s
Desigo™ Web Principles, setup and installation, V5 Engineering manual
CM110510en_04 31.03.2012
Building Technologies
Siemens Switzerland Ltd Infrastructure & Cities Sector Building Technologies Division Gubelstrasse 22 CH-6301 Zug Tel. +41 41-724 24 24 © 2005-2012 Siemens Switzerland Ltd Subject to change
www.siemens.com/sbt 2 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5
CM110510en_04 31.03.2012
Table of contents 1
About this document.................................................................................... 6
1.1
Revision history .............................................................................................. 6
1.2
Reference documents .................................................................................... 6
1.3 1.3.1 1.3.2 1.3.3 1.3.4
Before you start .............................................................................................. 7 Trademarks .................................................................................................... 7 Copyright ........................................................................................................ 7 Quality assurance ........................................................................................... 7 Document use / request to the reader ............................................................ 7
1.4
Document validity ........................................................................................... 8
1.5
Target readers ................................................................................................ 8
1.6
Contents ......................................................................................................... 8
1.7
Document structure ........................................................................................ 8
1.8
Printing conventions ....................................................................................... 9
2
Principles of Desigo WEB.......................................................................... 11
2.1 2.1.1 2.1.2
Desigo Insight architecture ........................................................................... 11 Requirements in terms of architecture.......................................................... 11 DI server with remote Web applications ....................................................... 11
2.2 2.2.1 2.2.2 2.2.3 2.2.4
Project topologies ......................................................................................... 12 Distribution of the software components ...................................................... 12 Reference topology for small Desigo WEB sites .......................................... 13 Reference topology for medium-scale Desigo WEB sites ............................ 13 Sample topology for large Desigo WEB sites ............................................... 14
2.3 2.3.1 2.3.2 2.3.3 2.3.4 2.3.5
Network security ........................................................................................... 15 Protective measures ..................................................................................... 15 General port settings for Desigo Insight ....................................................... 18 Port settings for Web Project Creator ........................................................... 18 Subsystem-specific port settings .................................................................. 18 Editing ports in Windows 7 firewall ............................................................... 19
2.4 2.4.1
Access protection ......................................................................................... 21 Principle of operation .................................................................................... 21
2.5 2.5.1 2.5.2
Desigo WEB licensing .................................................................................. 22 Licensing model............................................................................................ 22 Examples of the licensing of Desigo WEB projects ...................................... 23
3
Project engineering procedure ................................................................. 26
3.1 3.1.1 3.1.2 3.1.3
Overview....................................................................................................... 26 Planning the Desigo WEB project ................................................................ 27 Installing the hardware/software ................................................................... 27 Creating and commissioning the Desigo WEB project ................................. 28
4
Planning a Desigo WEB site ...................................................................... 29
4.1
What to establish at the start of the project .................................................. 29
4.2 4.2.1 4.2.2 4.2.3 4.2.4
Influence of Desigo WEB on project planning ............................................. 30 Installation .................................................................................................... 30 Distribution of the main components ............................................................ 30 IT environment.............................................................................................. 30 Selecting the optimum topology ................................................................... 31
4.3
Selecting the hardware/software components .............................................. 32 3 / 121
Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Table of contents
CM110510en_04 31.03.2012
4.3.1
Hardware/software requirements ..................................................................32
4.4 4.4.1
Communication requirements .......................................................................34 IIS compression ............................................................................................36
5
Installing Desigo WEB ................................................................................37
5.1
Prerequisites .................................................................................................37
5.2
.NET Framework ...........................................................................................37
5.3 5.3.1 5.3.2 5.3.3
Installing Web server (IIS) .............................................................................38 Web server for Desigo WEB .........................................................................38 Installing IIS components on a workstation ...................................................39 Installing IIS components on a server ...........................................................41
5.4 5.4.1 5.4.2 5.4.3
