i4SCADA Knowledge Base

Running i4SCADA on three separate machines

Abstract

To configure your i4SCADA Server, Database and Web Server to communicate with each other over the network on three different machines, check out these tutorials.

i4SCADA can be set up to run its server, database and web server on three different machines which communicate with each other over the network. This article will describe the setup procedure for achieving this multiple-machine i4SCADA environment.

3machines_diagram.jpg

Multiple machine i4SCADA environment

Important

As these settings have a higher degree of difficulty than the previous ones, please pay attention to each step provided in this tutorial!

The three-way i4SCADA setup requires three running Windows servers to support the distribution of the i4SCADA services. The three machines are summarised below:

  • A Database Server - the server running the Microsoft SQL database server, hosting the SCADA database (SCADA1)

  • An i4SCADA Server - the server running the i4SCADA server, with access to the Database Server and Web Server (SCADA2)

  • A Web Server - the server running IIS and hosting the SCADA web services (SCADA3)

To achieve this goal, the following prerequisites must be met:

  • One physical or virtual machine running i4SCADA version 3.8.x with Internet Information Services (IIS). See the Requirements and Recommendations article.

  • One physical or virtual machine running Microsoft SQL Server 2016.

  • One physical or virtual machine running Internet Information Services (IIS).

  • Proper networking - the machines must be in the same local network or must be connected using a VPN if they are communicating over the internet.

Note

This article focuses on setting up i4SCADA to work on a three machines environment. The installation of operating systems, i4SCADA software, database server or web server is not subject for this article. Please refer to the proper documentation to achieve the setup required, for following this article.

Setting up the triple-machine environment

The following configuration must be applied to the trio of servers in order to distribute the i4SCADA installation properly.

Setting up the Database Server (SCADA1)

This Windows Server must be configured as an SQL Database server. For i4SCADA, the Microsoft SQL Server 2016 must be installed on this machine in order to host the SCADA database. SQL Management Tools must be installed along with the SQL Server, in order to provide access to the Microsoft SQL Server Management Studio.

  1. Enable the TCP/IP protocol in the SQL Server Network Configuration section of the SQL Server Configuration Manager

    TCP_IP_properties.jpg
  2. Set the SQL Server Browser to Automatic start and make sure it’s running (in the SQL Server Services section of the SQL Server Configuration Manager, as follows:

    1. Select the SQL Server Browser Properties option and set the Start Mode to Automatic, under TAB Service.

      SQL_Server_Browser_Properties.jpg
    2. Check the SQL Server Browser status and make sure it is in status Running. In case it did not start, click right and select option Start.

      SQL_Server_Browser.jpg
  3. Restart the SQL Server service in the SQL Server Configuration Manager

    Restart_SQL_Server.jpg
  4. Find out what ports are used by the SQL Server, as follows:

    1. Open the SQL Server Management Studio

    2. Open the Management folder

    3. Open the SQL Server Logs folder

    4. Select the Current log file and click right to open the Log Filter Viewer dialog.

      SQL_Server_Logs.jpg
    5. In the Log Filter Viewer dialog select the Filter toolbar option or the View filter settings linkable field.

      The Filter Settings dialog is opened allowing you to input the text “server is listening on” in the Message Contains Text field and Enable the Apply filter option.

      Filter_settings_dialog.jpg
    6. Press the OK button. The SQL Server port number will be displayed in the logs as listened to.

      Ports_listened_to.png
  5. Allow inbound and outbound port rules for port 1433 for both TCP and UDP protocols, as follows:

    1. Open Windows Defender Firewall.

    2. Click on the Advanced settings option.

      Advanced_settings.jpg
    3. The Windows Defender Firewall with Advanced Security dialog is opened.

    4. Select the Inbound Rules menu entry and click on the New Rule option.

      New_rule_for_Inbound.jpg
    5. The New inbound Rule Wizard dialog is opened. In this view select the Port option and press the button Next.

      Port_Inbound_Rule.jpg
    6. Add in the "Specific local ports" field the TCP port number 1433. Click again the Next button.

      1433Port.jpg
    7. Make sure that option Allow connection is selected and press the Next button.

      Allow_the_connection.jpg
    8. In the next window select the desired location where the new rule should be applied (by default, all options are selected). Click again the Next button.

    9. Define a Name and Description for the new Inbound TCP Rule and click the Finish button.

      Finish_TCP_Inbound.jpg
    10. Next, add the Inbound UDP Rule for the 1433 port described above.

