EPDCX504

Experion

Supplementary Installation Tasks Guide EP-DCX504

R300.1 06/06

Release 300.1 Honeywell

ii Experion Supplementary Installation Tasks Guide R300.1 Honeywell 06/06

Notices and Trademarks

Copyright 2006 by Honeywell International Inc. Release 300.1 June, 2006

While this information is presented in good faith and believed to be accurate, Honeywell disclaims the implied warranties of merchantability and fitness for a particular purpose and makes no express warranties except as may be stated in its written agreement with and for its customers.

In no event is Honeywell liable to anyone for any indirect, special or consequential damages. The information and specifications in this document are subject to change without notice.

Honeywell, PlantScape, Experion PKS, and TotalPlant are registered trademarks of Honeywell International Inc.

Other brand or product names are trademarks of their respective owners.

Honeywell International

Process Solutions

2500 West Union Hills

Phoenix, AZ 85027

1-800 343-0228

R300.1 Experion Supplementary Installation Tasks Guide iii 06/06 Honeywell

About This Document This guide describes how to complete additional tasks once you have completed an initial installation or upgrade of Experion.

Release Information

Document Name Document ID

Release Number

Publication Date

Supplementary Installation Tasks Guide - SIT EP-DCX504

300.1 06/06

References The following list identifies all documents that may be sources of reference for material discussed in this publication.

Document Title

Software Installation Users Guide

Server and Client Configuration Guide

Redirection Manager Users Guide

System Management Configuration Guide

Contacts

World Wide Web The following Honeywell web sites may be of interest to Process Solutions customers.

Honeywell Organization WWW Address (URL)

Corporate http://www.honeywell.com

Honeywell Process Solutions http://hpsweb.honeywell.com

Contacts

iv Experion Supplementary Installation Tasks Guide R300.1 Honeywell 06/06

Telephone Contact us by telephone at the numbers listed below.

Location Organization Phone

United States and Canada

Honeywell IAC Solution Support Center

1-800-822-7673

Europe Honeywell TAC-EMEA +32-2-728-2704

Pacific Honeywell Global TAC - Pacific 1300-300-4822 (toll free within Australia) +61-8-9362-9559 (outside Australia)

India Honeywell Global TAC - India +91-20-2682-2458

Korea Honeywell Global TAC - Korea +82-2-799-6317

Peoples Republic of China

Honeywell Global TAC - China +86-10-8458-3280 ext. 361

Singapore Honeywell Global TAC - South East Asia

+65-6580-3500

Taiwan Honeywell Global TAC - Taiwan +886-7-323-5900

Japan Honeywell Global TAC - Japan +81-3-5440-1303

Elsewhere Call your nearest Honeywell office.

Symbol Definitions

R300.1 Experion Supplementary Installation Tasks Guide v 06/06 Honeywell

Symbol Definitions The following table lists those symbols used in this document to denote certain conditions.

Symbol Definition

ATTENTION: Identifies information that requires special consideration.

TIP: Identifies advice or hints for the user, often in terms of performing a task.

REFERENCE -EXTERNAL: Identifies an additional source of information outside of the bookset.

REFERENCE - INTERNAL: Identifies an additional source of information within the bookset.

CAUTION

Indicates a situation which, if not avoided, may result in equipment or work (data) on the system being damaged or lost, or may result in the inability to properly operate the process.

CAUTION: Indicates a potentially hazardous situation which, if not avoided, may result in minor or moderate injury. It may also be used to alert against unsafe practices.

CAUTION symbol on the equipment refers the user to the product manual for additional information. The symbol appears next to required information in the manual.

WARNING: Indicates a potentially hazardous situation, which, if not avoided, could result in serious injury or death.

WARNING symbol on the equipment refers the user to the product manual for additional information. The symbol appears next to required information in the manual.

Symbol Definitions

vi Experion Supplementary Installation Tasks Guide R300.1 Honeywell 06/06

Symbol Definition

WARNING, Risk of electrical shock: Potential shock hazard where HAZARDOUS LIVE voltages greater than 30 Vrms, 42.4 Vpeak, or 60 VDC may be accessible.

ESD HAZARD: Danger of an electro-static discharge to which equipment may be sensitive. Observe precautions for handling electrostatic sensitive devices.

Protective Earth (PE) terminal: Provided for connection of the protective earth (green or green/yellow) supply system conductor.

Functional earth terminal: Used for non-safety purposes such as noise immunity improvement. NOTE: This connection shall be bonded to Protective Earth at the source of supply in accordance with national local electrical code requirements.

Earth Ground: Functional earth connection. NOTE: This connection shall be bonded to Protective Earth at the source of supply in accordance with national and local electrical code requirements.

Chassis Ground: Identifies a connection to the chassis or frame of the equipment shall be bonded to Protective Earth at the source of supply in accordance with national and local electrical code requirements.

R300.1 Experion Supplementary Installation Tasks Guide vii 06/06 Honeywell

Contents

1. ABOUT THIS GUIDE....................................................................15

2. SUPPLEMENTARY INSTALLATION TASKS CHECKLISTS......17 2.1 Completing an Experion server installation............................................... 17 2.2 Completing an eServer installation............................................................. 18 2.3 Completing an ACE or SIM-C200 node installation................................... 19 2.4 Completing a Console Station installation................................................. 20 2.5 Completing a Console Extension Station or Flex Station installation .... 20

3. CHANGING THE SERVER COMPUTER NAME ON FACTORY-INSTALLED SERVERS ........................................................................23

3.1 Changing the computer name for new Experion servers checklist......... 23 3.2 Changing the server computer name ......................................................... 23 3.3 Running the server name change application ........................................... 24 3.4 Running the password change application................................................ 24

4. INSTALLING HMIWEB DISPLAY BUILDER ...............................27

5. INTEGRATING COMPUTERS INTO A WINDOWS DOMAIN......29 5.1 Adding a platform node to a Windows Domain ......................................... 29 5.2 Adding a Windows Domain account to local groups on this computer.. 30 5.3 Creating mutually trusting domains............................................................ 31

6. SETTING UP TIME SYNCHRONIZATION...................................33 6.1 About NTPSetup............................................................................................ 33

General guidelines ...............................................................................................................33

Contents Symbol Definitions

viii Experion Supplementary Installation Tasks Guide R300.1 Honeywell 06/06

6.2 Setting up time synchronization in a workgroup without an external time source........................................................................................................................34

Setting up the authoritative root server................................................................................ 35 Setting up the secondary NTP server.................................................................................. 35 Setting up NTP clients......................................................................................................... 36 Setting up control hardware to receive time from an NTP server ........................................ 37

6.3 Setting up time synchronization in a workgroup with an external time source........................................................................................................................37

Setting up the first NTP server ............................................................................................ 38 Setting up the second NTP server....................................................................................... 39 Setting up NTP clients......................................................................................................... 39 Setting up control hardware to receive time from an NTP server ........................................ 40

6.4 Setting up time synchronization in a domain.............................................41 Setting up the first NTP server ............................................................................................ 41 Setting up the second NTP server....................................................................................... 42 Setting up NTP clients......................................................................................................... 42 Setting up control hardware to receive time from an NTP server ........................................ 43

6.5 Adjusting NTP on a workgroup system that was recently added to a domain .......................................................................................................................43

Adjusting NTP servers......................................................................................................... 44 Adjusting NTP clients .......................................................................................................... 44

7. CHANGING THE SECURITY SETTINGS OF AN EXPERION SERVER OR CONSOLE STATION...................................................... 45

7.1 About Experion and Windows security settings........................................45 7.2 Using the Experion Node Security wizard ..................................................45

8. SETTING UP A THIRD-PARTY OPC CLIENT OR SERVER ...... 49 8.1 Installing a remote third-party OPC client...................................................49 8.2 Installing a remote third-party OPC server .................................................50 8.3 Installing the OPC Server Connect package ..............................................51 8.4 Creating the Windows mngr account ..........................................................52 8.5 Creating the third-party OPC Windows account ........................................53 8.6 Configuring DCOM on the Experion OPC server .......................................54 8.7 Configuring DCOM on a third-party OPC server ........................................56 8.8 Controlling read/write access ......................................................................57


R300.1 Experion Supplementary Installation Tasks Guide ix 06/06 Honeywell

8.9 Configuring the CDA-SP service to use the OPC server account and password .................................................................................................................. 58 8.10 Enabling page locking .............................................................................. 60

9. INSTALLING REDIRECTION MANAGER ...................................61 9.1 About Redirection Manager ......................................................................... 61 9.2 Redirection Manager installation checklist for third-party OPC clients.. 62 9.3 Redirection Manager installation checklist for ACE nodes...................... 62 9.4 Redirection Manager installation checklist for Experion OPC client ...... 63 9.5 Installing Redirection Manager.................................................................... 64

10. RSLINX CONFIGURATION TASKS ............................................67 10.1 Registering Electronic Data Sheets for RSLinx ..................................... 67 10.2 Configuring RSLinx for ControlNet (using a PCIC)................................ 67 10.3 Configuring RSLinx for ControlNet (via Ethernet) ................................. 68 10.4 Moving the RSLinx activation file ............................................................ 69

11. INSTALLING AND CONFIGURING A PHD POINT SERVER .....73

12. INSTALLING A REMOTE ENGINEERING AND STATION SERVER 75

12.1 Mobile Access for Station checklist ........................................................ 75 12.2 Mobile Access for eServer Premium checklist....................................... 76 12.3 Installing/upgrading Microsoft Terminal Services................................. 78 12.4 Activating Terminal Services Licensing server...................................... 79 12.5 Installing the Client Access Licenses ..................................................... 81 12.6 Set Terminal Services to install mode..................................................... 83 12.7 Set Terminal Services to application mode ............................................ 84 12.8 Configuring a Remote Engineering and Station Server to access an existing Terminal Services Licensing server........................................................ 84


x Experion Supplementary Installation Tasks Guide R300.1 Honeywell 06/06

12.9 Limiting the number of connections to the Remote Engineering and Station Server ...........................................................................................................85 12.10 Creating Remote Engineering and Station Server users.......................86 12.11 Configuring Mobile Access for Station users.........................................87 12.12 Configuring Mobile Access for eServer Premium users .......................87

13. CONFIGURING THE WINDOWS FIREWALL ............................. 89 13.1 Configuring Stations for remote CAB debugging ..................................89 13.2 Configuring SIM-ACE nodes for remote CAB debugging......................90

14. SETTING UP MICROSOFT EXCEL REPORTS .......................... 93 14.1 Installing Microsoft Excel 2000 or XP ......................................................93 14.2 Installing the Microsoft Office service pack............................................94 14.3 Configuring Microsoft Excel .....................................................................95 14.4 Setting up Microsoft Excel Data Exchange.............................................95 14.5 Installing the Experion ODBC client ........................................................96 14.6 Configuring a printer .................................................................................97

15. SETTING UP A FILE SERVER.................................................... 99 15.1 Setting up a shared folder.........................................................................99 15.2 Assigning a drive letter on a client computer to a shared folder .......100

16. CHANGING COMPUTER NAME CHECKLISTS....................... 101 About computer names ..................................................................................................... 101 Checklists .......................................................................................................................... 101

16.1 Changing the computer name for client computers checklist ............102 16.2 Changing the computer name for Console Stations checklist ...........102 16.3 Changing Experion server names on Console Stations checklist .....103 16.4 Changing the computer name ................................................................104 16.5 Updating the Console Station computer name configuration.............105


R300.1 Experion Supplementary Installation Tasks Guide xi 06/06 Honeywell

16.6 Updating the hosts File........................................................................... 106 16.7 Running the name change application ................................................. 106

17. MANAGING THE ACTIVATION OF AN ENTERPRISE MODEL DATABASE.........................................................................................109

17.1 Activating an Enterprise Model database ............................................. 109 17.2 Deactivating an Enterprise Model database ......................................... 110

18. CHANGING LICENSE AND SERVER CONFIGURATION DETAILS 113

18.1 Changing the Experion license.............................................................. 113 18.2 Changing from a non-CAB Developer license to a license that includes CAB Developer ....................................................................................................... 114 18.3 Changing the displays search path, Event Archiving, History archive, and History restore folders ................................................................................... 116 18.4 Changing the fast history rate, report paper type, or report font....... 117 18.5 Configuring the database setup............................................................. 118

Adjusting History retention .................................................................................................118 Adjusting sizing of non-licensed items ...............................................................................120

19. COMMON EXPERION TASKS ..................................................123 19.1 Starting and stopping an Experion server............................................ 123 19.2 Starting and stopping an Experion Console Station ........................... 124 19.3 Stopping Experion services ................................................................... 126

Using the start/stop services utility .....................................................................................126 Displaying the Computer Management services console...................................................127 Stopping Experion server services.....................................................................................127 Stopping Experion Console Station services......................................................................128 Stopping System Management services ............................................................................128 Stopping the Sign-On Manager..........................................................................................129 Stopping other Experion services.......................................................................................129 Stopping RSLinx ................................................................................................................129 Stopping the XLNet daemon ..............................................................................................130 Stopping the HART multiplexer ..........................................................................................130


xii Experion Supplementary Installation Tasks Guide R300.1 Honeywell 06/06

20. PREPARING A CLIENT COMPUTER FOR AN ICON CONSOLE 131

20.1 Installing the Flat Panel Display Touchscreen driver ..........................133 20.2 Configuring the computer for multiple video displays ........................134

21. INSTALLING A TERMINAL SERVER....................................... 137 21.1 Configuring an EasyServer II ..................................................................137

Resetting the EasyServer II............................................................................................... 139 Connecting the Configuration Computer ........................................................................... 139 Specifying the IP Address ................................................................................................. 140 Setting up a Telnet Session .............................................................................................. 142 Specifying a Router/Gateway Address.............................................................................. 144 Configuring the Ethernet Interface..................................................................................... 144 Configuring TCP Port Numbers......................................................................................... 145 Specifying the Inactivity Timeout ....................................................................................... 146 Configuring the TCP keep alive timer................................................................................ 147 Configuring a Serial Port ................................................................................................... 148 Adding the IP Address to the Servers hosts File .............................................................. 150 Connecting Controllers...................................................................................................... 152 Changing the TCP/IP Address .......................................................................................... 153

21.2 Configuring a Cisco 2610 Router ...........................................................153 Preliminary Setup .............................................................................................................. 154 Configuring the Routers Ethernet Properties .................................................................... 155 Specifying the Routers Gateway Address ........................................................................ 157 Specifying the Routers IP Address ................................................................................... 157 Setting the routers TCP keep alive timer .......................................................................... 158 Configuring Serial Ports .................................................................................................... 158 Setting Up a Serial Port ..................................................................................................... 159 Setting a serial ports TCP keep alive timer....................................................................... 160 Configuring the Communications Characteristics.............................................................. 160 Setting a Serial Ports Inactivity Timer............................................................................... 163 Examples .......................................................................................................................... 163 Adding the IP Address to the Servers hosts File .............................................................. 164 Connecting Controllers...................................................................................................... 165 Advanced Cisco Router Commands ................................................................................. 166

21.3 Configuring a Systech.............................................................................167 Specify the IP Address ...................................................................................................... 168 Logging into the Terminal Server using Internet Explorer ................................................. 169 Changing the TCP/IP Address .......................................................................................... 170 Configuring the Router/Gateway Address ......................................................................... 170 Configuring the TCP keep alive timer................................................................................ 171 Configuring Serial Ports .................................................................................................... 172


R300.1 Experion Supplementary Installation Tasks Guide xiii 06/06 Honeywell

Adding the IP Address to the Servers Hosts File...............................................................174 Upgrading the Systech Terminal Server to Current Release..............................................175 Configuring the Terminal Server for use with Fast Failover................................................176 Connecting Controllers.......................................................................................................177

22. INSTALLING SPECIALIZED HARDWARE ON A COMPUTER 179 22.1 Installing a serial adapter ....................................................................... 179

Installing a Stallion EasyConnection ..................................................................................179 22.2 Installing a printer ................................................................................... 181 22.3 Installing a printer driver ........................................................................ 181

Installing a printer driver for a local printer .........................................................................182 Installing a printer driver for a local shared printer .............................................................183 Installing a printer driver for a shared network printer (with a suitable share name) ..........184 Setting up the print job spool folder....................................................................................186 Creating a guest account ...................................................................................................187

22.4 Installing a modem .................................................................................. 187 Setting up the modem ........................................................................................................189 Setting up a connection on Windows .................................................................................190

22.5 Connecting an integrated keyboard (IKB) to an OEP/IKB adapter..... 193 22.6 Connecting an integrated keyboard (IKB) to a USB port .................... 194

R300.1 Experion Supplementary Installation Tasks Guide 15 06/06 Honeywell

1. About this guide This guide describes how to complete additional tasks once you have completed an initial installation or upgrade of Experion.

Intended audience This guide is for people who are installing an Experion system.

Prerequisite skills You should have completed planning your Experion system, and know the Experion components that you have licensed and need to install and configure. You should also know how to complete system administration tasks in the Windows operating system.

How to use this guide The Getting Started with Experion Software Guide provides a roadmap for your Experion installation. That guide, or other guides in the installation documentation set such as the Software Installation Users Guide, will direct you to complete any necessary tasks in this guide.

Related documents For more information about installing Experion, see:

Getting Started with Experion Software Guide

Software Installation Users Guide

Migration Users Guide


2. Supplementary installation tasks checklists

For supplementary installation tasks for an Go to

Experion server 17

Experion eServer 18

Experion ACE or SIM-C200 node 19

Experion Console Station 20

Experion Console Extension Station or Flex Station 20

2.1 Completing an Experion server installation Use this task list to complete the installation of redundant and non-redundant Experion servers. Complete these tasks on each server node.

Task Go to

If you selected ControlNet (using a PCIC) or ControlNet (using Ethernet) or RSLinx in a Network Selection screen during the Experion installation:

Register Electronic Data Sheets

Configure PCIC networks (if applicable)

Configure Ethernet networks (if applicable)

Move the RSLinx activation file (OEM users)

67

67

68

69

If you use Event Archiving, configure Event Archiving.

For more information about configuring Event Archiving, see the following topic in Knowledge Builder: Experion R300 > Configuration > Server and Client Configuration Guide > Configuring Event Archiving > In Event Archiving system configuration.

Knowledge Builder

2. Supplementary installation tasks checklists 2.2. Completing an eServer installation

18 Experion Supplementary Installation Tasks Guide R300.1 Honeywell 06/06

Task Go to

If you use email for alarm paging, configure alarm paging for email.

For more information about configuring alarm paging for email, see the following topic in Knowledge Builder: Experion R300 > Configuration > Server and Client Configuration Guide > Configuring alarm paging > Configuring alarm paging for email.

Knowledge Builder

Set up time synchronization.

Several critical functions depend on proper time synchronization. Without time synchronization, functions like DSA and controller communications may not work correctly.

33

Install Microsoft Excel and set up Microsoft Excel reports. 93

Install terminal server(s). 137

Install any specialized hardware, such as serial adapter, printer, or modem.

179

If you are using Windows Domains, add the node to a Windows Domain. If needed, add domain accounts to local groups on the node.

29

STOP

You have completed this task.

2.2 Completing an eServer installation Use this task list to complete the installation of an eServer.

Task Go to



33

2. Supplementary installation tasks checklists 2.3. Completing an ACE or SIM-C200 node installation


Task Go to


29

STOP


2.3 Completing an ACE or SIM-C200 node installation Use this task list to complete the installation of an ACE or SIM-C200 node.

Task Go to

If you selected ControlNet (using PCIC) in a Network Selection screen during the ACE or SIM-C200 installation, do the following:

Register Electronic Data Sheets

Configure PCIC networks (if applicable)

67

67

If an ACE node hosts an OPC Gateway, do the following:

If the ACE node is communicating with redundant OPC servers, install Redirection Manager.

Create the Windows mngr user account on the OPC server.

Configure the CDA-SP service to use the same account and password of the OPC server.

If the CDA-SP service and OPC server are on different network domains, the two domains must be configured as mutually trusted domains.

61

52

58

31

If you need to remotely debug CAB applications on this ACE node from other nodes, configure the Windows Firewall on this ACE node.

90



33

2. Supplementary installation tasks checklists 2.4. Completing a Console Station installation


Task Go to


29

STOP


2.4 Completing a Console Station installation Use this task list to complete the installation of a Console Station.

Task Go to

If you need to remotely debug CAB applications on a SIM-ACE node from this node, configure the Windows Firewall.

89



33



29

STOP


2.5 Completing a Console Extension Station or Flex Station installation

Use this task list to complete the installation of a Console Extension Station or Flex Station.

Task Go to

2. Supplementary installation tasks checklists 2.5. Completing a Console Extension Station or Flex Station installation


Task Go to

If you need to remotely debug CAB applications on a SIM-ACE node from this node, configure the Windows Firewall.

89



33



29

STOP



3. Changing the server computer name on factory-installed servers

You use the server name change application when you want to rename server computers that you have purchased from Honeywell. This application makes the required changes within the Experion components when you rename your computer without having to reinstall Experion software.

You should rename your server before you commence configuring your system.

ATTENTION

The name change tool is to be used only for new computers delivered from the factory with Experion software installed where the node name is incorrect for the customer. If you have other computers you want to rename, see the section, Changing computer name checklist, on page 101.

3.1 Changing the computer name for new Experion servers checklist

To change the name of your Experion server computer, complete the tasks in the following order.

Task Go to Done?

Change the server computer name 23

Run the server name change application 24

Run the password change application 24

3.2 Changing the server computer name This section describes how to change a server computer name.

Considerations

You understand the server computer name restrictions as described in the Software Installation Users Guide.

To change the computer name

3. Changing the server computer name on factory-installed servers 3.3. Running the server name change application


Step Action

1 Log on to the computer using a Windows account with local administrator rights.

2 Choose Start > Settings > Control Panel and then double-click System.

3 Click the Computer Name tab.

4 Click Change.

5 In the Computer Name box, type the new computer name and then click OK.

6 Click OK in the message dialog box displayed.

7 Click OK in the System Properties dialog box.

8 Click Yes to restart the computer.

After the computer restarts, an unable to locate dll event message may be displayed. This message can be ignored. Click OK to continue.

3.3 Running the server name change application

To run the server name change application

Step Action

1 In Windows Explorer, locate the Program Files\Honeywell\Experion PKS\Utilities\ServerNameChg folder and double-click the ServerNamechg.exe file.

2 Click Continue.

3 When the Server name change tool completed normally message appears, the name change is complete.

3.4 Running the password change application

To run the password change application

Step Action

1 In Windows Explorer, locate the Program Files\Honeywell\Experion PKS\Utilities\PWDUtil folder and double-click the PWDUtil.exe file.

3. Changing the server computer name on factory-installed servers 3.4. Running the password change application


Step Action

2 In the Change Password Utility dialog box, select mngr.

3 In the Enter password information for account mngr box, type your site-specific mngr password.

4 Confirm the password and click OK.

5 When the Change Password Utility dialog box appears, click Done.

6 Click OK.

7 Restart the server computer.

STOP You have completed this task.


4. Installing HMIWeb Display Builder This section describes how to install the HMIWeb Display Builder software on a computer, without the need for installing all Station or server software.

To install HMIWeb Display Builder

Step Action

1 Insert the Experion R300 media into the appropriate drive.

2 In Windows Explorer, browse to the server-client folder on the Experion R300 media drive, and then double-click the setup.exe file.

3 On the Experion Server Setup screen, click Next.

4 On the Setup Type screen, select Experion PKS Server Client setup, and then click Next.

5 On the Experion Client Software screen, select Custom, and then click Next.

6 On the Experion Client Software Client Options screen, select HMIWeb Station and Display Builder, and then click Next.

7 On the Experion Client Software Folder screen, click Next.

8 On the Ready to Install the Program screen, click Install.

The HMIWeb Station and Display Builder is installed.

9 On the InstallShield Wizard Complete screen, click Finish.

10 On the Experion Client Software Installer Information message, click Yes to restart the computer.

The computer restarts.

STOP You have completed this task. Return to the checklist that led to this task.


5. Integrating computers into a Windows Domain This section describes the tasks for integrating computers into an existing Windows Domain.

This section does not describe how to create a Windows Domain. For security-related guidelines about Windows Domains and Experion, see the Experion Network and Security Planning Guide.

5.1 Adding a platform node to a Windows Domain If you require your computer to be assigned to a Windows Domain complete the instructions in this section.

Prerequisites

You have a Windows Domain controller installed and operating correctly.

To add a platform node to a Windows Domain

Step Action

1 Choose Start > Control Panel. Click the Performance and Monitoring icon and then click the System icon to display the System Properties dialog box.

If you view the Control Panel in classic view, choose Start > Control Panel and then click the System icon.

2 Click the Computer Name tab.

3 Click Change to display the Computer Name Changes dialog box.

4 Click Domain and then type the domain name, as specified in the site specification form.

5 If prompted, type the user name and password of the domain administrator, and then click OK.

The computer registers with the domain. This may take several seconds.

6 Click OK to acknowledge the welcome message.

7 Restart the computer.

8 Log on to the computer using a Windows account with local administrator rights.

5. Integrating computers into a Windows Domain 5.2. Adding a Windows Domain account to local groups on this computer



5.2 Adding a Windows Domain account to local groups on this computer

If you require a Windows Domain account to have local administrator rights, or to have permissions to import and export Control Builder repositories on this computer, complete the instructions in this section.

Prerequisites

You have a Windows Domain controller installed and operating correctly.

Considerations

For the remaining installation instructions, if you are instructed to log on to the computer using a Windows account with local administrator rights, you can log on to the computer using a domain account that has been added the local Administrators group on this computer.

If a Windows Domain account is required to import or export Control Builder repositories, that Windows Domain account must be added to the local Engineering Repository Administrator group.

To add a Windows Domain account to a local group

Step Action

1 Choose Start, right-click on the My Computer icon, and choose Manage.

2 Expand the Local Users and Groups item

3 Click Groups.

4 Double-click on the name of the local group to add the domain account. For example, double-click Administrators.

5 Click Add to display the Select Users or Groups dialog box.

6 Click Locations to display the Locations dialog box.

7 Click the domain name containing the domain account and then click OK.

5. Integrating computers into a Windows Domain 5.3. Creating mutually trusting domains


Step Action

8 In the Enter the object names to select box, type the name of domain account.

9 Click OK.

10 Click OK to close the group properties dialog box.


5.3 Creating mutually trusting domains Configuring mutually trusting domains is required only if the CDA-SP service (ACE) is on a different domain to an OPC server.

Mutually trusting domains are created by configuring the primary domain controllers on two connected domains to trust the partner domain. Windows 2000 / 2003 use different primary domain controllers.

To set up mutually trusting domains, each domain must trust the other domain and each domain must know what other domains trust it. The process for defining these relationships is to create a trusted domain and to create a trusting domain. A trusted domain is a domain that is trusted by the domain that is being configured. A trusting domain is a domain that trusts the domain that is being configured.

Configure both domain controllers using the appropriate procedure.

To create trusts on Windows 2000 / 2003 primary domain controllers

Step Action

1 Choose Start > Run.

2 Type mmc in the Open box and then click OK.

3 Choose Console > Add/Remove Snap-In.

4 Click Add.

5 Click Active Directory Domains and Trust and then click Add.

6 Click Close.

5. Integrating computers into a Windows Domain 5.3. Creating mutually trusting domains


Step Action

7 Click OK to close the Add/Remove Snap-In dialog box.

8 Expand the Active Directory Domains and Trust item.

9 Right-click the local domain name and click Properties.

10 In the Trusting Domain and the Trusted Domain boxes, enter the domain names.

11 Enter the same password in each password box.

12 Close the Console dialog box.



6. Setting up time synchronization This section describes setting up time synchronization for:

Workgroups without an external time source

Workgroups with an external time source

Domains

Before setting up time synchronization, you should read the section Time synchronization in the Server and Client Planning Guide.

6.1 About NTPSetup NTPSetup is a custom Honeywell application for configuring time synchronization in Experion Systems. It is used to configure NTP so it can be used as a Time Solution for use with Experion R300 on Microsofts Windows Operating Systems.

It supports the following Operating Systems:

Microsoft Windows 2003 Server, with Service Pack 1.

Microsoft Windows XP Professional, with Service Pack 2.

ATTENTION

The application will fail if you are not on one of these operating systems and at the appropriate service pack level.

The default installation location of NTPSetup is C:\Program Files\Honeywell\Experion PKS\utilities\NTPSetup\NTPSetup.exe.

General guidelines Following are a general set of rules you should follow for using NTPSetup:

Verify that there are no networking issues. For example, network browsing and other functions do not experience any delays.

Clients or NTP servers must have their time zone settings set before using the NTPSetup application and creating the time hierarchy.

If you are working in a domain topology, make sure that your nodes have been added to the domain before running NTPSetup.

6. Setting up time synchronization 6.2. Setting up time synchronization in a workgroup without an external time source


You should always start implementing a topology by first setting up the NTP servers.

You should be aware that NTPSetup hides functionality that is not common or functionality that can create problems in proper NTP solutions. It is not recommended that you attempt to override or apply your own NTP solution.

Setting up time hierarchies without external sources or with unreliable external sources results in clients validating and invalidating the time source. In this situation, the local CMOS time is used. This can occur in both workgroup and domain topology.

If your time hierarchy was originally in a workgroup topology and you have changed to a domain topology, you must set up your time hierarchy using the procedure in the section called Adjusting NTP on a workgroup that was recently added to a domain on page.

If you reinstall the operating system on any of your nodes, you must run NTPSetup again.

NTP servers provided by networking devices, for example, routers and switches, cannot be used to provide time to the Windows operating system. (These types of NTP servers only send out packet types marked as Symmetric Passive.) Integrated external NTP server devices must be able to provide time to the Windows operating system using NTP packet types marked as Server or Symmetric Active.

6.2 Setting up time synchronization in a workgroup without an external time source

Tasks

Complete the tasks in the following order.

Task Go to Done?

Set up the authoritative root server 35

Set up the secondary server 35

Set up NTP clients 36

Set up control hardware to receive time from the NTP server

37



STOP


Setting up the authoritative root server

This topic describes setting up your primary Experion server as the authoritative root server in your time hierarchy.

To set up an authoritative root sever

Step Action

1 In Windows Explorer, browse to the folder C:\Program Files\Honeywell\Experion PKS\Utilities\NTPSetup and double-click the NTPSetup.exe file.

2 Click Setup Authoritative Root Server.

Several screens appear while the configuration is applied. No input is required.

3 Click Exit. Setting up the secondary NTP server

This topic describes setting up your secondary Experion server as your secondary NTP server in your time hierarchy.

Prerequisites

You need to know the IP address or computer name of the authoritative root server. If you use a computer name, it must resolve to an IP address using Host, DNS, or other resolution service.

To set up your secondary NTP server

Step Action

1 In Windows Explorer, browse to the folder C:\Program Files\Honeywell\Experion PKS\Utilities\NTPSetup and double-click the NTPSet.exe file.

2 Click Setup Secondary Server.

The NTP Server Information dialog box opens.



Step Action

3 In the Up-Stream Time Source box, type the IP address or computer name of the authoritative root server.

4 Click OK.

5 Click Exit. Setting up NTP clients

This topic describes how to set up NTP clients on such as Console Stations and Flex Stations.

Prerequisites

You need to know the IP address or computer name of the authoritative root server and the secondary server. If you use a computer name, it must resolve to an IP address using Host, DNS, or other resolution service.

If you are setting up clients on Windows XP Professional, you must use the computer name of the authoritative root server and the secondary server. The computer name must resolve to an IP address.

To set up NTP clients

Step Action


2 Click Change/Configure Client.


3 In the First NTP Server box, type the IP address or computer name of the authoritative root server.

If this client is using Windows XP, type the computer name of the authoritative root server.

4 In the Second NTP server box, type the IP address or computer name of the secondary server.

If this client is using Windows XP, type the computer name of the secondary server.

6. Setting up time synchronization 6.3. Setting up time synchronization in a workgroup with an external time source


Step Action

5 Click OK.

6 Click Exit. Setting up control hardware to receive time from an NTP server

This topic describes setting up C300 controllers to receive time from your NTP servers (Experion servers).

Prerequisites


To set up control hardware

Step Action

1 In Control Builder, choose Tools > System Preferences.

The System Preferences dialog box opens.

2 Click the Embedded FTE tab.

3 In the Primary Server box, type the IP address or computer name of the authoritative root server.

4 In the Secondary Server box, type the IP address or computer name of the secondary server.

5 Select the Edit network parameters check box.

6 Click OK.

6.3 Setting up time synchronization in a workgroup with an external time source

Tasks Complete the tasks in the following order.



Task Go to Done?

Set up the first NTP server 38

Set up the secondary NTP server 39


Set up control hardware to receive time from the NTP server 40


Setting up the first NTP server

This topic describes setting up your primary Experion server as an NTP server that receives time from an external source.

Prerequisites

You need to know the IP address or computer name of the external time source. If you use a computer name, it must resolve to an IP address using Host, DNS, or other resolution service.

To set up the first NTP server

Step Action


The NTP Configuration dialog box opens.



3 In the Upstream Time Source box type the IP address or computer name of the external time source.

4 Select the Check here to connect to the NTP server as a client check box.

5 Click OK.

6 Click Finish/Exit.



Setting up the second NTP server This topic describes setting up your secondary Experion server as an NTP server that receives time from the primary Experion server.

Prerequisites

You need to know the IP address or computer name of the first NTP server. If you use a computer name, it must resolve to an IP address using Host, DNS, or other resolution service.

To set up the second NTP server

Step Action





3 In the Upstream Time Source box type the IP address or computer name of the first NTP server.

4 Select the Check here to connect to the NTP server as a client check box.

5 Click OK.


This topic describes how to set up NTP clients on such as Console Stations and Flex Stations. These clients receive time from the Experion servers that have been set up as NTP servers.

Prerequisites

You need to know the IP address or computer name of the first NTP server and the second NTP server. If you use a computer name, it must resolve to an IP address using Host, DNS, or other resolution service.




Step Action




3 In the First NTP Server box, type the IP address or computer name of the first NTP server.

4 In the Second NTP server box, type the IP address or computer name of the secondary server.

5 Click OK.


This topic describes setting up a C300 controller to receive time from the Experion servers.

Prerequisites

You need to know the IP address or computer name of the first NTP server and the second NTP server. If you use a computer name, it must resolve to an IP address using Host, DNS, or other resolution service.


Step Action






6. Setting up time synchronization 6.4. Setting up time synchronization in a domain


Step Action


6 Click OK.

6.4 Setting up time synchronization in a domain In the time hierarchy in a domain topology, the domain controller serves time to the Experion servers, which you set up as NTP servers. The NTP servers serve time to the control hardware. Flex Stations and Console Stations are set up as NTP clients, however, they receive time from the domain controller rather than the Experion Servers.

Prerequisites You have added your Experion nodes to the domain.

Tasks


Task Go to Done?

Set up the first NTP server 41

Set up the secondary NTP server 42


Set up control hardware to receive time from the NTP server 43


Setting up the first NTP server

The first NTP server is your primary Experion server. It receives time from the domain controller.

To set up the NTP server

Step Action

6. Setting up time synchronization 6.4. Setting up time synchronization in a domain


Step Action





3 Click Exit. Setting up the second NTP server

The second NTP server is your secondary Experion server. It receives time from the domain controller.

To set up the second NTP server

Step Action






This topic describes how to set up NTP clients such as Console Stations and Flex Stations.


Step Action


6. Setting up time synchronization 6.5. Adjusting NTP on a workgroup system that was recently added to a domain


Step Action




Prerequisites



Step Action







6 Click OK.

6.5 Adjusting NTP on a workgroup system that was recently added to a domain

Adding a system to a domain changes the way time synchronization is used. Even if you have existing NTP settings, you need to run the NTPSetup application to reset the time synchronization to operate correctly in a domain environment.

6. Setting up time synchronization 6.5. Adjusting NTP on a workgroup system that was recently added to a domain


Adjusting NTP servers This topic describes how to set up an NTP server that was previously in a workgroup that has now been added to a domain.

To adjust an NTP server

Step Action



After several dialog boxes appear, the NTP client configuration methods should be NT5DS.


4 Click Exit. Adjusting NTP clients

This topic describes how to set up an NTP client that was previously in a workgroup that has now been added to a domain.

To adjust an NTP client

Step Action



After several dialog boxes appear, the NTP client configuration methods should be NT5DS.

3 Click Exit.


7. Changing the security settings of an Experion server or Console Station

This section describes:

Experion and Windows security settings

The circumstances in which you might want to tighten the default security settings of an Experion server or Console Station, and how you go about it.

7.1 About Experion and Windows security settings Windows XP SP2 and Windows Server 2003 SP1 provide new security measures which include enhanced RPC, DCOM, and Windows Firewall settings.

While these security enhancements are supported by Experion R300, some of the settings need to be modified if your system includes any one of the following:

Pre-R300 Experion DSA servers

Windows 2000 DSA nodes (for example, an EAS node)

OPC connections (for example, HSC OPC Server, OPC Integrator, or other third party OPC connections).

To ensure that your Experion system operates correctly if you have any of the above nodes in your system, the Experion R300 installation process modifies the default Windows security settings. This modification at installation time sets the initial security of your Experion nodes to unrestricted mode.

You can use the Experion Node Security wizard to check the current security settings of a given node, and if appropriate, change them from unrestricted to restricted mode (see 45) to tighten the modified security settings.

7.2 Using the Experion Node Security wizard

Prerequisites

You must be logged on to the computer using a Windows account with local administrator rights.

You should only use the Experion Node Security wizard to tighten the default Experion security settings of a given node if all of the following conditions apply:

There are no pre-R300 Experion DSA servers connected to that node.

7. Changing the security settings of an Experion server or Console Station 7.2. Using the Experion Node Security wizard


There are no Windows 2000 DSA nodes connected to that node.

There are no OPC connections on that node.

Considerations

Always apply the security settings on the Experion cluster server first before applying them to a Console Station connected to that server.

If you have redundant servers:

1. Apply the security settings to the primary server first.

2. Failover to the other server and apply the same security settings.

3. Failover back to the first server.

4. Start Console Station and apply the new security settings.

If you change the security settings on an Experion node, you will need to reboot that node and apply the same security setting to all the nodes that are connected within the same system.

Note that the Change Settings button in the Experion Security window will be disabled (grayed out) if the Console Station is:

Not connected to the Experion server, in which case you need to troubleshoot the Console Stations connection. See the Server and Client Troubleshooting Guide for guidance.

Not supported (for example, if the Console Station is connected to a pre-R300 Experion server). If this is case you cannot change the security settings.

To change the security settings of an Experion server:

Step Action

1 Log on as the local administrator and go to the Experion server run folder, that is,

cd C:\Program Files\Honeywell\Experion PKS\server\run

2 Double-click the ExperionNodeSecurityWizard.exe icon.



Step Action

3 The Experion Node Security wizard starts up with a window that displays the security settings of the cluster server and the Console Stations within that cluster.

Click Change settings.

4 Check that it is appropriate to apply the restricted security mode by confirming that there are no pre-R300 DSA servers, Windows 2000 DSA servers, or OPC connections on this node, and click Next.

5 The next window describes the consequences of applying the restricted security mode.

Click Next to apply the change.

6 A message is displayed prompting you to confirm the new settings.

7 Click OK.

8 When the hscconfig utility has finished in the Command window, reboot the computer.

9 Apply the same security setting to all the nodes that are connected in that system.

To change the security settings of a Console Station:

Step Action

1 Log on as the local administrator and go to the Experion server run folder, that is,

cd C:\Program Files\Honeywell\Experion PKS\server\run

2 Double-click the ExperionNodeSecurityWizard.exe icon.

3 The Experion Node Security wizard starts up with a window that displays the security settings of the cluster server and the Console Stations within that cluster.

Click Change settings.

4 A message window is displayed advising whether the security settings can be changed or not, and describing the consequences of the recommended security settings.

5 Click Next.



Step Action

6 A message is displayed prompting you to confirm the new settings.

7 Click OK.

8 When the hscconfig utility has finished in the Command window, reboot the computer.

9 Apply the same security setting to all the nodes that are connected in that system.


8. Setting up a third-party OPC client or server This section describes how to set up a third-party OPC client or third-party OPC server on a remote computer to communicate with an Experion server.

ATTENTION

If you are installing the third-party OPC software on an Experion server, follow the instructions supplied by the manufacturer; there are no additional configuration steps required. Additional configuration is only required when you are installing third-party OPC software on a remote computer.

If you are installing third-party OPC software on a remote computer, follow the appropriate instructions for your installation.

To install a third-party Go to

OPC client 49

OPC server 50

8.1 Installing a remote third-party OPC client This section describes the steps to install a third-party OPC client on a remote computer.

Prerequisites

The relevant installation media, license, and documentation for the third-party OPC software.

Experion R300 media.


Considerations

For more information about OPC, see the Configuring OPC section in the Server and Client Configuration Guide in Knowledge Builder.

Tasks


8. Setting up a third-party OPC client or server 8.2. Installing a remote third-party OPC server


Task Go to Done?

Install the third-party OPC client software on the remote computer using the instructions supplied by the manufacturer.

Install the Experion OPC Server Connect package on the remote computer.

51

Create the Windows mngr account on the computer where you installed the third-party OPC client.

52

If the Windows account that the third-party OPC client runs under is unknown to the Experion server, create that Windows account on the server.

The Windows account will be unknown to the Experion server in any of the following situations

The Windows account is a workgroup account.

If the computers are on the same domain but the Windows account that the third-party OPC client runs under is local to the remote computer, rather than a domain account.

If the computers are on different domains.

53

Configure the Experion OPC servers DCOM settings to grant access to the Windows account that the third-party OPC client runs under.

54

Specify the third-party OPC clients read/write access. 57

If the third-party OPC client connects with redundant Experion servers, install Redirection Manager.

61

8.2 Installing a remote third-party OPC server This section describes the steps to install a third-party OPC server on a remote computer.

Prerequisites

The relevant installation media, license, and documentation for the third-party OPC software.


8. Setting up a third-party OPC client or server 8.3. Installing the OPC Server Connect package


Considerations

For more information about OPC, see the Configuring OPC section in the Server and Client Configuration Guide in Knowledge Builder.

Tasks Complete the tasks in the following order.

Task Go to Done?

Install the third-party OPC server software on the remote computer using the instructions supplied by the manufacturer.

Create a Windows mngr account on the computer where you installed the third-party OPC server.

52

If the Windows account that the third-party OPC server runs under is unknown to the Experion server, create that Windows account on the server.

The Windows account will be unknown to the Experion server in any of the following situations

The account is a workgroup account.

If the computers are on the same domain, however, the Windows account that the third-party OPC server runs under is local to the remote computer, rather than a domain account.

If the computers are on different domains.

53

Configure the third-party OPC servers DCOM settings to grant access to the Windows mngr account.

56

8.3 Installing the OPC Server Connect package This section describes how to install the OPC Server Connect package on a remote computer.

To install the OPC Server Connect package

Step Action

1 Insert the Experion R300 media into the appropriate drive.

8. Setting up a third-party OPC client or server 8.4. Creating the Windows mngr account


Step Action

2 In Windows Explorer, browse to the server-client folder on the Experion R300 media drive, and then double-click the setup.exe file.

3 On the Experion PKS Server Setup screen, click Next.

4 On the Setup Type screen, select Experion PKS Server Client setup, and then click Next.

5 On the Experion PKS Client Software screen, select Custom, and then click Next.

6 On the Experion PKS Client Software Client Options screen, select OPC Server Connect, and then click Next.

7 On the Experion PKS Client Software Folder screen, click Next.

8 On the Ready to Install the Program screen, click Install.

The OPC Server Package is installed.

9 On the InstallShield Wizard Complete screen, click Finish.

10 On the Experion Client Software Installer Information message, click Yes to restart the computer.

The computer restarts.


8.4 Creating the Windows mngr account This section describes how to create the Windows mngr account.

To create the Windows mngr account

Step Action

1 On the Windows desktop, right-click on the My Computer icon and choose Manage.

2 Expand the System Tools item and then expand the Local Users and Groups item.

3 Click Users.

8. Setting up a third-party OPC client or server 8.5. Creating the third-party OPC Windows account


Step Action

4 Choose Action > New User to open the New User dialog box.

5 In the User Name box, type mngr.

6 In the Full Name box, type Experion Server Manager.

7 In the Password and Confirm Password boxes, type the password for this user, as specified in the site specification form.

The Windows mngr account password must be the same on all computers.

8 Clear the User must change password at next logon check box and then select the Password never expires check box.

9 Click Create to add the account.

10 Close the Computer Management dialog box.


8.5 Creating the third-party OPC Windows account This section describes how to create the Windows account that the third-party OPC software runs under on another computer.

Prerequisites

The name and password of the Windows account that the third-party OPC software runs under, as specified on the site specification form.

To create the third-party OPC Windows account

Step Action

1 On the Windows desktop, right-click on the My Computer icon and choose Manage.

2 Expand the System Tools item and then expand the Local Users and Groups item.

3 Click Users.

4 Choose Action > New User to open the New User dialog box.

8. Setting up a third-party OPC client or server 8.6. Configuring DCOM on the Experion OPC server


Step Action

5 In the User Name box, type the Windows account that the third-party OPC software runs under.

6 In the Full Name box, type a meaningful name for this account.

7 In the Password and Confirm Password boxes, type the password for this account.

The Windows account password must be the same on all computers.

8 Clear the User must change password at next logon check box and then select the Password never expires check box.

9 Click Create to add the account.

10 In the Local Users and Groups item, click Groups.

11 Double-click the Honeywell Administrators group to the display the Honeywell Administrators Properties dialog box.

12 Click Add to display the Select Users or Groups dialog box.

13 Click the name of the Windows account you have created and then click Add.

14 Click OK.

15 Click OK to close the Honeywell Administrators Properties dialog box.

16 Close the Computer Management dialog box.


8.6 Configuring DCOM on the Experion OPC server This section describes how to configure the DCOM settings on the Experion OPC server to grant access to the Windows account that the third-party OPC client runs under.

To configure DCOM on an Experion server

Step Action

1 Choose Start > Run to display the Run dialog box.

8. Setting up a third-party OPC client or server 8.6. Configuring DCOM on the Experion OPC server


Step Action

2 Type dcomcnfg and click OK to display the Distributed COM Configuration Properties dialog box.

3 In the Applications list, click Experion OPC Server and then click Properties.

4 Click the Security tab.

5 Click Customize in the Access Permissions group, and then click Edit.

6 Click Add to display the Select Users, Computers or Groups dialog box.

7 If the Experion server and the third-party OPC client computer are on different Windows domains, click Location and select the name of the Experion server from the correct domain.

8 In the Enter the object names to select box, type the name of the Windows account that the third-party OPC client is running under.

9 Click Check name.

10 Click OK.

11 In the Permissions for [account name] box, allow Local Access and Remote Access for the account that was added.

12 Click OK to close the Access Permission dialog box.

13 In the Properties window for the Experion OPC Server, click Customize in the Launch and Activation Permissions group, and then click Edit.

14 Repeat steps 6 to 11 to add the Windows account that the third-party OPC client is running under.

15 In the Permissions for [account name] box, allow Local Launch, Remote Launch, Local Activation and Remote Activation for the account that was added, and then click OK to close the Launch Permission dialog box.

16 Close the Distributed COM Configuration Properties dialog box.


8. Setting up a third-party OPC client or server 8.7. Configuring DCOM on a third-party OPC server


8.7 Configuring DCOM on a third-party OPC server This section describes how to configure the DCOM settings on a third-party OPC server to grant access to the Windows mngr account.

To configure DCOM on a third-party OPC server

Step Action

1 Choose Start > Run to display the Run dialog box.

2 Type dcomcnfg and click OK to display the Distributed COM Configuration Properties dialog box.

3 In the Applications list, click the name of the third-party OPC server and then click Properties.


5 Click Customize in the Access Permissions group, and then click Edit.

6 Click Add to display the Select Users, Computers or Groups dialog box.

7 If the Experion server and the third-party OPC client computer are on different Windows domains, click Location and select the name of the Experion server from the correct domain.

8 In the Enter the object names to select box, click mngr.

9 Click Check name.

10 Click OK.

11 In the Permissions for [account name] box, allow Local Access and Remote Access for the account that was added.

12 Click OK to close the Access Permission dialog box.

13 In the Properties window for the Experion OPC Server, click Customize in the Launch and Activation Permissions group, and then click Edit.

14 Repeat steps 6 to 11 to add the Windows account that the third-party OPC client is running under.

15 In the Permissions for [account name] box, allow Local Launch, Remote Launch, Local Activation and Remote Activation for the account that was added, and then click OK to close the Launch Permission dialog box.

8. Setting up a third-party OPC client or server 8.8. Controlling read/write access



8.8 Controlling read/write access By default, any OPC client connected to the Experion OPC data access server has full read and write access to the Experion point database. Any client connected to the Experion OPC historical data access server has read access to the Experion point database. It is possible to deny OPC clients read/write access to the Experion point database based on the Windows account that the third-party OPC client runs under.

To deny read/write access for a Windows account

Step Action

1 On the Experion server, use Windows Explorer to locate the XPKSOPCRead, XPKSOPCWrite, and XPKSOPCHDARead files in the \Hwiac\Security folder.

2 For each file

a) Right-click it and choose Properties to display the Properties dialog box.

b) Click the Security tab.

c) Click Add to display the Select Users of Groups dialog box.

d) Click the Windows account name that you want to deny access and then click Add.

e) Click OK.

f) In the Permissions list, select all check boxes displayed in the Deny column.

g) Click OK.

It is not possible to deny read access to a Windows account while giving write access to the same Windows account. If a Windows account is denied read access, any third-party OPC clients that run under that Windows account are denied access to the Experion point database. It is possible, however, to only deny write access to a Windows account.

8. Setting up a third-party OPC client or server 8.9. Configuring the CDA-SP service to use the OPC server account and password


ATTENTION

For upgraded Experion servers, there may be existing files in the \Hwiac\Security folder controlling read/write access. On these servers, the file names are specified by the OPCRead and OPCWrite registry values located in the HKEY_LOCAL_MACHINES\Software\Honeywell\MyTPSDomain\ HciComponents\Experion PKS OPC Server hostname\MethodSecurity key, where hostname is the name of the Experion server.


8.9 Configuring the CDA-SP service to use the OPC server account and password

This section describes how to configure the CDA-SP service on ACE nodes.

To configure the CDA-SP service on the ACE server

Step Action

1 Choose Start > Settings > Control Panel, and double-click the Administrative Tools icon, and then double-click the Services icon.

2 Right-click the Experion CDA-SP service item and choose Properties.

3 Click the Log On tab.

4 Click This account and type mngr as the account.

.\ may be prefixed to mngr.

5 In the Password and Confirm password boxes, type the mngr password, and then click OK.

6 Click OK.

7 Close the Services dialog box.

To configure an OPC server

If an OPC Server is serving data to the ACE node, complete the following steps on the OPC Server.

8. Setting up a third-party OPC client or server 8.9. Configuring the CDA-SP service to use the OPC server account and password


ATTENTION

Dont perform this task on an ACE node.

Step Action

1 Choose Start > Run.

2 Type dcomcnfg in the Open box and then click OK.

3 Navigate to Console Root > Component Services > Computers > My Computer > DCOM Config. In the Applications list, click the OPC server that matches the ACE client use and click Properties.

For most Experion PKS systems, the OPC server is HCI_TPNServer exe Server.

4 Click the Identity tab.

5 Click This user.

6 In the User box, type \mngr, where is the name of this computer.

If required, click Browse to locate the name of this computer.

7 In the Password and Confirm Password boxes, type the Windows mngr account password.


9 Click Use custom access, then click Use custom launch permission, and then click User custom configuration permissions.

10 Click each Edit button and complete the following instructions:

a) Click Add.

b) In the List Names From list, click the computer name.

c) Click Show Users.

d) Click mngr (Experion Server Manager).

e) In the Type of Access list, click Allow Access.

f) Click Add.

g) Click OK to close the Add Users and Groups dialog box.

8. Setting up a third-party OPC client or server 8.10. Enabling page locking


Step Action

11 Click OK to close the Registry Value Permissions dialog box.


8.10 Enabling page locking

To enable page locking on ACE

Step Action

1 Choose Start > Programs > Administrative Tools > Local Security Policy.

2 Expand the Local Policies item and click User Rights Assignment.

3 Double-click Lock pages in memory to display the Local Security Policy Setting dialog box.

4 Click Add.

5 Click mngr and then click Add.

6 Click OK.

7 Click OK to close the Local Security Policy Setting dialog box.

The changes will take effect when the computer is restarted.

8 Close the Local Security Settings dialog box.



9. Installing Redirection Manager You need to install Redirection Manager to enable OPC clients to communicate with redundant OPC servers.

This section describes the high-level tasks you must complete to install and configure the Redirection Manager. Most of the tasks listed below are described in the following guides

Redirection Manager Users Guide

Server and Client Configuration Guide

9.1 About Redirection Manager Redirection Manager (RDM) provides transparent connection between OPC clients and redundant OPC servers. Topologies where RDM is used are:

Third-party OPC client communicating with redundant Experion OPC servers

ACE nodes communicating with redundant Experion servers

Experion OPC clients communicating with redundant third-party OPC servers

OPC Client/ACE node

Primary OPC Server

Backup OPC Server

Redirec

Documents

EPDCX504