Services. The Configure AD LDS Integration page appears.

2. If Active Directory Lightweight Directory Services (AD LDS) is not installed, the Configure AD LDS Integration page displays a message regarding its use. If AD LDS is not required, click Save.

3. If Active Directory Lightweight Directory Services (AD LDS) is installed, but this installation is to be used in a test and/or standalone server environment, select the

Do not use

Microsoft Directory Services check box, and then click

Next.

4. If this installation is to be used in a production environment, do the following: a) Clear the Do not use AD LDS check box. b) In the Directory Instance: Name field, enter an instance name for the ADAM directory. c) In the Port (LDAP) and Port (SSL) fields, enter valid port numbers.

21

d) In the User Credentials: Name field, enter the name of a user that is a member of the local computer’s

Administrators Group. e) In the User Credentials:

Domain field, enter the name of your company’s domain. f) In the User Credentials: Password field, enter the password for the user you entered in the Name field

5. Click Save, and then click Exit.

To modify the SQL Server

1. Click Start, point to

All Programs > Proficy > Proficy

Workflow > Configuration

, and then click

Configure

Database. The Configure SQL Server page appears.

2. If your SQL server is installed locally and uses Windows

Authentication, select the

Use a local SQL database with

Windows Authentication check box, and then click Next.

3. If your SQL server is either local or remote and uses either

Windows or SQL Authentication, clear the

Use a local SQL

database with Windows Authentication check box, and enter the following information:

IMPORTANT: You must install SQL Server 2008 or SQL

Server 2005 SP2 before you install Proficy Workflow. For detailed information, see

Software Requirements

.

a) In the Server field, enter or select the name of the SQL server you want to connect to. If the SQL server is installed locally, you can enter localhost. b) In the Database field, enter the name of the SQL database, or click the drop-down arrow to search for all databases located on the specified server.

22 Proficy* Workflow

Installing Proficy Workflow

c) From the Authentication list, select the type of authentication you want to use. d) If you select Windows Authentication, click Next. e) If you select

SQL Authentication, enter the user name and password configured for SQL Authentication on the

SQL server you want to connect to.

4. Click Save, and then click Exit.

To modify administrator credentials

1. Click Start, point to

All Programs > Proficy > Proficy

Workflow > Configuration

, and then click

Configure

Security. The Configure Security page appears.

2. Enter the following information: a) In the Administrator Name field, accept the default name or enter a name for the Administrator user. b) In the Administrator Password field, enter a password for the Administrator user. c) In the Confirm Password field, re-enter the password for the Administrator user.

3. Click Save, and then click Exit.

23

Command Line Installation

Proficy Workflow provides the ability to install the server, client, or hosts using command line parameters.

Using command lines to install the Proficy SOA Server allows you to install multiple servers, ensuring that the same configuration data is used in all instances.

The following table describes the command line parameters that can be used.

Command line parameter

/s

Description

Runs the installation setup (

SetupWorflow.exe

) in silent mode; that is, the installation occurs without displaying the user interface.

You must use the

/c

parameter in conjunction with the

/s

parameter and provide a valid configuration file name.

/t

filepath (where

filepath is the userdefined file name)

Runs the installation setup (

SetupWorkflow.exe

), including the user interface, and creates a configuration file that contains all of the installation configuration data.

NOTE: For security reasons, passwords are not included in the configuration data.

24 Proficy* Workflow

Command Line Installation

Command line parameter

/c

filepath (where

filepath is the userdefined file name)

Description

Runs the installation setup (

SetupWorkflow.exe

) and uses the configuration data found in the configuration file. When used with the /s parameter, the installation runs in silent mode.

NOTE: You can use the configuration file that was created using the /t command line parameter or you can use the sample configuration file provided in the install directory.

If you use the configuration file created by using the

/t

parameter, you must add the passwords before using that file with the

/c

parameter.

Overrides the default logging location.

/l

filepath (where

filepath is the logging directory)

25

Logging on to the Proficy Client

1. In the Proficy Client, click the Login button. The Proficy

Workflow Login dialog box appears.

IMPORTANT: To log in using Windows Authentication, both your server and client(s) must be on a domain.

2. In the User Name field, enter your user name.

3. In the Password field, enter your password.

4. If applicable, in the Authentication Method section, select an authentication method. Your user name and password are verified in the applicable system.

Select...

Proficy

Authentication

Windows

Authentication

If...

Your user profile is part of the Proficy SOA application.

Your user profile is part of the Windows domain.

If you are using Windows Authentication, do the following: a) Create a Windows User group. b) Create users in Proficy Workflow and create a user account for each one with a user name and password. c) Add the users to the Windows User group.

5. If applicable, in the Domain field, enter the domain name.

NOTE: If you selected Windows Authentication as the authentication option, enter the Windows domain name here.

6. Click Log In.

26 Proficy* Workflow

Running with a Standard Windows User

Account

Running with a Standard Windows User Account

The Proficy Client uses the Net.Tcp Port Sharing Service for some of its functionality. This Windows service is installed as part of Microsoft’s

.NET Framework. However, this service requires additional configuration in order to run the Proficy Client with a standard

Windows user account.

By default, the service’s configuration file limits the Windows user accounts that are allowed to access it to other Windows services and accounts that are in the Administrators group. That is, the Proficy

Client can be started only by a user account with administrator privileges in the default case.

In order to allow a standard Windows user account or non-elevated administrator account to use the Proficy Client, your network administrator must configure the Net.Tcp Port Sharing Service on each machine that will run the Proficy Client.

The following are the default locations of the Net.Tcp Port Sharing

Service (

SMSvcHost.exe

) configuration file:

On 32-bit operating systems:

C:\Windows\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\SMSvcHost.exe.config

On 64-bit operating systems:

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows

Communication Foundation\SMSvcHost.exe.config

27

The configuration file uses Windows security identifiers (SIDs) in order to determine what users or groups are permitted to use the service.

Your network administrator may choose to create a specific group for this purpose or may choose to use a well-known group. They may also need to add users to the group they choose or create. A list of wellknown SIDs for Microsoft operating systems can be found at http://support.microsoft.com/kb/243330

.

For example:

Users: S-1-5-32-545

Power Users: S-1-5-32-547

You can determine the SID for a specific user or group by downloading and executing the PsGetSid command line tool. http://technet.microsoft.com/en-us/sysinternals/ bb897417.aspx

To grant users or groups access to the Net.Tcp Port Sharing Service, add a child element of the allowAccounts element for each security identifier corresponding to the users or groups, and then save the configuration file. Each child element must be named “add” and have an attribute named “securityIdentifier” whose value is the SID of the user or group to be granted access.

For example:

<add securityIdentifier="S-1-5-32-545" /> <!-- Users group -->

The Net.Tcp Port Sharing Service must be restarted after the configuration file has been saved in order to reload the configuration changes.

The following are the default settings of the configuration file:

28 Proficy* Workflow

Running with a Standard Windows User

Account

<?xml version="1.0" encoding="utf-8"?>

<!-- The configuration file for SMSvcHost.exe -->

<configuration>

<runtime>

<gcConcurrent enabled="false" />

<generatePublisherEvidence enabled="false" />

</runtime>

<system.serviceModel.activation>

<net.tcp listenBacklog="10" maxPendingConnections="100" maxPendingAccepts="2" receiveTimeout="00:00:10" teredoEnabled="false">

<allowAccounts>

<!-- LocalSystem account -->

<add securityIdentifier="S-1-5-18"/>

<!-- LocalService account -->

<add securityIdentifier="S-1-5-19"/>

<!-- Network Service account -->

<add securityIdentifier="S-1-5-20"/>

<!-- Administrators group -->

<add securityIdentifier="S-1-5-32-544"/>

<!-- IIS_IUSRS account (Vista only) -->

<add securityIdentifier="S-1-5-32-568"/>

</allowAccounts>

</net.tcp>

<net.pipe maxPendingConnections="100" maxPendingAccepts="2" receiveTimeout="00:00:10">

<allowAccounts>

<!-- LocalSystem account -->

<add securityIdentifier="S-1-5-18"/>

<!-- LocalService account -->

<add securityIdentifier="S-1-5-19"/>

<!-- Network Service account -->

<add securityIdentifier="S-1-5-20"/>

<!-- Administrators group -->

<add securityIdentifier="S-1-5-32-544"/>

<!-- IIS_IUSRS account (Vista only) -->

<add securityIdentifier="S-1-5-32-568"/>

</allowAccounts>

</net.pipe>

<diagnostics performanceCountersEnabled="true" />

</system.serviceModel.activation>

</configuration>

29

Upgrading Proficy Workflow

You must uninstall older versions of Proficy Workflow before installing a new version.

