HONEYWELL TRACE TM DOCUMENTATION AND … Tristation v4.6 Tristation node For manual collection, any...
Transcript of HONEYWELL TRACE TM DOCUMENTATION AND … Tristation v4.6 Tristation node For manual collection, any...
R121 Prerequisites Document
HONEYWELL TRACE TM
DOCUMENTATION AND CHANGE MANAGEMENT SOFTWARE FOR BETTER DECISIONS
ABOUT THIS DOCUMENT
This document is intended to help users plan a Trace installation.
Connected Mode - Honeywell Trace Installed at L3 and L3.5
L2 DOMAIN CONTROLLER TRICONEX
L2 SWITCH GREEN
L3 SWITCH
L3.5 DOMAIN CONTROLLER
PHD DATABASE SERVER / SHADOW SERVER
L3.5 SWITCH (DMZ)
L2 SWITCH YELLOW
FSC SPI
BUSINESS NETWORK L3.5 TRACE SERVER
(OPTIONAL)
L4 DOMAIN CONTROLLER
INTERNET / INTRANET
SAFETY MANAGER
LEVEL 4 NETWORK
LEVEL 3.5 NETWORK (DMZ)
LEVEL 3 NETWORK
LEVEL 2 NETWORK
ROUTER
FIREWALL
L3 DOMAIN CONTROLLER
OSIPI PROCESS NETWORK L3 TRACE SERVER
L3 TRACE CLIENT
ESV (A/B)
EXPERION CLUSTER
ES-C
PHD COLLECTOR
ESV-T (A/B)
INTEGRATED EXPERION CLUSTER
ES-T
BUSINESS NETWORK L4 TRACE CLIENT
L3.5 TRACE CLIENT
Connected Mode - Honeywell Trace Installed at L3 and L4 With Relay Server
L2 DOMAIN CONTROLLER TRICONEX
L2 SWITCH GREEN
L3 SWITCH
L3.5 DOMAIN CONTROLLER
PHD DATABASE SERVER / SHADOW SERVER
L3.5 SWITCH (DMZ)
L2 SWITCH YELLOW
FSC SPI
L4 DOMAIN CONTROLLER
INTERNET / INTRANET
SAFETY MANAGER
LEVEL 4 NETWORK
LEVEL 3.5 NETWORK (DMZ)
LEVEL 3 NETWORK
LEVEL 2 NETWORK
ROUTER
FIREWALL
L3 DOMAIN CONTROLLER
OSIPI PROCESS NETWORK L3 TRACE SERVER
L3 TRACE CLIENT
PHD COLLECTOR
ESV (A/B)
EXPERION CLUSTER
ES-C ESV-T (A/B)
INTEGRATED EXPERION CLUSTER
ES-T
BUSINESS NETWORK L4 TRACE CLIENT
L3.5 TRACE CLIENT
BUSINESS NETWORK L4 TRACE SERVER
RELAY SERVER (PROXY+)
Honeywell Trace Architecture – Offline Mode
L2 DOMAIN CONTROLLER
TRICONEX
L2 SWITCH GREEN
PHD COLLECTOR
L2 SWITCH YELLOW
FSC SPISAFETY MANAGER
LEVEL 2 NETWORK
CENTRAL OFFICE WITH OFFLINE TRACE SERVER
L3 DOMAIN CONTROLLER
OSIPI
L3 SWITCH
OFFLINE DATA COLLECTOR *
LEVEL 3 NETWORK
DATA COLLECTION IS DONE & PACKAGE FILE IS COPIED TO A LAPTOP / PORTBALE DRIVE
ROUTER
REMOTE SITE WITH OFFLINE DATA COLLECTOR
OFFLINE TRACE SERVER
TRACE CLIENT
DOMAIN CONTROLLER
LEVEL 3 NETWORK
PACKAGE FILE IS COPIED FROM LAPTOP / PORTBALE DRIVE
PACKAGE FILE IS PHYSICALLY TRANSPORTED FROM SITE TO CENTRAL OFFICE
OFFLINE DATA COLLECTOR *
ESV (A/B)
EXPERION CLUSTER
ES-C ESV-T (A/B)
INTEGRATED EXPERION CLUSTER
ES-T
* OFFLINE DATA COLLECTOR CAN BE AT LEVEL 2 OR LEVEL 3
FOR L3-L3.5 AND L3-L4 CONNECTIONS, SEE CONNECTED MODE
Hardware / Software Requirements
Trace Server / Offline Trace Server * Offline Data Collector Remote Node
Ready (√)
Ready (√)
Ready (√)
Ready (√)
Where to install?
L3 L3L2
Client node of selected systemL3.5 / L4
Hardware (minimum required)
For 50, 000 to 200,000 tags
Server ModelPowerEdge
R430
Hard DiskRAID 5 500 GB X
4Sufficient disk space
to store collected data
Sufficient disk space to store collected
data
RAM 32 GB 500 MB 500 MB
CPU16 Core 2.5 MB
Cache/Core
Processor
Intel® Xeon® (2 processors)
E5-2630 v3 2.4GHz
Virtual machine
For 50,000 tags For 200,000 tags
NA NA
Hard Disk 500 GB 1 TB
RAM 16 GB 32 GB
CPU5 Core
8 MB Cache16 Core
2.5 MB Cache/Core
Reservation 12 GB 24 GB
Software (supported)
OS
Microsoft Windows Server 2016 Standard 64-bit Windows 7 (32 / 64-
bit)
Minimum: Windows XP
Professional SP 3 or later (32 / 64 bit)
Microsoft Windows Server 2012 R2 Standard 64-bit Windows 2012
Server
Recommended: Windows OS later
than Win XP
Windows 2016 Server
Web browserMicrosoft Internet Explorer 11 Internet Explorer 11 Internet Explorer 11
Google Chrome V 50 or later Chrome V 50 or later Chrome V 50 or later
* The Offline Trace Server resembles the Honeywell Trace Server in all respects except that you cannot perform data collection on it as it does not have network connectivity with remote nodes. Instead, the package created by the Offline Data Collector is uploaded to create the snapshot.
PLANNING
USER GROUPS / USERS
PLANNING
Domain Workgroup
Do this first Run script on Domain ControllerUpdate “Hosts” file on Honeywell Trace Server,
Remote node, and all client nodes.
Person doing the installation must • Run as Administrator
• Belong to Domain Admin groupBelong to Local Administrators group
User groups
Run the script to create these groups. If not
using the script, manually create these
groups
• LSS-PT Engineers
• LSS-PT Managers
• LSS-PT Product admin
• LSS-PT Report Users
• LSS-PT DataCollection
• LSS-PT License
Created by installer. (manual creation not
required)
ptwebuserRun the script to create this user. If not using
the script, manually create this user.
Created by installer. (manual creation not required)
1. Assign domain users (if they already exist) to these groups. 2. If domain users do not exist already, create domain users (WebClientUser1, WebClientUser2, … WebClientUserN) and then associate them to groups
Assign domain users to one or multiple groups based on their role
• LSS-PT Engineers
• LSS-PT Managers
• LSS-PT Product admin
• LSS-PT Report Users
Not Applicable
Create these users manually and assign to groups
Create users: • WebClientUser1 • WebClientUser2 … • WebClientUserN
Assign the users you create to one or multiple groups based on the role: • LSS-PT Engineers • LSS-PT Managers • LSS-PT Product admin • LSS-PT Report Users
System Supported Version
Description License requirement
Experion PKS Process
Server
• R311.1
• R400
• R410
• R430
• R431
• R500
• R501
Flex node (You can either install a Remote Node package or
Disconnected Mode. NOT both.)
