- Ninguna Categoria
WinCC Virtualization Guide: V7.4 SP1 / V15 Professional
Anuncio
WinCC Virtualization WinCC V7.4 SP1 / WinCC Professional V15 https://support.industry.siemens.com/cs/ww/en/view/49368181 Siemens Industry Online Support Warranty and Liability Warranty and Liability ã Siemens AG 2018 All rights reserved Note The Application Examples are not binding and do not claim to be complete with regard to configuration, equipment or any contingencies. The Application Examples do not represent customer-specific solutions. They are only intended to provide support for typical applications. You are responsible for the correct operation of the described products. This Application Example does not relieve you of the responsibility of safely and professionally using, installing, operating and servicing equipment. When using this Application Example, you recognize that we cannot be made liable for any damage/claims beyond the liability clause described. We reserve the right to make changes to this Application Example at any time and without prior notice. If there are any deviations between the recommendations provided in this Application Example and other Siemens publications – e. g. catalogs – the contents of the other documents shall have priority. We do not accept any liability for the information contained in this document. Any claims against us – based on whatever legal reason – resulting from the use of the examples, information, programs, engineering and performance data etc., described in this Application Example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of fundamental contractual obligations (“wesentliche Vertragspflichten”). The compensation for damages due to a breach of a fundamental contractual obligation is, however, limited to the foreseeable damage, typical for the type of contract, except in the event of intent or gross negligence or injury to life, body or health. The above provisions do not imply a change of the burden of proof to your detriment. Any form of duplication or distribution of these Application Examples or excerpts hereof is prohibited without the expressed consent of Siemens AG. Security information Siemens provides products and solutions with Industrial Security functions that support the secure operation of plants, systems, machines and networks. To protect plants, systems, machines and networks against cyber threats, it is necessary to implement (and continuously maintain) a holistic, state-of-the-art Industrial Security concept. Products and solutions from Siemens are only one part of such a concept. It is the customer’s responsibility to prevent unauthorized access to the customer’s plants, systems, machines and networks. Systems, machines and components should only be connected with the company’s network or the Internet, when and insofar as this is required and the appropriate protective measures (for example, use of firewalls and network segmentation) have been taken. In addition, Siemens’ recommendations regarding appropriate protective action should be followed. For more information on Industrial Security, visit http://www.siemens.com/industrialsecurity. Siemens’ products and solutions undergo continuous development to make them even more secure. Siemens strongly recommends to carry out updates as soon as the respective updates are available and always only to use the current product versions. Use of product versions that are no longer supported, and failure to apply latest updates may increase customer’s exposure to cyber threats. In order to always be informed about product updates, subscribe to the Siemens Industrial Security RSS Feed at http://www.siemens.com/industrialsecurity. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 2 Table of Contents Table of Contents Warranty and Liability .............................................................................................. 2 1 Preface ............................................................................................................ 5 1.1 1.2 2 Automation Task ............................................................................................ 6 2.1 2.2 2.3 3 Licensing with a single license ......................................................... 23 Licensing with floating licenses ........................................................ 23 Diagnostic capabilities ................................................................................. 24 ã Siemens AG 2018 All rights reserved 6.1 6.2 6.3 7 General hardware compatibility ........................................................ 15 Configuration of the host systems .................................................... 15 Configuration of guest systems ........................................................ 17 General information ......................................................................... 17 Configuration of network cards......................................................... 18 Remote access ................................................................................ 19 Communication................................................................................ 21 Name resolution .............................................................................. 21 VLANs ............................................................................................. 21 Redundancy connection between servers ........................................ 21 SIMATIC software redundancy ........................................................ 22 Licensing of SIMATIC Products ................................................................... 