The following upgrade paths are supported:

Upgrade from Proficy Workflow 1.2 to Proficy Workflow 1.5.

Upgrade from Proficy Workflow 1.01 to Proficy Workflow 1.5.

Upgrade from Proficy Workflow 1.01 to Proficy Workflow 1.2.

Uninstalling Proficy Workflow does not remove the SQL Server database or the Active Directory Lightweight Directory Services (AD

LDS) instance; all of your project data is preserved. When you install a new version and specify the same SQL Server database and AD LDS instance, then the previously configured project is automatically upgraded.

Data Item Links

If, in an earlier version of Proficy Workflow, you created data item links to Historian tag names that contain special characters, those data item links will not upgrade. You must recreate those links in the new version of Proficy Workflow.

The special characters are: ‘, ~, !, @, #, and $. For example, if you have an equipment property, MyProperty1, linked to a

Historian tag, HistTag#1, in Proficy Workflow version 1.01, that link will break when you upgrade to version 1.2 or 1.5.

The special character “-” is fully supported in the upgrade process; that is, data item links to Historian tags containing the

“-” character will upgrade correctly.

30 Proficy* Workflow

Upgrading Proficy Workflow

NOTE: Proficy Workflow 1.2 and 1.5 support all of these special characters.

When you upgrade from Proficy Workflow 1.01, the display names of data item links from workflows or condition events to equipment properties will contain a GUID. You must reconfigure these data item links to remove the GUID. After reconfiguring the data item, the display name is updated correctly as

<EquipmentOwnerName.PropertyName>

.

To upgrade custom forms

Before upgrading and starting the Proficy Workflow 1.2 or 1.5 server, ensure that all of your custom form DLLs are located in the following directory:

..\Data\AllUsers\Displays

.

If you added forms or user displays using Proficy Workflow 1.0 or 1.01, and those forms had dependencies on any Proficy assemblies, there are additional steps for upgrading.

For each form or user display in the system, do the following:

1. Check for errors.

In the Navigator, select the form or user display, and then click Global Viewer. If additional upgrade steps are required, an error displays in the Feedback Zone, indicating that the existing item could not be loaded.

NOTE: If you are using

GEFanuc.Platform.

FormsLibrary.dll

, skip to step 3 and use the new file,

Proficy.Platform.FormsLibrary.dll

, found in the

Program folder in the install directory.

2. Update the project.

31

a) In Visual Studio, open the source code project you originally used to build the custom form.

NOTE: This source code should be found somewhere on your system; it is not persisted in the Proficy Workflow database.

b) Update references to GEFanuc assemblies. View the project’s references to see the list of assemblies it is dependent upon.

NOTE: Since Proficy Workflow version 1.01, the Proficy assemblies have been renamed from

GEFanuc.*.dll

to

Proficy.*.dll

; therefore, any references to assemblies named GEFanuc.* must be removed and re-added to point to the renamed assembly. For example, if the project previously referenced

GEFanuc.Platform.Core.Display

Framework.dll

, then the project must be updated to reference

Proficy.Platform.Core.DisplayFramework

.dll

.

c) Update references to GEFanuc namespaces.

The namespaces have also been changed from

GEFanuc.*

to

Proficy.*

. Therefore, any other references to GEFanuc in your project must also be changed to Proficy.

3. Build the project.

Build your project and continue fixing errors until you have a successful build.

4. Save your changes. In the Proficy Client, select the form or user display in the Navigator and open it in the Display Editor.

An error may display indicating that the assembly or class is invalid. If the error displays, do the following:

32 Proficy* Workflow

Upgrading Proficy Workflow

a) In the .NET Assembly field, browse to the updated version of the assembly you want to use for the form. b) In the Class Name field, select the appropriate class name to use. c) Click Save to save your changes to the server and make the form available to other Clients.

5. Validate the form.

Open the form in the Global Viewer or run it in a workflow to ensure the form works as expected.

33

Proficy Real-Time Information Portal

The Proficy SOA Server provides the ability to connect to Proficy Real-

Time Information Portal and view displays created there.

Most businesses use tools to help their decision-makers analyze sales, visualize financial data, and make process improvements that enhance the manufacture of their products. Analysis of business and process data is critical to knowing where to make investments and to learning how to improve a company’s performance.

Proficy Portal provides superior data analysis tools in a personalized web environment. Using Proficy Portal and a web browser, you can make key decisions by analyzing and visualizing data from historians,

SQL relational databases, process databases, or OPC servers. By combining and comparing historical, real time, and SQL data, you can see how the leading performance indicators for your company are progressing, allowing you to make sound business decisions.

Proficy Portal integrates well into your existing intranet or web site.

You can create links between your web server and Proficy Portal displays, allowing you to create seamless navigation between the web pages on your site and the analysis displays on the Proficy Portal server.

Proficy Portal also integrates with the Proficy SOA Server. From

Proficy SOA, you can connect directly to your Proficy Portal server to view and use your Portal displays and to retrieve data tags.

NOTE:

Proficy Workflow supports Proficy Portal v3.0 only, with SP1 or the

SIMs that are included on the the installation DVD.

To connect to and view Proficy Portal displays, you must install

Java Run-time v6.0 or greater.

34 Proficy* Workflow

Proficy Real-Time Information Portal

For information on adding a Proficy Portal data source connection, see

Proficy Portal Data Source in the online help.

To install Proficy Portal

The Proficy Real-Time Information Portal installation files are included on the Proficy Workflow DVD.

IMPORTANT:

Proficy Workflow supports Proficy Portal v3.0 only, with SP1 or the

SIMs that are included on the the installation DVD.

You must install the Proficy Portal SIMs or SP1, which are included on the installation CD in order to use Proficy Portal with Proficy

Workflow.

NOTE:

Proficy Portal can be installed on a different computer than the one

Proficy Workflow is installed on.

To connect to and view Proficy Portal displays, you must install

Java Run-time v6.0 or greater.

The

Proficy Real-Time Information Portal Getting Started

Workflow installation DVD.

guide is included as a PDF in the Proficy Portal folder on the Proficy

1. Place the installation DVD in the DVD drive. If you have

Autoplay enabled, the installation launcher splash screen appears.

NOTE: If it does not appear, double-click

Setup.exe

from the root directory on the installation DVD.

35

2. Click Browse the CD. Windows Explorer appears, displaying the folders contained on the installation DVD.

3. Locate the Proficy Portal folder. The installation files are located in this folder.

4. Double-click

Setup.exe

, and then follow the installation instructions in the

Proficy Real-Time Information Portal Getting

Started guide.

36 Proficy* Workflow

Proficy Reporting Database

Proficy Reporting Database

Proficy SOA includes an option to install a reporting database. This database can be used with any valid reporting tool, and allows you to build reports on up-to-date data that you synchronize from your production database. For more information on the Proficy Reporting

Database, see Reporting in the online help.

To install the reporting database

The reporting database allows you to use the data synchronized from your production database to build reports for your facility. You can use any reporting tool to extract the information from the reporting database and create your reports.

You must have installed a supported SQL Server version before you install the reporting database (see Software Requirements). In addition, you must select the SQL Server Integration Service component when you install SQL Server. Select the SQL Reporting Services component, as well, if you want to use SQL as your reporting tool.

NOTE: We recommend that you install the reporting database on a separate computer from the production database to prevent performance issues on the production database. However, if the Proficy

SOA Server computer meets the requirements for both databases, they can be installed on the same computer.

1. Place the installation DVD in the DVD drive. If you have

Autoplay enabled, the installation launcher splash screen appears.

NOTE: If it does not appear, double-click

SetupReporting.exe

from the root directory on the installation DVD.

37

2. Click Install Proficy Reporting. The License Agreement page appears.

3. Review the license agreement, and then click I Agree. The

Choose Install Location page appears.

4. Select an SSIS version, and then click Next.

5. Accept the default destination folder or browse for a new location, and then click Next.

6. In the Configure Reporting SQL Server area, enter the following information, and then click Next. a) In the Server field, accept the default value if the reporting database is on the local machine with the default instance.

If the SQL Server named instance is used, enter the SQL

Server name and instance name; for example,

<servername>\<instance name>.

NOTE: The Reporting SQL Server must be local.

b) In the Database field, enter the name of the reporting database. This creates a new database; however, if a database of the same name already exists, this database will append to the existing one. c) From the Authentication list, select the type of authentication you want to use. If you choose to use integrated security, select Windows Authentication; otherwise, select SQL Server Authentication, and then enter the user name and password for the SQL Server.

7. In the Configure SQL Server area, perform one of the following actions:

Leave the

Use a local SQL database with Windows

Authentication check box selected, and then click Next.

