Transcription
DeltaV Distributed Control SystemProduct Data SheetApril 2021DeltaV Remote ClientRemote Client with 2FARemote Desktop GatewayFirewallDMZEmerson SmartFirewallL2.5 NetworkDeltaV WorkstationsRemote Desktop Server(Professional Plus orOperator Station node)Firewall-IPDDeltaV Area Control NetworkControllers and I/OFirewall Remote engineering and operator consolesIntroduction View Multiple DeltaV Systems from asingle workstation Remote Operator Station over low speedand dial up communications links Uses thin-client architecture Upgrades are EASY!DeltaV Remote Client is the solution for remote connectivityto DeltaV systems using session-based Microsoft RemoteDesktop Protocol (RDP) and it allows you to locate full-functionDeltaV operator and engineering workstations remote fromthe DeltaV control network. Engineers can configure andtroubleshoot DeltaV systems from their desktops with a directLAN connection or from remote locations using any Microsoftsupported communications method. Operator Interfacecapabilities are also provided to personal computers orthin-client hardware located on or through the L2.5 network.
DeltaV Remote ClientBenefitsRemote engineering and operator consoles:Operate, configure, and diagnose your process from locationsoutside your DeltaV control network while still using yourDeltaV and Windows security. From a single remote clientyou can easily open multiple windows to simultaneously viewdifferent DeltaV systems.View Multiple DeltaV Systems from a single workstation:You can easily switch the connection between different DeltaVsystems. You can connect using any existing computer sharedwith other functions. Your engineers and operators can bewherever they need to be and still manage the process.You can configure, operate, and troubleshoot the systemfrom a computer located anywhere in the world. Just make aconnection to the Remote Desktop Server and you can accessall the functions that are normally available to you.Maintain your configuration, run diagnostics, build displays,and help operators troubleshoot the process without goingto the control room or traveling to the site.Remote Operator Station over low-speed communicationslinks: DeltaV Remote Client provides the flexibility to operateor configure your plant from an onsite remote networkconnection or from hundreds of kilometers away using standardcommunications hardware, including satellite, microwave,or Virtual Private Networks (VPN).Uses thin-client architecture: DeltaV Remote Client usesMicrosoft Remote Desktop Services technology to provide theclient connection to the server. DeltaV software does not needto be installed on the remote client. The client does not requirehigh power or sophisticated workstation hardware to function.Product DescriptionDeltaV Remote Client is a thin-client application that connectsthrough a DeltaV server (the DeltaV Remote Client server)that is set up with the Microsoft Remote Desktop Server(formerly Terminal Server) role enabled. Supported DeltaVservers that can have this role enabled are: ProfessionalPLUS,or a DeltaV server licensed as a Base Station or Operator Station.DeltaV Remote Client provides full remote capability to allDeltaV applications configured for remote access. These remoteworkstations are physically connected to the Remote DesktopServer through the L2.5 network.The communications between the remote clients and theDeltaV Remote Client servers in the system utilize theMicrosoft Remote Desktop Protocol (RDP). This session-basedwww.emerson.com/deltavApril 2021RDP communication is valid for DeltaV systems where theDeltaV Remote Client server is a physical server machine, or it isa virtual machine running in a DeltaV virtualization host server.A remote client may be utilized for Operator, Engineeringor Maintenance needs. Each remote session functions as anindividual station with the same capabilities as a connectedworkstation. On direct high-speed LAN connections, users maynot even realize they are working at remote terminals.The DeltaV Remote Client uses the standard Microsoft securityand standard DeltaV security to prevent unauthorized use ofthe DeltaV applications. Users on the network who do not haveauthorization are denied access to the server, while authorizedDeltaV users are allowed access according to their normalDeltaV security privileges.In addition, each session can be reserved for a specificgroup of users or group of client nodes both to help preventunauthorized access and to ensure that sessions are keptavailable for critical users.A remote client can connect to multiple servers on differentDeltaV systems. This will allow multiple engineering windowsto be open on the same monitor at the same time. The user canalso transfer configuration files, displays, and other informationamong the different DeltaV systems using the client PC.If the client workstation is equipped with multiple monitors,the different remote client session windows can be positionedacross these monitors. Remote windows can also be used ona dual monitor window arrangement.Operator