How do you configure

a communication
between two
different S7-PLCSIM
Advanced instances
running on different
virtual computers and
hosted in a cloud
environment?
Siemens
S7-PLCSIM Advanced / V3.0 Up 2 / Cloud Industry
Online
https://support.industry.siemens.com/cs/ww/en/view/109793856 Support
 This entry originates from Siemens Industry Online Support. The conditions of use
specified there apply (www.siemens.com/nutzungsbedingungen).

Security Siemens provides products and solutions with industrial security functions that support the
Informati secure operation of plants, systems, machines and networks.
on In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions only form one element of such a
concept.
Customers are responsible to prevent unauthorized access to their plants, systems,
machines and networks. Systems, machines and components should only be connected
to the enterprise network or the internet if and to the extent necessary and with
appropriate security measures (e.g. use of firewalls and network segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be taken into
account. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends to apply product updates as soon as available and
to always use the latest product versions. Use of product versions that are no longer
supported, and failure to apply latest updates may increase the customer’s exposure to
cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security
RSS Feed under http://www.siemens.com/industrialsecurity.
© Siemens 2021 All rights reserved

Contents
1 Introduction ........................................................................................................ 3
2 SoftEther ............................................................................................................. 4
2.1 Configuration ........................................................................................ 4
2.2 Server Settings ..................................................................................... 6
2.3 Client .................................................................................................. 18
3 S7-PLCSIM Advanced ..................................................................................... 22
3.1 S7-PLCSIM Advanced Settings on the Client .................................... 22
3.2 S7-PLCSIM Advanced Setting on the TIA Portal Page ..................... 23
4 Download Settings in the TIA Portal .............................................................. 24

Entry ID: 109793856, V1.0, 03/2021 2

 1 Introduction

1 Introduction
The demand for computing power and computer resources in the field of virtual
commissioning is growing continuously. More and more complex simulations
require splitting the S7-PLCSIM Advanced instances across multiple VM instances.
Therefore, it is a logical step to outsource this required computing power to a cloud
and run the simulation there.

In this case, cross-communication between an S7-PLCSIM Advanced instance (the

virtual PLC ) and a second S7-PLCSIM Advanced instance located on a different
computer/VM is not possible. The reason for this is the promiscuous mode, which
S7-PLCSIM Advanced needs to enable the communication traffic of the virtual
Ethernet adapter across PCs. This promiscuous mode is not supported by cloud
services like AWS.

In the following description we show you how to configure a cross-computer/VM

communication between S7-PLCSIM Advanced instances and the TIA Portal using
the open source software "SoftEther VPN".

This gives you the following advantages:

• You can distribute TIA Portal and S7-PLCSIM Advanced instances to different
computers/VM for virtual commissioning and scale them in the cloud.
•
© Siemens AG 2021 All rights reserved

The Layer 2 tunneling protocol is supported with the open source software
"SoftEther VPN".

Requirements
You need S7-PLCSIM Advanced V3.0 Update 2 or higher.

Entry ID: 109793856, V1.0, 03/2021 3

 2 SoftEther

2 SoftEther
2.1 Configuration
For a working configuration, install a SoftEther VPN and a VPN client for each
communication partner.
© Siemens AG 2021 All rights reserved

Figure 1 - VM setup option 1

Entry ID: 109793856, V1.0, 03/2021 4

 2 SoftEther

To reduce the number of VMs required, you can optionally install the VPN server
and the VPN client on the same computer.
© Siemens AG 2021 All rights reserved

Figure 2 - VM setup option 2

Entry ID: 109793856, V1.0, 03/2021 5

 2 SoftEther

2.2 Server Settings

After installing SoftEther Server, you will find the Server Manager icon on the
desktop.
1. Double-click the icon to open the Server Manager and click "New Setting".
© Siemens AG 2021 All rights reserved

Figure 3 - Making VPN server settings

Entry ID: 109793856, V1.0, 03/2021 6

 2 SoftEther

2. To configure the server setting, select the setting name in the "Setting Name"
pop-up window, "PLCSIM_Adv", for example.
3. Enable the option "Connect to Localhost".
4. Then select one of the available TCP ports for "Port Number".
Note
To select the "Port Number", you need to enable it in the network.
5. Define the password for the connection to the Administration Mode and confirm
with OK.
© Siemens AG 2021 All rights reserved

Figure 4 - Configuring the server settings

Entry ID: 109793856, V1.0, 03/2021 7

 2 SoftEther

6. Open the server settings by double-clicking the newly created setting, in this
example "PLCSIM_Adv".
© Siemens AG 2021 All rights reserved

Figure 5 - Opening the server settings

Entry ID: 109793856, V1.0, 03/2021 8

 2 SoftEther

7. Create a virtual hub in the following dialog. You do this by clicking "Create a
Virtual Hub".
© Siemens AG 2021 All rights reserved

Figure 6 - Creating a virtual hub

Entry ID: 109793856, V1.0, 03/2021 9

 2 SoftEther

8. Assign a name for the virtual hub, "VPN_PLCSIM_Adv", for example.

9. Enter an administrator password for the hub. Confirm the password and close
the dialog with OK.
© Siemens AG 2021 All rights reserved

Figure 7 - Configuring a virtual hub

Entry ID: 109793856, V1.0, 03/2021 10

 2 SoftEther

10. Open the Settings of the virtual hub by clicking the "Manage Virtual Hub"
button.
© Siemens AG 2021 All rights reserved

Figure 8 - Managing a virtual hub

Entry ID: 109793856, V1.0, 03/2021 11

 2 SoftEther

11. Click "Manage Users" to open the user interface.

© Siemens AG 2021 All rights reserved

Figure 9 - Managing users

Entry ID: 109793856, V1.0, 03/2021 12

 2 SoftEther

12. Create at least one user in the following dialog.

Figure 10 - Creating a new user

© Siemens AG 2021 All rights reserved

Entry ID: 109793856, V1.0, 03/2021 13

 2 SoftEther

13. Configure the user as follows:

• Assign a user name.
• Select "Password Authentication" for the authentication type.
• Define a password.
14. Click OK to close the dialog.
This user will later be used by the VPN client to access the server
© Siemens AG 2021 All rights reserved

Figure 11 - Configuring users

Entry ID: 109793856, V1.0, 03/2021 14

 2 SoftEther

15. Then open the access management by clicking the "Manage Access Lists"
button.
© Siemens AG 2021 All rights reserved

Figure 12 - Managing access lists

Entry ID: 109793856, V1.0, 03/2021 15

 2 SoftEther

16. Create a new IPv4 access rule by clicking "New (IPv4)".

© Siemens AG 2021 All rights reserved

Figure 13 - Creating access rules

Entry ID: 109793856, V1.0, 03/2021 16

 2 SoftEther

17. For "Memo" you enter the name "plcsimCommunication".

18. Set the protocol type to "All IPv4 / IPv6 Protocols".
Note
With this setting, no filter is configured for the virtual hub.
19. Click OK to close the dialog.
© Siemens AG 2021 All rights reserved

Figure 14 - Managing access rules

Entry ID: 109793856, V1.0, 03/2021 17

 2 SoftEther

2.3 Client
After successfully configuring the VPN server, you must make the following
configuration settings for each VM that participates in the cross-communication.
1. Start the Client Manager and add a VPN connection.
© Siemens AG 2021 All rights reserved

Figure 15 - Adding a VPN connection

2. Acknowledge the subsequent message with "Yes".

Figure 16 - Creating a virtual network adapter

Entry ID: 109793856, V1.0, 03/2021 18

 2 SoftEther

3. Enter the name of the virtual network adapter in the dialog that opens. The
name of the virtual network adapter must be VPN optionally followed by any
number between 2 and 127.

Figure 17 - Naming a virtual network adapter

4. In the pop-up window for "Setting Name" you select the name of the setting, in
this example "PLCSIM_Adv".
5. For "Host Name" you enter the IP address of the server. To do this, select the
IP address of the network interface connected to the cloud network.
6. Select the same port number that was configured in the Server Manager
© Siemens AG 2021 All rights reserved

settings.
7. Select the name of the virtual hub from the "Virtual Hub Name" drop-down
menu, in this example "VPN_PLCSIM_Adv".

Figure 18 - Configuring the client connection settings

Entry ID: 109793856, V1.0, 03/2021 19

 2 SoftEther

8. The VPN network adapter and PLCSIM Advanced must be in the same
subnetwork. Therefore, configure a unique IP address and the corresponding
subnet mask.
© Siemens AG 2021 All rights reserved

Figure 19 - Configuring VPN network adapters

Entry ID: 109793856, V1.0, 03/2021 20

 2 SoftEther

9. Connect the client to the VPN network. For this you right-click the created VPN
connection "PLCSIM_Adv” and select the "Connect" in the pop-up menu.
© Siemens AG 2021 All rights reserved

Figure 20 - Connecting the VPN client

Entry ID: 109793856, V1.0, 03/2021 21

 3 S7-PLCSIM Advanced

3 S7-PLCSIM Advanced
Install S7-PLCSIM Advanced V3.0 Update 2 or higher on all participating VMs
including the VM that you are using for the TIA Portal Engineering Station.

3.1 S7-PLCSIM Advanced Settings on the Client

1. Open the "Control Panel" dialog of S7-PLCSIM Advanced.
2. For Online Access you select "PLCSIM Virtual Eth. Adapter".
3. For "TCP/IP communication with" you select the adapter "VPN – VPN Client".
4. In the "Instance name" field you enter the name of the instance.
5. Click the "Start" button to close the Setup.
6. Repeat steps 1 through 5 for all of the clients.
© Siemens AG 2021 All rights reserved

Figure 21 – S7-PLCSIM Advanced client setting

Entry ID: 109793856, V1.0, 03/2021 22

 3 S7-PLCSIM Advanced

3.2 S7-PLCSIM Advanced Setting on the TIA Portal Page

Install S7-PLCSIM Advanced also on the VM on which you have installed TIA
Portal.
1. Open the "Control Panel" dialog of S7-PLCSIM Advanced.
2. For Online Access you select "PLCSIM Virtual Eth. Adapter".
3. For "TCP/IP communication with" you select the adapter "VPN – VPN Client".
4. Then close the dialog with "Exit". No further action is required.
© Siemens AG 2021 All rights reserved

Figure 22 – S7-PLCSIM Advanced setting in TIA Portal

Entry ID: 109793856, V1.0, 03/2021 23

 4 Download Settings in the TIA Portal

4 Download Settings in the TIA Portal

1. In TIA Portal you select the menu command "Online > Extended download to
device".
2. For the PG/PC interface you select "Siemens PLCSIM Virtual Ethernet
Adapter". After selecting the PG/PC interface, the pop-up window for
"Connection to interface/subnet" is no longer grayed out.
3. Select the "Connection to interface/subnet" configured in the Device
Configuration and then click the "Start search" button.
Note
For loading your STEP 7 program on S7-PLCSIM Advanced it is necessary to
select the Siemens PLCSIM Virtual Ethernet Adapter in the dialog "Advanced load
in device". Then load the device.
© Siemens AG 2021 All rights reserved

Figure 23 - Download setting in the TIA Portal

Entry ID: 109793856, V1.0, 03/2021 24