38 Proficy* Workflow

Proficy Reporting Database

Clear the

Use a local SQL database with Windows

Authentication check box, and then enter the following information, and then click Next. a) In the SQL field, enter the name of the SQL Server where the SQL database is located. b) In the Database field, enter the name of the production

(SQL) database that you will connect to for synchronization. c) From the Authentication list, select the type of authentication you want to use. If you choose to use integrated security, select Windows Authentication; otherwise, select SQL Server Authentication, and then enter the user name and password for the SQL Server.

8. In the Proficy Workflow Server Configuration area, enter the following information, and then click Next. a) In the Server computer name field, enter the fully qualified name of the server computer.

9. In the Configure Security area, enter an Administrator user name and password. This can be the user name and password of any valid Proficy SOA user.

10. Click Install.

11. Click Exit.

To configure Component Services

If your production database is on a different computer than the Proficy

Reporting Database, the following configuration changes are required.

39

IMPORTANT: You can perform these steps either before or after installing the Proficy Reporting Database; however, you must complete these configuration changes before you run your reporting data synchronization.

NOTE: For this procedure, your production database server is the

“server”, while the reporting database server is the “client”.

1. Verify that the Distributed Transaction Coordinator service is running on both the Server and Client computers. a) From the Start menu, point to Administrative Tools, and then click Services. b) If the Distributed Transaction Coordinator service is not running, right-click it, and then click Start.

2. On the server computer, from the Start menu, point to

Administrative Tools, and then click Component Services.

3. In the left navigation tree, click Component Services, and then expand Computers.

4. Right-click My Computer and select Properties. The My

Computer Properties dialog box appears.

5. Click the MS DTC tab.

IMPORTANT: If you are using Windows 7 or Windows Server

2008, you must use the following path to retrieve these computer properties:

Component Services > Computers > My Computer >

Distributed Transaction Coordinator >Local DTC

6. Click Security Configuration. The Security Configuration dialog box appears.

7. Select the following check boxes:

40 Proficy* Workflow

Proficy Reporting Database

Network DTC Access

Allow Remote Clients

Allow Inbound/Outbound Administration

Enable Transaction Internet Protocol (TIP)

Transactions

8. Click OK. A message appears telling you “MS DTC Service will be stopped and restarted. All dependent services will be stopped. Please press Yes to proceed.” Click Yes.

9. In the My Computer Properties dialog box, click OK.

10. If required, reboot your production database server.

NOTE: We recommend that you reboot your production database server.

11. On the Client computer, repeat steps 2 through 6.

12. Select the Network DTC Access and Allow Inbound/

Outbound Administration check boxes.

13. The DTC Service is stopped and restarted.

14. Restart the Client computer.

15. Verify that the Distributed Transaction Coordinator service is running on both the Server and Client computers, and if required, repeat steps 1a and 1b.

To uninstall the reporting database

When you uninstall the reporting database, you can choose to remove it completely from the computer, or maintain the database but lose the ability to synchronize the data from your production database.

Uninstalling the reporting database does not affect the production database or the data contained in it.

41

1. From Control Panel, double-click Add or Remove Programs.

The Add or Remove Programs dialog box appears, displaying all of the programs installed on the computer.

2. Select

Proficy Reporting, and then click Remove.

3. In the confirmation message box, click Yes.

4. In the Uninstall Reporting message box, click Yes if you want to completely remove the reporting database from the computer. If you select No, the reporting database remains on the computer, but the ability to synchronize with the production database is lost; however, you can still run reports on the data stored in the database.

42 Proficy* Workflow

Proficy Host / Embeddable Proficy Host

Proficy Host / Embeddable Proficy Host

Proficy Workflow provides support that allows service providers from other products in the Proficy product family, such as Proficy Plant

Applications, to integrate and interact with a master Proficy SOA

Server. This integration allows you to publish data from these products to the Directory of Resources and access it from within the Proficy

Client.

You can create one of the following types of Proficy Hosts to integrate your product with Proficy SOA:

Proficy

Host

Select this option to create a unique server instance that runs within the Proficy SOA Server. The Proficy Host creates a Windows service to support the Proficy Host instance configuration.

Embeddable

Proficy

Host

Select this option to create a server instance that is embedded into the ProficyServer.exe Windows service.

You must write a Windows service executable program and embed the Proficy Host in that executable.

After a Proficy Host instance is created, the contents of any

AppServer.xml files that are included in the installation can be read by the Proficy Host, and the services defined in those files become available to the Proficy system. The contents of an

AppServer.xml

file informs the Proficy Host of the service provider(s) to load for the product and where to find them.

The System Status Monitor Display shows the structure of your Proficy system, including any Proficy Hosts connected to your Proficy SOA

Server and their corresponding projects, application servers, and services.

43

For more information about the structure of your Proficy system, see

System Status Monitor Display in the online help.

For information on a specific product service provider and the data that will be available in the Proficy Client, see the product online help and documentation.

To install hosts

A Proficy Host allows service providers from other products in the

Proficy product family to integrate and interact with a master Proficy

SOA Server.

This installation procedure is used to install a standalone instance of the

Configure Proficy Host utility. This utility allows you to add or remove

Proficy Host instances.

NOTE: When you install the Proficy SOA Server, the Configure Proficy

Host utility is automatically installed; therefore, you cannot install a standalone instance of the Configure Proficy Host utility on a computer that has the Proficy SOA Server installed on it.

1. Place the installation DVD in the DVD drive. If you have

Autoplay enabled, the installation launcher splash screen appears.

NOTE: If it does not appear, double-click

SetupWorkflow.exe

from the root directory on the installation

DVD.

2. Click Install Proficy Workflow, and then click Host Only.

The License Agreement page appears.

3. Review the license agreement, and then click

I Agree. The

Choose Install Location page appears.

44 Proficy* Workflow

Proficy Host / Embeddable Proficy Host

4. Accept the default destination folder or browse for a new location, and then click Next. The Configure Proficy Host

Instance page appears.

5. Clear the

Configure a new host instance later check box.

6. In the Host Instance section: a) In the Instance Name field, enter a name for this Proficy

Host instance. b) In the Computer Name field, enter the name or description of the computer that you are installing the

Host instance on, or accept the default entry. c) From the Instance Type list, select the type of Proficy

Host you want to install.

NOTE: If you select Embedded, you must create a Windows service executable file and embed the Proficy Host in that file.

7. In the Proficy Workflow Server section:

In the Computer Name field, enter the name of the computer where the Proficy SOA Server is installed, or accept the default entry.

NOTE: Any resolvable computer name or IP address can be used when installing the Proficy Host.

8. Click Next. The Ready to Install page appears.

NOTE: At any time during the installation configuration process, you can click Back to go to a previous page to change your settings.

9. Click Install. The Installing Proficy Workflow page appears, displaying the status of each installation step.

10. If a Security Warning dialog box appears, click Run.

45

11. Click Exit.

NOTE: If the installation fails, click View Log to view the log file to determine the reason for the failure.

To add a host instance

1. Click Start, point to

All Programs > Proficy > Proficy

Workflow > Configuration

, and then click

Configure

Host. The Configure Proficy Host wizard appears.

2. Click Add Host Instance. The Add Proficy Host Instance page appears.

3. In the Host Instance section: a) In the Instance Name field, enter a name for this Proficy

Host instance. b) In the Computer Name field, enter the name or description of the computer that you are installing the

Host instance on, or accept the default entry. c) From the Instance Type list, select the type of Proficy

Host you want to install.

NOTE: If you select Embedded, you must create a

Windows service executable file and embed the Proficy

Host in that file.

4. In the Proficy Workflow Server section:

In the Computer Name field, enter the name of the computer where the Proficy SOA Server is installed.

NOTE: Any resolvable computer name or IP address can be used when installing the Proficy Host.

5. Click Add.

46 Proficy* Workflow

Proficy Host / Embeddable Proficy Host

6. Click Exit.

To remove a host instance

1. Click Start, point to

All Programs > Proficy > Proficy

Wokflow > Configuration

, and then click Configure Host.

The Configure Proficy Host wizard appears.

2. Click Remove Host Instance. The Remove Proficy Host

Instance page appears.

3. Select the Proficy Host instance you want to remove, and then click Remove. The selected Proficy Host instance is removed.

4. Click Exit.

To configure the Proficy SOA Server certificate

Configuring the Proficy SOA Server certificate allows your Proficy

Host to communicate with the Proficy SOA Server.

NOTE: You must have installed the Proficy SOA Server and the Proficy

Host before configuring the certificate.

1. On the Proficy SOA Server computer, double-click

ProficySTSConfiguration.exe

. The default location of this utility is

<install dir>\Program Files\Proficy\

Proficy Workflow\Program

. The Proficy STS Configuration

Tool appears.

2. Under Proficy STS Overview, click

Proficy Servers

Configuration.