Installing Desigo Insight ................................................................................43 Prerequisites .................................................................................................43 Uninstall earlier version of Desigo Insight .....................................................44 Installing Desigo Insight ................................................................................44
5.5 5.5.1
Basic Web components ................................................................................44 Installing basic Web components .................................................................44
5.6 5.6.1 5.6.2 5.6.3
Web Project Creator .....................................................................................46 Web Project Creator .....................................................................................46 Installing Web Project Creator ......................................................................46 Miscellaneous ...............................................................................................47
6
Creating and backing up a Web project ...................................................48
6.1 6.1.1
Prerequisites .................................................................................................48 Desigo Insight project ready to run ...............................................................48
6.2 6.2.1
Workflow .......................................................................................................49 Overview .......................................................................................................49
6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7
Working with Web Project Creator ................................................................50 Introduction ...................................................................................................50 The user interface .........................................................................................51 Authentication ...............................................................................................52 Computer Settings ........................................................................................52 Project Settings .............................................................................................53 Creating the Web project ..............................................................................53 Upgrade a WEB project ................................................................................56
6.4 6.4.1 6.4.2 6.4.3
Creating a Web project manually ..................................................................57 Starting point .................................................................................................57 Setting up the Web project manually on the Web server ..............................58 Modifying the configuration files ...................................................................59
6.5 6.5.1 6.5.2
Backing up/restoring the Web project ...........................................................60 Creating a backup copy ................................................................................60 Restoring a backup copy ..............................................................................61
7
Importing the Desigo Insight plant graphics............................................62
7.1 7.1.1
Principles ......................................................................................................62 Principle of Web-page creation .....................................................................62
7.2 7.2.1 7.2.2 7.2.3
Desigo WEB graphics pages ........................................................................64 Plant pages and overview graphics ..............................................................64 Super genie pages in the HQ graphics standard ..........................................64 Country-specific super genie pages..............................................................64
7.3 7.3.1 7.3.2
Working with Web DIGG ...............................................................................65 Workflow for creating Web pages .................................................................65 Preparing Web DIGG ....................................................................................66
4 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Table of contents
CM110510en_04 31.03.2012
7.3.3 7.3.4 7.3.5 7.3.6 7.3.7 7.3.8 7.3.9
Setting the Web options ............................................................................... 67 Selecting pages to be converted .................................................................. 68 Generating Web plant pages ........................................................................ 69 Updating modified graphics pages ............................................................... 69 Generating Web super genie pages ............................................................. 70 Web DIGG reporting ..................................................................................... 71 Create FS20 WEB graphics ......................................................................... 72
7.4 7.4.1
Diagnostics and troubleshooting .................................................................. 74 Web Plant Viewer diagnostic tool ................................................................. 74
7.5 7.5.1 7.5.2 7.5.3 7.5.4
Preparing local standard graphics libraries for Web conversion .................. 76 General ......................................................................................................... 76 Definition of WebExclude / WebInclude ....................................................... 76 The Web.ini file ............................................................................................. 76 The CicodeMappingTable.txt file .................................................................. 79
7.6 7.6.1 7.6.2 7.6.3
Adapting files: Some practical examples ...................................................... 81 WebExclude ................................................................................................. 81 Cicode modifications .................................................................................... 84 New argument in ChangeValue function ...................................................... 91
7.7
Cicode function: OpenURL ........................................................................... 92
7.8 7.8.1
CtApi ............................................................................................................. 93 Cicode functions via CtApi............................................................................ 94
