GE Fanuc Automation

CIMPLICITY Monitoring and Control Products

CIMPLICITY HMI OPC Server

Operation Manual

GFK-1675

April 1999

GFL-002

Warning notices are used in this publication to emphasize that hazardous voltages, currents, temperatures, or other conditions that could cause personal injury exist in the equipment or may be associated with its use. In situations where inattention could cause either personal injury or damage to equipment, a Warning notice is used.

Caution notices are used where equipment might be damaged if care is not taken. Note Notes merely call attention to information that is especially significant to understanding and operating the equipment. This document is based on information available at the time of publication. While efforts have been made to be accurate, the information contained herein does not purport to cover all details or variations in hardware or software, nor to provide for every possible contingency in connection with installation, operation, or maintenance. Features may be described herein which are not present in all hardware and software systems. GE Fanuc Automation assumes no obligation of notice to holders of this document with respect to changes subsequently made. GE Fanuc Automation makes no representation of warranty, expressed, implied, or statutory with respect to, and assumes no responsibility for the accuracy, completeness, sufficiency, or usefulness of the information contained herein. No warranties of merchantability or fitness for purpose shall apply.

CIMPLICITY is a registered trademark of GE Fanuc Automation North America, Inc. Windows NT and Windows 95 are registered trademarks of Microsoft Corporation

This manual was produced using Doc-To-Help, by WexTech Systems, Inc.

Copyright 1998 GE Fanuc Automation North America, Inc. All rights reserved

Preface

Contents of this Manual

Chapter 1. Introducing OPC Servers: Provides an overview of the CIMPLICITY HMI OPC Server, including how it operates, its features and security. Chapter 2. CIMPLICITY HMI Server Information: Describes how the CIMPLICITY HMI OPC Server handles points.. Chapter 3. Using the CIMPLICITY OPC Server user Interface: Describes how to use the OPC Server to interact with clients.

Related Publications
For more information, refer to these publications: CIMPLICITY HMI Users Manual (GFK-1180) CIMPLICITY HMI Integrators Toolkit Guide (GFK-1461)

Contents
Getting Started
Getting Started Getting Started Steps

1-1
1-1 1-1

Introducing OPC Servers

About OPC Servers About the CIMPLICITY HMI OPC Server CIMPLICITY HMI OPC Server Overview CIMPLICITY HMI Server Features Specifications CIMPLICITY Project Security Troubleshooting

2-1
2-1 2-3 2-3 2-4 2-5 2-7 2-8

CIMPLICITY HMI OPC Server Information

OPC Item Naming Convention CIMPLICITY Project Point Item ID Syntax Point by Address Item ID Syntax Item ID Attributes Server Statistic OPC Items Data Types Timestamps Quality OPC Browse Interface Support

3-1
3-1 3-1 3-2 3-3 3-5 3-6 3-7 3-8 3-8

Using the CIMPLICITY HMI OPC Server User Interface

User Interface Menu Options The File Menu The Diagnostics Menu The Server Options Menu Interactive and Non-interactive Modes Troubleshooting Tools OPC Connection Trace Logging CIMPLICITY Project Connection Logging Run-time Statistics CIMPLICITY HMI OPC Server and DCOM DCOM Security Overview Minimal DCOM Configuration for Client Connections DCOM Configuration Guidelines Registry Settings for Off-Node Clients

4-1
4-1 4-2 4-2 4-3 4-5 4-7 4-8 4-10 4-11 4-13 4-13 4-16 4-17 4-18

GFK-1675

Contents

Getting Started

Getting Started
The CIMPLICITY HMI OPC Server provides a standards-based way to access run-time information from a CIMPLICITY HMI project. This section guides a user through the steps to become familiar with the OPC Server and to start using the server quickly.

NOTE: The CIMPLICITY HMI OPC Server must be licensed to run on a computer node running CIMPLICITY HMI. If the server is not licensed then OPC clients will not be able to connect to a CIMPLICITY HMI project. The following getting started steps assume that the CIMPLICITY HMI OPC Server has been successfully installed and that at least one CIMPLICITY HMI project is currently running.

Getting Started Steps

Step 1 - Turn Off DCOM Security
The CIMPLICITY HMI OPC Server relies on a Microsoft technology called COM/DCOM to provide among other things, server security and run-time access to server objects. To quickly get started using the server, disable DCOM security on the computer node on which the server is installed. If your OPC client application is installed on another computer, you will want to disable DCOM security on that computer too. Because DCOM security is a complex topic, the instructions for turning off DCOM security have been summarized in this document. See the section Minimal DCOM Configuration for Client Connections for these instructions.

Step 2 - Setup CIMPLICITY HMI Project Security

The CIMPLICITY HMI OPC Server extends the security provisions of a project to an OPC client. For each project that will be accessed by an OPC client, a valid CIMPLICITY HMI project username and password must be specified. See the section CIMPLICITY Project Security for an explanation of server security. The security settings for the server are configured using the Security Dialog. An example of this dialog is shown below. The example illustrates that OPC clients connect to CIMPDEMO points under the security settings of the ADMINISTRATOR user. Clients accessing PROJECT_A points do so as the OPERATOR user.

GFK-1675

1-1

The Security Dialog is accessed from the Server Options menu of the server user interface. See the section The Server Options Menu for a detailed description of this dialog and how to view it.

Step 3 Setup for Remote OPC Client Access

This step only needs to be performed if the OPC client application is installed on a computer node other than the one on which CIMPLICITY HMI and the OPC Server is installed. If the OPC client application is installed on the same machine, then proceed to Step 4. The registry on the remote machine must be updated with information specific to the CIMPLCITY HMI OPC Server. These registry entries will point the OPC client to the CIMPLCITY HMI OPC Server across a network. Fortunately this is a simple task to perform. The registry can be updated automatically by running a registry file installed with the server. See the section Registry Settings for Off-Node Clients for the instructions on how to use the registry file.

Step 4 Connecting to the OPC Server

Start your OPC client application. Each client application will provide a unique method of referencing OPC servers. One common method is to display a list of OPC servers that are visible to the OPC client. If this is the case, pull up this list. The CIMPLICITY HMI OPC Server reference you are looking for may be one of the following: CIMPLICITY.HMI.OPCServer CIMPLICITY HMI OPC Server {B01241E8-921B-11d2-B43F-204C4F4F5020}

Once your application connects to the OPC Server, you should see the following user interface appear on the machine where the OPC Server is installed (assuming a user is logged in with the appropriate permissions). In this case, the OPC Server is running in interactive mode. The server can also be configured to always run in non-interactive mode. The OPC Server will run regardless of who is currently logged in. See the section Interactive and noninteractive Modes for more information.

1-2

CIMPLICITY HMI OPC Server Operation ManualApril 1999

GFK-1675

If you are having difficulty connecting with the OPC Server, using any of the server objects, or receiving subscription updates, you can use the troubleshooting tools supported by the OPC Server. See the section Troubleshooting Tools for a complete discussion.

Step 5 Specify CIMPLICITY HMI Points in the OPC Client

Once a connection between your OPC client application and the OPC Server has been established, you are ready to specify CIMPLICITY HMI points. If your OPC client application supports OPC server browsing, then a list of projects (configured in Step #2) will appear in a browse list. Every OPC clients browse session is different. An example browse session is shown below.

Project

Point Attribute

GFK-1675

Getting Started

1-3

The sample browse session illustrates that a project named CIMPDEMO has (among others) the points AAA, AC1, ACTIVEX_TOGGLE, ACTIVE_FIX, and ACTIVE_FIX_GCODE. Each of these points have attributes associated with them. The attributes for the points AAA and AC1 are shown. These attributes represent CIMPLICITY run-time database values that are visible to an OPC client. To specify an attribute, pick (i.e. click or double click) on an attribute in the browse session. If browsing is not supported or text entry is more applicable for the OPC client, use the following syntax to reference an attribute. This is known as an OPC item reference. [\\PROJECT\]POINT.ATTRIBUTE See the section OPC Item Naming Convention for a complete discussion of the syntax and a list of supported attributes.

Step 6 - Turn on DCOM Security

It is very rare that DCOM security for the CIMPLICITY HMI OPC Server will remain off. Most environments require controlled access to systems interacting with a manufacturing process. When you are satisfied that communications between the CIMPLICITY HMI Server and your OPC client application are satisfactory, then you will want to consider enabling DCOM security. The degree of security enabled is dependent upon the policies at the site where the OPC Server is installed. See the section CIMPLICITY HMI OPC Server and DCOM for a complete discussion of DCOM security issues.

