Recent Control & Safety Systems Discussions
Similar Posts
PK Controller Network Gateway on 3rd party NICs
Enabling Windows server backup on Proplus
Fwd: Net work binding when using 4 NIC
how to run deltav operator workstations as standalone machine without Proplus in a domain config?
how to disable that windows server 2008 r2 domain password change request. For DeltaV 12.3.1
Share

ProPlus 3rd NIC on Windows Domain?

Hi I don't have in depth experience with DeltaV. I have 1x ProPlus; 1x Appstn; 1x Eng Stn; 1x M-Series Ctrl

In the current architecture (see pic below), the 3rd NIC on the 3 DeltaV stations is physically connected to the service Plant LAN, which is a Domain Network;

Eventhough the ProPlus and other DeltaV stations are connected and using this network over the 3rd NIC (mostly for remote desktop access and backup functions) they are are configured as a workgroup.

Question: Is it possible to join the ProPlus (or any/all of the other startions) to the service Plant LAN Windows Domain (using the 3rd NIC)?    Will this have any impact on the DeltaV system?

In my mind, I imagine all communications necessary for DeltaV ProPlus, APPStn, EngStn and controllers happen over the Pri and Sec control network, technically, you could disable the 3rd NIC completely, DeltaV doesn’t need it.

mco_exchg
  • Alexandre Peixoto
    There are many parts to your question, but I'll concentrate on one of the topics only and recommend you to check our DeltaV Security Manual to get additional information about how to define your DeltaV installation following security best practices. The manual is available in Guardian within the Resources section.

    Your Plant LAN in a domain should be segmented from the DeltaV workstations 3rd NIC, and that is done by means of security perimeter devices such as firewalls so that you can build your L2.5 network (network segment below the added firewall) which is part of DeltaV, and then your Plant LAN will remain segregated right above the added firewall. The need for 3rd NIC connectivity (L2.5 network) will depend on your use cases - how you patch your system, how you interact with external historian servers, integration to other systems via OPC, etc. - all I'm trying to say is that depending on the use case for Plant LAN connectivity, it's important to have a perimeter security devices (aka. firewall) to reduce

    DeltaV can be deployed in a domain, and in this case the domain controller is either the ProfessionalPLUS server or you can also have an Independent DeltaV Domain Controller from DeltaV v14.3+. Joining DeltaV to a foreign domain exclusively will impact your system's functionality - if at all work, no support is provided for this specific scenario.

This is the official online community site of the Emerson Global Users Exchange, a forum for the free exchange of non-proprietary information among the global user community of all Emerson Automation Solution's products and services. Our goal is to improve the efficiency and use of automation systems and solutions employed at members’ facilities by sharing our knowledge, experiences, and application information.

User Groups | World Areas | Community Guidelines | Legal Information | Privacy Policy | Contact Community Manager

Website translation provided by Website Translator

© 2015-2022 Emerson Global Users Exchange. All rights reserved.