Professional Documents
Culture Documents
Global WCF Configuration Guide
Global WCF Configuration Guide
Configuration Guide
AVEVA Solutions Limited
Disclaimer
1.1 AVEVA does not warrant that the use of the AVEVA software will be uninterrupted, error-free or free from
viruses.
1.2 AVEVA shall not be liable for: loss of profits; loss of business; depletion of goodwill and/or similar losses; loss of
anticipated savings; loss of goods; loss of contract; loss of use; loss or corruption of data or information; any
special, indirect, consequential or pure economic loss, costs, damages, charges or expenses which may be
suffered by the user, including any loss suffered by the user resulting from the inaccuracy or invalidity of any data
created by the AVEVA software, irrespective of whether such losses are suffered directly or indirectly, or arise in
contract, tort (including negligence) or otherwise.
1.3 AVEVA's total liability in contract, tort (including negligence), or otherwise, arising in connection with the
performance of the AVEVA software shall be limited to 100% of the licence fees paid in the year in which the user's
claim is brought.
1.4 Clauses 1.1 to 1.3 shall apply to the fullest extent permissible at law.
1.5 In the event of any conflict between the above clauses and the analogous clauses in the software licence under
which the AVEVA software was purchased, the clauses in the software licence shall take precedence.
Copyright
Copyright and all other intellectual property rights in this manual and the associated software, and every part of it
(including source code, object code, any data contained in it, the manual and any other documentation supplied
with it) belongs to, or is validly licensed by, AVEVA Solutions Limited or its subsidiaries.
All rights are reserved to AVEVA Solutions Limited and its subsidiaries. The information contained in this document
is commercially sensitive, and shall not be copied, reproduced, stored in a retrieval system, or transmitted without
the prior written permission of AVEVA Solutions Limited. Where such permission is granted, it expressly requires
that this copyright notice, and the above disclaimer, is prominently displayed at the beginning of every copy that is
made.
The manual and associated documentation may not be adapted, reproduced, or copied, in any material or
electronic form, without the prior written permission of AVEVA Solutions Limited. The user may not reverse
engineer, decompile, copy, or adapt the software. Neither the whole, nor part of the software described in this
publication may be incorporated into any third-party software, product, machine, or system without the prior written
permission of AVEVA Solutions Limited, save as permitted by law. Any such unauthorised action is strictly
prohibited, and may give rise to civil liabilities and criminal prosecution.
The AVEVA software described in this guide is to be installed and operated strictly in accordance with the terms
and conditions of the respective software licences, and in accordance with the relevant User Documentation.
Unauthorised or unlicensed use of the software is strictly prohibited.
Copyright 1974 to current year. AVEVA Solutions Limited and its subsidiaries. All rights reserved. AVEVA shall not
be liable for any breach or infringement of a third party's intellectual property rights where such breach results from
a user's modification of the AVEVA software or associated documentation.
AVEVA Solutions Limited, High Cross, Madingley Road, Cambridge, CB3 0HB, United Kingdom.
Trademark
AVEVA and Tribon are registered trademarks of AVEVA Solutions Limited or its subsidiaries. Unauthorised use of
the AVEVA or Tribon trademarks is strictly forbidden.
AVEVA product/software names are trademarks or registered trademarks of AVEVA Solutions Limited or its
subsidiaries, registered in the UK, Europe and other countries (worldwide).
The copyright, trademark rights, or other intellectual property rights in any other product or software, its name or
logo belongs to its respective owner.
Global WCF Configuration Guide
Revision Sheet
Contents Page
Global WCF
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:1
Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:1
Guide Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:2
1 Introduction
AVEVA Global can be used to enhance projects created in either the AVEVA Plant or
AVEVA Marine group of products - henceforth known as the "base product" in this
document.
References to paths and directory settings in this document are used from AVEVA Plant and
should only be used as an example. Other base product paths and directory settings will be
different.
The Global WCF Configuration Guide describes how to configure the Windows
Communication Foundation (WCF) layer of security in AVEVA Global.
The user has the ability to use the WCF protocol in a Global project. The RPC protocol
continues to be available to the user if required.
Global has relied on RPC (Remote Procedure Call) for all inter-location communication.
There are a number of limitations in using the RPC protocol such as a dependency on using
port 135 for traffic and limited support of transport protocol bindings.
The main benefit of using WCF is that it can be fully customised. Through configuration files
the administrator can decide what levels of security to apply (described more in section
Security Features). Global WCF Configuration Guide
The operation of a Global project does not change as a result of enabling WCF functionality.
However the configuration of security has been abstracted from the software and is now
fully customisable through new XML configuration files.
WCF is enabled and configured by modifying values within XML configuration files
described later in section Enable RPC or WCF Security.
1.1 Assumptions
The Global WCF Configuration Guide targets the IT administrator or Global Project
Administrator. Knowledge of AVEVA Global will be helpful but is not essential.
The user must have the correct AVEVA license file before installing the AVEVA Global
Server. The license file is called AVEVA Licensing System (ALS). Refer to the AVEVA
Licensing System (ALS) guide for further information.
Global requires a license for Hub and Satellites. At the hub location each project daemon
will take out a GLOBAL license entry. At each Satellite each project daemon will take out a
GLOBALSAT license. A project daemon at a Satellite may use a spare Hub license
(GLOBAL) if no satellite license (GLOBALSAT) is available.
It is assumed that the reader has already installed the base product and Global Server with
the WCF functionality selected (refer to the base product Installation Guide).
Software Checklist Covers any software and hardware dependencies that the
Global WCF has.
Security Features Describes the main security features that are available to
the administrator when using WCF.
Certificate Based Describes how the user can apply Certificate based
Authentication authentication to messages and transport in WCF.
WCF Configuration Files Describes the different configuration files used to manage
Global WCF.
Start a Global Project A simple example of how to start the Global daemon using
the default installed files.
2 Software Checklist
The user must check that the following items have been installed.
• A valid license file.
• Microsoft .NET Framework 4 (refer to Microsoft .NET Framework v4).
• The latest version of the base product with WCF enabled.
• The latest version of Global Server with WCF enabled.
The user can optionally configure the Global WCF to use a Secure Socket Layer (SSL)
certificate. If this is the case then the following pre-requisites apply:
• A pre-purchased SSL Certificate (described in detail in section Certificate Based
Authentication).
• Windows XP Service Pack 2 Support Tools (If the Operating System being used is
Windows XP). This is required if the steps described in section Bind Certificate With
Windows XP or Windows Server 2003 are to be followed.
Windows Server 2003 Service Pack 1 Support Tools (If the Operating System being used is
Windows Server 2003). This is required if the steps described in section Bind Certificate
With Windows XP or Windows Server 2003 are to be followed.
The base product is installed with the appropriate .NET Framework incorporated and should
be consistent on all computers that Global is deployed to.
3 Security Features
When WCF is enabled as the security provider the administrator can take advantage of
different modes of security. WCF has two major modes of security; these are Transport
Level Security and Message Level Security.
All aspects of security are set within XML configuration files that are described later in WCF
Configuration Files.
The Global Server installation includes sample WCF Configuration files. These are
deployed in the sub-folder GlobalWCF_SampleConfigFiles. These should be used as a
basis when modifying existing Config files. Refer to WCF Configuration Files for further
information.
The following section gives the administrator an overview of the principles behind securing
Global using WCF as an authentication provider.
3.3 Binding
The administrator can specify the low level communication protocol to use for data transfer.
The available bindings are as follows:
• Transmission Control Protocol (TCP)
• The same protocol used by existing Global RPC services.
• Binary data that is not visible to security checks
• Fast
• Better used for protected connections
• Hypertext Transfer Protocol (HTTP)
• Messages are sent in text, but are verbose
• Transparent to security checks
• Slower performance
• Ideal for unsecured internet connections
• Web Services Security Hypertext Transfer Protocol (wsHTTP)
• Secure encrypted HTTP.
3.4 Encryption
The administrator can configure WCF to encrypt messages along the way.
• Message encryption is ideal for connections made through the Internet without
protection.
• Not required if encryption is provided by the network connection (for example a
VPN).
• Different algorithms are supplied by WCF.
3.5 Encoding
Encoding is tied in with the Binding configuration and determines how a message will be
encoded when sent from Client to Server and Server to Client.
• Text - through HTTP
• Verbose, slow but secure.
• Ideal for unprotected communications where performance is not a priority.
• Binary - through TCP
• Ideal for protected communications where performance is a priority.
• Message Transmission Optimisation Mechanism (MTOM) - through wsHTTP.
• An optimisation of Text and Binary. Intelligently sends data in text or binary
attachments.
3.6 Authentication
Authentication will make sure that communication is valid by checking that the sender and
recipient are valid.
• Messages are sent to a known recipient.
• Messages are received from a known sender.
Authentication can be applied to the connection or to each individual message.
Authentication can be through :
• Windows Login Accounts
• Can be used when communications are within the same domain/organisations. If
communication is between different domains/organisations then use Certification.
• Certification
• Use a certificate at both ends of communication to check authenticity.
• The user must purchase a valid certificate from a provider; refer to Certificate
Based Authentication for further information.
3.7 Certification
Certification makes sure that messages are verified between sender and recipient.
• Makes sure that messages are sent to a known recipient.
• Makes sure that messages are received from a known sender.
Certification is recommended for business to business (B2B) communications when
messages:
• Transgress the Internet.
4 Trust Boundaries
Before choosing a security profile the administrator must consider the type of network
Global will be deployed to and what trust boundaries will be crossed.
Other influencing factors can be:
• What security is applied already on connections?
• Licence Servers may still need access through Firewalls.
• Database access may still need access through Firewalls.
• There may be a trade off in security verses performance.
The Trust Boundaries section describes the different types of trust boundary that can be
encountered in a networking environment and the theory behind how WCF can be
implemented to secure communications as they pass through these boundaries.
Consider the following network layout:
In this layout Global daemons must communicate with each other while passing through
varying layers of trust boundary. As a different layer of trust is encountered, the
administrator must consider configuring all the Global daemons in the project to
communicate using the (same) appropriate security policy that is robust enough to support
No Trust Boundaries
In a no trust zone there is a high risk of security threats.
The network is a closed system and therefore the administrator must consider configuring
WCF with a high level of security.
The administrator must use Transport Level Security where connections are already
protected through a VPN (Virtual Private Network) and Message Level Security where there
is no VPN.
Note: When a high level of security is applied there will be degradation in performance.
No encryption is necessary for VPN connections because the VPN connection inherently
uses an encryption algorithm. If the connection is not a VPN then at least a 128bit
encryption algorithm should be used.
The administrator should use text Encoding which can be verified.
For Authentication use Windows Authentication if on the same domain and Certification if
not.
There are sample configuration files for Windows authentication and SSL Certified settings.
Sample configuration files are described later in section Configure Security.
In the illustration above each circle represents a different physical computer node. Each
node is running an instance of the Global daemon. Each node will have its own
AdmindWCF.exe.config and GlobalWCFClient.config file.
The left and right Satellite nodes are configured to use wsHTTP for client and service. The
central Hub node is able to communicate with both by having an endpoint exposed for
wsHTTP. Endpoints are discussed further in section WCF Endpoint.
Note: Multiple end points are not currently supported, therefore a Global project must use
the same binding configuration (NetTCP, HTTP or wsHTTP) across all daemon
nodes for the project (i.e. Hub to Sat and Sat to Sat).