1-4

CIMPLICITY HMI OPC Server Operation ManualApril 1999

GFK-1675

Introducing OPC Servers

About OPC Servers

The CIMPLICITY HMI OPC Server provides a standards-based interface to the CIMPLICITY run-time database. The OPC Server conforms to the OLE for Process Control (OPC) 2.0 Data Access standards. OPC is a technology standard initially developed by a group of automation industry companies and now managed by the not-for-profit organization called the OPC Foundation. The standard was developed to provide a common de-coupling mechanism for automation system software components. OPC provides for simpler integration of automation software components from multiple vendors. Fundamentally, the OPC standard defines two software roles: OPC clients and OPC servers. In general, clients are consumers of automation information and servers are producers of the same information. The OPC standard further classifies automation information transactions as follows: Data Access Manages the exchange of run-time process information (including quality and timestamps) between clients and servers. Alarm and Event Handling Manages the exchange of event and alarm information. Historical Data Access Manages the exchange of historical process information.

The CIMPLICITY HMI OPC Server provides support for the Data Access sub-set of the OPC specification. OPC leverages Microsofts COM/DCOM technology. The OPC specification defines the COM interfaces and object behaviors common to automation software applications. Since the OPC standard is COM compliant, DCOM can be leveraged for distributed deployments. For example, an OPC client application can run on a computer node different from that of an OPC server. Neither application (the client or the server) are aware of this distributed architecture.

GFK-1675

2-1

The following diagram illustrates the client / server architecture defined by the OPC specification.
Client Application A Client Application B

OPC Client Interface

OPC Client Interface

COM / DCOM

CIMPLICITY HMI OPC Server

One or more CIMPLICITY HMI Projects

The diagram shows that multiple OPC compliant client applications can communicate with an OPC server simultaneously. Using DCOM, client and server software programs can be configured to run on the same computer node or be distributed across a network of computers. OPC servers provide a common view of automation information managed by the system for which the server was written. The CIMPLICITY HMI OPC Server allows an OPC client to read and write CIMPLICITY project run-time databases (which in turn can be references to device points or virtual points). Others examples include an OPC server for a PLC providing access to PLC registers or an OPC server for a lab analyzer providing remote monitoring (and control). OPC clients use this common view of automation information in a variety of ways. This includes providing human machine interfaces, historical data logging, and data mirroring services. Users can write their own custom programs in languages such as Visual Basic or Visual C++. Desktop programs can reference OPC server information. For example, users can write VBA scripts in Microsoft Excel.

2-2

CIMPLICITY HMI OPC Server Operation ManualApril 1999

GFK-1675

About the CIMPLICITY HMI OPC Server

The CIMPLICITY HMI OPC Server is as an out-of-process server compliant with the OPC Data Access V2.0 specification. The OPC Server allows OPC clients to read, write, and subscribe to changes of CIMPLICITY HMI run-time database points.

CIMPLICITY HMI OPC Server Overview

The OPC server is installed on a CIMPLICITY HMI project node. It is recommended that the OPC server be installed under Windows NT 4.0 in order to leverage all of the advantages of Microsoft COM/DCOM technology. Of particular advantage are the DCOM security settings and the DCOM launch services available only to NT4.0. These features make setup and maintenance of the OPC server easier. The following diagram illustrates the CIMPLICITY HMI OPC Server interacting with other CIMPLICITY system components and an OPC client application. One or more CIMPLICITY HMI projects can be visible to the OPC server. The CIMPLICITY HMI program is implemented using several Windows processes. The OPC server is itself a Windows process. The OPC server and the other CIMPLICITY HMI processes always run on the same computer node. However, the OPC client application can be located on the same node or on another node visible through a network. The ability to distribute OPC clients and servers across multiple platforms is one of the key benefits of COM/DCOM technology.
CIMPLICITY HMI Processes

CIMPLICITY HMI OPC Server

COM / DCOM

OPC Client Application

GFK-1675

Introducing OPC Servers

2-3

CIMPLICITY HMI OPC Server Notes

An OPC client attempts to connect to the CIMPLICITY HMI OPC Server. If the OPC server process does not exist, COM/DCOM services attempt to activate it. Upon successful activation of the OPC server, the OPC client begins interacting with the OPC server to create server, group, and item objects. If the OPC server object is already active, COM/DCOM returns a reference to the OPC server process. Only one OPC server process can exist on a single computer node at a time. Once the OPC server is activated but before a connection is granted to an OPC client, the OPC Server checks to see if the OPC server is licensed to run on this computer node and if at least one CIMPLICITY HMI project is running on this computer node. If either of these conditions are not met, the OPC client connection is refused. The OPC client can access CIMPLICITY HMI project points for which the OPC server has been granted secure access. See the section CIMPLICITY Project Security for more information. If all CIMPLICITY HMI projects are stopped on the computer node while the OPC server is currently active (i.e. OPC clients are connected), then the quality of points currently reported to the OPC clients are set to bad. Before the CIMPLICITY HMI project(s) is re-started, the OPC clients must disconnect to allow the OPC server to terminate. All new OPC client connections not allowed. Once the OPC server has terminated, the CIMPLICITY HMI project(s) can be re-started. In the event that an OPC client does not disconnect gracefully, COM/DCOM garbage collection algorithms will automatically clean the OPC client references (this can take several minutes). Once the references are cleanup, the OPC server will terminate. When the last OPC client disconnects from the OPC server (and the OPC Servers Auto Exit mode is enabled) the OPC server will automatically terminate.

CIMPLICITY HMI Server Features

OPC Data Access V2.0 compliant, out-of-process server. Browsing is supported for OPC clients that can browse hierarchically. Extensive diagnostic tools for troubleshooting client / server connections and CIMPLICITY run-time database interactions. Run-time server statistics are provided to troubleshoot throughput problems. Supports CIMPLICITY HMI Workbench dynamic configuration mode. Enforces CIMPLICITY project security. Supports automatic coercion of all COM non-array data types. Support for arrays (in canonical form) of all COM-ready data types. CIMPLICITY point by address item naming is supported.

2-4

CIMPLICITY HMI OPC Server Operation ManualApril 1999

GFK-1675

Specifications
Refer the OPC Foundation specification documents for more information on details presented in this section.

OPC Specification Compliance

The CIMPLICITY HMI OPC Server is compliant with the following OPC standards: Data Access Custom Interface Standard V2.0 and V1.0a. Data Access Automation Interface Standard V2.0.

COM Program ID
Once installed, the CIMPLICITY HMI OPC Server is typically referenced by an OPC client by its ProgID (program ID). The ProgID for the CIMPLICITY HMI OPC Server is: CIMPLICITY.HMI.OPCServer The OPC Servers unique CLSID (class ID) is: {B01241E8-921B-11d2-B43F-204C4F4F5020}

Supported Data Access Custom Interfaces

The CIMPLICITY HMI OPC Server implements the following COM interfaces. Note that standard COM interfaces are not listed. IOPCServer IOPCItemProperties IOPCCommon IOPCASyncIO2 IOPCItemMgt IOPCSyncIO EnumOPCItemAttributes IOPCBrowseServerAddressSpace IConnectionPointContainer IOPCGroupStateMgt IOPCAsyncIO IConnectionPointContainer IDataObject IEnumOPCItemAttributes

GFK-1675

Introducing OPC Servers

2-5

Supported Automation Interfaces

The CIMPLICITY HMI OPC Server relies on the standard automation wrapper supplied by the OPC Foundation. The following diagram illustrates how the automation wrapper interacts with the automation client (e.g. Visual Basic for Applications script) and the custom interface of the CIMPLICITY HMI OPC Server. Note that the automation wrapper executes in-process with the automation client.

OPC Automation Client Process

OPC Automation Wrapper

COM / DCOM

OPC Custom Interface

CIMPLICITY HMI OPC Server Process

Note: Selection of the type of interface to use, custom or automation, depends on the goals of the client application developer. Adhoc client applications written in Microsoft Visual Basic (for example) typically use the automation interface. Automation interfaces are easy to use in the VB (and VBA) development environments. However, the automation interface is slower at execution time. Applications written in Microsoft Visual C++ (for example) use the custom interface. This is the most efficient interface, but it is more complex to use.

OPCGroup Object Percent Dead Band

The CIMPLICITY HMI run-time database provides support for dead-band change notifications. Dead-banding is configured when a point is added to a CIMPLICITY project. Thus, percent dead-banding is not supported directly by the CIMPLICITY HMI OPC Server when a client configures an OPC group. If a client specifies a percent dead-band value for a group, the value is ignored. Change notifications are reported to an OPC client based on the dead-banding configured for a point in the CIMPLICITY project.

Blobs
The CIMPLICITY HMI OPC Server does not support the use of blobs. Refer to the Data Access specification for more information on blobs.