7.9
Starting Web Plant Viewer via URL .............................................................. 95
7.10
Language localization of plant graphics ....................................................... 97
8
Commissioning Desigo WEB .................................................................... 98
8.1 8.1.1 8.1.2
Setting up Desigo Insight user profiles ......................................................... 98 Setting up Desigo WEB users ...................................................................... 98 Setting up Desigo WEB user groups ............................................................ 99
8.2 8.2.1 8.2.2 8.2.3 8.2.4
Desigo WEB client ...................................................................................... 101 Definition of Desigo WEB client .................................................................. 101 Setting up a Desigo WEB client.................................................................. 101 Desigo WEB client commissioning workflow .............................................. 102 Simultaneous access to several Desigo WEB projects .............................. 105
9
Project-specific settings .......................................................................... 106
9.1
Configuration files ....................................................................................... 106
9.2 9.2.1
Web.config.................................................................................................. 107 Setting language conventions ("culture").................................................... 107
9.3 9.3.1 9.3.2 9.3.3
Project.config .............................................................................................. 109 Project-specific and custom settings .......................................................... 109 Configuring the user functions .................................................................... 110 Setting the highlight color in the Plant Viewer ............................................ 112
10
FAQs (Frequently asked questions) ....................................................... 113
Index
118
5 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Table of contents
CM110510en_04 31.03.2012
1
About this document
1.1
Revision history
Version
Date
Changes
Section
V5.0
CM110510en_04 02.02.2011
V4.1
CM110510en_02 01.11.2009
V4.0
CM110510de_02 01.12.2008
V3.0
CM110510en_01 30.01.2007
Windows 7 adapt workflow .NET 4.0 Removed Vista Removed manual creation of web project Adapted web certification Windows 7 Windows Server 2008 SQL Server 2008 .NET 3.5 MSDE deleted Create FS20 Web graphics HTTPS .NET Framework version 2.0 IIS Version 6.0, 7.0 Authentication Upgrade WEB project Setting of highlight color in Plant Viewer IIS version 5.1
Pages
7.3.9 2.3.1 5.2, 6.5 5.3.1, 6.3.2, 8.1.1 6.3.3 6.3.7, 9.2.1 9.3.3 4.3.1, 5.3.1
.NET Framework version 1.1
5.2
ASP.NET version
6.5
Project Settings
6.3.4
Windows 2000 deleted
V2.35
CM110510en 15.9.2005
Document update (Document no, document date, version V2.35 V3.0) New V2.35
1.2 Documents for engineering and operation
Reference documents
Refer to the following documents for further information on the engineering and operation of Desigo Insight and Desigo WEB: Document title
Type of document
Order No.
Desigo WEB Web operation, V4, Getting started Desigo Insight Operating the management station, V4 Desigo Insight Installation and configuration, V4 Desigo Insight Engineering of user functions, V4 Desigo Insight Graphics engineering, V4 Desigo Technical principles, System limits
Operating instructions Operating instructions Engineering guide
CM110511en_02
Engineering guide
CM110592en_02
Engineering guide
CM110593en_02
Technical principles
CM110664en_03
CM110588en01_02 CM110588en02_02 CM110591en_02
6 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 About this document
CM110510en_04 31.03.2012
1.3
Before you start
1.3.1
Trademarks
The trademarks used in this document are listed together with their legal owners in the following table. The use of these trademarks is subject to international and national statutory provisions. Trademarks BACnet™ CitectSCADA Microsoft … Windows XP® Windows 7 Windows Server 2008 ® SQL Server 2008 SQL Server 2008 Express
Legal owner American National Standard (ANSI/ASHRAE 135-1995) Citect Pty. Ltd. see citect.com Microsoft Corporation see http://www.microsoft.com/TRADEMARKS/tmark/nopermit.htm
All the product names listed are trademarks (™) or registered trademarks (®) of their respective owners, as listed in the table. Further to the notes in this section, and to facilitate the reading of the text, these trademarks will not be indicated elsewhere in the text (e.g. by use of symbols such as ® or ™).
1.3.2
Copyright
This document may be duplicated and distributed only with the express permission of Siemens, and may be passed only to authorized persons or companies with the required technical knowledge.
1.3.3
Quality assurance
These documents have been prepared with great care. The contents of all documents are checked at regular intervals. Any corrections necessary are included in subsequent versions. Documents are automatically amended as a consequence of modifications and corrections to the products described. Please ensure that you are aware of the latest revision date of the documentation. If you find any lack of clarity while using this document, or if you have any criticisms or suggestions, please contact your local point of contact in your nearest branch office. Addresses for Siemens Regional Companies are available at www.siemens.com/sbt.
1.3.4
Document use / request to the reader
Before using our products, it is important that you read the documents supplied with or ordered at the same time as the products (equipment, applications, tools etc.) carefully and in full. We assume that the users of these products and documents have the appropriate authorization and training, and that they are in possession of the technical knowledge necessary to use the products in accordance with their intended application. More information on the products and applications is available:
7 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 About this document
CM110510en_04 31.03.2012
On the intranet (Siemens employees only) at https://workspace.sbt.siemens.com/content/00001123/default.aspx From your nearest Siemens branch www.siemens.com/sbt or your local system supplier From the headquarters support team at
[email protected] if no local point of contact is available.
1.4
Document validity
This document is valid for the Desigo WEB software as an add-on to Desigo Insight Version 5.
1.5
Target readers
The guide is written for qualified Desigo Insight engineers involved in project planning, installation, engineering and commissioning of Desigo WEB.
1.6
Contents
In order to limit the scope of this document, it focuses exclusively on technical aspects (e.g. software architecture, project topologies, network security, distribution of the main components, hardware & software requirements and licensing) and on aspects of engineering (e.g. engineering procedure, installing components, creating and setting up Desigo WEB projects, generating the Web plant graphics pages, commissioning and diagnostics). Scope not covered
For topics such as an overview of functions, marketing and sales information, comparison between the Desigo WEB and Terminal Server applications, user documentation etc. please refer to the Marcom materials (sales brochures, presentations, training documents etc.), and the full range of Desigo Insight documentation. (Refer to "Other important documents" in this section). This guide does not impart any general technical knowledge of IT environments or Web core technologies (e.g. principles of the Internet, HTML, XML, SVG, JavaScript etc.). In this context, you are referred to the locally available courses and general technical literature on these subjects.
Aim of this document
Reading this guide will enable the site engineer to install Desigo WEB, commission it and use it to run projects. The engineering procedure and the step-by-step workflow are described.
Prerequisites
The site engineer must have experience of Desigo Insight project engineering, be familiar with the Desigo Insight engineering documentation, and must have attended a Desigo WEB engineering training course.
1.7 Document structure
Document structure
This document is divided into the following sections: About this document Principles of Desigo WEB Project engineering procedure
Section 1 Section 2 Section 3
8 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 About this document
CM110510en_04 31.03.2012
Planning a Desigo WEB site Installing Desigo WEB Creating and backing up a Desigo WEB project Importing the Desigo Insight plant graphics Section 7 Commissioning Desigo WEB Project-specific settings Frequently asked questions (FAQ)
1.8
Section 4 Section 5 Section 6 Section 8 Section 9 Section 10
Printing conventions
Symbols used Caution
Example: Users with authorized access are able to modify or even delete data. The symbol shown here acts as a warning in cases where an action may result in permanent loss of data.
Tip
Where you see this symbol, you will find information which will help you to make best use – and correct use – of the software. The tips are based on practical experience, and are therefore always worth consulting.
Important notes
Important notes are printed on a grey background.
Trade names
All registered trademarks and trade names mentioned in this document are used with the sole intention of identifying the relevant products.
Typographical conventions Keys and fields in this document are identified by means of the conventions listed below. Representation of keyboard keys
Keys on the keyboard are shown between angular brackets < … >. Example: , Table of keys referred to in this manual: Key Shift key Enter key Control Delete key Insert Spacebar Backspace "Alternative" key Navigation keys Alt and letter “A” key
Description , , ,
9 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 About this document
CM110510en_04 31.03.2012
Elements of the application interface
In this manual, the various elements of the application interface are represented as follows: Element Dialog boxes, fields and tabs
Description The names of dialog boxes, tabs and fields in the Windows interface are shown in bold type. Example: In the Definitions dialog box, you can ….
Inputs in a field
In prompts inviting the user to enter a value, the value is shown in italics: Example: Enter "13" in the Series field. Keyboard inputs are shown in inverted commas "…" .
Buttons
Buttons are indicated in bold type. Example: Click Cancel in order to …. Example: Save. This invites the user to click the Save button.
Menus and menu options
The names of menus and the associated commands are shown in bold type. Example: Click the New Meters menu option in the Structures menu…
Command sequences
The individual steps in a sequence of instructions to be carried out in direct succession are separated by the symbol >. Example: System > Meters > right click > New Meters This sequence is instructing you to right-click the Meters option in the System menu, and to select New meters from the submenu which then appears.
Mouse clicks
Right-clicking and double-clicking is referred to explicitly in command sequences. In all other cases, a left click should be assumed.
Context menus
In most cases, right-clicking an item causes a context-sensitive menu to open.
Date and time format
The date and time format depends on the settings in your Windows operating system.
10 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 About this document
CM110510en_04 31.03.2012
2
Principles of Desigo WEB
2.1
Desigo Insight architecture
2.1.1
Requirements in terms of architecture
The main technical requirements of the new architecture for remote desktop/Desigo WEB client-server operation are: Operation of remote desktop or Desigo WEB client on operator stations not installed with Desigo Insight Extended client/server architecture, supporting concurrent use by several users The Desigo Insight must run without an interactive Windows user being logged in The Desigo Insight Server must run in the background even without an active desktop client application (such as the shell). The Desigo Insight Server must run in the background even without an active Web client application. The period of operation of the Desigo Insight server process does not depend on client applications. Client sessions can be operated both by different Desigo Insight users and by different Windows users. The architecture must support the distribution of the Desigo Insight software components (Desigo Insight server, Web server, SQL/MSDE, license server, Desigo WEB client applications and Desigo Insight desktop client applications) to different operator stations.
2.1.2
DI server with remote Web applications
For Desigo WEB, the Web server components may either be on the same operator station as the Desigo Insight service, or on a remote server as illustrated below.
11 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
Simplified architecture
2.2
Project topologies
2.2.1
Distribution of the software components
The architecture described in the previous section coupled with the freedom to distribute the components to different operator stations, gives rise in practice to a wide range of alternative topologies. The following is a simplified illustration of the new Desigo Insight architecture described above:
Desigo WEB Clients Clients Web Server (IIS)
DI Desktop Client Applications
DI Management Station (DI Server / License) Server)
Database Server (MSDE or SQL)
Process devices (Desigo / UVI)
This illustration will help you to determine which topologies are technically right for your site. In large projects with distributed components, a Web server and a number of management stations, it is also important to consider customer preferences, projectspecific IT aspects, hardware/software costs etc. Taken together, these considerations will help you design not only the technically correct topology, but also the optimum topology for your business case.
Design constraints
Your topology must take account of the following constraints: In each Desigo Insight project, there is one operator station on which the project directory resides (defined in Project Utility) For each Desigo Insight project, there is one SQL database server (defined in Project Utility, locally or on a separate server). Each Desigo WEB project has one Web server (local or separate Web server). The Desigo WEB project always resides on the Web server.
Reference topologies
Reference topologies have been compiled at HQ for the most common business cases. You should generally be able to find a suitable, supported variant on which to base your project. In the next sections, sample topologies for small, medium-scale and large sites are illustrated and discussed.
12 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
2.2.2
Reference topology for small Desigo WEB sites
All the main components (DI server, DI project, Web server, SQL server and Internet Explorer) are installed on one operator station. Desigo Insight Management station
Desigo WEB Client
Desigo WEB Client
BACnet / IP LAN (Ethernet) Desigo Installation
Examples of application:
In small sites, to upgrade an existing Desigo Insight operator station to a Desigo WEB server on the intranet. Best setup for small sites, for training purposes, commissioning tests in SBT project engineering offices.
Note:
If Desigo Insight is shut down, Desigo WEB ceases to be available on the Web client.
2.2.3
Reference topology for medium-scale Desigo WEB sites
Desigo Insight is set up for operation as a service on an industrial PC or server. The server is in a separate control panel, and can be protected from local power interruptions by an uninterruptible power supply. Desigo WEB Client
Desigo WEB Client Desigo WEB Clients
Desigo Insight Desktop Client
Internet
Internet Firewall
- IIS (Web Server) - DI als Dienst - SQL - Industrie-PC/Server - USV
Schaltschrank
BACnet
VISONIK
UNIGYR INTEGRAL SIMATIC
Desigo
Sinteso
OPC
DCS
PRU
PX
FS20
NCRS
S7
Examples of application:
13 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
The most common case: Average-sized plant (1000 to 2500 DPs) with one or two Desigo Insight desktop management stations for engineering and maintenance work; simultaneous access from several Desigo WEB clients for operation and monitoring. Main characteristics:
Desigo Insight runs continuously as a background service, regardless of whether or not a user is logged in at the management station. Operation and monitoring via Desigo WEB is possible at any time of day or night. Remote operation via the Internet is supported.
2.2.4
Sample topology for large Desigo WEB sites
Large sites are generally designed for multiple management station operation. Due to more stringent requirements in terms of the performance and security of the management stations, the Web server and, frequently, the database server (SQL) are set up on separate operator stations. Furthermore, in many cases, the building automation network is often integrated into the customer's corporate IT network. Desigo WEB Clients (remote)
DB Server (SQL)
Desigo WEB Clients (lokal)
SQL NET
Web
Web Server (IIS)
Firewall
DI Server
Firewall
.NET Remoting
LAN (Ethernet)
Intranet
Main features:
Mit Desigo Insight Desktop Mgt Stationen
BACnet
VISONIK
UNIGYR
INTEGRAL
SIMATIC
Desigo
Sinteso
OPC
DCS
PRU
NCRS
S7
PX
PX
Desigo Insight runs continuously as a background service, regardless of whether or not a user is logged in at the management station. Operation and monitoring via Desigo WEB is possible at any time of day or night. Remote operation via the Internet is supported. The Web server and database server are integrated into the customer's IT network.
14 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
2.3
Network security
2.3.1
Protective measures
Every user who connects to the Internet, and, in particular, every company which uses technology to integrate its own company-internal network (intranet) into the Internet, is taking risks. The two main risks are: Introduction of computer viruses which can cause anything from minor annoyance to total disruption. Access by unauthorized Internet users or programs to local private intranet domains or private PCs (programs and data). These can lead to the loss of data protection, and hence, to similarly catastrophic damage. As the result of catastrophes of this nature, and the increasing flood of virus-laden e-mails in recent years, software companies have developed protective measures which are available to the customer free of charge, or in exchange for a license fee. Virus protection programs and firewalls – in a reflection of the main risks – are now standard precautions. Virus protection programs
Every computer connected to the Internet/intranet must have a virus protection program. With Desigo WEB this applies to all Web clients, Web servers, database servers and the desktop management stations. The most common way of spreading computer viruses is through e-mail attachments. Even starting "unsafe" applications in the Internet carries this risk. To maintain their effectiveness, the virus protection programs must be updated regularly.
Firewalls
In the IT world, the term "firewall" refers collectively to the precautions necessary to increase network safety users of the Internet. The firewall is designed to prevent unauthorized Internet users from invading private networks (internal company intranets) or PCs connected to the Internet, and causing damage through unauthorized access. The firewall blocks any attempts (invisible to, and not requested by the user) to establish a connection with the computer. Normally, the "firewall" is an installed program with a user-specific configuration. The firewall software may be part of the PC operating system (e.g. Windows 7) or it may be purchased from a standard dealer and installed by the computer user.
Default settings
The user-specific configuration is not normally necessary for private Office users, as the manufacturer's default values are adequate in normal circumstances.
User-specific settings
The user-specific configuration of a firewall is only possible if the user has at least a rudimentary understanding of how the firewall works, and also knows the workings of the programs to be protected. For Desigo WEB in large project installations, it is absolutely essential to configure the various firewalls with user-specific settings, as without these, commissioning will fail. This section discusses the principles and gives details of the settings required.
15 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
How a firewall works
Firewalls prevent access by unauthorized Internet users and programs to private networks (intranets) and PCs connected to the Internet. A firewall checks all the services and messages (communication packets or datagrams) to or from the Internet and blocks any which do not fulfill the specified security criteria. Firewalls do not block required ports and software services.
Ports
The various programs need standard and program-specific services, which communicate, in turn, via service-specific ports. By connecting a firewall between them, it is possible to block certain ports. This stops unwanted programs from running and causing damage. At the same time, ports blocked by stringent default values set by the manufacturer can also prevent important services (as in the case of our Desigo WEB) from working. The entire software will then be unable to operate. The ports can be numbered from 0… 65535, whereby ports 0… 1023 are reserved for standard services. Port numbers 1024…49151 are for registered applications. The rest can be used for dynamic or private ports.
HTTPS
HTTPS is the hypertext transfer protocol with SSL encryption (SSL, secure socket layer). Desigo WEB supports HTTPS. However, a certificate is required which is available on the Internet. Installation of the certificate is described on the provider's web site.
Example for assigning a certificate
Example: Assign a certificate on Internet Information Services (IIS 7.0).The steps may differ on other IIS versions. The following example shows only the steps required after you download and install the certificate from a provider. (Help: http://technet.microsoft.com/de-de/library/cc771493(WS.10).aspx).
Assign
Prerequisite: IIS is installed. 1. Click Start and enter IIS in the search field. Available programs are listed. 2. Click IIS Manager to open the IIS Manager. 3. Select the WEB Server and double-click Server Certificates.
4.
In the right pane, click Actions on Complete Certifcates Request.
16 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
5.
6.
Binding
SSL setting
In the text field, enter on the page File Name containing the certification authority’s response the file path containing the answer of the certification authority, or click Browse to locate the file. Enter a friendly name for the certificate via the text field Friendly Name and click OK.
1.
Select the Default WEB Site and, in the right pane, click Actions on Edit Site > Bindings.
2. 3.
Click Add…. Enter the following data: Type: https SSL certificate: Your certificate Port: Port number (automatic from IIS)
4.
Click OK and Close.
1. 2. 3.
Select your and click SSL Settings. Select the Require SSL checkbox. Select the corresponding option Client Certificates.
4.
In the right pane, click Apply.
When you open the Desigo WEB project, prefix https:\\ is required. Note
If you have to assign a certificate to the Desigo WEB project for your customer, check in advance to make sure you have the certificate and register it on your computer, as getting a certificate may take several days depending on the provider. 17 / 121
Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
2.3.2
General port settings for Desigo Insight
Operation of Desigo WEB requires .Net Remoting services (Port 11111) between the Web server and Desigo Insight, and SQL Net services (Port 1433) between the Web server and the database server. The HTTP protocol and, communicating via HTTP, the standard Web protocol SOAP (Simple Object Access Protocol) operate between the Web server and the Web client, for which reason, Port 80 must not be blocked. This is illustrated simply below:
DI WEB Client
DI Server
WEB Server IIS
IE V6.0
Firewall
Firewall
Database Server
DI MgtSt
SQL
TCP / IP
Internet
Port 80 : HTTP SOAP
2.3.3
Intranet
DMZ
Port 11111 : .Net Remoting Port 1433 : SQL Net
Port settings for Web Project Creator
The Web server utility, "Web Project Creator" is used when setting up a Web project on the Web server. In order for this to work properly, Port 135 and Port 1027 must not be blocked. For each new Web project, a virtual project directory is opened in IIS (Internet Information Services) for this purpose. This requires Port 42424 to be open. The ports referred to in this section are required only while the Web project is being set up. Web Project Creator can then be uninstalled, and the ports can be blocked again.
2.3.4
Subsystem-specific port settings
Although these settings have nothing to do with Desigo WEB, it could be useful to know the key information in the event of an upgrade-project. PX, BACnet over IP
Please refer to the documentation for the PX subsystem and Desigo TOOLSET.
18 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
2.3.5
Editing ports in Windows 7 firewall
To protect your PC and to enable Desigo WEB to run by opening the relevant ports, you can use a standard commercially available firewall, or the one received with your Windows 7 (assuming this is the operating system you are using).
Adding ports in Windows 7 firewall
Proceed as follows: 1. 2. 3.
Click Start > Control Panel. Click System and Security. Click Windows Firewall. The Windwos Firewall window opens.
4.
In the left ribbon, select Advanced settings. The Windows –Firewall with Advanced Security window opens.
5.
In the left ribbon, click Inbound Rules.
6.
In the right ribbon, click New Rule…. The New Inbound Rule Wizard opens.
7. 8.
Select option Port and click Next. Select option TCP and enter the corresponding port number in Specific local ports.
19 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
9. 10.
Click Next and select option Allow the connection. Click Next and select the corresponding checkbox.
11.
Click Next and enter the name for the rule.
12.
Click Finish.
20 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
2.4
Access protection
2.4.1
Principle of operation
For the users of Desigo Insight desktop management stations, nothing has changed compared with the earlier version. Access protection is still based on the user name and an associated password. All users must be known in the system, and each user belongs to a user group for which a profile must have been set up in System Configurator by the system administrator. This profile defines the user functions that can be started by each user and the access rights of that user when working with the system. [+ WEB] Each defined user can also be defined as a Desigo WEB user. See 8.1, Setting up Desigo Insight user profiles.
User authentication
After evaluation of the many and various standard Internet authentication methods, a suitable and reliable option had to be selected for the Desigo WEB clients with access Desigo Insight via both the intranet and the Internet.
Digest authentication
A decision was made in favor of the "Digest Authentication" method, as this has two important advantages: Passwords are sent over the Internet only in encrypted form. The integrity of the URL data is checked (for Web experts: this means, for example, that the integrity of form information sent using the GET method is certified).
Note
The definition of a password is mandatory for all Desigo WEB users, as otherwise, user authentication over the Web is not possible. (A blank password is not valid!) Take care with the use of upper and lower case letters in the user name and password. Digest Authentication method requires considering of upper and lower case letters.
21 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
2.5
Desigo WEB licensing
2.5.1
Licensing model
The Desigo Insight licensing model is modular in structure, and scalable. The design must take account of the following licensing models:
Basic License
Basic license
Options
Data points
Multi User
The customer must indicate how many users (1…n) will be working at desktop management stations concurrently. The number of basic licenses ("Start feature set") is set on the basis of this information. If n is greater than 1, then, logically, a multi-user license must be configured. A "Start feature set" authorizes the following functions:
Desigo Insight application toolbar (shell) Log in Object Viewer Alarm Viewer Alarm Router Time Scheduler / Calendar System Configurator
For a Desigo WEB project, at least one basic license must be enabled for the operation of Desigo Insight on a desktop management station for maintenance, configuration and engineering activities. In this case, all other users have access via Desigo WEB clients (i.e. not via desktop management stations). Options
"Options" refers to the ability to tailor licenses for the numerous user functions to customer requirements. For Desigo WEB users, the following points must be taken into account: I.
The customer must indicate how many users (1…n) will concurrently require access to Desigo Insight via Desigo WEB.
The number of "Desigo WEB Operation CALs" is set as an option based on this information. Packages of 2, 5 and 20 are available. (CAL is the abbreviation for Client Access License"). Obtaining licenses
Every logged-in Desigo WEB user (per login/per session) obtains a Desigo WEB Operation CAL. If the same user is logged in several times, one CAL is obtained for each log-in procedure. However, with the same log-in (only one instance of the Internet browser) a user may have several "viewers" open at the same time on a client. The Web licenses are re-enabled approximately 30…60 seconds after Desigo WEB is closed, irrespective of the Web (ASP.NET) session time, which times out after 20 minutes.
22 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
II.
While the functions Plant Viewer Trend Viewer Log Viewer Reaction Processor (not available for Desigo WEB) Report Viewer must be licensed as options for Desigo Insight desktop users, the Desigo WEB Operation CALs always contain licenses for all Desigo WEB applications (the shell, Plant Viewer, Alarm Viewer, Log Viewer, Time Scheduler, Object Viewer, Trend Viewer and Report Viewer).
Note
However, if Citect is required to run on the desktop management station, then for projects involving Citect third-party integration, Citect report- or other Citect functions (see the CtApi section), at least one desktop Plant Viewer license must be enabled as an option.
Data points
In this module, licenses are set for the maximum number of data points per type Siemens data points Citect data points BACnet VIS data points The licensing of the data points is independent of the Desigo WEB application.
Multi User
"Multi-user" licensing applies to the number of desktop management stations used simultaneously, and is independent of the Desigo WEB application. Provided there is only one desktop management station, many Desigo WEB users can work at the same time without the need for a multi-user license.
2.5.2
Examples of the licensing of Desigo WEB projects
It might be best to illustrate the licensing procedure in relation to the reference topologies described earlier. Example 1:
– – – – –
Topology for a medium-scale Desigo WEB site (see "Project topologies") A desktop management station for engineering, configuration and maintenance work. Maximum 4 simultaneously logged-in Desigo WEB clients 1800 Siemens data points, Citect third-party integration with 700 Citect DPs. 2 house engineers and their manager must be able to work with the desktop management station or with Desigo WEB – Access must be provided to seven other building users, for sporadic monitoring and operation of their area of the building via Desigo WEB.
23 / 121 Siemens Building Technologies
Desigo WEB, Principles, setup and installation, V5 Principles of Desigo WEB
CM110510en_04 31.03.2012
Licensing for Example 1 must be configured as follows: Module
Licensing
Basic
Start Feature Set
Options
Data points
Multi User
Plant Viewer Trend Viewer Log Viewer Graphics Builder Pager Desigo WEB Operation CALs Siemens Citect BACnet VIS Single User Multi User 1st Multi User 2nd Multi User 3rd – 5th Multi User 6th
Example 1
Example 2
1x 1x 1x 1x 1x 2x 2x2 CALs