Technical Virtualization Platform Information …(Each product IM) Installation, Installation Guide,...

TechnicalInformation

Virtualization PlatformPlanning and Implementation Guide

TI 30A05B10-01EN

TI 30A05B10-01EN©Copyright Sep. 2018 (YK)4th Edition Oct. 2019 (YK)

Yokogawa Electric Corporation2-9-32, Nakacho, Musashino-shi, Tokyo, 180-8750 Japan

Blank Page

i

TI 30A05B10-01EN

PrefaceThis document indicates guidelines how to plan and implement when applying the virtualization platform to Yokogawa IA system products.

The target readers of this document are engineers who have good knowledge about:- Industrial instrumentation and control system- Information Technology – computer, network, security, etc.- Yokogawa IA products - CENTUM VP, ProSafe-RS, Exa-series, etc.

In this document, these technical jargons are already-known, and are used without detailed explanations.

n Related documentsGS 30A05B10-01EN IA System Products Virtualization PlatformIM 30A05B10-01EN Virtualization Platform Read Me FirstIM 30A05B20-01EN Virtualization Platform SetupIM 30A05B30-01EN Virtualization Platform Security Guide(Each product IM) Read Me First, Release Information, Users Guide, etc.(Each product IM) Installation, Installation Guide, Installation Manual, etc.(Each product IM) Security Guide

n Drawing ConventionsSome drawings may be partially emphasized, simplified, or omitted, for the convenience of description.

n Trademark• CENTUM, ProSafe, PRM, Exaopc, Exapilot, Exaquantum, AAASuite, and Vnet/IP are either

registered trademarks or trademarks of Yokogawa Electric Corporation.

• All other company or product names appearing in this document are trademarks or registered trademarks of their respective holders.

• TM or ® mark to indicate those trademarks or registered trademarks are not used in this document.

All Rights Reserved Copyright © 2018, Yokogawa Electric Corporation Jan. 11, 2019-00

ii

TI 30A05B10-01EN Sep. 28, 2018-01

n Definitions,Abbreviations,andAcronymsDefinitions, abbreviations, and acronyms used in this document are described in the below table.

Table Termsinthisdocument

Term DescriptionVirtualization software Software that realizes virtualization It may be called Hypervisor.Virtualization host computer Physical server that enables the virtualization software to be installed, and

enables the virtual machines to be operated.Virtual machine A virtualized computer, that operates on the virtualization host computer. In

this computer, OS and applications are installed and made executable.Virtualization host OS The virtualization host OS of virtualization platform is the management OS

for managing other virtual machines.Host OS In this document, this is the virtualization host OS.Virtualization guest OS Operating system that makes it run on virtual machine.Guest OS In this document, this is the virtualization guest OS.Vnet/IP station Computers (including virtual machines) compatible with the Vnet/IP

protocol such as HIS and ENG, etc., and devices such as FCS and SCS for Vnet/IP.

Virtual Vnet/IP station Name when the Vnet/IP station is a virtual machine.NIC An abbreviation for Network Interface Card.

The original meaning is a PCI card for Ethernet communication with RJ-45 connector. Broadly speaking, it may refer to hardware for Ethernet communication in general, including on-board Ethernet port.In this document, it is used in the meaning of hardware for connecting with Ethernet.

Network adapter It is almost synonymous with NIC, but in this document it is used as the meaning that it provides means for connecting with Ethernet including not only hardware but also software.

Virtual environment Operating environment of applications configured by introduction of virtualization.

Physical environment Operating environment of applications consisting only of conventional physical PC without introducing virtualization.

Standard virtual machine A virtual machine that configures standard resource capacity to operate as a virtual Vnet/IP station.

NMS An abbreviation for Network Management System.A system for managing and monitoring configuration information and operating conditions of devices and services existing on the network.

HMI client In this document, this refers to a thin client.Process control network A network for control management that connects Vnet/IP stations, which is

expressed as “information bus” or “Ethernet” on the CENTUM system.Plant information network Information network for connecting Vnet/IP station and upper software

package system (solution products, etc.), which is expressed as “information bus” or “Ethernet” in the CENTUM system.

Thin client A client computer configured with minimum functionality/performance as a user interface for virtual machines, etc.

Remote UI network Name of Ethernet network between virtual machine and thin client.Management network Name of Ethernet network used to monitor/manage virtualization platform

software and hardware.LUN Abbreviation of Logical Unit Number.

A number for identifying the logical unit in the storage, and the OS recognizes different disk devices in units of LUN.

VLAN Abbreviation for Virtual LAN.Technology that enables configuration of virtual network segments independent of the physical connection using L2 switches.

Toc-1

TI 30A05B10-01EN

Virtualization PlatformPlanning and Implementation Guide

Oct. 4, 2019-00

CONTENTS1. Overview of Virtualization ....................................................................... 1-1

1.1 WhatisVirtualization ........................................................................................1-11.1.1 Server Virtualization ...........................................................................1-11.1.2 Virtualization Software ....................................................................... 1-11.1.3 Virtual Network of the Virtualization Host Computer ......................... 1-31.1.4 Cluster System of the Virtualization Host Computer ......................... 1-41.1.5 Live Migration of Virtual Machine .......................................................1-51.1.6 HMI Environment of Virtual Machine ................................................. 1-5

1.2 BenefitsofVirtualization ..................................................................................1-71.3 Matters to Consider in Virtualization .............................................................. 1-8

2. Overview of Virtualization Platform ........................................................ 2-12.1 WhatIsVirtualizationPlatform? ......................................................................2-12.2 CharacteristicsofVirtualizationPlatform ...................................................... 2-22.3 ControlSystemConfigurationUsingtheVirtualizationPlatform ............... 2-4

2.3.1 HA Cluster Configuration ................................................................... 2-62.3.2 Single Configuration .......................................................................... 2-6

3. DetailsoftheVirtualizationPlatformSystem ................................................ 3-13.1 DetailedViewoftheSystemConfiguration ................................................... 3-1

3.1.1 HA Cluster Configuration ................................................................... 3-13.1.2 Single Configuration .......................................................................... 3-53.1.3 Network ..............................................................................................3-63.1.4 SNTP Server ....................................................................................3-123.1.5 Domain Controller ............................................................................3-143.1.6 NMS (Network Management System) .............................................3-14

3.2 FunctionsProvidedbytheVirtualizationPlatform .....................................3-153.2.1 Management Software <Function of Hyper-V> ...............................3-153.2.2 Live Migration <Function of Hyper-V> .............................................3-153.2.3 Failover <Function of Hyper-V> .......................................................3-163.2.4 NIC Teaming <Function of Hyper-V> ...............................................3-173.2.5 Resource Control <Function of Hyper-V> .......................................3-173.2.6 Backup <Function of Hyper-V> .......................................................3-173.2.7 IT Security <Function Provided by Yokogawa> ...............................3-17

TI30A05B10-01EN 4thEdition

Toc-2

TI 30A05B10-01EN

3.2.8 Log Save <Function Provided by Yokogawa> .................................3-173.2.9 Checkpoint <Hyper-V function> .......................................................3-183.2.10 Replication <Hyper-V function> .......................................................3-18

3.3 FunctionstoProhibitUseonVirtualizationPlatform .................................3-203.4 VirtualizationPlatformSystemConfigurationSelectionGuide ................3-21

4. Target Product for Virtualization Platform ............................................. 4-14.1 SoftwaretoRunontheVirtualMachine .........................................................4-14.2 SoftwaretoRunontheHostOS .....................................................................4-74.3 Provided Media .................................................................................................4-7

5. Software Environment ............................................................................. 5-15.1 VirtualizationHostComputer ..........................................................................5-1

5.1.1 Host OS ..............................................................................................5-15.1.2 Virtual Machine ..................................................................................5-2

5.2 Domain Controller .............................................................................................5-35.2.1 OS ......................................................................................................5-35.2.2 IT Security ..........................................................................................5-35.2.3 Others ................................................................................................5-3

5.3 NMS(NetworkManagementSystem) ............................................................. 5-45.3.1 Selection Criteria ................................................................................ 5-4

5.4 Various Licenses ...............................................................................................5-55.4.1 Windows OS ......................................................................................5-55.4.2 Yokogawa System Products .............................................................. 5-6

6. HardwareConfiguration .......................................................................... 6-16.1 VirtualizationHostComputer ..........................................................................6-1

6.1.1 Server model ......................................................................................6-16.1.2 About Immobilization of Network Port Allocation ............................... 6-16.1.3 About the versatile network port ........................................................6-26.1.4 Details of Server Specification at Single Configuration ..................... 6-26.1.5 Details of Server Specification at HA Cluster Configuration .............. 6-3

6.2 SharedStorage .................................................................................................6-56.3 L2Switch ............................................................................................................6-66.4 PreparationforSpecifiedHardware ...............................................................6-7

7. ResourceCapacityoftheVirtualMachine ............................................ 7-17.1 ResourceCapacityUsedbytheHostOS .......................................................7-47.2 ResourceCapacityUsedbyYokogawaSystemProducts ........................... 7-5

7.2.1 Common ............................................................................................7-57.2.2 CENTUM VP ......................................................................................7-67.2.3 ProSafe-RS ........................................................................................7-97.2.4 Exaopc ............................................................................................. 7-117.2.5 Exapilot ............................................................................................ 7-117.2.6 AAASuite ..........................................................................................7-13

Oct. 4, 2019-00

Toc-3

TI 30A05B10-01EN

7.2.7 PRM .................................................................................................7-147.2.8 Exaquantum .....................................................................................7-177.2.9 Platform for Advanced Control and Estimation ................................7-19

8. FunctionalSpecification .......................................................................... 8-18.1 Vnet/IP Communication Software ................................................................... 8-18.2 HardwareStatusMonitor .................................................................................8-1

8.2.1 Supported Interface ........................................................................... 8-28.2.2 Detectable Hardware Abnormality ..................................................... 8-3

8.3 TCP/UDPPort ....................................................................................................8-4

9. ThinClient ................................................................................................. 9-19.1 Overview ............................................................................................................9-1

9.1.1 Positioning..........................................................................................9-19.2 Specifications ....................................................................................................9-3

9.2.1 Thin Client Specifications .................................................................. 9-39.2.2 Lineup of Thin Client .......................................................................... 9-99.2.3 Other Cautions .................................................................................9-109.2.4 Specification of simultaneous connection to virtual machines ........ 9-11

10. ITSecurity ............................................................................................... 10-110.1 Overview ..........................................................................................................10-110.2 Specification ....................................................................................................10-1

11. Vnet/IP Communication Software ........................................................ 11-111.1 Overview .......................................................................................................... 11-111.2 Specification .................................................................................................... 11-2

12. AppendixA:ResourceCapacity ........................................................... 12-112.1 ServerResourceCapacity .............................................................................12-1

12.1.1 Host OS ............................................................................................12-112.1.2 Virtual Machine ................................................................................12-212.1.3 Total Resource Capacity of Server ..................................................12-3

13. AppendixB:EngineeringMemo ........................................................... 13-113.1 Resource Control ............................................................................................13-1

13.1.1 Guest OS .........................................................................................13-113.2 RelationshipbetweentheNumberofZonesandtheNumberof

Network Cards .................................................................................................13-313.3 iDefineofProSafe-RS .....................................................................................13-413.4 DellWyse5070AutomaticLogonSetting ....................................................13-8

Oct. 4, 2019-00

Blank Page

1. Overview of Virtualization 1-1

TI 30A05B10-01EN

1. Overview of VirtualizationThischapterdescribesunderstandingofvirtualizationingeneral.

1.1 WhatisVirtualizationVirtualization refers to the technology that enables a single physical hardware to look like multiple logical hardware or that enables multiple physical hardware to appear as a single logical hardware. Among virtualization technologies, the server virtualization, storage virtualization, and network virtualization are well-known. The virtualization platform refers to the platform using the server virtualization technology for Yokogawa system products.

1.1.1 Server VirtualizationServer virtualization is a technology that uses virtualization software (hypervisor) to divide the hardware resources of one physical server as multiple logical resources. A virtual hardware environment that is constructed by the logical resources is called a virtual machine. Also, the operating system that is installed on the virtual machine is called the guest OS. As the performance of computer has improved and the virtualization technology has been advancing, it is now possible to run multiple virtual machines on one physical server. This enables the user to effectively utilize the hardware resources and to run different kinds of operating systems and applications while maintaining independence from one another.

VirtualmachineIn a non-virtualized environment, a virtual machine is a unit that a computer itself exists as a single computer. When virtualization is implemented, it refers to the guest OS running in the virtualization host computer and a group of software running in the guest OS.

VirtualizationhostcomputerA virtualization host computer is a physical server in which the virtualization software is installed for running virtual machines. Two or more virtual machines can be operated with one virtualization host computer.

1.1.2 Virtualization SoftwareNowadays, virtualization technology has produced various types of virtualization software. Each type of software has advantages and disadvantages. Therefore, the user needs to select the appropriate virtualization software suitable to the purpose of virtualization.The virtualization software for server virtualization is classified into two types, “host type” and “bare metal type”, depending on the implementation method. Each type has the following characteristics.

Table 1.1.2-1 Comparisonofvirtualizationsoftware

Characteristicsofvirtualizationsoftware Hosttype BaremetaltypeNecessity of host OS Yes No (*1)Usability of software Easy Knowledge requiredResource control of physical server High overhead Low overheadConsolidation count Small scale Large scaleVirtual machine performance Low, Unstable High, Stable

*1: Host OS is not involved in adjusting the CPU and memory of the virtual machine.

Sep. 28, 2018-00


TI 30A05B10-01EN

Based on these characteristics, the bare metal type virtualization software is suitable for applying server virtualization to the plant control system.There are two types of implementation methods for the bare metal type virtualization software, “monolithic type” and “microkernel type.” The differences between the two are the places where the virtual machine is controlled and where the device driver is run.The bare metal type virtualization software that is implemented as “monolithic type” runs and manages virtual machines and runs device drivers.The bare metal type virtualization software that is implemented as “microkernel type” only runs virtual machines, and managing the virtual machines and running the device drivers are done by other virtual machines prepared separately.Examples of the bare metal type virtualization software are “VMware vSphere” and “Microsoft Hyper-V.” “VMware vSphere” is classified as “monolithic type” and “Microsoft Hyper-V” as “microkernel type.”

F010101E.ai

NIC

CPUMemory Disk

Physical Server

NIC

Virtualization software Virtualization software

Guest OS

CPUMemory Disk

APP

Hardware Hardware

Physical Server

Microkernel typeMonolithic type

Virtual Machine

Guest OS

APP

Virtual Machine

Guest OS

APP

Virtual Machine

Guest OS

APP

Virtual MachineVirtual Machine

Guest OSHost OS

APP

Virtual Machine

Figure1.1.2-2 Servervirtualization(baremetaltype)

F010102E.ai

NIC

CPUMemory Disk

Hardware

Application

Physical Server

Virtualization software

Host OS

Guest OS

APP

Virtual Machine

Guest OS

APP

Virtual Machine

Figure1.1.2-3 Servervirtualization(hosttype)

Sep. 28, 2018-00


TI 30A05B10-01EN Sep. 28, 2018-00

1.1.3 VirtualNetworkoftheVirtualizationHostComputerA virtual network for a virtualization host computer is a network that is implemented by and in the virtualization software in order for a virtual machine on the virtualization host computer to perform network communication with other virtual machines or external devices outside the virtualization host computer.A virtual network consists of the virtual L2 switch (virtual switch) and the virtual network adapter (virtual NIC). The virtual NIC can be usable by assigning one IP address and one MAC address to it because the virtual NIC behaves as a 1-port network adapter. The user can assign the IP address by using the guest OS and the virtualization software assigns the MAC address. When the physical network adapter (physical NIC) is connected the virtual switch, it can be used for the communication with the external network. When the virtual machine is seen from a device on the external network, it is recognized not as the MAC address and the IP address of the physical NIC but as those of the virtual NIC.

F010103E.ai

Virtualization Host Computer

Virtualization Software

Hardware

Virtual NIC

Virtual Switch

Physical NIC

Physical SwitchExternal Network

IP address

MAC address.

Virtual Machine Virtual Machine

Guest OS Guest OS

IP address

MAC address

Virtual NIC

Figure1.1.3-1 Configurationofthevirtualnetwork


TI 30A05B10-01EN Sep. 28, 2018-00

1.1.4 ClusterSystemoftheVirtualizationHostComputerThe cluster system is a system that is configured to behave like a single server by combining multiple individual servers by using a network, an internal bus, or the like. Typical examples of the cluster system are the load balancing cluster and the HA cluster. Running the application on the cluster system can provide high availability services.The load balancing cluster is a system that can balance the load on one single server by distributing the processing to multiple servers. Even if one server stops due to a failure, other servers take over the processing so that the service availability can be maintained. Note that the applications running on the server must support distributed processing.The HA cluster is a system that enables the processing of the system to continue, in the case that the active server stops due to a failure, by allowing the prepared standby server in advance to take over the data and processing of the active server. This mechanism that is referred to as failover can improve the service availability. To configure the HA cluster, the cluster software is required. The applications running on the server, however, do not require specific requirements.The cluster system on the virtualization platform refers to the HA cluster, which consists of virtualization host computers.The following describes the characteristics of the HA cluster using virtualization host computers.

• A great deal of virtualization software includes the function of cluster software. Therefore, there is no need to prepare the cluster software separately.

• The servers that make up the HA cluster periodically send and receive network packets that are called heartbeats one another to confirm that each is operating normally.

• To let the standby server take over data from the active server at the time of failover, a data area (shared storage) accessible from both servers is required.

• In the HA cluster system using virtualization host computers, the data to be handed over between servers refers to a set of data to constitute a virtual machine. Therefore, a set of data to constitute the virtual machine must be placed on the shared storage.

F010104.ai



Heartbeat

Shared Storage

Concurrent access

Virtual Machine

HA Cluster

Figure1.1.4-1 HACluster


TI 30A05B10-01EN

1.1.5 LiveMigrationofVirtualMachineThe live migration (*1) of virtual machine is a function to migrate a virtual machine running on the virtualization host computer to another virtualization host computer while the virtual machine is running. With this function, the user can change the virtualization host computer in which the virtual machine runs, without stopping the guest OS or the application running on the virtual machine. Therefore, the user can utilize this function for the maintenance tasks that need to turn off or restart the virtualization host computer, for example, the BIOS update of the physical server, the hardware replacement, and applying a patch to the host OS so that it can reduce the scheduled stops of services.The live migration cannot be used for fault tolerant (FT) because it is a function that can be used when the virtualization host computer is running normally.

*1: The technology is called “vMotion” in VMware.

1.1.6 HMIEnvironmentofVirtualMachineVirtual machines running in a virtualization host computer “logically” operate independently of each other. For the user to operate them independently, mutually independent HMI environments are required. For the user to operate a virtual machine, it is only necessary to be able to check the desktop of the guest OS and to notify the virtual machine of the guest OS desktop operation by the user. Therefore, the HMI environment using the remote connection through the network is usually used.Due to the connection through the network, the operational feeling of the HMI environment of virtual machine is different from that of the HMI environment directly connected to the physical computer.

F010105E.ai

Keyboard

Mouse

Display

HMI Client

NIC

External Network

Virtual Network

Guest OS

APP

Virtual Machine

Guest OS

APP

Virtual Machine

Guest OS

APP

Virtual Machine

Physical Server


Hardware Keyboard

Mouse

Display

HMI Client

Figure1.1.6-1 HMIenvironmentoftheguestOS

Sep. 28, 2018-01


TI 30A05B10-01EN Sep. 28, 2018-00

The devices (HMI clients) used by the user as the HMI environment are classified into the following three types due to differences in functions to be implemented: Thin client, Zero client, and Fat client (Computer).

• A thin client is a client device that has minimal I/O function (display, keyboard, and mouse) and minimum network function for connecting to the guest OS and transferring the screen.

• Like the thin client, a zero client has only minimal I/O and network functions; furthermore, it has the built-in hardware optimized specifically for the desktop virtualization (*1).

• When a conventional computer is used as an HMI client, it is referred to as a fat client.*1: The desktop virtualization is to run the desktop environment on a virtual machine prepared for each user.

Characteristicsofdevice Thinclient Zeroclient Fat clientCost of device Inexpensive Inexpensive ExpensiveProcessing performance Medium High HighEnsuring the security Easy Easy DifficultIntegrated device management Easy Not required DifficultCommunication protocol dependence (*1) No Yes No

Protocol processing Processed by software

Processed by hardware

Processed by software

Supported protocol type Two or more types One type Two or more typesLocal storage device No No YesRequired installation space Small Small LargeFault tolerance (*2) High High Low

*1: In the desktop virtualization, the virtualization software and recommended communication protocol are different depending on each vendor.

*2: It is judged by the amount of rotating parts such as a fan and an HDD.

Based on these characteristics, the “thin client” type, which does not rely on the vendor of the virtualization software and which is easy to ensure the fault tolerance and the security, is suitable as the HMI client of the virtualization platform. Hereafter, the HMI client is expressed as a thin client.


TI 30A05B10-01EN

1.2 BenefitsofVirtualizationThe virtualization technology can reduce the total cost of ownership (TCO) of the user as follows.

ReducingthenumberofphysicalserversConfiguring two or more virtual machines in one physical server enables the user to effectively utilize the hardware resources. In addition, because each virtual machine is capable of running an independent operating system, the user can also reduce the number of physical servers. Reducing it leads to the reduction of footprint and the power consumption that enables the user to reduce the total cost of ownership.

ReducingthecostofmanagementReducing the number of physical servers enables the user to reduce the management cost such as cost of maintenance. It also has the effect of reducing power consumption.

ReducingthelifecyclecostThe existence of virtualization software between the hardware of the physical server and each guest OS mitigates the dependency between the software (guest OS and application) and the hardware so that the flexibility of maintenance increases. Specifically, it benefits the users to be able to lay a flexible maintenance plan and to have more maintenance options. For example, even when a physical server needs to be migrated to a new one due to the deterioration or some other issues, the user can migrate it smoothly without updating the software. Consequently, the maintenance costs can be reduced.

EaseofbackupandrestoreAll the data related to virtual machines are handled as files. Therefore, the user can back them up easily. Also, because the dependency on the physical server hardware is low, the user can quickly restore it in case of a failure or disaster. Being able to shorten the downtime can improve the productivity.

ImprovingtheavailabilityApplying the virtualization technology such as failover using the HA cluster system and as live migration enables the user to shorten the downtime of virtual machine so that the productivity can be improved. To use these functions, no special mechanism is required for applications running in the virtual machine.

Sep. 28, 2018-00


TI 30A05B10-01EN

1.3 Matters to Consider in VirtualizationFor implementing the virtualization, the following matters must be considered.

Initial implementation costImplementing the virtualization requires the high-performance hardware, the thin client devices, the virtualization software, and other equipment. Therefore, the initial implementation cost may be higher than implementing the environment without the virtualization.

ManagingthevirtualenvironmentThe user can use the dedicated tools and software to manage the virtual environment. The basic knowledge is necessary to utilize these tools and software. Therefore, learning about the virtualization technology is required when implementing the virtualization.

