• State Verified Answer
  • Replies 2 replies
  • Subscribers 5482 subscribers
  • Views 19116 views
  • Users 0 members are here
Related Posts
PK Controller Network Gateway on 3rd party NICs
Enabling Windows server backup on Proplus
how to run deltav operator workstations as standalone machine without Proplus in a domain config?
Fwd: Net work binding when using 4 NIC
how to disable that windows server 2008 r2 domain password change request. For DeltaV 12.3.1
Share

ProPlus 3rd NIC on Windows Domain?

Hi I don't have in depth experience with DeltaV. I have 1x ProPlus; 1x Appstn; 1x Eng Stn; 1x M-Series Ctrl

In the current architecture (see pic below), the 3rd NIC on the 3 DeltaV stations is physically connected to the service Plant LAN, which is a Domain Network;

Eventhough the ProPlus and other DeltaV stations are connected and using this network over the 3rd NIC (mostly for remote desktop access and backup functions) they are are configured as a workgroup.

Question: Is it possible to join the ProPlus (or any/all of the other startions) to the service Plant LAN Windows Domain (using the 3rd NIC)?    Will this have any impact on the DeltaV system?

In my mind, I imagine all communications necessary for DeltaV ProPlus, APPStn, EngStn and controllers happen over the Pri and Sec control network, technically, you could disable the 3rd NIC completely, DeltaV doesn’t need it.

mco_exchg
  • Alexandre Peixoto
    There are many parts to your question, but I'll concentrate on one of the topics only and recommend you to check our DeltaV Security Manual to get additional information about how to define your DeltaV installation following security best practices. The manual is available in Guardian within the Resources section.

    Your Plant LAN in a domain should be segmented from the DeltaV workstations 3rd NIC, and that is done by means of security perimeter devices such as firewalls so that you can build your L2.5 network (network segment below the added firewall) which is part of DeltaV, and then your Plant LAN will remain segregated right above the added firewall. The need for 3rd NIC connectivity (L2.5 network) will depend on your use cases - how you patch your system, how you interact with external historian servers, integration to other systems via OPC, etc. - all I'm trying to say is that depending on the use case for Plant LAN connectivity, it's important to have a perimeter security devices (aka. firewall) to reduce

    DeltaV can be deployed in a domain, and in this case the domain controller is either the ProfessionalPLUS server or you can also have an Independent DeltaV Domain Controller from DeltaV v14.3+. Joining DeltaV to a foreign domain exclusively will impact your system's functionality - if at all work, no support is provided for this specific scenario.
  • mco_exchg

    In reply to Alexandre Peixoto:

    Thanks a lot for your reply, very informative, I will also take look at the Security Manual. In our set up there is a FW isolating the Plant LAN from the next level (for informational systems such as historian and other performance software), and then another FW between that level and the business LAN. The Plant LAN is used for data sharing (i.e. OPC, Modbus TCP), backups, remote desktop access, etc., but only between process control systems' 3rd NICs such as DeltaV, ABB, Vibrations software, Electrical, etc., the main plant DCS is not the DeltaV. The reason why the Plant LAN is a Windows Domain is because Plant Process IT manages/owns it and of course it is easier for them to manage user accounts that way. Conclusion, it seems like the DeltaV in a Domain environment is only supported if it is done using a DeltaV Domain Controller.

This is the official online community site of the Emerson Exchange, a forum for the free exchange of non-proprietary information among the global user community of all Emerson's products and services. Our goal is to improve the efficiency and use of automation systems and solutions employed at members’ facilities by sharing our knowledge, experiences, and application information.

Community Guidelines | Legal Information | Privacy Policy | Contact Community Manager

Website translation provided by Website Translator

© 2015-2026 Emerson Exchange. All rights reserved.