23 5.1 5.2 6 WinCC system architecture in virtual environment.............................. 7 What is virtualization? ........................................................................ 8 Definition ........................................................................................... 8 Server-based virtualization (type 1: native)....................................... 10 Client-based virtualization (type 2: hosted) ....................................... 10 Summary of server-based and client-based virtualization ................. 11 Advantages and disadvantages of the virtualization ......................... 12 SIMATIC Virtualization as a Service................................................. 14 Configuration ................................................................................................ 15 4.1 4.1 4.2 4.2.1 4.2.2 4.3 4.4 4.4.1 4.4.2 4.4.3 4.5 5 Introduction ....................................................................................... 6 Virtualization requirements................................................................. 6 Fields of application for virtualization.................................................. 6 Automation Solution ...................................................................................... 7 3.1 3.2 3.2.1 3.2.2 3.2.3 3.2.4 3.2.5 3.3 4 Purpose of the document ................................................................... 5 Validity .............................................................................................. 5 Diagnostics using VMware vSphere client ........................................ 24 Diagnostics in the virtual system ...................................................... 25 Performance problems..................................................................... 27 Further Notes, Tips and Tricks .................................................................... 28 7.1 7.2 7.3 7.3.1 7.3.2 7.3.3 7.3.4 7.3.5 7.3.6 7.3.7 7.3.8 7.3.9 WinCC Virtualization Entry ID: 49368181, V2.0, Pass-through (VMDirectPath IO)...................................................... 28 Managed USB HUB ......................................................................... 29 General recommendations............................................................... 30 Snapshots ....................................................................................... 30 vMotion or vMotion Storage ............................................................. 30 SDRS (Storage DRS) ...................................................................... 31 Fault Tolerance................................................................................ 31 Cloning virtual machines (VM) ......................................................... 31 VMware Tools ................................................................................. 31 Increasing performance of vnetflt.sys driver ..................................... 32 Hard drives ...................................................................................... 33 Unnecessary hardware in virtual machines ...................................... 33 08/2018 3 Table of Contents 7.3.10 7.4 7.4.1 7.4.2 7.4.3 7.4.4 Synchronizing the virtual machines .................................................. 33 Security settings .............................................................................. 34 Disabling automatic update of VMware Tools ................................... 34 Time synchronization through NTP .................................................. 35 Applying patches for ESXi ............................................................... 35 Security in general ........................................................................... 35 8 Glossary........................................................................................................ 36 9 Appendix....................................................................................................... 39 Service and Support ........................................................................ 39 Links and literature .......................................................................... 40 Change documentation .................................................................... 41 ã Siemens AG 2018 All rights reserved 9.1 9.2 9.3 WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 4 1 Preface 1 Preface 1.1 Purpose of the document This document describes the virtualization of WinCC V7 and WinCC Professional in connection with an ESXi server. In this document you will find 1.2 · Information on the infrastructure for the use of WinCC · Demonstration of special features · Diagnostic capabilities Validity ã Siemens AG 2018 All rights reserved This document is based on the following versions · WinCC V7.4 SP1 · WinCC Professional V15 · VMware ESXi V6.0 · VMware vSphere V6.0 General statements are also valid for other WinCC V7 and WinCC Professional versions. Software-dependent releases can be found in the Compatibility tool \3\ WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 5 2 Automation Task 2 Automation Task 2.1 Introduction Virtualization of servers is already of high importance in information technology. In automation technology the advantages of virtualization shall also be achieved. 2.2 Virtualization requirements The availability of the plant and the automation technology has the highest priority. The same applies for plants with real computers and for plants that are operated in a virtual environment. For plant operation in a virtual environment, there should be no visible difference to real computers. 