SubheadingRiskofsimultaneousfailureWhen two or more computers are consolidated in one server as a virtual machine, the system may be seriously affected at the time of the server failure as a harmful effect of the consolidation. For example, in the case that a group of computers for the operation and monitoring that increased the availability by the distributed arrangement are consolidated, if the server stops running, all the virtual machines stop so that the operation and monitoring cannot be performed at all. By incorporating measures into the system configuration, the impact can be reduced, but cannot be completely removed.

PerformanceThe hardware is abstracted by implementing the virtualization. Therefore, the performance may be slow compared to the physical environment.

Sep. 28, 2018-00

2. Overview of Virtualization Platform 2-1

TI30A05B10-01EN

2. Overview of Virtualization PlatformThischapterdescribestheoverviewofvirtualizationplatform.

2.1 WhatIsVirtualizationPlatform?The virtualization platform is a platform for integrating physical computers where the Yokogawa system products are installed into one physical server. The hypervisor bare metal type virtualization host computer is used in the destination physical server for the integration. Because the virtual machine on the virtualization host computer cannot take advantage of the Vnet/IP interface card that is the original hardware developed by Yokogawa, the Vnet/IP communication function is realized as software.

F020101E.ai


CPU

Memory Disc

Hardware

Physical Server

Vnet/IP Interface CardGeneric NIC

Vnet/IP

Ethernet

PRM

Virtual Machine

Vnet/IPInterface pkg.

Guest OS

ExaopcHIS


Virtual Machine


Guest OS

Virtual Machine


Guest OS

Figure 2.1-1 Virtualization Platform

The thin client to operate the virtual machine on the virtualization host computer is realized by the remote connection environment through the network. The user can use an OPKB and up to four multiple monitors as with the conventional physical environment.

F020102E.ai

VM VM VM

Thin Client

4 Monitor

Operator

OPKB

Network


Virtual Machine

Monitor Monitor

Monitor Monitor

Monitor Monitor

Monitor

2 Monitor

1 Monitor

Figure2.1-2 HMIconfiguration

Sep. 28, 2018-00


TI30A05B10-01EN Jan. 11, 2019-00

2.2 CharacteristicsofVirtualizationPlatformThe characteristics of virtualization platform are as follows.

Table2.2-1 Listofcharacteristicsofvirtualizationplatform(1/2)

Item Description RemarksVirtualizationimplementation method

Bare metal type

Virtualization software The following software is used:• Microsoft Windows Server 2016 Hyper-V

Hyper-V is used as the standard platform.

Physical server The following types of physical servers are used.• Rack type server• Module type server (Rack mountable type)

Choice from the Yokogawa specified models

Vnet/IP communication software (*1) (*2)

A guest OS communicates with other Vnet/IP stations by using the Vnet/IP communication software. Because the Vnet/IP communication software can perform Vnet communication using a general-purpose Ethernet card, the Vnet/IP card is not required.

The communication software must be installed on the guest OS.

Vnet/IP domain count Up to four domains for a single virtualization host computer (Rack type server)

Vnet/IP domain count that can be consolidated into one virtualization host computer

Thin client (*3) The remote connection environment by a thin client can support the following:• 2-monitor compatible• 4-monitor compatible• Use of OPKB (USB connection type)• Sound output

Choice from the Yokogawa specified models

Consolidating into a virtualization host computer

Multiple virtual machines with the Yokogawa system products installed can be consolidated in the same virtualization host computer. The following conditions, however, must be observed.• The resource control settings (*4) are applied to the virtual machine.• The network topology of the virtual network is the same as that of the physical environment.

The resource control settings for all virtual machines are mandatory.

Handling of other products (software other than the Yokogawa system products) (*5)

The Yokogawa system products and other products can run simultaneously on the same virtualization host computer. The following conditions, however, must be observed.• The Yokogawa system products and other products are installed on different virtual machines and are consolidated in the same virtualization host computer.The operation of the Yokogawa system products is guaranteed whereas the operation of other products is not guaranteed.The operation of the Yokogawa system products is guaranteed whereas the operation of other products is not guaranteed.

• The resource control settings for the virtual machine are mandatory.• Other products include WSUS, NMS, or other products that is not developed by Yokogawa.

High availability Adverse effects that are caused by integrating two or more computers into a virtualization host computer can be reduced by using the following virtualization software functions.• Live migration• Virtualization host computer failover• Replication

• Measures against the risk of simultaneous failure• Failover requires the restart of guest OS (Not fault tolerant system)


TI30A05B10-01EN

Item Description RemarksIntegration rate There is no upper limit.

The design in this document, however, assumes a maximum configuration of 18 virtual machines can run concurrently per one virtualization host computer by the standard virtual machine conversion. (*6) (*7)

• Integration rate is the number of virtual machines that can run simultaneously in one virtualization host computer.• The virtual machines can be integrated if the total of resources required by the host OS and the virtual machines does not exceed the resources of the physical server. (*8)

IT security (*1) The following IT security tool dedicated to the virtual environment is provided.• Host OS for the virtualization host computer• Thin client• Domain controller

Virus management The following is protected using Windows Defender.• Host OS for the virtualization host computer The following is protected using Yokogawa standard anti-virus software.• Windows based thin client

Virtual machine management tool

The user can use the tools included with the virtualization software.(Microsoft Hyper-V Manager)

Backup and restore Using the Microsoft Hyper-V Manager, the user can do the following.• Full backup of host OS• Full backup of virtual machine

Hardware failurenotification

To notify the hardware failure, NMS must be prepared.• The hardware status of the server hardware and the shared storage configuring the virtualization platform is notified from the software provided by the hardware vendor to the NMS

For the NMS engineering method, refer to the manual by the NMS software

Log save for host OS (*1)

A log save tool is provided for collecting host OS logs for the virtualization host computer failure analysis.Regarding the log save for guest OS, the same tool is used as that in the physical environment and how to use the tool is also the same.

*1: Yokogawa original function.*2: For details, refer to Chapter 11“Vnet/IP Communication Software.”*3: For details, refer to Chapter 9 “Thin Client.”*4: The resource control settings of the virtual machine refer to the setting to eliminate resource conflict between virtual machines.*5: Other products refer to the software that is not allowed to coexist with the Yokogawa system products.*6: The largest virtualization host computer refers to one with 40 CPU physical cores. For details, refer to Chapter 6.*7: For the standard virtual machine, refer to Chapter 7. “Resource Capacity of the Virtual Machine.”*8: There is no upper limit for the integration rate setting. For the stable operation of the entire system, however, the user can

prepare two or more virtualization host computers and plan the distributed arrangement of virtual machines.

Sep. 28, 2018-01

Table2.2-1 Listofcharacteristicsofvirtualizationplatform(2/2)


TI30A05B10-01EN

2.3 ControlSystemConfigurationUsingtheVirtualization Platform

This section describes the control system configuration using the virtualization platform.

F020301E.ai

Server Room

Operator Room

Physical HISNMS

SNTPServer

Router

Domain Controller

Equipments installed at Level 3 can also be used

Vnet

HA-cluster network

Shared Storage

Plant Information network

Storage network

/IP

Remote UI network

Management network

NMS Domain Controller

Controller /Field Equipment

FCS

Thin Client

Monitor

MonitorMonitor

Monitor

Host OS


VMHIS

Guest OS

VMExaopc

Guest OS

VMPRM

Guest OS


Vnet/IP Interface pkg.



KVM Server Console

Monitor

MonitorMonitor

Monitor

Virtualization HostComputer

Figure2.3-1 Systemconfigurationofthevirtualizationplatform

VirtualizationhostcomputerIt is a server computer in which the virtualization software, host OS, and virtual machines run. System products such as CENTUM VP runs in the virtual machine. For details on the specification of the virtualization host computer, refer to Chapter 6.

ThinclientandremoteUInetworkA thin client is used as the HMI function of virtual machine. The virtual machine and the thin client can be connected using Remote Desktop Protocol (RDP), and the remote UI network can be configured as dual-redundant. For details on thin client and network redundancy, refer to Chapter 9.

SharedstorageA shared storage is an external storage for storing the image of virtual machines. It is connected to the virtualization host computer by using the network for storage. A shared storage is required when configuring a redundant system using two or more virtualization host computers. (This document refers to as the HA cluster configuration.) For details, refer to Chapter 2.3.1. When a virtualization host computer is used in a single configuration, the storage inside the virtualization host computer is used. Therefore, the shared storage is not required.

June 14, 2019-00


TI30A05B10-01EN

HostOSandthemanagementnetworkThe management network is a network dedicated to the host OS that interconnects host OSes on multiple virtualization host computers. A host OS in one virtualization host computer enables the user to remotely connect to another host OS in another virtualization host computer so that the user can remotely configure the settings for the virtualization software and monitor the status.The user can also perform live migration, backup, and other operations. For details, refer to Chapter 3.

Using the management network, a host OS can connect to the computer on the plant information network through the router. It is mainly used for the time synchronization of host OS and for connecting to the network management system (NMS).For the usage of the management network, refer to Chapter 3 or later.

Networkmanagementsystem(NMS)The NMS can detect the hardware failure, network trouble, etc. of virtualization host computers and a shared storage, and notify the user. For details, refer to Chapters 3.1.6 and 5.3.

Sep. 28, 2018-00


TI30A05B10-01EN

2.3.1 HAClusterConfigurationThe HA cluster configuration is a configuration that enables system redundancy by interconnecting multiple virtual servers through a network (the network for HA cluster) to increase availability. Building the HA cluster configuration enables the user to do the following:

Live migrationThe live migration is a function to migrate a virtual machine to another virtualization host computer without stopping the virtual machine. In the case that the user needs to stop a virtualization host computer due to the maintenance of the virtualization host computer, using live migration enables the user to migrate the running virtual machine without stopping it to another virtualization host computer within the HA cluster configuration.

FailoverIn the case that a virtualization host computer stops due to a failure, the failover function can restore the operations by automatically restarting a virtual machine in another virtualization host computer within the HA cluster configuration.Note that, in the HA cluster configuration, a shared storage and a domain controller are mandatory.For details on the HA cluster configuration such as how to build the configuration, refer to Chapter 3.

2.3.2 SingleConfigurationA virtualization host computer can be used in a single configuration. Note that, if the virtualization host computer aborts, all the virtual machines are terminated, so the availability is low. For more information on the hardware configuration when using a virtualization host computer in a single configuration, refer to Chapter 3.

Sep. 28, 2018-00

3. Details of the Virtualization Platform System 3-1

TI30A05B10-01EN

3. DetailsoftheVirtualizationPlatformSystem

Thischapterdescribesthesystemdetailsofthevirtualizationplatform.

3.1 DetailedViewoftheSystemConfiguration3.1.1 HAClusterConfiguration

The figure below shows a detailed diagram of the system configuration of the HA cluster configuration in the virtualization platform.

F030101E.ai

NMSSNTPServer

Router

Domain controller

Equipments installed at Level3 can also be used

HA-Cluster network

Shared storageL2SW for HA-Cluster network

Storage controller (Redundant)

L2SW for Storage network(Redundant)

Expansion unit with HA-Cluster configuration


L2SW for Plant Information

network

L2SW for Management network

Storage network(Redundant)


L2SW for Remote UI network

L2SW for Vnet/IP

Remote UI network (Redundant)

Management network

NMSDomain controller

Thin Client

KVM

Monitor

MonitorMonitor

MonitorMonitor

MonitorMonitor

Monitor

Vnet/IP (Redundant)

Figure3.1-1 SystemconfigurationoftheHAclusterconfiguration

June 14, 2019-00


TI30A05B10-01EN Jan. 11, 2019-00

n SystemConfigurationoftheHAClusterConfigurationBy adopting the HA cluster configuration, you can shorten the operation stop time of the Yokogawa system product caused by stoppage of some virtualization host computers. The stoppage of the virtualization host computer is as follows.

• Stoppage due to hardware failure of virtualization host computer

• Stoppage due to software update of host OS such as BIOS update of virtualization host computer or application of OS patch

To build the HA cluster configuration, a virtualization host computer, a shared storage, and a domain controller are required.The shared storage stores the image of virtual machines, and the network with the virtualization host computer is configured as dual-redundant. In addition, the virtualization host computers communicate with each other on the HA cluster network and are used for the live migration and failover purposes. For details on the network, refer to Chapter 3.1.3.On the virtualization platform, the user can use the Windows OS function to build the HA cluster configuration. For that purpose, a domain controller must be installed at the location accessible from the management network because the host OS of the virtualization host computer needs to be in the domain environment.

n ExpansionUnitoftheHAClusterConfigurationIn the HA cluster configuration of the virtualization platform, up to four virtualization host computers can be connected to one shared storage. Also, the shared storage requires the L2 switch for the storage network. Two L2 switches are required to be configured as dual-redundant.

n OperationofEachVirtualizationHostComputerattheHAClusterConfiguration

The HA cluster configuration consists of two or more virtualization host computers. The following two methods are available to operate the virtualization host computers.

Table3.1.1-1 MethodsofHAclusterconfiguration

Method Description Remarks

Method 1The operation method using two or more virtualization host computers as the active server and one virtualization host computer dedicated to the standby server

This method is recommended when using three or more virtualization host computers.

Method 2The operation method using one virtual machine or two or more virtual machines in all virtualization host computers so that utilizing surplus resources in each virtualization host computer enables failover or live migration.

This method is recommended when using two virtualization host computers.

Method1In the case of method 1, the HA cluster configuration is built by using two or more virtualization host computers (active servers) where one virtual machine is or two or more virtual machines are running and one virtualization host computer (standby server) where no virtual machine is running. If an active server goes down, the original virtual machine is restarted in the standby server by the failover function. When performing the maintenance of an active server, the user needs to migrate all the virtual machines to the standby server by using the live migration function.After the active server is recovered from maintenance, to reserve one standby server, the user needs to return all the virtual machines to the original virtualization host computer by using the live migration function.


TI30A05B10-01EN Jan. 11, 2019-00

This method 1 is operable if the standby server has the substantial resources (CPU core count, memory size, disk capacity, and network port count) equivalent to the maximum resources required by each active server.

F030102E.ai

Host OSVirtual Machine

Physical Server Physical Server

Host OS Virtual Machine

Reserve

Virtualization Host Computer for Active Virtualization Host Computer for Standby

Fail OverLive Migration

Reserve

Figure3.1.1-2 Operationmethod1attheHAclusterconfiguration

Method2In the case of method 2, a dedicated standby server is not prepared as a failover backup to the active server. In this configuration, if a virtualization host computer goes down, all the virtualization host computers except for the failed server run as the standby server. If a certain virtualization host computer goes down, the virtual machines running in the virtualization host computer are distributed and restarted in other virtualization host computers by the failover function. When performing the maintenance of one virtualization host computer, the user can use the live migration function to distribute and migrate the virtual machines to other virtualization host computers. After the virtualization host computer is recovered from maintenance, to allocate surplus resources in each virtualization host computer, the user needs to return all the virtual machines to the original virtualization host computer by using the live migration function. With this method 2, the burden on the server administrator is expected to increase due to the administrative tasks such as calculating the resources in each virtualization host computer and determining which virtual machine is running on which virtualization host computer.

F030103E.ai

Physical Server

Reserve Reserve

Virtual Machine

Physical Server

Virtual Machine Manager(Host OS)

Virtual Machine

Virtualization Host Computer for Active/Standby Virtualization Host Computer for Active/Standby

Fail OverLive Migration

Virtual Machine Manager(Host OS)

Figure3.1.1-3 Operationmethod2attheHAclusterconfiguration

When operating with two virtualization host computers, either method 1 or 2 is operable. However, the method 2 is recommended when guaranteeing the dual-redundancy of application by two-unit operation like HIS. If the method 1 is used for operating with two virtualization host computers, two-unit operation is not performed during failover.


TI30A05B10-01EN June 14, 2019-00

n BehavioratonepathfailureoftheredundantstoragenetworkpathforthesharedstorageFor the storage network of the virtualization platform, two paths are provided between the virtualization host computer and the shared storage to form a redundant path. In the virtualization platform, this redundant path is used as the active path and standby path. If the active side path stops functioning due to a failure, read/write access to the shared storage from the virtualization host computer stops temporarily until the path is switched to the standby side. As a rough guide, the following table shows the time during which the access stops when specified hardware is used.

Table3.1.1-2 Approximateaccessstoptimeupononepathfailureoftheredundantpath

Location of failure(RefertotheFigurebelow) Approximatedowntime Remarks

(1), (3)45 seconds Link down on the active path5 seconds Recovery from link down on the active path (*1)

(2), (4)1 second or less Link down on the standby path1 second or less Recovery from link down on the standby path

(5) 10 to 30 seconds Failure of the controller on the active path(6) 1 second or less Failure of the controller on the standby path

*1: After the active path recovery, an access stops at failback from the standby path.

F030104E.ai

Disk

Shared Storage

L2SW for Storage1

Controller1

L2SW for Storage2


(1)

(2)(4)

(5)

(3)

(6)

Storage network(Active path)

Storage network(Standby path)

Controller2

Figure3.1.1-4 Imageoftheredundantstoragenetworkpathforthesharedstorage

If any Yokogawa system product was running when read/write accesses to the shared storage from the virtualization host computer have stopped temporarily, examples of affected cases are as follows:

• Updating of trend data on HIS stops temporarily, and the trend data during that time may be lost.

• On HIS where CAMS is enabled, the alarms that occurred while access is stopped temporarily are not displayed and will be displayed collectively after recovery.


TI30A05B10-01EN June 14, 2019-00

3.1.2 SingleConfigurationThe figure below shows a detailed diagram of the system configuration of the single configuration in the virtualization platform.

F030105E.ai

NMSSNTPServer

Router

Equipments installed at Level3 can also be used


L2SW for Management network

L2SW for Remote UI network

Expansion unit with single configuration

L2SW for Vnet/IP

Remote UI network (Redundant)

Management network

NMS

Thin Client

Monitor

Vnet/IP (Redundant)

Monitor

Monitor Monitor

Monitor

Monitor

L2SW for Plant Information network

Figure3.1.2-1 Systemconfigurationofthesingleconfiguration

n SystemConfigurationoftheSingleConfigurationUnlike the HA cluster configuration, the system configuration of the single configuration can be built with one virtualization host computer. Virtual machines are installed not on a shared storage but on the local storage within the virtualization host computer.The failover function is not available for the single configuration.


TI30A05B10-01EN Sep. 28, 2018-01

3.1.3 NetworkThe virtualization platform, in addition to the network used by the guest OS, requires many networks that include the network for managing the virtualization host computer and the networks required by the host OS such as a network required when the HA cluster configuration is used. The network communication is performed with minimizing the influence of each other by dividing the network segments for each usage. The table below shows the network required for the virtualization platform.

Table3.1.3-1 Networkrequiredforthevirtualizationplatform

Network User DescriptionNetwork

fault handling

Requiredatthesingle

configuration

RequiredattheHAcluster

configuration

Themaximumnumberof

networks per virtualization hostcomputer

Plant information network

Guest OS

Same as Plant information network in the conventional physical environment

No Yes Yes 4

Vnet/IPSame as Vnet/IP in the conventional physical environment

Yes Yes Yes 4

Remote UI network

A plant operator uses it when remotely operating the guest OS from a thin client.

Yes(*1) Yes Yes 4

Subsystem communication network

Same as the subsystem (3) communication network in the conventional physical environment

No Yes Yes 4

Management network (*4)

Host OS

A server administrator uses it when remotely managing the host OS of a virtualization host computer.

No Yes Yes 1

HA cluster network (*5)

A host OS uses it to communicate with the host OS of other virtualization host computers regarding the cluster control.

No(*2) No Yes 1

Storage network

A host OS uses it to communicate with a shared storage.

Yes No Yes 1

Yes: Required No: Not required*1: Even if a failure occurs in the priority route, you can resume operation if you manually switch to the other route.*2: Among communications performed in HA cluster network (live migration and the cluster control), any communication for the

cluster control is also performed in the management network.*3: For details on the subsystem communication, refer to “System Integration OPC Client Package (SIOS)” and “Plant Resource

Manager (PRM)”.*4: Replication is done on this network. Live migration for single configuration is done on this network.*5: Live migration for HA cluster configuration is done on this network.


TI30A05B10-01EN June 14, 2019-00

n NetworkFaultHandlingDue to the network link failure between the virtualization host computer and the external network, the network directly linked to malfunction of the Yokogawa system product operating on the virtualization host computer implements corrective actions to fix the link failure. The network that implemented corrective actions and the reason why that network was selected is shown in the table below.

Table3.1.3-2 Reasonforselectingasatargetnetworkforlinkfailurefaulthandling

Network Reason

Vnet/IP If the network for Vnet/IP is disconnected, the communication with the controller cannot be performed so that the plant monitoring cannot be performed.

Remote UI network The remote UI network disconnection causes the blackout state so that the operator cannot perform plant monitoring.

Storage network If the storage network is disconnected, the virtual hard disk of the virtual machine cannot be accessed so that the virtual machine stops.

n NotesontheCommunicationPathbetweenVirtualMachineandPhysicalNIC

This section describes the notes on engineering concerning the communication path between the virtual machine and the physical NIC. As shown in the figure below, there are virtual switches (that function as L2 switches) and virtual NICs between the virtual machines and the physical NICs. The user must engineer the virtual machines and the virtual switches so that the guest OSes can connect to the external network. If these are not properly engineered, not only the communication from the guest OSes cannot be performed correctly, but also the communication cannot be performed correctly after the migration by live migration or failover is performed from other virtualization host computers. Therefore, the user must understand and design them carefully, and then perform the engineering.

F030106E.ai



Virtual Switch

Physical NIC

Physical Switch

Guest OS Guest OS

IP address

Virtual NIC

Name

Virtual NIC

Virtual Machine

Guest OS

Virtual NIC

Virtual SwitchName

Physical NIC

Physical Switch

Host OS

Physical NIC


Hardware

Physical Switch

External Network

IP address IP address

IP address

Figure3.1.3-1 ConnectionconfigurationofthestandardvirtualL2switch


TI30A05B10-01EN Sep. 28, 2018-01

NetworkusedbythevirtualmachineThe engineering for connecting the network connection port of a guest OS to a physical NIC must be performed in the following order. Note that the user needs to use Hyper-V Manager (the standard software provided by Microsoft to create virtual machines and virtual switches) to create virtual switches, virtual machines, and virtual NICs.

(1) Creating a virtual switch, and specifying a physical NIC with which the created virtual switch communicates

(2) Creating a virtual machine, creating a virtual NIC that the created virtual machine uses, and specifying a virtual switch with which the created virtual NIC communicates

(3) Configuring the OS network settings on the guest OS

The user must name a virtual switch, and the name must be unified within all the virtualization host computers in the HA cluster. “Unifying the name” means that the virtual switches with the same role (for example, the switch used by Vnet/IP of domain 1) have the same name on all virtualization host computers in the HA cluster. If the name is not unified, the live migration and failover do not work properly. The following describes the details.

Creatingavirtualswitch,andestablishingthecommunicationpathbetweenthevirtualswitchandthephysicalNICBefore creating a virtual machine, the user must create a virtual switch (by using Hyper-V Manager). When creating a virtual switch, the user must name the virtual switch and specify a physical NIC to which the created virtual switch connects.Note that the user must create the virtual switch with the same name in the virtualization host computer that is used for the live migration and failover destination. (Refer to the figure below.)

F030107E.ai


Hardware

Guest OS

Virtual Switch with the same name

Hardware

Live MigrationFail Over


Virtual NIC

Virtualization Software Virtualization Software

Name NameVirtual Switch Virtual Switch

Physical NIC

Physical Switch Physical Switch


Physical NIC

Figure3.1.3-2 NotesregardingcreatingavirtualswitchwhenbuildingtheHAclusterconfiguration

The live migration fails if no virtual switch with the same name exists in the destination virtualization host computer at the time of live migration. If no virtual switch with the same name exists at the time of failover, the communication path cannot be established after the guest OS starts so that the communication becomes unavailable. When building the HA cluster configuration, be sure to perform the live migration test and confirm that the virtual switch construction was done correctly.In addition, the virtual switches with the same name must be connected on the same physical network. If a virtual switch is connected to a different physical network, the communication path is established with another physical network after performing live migration or failover. Thus, the virtual machine cannot communicate with the network that is to be originally connected. Therefore, the user must engineer the active server and the standby server in the HA cluster configuration to connect to the same physical network with the same virtual switch configuration.


TI30A05B10-01EN Sep. 28, 2018-01

CreatingavirtualmachineandavirtualNICusedbythevirtualmachineNext, the user can create a virtual machine. He or she can create also a virtual NIC to be used inside the virtual machine when creating the virtual machine. When creating a virtual NIC, the user must specify a virtual switch with which the created virtual NIC connects by using the name of the virtual switch.

ConfiguringtheOSnetworksettingsontheguestOSThen, the user can log on to the guest OS and set the IP address, subnet mask, and other settings for the connection port connecting to a network. This enables the guest OS to communicate with the devices on the Ethernet.

NetworkusedbythehostOSFor the network used by the host OS, in the host OS, the user can set the IP address, subnet mask, and other settings for the connection port connecting to a network. This enables the host OS to communicate with the devices on the Ethernet. This network can be configured in the same way as when designing and engineering a network with a normal physical computer.

n VirtualL2SwitchastheL2SwitchfortheVnet/IPDomainandItsStageCount

In Vnet/IP, the domain that is connected only using the L2 switch without going through devices such as an L3 switch and a Vnet router is called the Vnet/IP domain. On the virtualization platform, the domain that is connected using the virtual L2 switch as this L2 switch is also called the Vnet/IP domain. There is an upper limit on the unit count (stage count) of the L2 switches that can exist on the routes between all Vnet/IP stations. When calculating this stage count, the virtual L2 switch should not be included in the stage count.

n VirtualizationHostComputerandtheVnet/IPDomainCountandZoneA zone is an area isolated by network security using access control. It is applied when you want to divide the engineering computer and operator computer, etc. in zones and want to limit the range that the computers can access. Because the purpose is to isolate the computer for network security, you must be able to set the access restriction on all the networks used by the computer.Virtual switch of the virtualization host computer has no access control function. Therefore, when setting a zone in the virtual machine on the virtualization host computer, when you wish to communicate between virtual machines arranged in different zones, you must communicate between them via the external router, etc. that can perform access control of the virtualization host computer.


TI30A05B10-01EN June 14, 2019-00

The following restrictions are set so that you can apply the zone to the virtualization host computer:

• The maximum number of zones that can be configured with one virtualization host computer is 4.

• The virtual machine must be located in one of the zones.

• Virtual machines located in different zones should not communicate directly with virtual switches in the same virtualization host computer.

The previous limitation also applies to virtual Vnet/IP stations.• Place one virtual Vnet/ IP station in one of the zones.

• Place virtual Vnet/IP stations of different Vnet/IP domains in different zones.

The virtual switch of the virtualization host computer does not have a routing function. Therefore, if you want Vnet/IP communication between virtual machines of different Vnet/IP domains on the same virtualization host computer, make them communicate with each other via routers external to the virtualization host computer. If the Vnet/IP domain of the virtual Vnet/IP station is different (zone is different) for the plant information network and the remote UI network other than Vnet/IP, make them communicate with each other via the network switch external to the virtualization host computer.

F030108E.ai

Vnet/IP

Structure of physical environment


Router


Zone

Virtual L2SW Virtual L2SW

Examples of design rule conformance Example of design rule violation

Zone

Virtual L2SW Virtual L2SW


Zone

Virtual L2SW

Domain 1 Domain 2

Zone

Virtual L2SWVirtual L2SW

Physical L3 RouterPhysical L2/L3 SW

Configuring with a Virtualization Host Computer

Domain 1 Domain 2 Domain 1 Domain 2

Physical L3 RouterIf zones are separated for network security, do not share virtual L2SW between zones.

Figure3.1.3-3 Examplezoneconfigurationforvirtualizationhostcomputer


TI30A05B10-01EN Sep. 28, 2018-00

n ZoneCombinationsAllowedinOneHAClusterConfigurationThe standby virtualization host computer zone of the HA cluster configuration is configured to include all zones of the active virtualization host computer. This is because the standby virtualization host computer must have the ability to be an alternate server if the active virtualization host computer goes down. The maximum number of zones in the virtualization host computer of the virtualization platform is four, so you can configure up to four zones with one HA cluster.

F030109E.ai

Virtualization Host Computer(Active)

HIS HIS HIS ENG SENG SIOS

Zone 1Zone 2Zone 3Zone 4

Network(Vnet/IP, etc.)

Zone1 Zone2 Zone3 Zone4

Router



Virtualization Host Computer(Standby)

Figure3.1.3-4 ZonesforHAclusterconfiguration


TI30A05B10-01EN Sep. 28, 2018-00

3.1.4 SNTP ServerProvide an SNTP server because, with the virtualization platform, it is necessary to implement time synchronization for the entire virtualization platform by using an SNTP server. If the time synchronization is not completed, in the case that a failure occurs in the virtualization platform, it will be difficult to investigate the cause by matching various logs. Also, in the case of the HA cluster configuration, the incomplete time synchronization may cause a failure in the live migration or failover operation. An SNTP server must be installed in a location accessible from the management network through a network. When the SNTP server is installed in the plant information network, the host OS of the virtualization host computer connects to the plant information network from the management network through the L3 router and synchronizes with the SNTP server. Be sure to prepare the SNTP server for the top of the time synchronization hierarchy as a physical device (including a physical computer). The user needs to build the system with caution not to configure this as a virtual machine (including the domain controller operated in the host OS or virtual machine).The following shows the combination between components to be subject to the time synchronization.

• Between a host OS and a domain controller

• Between a host OS and a host OS

• Between a host OS and a guest OS

• Between a guest OS and a guest OS

Time must be synchronized to all SNTP servers except for the guest OS that is the Vnet/IP station. The guest OS that is the Vnet/IP station must be synchronized to the Vnet/IP network time by using the function of the Vnet/IP communication software. The user must synchronize the time of the components on the plant information network to the Vnet/IP network time in the same way as the physical environment. The user can engineer the time synchronization route by referring to the following figure. Note that, for details on engineering the time synchronization of guest OS, refer to the manual for each system product. In the following figures, “Utilize the mechanism of conventional physical environment” means “Performing engineering by using the same method as before to synchronize the SNTP server time and the Vnet/IP time.”

F030110E.ai

Vnet/IP

Router

Host OS Guest OS

Virtualization Host ComputerVirtualization Host Computer

Host OS Guest OS Guest OS

(Vnet/IP Station)

(Vnet/IP Station)

(Non-domain environment)





Management network

SNTPserver

Guest OS

sync

Utilize the mechanism of conventional physical

environment

Figure3.1.4-1 Inasingleconfiguration,whentheguestOSisinaworkgroup (non-domainenvironment)


TI30A05B10-01EN Sep. 28, 2018-00

F030111E.ai

Vnet/IP

Router

Host OS Guest OS



(Vnet/IP Station)

(Vnet/IP Station)

(Domain environment)




Management network

SNTP server

Guest OS

Domain controller


environment

syncsync


Figure3.1.4-2 IntheHAclusterconfiguration,whentheguestOSisinthedomainenvironment

F030112E.ai

Vnet/IP

Router

Host OS Guest OS



(Vnet/IP Station)

(Vnet/IP Station)






Management network

SNTP server

Guest OS

Domain controller


environment

sync

syncsync

Figure3.1.4-3 IntheHAclusterconfiguration,whentheguestOSisinaworkgroup (non-domainenvironment)


TI30A05B10-01EN Sep. 28, 2018-00

3.1.5 Domain ControllerOn the virtualization platform, the user can build the HA cluster configuration by using Windows server function (failover clustering function). One of the requirements for this function is “a host OS must be in the domain environment.” Therefore, it is essential to install a domain controller in the HA cluster configuration.To join the host OS to a domain, the domain controller must be installed in a location accessible through the management network. The user can use the domain controller installed either on the management network or on the plant information network used by the guest OS through the router.

CAUTIONDo not operate the domain controller for the host OS prepared to build the HA cluster configuration in a virtual machine on that very HA cluster. To avoid useless troubles, the user should prepare and operate the domain controller for the host OS in a virtual machine outside that HA cluster or in a physical server.

3.1.6 NMS(NetworkManagementSystem)On the virtualization platform, NMS is used to monitor the hardware failure of the virtualization host computer and the shared storage, the network disconnection, and other failures, and to perform the trend acquisition of performance data of host OS. In addition, NMS can notify the user when the failure of the virtualization platform is detected.The user needs to engineer all devices to be monitored by NMS on the virtualization platform to be accessible from the management network. Therefore, NMS must be installed in the network that can access the management network.


TI30A05B10-01EN Jan. 11, 2019-00

3.2 FunctionsProvidedbytheVirtualizationPlatform

This section describes the functions provided by the virtualization platform. Yokogawa offers the virtualization platform whose functions derived from Hyper-V are customized for Yokogawa. We also offer the functions unique to Yokogawa.

3.2.1 ManagementSoftware<FunctionofHyper-V>The user can utilize the management software (Hyper-V Manager) that is the standard software for the host OS to configure the Hyper-V settings such as creating virtual switches and specifying the location of virtual machines, and to operate the virtual machines, for example, creating virtual machines and changing the CPU core count or memory capacity of the virtual machines. The Hyper-V Manager can be installed from the server manager of the host OS. Hyper-V Manager enables the user not only to manage the local host OS but also to configure the Hyper-V settings for other virtualization host computers and to remotely control the virtual machines.The user can use the Failover Cluster Manager of host OS to build the HA cluster configuration. The Failover Cluster Manager can be installed from the server manager of the host OS.

3.2.2 LiveMigration<FunctionofHyper-V>Live migration is a function to migrate a virtual machine to another virtualization host computer without stopping the running virtual machine, which can be used between virtualization host computers of the single configuration or within an HA cluster configuration. Using this function enables the user to perform the application of security patch and the hardware replacement for the host OS that require stop and restart of the server without turning off the virtual machine.The user must perform live migration for virtual machines one by one manually because it requires large loads on both software and hardware of the virtualization platform. When performing live migration with the single configuration, limit the network transmission band for the live migration to prevent excessive loads on the disk.The live migration can be performed from the Hyper-V Manager in the case of single configuration and from the Failover Cluster Manager in the case of HA cluster configuration.

NotesonthelivemigrationPerforming live migration results in an error if any of the following applies. Note that, even if the live migration fails, the virtual machine does not stop but continues to operate on the existing virtualization host computer.

• The memory of the virtualization host computer for the live migration destination is insufficient.

• The physical CPUs of the two virtualization host computers that perform live migration are incompatible. (*1)

• Either the management network or the HA cluster network is disconnected.

• The virtual switch required by the virtual machine targeted for the live migration is not built in the virtualization host computer for the live migration destination.

*1: “The physical CPU is incompatible” means “the CPU instruction set used by the virtual machine is different between the virtualization host computers”.

DisablingautomaticlivemigrationIn the virtualization platform environment, the default setting is changed so that the live migration does not start automatically. However, there are exceptions where the automatic migration is not disabled. For example, if a virtual machine is running on a virtualization host computer that is part of the HA cluster, and you shutdown the host OS, automatic live migration occurs.


TI30A05B10-01EN Oct. 4, 2019-00

3.2.3 Failover<FunctionofHyper-V>Failover is a function to restart the virtual machines of a virtualization host computer that stops due to an error, on another virtualization host computer in an HA cluster. This function is used to reduce the down time of a system when a virtualization host computer stops due to an error.Restoration by restarting the virtual machine by using failover runs in the same way as [OS startup after unexpected shutdown].Apart from the HA cluster failover, there is another function called replication failover.

SEE ALSO For more information about replication failover, refer to "3.2.10 Replication <Hyper-V function>".

n Failover conditionsFailover occurs in the following scenarios:

• When an active virtualization host computer stops due to an error.

• When communication is interrupted in both the management network and the HA-cluster network on an HA cluster that consists of three or more virtualization host computers.

n StartuptimeofavirtualmachineafterafailoverThe minimum time that is required to start a virtual machine after a failover includes the time to start the guest OS and the time to start applications such as HIS.

n AutomaticrestartofvirtualmachinesIf the guest OS of a virtual machine with failover settings stops responding, the virtual machine restarts automatically. Unlike failover, the virtual machine restarts on the virtualization host computer that the virtual machine is originally allocated.Restoration by restarting the virtual machine runs in the same way as [OS startup after unexpected shutdown].


TI30A05B10-01EN Sep. 28, 2018-00

3.2.4 NICTeaming<FunctionofHyper-V>NIC teaming is a function that uses two or more network adapters to balance the load on the network and to improve the availability of network adapter with redundant configuration.The virtualization platform uses NIC teaming when using the remote UI network in a dual-redundant configuration. Vnet/IP is a network whose bus is configured as dual-redundant, and a dedicated protocol enables the Vnet/IP network to perform high-quality and real-time communication. Therefore, the user does not need to (should not) apply the NIC teaming function. The storage network does not use the NIC teaming because it is configured as dual-redundant by using Microsoft Multipath I/O (MPIO).NIC teaming switches the redundant path of the network only when the network adapter of the virtualization host computer itself is linked down. It does not switch the path when the network between thin clients and the virtualization host computer experiences any error. Therefore, when configuring the remote UI network with a redundant path, design the network so that it automatically recovers from errors on the intermediate network path.

3.2.5 ResourceControl<FunctionofHyper-V>Resource control is a function to regulate resources such as setting the priority and upper limit for the resource usage of virtual machines. In the case that two or more virtual machines are running on a virtualization host computer, if some virtual machines consume a large amount of resources, they may affect the operation of other virtual machines. To prevent this, configuring the resource control settings is necessary. For resource control, the user can use the Hyper-V resource control function and the Storage Quality of Service (QoS).

3.2.6 Backup<FunctionofHyper-V>The backup function enables the user to acquire a full backup of a host OS or a virtual machine by manual backup.In the case when inconsistency occurs in the setting of the host OS or guest OS or in the system, restoring the backup image enables the user to quickly restore the state before the occurrence of inconsistency. Also, when replacing a server or a shared storage, restoring the backup image of the virtual machine can quickly restore the state before the replacement. Note that the backup image of virtual machine can be utilized to migrate the virtual machine to another virtualization host computer.

3.2.7 ITSecurity<FunctionProvidedbyYokogawa>Yokogawa provides the IT security tool for the host OS and Windows based thin client. For details on the settings, refer to IM 30A05B30-01EN “Virtualization Platform Security Guide.”

3.2.8 LogSave<FunctionProvidedbyYokogawa>Yokogawa provides the log save tool for the host OS. For the list of information to be acquired, refer to IM 30A05B20-01EN “Virtualization Platform Setup.”


TI30A05B10-01EN Sep. 28, 2018-00

3.2.9 Checkpoint<Hyper-Vfunction>A checkpoint (snapshot) is a function to save the state of the virtual machine at a certain point. By creating checkpoints before applying patches, installing applications and when building the environment, you can quickly return to the original state even if you make a mistake. However, it is prohibited to run a plant operation on a virtual machine that still has checkpoints. There is a concern about performance deterioration of the virtual machine when continuing long-term operation in that state. This function should only be used temporarily for maintenance purposes, and all the checkpoints must be deleted to be invalidated before the plant goes into operation. Note that you must acquire, apply, or delete checkpoints on the virtualization platform while the virtual machine is stopped (shut down).

3.2.10 Replication<Hyper-Vfunction>The purpose of using replication is to reduce downtime when the main storage in a single configuration or HA cluster configuration has failed. The storage may be a local storage if it is in a single configuration, or a shared storage if it is in an HA cluster configuration.Replication in a virtualization platform is a function that periodically creates replica (duplicate) of virtual machines that are on a virtualization host computer (primary server) on another virtualization host computer (replica server) in a virtualization platform environment. It is implemented by using Hyper-V replicas. If the primary server stops due to an error, you can restore the processes that were running on the virtual machines by using the replicas of the virtual machines working on the replica server (failover of replication). However, data on the virtual machines will be rolled back to the point when the replicas were created. In the event of a failover with replication, an initial cold start (restart of virtual machines) using the replica image takes place. Like restoration from a backup, the operations and data updates that were performed during the period until the roll-back point are not reflected in the replica, and there may be inconsistencies between other devices (virtual machine, physical computers, etc.) that did not experience a failover. So, care must be taken in operation.In order for the virtual machines subjected to replication to be able to operate equally on the primary server and the replica server, the network configuration and the resource capacity that can be secured for the virtual machines must be identical on the two servers. In addition, the CPU load and disk load will increase due to replication operations on the virtualization host computer where the virtual machines subjected to replication are running (primary server) and the virtualization host computer where replicas are created (replica server). Assume that this load is equal to the load on the virtual machine that you want to replicate. This means that every time a virtual machine is replicated, an extra virtual machine of the same capacity (resource for replication) will run on the primary server and the replica serer. Because of this, it is necessary to estimate the number of virtual machines that can be consolidated on one primary server/replica server, considering also the resources for replication.


TI30A05B10-01EN Sep. 28, 2018-01

F030201E.ai

Host OS

Physical Server

Host OS Virtual Machine

Primary Server

Replication

Virtual Machine

Physical Server

Replica Server


Resourcesfor

replication

Replica VirtualMachine

(Resources forreplication)

For example, when a virtualization host computer running 18 virtual machines with the same resource capacity as the standard virtual machine is used as the primary server, no more virtual machines can run on that computer if up to 9 computers are specified for replication. Since the resource capacity for the remaining 9 virtual machines will be used as the resources for replication, stop the remaining 9 virtual machines. In this situation, also on the replica server, the resource capacity of the same amount as that of the resource capacity secured for replication on the primary server cannot be used to run virtual machines.

Note that the primary server and replica server must be specified using a Fully Qualified Domain Name (FQDN) based on the Hyper-V specification. Therefore, the management network is used for replication in the virtualization platform. When using replication, you must be careful about the management network band. This is because data of the amount written to the primary server is also written to the replica server through the network.

The virtual machine image to restore a virtual machine to a state at a certain point of time is called a recovery point. A replica consists of the Latest recovery point that restores a virtual machine to its latest state and Additional recovery points that are generated every hour. Assume that the disk space required for one recovery point is equal to the space required for the virtual machine that you want to replicate. The number of additional recovery points can be changed. Decide it from the free disk space of the replica server.

Additional recovery points are used to restore virtual machines to states earlier than the Latest recovery point. Additional recovery points should also be retained in case when restoring a virtual machine with Latest recovery point fails. Decide for each JOB the number of Additional recovery points that should be retained based on the disk space of the replica server and how restoration of the virtual machine is required.

Activating the replica on the replica server in the event of a primary server failure is also expressed as a “failover” on Hyper-V Manager and Failover Cluster Manager. However, it does not mean the failover described in section 3.2.3. Failover to a replica needs to be performed manually by using Hyper-V Manager or Failover Cluster Manager.

In the case of single configuration, the virtualization host computer can be either a primary server or a replica server. In the case of HA cluster configuration, an HA cluster configuration is regarded as one server and can be a primary server or a replica server.

After a failover with replication, if you want to have the recovered primary server act again as the virtualization host computer for running virtual machines, you must stop the virtual machines.


TI30A05B10-01EN June 14, 2019-00

3.3 FunctionstoProhibitUseonVirtualizationPlatform

There are some virtualization platforms that require attention when using them in Hyper-V functions.This chapter shows the attention.

n OperationsonActiveVirtualMachineDepending on how to use the active virtual machines, there are operations that have a significant impact on the system.Therefore, do not use the following operations against the active virtual machines. However, it is possible to perform these operations on stopped virtual machines.

- Quick Migration

- Save/Start

- Pause/Resume

- Export/Import of virtual machine

- Create Checkpoint/Apply Checkpoint


TI30A05B10-01EN June 14, 2019-00

3.4 VirtualizationPlatformSystemConfigurationSelectionGuide

There are some patterns of system configurations using the virtualization platform. This section gives an overview of what is made possible, what is the matter to be concerned, and what is required as components, depending on the selected pattern.

When you design a system configuration, start from a virtualization host computer in the single configuration (standalone single configuration), and consider how the installation configuration should be changed in order to add the required virtualization features. Table 3.4-1 shows the pros and cons of each pattern of system configuration using the virtualization platform. Consider the installation configuration, paying attention especially to the cons.

Table3.4-1 Patternsofsystemconfigurationusingthevirtualizationplatformandtheirprosandcons(1/2)

Virtualization configuration

Installation configuration Failover Live

migration Replication Pros Cons

1

Single configuration

Standalone single configuration No No No ―

If the server fails, all applications (virtual machines) stop. The data during the failure will be missing.

2 Single configuration+ physical PC No No No

Some of the applications can continue to run even when the server fails.

Some applications stop when the server fails.

3

Single configuration+ single configuration(Dual servers)

No Yes YesAll applications can continue to run even when the server fails.

Domain controller is required to run a live migration.

4

HA cluster configuration

Single HA cluster configuration Yes Yes No

Failover can take place.

Shared storage and domain controller are required. If the shared storage fails, all applications stop. In the event of a shared storage network error, operation is disabled for about 50 seconds. The data during that time may be lost. The failure cannot be noticed immediately.

5

HA cluster configuration

HA cluster configuration+ physical PC

Yes (*1)

Yes(*1) No

Some of the applications can continue to run even when the shared storage fails. When the HA is not functional due to a network error, the PC can be notified of the failure (via NMS).

Some applications stop when the HA cluster fails.

Yes: Available No: Not Available


TI30A05B10-01EN

Virtualization configuration

Installation configuration Failover Live

migration Replication Pros Cons

6

HA cluster configuration+ single configuration

Yes(*1)

Yes(*1) Yes

Plurality of applications can continue to run even when the shared storage fails (not all applications). When the HA is not functional due to a network error, notification of the failure is possible (via NMS).

Some applications stop when the HA cluster fails.

7

HA cluster configuration + HA cluster configuration(Dual clusters)

Yes(*2)

Yes(*2) Yes

All applications can continue to run even when the shared storage fails. Downtime can be made 0. When the HA is not functional due to a network error, notification of the failure is possible (via NMS).

It is costly.

Yes: Available No: Not Available*1: Failover and live migration can be performed only within the HA cluster configuration.*2: Failover and live migration can be performed only within each HA cluster configuration.

June 14, 2019-00

Table3.4-1 Patternsofsystemconfigurationusingthevirtualizationplatformandtheirprosandcons(2/2)


TI30A05B10-01EN June 14, 2019-00

The table below summarizes the pros and cons of each virtualization technique. Consider whether to use the technique, paying attention especially to the cons.

Table3.4-2 ProsandconsofvirtualizationtechniquesTechnique Pros ConsShared storage

Failover can be implemented. If a link-down occurs on the active-side path of the storage network, the communication stops for a certain period of time, during which data read/write access may be disabled.

Can be a measure to reduce the disk load during live migration.

Since the virtualization host computer and the shared storage are connected via a network, the connection path may be vulnerable compared to a local disk.

Failover Can be a measure to reduce the downtime due to a sudden death of the virtualization host computer.

Since a failover takes time in the order of minutes, the service stops during that time.Restarting of virtual machines is mandatory.

Livemigration

Can be a measure to reduce the downtime due to a planned stoppage of the virtualization host computer.

When run, the load on the HA-cluster network becomes high.Without use of a shared storage, the disk load becomes high on both the sending and receiving virtualization host computers.Virtual machines are not completely free from being stopped.

Replication Can be a measure to reduce the downtime due to a failure of the virtualization host computer.

Since data is synchronized periodically (roughly 5 minutes), the data during the period between the occurrence of the event and the previous synchronization will be lost.When run, disk load imposed by replication is added in addition to the disk load imposed by the virtual machines.

Can be a measure to reduce the downtime due to a failure of the shared storage.

Failover to a replica virtual machine needs to be done manually.

The table below shows the components required to implement each installation configuration. Consider the installation configuration, referring to this table.

Table3.4-3 Componentsrequiredforeachinstallationconfiguration

Configuration ComponentVirtualizationconfiguration Installationconfiguration NMS SNTP server Domain

controllerSharedstorage

1 Single configuration

Standalone single configuration Yes Yes No No

2 Single configuration+ physical PC Yes Yes No No

3Single configuration+ single configuration(Dual servers)

Yes Yes Yes (*1) No

4 HA cluster configuration

Single HA cluster configuration Yes Yes Yes Yes

5 HA cluster configuration+ physical PC Yes Yes Yes Yes

6 HA cluster configuration+ single configuration Yes Yes Yes Yes

7HA cluster configuration+ HA cluster configuration(Dual clusters)

Yes Yes Yes Yes

Yes: Required No: Not required*1: Required for live migration.

4. Target Products for Virtualization Platform 4-1

TI 30A05B10-01EN

4. Target Product for Virtualization Platform

Thischapterdescribesthesystemproductsoperatingonthevirtualizationplatformandhowtoprovidethem.

4.1 SoftwaretoRunontheVirtualMachineThis section describes products that support the operation on the virtual machine of the virtualization platform.

n YokogawaIASystemProductsTable4.1-1 YokogawaIASystemProductsforVirtualization

Product name Releasenumber Software RemarksCENTUM VP R6.06.00 or later HIS, ENG, etc. Except APCS, GSGW, UGS, UGS2ProSafe-RS R4.04.00 or later SENG, iDefine Except Vnet/IP-UpstreamExaopc R3.77.00 or later OPC Interface Package Except Exaopc-RD

Exapilot R3.98.00 or later Operation Efficiency Improvement Package

AAASuite R1.21.00 or later Advanced Alarm Administrator

PRM R4.02.10 or later Plant Resource Manager Except RS-232C, NI-FBUS,COM Port connection

Exaquantum R3.15.00 or later Plant Information Management System

Platform for Advanced Control and Estimation

R5.02.20 or laterMultivariable Optimizing Control and Robust Quality Estimation

n CommonTable4.1-2 CommonSoftwareforVirtualization

Software Releasenumber RemarksYokogawa Standard Anti-virus Software ― It was called “AV11000” formerly.IT Security R11.03.00 or later

Vnet/IP Interface Package R1.01.00 or later In this document, it is described as “Vnet/IPcommunication software.”

n OthersThe following shows software provided by others than Yokogawa operating on the virtual machine.

• File Server

• Domain Controller

Oct. 4, 2019-00


TI 30A05B10-01EN June 14, 2019-00

n DetailsofYokogawaIASystemProductsforVirtualizationDetails of Yokogawa IA system products for the virtualization platform are shown as the tables below.

CENTUMVPTable4.1-3 CENTUMVP(ENG)

Model Package name Virtualization RemarksVP6E5000 Engineering Server Function YesVP6E5100 Standard Engineering Function YesVP6E5210 Module-based Engineering Package Yes

VP6E5215 Tuning Parameter Management Package (for Module-based Engineering) Yes

VP6E5216 Bulk Editing Package (for Module-based Engineering) Yes

VP6E5250 Change Management Package YesVP6E5260 Dependency Analysis Package YesVP6E5110 Access Control Package YesVP6E5150 Graphic Builder YesVP6E5165 Batch Builder (VP Batch) YesVP6E5166 Recipe Management Package (VP Batch) YesVP6E5170 FDA:21 CFR Part 11 package YesVP6E5420 Test Function YesVP6E5425 Enhanced test function package YesVP6E5426 FCS Simulator Package YesVP6E5427 HIS Simulator Package YesVP6E5450 Multiple Projects Connection Builder YesVP6E5490 Self-documentation Package YesVP6E5800 Turbine I/O Module Logic Builder Package Yes

.


TI 30A05B10-01EN Sep. 28, 2018-01

Table4.1-4 CENTUMVP(HIS)

Model Package name Virtualization RemarksVP6H1100 Standard operation and monitoring functions Yes

VP6H1120 Console HIS Support Package for Enclosed Display Style No Hardware is console type

VP6H1130 Console HIS Support Package for Open Display Style No Hardware is console type

VP6H1140 Eight-loop Simultaneous Operation Package(for AIP831) Yes

VP6H2411 Exaopc OPC Interface Package (for HIS) YesVP6H2412 CENTUM Data Access Library YesVP6H4000 Million Tag Handling Package YesVP6H4100 Configured Information Reference Package Yes

VP6H4150 Output to External Recorder Package No RS-232C connection with FA-M3

VP6H4190 Line Printer Support Package No The printer connects by USB.

VP6H4200 Historical Message Integration Package(meeting FDA Regulations) Yes

VP6H4410 Control Drawing Status Display Package YesVP6H4420 Logic Chart Status Display Package YesVP6H4450 Multiple Projects Connection Function package YesVP6H4600 Multiple-monitor Support Package YesVP6H4700 Advanced Alarm Filter Package YesVP6H6510 Long-Term Data Archive Package YesVP6H6530 Report Package YesVP6H6660 Process Management Package (VP Batch) YesVP6H6710 FCS Data Setting/Acquisition Package (PICOT) Yes

VP6H1150 Server for Remote Operation and Monitoring Function Yes

Table4.1-5 CENTUMVP(FCS)

Model Package name Virtualization Remarks

VP6F1700, VP6F1705

Basic Control Functions (AFV30o/AFV40o), Control Function for FCS Simulator (for AFV30o/AFV40o)

Yes

VP6F1800, VP6F1805

Basic Control Functions (A2FV50o), Control Function for FCS Simulator (for A2FV50o) Yes

VP6F1900, VP6F1905

Basic Control Functions (A2FV70o),Control Function for FCS Simulator (for A2FV70o) Yes

VP6F8620 Off-site Block Package YesVP6F3132 Valve Pattern Monitor Package Yes

VP6F3210 PID with Output Loss Compensation Package(for Field Wireless) Yes

VP6F1200, VP6E5500, VP6ESETA

APCS Control Function, User Custom Block Development Package, APCS Set No

VP6F3100 Project I/O License Yes


TI 30A05B10-01EN Jan. 11, 2019-00

Table4.1-6 CENTUMVP(Others)

Model Package name Virtualization RemarksVP6P6900 SOE Server Package YesVP6P6910 SOE Server Configurator Package YesVP6P6920 SOE Viewer Package YesVP6P6930 SEM OPC Interface Package Yes

VP6E5030 C Language Development Environment Package for FCS No

VP6E5500 User Custom Block Development Package No

VP6E9001 Exatif DCS Interface for Training Simulator Yes By Omega Simulation Co., Ltd.

VP6F1250 GSGW Generic Subsystem Gateway Package NoVP6B2100 System Integration OPC Client Package YesVP6B1500 UGS Unified Gateway Station Standard Function NoVP6B1501 Dual-redundant Package (for UGS) No

VP6B1600 Unified Gateway Station (UGS2) Standard Function No

VP6B1601 Dual-redundant Package (for UGS2) NoVP6B1550VP6B1650

OPC Communication Package(for UGS/UGS2) No

VP6B1553VP6B1653

Modbus Communication Package(for UGS/UGS2) No

VP6B1591VP6B1691

EtherNet/IP Communication Package(for UGS/UGS2) No

VP6B1570VP6B1670

IEC 61850 IED Communication Package(for UGS/UGS2) No

ProSafe-RSTable4.1-7 ProSafe-RS

Model Package name Virtualization RemarksRS4E5000 Engineering Server Function Yes

RS4E5100 Safety System Engineering and Maintenance Package Yes

RS4E5170 Access Control and Operation History Management Package Yes

RS4E5210 I/O List Engineering Package YesRS4E5250 Change Management Package YesRS4E5600 CENTUM VP Integration Package YesRS4E5700 FAST/TOOLS Integration Package NoRS4E5810 iDefine Interface Package YesRS4H2100 SOE Viewer Package YesRS4H2200 SOE OPC Interface Package Yes

Note: Do not install SENG of ProSafe-RS on the same virtual machine as HIS-TSE (Server for Remote Operation and Monitoring Function) of CENTUM VP.


TI 30A05B10-01EN Jan. 11, 2019-00

ExaopcTable4.1-8 Exaopc


NTPF100-S1

Exaopc OPC Interface Package For CENTUM VP, for CENTUM VP Small, for CENTUM CS3000, for CENTUM CS3000 Small(DA, A&E, HDA Server Functions)

Yes

NTPF100-S3Exaopc OPC Interface Package For CENTUM CS(DA, A&E, HDA Server Functions)

No

NTPF100-S6Exaopc OPC Interface Package For CENTUM VP CAMS for HIS(DA, A&E, HDA Server Functions)

Yes

NTPF100-SBExaopc OPC Interface Package For VP Batch, For CENTUM CS Batch 3000(DA, A&E, HAD, Batch Server Function; Exaopc/Batch)

Yes

NTPF100-SXExaopc OPC Interface PackageOPC Server Redundancy Function(Exaopc-RD)

No

PRMTable4.1-9 PRM

Model Package name Virtualization RemarksPM4S7100 PRM Device License YesPM4S7700PM4S7701PM4S7702

Plant Resource Manager Server Yes

PM4S7710 Plant Resource Manager Client YesPM4S7711 Documenting Calibrator Interface No COM Port connectionPM4S7720 Field Communication Server Yes With Vnet/IPPM4S7730 Interface for CMMS YesPM4S7740 PRM Advanced Diagnostic Server YesPM4S7770 GE Energy System 1Communication Package YesPM4S7780 PST Scheduler Package Yes


TI 30A05B10-01EN

ExaquantumTable4.1-10 Exaquantum

Model Package name Virtualization RemarksNTPP001 Exaquantum Data Server Package Yes

NTPP002 Exaquantum Client Per-Seat Licensing Interface Package Yes

NTPP003 Exaquantum Web Server Package YesNTPP004 Exaquantum Web Client Package YesNTPP005 Exaquantum GUI Conversion Tool Yes

NTPP006 Exaquantum User 2:1 Concurrent Licensing Interface Package Yes

NTPP007 Exaquantum Open Interface function YesNTPP008 Additional Exaquantum Servers Yes

PlatformforAdvancedControlandEstimationTable4.1-11 PlatformforAdvancedControlandEstimation


NTPS410 Platform for Advanced Control and Estimation - Multivariable Optimizing Control Yes

NTPS420 Platform for Advanced Control and and Estimation - Robust Quality Estimation Yes

Oct. 4, 2019-00


TI 30A05B10-01EN

4.2 SoftwaretoRunontheHostOSThe following shows system products operating the software to run on the host OS.

Anti-virusSoftwareThere is specified software as the anti-virus software for the host OS. Refer to Chapter 5 for details. Separately from the host OS, there is also specified virus software for the thin client. Refer to Chapter 9 for details.

ITSecurityThe IT security for the host OS is provided. Refer to Chapter 5 for details. Separately from the host OS, the IT security for the thin client is provided. Refer to Chapter 10 for details.

Vendor-specificsoftwareWhen setting up the environment, specialized software that is provided by vendors of the virtualization host computer, shared storage, and network switches is available for the Yokogawa-specified hardware of the virtualization platform.

4.3 Provided MediaIn order to make system products operate on the virtualization platform, two media of traditional product media and software media for virtualization platform are required.

SystemproductmediaWhen installing each system product in the virtual machine, install it using the conventional product media. The Vnet/IP communication software is included in the media of each product. Refer to each product’s manual for the installation procedure of the Vnet/IP communication software.

Software media for virtualization platformIt is the media dedicated to the virtualization platform that includes the software for the host OS. The IMs about the virtualization platform printed on paper are packed together with this media.

Jan. 11, 2019-00

5. Software Environment 5-1

TI 30A05B10-01EN

5. Software EnvironmentThischapterdescribesthesoftwareenvironmentofthevirtualizationplatform.

5.1 VirtualizationHostComputerThis section provides the software environment of the virtualization host computer.

5.1.1 HostOS

n OSThe following shows the supported OS types.

• Windows Server 2016 Datacenter Edition Desktop Experience (Japanese/English)

n Windows ServicesThe roles and features of the Windows server are added for using with the host OS of the virtualization host computer.

Table5.1.1-1 WindowsServices

Name HAclusterconfiguration

Single configuration Remarks

Hyper-V Available AvailableHyper-V Management Tools Available AvailableWindows Server Backup Available AvailableFailover clustering Available Not requiredFailover cluster management tool Available Not required Failover module for Windows Powershell Available Not requiredMultipath I/O Available Not required

n Anti-virusSoftwareThe following shows the supported anti-virus software types.

• Windows Defender

For details, refer to IM 30A05B30-01EN “Virtualization Platform Security Guide.”

n ITSecurityThe IT security tool for the host OS is provided.For details, refer to IM 30A05B30-01EN “Virtualization Platform Security Guide.”

Sep. 28, 2018-00


TI 30A05B10-01EN Sep. 28, 2018-00

n Backup SoftwareThe following shows the software that supports the use in the host OS to backup/restore the host OS and the virtual machines. Refer to Chapter 10 for the execution procedure.

Backuptype HostOS VirtualmachineManual full backup (Offline) Windows Server Backup (*1) (*2) Hyper-V Import/Export (*1)

*1: Standard feature of Windows Server *2: Windows Server installation media is required for restoration

NotesonbackupOffline backup is recommended for full backup because online backup may not be backed up correctly.

5.1.2 VirtualMachine

n OSThe following shows the supported OS types.

• Windows Server 2016 Standard Edition (Japanese/English)

n OthersThe same software as the physical environment can be used.


TI 30A05B10-01EN Sep. 28, 2018-00

5.2 Domain ControllerThis section describes the domain controller software environment required for HA cluster configuration. Two types of domain controllers can be used, one dedicated to the virtualization host computer and the other installed for the domain environment of the Yokogawa system product.

5.2.1 OSThe following shows the supported OS types.

WhenthedomaincontrolleriscommontotheYokogawasystemproductThat is, in the case of the domain controller that is located on the plant information network and manages the guest OSes :It is the same as the physical environment.

WhenthedomaincontrollerisdedicatedtothevirtualizationhostcomputerThat is, in the case of the domain controller that is connected to the management network and deals with the host OSes :

• Windows Server 2016 Standard Edition

5.2.2 ITSecurityIT security is provided respectively when domain controllers are common to Yokogawa system products and when they are dedicated to virtualization host computers. For details, refer to IM 30A05B30-01EN “Virtualization Platform Security Guide.”

5.2.3 OthersThe same software as the physical environment can be used.


TI 30A05B10-01EN Sep. 28, 2018-00

5.3 NMS(NetworkManagementSystem)This section explains the NMS that is used for detection of hardware failure and the monitoring of performance trend in the virtualization platform.

5.3.1 Selection CriteriaPrepare the NMS that meets the following selection criteria.

• It is possible to acquire performance trends of host OS using WMI (Windows Management Instrument).

• With SNMP v3, the hardware state of the virtualization host computer and shared storage can be monitored by polling.

n WhatsupGoldIf there is not the specified NMS in particular, Whatsup Gold is recommended.

.


TI 30A05B10-01EN Sep. 28, 2018-01

5.4 Various LicensesThis section describes the licenses required for the virtualization platform.

5.4.1 Windows OSThis section describes the license for using Windows OS on the virtualization platform. In the virtualization platform, license allocation is required in two places, the virtualization host computer and thin client. For licenses to be allocated to thin clients, it is necessary to allocate different licenses according to the type of the guest OS to be connected. For OS license authentication, it is necessary for the host OS and the guest OS, respectively. The Figure 5 1 figure shows the allocated part of the license and its type.

F050401E.ai


Host OS Guest OS(WS2016)

access

OS license activation



Server license

Server client access license

RDSclient access license

Guest OS(WS 2016)

Thin Client(for WS2016)

Server client access license

RDSclient access license

Thin Client(for WS2016)

Figure5.4.1-1 LicenseallocationrequiredforusingWindowsOS

Server LicenseThis is a license required to run the Windows Server OS on a computer. It is a license that needs to be allocated to the host OS.Note: It is required to run Windows service on a computer.

ServerClientAccessLicense(ServerCAL)This is a license required for clients connecting to Windows Server. This is a license required for thin client terminal accessing to the Windows Server OS running on the guest OS.Note: This license is unnecessary when Windows Server uses the function of another Windows Server.

RDSClientAccessLicense(RemoteDesktopServiceCAL)This is a license required for clients connecting to Windows Server via RDP. This is a license required for a thin client terminal that accesses to the Windows Server OS (WS2016) running on the guest OS via Remote Desktop.


TI 30A05B10-01EN

n NotesonpurchasingLicenseoftheHostOSWindows Server 2016, which is used as the host OS, has two editions (Standard and Datacenter). In these two editions, the number of virtual machines (OSEs) in which Windows Server OS can run concurrently on the virtualization host computer and the supported OS functions are different.

Item Standard DatacenterNumber of OSEs (*1) (*2) 2 Infinite

*1: Number of virtual machines in which Windows Server OS can run concurrently on the virtualization host computer.*2: Virtual machines in which Windows Desktop OS (such as Windows 10) or Linux run are not counted in the number of OSEs.

The virtualization platform supports Datacenter Edition only.

n AboutthelicenseoftheguestOSWhen using Windows Server as the guest OS, a separate license is not required for the guest OS because Windows Server 2016 Datacenter Edition is used as the host OS in the virtualization platform. If another OS (e.g. Windows 10) is used for the guest OS, its license should be purchased separately.

5.4.2 YokogawaSystemProductsRegarding Yokogawa system product licenses, according to the license requirements of each product, purchase the number of licenses to use and install them. Since it is not a license associated with the virtualization host computer like the Windows OS license, even in the HA cluster configuration, it is not necessary to prepare it in both the migration source and the migration destination of live migration and failover.

Jan. 11, 2019-00

6.HardwareConfiguration 6-1

TI 30A05B10-01EN

6. HardwareConfigurationThischapterdescribesthehardwareconfigurationofthevirtualizationplatform.

6.1 VirtualizationHostComputerThis section describes the requirements of the physical server to be used as a virtualization host computer for the virtualization platform.

6.1.1 Server modelThe following models are used as physical servers for virtualization host computers.

• Rack type: Dell PowerEdge R740

• Modular type: Dell PowerEdge FX2s, Dell FC640

The following shows the reason for choosing the above machines as the Yokogawa specified models.

Item Requirements RemarksHost OS Microsoft Windows Server 2016 + Hyper-V (*1)

Long-term maintenance It is a device type that can obtain long-termmaintenance support.

*1: Regarding the server OS, the physical server list authenticated by Microsoft is disclosed. - Windows Server Catalog https://www.windowsservercatalog.com/default.aspx

Although the above server model is specified, the memory capacity, disk capacity, etc. installed in the server can be changed according to the number of virtual machines running on the virtualization host computer and the applications running on the virtual machine. Refer to Chapter 7 for estimating the resource capacity used by the virtualization host computer.

CAUTIONFor R740, use it with the device driver version 7.705.13.0 or later of the RAID card (PERC H740P)

6.1.2 AboutImmobilizationofNetworkPortAllocationImmobilize the mounting position of the physical Ethernet card to be mounted on the physical server and the position of the network port of each physical Ethernet card for each application. Also, the position of the network port that can be used in each zone of the virtualization host computer is fixed. Immobilization is aimed at reducing work errors by setting up a virtualization host computer and facilitating local service work. Therefore, it is prohibited to use the network port other than the set use. For example, in the case of a zone with only Level 3 product virtual machines, the Vnet/IP port is free, but do not “use for another purpose” or “use from another zone”.

Jan. 11, 2019-00


TI 30A05B10-01EN June 14, 2019-00

6.1.3 AbouttheversatilenetworkportFor each server configuration, there is a versatile network port. Use versatile network ports for applications other than Vnet/IP.The assumed usage is as follows:

• Change the network bandwidth by exchanging with fixed use port.

• Add a port for the subsystem communication network.

• Use as a backup-only network of the host OS.

6.1.4 DetailsofServerSpecificationatSingleConfigurationA rack type server as a virtualization host computer that can be used in a single configuration is available. The server is provided with two types, 1 CPU type and 2 CPU type. The following shows the server hardware specifications.

•R740(1CPUtype)

Item Specification DescriptionBody Dell PowerEdge R740 based Yokogawa specified modelCPU Intel Xeon Gold 6148 2.4 GHz 20 cores Total 20 coresMemory 64 GB

Hard disk

600 GB x 2Hot-plug

For Host OSRAID1: effective volume 558 GB

1.2 TB x 6Hot-plug

For virtual machineRAID10: effective volume 3.2 TB

RAID PERC H740P internal RAID (*1) RAID1/10On-board Ethernet 10 GbE SFP+ 4 portsEthernet card 1 Gb 8 ports Installed into PCIe slot.Optical drive DVD+/-RWPower supply unit Hot plug power supplies with full redundancy 1100 W

Reference: Number of standard virtual machines that can be operated: 9 VM*1: The device driver version 7.705.13.0 or later should be used.

•R740(2CPUtype)

Item Specification DescriptionBody Dell PowerEdge R740 based Yokogawa specified model

CPU Intel Xeon Gold 6148 2.4 GHz 20 cores 2nd CPU is the same spec.Total 40 cores

Memory 128 GB

Hard disk

600 GB x 2Hot-plug


1.2 TB x 10Hot-plug


RAID PERC H740P internal RAID (*1) RAID1/10On-board Ethernet 10 GbE SFP+ 4 ports

Ethernet card 1 Gb 8 ports Up to 5 cards by configuration.Installed into PCIe slot.

Optical drive DVD+/-RWPower supply unit Hot plug power supplies with full redundancy 1100 W

Reference: Number of standard virtual machines that can be operated: 18 VM*1: The device driver version 7.705.13.0 or later should be used.


TI 30A05B10-01EN June 14, 2019-00

6.1.5 DetailsofServerSpecificationatHAClusterConfiguration

A rack type server or a modular type as a virtualization host computer that can be used in the HA Cluster configuration is available. In this configuration, only 2 CPU type is provided.

•R740(2CPUtype)

Item Specification DescriptionBody Dell PowerEdge R740 based Yokogawa specified model


Memory 128 GB

Hard disk 600 GB x 2Hot-plug


RAID PERC H740P internal RAID (*1) RAID1On-board Ethernet 10 GbE SFP+ 4 ports

Ethernet card1 Gb 8 ports Up to 4 cards by configuration.

Installed into PCIe slot.

10 GbE SFP+ 4 ports 1 card.Installed into PCIe slot.

Optical drive DVD+/-RWPower supply unit Hot plug power supplies with full redundancy 1100 W

*1: The device driver version 7.705.13.0 or later should be used.

•FX2s(FC640)

Item Specification DescriptionBody Dell PowerEdge FC640 based Yokogawa specified model


Memory 128 GB

Hard disk 600 GB x 2Hot-plug


RAID PERC H730P internal RAID RAID1On-board Ethernet 10 Gb 4 portsEthernet card 1 Gb 8 portsOptical drive None (*1)

*1: When utilize an optical drive, use an USB type DVD drive.

•FX2s(chassis)

Item Specification DescriptionBody Dell PowerEdge FX2s chassis Yokogawa specified modelI/O module 8 ports 10 GbE SFP+ pass through module

Power supply unit Hot plug power supplies with full redundancy 2400 W 200-240 VACplug type: 200 V/ C20


TI 30A05B10-01EN Jan. 11, 2019-00

SupplementofFX2s(FC640)Dell PowerEdge FX2s is called a module type server, and is classified as a blade type server. By mounting the compute sled where CPU/memory is mounted with high density and the module called storage sled where SSD/HDD is mounted with high density into the place called sled, it can be used as the 2U rack mount type server. The Dell PowerEdge FC 640 is a compute sled, and up to four can be mounted into the FX2s chassis. In the virtualization platform, FX2s mounting one to four FC640s will be line-upped as a virtualization host computer for HA cluster configuration.The figure below shows the mounting image of compute sled (FC640) as seen from the front of FX2s.

F060101E.ai

FX2s chassis

Compute Sled １(1st FC640)

Compute Sled 2(2nd FC640)

Compute Sled 3(3rd FC640)

Compute Sled 4(4th FC640)

Figure6.1.5-1 RelationshipbetweentheFX2schassisandthecomputesled(FC640)


TI 30A05B10-01EN Sep. 28, 2018-00

6.2 SharedStorageIn the HA cluster configuration, the shared storage is used. The storage configuration can be changed according to the capacity, the read/write speed and the number of virtual machines.For details of the capacity and the write speed, refer to Chapter 7.

• Dell SCv3020

Item Specification DescriptionBody Dell EMC SCv3020 based Yokogawa specified modelOS Storage Center OSStorage controller Dual ControllerFront-end port 10 Gbps iSCSI portManagement port 1 Gbps

Hard disk

1.2 TB 10 K RPM SAS x 1012 Gbps 2.5 inch Hot-plug






Rack size 3 UPower supply unit Hot plug power supplies with full redundancy 1485 W

Attached list: Hard diskSelect the configuration according to the required disk space.

Configuration Specification Remarks

1 1.2 TB 10K RPM SAS × 1012 Gbps 2.5 inch Hot plug

For Virtual Machine RAID 10 : Effective capacity 4.8 TB(Group 1)


For Virtual Machine RAID 10 : Effective capacity 10.2 TB(Group 1/2)


For Virtual Machine RAID10 : Effective capacity 15.1 TB(Group 1/2/3)

The following figure shows the positions of groups 1/2/3 described in the remarks.

F060102E.ai

Group 1

Group 2

Group 3

TIP Part of mounted HDD is always used as a spare disk.


TI 30A05B10-01EN

6.3 L2SwitchThe L2 switch for network of the following use is specified.

For Storage network

• Dell S4048T-ON

Item Specification DescriptionBody Dell S4048T-ON Yokogawa specified model

The number of ports48 fixed 10 GBase-T ports supporting 100 M /1 G /10 Gspeeds 6fixed 40 Gigabit Ethernet QSFP+ ports1 RJ45 console/management port with RS232 signaling

Performance Forwarding Capacity: 1080 MppsMAC addresses: 160 K

VLAN function The number of VLAN: 4000Managementfunction SNMP: v1, v2, v3 support

Hardwareredundancy

Hot swappable redundant powerHot swappable redundant fans

For Vnet/IPUse the same Recommended Switches for Vnet/IP as that in the physical environment.

ForremoteUInetwork/plantinformationnetwork/managementnetworkThere are no specified models in these networks. The L2 switch used for plant information network in the physical environment can be used.

Sep. 28, 2018-00


TI 30A05B10-01EN

6.4 PreparationforSpecifiedHardwareFor the virtualization host computer, shared storage, and L2 switch, use the models specified by Yokogawa. This forms the basic configuration of the virtualization platform.Optional parts can be added to the basic configuration.

Virtualizationhostcomputer

Device Description Yokogawamodelcode Remarks(*1)(*2)

DELLPowerEdgeR740XL (*3)

1 CPU single configuration YG4VR04-A1S1600E0 • Host OS: Windows Server 2016 Datacenter Edition• With Power Code (C13/C14)• No Jumper Code

2 CPU single configuration YG4VR04-B1D1600E02 CPU HA cluster configuration YG4VR04-H1D1600E0

DELLPowerEdgeFX2s

FX2s chassis YG5VR06-M1N0000X0 • No Power Code• With Jumper Code (C19/C20)

2 CPU HA cluster configuration(Dell PowerEdge FC640) YG5VR06-C1D1600E0 • Host OS: Windows Server 2016

Datacenter Edition

*1: The OEM OS of the physical server is licensed to the minimum number of cores as the host OS in each configuration.*2: The following accessories are not included in the basic configuration. Make arrangements as necessary. • Keyboard • Mouse • Display • Server CAL/Remote desktop CAL • DVD drive for external connection (USB) • Ethernet transceiver for SFP+ to RJ45 conversion • Ethernet connection cable for SFP+ • Ethernet connection cable for RJ45 • PDU (power supply tap for rack)*3: For R740XL, use it with the device driver version 7.705.13.0 or later of the RAID card (PERC H740P).

Sharedstorage

Device Description Yokogawamodelcode Remarks(*1)

DELLSCv3020

1.2 TB 10K RPM SAS × 10 VR6ST01-1000 • 12 Gbps 2.5 inch Hot plug• No Power Code• With Jumper Code (C13/C14)

1.2 TB 10K RPM SAS × 20 VR6ST01-20001.2 TB 10K RPM SAS × 30 VR6ST01-3000

*1: The following accessories are not included in the basic configuration. Make arrangements as necessary. • PDU (power supply tap for rack) • Ethernet connection cable for SFP+ • Ethernet connection cable for RJ45

L2switch

Device Description Yokogawamodelcode Remarks(*1)(*2)

DELLS4048T-ON

40 GB × 6 port (QSFP+)10 GB × 48 port (RJ45) VR6SW01-0000

• Air flow (IO to PSU) (*2)• With Power Code (C13/C14)• No Jumper Code

*1: The following accessories are not included in the basic configuration. Make arrangements as necessary. • 40 Gbps QSFP+ to 10 Gbps SFP+ × 4 breakout cable Two breakout cables per cabinet of virtualization host computers, and two breakout cables per cabinet of shared storage are required. • Ethernet connection cable for RJ45*2: Arrange the airflow direction according to the rack airflow that will accommodate the L2 switch cabinet.

June 14, 2019-00


TI 30A05B10-01EN

Thinclient

Device Description Remarks(*1)

Dell Wyse 3040 Up to 2 monitors• DisplayPort x 2 ThinOS 8.4 or later

Dell Wyse 5070 Extended

Up to 2 monitors• DisplayPort × 2

Windows 10 IoT Enterprise 2016 LTSBUp to 4 monitors (*1)• DisplayPort × 2• Mini DisplayPort × 2

*1: Using the optional expansion graphics card.

Jan. 11, 2019-01

7. Resource Capacity of the Virtual Machine 7-1

TI 30A05B10-01EN

7. ResourceCapacityoftheVirtualMachine

The resource capacity required for the virtualization host computer (number of CPU cores of the physical server, memory size, etc.) calculates the resource capacity required for the operation of the host OS and the virtual machine, and integrates all of them.The resource capacity required for the host OS and the virtual machine depends on the conditions of the host OS and the virtual machine you want to operate. Therefore, to estimate the required resource capacity, it is necessary to examine in advance the parameter indicating the application scale of the Yokogawa system product (number of simultaneous display displays, display update cycle, number of tags, number of data collections per second, etc.) and aspects such as whether the virtualization host computer is to be moved with single configuration or with HA cluster configuration. Estimate the resource capacity required to run the host OS and the virtual machine under the conditions that were examined in advance. For the required resource capacity of the virtual machine, refer to the operation specifications of each product.This section describes common matters and notes on resource capacity, and necessary resource capacity for the host OS.The resource capacity of the standard virtual machine shown below is an approximate resource capacity based on estimating the number of virtual machines that can be consolidated in the virtualization host computer. Based on this resource capacity, the configuration of the specified server in Section 6 is determined.The following table shows the resource capacity of the standard virtual machine.

Hardwareitemsofvirtualmachine Resource valueNumber of CPU cores 2Memory size 4 GBHard disk size 80 GBDisk Throughput 16 MB/sec at maximumNetwork Throughput 1 Gbps at maximum

For each product, the resource capacity shown with the parameter conditions is represented by the following three sets of resource indices:

• Number of CPU cores (pcs.)

• Memory size (GB)

• Disk size (GB)

In addition to the previous resources, the following resource indices may be added and expressed in some cases:

• Disk Throughput (MB/s)

• Disk IOPS (IO count/s)

• Network Throughput (Mbps)Disk Throughput : Data amount of reading/writing disk per unit timeDisk IOPS : Number of read/write commands per unit timeNetwork Throughput : Data amount of network communication (transmission/reception) per unit time

Sep. 28, 2018-00


TI 30A05B10-01EN June 14, 2019-00

AboutthespecifiedserverFor the specified server and shared storage, assuming the specifications of the standard virtual machine, the hardware configuration is determined assuming the number of simultaneous operations of the virtual machine. When using a specified server, you cannot change the hardware capability. Therefore, the number of virtual machines assumed by each specified server will be less than expected if there are virtual machines with resources larger than the resource capacity of the standard virtual machine. In other words, reduce the number of virtual machines that run simultaneously and allocate the reduced capacity of the virtual machine resource capacity to another virtual machine.You can add as much resource capacity in excess of the standard virtual machine as the reduced number of standard virtual machines, but you cannot exceed the capability of the specified server. For example, the disk throughput of the specified server can be calculated as 288 MB/sec. However, if you want to run a virtual machine with higher performance (larger disk throughput) than this, you cannot run a system using the specified server and shared storage in terms of performance.On each specified server, share resources with each virtual machine with the following resource capacity as the upper limit.

Hardwareitemsofvirtualmachine

ConfigurationofspecifiedserverRemarks1CPUsingle

configuration2CPUsingleconfiguration

2CPUHAclusterconfiguration

Number of CPU cores 18 38 36Memory size (*1) 54 GB 118 GB 118 GB

Hard disk size (*1) 3.2 TB 5.4 TB

4.8 TB (*2) Configuration 1 of SCv3020 (*3)

10.2TB (*2) Configuration 2 of SCv3020 (*3)

15.1TB (*2) Configuration 3 of SCv3020 (*3)

Disk Throughput 144 MB/sec 288 MB/sec 288 MB/sec(*4) (*5) (*6)

*1: This does not include the amount necessary for the Hypervisor to manage the virtual machine. Refer to Appendix A for details.*2: Disk capacity of the shared storage, which is shared by all virtualization host computers that connect to the shared storage.*3: Refer to “6.2 Shared Storage for the shared storage SCv3020 configuration.*4: Ensure that the total throughput of the virtualization host computers in the HA cluster configuration does not exceed 625 MB/sec

per one shared storage for the configuration 3.*5: Ensure that the total throughput of the virtualization host computers in the HA cluster configuration does not exceed 375 MB/sec

per one shared storage for the configuration 2.*6: Ensure that the total throughput of the virtualization host computers in the HA cluster configuration does not exceed 188 MB/sec

per one shared storage for the configuration 1.

NotesonthenumberofvirtualmachinecoresIf you want to change the number of cores to two cores or more after creating a 1-core virtual machine and installing the guest OS, reinstall the guest OS after changing the number of cores of the virtual machine. On the other hand, if you want to change a virtual machine with two or more cores to 1-core, reinstall the guest OS in the same way.


TI 30A05B10-01EN June 14, 2019-00

Aboutthe“1virtualmachine,1Yokogawaproductinstallation”recommendationThere are two ways to implement two or more products when running a single virtualization host computer.

• Install only one type of Yokogawa product on one virtual machine and run it on separate virtual machine.

• Place multiple Yokogawa products on one virtual machine, and run them with the same virtual machine.

In the virtualization platform, unlike in the physical environment, you can take advantage of the maximum lifecycle of the station of the DCS system and the benefit of improving product maintainability without increasing the footprint or placing the products together. Therefore, we recommend the former mounting method and recommend “1 virtual machine, 1 Yokogawa product installation”.

• DCS system station lifecycle maximization and product maintainability

Combinations of product versions that can be placed together are specified for each product. Therefore, there is a possibility that it is not enough to apply batch application or version upgrade on one product alone. In addition, the maintenance procedure may become complicated due to the dependency relationships of products installed at the same time.

In addition, while “1 virtual machine, 1 Yokogawa product installation” is recommended, if you want to install the plural products in the same virtual machine, refer to “Basic policies for estimating resources‟ below.

BasicpoliciesforestimatingresourcesofavirtualmachinewheremultipleYokogawaproductsareinstalledEstimate the resources required for a virtual machine where multiple Yokogawa products are installed as follows.

• Number of cores

Since the number of cores depends on whether the Yokogawa products installed on the machine are operated or run concurrently, estimate the number of cores considering the combination of the Yokogawa products.

Example: HIS/ENG

The ENG function is not used while the machine is run as an HIS. Therefore, the number of cores should be the number of cores required for HIS or ENG function, whichever is larger.

• Memory size

Estimate as follows:

Memory size = the largest among the memory sizes required for the Yokogawa products installed on the machine + half the memory size for the Yokogawa product that may operate concurrently Examples of the case with possibility of concurrent operation are the case where background processing such as trend data collection and CAMS runs on HIS and the case where the Yokogawa products operate in collaboration.

• Disk throughput

Among the Yokogawa products installed on the machine, assume that the disk throughput of the product requiring the highest disk throughput is the disk throughput.

• Hard disk space

Assume that the total of the disk space required by all the Yokogawa products installed on the machine is the disk space.


TI 30A05B10-01EN June 14, 2019-00

NotesonsummationofthediskthroughputswheneachvirtualmachinehasmultiplevirtualharddisksCalculate the disk throughput per one virtual machine by adding up the throughput for all the virtual hard disks that belong to the virtual machine. Since the upper limit of disk throughput is set for each virtual hard disk, add up the upper limit values set for the individual virtual hard disks, and assume the total as the disk throughput of the virtual machine. The calculation when the resources of the disk throughput of the virtualization host computer is shared by the virtual machines is done by using the disk throughput after summation.For example, if one virtual machine has two virtual hard disks and the upper limits of throughput are 16 MB/sec and 32 MB/sec, then the disk throughput of this virtual machine is 48 MB/sec.

7.1 ResourceCapacityUsedbytheHostOSSystemConfiguration ResourceCapacity Remarks

Single ConfigurationCPU core: 2Memory size: 10 GBDisk size: 500 GB

HA Cluster ConfigurationCPU core: 4Memory size: 10 GBDisk size: 500 GB


TI 30A05B10-01EN Sep. 28, 2018-01

7.2 ResourceCapacityUsedbyYokogawaSystemProducts

7.2.1 Common

License managerLicense manager performs on the virtual machine of the specification below.

Table7.2.1-1 VMrequirements:Licensemanager

Type CPU(Cores)

Memory(GB)

DiskThroughput(MB/Sec.)

Disk Volume(GB) Remarks

Recommendation 2 4 16 80

When the license manager is installed into the same virtual machine together with CENTUM VP/ ProSafe-RS/ PRM, obey each operating environment.

File serverThe file server where VP project and AD project are arranged performs on the virtual machine of the specification below.

Table7.2.1-2 VMrequirements:Fileserver

Type CPU(Cores)

Memory(GB)




Specification is the same when using system builders only, AD Suite only, or both system builders and AD Suite.


TI 30A05B10-01EN Sep. 28, 2018-01

7.2.2 CENTUMVP

n HIS

HIS(VP6H1100)Table7.2.2-1 VMrequirements:HIS

Type CPU(Cores)

Memory(GB)



Recommendation 2 (*1) 4 16 40 (*2)

*1: When using Multiple-monitor Support Package, 3 cores are required.*2: When using Long-term Data Archive Package, extend the size in accordance with the storage period.

The above resource is assumed to display 1 graphic view per monitor. Therefore, when increasing graphic views, more cores and memory may be required.For example, regarding the number of CPU cores, please use the following as an aim.

- HIS without Multiple-monitor Support Package, 1 graphic view : 2 cores - HIS without Multiple-monitor Support Package, 2 to 5 graphic views : 3 cores - HIS with Multiple-monitor Support Package, 1 to 4 graphic views : 3 cores - HIS with Multiple-monitor Support Package, 5 to 12 graphic views : 4 cores

HIS-TSE(VP6H1150)Table7.2.2-2 VMrequirements:HIS-TSE

Type CPU(Cores)

Memory(GB)



HIS-TSE 4 (*1) 6 6 16 40 (*3)HIS-TSE 8 (*2) 12 8 16 45 (*3)

*1: The number of clients that can be simultaneously connected is 4 or less.*2: The number of clients that can be simultaneously connected is 8 or less.*3: When using Long-term Data Archive Package, extend the size in accordance with the storage period.

CAMSforHISTable7.2.2-3 VMrequirements:CAMSforHIS

Type CPU(Cores)

Memory(GB)



Recommendation 4(+2)

5(+1)

24(+8)

90(+50)

Note: The values in parentheses are additions to the recommendation settings of HIS.

n ENG

ENG(VP6E5100)Table7.2.2-4 VMrequirements:ENG

Type CPU(Cores)

Memory(GB)





TI 30A05B10-01EN

ADSuiteTable7.2.2-5 VMrequirements:ADSuite

Type CPU(Cores)

Memory(GB)




The above specification is applicable when either the AD organizer or AD server is installed separately on the VM.

FCS simulatorFCS simulator performs on the virtual machine of the specification below.

Table7.2.2-6 VMrequirements:FCSsimulator

Type CPU(Cores)

Memory(GB)



Simulator x 4 2 4 16 ―Simulator x 8 3 4 16 ―High load for OTS (*1)(Simulator x 1) 2 4 16 ―

High load for OTS (*1)(Simulator x 8) 16 4 16 ―

*1: The high load is assumed as follows: • Simulator 10X speed • Marshaling function

n Others

SIOSTable7.2.2-7 VMrequirements:SIOSengineeringfunction

Type CPU(Cores)

Memory(GB)




When using with HIS in the same virtual machine, add 2 CPU cores to the recommendation of HIS.

Table7.2.2-8 VMrequirements:SIOS

Type CPU(Cores)

Memory(GB)




SOEThe following resources are required to perform SOE server.

Table7.2.2-9 VMrequirements:SOEserver

Type CPU(Cores)

Memory(GB)



SOE Server 2 4 16 50 (*1)

*1: Please extend it according to the database size required for operation.

Sep. 28, 2018-00


TI 30A05B10-01EN

VM requirements of other SOE packages are shown in the following table.

Table7.2.2-10 VMrequirementsofotherSOEpackages

Package SingleCoexistencewith

HIS HIS+ENG HIS-TSE SOE serverSOE Server Configurator

Same asHIS

Same asHIS

Same asHIS + ENG

Same asHIS-TSE

Same asSOE server

SOE Viewer Same asHIS

Same asHIS

Same asHIS + ENG

Same asHIS-TSE

Same asSOE server

SEM OPC Interface N/A (*1) N/A (*2) N/A (*2) N/A (*2) Same asSOE server

*1: SEM OPC interface package cannot perform alone because it must coexist with SOE server.*2: HIS and HIS-TSE cannot coexist with SOE server in the virtualization platform. Therefore, SEM OPC interface package cannot

coexist with HIS and HIS-TSE.

Sep. 28, 2018-00


TI 30A05B10-01EN

7.2.3 ProSafe-RS

n SENGThe following resources are required for SENG to perform on a virtual machine. When coexistence with CENTUM VP software, allocate the maximum value of the each required resource. Not the total of each function’s resources. But the hard disk volumes should be added in total. When arranging the database of Access Control Package or Access Administrator Package, the disk volume is required additional 60 GB or more.

RS4E5000 Engineering Server FunctionRS4E5000 Engineering Server Function performs on the virtual machine of the specification below.

Table7.2.3-1 VMrequirements:EngineeringServerFunction

Type CPU(Cores)

Memory(GB)




RS4E5100SafetySystemEngineeringandMaintenanceFunctionRS4E5100 Safety System Engineering and Maintenance Function performs on the virtual machine of the specification below.

Table7.2.3-2 VMrequirements:SafetySystemEngineeringandMaintenanceFunction

Type CPU(Cores)

Memory(GB)




When installing RS4E5100 into the same virtual machine together with RS4E5000, obey the operating environment of RS4E5000. However, the required quantity should be added to the hard disk volume.

RS4E2100 SOE Viewer Package / ES4E2200 SOE OPC Interface PackageRS4E2100 SOE Viewer Package / ES4E2200 SOE OPC Interface Package perform on the virtual machine of the specification below.

Table7.2.3-3 VMrequirements:SOEViewerPackage/SOEOPCInterfacePackage

Type CPU(Cores)

Memory(GB)




When installing these packages into the same virtual machine together with RS4E5000 or RS4E5100, obey each operating environment. The hard disk volume is also obeyed each operating environment.

Sep. 28, 2018-01


TI 30A05B10-01EN

SCS simulatorThe operating environment of SCS simulator is the same as FCS simulator. About the resource specification of FCS simulator, refer to “7.2.2 CENTUM VP” as the previous section. When SCS simulator is performed in the same virtual machine together with RS4E5100, obey the bigger operating environment in SCS simulator and RS4E5100.

n iDefineThe following resources are required to perform iDefine.

Table7.2.3-4 VMrequirements:iDefine

Type CPU(Cores)

Memory(GB)




The above resources contain the resources required for SQL Server that is used by iDefine. The coexistence with CENTUM packages is prohibited. When the coexistence with SENG, allocate the maximum value of the requested resource to the virtual machine respectively. It is not an addition of resources required by each function. However, since Hard Disk is a resource value required to operate iDefine, add each required value.

Jan. 11, 2019-00


TI 30A05B10-01EN

7.2.4 ExaopcThe following resources are required to perform Exaopc (NTPF100) OPC server.

Table7.2.4-1 VMrequirements:Exaopc

CAMSforHIS

Historicaldata

storageCPU

(Cores)Memory(GB)



No No 2 4 16 40Yes No 2 4 32 90No Yes 2 4 32/48 (*1) 40 (*3)Yes Yes 2 4 48/64 (*2) 90 (*1)

*1: The number of records is 5000 or less: 32, 10000 or less: 48.*2: The number of records is 5000 or less: 48, 10000 or less: 64.*3: 4000 items/second acquisition is the assumption.

During steady operation, the CPU usage rate is low. However, the CPU usage rate will be high when downloading project data from the CENTUM system or when acquiring historical data / messages. Therefore, the number of cores is specified as 2.

7.2.5 ExapilotExapilot adopts the number of procedures concurrently executable as an index showing the scale of the application. The number of procedures concurrently executable can be added by installing options.The relationship between the capacity of applications and the number of procedures concurrently executable used in this section is shown in the table below.

Table7.2.5-1 Relationshipbetweenthescaleoftheapplicationandthenumberofprocedures concurrentlyexecutable

Thescaleoftheapplication

No. of proceduresconcurrentlyexecutable Remarks

Small 1 Standard edition onlyMedium 4 Professional edition only

Large 10 Professional edition + 3 additional options of procedures concurrently executable

n Exapilotonly

ExapilotserverWhen Exapilot server is used on a virtual machine, allocate the resources shown in the table below in accordance with the application scale.

Table7.2.5-2 VMrequirements:Exapilotserver


CPU(Cores)

Memory(GB)



Small 2 3 16 40Medium 2 4 16 40Large 2 6 16 40

Jan. 11, 2019-00


TI 30A05B10-01EN

ExapilotclientWhen Exapilot client is used on a virtual machine, allocate the resources shown in the table below in accordance with the application scale.

Table7.2.5-3 VMrequirements:Exapilotclient


CPU(Cores)

Memory(GB)



Small / Medium 1 2 16 40Large 1 3 16 40

n CoexistenceofExapilotandYokogawasystemproducts

ExapilotserverWhen Exapilot server is used together with Yokogawa system products on a virtual machine, allocate the total value of resources of the Yokogawa system product and the resources shown in the table below in accordance with the application scale.

Table7.2.5-4 VMrequirements:ExapilotservercoexistencewithYokogawasystemproducts


CPU(Cores)

Memory(GB)



Small 1 1 ― 10Medium 1 2 ― 10Large 1 4 ― 10

ExapilotclientWhen Exapilot client is used together with Yokogawa system products on a virtual machine, allocate the total value of resources of the Yokogawa system product and the resources shown in the table below in accordance with the application scale.

Table7.2.5-5 VMrequirements:ExapilotclientcoexistencewithYokogawasystemproducts


CPU(Cores)

Memory(GB)



Small / Medium 0 0 ― 10Large 0 1 ― 10

Jan. 11, 2019-00


TI 30A05B10-01EN

7.2.6 AAASuiteThe resource capacity required for AAASuite and its platform Exapilot to operate is shown in this section.

Master PCWhen Master PC of AAASuite is used on a virtual machine, allocate the resources shown in the table below in accordance with the application scale.

Table7.2.6-1 VMrequirements:MasterPCofAAASuite

Scale CPU(Cores)

Memory(GB)



Small 2 3 16 40 (*1)Large 2 4 16 40 (*2)

*1: The number of procedures concurrently executable: 4.Basic functions only.*2: The number of procedures concurrently executable: 6.Basic functions + options.

RecoveryPCWhen Recovery PC of AAASuite is used on a virtual machine, allocate the resources shown in the table below in spite of the application scale.

Table7.2.6-2 VMrequirements:RecoveryPCofAAASuite

Scale CPU(Cores)

Memory(GB)



― 2 3 16 40

Client PCWhen Client PC of AAASuite is used on a virtual machine, allocate the resources shown in the table below in spite of the application scale.

Table7.2.6-3 VMrequirements:ClientPCofAAASuite

Scale CPU(Cores)

Memory(GB)



― 1 2 16 40

Jan. 11, 2019-00


TI 30A05B10-01EN

7.2.7 PRM

n ResourceCapacitySpecificationsperPRMpackageResource capacity specifications for virtual machine described below are per PRM package only and based on supported configurations (e.g. number of devices, number of supported FCS/SCS, etc)

PRMServer(PM4S7700,PM4S7701,PM4S7702)The following table shows the PRM Server resource capacity specifications for the virtual machine.

Table7.2.7-1 VMrequirementsforPRMServer

Numberoffielddevices

CPU(Cores)

Memory(GB)



300 or less 2 2 16 801000 or less 2 2 16 803000 or less 4 4 32 806000 or less 4 4 32 80

*1: Recommended to use Database Maintenance Tool regularly to ensure sufficient hard disk availability. Refer to the table below for the required hard disk size for one year of operation based on number of field devices supported.

Table7.2.7-2 PRMServerDeviceDatabaseCapacitySpecificationsforOneYearofOperations

Numberoffielddevices300 or less 1000 or less 3000 or less 6000 or less

Device Database Capacity 600 MB 2 GB 6 GB 15 GB

PRMClient(PM4S7710)The following table shows the PRM Client resource capacity specifications for the virtual machine.

Table7.2.7-3 VMrequirementsforPRMClient


CPU(Cores)

Memory(GB)



― 2 4 16 80

FieldCommunicationsServer(PM4S7720)The following table shows the Field Communications Server resource capacity specifications for the virtual machine.

Table7.2.7-4 VMrequirementsforFieldCommunicationsServer


CPU(Cores)

Memory(GB)



― 4 Refer to thetable below 16 80

Jan. 11, 2019-00


TI 30A05B10-01EN

Table7.2.7-5 MemoryrequirementsforFieldCommunicationsServer

ConnectingwithCENTUMVPor

ProSafe-RSConnectingwith

STARDOM

Connecting viaNI-FBUSsimplifiedsystemforFoundationfieldbus

ConnectingwithsimplifiedsystemforHARTdevice

orHARTmultiplexer

Connecting viaCommDTM/GatewayDTM

Memory(*1) (*2)

FCS/SCS 1-16 units(100+80 x number of FCS/SCS) MB or more recommended

FCN/FCJ 1-16 units(100+60 x number of FCN/FCJ) MB or more recommended

256 MB or morerequired512 MB or morerecommended

256 MB or morerequired512 MB or morerecommended

256 MB or more required {30+(commDTM/ gatewayDTM main memory)×(No. of node)}MB or more recommended

FCS/SCS 17-44 units (1380+10 x(number of FCS/ SCS-16)) MB or more recommended

FCN/FCJ 17-100 units (1060+5 x (number of FCN/ FCJ-16))MB or morerecommended

*1: The specified hardware requirements do not include the requirement for third party CommDTM/GatewayDTM. Refer to the respective DTM documentation

*2: The total memory requirement should be the sum of the memory requirement for each required function and connected system.

PRMAdvancedDiagnosisServer(PM4S7740)The following table shows the PRM Advanced Diagnosis Server resource capacity for the virtual machine.

Table7.2.7-6 VMrequirementsforAdvancedDiagnosisServer


CPU(Cores)

Memory(GB)


Disk Volume(GB)(*1) Remarks


*1: Recommended to use Database Maintenance Tool regularly to ensure sufficient hard disk availability. . Refer to the table below for the required hard disk size for one year of operation.

Below is the database capacity of Device Diagnosis Data Historian hard disk requirement for one year of operations based on the following assumptions:

• Ten numeric device parameters values per field device are acquired every 24-hours

• Results of one device diagnosis per field device is stored every 10 minutes

Table7.2.7-7 DeviceDiagnosisDataHistorianDeviceDatabaseCapacitySpecificationsforOneYear of Operations

Numberoffielddevices300 or less 1000 or less 3000 or less 6000 or less

Device Database Capacity 3 GB 10 GB 30 GB 50 GB

Jan. 11, 2019-00


TI 30A05B10-01EN

PSTSchedulerServer(PM4S7780)The following table shows the PST Scheduler Server resource capacity specifications for the virtual machine.

Table7.2.7-8 VMrequirementsforPSTSchedulerServer


CPU(Cores)

Memory(GB)




n ResourceCapacityspecificationsforcombinationofPRMpackagesResource capacity specifications described below are based on combination of PRM packages to be installed and activated in one virtual machine

Table7.2.7-9 VMrequirementsforCombinationofPRMPackages


CPU(Cores)

Memory(GB)



300 or less

(*1) (*2)

16 801000 or less 16 803000 or less 32 806000 or less 32 (*3)

*1: The maximum CPU capability requirement PRM packages to be installed and activated in the virtual machine, or higher.*2: Total sum of memory size requirement for the PRM packages to be installed and activated in the virtual machine or based on the

operating system requirement (whichever is higher) or more.*3: Total sum of hard disk requirement for the PRM packages to be installed and activated in the virtual machine or higher. Refer to

the different General Specifications (GS) of the corresponding PRM Packages for the hard disk requirement information.

Below are some restrictions for installing PRM packages in one virtual machine:• it is recommended to set up a dedicated virtual machine for Field Communications Server:

- When connecting to more than 24 stations. - When supporting more than 3000 devices

• it is recommended to set up a dedicated virtual machine for PRM Advanced Diagnosis Server when more than 300 diagnosis modules are running simultaneously for 10 PRM Advanced Diagnostic Applications (PAAs).

Jan. 11, 2019-00


TI 30A05B10-01EN

7.2.8 ExaquantumExaquantum R3.15.00 or later supports the virtualization platform (Hyper-V) as the operational environment. On the virtualization platform, Exaquantum supports the same functions that are supported on the physical computer.

ExaquantumServer(NTPP001)Table7.2.8-1 Diskthroughputrequirements

Numberoftags CPU(Cores)

Memory(GB)


Disk Volume(GB)

Less than 20,000 tags 4 8

Refer to Table 7.2.8-2

- Required size for installation: 16 GB (*1)- Required size for Database: Since it depends on the number of data collection points, data retention period etc., please contact Yokogawa. (*2)

20,000 or more tagsLess than 50,000 tags 4 10



Table7.2.8-2 Diskthroughputrequirements

Disk drive Condition DiskThroughput(MB/Sec.)

Database drive (*3)Less than 2,000 data/second 322,000 - 5,000 data/second 645,000 - 10,000 data/second 128

System drive (*4) — 16

*1: More than 42 GB is recommended. This includes the system drive. For the database, it is recommended to allocate a disk drive that is separate from the system drive.*2: For acquiring and storing A&E messages of CAMS for HIS, it is recommended to set up more than 1 TB disk space, including

SQL DB, regardless of the number of data collection points, data retention period, etc.*3: It is assumed that the number of collected alarms & events is about 10 /second and the number of aggregations to 1 tag is about

9. If collecting more than this assumption, please contact Yokogawa.*4: If the system drive and the database drive are divided, allocate this capacity to the system drive.

WebServer(NTPP003)The following table shows the resource requirements for a Web server.

Table7.2.8-3 VMrequirementsforaWebServer

Type CPU(Cores)

Memory(GB)



— 4 8 16 2

ExaquantumClient(NTPP002,NTPP004)The following table shows the resource requirements for an Exaquantum client.

Table7.2.8-4 VMrequirementsforanExaquantumClient

Condition CPU(Cores)

Memory(GB)


Disk Volume(GB)

Case of using Microsoft Excel 1 4 16 3Case of not using Microsoft Excel 1 4 16 2

Jan. 11, 2019-00


TI 30A05B10-01EN

n CoexistenceofExaquantumandotherYokogawasystemproductsThe following table shows the resource requirements when Exaquantum coexists with other Yokogawa system products.

Table7.2.8-5 ResourceRequirementswhenExaquantumcoexistswithotherYokogawasystem products

Resource item Exaquantuminstallationtype Capacity

CPU core number

Exaquantum Server and Web Server

Allocate the total value of required CPU core number for Exaquantum and other coexisting Yokogawa system products.

Exaquantum ClientAllocate the highest value of required CPU core number among Exaquantum and other coexisting Yokogawa system products.

Memory

Exaquantum Server and Web Server

Allocate the total value of required memory size for Exaquantum and other coexisting Yokogawa system products.

Exaquantum ClientAllocate the highest value of required memory size among Exaquantum and other coexisting Yokogawa system products.

Hard disk volume AllAllocate the total value of required hard disk space for Exaquantum and other coexisting Yokogawa system products.

Disk access throughput (*1) AllAllocate the highest value of required disk throughput among Exaquantum and other coexisting Yokogawa system products.

*1: If one virtual machine has multiple virtual hard disks, estimate the disk throughput by summing the disk throughput of all the virtual hard disks.

Jan. 11, 2019-00


TI 30A05B10-01EN Oct. 4, 2019-00

7.2.9 PlatformforAdvancedControlandEstimationThe following resources are required to perform Platform for Advanced Control and Estimation.

APCServerAllocate the resources shown in the table below based on the application size.

Table7.2.9-1 VMrequirements:APCServer

ApplicationSize(TotalnumbersofMV

andProperty)CPU

(Cores)Memory(GB)


Disk Volume(GB)

Remarks

Up to 10 2 4 8 500 —11 to 30 4 8 16 500 —31 to 60 8 16 32 500 —Over 60 16 32 64 500 —

APCClientAllocate the resources shown in the table below regardless of the application size.

Table7.2.9-2 VMrequirements:APCClient

CPU(Cores)

Memory(GB)

Disk Throughput(MB/Sec.)


2 4 8 20 —

APCWebServerAllocate the resources shown in the table below regardless of the application size.

Table7.2.9-3 VMrequirements:APCWebServer

CPU(Cores)

Memory(GB)



4 4 16 20 —

APCWebClientAllocate the resources shown in the table below regardless of the application size.

Table7.2.9-4 VMrequirements:APCWebClient

CPU(Cores)

Memory(GB)



2 2 8 20 —

8.FunctionalSpecification 8-1

TI 30A05B10-01EN

8. FunctionalSpecification8.1 Vnet/IP Communication Software

The Vnet/IP communication software is necessary for the guest OS on the virtualization host computer to perform Vnet/IP communication without using the Vnet/IP card. The product name given to this software is “Vnet/IP Interface Package.”Refer to Chapter 11 “Vnet/IP Communication Software” for details.

8.2 HardwareStatusMonitorIn the virtualization platform, the NMS monitors the hardware status. By periodically monitoring, the NMS can detect hardware abnormalities and network link disconnection of the virtualization host computer and shared storage, and can collect data such as the size of free disk space from the host OS.If a hardware administrator or a plant operator wants to know the hardware status of the virtualization platform, check the hardware status with the NMS. To monitor alarms on HIS, it is necessary to send messages to HIS from the NMS. The program for sending messages to HIS is provided as a Tokuchu program.

F080201E.ai

Guest OSHost OS


Physical Server

HIS

CPU, MEM, RAID, DISK, PSU, FAN, TEMP, ...

Remote management controller

NMS

Shared storage

Storage controller

SNMP SNMP

OPC (Out of scope of this document)

WMINetwork switch for Storage network

Management Console

SNMP

Remote management controllerThe remote management controller is built into each server and its purpose is to check the BIOS settings and hardware status of the server via the network.For Dell servers, iDRAC (Integrated Dell Remote Access Controller) is a dedicated controller for remote monitoring.The NMS acquires the hardware status of the physical server via the remote management controller.

Sep. 28, 2018-01


TI 30A05B10-01EN Sep. 28, 2018-00

Storage controllerThe storage controller receives an I/O request from the server and efficiently reads and writes the disks in shared storage. The hardware status of the shared storage can be confirmed via the storage controller. The NMS acquires the hardware status of the shared storage via the storage controller.

Managementconsole(networkswitchforstoragenetwork)The management console is the management interface used for setting/checking the status of the network switch. The NMS obtains the status of the network switch via the management console.

8.2.1 Supported InterfaceThis section describes the interface which can be used for patrol monitoring of each device of the virtualization platform from NMS.

n WMIIt can be used to collect performance data from the host OS.When this interface is used, create a user account for WMI in the host OS and make it belong to the following account group.

• HVS_WMI_MONITOR

• Performance Log Users

• Performance Monitor Users

Also sets exception permission on the host OS Firewall.• Activation of rules

Item Name Settings

Inbound RulesWindows Management Instrumentation (WMI-IN) EnabledWindows Management Instrumentation (DCOM-In) Enabled

The HVS_WMI_MONITOR group should be made when setting up the OS environment of host OS. About the account group settings, refer to IM 30A05B30-01EN “Virtualization Platform Security Guide.”

n SNMPIt can be used to monitor the hardware status of the virtualization host computer and shared storage.When this interface is used, apply SNMP v3.


TI 30A05B10-01EN Sep. 28, 2018-00

8.2.2 DetectableHardwareAbnormalityThe following shows hardware abnormality that can be detected by the virtualization platform.

n VirtualizationHostComputerMonitor the following as the hardware status of the virtualization host computer.

Hardware Detection item RemarksCPU CPU statusMEMORY Memory statusHDD • HDD failureRAID controller • Battery voltage status of RAID cardNIC • Network port link downTEMP • Temperature abnormality inside the enclosureFAN • Stop of FANRTC • Battery voltage statusPSU • Stop of Power supply unit

n SharedStorageMonitor the following as the hardware status of shared storage.

Hardware Detection item Remarks

Storage controller • Stop of controller• Low battery voltage of RAID card

HDD • HDD failureTEMP • Temperature abnormality inside the enclosureFAN • Stop of FANPSU • Stop of Power Supply Unit

n NetworkSwitchforStorageMonitor the following as the hardware status of the network switch for storage.

Hardware Detection item RemarksSwitch port • Network port link downFan • Stop of FANPSU • Stop of Power supply unit


TI 30A05B10-01EN Sep. 28, 2018-00

8.3 TCP/UDPPortFor the virtualization platform, both the management network and the plant information network must be connected for the following reasons:

• Sharing of SNTP server in guest OS and host OS

• Sharing of domain controller in guest OS and host OS

• Sharing of NMS in guest OS and host OS

At this time, the management network and the plant information network will be connected via the router, but set the access control list (ACL) and secure the network security.Set the ACL set between the management network and the plant information network so that the TCP/UDP port used for the previous purpose is not blocked.

9. Thin Client 9-1

TI 30A05B10-01EN

9. ThinClientThischapterdescribesthefeaturesofthethinclientinthevirtualizationplatform,anddevicesrequiredforthesystemstructure,etc.

9.1 Overview9.1.1 Positioning

The following figure shows the position of the thin client in the virtualization platform.

F090101E.ai

Server Room

Operator Room

Physical HISNMS

Router

DomainController

Equipments installed at

Vnet

HA-Clusternetwork

Shared Storage

Storage network

/IP

Remote UI network

Management network

NMS DomainController

Controller /Field Equipment

FCS

Thin Client

Monitor

MonitorMonitor

Monitor

VirtualizationHost OS


VMHIS

Guest OS

Server Hardware


Virtualization

KVM ServerConsole

Monitor

MonitorMonitor

Monitor

Scope of this chapter Level 3 can also be used

Plant Information network（Ethernet）

SNTPServer

Figure9.1.1-1 Systemstructureofvirtualizationplatformandscopeofthisdocument

This section describes mainly about the thin client which is installed in the operator room. Refer to Chapter 2 for details on overall configuration and settings in this platform.

Functional OverviewYou can remotely connect from the thin client to a virtual machine on the virtualization host computer, and display and operate the applications on the virtual machine through the network. You can connect one thin client to a specific virtual machine (one to one connection), or connect one thin client to multiple virtual machines simultaneously and toggle between the displays to operate them (one to many connection). However, there are conditions to be met when connecting to multiple virtual machines simultaneously. For more information, refer to “Connecting Thin Client to multiple virtual machines simultaneously” in Section 9.2.1.

June 14, 2019-00

9. Thin Client 9-2

TI 30A05B10-01EN Sep. 28, 2018-00

F090102E.ai

Client Side

Remote UI network

Thin Client


Virtual Machine

Thin Client

Server Side Remote Connection

VM VM VM VM VM VM

Figure9.1.1-2 ConnectingThinClienttoaspecificvirtualmachine

F090103E.ai

Connectingsimultaneously

Connectingsimultaneously

VM VM VM VM VM VM

Client Side

Remote UI network

Thin Client


Virtual Machine

Thin Client

Server Side Remote Connection

Remote Connection

Figure9.1.1-3 ConnectingThinClienttomultiplevirtualmachine

9. Thin Client 9-3

TI 30A05B10-01EN June 14, 2019-00

9.2 Specifications9.2.1 ThinClientSpecifications

The following table describes the specifications of Thin Client used in this platform.

Table9.2.1-1 ThinClientSpecifications

Item Descriptions Notes

OS Windows 10 IoT EnterpriseWyse ThinOS 8.4 or later

Windows OS: 2016 LTSB or laterThinOS: 8.4_112 or later

Storage size Windows 10: 64 GB or aboveThinOS: Not specified

Over 20 GB space is required for the security update for Windows 10.

Display outputThe number of monitors: Up to 2 or 4Upper limit of resolution per monitors:1920 x 1200

The number of monitors depends on the models of thin clients.

Method of connection to server

Ethernet Using Microsoft Remote Desktop Protocol (RDP) as the remote communication protocol.

Use the Thin Client network to guarantee communication bandwidth for RDP.

Network redundancyRedundancy configuration between thin clients and the server is achieved by using duplexed Ethernet cables.

Availability of redundancy depends on the thin client model.

USB devices that can be used from a virtual machine by connecting to a thin client

• Operation keyboard• Speakers• USB storage

To be able to use USB devices other than USB storage, the Remote Desktop Session Host role service needs to be installed on the virtual machines.

Operation keyboardThe following types of keyboards can be connected• AIP830• AIP831

Use 2 USB ports.

Sound output

Can be outputted from the following devices• Operation keyboard• USB speakers (alternative method due to restrictions)

For details, refer to “ Restrictions” in this section.

Access control to virtual machines

You can set to connect/disconnect for the following items.• IP address of Client• User name of the remote connection

Use the OS firewall feature of virtual machines.

Remote UI network diagnosis

• Detects defects through a dedicated diagnosis software and displays notification message on the screen.• Defects are detected after 3 seconds from the occurrence of defects.

Yokogawa provides the diagnosis software. It is available only when the thin client model is Windows OS. For details, refer the section “Network Diagnosis Software” mentioned below in this section

IT Security Strengthen security by IT Security Tool. It is available only when the thin client model is Windows OS.

9. Thin Client 9-4

TI 30A05B10-01EN Jan. 11, 2019-00

HighavailabilityfeatureIf a defect occurs in Remote UI network, remote desktop communication ceases and you cannot operate or monitor from the Thin Client. As a counter-measure the availability of network is increased by the following methods.

1. Making the network path redundantMake the network path between Thin Client and a virtualization host computer redundant so that when there is a defect in the network on one-side, you can switch to the network on the other side and connect to the remote desktop.When the thin client has only one network interface, make the network interface redundant by adding the expansion 2nd RJ45 port, or by using the USB Ethernet adapter, etc.Making the network redundant and replacement of network is carried out through NIC teaming in the virtualization host computer. Refer Virtualization Platform External Specification for Server document for details on NIC tuning.Same subnet IP address is allotted to 2 network interfaces of the Thin Client. In general, communication is carried-out from the IP address on one side and if there is any defect, communication is carried-out from the IP address on the other side.At that time, user needs to close the remote desktop connection screen that appeared before the defect occurred and connect remotely to the virtual machine once more.

F090201E.ai

L2SW L2SW

HISHIS

Path 1

Path 2

Thin Client


Thin Client

HIS

Figure9.2.1-1 Makingthenetworkpathredundant

9. Thin Client 9-5

TI 30A05B10-01EN Sep. 28, 2018-01

2. Installing multiple Thin ClientsMultiple Thin clients are installed and they are connected to different L2 switches. When there is a network error, remote desktop connection of the Thin Client on one side ceases, but since there is no effect on the Thin Client on the other side, it can be operated and monitored.

F090202E.ai


Multiple ClientsTCOPKB

TCOPKB

TCOPKB

TCOPKB

L2SW

HIS

HIS

HIS

HIS

L2SW

Multiple Clients

Multiple HISs

Multiple HISs

SpeakerSpeaker

Speaker Speaker

Figure9.2.1-2 InstallingmultipleThinClients

Further, the methods 1 and 2 mentioned above can be combined and used.

F090203E.ai

TC

TC

TC

TC

L2SW L2SW

HIS

HIS

HIS

HIS

OPKB

OPKBOPKB

OPKB


Multiple Clients

Multiple Clients

Speaker

Multiple HISs

Multiple HISs

Speaker

Speaker

Speaker

Figure9.2.1-3 InstallingmultipleThinClientsandredundantusageofpath

.

9. Thin Client 9-6

TI 30A05B10-01EN

Network Diagnosis SoftwareIf there is any abnormality in the path between the remote UI network and virtual machines, remote desktop screen freezes.Sometimes, it might be difficult to determine whether this freezing is due to abnormality in the network path or it is just because there is no change in the screen image. To overcome this, network diagnosis software is provided to notify the user when the screen freeze is due to any network error.This software can run only on a Thin Client whose operating system is Windows.This software cannot be installed on a ThinOS client because it is not using the Windows operating system. If the screen freezes, run the OS system diagnosis utility to determine if there is any abnormality in the network path.< Features >

• Structured with a service that monitors RDP communication and a program that notifies the user about network abnormality.

• The service monitors RDP communication and starts the notification program when abnormality is detected.

• The notification program notifies the user about the network issue through dialog boxes as shown in the figure below.

• If RDP communication is interrupted for 3 seconds, it is judged to be a network issue.

• If connected to multiple virtual machines, this program notifies when there is a defect in any of the communications.

• A dialog box appears also when a user closes the remote desktop window or when the remote connection cannot be continued due to an error of virtual machine.

F090204E.ai Figure9.2.1-4 Notificationdialogboxwhennetworkdefectisdetected

Jan. 11, 2019-00

9. Thin Client 9-7

TI 30A05B10-01EN

ConnectingThinClienttomultiplevirtualmachinessimultaneously(One-to-manyconnection)You can connect one thin client to multiple virtual machines remotely and switch between the displays of these machines and operate them.USB devices connected to the thin client are used by one dedicated virtual machine. The USB devices cannot be used from multiple virtual machines simultaneously. Available USB devices are described in Table 9.2.1-1 “USB devices that can be used from a virtual machine by connecting to a thin client”. However, USB storage is not included. Only the USB storage can be used from multiple virtual machines. For example, when the virtual machine 1 uses an operation keyboard and a USB speaker, even if the virtual machine 2 is in operation, only the virtual machine 1 can operate the operation keyboard and enable sound output from the USB speaker. The USB devices should be used carefully not to lead to operational errors. You can determine which virtual machine uses USB device by configuring the remote connection settings. You must specify the combination of virtual machine and USB device at the configuration of remote connection. If you want to use a USB device currently in use in a different virtual machine, you must disconnect the USB device from the virtual machine that is currently using it and then connect it to another virtual machine.

CAUTIONSimultaneous connection to multiple virtual machines consumes large amounts of memory resources of Thin Client. Lacking resources may cut remote connections. Confirm the memory usage rate of the Thin Client and reduce the number of simultaneous connections. The number of simultaneous connections and the memory usage rate for operation will be decided at the discretion of JOB.

TIP • The number of virtual machines that you can connect simultaneously is up to 2 for Dell Wyse 3040 and up to 4 for Dell Wyse 5070.

• For Dell Wyse 5070, you must be sure that the memory usage rate does not rise above 70 %.

• Windows may not be displayed with more than 70 % of usage rate.

MonitorSpecificationsThis is based on the operation environment of the target application. Also, do not exceed the range described in the “Display output” item in Table 9.2.1-1 “Thin Client Specifications.”

Jan. 11, 2019-00

9. Thin Client 9-8

TI 30A05B10-01EN

CautionswhenconnectingmonitorsWhen connecting the thin client terminal and the monitor terminal, use one of the following five methods. (Thin client Monitor)

• DVI DVI • DisplayPort DVI • Mini DisplayPort → DVI • DisplayPort → HDMI • Mini DisplayPort → HDMI

Table9.2.1-2 Connectionbetweenathinclientterminalandamonitorterminal

Monitor terminalThinclientterminal DVI HDMI DisplayPort Mini

DisplayPortDVI Yes No No NoDisplayPort Yes Yes No NoMini DisplayPort Yes Yes No No

When both terminals are using DisplayPort or Mini DisplayPort, if the monitor is turned off, the thin client cannot identify the monitor. In this case, the display position of the virtual machine is changed and may not return to the correct position even when the monitor is turned back on.When connecting with multiple monitors, unify the type of terminals on the monitors. Some terminals cannot be used depending on the thin client model. For details, refer to “Table 9.2.2-1 Characteristics of thin clients.”

RestrictionsThere could be a memory leak in RDB Client due to the existing defects on Windows.https://support.microsoft.com/ja-jp/help/4019660/This defect occurs when sound is replayed in virtual machines. The frequency of this defect differs depending upon the type of sound and settings on the remote desktop.Hence, use the following method to run applications requiring sound playback.

• If using operation keyboard: Set the [Buzzer switching] setting of HIS to [Operation Keyboard] to enable sound output from operation keyboard.

• If not using operation keyboard : Connect the USB speaker to the Thin Client to enable sound output from USB speaker.

• If sound output is not required: When connecting to remote desktop, set [Remote audio playback] to [Do not play].

If this defect occurs, close the window of the Remote Desktop Client and configure remote settings again.

TIP This defect occurs when the operating system of Thin Client is Windows10.

Correction in Windows10 LTSB is planned in the year 2019.

Correction in ThinOS has been made in System version 8.4_112.

Jan. 11, 2019-00

9. Thin Client 9-9

TI 30A05B10-01EN

9.2.2 LineupofThinClientThe following thin clients can be used as the standard thin clients in the virtualization platform. Select one of the following thin clients depending on the project requirements.

• Dell Wyse 3040• Dell Wyse 5070 Extended

The characteristics of each type are explained in the following table.

Table9.2.2-1 Characteristicsofthinclients

Item 3040 5070ExtendedOS ThinOS 8.4 or later Windows 10 IoT Enterprise 2016 LTSB

Display output (*1) Up to 2 monitorsDisplayPort x 2

Up to 2 monitors (*2)

DisplayPort x 2

Up to 4 monitors (*3)DisplayPort x 2

Mini DisplayPort x 2Network redundancy No Yes (*3)Security Yes Partly YesAnti-virus software — Yokogawa standard anti-virus softwareUtilization of USB devices Yes (*5) Yes (*5)No. of USB ports 4 7Operation keyboard Yes YesSound output Yes YesAccess control for virtual machine Yes YesLocal user settings No YesWindows domain environment No YesInstallation of network diagnosis feature No YesIT security installation No YesLimitations(RDP is disconnected due to memory leakage in RDP Client)

No Yes

Firmware management using USB memory Yes YesFirmware update and OS configuration using FTP server Yes No

Firmware update and OS configuration using management server No Yes

*1: Display output should convert to DVI or HDMI and connect with monitors.*2: Although the terminal can display up to three monitors, use up to only two monitors on this platform. In addition, the only available

ports are the upper two ports of the three DisplayPorts.*3: To display more than two monitors, the expansion graphics card is required. Although the terminal can display up to six monitors, use up to only four monitors on this platform. The available ports are the

upper two ports of the standard DisplayPort and the two Mini DisplayPorts on the expansion graphics card.*4: For network redundancy, the expansion RJ45 port is required.*5: To use USB storage, IT security settings must be changed.

Refer to the website of Dell Inc. for individual specifications about the thin clients.• Dell Wyse 3040

https://www.dell.com/en-us/work/shop/cloud-client/3040/spd/wyse-3040-thin-client

• Dell Wyse 5070 https://www.dell.com/en-us/work/shop/cloud-client/new-5070/spd/wyse-5070-thin-client

TIP Since Dell Wyse 3040 uses a dedicated OS for remote communication, security risks are few. However, the base the base OS of Dell Wyse 5070 is Windows, so security risks are the same as that of general computers. IT security is configured in this platform to handle the security risks.

June 14, 2019-00

9. Thin Client 9-10

TI 30A05B10-01EN Jan. 11, 2019-00

9.2.3 OtherCautions

HIS• When connecting an operation keyboard or USB speakers to the thin client, add the remote

desktop session host role service in the virtualization guest OS. For the procedure, refer to the IM of the system products (i.e. IM 33J01C10-01EN, etc.).

• When connecting an operation keyboard to the thin client, install a driver for operation keyboard into the virtual machine. At this time, you need to connect the operation keyboard to the virtualization host computer and install the driver for operation keyboard to the virtualization host OS.

• Do not enable the auto logon of HIS (because HIS starts automatically when power is turned on). When remote connection is established after HIS is started, screen might not be displayed properly due to no. of displays and display resolution. Or else, after the power of thin client is turned on, it might be connected to virtual machine automatically and HIS might start automatically.

SENGSeparate settings are required to use iDefine dongle. Refer to Chapter 13.3 “iDefine of ProSafe-RS” for details.

Commonapplications(Security)• As per the security policies, the following features cannot be used in the standard settings.

If you want to use these features, change the security settings by following the steps mentioned in this manual.

- Data copying between USB storage connected to thin client and virtual machine. Refer to Section 4.4 for data copy.

- Auto logon when connecting remotely. (feature that logs on to the virtual machine that is already specified by automatically opening the remote desktop when logged on to thin client)

• When taking out the data on virtual machine, use the external storage that is connected to virtualization host computer server rather than the one connected to thin client. In this case, you must temporarily cancel the security settings for virtual machine and virtualization host computer.

Others• When the CPU load of virtual machine reaches 100%, remote desktop might get

disconnected.

• If the usage rate of virtual memory increases and free memory space exhaust, remote desktop might get disconnected.

• There is a restriction on auto-logon configuration for Dell Wyse 5070. For details, refer to Appendix B 13.4 “Dell Wyse 5070 Automatic Logon Setting”.

9. Thin Client 9-11

TI 30A05B10-01EN Sep. 28, 2018-00

9.2.4 Specificationofsimultaneousconnectiontovirtualmachines

By default, two sessions can be connected to virtual machines simultaneously. If you build connections exceeding the maximum number of sessions or connections, whether to allow logon depends on the settings of virtual machines and connection users.The following table shows behaviors when the default is set and the settings are changed. If each product gives instructions about the settings, follow them to configure the settings.

9. Thin Client 9-12

TI 30A05B10-01EN Sep. 28, 2018-01

Table9.2.4-1 NumberofsimultaneousconnectionsandwhethertoallowlogonItem Descriptions

Windows settings

RD session host installation (*1) No Yes

Restriction on maximum of connections (*2)

N/AEnabled (N session: 1 session by default) Disabled / Non-configuration is not supported

Restriction on session per user (*3)

Enabled / Non-configuration (*4) Disabled Enabled / Non-

configuration (*4) Disabled

Number of connection sessions

Number of simultaneously connectable sessions

2 sessions N session (*5)(Setting count of *2)

Number of sessions per user 1 2 1 N

Logon operation when the number of connections exceeds the maximum

When connecting the user name different from the user name of the current connection:

The confirmation dialog box appears in the client of the current connection.After the OK button is clicked or a certain time lapses, the display of the previous connection is interrupted and the display of the next connection appears.The session of the previous connection continues, but the display is not shown.

(When the session of the subsequent user continues)The subsequent user can connect. The previous connection also continues.In this case, more than N sessions can be connected. (When the session of the subsequent user does not continue)The subsequent connection is rejected and the previous connection continues.

When connecting the same user name as the user name of the current connection:

The display of the previous connection is interrupted and the display of the subsequent connection appears.The confirmation dialog box does not appear in the client of the current connection.The session of the previous connection continues and the display appears during the subsequent connection.

Same above The display of the previous connection is interrupted and the display of the subsequent connection appears.The confirmation dialog box does not appear in the client of the current connection.

The subsequent connection is rejected and the previous connection continues.

Remarks OS default settings

*1: Install “Remote Desktop Session Host role service”.*2: Set Local Group policy as “Restrict connection”.*3: Set Local Group policy as “Restrict Remote Desktop Service Session to one session for Remote Desktop Service User.”*4: he initial value of OS is “Non-configuration.” This behavior is decided by a registry value. The default registry value is “Enabled.”*5: Group policy settings of Domain Controller takes priority in the Windows domain environment.

10. IT Security 10-1

TI 30A05B10-01EN

10. ITSecurityThischapterdescribesthegenerousoverviewandspecificationsofITsecurityforvirtualizationplatform.Formoredetails,refertoIM30A05B30-01EN“VirtualizationPlatformSecurityGuide.”

10.1 OverviewSecurity settings for Yokogawa IA system products that run on virtual machines are performed by each IT security tool corresponding to that product. That is the same as security measures on real machines.However, in systems using the virtualization platform, there are components that require unique security measures. IT security focused on virtualization is explained below.

10.2 Specification

n Target ComponentsThe following IT security settings are applied to the components of virtualization platform.

Table10.2.1 ObjectofITsecuritysettings

Target components

ITsecurityprovidedbyvirtualization

platformITsecurityprovidedby

Yokogawasystemproducts Remarks

Host OS Yes NoGuest OS No YesDomain controller Yes (*1) Yes (*1)Thin client (Windows 10) Yes No

Thin client (ThinOS) No No Settings are not available

because of non-Windows OS.

*1: You can use the domain controller for Yokogawa system products instead of using the virtual management domain controller that is dedicated for the virtualization platform. In such a case, after applying the IT security settings for the domain controller for Yokogawa system producs, some settings need to be changed.

n ITSecurityTool• IT Security Tool is not installed into the target components.

• You must start IT Security Tool from the installation medium of virtualization platform. You must install distribution packages that are required to execute IT Security Tool beforehand.

• You must connect a USB optical drive for a thin client without an optical drive. (*1)

• The log file or files to maintain security settings are generated in the target components.*1: You can use a USB optical drive although you select “Applying the StorageDevicePolicies function” or “Disabling USB storage

device” in IT security settings.

n RelationwithITsecuritysettingsintheguestOSYou are free to combine the IT security settings for virtualization platform with the IT security settings in the guest OS (IT security version, security model, and user management method).

June 14, 2019-00

10. IT Security 10-2

TI 30A05B10-01EN Sep. 28, 2018-00

n ITsecurityversionOnly the IT security version 2.0 is available for the virtualization platform.

n SecuritymodelOnly one type of security model is provided for the virtualization platform.

n UsermanagementmethodsThe IT security settings for virtualization platform are not classified according to user management methods (standalone, combination, and domain management).

11. Vnet/IP Communication Software 11-1

TI 30A05B10-01EN

11. Vnet/IP Communication SoftwareThischapterdescribesthegenerousoverviewandspecificationsofVnet/IPcommunicationforvirtualizationplatform.Formoredetails,refertoIM30A05B20-01EN“VirtualizationPlatformSetup.”

11.1 Overview

F110101E.ai

Intranet

HIS/ENG

APCS/GSGW

Console type HIS

FFCS-L V net router

Field Communication Exaopc

OPC server, etc.Generic Ethernet devicesV net

Domain 4

Vnet/IPDomain3

Vnet/IPDomain 1

L3SW

L3SW

L3SW

L3SW

BoundaryVnet/IP

Domain 2

Bus 1

Bus 2

Bus 1

Bus 2

UGS2

Virtualized HIS/ENG

communication

Virtualization Platform

PRM

Virtualization

Host ComputerOpen

router

Server

Figure11.1-1 ComponentsoftheVnet/IPsystemconfiguration

As one of the components of Vnet/IP system configuration, virtualized Vnet/IP stations that are performed in the virtualization environment is supported.The virtualized Vnet/IP station performs Vnet/IP communication using a general-purpose NIC instead of the dedicated communication card VI701/VI702 (hereinafter referred to as VI70x) which had been performing Vnet/IP communication in the past, and performs HIS, ENG, PRM, each system product such as Exaopc runs on the virtual environment.Dedicated software is required to implement Vnet/IP communication using general purpose NIC.In this chapter, this dedicated software is described as Vnet/IP communication software.Vnet/IP communication software is a group of software for Vnet/IP communication operating within a virtual machine (VM) created on the virtualization platform.The Vnet/IP communication software is included in the installation media of the following products.CENTUM VP R6.06.00 or laterProSafe-RS R4.04.00 or laterExaopc R3.77.00 or laterPRM R4.02.00 or later

Sep. 28, 2018-01

11. Vnet/IP Communication Software 11-2

TI 30A05B10-01EN Jan. 11, 2019-00

11.2 SpecificationThe summary of the specification of the Vnet/IP communication software for the virtualization platform is as follows.

(1) Connection to existing Vnet/IP network

Any domain can be connected. However, stations equipped with Vnet/IP firmware in the domain to which the virtualized Vnet/IP stations are connected must be updated to Vnet/IP firmware Rev. 28 or higher, WAC router firmware Rev. 9 or higher. The virtualized Vnet/IP station and the redundancy platform for computer (UGS2) must connect the domains separately.

(2) Communication range

It is the same as the Vnet/IP communication range in the conventional real machine station. It is possible to communicate with the V net via the bus converter.

(3) Communication function

The following communication is not supported.

(A) Sending and receiving of link transmission (scan transmission) at virtualized Vnet/IP station. But between controllers is possible as usual. When accessing the global switch, GET communication should be used. (*1) Inter-virtual domain link transmission is also included.

(B) Vnet/IP open communication

(C) Wide area mode for ProSafe-RS R2.02 or later

(D) Narrowband mode for ProSafe-RS R 3.02 or later

(E) Coexistence of HIS and SOE server for CENTUM VP.

(4) Network specification

The communication performance in terms of product specifications is the same as the performance allowed for each product in VI702.

(5) Restrictions against the operational environment

• The network in the range of 192.168.0.0/16 and the virtualized Vnet/IP station may not coexist.

• Since it conflicts with the Vnet/IP function and may not perform properly, coexistence with other than software that Yokogawa acknowledged is prohibited.

(6) Vnet/IP setting

Domains and stations are set up by using the Vnet/IP interface management tool.

(7) Installation

The Vnet/IP communication software is included in the installation media of each product. As the same as the conventional function, when you select “Control Bus Driver” from the product installer, the Vnet/IP communication software (a Vnet/IP driver equivalent function and a Vnet/IP firmware equivalent function in a lump) is installed.

*1: When you access the global switch, you can use, %GSnnnnSddss instead of %GSnnnmm.

12. Appendix A: Resource Capacity 12-1

TI 30A05B10-01EN

12. AppendixA:ResourceCapacity12.1 ServerResourceCapacity

In order to estimate the total resource capacity of the server, you must estimate the individual resource capacity at each part operated on the server and totalize it. This section describes the estimation of the individual resource capacity at each part in the virtualization host computer.

F120101E.ai

(Host OS)

Virtual Machine

Physical Server

Clustering function

Virtual Machine Manager

(Host OS)

Total resource capacity

Individual resource capacity

Virtual Machine

Figure12.1-1 Resourcecapacityofthevirtualizationhostcomputer

12.1.1 HostOSDescribes the resource requirements necessary for the host OS. This resource requirement does not include the resources of the guest OS.The resource requirement assumes only the following roles in the host OS:

• Virtual machine control (hardware control, virtual machine management)

n SingleConfigurationThe resource of the host OS in the case of a single configuration is as follows.

Table12.1.1-1 Resourcesofsingleconfiguration

Item Requirements RemarksCPU • Intel Xeon E3/E5-V4 Family or later

• CPU speed not less than 2.4 GHz• 2 or more physical cores

• CPU Family must be Broadwell or later (PREFETCHW instruction support).• The required OS speed is 1.4 GHz or higher, but it must match with the guest OS.

Memory size • Capacity 10 GByte or more• With ECC

4 GB+ host reservation size

Hard disk capacity

• As capacity, 50 GB+ (memory size) × 2.0 or more (*1)• Connection type is SAS.• 10 K rpm or more• RAID-1

Core dump (= same as memory size), page file (= 1.0 times memory size), OS area, and temporary area (50 GB)

Network • Number of ports: 1• 1 Gbps × 1

Breakdown of ports• Management network

*1 The memory size is the size of the memory area that the virtual machine does not use within the mounted memory of the virtualization host computer.

Sep. 28, 2018-00


TI 30A05B10-01EN Jan. 11, 2019-00

n HAClusterConfigurationIn the case of HA cluster configuration, the host OS resources are as follows.

Table12.1.1-2 ResourcesofHAclusterconfigurationItem Requirements Remarks

CPU• Intel Xeon E3/E5-V4 Family or later• CPU speed not less than 2.4 GHz• 4 or more physical cores

Added 2 cores rather than single configuration because disk protocol processing of shared storage and failover operation were added.

Memory size • Capacity 10 GB or more• With ECC

4 GB+ host reservation size

Hard disk capacity

• As capacity, 50 GB+ (memory size) × 2.0 or more (*1)• Connection type is SAS.• 10 K rpm or more• RAID-1

Core dump (= same as memory size), page file (= 1.0 times memory size), OS area, and temporary area (50 GB)

Network

• Number of ports: 5• 1 Gbps × 2 ports•10 Gbps × 2 ports• 4 Gbps × 1 port

Breakdown of ports• Management network (1 Gbps)• HA cluster network (1 Gbps) • Live migration (4 Gbps)• Storage network (10 Gbps × 2)

*1: The memory size is the size of the memory area that the virtual machine does not use within the mounted memory of the virtualization host computer

12.1.2 VirtualMachineThis section explains the precautions when estimating the resource capacity of the physical server from the virtual hardware resource capacity of the virtual machine.

n ResourceCapacityofVirtualMachineThe resource capacity available to the guest OS on the virtual machine and the resource capacity actually required by the virtualization software to manage and control the virtual machine are slightly different. This is because virtualization software adds overhead resource capacity to manage and control the virtual machine. In particular, memory size and hard disk capacity must have a margin. The virtualization software vendor does not disclose specifications for how much surplus is required as overhead resource capacity. For the virtualization platform, the resource capacity of the specified server has been designed based on calculations like those shown in the following table.

Table12.1.2-1 Resourcecapacityofthevirtualmachine

Hardwareitemsofvirtualmachine

Requestvaluewhencreatingavirtualmachine

(Reference)Requestvaluewhenestimating

physicalserverVirtual machine generation 2nd generation ―Number of processor cores (*1) 2 Count as physical core numberMemory size 4 GB 4.4 GB (*2)Hard disk capacity 80 GB 96 GB (*3) (*4)Number of network cards 4 (*5) 4 (*6)

*1: The speed of the physical server shall be 2.4 GHz or more*2: The overhead due to virtual machine control is calculated as 10 percent of the request value when creating the virtual machine*3: The overhead due to virtual machine control is calculated as 20 percent of the request value when creating the virtual machine*4: When taking a checkpoint, add the request value when creating the virtual machine by the (number of generations).*5: Plant information network / remote UI network / Vnet/IP (BUS 1/2) total 4 lines*6: Share with other virtual machines for use. Calculate the necessary network bandwidth and determine the actual number.

To calculate the overhead in the previous table, we assume that the virtualization software simply runs (controls) the virtual machine.


TI 30A05B10-01EN Sep. 28, 2018-00

12.1.3 TotalResourceCapacityofServerWe determine the hardware specifications of the physical server of the virtualization host computer by summing up the capacity of the request values when estimating the physical server of the host OS and guest OS.However, the following matters are not considered in this section:

• Backup of server/virtual machine

• Virtual machine snapshot

n CPU

SingleConfigurationThe number of cores is determined so that the total number of physical CPU cores of the physical server that is to be run as a virtualization host computer satisfies the following condition:(Total number of physical CPU cores in the physical server) ≥ (number of cores in the host OS in single configuration) + Σ (number of virtual cores in the virtual machine)

F120102E.ai

(Host OS)

Virtual Machine

Physical Server


Physical processor

Virtualprocessor

Virtual Machine

Figure12.1.3-1 ThenumberofCPUcoresinthesingleconfiguration

HAclusterConfiguration N:1standbyconfiguration (numberofvirtualizationhostcomputersisN+1)The case when configuring a cluster on one standby virtualization host computer for N active virtualization host computers.

F120103E.ai

Virtual Machine

Physical Server

Active Virtualization Host Computer Standby Virtualization Host Computer

Virtual Machine

(Host OS)

Physical Server

Reserved Reserved

Clustering function


(Host OS)

(Host OS)


Clustering function(Host OS)

Figure12.1.3-2 HAclusterconfiguration(N:1standbyconfiguration)


TI 30A05B10-01EN Sep. 28, 2018-00

• About the active virtualization host computer

For each virtualization host computer, determine the number of cores so that the total number of physical CPU cores satisfies the following condition: (Total number of physical CPU cores in the physical server) ≥ (number of cores in the host OS in HA configuration) + Σ (number of virtual cores in the virtual machine)

• About the standby virtualization host computer

The standby virtualization host computer selects the server CPU so that it has the same number of physical CPU total cores as the largest number of physical CPU total cores in the active virtualization host computer.

F120104E.ai

Active Virtualization Host Computer Standby Virtualization Host Computer

Total resource capacity of the standby virtualization host computer is equal to the largest total resource

capacity of the active virtualization host

computers

(Host OS) Reserved Reserved

Clustering function


(Host OS)

(Host OS)


Physical Server

Clustering function(Host OS)


Physical Server

Figure12.1.3-3 Standbyvirtualizationhostcomputer

Active/standbysharedconfiguration (thenumberofvirtualizationhostcomputersisM,whereM≥2)The case when not arranging a completely standby virtualization host computer but configuring the cluster on a virtualization host computer with both active and standby roles.

F120105E.ai

(Host OS)


Physical Server

Virtualization Host Computer for Active/Standby Virtualization Host Computer for Active/Standby

Clustering function


(Host OS)

(Host OS)

Physical Server

空きReserved Reserved

Clustering function


(Host OS)

Figure12.1.3-4 HAclusterconfiguration(active/standbyconfiguration)


TI 30A05B10-01EN Sep. 28, 2018-00

• About the active/standby shared virtualization host computer Use the following procedure to find the number of cores of the physical server:

(1) The number of active virtual machines Nn in each virtualization host computer is obtained, and the maximum value is taken as Nmax. An active virtual machine is a virtual machine that you normally run on each virtualization host computer.

F120106E.ai

(Host OS)

Virtual Machine

Physical Server

Clustering function

Active Virtual Machine


(Host OS)

Virtual Machine

Reserved

(2) Calculate an integer value K of 1 or more that satisfies the following formula: (K-1) × (M-1) < Nmax ≤ K × (M-1) M: Number of servers Nmax: Maximum number of active virtual machines on each virtualization host computer

(3) For each virtualization host computer, find the total value Cn, the number of cores in the virtual machine from the virtual machine with the largest number of virtual cores to the Kth virtual machine. Let Cmax be the maximum value among the Cn values of each virtualization host computer.

F120107E.ai

Virtual Machine

Case: K=2

4


2 2

(4) For each virtualization host computer, determine the number of cores so that the total number of physical CPU cores satisfies the following condition:

(Total number of physical CPU cores in the physical server) ≥ (number of cores in the host OS in HA cluster configuration) + Σ (number of virtual cores in the active virtual machine) + Cmax


TI 30A05B10-01EN

n Memory

SingleconfigurationThe total amount of physical memory of the physical server run as the virtualization host computer is determined so as to satisfy the following condition:

(Physical memory capacity of physical server) ≥ (memory capacity of host OS in single configuration) + Σ (memory capacity of virtual machine) + Σ (overhead of virtual machine management of host OS)

F120108E.ai

(Host OS)

Virtual Machine

Physical Server


Implemented physical memory

Memory

Virtual Machine

Overhead of VMMResources for Manager

Resources for Manager

The overhead for virtual machine management is the amount of memory that the host OS requires for each virtual machine to configure and manage the virtual machines such as the video memory of the virtual machines and the memory address conversion table.

HAclusterconfiguration N:1standbyconfiguration (numberofvirtualizationhostcomputersisN+1)This is the case when configuring a cluster with one standby virtualization host computer for N virtualization host computers. For an illustration, see the CPU section.

• About the active virtualization host computer For each virtualization host computer, determine the memory capacity so that the memory capacity satisfies the following condition:

(Physical memory capacity of physical server) ≥ (memory capacity of host OS with HA cluster configuration) + Σ (memory capacity of guest OS) + Σ (overhead of virtual machine management of host OS)

• About the standby virtualization host computer The standby virtualization host computer selects the memory of the server so that it has the same number of memory capacity as the one with the largest memory capacity on the active virtualization host computer.

Sep. 28, 2018-00


TI 30A05B10-01EN

Active/standbysharedconfiguration (thenumberofvirtualizationhostcomputersisM,whereM≥2)The case when not arranging a completely standby virtualization host computer but configuring the cluster on a virtualization host computer with both active and standby roles. For an illustration, see the CPU section.

• About the active/standby shared virtualization host computer For the procedure of finding the memory capacity of the physical server, refer to the CPU section.

In doing so, read as follows:

- Read “number of cores” as “memory capacity”.

- Read the last calculation formula as follows:

(Physical memory capacity of physical server) ≥ (memory capacity of host OS with HA cluster configuration) + Σ (memory capacity of guest OS) + Σ (overhead of virtual machine management of host OS) + Cmax

n StoragePrepare disks physically different for the host OS and the virtual machine for the virtualization host computer storage. This section describes storage for virtual machines.

F120109E.ai

(Host OS)


Virtual Machine images(Including Virtual hard disk)

Separate physical hard disk

Virtual hard disk

Physical hard diskSystem of Host OS

Virtual Machine

Physical Server

Virtual Machine

Determine the capacity required for each storage, the total IOPS (Input Output Per Second) (*1), and the throughput (MB/s) (*2) to satisfy the following formula.

(Total capacity of virtual machine storage) ≥ Σ (virtual machine virtual hard disk capacity) + Σ (virtual machine management overhead of the host OS)

*1: Number of read/write instructions per second*2: Total value of reading speed and writing speed

When performing backup, calculate by doubling the virtual hard disk capacity.

(Total allowable IOPS number of storage for virtual machine) × (70%) ≥ Σ (upper limit value of IOPS number of virtual machine storage access) (Throughput of storage for virtual machine) × (70%) ≥ Σ (upper limit value of throughput of virtual machine storage access)

Sep. 28, 2018-00


TI 30A05B10-01EN

n NetworkThe number of network ports and network bandwidth shown in this section are designed based on the following policy. The number of network ports and the network bandwidth was determined based on this.

• Estimate the integrated number per server as 18 VM. Allow simultaneous operation up to 18 VM.

• The points directly connected to where the plant operation stops due to network failure are duplicated. Vnet/IP, remote UI network, storage network

• As long as there is no requirement of Yokogawa system products and virtualization software, the network bandwidth shall be 1 Gbps.

• The network divides segments or physical ports by role.

SingleconfigurationThe number of network ports and bandwidth requirements for single configuration are as follows.

Item Requirements RemarksVnet/IP • 1 Gbps Ethernet × 2 ports • Two systems are required for duplex configuration.Plant information network • 1 Gbps Ethernet × 1 port • When bandwidth is required, an integral multiple of

this number is required.

Management network

• 1 Gbps Ethernet × 1 port (Only used for management purposes)• 5 Gbps or more Ethernet × 1 port (Management / Live migration / Replication)

• Used for server management purposes.

Remote UI network • 1 Gbps Ethernet × 2 ports• Used for communication between thin client and guest OS.• Two systems are required for dual-redundant configuration.

HAclusterconfigurationThe number of network ports and bandwidth requirements for HA cluster configuration are as follows.

Item Requirements RemarksVnet/IP • 1 Gbps Ethernet × 2 ports • Two systems are required for duplex configuration.Plant information network • 1 Gbps Ethernet × 1 port • When bandwidth is required, an integral multiple of

this number is required.

Management network

• 1 Gbps Ethernet × 1 port (Only used for management purposes)• 5 Gbps or more Ethernet × 1 port (Management / Replication)

• Used for server management purposes.

Remote UI network • 1 Gbps Ethernet × 2 ports• Used for communication between thin client and guest OS.• Two systems are required for dual-redundant configuration.

Storage network • 10 Gbps Ethernet × 2 ports• Used for communication between virtualization host computer and shared storage.• Two systems are required for dual-redundant configuration.

HA cluster network • 5 Gbps or more Ethernet × 1 port

• Used for communication between servers that constitute a cluster.• Also used for live migration.

Sep. 28, 2018-01

13. Appendix B: Engineering Memo 13-1

TI 30A05B10-01EN

13. AppendixB:EngineeringMemo13.1 Resource Control

On the virtualization host computer, resources are shared between virtual machines. Therefore, in order for the virtual machines to have no influence on others and operate properly, you must set resource usage priorities, resource limits, etc. and control the resources.Therefore, set up resource control settings for all virtual machines on the virtualization platform.

13.1.1 Guest OSThe state that the total of resources allocated to the virtual machine is greater than the physical resources of the virtualization host computer is called the resource over-committed state. The over-committed state can be accommodated by the resource control settings, but it is not recommended because the behavior is not guarantee.

n CPUWith Microsoft Hyper-V, reserved values can be specified for CPU resources in each virtual machine. Only the reserved CPU resource amount can be used exclusively by that virtual machine without being disturbed by other virtual machines.When the following conditions are satisfied, the over-committed state does not occur, so the resource control of CPU is unnecessary.(Total number of physical cores of the physical server) ≥ Σ (number of processors of each virtual machine) + (number of processors of the host OS)

n MemoryIn Microsoft Hyper-V, the virtual machine memory has a method of statically assigning fixed values and a method of activating dynamic memory to permit dynamic change of memory amount. When dynamic memory is activated, depending on the memory usage of the virtual machine, Hypervisor may recover some memory. As a result, reallocation may take time when it becomes necessary in the virtual machine. Therefore, activation of dynamic memory is prohibited.When the following conditions are satisfied, the over-committed state does not occur, so the resource control of memory is unnecessary.(Physical memory amount on the physical server) ≥ Σ (memory amount of each virtual machine) + (memory amount of the host OS)

Sep. 28, 2018-00


TI 30A05B10-01EN Jan. 11, 2019-00

n HardDisk(Storage)In server virtualization, storage devices are shared by multiple virtual machines and used.Therefore, you must ensure that the total number of IOPS (the number of IO accesses per unit time) and the data transfer rate of each virtual machine does not exceed the throughput of the storage device and the data transfer rate of the intermediate route.With Microsoft Hyper-V, you can set the upper limit value of IOPS per virtual hard disk. Set the upper limit value of IOPS for each hard disk on a virtual machine and adjust it with all the virtual machines so that it does not exceed 70 percent of the total processing amount of the storage device. Similarly, the upper limit of the data transfer rate of the virtual hard disk can be set as (Normalized value of IOPS) × (IOPS). Adjust all virtual machines so that they do not exceed the data transfer rate of the intermediate path between the virtual machine and the storage device.When using a specified model server, please adjust the total data transfer rate of all virtual machines to be less than the upper limit value designated per server.

n NICIn server virtualization, NIC (including onboard Ethernet port) is shared by multiple virtual machines and used. Therefore, you must ensure that the total network bandwidth used by each virtual machine does not exceed the network bandwidth of NIC.With Microsoft Hyper-V, you can set the upper limit value of network bandwidth for each virtual machine using “Network adapter bandwidth management”. Set the upper limit value of network bandwidth in each virtual machine and adjust with all the virtual machines so as not to exceed the network bandwidth of NIC.This setting is set up for each virtual machine using Hyper-V Manager.


TI 30A05B10-01EN Sep. 28, 2018-00

13.2 RelationshipbetweentheNumberofZonesandtheNumberofNetworkCards

When using a rackmount type server of the specified model (R740XL), you can install up to four individual zones in the network. However, the number that can be installed depends on the number of network cards installed in the virtualization host computer. Prepare the virtualization host computer taking into consideration of this.The relationship between the number of network cards and the number of zones that can be installed is as follows.

Table13.2-1 Relationshipbetweenthenumberofnetworkcardsandthenumberofzonesthatcan beinstalled

NICmountednumber(*1) Numberofinstallablezones Remarks1 02 13 14 25 26 47 4

*1: Number of 1 Gbps-4 port network cards

In the case of the modular type server (FC640), up to one zone is applicable.


TI 30A05B10-01EN Jan. 11, 2019-00

13.3 iDefineofProSafe-RSThe iDefine license operating in a virtualization environment is authenticated through the Dongle Gateway which is Windows Service.

n DongleGatewayDongle Gateway can be installed by using the installer provided by Trinity Integrated Systems Ltd. The user can obtain the installer for Dongle Gateway from the website of Trinity Integrated Systems Ltd. and execute it on the computer where Dongle Gateway is installed.For the specification of Dongle Gateway, refer to the bundled User Guide.

PlacementThe user should install Dongle Gateway on the Windows-based thin client where IT security is applied or the computer in which the SENG software is installed. The order of applying the IT security and installing Dongle Gateway does not matter.The user must set up the USB dongle where Dongle Gateway can recognize.There are three types of placement as follows.

(1) Installing on the thin client device The user should install Dongle Gateway and insert the USB dongle on the thin client device.

F130401E.ai

Vnet/IP

Remote UI network

Windows Server 2016 Hyper-V

VM

HIS

Guest OS

VM

SENG

Guest OS

VM

SENG

iDefine iDefine

Guest OS

Hardware Platform

Thin Client

USB

OPKB

DongleGateway

RDP RDP

TM1READY

FUSE RL1 CN1 (PSU-L) TM2 100-120V AC

CN2 (PSU-R)

TM1READY


CN2 (PSU-R)

Figure13.3-1 InstallingDongleGatewayonthethinclient


TI 30A05B10-01EN Sep. 28, 2018-00

(2) Installing on the physical SENG

If a physical SENG computer exists, the user should install Dongle Gateway and insert the USB dongle in the computer.

F130402.ai

Vnet/IP

Remote UI networkt


VM

HIS

Guest OS

VM

SENG

Guest OS

VM

SENG (Real Machine)

iDefine iDefine

Guest OS

Hardware platform

Thin Client

Physical SENG

USB

OPKB

SENG

RDP RDP

TM1READY


CN2 (PSU-R)

TM1READY


CN2 (PSU-R)

DongleGateway

Plantinformationnetworkt

Figure13.3-2 InstallingDongleGatewayonthephysicalSENG


TI 30A05B10-01EN

(3) Installing on the virtual SENG

If no physical SENG computer exists, the user should install Dongle Gateway on the virtual SENG and insert the USB dongle in the USB device server (myUTN-50a) so that the USB dongle can be recognized through the USB device server.

F130403.ai

Vnet/IP

Remote UI network


VM

HIS

Guest OS

VM

SENG

Guest OS

VMSENG

USBDeviceServer

iDefine

iDefineDongle

Gateway

Guest OS

Hardwaew platform

Thin Client

USB

OPKB RDP RDP

TM1READY


CN2 (PSU-R)

TM1READY


CN2 (PSU-R)

Plant information network

Figure13.3-3 InstallingDongleGatewayonthevirtualSENG

Note: Plural iDefines can connect one Dongle Gateway.

Licenseauthenticationprocedure1. Starting Dongle Gateway

Start the computer on which Dongle Gateway is installed. The Dongle Gateway Windows Service automatically starts at the computer startup. The user can also stop or start the service by using Dongle Gateway Configurator that is bundled in Dongle Gateway.

2. Connecting Dongle Gateway from iDefine Specify the IP address of Dongle Gateway to connect on iDefine.

F130401E.ai

Figure13.3-4 SpecifyingtheIPaddressofDongleGatewayoniDefine

Jan. 11, 2019-00


TI 30A05B10-01EN

Because Windows authentication is used for the connection, the device where Dongle Gateway is installed must be able to identify the login user of the device where iDefine runs.

• When using a local account: A user with the same name and the same password as the login user of the device where iDefine runs exists on the device where Dongle Gateway runs.

• When using a domain account: The device where iDefine runs and the device where Dongle Gateway runs participate in the same domain.

In the case that the same number of iDefines as the number of licenses for Dongle Gateway that is written in the USB dongle has already been simultaneously connected to Dongle Gateway, when another iDefine attempts to connect to Dongle Gateway, the license authentication fails.

MaximumnumberoflicensesThe maximum number of licenses that can be granted to one USB dongle: 8

BehaviorwhenthecommunicationbetweeniDefineandDongleGatewayisinterruptedAfter the license of iDefine is authenticated and iDefine is started, it communicates with Dongle Gateway every 30 seconds to update the license information. If the communication is lost or the USB dongle is pulled out from the device on which Dongle Gateway runs, updating the license information fails so that the license on iDefine is deactivated. After the license is deactivated and when the user performs an operation that requires the license, an error is detected. If iDefine can obtain the license information from Dongle Gateway at the subsequent update cycles, the license on iDefine is automatically reactivated. If the periodic communication from iDefine to Dongle Gateway is interrupted for five minutes, Dongle Gateway releases the license secured for that iDefine and makes it available for other iDefines.

Sep. 28, 2018-00


TI 30A05B10-01EN

13.4 DellWyse5070AutomaticLogonSettingFor the thin client Dell Wyse 5070, the automatic logon setting in the included tool [Dell Thin Client Application] may not be effective. If you want to set up automatic logon for Dell Wyse 5070, please do it manually according to the following procedure.

TIP The following procedure is valid for local users. For domain users, you can configure by using the included tool (Dell Thin Client Application).

SetuptheautomaticlogonuserIf you want to set up users to log on automatically for Dell Wyse 5070, please follow the steps below.

1. Log on to the thin client as an administrator user.

2. Right-click on the start menu and select [Run].

3. In the window that appears, enter “netplwiz” and click the [OK] button. The “User Accounts” dialog box appears.

4. Click the [Users] tab.

5. Select the user to log on automatically from the [Users for this computer] list.

6. Clear the [Users must enter a user name and password to use this computer] check box.

7. Click the [OK] button. The “Automatically sign in” dialog box appears.

8. Enter the password of the user who logs on automatically to [Password] and [Confirm password].

9. Click the [OK] button.

ReleasetheautomaticlogonuserIf you do not want to log on automatically to Dell Wyse 5070, please follow the steps below.

1. While logging on to the thin client automatically, right-click on the start menu and select [Run].

2. In the window that appears, enter “netplwiz” and click the [OK] button. The “User Accounts” dialog box appears.

3. Click the “Users” tab.

4. Select the [Users must enter a user name and password to use this computer] checkbox.

5. Click the [OK] button.

Jan. 11, 2019-00

Blank Page

i

TI 30A05B10-01EN

Revision InformationTitle : Virtualization Platform Planning and Implementation GuideDocument No. : TI 30A05B10-01EN

Oct.2019/4thEdition3.2.3 Revised the description on “Failover <Function of Hyper-V>”4.1 Added “Platform for Advanced Control and Estimation!” as a target product for virtualization7.2.9 Added the whole chapter of “Platform for Advanced Control and Estimation”

June 2019/3rd EditionClerical corrections3.1.1 Changed the description of access stop time upon path failure of the redundant storage network path

for the shared storage3.3 Added new section “Functions to Prohibit Use on Virtualization Platform”7 Add the throughput value of virtualization host computer in each configuration of shared storage

SCv3020

Jan. 2019/2nd Edition3.2.2 Revised the description on “ Prohibiting the automatic live migration”4.1 Added “Exaquantum” into the table4.1 Added the item of “ Exaquantum” (Table 4.1-10 is included)5.4.1 Revised the description on “About the license of the guest OS”6.4 At “Thin client,” deleted “Dell Wyse 7020 / 7020 Quad Display,” added “Dell Wyse 5070”7.2.8 Added the whole chapter of “Exaquantum”9.2.1 Added “TIP,” changed the description of “ Monitor Specifications” and “ Cautions when connecting

monitor” 9.2.1 Deleted “Dell Wyse 7020 / 7020 Quad Display,” added “Dell Wyse 5070”9.2.2 Deleted “Dell Wyse 7020 / 7020 Quad Display,” added “Dell Wyse 5070”13.4 Added the whole chapter of “Dell Wyse 5070 Automatic Logon Setting”

Sep. 2018/1st EditionNewly published

Oct. 4, 2019-00

Written by Yokogawa Electric Corporation

Published by Yokogawa Electric Corporation 2-9-32 Nakacho, Musashino-shi, Tokyo 180-8750, JAPAN

Subject to change without notice.

Technical Virtualization Platform Information …(Each product IM) Installation, Installation Guide,...

Documents

Transcript of Technical Virtualization Platform Information …(Each product IM) Installation, Installation Guide,...