Different projects can use different configurations by having a separate copy of the Global
server installation (and therefore configuration files) for each project.
It is possible to configure Global WCF to authenticate Global data exchanges against a valid
SSL certificate.
The following section describes how to prepare and install a certificate ready for use by
Global WCF.
If the user does not intend to use an SSL certificate then skip to section WCF Configuration
Files.
The following steps describe the configuration process to bind an x.509 SSL Certificate to
a Hypertext Transfer Protocol (HTTP) port for the purpose of authenticating incoming
requests.
A certificate must be obtained from a Root Authority such as Verisign or Thawte, refer to the
following web pages for more information:
http://www.verisign.co.uk/ssl/
http://www.thawte.com/ssl/
The user must install the certificate on Server machine.
The certificate on the Server machine will be validated against the root Certification
Authority (CA) as shown below:
• In the Console Root window, click Certificates (Local Computer) to view the
certificate stores for the computer.
• Import Certificate
From the MMC the user can import a pre-purchased certificate.
• Navigate to Certificates (Local Computer) > Personal > Certificates.
• Right click Certificates and select All Tasks > Import.
• The Certificate Import Wizard will guide the user through importing a certificate file.
• Copy the hexadecimal string to the Windows clipboard by highlighting the string and
pressing down CTRL+C on the keyboard.
At the certhash parameter, paste the value copied to the clipboard in the previous steps
making sure that spaces are removed from the hexadecimal string.
Note: If the user enters an invalid thumbprint, the command will still succeed, but the client
will not be able to communicate with the service as the thumbprint does not refer to a
valid certificate.
• The appid parameter is a random GUID (Globally unique identifier) that can be used to
identify the owning application.
At the -h parameter, paste the value copied to the clipboard in the previous steps making
sure that spaces are removed from the hexadecimal string.
If this command is successful, it will report the message:
"HttpSetServiceConfiguration completed with 0."
Note: If the user enters an invalid thumbprint, the command will still succeed, but the client
will not be able to communicate with the service as the thumbprint does not refer to a
valid certificate.
This command binds the certificate with the thumbprint indicated with the -h flag to the port
indicated by the -i flag. The port is specified as the IP address of the computer followed by
the port. The IP address 0.0.0.0 specifies the local computer.
Global WCF makes use of configuration files to load runtime settings for connecting to
remote locations and to determine the security settings applied to Global communications.
Constructor Module Configuration files are configuration files used by any base product
module that supports Global operation either directly or through data extracts (for example
Admin, Design or Draft).
All Constructor Module Configuration files reference the GlobalWCFClient.config file
(described later) for WCF configuration data. If GlobalWCFClient.config is absent, or not
referenced from adm.exe.config or Constructor module config files, then Global will default
back to using RPC communication.
In most cases the administrator will not need to modify the content of the Constructor
Module Configuration files.
adm.exe.config Used to configure the base product Admin Module for use with
the WCF Global Server.
des.exe.config Used to configure the base product Design Module for use with
the WCF Global Server.
diagrams.exe.config Used to configure the base product Diagrams Module for use
with the WCF Global Server.
tags.exe.config Used to configure the base product Tags Module for use with
the WCF Global Server.
draw.exe.config Used to configure the base product Draw Module for use with
the WCF Global Server.
dra.exe.config Used to configure the base product Draft Module for use with
the WCF Global Server, (only available with PDMS).
iss.exe.config Used to configure the base product IsoDraft Module for use
with the WCF Global Server.
spc.exe.config Used to configure the base product Specon Module for use with
the WCF Global Server.
In addition to the Constructor Module configuration files the following configuration files are
provided:
The Global daemon is a client/server application. The server will listen to inbound
communication by using a service with exposed Endpoints (discussed later in section WCF
Endpoint). Outbound communication is handled by the client. The configuration of client and
service are maintained in separate files:
The figure below illustrates the use of the configuration files when multiple nodes are
present.
C:\AVEVA\GlobalServer (PDMS)
or
C:\Program Files (x86)\AVEVA\Global Server (AVEVA Everything
3D™)
Important: Only edit XML configuration files inside a plain text ANSI editor to avoid file
corruption. Do not open the configuration files inside a text editor that uses Rich
Text such as Microsoft WordPad. AVEVA recommend editing the files inside
Microsoft Notepad unless a suitable XML editor is available.
Sets of sample configuration files are available for different Protocols and Security options.
These are available in a sub folder of the Global installed product. For example
C:\Program Files (x86)\AVEVA\Global
Server\GlobalWCF_SampleConfigFiles
The supplied configuration files are example only.
For more complex configurations containing multiple endpoints, refer to AVEVA Support.
Updates to Configuration files and those for previous versions will be made available
through the Knowledge base for the Global product on the AVEVA Helpdesk.
On the Knowledge Base, the files are supplied in a version specific ZIP file attached to the
relevant Knowledge base item. The contents of the GlobalWCF_SampleConfigFiles folder
file must be extracted to a folder before they can be viewed or edited.
The GlobalWCF_SampleConfigFiles folder is situated below the Global Installed folder, for
example:
C:\AVEVA\GlobalServer12.1.xx (where xx = <version number>)
or
C:\Program Files (x86)\AVEVA\GlobalServer12.1.xx (where xx =
<version number>)
Each folder contains 2 files:
• admindWCF.exe.config
• GlobalWCFClient.config
The following sub-folders will be created below the GlobalWCF_SampleConfigFiles folder
for each different sample configuration:
• MessageSecurityCertificateAuthentication\basicHttp
• MessageSecurityWindowsAuthentication\netTcp
• MessageSecurityWindowsAuthentication\wsHttp
• NoSecurity\basicHttp
• NoSecurity\netTcp
• NoSecurity\wsHttp
• TransportSecurityCertificateAuthentication\basicHttp
• TransportSecurityCertificateAuthentication\netTcp
• TransportSecurityCertificateAuthentication\wsHttp
• TransportSecurityWindowsAuthentication\basicHttp
• TransportSecurityWindowsAuthentication\netTcp
• TransportSecurityWindowsAuthentication\wsHttp
Important: The globalWCFClient.config file used by the Global client in the base product
(PDMS, AVEVA Everything3D™ and related products) must be consistent with
the config files used by the Global daemon. The file admindWCF.exe.config
must contain a suitable endpoint to receive communications from the base
product.
Important: AVEVA recommend editing the files inside Microsoft Notepad if an XML editor is
not available. Only edit XML configuration files inside a plain text ANSI editor to
avoid file corruption. Do not open the configuration files inside a text editor that
uses Rich Text such as Microsoft WordPad.
Note: Sets of sample configuration files are supplied as part of the Global Server
installation in the sub-folder GlobalWCF_SampleConfigFiles. Config files must be
deployed consistently for both Global Server and Global Client throughout a Global
project. The appropriate GlobalWCFClient.config file must be deployed to all Base
products which use Global.
Sample Configuration files are supplied for different Security settings and Bindings.
Important: If the GLOBAL_PROTOCOL key is not present in the configuration file then the
default of RPC will be used.
Note: The user must close and re-open the base product if the communication method is
changed.
Baseaddress:
The user must configure the baseaddress key in both the GlobalWCFClient.config file
and the AdmindWCF.exe.config file.
<appSettings>
<add key="baseaddress" value="http://localhost:8000/
Design_Time_Addresses/GlobalWcfServiceLib/
GlobalWcfService_11_1_201011/" />
<add key="GLOBAL_PROTOCOL" value="RPC" />
</appSettings>
In the above example the HTTP protocol is used. Depending on the requirement the
protocol can be changed to HTTPS or NET.TCP (this must be consistent with the chosen
Binding).
