Vijeo Citect Architecture and Redundancy

Study Guide
Version 7.30

Schneider-Electric Pty (Australia) Ltd

78 Waterloo Road
Macquarie Park
NSW 2113
Australia

DISCLAIMER
Schneider Electric makes no representations or warranties with respect to this manual and, to the maximum extent permitted by law, expressly limits its liability for
breach of any warranty that may be implied to the replacement of this manual with another. Furthermore, Schneider Electric reserves the right to revise this
publication at any time without incurring an obligation to notify any person of the revision.
The information provided in this documentation contains general descriptions and/or technical characteristics of the performance of the products contained herein.
This documentation is not intended as a substitute for and is not to be used for determining suitability or reliability of these products for specific user applications. It is
the duty of any such user or integrator to perform the appropriate and complete risk analysis, evaluation and testing of the products with respect to the relevant specific
application or use thereof. Neither Schneider Electric nor any of its affiliates or subsidiaries shall be responsible or liable for misuse of the information that is
contained herein. If you have any suggestions for improvements or amendments or have found errors in this publication, please notify us.
All pertinent state, regional, and local safety regulations must be observed when installing and using this product. For reasons of safety and to help ensure compliance
with documented system data, only the manufacturer should perform repairs to components.
When devices are used for applications with technical safety requirements, the relevant instructions must be followed.
Failure to use Schneider Electric software or approved software with our hardware products may result in injury, harm, or improper operating results.
Failure to observe this information can result in injury or equipment damage.
2006 - 2013 Schneider Electric. All rights reserved.

Schneider Electric
Vijeo Citect Architecture and Redundancy Study Guide
INTRODUCTION AND LEGAL NOTICE
Your purchase of this official Vijeo Citect Upgrade Training Manual entitles you to undertake the Vijeo Citect Upgrade training course.
Satisfactory completion of the course evaluation is mandatory for you to obtain a Schneider Electric certificate of completion of the training course.
The contents of this manual are proprietary to Schneider Electric and all rights, including copyright, are reserved by Schneider Electric. No part of this document may
be reproduced in any form or by any means, electronic or mechanical, including photocopying, without express written permission of Schneider Electric.
Schneider Electric will not accept any liability for action taken in reliance on this training manual.

TRADEMARKS
Schneider Electric has made every effort to supply trademark information about company names, products and services mentioned in this manual. Trademarks shown
below were derived from various sources.
Vijeo Citect, CitectSCADA, Cicode, Vijeo Historian, CitectHistorian, and Ampla are trademarks owned by Schneider Electric Industry SAS or its affiliated
companies. All other trademarks are the property of their respective owners.
ActiveX, Excel, Internet Explorer, Microsoft .NET, SQL Server, Windows, Windows Server, Windows XP, Windows Vista and Windows 7 are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
SafeNet Sentinel is a trademark of Sentinel, Inc.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions.
PI is a registered trademark of OSIsoft, Inc.
General Notice:
Some product names used in this manual are used for identification purposes only and may be trademarks of their respective companies.

Validity Note
The present documentation is intended for qualified technical personnel responsible for the implementation, operation and maintenance of the products described. It
contains information necessary for the proper use of the products.
Electrical equipment should be installed, operated, serviced, and maintained only by qualified personnel. No responsibility is assumed by Schneider Electric for any
consequences arising out of the use of this material.
A qualified person is one who has skills and knowledge related to the construction and operation of the electrical equipment and installations and has received safety
training to recognize and avoid the hazards involved.

May 2013 Edition for v7.30

Manual Release 1

ii

Version 7.30

May 2013

Contents
CHAPTER 1:

V7.30 ARCHITECTURE AND REDUNDANCY EXAM TOPICS OVERVIEW1-1

Vijeo Citect Architecture ............................................................................................... 1-2

On-line Changes ............................................................................................................ 1-5
Clustered Control System .............................................................................................. 1-9
Redundancy ................................................................................................................. 1-11
Web Client ................................................................................................................... 1-12
System Security ........................................................................................................... 1-13

Architecture and Redundancy Exam

Manual Release 1

iii

Chapter 1: v7.30 Architecture and Redundancy

Exam Topics Overview
Introduction

You can configure a Vijeo Citect monitoring and control system to suit any
industrial application. Vijeo Citect has been designed with flexibility in mind,
so you can design a system to suit your exact requirements.
Vijeo Citect suits both small and large applications. Since Vijeo Citect has a
flexible architecture it will keep pace with your plant and information
requirements as they change and expand.
Whilst reliability is a key feature of computer hardware breakdowns do occur. It
is for this reason that Redundancy is designed into Vijeo Citect and can be
implemented without changing the project configuration .

This Chapter Covers These Topics:

Vijeo Citect Architecture

1-2

On-line Changes

1-5

Clustered Control System

1-9

Redundancy

1-11

Web Client

1-12

System Security

1-13

Architecture and Redundancy Exam

Manual Release 1

1-1

Vijeo Citect Architecture

How Vijeo Citect
is Structured,
Client/Server

As well as being a client, any computer in a Vijeo Citect system may act as an
Alarm, Report, Trend or I/O server. Clearly in a larger environment, server
tasks will be dedicated to individual servers, but small sites could reasonably
configure a single computer to handle all server and client functionality.
The diagram shows each of the duties assigned to individual computers, but
Vijeo Citect permits all of these to be configured on a single computer.

Note:
Windows XP supports a maximum of 10 inbound client connections. More
than one of these might be used by a single remote computer, for instance a
client and a file share would each consume a connection.
A Windows server product must be used if more than 10 connections are
required.

1-2

Version 7.30

May 2013

Vijeo Citect Architecture (cont.)

Rules of
Clustering

When configuring Vijeo Citect the following rules apply:

Each Cluster must have a unique name.
Each Server component must belong to one Cluster.
Each Server component must have a unique name within the Cluster.
Each Cluster contains only one pair of Alarm Servers. Those Servers,
which are redundant to each other, must reside on different computers.
Each Cluster contains only one pair of Report Servers. As with the
Alarm Servers, those redundant Servers must reside on different
computers.
Each Cluster contains only one pair of Trend Servers. Again, those
redundant Servers must reside on different computers.
Each Cluster can contain an unlimited number of I/O Servers (up to the
limit of 16,383 I/O Devices). It is possible to have more than one I/O
Server on the same computer as long as they are in different Clusters.
The diagram below is an example of a Vijeo Citect system running with two
Clusters across three machines. All Server and Client components have been
deployed in accordance with the clustering rules.

OPC DA Server

The OPC Data Access solution (OPC DA) provides specifications for client
and server applications that are focused on the continuous communication of
real-time data. To this end, Vijeo Citect supports a runtime OPC DA server that
implements the mandatory OPC DA v2.05 and OPC DA v3 interface
specifications.
This allows Vijeo Citect to provide real-time data to any compliant OPC DA
Clients, including applications such as AMPLATM, OSI-PI and Historian.

Architecture and Redundancy Exam

Manual Release 1

1-3

Vijeo Citect Architecture (cont.)

Suggested
Exercises

Use these suggested exercises to increase your understanding of the topic.

Set up a project that is networked across several computers.
Configure an I/O Server
Configure a Citect cluster with different computers taking the I/O,
Trend, Alarm and Report Server roles.
Configure a Global Client to connect to two separate Citect clusters.
Create a new tag and extension to a graphics page. Test that the on-line
changes system will correctly propagate the update.
Configure an OPC DA Server and connect to it.

Further Reading

Use the following references to assist your understanding of the topic.

Vijeo Citect Help Topic - Computer Role Configuration.
Vijeo Citect Help Topic - LAN Parameters.
Vijeo Citect Help Topic - Clustering.
Vijeo Citect Help Topic - Rules of Clustering.
Vijeo Citect Help Topic Configuring an OPC DA Server
Knowledge Base Article Q3943: Implications for Citect and Microsoft
Windows XP Service Pack 2.

1-4

Version 7.30

May 2013

On-line Changes
Clients Update
without being
Reinitialised

Vijeo Citect Clients from Version 7.0 onwards don't require configuration
updates or restarts when changes are made on the Server. When any Alarm,
Trend or Variable Tag is added, removed or updated on the Server side, Clients
will not require updates or restarts for them to adjust to the new configuration.
Only the Server needs to be restarted or (effective from V7.30) reloaded.
When a Trend, Alarm or I/O Server is restarted with an updated
configuration, Clients currently running will adjust automatically to the
changes without requiring restart.
Rather than browsing the local trend database to provide a list of trends,
a Trend Client will now ask the Trend Server for a list of trends.
The Alarm Client has been changed to recognise when the Server
connection has been changed or restored, check whether the alarm
configuration is still the same, and flush its local cache if needed to
ensure any data is correct.
Reloading a Server will not interrupt the execution of the Clients; they
will continue processing the existing Alarms or Trends until the reload
is completed, when the new items will become available.

How Online
Changes Work

When a system has been configured so that Clients are able to be updated
Online all changes take place on the Server. The Clients are able to update their
information because they are linked to a central project or the COPY parameter
has been used and the local project will update when changes are detected.

Architecture and Redundancy Exam

Manual Release 1

1-5

Online Changes (cont.)

How Online
Changes Work
(cont.)

When a change to the project is made on the Server, the Server must be
reloaded. If the Server is providing more than one type of Server functionality,
Multi-Process mode allows the user to reload that process only with the
Runtime Manager.
Once the Server is reloaded, the changes are transferred to the Clients and are
available online. During the reload operation, the existing compliment of
Alarms, Trends etc will continue to be available to Clients; once the reload is
complete, the new items will automatically become available.

1-6

Version 7.30

May 2013

Online Changes (cont.)

How Online
Changes Work
(cont.)

All servers can be reloaded from the Runtime Manager located in the system
tray except for the I/O Server which only has a Restart option.

Note:
There are a number of limits on exactly what will change without a reload based
on the wider impact of the change. These limits are detailed in the Vijeo Citect
Help - Effects of Server Reload on Servers.

Restart vs.
Reload

The startup of any server may be divided into two discrete stages. Firstly it
must identify how it is to be configured and secondly, it must determine what it
has to do. For an Alarm Server the first stage would include log file locations
and other such information while the second stage would be to create the list of
actual alarms with which it has to operate.
A Server Restart reinitialises both stages while a Reload only attends to the list
of things it must do. As an analogy, consider a band on stage. It could be
assumed that getting the instruments ready on the stage and all the sound
equipment performing properly would be the first stage described above, while
the handwritten list of songs taped to the keyboard player's instrument is the
second.
With that in mind, it is obvious that reinitialising the equipment is a very
difficult task, while changing the list of songs is trivial to achieve midperformance.

Architecture and Redundancy Exam

Manual Release 1

1-7

On-line Changes (cont.)

Suggested
Exercises

Use these suggested exercises to increase your understanding of the topic.

Enable the COPY parameter on client computers and make changes at
the primary computer to determine how and when changes are
propagated.
Work with Server Reload and Restart to determine the differences and
when each is required.

Further Reading

Use the following references to assist your understanding of the topic.

Vijeo Citect Help Topic - Server Side Online Changes.
Vijeo Citect Help Topic - Client Side Online Changes.
Vijeo Citect Help Topic - ServerReload.
Vijeo Citect Help Topic - Running the System.

1-8

Version 7.30

May 2013

Clustered Control System

Combine Discrete
Sites

A clustered system allows discrete sites being controlled by local operators to

be viewed by a global Control Client. A typical cluster consists of a Primary
and Standby Server providing Alarm, Trend, Report and I/O Servers support.
The cluster may also have local Vijeo Citect Clients and several other I/O
Servers. A Citect Cluster is typically a plant or in the case of very large or
distributed plants, a Cluster may be a section of a plant.

Each site is represented in the project with a separate Cluster, grouping its
Primary and Standby Servers. Clients at each site are only interested in the local
Cluster, whereas Clients at the central control room are able to view all
Clusters.
The deployment of a control room scenario is fairly straightforward, as each site
can be addressed independently within its own Cluster. The control room itself
only needs Control Clients.

Architecture and Redundancy Exam

Manual Release 1

1-9

Clustered Control System (cont.)

Suggested
Exercises

Use these suggested exercises to increase your understanding of the topic.

Create a complex 'Global' project which combines two other active
projects.
Compile the combined project and seek to understand what compile
errors are generated and how they should best be addressed.
Determine how to apply "cluster context" to Tags, Objects, Pages etc.

Further Reading

Use the following references to assist your understanding of the topic.

Vijeo Citect Help Topic - Cluster context rules.
Vijeo Citect Help Topic - About cluster context.
Vijeo Citect Help Topic - Clustered control system.
Knowledge Base Article Q5238: Using tag names in pages and Cicode
with multi-clusters.

1-10

Version 7.30

May 2013

Redundancy
Why Use
Redundancy?

Many industrial plants cannot afford to have their Vijeo Citect monitoring
system fail at any time. Building redundancy into your system can prevent the
loss of control and monitoring of your Vijeo Citect system.

Suggested
Exercises

Use these suggested exercises to increase your understanding of the topic.

Create a project with a Primary and Standby I/O Server.
Configure the Servers to also act as redundant Trend, Report and Alarm
Servers.
Add File Server Redundancy to the system.
Configure a redundant Disk I/O Device.
Disable the Primary Server and change some of the values on the
Standby.
Re-enable the Primary Server and watch what happens.

Further Reading

Use the following references to assist your understanding of the topic.

Vijeo Citect Help Topic - Building Redundancy into Your System.
Vijeo Citect Help Topic - Data Path Redundancy
Vijeo Citect Help Topic - Multiple Device Redundancy (Standby Data
Paths)
Knowledge Base Article Q2228: Configuring a Redundant Disk PLC.
Knowledge Base Article Q3723: Trend Redundancy Backfilling.
Knowledge Base Article Q1378: Using Citect with Redundant LANs.

Architecture and Redundancy Exam

Manual Release 1

1-11

Web Client
Vijeo Citect
through Internet
Explorer

The Vijeo Citect Web Client allows you to view a live Vijeo Citect project
within a Web browser. It provides easy access to Vijeo Citect Runtime for
LAN-connected users requiring read/write access to current production
information.
The Vijeo Citect Web Client Help has a procedural structure that is intended to
guide you through the steps required to successfully set up a Web Client
system.
To ensure a successful installation, it is recommended that you initially
familiarise yourself with the System architecture, and then work your way
through the following topics, as they logically guide you through the set up
process.

Stage

Description

Installation

Covers the hardware and software requirements, the process

for installing the Web Server software, and an explanation of
what gets installed.
Describes the different types of client accounts supported by
the Web Server and their access rights.
Describes how to prepare the Web Server for secure
communication and how to set up client accounts.
Explains the adjustments that need to be made to a Vijeo Citect
project prior to deployment on the Web Server.
Describes how to deploy a project on the Web Server, by
identifying its source location and associated servers.
if required, there are several language options you can
implement on the Web Server interface.

Web Client user account

types
Setting up Security
Preparing a Vijeo Citect
project for deployment
Configuring a deployment
Implementing multiple
language support

Frequently Asked
Questions

If you have worked your way through the procedures outlined above and are
still having problems, there is a Frequently Asked Questions section, within the
Vijeo Citect Help Using the Web Client topic, to help resolve some of the
problems that may be encountered.

Suggested
Exercises

Use these suggested exercises to increase your understanding of the topic.

Set up a Web Server.
Set up the Windows Security for the necessary Web Client Users.
Deploy your Project.
Connect using Internet Explorer.
Attend a Vijeo Citect Architecture and Redundancy Exam Study Guide
where Web Client is examined in great detail.

Further Reading

Use the following references to assist your understanding of the topic.

Vijeo Citect Help Topic - Vijeo Citect Web Client.

1-12

Version 7.30

May 2013

System Security
Aspects of
Security

This section of the exam deals with a variety of security topics within the
contexts of Server and User Authentication. Most of these topics have evolved
as a direct response to the growing concerns about security in SCADA systems
world-wide.

The Server User

Using the credentials provided, a Server User will be automatically logged in to

the server processes on the current computer, giving any Cicode run from that
Server, the privilege level of this Server User.
This user has nothing to do with the Runtime Manager or any processes related
to it, only Cicode tasks.
Note:
The Server User configuration screen is only available when the Computer
Setup Wizard is configured for Multi-Process.
There are three options for the Server user.
Default Server User

None
Specific User

Architecture and Redundancy Exam

All Cicode will be run on the Server as if it is owned

by a user with full access to all areas and all
privileges - this is an internally defined 'virtual' user.
Any Cicode function requiring a Privilege level on
the server will fail to run.
The user must be either a known user in the current
project or a valid Windows user connected to the
project via the Windows groups feature described in
Assign Windows Groups to Roles.

Manual Release 1

1-13

System Security (cont.)

Job Type
Templates

Windows Integrated Security uses Role based security definitions that focus on the
Areas and Permissions of a Job Type rather than the identity of any one person.

Roles act as templates that define the Areas and Permissions for users who are
included in a linked Windows Group.

1-14

Version 7.30

May 2013

System Security (cont.)

High Level
Authorisation

When a Windows user is logged on to a runtime system with the associated

privileges and areas of the role to which the user belongs, there are times when
a higher level authorisation is required for the user to perform certain actions.
An example of this is in the Pharmaceutical Industry in the United States where
FDA guidelines on electronic records and electronic signatures are defined in
Title 21 CFR Part 11 of the Code of Federal Regulations. One of the
requirements in this code is that electronic signatures must be countersigned by
more than one person.
In order to comply with regulations such as these Vijeo Citect has developed
Multi Signature Support. The MultiSignatureForm function can be displayed
through a Cicode form to allow countersigning of an operation by another user
who has the required level of privilege.

The MultiSignatureForm function displays a form that allows up to four users to

have their credentials verified in order to approve an operation. The usernames
can be native Vijeo Citect or Windows Integrated Security users.
Suggested
Exercises

Use these suggested exercises to increase your understanding of the topic.

Create Vijeo Citect Roles linked to Windows groups.
Configure an object on a page to use multi-signature support.
Configure a Server User using the various options to determine the
effect of each.

Further Reading

Use the following references to assist your understanding of the topic.

Vijeo Citect Help Topic - Adding Roles.
Vijeo Citect Help Topic - Adding groups and users in Windows
security.
Vijeo Citect Help Topic - Roles.
Vijeo Citect Help Topic - Using CitectSCADA Security.
Vijeo Citect Help Topic - Multi-Signature Support.
Vijeo Citect Help MultiSignatureForm.
Vijeo Citect Customisation and Design Course.

Architecture and Redundancy Exam

Manual Release 1

1-15