Platform Services Configuration
FrameWorX Servers provide the framework for all communications in GENESIS64. FrameWorX Servers can connect to and use other FrameWorX Servers. In order to understand how to configure Platform Services for your FrameWorX Servers, you must understand the following concepts:
Once you are familiar with these options, you can Configure Platform Services for Each Server and Enable Load Balancing.
Configure Platform Services for Each Server
Armed with the information described above, you must configure the platform services for each FrameWorX Server.
To Open the Platform Services Configuration:
-
Open the Workbench, then click on the Tools ribbon.
-
Select the Platform Services Configuration button in the Tools section of the Tools ribbon.
-
The Platform Services Configuration dialog box opens, and looks something like the following. The following options can be set through the Basic tab.
Server Configuration
- Select the Server Role:
- Standard. The server serves to clients or other FrameWorX Servers. The server supports security and aggregate requests from clients.
- Forwarding. By selecting this option, you are able to enter a computer name or IP address in the Advanced tab.
- Data Collector. This selection supports situations where you may have a remote Data Collector behind a firewall that needs to be reached by a logger. In this instance, the Hyper or Data Historian Collector talks to the FrameWorX Server using reverse network communications. Some point managers are disabled, and any tags, when scanned, will return as 'bad,' as this role is meant primarily for Hyper Historian rather than for GENESIS64.
- Optional) Clear the OPC UA interface checkbox to remove the server interface (it's selected by default).
Proxy Configuration
It is a place where you set up the address and port number of the web proxy server, which should be used by FrameWorX.
Web Server Endpoints and Public origin
The Web Server endpoint is the https URL address that security listens on. It is advisable to change the plus character in the URL to a specific DNS name, as a plus character here creates security vulnerabilities. Although technically possible, it is not advisable to change the path in the URL from the default /fwxserverweb/.
The Public Origin field can be used to change how the security advertises itself. This must contain the protocol and host as part of the URL only, without the trailing slash. For example: https://test.example.com. There are two use cases for this field:
- To advertise to clients that they should use the secure HTTPS instead of HTTP.
- To advertise the correct host name. This is especially necessary if running behind a reverse proxy server and cannot be inferred by the Security.
Reporting
You also have the option of clicking the "Enable Reporting to Server(s) in Azure or DMZ" checkbox in the Reporting section. Once checked, you can enter the server information in the 'Server URL/Click here to add new item' text box. The 'Enable Reporting to Server(s) in Azure or DMZ' option tells the server to actively connect to another server/other servers. On a local network, when a client is connected to server A and is going through server A to server B, server A initiates connection with B. This is not possible when server A is on Azure or DMZ, due to a firewall between server A and server B, which prevents server A from connecting to server B. But server B can initiate the connection to server A. Then, server A would use the connection to talk to server B (as if server A initiated it). This behavior is switched on with this checkbox. (Server B actively reports to serve A, rather than waiting for the connection from server A). A server may report to multiple other servers, which is why users are allowed to specify the list of servers to report to.
For each connection, you may select a communication protocol: WCF (obsolete) for compatibility with all the versions, or FWX.
In the Platform Services Configuration's Advanced tab, if you had set your Server Role in the Server Configuration section as Forwarding, you can enter the forwarding IP address in the "Forward To:" text entry field.
You can also add load balancing servers. The Load Balancing Servers section becomes available only if you have configured the server as a Primary or Secondary server.
- In the Server Name field, type the name of a server that has been cloned and is part of the load balancing group.
- Click the plus sign icon. The server is added to the list.
- Repeat
until each server in the load-balancing group has been added to the
list. Add all servers in the group excluding
the server you are configuring.
Platform Services Configuration - Advanced Tab
About Load Balancing and Redundancy
Load balancing is a way to scale your servers for large applications. It lets servers handle more clients and data. A server becomes the 'controlling' load balancing server when you specify a list of load balancing servers for it. If you don’t, that server itself will be ‘load-balancing’.
Servers in a Load Balancing Group
All servers in a load-balancing group must be clones of each other. They must have the same licensing and same security on their middle tier. Middle-tier servers share load balancing with other middle-tier servers; back-end servers share load balancing with other back-end servers.
How Load Balancing Works
In a group where load balancing occurs, one server intercepts client communications. After measuring the load on the other servers in the group, this server tells the client which load-balancing server to connect to. The primary server is the server that distributes the load; but if you have set up redundancy, both the primary and secondary servers are designed to distribute the load. The other servers -- those you have defined as load-balancing -- simply serve the clients that connect to the clients whose load they are designated to carry.
When a client session begins, load for that client is directed to a load-balancing server on the basis of the number of messages that are going through the server per second. (Messages, in this case, are requests, responses, and updates from the client.) The load-balancing server that is carrying the smallest load is assigned the client communication for the duration of the session. Load distribution occurs this way for middle-tier servers receiving communications from clients, but also for back-end servers receiving communications from middle-tier servers.
Controlling Expression
When an expression is entered in this text entry field (and any current changes to Platform Services Configuration are applied), the server will be considered available only when the entered expression evaluates to True.
