Dcom security and Configuration



Download 311.88 Kb.
View original pdf
Page4/19
Date08.08.2023
Size311.88 Kb.
#61821
1   2   3   4   5   6   7   8   9   ...   19
dcom security and configuration 12-19-2022
Prerequisites

Configuring operating system settings

Configure DCOM settings for the OPC client node

Configure DCOM settings for the OPC server node

Authentication
Prerequisites
To configure DCOM, you must log into the computer with an account that has local administrator privileges.
DCOM configuration depends on how the OPC server and OPC client are deployed:
Same computer
Even though OPC client and server programs running on the same computer do not use DCOM
(Distributed COM) to communicate, COM security is still in play. The default settings should allow the interface to work. If instantiation/communication problems are encountered between the interface and
OPC Server in this mode, review/configure the COM permissions. COM permissions are configured using the DCOMCNFG utility, as described in this guide.
Different computers, same Windows domain
Grant DCOM permissions to domain accounts.
Different computers, no common Windows domain
Grant DCOM permissions to identical local accounts on both the server and client computers.

Connectivity of OPC server and client

Required accounts

Virtual service accounts

Security configuration for PI Interface for OPC DA

Set permissions for directories that contain OPC executables
Parent topic:
DCOM configurations for OPC
Connectivity of OPC server and client
Page 7
©2022 AVEVA Group plc and its subsidiaries. All rights reserved.
DCOM Security and Configuration
DCOM configurations for OPC

If the OPC server and OPC client reside on different computers, check connectivity before configuring your OPC
server and OPC client computers for DCOM:
• Verify that the server and client can connect to each other on the network and that port 135 is open (use telnet If port 135 is not open, check for issues related to a firewall or other network restrictions After that initial connection, the Service Control Manager will inform the client what port should be used for further communication. The chosen port could be any port within the ephemeral port range XP/Win2K3: 1024-4999
• Vista and later 49152-65535
• You should also open a range of ports above port 5000. Port numbers below 5000 may already be in use by other applications and could cause conflicts with your DCOM applications. Furthermore, previous experience shows that a minimum of 100 ports should be opened, because several system services rely on these RPC ports to communicate with each other
Note: OPC operations use asynchronous callbacks. During callbacks, the OPC client becomes a DCOM server, and the OPC server becomes a DCOM client. When a server makes a callback to a client, it creates anew connection to the client and sends method calls over a separate TCP channel. The same dynamic port allocation, as described above, takes place in the OPC client side. This dynamic port allocation, in this ephemeral port range,
makes DCOM a "firewall unfriendly" protocol.
For more information, seethe OSIsoft Knowledge Base topic Configuring ports for DCOM for use with the OPC
Interface. NAT and Firewall considerations.

Download 311.88 Kb.

Share with your friends:
1   2   3   4   5   6   7   8   9   ...   19




The database is protected by copyright ©ininet.org 2024
send message

    Main page