Anda di halaman 1dari 125

Welcome to MatrikonOPC!

Click here to find out what's new in this release MatrikonOPC provides equipment data connectivity software based on the OPC standard. The MatrikonOPC promise is to empower customers with reliable data access to all major automation vendors systems, provide practical OPC training and deliver superior client care. MatrikonOPC builds close relationships with its customers to best address their business and technical needs. With offices in North America, Europe, Asia-Pacific and the Middle East, MatrikonOPC provides local presence on a global scale. MatrikonOPC is a vendor neutral connectivity supplier. MatrikonOPCis the world's largest OPC developer, with a collection of over 500 interfaces, and provides connectivity to every major control system and application on the market. These products and devices are the culmination of MatrikonOPC's experience in the design and implementation of device-specific communication drivers. The MatrikonOPC Advantage MatrikonOPC:
l l l l l l l

Plays a key role in the OPCFoundation. Has expertise in OPC technology training. Has OPC expertise deployed all over the world. Has a breadth of OPC device connectivity. Serves as a focal point for all aspects of OPC connectivity. Works with all vendors to achieve true interoperability. Leads in technology innovation. MatrikonOPC - the Industrial Connectivity Experts!

Release Notes
MatrikonOPC Tunneller
These are notes that are added to and sent with the latest release of MatrikonOPC Tunneller. Notes:
l l

Tunneller 5.0.0 is compatible with Tunneller version 3.0.4 and higher. Full testing of Tunneller is done with one, two, and three connections in our lab. Tunneller is partially tested against more than three connections. It is expected to support many connections provided that the CPU's, network, and OPC servers involved are able to handle the load.

Release Notes for MatrikonOPC Tunneller v5.0.0 (September 13, 2013)


New Features and Enhancements:
l l l l

User documentation suite converted to .chm format. Added support for 64 Bit OPC Clients connecting to the Client Side Component. Added support for the Server Side Component to locate and connect to 64 Bit Out-Of-Process OPC Servers. Added OPC DA items to the DA Client Side Component to monitor the connection status, licensing, and related diagnostic information about the connection. Numerous User interface improvements on the Client Side Component Configuration Tool:
o o o

configuration import/export logging local and remote license status

l l l

Added support for Windows 7 and Windows Server 2008. Removed support for Windows 2000. Added additional methods to A&E IOPCEventSubscriptionMgt:
o o

Refresh CancelRefresh

l l l

Automatic refresh on connect to upate the state of subscribed condition events if the TCP/IP connection was lost. Client Side Config Tool support import and export of configured connections and settings. Client Side Component logging configuration is not part of the CSC Config Tool.

Resolved Issues:
l l

0014430: The Tunneller CSC Config Tool provides better feedback when a connection fails. 0015085, 0016016: Connections from hosts with multiple NICs or multi-homed machines will succeed when IP restrictions enabled on SSC. 0015948, 0011569: OPC Client data type change request transferred properly; improves interoperability with Citect OPC Server.

Known Outstanding Issues:


l

0017046: Interpolated reads through Tunneller with the PI OPC server on certain tags returns an error.
o

Workaround: Perform the interpolated read with the start and end times reversed.

0014498: If an OPC client connected to Tunneller performs multiple asynchronous writes to the same tag in very quick succession (i.e., in the same millisecond), Tunneller may transmit the writes out of order.
o

Workaround: Use synchronous writes or add a small delay between writes.

If there is a network failure while a browse command is being executed, the end OPC client and the CSC may need to be restarted. 0015085: Tunneller may not detect network status when using dual NICs. 0019191: SetState call on A&E Subscriptions may not work properly when multiple subscriptions are used and one is deleted. 0014498: When multiple writes are sent using separate write commands to a remote OPC server in a short period of time, the writes to the device may not happen in order. 0017046: Tunneller HDA queries for interpolated reads may fail against OSI PI. 0017872: A&E Events not received from Maestro OPC Server over a remote connection.

l l l

l l

Release Notes for MatrikonOPC Tunneller v4.1.0 (October 24, 2012)


New Features and Enhancements:
l l l

0006806: Item IDs are now cached to speed up remote browsing. 0018160: Added ability to hide available DA3 interfaces. 0018324: Multiple clients using IOPCItemSamplingMgt DA3 interface improved. All clients with buffering and sampling options configured get all of the sampled values. Note that all clients must use the same sampling rate setting. The last client to set the sampling rate affects the sampling rate used for that item and all of the clients receive the updates based on that sampling rate. 0014502: The default Client-Side Gateway settings for Communications Timeout has been changed to 10 seconds and the default Communications Retry Attempts setting is now 5. This change improves compatibility in some circumstances. The installer has been updated to offer to make adjustments to the Windows TCP stack settings on Windows 7 and Server 2008 operating systems to improve communications stability and performance. If selected by the user, the AutoTuningLevel and RSS (Receive Side Scaling) settings are adjusted. The Troubleshooting section provides more details on these settings.

Resolved Issues:
l l

l l l l

0017799: MatrikonOPC Funnel items fail to validate when encryption is used. 0015947: Tunneller does not put through the requested data type to the end OPC server. (Note: Only passing data types for new items has been resolved. Existing items must be removed and re-added by the client to change data type.) 0018419, 0018420: Handling of semi-compliant A&E servers should be improved. 0016934: Valid hostnames cannot be added to access list. 0018564: Exception could be thrown when deleting OPC groups. 0018607: The Retry Attempts option configured using the Client-Side Gateway Configuration Tool is incorrectly incremented by 1 by the CSC.

Known Outstanding Issues:


l

0017046: Interpolated reads through Tunneller with the PI OPC server on certain tags returns an error. o Workaround: Perform the interpolated read with the start and end times reversed. 0014498: If an OPC client connected to Tunneller performs multiple asynchronous writes to the same tag in very quick succession (i.e., in the same millisecond), Tunneller may transmit the writes out of order. o Workaround: Use synchronous writes or add a small delay between writes. If there is a network failure while a browse command is being executed, the end OPC client and the CSC may need to be restarted. 0015085: Tunneller may not detect network status when using dual NICs.

Release Notes for MatrikonOPC Tunneller v4.0.5 (June 6, 2012)


Resolved Issue:
l

0018363: If a network connection break occurs while Tunneller is adding or validating items, the session becomes corrupt. If a subsequent network break occurs for longer than the session timeout, all items go bad and never return to good quality.

Release Notes for MatrikonOPC Tunneller v4.0.4 (May 1, 2012)


Resolved Issue:
l

0018294: Tunneller memory use increases for approximately the first two hours. The amount of memory increase may be significant for configurations that have large amounts of points.

Release Notes for MatrikonOPC Tunneller v4.0.3 (March 5, 2012)


Resolved Issue:
l

0009480/0017778: Repeatedly connecting/disconnecting to/from ReLabs OPC server can cause the Tunneller Client-Side Component (CSC) to crash

Release Notes for MatrikonOPC Tunneller v4.0.2 (February 2, 2012)


Resolved Issue:
l

0018102: A data callback with a single item listed multiple times results in items having non-sensical HRESULT error values in *ppErrors.

Release Notes for MatrikonOPC Tunneller v4.0.1 (November 3, 2011)


New Features and Enhancements:
l

0017939: Tunneller Server-Side Gateway Configuration Tool includes the Commit All Log File Writes option.

Resolved Issues:
l l

0017696: Tunneller throws exceptions during Sync Writes. 0017846: Tunneller does not indicate the correct source of an exception when it caches from an OPC server.

Release Notes for MatrikonOPC Tunneller v4.0.0 (May 31, 2011)


New Features and Enhancements:
l l l

Added support for Microsoft Windows 7. The OPC Alarms and Events interface is now supported with an additional A&E-only Client-Side Gateway. Simple, Tracking, and Condition events are supported. Condition events are subscribe-only; the Acknowlege, Refresh, Condition Name browsing, and Condition State Management operations are not supported. Supported A&E interfaces and methods: o IOPCCommon o IOPCEventServer n GetStatus n CreateEventSubscription n QueryAvailablefilters n QueryEventCategories n QueryEventAttributes o IOPCEventSubscriptionMgt n SetFilter n GetFilter n SetReturnedAttributes n GetReturnedAttributes

Release Notes for MatrikonOPC Tunneller v3.5.1 (February 25, 2011)


Resolved Issue: 0017104: Displaying NAN using Float numbers will now show up properly.

Release Notes for MatrikonOPC Tunneller v3.5.0 (January 21, 2011)


New Features and Enhancements:
l l l

Microsoft Windows Server 2008 added to minimum software requirements. Microsoft Windows NT is no longer supported. Items that are momentarily unavailable after disconnection can now be retried passed the AddItemRetries setting when using the AddPendingItemsPeriod option in the TunnellerOpts.ini.

Resolved Issues:
l l

l l

0015018: Resolved an issue where an exception was thrown while adding items from ODM if the Tunneller CSC was disabled. 0012285: Tag Security for the Simulation server cannot be launched from OPC Explorer if .Net is not already installed on the machine. 0016471: When re-establishing a session, Tunneller CSC may drop items not available at connection time. 0016969: When a server does not respond to an AddItems call within the processing timeout OPC_E_NOTFOUND is returned

Release Notes for MatrikonOPC Tunneller v3.3.0 (September 20, 2010)


New Features and Enhancements:
l l

Product user documentation converted to stand-alone server standard. Users may now have only one instance of the Client-Side Gateway Configuration Utility, Client-Side Gateway Key Manager, or the Server-Side Gateway Configuration Graphic User Interfaces (GUI), open at the same time. Increased the default value for Communication Timeout (Add Remote Tunneller Connection window) on the Client Side Component, from 3 seconds to 5 seconds. The minimum software requirements are: o Microsoft Windows XP SP2 o Microsoft Windows 2003 SP0 o Microsoft Windows 2000 SP4

Resolved Issue:
l

0015018: Resolved an issue where an exception was thrown while adding items from ODM if the Tunneller CSC was disabled

Release Notes for MatrikonOPC Tunneller v3.2.5.0 (June 1, 2010)


Resolved Issues:
l l

l l

0015635: Tunneller impersonation cannot distinguish between NT Authority\System users on different machines. 0015623: The Tunneller Client Side Component (CSC) consumes 100% CPU if an OPC client is actively trying to write to an end OPC server that is currently unavailable. 0015540: The Tunneller Server Side Component (SSC) leaks memory which leads to a Tunneller Server (SSC) crash when the end OPC server is not available. 0015530: Tunneller is not fully DA 2.05 compliant. 0014917: The hardware licensing drivers do not install on Windows 2000 SP3 or SP4.

Release Notes for MatrikonOPC Tunneller v3.2.4.0 (March 18, 2010)


New Features and Enhancements:
l

Added support for IPOCItemSamplingMgt DA3 interface.

Resolved Issues:
l l l l

0015184: Sentinel RMS Licensing library shows a message error. 0015536: Access violation exception thrown when re-optimizing items in the Tunneller CSC. 0015363: Tags stay good even when the end OPC server is restarted. 0015366: Qualities do not go bad if service is stopped and Tunneller does not restart the end OPC server.

Release Notes for MatrikonOPC Tunneller v3.2.3.0 (November 9, 2009)


Resolved Issues:
l

0014786: Tunneller does not support the NotifyWhenOnlyTimestampChanges registry option, which enables transmitting updates when just the timestamp has changed. 0014150, 0014522: Tunneller hardware licensing is not compatible with 64-bit operating systems.

l l

0014017: Hardware licensing driver may cause the computer to freeze. 0013495: DCOM hyperlink in the Users Manual points to old support site and does not find DCOM documentation.

Release Notes for MatrikonOPC Tunneller v3.2.0.0 (March 11, 2009)


New Features and Enhancements:
l

The following configuration options are passed from CSC to SSC to provide consistent behavior of SSC and CSC, especially on unreliable communication networks: Client-Side Component Option Server-Side Component Option Timeout Retries No matching option on SSC configuration utility GUI. Session timeout No matching option on SSC configuration utility GUI.

Communication Timeout Retry Attempts Processing Timeout ReconnectTime ConnectDelay


l

l l

The start-up type of CSC services (MatrikonOPC Tunneller CSC and MatrikonOPC HDA Tunneller CSC) is changed from Automatic to Manual. Logging is improved (some log message texts are modified and more detail logging is added for some cases). Users Manual is updated.

Resolved Issues:
l l l l l

l l

l l

Synchronous HDA update history requests now return the same HRESULT code as returned by remote OPC server. Connection reconnection algorithms are revised to provide more reliable communication on different network configurations. Detecting of application instance that is already running, is improved Shutdown request sent by remote OPC server is handled properly. Client-Side and Server-Side Gateway Configuration Utilities are modified to warn the user if configuration changes disallow further communications. ProgId for Tunnelled OPC servers can be renamed without losing of functionality (on Client-Side Gateway configuration utility). Error handling is improved to inform the user of cases when configuration files cannot be read or written, or access to the system registry fails. Upgrading/repairing issues are resolved to keep existing configuration settings. Client-Side Gateway Configuration tool now detects connection failures faster, within the period defined by Communication Timeout option. An additional log file is created to diagnose connection failures.

Release Notes for MatrikonOPC Tunneller v3.1.2.0 (January 20, 2009)


New Features and Enhancements:
l

Logging is available in the Client-Side Gateway Configuration tool. For more information, please refer to the Problems and Solutions - Unable to browse remote OPC Server message displayed section in the MatrikonOPC Tunneller Users Manual.

Resolved Issue:
l

0012138: Client-side cannot connect to Server-side on some network configurations.


o

Connection between the Client-side gateway and Server-side gateway is establsihed via the Internet (with different Internet service providers), via router, using port forwarding, and so on.

Release Notes for MatrikonOPC Tunneller v3.1.2.0 (August 15, 2008)


New Features and Enhancements:
l

Integration with MatrikonOPC Security Gateway is implemented. If Security Gateway is installed and licensed on a remote (server-side) box, then Tunneller Server-Side Component exposes only Security Gateway and allows connections only to it.

Resolved Issues:
l l l l

0011117: Client-side Gateway Key Manager - web link on the About window does not work. 0010672: If the end OPC server restarts, items stop being updated. 0011006: Impersonation changes do not trigger the Apply button to save the changes (SSC configuration panel). 0010909: An error message appears when trying to add an impersonation to the server-side gateway.

Release Notes for MatrikonOPC Tunneller v3.1.1.0 (March 12, 2008)


Resolved Issues:
l l l l l l l l l l l

0008692: Installer does not work on NT4. 0009601: Expired license causes Tunneller to generate random data. 0009580: Cannot list OPC servers on encrypted connection. 0009570: Cable pull results in perpetual reconnect attempts from CSC even though it connects to SSC. Communication retries default value is changed to 0 on Server-Side Component. 0009541: NT install needs "browse registry" checked to be able to browse, but this is not enabled by default. 0009558: Do not log "browse delimiter" option on SSC unused option logging is eliminated. Default value for option DeactivateGroupWhileAddingfOfItems is changed to 1 in the tunneller.ini configuration file. Minor GUI changes on Client-Side Key Manager and Server-Side Configuration Tool. 0009647: OPC Group or Item Deactivate/Activate causes extra callback with bad quality. 0009724: TunnellerOpts.INI should specify Reconnect Time as being in sec, not msec.

Release Notes for MatrikonOPC Tunneller v3.1.0.0 (February 26, 2008)


New Features and Enhancements:
l

Modified Server-Side Key Manager (renamed to Server-Side Gateway Configuration Tool) is used to configure all settings for the Server-Side Component including impersonation and restriction of the access to OPC servers in conjunction with encryption settings. Additional Advanced tab allows the user to configure settings stored in the tunneller.ini file. Added user impersonation functionality. Tunneller SSC now has the ability to connect to the end OPC server using a certain local user account depending on the user of the OPC client process on client side. Configuration of impersonation settings can be performed using the Server-Side Gateway Configuration Tool. Added functionality to restrict access to OPC servers. Now only part of OPC servers installed on the Server-Side host can be reachable for the Remote client. For each Remote client (which can be authenticated by its IP address, host name or

l l l l

domain\user name or by a combination of them) the list of accessible OPC servers can be configured using Server-Side Gateway Configuration tool. l Revised communication algorithm. Now the Server-Side Component can send Keep-Alive messages periodically if the execution time for a request takes a long time. In this connection, two timeout parameters are used on the Client-Side Component: Communication Timeout and Processing Timeout, instead of the Network Timeout parameter. Timeout parameter used on Server-Side Component has the same meaning as Communication Timeout. o Communication Timeout should be configured to the value higher than the time required to send the largest message over the network. Its default value is 3 seconds. Processing Timeout should be set to the value higher than the time required to execute a request taking the longest time. Its default value is 60 seconds. o If there are any requests being processed, the time interval between messages sent to Client-Side (Keep-Alive messages or regular communication messages) will be no longer than half of Timeout. o If Client-Side sends a request to Server-Side and does not get any response (neither normal response nor KeepAlive message) from it during the time more than 1.5 of the value set by Communication Timeout parameter, it detects communication failure and disconnects. o If there are no requests being processed, Server-Side does not send Keep-Alive messages. o Processing Timeout and Communication Timeout are configured using the Client-Side Gateway Configuration Tool on the Client-Side component. On the Server-Side Component, the corresponding timeout parameter is stored in the tunneller.ini file and can be configured using the Server-Side Gateway Configuration Tool. Note: On the Server-Side Component, timeout should be set to the value equal to or less than the minimum value of the Communication Timeout parameter configured on all clients. Modified license checking algorithm. Users Manual is revised. Socket error codes are logged. If DA data updates, received by OnDataChange call-back from the OPC DA server, have a failed error code, the error code is logged on both Client and Server-Side Components.