The value localhost can be replaced with the name of the computer running the daemon (if
on a different machine).
Note: Better performance can be achieved if using localhost than the hostname of the
local machine if on the same machine.
The value 8000 determines the port number used for WCF communication. The value can
be set to any port number, although the administrator must make sure that the port is not
blocked by a firewall (refer to Firewall Configuration).
The Design_Time_Addresses will be automatically replaced at run time with the UUID
(Universally Unique Identifier) as specified in the base product project.
The remainder of the baseaddress must be left unchanged.
Note: Multiple end points are not currently supported, therefore a Global project must use
the same binding configuration (NetTCP, HTTP or wsHTTP) across all daemon
nodes for the project (i.e. Hub to Sat and Sat to Sat).
Note: Different projects can use different configurations by having a separate copy of the
Global server installation (and therefore configuration files) for each project.
Binding:
The binding determines the transfer protocol for the communication. The user must edit the
Client binding in the GlobalWCFClient.config file and the Service binding in the
AdmindWCF.exe.config file.
Open the GlobalWCFClient.config file and locate the following Client code block:
<client>
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IGlobalWcfService"
contract="IGlobalWcfService_11_1_201011"
name="WSHttpBinding_IGlobalWcfService">
</endpoint>
</client>
Edit the binding attribute to one of the following supported Binding values:
• BasicHTTP –raw HTTP such as a Web page.
• wsHTTP –secured HTTP such as a Banking web page.
• netTCP –TCP such as RPC communications.
Important: Other than the Binding the user must leave the parameters unchanged.
Open the AdmindWCF.exe.config file and locate the following code Services block:
<services>
<service behaviorConfiguration="GlobalWcfServiceBehavior"
name="GlobalWcfServiceLib.GlobalWcfService">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IGlobalWcf
Service"
contract="GlobalWcfServiceLib.IGlobalWcfService_1
1_1_201011"
behaviorConfiguration="ValidationBehavior">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
Edit the service binding in the same way described for the client binding.
6.3.1 No Security
For all netTcp, basic Http and wsHttp bindings security is disabled when the Security Mode
value is set to None:
<security mode="None">
</security>
To view an example of configuration files with no security, navigate to the Samples folder
GlobalWCF_SampleConfigFiles and navigate to the sub-folder NoSecurity [Folder
NoSecurity should be the appropriate sub-folder for the section].
Note: It is assumed that where the login details are the same.
The following XML is used to configure the binding to use Windows based authentication.
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredential-
Type=”None” realm=”” />
</security>
Note: The settings made in the GlobalWCFClient.config and AdmindWCF.exe.config
files must be consistent.
To view an example of configuration files with Windows authentication, extract the contents
of the GlobalWCF_SampleConfigFiles folder and navigate to the sub folder
TransportSecurityWindowsAuthentication.
Note: The following setting must be consistent within the GlobalWCFClient.config and
AdmindWCF.exe.config files.
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
Note: The user must make sure that a certificate has been pre-installed and configured.
Refer to the section Certificate Based Authentication.
The user must specify information about the certificate to enable network level security with
certificate authentication.
The following block is specified in the Service behaviour and must be modified in the
AdmindWCF.exe.config file.
<serviceBehaviors>
<behavior name="GlobalWcfServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication trustedStoreLocation="LocalMachine"
certificateValidationMode="None">
</authentication>
</clientCertificate>
<serviceCertificate findValue="tempCert"
x509FindType="FindBySubjectName" storeLoca-
tion="LocalMachine" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
Note: The following setting must be consistent within the GlobalWCFClient.config and
AdmindWCF.exe.config files.
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None" realm="" />
<message clientCredentialType="Windows"
negotiateServiceCredential="true"
algorithmSuite="Basic128Sha256Rsa15"
establishSecurityContext="true" />
</security>
To view an example of configuration files with Message Level Security using Windows
authentication, extract the contents of the GlobalWCF_SampleConfigFiles folder file and
navigate to the sub folder MessageSecurityWindowsAuthentication.
Note: Message Level Security with Certificate based Authentication is a more complicated
option compared to Windows Authentication. There can also be a loss in
performance based on the size of the message and strength of the SSL certificate
used for authentication.
Note: The following setting must be consistent within the GlobalWCFClient.config and
AdmindWCF.exe.config files.
<security
authenticationMode="MutualCertificate"
requireDerivedKeys="false"
messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecu
reConversationFebruary2005WSSecurityPolicy11BasicSecurityProf
ile10">
<secureConversationBootstrap />
</security>
The following block is specified in the Service behaviour and must be modified in the
AdmindWCF.exe.config file.
The user must specify:
<serviceBehaviors>
<behavior name="GlobalWcfServiceBehavior">
<dataContractSerializer
maxItemsInObjectGraph="2147483647"/>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication trustedStoreLocation="LocalMachine"
certificateValidationMode="None"></authentication>
</clientCertificate>
<serviceCertificate findValue="tempCert"
x509FindType="FindBySubjectName"
storeLocation="LocalMachine"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
The GlobalWCFClient.config file has an equivalent <endpointBehaviors> element
that must be modified to match the configuration changes made in the Service Behaviours
of the AdmindWCF.exe.config file.
To view an example of configuration files with Message Level Security using Certificate
based authentication, extract the contents of the GlobalWCF_SampleConfigFiles folder
file and navigate to the sub folder MessageSecurityCertificateAuthentication.
7 Firewall Configuration
The administrator must make sure that a firewall is correctly configured to allow Global WCF
to operate correctly.
Attention must be paid to the choice of ports that are used when the administrator modifies
the WCF Configuration Files supplied with Global WCF.
When the user configures the WCF Endpoint, in most cases a binding will be made to a
specific port (for example port 8001). The administrator must make sure that the port is not
blocked in any way by a firewall.
Note: In some cases the Firewall configuration can be can be controlled by a Group Policy
on the network Domain Controller. In this case the administrator can configure the
firewall settings centrally on the domain controller. The same principles described
here will apply.
Add a descriptive name and then specify the port that has been set up for the WCF
Endpoint.
Important: The administrator must repeat the process to add an open port to any satellite
daemons on other machines in the network to establish a clear two way
communication without being blocked by the firewall.
8 Trouble Shooting
The minimum size for these attributes is 64KB (65536 bytes) and Maximum allowed value is
4 GB (4294967296 bytes).
The following table summarizes all suggested memory sizes and equivalent decimal values.
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IGlobalWcfService"
closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00"
transferMode="Buffered" messageEncoding="Mtom"
maxBufferPoolSize="1048576" maxBufferSize="1048576"
maxReceivedMessageSize="1048576">
<readerQuotas maxDepth="32"
maxStringContentLength="1048576"
maxArrayLength="1048576" maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<security mode="None">
</security>
</binding>
</basicHttpBinding>
</bindings>
Solution:
To avoid a timeout error, increase the following highlighted Timeout values until this error is
no longer occurs:
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IGlobalWcfService"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
transferMode="Buffered"
messageEncoding="Mtom"
maxBufferPoolSize="1048576"
maxBufferSize="1048576"
maxReceivedMessageSize="1048576">
<readerQuotas maxDepth="32"
maxStringContentLength="1048576" maxArrayLength="1048576"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
</security>
</binding>
</basicHttpBinding>
</bindings>
Example : <Hours>:<Minutes>: <Seconds>
00 : 02 : 00
Solution:
The AdmindWCF.exe.config file is missing from the AVEVA_DESIGN_EXE directory.
The AdmindWCF.exe.config file will be installed from installation, check that the file has not
been deleted.
Solution:
The globalWCFClient.config file is missing from the AVEVA_DESIGN_EXE directory.
The globalWCFClient.config file will be installed from installation, check that the file has not
been deleted.
Check for the below highlighted error and make sure that the daemon is running. Refer also
to Remote Daemon Down.
Solution:
The error is generated because files are missing in the Operating System that Global has a
dependency on.
The highlighted reference number is an indication that Global is attempting to locate files
that are part of the .NET Framework 4.
Refer to section Microsoft .NET Framework v4 and download version 4 of the Microsoft
.NET Framework.
The base product monitor console outputs a truncated error as shown below:
Solution:
The error is generated because files are missing in the Operating System that Global has a
dependency on.
The highlighted reference number is an indication that Global is attempting to locate files
that are part of the .NET Framework 3.5.
Refer to section Microsoft .NET Framework v4 and download version 3.5 of the Microsoft
.NET Framework.
Solution:
The error is generated because files are missing in the Operating System that Global has a
dependency on.
The highlighted reference is an indication that the Microsoft Enterprise Libraries cannot be
found.
Microsoft Enterprise Library 4.1 is installed by default but if the user is copying the daemon
components to another workstation then the following components must also be copied:
Solution:
The user must modify the configuration files so that the client and service communicate
using the same binding. Refer to WCF Configuration Files.
In Windows Server 2008 there are two default install locations, one for 32bit applications
(C:\Program Files(x86)) and one for native 64bit (C:\Program Files).
The WCF Global Server has a dependency on files that are by default installed into the
following path on a Windows Server 2008 machine:
C:\Program Files(x86)\Microsoft Enterprise Library 4.1 - October 2008\Bin\
The user must manually copy all DLL files from this folder to the following location, for
example:
C:\AVEVA\PLANT\PDMS12.1.1\
Or to:
C:\AVEVA\GlobalServer12.1.1\
Note: The user must have Administrative rights to be able to copy files from the C:\Program
Files(x86) folder
Once the Global daemon files have been configured, Global will operate in the same way
that it has historically done so for RPC.
Start a Global Project section summarises in brief how to start an instance of Global on a
machine. Throughout the section reference is made to the Global User Guide which
describes then standard process of starting a daemon. Any differences in WCF
configuration are clearly highlighted in this section.
The administrator must first prepare a project in the base product for use with Global refer to
the Global User Guide (section 4.2 Making the Project Global).
In brief the administrator must load the Admin module within the base product and issue the
following commands at the command line to convert the project for Global use:
Lock
make global
unlock
The user must continue to refer to the Global User Guide to Initialise the Hub location.
Navigate to base product folder:
C:\AVEVA\plant\PDMS12.1.1
Referring to Enable RPC or WCF Security locate the file GlobalWCFClient.config and set
the protocol key within the GlobalWCFClient.config file to WCF.
<add key="GLOBAL_PROTOCOL" value="WCF" />
Global Server is supplied with singleds.bat and multids.bat sample batch files that can be
used to start the Global daemon. The operation of these batch files is consistent with that of
RPC, however these is an addition of a new GLOBAL_PROTOCOL key which controls
whether RPC or WCF is to be used.
Refer to the Global User Guide (section 4.8.3 Single Project Service).
Navigate to the Global Server install path:
C:\AVEVA\GlobalServer12.1.1
Open the singleds.bat file in a text editor.
By default the GLOBAL_PROTOCOL will be set to RPC and WCF will be included as a
remark.
Locate the following:
set GLOBAL_PROTOCOL=RPC
rem set GLOBAL_PROTOCOL=WCF
Important: The daemon is slower to start in WCF mode than RPC. Allow a delay for the
Location to be confirmed.
From the command line run the singleds.bat file by using the following syntax:
singleds start sam
On the satellite launch the base product Admin module.
Important: There will be a delay when the first communication is established between
nodes when using WCF.
From the Command Line in the Admin Module enter the following:
On the Hub machine the console window for the daemon will display a summary of
communication between the two workstations: