Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
HONEYWELL TRACETM
R 140.1
___________________________________
Prerequisites Guide
___________________________________
HTDOC-X574-en-140.1A
July 2020
2
DISCLAIMER
This document contains Honeywell proprietary information. Information contained herein
is to be used solely for the purpose submitted, and no part of this document or its contents
shall be reproduced, published, or disclosed to a third party without the express
permission of Honeywell International Sàrl.
While this information is presented in good faith and believed to be accurate, Honeywell
disclaims the implied warranties of merchantability and fitness for a purpose and makes
no express warranties except as may be stated in its written agreement with and for its
customer.
In no event is Honeywell liable to anyone for any direct, special, or consequential damages.
The information and specifications in this document are subject to change without notice.
Copyright 2020- Honeywell International Sàrl
HTDOC-X574-en-140.1A 3
Table of contents 1 ABOUT THIS DOCUMENT .............................................................................................................................. 5
1.1 Scope ............................................................................................................................................................................ 5
1.2 Revision history ....................................................................................................................................................... 5
1.3 Related documents ............................................................................................................................................... 5
2 WHAT’S NEW IN HONEYWELL TRACE R140.1? ................................................................................. 6
3 TRACE DATA COLLECTION ARCHITECTURE ...................................................................................... 11
4 PLANNING ...................................................................................................................................................... 13
4.1 Software and Hardware Requirements .................................................................................................... 13
4.2 Types of licenses .................................................................................................................................................. 14
4.3 User Groups/Users ............................................................................................................................................. 15
4.4 Remote Node – Supported Systems & Licenses Required ............................................................ 15
5 SYSTEM SPECIFIC REQUIREMENTS ..................................................................................................... 19
5.1 Experion ................................................................................................................................................................... 19
5.2 TPS .............................................................................................................................................................................. 20
5.3 Safety Builder ........................................................................................................................................................ 21
5.4 PHD ............................................................................................................................................................................ 21
5.5 OSIPI .......................................................................................................................................................................... 21
5.6 ControlLogix® ........................................................................................................................................................ 21
5.7 Profit Controller .................................................................................................................................................... 21
5.8 Aspen DMC ............................................................................................................................................................. 22
5.9 Triconex .................................................................................................................................................................... 22
6 BUSINESS NETWORK SYNC ..................................................................................................................... 23
7 CROSS DOMAIN ACCESS .......................................................................................................................... 24
7.1 Enable Communication Between L3.5 & L4 (Applicable for L3.5/L4 Access) .................... 24
7.2 Enable Communication Between L3 & L4 Using Relay Server (Applicable for L3.5/L4 Access) ...................................................................................................................................................................... 25
8 FIREWALL CONFIGURATION .................................................................................................................... 26
8.1 Firewall configuration for L3.5 (applicable for L3.5/L4 access) ................................................. 26
8.2 Firewall configuration for L3 ......................................................................................................................... 26
8.3 Firewall configuration for Data Collection between Trace Server and Remote node ....... 26
9 IMPORTANT NOTES ..................................................................................................................................... 28
9.1 Enabling Windows Remote Server .............................................................................................................. 28
9.2 Enabling Remote Shell Access from Domain ....................................................................................... 28
9.3 Disabling Policy - Network access: Do not store network passwords ....................................... 28
ABOUT THIS DOCUMENT
HTDOC-X574-en-140.1A 4
9.4 Configure System Time and Time Zone ................................................................................................... 29
9.5 Passwords ............................................................................................................................................................... 29
9.6 Server Name / IP Address Prerequisites .................................................................................................. 30
9.7 Migration Prerequisites .................................................................................................................................... 30
10 NOTICES.......................................................................................................................................................... 31
ABOUT THIS DOCUMENT
HTDOC-X574-en-140.1A 5
1 About this document
1.1 Scope This document provides instructions on how to plan a Trace installation.
1.2 Revision history
Revision Supported Release
Date Description
A 140.1 July 2020 Initial release of the document for R140.1.
1.3 Related documents The following list identifies publications that may contain information relevant to the
information in this document.
Document Name Description
Installation Guide This document provides instructions on how to install and configure
Honeywell Trace application.
User Guide This document provides instructions on how to use the Honeywell
Trace application.