2-6

CIMPLICITY HMI OPC Server Operation ManualApril 1999

GFK-1675

CIMPLICITY Project Security

CIMPLICITY project security is extended to all clients of the CIMPLICITY HMI OPC Server. The OPC Server acts as a proxy for an OPC client, granting secure access to a CIMPLICITY project point using the username and the password attributed to the OPC Server. Security settings are attributed to a server using the Security Dialog of the OPC Server interface. See the section Server Options for a description of this dialog box. The OPC Server always runs on the same computer node as a CIMPLICITY project(s). In order for an OPC client to successfully access points of a project, a username and a password must be specified for each CIMPLICITY project: That is visible on this computer node, and That must be made accessible to an OPC client.

When an OPC client references a point in a project, the OPC Server connects to the project using the username and the password specified for the project. The following diagram illustrates the security settings granted to two OPC client applications accessing three CIMPLICITY projects via the OPC server.

CIMPLICITY HMI Projects Project A Project B Project C

CIMPLICITY HMI OPC Server

Project Name Project A Project B Project C

User Name Operator Engineer Maintenance

Password ****** *** ********

OPC Client A

Client A accesses Project A points as CIMPLICITY HMI user name Operator.

OPC Client B

Client B accesses Project B and C points as CIMPLICITY HMI user names Engineer and Maintenance (respectively).

GFK-1675

Introducing OPC Servers

2-7

Troubleshooting
CIMPLICITY HMI OPC Server provides several diagnostic tools for troubleshooting problems common to a heterogeneous software application environment. The tools are designed to help a user diagnose specific aspects of a conversation between an OPC client and a point in the CIMPLICITY run-time database. OPC Connection Trace Logging - OPC-related connection information is captured using the Trace Logging diagnostic tool. This tool is used to log information about an OPC conversation (between a client and a server) to a text file. See the section OPC Connection Trace Logging for more information. CIMPLICITY Project Connection Logging Information about the interaction between the OPC Server and a CIMPLICITY project is logged to CIMPLICITY Status Log (accessible from the CIMPLICITY Workbench). See the section CIMPLICITY Project Connection Logging for more information. Run-time Statistics The OPC Server maintains run-time performance statistics for OPC client server interactions. These statistics can be used to diagnose computer node performance problems and to tune an OPC clients use of the CIMPLICITY HMI OPC Server resources. See the section Run-time Statistics for more information.

2-8

CIMPLICITY HMI OPC Server Operation ManualApril 1999

GFK-1675

CIMPLICITY HMI OPC Server Information

OPC Item Naming Convention

OPC Client applications reference CIMPLICITY points using item IDs. Items IDs uniquely reference a CIMPLICITY point value or a CIMPLICITY point parameter. Item IDs are constructed by using a client browse session or by explicitly typing the Item ID string. This section defines the syntax of Item IDs supported by the CIMPLICITY HMI OPC Server. The OPC Server supports two unique syntax forms. The most common form references CIMPLICITY project point information (e.g. the current value of a point or the current state of a point). The second form allows a user to specify a point by address.

Note: The CIMPLICITY HMI OPC Server converts all Item IDs to upper case before passing on the reference to a CIMPLICITY project.

CIMPLICITY Project Point Item ID Syntax

Points configured in a CIMPLICITY project are referenced for read and / or write operations using the following syntax. [ ] indicates optional fields. Each field is described below. [\\PROJECT\]POINT.ATTRIBUTE Field PROJECT (optional) Description A CIMPLICITY HMI project name under which the reference is made. If the project is not specified, then the default project is assumed. See the section "Setup Server Security" to learn how to
specify a server default project.

POINT (required) ATTRIBUTE (required)

The name of a CIMPLICITY HMI project point. A server-defined string specifying the type of information associated with the point. A point has several attributes. See the
section "Item ID Attributes" for more information.

GFK-1675

3-1

Point by Address Item ID Syntax

Point by address Item IDs allow an OPC client to explicitly refer to device registers for devices that currently communicate with a CIMPLICITY HMI project. A CIMPLICITY project point does not necessarily need to be configured. See the chapter "Using Point by
Address" in the "CIMPLICITY HMI Operation Manual" GFK-1396 for more information on point by address references.

Note: Point by Address Item IDs do not appear during an OPC client browse session. These Items IDs must be manually entered in an OPC client application. The Point by Address Item ID syntax is shown below where [ ] indicates an optional keyword. Valid keywords (required and optional) are described below. [\\PROJECT\]@DEVICE=xxx|ADDR=yyy|[TYPE=zzz]

Keyword/Field PROJECT (optional)

Description A CIMPLICITY HMI project name under which the reference is made. If the project is not specified, then the default project is assumed. See the section "Setup Server Security" to learn how to
specify a server default project.

DEVICE (required) ADDR (required) TYPE (optional) SCAN (optional) OFFSET (optional) ACCESS (optional) ELEM (optional) ORIGIN (optional)

Any valid CIMPLICITY HMI device identifier. A valid device address for the specified device. Any valid CIMPLICITY HMI point type. If you do not use this keyword, the default is INT. Multiple of the device scan rate at which the data will be collected. If you do not use this keyword, the default is 1. Bit offset for the address of BOOL, BYTE or WORD points. If you do not use this keyword, the default is 0. Either READ or WRITE. If you do not use this keyword, the default is READ. The number of elements (for an array). If you do not use this keyword, the default is 1. The points origin - use one of the following: DEV for a device point. DIA for a diagnostic point. ALW for an Ethernet Global Data point.

If you do not use this keyword, the default is DEV.

3-2

CIMPLICITY HMI OPC Server Operation ManualApril 1999

GFK-1675

Item ID Attributes
By definition, a CIMPLICITY project point is a run-time value. There are also other values associated with the point (e.g. point state, point description, etc.). To distinguish between the run-time value and other values, the CIMPLICITY HMI OPC server defines a set of attribute names to provide unique references. A list of common attribute names referenced by an OPC client is presented below. See the CIMPLICITY HMI User's Manual" GFK-1180 and the "CIMPLICITY HMI Integrator's Toolkit Guide" GFK-1461 for attribute lists.

NOTE: The attributes listed below are not recognized by the CIMPLICITY run-time database. You will not find the attributes listed in the "Point Management API" section of the "CIMPLICITY HMI Integrators Toolkit Guide" GFK-1461. These attributes are only recognized by the CIMPLICITY HMI OPC Server and are internally maintained by the OPC Server.

VALUE
References the converted (EU) value of the point. If there is no conversion configured, the raw value is displayed. Canonical Data Type - Dependent on CIMPLICITY point type. See the section "Data Types"
for more information.

RAW_VALUE
References the raw value of a point. Canonical Data Type Dependent on CIMPLICITY point type. See the section "Data Types"
for more information.

STATE
References the current state of the point. The points current state depends on the point class and alarm conditions. Canonical Data Type Automation string (VT_BSTR).

For all point classes, the states that can be displayed are: NORMAL UNAVAILABLE The points value is within normal limits, and no alarms are outstanding.

If the point is a device point, communications with the device have failed, and the point can no longer be read. If the point is a virtual point, one or more of the source points that comprise this point is unavailable. For Analog point classes, the additional states that can be displayed are: ALARM HIGH ALARM LOW WARNING HIGH The points value is greater than the high alarm limit. The points value is less than the low alarm limit. The points value is greater than the warning high limit and less than the alarm high limit.

GFK-1675

CIMPLICITY HMI OPC Server Operation ManualMarch 1999

3-3

WARNING LOW OUT OF RANGE

The points value is less than the warning low limit and greater than the alarm low limit.

The point is an Analog or APPL device point with engineering units conversion and its value exceeds one of its conversion limits. For the Digital (Boolean) point class, the additional states that can be displayed are: ALARM WARNING The points value is in the alarm state. You will only see this message if Enable Alarms has been reset, Enable Warning is set, and the points value is in the alarm state.

TYPE
References the CIMPLICITY project data type of the point value. One of the following strings is displayed to a client: BOOLEAN, BITSTRING, OCTETSTRING, CHARACTERSTRING, UNSIGNED INTEGER 1, UNSIGNED INTEGER 2, UNSIGNED INTEGER 4, INTEGER 1, INTEGER 2, INTEGER 4, FLOATING POINT, STRUCTURE, ALARM LIMIT. Canonical Data Type - Automation string (VT_BSTR).

LENGTH
References the length of the point. This field is only meaningful for the following point types:BITSTRING and OCTETSTRING. Canonical Data Type Four byte signed int (VT_I4).

ELEMENTS
References the number of elements contained in the point. Canonical Data Type - Four byte signed int (VT_I4).

SIZE
References the size of the data. Canonical Data Type - Four byte signed int (VT_I4).

DISP_FORMAT
References the format used when displaying the points value in Alarm Viewer, Status Log messages, or CimView. Canonical Data Type - Automation string (VT_BSTR).

3-4

CIMPLICITY HMI OPC Server Operation ManualApril 1999

GFK-1675

Server Statistic OPC Items

The CIMPLICITY HMI OPC Server has several pre-defined Item IDs used for referencing server performance statistics. The Item ID for each statistic is listed below. An OPC client can reference a statistic to monitor the performance of the OPC Server. Refer to the section "Runtime Statistics" for more information on working with the statistics.

Note: Statistic Item IDs follow the same naming convention as a project point. The statistics are assigned to a fictitious project called STATISTICS. Thus, a real project with the same name cannot be accessed by an OPC client.

\\STATISTICS\CLIENTS.VALUE
Displays the number of OPC clients currently connected to the CIMPLICITY HMI OPC Server.

\\STATISTICS\GROUPS.VALUE
Displays the number of OPC groups currently configured in the OPC Server.

\\STATISTICS\ITEMS.VALUE
Displays the number of OPC item references currently configured in the OPC Server. Note that an item may appear in more than one group (or be referenced by more than one OPC client). Each reference is counted in the statistic.

\\STATISTICS\READ/PERIOD.VALUE
Displays the number of synchronous and asynchronous read transactions performed by the OPC Server in the last sample period. A read transaction is composed of one or more items.

\\STATISTICS\WRITES/PERIOD.VALUE
Displays the number of synchronous and asynchronous write transactions performed by the OPC Server in the last sample period. A write transaction is composed of one or more items.

\\STATISTICS\SUBSCRIPTIONS/PERIOD.VALUE
Displays the number of client subscription updates (i.e. unsolicited updates to an OPC client) performed by the OPC Server in the last sample period. A single subscription update is composed of one or more items.

\\STATISTICS\PERIOD(MILLISECONDS).VALUE
The currently configured sample period for calculating reads/period, writes/period, and subscriptions/period statistics.

GFK-1675

CIMPLICITY HMI OPC Server Operation ManualMarch 1999

3-5

Data Types
The CIMPLICITY HMI OPC Server represents CIMPLICITY point values in a canonical (or baseline) format. This format, or data type, is compatible with Microsoft COM/DCOM technology and is called a VARIANT data type. As discussed earlier in the section "Item ID Attributes", each Item ID attribute has a predefined canonical data type. The canonical data types for VALUE and RAW_VALUE attributes are dependent on the CIMPLICITY point type. The following table maps the CIMPLICITY point type to the canonical form. The table is grouped by CIMPLICITY point class. CIMPLICITY Point Class Analog CIMPLICITY Point Type DINT INT REAL SINT UDINT UINT USINT Boolean BOOL BYTE WORD DWORD Text STRING STRING_20 STRING_8 STRING_80 Four byte signed int (VT_I4) Two byte signed int (VT_I2) Eight byte real (VT_R8) Two byte signed int (VT_I2) Eight byte real (VT_R8) Four byte signed int (VT_I4) Two byte signed int (VT_I2) True = 1, False = 0 (VT_BOOL) Four byte signed int (VT_I4) Four byte signed int (VT_I4) Four byte signed int (VT_I4) Automation string (VT_BSTR) Automation string (VT_BSTR) Automation string (VT_BSTR) Automation string (VT_BSTR) OPC Server Canonical Form

Data Type Coercion

To ensure the highest throughput of point values through the CIMPLICITY HMI OPC Server to an OPC Client, the client should always request the canonical data type of an attribute. For example, if an OPC client wants to subscribe to changes in a CIMPLICITY analog class point configured as a real point type, the fastest throughput is achieved by requesting the value (when added to a group) as an eight byte real value (VT_R8). By requesting a point in canonical form, the OPC Server does not have to coerce (or convert) between the data type stored internally and the data type requested by the OPC client. The OPC Server provides coercion support for all non-array OPC items. The OPC Server utilizes standard Microsoft coercion support routines. A drawback to relying on coercion is the penalty of extra processing overhead required for each transaction. However, relying on coercion in the OPC Server may simplify the OPC client or provide the user with the ability to select the data type most applicable.

3-6

CIMPLICITY HMI OPC Server Operation ManualApril 1999

GFK-1675

Array Support
The CIMPLICITY HMI OPC Server supports arrays of all CIMPLICITY point types (with the exception of the STRING type). The OPC Server does not support coercion of array items. OPC clients must request an array item in canonical form when adding items to an OPC group. Access to arrays is best done in canonical form as the overhead imposed by coercion could increase proportionally by the size of the array.

Dynamic Configuration Mode

The data type of a point can be changed dynamically (i.e. while a CIMPLICITY project is running) using the Dynamic Configuration mode in CIMPLICITY Workbench. If an OPC client is accessing a point while the point type changes, these changes are reflected in the state of the OPC item maintained by the OPC Server. For non-array points, changes to the point type are transparent to OPC client as the OPC Server automatically coerces the new canonical data type to the data type requested when the client added the item to an OPC group. For array points, the OPC client must be prepared to accept array information in a new data type form (and possible with a new number of array elements).

Timestamps
OPC Item Timestamps
Associated with each OPC item value is the time at which the value last changed or the value was refreshed. This is known as the OPC item timestamp. The CIMPLICITY HMI OPC Server synchronizes OPC item timestamps with point timestamps stored in the CIMPLICITY run-time database. When timestamps are not available from CIMPLICITY (as in the case where a CIMPLICITY project is stopped while OPC clients are connected), the OPC Server generates a timestamp based on the current computer node time.

Universal Coordinated Time

The OPC Server returns all timestamps to an OPC client in universal coordinated time (UTC). An OPC client must convert the timestamp to local time as required.

GFK-1675

CIMPLICITY HMI OPC Server Operation ManualMarch 1999

3-7

Quality
OPC Item Quality
Associated with each OPC item value is an indicator of the quality of that value. This is known as the OPC item quality. The quality of an item is based on point status information from a CIMPLICITY project and the state of communications between the OPC Server and the CIMPLICITY project. The CIMPLICITY HMI OPC Server supports a subset of quality flags specified in the OPC Foundation Data Access standard. The supported quality statuses and sub-statuses are listed below. OPC Status Good Bad OPC Sub-Status N/A Last Known Value Description The quality of the OPC item value is good. Communications with CIMPLICITY project have failed. The OPC item value is the last known value. Communication with CIMPLICITY project have failed. The OPC item value is invalid.

Comm Failure

OPC Browse Interface Support

The CIMPLICITY HMI OPC Server supports hierarchical browsing of a CIMPLICITY project namespace (i.e. points in a project). An example browse session follows. Note that the appearance and behavior of a browse session is dependent upon how the OPC client is implemented. The OPC server only provides the namespace information. The OPC client is responsible for organizing and presenting the namespace.

Project

Point Attribute

3-8

CIMPLICITY HMI OPC Server Operation ManualApril 1999

GFK-1675

The annotations in the diagram indicate the components of a CIMPLICITY Project Point Item ID.

Browse Tree Attributes List

The OPC Server can present a large number of attributes for a CIMPLICITY point (i.e. the leaf nodes on the hierarchy tree presented above) to an OPC client. To make browse sessions practical, the OPC Server limits the number of attributes displayed during a browse session. By default (at server installation time), the OPC Server displays the following attributes. VALUE RAW_VALUE STATE TYPE LENGTH ELEMENTS SIZE DISP_FORMAT DESCRIPTION POINT_STATE DEVICE_ID To modify the list attributes shown, the OPC Server installation process created a registry key with the following name. HKEY_LOCAL_MACHINE\SOFTWARE\GE Fanuc Automation\CIMPLICITY\HMI\4.00\Products\OPC Server\Browse Attributes This registry key lists the additional attributes displayed to an OPC client during a browse session. The OPC Server will always show the attributes VALUE, RAW_VALUE, and STATE, so these do not need to be listed in the registry key. If the registry key does not exist, the OPC Server defaults to the attribute list shown above.

Note: Not all CIMPLICITY points will support all the attributes listed in the registry key. The OPC Server will filter out invalid attributes for a CIMPLICITY point during the OPC client browse session.

Tip: The Browse Attributes registry key can be customized to an installation. Following are a list of tips for modifying the Browse Attribute registry key. Specify all attributes in capital letters. Leave no spaces in the string. Separate each attribute string by a comma.

Important: Corruption of the Browse Attribute registry key or other keys may cause serious and irreparable damage to software installations. Registry key changes should be made by qualified personnel only.

GFK-1675

CIMPLICITY HMI OPC Server Operation ManualMarch 1999

3-9

Using the CIMPLICITY HMI OPC Server User Interface

User Interface Menu Options

The primary role of the CIMPLICITY HMI OPC Server is to interact with OPC clients programmatically. Thus, no human user interface is required to satisfy the primary function of the OPC Server. However, the OPC Server does have a simple user interface that is used for setting up the OPC Server for an installation and for accessing some of the troubleshooting tools provided by the OPC Server. The user interface provides the following features. Trace logging diagnostic tool configuration. OPC Server Auto Exit mode configuration. Configuration of CIMPLICITY project security settings used by the OPC Server. OPC Server statistics sample period configuration.

A screen shot of the OPC Server user interface is shown below.

The OPC Server can be configured to run without a user interface. See the next section, Interactive and non-Interactive Modes for instructions on how setup the OPC Server to run with a user interface. The user interface provides several menu options. Each option is described below.

GFK-1675

4-1

The File Menu

Exit
Terminates the CIMPLICITY HMI OPC Server. If an OPC client(s) is currently connected when this option is selected, termination of the OPC Server is denied. OPC client applications must disconnect before the OPC Server can terminate. If the Auto Exit Mode is enabled, then the OPC Server will terminate immediately after the last OPC client disconnects.

The Diagnostics Menu

See the section "Troubleshooting Tools" for more information on diagnostic tools.

Set Trace Filename

Select this option to specify the filename used for logging OPC client / server conversation information. While trace logging is on, all client / server conversation information is appended to this file. Trace logging is enabled by selecting one of the trace levels from the Diagnostics menu option (Connect, Group, Item, All).

Off
Select this option to disable OPC connection trace logging. The trace log file is closed.

Connect
Select this option to enable OPC connection trace logging and to set the level of tracing to capture server activation events and client connect / disconnect events.

Group
Select this option to enable OPC connection trace logging and to set the level of tracing to capture OPC group creation, deletion, and modification events.

Item
Select this option to enable OPC connection trace logging and to set the level of tracing to capture OPC item transaction events (read, write, subscription updates).

All
Select this option to enable OPC connection trace logging and to set the level of tracing to capture all Connect, Group, and Item transaction events.

Set Dump Filename

Select this option to specify the filename used for writing the current state of the CIMPLICITY HMI OPC Server data cache. This option is intended for providing detailed diagnostic information for technical support personnel. The specified file is re-written each time a dump is signaled to the OPC Server.

Dump Points
Select this option to signal the CIMPLICITY HMI OPC Server to write the current contents of the data cache to a text file. Note that selecting this option will overwrite an existing file.

4-2

CIMPLICITY OPC Server Operation ManualApril 1999

GFK-1675

The Server Options Menu

Enable / Disable Auto Exit
This menu item toggles between two states: Enable Auto Exit and Disable Auto Exit. The OPC Server Auto Exit mode is provided for CIMPLICITY HMI OPC Server installations where the OPC Server is activated using DCOM. When the last OPC client disconnects from the OPC Server, the server will automatically shutdown. Disable the OPC Server Auto Exit mode when the server is launched in an interactive session (e.g. by adding the program name to the Start program group).

Note: DCOM launch services are not available by Windows 95/98.

Setup Server Security

Use this menu option for modifying the CIMPLICITY project security settings used by the CIMPLICITY HMI OPC Server. See the section "CIMPLICITY Project Security" for a discussion on security settings. The following dialog is displayed when Setup Server Security option is selected.

Current Security Setting

Project Name Field User Name Field OK Cancel Add Remove Set Default Project

CIMPLICITY HMI project name. CIMPLICITY HMI project user name. Saves security setting changes made during this session. Cancel security setting changes made during this session. Add a new project security setting for the OPC server. Selecting this option displays a blank Project Properties dialog. Remove the current security setting. If an OPC client does not specify a project name as part of the Item ID syntax, apply this project as the default. Only one project can be designated as the default project. The default project is always displayed in bold face lettering.

GFK-1675

Using the CIMPLICITY HMI OPC Server User Interface

4-3

Details

Edit the current security setting. Selecting this option displays the Project Properties dialog box with the current security setting field information. Use this option to make changes to the security settings for a CIMPLICITY project. The Project Properties dialog box is used to enter or edit the security settings for a single CIMPLICITY project. A sample dialog is shown below. The dialog box indicates that an OPC client, when accessing point in the CIMPDEMO project, does to with all the rights and privileges granted to the ADMINISTRATOR user.

Project name User name Password Confirm password OK Cancel Apply

CIMPLICITY HMI project name. CIMPLICITY HMI project user name. Password used by OPC server in conjunction with project user name. Verification check. The Password and Confirm password must be the same otherwise the project settings cannot be saved. Save project settings and return to the Security Dialog if there are no errors. Return to the Security Dialog without saving the changes. Save any changes if there are no errors.

4-4

CIMPLICITY OPC Server Operation ManualApril 199 9

GFK-1675

Statistics Sample Period

Use this menu option to change the sample period for calculating server statistics. The period is entered in units of milliseconds. See the sections "Server Statistics OPC Items" and "Runtime Statistics" for more information. A sample dialog with the sample period set to 5 seconds is shown below.

Help About CIMPLICITY HMI OPC Server

Select this option to display program version and copyright information.

Interactive and Non-interactive Modes

Note: The instructions in this section only apply to CIMPLICITY HMI OPC Servers running under Windows NT 4.0. OPC servers running under Windows 95/98 always run interactively. The CIMPLICITY HMI OPC Server is a graphical user interface based application. Because the OPC server is also a COM object, the server can run under a user account other than the current (interactive) user. When run this way, the OPC server is in non-interactive mode. Normally, the OPC Server is run in non-interactive mode for two reasons: 1. To ensure the OPC server process has the necessary security privileges and permissions to communicate with CIMPLICITY HMI and OPC clients regardless of the current user logon state. To keep the current users desktop less cluttered.

2.

There are times when a user may want to run the OPC server interactively. During initial setup, server parameters can be adjusted to customize the OPC Server for the installation. While troubleshooting, a user will want access to the diagnostic tools on the menu.

Setup for Interactive Mode

The CIMPLICITY HMI OPC Server is initially installed to run interactively using the current user logon. There are two ways to setup the OPC server to run interactively. 1. Configure the DCOMCNFG Identity settings for the OPC server to run as The interactive user. Each time an OPC client launches the OPC server, the server is launched using the privileges and permissions of the user currently logged on. See the section Tools for Configuring DCOM Security for more information on using the DCOMCNFG utility.

GFK-1675

Using the CIMPLICITY HMI OPC Server User Interface

4-5

2.

Run the CIMPLICITY HMI OPC Server as you would any other program (e.g. using the StartRun command or running the program from a MS-DOS window). In this case you must ensure that the Auto Exit mode of the OPC server is disabled. Otherwise, the OPC Server will start and promptly terminate. See the section "Enable/Disable auto Exit" for more information on the Auto Exit mode.

Note: Ensure that at least one CIMPLICITY HMI project is running on the same computer node as the CIMPLICITY HMI OPC Server when activating the server. The OPC Server promptly terminates if there is not a project running.

Setup for Non-interactive Mode

Configure the DCOMCNFG Identity settings for the OPC server to run as This user. Each time an OPC client launches the OPC server, the server is launched using the privileges and permissions of the user logon specified. See the section "Tools for Configuring DCOM Security" for more information on using the DCOMCNFG utility.

4-6

CIMPLICITY OPC Server Operation ManualApril 1999

GFK-1675

Troubleshooting Tools
The CIMPLICITY HMI OPC Server provides troubleshooting tools to help a user diagnose specific aspects of a conversation between an OPC client and a point in the CIMPLICITY run-time database. There are three tools provided with the OPC server. Use of the tool outputs are discussed in this section. A fourth tool, the CIMPLICITY HMI OPC Server data cache dump is intended for providing detailed diagnostic information for technical support personnel. It is not described here. OPC Connection Trace Logging - OPC-related connection information is captured using the Trace Logging diagnostic tool. This tool is used to log information about an OPC conversation (between a client and a server) to a text file. CIMPLICITY Project Connection Logging Information about the interaction between the OPC Server and a CIMPLICITY project is logged to CIMPLICITY Status Log (accessible from the CIMPLICITY Workbench). Run-time Statistics The OPC Server maintains OPC conversation run-time performance statistics. These statistics can be used to diagnose computer node performance problems and to tune OPC client reporting requirements. The following diagram illustrates the scope of diagnostic information generated by each tool. The output from each tool and how to use it is described in the following sections.

CIMPLICITY HMI Projects

Project A

Project B

Project C

Use Run-time Statistics to monitor through put problems

CIMPLICITY HMI OPC Server

Use CIMPLICITY Project Connection Logging to diagnose problems here.

Use OPC Connection Logging to diagnose problems here.

OPC Client A

OPC Client B

GFK-1675

Using the CIMPLICITY HMI OPC Server User Interface

4-7

OPC Connection Trace Logging

Trace logging monitors the state of a connection between an OPC client(s) and the CIMPLICITY HMI OPC Server. The details tracked are determined by the chosen trace level: Connect, Group, Item, and All. See the section "The Diagnostics" for a description of how to start and stop trace logging. Connect Group Item Log server activation events and client connect / disconnect events. Log OPC group creation, deletion, and modification events. Log OPC item transaction events (read, write, subscription updates).

All Log all events. The OPC server must be configured to run interactively in order to access trace logging menu options. See the section "Interactive and Non-interactive Modes" for setting the OPC server to run interactively.

Note: Messages written to the trace log assume that the user is familiar with the OPC Foundation Data Access specification.

Interpreting the Trace Log

The trace log is composed of a series of messages. Each message logs a single OPC client server event. A message is prefaced with a local machine date and time stamps and the source of the trace message. The date/time and source are not shown in the following sample trace log for the purposes of clarity. The sample trace log illustrates the sequence of messages logged with the trace level set to All. The OPC client initiated the following sequence of events (note that the OPC client used to generate the log is Data Access 1.0A compliant). 1. 2. The OPC client connected to the CIMPLICITY HMI OPC Server. The client created an OPC group and called it Group1. The client created two advise sinks for Group1 for: 3. 4. Receiving subscription notification callbacks (i.e. unsolicited updates from server for all items in Group1). Receiving asynchronous write complete callbacks (i.e. notification from the OPC Server when an asynchronous write operation completed).

The client create a second OPC group called Group2 with the similar advise sinks as Group1. The client added an OPC item to Group1 called \\CIMPDEMO\DEMO_COSINE.VALUE. This references the current value of the point DEMO_COSINE in the project CIMPDEMO. Immediately the OPC Server began reporting to the client data change notifications (via a callback into the client). The client proceeded to add two more points: \\CIMPDEMO\DEMO_COUNTER.VALUE and \\CIMPDEMO\DEMO_RANDOM.VALUE. Note that immediately after each new item was added, the number of items reported in the callback to the client increased. This is because the values are changing in

5. 6.

7.

4-8

CIMPLICITY OPC Server Operation ManualApril 1999

GFK-1675

CIMPLICITY and being reported to the client at the requested OPC group update rate. 8. 9. The client then removed the OPC group Group2. Prior to doing this, it disconnects the advise sinks previously setup. The client then deletes the OPC group Group1. First it removes the item references from the group and then it disconnects the advise sinks.

10. Finally, the client disconnects from the OPC Server.

OPC Client connected Added OPC Group Group1 Group Group1: client connected OPCSTMFORMATDATATIME V1.0 advise sink Group Group1: client connected OPCSTMFORMATWRITECOMPLETE V1.0 advise sink Added OPC Group Group2 Group Group2: client connected OPCSTMFORMATDATATIME V1.0 advise sink Group Group2: client connected OPCSTMFORMATWRITECOMPLETE V1.0 advise sink Group Group1: added item \\CIMPDEMO\DEMO_COSINE.VALUE (handle=18155968) Group Group1: Invoked V1.0 data change callback (with timestamps) for 1 item(s) Group Group1: Invoked V1.0 data change callback (with timestamps) for 1 item(s) Group Group1: added item \\CIMPDEMO\DEMO_COUNTER.VALUE (handle=18157088) Group Group1: Invoked V1.0 data change callback (with timestamps) for 2 item(s) Group Group1: Invoked V1.0 data change callback (with timestamps) for 2 item(s) Group Group1: added item \\CIMPDEMO\DEMO_RANDOM.VALUE (handle=18158672) Group Group1: Invoked V1.0 data change callback (with timestamps) for 3 item(s) Group Group1: Invoked V1.0 data change callback (with timestamps) for 3 item(s) Group Group2: client disconnected V1.0 OPCSTMFORMATDATATIME advise sink Group Group2: client disconnected V1.0 OPCSTMFORMATWRITECOMPLETE advise sink Removed OPC Group Group2 Group Group1: Invoked V1.0 data change callback (with timestamps) for 3 item(s) Group Group1: Invoked V1.0 data change callback (with timestamps) for 3 item(s) Group Group1: removed item \\CIMPDEMO\DEMO_COSINE.VALUE (handle=18155968) Group Group1: removed item \\CIMPDEMO\DEMO_COUNTER.VALUE (handle=18157088) Group Group1: removed item \\CIMPDEMO\DEMO_RANDOM.VALUE (handle=18158672) Group Group1: client disconnected V1.0 OPCSTMFORMATDATATIME advise sink Group Group1: client disconnected V1.0 OPCSTMFORMATWRITECOMPLETE advise sink Removed OPC Group Group1 OPC Client disconnected

Using the Trace Log

Following is a sample list of problems that can be diagnosed with the trace log. The list is not exhaustive. It is intended as a guide only. Client connection problems. Use the log to verify if the OPC Server received the clients request to connect. This request may have been blocked by DCOM security. The clients request to connect could also be rejected by the OPC Server if there are no CIMPLICITY projects running. DCOM security authorization problems. This can occur if a client can connect to the OPC Server but cannot access server objects. For example, the client can connect to the OPC Server but cannot create an OPC group. Validate the OPC items requested by a client and verify the item ID syntax. View the sequence of OPC interface requests to verify the correct operation of a client. Verify that a client gracefully disconnects.

GFK-1675

Using the CIMPLICITY HMI OPC Server User Interface

4-9

Troubleshoot subscription problems (i.e. callbacks into the client by the OPC Server when data changes are reported). In this case the client is able to perform synchronous and asynchronous read and write requests but cannot receive subscription updates. This may be due to a DCOM security authentication problem on the client machine. The client is unable to authenticate the OPC server. See how a client organizes OPC groups and OPC items within groups.

CIMPLICITY Project Connection Logging

The CIMPLICITY HMI OPC Server interacts with the CIMPLICITY HMI run-time database on behalf of the OPC clients. Warning and failure messages generated by this interaction are logged to the CIMPLICITY Status Log. Informational messages (or success messages) are also logged. Success Messages Warning Messages Failure Messages Indicate normal state changes between the run-time database and server interactions. Indicate that a run-time database / server interaction was not successful but that the problem will not affect future interactions.

Indicate that a run-time database / server interaction has failed and that future interactions will most likely fail. To view the CIMPLICITY Status Log select the Status Log button in the Workbench for a CIMPLICITY project. Then select the option LogView System Log menu option from with the Status Log viewer. Messages logged by the CIMPLICITY HMI OPC Server are identified by the label OPCServer under the PROCESS field of the view screen. Whenever possible, the OPC Server logs error messages generated by the run-time database (referred to as PTMAP in error messages). When a PTMAP error message is available, the message is logged to the Status Log after the message generated by the OPC Server, creating a two-part message.

Note: The CIMPLICITY HMI OPC Server defines several item attributes that are only recognized by the OPC Server. See the section "Item ID Attributes" for a list of these attributes. These attributes are internally maintained by the OPC Server. Thus, some two-part warning and failure messages display an item ID (as requested by an OPC client) that differs from the point reference in the message generated by the run-time database. This is not an error.

Using CIMPLICITY Project Connection Logging

This section briefly describes messages common to normal interactions between the CIMPLICITY HMI run-time database and the OPC server. If other messages are logged, consult with CIMPLICITY HMI technical support. The second part of two-part messages are not shown. OPC Server connected to PTMAP. A success message indicating that the CIMPLICITY HMI OPC Server has created a connection with the CIMPLICITY HMI run-time database. OPC Server disconnected from PTMAP. A success message indicating that the CIMPLICITY HMI OPC Server has successfully disconnected from the CIMPLICITY HMI run-time database.

4-10

CIMPLICITY OPC Server Operation ManualApril 1999

GFK-1675

OPC client request to connect failed. CIMPLICITY OPC Server is not licensed. A warning message indicating that the running OPC server has not been licensed for use. No OPC client connections are permitted. The CIMPLICITY PTMAP IPC system is inactive. OPC client connections refused. A warning message indicating that the sub-system supporting the communications between the CIMPLICITY HMI run-time database and the OPC Server is no longer running. This can occur when a server is active (with OPC clients connected) and the last CIMPLICITY project on the same node as the OPC Server is stopped. OPC clients must disconnect before the OPC Server automatically terminates (or is deactivated via the user interface). Item \\project\point.attribute add failed. See next error. A warning message indicating that a request to add a new point to the OPC Servers internal cache has been rejected by the run-time database. Refer to the following message for more information on why the request was rejected. Item \\project\point.attribute write failed. See next error. A warning message indicating that a point write request by the OPC Server has been rejected by the run-time database. Refer to the following message for more information on why the request was rejected. Item \\project\point.attribute read failed. See next error. A warning message indicating that a point read request by the OPC Server has been rejected by the run-time database. Refer to the following message for more information on why the request was rejected. Item \\project\point.attribute add on change request failed. See next error. A warning message indicating that a registration for change notifications for a point (used by server for subscriptions and cache reads/writes) has been rejected by the run-time database. Refer to the following message for more information on why the request was rejected.

