Professional Documents
Culture Documents
FT Historian SE AF 2010 R2 Installation and Maintenance Guide
FT Historian SE AF 2010 R2 Installation and Maintenance Guide
Copyright Notice
© 2012 Rockwell Automation Technologies, Inc. All rights reserved. Printed in USA.
© 2010 OSISoft, Inc. All rights reserved.
This document and any accompanying Rockwell Software products are copyrighted by Rockwell Automation Technologies, Inc. Any
reproduction and/or distribution without prior written consent from Rockwell Automation Technologies, Inc. is strictly prohibited. Please
refer to the license agreement for details.
Trademark Notices
FactoryTalk, Rockwell Automation, Rockwell Software, the Rockwell Software logo are registered trademarks of Rockwell Automation,
Inc.
The following logos and products are trademarks of Rockwell Automation, Inc.:
FactoryTalk Historian Site Edition (SE), RSView, FactoryTalk View, RSView Studio, FactoryTalk View Studio, RSView Machine
Edition, RSView ME Station, RSLinx Enterprise, FactoryTalk Services Platform, and FactoryTalk Live Data.
Other Trademarks
ActiveX, Microsoft, Microsoft Access, SQL Server, Visual Basic, Visual C++, Visual SourceSafe, Windows, Windows ME, Windows
NT, Windows 2000, Windows Server 2003, and Windows XP are either registered trademarks or trademarks of Microsoft Corporation
in the United States and/or other countries.
Adobe, Acrobat, and Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or
other countries.
Ethernet is a registered trademark of Digital Equipment Corporation, Intel, and Xerox Corporation.
OLE for Process Control (OPC) is a registered trademark of the OPC Foundation.
All other trademarks are the property of their respective holders and are hereby acknowledged.
Warranty
This product is warranted in accordance with the product license. The product‘s performance may be affected by system configuration,
the application being performed, operator control, maintenance, and other related factors. Rockwell Automation is not responsible for
these intervening factors. The instructions in this document do not cover all the details or variations in the equipment, procedure, or
process described, nor do they provide directions for meeting every possible contingency during installation, operation, or maintenance.
This product‘s implementation may vary among users.
This document is current as of the time of release of the product; however, the accompanying software may have changed since the
release. Rockwell Automation, Inc. reserves the right to change any information contained in this document or the software at anytime
without prior notice. It is your responsibility to obtain the most current information available from Rockwell when installing or using
this product.
Version:
Table of Contents
Chapter 1 AF Installation ............................................................................................................... 5
Planning for an AF Installation ........................................................................................... 5
Installation / Uninstallation Guidelines .............................................................................11
Order of Software Installation ................................................................................11
AF Installation Prerequisites ..................................................................................11
Before You Start ....................................................................................................12
Installing / Upgrading / Uninstalling the AF Client .................................................12
Uninstalling AF .......................................................................................................13
Overview of AF Server Security .......................................................................................13
SQL Server Authentication Modes ........................................................................14
Installing AF Application Service and AF SQL Database to a Single Computer .............15
Installing AF Application Service and AF SQL Database to Separate Computers ..........16
Installing the AF Server and SQL Database on a Microsoft Cluster Server ....................17
Installing the AF SQL Database on a SQL Server Cluster ....................................17
Installing the AF Application Service on a Microsoft Cluster Server .....................19
Installing the AF SQL Database to a Mirrored SQL Server .............................................19
Manually Creating / Updating the AF SQL Database ......................................................22
Completing the Prerequisite Steps ........................................................................23
Executing SQL Scripts ...........................................................................................23
Enabling Communication between the AF Application Service and the AF SQL
Database ................................................................................................................24
Upgrading an AF Collective (HA) installation ...................................................................25
Installing the AF Server on a Domain Controller ..............................................................27
Installing AF Server if SQL Server has been Uninstalled / Reinstalled ...........................28
Silent Installations ............................................................................................................29
Configuring Dr. Watson for Windows ...............................................................................33
Index ..............................................................................................................................................87
iv
Chapter 1
AF Installation
The default AF Server installation includes both the AF Application Service and the AF SQL
Database on a single system, and uses Integrated Security. However, AF 2.2 supports a
number of different installation configurations, including installing the AF Application
Service and AF SQL Database to different computers, installing the AF SQL Database to a
Microsoft SQL Server Cluster or Mirrored SQL Server. This section provides information on
some of the more common installation approaches.
General Details
Application Name AF
AF Version 2010
Supported SQL Server Express
Editions Standard
Enterprise
Datacenter
Supported SQL Server SQL Server 2005 32 bit x86
versions SQL Server 2005 64 bit x64
SQL Server 2008 32 bit x86
SQL Server 2008 64 bit x64
There is no support for the Itanium CPU.
The 32 bit AF Server works with 32 bit or 64 bit SQL Server.
The 64 bit AF Server works with 32 bit or 64 bit SQL Server
Required SQL Server Database engine, Agent (backup and replication)
components Reporting Services, Analysis Services, Integration Services, Notification
Services, and so forth are not used by AF.
Hardware Requirements
6
Planning for an AF Installation
Question Answer
What software is installed and Files installed:
what registry entries are affected In folder Program Files\PIPC\AF: Historian.ico
if only the AF Server is selected In folder Program Files\PIPC\AF:
for installation? AFServer.common.dll
AFService.exe
AFService.exe.config
AFService.exe.config.previous (created during an upgrade)
Registry Keys
HKLM\Software\PISystem\AF Server\Service
AppsService <ProductVersion>
HKLM\System\CurrentControlSet\Services\Eventlog\AF\
AF
<Values and data needed to create an AF event log>
HKLM\Software\PISystem\AF Server\InstallData
FD_AppsUser <User-specified value>
FD_RemoteApps <User-specified value—set only if a remote
application server is specified so not set in the specified scenario>
FDSQLDBNAME <User-specified SQL Database name –
contains PIFD database name in the specified scenario>
FD_SQLSERVER <User-specified SQL Server name –
contains the name of a REMOTE SQL Server in the specified
scenario>
Service
AF Application Service created and started as part of the installation.
Authentication
8
Planning for an AF Installation
Privileges
User Management
Daily Maintenance
10
Installation / Uninstallation Guidelines
The proper order for installing or upgrading the AF Server, AF Client, and AF-dependent
applications, such as PI Notifications, is as follows.
1. Install Microsoft SQL Server 2005 or greater. These SQL Server editions are supported:
Express, Standard, and Enterprise.
2. Install the AF Server. The AF Server does not have to be on the same system as SQL
Server. If installing SQL Server separately, install the SQL Database portion of the AF
installation first and the AF Application Service second.
3. Install any Historian Servers that will be using the AF Server for storing the Module
Database or Notification Histories. This installation must precede the AF Client
installation on Historian Server computers.
4. Install the AF Client. The AF Client does not have to be on the same system as the AF
Server. For Historian Server computers, the Historian Server installations in step 3 will
have already installed the client.
5. Install any AF-dependent applications, such as PI Notifications, AF 1.x to 2.x Database
Upgrade Utility, or the AF Compatibility Layer, on the same system where the AF Client
is installed.
Refer to each product's user manual for detailed installation procedures.
AF Installation Prerequisites
Note: If AF collectives will be used and if the SQL Agent on the primary AF SQL
database machine runs under a domain account, you need to configure security
on the primary AF SQL database machine to allow the SQL Agent service account
to have access to SQL Server's \repldata folder. For instructions, see
Configuring Security on the Replication Data Folder (page 82).
It is recommended that you complete the following actions before you run the setup program.
Before running any of the AF installation kits, log on to your Windows system using an
account with administrator privileges.
Close any programs, particularly Rockwell Automation client or Rockwell Automation
applications, that are currently running.
Verify that your operating system is one of the following: Windows XP (SP2 or later),
Windows Server 2003 (SP1 or later), Windows 7, Windows Server 2008, Windows
Server 2008 R2, and Windows 7. Both 32 and 64 bit versions of the applicable operating
systems are supported.
Installation of an Rockwell Automation product relies on the presence of operating
system components such as the Microsoft .NET Framework. Rockwell Automation
product setup kits check for needed prerequisite software during installation. If not found,
the installation stops and prompts the user to install prerequisites. To determine which
MS Operating System prerequisites you need, see the Rockwell Automation Technical
Support Prerequisites Kits product pages at this web site: Rockwell Automation Technical
Support Prerequisites Kits
(http://support.rockwellautomation.com/Products/Prerequisite+Kits/Prerequisite+Kits+O
verview.htm).
The AF Client set-up program checks for the presence of the PI SDK and installs or
upgrades it as necessary.
AF Client consists of the AF SDK, FactoryTalk Historian System Explorer, and user
documentation. If you are installing AF Client on the same machine as AF Server, Rockwell
Automation recommends installing AF Server first.