Resolved Issues:
l l

l l

0007074: Tunneller still tries to browse end server when no browse is available. Handling of the case when end OPC server does not support browsing functionality is improved. Now the Client-Side Component returns the E_NOTIMPL return code to OPC clients browsing calls quickly. Moreover, once it is detected, that end OPC server does not support browsing and the Client-Side Component does not send more browsing requests to the ServerSide. 0008081: Delay after connection is longer than configured by the PostConnectDelay parameter. 0008286: Log file shows message that error occurred setting process affinity mask. Now Client-Side Component by default does not try to set process affinity mask, so what CPUs will be used will be defined by system settings. If ProcessAffinity is set on system registry (see the Troubleshooting section for information about how to set this parameter), it will be set only if system does support it and setting does not match with current setting. 0007997: Tunneller does not respond to CoCreateInstanceEx calls. Now OPC clients can use CoCreateInstanceEx function as well as CoCreateInstance to connect to the Tunneller Client-Side Component. Note: Un-registering of OPC servers using Client-Side Gateway Configuration Tool and re-registering them again is recommended if previous version of Tunneller was upgraded to this version. 0008287: IOPCHDASyncRead -> ReadAttribute call causes exception if number of values higher than number of attributes.

l l l l l l l l

l l

l l l

l l

0008310: If items are added during an attempt to reconnect after a communication failure, they are not updated after reconnection. If items are added by the OPC client during an attempt to reconnect, their initial qualities are set to bad, non-specific. At this point, item syntax was invalid, but after reconnection its quality is changed to bad, bad configuration. Note: During a reconnection attempt, items that were added before the communication failure will not update values or qualities. Requests made during the reconnection attempts (including GetStatus requests) will fail. 0008598: Installation on WinNT Tunneller can be installed on Windows NT 4, Service Pack 6. 0009180: Tunneller Server-Side component does not call RemoveGroup to remove OPCGroup. 0008545: Log file displays AppID instead of ProgID 0009404: CoCreateInstance for connection to the end OPC server first should be called as for Local server. 0009448: Tunneller CSC does not create log files until the logging settings are changed. 0009447: Tunneller still has Tunnneller2_2 in Tunneller Config INI file entries. 0009481: Config file has two copies of port number. 0009449: IOPCHDA_SyncRead::ReadRaw returns E_INVALIDARG when bBounds==TRUE and dwNumValues==1. Passing of Start and End Time arguments through Tunneller is modified additionally; now one of them can have an empty value. 0009455: IOPCHDA_SyncRead::ReadAttribute returns E_FAIL instead of E_INVALIDARG. Passing of End Time argument through Tunneller is modified additionally; empty time is allowed if the Start Time is equal to NOW, so current values for attributes are read correctly. 0009451: PostConnect Delay not logged. 0009476: All Tunneller components should log their start-up parameters on level LOG_ALWAYS. Logging of options is revised and now all configuration options are logged into a log file on both Client-Side and Server-Side Components. Unused options are removed from TunnellerOpts.ini file. 0009504: Subnet mask algorithm should be changed to industry standard (Encryption settings). Maximum size of log file increased to 500 Mb on Server-Side Component. When the Server-Side Component service is registered by the TunnellerServer /Install command, failure actions are set to Restart the Service. Potential exception causes are eliminated on GetItemAttrubutes and ReadAttribute calls to the end OPC HDA server. Default value for option DeactivateGroupWhileAddingfOfItems is changed to 0 in the tunneller.ini configuration file.

Release Notes for MatrikonOPC Tunneller v3.0.4.0 (November 16, 2007)


New Features and Enhancements:
l

Support for licensing on Stratus boxes has been added. At installation, the user should select option defining if Tunneller is being installed on a Stratus box (default value of the option non Stratus box). Note: On the Stratus box, only software licensing is supported. Please contact MatrikonOPC Support if support of a hardware license key is required.

Release Notes for MatrikonOPC Tunneller v3.0.2.0 (August 15, 2007)


New Features and Enhancements:
l

New parameter is added (DeleteDuplicateSessionsOnNewConnection under TCConnection section) on tunneller.ini configuration file. If this parameter is set to 1, only one session and connection to the end OPC server will be created for each combination of "CSC IP address/OPC server ProgId". So, when SSC receives the request to create a new session from CSC, first it will find and delete all sessions which belong to the same combination of CSC IP address, and OPC server ProgID and category. If its value is 0, checking and deletion of duplicate sessions will not be performed.

The default value is 1. If all connections to server side component are initiated from Tunneller client side components running under Windows operating system, this parameter should not be set to 0.

Release Notes for MatrikonOPC Tunneller v3.0.1.0 (August 1, 2007)


Resolved Issue:
l

0007038: Dual-NICs are not handled correctly. Tunneller CSC or Client Gateway Configuration Tool can not establish more than one connection.

Release Notes for MatrikonOPC Tunneller v3.0.0.0 (March 9, 2007)


New Features and Enhancements:
l

l l l

Optional encrypted communication between the Client-Side Component (CSC) and Server-Side Component (SSC) using shared key encryption. Addition of a Key Manager to manage encryption keys for both CSC and SSC. Optional compression of communication messages between CSC and SSC added to reduce network traffic. HDA support is enhanced and now it is fully compliant with the OPC Historical Data Access Specification Version 1.20. Note that some optional methods are not implemented. Handling of operations that require a long time for execution (with large number of items and/or data) is improved. If execution of operation time-out is detected on CSC, but later SSC sends response for that operation, an additional message with level 2 logging appears in the CSC log file: TIMEOUT WARNING: Probably the network timeout parameter should be increased by %d seconds. New configuration parameter DelayAfterAddItems is added for CSC.

Resolved Issues:
l

0005287: Tunneller does not connect to IP Addresses. When user enters IP address or host name on Client-Side Gateway Configuration tool, its value is stored as entered by the user. Note: Two entries can be open for the same host, both IP address and by host name. 0005168: Invalid Retry Parameter Specified when retry set to forever and after Client-Side Configuration tool is closed and re-opened. 0005026: SSC does not close connection to OPC server when HDA client disconnects from CSC. Now connection to the end OPC server from SSC will be closed if no more clients are connected to the CSC for more than configurable time interval. (NoClientsDisconnectionDelay parameter in TSConnectDelay section of TunnellerOPts.ini file). Some modifications are also made to minimize the number of connections to the end OPC server. 0005075: Tunneller server Private bytes ramps to ~1.7GB and declines with concurrent established connections. The algorithm of updating DA values on SSC and sending messages to the CSC is modified. If CSC cannot process all update messages sent to it (due to high CPU load on the machine where CSC is running, or due to slow network communication speed), SSC stores updated Value/Quality/Timestamps in its cache and sends them to the CSC when the message queue allows them to be sent. In other words, the message queue is limited by a configurable number. 0005006: Application log showing missing event descriptions for HDA CSC. The way events were logged on Window Event Logging system is modified. The new file EventLogger.dll is included into install package which contains event IDs. 0005386: Tunneller does not pass HRESULT 80070057 (invalid parameter) to end OPC client. Now Tunneller HDA returns to the OPC client, the original return code that was returned by the remote OPC server.

l l

l l

0005071: Once licensing expires - log files are spammed with excessive messages (40 per minute). Frequency of license checking is changed from every 3 seconds to every minute on SSC. 0006381: TunnellerOpts.ini does not have all Options specified in configuration. Both TunnellerOpts.ini and tunneller.ini files are modified and include all configuration options. 0005168: "Invalid Retry Parameter Specified." - When retry is set to forever and after Client-Side Configuration tool is closed and reopened. Now the value of Retry Attempts parameter is stored separately even if Retry Forever check box is on. 0006480: Logging: Failed with DSResult: 8300000A. On Tunneller HDA wrong messages are eliminated from tunneller.log file: o COPCClient::LocalActivateItems ERROR - DA is not supported based on Tunneller client request o COPCClient::SyncItemStates Failed with DSResult: 8300000A 0005011: There are no descriptions for any of the Tunneller Services. 0003630: Executable names should represent their function. Now all Tunneller services are registered with Windows-format path to executables and with description. Spelling error on log files are corrected (bugs 5279 and 6405). 0005215: "Class not Registered" error if you try to run OPCTunneller.exe (Client-Side) if Tunneller client service is not running. A warning message appears when Tunneller is configured to run as a service, but was attempted to be run as a regular application is made, it is modified to: Could not register class factories. Probably Tunneller CSC is configured to run as service. 0003343: Failure to connect to server does not save server name. If connection with SSC cannot be established or fields are not validating, then dialog window will not be closed keeping current field values. (Add Remote Tunneller Connection dialog window of Client-Side Gateway Configuration Tool.) 0004165: Tunneller gives buffer overflow errors when accessing tunneller.ini. Filemon tool from Sysinternals was showing buffer overflow messages. The way Tunneller accesses tunneller.ini and TunnellerOPts.ini files is modified so now there are no more buffer overflow messages. 0004562: Would like log file to show local computer name. IP address and host name for both local and remote computers are logged on CSC and SSC. 0004050: Adding multiple items causes present items to go bad. The reason qualities of items were changing to bad, is that the SSC was deactivating OPC Groups before the adding of items and activating after adding. The new DeactivateGroupWhileAddingfOfItems parameter is added on tunneller.ini file to control activation of group while adding of items. Issues, causing memory growth and high CPU usage on CSC and SSC, are resolved in cases when large number of items and/or data is processed or error conditions happen (for example communication errors, connection to remote OPC server errors).

Other Changes:
l

l l

Only one instance of Tunneller SSC, CSC and CSC HDA can be running at the same time. If an attempt to launch another instance is made, applications show warning message and terminate. Note: SSC terminates not immediately but after some delay (about 1 minute). Default value for MaxAddMessage parameter (in TunnellerOpts.ini) is changed from 3000 to 1000. Default value for Session Timeout parameter (tunneller.ini file) is changed from 120 to 0 which corresponds to its pair on CSC (ReconnectTime parameter with default value 0). New parameter DeactivateGroupWhileAddingfOfItems is added for SSC (tunneller.ini file). Its default value is 0, that means do no deactivate OPC Group before adding item, so OPC Groups state is not changed while adding of items. It differs from previous version (2.4.0.0) when OPC Group was always deactivated before adding of items and activated after. Implementation of AddItems functionality is reviewed. Configurable number of retries is introduced on CSC, which is used on AddItems call to the end OPC server. (AddItemRetries and AddItemDelay parameters in TunnellerOpts.ini file.) It should

eliminate issues when starting some end OPC servers that take a long time, and attempting to add items can immediately fail after starting though GetStatus call receives Running status.

Release Notes for MatrikonOPC Tunneller v2.4.0.0 (December 15, 2006)


New Features and Enhancements:
l

When a command is sent from the CSC to the SSC, and if it takes an extended period of time to complete, the SSC will send still processing messages back to the CSC. This allows timeouts to be reduced while allowing long commands to execute to completion. New option to control when items are validated. The GetStatus call now returns a failed code until a running code is retrieved from the end OPC server.

l l

Resolved Issues:
l l l l

l l l l l l l

When installed on Windows NT, the SSC can now retrieve the Program IDs (ProgIDs) of the local OPC servers. The Client Configuration Tool (CCT) can now run on Windows NT and collect ProgIDs of remote OPC servers. On multi-processor computers, the HAD CSC would not detect a valid software license. Communication problems when changing the state of a group when the TCP session is broken. All async communication would fail. The CCT can now run on Windows NT and collect remote ProdIDs. Memory leak in the SSC when polling has been fixed. ReadAttribute (HDA Data Type) now correctly returns the data type of the item. When two OPC clients attempt to connect at the same time, a deadlock may occur. Resolved deadlock that could happen when setting the client name. The CSC now allows the use of two CPUs by default. A memory leak in the SSC has been fixed when adding invalid DA items.

Release Notes for MatrikonOPC Tunneller v2.3.1.0 (March 9, 2006)


New Features and Enhancements:
l

Added an option in CSC to allow/disallow items that have never had at least one update from the end OPC server to be included in updates to the end client. Added an option in SSC to have a configurable delay after connecting to the end OPC server.

Resolved Issues:
l l l

Slow memory leak removed when calling remote GetStatus. License fix for Multi-Processor Computers. Internal changes to isolate OPC clients in the SSC and improve communications when heavily loaded.

Release Notes for MatrikonOPC Tunneller v2.3.0.0 (January 31, 2006)


Release notes updated with HDA interfaces supported February 2, 2006.

New Features and Enhancements:


l l

Added HDA support via an additional HDA-only CSC. Supported HDA interfaces and methods: o IOPCCommon o IOPCHDA_Server n All but GetAggregates does not return a complete list of aggregates o IOPCHDA_Browser o IOPCHDA_SyncRead n ReadRaw n ReadProcessed o IOPCHDA_SyncUpdate n Insert n Replace n Insert/Replace Support for connecting to OPC servers that are DA 1.0 only.

Resolved Issues:
l l l l l

l l l l l

Tunnelled ProgIDs are now registered only under the OPC category they are registered under on the remote machine. Only items that have had at least one update from the end OPC server are included in updates to the end client. GetStatus returns the status in the field of the status structure when the connection to the SSC has failed. Connections made by DA 1.0 clients can now get string arrays in the subscribed updates. Changes to have any updates sent out (subscribed, polled) have a bad quality before they are updated from the end OPC server. Validating an item no longer adds the item. Increased COM marshalling efficiency. Fixed browsing for OPC servers that only support flat browsing. Fixed reconnect code when the SSC needs to reconnect to a failed OPC server. Changed how we load the Tunneller COM object for more reliable object creation.

Release Notes for MatrikonOPC Tunneller v2.2.2.0 (November 4, 2005)


New Features and Enhancements:
l l l

l l l l

Added configurable delay describing the minimum amount of time Tunneller will wait between initiating a TCP connection. All non-OPC item types are returned as bad items. Tunneller will now first try to reconnect to the same session (maintained state) on the SSC before trying a full connect and rebuilding the state. Connecting the TCP link now re-establishes the connection by re-adding the items in bulk calls. The number of items in one call is configurable. Implemented Tunneller client-side and server-side session reconnection. Added option to not overwrite the SSC log on start-up. CCT now lets the user un-register all the connections to a single computer at once. Hardware for CSC and SSC is now implemented.

Resolved Issues:
l l l l l l l l l l l l

Items no longer become inactive when they are expected to be active. Add/Validate fix for not validating any items when any bad items exist. Resolved issues which resulted in memory leaks when not connected. Clients no longer block on calls when Tunneller is trying to connect. Resolved SSC crash issue. Mixed mode install logging will work for both Tunneller 1.5.0 and 2.2.2.0 at the same time. The CCT now clears bad entries and replaces them with default values. The networked computers dropdown list in the CCT no longer appends to the list every time it is opened. IOPCSyncIO read call no longer misaligns data when some of the items are returned with E_FAIL. Hardware licensing is now working for both SSC and CSC. If the enumeration of remote ProgIDs fails, the SSC will now retrieve the list of servers from the registry directly. Remote GetStatus call now propagates a failed code to the end OPC client.

Release Notes for MatrikonOPC Tunneller v2.2.1.0 (September 19, 2005)


New Features and Enhancements:
l

l l l l l l

Service names have been changed to allow easier identification of components: o Client-Side Component (CSC) o Server-Side Component (SSC) Installation package allows for mixed install of Tunneller 1.x and 2.2.1. Tunneller 2.2 has backward compatibility with Tunneller 2.1.1 and 2.1.0. New communications options added. All OPC data types now supported (including currency and arrays). DA 2.05 compliance with latest release of OPC Foundation test tool. Updated Client Configuration Tool to allow user all available options at connection creation.

Resolved Issues:
l l l l l l l

AddItems changed to allow multiple adds in a single call. Resolve issues regarding concurrent client browsing. Numerous changes to increase stability. Resolved issues which resulted in memory leaks under certain situations. Increased robustness of TCP communication. OPC Shutdown message is now passed back to the OPC client. True asynchronous communication across TCP Link.

Release Notes for MatrikonOPC Tunneller v2.1.1.0 (February 21, 2005)


Note: Tunneller v2.1.1 is not backwards compatible with 1.x versions of this product. The installation package now offers customers the ability to install Tunneller 2.1.1 and Tunneller 1.x versions on the same machine. New Features and Enhancements:
l

Support for side-by-side install with Tunneller 1.x.

Resolved Issue:
l

Locking issue fixed where a Tunneller client reconnecting to a Tunneller server would lockup-up and not respond.

Release Notes for MatrikonOPC Tunneller v2.1.0.0 (December 20, 2004)


Note: Tunneller v2.1 is not backwards compatible with 1.x versions of this product. Tunneller 2.1 and Tunneller 1.x versions cannot be installed on the same machine. Tunneller 2.1 and Tunneller 1.x versions cannot communicate with each other. Any customers currently running Tunneller 1.x must upgrade ALL Tunneller nodes in the system to version 2.1.0.0. New Features and Enhancements:
l l l l l

Tunneller Server-Side Gateway now runs as a service. Robustness and stability of Tunneller has been significantly improved. When uninstalling Tunneller all Tunneller specific program IDs are now removed. Added version information reporting to the Tunneller server log file. Made the Matrikon.OPC.Tunneller ProgID transparent to OPC clients.

Resolved Issues:
l

l l l l l l l l

Fixed bug: DA browsing aliases and multiple levels that required OPC_BROWSE_TO recursively browsed from the root of the browse tree. Fixed bug: memory leaks related to DA Device Read() and Write(). Fixed bug: Modified DA Write() and Device Read() to return E_FAIL during network connection loss. Fixed bug: Disabled unsupported OPC interfaces DA 3.0, A&E 1.1. Fixed bug: during network failure DA item qualities change to OPC_QUALITY_COMM_FAILURE. Fixed bug: Removed MTKTPC.exe support tool from the install package. Fixed bug: arrays of type smaller than int (Boolean, Short, etc) were not read or written correctly. Fixed bug: DA flat browsing causes memory leaks. Fixed bug: DA browsing appears slow.

Release Notes for MatrikonOPC Tunneller v2.0.0.0 (May 6, 2004)


Notes: l Tunneller v2.0 is not backwards compatible with 1.x versions of this product. Tunneller 2.0 and Tunneller 1.x versions cannot be installed on the same machine. Tunneller 2.0 and Tunneller 1.x versions cannot communicate with each other. Any customers currently running Tunneller 1.x must upgrade ALL Tunneller nodes in the system to version 2.0.0.0. l The override registry keys available in 1.x versions are no longer supported in 2.x versions.

Release Notes for MatrikonOPC Tunneller v1.5.0.1_ER (December 4, 2003)


New Features and Enhancements:
l

Three new override registry keys were added, and the previous three were moved so they are all now server-specific. You can put the Overrides key under any Tunnelled ProgID now, instead of the main Matrikon.OPC.Tunneller ProgID, which would make the override enabled or disabled on ALL Tunnelled servers. This is the latest list of overrides. (Note that you will replace **PROGID** with the Tunnelled ProgID that you wish to add the override to): HKCR\**PROGID**\OPC\Overrides\

o o

DisableValidation (DWORD key) - This override was to allow servers that do not implement the ValidateItems call the ability to add items. ItemsPerBundle (DWORD key) - This override was put in to support slow OPC servers. ReadWriteFailsDropConnection (DWORD key) - this override was put in for clients who are using Tunneller with an OPC server that needs to force the Tunneller server to restart if that OPC server goes down. AddTimeout (DWORD key) - this override was put in to support OPC servers that are slow to Add. It allows you to specify a different timeout for adding items then for reading/writing to items. ReconnectDelay (DWORD key) - the default value for a reconnect delay is 5 seconds. This key allows you to change that. UseAlternateProgID (String key) - this key allows you to specify a different ProgID to connect to on the remote machine. This is used when you change the Tunnelled ProgID.

Resolved Issues:
l l l

Fixed a problem with Tunneller server stability. Added flat browsing capability Improved server registry browsing.

Release Notes for MatrikonOPC Tunneller v1.5.0 (November 4, 2003)


New Features and Enhancements:
l

Three override registry keys were added: HKCR\**PROGID**\OPC\Overrides\ o DisableValidation (DWORD key) - this override was to allow servers that do not implement the ValidateItems call the ability to add items. o ItemsPerBundle (DWORD key) - this override was put in to support slow OPC servers. o ReadWriteFailsDropConnection (DWORD key) - this override was put in for clients who are using Tunneller with an OPC server that needs to force the Tunneller server to restart if that OPC server goes down.

Resolved Issues:
l l l l l

Includes all fixes in the ER releases described below. All TCP/IP calls will now timeout within the time specified in the client configuration. Increased overall stability with Tunneller connections. Tunneller Server-Side can now handle individual OPC servers dropping without affecting the connection to the client. Also note that Tunneller does not remove items from the Tunneller client if the OPC client disconnects. This is to allow for fast reconnection to those items in the case of client reconnection. MatrikonOPC no longer supports versions prior to 1.5.0

Quick Start Guide


MatrikonOPC Tunneller Quick Start Guide
This document is designed to get you up and running on MatrikonOPC Tunneller as quickly as possible.

Getting Started
You must have already installed the product to use this Quick Start Guide. For installation instructions, refer to Appendix B - Installation. Before you can begin, please perform the following tasks, and/or install the following tools/software on your machine:
l

License MatrikonOPC Tunneller. For details, refer to Licensing MatrikonOPC Tunneller.

Working With MatrikonOPC Tunneller


To launch MatrikonOPC Tunneller: Note: MatrikonOPC Tunneller is installed as a Windows service and is launched automatically at start-up. To set up and use MatrikonOPC Tunneller, perform the following steps on the OPCClient PC: 1. Check to see if the desired TCP port is open from client PC to server PC as follows: a. Open a command window. Click Start and choose Run. Type cmd and press the ENTER key. A blank window appears. b. Type telnet <Computer name or IP> <port> and press the ENTER key. For example, telnet OPC_PC 21379. Note: <Computer> is the name or IP address of the remote OPC server PC. <port> is the TCP port you wish to use (default = 21379). a. If the port is open from the client PC to the server PC, you should see a blank window with a flashing cursor. If not, please check that all firewalls are set to allow traffic on the TCP port chosen for the MatrikonOPC Tunneller communications. b. Close the window. 2. Click on the Windows Start button and select Programs -> MatrikonOPC -> Tunneller, and then select Client-Side Gateway Config. 3. The MatrikonOPC Tunneller Client-Side Gateway Configuration window appears. 4. Select File and choose Add Remote Tunneller Connection. 5. In the Connect To field, add the computer name or IP address of the computer to which you wish to connect. 6. Set the Communication Retry Attempts to Retry Forever unless otherwise stated. 7. Click OK and close the MatrikonOPC Tunneller Client-Side Gateway Configuration.

For More Information


Should you require more details, refer to the Configuration section of this Online Help system. For assistance, contact MatrikonOPC Support.

Introduction
Companies wishing to use OPC technology to link operators and engineers with plant devices, often encounter communication problems. The majority of these problems occur not during normal operation, but at the time of installation. Quite often plant engineers face difficulties configuring cross-network communication, windows authentication, as well as start-up and run-time permissions. MatrikonOPC Tunneller alleviates many of these problems by providing a mechanism for OPC data communication without the use of distributed COM (DCOM). Tunneller provides the following: l Cross-domain and cross-workgroup communication with minimal network configuration. l Bypassing of Microsoft Windows network authentication used by DCOM. l A finer level of control over communication timeouts. By eliminating common DCOM hurdles, Tunneller enables the smoothest possible installation and operation of OPC technology in any environment.

Who Should Use This Online Help


This Online Help system is intended for use by all users of the MatrikonOPC Tunneller. This Online Help explains how to install and configure the software, and how to perform common tasks. In addition, technical information about OPC data items is included, along with sections on diagnostics and troubleshooting.

Overview of Online Help


This Online Help uses icons to highlight valuable information. Remember these icons and what they mean, as they will assist you throughout the Help system. This symbol denotes important information that must be acknowledged. Failure to do so may result in the software not functioning properly.

BOLD

Font displayed in this color and style indicates a hyperlink to the applicable/associated information within this document, or if applicable, any external sources.

This manual consists of several sections and is structured as follows:


l l l

Introduction this introductory chapter. Getting Started provides system requirements information. Configuration shows how to start and configure the server, and describes each component in detail, including windows/screens, panels, tabs, and menu commands. OPC Data Items describes the servers items. Encryption, Compression, User Impersonation, and Restriction of the Access to OPC Servers - shows how to use Tunneller's Encryption and Compression features. Connection and Reconnection - presents a simple scenario demonstrating how Tunneller reacts to an interrupted network. Tunneller with MatrikonOPC Redundancy Broker - provides useful information about using Tunneller with Redundancy Broker (ORB). Limitations provides information on specific performance and operational limitations of the software.

l l

l l

Troubleshooting provides licensing, MatrikonOPC Support contact information, solutions for common problems that may be encountered, and answers to frequently asked questions. OPC Compliance details supported interfaces with regard to installation, common interfaces, and data access. Appendices:
o o o o

l l

A - Standard Data Types B - Installation C - Installed Files D - Un-Installation

What's New?
This version of the Online Help contains modified topics implemented for the newest release of this product. Following are links to the changed topics and the current Release Notes:

Online Help
Updated/New Topics
l l l l

Getting Started Remote Tunneller Connection File Menu Appendix C - Installed Files

Help File Revision History


This information provided here summarizes the updates that were made to this Online Help. Refer to What's New for the updated and/or new topics for this release. Date 2013-09-05 2012-12-05 2012-10-22 Document Version 17.1 17.0 16.2 Description Updated for software version 5.0.0. Converted user documentation suite to .chm format. Updated Tables 2, 3, and 8, Figure 21, and Appendix C Installed Files. Typos fixed. Updated Figure 3 and Table 2 in Remote Tunneller Connection section. Updated Limitations and Troubleshooting sections, and Appendix B - Installation. Updated software version to 4.1.0. Updated software version to 4.0.5. Added Pi usage item to Troubleshooting section. Updated software version to 4.0.4. CGAP LB LB Author

2012-10-15 2012-09-17 2012-06-05 2012-04-30 2012-03-05 2011-12-16 2011-11-03

16.1 16.0 15.0 14.0 13.0 12.0 11.0

CGAP, LB LB LB LB

Updated software version to 4.0.3. Updated Copyright InforLB mation and Contacting Support sections. Updated software version to 4.0.2. Updated software version to 4.0.1. Replaced Figure 21 screenshot to include Commit All Log File Writes checkbox. Checkbox description added to Table 8. Figure 5 replaced to show current MatrikonOPC marketing scheme in bottom screen section. ISY LB

2011-06-03 2011-05-31

10.3 10.2

LB

Updated Software Requirements and OPC Compliance secGEAK, LB tions. Updated the following sections to reflect A&E Support changes: References, Connection Failure Scenario, Limitations, Troubleshooting, OPC Compliance. CGAP, LB

2011-05-16

10.1

2011-05-03

10.0

Updated software version to 4.0.0. The following sections were updated to reflect that A&E is now supported: Remote MJL, LB Tunneller Connection, Connection Failure Scenario, OPC Compliance, Appendix C Installed Files. Updated software version to 3.5.1. LB Updated software version to 3.5.0. Software Requirements updated to included Microsoft Windows Server 2008. New SN, LB sub-section added to Connection and Reconnection section.

2011-02-25

9.0

2011-01-21

8.0

Date 2010-10-05

Document Version 7.3

Description Trademark Information and Introduction sections updated. Add Remote Tunneller Connection screenshot updated to Communication Timeout field default value updated from 3 seconds to 5 seconds. Communication Timeout field description updated to reflect same. Updated Appendix C - Installed Files. Ported to TFS. Software version updated to 3.3.0. User's Manual converted to standard template. Beta tag lines removed. Updated Contacting Support section. LB

Author

2010-09-08

7.2

LW, LB

2010-08-30 2010-06-24 2010-06-01

7.1 7.0 6.1

LB LB SN, LB

2010-04-08

6.0

Updated software version to 3.2.5.0 Updated the Software Requirements, Installed Files, OPC Compliance, and User SN, ZA, LB Impersonation sections Updated Software Requirements, Installed Files, and OPC Compliance sections. Added Get Status Ping description to SN, LB Table 15. Replaced screenshot (Figure 31) to include new field. Updated software version to 3.2.4.0. Removed Product Registration screen and related procedural steps from Installation section. LB LB

2010-03-17

5.1

2010-02-18 2009-11-11

5.0 4.3

2009-11-09

4.0 - 4.2

Updated software version to 3.2.3.0. Removed DEP warning. Updated DCOM hyperlink. Formatting fixes. Contacting Support section updated. Added Limitations section. SL, LB Updated Installation section. Software Requirements updated. Troubleshooting section updated. RN Updated to software version 3.2.0.0. Added the Handling Shutdown Request from Remote OPC Server section. Updated the following sections: Licensing, GetStatus Call, User Impersonation, Advanced SSC Settings, OPC Server LB, RN Access Restriction and MatrikonOPC Security Gateway Integration, Connection and Reconnection, Troubleshooting. Updated to software version 3.1.2.0, updates to OPC Servers Access Restriction and MatrikonOPC Gateway Integration. Updates to Software Requirements and Troubleshooting sections. Updates to Troubleshooting section. Additional software version 3.1.0.0 changes: updates to Remote Tunneller Connection section, updates to Encryption, Compression, User Impersonation and Restriction of

2009-04-23

3.1

2009-03-11

3.0

2.6 - 2.8

RN, LB

2.3 - 2.5

RN, LB

Date

Document Version

Description the Access to OPC Servers section. Added new section Advanced SSC Settings. New installer/un-installer, installed files updated.

Author

2007-11-19 2007-04-23

2.1 - 2.2 2.0 1.1 - 1.6

Updates to Installation, Troubleshooting sections re: using Stratus box. Updated for software version 3.1.0.0; added Analyzer install note to Installation section. Converted to new template, general edit. Updated to version 2.2, added clarification, added HDA, minor revisions. Initial document.

RN, LB LB RS, TNM, RN RT

2004-12-21

1.0

Contacting Support
The MatrikonOPC Customer Services department (www.opcsupport.com) is available 24 hours a day, seven days a week. Contact MatrikonOPC Support using the information below, or send an email (support@MatrikonOPC.com). For Monday to Friday daytime support requests, contact MatrikonOPC Support using the regional phone numbers provided below. Region North America 8:00 am-5:00 pm UTC/GMT -7 hours (MST) Europe /Africa * 9:00 am-5:00 pm UTC/GMT +1 hours (CET) Australia/Asia * 9:00 am-5:00 pm UTC/GMT +10 hours (AEST) (Request OPC Support) (Request OPC Support) +61-2-4908-2198 +49-221-969-77-0 +1-877-OPC-4-ALL Office Hours Contact Information

For after-hours support in all regions, please use the following number. There is no extra charge from MatrikonOPC for calling their after-hours support number. Region All Contact Information +1-780-231-9480

Licensing MatrikonOPC Tunneller


Most MatrikonOPC products require that some form of licensing criteria be met for it to function correctly. MatrikonOPC Tunneller supports both software and hardware] licensing. Starting with Tunneller 3.2.0.0, a new software licensing API is in use. For all new installations, software licenses are of a different type than the ones used in previous versions. For upgrades from older versions, the existing software license is still valid and therefore, re-licensing is not required. Licensing information is described in detail within the Licensing section of this Help system.

Copyright and Trademark Information


SOFTWARE VERSION Version: 5.0.0 DOCUMENT VERSION Version: 17.1 COPYRIGHT INFORMATION Copyright 1997 - 2012, Matrikon Inc. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, translated, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of Matrikon Inc. CONFIDENTIAL The information contained herein is confidential and proprietary to Matrikon Inc. It may not be disclosed or transferred, directly or indirectly, to any third party without the explicit written permission of Matrikon Inc. LIMITATIONS Although every endeavor has been made to ensure that the information contained within this document is up to date and accurate, Matrikon cannot be held responsible for any inaccuracy or error in the information contained within this document. Matrikon makes no warranty of any kind with regard to the information contained within this document and Matrikon shall not be liable for any direct, indirect, incidental or consequential damages which may arise in connection with the furnishing, reliance, or use of the information contained within this document. Specifications and statements as to performance in this document are Matrikon estimates, intended for general guidance. Matrikon reserves the right to change the information contained within this document and any product specification without notice. Statements in this document are not part of a contract or program product licence insofar as they are incorporated into a contract or licence by express preference. Issue of this document does not entitle the recipient to access or use of the products described, and such access or use shall be subject to separate contracts or licenses. The receiving party shall not disclose, publish, report, communicate, or otherwise transfer any information in this document to any third party, and shall protect all information contained herein from unauthorized disclosure. The receiving party shall permit access to this document only to its employees, agents, subcontractors, and affiliates who reasonably require access to such information contained herein, have been made aware of the confidential nature of this document and have executed a written employment or other confidentiality agreement party to maintain the confidential status of this document. LICENSE AGREEMENT This document and the software described in this document are supplied under a license agreement and may only be used in accordance with the terms of that agreement. Matrikon reserves the right to make any improvements and/or changes to product specifications at any time without notice.