- Prevent start in Demo Mode - When checked, the server will not start in Demo mode.
- Prevent start without Redundant License - When checked, the server will not start when the Redundancy license is not available.
- Read only - True to prevent writing to any OPC servers or point managers. See here for more info.
Server Enabling Point - When a tag is defined as a Server Enabling Point, it will shut the server off in case of an update with a value of zero or bad quality. It is particularly useful in a redundant scenario to prevent clients from talking to a server that is technically online but has incorrect data.
Warning: Once the server is disabled, it will refuse communication with all clients. This means access cannot be restored by writing a new value from a client. Do not choose a tag that would require a client write to restore access. Access can only be restored via a new update from the data source (such as the OPC server) that has a non-zero value and good quality.
- On the License tab, specify the server's licensing by choosing either Local License key (for the server to use its local license), Remote License (for the server to get a license from another FrameWorX Server) or Cloud License (for the server to use a cloud-based license).
Tag Counting Mode
This setting determines how tags are counted for licensing purposes.
- Advanced: Tags are counted on demand. Only currently in-use tags are counted, and tags that are released no longer count against the license. Any real-time tag can be used anywhere. AssetWorX use is not required. This setting is intended to be used by GENESIS64 Advanced licenses. GENESIS64 Advanced licenses are those that contain the Advanced Tag Counting bit.
- AssetWorX Tags: This method counts
the number of configured AssetWorX equipment properties. Equipment
properties are counted as one tag if they are enabled and have a real-time
data source type of either dynamic tag, polled dynamic tag, or expression.
Applications are restricted to using tags that come from AssetWorX and a few other point managers that are considered internal data (such as the status of a report of the number of configured alarms).
GENESIS64 Basic SCADA licenses are those that do not contain the Advanced Tag Counting bit. Systems licensed as GENESIS64 Basic SCADA (no Advanced Tag Counting bit) cannot use Advanced tag counting. Configuring a system to use Advanced tag counting with a Basic SCADA license will result in all points showing a license error. There will also be an error-level message in the TraceWorX log of FrameWorX Server to let the user know the errors are happening because Advanced tag counting is in use but the Advanced Tag Counting license is not found.
Systems licensed as GENESIS64 Advanced (has Advanced Tag Counting bit) can use either tag counting method. Advanced is usually preferred, though systems integrators may want to switch to AssetWorX Tag counting for testing purposes or when configuring for an end user who will have GENESIS64 Basic SCADA.
Platform Services Configuration - License Tab
- If the server uses remote licensing, enter the name of the server to be used as the Primary Licensing Server. If there is a secondary, back-up server for licensing, enter its name in the Secondary Licensing Server field. Also note that the Allow License Sharing option must be selected for the servers you specify in these two fields.
The License Exception Rules section allows users to redirect licensing to another server for specified client computers. In the example shown below, all clients connected to this FrameWorX Server get a local license. Client A gets license from PC2. Clients X and Y get their license from PC3.
- Allow License Sharing - Select this checkbox in order to allow other FrameWorX servers to get their license from this computer.
Allow Grace Period - Select this checkbox in order to allow for a license grace period. Once activated, you can set a period of time (in minutes) in the text entry field.
The Point Managers tab of the Platform Services Configuration window allows you to Disable/Enable and/or set "Out-of-Process" status and other parameters for specific Point Managers for multiple integrated data components (aggregators, aliases, data connectors, databases, histories, etc). Point Managers are plug-in modules running within the process of a FrameWorX Server. They may be disabled when their functionality is not needed, in order to minimize the FrameWorX Server’s memory footprint or for troubleshooting. Also, they may be set up to run out-of-process. Then, they run in a separate process but there is a slight performance hit when running out-of-process.
For some listed Point Managers, clicking on the name brings up additional info in the Parameters section of the tab, where some values can be changed.
The Passwords tab allows users to specify credentials for different modules to connect to various servers. Currently, FrameWorX Servers and OPC XML DA servers are supported. Use * for the credentials to be used for all target addresses. These credentials are used for the modules running on the local computer.
The Access Restrictions tab allows users to define which client computers are allowed to connect to the FrameWorX Server. Clients from other nodes will not be allowed. The client computer must match both lists: the Allowed IP Address Ranges (IPv4 and IPv6) and the Allowed Computer Names. Use * for any name. Use IPv4 and IPv6 addresses (Windows uses IPv6 internally). All clients are allowed by default.
Trustworthy Clients
Most server modules which are acting as clients to FrameWorX server may be granted an unrestricted access to FrameWorX server even without using a username/password (as described above).
This feature must be enabled on the ‘Access Restrictions’ tab (it is enabled by default), and the server module has to run under the same domain account as the FrameWorX server.
Notes:
- It does not apply to all server modules. Some still need username/password – those, which expose FrameWorX variables to the third party, e.g. Classic OPC interface of the FrameWorX server.
This new behavior is slightly different from the previous ‘Unrestricted servers’ setting, which was vulnerable and has been removed as such.
The Settings tab allows users to set parameters for Server Limits and Diagnostics.