      UDP_1433.jpg
    11. Repeat the steps described above, for the Outbound TCP and UDP Rules, under the Outbound Rules menu entry of Windows Defender Firewall.

      Outbound_new_Rules.jpg
  6. Allow inbound and outbound port rules for port 1434 for both TCP and UDP protocols, as follows:

    1. Open Windows Defender Firewall.

    2. Click on the Advanced settings option.

      Advanced_settings.jpg
    3. The Windows Defender Firewall with Advanced Security dialog is opened.

    4. Select the Inbound Rules menu entry and click on the New Rule option.

      New_rule_for_Inbound.jpg
    5. The New inbound Rule Wizard dialog is opened. In this view select the Port option and press the button Next.

      Port_Inbound_Rule.jpg
    6. Add in the "Specific local ports" field the TCP port number 1443. Click again the Next button.

      TCP1443.jpg
    7. Make sure that option Allow connection is selected and press the Next button.

      Allow_the_connection.jpg
    8. In the next window select the desired location where the new rule should be applied (by default, all options are selected). Click again the Next button.

    9. Define a Name and Description for the new Inbound TCP Rule and click the Finish button.

      Finish_TCP_Inbound.jpg
    10. Next, add the Inbound UDP Rule for the 1443 port, as described above.

      UDP_1443.jpg
    11. Repeat the steps described above, for the Outbound TCP and UDP Rules, under the Outbound Rules menu entry of Windows Defender Firewall.

      Outbound_new_Rules.jpg
  7. Allow inbound and outbound port rules for the SQL Server port (49741) for both TCP and UDP protocols, as follows:

    1. Open Windows Defender Firewall.

    2. Click on the Advanced settings option.

      Advanced_settings.jpg
    3. The Windows Defender Firewall with Advanced Security dialog is opened.

    4. Select the Inbound Rules menu entry and click on the New Rule option.

      New_rule_for_Inbound.jpg
    5. The New inbound Rule Wizard dialog is opened. In this view select the Port option and press the button Next.

      Port_Inbound_Rule.jpg
    6. Add in the "Specific local ports" field the TCP port number 49741. Click again the Next button.

      49741_TCP.jpg
    7. Make sure that option Allow connection is selected and press the Next button.

      Allow_the_connection.jpg
    8. In the next window select the desired location where the new rule should be applied (by default, all options are selected). Click again the Next button.

    9. Define a Name and Description for the new Inbound TCP Rule and click the Finish button.

      Finish_TCP_Inbound.jpg
    10. Next, add the Inbound UDP Rule for the 49741 port described above.

      UDP_49741.jpg
    11. Repeat the steps described above, for the Outbound TCP and UDP Rules, under the Outbound Rules menu entry of Windows Defender Firewall.

      Outbound_new_Rules.jpg
  8. Last but not least, make sure that the Network Discovery is enabled for the network you are connected to, as follows:

    1. Go to Control Panel and select option Network and Internet.

    2. Select the Network and Sharing Center and click on the Change advanced sharing settings.

      Advanced_sharing_and_network_settings.jpg
    3. In the Advanced Sharing settings make sure that the Network discovery and / or File and printer sharing are turned ON, for your current profile.

      Network_discovery_and_sharing_center.png

      Tip

      Changes at level of Network discovery can be lost after saving them if the dependency services are disabled. Please make sure the following services are enabled and running:

      • DNS Client

      • Function Discovery Resource Publication

      • SSDP Discovery

      • UPnP Device Host.

      Further details for troubleshooting such issue can be found on the forum linked here.

Setting up the i4SCADA Server (SCADA2)

The SCADA Server must be configured with the standard SCADA prerequisites. Some of those, like IIS, may not actually be used in the final three-way SCADA setup, but are still required by the i4SCADA Setup.

Tip

Please refer to the i4SCADA Setup tutorial for more details about the steps required for this installation.

To set up the SCADA Server the following steps should be processed:

  1. Install i4SCADA as a normal installation, including all required prerequisites: WIndows Roles and Features (IIS and .NET Framework 3.5 and 4.7). Some features may be available only after the initial installation.

    Note

    The SQL Server setup part of the i4SCADA installation can be skipped since we will use the Database Server’s SQL.

  2. Make sure that the i4SCADA Studio can connect to the Database Server SQL database, as follows:

    STudio_png.jpg
    1. Open the Command Prompt application on the i4SCADA Server machine (SCADA2). and

    2. Ping the IP of the DB server - e.g. Ping [database server ip].

      Tip

      The local IP can be identified using the Ipconfig command.

      If there is a network  communication between the 2 machines the ping command should output:

      • C:\Users\vagrant>ping 19x.16y.xx.yy (the IP of the Machine where the SQL is installed - SCADA1)

      If the connection was successfully working the result should be something like:

      Pinging 19x.16y.xx.yy with 32 bytes of data:

      Reply from 19x.16y.xx.yy: bytes=32 time=2ms TTL=128

      Reply from 19x.16y.xx.yy: bytes=32 time<1ms TTL=128

    Note

    Since i4SCADA was not installed on the Database Server, the Demo Project DB will not be present on the Database Server. Either restore a SCADA database on the Database Server and connect to it from the SCADA Server’s Studio, or create a new SCADA DB using Studio’s interface.

  3. Set the remote SCADA DB as the default Studio DB once connected to it (either via the initial dialog or from the Database Access section of the Settings area), as follows:

    1. Copy the SCADA Database name.

      SCADA_DB_name.jpg
    2. Use it to replace the Database server so that we can connect to the new created database.

      Replace_DB_name_png.jpg
  4. Next, open the Registry Editor application and export the DSN registry key from HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WEBFACTORY\WFSERVER\2.00\Settings and store it for later use.

    add_dsn.png
  5. Edit the Scada.CommunicationManager.Server.exe.config file with a text editor. This file can be found through the path [your-install-location]/i4SCADA\Server\CommunicationManager).

    Scada_communicationManager_Server.jpg
  6. Locate the CommunicationWebClientService and the TraceContributorService services and enable (un-comment) the TcpEndpoints.

    CommunicationWebClientService.png

    Tip

    Optionally, the port 4600 exposed by the communication manager for web services can be modified. If so, the modification should be done for both CommunicationWebClientService and TraceContributorService services.

  7. Allow the Scada.CommunicationManager.Server.exe located at C:\Program Files (x86)\i4SCADA\Server\CommunicationManager\ to communicate through the firewall, as it needs inbound connections to the default port (or to the custom port if modified above).

    Capture4261.jpg
  8. Copy the _SERVICES folder and clientaccesspolicy.xml from the the wwwroot folder of the IIS to a shared network location so it can be transferred later to the Web Server.

  9. Start the SCADA Server using the i4SCADA Service Manager.

    Service_Mgr.jpg
  10. Last but not least, make sure that the Network Discovery is enabled for the network you are connected to, as follows:

    1. Go to Control Panel and select option Network and Internet.

    2. Select the Network and Sharing Center and click on the Change advanced sharing settings.

      Advanced_sharing_and_network_settings.jpg
    3. In the Advanced Sharing settings make sure that the Network discovery and / or File and printer sharing are turned ON, for your current profile.

      Network_discovery_and_sharing_center.png

      Tip

      Changes at level of Network discovery can be lost after saving them if the dependency services are disabled. Please make sure the following services are enabled and running:

      • DNS Client

      • Function Discovery Resource Publication

      • SSDP Discovery

      • UPnP Device Host.

      Further details for troubleshooting such issue can be found on the forum linked here.

Setting up the Web Server (SCADA3)

The Web Server machine will run the IIS components of the i4SCADA setup, the web services. To wrap up the final part of this tutorial, please organise the following steps:

  1. Fully install the IIS with all its components on the machine.

    1. Install the .NET Framework 3.5 complete feature set.

    2. Install .NET Framework 4.7 complete feature set.

      Note

      Make sure that the following IIS .NET Framework settings are fully installed:

      • HTTP Action

      • Non HTTP Action

      • HTTP Activation

  2. Copy the _SERVICES folder and the clientaccesspolicy.xml file that you saved on the i4SCADA Machine earlier (see step 8). Save them on the Web Server machine (SCADA3) under C:\inetpub\wwwroot.

    Capture4250.jpg
  3. Copy the DSN registry key exported earlier (see step 4), execute it and add the key to the Web Server machine registry.

    import.png
  4. In IIS create an i4SCADA app pool with .NET CLR Version v4.0.3xxx and Integrated pipeline mode. The i4SCADA Application Pool needs to be created in order to be used by the web services copied at the previous step.

    Add_App_pool.jpg
  5. Back in the Application Pools page, select the new i4SCADA_AppPool and click the Advanced Settings... option from either the contextual menu or the Actions panel. Set the Enable 32-Bit Applications to True, the Queue Length to 4000 and the Identity to NetworkService.

    Add_App_pool.jpg

    Click OK to confirm the application pool settings.

  6. Now the new i4SCADA_AppPool needs to be applied on the Default Web Site. Select the Default Web Site from the Connections panel and click on the Basic Settings... option from the Actions panel.

    Basic_settings.jpg
  7. In the Edit Site dialog, click on the Select... button from the Application pool area to select the new application pool.

    Edit_default_site_settings.jpg
  8. In the Select Application Pool dialog, select the i4SCADA_AppPool and confirm the two opened dialogs by clicking the OK buttons.

    Select_App_Pool.jpg
  9. Expand the _SERVICES folder under the Default Web Site and convert to application these folders: DemoProject, MessengerPro, SchedulerPro, WEBservices , WEBservices/Handlers and WEBservices/WCF.

  10. Go to Web.config file inside the _SERVICES/WEBservices folder located at C:\inetpub\wwwroot\_SERVICES\WEBservices\ and perform the folowing actions:

    endpoint_changes.png
    1. Disable (comment out) the CommunicationWebClientService and TraceContributorService net.pipe endpoints.

    2. Enable (uncomment) the CommunicationWebClientService and TraceContributorService net.tcp endpoints.

  11. In the two uncommented net.tcp endpoints replace the “localhost” reference in the endpoint address with the IP of the machine where the SCADA server is installed.

    rename_localhost.png

    Important

    If the web services port was modified when configuring the i4SCADA Server communication, use the new port when configuring the net.tcp endpoints.

  12. Next, open the Client.config file located at C:\inetpub\wwwroot\_SERVICES\WEBservices\WCF\ with a text editor and perform the following actions:

    Capture4264.jpg
    1. Disable (comment out) the CommunicationWebClientService and TraceContributorService net.pipe endpoints. In the two uncommented net.tcp endpoints, replace the “localhost” reference in the endpoint address with the name of the SCADA Server.

    2. Enable (uncomment) the CommunicationWebClientService and TraceContributorService net.tcp endpoints.

  13. Open a Command Prompt terminal using Administrator privileges and run the following commands one by one to disable the IIS logging:

    %windir%\System32\inetsrv\appcmd unlock config /section:httpLogging
    
    %windir%\System32\inetsrv\appcmd set config "Default Web Site/_services" /section:httpLogging /dontLog:true
    
    iisreset
  14. Install the SQL2008NativeClient from the Prerequisites folder of the i4SCADA Setup. This is required in order for the web services to communicate with the SQL database.

    Tip

    The SQL2008NativeClient can be found under the i4SCADA Prerequisites folder.

  15. Last but not least, make sure that the Network Discovery is enabled for the network you are connected to, as follows:

    1. Go to Control Panel and select option Network and Internet.

    2. Select the Network and Sharing Center and click on the Change advanced sharing settings.

      Advanced_sharing_and_network_settings.jpg
    3. In the Advanced Sharing settings make sure that the Network discovery and / or File and printer sharing are turned ON, for your current profile.

      Network_discovery_and_sharing_center.png

      Tip

      Changes at level of Network discovery can be lost after saving them if the dependency services are disabled. Please make sure the following services are enabled and running:

      • DNS Client

      • Function Discovery Resource Publication

      • SSDP Discovery

      • UPnP Device Host.

      Further details for troubleshooting such issue can be found on the forum linked here.

Testing the three machine installation

After processing all the above described steps you can quickly check if the installation has been correctly organised, as follows:

  1. Open the Machine where the i4SCADA Server is installed (SCADA2) and start the i4SCADA Server from the Service Manager application.

  2. Open Studio and connect to the Database Server SQL database. (in our case the Data Base Server SQL was installed on Machine named SCADA1).

    Studio_updated.jpg
  3. Open the Test Center application and connect to the Web Server (in our case this was installed on Machine named SCADA3).

    Test_center.png
  4. After applying these changes add some Signals in order to check the connection between IIS and Web Services available on the IIS Machine, named SCADA3.

    TC_working.png
  5. You can further check the three machine installation using the Smart Editor application by creating a new project. Add to the SmartEditor project page some extensions (e.g i4-core, wf-alarm-viewer and wf-sensor).

  6. Open the Object properties panel of the i4-core extension and organise the following changes:

    • Go to property “Remote IIS Server Url” and input the WEB Server (SCADA3) machine name.

    SmartEditor_perj.png
  7. Publish the SmartEditor project. If all settings were correct the run-time project should be properly working.

    SE_prj_runtime.png