• Not Answered

How to establish communication with a OPC Client software on NON DeltaV remote PC via cisco firewall?

Hi all,

I very new to OPC. I Need your help in understating the concept. There is a 2nd part for my question which is regarding the firewall.

I have an application station which is configured for Continuous historian. No of tags assigned is below 250 as the customer require historian for some critical tags only, also they didn't purchase any extra licenses. 

Customer need to view real time values of these tags from a non DeltaV PC. They have Installed Matrikon OPC as the client software on the non deltaV PC. Can somebody give me an Idea about how it is to done.

There is a firewall configured between the two networks is Non DeltaV PC is on the outside interface and DeltaV Systems are in the inside Interface. With current configuration I am able to ping Outside network PC from my Inside network but I am not able to ping inside system from outside is this normal? 

1 Reply

  • Note that OPC have three main specifictions. DA - Data Access (real time), HDA - Historial Data Access, A&E (Alarms and Events). There are specs for batch and XML-DA but not as popular as the 3 above.

    Since you mentioned real time data I am assuming you wanted to see OPC DA data. And since you didn't mention if this is OPC Classic or OPC UA, I will assume OPC Classic.

    OPC Classic runs on top of COM/DCOM. So this means you need port 135 for initial connection and ephemeral ports from 1024 to 65535!!! If you use Emerson Smart Firewall then this will be automatically handled for you if select OPC Classic/DCOM rule. It allows port 135 and dynamically opens the port that the OPC endpoints need for communication. If you are using other firewalls then you have to take this into account. Note that some functionality in OPC/DCOM (Advise, ConnectionPoints), the role reverses - so you need to ensure your firewall is configured bi-directional.

    RE: but I am not able to ping inside system from outside is this normal?
    This is entirely up to how the firewall is configured. But yes, ping both direction helps. It would be best if you can map shared folders both ways and that it maps without asking for username and password.

    There are more items to consider for DeltaV OPC to available on non DeltaV PC. For example, DeltaVAdmin has to exists on both ends. The user that Matrikon is using to connect to DeltaV needs to be configured in DeltaV. And there are considerations for when the system is workgroup or domain.

    But iron out your firewall and basic Windows security settings then you can worry about OPC at a later point.