Working with the

TIA Portal Cloud

Connector
Siemens
TIA Portal V14 SP1 Industry
Online
https://support.industry.siemens.com/cs/ww/en/view/109747305 Support
 Warranty and Liability

Warranty and Liability

Note The Application Examples are not binding and do not claim to be complete
regarding the circuits shown, equipping and any eventuality. The Application
Examples do not represent customer-specific solutions. They are only intended
to provide support for typical applications. You are responsible for ensuring that
the described products are used correctly. These Application Examples do not
relieve you of the responsibility to use safe practices in application, installation,
operation and maintenance. When using these Application Examples, you
recognize that we cannot be made liable for any damage/claims beyond the
liability clause described. We reserve the right to make changes to these
Application Examples at any time without prior notice.
If there are any deviations between the recommendations provided in these
Application Examples and other Siemens publications – e.g. Catalogs – the
contents of the other documents have priority.

We do not accept any liability for the information contained in this document.
Any claims against us – based on whatever legal reason – resulting from the use of
the examples, information, programs, engineering and performance data etc.,
described in this Application Example shall be excluded. Such an exclusion shall
not apply in the case of mandatory liability, e.g. under the German Product Liability
Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life,
body or health, guarantee for the quality of a product, fraudulent concealment of a
 Siemens AG 2017 All rights reserved

deficiency or breach of a condition which goes to the root of the contract

(“wesentliche Vertragspflichten”). The damages for a breach of a substantial
contractual obligation are, however, limited to the foreseeable damage, typical for
the type of contract, except in the event of intent or gross negligence or injury to
life, body or health. The above provisions do not imply a change of the burden of
proof to your detriment.
Any form of duplication or distribution of these Application Examples or excerpts
hereof is prohibited without the expressed consent of the Siemens AG.

Security Siemens provides products and solutions with industrial security functions that
informa- support the secure operation of plants, systems, machines and networks.
tion In order to protect plants, systems, machines and networks against cyber
threats, it is necessary to implement – and continuously maintain – a holistic,
state-of-the-art industrial security concept. Siemens’ products and solutions only
form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems,
machines and networks. Systems, machines and components should only be
connected to the enterprise network or the internet if and to the extent necessary
and with appropriate security measures (e.g. use of firewalls and network
segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be
taken into account. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them
more secure. Siemens strongly recommends to apply product updates as soon
as available and to always use the latest product versions. Use of product
versions that are no longer supported, and failure to apply latest updates may
increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial
Security RSS Feed under http://www.siemens.com/industrialsecurity.

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 2
 Table of Contents

Table of Contents
Warranty and Liability .............................................................................................. 2
1 Introduction .................................................................................................... 4
1.1 Overview ........................................................................................... 4
1.2 Components used ............................................................................. 5
2 Engineering .................................................................................................... 6
2.1 Hardware setup ................................................................................. 6
2.2 Configuration ..................................................................................... 7
2.2.1 Creating a development environment on a server .............................. 7
2.2.2 Creating users in a virtual environment .............................................. 7
2.2.3 Allowing remote access to virtual environment ................................... 8
2.2.4 Centrally storing user and project settings .......................................... 9
2.2.5 Configuring TIA Portal Cloud Connector on a PG/PC ....................... 12
2.2.6 Configuring TIA Portal Cloud Connector in the virtual
environment..................................................................................... 15
2.3 Operation ........................................................................................ 18
2.3.1 Establishing a remote desktop connection to the virtual
environment..................................................................................... 18
2.3.2 Establishing an online connection via the TIA Portal Cloud
Connector........................................................................................ 19
2.4 Error handling .................................................................................. 20
 Siemens AG 2017 All rights reserved

3 Appendix....................................................................................................... 21
3.1 Service and support ......................................................................... 21
3.2 Links and literature .......................................................................... 22
3.3 Change documentation .................................................................... 22

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 3
 1 Introduction

1 Introduction
The TIA Portal Cloud Connector enables central management of your engineering
software on a server. From an engineering workstation, you can work with
TIA Portal (which is installed on a server) via a remote desktop connection. For
this, the TIA Portal Cloud Connector serves as communication tunnel.

1.1 Overview
In this application example, TIA Portal is installed in a virtual environment on a
server. TIA Portal is not installed on the engineering workstation (PG/PC). The
hardware for the automation systems is directly connected with the PG/PC. Via a
remote desktop connection from your PG/PC to the virtual environment, you can
work with TIA Portal as usual. TIA Portal Cloud Connector can be used to ensure
access to the local PROFINET or PROFIBUS interface of the PG/PC of your
engineering workstation and to the connected SIMATIC hardware from the virtual
environment.

Figure 1-1: Overview

 Siemens AG 2017 All rights reserved

The application example describes the following aspects:

 Configuring a remote desktop connection
 Centrally storing user and project settings
 Configuring TIA Portal Cloud Connector on the PG/PC
 Configuring TIA Portal Cloud Connector in the virtual environment
 Establishing an online connection via TIA Portal Cloud Connector

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 4
 1 Introduction

Restrictions
The following restrictions apply to the TIA Portal Cloud Connector:
 Cannot be used with 32-bit operating systems.
 Cannot be enabled if SIMATIC NET is installed.
 Cannot be used if WinCC Runtime is active.
 Cannot be used if the CPU display of the software controller is active.
 The secure connection via HTTPS is only supported as of Windows 8.1.

1.2 Components used

This application example has been created with the following components:
Table 1-1: Hardware and software components
Component Quantit Article number Note
y
SIMATIC Field PG M5 1 6ES7717-.....-0... Engineering workstation.
Alternatively, another
computer can also be
used.
STEP 7 Professional 1 6ES7822-1..04-.. -
V14 SP1
 Siemens AG 2017 All rights reserved

TIA Portal Cloud 1 6ES7823-1C.00-0YA0 -

Connector
Server 1 - PC with virtual
environment

This application example consists of the following components:

Table 1-2: Components
Component File name
Documentation 109747305_TIAPortalCloudConnector_DOC_v10_en.docx

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 5
 2 Engineering

2 Engineering
2.1 Hardware setup
The figure below shows how to use TIA Portal Cloud Connector in a virtual
environment. The hardware is connected to the engineering workstation (PG/PC).
Figure 2-1: Hardware setup

Server

Remote connection
Communication tunnel

IE PLC HMI
 Siemens AG 2017 All rights reserved

PROFINET

Engineering workstation

Note To be able to work with a remote desktop connection, a network considering

Windows settings, IP addresses, firewalls etc. has to be set up already.
The network may also be organized within a Windows domain.

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 6
 2 Engineering

2.2 Configuration
2.2.1 Creating a development environment on a server

Set up your TIA Portal development environment in the virtual environment as you
do it for every PG/PC.
You can use the following virtualization platforms:
 VMware vSphere Hypervisor (ESXi) V6.0
 Microsoft Windows Server 2012 R2 Hyper-V
 Microsoft Windows Azure Pack V1.0

2.2.2 Creating users in a virtual environment

To create users in the virtual environment, administrator rights are required.

You can create the user accounts in the Windows 10 Control Panel as follows:
1. In the "Control Panel”, click "User Accounts > Manage Accounts > Add a user
account".
2. Enter the "User name", e. g. "User", and the "Password" of the engineering
workstation.
3. Click "Next" and then "Finish".
 Siemens AG 2017 All rights reserved

4. Repeat steps 2 and 3 to create further user accounts.

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 7
 2 Engineering

2.2.3 Allowing remote access to virtual environment

To be able to access the virtual environment from your PG/PC via remote desktop,
you have to allow remote access to the virtual environment.
To do this, proceed as follows:
1. Go to "Control Panel > System" and open the "Remote settings".
2. Enable the option "Allow remote connections to this computer".
Now, via default setting, all users with administrator rights can establish a
remote desktop connection to the virtual environment.
3. If standard users shall also be granted remote access, you have to add them to
the "Remote Desktop Users" group. To do this, click the "Select Users" button.

1
 Siemens AG 2017 All rights reserved

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 8
 2 Engineering

4. In the following dialog, click "Add".

5. In the "Select Users" dialog, enter the user name, e. g. "User".
6. Click "Check Names" to check the names.
7. Confirm your entries by clicking "OK" in both dialogs.

5 6

2.2.4 Centrally storing user and project settings

 Siemens AG 2017 All rights reserved

In the TIA Portal settings, you can specify user-defined settings such as e. g. paths
for storage locations, window layout, colors and fonts. The TIA Portal settings will
be stored by default in the "settings.xml" file in a defined path. The projects will be
stored in a defined path as well. You can use the "TiaUserSettingsPath" and
"TiaDefaultProjectPath" environment variables to set storage locations for the user
and project settings that deviate from the system selection. Doing this, you can
store the user and project settings centrally on a server outside the virtual
environment. Thus, you can work with the same settings from different engineering
workstations and your settings and projects will not get lost when the virtual
environment is deleted.
In this application example, the projects and the TIA Portal user settings are stored
on the local PG/PC instead of a server. To do this, the "TIACloud" folder with the
subfolders "Projects" and "UserSettings" has been created.

Figure 2-2: Folder structure on PG/PC

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 9
 2 Engineering

Sharing folders on PG/PC for users

To be able to access the local folder "TIACloud" from the virtual environment via
the network, you have to share the folder as follows:
1. In the properties of the folder, click "Share".
2. Select the user, e. g. "User".
3. Click "Add" to add the user.
4. Confirm your entries by clicking "Share".

3
2
 Siemens AG 2017 All rights reserved

Setting environment variables in a virtual environment by means of a script

In the virtual environment, you can set environment variables with the storage
locations for user-specific settings and projects. With the environment variable
"TiaUserSettingsPath", you can specify the path for the user-specific settings. With
the environment variable "TiaDefaultProjectPath", you can specify the path for the
projects. As path, specify the directory in the network for shared subfolders on your
local PG/PC.
In this application example, the environment variables are set with the script
"setPath.bat". In this example, "UserDevice" is the computer name of the PG/PC.
"%USERNAME%" is the variable for the user name. When the user logs on, this
variable will be resolved and the environment variable will be changed
correspondingly. If this shall apply to several users, it is recommended to store the
script in the autostart directory. Thus, the environment variable will be set again
with each logon and the storage location for the settings will be adapted to the
logged on user.

Figure 2-3: Script "setPath.bat"

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 10
 2 Engineering

To set the environment variable by means of a script, proceed as follows:

1. Adjust the script to your conditions (server/computer name, folder etc.).
2. Copy the script into the Windows Startup directory, e. g.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup".
3. Then, you have to log on again.

Note Set the environment variables before starting TIA Portal for the first time. If the
environment variables are not available when starting TIA Portal for the first time,
TIA Portal will store the "settings.xml" file for the setting in the standard directory
and will always use this file in the future. As long as this file is available,
TIA Portal will ignore environment variables that are set later. Delete the
"settings.xml" file if it is already available in the folder
"C:\Users\<user>\AppData\Roaming\Siemens\Automation\Portal V14\Settings".

Note You can also set the environment variables manually in the Windows dialog
"Environment Variables". You open the dialog under "Control Panel > Advanced
system settings > Environment Variables…".
 Siemens AG 2017 All rights reserved

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 11
 2 Engineering

2.2.5 Configuring TIA Portal Cloud Connector on a PG/PC

Note TIA Portal Cloud Connector supports the secure connection via HTTPS as of
Windows 8.1.
For safety reasons, always use a HTTPS connection to your virtual environment.
To ensure security of the HTTPS connection, TIA Portal Cloud Connector uses
certificates. The following certificates are required for establishing a connection
between user device and remote device:

 Certificate for data encryption

 Certificate for user authentication
If a certificate is not available or the certificates of user device and remote device
do not match, it is not possible to establish a connection.

To configure an HTTPS connection for the PG/PC, proceed as follows:

1. Open the TIA Portal Cloud Connector.
2. Go to the "General" tab and select the option "User device".
 Siemens AG 2017 All rights reserved

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 12
 2 Engineering

3. Go to the "Protocol" tab and select the option "HTTPS endpoint".

4. Click "Create" to create a new certificate.
The "Create certificate" dialog opens.
5. Select a storage location and enter a name for the certificate. In this application
example, the certificate is stored in the shared folder.
6. Click "OK" to create the certificate.

5
 Siemens AG 2017 All rights reserved

Note If the computer is organized in a domain, the domain name and the computer
name have to be added to the list.

Note If you already have a certificate, you can select it by clicking "Select".

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 13
 2 Engineering

Note Before you can import the certificate for user authentication, you first have to
create it on the remote device. How to create the certificate is described in
chapter 2.2.6.

7. Go to the "Settings" tab.

Import the certificate for user authentication that you created on the remote
device. In this application example, the certificate is stored in the shared folder.
You can also add an already available certificate from the Windows certificate
storage to the list of trusted certificates.
 Siemens AG 2017 All rights reserved

8. Go to the "General" tab again and click the "Enable communication" button.

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 14
 2 Engineering

2.2.6 Configuring TIA Portal Cloud Connector in the virtual environment

Note TIA Portal Cloud Connector supports the secure connection via HTTPS as of
Windows 8.1.
To achieve more security, you can use an HTTPS connection. To ensure
security of the HTTPS connection, TIA Portal Cloud Connector uses certificates.
The following certificates are required for establishing a connection between user
device and remote device:

 Certificate for data encryption

 Certificate for user authentication
If a certificate is not available or the certificates of user device and remote device
do not match, it is not possible to establish a connection.

To configure an HTTPS connection for the virtual environment, proceed as follows:

1. Establish a remote desktop connection to the virtual environment (see chapter
2.3.1).
2. Open the TIA Portal Cloud Connector.
3. Go to the "General" tab and select the option "Remote device".
 Siemens AG 2017 All rights reserved

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 15
 2 Engineering

4. Go to the "Protocol" tab and select the option "HTTPS settings".

5. Enter the "User device address" or select the entry "Automatic configuration"
from the drop-down list to determine the address automatically.
6. Import the certificate for data encryption that you created on the user device. In
this application example, the certificate is stored in the shared folder. You can
also select an already available certificate from the Windows certificate
storage.

4
5

6
 Siemens AG 2017 All rights reserved

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 16
 2 Engineering

7. Go to the "Settings" tab.

Click "Create" to create a new certificate for user authentication.
The "Create certificate" dialog opens.
If you already have a certificate, you can select it by clicking "Select".
8. Select a storage location and enter a name for the certificate for user
authentication. In this application example, the certificate is stored in the
shared folder.
9. Click "OK" to create the certificate.

7
 Siemens AG 2017 All rights reserved

Note Before you can enable communication on the remote device, the configuration
on the user device must be completed.

10. Go to the "General" tab again and click the "Enable communication" button.
If communication has been enabled successfully, the color of the status icon
changes to yellow.

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 17
 2 Engineering

2.3 Operation
2.3.1 Establishing a remote desktop connection to the virtual environment

To be able to work with TIA Portal in the virtual environment from your PG/PC, you
have to establish a remote desktop connection.
To do this, proceed as follows:
1. Open the remote desktop connection, click the Windows Start button. Enter
"Remote Desktop Connection" in the search field and then click "Remote
Desktop Connection" in the results list.
2. Enter the IP address of the virtual environment in the "Computer" dialog box
and then click "Connect". You can also enter the name of the computer instead
of the IP address.
 Siemens AG 2017 All rights reserved

3. Enter the password for the user in the following dialog box.

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 18
 2 Engineering

2.3.2 Establishing an online connection via the TIA Portal Cloud Connector

If you are using the TIA Portal Cloud Connector for connection to the hardware,
working in TIA Portal does not differ from an ordinary online connection to the
hardware. As soon as you have enabled the tunnel communication, you thus can
compile, load or monitor your data as usual.
To establish an online connection, proceed as follows:
1. Use TIA Portal to open a project from the defined project path (see 2.2.4) and
go to the project view.
The color of the TIA Portal Cloud Connector status icon changes to green.
2. In the project tree, select a controller to which you want to establish an online
connection.
3. Click "Go online".
4. In the interface settings, select the local PROFINET or PROFIBUS interface of
your PG/PC.
5. Select the target device and click "Go online".
 Siemens AG 2017 All rights reserved

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 19
 2 Engineering

2.4 Error handling

Overview of status icons
If you establish an online connection via the TIA Portal Cloud Connector, status
icons indicating the connection status are displayed in the info area of the Windows
taskbar. The table below shows an overview of the status icons and their meaning:

Table 2-1: Overview of status icons

Status icon Meaning
Communication is disabled.

Communication is enabled, but no data exchange is taking place

between TIA Portal and the SIMATIC automation hardware.
Communication is enabled and data exchange is taking place between
TIA Portal and the SIMATIC automation hardware.
Data exchange between TIA Portal and the SIMATIC automation
hardware has been interrupted. The status display is shown and offers
further details regarding the cause.

Status display
You can show a status display both on the remote device and the user device via
 Siemens AG 2017 All rights reserved

the info area in the Windows taskbar.

To do this, proceed as follows:
1. Right-click the status icon of the TIA Portal Cloud Connector.
2. Click "Status display".
The status display opens. It shows all information, warnings and error
messages of the TIA Portal Cloud Connector. In addition, it shows how long a
TCP or HTTPS connection already is established.

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 20
 3 Appendix

3 Appendix
3.1 Service and support
Industry Online Support
Do you have any questions or need support?
Siemens Industry Online Support offers access to our entire service and support
know-how as well as to our services.
Siemens Industry Online Support is the central address for information on our
products, solutions and services.
Product information, manuals, downloads, FAQs and application examples – all
information is accessible with just a few mouse clicks at
https://support.industry.siemens.com

Technical Support
Siemens Industry's Technical Support offers quick and competent support
regarding all technical queries with numerous tailor-made offers
– from basic support right up to individual support contracts.
Please address your requests to the Technical Support via the web form:
www.siemens.de/industry/supportrequest

Service offer
 Siemens AG 2017 All rights reserved

Our service offer comprises, among other things, the following services:
 Product Training
 Plant Data Services
 Spare Parts Services
 Repair Services
 Field & Maintenance Services
 Retrofit & Modernization Services
 Service Programs & Agreements
Detailed information on our service offer is available in the Service Catalog:
https://support.industry.siemens.com/cs/sc

Industry Online Support app

Thanks to the "Siemens Industry Online Support" app, you will get optimum
support even when you are on the move. The app is available for Apple iOS,
Android and Windows Phone:
https://support.industry.siemens.com/cs/ww/en/sc/2067

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 21
 3 Appendix

3.2 Links and literature

Table 3-1
No. Topic
\1\ Siemens Industry Online Support
https://support.industry.siemens.com
\2\ Link to the entry page of the application example
https://support.industry.siemens.com/cs/ww/en/view/109747305
\3\ Operating manual
Instructions on the TIA Portal Cloud Connector
https://support.industry.siemens.com/cs/ww/en/view/109742490
\4\ FAQ
What are the conditions for using the TIA Portal Cloud Connector?
https://support.industry.siemens.com/cs/ww/en/view/109739390

3.3 Change documentation

Table 3-2
 Siemens AG 2017 All rights reserved

Version Date Modifications

V1.0 05/2017 First version

Working with the TIA Portal Cloud Connector

Entry ID: 109747305, V1.0, 05/2017 22