To install AF Client:
1. Run the Rockwell Automation prerequisite kit (page 11).
The prerequisite kit installs specific versions of certain Microsoft operating system
components that the AF Client installation program requires, such as .NET Framework
and runtime libraries.
2. Check that you are logged in with administrative rights.
3. Run the AF Client set-up executable file. The set-up program:
12
Overview of AF Server Security
Creates the necessary directories on your hard disk, and copies the files into the
appropriate directories.
Installs AF Client in the AF folder of the PIPC directory.
Sets up the program folder and icons.
Modifies the system registry.
To uninstall AF Client, use the standard Windows utility in the Control Panel for
adding/removing programs.
Uninstalling AF
AF Client, Server, Compatibility Layer and Upgrade Utility can be removed from your
system by selecting them for removal in the Add/Remove Programs utility in Control Panel
for Windows XP and 2003 Server, or the Programs and Features Control Panel for Windows
7, Windows 7, and 2008 Server. You must have administrator privileges on your machine to
successfully uninstall AF. Uninstalling AF Server will not remove the SQL Server PIFD
Database or any existing backup files. The Historian SQL for AF Server should also be
uninstalled when uninstalling the AF Server. If the same version or later of AF Server is later
reinstalled, the existing PIFD Database will be used and upgraded as necessary.
For downgrading to previous versions of AF, after uninstalling, take the following steps:
1. For the AF Client, delete the afsdk.config file located in the Application Data
directory (varies by operating system version).
2. For the AF Server, either restore the SQL Database backup of the PIFD database, or
delete the PIFD database entirely. The afservice.exe.config file, located in the
..\pipc\af directory, should either be removed or restored to its previous version
(afservice.exe.config.previous).
FactoryTalk Historian System Explorer and other AF SDK clients communicate with the AF
Server using Windows authentication. Except for configuration of an AF collective, the AF
SDK never connects directly to the AF SQL Server. When you attempt to connect to an AF
Server through FactoryTalk Historian System Explorer, your login credentials are used. If
you have permission to access the AF Server, the connection is made. If you do not have the
appropriate rights (for example, if you are logged in as a local user, not a domain user, or the
client machine is in a domain other than that of the AF Server), a login dialog box appears
where you can enter credentials.
If you execute an AF Client directly on the AF Server computer with a UAC (user account
control) enabled operating system, using a local administrative account will not elevate the
account, and you will be prompted to restart with elevated permissions. To avoid this prompt,
choose one of the options below:
Run FactoryTalk Historian System Explorer as an Administrator. On the Start menu,
right-click FactoryTalk Historian System Explorer (or other AF SDK Client), and
select the Run as Administrator option. There is no need for any configuration.
Set FactoryTalk Historian System Explorer always to run as an Administrator. On the
Start menu, right-click FactoryTalk Historian System Explorer (or other AF SDK
Client) and select Properties. On the Compatibility tab, select the Run this program as
an administrator check box.
Modify the AF Security settings so that the user or a group containing the user (other than
local Administrators), has appropriate privileges.
If your AF Server and AF SQL Database are located on different computers, see section
Installing AF Application Service and AF SQL Database to Separate Computers (page 16)
for configuration information.
If your AF SQL Database computer, AF Server computer, and/or the AF Client computer are
not all located in the same domain, see section Working with Untrusted Domains (page 56)
for configuration information.
Microsoft SQL Server supports two authentication modes: 1) Windows Authentication, also
referred to as Integrated security; and 2) SQL Server and Windows Authentication, also
referred to as mixed mode security. When using integrated security, Windows will use the
identity of the AF Server process to authenticate the connection to SQL Server. SQL Server
Security indicates that the SQL Server account and password specified in the AF Server‘s
configured connection string is used to authenticate connections to SQL Server. If SQL
Server security is required, then the SQL Server instance must be configured to use Mixed
mode authentication; this will require a restart of the SQL Server instance. When installing or
upgrading the AF SQL database, if the AF SQL Script Execution feature is selected, then
the installation will require a sysadmin connection to the SQL Server through Windows
Authentication. If this is not desired or possible, see the instructions for Manually Creating
the AF SQL Database (page 22).
Security Best Practices
Integrated security is recommended as it is more secure than SQL Server authentication.
14
Installing AF Application Service and AF SQL Database to a Single Computer
8. Accept the selected features and click Next to continue with the installation. The Local
SQL Server Connection dialog box appears with the default SQL Server instance name,
sqlexpress.
9. Enter the local computer name, and SQL Server instance name (if applicable), in the
following format: <LocalComputerName>[\<SQLServerInstanceName>].
10. Click Next to continue with the installation. The Ready to Install the Application dialog
box appears showing the features that will be installed.
11. Click Next to continue with the installation. The Updating System dialog box appears.
12. To cancel the installation, click Cancel. Depending on the state of the installation process
when you cancel, the AF database might have already been created and you will need to
remove the database manually. Otherwise, allow the installation to continue. The AF
Server has been successfully installed dialog box appears when the installation is
complete.
13. Click Finish to exit the installation. The Installation Complete dialog box appears,
indicating the modules that were successfully installed, as well as any modules‘
installation status(es) that had not changed.
14. The installation process is complete. Click Close to return to the system.
16
Installing the AF Server and SQL Database on a Microsoft Cluster Server
Note: Prior to installing the AF Server to a Cluster, you must install and configure the
Microsoft Cluster Server (required for both AF Server 2.x service and AF SQL
Database) and SQL Server Cluster (required for the AF SQL Database only). For
detailed information about using a SQL Server Cluster, refer to Microsoft
documentation (http://msdn.microsoft.com/en-us/library/ms189134.aspx).
Rockwell Automation recommends that the AF Server service runs under a domain user
account that belongs to an AF Servers domain group to support SQL Server Clustering. For
detailed instructions about creating and configuring the Domain User Group, see Creating
and Configuring the AFServers Domain User Group (page 35).
On only the active node in the SQL Cluster, execute the following steps:
1. Create a SQL Server login and map it to the AFServers local user group.
2. If the AF Server 2.x service is not running under a domain account, create a SQL Server
login and map it to the "NT AUTHORITY\NetworkService" user account. If the AF
Server 2.x service is running under a domain account, skip this step.
3. Open a DOS Command window.
4. In the DOS command window, navigate to the folder where the GO.bat file is located:
..\PIPC\AF\SQL
5. Use the following syntax to execute the SQL scripts found in the SQL folder
GO.bat <SQL Server name> PIFD <SQL Server name> PIFD <SQL
User Name> <SQL User Password>
where:
<SQL Server name> is the local Microsoft SQL Server or SQL Server Express
named instance that hosts the AF SQL database (PIFD).
18
Installing the AF SQL Database to a Mirrored SQL Server
For detailed information about deploying database mirroring, refer to this Microsoft
documentation (http://msdn.microsoft.com/en-us/library/bb500175.aspx).
On both the Principal and Mirror server computers:
1. Run the AF Server installation kit.
2. On the Select Features dialog box, deselect the AF Application Service feature.
3. Click Next. The Remote SQL Server Connection dialog box appears.
4. Enter the SQL Server name, and SQL instance (if applicable), in the format:
<SQLServerName>[\<InstanceName>].
If you are installing the SQL Scripts manually, and cannot validate the SQL Server
connection because of security issues, you can skip the validation step by clearing the
Validate connection to the remote SQL Server check box. Note that the AF Server will
not function until the SQL scripts are run and installed.
5. Click Next. The Remote Application Server Connection dialog box appears.
6. If the AF Service is not running under a domain account, enter the domain name and
machine of the AF Application Server, in the format:
<DomainName>\<AFApplicationServerComputerName>.
If you are running the AF Server 2.x service under a domain account, you do not need to
enter a value.
7. Click Next and continue through the rest of the install kit.
8. If the AF Server 2.x service is running under the NT AUTHORITY\NetworkService
account, skip this step. Otherwise, open Computer Management and edit the AFServers
local user group and follow these sub-steps:
a. Add the domain account under which the AF Server 2.x service is running to the
AFServers group.
b. Save the changes to the user group.
c. Close Computer Management.
20
Installing the AF SQL Database to a Mirrored SQL Server
If you are installing the SQL scripts manually, and cannot validate the SQL Server
connection because of security issues, you can skip the validation step by clearing the
Validate connection to the remote SQL Server check box. Note that the AF Server will
not function until the SQL scripts are run and installed.
5. Click Next and continue through the rest of the install kit.
6. If the AF Application Service needs to run under a domain account, follow the
instructions in section Changing the AF Server’s Service Account (page 52).
On the AF Client computer:
1. Install the AF Client, following the instructions in section
Installing/Upgrading/Uninstalling the AF Client (page 12).
2. Start the FactoryTalk Historian System Explorer and connect to the AF Server computer
installed in previous steps.
3. Close the FactoryTalk Historian System Explorer.
On the Principal server computer:
1. Make a full backup of the PIFD database.
2. Move the back-up file to the Mirror server computer.
On the Mirror server computer:
1. Using the back-up file you just created, right-click the PIFD database and select Task |
Restore | Database. The Restore Database – PIFD window appears.
2. In the Source for restore area, select the From device option.
3. Click the From device button to browse to and select the back-up file. Return to the
Restore Database – PIFD window.
4. Select the Restore check box for the newly added back-up file in the list of back-up sets.
4. In the Choose Servers to Configure page, select the Witness server instance check box
and click Next.
5. In the Principal Server Instance page, click Next. The Mirror Server Instance page
appears.
6. In the Mirror Server Instance page, from the Mirror Server Instance list, select the
server/instance of the Mirror server. The Connect to Server dialog box appears with the
selected server/instance.
7. Click Connect to verify that you are able to connect to the Mirror server. This returns
you to the Mirror Server Instance page.
8. Click Next. The Witness Server Instance page appears.
9. In the Witness Server Instance page, from the Witness server instance list, select the
server/instance of the Witness server. The Connect to Server dialog box appears with
the selected server/instance.
10. Click Connect to verify that you are able to connect to the Witness server. This returns
you to the Witness Server Instance page.
11. Click Next. The Service Accounts page appears.
12. Leave the Principal, Witness, and Mirror boxes empty if all of the SQL Server Engines
are running under the same domain account.
13. Click Next. The Complete Wizard page appears.
14. Click Finish. The Configuring Endpoints window appears. When the endpoint
configuration is complete, the Status column displays Success.
15. Click Close. The Database Properties window appears, allowing for two options: Start
Mirroring; Do Not Start Mirroring.
16. Click Start Mirroring. The Database Properties – PIFD window appears.
17. The Operating mode is set to High safety with automatic failover (synchronous).
18. Click OK to close the Database Properties – PIFD window. The Mirrored SQL Server
session creation is now complete.
22
Manually Creating / Updating the AF SQL Database
To enable proper interaction between an AF Application Service and the AF SQL Database
created by the execution of the SQL scripts, take the following steps before running the SQL
scripts:
1. On the system on which you installed the AF SQL Database, open Computer
Management.
2. Create the AFServers local group if it does not already exist.
3. If the AF Server 2.x service is not running under a domain account, add the name of the
system on which the AF Server 2.x service is running to the AFServers group. Be sure to
include domain information for the system using this format:
DOMAIN\ComputerName. In the example below, the domain is OSI and the machine
name is RADAT.
If the AF Server 2.x service is running under a domain account, add the name of the
domain account under which the AF Service is running to the AFServers group. Be sure
to include domain information for the system using this format:
DOMAIN\DomainAccount.
4. Create a SQL Server login and map it to the AFServers local user group.
To manually create or update the AF SQL Database after installing the SQL scripts take the
following steps:
On the AF Application Service system, modify the AF Application Service's SQL Server
connect string. Take the following steps:
1. In the Windows Explorer, navigate to the following folder:
..\PIPC\AF
2. Use a text editor, such as Notepad, to open The AF Application Service's configuration
file, named AFService.exe.config.
3. Place the name of the remote SQL Server, and the Named Instance if applicable, in the
connect string ‗server.' Refer to the following lines of code:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="connectString" value="Persist
Security Info=False;Integrated
Security=SSPI;server=<SQLName>[\SQLInstance];database=PIFD;App
lication Name=AF Application Server;"/>
<add key="streamedPort" value="5459"/>
If the SQL Server is running on a cluster, it is important to use the clustered resource IP
address, instead of a computer name.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="connectString" value="Persist
Security Info=False;Integrated
24
Upgrading an AF Collective (HA) installation
Security=SSPI;server=<SQLClusterName>[\SQLInstance];database=P
IFD;Application Name=AF Application Server;"/>
<add key="streamedPort" value="5459"/>
If the SQL Server is configured to use SQL Server mirroring, then add "Failover
Partner=<SQLServerName>[\<InstanceName>]" after the "server=", as
shown in the following lines of code:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="connectString" value="Persist
Security Info=False;Integrated
Security=SSPI;server=<SQLName>[\SQLInstance];failover
partner=<SQLName>[\SQLInstance];database=PIFD;Application
Name=AF Application Server;"/>
<add key="streamedPort" value="5459"/>
To enable encrypted communication, add "encrypt=Yes;" See the Microsoft SQL
Native Client documentation for other options.
4. If the AF Application Service is running, stop and restart it for your changes to take
effect.
Note: Do not continue until the replication process is complete. To verify this, check
the Synchronization Status of each subscription (each secondary AF Server)
on the primary AF SQL database computer, under Replication | Local
Publications | [PIFD]: PIAF|[Secondary Database Server Name].[PIFD],
right-click and select View Synchronization Status. After there are no
replicated transactions available, continue with step 2.
2. Use the Collective tab of the FactoryTalk Historian SE’s Properties dialog box to stop
replication from the primary AF Server computer to all collective members.
3. On the primary AF Server computer, disable and shut down the AF Server 2.x service. It
is important to note here that any updates that are in process are likely to be lost. It is
recommended that you notify your users ahead of time that they should not attempt to
make any changes to the AF data during the brief period of time it takes to install the AF
upgrade.
4. On the primary AF SQL database computer, make a full backup of the PIFD and
PIFD_Distribution databases. The PIFD_Distribution database is located in the System
Databases container.
5. On the primary AF SQL database computer, modify the security on the C:\Program
Files\Microsoft SQL Server\100 folder to provide write access to the account
under which the SQL Agent is running. This is required by the operating system. For
complete details about the reason for this requirement, refer to Microsoft‘s Support site at
Support.microsoft.com/kb/956032 (http://support.microsoft.com/kb/956032).
6. On each of the secondary AF SQL database computers, make a full backup of the PIFD
database.
7. On the primary AF SQL database computer (or primary AF Server computer if the AF
Server 2.x service and AF SQL Database are on the same computer), run the server
upgrade executable file.
a. The upgrade process is similar to a standard installation. As you run the upgrade
setup, a dialog box appears that requests you to verify you have made backups of
your AF databases. You should have made the backups in previous steps of this
section. After the backups are complete, select the Warning Acknowledged check
box in the Remote PIFD SQL Database Warning dialog box and click Next.
b. In the Ready to Install the Application dialog box, the list of features to be installed
appears. Only those features that were originally installed on this computer are
installed by this upgrade. If the original AF SQL Database installation was done
using the Execute SQL Scripts option, the list will indicate SQL Script Execution.
Otherwise, it will indicate No SQL Script Execution, and you will need to execute
the SQL scripts manually after the upgrade setup has finished. Click Install to begin
the installation process.
c. When the installation is finished, continue with step 8, unless you need to execute the
SQL scripts.
i. Open a DOS Command window.
ii. In the DOS command window, navigate to the folder where the GO.bat file is
located: ..\PIPC\AF\SQL
iii. Use the following syntax to execute the SQL Server scripts found in the SQL
folder:
GO.bat <SQL Server name> PIFD
Where:
<SQL Server name> is the local Microsoft SQL Server named instance that
hosts the AF SQL database (PIFD). PIFD is the AF SQL database. This action causes
the scripts to be executed, which updates the PIFD database.
26
Installing the AF Server on a Domain Controller
iv. When the process is finished, close the DOS Command window.
d. The AF SQL database computer update is now complete.
8. If the primary AF Server Application Service and primary AF SQL database are on
separate computers, run the same server upgrade executable file on the primary AF
Server 2.x service computer.
a. Do not change the Destination Folder; the default is the same folder in which you
previously installed AF.
b. In the Ready to Install the Application dialog box, the list of features to be installed
appears. Only those features that were originally installed on this computer are
installed by this upgrade. Click Install to begin the installation process.
c. When the installation process is finished, the AF Server 2.x service might have been
reset to use the Network Service account and will be running. If you run this service
under a domain account, you need to reassign the domain account to the service, then
stop and disable the service.
9. On the primary AF Server computer, verify that the AF Server 2.x service is using the
appropriate account, then enable and restart the service. Your AF Clients are now able to
connect to the primary AF Server and have write access, assuming they had write access
prior to the update.
10. On each of your secondary AF Server computers, disable and shut down the AF Server
2.x service.
11. Repeat steps 7, 8, and 9 for each of your secondary AF Servers. An exception is that you
do not need to leave the AF Server 2.x service disabled unless you are doing a manual
SQL installation.
12. Restart replication on the primary AF Server computer and all collective members that
have been upgraded.
The AF collective upgrade process is now finished.
Installation
28
Silent Installations
Silent Installations
The bundled AF installations extract several installation modules. The components of the
installation process, their order, and the arguments used to launch them are provided in a
configuration file within the bundle, setup.ini. By modifying this file, you can provide
different command line arguments to different stages of the setup. This may be useful for
situations where the environment is well controlled and the options are known in advance,
such as an embedded installation. Also included in the bundle are two files, (one for the AF
Server and one for the AF Client), named silent.ini, that contain modifications to
setup.ini that are typically needed to run a silent installation. You can augment these
arguments by adding any of the options described below. For PISDK installation and
arguments, see the PISDK user‘s manual.
Individual arguments must not contain spaces unless they are surrounded by quotes.
Argument Description
ADDLOCAL Specifies features to install, such as the FactoryTalk Historian System Explorer,
debug files, documentation, described in the following table.
ALLUSERS Specifies the per-machine or per-user installation context. Use a value of 1 for
silent installations.
REBOOT Restarts the computer. Use a value of Suppress for silent installations.
AF_SERVER Specifies the AF server name used to set the default FactoryTalk Historian
System for the client. If a value is not defined by the user and the AF
Application Service is not resident on the target installation computer, a default
FactoryTalk Historian System will not be set during the installation and the user
can set the default FactoryTalk Historian System manually after the installation
has completed. If a value is not defined by the user and the AF Application
Service is resident on the target installation computer, the installation system
will be set as the default FactoryTalk Historian System. This argument is not
used during an upgrade.
The following table lists the features specified by the ADDLOCAL argument. Feature names
used with the ADDLOCAL argument are case-sensitive. ADDLOCAL values consist of a
comma-separated list and cannot contain any spaces. To install all features, use
ADDLOCAL=ALL.
Note: The AF User Interface and Documentation features are sub-features of the AF
Client feature. This means that a command-line installation including either of
these two sub-features causes the AF Client to be installed as well, even if it is not
explicitly specified for installation.
For a silent AF Client installation use the syntax shown in one of the following examples.
Note that the /i argument specifies an installation, and the /qn argument specifies "quiet
mode" and suppresses dialog boxes and prompts.
Example 1:
For this command, the AF Server value defaults to the name of the computer upon which the
installation is being installed if the AF Application Service is resident on the computer when
the AF Client installation is executed:
msiexec.exe /i AFClient_<Version #>.msi REBOOT=Suppress
ALLUSERS=1 /qn
Example 2:
For this command, the AF Server value is the one designated by the user:
30
Silent Installations
Example 4:
For either of the two following commands, all features are installed:
This first command-line installation specifies all the features with the ADDLOCAL
property:
msiexec.exe /i AFClient_<Version #>.msi REBOOT=Suppress
ADDLOCAL=ALL ALLUSERS=1 /qn
This second command-line installation specifies all the feature by default. If the
ADDLOCAL property is not defined on the command line, the default is to the value of
ALL:
msiexec.exe /i AFClient_<Version #>.msi REBOOT=Suppress
ALLUSERS=1 /qn
Argument Description
ADDLOCAL Specifies features to install, such as the FactoryTalk Historian System
Explorer, debug files, documentation, described in the following table.
ALLUSERS Specifies the per-machine or per-user installation context. Use a value of 1
for silent installations.
REBOOT Restarts the computer. Use a value of Suppress for silent installations.
FDSQLDBSERVER Specifies the SQL Server instance.
FDSQLDBNAME Specifies the SQL Server database.
FDSQLDBVALIDATE Specifies that the SQL Server Connection is validated if the SQL Server
Script Execution feature is deselected. A value of ―0‖ will bypass the
connection validation. If not specified, then the SQL Server Connection will
be validated.
FD_PISQL4AF_EXEC Specifies that the Historian SQL for AF feature be executed as part of an
upgrade installation from versions 2.0.x.x/2.1.x.x.
Use a value of 1 during a silent installation to execute the feature. Do not
set from the command line if the feature is to be omitted.
The following table lists the features specified by the ADDLOCAL argument. Feature names
used with the ADDLOCAL argument are case-sensitive. ADDLOCAL values consist of a
comma-separated list and cannot contain any spaces. To install all features, use
ADDLOCAL=ALL.
For a silent AF Server installation use the syntax shown in one of the following examples.
Note that the /i argument specifies an installation, and the /qn argument specifies "quiet
mode" and suppresses dialog boxes and prompts.
Example 1:
With either of these commands, all AF Server features are installed:
msiexec.exe /i AFServer_<Version #>.msi REBOOT=Suppress
ADDLOCAL=ALL FDSQLDBSERVER=.\sqlexpress FDSQLDBNAME=PIFD
ALLUSERS=1 /qn
32
Configuring Dr. Watson for Windows
Note: If you include the FD_SQLScriptExecution feature you must also include the
FD_SQLServer feature.
Example 5:
For this command, the Historian SQL for AF SQL Server scripts are executed as part of the
2.0.x.x/2.1.x.x upgrade installation process:
msiexec.exe /i AFServer_<Version #>.msi REBOOT=Suppress
FD_PISQL4AF_EXEC=1 ALLUSERS=1 /qn
3. Specify the recommended settings listed below. In the figure, these are selected.
Crash dump type: Full
Dump symbol table
Dump all thread contacts
Append to existing log file
No visual notification
No sound notification
Create crash dump file
4. Click OK to close the dialog box.
5. To test your selections, enter pidiag -crash in the command window and examine
the log files that are created.
34
Chapter 2
AF System Configuration/Maintenance
Although the AF Server installation defaults to include both the AF Application Service and
the AF SQL Database on a single system, and to use Integrated Security, you can make
configuration changes after AF is installed. This section provides information on some of the
more common issues regarding your AF Server configuration.
Note: If the AF Server 2.x service is running as the LocalService account, then you
will likely need to use SQL Server security, instead of Integrated security.
Note: You must have appropriate permissions to create or configure a Domain User
Group. You must be a member of the Account Operators group, Domain Admins
group, or the Enterprise Admins group in Active Directory, or you must have been
delegated the appropriate authority. In addition, your computer must be running a
Windows Server operating system.
1. Open the Active Directory Users and Computers utility and connect to the Domain in
which the AF Server service account exists. To do this, open a Command window, enter
dsa.msc and click OK.
2. Right-click Users node in the left pane, and select New Group.
3. In the Group name box, enter AFServers.
4. Set the Group Scope to Global.
5. Set the Group Type to Security.
6. Click OK to create the Domain Group.
7. Right-click the newly created AFServers group and select Properties.
8. Select the Members tab and click Add.
9. In the Enter the object names to select box in the Select Users, Contacts, Computers,
or Groups dialog box, enter AFServers (the newly created Domain Group) and click
OK.
10. Click OK to finalize the Domain Group editing change.
11. Close the Active Directory Users and Computers utility.
36
AF Security through a Firewall
Demarcation Zone – DMZ) to install servers and software that needs to transfer data between
the PCN and the LAN. The DMZ is usually isolated between firewalls.
From a server point of view, the three server components being part of the Historian Platform
are: the Historian Server (a single server or a collective of servers), the AF server and a
Microsoft SQL 2005/2008 server that hosts the AF Database. While these components could
be installed on a single server, we will consider here that each component is installed on a
separate server because this brings up more complexity in terms of connectivity and security
configuration between the different parties. In addition to this being a more interesting
topology to discuss, it also distributes the processor load across several computers, which in
turn increases performance of the system.
The three scenarios described in section Examples of Firewall Usage (page 37) show
example topologies that illustrate possible locations for a firewall.
Scenario One
In this example, all the servers are installed in the DMZ. This simplifies the security settings
between the servers because they all reside within the firewalls.
Scenario Two
In this scenario, only the Historian Server resides in the DMZ. The AF Server is connected to
LAN. This is likely to happen when customers want to access data from foreign databases or
synchronize AF assets with an ERP or maintenance system.
Scenario Three
In this scenario, only the SQL server does not reside in the DMZ. This may happen when
customers want to use an existing SQL server to host the AF Database.
38
AF Security through a Firewall
Several network connections exist in the over-all system that include Historian and AF. The
figure below shows these types of connections:
A The connections between the AF Server and any AF SDK based client, including the
FactoryTalk Historian System Explorer. This connection moves structure information
such as elements and models between the AF SDK and the AF Server.
B The connection between the AF Server and Active Directory. This connection reads a
list of Active Directory users, which are in turn exposed through AF as contacts.
C The connection between AF Server and MS SQL Server 2005. This connection reads
and writes structure information, such as elements and models, to a SQL database.
D Connection between the AF client and one or more Historian Servers. This connection
reads and writes Historian real time data and populates attribute values within the AF
SDK.
The details of these connections and their requirements when a firewall exists are detailed in
these sections.
Firewall between AF Server and AF Client (page 40)
Firewall between AF Server and Domain Controller (page 41)
Firewall between AF Server and MS SQL Server (page 42)
Firewall between AF Client and Historian Server (page 44)
40
AF Security through a Firewall
In many cases, you have your Servers on one side of a firewall and the domain controllers
that the users need to authenticate on the other side of the firewall. If this is the case, you
need to open the following ports between your Servers and the domain controllers:
TCP ports 137, 138, 139—These are the standard ports used for both authentication and
NetBIOS services browsing for a Windows NT 4.0 domain controller and are fully
supported for backward compatibility by Windows 2000 domain controllers. If you are
using any version of Terminal Server or Citrix MetaFrame and the users of the server
need to authenticate with a domain controller, you need to open these ports up both ways
between the domain controllers and the servers.
TCP port 88 Kerberos authentication—Windows 2000 offers an alternative and more
secure method of authentication called Kerberos. If you have Windows 2000 Terminal
Servers and they are authenticating with a Windows 2000 domain controller, they will
use Kerberos authentication by default. If you need for users of these Windows 2000
Terminal Servers to authenticate with a Windows 2000 domain across a firewall, you will
need to open up this port.
If you need to open communication between two domain controllers across a firewall for
either trust relationship traffic or Active Directory traffic, refer to the Microsoft technical
article Q179442. You can find additional more detailed coverage of Microsoft port usage in
the following technical articles: Q150543, Q174904, and Q176466. You can look up these
articles at http://support.microsoft.com (http://support.microsoft.com) and enter the article
"Q" number in the search window.
Caution: Opening ports in your firewall can leave your server exposed to
malicious attacks. Make sure that you understand firewall systems before you
open ports. For more information, see Security Considerations for a SQL Server
Installation (http://msdn2.microsoft.com/en-us/library/ms144228.aspx).
42
AF Security through a Firewall
Note: The SQL Server Browser service lets users connect to instances of the Database
Engine that are not listening on port 1433, without knowing the port number. To
use SQL Server Browser, you must open UDP port 1434. To promote the most
secure environment, leave the SQL Server Browser service stopped, and
configure clients to connect using the port number.
Procedures
To open a port in the Windows firewall for TCP access:
1. In Control Panel, open Network Connections, right-click the active connection, and then
click Properties.
2. Click the Advanced tab, and then click Windows Firewall Settings.
3. In the Windows Firewall dialog box, click the Exceptions tab, and then click Add Port.
4. In the Add a Port dialog box, in the Name box, type SQL Server <instance
name>.
5. In the Port number box, type the port number of the instance of the Database Engine,
such as 1433 for the default instance.
6. Verify that TCP is selected, and then click OK.
7. To open the port to expose the SQL Server Browser service, click Add Port, type SQL
Server Browser in the Name box, type 1434 in the Port Number box, select
UDP, and then click OK.
Note: To allow named pipes access through the firewall, you must also enable File
and Printer Sharing through the firewall.
Note: Click Add Program in the Windows Firewall dialog box for additional options, such
as granting access to specific programs and restricting access to certain IP
addresses or network subnets. For more information, see the Windows
documentation.
As an alternative to configuring SQL Server to listen on a fixed port and opening the port,
you can list the SQL Server executable file (Sqlservr.exe) as an exception to the blocked
programs. Use this method when you want to continue to use dynamic ports. Only one
instance of SQL Server can be accessed in this way.
Port summary
The following ports may need to be open on a firewall to allow access to Historian or other
associated services:
44 WINS - Windows name resolution.
53 DNS - Name resolution.
88 Kerberos - Windows 2000, XP authentication.
123 NTP Network - Time protocol, for clock synchronization.
135 DCOM port mapper - Windows authentication, DCOM applications including OPC,
SMT 3. This port is high risk and is usually blocked.
137 NETBIOS Name Service - NetBIOS name resolution.
138 NETBIOS Datagram Service.
139 NETBIOS Session Service.
44
Configuring SQL Server
Note: Ports 137:139 are considered high-risk and are usually blocked.
389 LDAP.
445 SMB
636 LDAP SSL
1433, 1434. See: MS SQL Server (http://technet.microsoft.com/en-
us/library/ms175483.aspx) and Configuring the Windows Firewall to Allow SQL Server
Access (http://msdn.microsoft.com/en-us/library/cc646023.aspx).
3268 LDAP GC
3268 LDAP GC SSL
3389 Windows Remote desktop - Remote desktop for Historian Server administration.
5450 PI Network Manager.
5454:5455 Historian Analysis Framework 1.x.
5456 ACE - Used by ACE 2 scheduler.
5457 AF Server.
5458 PI Notifications.
5459 AF Server (used by Historian OLEDB Enterprise)
If your AF Server 2.x service and AF SQL Database are installed on different systems, you
need to ensure that SQL Server is able to accept Remote Connections. Check with your SQL
Server Database Administrator and/or your Network Administrator to determine the network
protocols to enable.
1. At the Start menu, point to Programs > Microsoft SQL Server 2005 > Configuration
Tools and select SQL Server Surface Area Configuration. The SQL Server Surface
Area Configuration window appears.
2. Click the Surface Area Configuration for Services and Connections link. The Surface
Area Configuration for Services and Connections – localhost dialog box appears.
3. Select Remote Connections for the SQL Server instance in which the PIFD database
resides.
4. Select Local and remote connections option, then select the appropriate option for your
environment:
Using TCP/IP only
Using named pipes only
Using both TCP/IP and named pipes
5. Click OK. A message appears indicating the change does not take effect until the
Database Engine is restarted. Click OK to return to the SQL Server Surface Area
Configuration window.
6. Close the SQL Server Surface Area Configuration dialog box.
7. At the Start menu, point to Programs > Microsoft SQL Server 2005 > Configuration
Tools, and select SQL Server Configuration Manager. The SQL Server
Configuration Manager dialog box appears.
46
Using SQL Server Security
8. Expand the SQL Server 2005 Network Configuration and select the Protocols for the
SQL Server instance in which the PIFD database resides.
9. Right click the protocol you want to enable and select Enable. A message appears
indicating the change does not take effect until the service is restarted. Repeat this for
each network protocol that needs to be enabled. Click OK.
10. Select SQL Server 2005 Services in the left pane. In the right pane, right-click the SQL
Server instance and select Restart. The SQL Server Service is restarted and your changes
now take effect.
When using SQL Server Security, you need to create a SQL Server Login, grant the SQL
Server Login account access to the PIFD Database, and grant the SQL Server User the
db_AFServer database role. Follow the steps below.
1. In the Microsoft SQL Server Management Studio, connect to the SQL Server Instance in
which the PIFD database resides.
2. Under the SQL Server Instance, expand the Security folder; then expand the Logins
folder.
3. Create a new Login and enter a name in the Login name box.
4. Select the SQL Server authentication option.
5. Enter the password in the Password and Confirm password boxes.
6. From the Default database list, select the PIFD database.
48
Using SQL Server Security
10. With the database still selected, select the db_AFServer database role check box.
11. Click OK to close the Microsoft SQL Server Management.
The AF Diagnostics Utility is a command line application that you can use to enable or
disable features within the AF Server. There are three features that deal with security issues
with external data tables used by an AF table. If you want to access external AF tables from
either an AF 2.0.3.2019 or AF 2.0.4.2025 client, then you need to enable two features.
For details about using this utility, see section AF Server Configuration in the FactoryTalk
Historian System Explorer documentation
50
Modifying the AF Server’s Connect String
If you want to use SQL Server security, you need to change the connect string to reference
the correct security mode, and enter a SQL Server user and password. Follow these steps:
1. Open the AFService.exe.config file with a text editor, such as Notepad.
2. Locate the connect-string key. It has the following format:
<add key="connectString" value="Persist Security
Info=False;Integrated
Security=SSPI;server=.\phxtest;database=PIFD;Application
Name=AF Application Server;"/>
3. Modify the connect string by replacing Integrated Security=SSPI with
Trusted_Connection=no.
4. Modify the connect string by adding the User ID (uid) and the user‘s Password (pwd) at
the end of the connect string:
After your changes, the connect string resembles the following:
<add key="connectString" value="Persist Security
Info=False;Trusted_Connection=no;server=AFSQLDB\SQLEXPRESS;databa
se=PIFD;Application Name=AF Application
Server;uid=af_sql_user;pwd=af_sql_password;"/>
If your AF SQL Database is moved to a new server, or you need to work with a different AF
SQL Database, you can specify the change within the connect string. Follow these steps:
1. On the AF Server computer, open the AFService.exe.config file with a text
editor, such as Notepad.
2. Locate the connect-string key. It has the following format:
Integrated Security
<add key="connectString" value="Persist Security
Info=False;Integrated
Security=SSPI;server=.\phxtest;database=PIFD;Application Name=AF
Application Server;"/>
SQL Server Security
<add key="connectString" value="Persist Security
Info=False;Trusted_Connection=no;server=.\phxtest;database=PIFD;A
pplication Name=AF Application
Server;uid=af_sql_user;pwd=af_sql_password;"/>
3. Modify the connect string, specifying the new location of the server. You can use a
machine name or an IP address, and can include the SQL Server instance name.
Integrated Security
<add key="connectString" value="Persist Security
Info=False;Integrated
Security=SSPI;server=AFSQLDB\SQLEXPRESS;database=PIFD;Application
Name=AF Application Server;"/>
SQL Server Security
<add key="connectString" value="Persist Security
Info=False;Trusted_Connection=no;server=AFSQLDB\SQLEXPRESS;databa
se=PIFD;Application Name=AF Application
Server;uid=af_sql_user;pwd=af_sql_password;"/>
4. Save and close the file.
5. Restart the AF Server 2.x service for this change to take effect.
52
Changing the AF Server’s Service Account
Note: If you choose to run the AF Server 2.x service under the NetworkService account,
it is important to understand that any process running under the NetworkService
account on the AF Server system will have the same privileges to the PIFD
database on the AF SQL Database server as the AF Server 2.x service. See
section Overview of AF Server Security (page 13) for additional information.
It is important to note that if you change the AF Server 2.x service not to run under the
NetworkService account, you need to remove the NetworkService account‘s access to the
PIFD database. See section Removing the NetworkService Account’s Access to the PIFD
Database (page 54).
After you remove the NetworkService account from the PIFD database, any time you run the
install kit (repair or upgrade), you may have to repeat this step.
To change the account under which the AF Server 2.x service runs:
1. Click Start, point to Programs > Administrative Tools, and select Services. The
Services window appears.
2. Scroll to the AF Server 2.x service.
3. Right click the service and select Properties. The AF Server 2.x Properties dialog box
appears. Then select the Log On tab as shown in the following figure.
4. With the This account option selected, change the account to a domain account, using
the ―domain\account‖ format. Or, click Browse to search for and select the domain
account to use.
5. Enter the domain account‘s password in the Password and Confirm password boxes.
6. Click OK. A message appears indicating the account has been granted the ―Log On As A
Service‖ right.
7. Click OK again. A message appears indicating the new logon name does not take effect
until the service is restarted.
8. Click OK to return to the Services window.
9. Right-click the AF Server 2.x service and select Restart. A message appears indicating
the service is being stopped, and then started. The service is now running under the new
account.
You need to reconfigure your FactoryTalk Historian System‘s properties to reference the new
AF Server 2.x service account. You can do this in the FactoryTalk Historian System
Explorer.
It is important to note that if you change the AF Server 2.x service not to run under the
NetworkService account, you need to remove the NetworkService account‘s access to the
PIFD database. After you remove the NetworkService account from the PIFD database, any
time you run the install kit (repair or upgrade), you may have to repeat this step.
1. Open Computer Management on the AF SQL Database system.
2. Open the AFServers local user group.
3. Select the NetworkService account and click Remove.
4. Close Computer Management.
5. Open the Microsoft SQL Server Management Studio, and connect to the SQL Server
Instance in which the PIFD database resides.
6. Expand the PIFD database and navigate to the Schemas folder.
54
Changing the AF Server’s Service Account
14. Click OK. The ―NT AUTHORITY\NetworkService‖ user in the PIFD database is
removed, and the ―NT AUTHORITY\NetworkService‖ login no longer has access to the
PIFD database.
56
Working with Untrusted Domains
This means that the AF Server must have a defined user account that is the same as the user
account on the AF client computer on which the FactoryTalk Historian System Explorer runs.
However, it may be necessary to take additional steps to ensure a successful connection.
To ensure a successful connection between your FactoryTalk Historian System Explorer and
the AF Server:
1. Make sure that the AF Server is version 2.0.4 or later. If the version is older, upgrade it
first.
2. Create the same local account on both computers. Use the same password too.
3. Set the firewalls to open the incoming connections on AF Server. See KB 2820OSI8
(http://support.rockwellautomation.com/TechSupport/Templates/SupportSolution.aspx?N
RNODEGUID=%7B3856FC8A-DCEA-46B5-A59B-93F007502E50%7D) for which
ports need to be open.
4. On the client computer, log on using the new account, then open FactoryTalk Historian
System Explorer and try to connect to the target AF Server.
Display the System Properties dialog box from either of these dialog boxes in the
FactoryTalk Historian System Explorer: On the Database Properties dialog box or the
Select Database dialog box, click .
5. Set the System Properties using the Name and Host entries with the actual settings of
your AF Server. Notice that the Account box remains empty.
6. Click OK.
8. The best way to understand the root cause of the connection issue is to turn auditing on
(described below), and to check the security-related events in the Windows Event
Viewer.
Turn On Auditing
Open Administrative Tools in Control Panel. Click Local Security Settings>Audit Policy.
Set the following parameters to "Success, Failure":
Audit account logon events
Audit logon events
Audit object access
Audit privilege use
The most probable cause of a connection problem is that the AF node did not authenticate the
client user as a local user, but used the "Guest" account instead.
To allow the local computer to authenticate local users as themselves instead of "Guest":
1. On the AF server node, open the Local Security Policy: click Local Security Settings.
2. Set the following under Security Options:
Network access: Sharing and security model for local account --> Classic - local
users authenticate as themselves.
3. Click OK to save your change and then close the dialog box.
When the AF Server 2.x service and AF SQL Database are in different domains that are not
trusted, or the AF Server and AF SQL Database are in a workgroup(s), you need to configure
the two to allow for communications.
1. Configure SQL Server to allow remote connections. See section Enabling SQL Server’s
Remote Connections (page 45).
2. Configure SQL Server to use "mixed mode authentication" to allow SQL Server
authentication. See section Configuring SQL Server to Use Mixed Mode Authentication
(page 47). If you change the authentication mode, you need to restart the SQL Server
database engine service before the change takes effect.
3. Create and configure a SQL Server login in the SQL Server instance. This login will be
assigned a default database of "PIFD" and assigned to the db_AFServer database role.
See section Creating and Configuring SQL Server User (page 48).
4. Modify the connect string on the AF Server. This connect string is located in the
AFserver.exe.config file on the AF Server in the "<pipc home>\AF" folder.
Open the file with a text editor, such as Notepad. Modification of this file requires that
you restart the AF Server 2.x service. See section "Modifying the AF Server’s Connect
String (page 51)" in the installation and maintenance documentation.
5. If you are using a "named instance" of SQL Server, ensure that the SQL Server Browser
service is running on the SQL Server computer.
58
Backing Up AF Databases
Backing Up AF Databases
Rockwell Automation highly recommends that you back up your database on a regular basis.
Use the SQL Server Management Studio or the sqlcmd command utility.
Consider these points as you design a back-up strategy:
When the SQL Agent is available (all editions of SQL Server except Express), AF will
automatically install and schedule a nightly SQL backup. Examples of SQL Server
versions are: SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008
R2. Refer to the Maintenance.sql file located in the PIPC\AF\SQL directory.
Frequency of backup depends on your application; nightly backups may be best. The
default backup does a complete backup every night at 0315, local time. However, you
can change the time and can change the frequency and whether full or differential
backups are done.
Place the back-up file on a different physical disk from where the SQL Server data is
located. You may not be able to write to the root folder of C:\ Use another drive, such as
a network drive, or a subfolder.
SQL Express 2005 and SQL Express 2008 do not include a job scheduler, so you need to
use a Windows utility to schedule the backup. You can use the following command to run
the backup:
sqlcmd -S <SQLINSTANCE> -d PIFD -Q "EXEC dbo.usp_backup
@outpath = N'', @allwaysfullbackup = 1;" -E
You will need sysadmin, db_owner or db_backupoperator role. The least privilege is the
best security practice.
The Master database should also be backed up at some frequency. This database contains
the meta-data for the PIFD database, for example, database properties, table definitions,
and so forth. The AF Scheduled backup will back up the PIFD, MASTER, MSDB, and
PIFD_DISTRIBUTION databases.
The AF Server installation kit configures the PIFD database with a Simple Recovery
Model by default. This means that transaction logs cannot be backed up and "point-of-
failure" recovery is not possible. If the PIFD database is set to the Full Recovery Model,
then the PIFD transaction logs should also be backed up. This will truncate the
transaction logs so they do not grow without bounds and also allow either point-in-time
or point-of-failure recovery. The AF scheduled backup will back up the transaction log if
the database is configured with the Full Recovery Model. Rockwell Automation
recommends that you change your PIFD database from the simple recovery model to the
full recovery model to allow point-in-time recovery.
If the table is configured to use the AF Server identity, and non-impersonated external tables
have been enable, and the AF Server account has been given administrative rights on a SQL
Server, it may be possible for a user with AF Administrator privileges to create attacks on the
SQL Server computer and can take full control of that system, depending on the configuration
of that SQL Server.
Mitigating Factors
There are a number of security settings that must be changed before a user with AF
Administrator privileges can execute an attack.
By default, non-impersonated AF table configurations are disabled.
Only users who are administrators on the AF System have rights to create non-
impersonated external tables. By default, this includes only individuals who are already
administrators on the AF Server computer.
By default, the AF Server runs under the Network Service account and does not have
administrative rights to the locally configured SQL Server or access to remote computer
databases. Without administrator rights to the remote database, the possibility for
elevation of privilege attacks is limited.
By default, SQL Server‘s installations do not enable xp_cmdshell or OLE
Automation, which are some of the more potentially damaging vulnerabilities.
Security Recommendations
Leave access from older AF 2.0 Clients disabled. The older AF Server RPC for returning
external table data has insufficient information to determine if the user is configuring a
table or executing a previously configured table. To disable, use the command line tool:
afdiag /DT20-
Optionally, to disable all non-impersonated request to external tables, use the command
line tool:
afdiag /DTImp-
If access to external tables is not needed, it is possible to disable access to external tables
altogether. Use the command line tool:
afdiag /DT-
SQL Server database engine service should run as a low-privilege account. Some
versions of SQL Server default installations run the service as Local System. Network
Service or Local Service is a better choice, or, alternately, a specifically created account
with limited privileges.
Do not grant the AF Server 2.x service SysAdmin (administrator) privilege on the AF
SQL Server or any other SQL Server instance. (The AF installation configures the AF
Server 2.x service account to run as Network Service and configures SQL Server to grant
minimal privileges to this login.). Do not run the AF Server 2.x service under Local
System, as that will typically grant it SysAdmin privilege on any local SQL Server
instances. The AF Server 2.x service will log a warning message to the Windows AF
60
Troubleshooting Connection Problems
Event log if the AF Server 2.x service is running under an account or with a SQL login
with unnecessarily high privileges.
Disable Xp_cmdshell and OLE Automation in SQL Server. Be aware that an attacker
with SysAdmin privileges can re-enable these features.
Make sure that the account that runs the SQL Server database engine does not have
access to any Windows objects that it does not need to access (files, registry keys, other
services, and so on).
Disable SQL Server‘s network listener and browser service if these are not needed. If the
AF Server 2.x service is not installed on the SQL Server computer, then the network
listener is required. If the SQL Server instance that AF is using is a 'named' instance,
then, generally the SQL Browser service must be running.
Do not grant non-admin AF users any SQL Server access privileges on an AF SQL
Server database, except for AF collective administrators, who must have SysAdmin
privilege for their Windows account.
See these Microsoft SQL Server Security documents for further information:
Microsoft Security Consideration for a SQL Server Installation
(http://technet.microsoft.com/en-us/library/ms144228.aspx)
Microsoft SQL Server 2005 Security Best Practices
(http://download.microsoft.com/download/8/5/e/85eea4fa-b3bb-4426-97d0-
7f7151b2011c/ SQL2005 SecBestPract.doc)
62
Monitoring AF Server
Monitoring AF Server
You can monitor the overall readiness of AF Server with a performance counter, Health. In
the Windows Reliability and Performance Monitor administrative tool, you can find this
performance counter under AF Server. The performance counter can have two values:
0 — AF Server is not running or cannot establish a success connection with SQL Server.
1 — AF Server is running and communicating successfully with SQL Server.
64
Chapter 3
Working with AF Collectives
AF supports multiple high availability options, including the use of AF collectives, Clustered
SQL Servers, AF collectives combined with Clustered SQL Servers, or a Mirrored SQL
Server.
This section provides setup, configuration and troubleshooting information for AF
collectives.
For detailed instructions about installing AF with a SQL Cluster see Installing the AF Server
and SQL Database on a Microsoft Cluster Server (page 17). For detailed instructions about
installing AF with a Mirrored SQL Server see Installing the AF SQL Database to a Mirrored
SQL Server (page 19).
Note: For collective administration, the AF SDK connects directly to SQL Server,
bypassing the AF Server machine. Therefore, the Windows account of the user
who is running the FactoryTalk Historian System Explorer must have the SQL
Server ―sysadmin‖ role on all SQL Servers involved in the AF collective.
An AF collective uses SQL Server replication to copy data from the primary AF SQL
database computer (publisher) to each of the secondary AF SQL database computers. Each
secondary server communicates to the primary server through a Windows Communication
Foundation (WCF) connection and reports its status information. The server authenticates the
WCF connection using a Windows certificate that the AF Server generated when it first
started. SQL Server replication transmits the primary server‘s certificate to each secondary
server. After the secondary server receives the primary server‘s certificate, it can
communicate its status to the primary server.
Subsequent topics in this section give an overview of the processes that occur on each
collective member when you are working with AF collectives.
Note: If you use AF collectives and the SQL Agent on the primary SQL AF database
computer runs under a domain account, you need to configure security on the
primary AF SQL database computer to give the SQL Agent service account
access to SQL Server’s \repldata folder. For instructions, see section
Configuring Security on the Replication Data Folder (page 82).
Collective Initialization
When you create a collective, SQL Server replication is initialized on the primary AF SQL
database computer (publisher).
Note: If the SQL Agent service is not running on the primary server, all replication
operations will fail.
66
AF Collectives Functional Overview
Agent pushes the snapshot to the secondary server(s) to initialize the secondary server(s).
All the tables that are marked for replication are pushed to the secondary server(s). Any
pre-existing data on the secondary server(s) is lost.
68
Working with AF Collectives Through the FactoryTalk Historian System Explorer
the secondary server for tables that are replicated. The .sql scripts will replace all the
stored procedures.
Upgrade the AF Server(s) attached to the secondary server.
Run a test to verify connections are correct and data is moving from primary server into
secondary server.
Repeat for each secondary server in the collective.
Note: For details about switching between collective members within the FactoryTalk
Historian System Explorer, see Connecting to a Specific Member of a Collective in
the FactoryTalk Historian System Explorer documentation.
If AF collectives will be used and if the SQL Agent on the primary SQL AF database
computer runs under a domain account, you need to configure security on the primary AF
SQL database computer to allow the SQL Agent service account to have access to SQL
Server's \repldata folder. For instructions, see section Configuring Security on the
Replication Data Folder (page 82).
To create a collective:
1. Click File>Database. The Select Database dialog box appears.
2. Click . The Systems dialog box appears.
3. Right-click and select Create Collective. Right-clicking a FactoryTalk Historian System
and selecting Create Collective causes the selected FactoryTalk Historian System to
default as the primary server. You can select a different primary server later in the
process, if necessary. The Create New Collective - Verify Backup Completed dialog
box appears.
4. After verifying that a good backup of the FactoryTalk Historian SE‘s that will be
involved in the collective exist, select the I have verified my backups are valid check
box and click Next. The Create New Collective - Select Primary dialog box appears.
5. Accept the current FactoryTalk Historian System as the Collective Primary, or select a
different FactoryTalk Historian System from the Collective Primary list to use as the
primary server of the new collective. The FactoryTalk Historian System name is used as
the Collective Name; you can change the name after the collective has been created.
6. If there is a current connection to the selected FactoryTalk Historian System, the
FactoryTalk Historian System's description appears in the Primary Description box;
otherwise the box is blank. Accept the default Primary Description or enter a new
description. You can change the Primary Description after the collective has been
created.
7. Enter a description for the collective in the Collective Description box or leave it blank.
You can change the description after the collective has been created.
8. Click Next. The Create New Collective - Select Secondary Servers dialog box appears.
9. From the Server list, select the FactoryTalk Historian System to add to the collective as a
secondary server. You can change the server description, or accept the current
description. If there is not a current connection to the selected FactoryTalk Historian
System, the FactoryTalk Historian System's description will not be displayed. Click Add
to add the FactoryTalk Historian System to the list.
Note: You can create a collective without adding a secondary server. You can add
secondary servers after the collective is created.
10. Repeat the previous step for any additional FactoryTalk Historian SE‘s that are to be
added as secondary servers in this collective.
11. Click Next. The Create New Collective – Verify Selections dialog box appears.
12. At this point, you can click Next to finish creating the collective, or examine the
advanced options.
70
Working with AF Collectives Through the FactoryTalk Historian System Explorer
To bypass the advanced options, click Next. The collective is created and the Create
New Collective – Finishing dialog box appears. The replication process begins.
To examine the advanced options, click Advanced.
a. You will be prompted to convert the system(s) to a collective if you want to continue.
Click Yes to convert the system(s) to a collective and open the Advanced Collective
Options dialog box. Click No to return to the Create New Collective - Verify
Selections dialog box and make any required changes.
The following figure shows an example configuration for the advanced options.
b. You can make changes to the collective‘s definition at this point or leave the
definition as is. For detailed information about the collective‘s definition, see section
Configuring the Collective Properties (page 73).
c. Click OK to start replication. The Create New Collective – Finishing dialog box
appears and the replication process begins.
13. The Create New Collective – Finishing dialog box consists of three areas. For details
about the collective status, see section Collective Status Details (page 73).
Note: If you click Exit prior to the secondary server's being listed in the lower area
of the dialog box, replication process stops on any secondary server(s) in the
collective. A message appears that indicates the replication process is not
complete. You will need to start the replication process on any secondary
server(s) that currently belong to the collective.
14. If you click Finish before the replication is complete, a message appears indicating the
replication is not complete, and where to look for the current replication status.
When the replication process is complete, the status for the first row, the snapshot
creation, shows Succeeded. The status for the second row, the replication process as it
relates to the primary server, shows Idle. The status for the third row and on, the
replication process as it relates to the secondary server(s), shows Idle.
15. Click Finish to close the Create New Collective – Finishing dialog box.
72
Working with AF Collectives Through the FactoryTalk Historian System Explorer
Status information is reported for AF collectives in the same way as it is for Historian
Collectives. To see the status:
1. Click File>Database. The Select Database dialog box appears.
For detailed information about the collective‘s definition, see section Configuring the
Collective Properties (page 78).
4. Select a collective member to review the member‘s status in the Status area of the
Collective tab.
5. Right-click a collective member and select Show Collective Status, or select a collective
member and click in the Status area. The Collective Status Details dialog
box appears with the last status messages for the primary and secondary servers. If there
is no current activity, the Details area is empty. For details about the Collective Status
Details dialog box, see section Collective Status Details (page 73).
The following figure shows the Adding Secondaries – Finishing dialog box.
The following figure shows the Collective Status Details dialog box.
74
Working with AF Collectives Through the FactoryTalk Historian System Explorer
In the Create New Collective – Finishing and the Adding Secondaries – Finishing dialog
box, the top area provides messages indicating the overall status of the collective creation and
replication process. The middle area provides an overview of the replication process. In these
two dialog boxes and in the Collective Status Details dialog box, the lower area displays
rows of data about the FactoryTalk Historian SE‘s comprising the collective. In the
Collective Status Details dialog box, the top area allows you to: 1) Refresh the contents of
the dialog box; 2) Choose to show only errors; and 3) Indicate the number of rows of data
details to display for secondary servers.
The first two rows in the lower area of all three dialog boxes are related to the primary server.
The first row shows the status of the snapshot creation process. The second row shows the
status of the replication process between primary server and secondary server(s). The rows in
the lower area beginning with the third row are related to the secondary server(s), showing
the latest status messages relating to the replication process on the secondary server(s).
The columns in all three dialog boxes are:
Name: The name of the collective member.
Sync Status: The synchronization status between the server members in the collective.
Status: The status of the replication process from the primary server to the secondary
server(s).
Comment: The current stage of the replication process.
Commands Delivered: The number of commands being sent from the primary server to
the secondary server.
Error Code: If an error occurs, displays the associated error code.
Error Message: If an error occurs,, displays the associated error message.
Note: If you click Exit prior to a newly added secondary server(s) being listed in the
lower area of the dialog box, replication process stops on the secondary server. A
message appears that indicates the replication process is not complete. You will
need to start the replication process on the newly added secondary server.
You can add secondary servers to an existing collective. When a secondary server is added to
a collective, a subscription is created on the secondary server, and the existing snapshot data
is replicated from the primary server to the newly added secondary server.
To add a server:
1. Click File>Database. The Select Database dialog box appears.
2. Click . The Systems dialog box appears.
3. Click the Collective tab.
4. Right-click a server and select Add FactoryTalk Historian System to Collective. The
Adding Secondaries – Select Secondary Servers dialog box appears.
5. From the Server list, select the FactoryTalk Historian System to add to the collective as a
secondary server. You can change the server description, or accept the current
description. If there is not a current connection to the selected FactoryTalk Historian
System, the FactoryTalk Historian System's description will not be displayed. Click Add
to add the FactoryTalk Historian System to the list.
6. Repeat the previous step for any additional FactoryTalk Historian SE‘s that you want to
add as secondary servers in this collective.
7. Click Next. The Adding Secondaries - Verify Selections dialog box appears.
76
Working with AF Collectives Through the FactoryTalk Historian System Explorer
8. At this point, you can click Next to finish adding the secondary server(s) to the
collective, or examine the advanced options.
To bypass the advanced options, click Next. The secondary server(s) is/are added to the
collective. The Adding Secondaries – Finishing dialog box appears. The process of
replicating data to the secondary server(s) begins.
To examine the advanced options, click Advanced. The following figure shows an
example configuration for the advanced options.
a. You can make changes to the collective‘s definition at this point or leave the
definition as is. For detailed information about the collective‘s definition, see section
Configuring the Collective Properties (page 78).
b. Click OK to start replication. The Adding Secondaries – Finishing dialog box
appears and the replication process begins.
9. The Adding Secondaries – Finishing dialog box consists of three areas. For details
about the collective status, see section Collective Status Details (page 73).
Note: If you click Exit prior to the newly added secondary server(s) being listed in
the lower area of the dialog box, replication process stops on these secondary
server(s). A message appears that indicates the replication process is not
complete. You will need to start the replication process on any secondary
server(s) that currently belong to the collective.
When the replication process is complete on the secondary server(s), the Status for the
third row and on, the replication process as it relates to the secondary server(s), shows
Idle.
10. Click Finish to close the Adding Secondaries – Finishing dialog box.
You can modify many settings relating to collective members in either the Advanced
Collective Options dialog box (during the collective creation process) or the Collective tab
in the System Properties dialog box (after the collective has been created).
The following figure shows an example configuration for the advanced options.
78
Working with AF Collectives Through the FactoryTalk Historian System Explorer
Server Version: Version of the AF Server installed. This value is read only.
Database Version: Version of the AF SQL Database installed. This value is read only.
Status: The status of the selected collective member, including the last time
communication was verified with the primary server (not listed for the primary server),
the last time the collective member was synchronized, current synchronization status, and
current communication status. These values are read only.
You can remove a server from a collective as needed. Note that removing the primary server
from the collective causes the entire collective to be deleted.
To remove a server:
1. Click File>Database to open the Select Database dialog box.
You can stop replication on a secondary server at any time. For details about the events that
occur when you stop replication on a secondary server, see section Replication is Stopped on
a Secondary Server (page 67).
1. Click File>Database to open the Select Database dialog box.
80
Working with AF Collectives Through the FactoryTalk Historian System Explorer
You can stop replication on the primary server at any time. For details about the events that
occur when you stop replication on the primary, see section Replication is Stopped on the
Primary Server (page 67).
1. Click File>Database to open the Select Database dialog box.
If you have stopped replication on a collective member, it does not restart automatically. If
you want the collective member to be involved in replication, you must start the replication
on that member.
1. Click File>Database to open the Select Database dialog box.
You can force a new snapshot of the database on the primary server to be created and pushed
out to a secondary server by reinitializing the secondary server. If you have multiple
secondary servers, you must reinitialize each individually.
1. Click File>Database to open the Select Database dialog box.
82
Troubleshooting AF Collective Issues
84
Appendix A
Technical Support and Resources
Rockwell provides dedicated technical support internationally, 24 hours a day, 7 days a week.
You can read complete information about technical support options, and access all of the
following resources at the Rockwell Automation Support Web site:
http://www.rockwellautomation.com/support/
Knowledgebase
The KnowledgeBase provides a searchable library of documentation and technical data, as
well as a special collection of resources for system managers.
http://www.rockwellautomation.com/knowledgebase/
If you do not have SMT installed, open a command prompt, change to the pi\adm
directory, and enter piversion -v. To see individual version numbers for each
subsystem, change to the pi\bin directory and type the subsystem name followed by the
option -v (for example, piarchss.exe –v).
Upgrades
Downloading of any updates for your software is available with a current Tech Connect
contract. You can obtain the updates from the support download site:
http://www.rockwellautomation.com/support/downloads.html
86
Index
A
AF, Port Summary • 44
AF, Security and a Firewall • 36
AF, Security Overview • 13
B
Back Up Database • 59
C
Collective, Administration • 67
Collective, Creating • 69
D
Database, Backing Up • 59
Debug with Dr. Watson • 33
Dr. Watson Configuration • 33
F
Firewall and AF Security • 36
I
Installation Guidelines • 10
Installation Options for AF • 5, 15, 16, 19, 22, 27, 28
Installation, Silent • 29
P
Port Summary • 44
Ports and Firewall Security • 44
S
Security • 13, 14, 16, 27, 36, 47, 56
Silent Installation • 29
SQL Server Configuration Options • 14, 36, 45, 47,
51, 52, 61
SQL Server Security • 14, 47
U
Uninstallation Guidelines • 12