01 license per Experion
cluster
ES-C node
Experion Server B
(contains the System Performance (IAA) package only)
TPS R6xx or later ES-T node 01 license per LCN
GUS node (running Windows XP SP3 or later)
ESVT-B node (contains the System Performance (IAA) package
only)
Experion Integrated TPS R400 or later ES-T node 01 Experion Integrated TPS
license = 01 TPS + 05 ESVESVT-B node (contains the System Performance (IAA) package
only)
ATTENTION: GUS node is not supported for this system.
Safety Manager • R13x.x
• R14x.x
• R15x.x
Safety Builder node.
For manual collection, any node on which plant data is copied.
01 license per plant
(not per controller)
Triconex Tristation v4.6 Tristation node
For manual collection, any node on which plant data is copied.
01 license per controller
PHD R300
R310
R320
PHD Data Collector node 01 license per PHD collector
FSC R7xx or later FSC Builder node
For manual collection, any node on which plant data is copied.
01 license per controller
OSIPI 2015 version
(3.4.395)
OSIPI node where database is available 01 license per OSIPI
database server
SPI SPI 2009 SPI node 01 license
REMOTE NODE – SUPPORTED SYSTEMS & LICENSES REQUIRED
PLANNING
Domain Workgroup
If installing on L3.5
• On the L3.5 Domain Controller, run the script
provided to create groups and then add selected
WebClient users to the LSSPT Application User
group manually.
• Establish trust between L3.5 Domain Controller
and L4 Domain Controller. This is to access data
from L4 client nodes.
Create webclient users and them to the LSSPT
Application User group manually
CROSS DOMAIN ACCESS – ENABLE COMMUNICATION BETWEEN L3 & L3.5/L4
Firewall configuration
Between Open physical firewall port
L3 and L3.5/L4 TCP 443 (https)
If there is a Firewall between L3 Trace
node & client nodes
• 139, 445 (for TCP)
• 137, 138 (for UDP)
• TCP 5985 (Windows XP)
• TCP 5986 (later versions of Windows)
Update Hosts File
In domain topology, to communicate between
Update Hosts file on L3 node with this information
L3 node - L3.5 node
10.10.10.XX L3-5-Trace.domain.com where, 10.10.10.XX is the IP address of the L3.5 Trace node L3-5-Trace.domain.com is the Fully Qualified Domain Name (FQDN) of the L3.5 Trace node Note that the IPs and names mentioned are examples only.
Domain Workgroup
If installing on L4
• Install and configure Relay Server (Proxy+) node at the L3.5 level (DMZ)
• On L4 Domain Controller, run the script to create groups and then add selected webclient users to the LSSPT Application User group manually.
Install and configure Relay Server (Proxy+) node at L3.5 (DMZ).
CROSS DOMAIN ACCESS – ENABLE COMMUNICATION BETWEEN L3 & L4 USING RELAY SERVER (PROXY+)
Firewall configuration
Between Open physical firewall port
L3 and L3.5/L4 TCP 443 (https)
If there is a Firewall between L3 Trace
node & client nodes
• 139, 445 (for TCP)
• 137, 138 (for UDP)
• TCP 5985 (Windows XP)
• TCP 5986 (later versions of Windows)
Update Hosts File on the L3 and Relay Server (Proxy+) node
In domain topology, to communicate between
Update Hosts file on L3 node with this information
L3 node – L4 node
10.10.10.YY L4-Trace.domain.com where, 10.10.10.YY is the IP address of the Relay Server (Proxy +) L4-Trace.domain.com is the Fully Qualified Domain Name (FQDN) of the L4 Trace node On the Proxy + node 11.11.11.XX L4-Trace.domain.com where, 11.11.11.XX is the IP address of the L4 node L4-Trace.domain.com is the Fully Qualified Domain Name (FQDN) of the L4 Trace node Note that the IPs and names mentioned are examples only.
In workgroup topology, to communicate between
Update Hosts file
L3 server node in workgroup and remote nodes
• On Client node, update IP address of Trace Server’s IP address • On Trace Server, update IP address of Remote nodes
Trace L3 and Trace L3.5/L4 • On Trace L3 server node, update IP address of the Trace L3.5 server node • On Trace L3.5 server node, update IP address of the Trace L3 server node
User privilege Ensure that your Windows user account used for installation:• has Local Administrator privileges on the computer• belongs to a domain or workgroup and is part of the following groups:
• Experion DCS Admin group (applicable for domain accounts) • Local Product Admin group (applicable for workgroup accounts
Configure temp qdb file Configure temporary qdb file for R3xx.x, R400.x and R410.x
Set Display path • On Experion Server B, open the Experion PKS Server Configuration Panel from
the Start menu and set all display paths
• On Experion Station where remote is installed, click Station > Connection
Properties > Display tab and set all display paths
Configure switches (for Network View to appear in
Honeywell Trace)
• RO community string configured for all switches must match the switch “Read Community” configured in Configuration Studio and loaded
• Configure SNMP in Experion server and in the switch.• Top level Yellow and Green switch spanning must be configured (for yellow it is
4096 for green 8192)• Optional: Add RW community string in the switch and update the same under
Global Settings in the Data Collection page.
Flex/ES-C/ES-T nodes On Flex/ES-C/ES-T, you can either install Remote node package or Disconnected Mode. NOT both.
Experion
Safety Builder database path If performing data collection manually:Copy the Metadata.xml file found at: <InstalledPath>\Honeywell\SafetyManager SMRxxx.x\Metadata.xml to the path where the Plant file (.CAC file) is located.
Safety Builder
Users must be a part of the Product Administrators
group
For a PHD node to perform data collection. PHD Data Collection User must be present in PHD nodes (PHD collector, PHD shadow and/or database nodes).
PHD
User privilege Ensure that your Windows user account used for installation:• has Local Administrator privileges on the computer• belongs to a domain or workgroup and is part of the following groups:
• Experion DCS Admin group (for domain accounts) • Local Product Admin group (for workgroup accounts
System status Ensure that the• LCNP status is OK• checkpoints for all data owners are available on HM• node communicates with Data Server
Configure Honeywell File Transfer • Ensure Honeywell File Transfer service is installed and is running• Configure Honeywell File Transfer service with all available HMs on the network
Check for LVRLOG file • GUS display runtime package should be installed and running. ATTENTION: GUS Display Runtime is a separately licensed add-on feature of TPS• Ensure the LVRLOG is configured and it is working.
TPS
ATTENTION: Honeywell Trace Remote Node components and System Audit Tool (SAT) CAN NOT exist together on any of these nodes: Experion Flex, ESV-T, ES-C or ES-T. Uninstall SAT before installing Honeywell Trace Remote Node components on these nodes.
SYSTEM SPECIFIC REQUIREMENTS
Configure System Time and Time Zone
• Configure the same System Time and Time Zone on the L3 and L3.5/L4 nodes.• Changing the Time Zone after installing the Honeywell Trace application affects the functioning of the application.
Passwords
Ensure that the passwords you provide when installing Honeywell Trace have: • A maximum of 32 characters • A minimum of 8 characters (unless the password policy of your site recommends shorter passwords) • At least one upper case letter • At least one number • At least one special character. However, the following special characters are NOT allowed
“ / \
Server Name / IP Address prerequisites
• You cannot change Server Name after Trace Server installation. However, you can change the IP address of Trace Server using the Admin Console.
ADDITIONAL REQUIREMENTS
Honeywell Process Solutions
1250 West Sam Houston Parkway South Houston, TX 77042
Honeywell House, Skimped Hill Lane Bracknell, Berkshire, England RG12 1EB UK
Building #1, 555 Huanke Road, Zhangjiang Hi-Tech Industrial Park, Pudong New Area, Shanghai 201203
Honeywell Trace Prerequisites Document | RevB | 01/18
© 2018 Honeywell International Inc.