Appendix B

Solutions to
Exercises

Chapter 1: Introduction and Overview

1. It is started automatically by the client.

2. Any number.

3. Live alarms and events as they occur.

4. Usually in the server, but additionally also possible in some

clients.

5. DCOM does not work well with NAT, firewalls and across
domains, and may be a security risk. Moreover, DCOM is
not supported on non-Windows platforms.

6. DCOM, because it is binary whereas HTTP is text-based.

7. No, OPC does not define semantics of data.

8. Yes, although for many OPC servers this configuration is

done automatically by an engineering tool, transparent to
the user whereas others require manual configuration.

Chapter 2: Benefits, Savings & Doubts

1. No. Some interfaces are optional. A client should work
using only standard interfaces.

2. No. Manufacturers self-certify using an OPC

Foundation tester. 307
308 Software for Automation

3. There are many KPIs. Each plant manager defines their own
KPI, and how to calculate them, relevant to the process and
their responsibility. For example, a common KPI is Overall
Equipment Effectiveness:

OEE = Availability * Performance * Quality

4. Ideally two firewalls, not one shall be used. IT manages one

and the automation department the other.

Chapter 3: Setup
1. Yes, unless they run as a service in which case they
continue.

2. For example the PING command.

3. “This User.”

4. Port 80.

5. Not in Windows itself, but there are special applications

that can do it.

Chapter 4: Configuration and Scripting

1. Software to software, such as, for example, between a
device driver software and a display software.

2. Generally not. An OPC server is also tied to the interface

hardware. However, if standard interface hardware such as
RS-232 or Ethernet is used, then it will work.

3. Callback.

4. No. Data types vary from one server to the other, and so do
scaling and enumeration; therefore, there are some cases
where data must be manipulated before being displayed or
bridged to another server.

5. application_name|topic_name!item_name

6. As far as OPC-HDA is concerned it is a server. However, at

the same time it can also be an OPC-DA client.
 Appendix B - Solutions to Exercises 309

7. Average, last sample, maximum, max time, minimum, min

time, raw data, and standard deviation.

8 C. The server only publishes the alarm state to the client

when state changes.

9. Server, Event Type, Priority (Severity), Event Category,

Area, and Source.

10. There is no such OPC interface; A&E only does live alarms
and events, and HDA handles continuous variables, not
alarms and events.

11. At the lowest level it is ODBC, but users likely work with
OLE_DB or ADO. Proprietary databases use other technolo-
gies.

12. Ideally the ActiveX component includes OPC interface with

tag browsing, permitting selection of data source simply by
pointing and clicking. If not, it may be necessary to make a
VBA script.

13. No, not direct. Server talks to clients. An OPC bridge is a

double-headed client where one client interface talks to
each server. Data can be passed from one server to another
through the bridge.

Chapter 5: Enterprise Integration & System Migration

1. It is a client for which no software has to be preinstalled. It
shows displays generated by a server. It can run on simpler
hardware since there is little local processing. If plug-ins are
required, these load automatically. It may be, for example, a
Web browser or a dumb terminal.

2. Indirectly yes. Provided the ActiveX component is signed

with a certificate, you know who published it. If you know
the publisher is a reputable company, it is as safe as
installing from a CD.

3. Traditionally at level 3 (execution) but nowadays it is

increasingly split, part of it at level 2 (automation system).

4. Yes. Although Unix does not support OPC, there are solu-
tions where OPC server in Windows connects to the DCS
control network directly or through a network gateway,
never passing through Unix.
310 Software for Automation

Chapter 6: Troubleshooting
1. It should not take more than a few seconds because the
client should constantly be probing the server for signs of
life. The infamous 6-minute rule should not apply for
automation software.

2. It could be many problems: the DCOM default security

settings are wrong, the OPC server does not support
browsing interface, or the DCOM security settings for that
particular server are not correct.

3. The requested tag does not exist in the OPC server configu-
ration. It may have been deleted from the server or it may
be a typo error.

Chapter 8: Engineering & Design

1. For example, use high bandwidth such as 100 Mbit/s for
the workstations and servers. Use managed LAN switches
that support VLAN separation and message prioritization
to logically separate the communications.

2. As a rule of thumb, no more than 10 alarms the first 10

minutes after the upset.

Chapter 9: Management & Administration

1. Differential backup copies all changes since last full backup,
and therefore takes longer than incremental backup, which
only copies the change since last incremental or full backup.
Differential restores faster and easier since it is just one file
while incremental requires many files.

2. Simple Network Management Protocol (SNMP)

Chapter 10: Safety, Availability & Security

1. It may be. It is necessary to consult the safety manual for
the logic solver to see if it is permitted and if there are any
restrictions.

2. Not really since there are some single points of failure.

 Appendix B - Solutions to Exercises 311

3. “five nines” is 99.999% (i.e., a downtime of 0.001%). In one

year, this translates into 365 days * 24 hours * 60 minutes *
0.001 / 100 = 5.3 minutes.

4. To name a few points:

- It is still susceptible to denial-of-service attacks
- Commands can be captured and spoofed
- Invalid frames can also cause harm since devices and soft-
ware may crash when receiving unexpected data

5. Use packet filtering in router or firewall.

6. A computer is harder to make secure than an embedded

router or firewall because there are so many operating
system configuration settings and paths that data can travel
from one network port to another. The number of functions
and possibilities are hard to manage.

7. Any port not open in the outer firewall (e.g., port 80 is

usually open in the outer firewall so it must be closed for
the inner firewall).

8. Yes, it is in fact very common, except if there are 21CFR11

or other requirements which says it is not. Security can be
assured by restricting access to the control room.

9. Authentication is the mechanism to ascertain who the user

is. Authorization is the mechanism to grant and deny access
depending on individual user rights.

10. There are many ways. Security can be set to prevent

switching screen from the operator software. It can also be
prevented by locking drives, etc.

11. Essentially a password that the individual certifies as

legally binding.

12 Yes, but the particular requirement must instead be met by

manual procedures.