The Server Limits settings protect the server from being overloaded by excessive requests from the clients.
- Max Session Count - Specifies how many concurrent sessions the FrameWorX Server is allowed to handle. When the limit is reached, other sessions will be rejected. NOTE: When a client is disconnected, is killed or crashes, its session will be cleared after one (1) minute. Until the session is cleared, it is counted in the limit.
- Max Sessions per Client Process - Typically, each client application creates one session with the server. Under certain circumstances, there can be more sessions (e.g. a TrendWorX Viewer embedded in a GraphWorX display). This setting limits the number of concurrent sessions from one client process.
- Max Points per Session - Limits the number of all points per session. The points include data points, security points, licensing, alarm subscriptions, etc. NOTE: Some points (security, licensing) are ‘invisible’, so the limit should be greater than the expected number of data points.
Fastest Allowed Scan Rate - Defines the fastest possible scan rate the server would use. When a client requests a faster scan rate for a data point, it will not be rejected, but the scan rate will be modified to the scan rate defined here.
The Diagnostics settings are for troubleshooting, evaluations/fixes.
- Point Manager Call Tracing - Enables/disables the diagnostic feature. When enabled, FrameWorX Server monitors the duration of particular calls to Point Managers (i.e. plug-in modules - see above).
- Warning Call Timeout - A warning will be logged into a TraceWorX log when a call to a Point Manager takes longer than specified. NOTE: All calls to Point Managers should be asynchronous and non-blocking. A warning can be an indication of a bad design of a Point Manager.
Error Call Timeout - An error will be logged into a TraceWorX log when a call to a Point Manager takes longer than specified. NOTE: All calls to Point Managers should be asynchronous and non-blocking. When the Error Call Timeout gets big enough, it is likely that a particular Point Manager is deadlocked when an error is detected. An error can be an indication of a bug in a Point Manager.
The Reserve License tab allows you to configure License Service behavior and set Node Reserved Licenses. Some ICONICS product users require priority access to a connected system at all times. With networked systems, users can possibly remain logged into systems that they are no longer physically near. An ICONICS Reserved User License ensures priority access without allocating specific license bits to all users. The ICONICS Reserved User License can provide higher level users with priority access to the system and ties into existing ICONICS proper security and licensing. It sets aside needed licenses for an organization's select personnel while allowing the remaining licenses to be available for additional users
The top License section allows you to reserve licenses for:
- Client Stations
- Desktop Enabled Stations
- GraphWorx64 Client Stations
- TrendWorX64 Client Stations
- AlarmWorx64 Client Stations
- Workbench Client Stations
- Gadgets Client Stations
- MobileHMI Client Stations
- MobileHMI Write Stations
Enter a Start Delay (in milliseconds) in the text entry field for the amount of time to delay the start of the licensing service (in order to prevent any licensing server conflicts).
Enter the Number of Reserved User License Blocks in the next text entry field.
Notes:
- A user with reserved license enabled will consume all of the reserved license types when running as a reserved user.
If there are not enough reserved licenses available, the user will consume standard licenses as if they are configured to run as a standard user.
The bottom Client Reserved Licenses section allows users to pre-allocate license types to a specific node. Enter a Node and then select a specific License Type and then enter a number in the Count column for the number of pre-allocated licenses to reserve for that node (in most cases, the Count number will be 1.
The Diagnostics tab allows you to set properties for Diagnostic Counters. These Diagnostic Counters may generate alarms and/or log messages into the system log when their limits are exceeded. You can set a Low Limit or High Limit for any selected Diagnostic Counter and can add Diagnostic Counters by typing within the empty text entry field at the bottom of the list.
- Low Limit - Set a low limit threshold for the selected Diagnostic Counter
- High Limit - Set a high limit threshold for the selected Diagnostic Counter
- Enabled - Select the checkbox to enable the selected Diagnostic Counter
Log Event - Select the checkbox to log when either Low or High Limit thresholds for the selected enabled Diagnostic Counter have been exceeded.
Once you have entered your desired information in any of the tabs within the Platform Services Configuration window, click on OK to save your settings.
Enabling Load Balancing
To enable load balancing for a client machine or server:
- Open Workbench, then click on the Tools ribbon.
- Click on the FrameWorX Server Location button in the Tools section of the Tools ribbon.
- Expand the window's properties by clicking on More.
Select the Enable Load Balancing checkbox.
For information about additional fields on this dialog box, refer to the Configuring Redundant Clients for GENESIS64 Viewers topic.
Click OK when you are done.
Configuration of Redundant Platform Services
You can use the FrameWorX server provider in the Workbench to configure redundant platform services by specifying the machine name of your back-end servers on the network.
- Open the Workbench and select the FrameWorX Server provider.
- Expand the active database, then expand the BackEnd Servers branch.
- Double-click the Platform Services sub-branch. This will open the FrameWorX Server Platform Services properties in the right-side pane of the Workbench.
Enter your Server Name, Primary Machine Name and Secondary Machine Name in the text entry fields.
Click Apply when you are done.
See also: