Hi Claes, Hi all,
I try to find a easy way to realize a remote operator station (through internet) to connect to a process station.
As Proview implement OPC xml DA standard , is-it possible to use this feature without other aditionnal softwares (like a Apache web server or other various OPC gateways)?
My goal is to use the variables from the OPC server (process station) to anime the graphs that host on the remote operator station.
The project is to manage a micro hydroelectric station with: 2 Proview stations (remote operator and local process) , read process variables (voltage, power,..., generator speed, alarmes) and also permit some actions like resets alarm bits.
Is-there specific attentions to apply regarding the web security rulls with this OPC xml connections (firewall rulls, specific IP port to use,...) ?
Thanks a lot for your help.
/Ben

Hi Ben,

OPC XML DA is a direct http communication between the client and server, so you don't need any additional web server. You specify the port number in the OPC_ServerConfig object and this port has to be open in the firewall. OPC doesn't support object orientation so the object three in the client is not exactly the same as in the server. H1-Ai1.ActualValue will be H1-Ai1-ActualValue.Value, thus you have to create special graphs, and object graphs for example will not work. Alarms and events are not implemented in OPC XML DA.

You could also try to use the ordinary QCOM communication. The QCOM timeout time can be increased in NodeConfig.QComMinResendTime. Default is 50 ms but to allow slower network you can increase this to for example 1 s. rt_xtt can be started in an 'network optimized' mode with the -n option. QCom uses the port 55000 + QCom bus id which has to be opened in the firewall.

/Claes

Hi Claes,
thanks a lot for your response.
I have another questions...

In my project I have two OPC client stations (one for operator and historical station, and one for operator station) and several OPC server stations (process stations).

Q#1: Can I have more than one OPC server connect to the OPC clients in the same time?

In each operator stations I plan to have one graph animed with real-time variables from 2 or 3 process stations.
I am not expert with network managing and I am a little bit concerned with the cybersecurity regarding to the OPC servers.

Q"2: What is the primary security rules we have to apply ?

I note we use the OPC_ServerConfig to set the autorized IP addresses (and ports) and the firewall filtering rules.

Q#3: is there anothers system parts (process station) we have to securize?
greetings.

/Ben

Hi Ben,

It's possible to connect to several OPC servers. You start one opc_provider process for each server and the opc_provider processes should have different volumes and mount objects.

The idea was that it should be possible to allow conections only to specific ip addresses, and to choose whether they should have ReadWrite or ReadOnly access. When I look in the code though there is
a 'grant_all' variable that disables all this and allows any onnection and gives ReadWrite access to all. Maybe you can make a rule for ip address and port in the firewall instead.

Other security considerations is to change the password on user pwrp, and also change password (or disable) the users b55, b66 and skiftel.

/Claes

Hi Claes,
To provide a more secure client/server connection maybe is-it possible to encapsulate the OPC com in a SSH tunnel (OpenSSH)?
have you already test this possibility?
Thanks.
/Ben

Hi Ben,

I'm afraid we have no experience of that.

/Claes