3. Under General, click Add New. A new address is added to the Proficy Servers Configuration list.

4. In the Address field, enter the address of the computer that the

Proficy Host is installed on.

47

5. Click Select. A dialog box appears displaying a list of certificates.

6. Under the Issued To list, select ProficyPlatform, and then click

OK.

7. Close the Proficy STS Configuration Tool and when prompted to save your changes, click Yes.

8. Restart the ProficySTS Server. a) On the Control Panel, point to Administrative Tools, and then select Services. The Services dialog box appears. b) Select ProficySTS, and then click Restart the service.

To uninstall hosts

1. From Control Panel, click Add or Remove Programs. The

Add or Remove Programs dialog box appears, displaying all of the programs installed on the computer.

2. Select Proficy Host / Embeddable Proficy Host, and then click Remove.

3. In the confirmation message box, click Yes.

48 Proficy* Workflow

Task Controls in Proficy HMIs

Task Controls in Proficy HMIs

The Proficy Workflow Task List can be integrated into other Proficy

HMI applications.

Workflow task controls can be integrated into existing HMI applications, such as Proficy HMI/SCADA CIMPLICITY and Proficy

HMI/SCADA iFIX. Workflow tasks are displayed in your application so you can operate them from within these applications. You use the

Task List and Task Indicator controls to interact with and view workflow tasks.The Task List provides users with a list of tasks for a workflow.The Task Indicator provides a user with relevant information regarding the status of the Task List.

Proficy Task List Configuration

The configuration utility allows you to modify server information and its authentication credentials.

NOTE:

Each installation of the Task List can connect to only one Proficy

Workflow server at a time.

At a single workstation, only one task indicator object and one task list object can be connected at a time per HMI application instance.

Proficy task controls and Proficy HMIs are related, but work independently from each other. Therefore, user names and logins are separate.

Like the Proficy Workflow client, the NET. TCP Port Sharing service must be enabled to use the Task List in a host application.

49

Server Name

In this section, you can modify or add the name of the server that the

Task List will run on.

Server Authentication

In this section, you can select how a user connects to the server in order to access the Task List. You can select from three different ways of accessing the server:

Manual Login

Select this option to prompt the user to manually enter a user name and password when accessing the Task List.

Control Property

Select this option to require the user to configure the user name and password through the control properties of the HMI host. In the object’s properties, the user name and password are visible.

Password Encryption

Select this option to require that user names and passwords be preconfigured. These credentials are added in the User Configuration section prior to accessing the Task List. In the object’s properties, the password is encrypted.

When your system requires password encryption for server authentication, you must add user names and passwords. This section is enabled only when the Password Encryption option in the Server

Authentication section is selected.

50 Proficy* Workflow

Task Controls in Proficy HMIs

NOTE: For the server authentication to be successful, users must have already been configured in Proficy Workflow.

To install task list controls

1. Place the installation DVD in the DVD drive. If you have

Autoplay enabled, the installation launcher splash screen appears.

NOTE: If it does not appear, double-click

SetupTask

List.exe

from the root directory on the installation DVD.

2. Click Install Task List. The License Agreement page appears.

3. Review the license agreement, and then click I Agree. The

Choose Install Location page appears.

4. Accept the default destination folder or browse for a new location, and then click Next. The Proficy Workflow Server

Configuration page appears.

5. In the Server Name field, enter the name of the server that you want to install the Task List on. The Configure Task List

Authentication page appears.

6. From the Authentication Type drop-down menu, select one of three login options, and then click Next. If you want the user name and password:

 entered manually, select Manual Authentication, or

 exposed in plain text, select

Control Property

Authentication, or

 saved automatically after initial setup, select

Password

Encryption Authentication.

NOTE: You must first configure users using the Proficy

Task List Configuration tool.

51

The Ready to Install page appears.

NOTE: At any time during the installation configuration process, you can click Back to go to a previous page to change your settings.

7. Click

Install.

8. Click Exit.

To modify Task List installation configurations

1. From the

Start menu, select Proficy Workflow Task List

Configuration. The Proficy Task List Configuration window appears.

2. To add or modify a server, in the Server Name section, enter the fully qualified name of a server.

3. To modify the login authentication, in the Server

Authentication section:

Select...

Manual

Login

Control

Property

Password

Encryption

To...

prompt the user to enter a user name and password at each login. allow the user the view the user name and password in the host’s object properties. log the user in automatically.

4. If you selected Password Encryption in the Server

Authentication section, add user credentials in the User

Configuration section: a) In the Users panel, click Add.

52 Proficy* Workflow

Task Controls in Proficy HMIs

b) In the Details panel, in the User Name field, enter an existing Proficy Workflow user name. c) In the Password field, enter the password for the user name. d) In the Confirm Password field, re-enter the password.

5. Click Save.

53

Key Concepts

Proficy Workflow—Powered by Proficy SOA is a unifying architecture for our software products, and a framework to leverage existing applications and functionality. The role of Proficy Workflow is to provide the components and services which, when adopted by a product line, drives common operational behavior and support.

Proficy Workflow implements the S95 standard, giving you a flexible, standards-based foundation for building applications and interfacing with other software.

Proficy Workflow contains the tools you need to create applications that can be used to facilitate the management and analysis of activities in your enterprise. Proficy Workflow provides a customizable environment that can:

 host editors for building Proficy applications

 display HMI screens for monitoring plant activities

 display workflow tasks to operators on the plant floor

 accept input into forms that can be created and routed to clients throughout the enterprise

Proficy Workflow also provides a configurable event engine that can trigger workflows and other code based on different types of internal and external triggers.

The Client

The Proficy Client provides a customizable environment for using various views and displays to access and use your data. Access to specific views and displays is determined by the permissions assigned to you or any group you are a member of.

54 Proficy* Workflow

Key Concepts

The Proficy Client:

Provides you with a command center for interfacing to Proficy applications and third-party legacy systems.

Provides you with a single solution-centered environment that allows you to link all aspects of the plant floor, from operations to analytics.

Allows you to customize the environment, tailoring it to your specific needs.

The diagram displays the main components of Proficy Client. The table following describes these components.

Figure 1. Proficy Client

55

Cross

Reference Description

Menu bar: includes access to product information, Help

Menu, Client layout modes, Global Displays, Task List, login/logout, system status.

Models list: Production, Material, Equipment, Personnel,

Events, Workflows, Global Displays, Proficy System.

Resource type list: includes all the types that you can add a resource to.

Resources: includes all the resources that you have added to the model.

Navigator: includes all the information related to your input, such as the ability to locate, add, delete, and duplicate resources.

Compatible view: displays information on the model that has been selected in the Navigator.

Display panel: displays compatible options for viewing and working with the selected resource.

Workspace: displays information related to the selected resource after an appropriate view, such as an editor, has been selected.

Information bar: includes warnings and the Feedback Zone.

Security

The Security feature is intended for system administrators who must configure and maintain security for Proficy Workflow.

56 Proficy* Workflow

Key Concepts

In some companies, access to the production configuration and management environment is available to everyone. In such an environment, changes to the data files and access to files and applications are not critical to the process. However, in other companies, these applications and data are available only to authorized personnel because they are critical to the process.

For more information, see

Security and Personnel Model in the online help.

Electronic Signatures and Audit Trails

Proficy Workflow provides the ability to electronically sign forms in the run-time environment and to create an audit trail of those signatures, as well as auditing other configuration changes made to the system.

You can use electronic signatures to create a more secure environment by requiring that operators electronically sign for data entry changes on forms in the Task Client. An electronic signature uniquely identifies the operator making the change, and can optionally require the electronic signature of another person to verify the change. Operators no longer need to use paper and pen to record and sign for their actions, and the possibility of losing or damaging such records is essentially eliminated.

An audit trail is necessary for regulatory compliance, because it provides a method of recording actions that have been performed in the Proficy Workflow system. An audit trail helps to prove that you have control of your process and allows you to track not only what occurred; but when it occurred, and who was responsible for the occurrence. For example, an audit trail can be used to assist with an investigation of a product discrepancy.

Proficy Workflow provides the ability to generate reports based on your audit trail and electronic signature data.

57

For more information, see Electronic Signatures and Audit Trails in the online help.

Models

In Proficy Workflow, models are used to define and organize system and application information. A model is a representation of a physical structure or conceptual idea and is composed of objects that have hierarchical or other relationships between them. Rules or schemas outlining object nesting, order, number, and requirement define the structure of a model.

Production and manufacturing models are used to represent your production or manufacturing organization and operation. Based on the industry standard ISA-95, these models define basic structure rules and object relationships.

Production models share a common object-oriented system of definition using properties that can be used to define classes, definitions, and specifications. When you create your production or manufacturing structure and object relationships, the properties, classes, definitions, and specifications are used to define your processes and can be inherited by another object as a result of direct associations.

