R121 Prerequisites Document

HONEYWELL TRACE TM

DOCUMENTATION AND CHANGE MANAGEMENT SOFTWARE FOR BETTER DECISIONS

ABOUT THIS DOCUMENT

This document is intended to help users plan a Trace installation.

Connected Mode - Honeywell Trace Installed at L3 and L3.5

L2 DOMAIN CONTROLLER TRICONEX

L2 SWITCH GREEN

L3 SWITCH

L3.5 DOMAIN CONTROLLER

PHD DATABASE SERVER / SHADOW SERVER

L3.5 SWITCH (DMZ)

L2 SWITCH YELLOW

FSC SPI

BUSINESS NETWORK L3.5 TRACE SERVER

(OPTIONAL)

L4 DOMAIN CONTROLLER

INTERNET / INTRANET

SAFETY MANAGER

LEVEL 4 NETWORK

LEVEL 3.5 NETWORK (DMZ)

LEVEL 3 NETWORK

LEVEL 2 NETWORK

ROUTER

FIREWALL

L3 DOMAIN CONTROLLER

OSIPI PROCESS NETWORK L3 TRACE SERVER

L3 TRACE CLIENT

ESV (A/B)

EXPERION CLUSTER

ES-C

PHD COLLECTOR

ESV-T (A/B)

INTEGRATED EXPERION CLUSTER

ES-T

BUSINESS NETWORK L4 TRACE CLIENT

L3.5 TRACE CLIENT

Connected Mode - Honeywell Trace Installed at L3 and L4 With Relay Server

L2 DOMAIN CONTROLLER TRICONEX

L2 SWITCH GREEN

L3 SWITCH

L3.5 DOMAIN CONTROLLER

PHD DATABASE SERVER / SHADOW SERVER

L3.5 SWITCH (DMZ)

L2 SWITCH YELLOW

FSC SPI

L4 DOMAIN CONTROLLER

INTERNET / INTRANET

SAFETY MANAGER

LEVEL 4 NETWORK

LEVEL 3.5 NETWORK (DMZ)

LEVEL 3 NETWORK

LEVEL 2 NETWORK

ROUTER

FIREWALL

L3 DOMAIN CONTROLLER

OSIPI PROCESS NETWORK L3 TRACE SERVER

L3 TRACE CLIENT

PHD COLLECTOR

ESV (A/B)

EXPERION CLUSTER

ES-C ESV-T (A/B)

INTEGRATED EXPERION CLUSTER

ES-T

BUSINESS NETWORK L4 TRACE CLIENT

L3.5 TRACE CLIENT

BUSINESS NETWORK L4 TRACE SERVER

RELAY SERVER (PROXY+)

Honeywell Trace Architecture – Offline Mode

L2 DOMAIN CONTROLLER

TRICONEX

L2 SWITCH GREEN

PHD COLLECTOR

L2 SWITCH YELLOW

FSC SPISAFETY MANAGER

LEVEL 2 NETWORK

CENTRAL OFFICE WITH OFFLINE TRACE SERVER

L3 DOMAIN CONTROLLER

OSIPI

L3 SWITCH

OFFLINE DATA COLLECTOR *

LEVEL 3 NETWORK

DATA COLLECTION IS DONE & PACKAGE FILE IS COPIED TO A LAPTOP / PORTBALE DRIVE

ROUTER

REMOTE SITE WITH OFFLINE DATA COLLECTOR

OFFLINE TRACE SERVER

TRACE CLIENT

DOMAIN CONTROLLER

LEVEL 3 NETWORK

PACKAGE FILE IS COPIED FROM LAPTOP / PORTBALE DRIVE

PACKAGE FILE IS PHYSICALLY TRANSPORTED FROM SITE TO CENTRAL OFFICE

OFFLINE DATA COLLECTOR *

ESV (A/B)

EXPERION CLUSTER

ES-C ESV-T (A/B)

INTEGRATED EXPERION CLUSTER

ES-T

* OFFLINE DATA COLLECTOR CAN BE AT LEVEL 2 OR LEVEL 3

FOR L3-L3.5 AND L3-L4 CONNECTIONS, SEE CONNECTED MODE

Hardware / Software Requirements

Trace Server / Offline Trace Server * Offline Data Collector Remote Node

Ready (√)

Ready (√)

Ready (√)

Ready (√)

Where to install?

L3 L3L2

Client node of selected systemL3.5 / L4

Hardware (minimum required)

For 50, 000 to 200,000 tags

Server ModelPowerEdge

R430

Hard DiskRAID 5 500 GB X

4Sufficient disk space

to store collected data

Sufficient disk space to store collected

data

RAM 32 GB 500 MB 500 MB

CPU16 Core 2.5 MB

Cache/Core

Processor

Intel® Xeon® (2 processors)

E5-2630 v3 2.4GHz

Virtual machine

For 50,000 tags For 200,000 tags

NA NA

Hard Disk 500 GB 1 TB

RAM 16 GB 32 GB

CPU5 Core

8 MB Cache16 Core

2.5 MB Cache/Core

Reservation 12 GB 24 GB

Software (supported)

OS

Microsoft Windows Server 2016 Standard 64-bit Windows 7 (32 / 64-

bit)

Minimum: Windows XP

Professional SP 3 or later (32 / 64 bit)

Microsoft Windows Server 2012 R2 Standard 64-bit Windows 2012

Server

Recommended: Windows OS later

than Win XP

Windows 2016 Server

Web browserMicrosoft Internet Explorer 11 Internet Explorer 11 Internet Explorer 11

Google Chrome V 50 or later Chrome V 50 or later Chrome V 50 or later

* The Offline Trace Server resembles the Honeywell Trace Server in all respects except that you cannot perform data collection on it as it does not have network connectivity with remote nodes. Instead, the package created by the Offline Data Collector is uploaded to create the snapshot.

PLANNING

USER GROUPS / USERS

PLANNING

Domain Workgroup

Do this first Run script on Domain ControllerUpdate “Hosts” file on Honeywell Trace Server,

Remote node, and all client nodes.

Person doing the installation must • Run as Administrator

• Belong to Domain Admin groupBelong to Local Administrators group

User groups

Run the script to create these groups. If not

using the script, manually create these

groups

• LSS-PT Engineers

• LSS-PT Managers

• LSS-PT Product admin

• LSS-PT Report Users

• LSS-PT DataCollection

• LSS-PT License

Created by installer. (manual creation not

required)

ptwebuserRun the script to create this user. If not using

the script, manually create this user.

Created by installer. (manual creation not required)

1. Assign domain users (if they already exist) to these groups. 2. If domain users do not exist already, create domain users (WebClientUser1, WebClientUser2, … WebClientUserN) and then associate them to groups

Assign domain users to one or multiple groups based on their role

• LSS-PT Engineers

• LSS-PT Managers

• LSS-PT Product admin

• LSS-PT Report Users

Not Applicable

Create these users manually and assign to groups

Create users: • WebClientUser1 • WebClientUser2 … • WebClientUserN

Assign the users you create to one or multiple groups based on the role: • LSS-PT Engineers • LSS-PT Managers • LSS-PT Product admin • LSS-PT Report Users

System Supported Version

Description License requirement

Experion PKS Process

Server

• R311.1

• R400

• R410

• R430

• R431

• R500

• R501

Flex node (You can either install a Remote Node package or

Disconnected Mode. NOT both.)

01 license per Experion

cluster

ES-C node

Experion Server B

(contains the System Performance (IAA) package only)

TPS R6xx or later ES-T node 01 license per LCN

GUS node (running Windows XP SP3 or later)

ESVT-B node (contains the System Performance (IAA) package

only)

Experion Integrated TPS R400 or later ES-T node 01 Experion Integrated TPS

license = 01 TPS + 05 ESVESVT-B node (contains the System Performance (IAA) package

only)

ATTENTION: GUS node is not supported for this system.

Safety Manager • R13x.x

• R14x.x

• R15x.x

Safety Builder node.

For manual collection, any node on which plant data is copied.

01 license per plant

(not per controller)

Triconex Tristation v4.6 Tristation node

For manual collection, any node on which plant data is copied.

01 license per controller

PHD R300

R310

R320

PHD Data Collector node 01 license per PHD collector

FSC R7xx or later FSC Builder node

For manual collection, any node on which plant data is copied.

01 license per controller

OSIPI 2015 version

(3.4.395)

OSIPI node where database is available 01 license per OSIPI

database server

SPI SPI 2009 SPI node 01 license

REMOTE NODE – SUPPORTED SYSTEMS & LICENSES REQUIRED

PLANNING

Domain Workgroup

If installing on L3.5

• On the L3.5 Domain Controller, run the script

provided to create groups and then add selected

WebClient users to the LSSPT Application User

group manually.

• Establish trust between L3.5 Domain Controller

and L4 Domain Controller. This is to access data

from L4 client nodes.

Create webclient users and them to the LSSPT

Application User group manually

CROSS DOMAIN ACCESS – ENABLE COMMUNICATION BETWEEN L3 & L3.5/L4

Firewall configuration

Between Open physical firewall port

L3 and L3.5/L4 TCP 443 (https)

If there is a Firewall between L3 Trace

node & client nodes

• 139, 445 (for TCP)

• 137, 138 (for UDP)

• TCP 5985 (Windows XP)

• TCP 5986 (later versions of Windows)

Update Hosts File

In domain topology, to communicate between

Update Hosts file on L3 node with this information

L3 node - L3.5 node

10.10.10.XX L3-5-Trace.domain.com where, 10.10.10.XX is the IP address of the L3.5 Trace node L3-5-Trace.domain.com is the Fully Qualified Domain Name (FQDN) of the L3.5 Trace node Note that the IPs and names mentioned are examples only.

Domain Workgroup

If installing on L4

• Install and configure Relay Server (Proxy+) node at the L3.5 level (DMZ)

• On L4 Domain Controller, run the script to create groups and then add selected webclient users to the LSSPT Application User group manually.

Install and configure Relay Server (Proxy+) node at L3.5 (DMZ).

CROSS DOMAIN ACCESS – ENABLE COMMUNICATION BETWEEN L3 & L4 USING RELAY SERVER (PROXY+)

Firewall configuration

Between Open physical firewall port

L3 and L3.5/L4 TCP 443 (https)

If there is a Firewall between L3 Trace

node & client nodes

• 139, 445 (for TCP)

• 137, 138 (for UDP)

• TCP 5985 (Windows XP)

• TCP 5986 (later versions of Windows)

Update Hosts File on the L3 and Relay Server (Proxy+) node

In domain topology, to communicate between

Update Hosts file on L3 node with this information

L3 node – L4 node

10.10.10.YY L4-Trace.domain.com where, 10.10.10.YY is the IP address of the Relay Server (Proxy +) L4-Trace.domain.com is the Fully Qualified Domain Name (FQDN) of the L4 Trace node On the Proxy + node 11.11.11.XX L4-Trace.domain.com where, 11.11.11.XX is the IP address of the L4 node L4-Trace.domain.com is the Fully Qualified Domain Name (FQDN) of the L4 Trace node Note that the IPs and names mentioned are examples only.

In workgroup topology, to communicate between

Update Hosts file

L3 server node in workgroup and remote nodes

• On Client node, update IP address of Trace Server’s IP address • On Trace Server, update IP address of Remote nodes

Trace L3 and Trace L3.5/L4 • On Trace L3 server node, update IP address of the Trace L3.5 server node • On Trace L3.5 server node, update IP address of the Trace L3 server node

User privilege Ensure that your Windows user account used for installation:• has Local Administrator privileges on the computer• belongs to a domain or workgroup and is part of the following groups:

• Experion DCS Admin group (applicable for domain accounts) • Local Product Admin group (applicable for workgroup accounts

Configure temp qdb file Configure temporary qdb file for R3xx.x, R400.x and R410.x

Set Display path • On Experion Server B, open the Experion PKS Server Configuration Panel from

the Start menu and set all display paths

• On Experion Station where remote is installed, click Station > Connection

Properties > Display tab and set all display paths

Configure switches (for Network View to appear in

Honeywell Trace)

• RO community string configured for all switches must match the switch “Read Community” configured in Configuration Studio and loaded

• Configure SNMP in Experion server and in the switch.• Top level Yellow and Green switch spanning must be configured (for yellow it is

4096 for green 8192)• Optional: Add RW community string in the switch and update the same under

Global Settings in the Data Collection page.

Flex/ES-C/ES-T nodes On Flex/ES-C/ES-T, you can either install Remote node package or Disconnected Mode. NOT both.

Experion

Safety Builder database path If performing data collection manually:Copy the Metadata.xml file found at: <InstalledPath>\Honeywell\SafetyManager SMRxxx.x\Metadata.xml to the path where the Plant file (.CAC file) is located.

Safety Builder

Users must be a part of the Product Administrators

group

For a PHD node to perform data collection. PHD Data Collection User must be present in PHD nodes (PHD collector, PHD shadow and/or database nodes).

PHD

User privilege Ensure that your Windows user account used for installation:• has Local Administrator privileges on the computer• belongs to a domain or workgroup and is part of the following groups:

• Experion DCS Admin group (for domain accounts) • Local Product Admin group (for workgroup accounts

System status Ensure that the• LCNP status is OK• checkpoints for all data owners are available on HM• node communicates with Data Server

Configure Honeywell File Transfer • Ensure Honeywell File Transfer service is installed and is running• Configure Honeywell File Transfer service with all available HMs on the network

Check for LVRLOG file • GUS display runtime package should be installed and running. ATTENTION: GUS Display Runtime is a separately licensed add-on feature of TPS• Ensure the LVRLOG is configured and it is working.

TPS

ATTENTION: Honeywell Trace Remote Node components and System Audit Tool (SAT) CAN NOT exist together on any of these nodes: Experion Flex, ESV-T, ES-C or ES-T. Uninstall SAT before installing Honeywell Trace Remote Node components on these nodes.

SYSTEM SPECIFIC REQUIREMENTS

Configure System Time and Time Zone

• Configure the same System Time and Time Zone on the L3 and L3.5/L4 nodes.• Changing the Time Zone after installing the Honeywell Trace application affects the functioning of the application.

Passwords

Ensure that the passwords you provide when installing Honeywell Trace have: • A maximum of 32 characters • A minimum of 8 characters (unless the password policy of your site recommends shorter passwords) • At least one upper case letter • At least one number • At least one special character. However, the following special characters are NOT allowed

“ / \

Server Name / IP Address prerequisites

• You cannot change Server Name after Trace Server installation. However, you can change the IP address of Trace Server using the Admin Console.

ADDITIONAL REQUIREMENTS

Honeywell Process Solutions

1250 West Sam Houston Parkway South Houston, TX 77042

Honeywell House, Skimped Hill Lane Bracknell, Berkshire, England RG12 1EB UK

Building #1, 555 Huanke Road, Zhangjiang Hi-Tech Industrial Park, Pudong New Area, Shanghai 201203

Honeywell Trace Prerequisites Document | RevB | 01/18

© 2018 Honeywell International Inc.