TRADEMARK INFORMATION The following are either trademarks or registered trademarks of their respective organizations: Matrikon and MatrikonOPC are trademarks or registered trademarks of Matrikon Inc. OTHER MatrikonOPC is a division of Matrikon Inc. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Copyright 1998-2008 the OpenSSL Project. All rights reserved.

References
This Help system references information found within the following documents/sites:
l l l l l l l l l l

www.opcfoundation.org www.matrikonopc.com www.opcsupport.com OPC Overview 1.0 OPC Common Definitions and Interfaces 1.0 OPC Data Access Specification 2.05a OPC Data Access Specification 3.00 OPC Historical Data Access Specification 1.2 OPC Alarms and Events Specification 1.10 OPC Security Specification 1.00

Acronyms and Definitions


The following terms are used interchangeably throughout the Online Help:
l l l l

screen and window tab and panel MatrikonOPC License Wizard and License Wizard MatrikonOPC Tunneller and Tunneller Description OPC Alarms and Events. Provides access to process alarm and event data. 34-digit key provided upon purchase of MatrikonOPC software. Tunneller Client Configuration Tool Component Object Model. A method for organizing software, specifying how to build components that can be dynamically interchanged. In short form, used to indicate the Client-Side machine. Tunneller Client-Side Component (or Client-Side Gateway). OPC Data Access. Provides access to real-time process data. Distributed Component Object Model. An extension of COM that allows communication between COM components over a network. Dynamic Data Exchange. Allows the transfer of data between two running applications. As in demo licenses; a temporary or demonstration version. OPC Historical Data Access. Provides access to historical process data. Human Machine Interface. Device that allows interaction between the user and machine. Typically used in process control applications. PC-specific code needed to perform web page or email licensing. Provides coded information on the PC hardware used for node-locked licensing. Usually five characters in length, ignoring the 0x at the front. Sample Lock Code: 0xABCDE Code provided by MatrikonOPC that determines the hardware to which the license will be locked. Modifying the system hardware invalidates the license. Usually two characters in length, ignoring the 0x at the front. Sample Lock Selector: 0x14 Matrikon Inc. Matrikons brand name for its OPC servers and clients. A communication standard. Refer to www.opcfoundation.org for more information. MatrikonOPC Redundancy Broker. Programmable Logic Controller. In short form, used to indicate the Server-Side machine. Tunneller Server-Side Component (or Server-Side Gateway).

Term/Abbreviation A&E Activation Key CCT COM CS CSC DA DCOM DDE Demo HDA HMI

Lock Code

Lock Selector

Matrikon MatrikonOPC OPC ORB PLC SS SSC

Licensing Introduction
Most MatrikonOPC products require that some form of licensing criteria be met for it to function correctly. A license is required to enable the server's functionality. Some products are hardware-licensed only, some are software-licensed only, and some are both. For more information on MatrikonOPC products that are hardware-licensed only, please contact your Account Manager. This section of the Help system is intended to assist you in licensing MatrikonOPC products. Please feel free to contact the MatrikonOPC Support group any time you require assistance. This Licensing topic includes the following information:
l l

Hardware and software key licensing information. MatrikonOPC Licensing Utility that is used to license driver software, and the variety of ways in which licenses can be obtained. Common questions regarding licensing.

References
Licensing information is also provided online in MatrikonOPC's Knowledge Base. Note: No data is lost in the event of license failure, only the ability to retrieve data is affected.

Hardware Keys
For software that supports hardware key licensing, a USB or HASP hardware key coded to that particular program can be purchased. This key must be securely fastened to the parallel (or USB) port of the computer on which the software is installed. MatrikonOPC parallel port keys cannot be combined in a series (i.e., daisy-chained). All licenses must exist on one physical key, either parallel or USB. However, it does not interfere with hardware keys from other vendors, nor does it affect other normal parallel port applications, such as printing. If the software uses hardware licensing, the installation program installs a device driver for USB or HASP keys on the target system. It functions for a demonstration period of two hours before timing out. At this point, all device communication will cease.

Hardware Licensing
To license with a hardware key, simply connect the key to the appropriate port. To verify that your hardware key is properly installed: 1. Run the MTKAuthorize.exe utility located (by default) in the C:\Program Files\Common Files\MatrikonOPC\Common folder. 2. Click on the Check Licenses button.

Software Keys
For products that support feature-specific and computer-specific licensing, a license is issued that is specific to a given set of features in the application, and to the computer on which it is installed. The license will not work on another computer, and supports only those

features that have been purchased. Products that are software-licensed only, stop working once the license expires.

Licensing MatrikonOPC Tunneller


Most MatrikonOPC products require that some form of licensing criteria be met for it to function correctly. MatrikonOPC Tunneller supports both software and hardware] licensing. Starting with Tunneller 3.2.0.0, a new software licensing API is in use. For all new installations, software licenses are of a different type than the ones used in previous versions. For upgrades from older versions, the existing software license is still valid and therefore, re-licensing is not required. Licensing information is described in detail within the Licensing section of this Help system.

Software Licensing Wizard


MatrikonOPC provides a Software Licensing Wizard (i.e., Matrikon License Wizard) that is used to license their driver software. During the installation process, you are prompted to install either a 30-day evaluation license or a permanent license.

If you have not purchased the software yet, select the 30-day option. The software can be permanently licensed at a later date without needing to re-install. If you have purchased the software and have your 34-digit activation key and lock selector, select the second option. The Matrikon License Wizard is launched later in the installation process and it can also be launched after the install has completed. To launch the Wizard after installation is complete: 1. Click on the Windows Start button. 2. Select Programs -> MatrikonOPC -> Tunneller -> License Wizard. 3. The Matrikon License Wizard appears.

Matrikon License Wizard with Internet Connection


When the Matrikon License Wizard is launched, the screen below appears.

To license via an Internet connection: 1. Enter the Lock Selector (which is usually 0x14). 2. Enter the Activation key. 3. Click on the Next button. Note: The Next button is disabled until the Lock Selector and Activation key fields have been entered. 4. The Matrikon License Wizard attempts to license the software by connecting directly to the license server located at the MatrikonOPC head office. Note: If there are problems licensing the software, an error message appears informing you as such and provides a reason for the error. 5. Step 2: License System of the License Wizard is displayed.

6. If licensing is successful, the Step 3: Review Licensing screen appears.

7. Review the list of features that were licensed. Note: You can export this list to a file by clicking on the Save button. 8. Click on the Exit button to complete the licensing and close the License Wizard.

Licensing Via Web Page


In the event that your system does not have Internet connectivity, you will be directed to the following License Wizard screen after inputting the Lock Selector and Activation key.

To license via a web page: 1. This screen allows you to save the licensing details to a file using the Save button. 2. You can then transfer the saved file to a system that has Internet access. 3. Using a web browser, navigate to http://opclicensing.matrikon.com. 4. A licensing web page is displayed.

5. Complete the following fields: Activation Key, Lock Code, and Computer Name (for the system on which the OPC software was installed). All of this information is available in the file that was generated by the Matrikon License Wizard. 6. Once all the fields are entered, click on the Request License Key button. 7. After a short delay, a license details screen appears and provides the following features:
l

The Copy button copies the license key code to the clipboard so that it can be pasted into another file or an email and then transferred to the system with the OPC software installed on it. The Save button saves the license key code to a file named license.mtkl, which can then be transferred to the system with the OPC software installed on it. The Print button allows you to output the license key code to a printer if you want to make a copy of the code or physically bring it to the system with the OPC software installed on it. The Activate Another License button returns you to the main licensing webpage.

8. Return to the system with the OPC software installed on it and launch the Matrikon License Wizard. 9. The License Wizard Step 2 screen should appear once again. 10. Using the Browse button, locate the license file that contains the license key code. 11. Once you have located the file, click Next to continue. 12. If the licensing is successful, the Step 3: Review Licensing screen appears.

13. Review the list of features that were licensed. Note: You can export this list to a file by clicking on the Save button. 14. Click on the Exit button to complete the licensing and close the License Wizard.

Licensing Via Email


In the event that your system does not have Internet access, nor can you access a web browser, you can email the information from Step 2 to the MatrikonOPC licensing department. A license file will then be emailed back to you.

To license via email: 1. From Step 2 (without Internet) of the License Wizard click on the Save button and save the file to your system. 2. Email the saved file to licensing@matrikonopc.com . 3. After receiving the file, the MatrikonOPC licensing department will email back a license.mtkl file. 4. Save the file you received from MatrikonOPC to your system. 5. Navigate to the file using the Browse button shown. 6. Once you have located the file, click Next to continue. 7. If the licensing is successful, the Step 3: Review Licensing screen appears.

8. Review the list of features that were licensed. Note: You can export this list to a file by clicking on the Save button. 9. Click on the Exit button to complete the licensing and close the License Wizard.

License Removal
To remove a license from a system: 1. Click on the Windows Start button. 2. Select Programs -> MatrikonOPC -> Tunneller -> License Remover. 3. The Confirm License Removal window appears.

4. Confirm the removal by clicking on the Yes button, or click No to exit. 5. Once the license is removed, the License Removed window appears.

6. The listed file must then be emailed to licensing@matrikonopc.com to confirm the license removal. If successful, the activation key is incremented by one license. Note: If applicable to the product, license removal for individual UCS plug-ins can be done through the command line as follows: C:\Program Files\Matrikon\OPC\UCS>Licenseremover.exe ucs <feature name> For example, to remove the license for the MatrikonOPC Omron Plug-In, the following command must be executed: C:\Program Files\Matrikon\OPC\UCS>Licenseremover.exe ucs Driver_Omron

MatrikonOPC Online Help Overview


The purpose of this Help system is to provide an overall understanding of how to use this product. MatrikonOPC Online Help consists of several topics and procedures:
l l l l

Limitations Troubleshooting Licensing Contacting Support

Using Help
To access the MatrikonOPC Online Help, either: 1. From the application Help menu, select the Online Help option. Or, Click your mouse anywhere in the application and press the F1 key on your keyboard. Or, Click on the Windows Start button, select Programs -> MatrikonOPC - > Tunneller -> Help, and choose MatrikonOPC Tunneller Online Help. Note: At the end of the installation process you are presented with a Setup Complete window that gives you the option of launching the Online Help by selecting the Launch user documentation checkbox. You are presented with the Online Help window and table of contents. Click on a book icon to open it and view the topics within. Click on a topic to display and read it in the topic pane on the right side of the Help screen. In some cases, the Help windows offer links to additional information. Click on any underlined text, or the Related Topics button (if applicable, is found at the bottom of the topic page) to read more information. Words or phrases in bold, green text indicate that more information is available . Click on the word or phrase to view any additional information that is presented in a pop-up window.

Help Topics
From the Online Help Table of Contents, click on a book to open it and view the topics in that book. Click on a topic to view it. All of the information in the MatrikonOPC Online Help is contained in documents called topics. The topic (i.e., page) icon represents this information. Topics are grouped into Help books, represented by the book icon. Books can contain groups of topics, or more books. The information contained in the topics allows you to access descriptions of the MatrikonOPC screens, windows, or panels, and perform the required procedures.

Procedures Procedural topics describe how to accomplish a particular task in MatrikonOPC products. Procedures in the Online Help are actionoriented and always refer to the screens, windows, and panels involved in the task.

MatrikonOPC Online Help Window


Online Help Window
The MatrikonOPC Online Help window is divided into three panes:
l l l

Button bar Navigation pane Topic pane

Some topics in the Online Help include screen images that may not fit within the size of the default Help window. The Help window can easily be re-sized as needed by simply "grabbing" the end of the window and extending it for a complete view. To grab the end of the window, with the Online Help open, place your cursor on the bottom right-hand corner of the Help window until a double arrow appears. Click your left mouse button and drag the edge of the screen until it reaches the required size and then release the button. This increases the height and width of the Help window. To adjust either the height or width, place your cursor over the side or bottom edge of the Help window. Click your left mouse button and drag the edge of the screen until it reaches the required size and then release the button.

Button Bar

The Button bar is located across the top of the MatrikonOPC Online Help window. There are several buttons included on the Button bar:
l

Hide/Show button - allows you to show or hide the Navigation pane. You can toggle the button to hide the Navigation pane, allowing the Topic pane to cover the entire window. Back button - allows you to move backwards through the browse sequence. Forward button - allows you to move forward through the browse sequence. When you search for keywords in the Online Help using the Search tab, those keywords are highlighted in the applicable topics. Use the Refresh button to remove the highlight from the keywords in the current topic. Home button - returns you to the first topic that was displayed when you opened the Online Help. Print button - opens the print dialog box so that you can print the topic that is currently displayed. For more information, see Printing a Topic in MatrikonOPC Online Help.

l l l

l l

Navigation Pane
The Navigation pane on the left side of the MatrikonOPC Online Help window allows you to move through the books and topics. The Navigation pane contains four tabs:
l

Contents tab - displays a list of the available books of topics in the Online Help. A book may contain a list of topics, or more books. Click on a book to expand or open it, and view its contents. Index tab - lists all of the words you can use to search for topics in the Online Help. By typing or selecting one of these words, you can search for and go to a specific Help topic. Search tab - lets you search the entire contents of the Online Help for individual keywords. To do this, Help creates a database

of keywords the first time you use this feature.


l

Favorites tab - allows you to identify those topics that you visit more often, and add them to the list for quick access.

The method of navigation is dependent on which tab is selected. When you need to find specific information in the Online Help, the three most common methods used are: the search feature, the table of contents, and an index. For a description on how to find a topic using the navigation tabs, see Finding a Topic in MatrikonOPC Online Help.

Topic Pane
When you open a topic, the Topic pane appears on the right side of the Online Help window. Topic information consists of text, tables and links to other topics. Scroll up or down to view all the information displayed in the topic. Many Help windows offer links to additional information which are identified by solid green underlined text. Click on the underlined text to access and view another topic or pop-up definition. The selected topic is displayed in the main topic pane. Pop-up definitions appear in text boxes within the topic from which the pop-up is selected. To close the pop-up, click the pop-up itself or anywhere in the displayed topic.

Finding a Topic in MatrikonOPC Online Help


There are four quick ways to find information in a particular topic in MatrikonOPC Online Help:
l l l l

Contents tab Index tab Search tab Favorites tab

Contents Tab
The Contents tab displays a list of the available books of topics in MatrikonOPC Online Help. A book may contain a list of topics, or more books. The Contents tab uses an expandable/collapsible view to display topics contained in a book. To expand the view of topics in a book, click on the plus icon (+). The list of topics contained in the book is displayed and the plus icon changes to a minus icon (-). Collapse the book view by clicking on the minus icon. You can also click on a book to expand the view of topics in a book. Click on the topic to open it and view its contents in the Topic pane (refer to MatrikonOPC Online Help Window).

Index Tab
The Index tab lists all the words you can use to search for topics in MatrikonOPC Online Help. By typing or selecting one of these words and clicking on the Display button at the bottom of the Navigation pane, you can search for and go to a specific Help topic .

Search Tab
The Search tab lets you search the entire contents of MatrikonOPC Online Help for individual keywords from a database of keywords. The database is created the first time you use this feature. Enter a keyword in the Type in the keyword to find field to use the fulltext search that displays all the topics that contain the word you entered. You can narrow the search by selecting a word from the list of related words. The Search tab also allows you to perform a search for topics containing a particular phrase. After entering the required phrase in the Type in the keyword to find field, you must enclose that phrase in quotation marks. Any topics containing the exact phrase will then be listed in the Select Topic to display field. If you do not enclose the phrase in quotation marks, all topics that contain the first word of the phrase are retrieved. After selecting the required topic, click on the Display button.

Favorites Tab
The Favorites tab allows you to manage accessibility of those topics in the Help system that you visit often. With a topic displayed in the Topic pane, select the Favorites tab. Click on the Add button located at the bottom of the tab. The name of the topic is listed in the Topics section. To display any of your "favorite" topics, select the Favorites tab and either:
l l

Select the required topic listed in the Topics section. Click on the Display button at the bottom of the tab. Double-click your mouse on the required topic listed in the Topics section.

Printing a Topic in MatrikonOPC Online Help


In MatrikonOPC Online Help, you can print topic and pop-up contents using the methods described here. All methods direct you to the Print screen where you can define your printing options (e.g., printer, number of copies, page range, etc.)

Navigation Pane and Print Button


With the Contents tab selected in the MatrikonOPC Online Help Navigation pane, find the topic you would like to print. Click on the name of the topic to highlight it. Click on the Print button on the Button Bar at the top of the window. The Print Topics window appears asking if you would like to print just the selected topic, or all topics in the selected heading.

Make your selection and click on the OK button. The Print window appears where you can define your printing options. Click on the Print button on the Print window.

Topic Pane and Print Button


From the Online Help Topic pane, you can print the current topic by clicking your mouse in the pane and then selecting the Print in the Button Bar at the top of the window. The Print Topics window appears asking if you would like to print just the selected topic, or all topics in the selected heading. Make your selection and click on the OK button. The Print window appears where can define your printing options. Click on the Print button on the Print window.

Navigation Pane and Context Menu


With the Contents tab selected in the Online Help Navigation pane, right-click your mouse on the topic you would like to print. Select Print from the displayed menu. The Print Topics window appears asking if you would like to print just the selected topic, or all topics in the selected heading. Make your selection and click on the OK button. The Print window appears where can define your printing options. Click on the Print button on the Print window.

Topic Pane and Context Menu


From the Online Help Topic pane, you can print pop-up definitions by clicking on the required pop-up, right-click your mouse on the pop-up text box that appears, and selecting the Print option from the displayed menu. You can also print the current topic by right-clicking your mouse in the Topic pane and selecting the Print option from the displayed menu. The Print window appears where can define your printing options. Click on the Print button on the Print window.

Getting Started
This chapter contains important information about installing Tunneller and how to contact the MatrikonOPC Support team. The System Requirements section shows how to avoid future problems by ensuring that the system meets the minimum software and hardware requirements. Detailed step-by-step instructions in Appendix B - Installation walk you through the installation process. Appendix C Installed Files lists the files that are installed during this process. Once the software is installed, refer to the Licensing section for information on how to obtain the appropriate license. If any problems are encountered during installation or licensing, refer to the Contacting Support section for information about how to contact the MatrikonOPC Support team for assistance.

System Requirements
The software has minimum Software and Hardware system requirements. These requirements must be met for the software to function properly. Note: To install and configure a MatrikonOPC server, you must be set up as an administrative user account rather than a restricted user account.

Software Requirements
The server requires the following software:
l l l l l l

Microsoft Windows XP SP2, or Microsoft Windows 2003 SP0, or Microsoft Windows 7, or Microsoft Windows Server 2008 SP0, or Microsoft Windows Server 2008 R2 SP0 Microsoft .NET Framework 2.0 (if included with this install program)

Note: It is recommended that the most current service packs are installed.

Hardware Requirements
The server requires the following hardware:
l l l l

Intel Pentium 4 Processor 512 MB RAM 40 GB 7200 RPM Hard Drive TCP/IP connectivity

Tunneller Version Compatibility


MatrikonOPC Tunneller requires a minimum of two computers set up to provide the two ends of the tunnel. In order to allow for each end of the tunnel to be upgraded to a new version of MatrikonOPC Tunneller with minimal impact, efforts have been taken to maintain backwards compatibility with prior versions. Where new features have been added to tunneller between versions, generally only the features available in the oldest version used in a tunnel are available. The current version of MatrikonOPC Tunneller has been tested for backwards compatibility as follows:

Note: It is recommended that both sides of the connection be upgraded to the latest version of MatrikonOPC Tunneller where possible to gain access to all the new features.

Component

Is Compatible With MatrikonOPC Tunneller Server-Side Gateway Component Versions: l 3.0.4.0 l 3.1.0.0 l 3.1.1.0 l 3.1.2.1 l 3.2.0.0 l 3.2.3.0 l 3.2.4.0 l 3.2.5.0 l 3.3.0.669 l 3.5.0.972 l 4.0.0.1294 l 4.1.0.3542 MatrikonOPC Tunneller Client-Side Gateway Component Versions: l 3.0.4.0 l 3.1.0.0 l 3.1.1.0 l 3.1.2.1 l 3.2.0.0 l 3.2.3.0 l 3.2.4.0 l 3.2.5.0 l 3.3.0.669 l 3.5.0.972 l 4.0.0.1294 l 4.1.0.3542

MatrikonOPC Tunneller Client-Side Gateway Component Version 5.0.0

MatrikonOPC Tunneller Server-Side Gateway Component Version 5.0.0

Configuration
MatrikonOPC Tunneller's goal is to provide trouble-free communication in a manner as transparent as possible to an existing OPC installation. Tunneller achieves this by acting as a pass-through between the OPC client and the OPC server (as demonstrated in the illustration below).

Main Configuration Screen


Basic Tunneller configuration is done with the MatrikonOPC Tunneller Client-Side Gateway Configuration Utility, which is available on any computer where the CSC files have been installed. To open the Client-Side Gateway Configuration Utility: 1. From the Windows Start button, select Programs -> MatrikonOPC -> Tunneller. 2. Open the Client-Side Gateway Configuration Utility (also known as the Client-Side Configuration Tool, or CCT).

Note: The Tunneller Client Side Gateway Configuration Utility requires local administrator privileges to operate correctly. If a user that does not have local administrator privledges runs the Client Side Gateway Configuration Utility, it will require the user to provide local administrator credentials. This screen contains all Tunneller connections that have been added. These are connections to OPC servers located on machines where the Server-Side Tunneller files have been installed. If there are no Tunneller connections configured, then the Client-Side Gateway Configuration Utility displays no available Tunneller connections. Tunneller connections may now be added. To add a connection: 1. From the Client-Side Gateway Configuration Utility screen, either: l Press Ctrl+N , or

l l

From the toolbar, click on computer icon button (displayed on the far left of the toolbar), or From the File menu, select the Add Remote Tunneller Connection option. Note: For Tunneller to operate, at least one connection to an OPC server must be configured (local connections are also allowed). This means that Tunneller must be installed on a PC that is accessible via TCP/IP.

2. The Add Remote Tunneller Connection window appears.

Remote Tunneller Connection


The Add Remote Tunneller Connection window contains all of the information necessary to set up a Tunneller CSC connection to a remote PC with the Tunneller SSC installed. The OPC server to which Tunneller connects must reside on the same machine as the remote Tunneller install.

The Add Remote Tunneller Connection window components are described in the following list.

Field Descriptions:
Component Connect To Description Allows you to enter or select (from the drop-down list) the name of the computer referenced either by its IP address or by the specific computer name. Allows you to enter the port number on the remote PC to which Tunneller should establish a connection. Restarting the Tunneller service is required when this option is changed. The default port is 21379. Note: To successfully communicate, the port number configured on the Client-Side Component must match with the port number configured on the Server-Side Component.

Port Number

Component

Description Allows you to enter the amount of time (in seconds) the CSC waits for a response to a request before it considers the request failed and returns an error code to OPC client. Processing Timeout should be set to a value higher than the longest time required to execute a request. The default value is 60 seconds. Allows you to enter the amount of time (in seconds) the network communication mechanism will try to send a request or receive a response from the SSC before it considers the communication failed. Communication Timeout should be configured to a value higher than the time required to send the largest message over the network. The default value is 10 seconds. Allows you to select an option to specify whether the failed communication is to be retried forever (Retry Forever), or only for a specified number of attempts (Retry Attempts). If the Retry Attempts option button is selected, in the adjacent field, enter the number of times Tunneller should try to resend requests/responses that have failed to send. This parameter defines how many attempts should be made after failure. The default value is 5 (i.e., sending each request/response will be attempted up to six times). Enable compression for remote Tunneller connections. Compression can decrease the amount of data to transfer and can improve performance on low bandwidth connections such as radio or satellite links.By default this check box is not selected. Note: The Compression setting can be adjusted later for each individual OPC server. Enable sending an A&E refresh call when an A&E tunnel is reconnected. If the remote OPC A&E server supports condition events and those are subscribed by the OPC client, the condition events will be updated through to the client when Tunneller reconnects following a lost TCP/IP connection. By default this check box is not selected. Note: A&E: Send refresh on reconnection can be adjusted later for each individual OPC A&E Server.

Processing Timeout

Communication Timeout

Communication Retry Attempts

Use Compression

A&E: Send refresh on reconnection

Note: If Tunneller detects that the network path to the remote computer is unavailable because of a physical break in the network or the remote SSC is not available, it considers the sending of the command as failed and does not attempt any retries. At that point, Tunneller tries to reconnect to the remote computer. Once the settings have been configured to the user's specific network requirements, click on the OK button. If the specified port number is open and available, the SSC provides a list of installed OPC servers to the CSC. The Client-Side Gateway Configuration Utility (shown below) now displays the list of accessible (through Tunneller) OPC servers for the selected remote host. If the OPC server supports more than one OPC interface (i.e., A&E, DA, or HDA), then the list contains one Tunneller entry for each interface for that OPCserver. Note: In version 3.1.0.0 of Tunneller, new functionality is added to restrict access to OPC servers. If this feature is turned on, then the SSC can return a smaller, or empty, list of OPC servers.

When the Tunneller Configuration Utility shows a list of tunnelled OPC servers, OPCclients may browse for and connect to those OPC servers. The following diagram shows MatrikonOPC Explorer browsing for, and finding, Tunneller DA OPC servers.

Connection Properties By selecting the remote computer node from the tree, the Connection Properties panel is displayed for that remote server.

Field Descriptions:
Component Port Number OK Description The port number that the Tunneller Server Side Gateway on that computer has been configured to listen for connections on. By default, port 21379 used. Changing this value affects all of the remote OPC server connections configured for that machine. Click on this button to confirm that the port number should be changed. When this button is clicked, the Client Side Gateway Configuration Tool will connect to the Server Side Gateway on the remote machine and query the license status and displays the list of license features and the current state of each feature. Only version 5.0.0 or newer versions of the Server Side Gateway can provide licensing information.

Licensing

File Menu
The File menu allows the user to add a connection, start the key manager, import and export the connections, and exit the program.

Add Remote Tunneller Connection


Open Key Manager Opens the Client Side Key Manager window to configure encryption settings. Import Configuration The Client Side Gateway Configuration tool can load a previously exported configuration file to recreate a set of remote connections. This option is useful when several MatrikonOPC Tunneller Client Side Gateway machines are being configured to connect to the same Server Side Gateway machines and tunneled OPC servers. Once the first machine has been configured, the configuration can be exported, and the file copied to the other machines for importing. This option provides a standard Microsoft Windows file selection dialog to locate and select the file to load. Export Configuration The Client Side Gateway Configuration tool can export the list of configured remote tunneller connections and remote progids into an XML formatted file for backup or to aid in the configuration of multiple machines that use the same connections. A standard Microsoft Windows File selection dialog is provided to select the location and name of the file to save. Exit Closes the Client Side Configuration Tool window. MatrikonOPC Tunneller will continue to run as a windows service and is not stopped if the configuration tool is closed.

Options Menu
The Options menu provides several functions. You can refresh all the tunnelled servers from the system registry. The refresh settings does not affect any current connections as it only refreshes the configuration display. To refresh the server list: 1. From the Client-Side Configuration Utility, either: l Select Refresh Server List from the Options menu, or l Press F5.

The user can un-register certain Tunneller server connections from the toolbar. From the Options menu, select the Unregister Selected Server option, or press the black X ( ), to un-register the server in the Client Configuration Tool. ), to un-reg-

From the Options menu, select the Unregister All Servers on Selected Connection option, or press the blue X ( ister all connections to the computer selected in the Client Configuration Tool. From the Options menu, select the Unregister All option, or press the red X ( nections.

), to un-register all configured Tunneller con-

WARNINGS: l Before removing or modifying any Tunneller server connection, make sure that no clients are actively connected. If there are active connections, the OPC clients must be disconnected before the Tunneller server connection is removed. l When removing a Tunneller server connection and recreating it, ensure that any OPC client that has

the connection information cached, clears its cache and obtains the new Tunneller Server connection information. Failure to do so may cause unpredictable behavior. From the Options menu, select one of the three logging options: DA Logging, HDA Logging, or A&E Logging to access the logging options for each of the three Client Side Gateway components. Choose the option or options appropriate to which remote OPC server types are in use. The logging options dialog will be displayed for the selected Client Side Gateway component.

Logging Options Dialog


The logging options dialog allows you to configure logging for the Client Side Gateway. There are three logging options dialogs, one each for the DA, HDA, and A&E Client Side Gateways. All three dialogs appear and operate in the same way. Only the DA Options dialog is shown here.

General Logging

Field Descriptions:
Component Description Enable activity logging is used to activate logging, and select the log level. By default the checkbox is checked and the drop-down box set to Low. Medium and High log levels will provide more information for troubleshooting and support, but the log file will grow more rapidly. Enables keeping a backup of the last logfile. When checked, and the CSC is started, the old log file (if present) will be renamed with the addition of .bak to the filename. By default, this checkbox is cleared. Commit all log file writes, when checked, causes the logging system to force the log file to be written to disk after each log line. Selecting this option will cause a noticeable performance decrease in the CSC. Selecting this option is only recommended when Matri-

Enable activity logging

Keep backup of last log file

Commit all log file writes

Component

Description konOPC support requests it for troubleshooting purposes. By default, this check box is cleared. In order to prevent MatrikonOPC Tunneller log files from filling all available harddrive space, the CSC will start overwriting the file from the beginning when the file reaches this configured size. By default, 10 megabytes is set as the maximum file size. Note: If Commit all log file writes is checked, this option is ignored, and the log file will grow to fill all available hard drive space. The name of the file to write log information to. By default, the file is located in C:\Program Files\Common Files\MatrikonOPC\Common or on 64 bit operating systems, C:\Program Files (x86)\Common Files\MatrikonOPC\Common. You may type in a full path to a file, or use the browse button to choose a file. If a filter string is entered, and a filename entered for a filtered log, the CSC will write a second log file which will contain only those log messages that contain an exact match to the selected filter string. This option is normally used at the direction of MatrikonOPC Support to collect specific information for troubleshooting. By default, the filter string is empty. The file name to write a filtered log file to. By default, this field is empty. You may type in a full path to a file, or use the browse button to choose a file.

Wrap log file if it exceeds

Filename

Filter String

Filename

Interface Logging
Interface logging creates one log file per OPC Client connection to the CSC and is used for troubleshooting issues between the OPC Client and the MatrikonOPC CSC. Changes made to interface logging settings cannot take effect until the CSC is restarted, and the OPC Client has reconnected to it.

Field Descriptions:
Component Enable interface logging Description Enable interface logging for connections made to this CSC when checked. By default, the option is unchecked. When checked, you may select a log level of Low, Medium, or High. Higher log levels will fill or wrap the log file faster. Commit all log file writes, when checked, causes the interface logs to be stored to disk immediately after each log statement. By default this checkbox is unchecked. When checked, the CSC will be noticeable slower, and the interface log file may grow in size until all available disk space is used up. This option should not be enabled except at the direction of MatrikonOPC Support for troubleshooting purposes.

Commit all log file writes

NOTE: Changes made to interface logging will not take effect until the tunneller CSC is restarted.

OPC Client Requirements


The OPC clients connecting to Tunneller are required to fulfill the following requirements: l Allow in proc servers. A small portion of Tunneller will be loaded in proc. Note: Starting in version 3.1.0.0, Tunneller CSC can also be loaded as a remote COM server (i.e., using CoCreateInstanceEx function call). l Support the Shutdown call-back. This is a required interface but some clients do not support it. It must be supported for Tunneller to relay communication failure information. l Both 32 bit and 64 bit OPC Clients are supported. The MatrikonOPC Tunneller CSC is a 32bit service, but on 64 bit operating systems a 64 bit inproc component and registration information are provided to allow the connection.

GetStatus Call
Tunneller uses TCP connections to do its data transfer, but does not automatically detect TCP line failures if no requests are made by the OPC client. The GetStatus call should be used as a heartbeat mechanism for line failure detection. The OPC client must call GetStatus at regular intervals to ensure the line is available. Tunneller does not initiate the GetStatus call on its own. It relies on the OPC client to make the GetStatus call. The call can be made as often as needed, depending on the required detection level. Frequent calls (at approximately one second) will detect a line failure quickly. It will also detect a line that has gone down but has come back immediately. Infrequent calls can allow a momentary interruption to pass but will not detect a prolonged failure until the line is needed by an actual call. The users specific requirements will indicate how often the GetStatus should be called.

The diagram above shows the configuration options for the GetStatus call. Options are common for all tunnelled OPC servers and available to configure when the root of the tree control (Tunneller Computer Connections) is selected on the Client-Side Gateway Configuration Tool. These options are described the following list.

Field Descriptions:
Component Use Remote Status Description Selecting this checkbox causes the GetStatus call to be made across the TCP line to the end OPC server. Clearing the checkbox causes any GetStatus call made to Tunneller to be returned immediately with Tunneller's own status. Recommended by MatrikonOPC. This option is available only when the Use Remote Status checkbox has been selected. When selected, this option forces an internally generated GetStatus message to be sent to the end OPC server. However, it returns Tunnellers own status immediately to the calling client, so it is a non-blocking call. The remote call will be made as close as possible to the rate at which the end OPC client is calling GetStatus on Tunneller. If a communication failure is detected, Tunnellers status will be set to failed. In subsequent GetStatus calls, the status field of the status structure returned by Tunneller will be set to failed. This option is available only when the Use Remote Status checkbox has been selected. If selected, this option forces the calling OPC clients GetStatus call to the end OPC server. The status of the end OPC server is returned. If there is a line interruption or some other form of communication failure between the two halves of Tunneller, the calling OPC client may hang and become unresponsive (it is a blocking call). Whether the OPC client hangs or not is entirely

Funneled (recommended)

Remote

Component

Description dependent on the OPC client and its implementation. If a communication failure is detected, Tunnellers status is set to failed. In subsequent GetStatus calls, the status field of the status structure returned by Tunneller is set to failed.

OK Cancel

Click on this button to save any setting changes made in this window. Click on this button to cancel any setting changes made in this window.

Note: Starting in version 3.1.0.0, when the completion of a request sent by the SSC takes too long, the SSC periodically sends KeepAlive messages. The default time interval value is equal to half of the timeout parameter configured on the tunneller.ini file on the SSC. If both the CSC and SSC are of version 3.2.0.0 and higher, the time interval is equal to half of the Communication Timeout parameter which is configured using the Client-Side Gateway Configuration Utility. For example, adding 15,000 items can take the OPC server 15 seconds to perform. In this scenario, the SSC will send Keep-Alive messages every 1.5 seconds (if the Timeout Parameter equals the default value of 3 seconds). If the CSC does not receive any message during the time interval set by the Communication Timeout parameter (which also has a default value of 3 seconds), the CSC detects communication failure, disconnects from the SSC and tries to reconnect during the time defined in the ReconnectTime parameter (in TunnellerOpts.ini file). If reconnection is not successful, then the add items request fails and the failed result is returned to the OPC client.

Statistical and Diagnostic Tags


Tunneller 5.0.0 adds a set of statistical and diagnostic tags to OPC DA clients accessing a tunneled DA server. These tags appear as part of the normal server namespace. Most of the tags require that the user has a valid SMS agreement with MatrikonOPC and requires the software license key to include the SMS feature. These tags are intended to help users and MatrikonOPC Support with tracking the current status of the tunneller connection, licensing on both sides of the connection, and connection performance measurement. The information provided by these tags will aid in troubleshooting and system health monitoring. All of the following tags are available under the branch named #TUNSTAT#, and can be browsed on the server.

Statistical Tags
Statistical tags are calculated on the Client Side Component, and only refer to the details of the OPC DA tunnell connection that the tags apply to. Requires SMSLicense Y

Tag Name

Description The number of seconds over which averages will be calculated for statistical items. Read/Write Default: 30 seconds. Write true to this item to reset the statistical tags and clear the average calculations. Minimum and Maximum items are reset to the next current value at this time. Total items and counter items are reset to 0. Read/Write Default: False The number of item updates transferred in the last second. The minimum number of item updates per second. The maximum number of item updates per second. The total number of item updates processed. The rolling average number of item updates per second over the last {@AverageCalculationWindow} seconds. The number of item writes transferred in the last second. The minimum number of item writes per second. The maximum number of item writes per second. The total number of item writes processed. The rolling average number of item writes per second over the last {@AverageCalculationWindow} seconds. The number of TCP/IP packets transmitted to the SSC in the last second. The minimum number of TCP/IP packets transmitted to the SSC per second. The maximum number of TCP/IP packets transmitted to the SSC per second.

@AverageCalculationWindow

@ResetStats @Current_ItemUpdates @Minimum_ItemUpdates @Maximum_ItemUpdates @Total_ItemUpdates @Average_ItemUpdates @Current_ItemWrites @Minimum_ItemWrites @Maximum_ItemWrites @Total_ItemWrites @Average_ItemWrites @Current_ TxPackets @Minimum_ TxPackets @Maximum_ TxPackets

Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Tag Name @Total_TxPackets @Average_TxPackets @Current_RxPackets @Minimum_RxPackets @Maximum_RxPackets @Total_RxPackets @Average_RxPackets @CriticalErrors @Errors @Timeouts @LostConnections @SessionReconnections @ConnectionAttempts

Requires SMSLicense Y Y Y Y Y Y Y Y Y Y Y Y Y

Description The total number of TCP/IP packets transmitted to the SSC. The rolling average number of TCP/IP packets transmitted to the SSC per second over the last {@AverageCalculationWindow} seconds. The number of TCP/IP packets received from the SSC in the last second. The minimum number of TCP/IP packets received from the SSC per second. The maximum number of TCP/IP packets received from the SSC per second. The total number of TCP/IP packets received from the SSC. The rolling average number of TCP/IP packets received from the SSC per second over the last {@AverageCalculationWindow} seconds.

Diagnostic Information Tags


Diagnostic Information Tags are generally collected during connection and do not change as long as the connection remains active. Requires SMSLicense Y Y Y Y Y Y Y Y Y Y Y The software version of the CSC. * The software version of the SSC. The IP Address of the CSC. The IP Address of the SSC for this connection. The Protocol Version used for this connection. The ProgramID of the OPC Server connected over the tunnel. True if this connection is compressed. True if this connection is encrypted. True if this connection is still connected. The amount of time passed since this connection was created in days:hours:minutes:seconds. The local user name provided to the SSC for impersonation. If the SSC is version

Tag Name @CSCVersion @SSCVersion @CSCHostAddress @SSCHostAddress @ProtocolVersion @ProgID @Compressed @Encrypted @Connected @Uptime @ImpersonationUser

Description

Tag Name

Requires SMSLicense

Description 5.0.0 or newer, this field will only provide the local user name when impersonation is enabled on the remote SSC.

@CSCSMSLicense @SSCSMSLicence @CSCLicenseState @SSCLicenseState @CSCLicensed @SSCLicensed

N N N N N N

The license state and expiry date of the SMS license on the CSC. * The license state and expiry date of the SMS license on the SSC. The overall license state of the CSC. * The overall license state of the SSC. True if the CSC has a valid license. * True if the SSC has a valid license.

Note: * tag is only available if the SSC is version 5.0.0 or newer.

Encryption, Compression, User Impersonation, and Restriction of the Access to OPC Servers
Refer to the links below for more information pertaining to encryption, compression, user impersonation, and/or server access restriction: Encryption Configuring Encryption Settings Using Server-Side Gateway Configuration Tool Client-Side Gateway Key Manager Compression User Impersonation OPC Server Access Restriction and MatrikonOPC Security Gateway Integration

Encryption
It may be in the interest of the user to encrypt data on the Server-Side machine by selecting which computers may connect to the end OPC servers through Tunneller. Furthermore, this communication may be further regulated by the use of encryption keys. Since the Server-Side machine contains the data that the Client-Side machine wishes to access, the option to operate in a more secure mode is made available on the Server-Side. There are two security modes in which Tunneller may operate: l Open - no encryption will be used and there is no restriction as to which computers may connect through Tunneller. By default, Tunneller will operate in Open mode. l Encrypted - encryption may be used and the user will be able to control which computers are permitted to connect through Tunneller. The information contained in this section is useful for those users who wish to operate in Encrypted mode. Encryption is controlled by the Client-Side Gateway Key Manager (which is part of the CSC), and the Server-Side Gateway configuration tool (which is part of the SSC). Both of them are installed by default in C:\Program Files\Matrikon\OPC\Tunneller in the Client-Side Gateway and Server-Side Gateway subfolders, respectively. To access the Server-Side Gateway Configuration Tool on the Server-Side computer, click on Start -> Programs -> MatrikonOPC -> Tunneller -> Server-Side Gateway Configuration Tool. To access the Client-Side Gateway Key Manager on the Client-Side computer, click on Start -> Programs -> MatrikonOPC -> Tunneller -> Client-Side Gateway Key Manager. Alternatively, the Client-Side Gateway Key Manager is accessible using the Client Configuration Tool (Start -> Programs -> MatrikonOPC -> Tunneller -> Client-Side Gateway Config). Once the CCT is open, the Client-Side Gateway Key Manager may be opened by pressing the second button on the toolbar (the key icon ), or by pressing Ctrl+K, or by selecting the Open Key Manager option from the File menu.

Configuring Encryption Settings Using Server-Side Gateway Configuration Tool


The Server-Side Gateway Configuration Tool allows the user to set the Encryption mode to either Open (the default mode) or Encrypted mode. When Open mode is selected, the Encryption tab is disabled and Tunneller communication is not encrypted. When Encrypted mode is selected, the Encryption tab is enabled, allowing the user to configure key mappings which regulates Tunneller encryption. Encryption fields are described in the Field Descriptions list below. On the Tunneller SSC, the encryption key is read when a new communication session is created. Therefore, modifications to key mappings on the SSC will not affect existing connections. To apply modifications on the SSC, connected sessions should be recreated. Recreation of a session can be achieved from the Tunneller CSC. If all OPC clients connected to the particular end OPC server disconnect from the CSC, this will cause the disconnection of the CSC from the SSC. When the OPC client or clients connect again, the modifications will take effect. Alternatively, if a situation occurs such as no access to the OPC client machine, then restarting the Tunneller SSC service will disconnect clients and apply the SS key mappings on start up. An existing connection will continue to communicate using their old encryption settings until the session has ended. Note: For successful communication to occur, both the SSC and the CSC must be set to the same mode (i.e., set both to either Encrypted or Open). If the SSC and CSC are set to Encrypted mode, then the encryption key must match on both ends.

Field Descriptions:
Component Description To allow for Tunneller communication between the Tunneller SS machine (the machine where the Server-Side Gateway Configuration Tool is located, with IP address x.x.x.x) and the Tunneller CS machine (with IP address y.y.y.y), the CS machine IP address y.y.y.y should be entered in the IP address field and an encrypted key must be created. Similarly, in the CS computers Client-Side Gateway Key Manager, there should be a key mapping containing x.x.x.x, and the encryption key must be the same for communication to be successful. Address can be entered in three different ways: Single IP address is defined exactly. Address range start and end addresses of the range are defined. In this case the key will be used for all IP addresses belonging to the range. Subnet the mask is entered in the first field and the subnet address is entered in the second field. In this case if the result of a bitwise AND operation of the CSC hosts address and Mask is equal to the result of bitwise AND operation of Address value and Mask, then the corresponding

IPAddress

Component

Description key will be used for that particular address. For example, the Mask = 255.255.0.0 and the Address = 192.168.0.0. In this case for all hosts belonging to the 192.168.0.0 local subnet the same key will be used. Using arrows the rightmost bit of Mask can be shifted to the left or to the right. The first click on Get local button changes Address filed to local IP address. Second click changes Address field to the result of bitwise AND operation of local IP address and Mask. Note that for a subnet mask to be valid, its leftmost bits must be set to '1'. Conversely, the rightmost bits in a valid subnet mask must be set to '0', not '1'. So all valid subnet masks contain two parts: the left side with all mask bits set to '1' (the extended network portion) and the right side with all bits set to '0' (the host portion). Note that Subnet type entries are sorted in certain order taking into account how many bits define extended network portion, for example: o 255.255.0.0 168.192.0.0 o 255.0.0.0 168.0.0.0 o 255.255.0.0 192.168.0.0 o 255.0.0.0 192.0.0.0.

Get Local

If this button is pressed, the IP Address field will display the local computers IP address.

Encryption mode (only in Server- The default setting is Open. When this mode is selected, the Encryption tab is disabled. When Side Gateway Configuration the Encryption option is selected, the user can select which computers may connect through Tool, Security Mode tab) Tunneller and may set up encryption. Encrypt When setting up a key mapping, it must be decided if Tunneller communication for the selected IP address will be encrypted. If encryption is desired, check this box; otherwise, ensure it is unchecked. When setting up a key mapping, if encryption will be used for Tunneller communication with that specific IP address or range of addresses, an encryption key may be entered. For Tunneller communication to be successful, the same key must be entered on both the Client-Side Gateway Key Manager and the Server-Side Gateway Configuration Tool for that particular key mapping. An Encryption key may contain letters, numbers, and special characters available on a keyboard. The Encryption key must be entered twice for validation. If keys are different, Update/Add Key Mapping buttons will be disabled. If the Encryption key field is empty, then default hard-coded key will be used. This field will display the user-created key mappings. Key mappings control which computers may connect through Tunneller and contain the encryption keys being employed. The format of a key mapping is either: IP address, <#bits encryption> or IP address <Non encrypted>, which indicates that no encryption will be used for the listed IP Address. Key Mappings Here IP address can be just single address or range of IP addresses or the subnet mask and address combination. Clicking on a key mapping will fill the current mapping fields with the selected key mapping settings. Note that the list of keys is ordered in the following order: 1. Single address in ascending order. 2. Address ranges in ascending order of From address. 3. Subnets in ascending order of address value. The first found entry in Key mapping is used for the given IP address. Once the user has filled the IP address information and encryption key (optional), pressing this button will create a new key mapping. If a key mapping containing the specified IP addresses

Encryption Key

Add Key Mapping

Component

Description already exists, this button will not be enabled. This button is used to update the selected key mapping with the values from fields Encrypt, Encryption Key and IP address. If the values on selected key mapping have not changed, this button will be disabled. To remove a Key mapping, select it from the list of Key mappings and press this button. Pressing this button removes all Key mappings from the list. This button acts exactly in the same way as the Apply button (changes are saved). The difference is that after saving of key mappings the dialog window will be closed. If key mappings were modified but not saved, then this button is labelled Cancel. Otherwise, its label states Close. This button is enabled if changes to key mappings have been made. Note: If key mappings were modified, but not saved, and later their previous values are recovered, then the Apply button will be disabled.

Update Key Mapping Remove Selected Key Mapping Remove All Key Mappings OK Cancel/Close

Apply

The encryption level depends on the length of the user-entered encryption key. Encryption keys will be padded out to the appropriate length (the greatest number of characters in that range) automatically. For example, a 12-character encryption key will be padded out to 16 characters. Number of Characters in Encryption Key 1 - 16 17 - 24 17 - 24 Number of Bits Encryption 64 96 128

Client-Side Gateway Key Manager


The Client-Side Gateway Key Manager allows the user to create key mappings on the CSC which will correspond to SS key mappings, in the event that the Server-Side Gateway Configuration Tool is configured for Encrypted mode. The fields in Client-Side Gateway Key Manager are the same as encryption related fields on the encryption mappings tab in the Server-Side Gateway Configuration Tool. In Encrypted mode, both the Client-Side Gateway Key Manager and the Server-Side Gateway Configuration Tool must be configured properly with matching encryption keys. Modifications of encryption key mappings become effective immediately on CSC.

Example
A user wishes to use Tunneller to allow OPC Clients on Computer 1 to obtain data from end OPC Servers on Computer 2. Computer 1 with IP address 192.168.10.100 is the Client-Side, and Computer 2 with IP address 192.168.10.200 is the Server-Side. The ClientSide Gateway on Computer 1 must contain Computer 2s IP address in a key mapping. Similarly, the Server-Side Gateway Configuration Tool on Computer 2 must contain Computer 1s IP address in a key mapping. Furthermore, the same encryption settings must be used. If the key mapping on the CSC is: 192.168.10.200, <64 bit encryption>, then the corresponding key mapping on the SSC must be: 192.168.10.100, <64 bit encryption>, using the same encryption key. Note: In the example for the Server-Side Gateway Configuration Tool all of the lines under Key mappings are used to represent the CSC IP address. In the first line the IP address is defined exactly. In the second line the range of addresses from 192.168.10.0 to 192.168.10.255 is defined. In the third line, the subnet mask and address are defined. Bitwise AND of CSC IP address and Mask is: 192.168.10.100 & 255.255.255.0 = 192.168.10.0 Bitwise AND of Mask and Address is: 255.255.255.0 & 192.168.10.100 = 192.168.10.0 Results of both operations are equal, so this line could be used to represent given CSC address too. In such a situation, the first found key is used (line with 64-bit encryption).

Compression
Compressing messages may speed up data transfer considerably if the communication channel has low bandwidth. Compression was introduced in version 3.0.0.0 of Tunneller. If compression is enabled in an attempt to communicate with an earlier version of the Tunneller SSC then this option is ignored and does not affect communication behavior. The compression option is configured in the Client Configuration Tool by selecting the Use Compression checkbox. The Use Compression option is stored in the Windows system registry and is read each time an OPC client connects to the CSC.