For more information, see

Material Model, Equipment Model, Personnel

Model, Production Model, and Events Model in the online help.

Navigation and Search

The Navigator is one of the main components of the Proficy Client, and is used to navigate models to target elements. Using the Navigator, you can locate an element of focus, whether by browsing or searching.

The Navigator provides two tabbed panes: Navigate and Search.

58 Proficy* Workflow

Key Concepts

The Navigator is a point and click interface on all tabbed areas. The

Navigate tab is the main tab that is used to configure, set up, add, delete, and browse resources within Proficy Workflow.

The Search tab provides a unique way to search all available objects created within Proficy Workflow. By using the search you can quickly locate and use objects within the system.

For more information, see Navigate Tab and Search Tab in the online help.

Displays Panel

Proficy Workflow uses displays to organize editors and resource information into relevant groupings that make it easy to select, view, and configure resources. You can view and configure model resources within Proficy Workflow.

When you navigate to a resource, you are automatically shown the compatible displays of the resource you are viewing. The icons of related to these displays turn green when they are compatible.

For more information, see Displays Panel in the online help.

The Feedback Zone

The Feedback Zone is a tool that displays error and informational messages about the currently executing process or the operation last performed. Various components that are hosted within Proficy

Workflow can also post messages about the results of operations and tasks in the Feedback Zone.

For more information, see Feedback Zone in the online help.

59

Data Sources

Proficy Workflow provides the ability to connect to external data sources to access the data contained within those applications.

When these data sources are configured, their data (for example, tags, displays, SQL statements) are used to bind to data items in equipment, workflows, and condition events. The available data sources and their uses areas follows:

The Proficy Historian data source allows you to connect to

Historian servers to read from and write to Historian data tags.

You add Historian tags to Proficy Workflow and then use those tags as data sources throughout Proficy Workflow.

The Proficy Portal data source allows you to connect to Portal servers through Proficy Workflow. Portal servers allow you to read from and write to iFIX and OPC data items, and execute

Portal SQL statements. The Portal server makes its displays available, which you can select and view using the Global

Viewer, based on user credentials.

An OPC client provides direct access to data served by OPC

Data Access (DA) servers without relying on Proficy Historian or Proficy Portal as a bridge between an OPC server and

Proficy Workflow.

The Data Source Editor is used to select the data tags and other data items to be used when configuring data items, as well as when configuring connections to Proficy Portal servers, Proficy Historian servers, and OPC Clients.

NOTE:

You can add up to 3000 data items from each data source you connect to.

60 Proficy* Workflow

Key Concepts

The Portal and/or Historian server you want to connect to must be on the same network domain or workgroup as the Proficy Workflow server.

You can configure each Historian and Portal server only once.

For information on working with data items, see Data Items in the online help.

NOTE: The Proficy Portal installation CD is included with the Proficy

Workflow installation package. For information about Proficy Portal, see the Proficy guide and the

Portal Real-Time Information Portal Getting Started

Proficy Real-Time Information Portal

online help.

Service Providers

Proficy Workflow provides the ability to connect to external applications, called service providers. These service providers allow you to publish and use the data in those applications within Proficy

Workflow.

The Plant Applications service provider provides services to publish the Plant Applications plant model, product, and event resources, and to support operations relevant to the resources. Proficy Workflow clients can then browse Plant Applications resources, such as production lines and units, variables, products and events, and link to or call the interface functions to access Plant Applications data and event services.

In order to connect to Plant Applications, you must install a Proficy

Host and the Plant Applications Service Provider.

For more information, see Plant Applications Service Provider and Proficy

Host in the online help.

61

One-Click Deployment

One-click deployment allows you to deploy Proficy Workflow to users without running a client installation on their computers. It also provides the ability for a client to update itself when the server is upgraded.

For more information, see

One-Click Deployment in the online help.

Forms and User Display Designer

The Designer is a graphical design application that allows you to easily create forms and user displays and publish them to the Proficy SOA

Server where other authors can access and use them.

For more information, see Forms and User Displays in the online help.

User Solutions

Proficy Workflow provides the ability to create user-defined solutions.

User solutions provide a way to organize the user displays that you create.

User solutions are displayed in the solution panel as separate and distinct solutions. When you create a user solution, it automatically appears in the solution panel.

For more information, see User Solutions in the online help.

62 Proficy* Workflow

Key Concepts

Task Controls

Workflow task controls can be integrated into existing HMI applications, such as Proficy HMI/SCADA CIMPLICITY and Proficy

HMI/SCADA iFIX. Workflow tasks are displayed in your application so you can operate them from within these applications. You use the

Task List and Task Indicator controls to interact with and view workflow tasks.

For more information, see Task Controls in Proficy HMIs in the online help.

Integrated Products–Workflow

Proficy Workflow is a user-configurable, dynamic, decision-making engine for integrating automated and manual business and production processes across system and departmental boundaries—promoting reliable, repeatable process execution.

Proficy Workflow consists of a workflow execution engine, which is the core component of Proficy Workflow’s process management system. The engine is responsible for interpreting workflows, controlling multiple workflow instances, and sequencing subprocesses and activities.

Workflows consist of programs that can carry out complex activities, respond to events and data changes, and write values back out to the

Proficy data models or through external connectors.

For more information, see

Proficy Workflow in the online help.

63

User-Defined Activities

User activities allow you to develop and store standard and frequently used activities. They are configured in isolation, can be reused in various subprocesses, and have the capability of taking input and output parameters. When a user activity is used by a workflow or subprocess, it cannot be deleted. It also cannot be edited if a workflow that uses the activity is running. A subprocess may be composed of several user activities.

For more information, see User Activities in the online help.

Reporting Database

Proficy Workflow includes an option to install a reporting database.

This database can be used with any valid reporting tool, and allows you to build ad-hoc reports on up-to-date data that you synchronize from your production database.

For more information, see

Reporting Database and Reporting Data

Synchronization in the online help.

Proficy Host / Embeddable Proficy Host

Proficy Workflow provides support that allows service providers from other products in the Proficy product family, such as Proficy Plant

Applications, to integrate and interact with a master Proficy SOA

Server. This integration allows you to publish data from these products to the Directory of Resources and access it from within the Proficy

Client.

64 Proficy* Workflow

Key Concepts

Help

There are three ways to access the Proficy Workflow help:

Ribbon Bar: Click

F1: Click anywhere in the Proficy Client and press F1 on your keyboard.

Program Group: From the Start menu, point to All Programs, then Proficy, then Proficy Workflow, and then click Proficy

Help.

There are several ways to use the help:

Table of Contents: The table of contents is organized into books and pages. Click a book or page to display its contents.

Double-click a book to expand it and display the books and pages nested below it.

Index: To access the online help index, click the Index tab in the left-hand pane.

In the Proficy Workflow help index, you can search for topics by keyword. Type a keyword in the box, or select one from the list.

When you find the topic that you want, double-click it to display that topic. If more than one topic applies to the keyword, the Topics Found dialog box appears listing all topics that apply to that keyword.

Full-text Search: To access the online help full-text search, click the Search tab in the left-hand pane.

65

Use the Search tab to perform full-text searches in the help. If your search results include too many results, you can enter additional terms to narrow down the list. Click the button to add boolean terms to your search expression, such as AND,

OR, NEAR, and NOT.

If you want to search for a specific phrase, enclose the phrase in quotation marks.

66 Proficy* Workflow

One-Click Deployment

One-Click Deployment

One-click deployment allows you to deploy Proficy Workflow to users without running a full client installation on their computers.

IMPORTANT: Before you can use one-click deployment, you must complete the following prerequisites:

.NET 3.5 must be installed on the computer where one-click deployment will be used.

The NetTCPPortSharing service must be enabled and started.

An administrator must run the

ProficySecuritySetup.msi

file.

Security certificates cannot be deployed remotely. Therefore, before users can use the one-click deployment, an administrator user must run the

ProficySecuritySetup.ms

i file, which is also located in the Deployment folder. This executable file sets up Proficy

Workflow security and the security certificates on the specific computer and must be run on each computer that will use one-click deployment.

MIME types must be added to each computer in order for the

.manifest and .deploy files to work correctly. For more information, see the following:

http://msdn.microsoft.com/en-us/library/ ms228998(VS.85.aspx

http://msdn.microsoft.com/en-us/library/ ms752346.aspx

http://www.microsoft.com/technet/prodtechno l/WindowsServer2003/Library/IIS/cd72c0dcc5b8-42e4-96c2-b3c656f99ead.mspx?mfr=true

67

When an administrator installs Proficy Workflow on a server computer, the files required for the one-click deployment are installed when you perform a server installation. These files are located in a folder called

Deployment in the following location:

<install dir>\Program Files\Proficy\Proficy Workflow\

Program\ Deployment

An Administrator user must share this folder on the server computer and then users can access it through a web page. The file used for oneclick deployment is:

ProficyClient.application

You can create a web page, a button, or any means of access you want to use to make one-click deployment available to your users.

Each time a user uses the one-click deployment, it checks for any code updates, such as patches and service packs, that have been applied to the server (and subsequently to the one-click deployment files) and applies those changes to the one-click client. This allows your users to always be working with the same version of code as the server.

After installing Proficy Workflow on the server computer, you can copy the Deployment folder to another location for users to access. If you copy the folder to another location, you must re-copy the folder whenever code updates are applied in order for users to get the updates.

IMPORTANT: Do not move the Deployment folder from its install location. If this folder is moved, code updates cannot be applied to it.

68 Proficy* Workflow

Supported Regional Settings

Supported Regional Settings

Proficy SOA supports the following regional settings available in the

Windows Control Panel:

Decimal symbol - one character

Digit grouping symbol

List separator - one character

Time style

Time separator

Short date style

Date separator

NOTE: The decimal symbol and the digit grouping symbol cannot be the same character. Also, the time separator and the date separator cannot be the same character.

Formatting the Time and Date

Avoid changing the time style or short date style in regional settings to values that are outside of the standard styles provided. Changing these values to non-standard styles may result in improperly formatted times and dates in some parts of Proficy SOA.

Proficy SOA supports the following short date formats, some of which may not be available in certain language versions of Windows:

 dd/mm/yy or dd/mm/yyyy

 dd/yy/mm or dd/yyyy/mm

 mm/dd/yy or mm/dd/yyyy

69

 mm/yy/dd or mm/yyyy/dd

 yy/dd/mm or yyyy/dd/mm

 yy/mm/dd or yyyy/mm/dd

Formatting the Regional Language Setting

Avoid changing the language setting when Proficy SOA is running.

Setting the System Default Locale

The selected locale must be set as the system default.

70 Proficy* Workflow

Daylight Saving Time

Daylight Saving Time

In Proficy SOA, all dates and times are stored independent of time zones, in UTC format.

71

Special Keyboard Buttons

Some computer keyboards have special buttons for e-mail launch,

Internet launch, search, and other functions. These keyboard buttons may disable certain key macros or allow users to circumvent Proficy

SOA security measures.

We recommend that you reprogram or disable the software that operates such special buttons. Refer to your computer’s documentation for instructions on disabling these buttons.

72 Proficy* Workflow

SQL Server Backup and Restore

SQL Server Backup and Restore

Proficy Workflow utilizes SQL Server 2008 or SQL Server 2005 to store information. In order to ensure that the integrity of the information is maintained, it is important to back up your database on a regular basis. In addition to backing up and restoring your Microsoft

SQL Server database, maintenance plans can assist in keeping your systems up and running. Refer to your SQL Server manual or

Microsoft’s web site for additional information on backing up, restoring, and maintaining your SQL database.

73

Proficy Workflow Security

The Security feature is intended for system administrators who must configure and maintain security for Proficy Workflow.

This chapter explains the concepts of Proficy Workflow security and steps you through the implementation process.

Introducing Security

In some companies, access to the production configuration and management environment is available to everyone. In such an environment, changes to the data files and access to files and applications are not critical to the process. However, in other companies, these applications and data are available only to authorized personnel because they are critical to the process. Proficy Workflow provides an integrated security program to assist you in protecting your process.

System Protection

There are different levels of security that you can implement to protect your system. On one level, you can control the security of your machines and buildings, as well as your processes. On another level, you can implement security for your operating system and your network using firewalls, passwords, and filters.

You can also protect your data from unauthorized changes by restricting access to your system. The information in this section focuses on the security in Proficy Workflow, not your operating system or network.

74 Proficy* Workflow

Proficy Workflow Security

Logging into Proficy Workflow requires a login name and password.

Depending on your configuration, this data can be the same or separate from your Windows

®

login name and password. For more information on Windows login, refer to the Windows Security section.

Security is user-based, meaning operators cannot access anything unless you assign access to the specific areas.

Proficy Workflow security is flexible and easy to use, allowing you to assign operator rights, login names, and passwords. Refer to the

Personnel model for more information about configuring your users, groups, and key sets.

Security Concepts

Before you restrict access to Proficy Workflow features, you need to understand how security works. The security concepts described here are described in more detail in the Understanding Security chapter. For information on implementing the concepts, see the Personnel model section.

People - allow you to define security credentials and properties that are specific to an individual user. Security credentials and properties are defined in the S95 Model Editor.

Key Sets - allow you to assign permissions to users who hold a specific key set. In addition, key sets inherit permissions from their child sets. Proficy Workflow provides the following predefined high level key sets:

Guest

S95 Configurator

Workflow Author

75

The S95 Configurator key set includes the following child key sets:

Equipment Configurator

Material Configurator

Personnel Configurator

The Workflow Author key set includes the following child key sets:

Workflow Builder

Workflow Manager

Workflow Supervisor

Workflow Operator

You can also create your own key sets at any level.

Groups - allow you to create groups of users who share the same key sets. Proficy Workflow provides the predefined groups Administrators, Guests, and Windows Users.

Client Access - allows you to configure automatic login and logout, lockdown mode, default startup options for an individual workstation, and user overrides.

Security Status

Proficy Workflow security is always enabled. This prevents any unauthorized users from accessing or modifying any part of the system.

With security, all users must log in with their user accounts to gain access to the areas they have been given permissions to.

76 Proficy* Workflow

Proficy Workflow Security

Understanding Security

Your main design goal when developing a Proficy Workflow security strategy is to effectively use the Proficy Workflow security configuration. Proficy Workflow simplifies security configuration by abstracting the three main areas that are constantly changing in a plant or facility. These main areas are:

 people/personnel

 equipment/machinery

 operational hierarchy of the people

New personnel are hired and some retire in an organization. Machinery is added, replaced, and updated. People are promoted; for example, from being an operator to a supervisor, and so on.

Proficy Workflow security accommodates all of these cases using three different constructs.

People can be configured in groups; for example, Production

Group, Maintenance Group.

Machinery is modeled with the Equipment model using the

S95 Model Editor, which defines a plant in a hierarchical fashion. An Enterprise can have multiple sites and sites can have multiple areas, and so on.

An operational hierarchy can be defined as a set of keys that each person can hold. For example, an Operator can have keys to Start and Stop a workflow. A Supervisor can have additional keys to Create and Delete a workflow.

77

The first step in configuring security is to add people (users) to the system, then configure groups, and then define the key sets. Only an

Administrator user can define these three fundamental pieces of security configuration. An Administrator user is created when Proficy

Workflow is installed.

After the groups and key sets are defined, security can be applied to any resource in the system. For example, a group can be granted a key set on a resource such as an Enterprise in the Equipment model. Any user who belongs to the configured group will then, upon logging in to the

Proficy Client, have the rights granted by the key set on the Enterprise.

Using groups minimizes the amount of work needed to create similar users while providing you with flexibility and power. For example, when a new user comes in the plant, the user can simply be added to an existing group and will automatically inherit all the rights defined for that group.

In the following example, John, Dave, Tim, and George are all line operators. Their needs are summarized in the following table.

User

Name

John

Dave

Tim

George

Key Set

Workflow

Permissions

Workflow

Permissions

Workflow

Permissions

Workflow

Permissions

Permissions

Execute Workflows, Execute Schedules,

Perform Tasks

Execute Workflows, Execute Schedules,

Perform Tasks

Execute Workflows, Execute Schedules,

Perform Tasks

Execute Workflows, Execute Schedules,

Perform Tasks

78 Proficy* Workflow

Proficy Workflow Security

Since each line operator requires access to the same permissions, it is possible to create a group called Line Operators that provides these privileges. After you create the group, you can assign it to each line operator, as the following figure shows.

Users

Proficy Workflow identifies each user with a login name, a password, and an optional e-mail address. Users can belong to one or more groups. When a user belongs to a group, he or she inherits all the key sets assigned to the group. The user can have separate key sets in addition to the group key sets.

When you are designing your security plan, always include the full name, login name, and password for each user. If you plan to use

Windows security, you should also include the domain name if you want to store the user information on a domain controller.

79

Groups

You can simplify security configuration significantly if you take the time to assess your users’ needs. If the security requirements at your site do not warrant such an effort, use the default groups provided. These groups provide you with a simpler approach to implementing security.

For example, the default groups define functional roles in a manufacturing facility. The default groups are:

Administrators

Guests

Windows Users

Key sets are assigned to groups only; you cannot assign key sets to individual users. This assigns common key sets needed by two or more users performing similar tasks. Configuring your groups in this way provides a modular approach that is easy to maintain.

For example, in the following figure, the group Supervisors defines access to the equipment model to create and edit equipment resources.

These permissions define the common security rights shared by all users in the group.

80 Proficy* Workflow

Proficy Workflow Security

Create Groups and Users

You can create groups and users by selecting the Groups and People resource types from the Personnel model and then adding them to your resource list. You then configure either the Group or User properties found in the Security Editor and S95 Model Editor. If you are creating a user, you must also configure the user’s security credentials.

For a user, you can modify the assigned groups, and set the password for this user.

For detailed information on creating and configuring your group and user accounts, see the Personnel model.

Modify Groups and Users

As group and user responsibilities change, you may find it necessary to modify them.

81

NOTE: When operators log in, their group assignments and user information reside in memory. As a result, changes to groups or user information do not take effect until the user logs out and logs in again.

By logging in again, the operator forces Proficy Workflow to re-read the information.

Delete Groups and Users

You can delete groups and users that you no longer need. Deleting a user that automatically logs into Proficy Workflow on an individual workstation also deletes the access and layout configuration defined for that user account.

For more information, see

Computers: Client Access and Layouts in the online help.

Design and Plan Security

Since security is enabled when you install Proficy Workflow and cannot be disabled, you should plan and design all required users and groups before you deploy Proficy Workflow.

When you install Proficy Workflow, you are prompted to create an

Administrator user. This allows you to log in as the administrator and begin creating users and groups. Proficy Workflow provides default groups and key sets that you can examine to learn how to create your own users and groups.

82 Proficy* Workflow

Proficy Workflow Security

After you have logged into Proficy Workflow as the newly created

Administrator user, you can create one or more additional users who have a key set assigned to them that allows them to configure personnel resources for your facility. You can also create users who have a key set assigned that allows them to configure security aspects, such as configuring and assigning groups and/or key sets. These can be the same or different users, but if they will have security privileges, they must be accounted for in your security plan.

Your security design plan should include all of the information that you need to configure your personnel resources. For example, if you have a set of users that all perform the same tasks, you can create a group and add each of those users to the group. You can then assign key sets to the group and all members of the group inherit the permissions configured for those key sets.

By designing a well-defined security plan, you can build a security system that provides all of the permissions and access that your employees need to perform their assigned facility operations.

For information on logging into Proficy Workflow, see Login and Logout.

Assign Key Sets

After you create your groups and add users, you assign the appropriate key sets to the groups.

For example, consider the users Dave, George, and Tim, who are all members of the Operator A group. All three users need access to

Storage Zone A, while Tim needs additional access to Storage Zone B.

In order for Tim to have access to Storage Zone B, he must be a member of the group Operator B, which has the key set for Storage

Zone B assigned to it.

83

For more information on assigning key sets, see Security Configuration in the online help.

Login to Individual Workstations

You can configure a default user and enable automatic login to an individual workstation. If you configure and enable automatic login, then when the Client starts, it displays the layout configured for the default user account.

For more information, see Login and Logout in the online help.

Limit Login Time

Proficy Workflow allows you to enter a login time-out interval when configuring a default login account on an individual workstation. This interval limits the length of time an operator can remain logged into

Proficy Workflow without any user activity.

84 Proficy* Workflow

Proficy Workflow Security

With this feature, you can configure Proficy Workflow to automatically log out operators who forget to do so at the end of their shift.

This feature does not eliminate the need to manually log out when an operator finishes using Proficy Workflow, particularly if you have strict security requirements. If you decide to use this feature, consider it as a safety mechanism that prevents operators from remaining logged in indefinitely.

For more information about automatic logout, see Login and Logout in the online help.

Using Security

Operators can log into Proficy Workflow manually or automatically. By logging in, operators identify themselves as Proficy Workflow users and gain access to resources that they are authorized to use.

For information on logging in automatically, see Login and Logout.

Manual Login and Logout

Operators can log into Proficy Workflow manually using the Login dialog box. When the login dialog box appears, it allows operators to enter their login name and password.

Windows passwords are case sensitive.

NOTE: Each time an unsuccessful attempt is made to access the

Proficy Workflow system, a message is sent to the log file.

85

Password Expiration Considerations

When Proficy Workflows security is synchronized with Windows security, passwords can expire. If the Windows password has expired, the user is notified and prompted to change the password. If the

Windows password is about to expire, a notification message displays, reminding the user to change the password.

For more information about synchronizing Proficy Workflow security with Windows security, see Windows Security.

Security Log File

Proficy Workflow security generates a log of security-related actions taken by Proficy Workflow users. The security log file resides in the default log path and is called

ProficySTS.LOG

.

The information in the log file is displayed in chronological order. The security log file is a cumulative file; that is, all new security-based actions are appended to the bottom of the file. To avoid the log file growing too large, it is set to a maximum of 2 MB. If the content grows larger than that, it automatically deletes the oldest information to accommodate the new. You can also manually delete old information from the file.

By reviewing the log file, you can learn about:

 who logged in and out.

 unsuccessful attempts to access Proficy Workflow.

 when someone attempted to access an area they had no privileges for.

86 Proficy* Workflow

Proficy Workflow Security

Windows Security

You can connect Proficy Workflow users to Windows user accounts.

This allows you to use your existing Windows user accounts for password validation. Only domain Windows accounts are supported.

You also gain the following advantages of Windows security:

Case sensitive passwords

Passwords that expire

Online password changes

Ability to specify minimum password requirements

Account lockout

A user can log into Proficy Workflow by entering his or her Windows user name and password. Proficy Workflow sends this information to

Windows for authentication. If the user’s account specifies a Windows domain name, the user name and password are sent to a Windows domain controller for authentication. If Windows verifies the user name and password, Proficy Workflow completes the login process.

Otherwise, it logs an error. For more information about logging into

Proficy Workflow, see

Using Security.

For information on setting up Windows user accounts for use in

Proficy Workflow, see Configuring Windows User Accounts.

Configuring Windows User Accounts

When you are setting up Windows user accounts for use with Proficy

Workflow security, you should configure the passwords and set account lockout thresholds.

87

Setting passwords to expire

One of the benefits of using Proficy Workflow with Windows security is that you can set Windows passwords to expire.

1. In the Control Panel, from the Administrative Tools folder, double-click Local Security Policy. The Local Security

Settings window appears.

2. Expand the Account Policies folder.

3. Select

Password Policy. The password policies display in the

Policy list.

4. Double-click Maximum password age. The Maximum password age Properties dialog box appears.

5. In the Password will expire in field, set the number of days after which passwords expire.

6. Click OK.

Limiting the number of invalid login attempts

When a Proficy Workflow user is connected to a Windows user account, the application developer can set an account lockout threshold, which prevents a user from accessing the account after he enters the incorrect user name or password beyond the number of acceptable times. When the account lockout threshold has been reached, the account is disabled.

1. In the Control Panel, from the Administrative Tools folder, double-click Local Security Policy. The Local Security

Settings dialog box appears.

2. Select the Account Policies folder.

88 Proficy* Workflow

Proficy Workflow Security

3. Select the Account Lockout Policy folder. The account lockout policies display in the Policy list.

4. Double-click Account Lockout Threshold. The Account lockout threshold Properties dialog box appears.

5. In the Account will not lock out field, enter the number of invalid login attempts before the account is disabled.

6. Click OK.

Adding user accounts that log into Windows

When you use Windows security in Proficy Workflow, user accounts that need to log in to a machine must have the “Act as Part of the

Operating System” right enabled in the local security policy.

To add the Act as Part of the Operating System right

NOTE: User accounts that are not used to log in to Windows should not have this right.

1. In the Control Panel, from the Administrative Tools folder, double-click Local Security Policy. The Local Security Settings dialog box appears.

2. Select the Local Policies folder.

3. Select the User Rights Assignment folder.

4. In the Rights list, double-click

Act as Part of the Operating

System. The Act as part of the operating system Properties dialog box appears.

5. Add the users that you want to have this right to the list, and then click OK.

6. Log out of Windows and log in again for your changes to take effect.

89

Domain Users Logging into Windows

If you are using Windows user names and passwords within Proficy

Workflow security, be aware that Windows user accounts must have the policy “Access this computer from the network” applied under

“Local Security Settings.” By default, this policy is assigned to the groups “Users” and “Everyone” on the local machine. If the domain policy overrides the local policy settings by removing these groups, then the Windows user names and passwords will fail with insufficient rights when trying to log in from Proficy Workflow. If domain administrators want to restrict this right, then they must do one of the following tasks in order to continue to use Window user names and passwords within Proficy Workflow:

Create a Domain Group that contains all the Domain Users that will be used within Proficy Workflow security, add this group to the domain policy “Access this computer from the network,” and deploy this policy to all machines running

Proficy Workflow.

Add the Domain Users group to the domain policy “Access this computer from the network,” and then deploy this policy to all machines running Proficy Workflow.

Add Authenticated Users to the domain policy “Access this computer from the network,” and then deploy this policy to all machines running Proficy Workflow. Be aware that this group requires each user to log on to the domain at least once to be considered an authenticated user.

Leave at least the Users group in the domain policy “Access this computer from the network.” If you choose this option, be aware that the Anonymous user and the Guest user are not part of the Users group.

90 Proficy* Workflow

Contact Information

Contact Information

If you purchased this product through an Authorized Channel Partner, please contact the seller directly.

General

Online technical support & GlobalCare:

Comments about our manuals and online Help:

Additional information:

Solution Provider:

Authorization:

www.ge-ip.com/support [email protected] www.ge-ip.com [email protected] [email protected]

Technical Support

If you have technical problems that cannot be resolved with the information in this guide, please contact us by telephone or e-mail, or on the web at www.ge-ip.com/support.

Americas

Online technical support:

Telephone:

International Americas direct dial:

Technical support e-mail:

Customer care e-mail:

Inside Sales:

Primary language of support: www.ge-ip.com/support

1-800-433-2682

1-434-978-5100 [email protected] [email protected]

[email protected]

English

91

Europe, Middle East, and Africa

Online technical support:

Telephone:

Technical support e-mail:

Customer care e-mail: www.ge-ip.com/support

+800 1-433-2682

[email protected]

[email protected]

Inside Sales: [email protected]

Primary language(s) of support: English, French, German, Italian,

Czech, Spanish

Asia Pacific

Online technical support & GlobalCare:

Telephone: www.ge-ip.com/support

+86-400-820-8208

+86-21-3217-4826 (India, Indonesia, and Pakistan)

Technical support e-mail:

Customer care e-mail:

[email protected] (China)

[email protected] (Japan) [email protected] (other Asian locales)

[email protected]

[email protected] (China)

92 Proficy* Workflow

Index

Index

.NET Framework ....................................... 5, 6

Act as Part of the Operating System ........ 89

Active Directory Services modify ............................................................. 21

Activities user-defined .................................................... 64

Add host instance ................................................... 46

Administrator credentials modify ............................................................. 23

Aladdin HASP Key troubleshooting .............................................. 11

Architecture

Proficy SOA ................................................... 54

Audit trails overview .......................................................... 57 regulatory compliance ................................... 57

Authorized Channel Partner ...................... 91

Backup

SQL server ...................................................... 73

Certificates

SOA server ..................................................... 47

Client hardware requirements .................................... 3 install ......................................................... 15, 18 logon ................................................................ 26 overview .......................................................... 54 software requirements ..................................... 6

Client access .................................................. 76

Command line installation .......................... 24

Component Services

Reporting database ........................................ 39

Configure

Component Services ...................................... 39

SOA server certificate ................................... 47 task list............................................................. 49

Windows user accounts ................................. 87

Contacts .......................................................... 91

Control Property task list server ................................................. 50

Data analysis

Proficy Portal.................................................. 34

Data item links ............................................... 30

Data sources ................................................... 60

Historian ......................................................... 60

OPC ................................................................. 60

Portal ............................................................... 60

Daylight Saving Time ................................... 71

Displays ........................................................... 59

Documentation.............................................. 65

Domain login ................................................................. 90

Electronic signatures overview .......................................................... 57

Embeddable Proficy Host ........................... 43

Feedback Zone .............................................. 59

Forms e-sigs ................................................................ 57 upgrade ............................................................ 31

Groups security ............................................................ 80

Hardware key ................................................... 9 defective .......................................................... 12 demo mode ....................................................... 9 license view ..................................................... 10 system requirements ...................................... 10 troubleshooting install ................................... 11

Hardware requirements client .................................................................. 3 server ................................................................. 2

HASP M4 keys ................................................ 9

Help ................................................................. 65

HMI applications task controls ................................................... 49

Host software requirements ..................................... 7

Install client only ........................................................ 18

93

command line ................................................. 24

Proficy Host ................................................... 44

Proficy Portal.................................................. 35

Reporting database ........................................ 37 server and client ............................................. 15 task list controls ............................................. 51

Integration

Host with SOA .............................................. 43

Portal with SOA ............................................. 34

ISA-95 ............................................................. 58

Key sets ........................................................... 75 assign ............................................................... 83

Keyboard buttons ......................................... 72

Language setting ............................................ 70

License reinstall ............................................................ 11

License Viewer .............................................. 10

Login ............................................................... 84 domain users................................................... 90 invalid attempts .............................................. 88

Login time ...................................................... 84

Login, maual .................................................. 85

Logon .............................................................. 26

Logout, maual ................................................ 85

Manual Login security ............................................................ 85 task list server ................................................. 50

MIME types ................................................... 67

Models overview .......................................................... 58

Modify

Active Directory Services .............................. 21 administrator credentials ............................... 23 server name..................................................... 20

SQL server ...................................................... 22 task list controls ............................................. 52

Navigator ........................................................ 58

Net.Tcp Port Sharing Service ..................... 27

NetTCPPortSharing service ....................... 67

One-Click Deployment ........................ 62, 67

OPC client data source ...................................................... 60

Operating systems requirements ............................................. 4, 6, 7

Password Encryption

94 Proficy* Workflow

task list server ................................................. 50

Password expiration ......................................86

Passwords expiration ........................................................ 88

Post-Installation server configuration ....................................... 20

Primary Interop Assemblies ..................... 5, 6

Proficy Authentication .................................26

Proficy Historian ............................................. 6 data source ...................................................... 60

Proficy Host add instance .................................................... 46 install ............................................................... 44 remove instance ............................................. 47

SOA integration ............................................. 43 uninstall ........................................................... 48

Proficy Host / Embeddable Proficy Host

................................................. See Proficy Host

Proficy Portal ................................................... 6 data analysis .................................................... 34 data source ...................................................... 60 install ............................................................... 35

SOA integration ............................................. 34

Proficy Real-Time Information Portal ..... See

Proficy Portal

Proficy Reporting Database ... See Reporting database

Proficy SOA architecture ..................................................... 54

Proficy Workflow install ............................................................... 20 key concepts ................................................... 54 uninstall ........................................................... 30

ProficySecuritySetup.msi .............................67

Regional settings ............................................69 date/time ........................................................ 69 language .......................................................... 70 system default locale ...................................... 70

Regulatory compliance audit trails........................................................ 57

Remove host instance ................................................... 47

Reporting software requirements ..................................... 7

SQL servers ...................................................... 7

Reporting database install ............................................................... 37 overview .......................................................... 64 uninstall ........................................................... 41

Restore

SQL server ...................................................... 73

S95 standard .................................................. 54

Search .............................................................. 58 security status ................................................................ 76

Security ........................................................... 75 design/plan ..................................................... 82 groups .............................................................. 80 system protection ........................................... 74 users ................................................................. 79

Security log file .............................................. 86

Server hardware requirements .................................... 2 install ............................................................... 15 post-install configuration .............................. 20 software requirements ..................................... 4

VMWare ............................................................ 5

VMWare ESX .................................................. 5

Server name modify ............................................................. 20

Service Providers .......................................... 61

Silent install .................................................... 24

SOA server certificate configure ......................................................... 47

Software requirements client .................................................................. 6 operating systems ..................................... 4, 6, 7 server ................................................................. 4

SQL server systems ..................................... 4, 7

SQL server backup/restore ............................................... 73

SQL Server modify ............................................................. 22 requirements ................................................. 4, 7

Standard Windows user account ............... 27

Status

Index

security ............................................................ 76

System Default Locale ................................. 70

System protection security ............................................................ 74

Task list configuration.................................. 49 control property ............................................. 50 manual login ................................................... 50 password encryption ...................................... 50 server authentication ..................................... 50 server name..................................................... 50

Task list controls

HMIs ............................................................... 49 install ............................................................... 51 modify ............................................................. 52

Technical support ......................................... 91

Time zones ..................................................... 71

Troubleshooting

Aladdin HASP key ......................................... 11 hardware key ................................................... 11

Uninstall

Proficy Host ................................................... 48

Proficy Workflow .......................................... 20

Reporting database ........................................ 41

Upgrade custom forms ................................................. 31

Upgrade paths ................................................ 30

USB port configurations ................................ 9

User Display Designer ................................. 62

User Solutions................................................ 62

User-defined activities .................................. 64

Users security ............................................................ 79

UTC ................................................................. 71

Windows Authentication ............................. 26

Windows security .......................................... 87

Windows security identifiers ....................... 28

Windows user account running ............................................................ 27

Windows user accounts configure ......................................................... 87

95

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement

Table of contents