Run-time Statistics
Run-time statistics are maintained by the CIMPLICITY HMI OPC Server for diagnosing and correcting performance problems. Typically, performance problems are caused by how an OPC client application organizes and uses the resources supplied (i.e. group objects and item objects) by an OPC server. The OPC Server maintains statistics about OPC client server interactions. These statistics are viewable from an OPC client by reading pre-defined item IDs from the CIMPLICITY HMI OPC Server. See the section Server Statistics OPC Items for a list of the item IDs. Each of the statistics is described below. Client Connections The number of OPC clients currently connected to the CIMPLICITY HMI OPC Server. Client Groups The number of OPC groups (for all clients) currently configured in the OPC Server. Client Items The number of OPC item references (for all groups) currently configured in the OPC Server. The same item may appear in more than one group (or be referenced by more than one OPC client). Each reference is counted in this statistic.

GFK-1675

Using the CIMPLICITY HMI OPC Server User Interface

4-11

Read Transactions Per Period The number of synchronous and asynchronous read transactions performed by the OPC Server in the last sample period. A read transaction is composed of one or more items and may be a cache read or device read. Write Transactions Per Period The number of synchronous and asynchronous write transactions performed by the OPC Server in the last sample period. A write transaction is composed of one or more items. Subscription Transactions Per Period The number of client subscription updates (i.e. unsolicited updates to an OPC client) performed by the OPC Server in the last sample period. A single subscription update is composed of one or more items.

Note: The period over which read, write, and subscription transactions are calculated is configurable. See the section Statistics Sample Period for information on how to change the current sample period.

Using the Run-time Statistics

The run-time statistics can provide an initial indication of client server interaction problems. Use the statistics to identify the general problem and then use the OPC Connection Trace Logging to identify the specific problem. Client Groups and Client Items These statistics provide a rudimentary indication of how an OPC client organizes the group and item object resources supplied by the CIMPLICTY HMI OPC Server. Some OPC client applications initially create a large number of OPC groups and disable the subscription updates until needed. While this will not cause CPU loading problems, it could cause the initial connection and setup time with the CIMPLICITY HMI OPC Server to be slow or for a large amount of memory to be used by the OPC Server. Reads Transactions Per Period, Write Transactions Per Period These statistics provide information on the OPC Server loading. For example, a high Read Transactions Per Period or Write Transactions Per Period value may coincide with abnormally high CPU loading. The client may be continuously performing a large number of device read or device write requests. (Note that cache reads are very efficient and do not typically cause significant CPU loading problems.) Subscriptions Subscription updates (i.e. unsolicited updates of changed values and/or quality information by an OPC server to an OPC client) may cause high CPU loading when the OPC client requested OPC group update rates are small for groups with rapidly changing values. If subscription updates are not occurring when OPC items are known to be changing, then there may be a DCOM security authentication problem on the computer hosting the OPC client application. The security on this node may not be configured to allow the CIMPLICITY HMI OPC Server to post subscription updates (via callbacks).

4-12

CIMPLICITY OPC Server Operation Manual-April 1999

GFK-1675

CIMPLICITY HMI OPC Server and DCOM

DCOM Security Overview
The CIMPLICITY HMI OPC Server is implemented as a Microsoft COM (Component Object Model) object. DCOM (Distributed COM) provides the framework and the services required to deploy COM objects in a distributed environment. One of these services is security. DCOM security leverages the underlying Windows operating system security services. Those familiar with Windows (NT/95/98) security issues will find that there are a few security issues unique to the distributed environment. To better understand the security issues that can affect a connection between an OPC client and the CIMPLICITY HMI OPC Server, this section provides an overview of DCOM related security. The topic of DCOM security (and Windows security for that matter) is extensive and can be confusing. There are several books dedicated to these topics alone. What is presented here is a synopsis of the issues that affect OPC client / server interactions. DCOM security topics can be broken down into four areas (for definition purposes): authentication, authorization, activation, and launch identity. Activation security is unique to DCOM.

Authentication
Authentication security ensures that the interaction between an OPC client and the CIMPLICITY HMI OPC Server is legitimate. Authentication security for DCOM is an extension of the standard Windows operating system security (which itself is layered upon secured RPC (remote procedure call)). Authentication poses the question Is the OPC client who it says it is? and Is the OPC server who it says it is?. The user configures the level of authentication required which specifies how often this question is posed. Each more secure level places extra processing overhead on communications between the OPC client and the OPC server. A client and server negotiate to the highest level of authentication when the configured authentication levels differ. For example, authentication can be required only at OPC client connection time to a server (level = connect). Once a client is connected (and is authorized to use the OPC Server), all interactions are performed without further authentication. As another example, authentication can be required at the packet level (level = Packet Privacy), with each packet being fully encrypted. The choice of the authentication level is dependent on the security policies of the user. In a multi-node computing environment the security system on the computer node running the OPC server must be able to verify that the security ID of the OPC client is valid. In a domain environment, domain accounts must be validated. In peer-to-peer environments, matching local user accounts must be configured. Authentication of an OPC client must be satisfied before authorization and activation permissions are checked. If a client cannot be authenticated, permission checking for the requested action is not performed.

Authorization
Once an OPC client transaction has been authenticated, DCOM security must determine if that OPC client is authorized to perform call-level interactions with the OPC server. (COM/DCOM technology allows OPC client applications to make programmatic calls across process and computer node boundaries.) This determination is made by looking at the ACL (access control list) for the OPC server COM object. This ACL (or list of users and/ or user

GFK-1675

Using the CIMPLICITY HMI OPC Server User Interface

4-13

groups) for the OPC server is configured using the DCOMCNFG utility supplied with the Windows operation system. See the section "Tools for Configuring DCOM Security" for more information on DCOMCNFG. If the OPC clients user identity is listed on the OPC servers access permissions ACL (as a user or group member), then the OPC client can access CIMPLICITY HMI OPC Server objects.

Activation
Activation security is unique to DCOM. The DCOM framework provides the ability for a OPC client to access the CIMPLICITY HMI OPC Server object. If the OPC server object is installed on another computer node, then the framework launches (or activates) the OPC server (if it already not running) on behalf of the client. Activation permission checking works the same as authorization permission checking. An authenticated clients user identity is checked against the OPC servers ACL for launch permissions. Activation permissions for the CIMPLICITY HMI OPC Server are setup using DCOMCNFG.

Note: Activation services are not supported by Windows 95/98 DCOM. Users must manually launch the CIMPLICITY OPC Server on these operating system platforms.

Launch Identity
Most often, the CIMPLICITY HMI OPC Server is configured to run as a background process (i.e. non-interactive mode) with the OPC Server starting and stopping as OPC clients connect and disconnect. The OPC server must be given a user identity under which to run (i.e. administrator account, the current interactive user, or a special account setup for the OPC server). The launch identity for the CIMPLICITY HMI OPC Server is specified using the DCOMCNFG utility.

Tools for Configuring DCOM Security

Note: It is assumed that reader can configure user accounts (either on a local machine or in a domain environment) and assign group memberships for the user accounts. The CIMPLICITY HMI OPC Server relies on the DCOMCNFG (commonly referred to as dee-com config) utility supplied with the Windows operating system. The OPC server does not programmatically initialize DCOM security. DCOMCNFG can be run from an MS-DOS window by typing dcomcnfg at the prompt. Alternatively, DCOMCNFG can be run by selecting StartRun and typing dcomcnfg at the Open: prompt. The utility is composed of multiple dialog sheets, selectable by tabs across the top as shown below (version shipping with Windows NT Service Pack 3 is shown). The user interface shipped with Window NT SP4 is slightly different. However, the option descriptions in this section are the same for the SP releases.

4-1

CIMPLICITY OPC ServerApril 1999

GFK-1675

NOTE: DCOM security settings for COM objects that do programmatically initialize DCOM security cannot be changed with DCOMCNFG. Important DCOMCNFG Settings for the CIMPLICITY HMI OPC Server This section lists the DCOMCNFG settings that are relevant for configuring the DCOM security for the CIMPLICITY OPC Server. The OPC Server can be configured to use default security settings for the computer node or the settings can be customized. To access the customized settings, highlight the CIMPLICITY HMI OPC Server label (as shown above) and press the Properties button. CIMPLICITY HMI OPC Server Location Tab Always select the option Run application on this computer. CIMPLICITY HMI OPC Server Security Tab Select the Use default access permissions (for authorization security) and Use default launch permissions (for activation security) unless the default settings do not satisfy your system security requirements. If customized settings are required, specify the trusted users and / or groups (ACL) for authorization and activation security settings. CIMPLICITY HMI OPC Server Identify Tab While initially setting up the OPC server or troubleshooting client / server interaction problems, specify The interactive user. Otherwise, specify the option This user and supply a valid user account (local machine or domain as required) and the passwords configured for this user account. The OPC server will take on the identity (and privileges and permissions) of the user account when activated by an OPC client. It is important to realize that the chosen user account (either interactive or this user) must be authenticated on a remote OPC client node in order for some OPC interactions to occur (e.g. subscription notifications). DCOMCNFG Default Properties Select the option Enable Distributed COM on this computer. The Default Authentication Level should be set to satisfy the network security

GFK-1675

Using the CIMPLICITY HMI OPC Server User Interface

4-15

requirements of the installation. (Windows NT 4.0 SP4 allows the Authentication Level to be customized for the OPC Server. The SP3 DCOMCNFG utility provides this feature at the default level only.) The Default Impersonation Level should be set to Identify. DCOMCNFG Default Security If customized access permissions and launch permissions were not specified on the CIMPLICITY HMI OPC Server Security Tab, then the user and / or group settings (ACL) assigned under the Default Access Permissions and Default Launch Permissions are used by DCOM security for the OPC Server.

Important DCOMCNFG Settings for an OPC Client

If the OPC client application is a COM object and does not initialize DCOM security programmatically, then the DCOMCNFG utility must be used to specify the Access Permissions and the Authentication Level. This is required for authenticating callbacks into the client by the OPC server. DCOM Security on the OPC client computer node must not only authenticate the user identify of the OPC server but also must determine if the OPC Server is allowed to make calls on client owned objects. Callbacks are invoked by the OPC server to provide subscription updates and completion notifications for asynchronous read and write operations. If the OPC client application is not a COM object (i.e. the OPC client application is not listed in DCOMCNFG), then the DCOM security settings for Default Access Permissions and Default Authentication Level are applied.

Minimal DCOM Configuration for Client Connections

The instructions in this section outline how to setup the CIMPLICITY HMI OPC Server and the OPC client DCOM security settings to get up and running quickly. Effectively, the settings outlined here turn off all security authentication. If authentication is disabled, then by default all permission checking (for authorization and activation security) are disabled. Any OPC client application can use CIMPLICITY HMI OPC Server objects and the OPC server can callback into the OPC client application. Use this setup procedure as a baseline for establishing client / server interactions. Then proceed to tighten DCOM security settings using guidelines suggested in the section DCOM Configuration Guidelines.

CIMPLICITY HMI OPC Server Setup Steps

1. 2. Invoke DCOMCNFG on the computer node where the CIMPLICITY HMI OPC Server is installed. Select the tab Default Properties. Turn on DCOM for this computer node by checking the option Enable Distributed COM on this computer. Set the Default Authentication Level to (None). Set the Default Impersonation Level to Identify. Select the tab Applications. Double click on the application labeled CIMPLICITY HMI OPC Server. This brings up another set of tabs used for custom DCOM security settings for the OPC server. If you are running Windows NT SP4, select the General tab. Set the Authentication Level option to (None). Select the Location tab. Check the Run application on this computer option. Ensure all other options are not checked. Select the Security tab. Select the Use custom access permissions option. Edit the ACL to include the group Everyone with the Type of Access: set to Allow Access.

3.

4. 5. 6.

4-14

CIMPLICITY OPC Server Operation ManualApril 1999

GFK-1675

7. 8.

On the Security tab, select the Use custom launch permissions option. Edit the ACL to include the group Everyone with the Type of Access: set to Allow Launch. Select the Identity tab. You have two choices here. If you want the OPC server launched with access to the user interface (for troubleshooting or initial setup), select The interactive user option. If you want the OPC server to run as a background process, select the This user option, specifying a valid local machine or domain account and password. Regardless of the method chosen, the account must be part of the USER group at a minimum.

Note: Remember to setup the OPC servers CIMPLICITY project security. See the section CIMPLICITY Project Security for more information.

OPC Client Setup Steps

Note: These steps are only valid if the OPC client does not programmatically configure the DCOM security settings. Consult with the OPC client documentation to determine if DCOM security settings are setup by the application directly. 1. Create registry settings to reference the OPC Server if the OPC client applications is on a different computer node. Follow the instructions in the section Registry Settings for Off-Node Clients. Invoke DCOMCNFG on the computer node where the OPC client is installed. Select the tab Default Properties. Turn on DCOM for this computer node by checking the option Enable Distributed COM on this computer. Set the Default Authentication Level to (None). Set the Default Impersonation Level to Identify.

2. 3.

DCOM Configuration Guidelines

This section presents general guidelines for tightening DCOM security settings for CIMPLICITY HMI OPC Server / OPC client interactions. This list of guidelines is not exhaustive. It is assumed the reader is familiar with Window security issues and DCOM security in particular. The issue of security in an automation environment is currently being addressed by an OPC Foundation working committee.

Note: Whenever possible, try to use DCOMCNFG settings that are custom to the CIMPLICITY HMI OPC Server. This has two benefits; one, as the OPC server is setup for initial use, the behavior of other COM objects installed on the same computer node is not affected and two, future changes to other COM object DCOM security settings do not affect the behavior of a correctly operating CIMPLICITY HMI OPC server. Enable authentication security by setting the DCOMCNFG Default Authentication Level at a level of at least Connect. If you are running DCOMCNFG supplied with SP4, then ensure that the Authentication Level custom setting is set to at least the level Connect. Once authentication is enabled, DCOM security will attempt to verify the user identities of both the OPC server and the OPC client. Thus, user accounts must be setup correctly if the OPC Server is on one computer node and the client is on another computer node. See the guideline below on domain authentication setup. In a peer-to-peer network, the user account under which the OPC server is running must also exist on the OPC client machine, and vice versa.

GFK-1675

Using the CIMPLICITY HMI OPC Server User Interface

4-17

Enable CIMPLICITY HMI OPC Server activation security by specifying known users and / or groups in the DCOMCNFG Use custom launch permissions option for the OPC Server. As a general rule, the activation security should always be more restricted than the authorization security. This prevents the situation where an OPC client can activate the CIMPLICITY HMI OPC Server, but cannot use the OPC Server objects. To restrict access of OPC clients to a CIMPLICITY HMI OPC Server that is already running (authorization security), modify the access control list (ACL) of the OPC server by editing the Use custom access permissions option of DCOMCNFG. A domain authentication architecture provides the lowest cost solution (from a maintenance perspective) for DCOM security. If you are using a domain, then follow these general setup guidelines: 1. 2. 3. Create a new domain group. Users part of this group will be allowed to launch the CIMPLICITY HMI OPC Server and access its objects. Add the new group to the launch permissions and access permissions ACL for the CIMPLICITY HMI OPC Server. Do this using DCOMCNFG. Make all user accounts that run an OPC client application part of this new group.

Registry Settings for Off-Node Clients

Remote OPC client applications (i.e. client applications that run on a computer node other than the one running the CIMPLICITY HMI OPC Server) do not have to have CIMPLICITY HMI software installed on a remote machine in order to access the CIMPLICITY HMI OPC Server. A remote OPC client registry entry file (CIMOpcServer.reg) ships with the OPC server. The registry entries in this file allow an OPC client application to reference the OPC server on another node. Follow the steps below to setup CIMPLICITY HMI OPC Server access from a remote node. 1. 2. Log onto the remote computer node using an account with administrator privileges. ng Window explorer (or a similar file navigation utility), access the file named CIMOpcServer.reg. This file is installed on the same computer node as the CIMPLICITY HMI product. ble-click on the file to update the registry. ng the DCOMCNFG utility, select the tab Applications and double click on the application labeled CIMPLICITY HMI OPC Server (see graphic below).

3. 4.

4-18

CIMPLICITY OPC Server Operation ManualApril 1999

GFK-1675

5.

Select the Location tab. Type in the node name where the CIMPLICITY HMI OPC server is installed. In the example below, the OPC Server is installed on the MANUFACTURING node.

6.

Select the General tab. An example of this sheet is shown below. It shows that the CIMPLICITY HMI OPC Server object is registered on this machine, but points to another node (MANUFACTURING) for activation / access of the object.

GFK-1675

Using the CIMPLICITY HMI OPC Server User Interface

4-19

7.

A client application on the remote node should now be able to reference the CIMPLICITY HMI OPC Server (given that DCOM security issues have been addressed). The ProgID of the OPC Server is CIMPLICITY.HMI.OPCServer and the CLSID is {B01241E8-921B-11d2-B43F-204C4F4F5020}.

4-20

CIMPLICITY OPC Server Operation ManualApril 1999

GFK-1675