User Impersonation
Starting in version 3.1.0.0, MatrikonOPC Tunneller has user impersonation functionality. By default this feature is turned off. If turned on, Tunneller CSC retrieves information about domain and user name under which OPC client connects, and passes that information to the Tunneller SSC. On the server side, Remote user to Local user mappings can be configured. Tunneller SSC looks for the entry for Remote user on User mappings. If the entry is found, it takes Local user for that entry and performs impersonation using its domain, user name and password for the thread communicating with the end OPC server. As a result, the end OPC servers can behave differently based on what user is connected, for example restrict access. User impersonation settings are configured using Server-Side Gateway Configuration Tool. The impersonation feature can be turned ON or OFF using the Security Mode tab of the Server-Side Gateway Configuration Tool. If impersonation is turned ON, the fields on the Impersonation tab are enabled. Note: Impersonation can also be turned on or off through the tunneller.ini file, UseImpersonation parameter under the TCConnection section. Its default value is 0 (i.e., user impersonation is OFF). User impersonation mappings can be configured only using the ServerSide Gateway Configuration Tool. The behavior of the system in case no entry is found for the provided Remote user or the Remote user is not defined (this can be possible if older version of Tunneller CSC is connected) depends on the state of the Use Default Account checkbox. If it is turned OFF, then the connection is rejected. If it is turned ON, the entry for [Default] Remote User is used. If at the time when the checkbox is turned ON and no such entry is found, the Edit User Mapping window is opened and the entry added. Local user corresponding to [Default] Remote User can be configured either as a specific local user account or as [Default]. If it is configured as [Default], then the user account under which Tunneller SSC is running is used for impersonation. If User Impersonation is turned ON but there are no mappings configured, and the Default Account option is turned OFF, a warning message pops up when changes are applied. To add a new entry into the User mappings: 1. From the Server-Side Gateway Configuration Tool window, select the Impersonation tab. 2. Click on the Add button. 3. The Edit User Mapping window is displayed. 4. Enter the Remote User, Local User, and Password. Note: Remote User should be entered as Domain\User Name for domain accounts or Computer Name\User Name for machine specific accounts. You can also specify the hostname of the end OPC clients machine using the Domain\User Name:Hostname syntax, where hostname can be the fully qualified domain name (FQDN) hostname or simply the machine name. The Local User field requires the user name only. 5. Select the OK button. Note: All impersonation mappings including passwords are stored in the configuration file using encryption. The currently selected entry can be edited by double-clicking your mouse on the entry or by selecting the Edit button. To delete an entry or entries from the User mappings, select one or more entries and click on the Delete button.

OPC Server Access Restriction and MatrikonOPC Security Gateway Integration


Starting in version 3.1.0.0, Tunneller provides functionality to restrict access to OPC servers installed on the Server-Side Component depending on Remote client. Remote clients can be authenticated either by their local IP Address (on their local network), or a fullyqualified host name, or Domain\User name, or a combination of these three fields. Each Remote client can have a configured list of accessible OPC servers. If the Remote client is unknown (i.e., there is no configuration for it), then the default list can be configured (all authentication fields set to [Default] on Remote clients list for this entry). Restriction of the access to OPC servers can be turned on from the Security Mode tab of the Server-Side Gateway Configuration Tool. Settings for what fields are used to authenticate the Remote client and what Remote clients can access which OPC servers, are configured using the Access Lists tab. Components of this tab are described in the Field Descriptions section below. Starting in version 3.1.2.0, OPC server access restriction is implemented differently in cases where the MatrikonOPC Security Gateway is installed on the same box as the Tunneller Server-Side Component. In that situation, Tunneller SSC returns only the ProgID of MatrikonOPC Security Gateway as the list of installed OPC servers. Therefore, remote OPC clients can only connect to OPC servers through MatrikonOPC Security Gateway. That provides functionality to control access rights per remote user at the OPC Items level. If the Server-Side Gateway Configuration Tool detects that the MatrikonOPC Security Gateway is installed and has a valid license (including a demo license), then the Access Lists tab becomes invisible. As well, on the Security Mode tab the text Controlled by Security Gateway appears under the Restriction of the Access to OPC Servers group. Note: When the Server-Side Gateway Configuration Tool starts up, a check is performed to see if the MatrikonOPC Security Gateway is installed and licensed. Therefore, if licensing conditions are changed, the Server-Side Gateway Configuration Tool should be restarted for changes to take effect.

Field Descriptions
Component Authenticate Remote Client By Description Check boxes defining what data is to be used to authenticate remote client: IP address, Host name, or/and Domain\User name. At least one checkbox must be checked. The list of entries authenticating Remote clients. The number of visible columns depends on the selected Authenticate Remote client by check boxes. Note: For each combination of selected Authenticate Remote client by check boxes, separate lists are stored on the Remote clients list. This check box defines the behavior of the system in case the Remote client could not be authenticated (unknown). If selected, then the list of accessible OPC Servers for [Default] entry will be used (all fields have [Default] value for this entry on Remote Clients list). Otherwise, access is refused and the empty list is returned to the Client-Side Gateway Configuration Tool. Adds a new entry into the list of Remote clients. Opens a new window. Opens the currently selected entry from the list of Remote clients for modifications.

Remote Clients

Use [Default] Access List for Unknown Clients

Add Edit

Component Delete OPC Servers Accessible for Selected Client Check All Uncheck All Refresh OK Cancel Apply

Description Deletes the currently selected entry from the list of Remote clients. The list of OPC servers installed on local computer (where Tunneller SSC is hosted). Select the applicable checkboxes to determine whether the corresponding OPC server is accessible to the currently selected Remote client or not. OPC servers are identified by their ProgID. Click on this button to select all OPC servers in the list. Click on this button to clear (i.e., deselect) all selected OPC servers in the list. Refreshes the list of OPC servers, using OPCEnum service or direct access to the system registry (depending on Browse Registry parameter defined on tunneller.ini file). Click on this button to accept the changes made. Click on this button to cancel any changes made. Click on this button to apply and accept any changes made.

New entries to the Remote clients list are added by clicking on the Add button. Changing the selected entry in the list of Remote clients can be done by selecting the Edit button. In either situation, the Edit Remote client host info window is displayed. Components of that window are described in the Fields Description list following the diagram below. Notes: l The [Default] entry on the Remote Clients list cannot be edited or deleted. l All fields selected for use for authentication, must have non-empty values. If the fields used for Remote client authentication are modified (for example, initially only the IP address was used, but later IP address and Domain\User name are used), then previous settings are still stored in the configuration file, but they will not be used or displayed on GUI. Only entries which have non-empty IP Address and Domain\User name and empty host name will be used and will be visible on the Remote Clients list. l If Access Restriction is turned ON , but there are no accessible OPC servers, a warning message appears when changes are applied.

Field Descriptions
Component Description IP address of Remote client (on its local network). Note that if there is a router between CSC and SSC hosts, one SSC log file clients IP address can be shown differently). Option is disabled if the IP address checkbox is not selected in the Authenticate Remote client by group of the Access Lists tab. Get IP address by resolving Host name. If the Host name option is disabled, click on this button to enable it. A value can then be entered into the Host name field. A second click to this button retrieves the IP Address. Note: This can be time consuming. While processing, the button will be disabled and its text will be changed to Getting. Fully qualified Host name of Remote client. Option is disabled if the Host name checkbox is not selected in the Authenticate Remote client by group of the Access Lists tab. Get IP address by IP address. If the IP address option is disabled, click on this button to enable it. A value can then be entered into the IP address field. A second click to this button will retrieve the Host name. Note: This can be time-consuming. While processing, the button will be disabled and its text will be changed to Getting. Domain\User name of the windows user account under which the OPC client application is running. Note: User account, under which the OPC client application runs, might be different than the currently logged-on-to remote host user. For example, if OPC Client Applications was launched using Run As utility or if it runs as a service. Click on this button to open the Select Remote Client info from the list of connections window. Tunneller SSC keeps track of which Remote clients were connected to it, including connections from the Client-Side Gateway Configuration Tool. The window opened by this button contains a list of Remote client authentication data that can be selected and used to fill corresponding fields. Select from the list of connections that were opened Entering Remote client host information by selecting from the list of connections ensures that the authentication fields have correct values and the configuration process is sped up. Notes: If no connections have yet been accepted by SSC, the connections list is empty and the button is disabled. If an older version of Tunneller CSC was connected to SSC, the list of connections will have a line with blank fields as older versions do not pass Remote client information to the SSC. Saves changes in memory and closes the window. Note: Changes will take effect when either the OK or Apply button on the main window is selected. Closes the window without saving changes.

IPAddress

Get from Host Name

Host Name

Get from IP Address

Domain/User Name

OK Cancel

To ensure that the Remote client host information is entered correctly, it is recommended that you use the Select Remote client host info from the list of connections window.

Advanced SSC Settings


Advanced configuration settings for the Server-Side Component can be modified using the Advanced tab on the Server-Side Gateway Configuration Tool window. Components of this tab are listed below. Advanced settings are stored in the tunneller.ini file.

Field Descriptions:
Component Max File Size, KB Level Log to Screen Overwrite Old File Log level. If this checkbox is selected, Tunneller SSC logs messages to the screen. It does not disable logging to file. If this checkbox is selected, the previous log files copy is not made. Otherwise, backup is made named as tunneller.log.bak. Description Maximum size of the tunneller.log file in Kbytes.

Component Commit All Log File Writes

Description If this checkbox is selected, all information written to the log file is immediately written to disk instead of being cached. Note: This can slow down the operation of Tunneller as operations must wait for log lines to be flushed to disk before continuing. The TCP port address to which SSC listens for incoming connections. Note: To successfully communicate, the port number configured on Server-Side Component must match with the port number configured on Client-Side Component. If this option is changed, the Tunneller service must be restarted. Communication timeout in seconds. If the CSC version is 3.2.0.0 or higher, this value is ignored and the CSCs Communication Timeout option is used. Number of retries after communication failure. If the CSC version is 3.2.0.0 or higher, this value is ignored and the CSCs Retry Attempts option is used. Maximum number of outgoing messages on the communication messages queue. See Update of large amount of items fails in the Troubleshooting section for more details. The default value is 5. Used when communication failures occur. During the Session Timeout period, the connection to the end OPC server is not closed and the session stays open (i.e., OPC groups and items are not deleted). When the Client-Side Component reconnects to the Server-Side Component, that session can be reused so that recovering does not take a long time. This option should have the same value as the ReconnectTime option configured on Client-Side Component versions prior to 3.2.0.0. If both CSC and SSC are of version 3.2.0.0 or higher, then ReconnectTime defined on CSC is used as a Session Timeout. Defines the delay (in milliseconds) after connection to the end OPC server, before the Server Side Gateway will start creating groups or performing other operations. Some OPC Servers may need this delay after the initial connection before they are ready for use, e.g. if the server is not already running when the Tunneller SSC connects to it, causing it to start up.

Port Number

Timeout Retries

Maximum Size of Queue

Session Timeout

Delay After Connection

Defines the delay (in milliseconds) after adding of group to OPC DA server, before the Server Delay After Adding of DA Group Side Gateway will start adding tags to those groups or execute similar operations. Some OPC Servers may need this delay after the group is created before items can be subscribed to. Deactivate DA Group at adding of items Force DA 1 Deactivates the DA Group before the adding of items, and activates after adding. Forces the use of DA 1 interfaces on connection to OPC DA server. If this checkbox is selected, it specifies that only one connection at a time is created to the OPC server on behalf of each Client Side Gateway connected to the same end server and using the same user id. This option will not allow multiple Client Side Gateway machines to share a single connection to an OPC server. This option should be selected when the OPC server has a limitation on connections (e.g. due to licensing or performance considerations,) and one of the following two situations might cause a connection to fail. 1. If a communication error occurs, then the session is waiting for reconnection for a defined session timeout period. But, the Client-Side Component can send a request to create a new session at that time. If this option is selected, then the Server-Side first waits for disconnection from the OPC server and deletion of the previous session, and then only creates a new session. Therefore, only one connection to the end OPC server will exist at any time (that can be

Only One Connection

Component

Description required if the end OPC server can accept only one connection at a time, for example due to licensing). Otherwise, for a session timeout period, more than one open connection to the end OPC server can exist. 2. On the Windows box, only one instance of the Client-Side Component can run at the same time. But, there are installations where the Client-Side Component runs under Linux (for example, ScanTask for RTAP). In this case, multiple instances can run on the client-side and the Only One Connection checkbox must be cleared.

Browse Registry Get Status Ping Every X Sec OK Cancel Apply

If checked, Tunneller SSC accesses Windows system registry to retrieve the list of installed OPC servers. Otherwise, OpcEnum service is used. Should be turned ON for Windows NT4. When selected, the Tunneller SSC periodically (period set in seconds) sends a Get Status request to verify whether the end OPC server is still running. Click on this button to accept the changes made. Click on this button to cancel any changes made. Click on this button to apply and accept any changes made.

Note: Some settings on the Server-Side Component can be overridden by Client-Side Component settings if both SSC and CSC are of version 3.2.0.0 or higher, so that each session can have its own settings. The table below describes those settings that can be overridden. Client-Side Component Option Communication Timeout Retry Attempts Timeout Retries No matching option on the SSC configuration utility GUI. Its value is used when processing a shutdown request from OPC server: SSC waits during this time for the current operation (if there is any) completion before disconnecting. If an CSC version prior to 3.2.0.0 connects to SSC version 3.2.0.0, the default value of 600 seconds is used for that session. This default value can be changed by adding the ProcessingTimeout option into the tunneller.ini file ([TCConnection] section). ReconnectTime Session Timeout No matching option on the SSC configuration utility GUI. ConnectDelay For connections from a CSC version prior to 3.2.0.0, the default value of 1000 ms is used, which can be changed by adding the ConnectDelay option into the tunneller.ini file ([TCConnection] section). Server-Side Component Option

Processing Timeout

Connection Failure Scenario


Tunneller maintains a connection-oriented TCP link between the CSC and the SSC whenever there is an OPC client connected to a Tunnelled ProgID. If this link fails and is detected by the CSC or SSC, Tunneller will attempt to re-establish the link during the time period specified by the ReconnectTime option. The ReconnectTime option is configured in the TunnellerOpts.ini file on the Client-side Component. The default value is 0 indicating that no reconnection attempts will be performed. Connection/reconnection is performed in the following order: 1. A connection is established and normal communication is underway. 2. A failure is detected (either a broken link is detected or a Communication Timeout has been passed). 3. If the SSC is still active (i.e., has not been terminated) it will save the sessions current state for some configurable period of time. Note: For versions prior to 3.2.0.0, its value is the same for all sessions which is defined by the Session Timeout parameter under the TCConnection section in the tunneller.ini configuration file (by default, 0 seconds). In version 3.2.0.0, it is equal to the ReconnectTime option defined on the CSC (i.e., a different session can have a different session timeout depending on the CSC settings). 4. If the ReconnectTime option is more than 0, during that time the CSC tries to re-establish a connection to the SSC using a reconnect command. a. If the reconnect command succeeds (i.e., detects that the SSC has the correct current state available), the state information is reused and Tunneller continues on as normal. At no time during this phase has Tunneller changed the item values, qualities, or timestamps. Note: During communication failure period SSC handles DA OnDataChange call-backs from the end OPC server differently; only latest updates are kept in memory. When reconnection is established, SSC sends these updates to CSC as a single update. All alarms and events received during communication failure are buffered (as long as the SSC Session Timeout has not expired) and will be sent upon reconnection. b. If the reconnect command fails, Tunneller CSC waits for the delay defined by the ReconnectDelay parameter (default value is 10 seconds) and retries a reconnection during the time period defined by the ReconnectTime parameter (default value is 0 seconds). If reconnection could not be established during ReconnectTime, or communication is established but the Server-Side Component does not have a matching session in correct state, Tunneller will start full connection attempts. At this point, Tunneller will set all of its items qualities to bad informing the end OPC client that a failure has occurred. 5. The CSC will attempt to connect to SSC using the full connect command. a. If the connect command succeeds, the state (items, for example) maintained in the CSC will be sent to the SSC recreating the state on the SSC. Communication will continue on as normal. Any items that had their qualities set to bad will have their qualities set to good only when a new value is received for the item. b. If the connect command fails it will re-try the full connect command until it either succeeds or the end OPC client disconnects from the Tunnelled ProgID. Delay between retries is defined by the ConnectDelay option. In Tunneller SSC version 3.2.0.0, the ConnectDelay option also defines the delay between attempts to connect to the remote OPC server on SSC. 6. If no connection is re-established, any session state information on the SSC will be removed after the configurable time period defined by the Session Timeout.

7. The connection between CSC and SSC is terminated when, on CSC, there are no more connected end OPC clients during the period of time defined by the NoClientsDisconnectionDelay parameter in the TunnellerOpts.ini file. SSC will disconnect from the end OPC server immediately after the normal disconnection of CSC, or when the session has timed out (defined by the Session Timeout parameter in the tunneller.ini file) in case of communication failure. By default, on Tunneller SSC the number of connections to the end OPC server for each combination of Tunneller CSC IP address/OPC Server ProgID/Category (A&E, DA or HDA) (starting in version 3.1.0.0, additionally local Domain\User) is restricted to 1. Starting in version 3.0.2.0, this restriction can be turned off by setting the DeleteDuplicateSessionsOnNewConnection parameter to 0 (under the TCConnection section on tunneller.ini configuration file).

Connection Time, Timeouts, and Retries


Note: Please refer to Connection Failure Scenario before reading this section. Tunneller allows the user to set the Processing Timeout, Communication Timeout, and Communications Retry values using the Client-Side Gateway Configuration Utility. These values are used by Tunneller when sending and receiving data on the network.

Problem: Network Link is Broken


If the network link is broken, the time it takes Tunneller to detect the break depends on where the link broke. If it is the local connection, the detection will be quick. If the break occurs within the network (e.g., routers, switches), it may take Tunneller several additional seconds to detect it. The detection also depends on network usage. If the OPC client is not sending or receiving data for extended periods, Tunneller will not detect that the link is broken until communication resumes. Note that if the Use Remote Status checkbox is selected, sending and receiving data will happen at least as frequently as the OPC client calls GetStatus. The value of the Communication Timeout parameter affects the network link failure detection time because it is the time the network will spend testing the link for the ability to perform the required operation (send/receive request/responses over the network). The longer the timeout value, the longer failure detection will take. A longer time also causes the responsiveness of Tunneller to go down because more time is spent testing the link. The retry value is used when the network itself has problems but the link to the SSC is maintained. This could be because of a bad connection or interference caused by electrical equipment. If the network was unable to get the command to its destination because of a network problem, it will retry sending the command. However, many retry times are needed (i.e., up to the retry amount). Notes: l Tunneller versions prior to 3.1.0.0 can detect the network timeout state if the execution of operations on the remote OPC server takes a long time. For example, adding a large number of items. Starting in version 3.1.0.0, prolonged execution of operations by the OPC server does not cause communication timeout. If the operation execution takes too long, then SSC starts to send Keep-Alive messages letting CSC know that the communication channel is alright. CSC waits for Processing Timeout before detecting operation as failed.
l

The Communication Retry Attempts parameter does not affect OPC calls to the remote OPC server. For example, if the remote OPC server returns an error result code for an update history call, additional attempts to update will not be made. The result will be returned to the OPC client as is. The AddItems call can be retried, but it is configured using different option: the AddItemRetries parameter defined in the TunnellerOpts.ini configuration file. A retry happens if adding items returns S_FALSE and error codes for all items indicate the process was unsuccessful.

Problem: Timeout Expired


When running under normal conditions, default timeout and retry values are acceptable. When an unusually long command is executed (e.g., reading a very large number of items or browsing very large address spaces on the end OPC server) and the Processing Timeout value is not high enough, the processing timeout can elapse before the command completes. If processing timeout

elapses, CSC does not break the connection, but returns the error to the OPC client. When Communication Timeout elapses, the network link will be considered failed and Tunneller will start the reconnect procedure. If reconnection is not established during the time defined by ReconnectTime parameter (set in TunnellerOPts.ini file on CSC), or during Communication Timeout (in the case when ReconnectTime is less than Communication Timeout), then the command is also considered failed. The Processing Timeout value must be set to allow the longest expected command. The Communication Timeout can come into effect when the command being sent is very long and the network has a low ability to transfer data. The Communication Retry Attempts parameter can come into effect when network communication is not reliable. Increasing the retry amount allows the network link to continue when otherwise it would have been considered as failed. If CSC detects a Processing Timeout for the operation, but SSC later completes it and CSC receives a response with results, the message (level 2) will be printed on a log file: TIMEOUT WARNING: Probably the processing timeout parameter should be increased by X seconds, where X is an estimated increase value. Note: If processing timeout occurs while running an add items request, by using the MaxAddMessage parameter (configured in the TunnellerOpts.ini file) the request can be split into sub-requests with a smaller amount of items added at once, so a lesser Processing Timeout value can be used. Even if the OPC client adds items by small portions so that each initial add item request does not take a long time, this option can be important if the total number of added items is considerable, when the Client-Side Component establishes reconnection to the ServerSide Component without disconnection of the OPC client. If the connection between the Client-Side and Server-Side components is closed due to some reason (e.g., the Server-Side Component is restarted, or there was a network disconnection), items must be added again to the end OPC server.

Handling Shutdown Request from Remote OPC Server


Note: This section is relevant for Tunneller SSC version 3.2.0.0 or higher. When a remote OPC server sends a Shutdown Request to the SSC (which acts as an OPC client), then SSC performs the following steps: 1. Sends notification to the CSC, so the shutdown event can be tracked on the CSC log file. 2. If there is any call to the OPC server in process, it waits until it is finished (while Processing Timeout is not elapsed). 3. Disconnects from OPC server. The connection to the OPC server is restored and items are re-added when the SSC receives the next request from the CSC. Reconnection occurs with certain delay after disconnection, which is 10 times the ConnectDelay defined by the CSC. In most cases this delay is enough for the remote OPC server to stop and be ready to start again.

Handling Items Momentarily Unavailable After Disconnection


Note: This section is relevant for Tunneller SSC version 3.5.0.0 or higher. When a connection to the OPC server is restored (after a disconnection), the CSC will attempt to re-add the items. If the add operation fails, a certain number of retries are performed. The number of retries are determined by the AddItemRetries parameter (in the TunnellerOpts.ini file, the default is set to one retry). If all of the retries fail, or if the items are partially added (some items are added and some are not), then the CSC will not perform any more attempts. To make the CSC periodically attempt to add the pending items, set the AddPendingItemsPeriod parameter to a specific period in milliseconds (in the TunnellerOpts.ini file, by default it is set to 0 which disables the feature). It is recommended that you set this period to a value that is large enough to avoid eventual impact on the ongoing communication. Note: When upgrading from a version prior to 3.5.0.0, the AddPendingItemsPeriod parameter may or not be present in the TunnellerOpts.ini file. If the parameter is not present in the options file, it can be added manually, as follows: 1. In the TunnellerOpts.ini file, locate the section called [TSAddItems]. 2. Under the line DelayAfterAddItems=0, insert AddPendingItemsPeriod=some period in milliseconds (zero if you want this initially disabled). 3. Save the file and then restart the CSC service.

Tunneller with MatrikonOPC Redundancy Broker


When connecting MatrikonOPC Redundancy Broker (ORB) to Tunneller (OPC Client -> ORB -> Tunneller -> OPC Server), ORBs Standby becomes primary after failover option must be selected (for versions prior to ORB 2.2.0.0). Deselecting this option (for older ORB versions) will cause ORB to failover and fail back repeatedly. Because ORB is connected to the local Tunneller client, ORB cannot detect when the OPC server on the end of the Tunnelled connection goes down. Therefore, ORB requires that failover conditions be configured through watchdog tags (i.e., advanced failover conditions) which will detect an unresponsive OPC server. For more information regarding ORB, refer to ORB documentation.

Limitations
MatrikonOPC Tunneller has the following limitations: 1. A&E Support for A&E conditional events - the A&E Support starting in version 4.0.0 of MatrikonOPC Tunneller provides subscribe-only access to A&E Condition events. The client may subscribe to and receive conditional events, but cannot acknowledge them OPC Alarms and Events specification - A&E Support does not include the optional Area and Source browsing portions of the OPC Alarms and Events specification. 2. OPC DA 3.0 support - OPC DA 3.0 support is limited to the IOPCItemSamplingMgt interface. If multiple clients are accessing the same item, and have IOPCItemSamplingMgt in use, all clients must use the same IOPCItemSamplingMgt parameters. The last set of sampling rate and buffering parameters set apply to all of the clients. Refer to the MatrikonOPC Tunneller Release Notes for known issues.

Troubleshooting
This section is intended to assist you by providing licensing information and MatrikonOPC Support contact information. Also addressed here are some of the most common problems encountered, and questions asked, while using this OPC server. Please check the following Problems/Solutions and Licensing FAQs sections before contacting the MatrikonOPC Support team.

Problems and Solutions


Using the Pi OPC client OPC client not responding when connected to Tunneller GetStatus indicates OPC server is OK, but server had died "Unable to browse remote OPC server" message displayed Browsing not returning anything AddGroup, AddItems, ValidateItems behave the same HDA client used, but calls not successful Getting incorrect values of 0 Fail to add items on first try Update of large amount of items fails Adding multiple items causes present items to go bad Tunneller does not work on Stratus box Add Remote Tunneller Connection returns no OPC servers, or returns only part of OPC servers installed on Server-Side Cannot connect to the tunnelled OPC server from certain computers/OPC clients Tunneller returns different set of historical data when connection to remote OPC server is made via Tunneller and start or end time is defined as relative time ORB fails over constantly when used with Tunneller OPC A&E client have problems when receiving A&E Condition events OPC DA server is disconnected frequently when there are no active subscribed groups or items OPC client detects the Client-Side Gateway as a DA 3.0 server and cannot access data through the DA 3.0 interfaces Communications problems when CSC or SSC is on Windows 7 or Windows Server 2008

Licensing FAQs
General Licensing
Using the old license method How can I view the status of my MatrikonOPC licenses?

Demo License
Can I re-install my MatrikonOPC product to obtain another 30 days? My license has expired. Who do I talk to about a new one?

Permanent License
Trying to install my permanent license using my activation key

Where do I find the lock code? Where do I find my activation key and lock selector? Why do I need to enter the PC name on the licensing web page?

Hardware License
Can I install multiple keys on the same parallel port? Will the system recognize multiple USB keys? Search the MatrikonOPC Support Knowledge Base at www.opcsupport.com to find the answers to other commonly-asked MatrikonOPC Tunneller and/or Licensing questions.

Appendices
Additional product information is available in the following appendices: Appendix A - Standard Data Types Appendix B - Installation Appendix C - Installed Files Appendix D - Un-Installation

Appendix A - Standard Data Types


The Standard data types and their descriptions are listed in the following table. Hex 0000 0002 0003 0004 0005 0006 0007 0008 000A 000B 0011 0012 0013 0014 2002 2003 2004 2005 2006 2007 2008 200A 200B 2011 2012 2013 2014 0 2 3 4 5 6 7 8 10 11 16 17 18 19 8194 8195 8196 8197 8198 8199 8200 8202 8203 8208 8209 8210 8211 Dec VT_I2 VT_I4 VT_R4 VT_R8 VT_CY VT_DATE VT_BSTR VT_ERROR VT_BOOL VT_I1 VT_UI1 VT_UI2 VT_UI4 VT_ARRAY | VT_I2 VT_ARRAY | VT_I4 VT_ARRAY | VT_R4 VT_ARRAY | VT_R8 VT_ARRAY | VT_CY VT_ARRAY | VT_DATE VT_ARRAY | VT_BSTR VT_ARRAY | VT_ERROR VT_ARRAY | VT_BOOL VT_ARRAY | VT_I1 VT_ARRAY | VT_UI1 VT_ARRAY | VT_UI2 VT_ARRAY | VT_UI4 Data Type VT_EMPTY Description Default/Empty (nothing) 2-byte signed integer 4-byte signed integer 4-byte (single-precision) real 8-byte (double-precision) real Currency Date Text (UNICODE) Error code Boolean (TRUE = -1, FALSE = 0) 1-byte signed integer 1-byte unsigned integer 2-byte unsigned integer 4-byte unsigned integer Array of 2-byte signed integers Array of 4-byte signed integers Array of 4-byte (single-precision) real Array of 8-byte (double-precision) real Array of currency values Array of dates Array of text values Array of error codes Array of Boolean values Array of 1-byte signed integers. Array of 1-byte unsigned integers Array of 2-byte unsigned integers Array of 4-byte unsigned integers

Appendix B - Installation
Once the system requirements have been met, you are ready to install the software. Note: As part of the installation process, the MatrikonOPC Analyzer tool is installed and used to detect the system settings that affect the use of this software. No information is communicated back to MatrikonOPC. Information is stored on this system only for future use by MatrikonOPC Support to assist with troubleshooting, if required. To install the software: 1. Insert the MatrikonOPC Tunneller CD into the CD drive. 2. If the MatrikonOPC InstallAware screen does not automatically appear, double-click the installation .exe file. The InstallAware Wizard verifies its contents.

3. Either a Pre-Requisites screen appears, or you are taken directly to the Licensing Agreement screen. If the Licensing Agreement screen is the displayed screen, go to step 5. 4. If the Pre-Requisites screen appears, then click on the Next button to install the listed pre-requisites.

5. After all pre-requisites have been installed, the License Agreement screen appears. Note: From the License Agreement screen, you have the option of selecting the I reject the license agreement option. Selecting the I reject the license agreement option button disables the Next button so your options are to return to the previous screen, cancel the install by clicking on the Cancel button, or select the I accept the license agreement option button enabling you to proceed through the install.

6. Read the Software License Agreement, using the scroll bar to view the entire message. 7. Select the I accept the license agreement option button. 8. Click on the Next button. The Setup Type screen appears.

9. Select the type of setup to be performed. Note: MatrikonOPC recommends that you select the Complete Setup option. 10. Click on the Next button. The Destination Folder screen appears.

11. Select the folder in which to install the MatrikonOPC server, or accept the default location displayed in the Folder path field. 12. Click on the Next button. The Start Menu screen appears.

13. Select the Start Menu group and specify whether you want shortcuts created only for yourself, or for all users, by selecting the applicable option button. 14. Click on the Next button. The Licensing screen appears.

15. Select the applicable licensing option. 16. Click on the Next button. The Ready to Install screen appears.

17. Click on the Next button. The Installing MatrikonOPC Tunneller screen appears, installation begins, and the product files are copied to the computer. Note: Prior to starting the installation, you have the option of clicking on the Back button to change any of the installation information. Click on the Cancel button if you wish to stop or cancel the installation.

18. When the installation has finished, the MatrikonOPC Tunneller Setup Complete screen appears stating that the MatrikonOPC Server has been successfully installed.

19. At this point, you have the option of launching any or all of the following by selecting the necessary checkbox or checkboxes:
l l

Configuration panel User Documentation

20. Click on the Finish button to complete the installation and exit the Wizard. 21. The necessary files have now been copied to the target computer, the software components are registered, and shortcut icons are created in the Start menu. Note: At this point, it is recommended that you verify the DCOM settings. Reference to the DCOM configuration can be found in the DCOM Manual. This configuration varies for different operating systems.

Appendix C - Installed Files


The installation program copies all necessary files to the target computer and creates shortcut icons in the Start menu. The files listed in the following table are installed by default, in the following location: C:\Program Files\Matrikon\OPC\Tunneller File Name MatrikonOPC Tunneller Online Help.chm TunnellerOpts.ini Online Help Manual Configuration File C:\Program Files\Matrikon\OPC\Tunneller\Client-Side Gateway File Name CCT.ini CSKeyManager.exe DSClientConfig.dll EventLogger.dll lsapiw32.dll OPCTunneller.exe OPCTunnellerHDA.exe OPCTunnellerAE.exe RmsApiProxy.dll TunnellerClient.dll TunnellerClientx64.dll TunnellerClientConfig.exe inproc component (32 bit) Inproc component (64 bit, installed on 64 bit OSs only) Client-Side Gateway Configuration Tool Client-Side Gateway (DA) executable Client-Side Gateway (HDA) executable Client-Side Gateway (A&E) executable Description Client-Side Configuration Tool Configuration file Client-Side Encryption Key Manager Description

C:\Program Files\Matrikon\OPC\Tunneller\Client-Side Gateway\Security File Name KeyFile.mkf Description Encryption configuration file C:\Program Files\Matrikon\OPC\Tunneller\Server-Side Gateway File Name TunnellerServer.exe SSKeyManager.exe Description Tunneller Server-Side Gateway Executable Tunneller Server-Side encryption key management and configuration tool executable

File Name Tunneller.ini EventLogger.dll lsapiw32.dll RmsApiProxy.dll Tunneller Server-Side configuration file

Description

C:\Program Files\Matrikon\OPC\Tunneller\Server-Side Gateway\Security File Name KeyFile.mkf Description Encryption configuration file C:\Program Files\Matrikon\CommonFiles\MatrikonOPC\Common File Name EULA.pdf HASP.exe LicenseRemover.exe LicenseWizard.exe MTKAuthorize.exe OPCAuto.dll OPCDAAuto.dll OPCHDAAuto.dll Opcda20_auto.doc Opchda10_auto.doc Description End User License Agreement Hardware License Key Executable License Removal Tool License Wizard Tool Legacy Licensing Tool MatrikonOPC Automation Library MatrikonOPC DA Automation Library MatrikonOPC HDA Auotmation Library MatrikonOPC DA Automation Library documentation MatrikonOPC HDA Automation Library documentation

Appendix D - Un-Installation
To successfully un-install MatrikonOPC Tunneller, using the Add or Remove Programs from the Microsoft Windows Control Panel is recommended. To un-install MatrikonOPC Tunneller: 1. Click on the Start button and highlight the Control Panel item. 2. From the displayed menu, select Add or Remove Programs. 3. The Add or Remove Programs window is displayed. 4. Scroll through the list of currently installed programs and updates to find and select MatrikonOPC Tunneller.

5. Click on the Remove button associated with the MatrikonOPC Tunneller program to initiate the un-install process. 6. The MatrikonOPC Tunneller InstallAware Wizard appears, and the Welcome to MatrikonOPC Tunneller Maintenance screen is displayed.

7. Select the Remove option button to un-install MatrikonOPC Tunneller entirely. 8. Click on the Next button. The Ready to Uninstall screen is displayed.

9. Click on the Next button. 10. The Uninstalling MatrikonOPC Tunneller screen appears and the un-install takes place.

11. When the un-install has finished, the MatrikonOPC Tunneller Setup Complete screen appears stating that MatrikonOPC Tunneller was successfully un-installed. 12. Click on the Finish button to complete the un-install and exit the Wizard. 13. The program no longer appears listed in the Add or Remove Programs window.