CapabilitiesEach remote client operator session is totally independent andcan have its own set of assigned areas. Alarms are reportedonly to the session(s) to which those areas are assigned –just like a standard operator station. Alarms can follow theoperator from one terminal to another by logging into thesame session on each remote client terminal. DeltaV usershave all the same control capabilities as they would on any otherDeltaV station. Operational capabilities are designed to followthe user. Users can navigate through displays, select items,make control actions, view trends, view events, view historicaldata from any historian, and perform all their tasks. No specialsetup or conversion is required. All the display navigation,toolbar buttons, alarm banners, and data work the sameas on a standard DeltaV Operator Station.Audible alarm is supported on any remote client that has asound card. Alarms are sent from the server for local alarming.From the client, the user can silence the horn, acknowledgealarms, and participate in global horn acknowledgment groups.2
DeltaV Remote ClientThe Microsoft Remote Desktop Connection software can belaunched on a DeltaV operator workstation that will allow theoperator or engineer to access other DeltaV systems from anoperator workstation. Operators in a central control room canuse the remote client to monitor and control other DeltaVsystems during off-shifts when other control rooms might beunmanned or as an “extra pair of hands” during plant startupor shutdown. The engineer can access other DeltaV systems forengineering tasks that allows engineering to be done from asingle centralized location.Engineering CapabilitiesThe remote client can perform any engineering andconfiguration function. From the remote client, you can setup your system using the DeltaV Explorer, configure andtroubleshoot controller modules using Control Studio andControl Studio Online, and build operator displays and trendcharts for use on other workstations.The DeltaV Remote Client provides access to real-time datafor engineering applications such as Control Studio Onlineand operating data for display development. Any or all theremote client sessions can be licensed as Professional Stations.The DeltaV Remote Client server will support up to fifteenconcurrent engineering users with up to sixty total databaseconnections (see information below for more information onremote engineering sessions).April 2021A standard Microsoft server role called Remote DesktopGateway can be enabled on jump servers sitting outside ofthe DeltaV security boundaries (e.g. L3 or DMZ networks) toprevent direct connections between remote clients and theDeltaV Remote Client servers. Information on how to set upthe Remote Desktop Gateways for the secure remote accessto DeltaV can be found in Books- OnLine (DeltaV v13.3.1and higher).ArchitectureDeltaV Remote Client is implemented via a client computerand a server computer. The server computer is a DeltaV nodewith DeltaV software installed. This node can be either theProfessionalPLUS Station or another DeltaV server licensed asan Operator Station or Base Station that is specifically dedicatedto serving DeltaV information to remote clients. An ApplicationStation cannot be used as a DeltaV Remote Client server.The client computer can be any Windows-based computeror thin-client hardware capable of running the MicrosoftRemote Desktop Connection software. DeltaV software is notinstalled on this computer, so a DeltaV-compatible workstationis not required for the client application.System SetupThe remote sessions can also be licensed as a DeltaVMaintenance Station to allow your maintenance shop to usethe remote client to monitor device alerts and DeltaV systemhealth from any PC. Since the client can make connections tomultiple systems at the same time one computer can serve asthe Maintenance Station for several DeltaV systems.A remote client session can be connected to any RemoteDesktop Server on the DeltaV system. Remote clients areconnected using standard Ethernet communications anddo not use the redundant DeltaV Control Network forcommunications. As with any outside connection to theDeltaV system, we suggest that a perimeter firewall is installedat the L2.5 network. In the event of a client failure, simply useanother workstation to log into the DeltaV system. In the eventof a server failure, you can log into any other Remote DesktopServer configured on the DeltaV system if available.Secure Remote Access to DeltaV SystemsDeltaV Remote Client Support with DeltaV OperateThe DeltaV Remote Client solution supports two-factorauthentication and jump servers to further protect theremote access to DeltaV systems.A single Remote Desktop Server allows users to host amaximum of fifteen (15) concurrent engineering sessions forDeltaV Operate. If the server is the ProfessionalPLUS station,a maximum of seven (7) concurrent sessions is recommended.Maintenance CapabilitiesFor Two-Factor Authentication, the user is required to havea smart card and card reader attached to the client PC andthe Remote Desktop session must be configured to share thesmart card information so that the Remote Desktop Server canuse it as the first level of authentication. The PIN is the secondlevel of authentication and is manually entered by the user.Additional information can be found in the Smart CardTwo-Factor Authentication white paper. Jump servers can beinstalled to enhance the DeltaV Remote Client solution security.www.emerson.com/deltavFor operations (runtime), a single Remote Desktop Serverthat is licensed as an Operator or Base Station can hosta recommended maximum of eight (8) concurrent remoteoperator sessions running DeltaV Operate, Note the totalnumber of datalinks should not exceed 12,000 acrossall sessions.3
DeltaV Remote ClientDeltaV Remote Client Support with DeltaV LiveThe Standard tier of DeltaV Live is included with all DeltaVsystems beginning in version 14.LTS; no additional licenses arerequired for remote clients using the Standard tier. For thePremium tier of DeltaV Live, each remote session will requirea DeltaV Live Operations Premium Performance Packlicense (VE2104P01).When the Remote Desktop Server is an Operator orBase station, support for DeltaV Live in v14.LTS is providedfor the following. A total of 12,000 datalinks across all sessions Up to 5 concurrent runtime sessions (not exceeding the12,000 datalink limit). Up to 8 concurrent runtime sessionscan be achieved by: zIncreasing the allocated virtual CPUs to 16 for a VRTXenvironment, orzUsing a dual-processor RAID 10 physical machineUp to 10 concurrent engineering sessions. Up to 15concurrent engineering sessions can be achieved for amachine with 32GB of RAM by:zTemporarily increasing the allocated virtual CPUs to 16for a VRTX environment, orzUsing a dual-processor RAID 10 physical machineWhen the Remote Desktop Server is a ProfessionalPLUS,support for DeltaV Live in 14.LTS is provided for: A total of 12,000 datalinks across all sessions Up to 4 concurrent runtime sessions (not exceeding the12,000 datalink limit) Up to 4 concurrent engineering sessions Up to 7 concurrent engineering sessions can be achieved for amachine with 32GB of RAM by:zTemporarily increasing the allocated virtual CPUs to 16 fora VRTX environment, orzUsing a dual-processor RAID 10 physical machineApril 2021number of virtual processors (CPUs) allocated increased to16 and should be assigned 32GB of RAM. A dual-processorserver such as those in RAID 10 machines is recommended forphysical machines.If normal use will require more than four (4) concurrent runtimesessions in constant use, we strongly recommend a dedicatedserver for engineering sessions and another for operatorsessions instead of a single shared server.All concurrent sessions can be open at the same time as longas the total of all datalinks on all open displays does not exceed12000 links. Full operator, display development and “view only”sessions all count against the active link limit.Users are encouraged to consider a dedicated server for theDeltaV Remote Client server. A DeltaV server licensed as a BaseStation or Operator Station can be configured as a RemoteDesktop Server for this purpose. In this case, the DeltaVRemote Client server sole purpose is to host remote sessions.The ProfessionalPLUS Station can be used as a DeltaV RemoteClient server primarily to support systems that require limitedremote access for troubleshooting and less than full-timeoperator tasks. The ProfessionalPLUS station may be used forall its typical functions. However, when the ProfessionalPLUSstation is also used for local engineering, it can impact theresponse time to the remote client sessions and reduceperformance. If higher performance engineering and operatoraccess is desired on the remote clients, a dedicatedDeltaV Remote Client server should be used.Concurrent sessions can also be a combination of engineeringand operator sessions. When the Remote Desktop Serveris part of a virtual DeltaV Virtual Studio environment where highnumbers concurrent of engineering and runtime sessions(e.g. 5) are desired, default settings for virtual processorsand memory should be temporarily increased for optimalperformance; virtual Remote Desktop Servers should have thewww.emerson.com/deltavSessions can be reserved for use by specific users and nodes toensure availability for critical uses.4
DeltaV Remote ClientData AccessibilityThe DeltaV Remote Client server can be set up with a localDeltaV Continuous Historian and Event Chronicle. The servercan collect up to 250 parameters in a local DeltaV ContinuousHistorian. The server can collect alarms and events for allthe areas assigned to the Alarms and Events subsystem onthe server. This data can be seen by any of the remote clientsessions with the Process History View application. The ProcessHistory View application on a remote client can also be usedto view the alarms and events from an Event Chronicle on anyother DeltaV workstation.April 2021The DeltaV Remote Client server supports a single copy of thesettings for the Batch Operator Interface. All sessions using theBatch Operator Interface from one server will use the same setof filters, column widths, colors and other user- configurablesettings in the application. Changes made to the settingswill be reflected in all sessions and not limited to the specificsession making the changes. This includes the setting of whichBatch Executive the Batch Operator Interface is connecting to.This also applies to the Campaign Manager Operator Interface.All sessions from the same server will use the same settings.DeltaV Explorer showing setup for Remote Clients.www.emerson.com/deltav5
DeltaV Remote ClientApril 2021Remote Session OptionsPerformance and IntegrityEach remote client session can support a different setof functionality. Remote client sessions are sized and set upexactly as you would configure a local workstation.There are many factors that will influence the performanceof the remote client including communications method andspeed, type of server used for the DeltaV Remote Client server,type of computer used as the remote client, number and typeof sessions connected to the DeltaV Remote Client server.For example, to configure a remote operator session,choose an appropriate Operator Station license, full spanfor alarming in that session. To configure a remote engineeringsession, choose an appropriate Professional Station license,full span for alarming in that session. If no alarming is required,only the zero span Operator or Professional Station licenseis necessary.A DeltaV Remote Client session can be used on aDeltaV Operator Station that will allow the plant operatoror engineer to use the DeltaV Remote Client to access andcontrol other DeltaV systems from the operator workstation.A remote, view-only workstation can be created by choosingan Operator Station and setting up the DeltaV security for eachuser of the view-only workstation so that users do not haveauthority to make operating or engineering changes.Remote engineering sessions are included in the maximum of60 database connections to the ProfessionalPLUS. This meansthat once the 60 database connections are consumed at theProfessionalPLUS, no further engineering applications can bestarted from any workstation – remote or local.Communications and speedPerformance of the remote client is highly dependent onthe speed of communications, type of communications link,and network traffic.For local, high speed LAN communications; the performanceof all functions is comparable to a directly connected DeltaVworkstation. For WAN and all other non-LAN communications(microwave, satellite, etc.), the performance can vary from2 to 10 times slower than a LAN connection. For example,operations that take 2 seconds at LAN speeds can take10-12 seconds at modem speeds. Therefore, if you plan to use alow communication speed remote client session for an operatorinterface; it is critical that you specifically design displays foruse at this low speed. The use of bitmaps and large amountsof datalinks will seriously impact the performance of the client.Please contact your local Emerson Sales Office for supportdeploying DeltaV Remote Client on low speed networks.Communications and integrityWhen using DeltaV Operate, remote graphics editing sessionsallow a maximum of one copy of DeltaV Operate configuremode open on each server. This means that only one remotesession can be editing graphics at any one time for eachserver. If you require multiple concurrent display configurationsessions, multiple DeltaV Remote Client servers will have to beused. Additionally, Display Audit Trail does not support remotedisplay configuration.Communications integrity can be impacted by high networktraffic and poor communication connections. In wirelesscommunications, atmospheric conditions can impact speedof response and loss of communications. A dedicated controlLAN without a connection to the L2.5 network provides a highlevel of integrity. An open L2.5 network with general businessnetwork traffic, satellite, microwave, wireless or other non-LANconnections all provide a medium level of integrity.When using DeltaV Live, each remote session supports fullfunctionality of Graphics Studio for editing displays. DeltaV Livesupports concurrent engineering and you can take advantageof DeltaV Remote Client sessions for this purpose. DeltaV Livedoes not yet support Display Audit Trail.Computer hardwareThe remote client subsystem is available in the DeltaV Explorerunder the ProfessionalPLUS and Operator Station nodes(Base Stations are defined as Operator Stations inDeltaV Explorer). Configuration is easy, requiring only theassignment of plant areas to define the span of control. If youneed to ensure that specific workstations or users will alwaysbe able to log onto a remote session, you ca
the DeltaV control network. Engineers can configure and troubleshoot DeltaV systems from their desktops with a direct LAN connection or from remote locations using any Microsoft-supported communications method. Operator Interface capabilities are also provided to personal computers or thin-client hardware