Troubleshooting
Guide
This document provides information on how to troubleshoot the
issues when you are installing and using the Trace product.
Software Change
Notice
This document provides important information that must be read
prior to installing and working with Honeywell Trace R140.1
WHAT’S NEW IN HONEYWELL TRACE R140.1?
HTDOC-X574-en-140.1A 6
2 What’s new in Honeywell Trace R140.1?
The following new systems and features are added in R140.1:
1. Systems
a. Honeywell Profit Controller (Profit Suite)
Support for R430, R440, R500 and R501 releases
In Tag Reference, connection details of EPKS/TPS tag used in
Profit Controller including direction of data flow (read/write) are
shown
Properties, Parameter Query, Change Detection, Engineering
Anomaly, Report features are supported for Profit Controller
system
Only Automatic Data collection supported.
b. Safety Manager SC
Support for Safety Manager SC R200
Safety Manager SC is supported in all the Trace features - Tag
Reference, Logical View, Hardware View, Change Detection,
Change Request, Engineering Anomaly, Spare Management,
Parameter Query, Reporting, Notes, etc.
c. Control Edge UOC
Support Control Edge Unit Operations Controller and IO in all
Trace features
ControlEdge IO, EthernetIP IO, Profinet IO, Series A IO and their
channels are supported.
d. Aspen DMC
Support for Aspen DMC3 and DMC Plus ACO (Classic/Legacy)
platform-based systems
In Tag Reference, connection details of EPKS/TPS tag used in
DMC including direction of data flow (read/write) are shown in
Logical view
Properties, Parameter Query, Changes, Engineering Anomaly,
Report features are supported for Aspen DMC system
Manual and Automatic Data collection supported.
e. Support for new versions of systems
WHAT’S NEW IN HONEYWELL TRACE R140.1?
HTDOC-X574-en-140.1A 7
EPKS R511.1 and R511.2
Safety Manager R200.x
Tristation V4.4, V4.8 and V4.16
2. Features
a. Global Search
With Trace R140.1 Search experience is greatly improved. It
enables searching Tags, Asset, Hardware and Network nodes,
Display, Script, Control Strategy, Notes etc.
Search result shows high level details of the object e.g. Tag
Search shows the Name, Type, System, Asset, Last Modified
Snapshot, Container and Description. The Summary tab shows
counts for External connections, Displays, Group/Trend/History,
Advance Application references, Changes, Engineering Anomaly,
Notes, Scripts. The results layout including the Summary and
Properties tab helps to get all the details of a tag from the Search
results itself rather than having to navigate through all the
different views for a Tag like Tag Reference, Logical, Change,
Anomaly, Notes etc.
Clicking on any of the counts leads to its respective detailed
screen. Clicking on the View links take to their respective views -
Graphical, Hardware, Network, Asset Hierarchy etc.
b. Single Trace Server for Offline and Online mode
The same Trace Server that collects data online now also
supports import of offline collected packages eliminating the
need to have a separate Offline Trace Server
Data connections between Online and Offline systems will be
resolved by Trace Server.
c. Single Sign-on
Access to Trace through automatic Windows authentication.
Logged in Windows session is considered for access to Trace
The system prompts for User ID and Password only if the logged
in Windows user is not a valid Trace user.
d. Enhanced Experion Batch Visualization
Diagram improvements for Sequential Control Module (SCM),
Recipe Control Module (RCM) and Master Recipe (MR) in
Graphical view
WHAT’S NEW IN HONEYWELL TRACE R140.1?
HTDOC-X574-en-140.1A 8
Improved view of SCM, RCM and MR logic
Step, Transition expression and instructions details
Formula and Report parameter details for Recipe Step blocks
Hierarchical navigation through recipe layers
Support for Instance Based Recipes and Class Based Recipes
Improved layout for Connections and References in Tabular view
Improved representation of alias references.
e. Control Strategy Management
Save and name complex control strategies which are created as
part of trip analysis or control data flow analysis in the Graphical
view in Tag Reference
Instead of recreating control strategies from scratch, restore &
visualize the existing ones
Save and restore existing Pins for Tags and/or basic blocks as
control strategy
View the changes due to modifications in systems
(deleted/updated/modified tagged objects, basic blocks,
connections, references) in any subsequent snapshots.
f. Snapshot Management
Name and mark snapshots as favorite
Delete non important snapshot or multiple consecutive
snapshots
Changes(added/deleted) identified in deleted snapshot are
mapped to next snapshot.
g. Notes Management
New Menu option for Notes which provides the ability to add
Private notes as well as Public notes and a place to view all notes
Search Note’s with name, content, attachment name, etc.
See details for each Note, its subject, visibility, attachments, date
when was it added, user who added it, etc.
Navigate from any specific Note to the actual tag in the
respective view.
h. TPS Improvement
Data integrity issues fixed for HPM, APM, PM and AM nodes
WHAT’S NEW IN HONEYWELL TRACE R140.1?
HTDOC-X574-en-140.1A 9
PMCL/AMCL references are shown as connections in the Tag
Reference
AM-CDS related issues are addressed
Folder path for CL and DS files can now be entered in the Data
Collection Settings page. Only files present in that folder and
subfolder will be collected if this option is enabled.
i. Enhanced Change Detection Visualization
Roll up of changes for a Tag or Object.
‘Object Type’ and ‘Asset’ based filtering
Better and more detailed representation of Changes by showing
the Change Type, Old value and New value
Sort and filter options for all columns
Navigation option allows navigation to Source as well as
Destination connection/reference.
j. Tag Reference Improvement
Organize large number of references for better visualization and
management
Tabular data is now segregated in different tabs, connections,
references, etc.
Data and references are segregated and categorized as per
respective system i.e. Current system and Reference system
Resize, filter and sort all the visible columns in Tabular view
Counts shown for Connections and References which get
updated based on applied filters.
k. Parameter Query Improvement
UI improvements to make construction of Query easier
Run a saved query against other systems of same type as against
only the system it is built in
Preloaded queries for Experion system
Sort & filter results and re-order result columns
Easy identification of array parameters.
l. Network View Improvement
WHAT’S NEW IN HONEYWELL TRACE R140.1?
HTDOC-X574-en-140.1A 10
Network View renders the network like network topology
drawings
Top level switch is shown at the top of the network hierarchy
Nodes connected to the top-level switch including next levels of
network switches, Windows nodes, embedded nodes etc are
shown on further drill down till the lowest network node
Similar node types are grouped and shown in a list view to
optimize horizontal space for better representation of data and
interconnectivity and navigation path between nodes.
m. Logical View Improvement
Asset & Tag names shown in alphabetical/alphanumerical order
Tag count now shown along with Anomaly and Change counts
Tag list for Asset now supported like what is shown in Hardware
View for Controllers.
n. Engineering Anomaly Improvement
“Use latest snapshot” option for saving filters for use in Reports
Acknowledge/Unacknowledge All action options.
o. Other Improvements
Reporting improvement
L3/L4 Sync improvement
Data Collection failure issues are improved.
TRACE DATA COLLECTION ARCHITECTURE
HTDOC-X574-en-140.1A 11
3 Trace Data Collection Architecture
The following diagrams illustrate the architecture of Honeywell Trace:
TRACE DATA COLLECTION ARCHITECTURE
HTDOC-X574-en-140.1A 12
PLANNING
HTDOC-X574-en-140.1A 13
4 Planning
4.1 Software and Hardware Requirements
PLANNING
HTDOC-X574-en-140.1A 14
4.2 Types of licenses
Trace Package Concurrent Users Features
Bronze 5-25
Tag References Search, Network View,
Logical View, Hardware View, Create and Run
Query, Notes, Snapshot Management and
Report Generation.
Silver 5-25
It has all the features of Bronze package. In
addition to that, it also includes features
such as, On Demand System Performance
Reports, Change Detection, Channel Spare
Management, and Defect Management.
Gold 5-25
It has all the features of Silver package. In
addition to that, it also has Workflow and
Change Management feature.
LIVE System Performance Analytics and
Monitoring feature.
PLANNING
HTDOC-X574-en-140.1A 15
4.3 User Groups/Users
Domain Topology Workgroup Topology
Trace Server L3 and
L3.5 (System
Format)
Note: If the default
language is not set to
English (United
States), then change
the format to English
(United States).
English (United States) English (United States)
Node on which Trace
is installed
Must be joined to Domain
and remain connected.
Should be part of the private
network.
Person doing the
installation must Run as Administrator
Belong to Local Administrators
group.
ptwebuser (you can
give any name)
This account is used to run
Trace application. Manually
create the user in the
domain controller.
Created by installer. (manual
creation not required)
Mapping user/group
to Trace Roles
Create users if they are not
created for Trace Application
access. Add the user/user
groups to Local Trace Server
groups.
Create users if they are not created
for Trace Application access.
Manually add the user/user group
to the following groups:
LSS-PT Engineers
LSS-PT Managers
LSS-PT Product admin
LSS-PT Report Users
NOTE
Trace Gold is supported both in Workgroup and Domain topology.
SPA feature is supported only in Domain topology. But SPA will not be available in L4.
4.4 Remote Node – Supported Systems & Licenses Required
PLANNING
HTDOC-X574-en-140.1A 16
System Supported Version Description Data Collection User
Permissions License Requirement
Experion PKS
Process Server
R311.1
R400
R410
R430
R431
R500
R501
R510
R511.1/R51
1.2
ESF node
ESC node
Workgroup:
Product Administrators
(and/or)
Local Engineers*
Domain:
DCS Administrators
(and/or)
Engineers*
1 license of Class 1 per
Experion cluster
TPS R6xx or later
EST node
Product Administrators 1 license of Class 1 per
LCN cluster GUS node (running
Windows XP SP3 or
later)
Experion
Integrated TPS
R410.9 to
R511.2
EST node
ATTENTION: GUS
node is not
supported for this
system.
Workgroup:
Product Administrators
(and/or)
Local Engineers*
Domain:
DCS Administrators
(and/or)
Engineers*
1 license of Class 0
Experion Integrated TPS =
01 TPS + 05 Experion
cluster
Safety Manager
R13x.x
R14x.x
R15x.x
R16x.x
R200.x
Safety Builder node.
For manual
collection, any node
on which plant data
is copied.
Manual:
Any Local User
Automatic:
Local Administrators
1 license of Class 2 per
Safety Manager plant
PLANNING
HTDOC-X574-en-140.1A 17
System Supported Version Description Data Collection User
Permissions License Requirement
Triconex
Tristation
v4.4, v4.6,
v4.8 v4.14
and v4.16
Tristation node
Plant data to be
manually copied
from the nodes.
Any User with read access
to .pt2 file.
1 license of Class 2 per
controller
PHD
R300
R310
R320
R340
PHD Data Collector
node.
PHD Product
Administrators
1 license of Class 3 per
PHD database (shadow
server or local)
FSC
R6xx or later
(on Trace
R121 Patch1
or later)
FSC Builder node
For manual
collection, any node
on which plant data
is copied.
Any User with read access
to FSC data folders.
1 license of Class 2 per
controller
OSIPI 2015 version
(3.4.395)
OSIPI node where
database is
available
Local Administrators
Group
Backup Operator Group
1 license of Class 3 per
OSIPI database server
SPI
SPI 2009
SP4 HF10
Supported
SPI database
type is SQL
Server
SPI node
Local Administrators
Group
Backup Operator Group
1 license of Class 2 per
cluster
ControlLogix®
RSLogix
5000
(version 17
to Version
20)
Studio 5000
(version 21
to Version
30)
Allen-Bradley
ControlLogix Node
where L5X file is
available.
Any User with read access
to .l5x file
1 license of Class 3 per
Controller
PLANNING
HTDOC-X574-en-140.1A 18
System Supported Version Description Data Collection User
Permissions License Requirement
Profit Controller
R430
R440
R500
R501
Automatic collection
where Profit Suite is
installed.
Local Engineers Group 1 license of Class 2 per
Controller
Aspen DMC DMC Plus
DMC3
Aspen Online Server
For manual
collection, any node
on which .CCF file is
copied.
Manual:
Any Local User
Automatic:
Administrators
1 license of Class 2 per
System
NOTE
*For more details, go to section 10.1.4 System-Specific additional requirements-
> Experion of the Installation Guide.
SYSTEM SPECIFIC REQUIREMENTS
HTDOC-X574-en-140.1A 19
5 System Specific Requirements
5.1 Experion
Particulars Description
User privilege
Ensure that your Windows user account used for installation:
• has Local Administrator privileges on the computer
• belongs to a domain or workgroup and is part of the following groups:
o Experion DCS Admin group (applicable for domain accounts) *
o Local Product Admin group (applicable for workgroup accounts) *
Note: Users of the following groups have the least privileged access to collect data with
a script to be run.
*Experion DCS Engineer’s group (applicable for domain accounts)
*Local Engineer’s group (applicable for workgroup accounts)
Configuration for
SCADA
For Experion release R3xx.x, R400.x and R410.x:
• Configure temporary qdb file
• Ensure that backbuild is not executed manually during Trace Data Collection.
For Experion release R511.1 and R511.2:
• To Enable SCADA data collection copy the following four files to "C:\Program Files
(x86)\Honeywell\Experion PKS\Client\Configuration
Studio\Applications\Quick Builder\Components" folder:
o "C:\Program Files (x86)\Honeywell\Experion PKS\Client\Configuration
Studio\Core\Honeywell.CDF.Application.Interfaces.dll"
o "C:\Program Files (x86)\Honeywell\Experion PKS\Client\Configuration
Studio\Applications\Configuration Studio\Display
Versioning\Honeywell.CDF.CS.Comparer.Interfaces.dll"
o "C:\Program Files (x86)\Honeywell\Experion PKS\Client\Configuration
Studio\Core\Honeywell.CDF.Framework.Interfaces.dll"
o "C:\Program Files (x86)\Honeywell\Experion PKS\Client\Configuration
Studio\Framework Assemblies\Honeywell.CDF.HSCCLIService.dll"
No special configuration is required for all other releases.
Set Display path Open the Experion PKS Server Configuration Panel from the Start menu and set all display
paths.
Configure
switches (for
• RO community string configured for all switches must match the switch “Read
Community” configured in Configuration Studio and loaded
SYSTEM SPECIFIC REQUIREMENTS
HTDOC-X574-en-140.1A 20
Particulars Description
Network View to
appear in
Honeywell Trace)
• Configure SNMP in Experion server and in the switch (only SNMP V2 is supported).
• Make sure the IP of Remote Node is added to the ACL’s in switch configuration.
• Top level Yellow and Green switch spanning must be configured (for yellow it is
4096 for green 8192)
• Optional: Add RW community string in the switch and update the same under
Global Settings in the Data Collection page.
• Trace does not support Stack Switch and Cross cable representations.
Flex/ESC/EST
nodes
The same node can also be used for Data Collector and Remote Node on Windows 10.
Windows 7 does not support same node for Data Collector and Remote Node.
5.2 TPS
Particulars Description
User privilege
Ensure that your Windows user account used for installation:
• has Local Administrator privileges on the computer
• belongs to a domain or workgroup and is part of the following groups:
o Experion DCS Admin group (for domain accounts)
o Local Product Admin group (for workgroup accounts)
System status
Ensure that the
• LCNP status is OK
• checkpoints for all data owners are available on HM
• node communicates with Data Server
Configure
Honeywell File
Transfer
• Ensure Honeywell File Transfer service is installed and is running
• Configure Honeywell File Transfer service with all available HMs on the network.
Check for LVRLOG
file • Ensure that EST/GUS is configured with UPVLR load module for initiating LVRLOG.
SYSTEM SPECIFIC REQUIREMENTS
HTDOC-X574-en-140.1A 21
Particulars Description
GUS Display
Builder
If you have references in GUS displays, ensure that GUS Display Builder is installed on
the remote node and user configured for data collection can open GUS displays in the
Display Builder.
5.3 Safety Builder
Particulars Description
Safety Builder
database path
If performing data collection manually:
Copy the Metadata.xml file found at: <InstalledPath>\Honeywell\SafetyManager
SMRxxx.x\Metadata.xml to the path where the Plant file (.CAC file) and Controller files (.cc)
are located.
5.4 PHD
Particulars Description
Users must be a
part of the Product
Administrators
group
For a PHD node to perform data collection. install the Remote node package on the
Collector node. PHD Data Collection user must be present in PHD nodes (PHD collector,
PHD shadow and/or database nodes).
5.5 OSIPI
Particulars Description
PI OLEDB For OSIPI node to perform data collection, user must install PI OLEDB in OSIPI node.
5.6 ControlLogix®
Particulars Description
ControlLogix® To perform data collection, manually export the *.L5X file using RSLogix 5000/Studio 5000
tool.
5.7 Profit Controller
Particulars Description
Profit Controller Data collection user needs to be part of the local Administrator group to enable automatic
data collection.
SYSTEM SPECIFIC REQUIREMENTS
HTDOC-X574-en-140.1A 22
5.8 Aspen DMC
Particulars Description
Aspen DMC
Ensure data collection user is a part of local administrator group for automatic mode of
data collection.
To perform data collection, manually import a copy of the .CCF (configuration) files.
5.9 Triconex
Particulars Description
Triconex Before starting data collection for a Triconex system, make sure Triconex Project
Application is rebuilt successfully and errors, if any, are rectified.
BUSINESS NETWORK SYNC
HTDOC-X574-en-140.1A 23
6 Business Network Sync
The following diagram illustrate business network sync:
CROSS DOMAIN ACCESS
HTDOC-X574-en-140.1A 24
7 Cross Domain Access
7.1 Enable Communication Between L3.5 & L4 (Applicable for L3.5/L4 Access)
Particulars Domain Topology Workgroup Topology
If installing on
L3.5/L4
When both Domain Controller and Trace Server
are on L3.5/L4:
• For new users on L3.5/L4 Domain
Controller, user can create
user/customized groups
• For these new users on the L3.5/L4
Domain Controller, user can manually
link the user/user groups to Local
Trace Server LSS-PT groups.
When Domain Controller is on L4 and Trace
Server is on L3.5:
• Establish trust between L3.5 Domain
Controller and L4 Domain Controller.
This is to access data from L4 client
nodes
• You can manually add the L4 user/user
groups to L3.5 Domain Controller
For new users, create user/customized
groups and manually link the groups to
below respective groups:
LSS-PT Engineers
LSS-PT Managers
LSS-PT Product admin
LSS-PT Report Users
Update Hosts File:
Particulars Description
In domain topology, to
communicate between L3
node - L3.5 node
Update Hosts file on L3 node with the following information:
10.10.10.XX L3-5-Trace.domain.com
where,
10.10.10.XX is the IP address of the L3.5 Trace node
L3-5-Trace.domain.com is the Fully Qualified Domain Name (FQDN) of the
L3.5 Trace node
Note that the IPs and names mentioned are examples only.
NOTE
For information on software/hardware requirements, refer the
Software/Hardware Requirements section of this document.
CROSS DOMAIN ACCESS
HTDOC-X574-en-140.1A 25
7.2 Enable Communication Between L3 & L4 Using Relay Server (Applicable for L3.5/L4 Access)
Particulars Domain Topology Workgroup Topology
If installing on L4
Install and configure Relay Server node at the
L3.5 level (DMZ).
On L4 Domain Controller, create a user and
map the domain users to Trace machine local
groups.
Install and configure Relay Server node at
L3.5 (DMZ).
Update Hosts File on the L3 and Relay Server node:
Particulars Description
In domain topology, to
communicate between L3
node – L4 node
Update Hosts file on L3 node with the following information:
10.10.10.YY L4-Trace.domain.com
where,
10.10.10.YY is the IP address of the Relay Server
L4-Trace.domain.com is the Fully Qualified Domain Name (FQDN) of the L4
Trace node
On the Relay Server
11.11.11.XX L4-Trace.domain.com
where,
11.11.11.XX is the IP address of the L4 node
L4-Trace.domain.com is the Fully Qualified Domain Name (FQDN) of the L4
Trace node
Note that the IPs and names mentioned are examples only.
In workgroup topology, to
communicate between L3
server node in workgroup and
remote nodes
Update Hosts file with the following information:
On Client Node, update IP address of Trace Server’s IP address
On Trace Server, update IP address of Remote nodes.
In workgroup topology, to
communicate between Trace
L3 and Trace L3.5/L4
Update Hosts file with the following information:
On Trace L3 server node, update IP address of the Trace L3.5 server node
On Trace L3.5 server node, update IP address of the Trace L3 server node.
FIREWALL CONFIGURATION
HTDOC-X574-en-140.1A 26
8 Firewall Configuration
8.1 Firewall configuration for L3.5 (applicable for L3.5/L4 access)
Source IP Protocol Destination IP Port Reason
L3 Trace Server TCP L3.5 Trace Server 443 DB Sync
L3.5 Trace Server TCP L4 Client 443 To access web URL
8.2 Firewall configuration for L3
Source IP Protocol Destination IP Port Reason
L3 Trace Server TCP L3 Remote Node 5986
Secure Powershell port to
trigger Trace Data
Collection.
L3 Trace Remote
Node TCP L3 Trace Server 445 and 139
SMB port for Trace remote to
share the data in Trace
Server.
L3 Remote Node TCP L3 EMDB Server 1433
SQL port for Trace Remote
Node to connect to EMDB
and fetch EMDB
information.
L3 Trace Server TCP L3 Trace Remote
Node (Windows XP) 5985
Secure Powershell port to
trigger Trace Data
Collection.
8.3 Firewall configuration for Data Collection between Trace Server and Remote node
If there is a firewall configuration between Trace Server and remote node, perform the
following configuration:
FIREWALL CONFIGURATION
HTDOC-X574-en-140.1A 27
Source IP Protocol Destination IP Port Reason
Trace Server TCP Trace Remote Node 5986
Secure Powershell port to
trigger Trace Data
Collection.
Trace Server TCP Trace Remote Node
(Windows XP)
5985 Secure Powershell port to
trigger Trace Data
Collection.
Trace Remote
Node
TCP Trace Server 445 and 139 SMB port for Trace remote to
share the data in Trace
Server.
Trace Remote
Node
TCP EMDB Server 1433 SQL port for Trace Remote
Node to connect to EMDB
and fetch EMDB
information.
IMPORTANT NOTES
HTDOC-X574-en-140.1A 28
9 Important Notes
The following are the Group Policies that must be enabled/disabled in the Trace Remote
Node/Domain for Trace Data Collection to work correctly:
Trace Remote Node is in Domain -> enable these policies in Domain Controller
Trace Remote Node is in Workgroup -> it needs to be checked on Local Machine
9.1 Enabling Windows Remote Server Enable Windows Remote Server Management with IPv4 filter as ‘TraceServerIP’ or ‘Offline
Datacollector NodeIP’ or you can enter an asterisk (*). To enable:
1. Run -> gpedit.msc.
2. Navigate to Computer Configuration -> Administrative Templates -> Windows
Components -> Windows Remote Management (WinRM) -> WinRM Service.
3. Enable the policy “Allow Remote server management through WinRM” with IPv4
filter set to * or TraceServerIP.
OR
4. Select “Not Configured”.
Note: This policy can either be enabled or not configured. It should not be disabled.
9.2 Enabling Remote Shell Access from Domain To enable:
1. Run -> gpedit.msc
2. Navigate to Computer Configuration -> Administrative Templates -> Windows
components -> Windows Remote Shell
3. Enable the policy “Allow Remote Shell Access”
OR
Select “Not Configured”.
Note: This policy can either be enabled or not configured. It should not be disabled.
9.3 Disabling Policy - Network access: Do not store network passwords To disable:
1. Run -> secpol.msc
2. Navigate to Local Policies -> Security Options
IMPORTANT NOTES
HTDOC-X574-en-140.1A 29
3. Disable the policy “Network access: Do not allow storage of passwords and
credentials for network authentication”.
Note: This check might have been done in Trace installer as part of prerequisite
validation.
9.4 Configure System Time and Time Zone Changing the Time Zone after installing the Honeywell Trace application affects the
functioning of the application.
9.5 Passwords Trace Server:
Ensure that the passwords you provide when installing Honeywell Trace have:
A maximum of 32 characters. (optional)
A minimum of 8 characters (unless the password policy of your site recommends
shorter passwords. It is optional)
At least one upper case letter. (optional)
At least one number. (optional)
At least one special character. However, the following special characters are NOT
allowed (mandatory):
o “
o /
o \
Note: Even though the above mentioned password recommendations are either
optional or mandatory, refer your Domain/Local system password policy to further
confirm. In some cases, if the password starts with @ or [, trace may not validate. It
is recommended to not have passwords starting with @ or [.
Remote Node:
Ensure that the passwords you provide for IAA service account when installing Honeywell
Trace Remote Node:
Must not start with ‘@’
Must not contain ‘[‘and ‘]’
IMPORTANT NOTES
HTDOC-X574-en-140.1A 30
9.6 Server Name / IP Address Prerequisites You cannot change Server Name after Trace Server installation. However, you can
configure the IP address of Trace Server using the Admin Console.
9.7 Migration Prerequisites Restart Trace Server. Post restart make sure you don’t open any applications. This is
required to unlock any used files by Trace and make upgrade smoother.
Before installation ensure that policy in the machine do not cleanup the session temp
folder after reboot.
NOTICES
HTDOC-X574-en-140.1A 31
10 Notices
Trademarks Experion®, PlantScape®, SafeBrowse®, TotalPlant®, and TDC 3000® are registered
trademarks of Honeywell International, Inc.
ControlEdge™ is a trademark of Honeywell International, Inc.
OneWireless™ is a trademark of Honeywell International, Inc.
Matrikon® and MatrikonOPC™ are trademarks of Matrikon® International. Matrikon®
International is a business unit of Honeywell International, Inc.
Movilizer® is a registered trademark of Movilizer GmbH. Movilizer GmbH is a business unit
of Honeywell International, Inc.
Trademarks Experion®, PlantScape®, and SafeBrowse® are registered trademarks of Honeywell
International, Inc.
Trademarks Experion® and SafeBrowse® are registered trademarks of Honeywell International, Inc.
PlantCruise™ is a trademark of Honeywell International, Inc.
Trademarks Experion® is a registered trademark of Honeywell International, Inc.
ControlEdge™ is a trademark of Honeywell International, Inc.
OneWireless™ is a trademark of Honeywell International, Inc.
Other trademarks Microsoft and SQL Server are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries.
Trademarks that appear in this document are used only to the benefit of the trademark
owner, with no intention of trademark infringement.
Third-party licenses This product may contain or be derived from materials, including software, of third parties.
The third party materials may be subject to licenses, notices, restrictions and obligations
imposed by the licensor.
The licenses, notices, restrictions and obligations, if any, may be found in the materials
accompanying the product, in the documents or files accompanying such third party
materials, in a file named third_party_ licenses on the media containing the product, or at
http://www.honeywell.com/ps/thirdpartylicenses.
Documentation feedback You can find the most up-to-date documents on the Honeywell Process Solutions support
website at:
NOTICES
HTDOC-X574-en-140.1A 32
http://www.honeywellprocess.com/support
If you have comments about Honeywell Process Solutions documentation, send your
feedback to:
Use this email address to provide feedback, or to report errors and omissions in the
documentation. For immediate help with a technical problem, contact your local
Honeywell Process Solutions Customer Contact Center (CCC) or Honeywell Technical
Assistance Center (TAC).
How to report a security vulnerability For the purpose of submission, a security vulnerability is defined as a software defect or
weakness that can be exploited to reduce the operational or security capabilities of the
software.
Honeywell investigates all reports of security vulnerabilities affecting Honeywell products
and services.
To report a potential security vulnerability against any Honeywell product, please follow the
instructions at:
https://honeywell.com/pages/vulnerabilityreporting.aspx
Support For support, contact your local Honeywell Process Solutions Customer Contact Center
(CCC). To find your local CCC visit the website, https://www.honeywellprocess.com/en-
US/contact-us/customer-support-contacts/Pages/default.aspx
Training classes Honeywell holds technical training classes that are taught by process control systems
experts. For more information about these classes, contact your Honeywell representative,
or see http://www.automationcollege.com.
HTDOC-X574-en-140.1A July 2020 © 2020 Honeywell International Sàrl
Honeywell Process Solutions 2101 CityWest Blvd.
Houston, TX 77042
Honeywell House, Skimped Hill Lane
Bracknell, Berkshire, RG12 1EB Building #1, 555 Huanke Road, Zhangjiang
Hi-Tech Park,
Pudong New Area, Shanghai, China 201203
www.honeywellprocess.com