2.3 Fields of application for virtualization Depending on the area of application, different hardware and software are used for the virtualization solutions. ã Siemens AG 2018 All rights reserved Application Virtualization solution Engineering, training and short tests VMware Player, VMware Workstation, Windows Virtual PC… VMware vSphere, HyperV Production plants VMware vSphere, HyperV Topics not covered by this application This document describes the use and the approach using VMware ESXi and VMware vSphere. The VMware Workstation or VMware Player is not considered. These products are not released for productive operation. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 6 3 Automation Solution 3 Automation Solution 3.1 WinCC system architecture in virtual environment ã Siemens AG 2018 All rights reserved Figure 3-1 WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 7 3 Automation Solution 3.2 What is virtualization? 3.2.1 Definition Virtualization is the abstraction of physical hardware from the operating system. For this purpose, a special virtualization layer, the so-called hypervisor, is located on a real computer. This makes it possible to implement several virtual machines (VM) that are isolated from each other, with their own virtual hardware components and their proprietary operating systems on a real, physical computer (host system). They act like real computers and can execute applications themselves. Layout for virtualization ã Siemens AG 2018 All rights reserved Figure 3-2 Tasks of the hypervisor Among other things, the hypervisor has the following tasks: · The hypervisor is the virtualization layer in which the VMs run. · The hypervisor manages the resource allocation of the real hardware to the VMs and the execution of the VMs. · The hypervisor is also called VMM (Virtual Machine Manager or Monitor). WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 8 3 Automation Solution Physical and virtual setup ã Siemens AG 2018 All rights reserved Figure 3-3 Variants Basically, there are two types of virtualization, which differ in terms of configuration and structure. · Server-based virtualization (type 1: native) · Client-based virtualization (type 2: hosted) WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 9 3 Automation Solution 3.2.2 Server-based virtualization (type 1: native) The virtualization variant is characterized by the following characteristics: · The hypervisor runs directly on the hardware of the host and is more efficient. It requires fewer resources, but has to provide all drivers. · No direct operation: The VMs are operated via remote clients. · Fields of application are data centers and production plants. · Examples for type 1 are "VMware ESX/ESXi" and "Hyper-V". ã Siemens AG 2018 All rights reserved Figure 3-4 3.2.3 Client-based virtualization (type 2: hosted) This virtualization variant is characterized by the following characteristics: · The hypervisor is based on a fully-fledged operating system, e.g. Windows, and uses the device drivers of the operating system. · Direct operation: The VMs are operated directly on the computer via graphics card and monitor. · Areas of application are mainly engineering and short tests. · Examples for type 2 are "VMware Workstation and VMware Player", "VirtualBox" or "Windwos Virtual PC". WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 10 3 Automation Solution Figure 3-5 Note Summary of server-based and client-based virtualization ã Siemens AG 2018 All rights reserved 3.2.4 This document describes only type 1 with VMware ESX/ESXi. Server-based virtualization Type 1 native (ESXi server) Client-based virtualization Type 2 hosted (VMware Workstation) · The hypervisor runs directly on the hardware of the host and is more efficient. It requires fewer resources, but has to provide all drivers. · The hypervisor is based on a fullyfledged operating system (e.g. Windows) and uses the device drivers of the operating system. · No direct operation: The VMs are operated via remote clients. · Direct operation: The VMs are operated directly on the computer via graphics card and monitor · Areas of application: Data centers and production plants · Areas of application: Engineering and short tests WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 11 3 Automation Solution 3.2.5 Advantages and disadvantages of the virtualization Table 3-1 ã Siemens AG 2018 All rights reserved Advantages Disadvantages Costs Reduction of costs · Consolidation of physical computers, cables, switches, etc. · Reduction of energy consumption · Reduction of space requirements less expensive hardware can be used for clients (so-called thin client solutions) Software costs for the operating system remain. Additional license costs for virtualization depending on the range of functions Security Increased security · Increased security due to remote access and centralized rights management · Reduced attack possibilities with thin clients; central protection on the ESXi server for the virtual machines Possibly increased security expenses (additional layer, data security) Availability Increased availability · Easy exchange of virtual machines on ESXi server possible · Flexibility · Increased flexibility · Hardware independence of the virtual machines · Virtual machines with different operating systems on one ESXi server · Additional virtual machines can be added by starting another VMware session · Hardware RAID can be configured as software RAID (ESXi Server) · Securing commissioning · Simple recording in the event of system failures System complexity · · WinCC Virtualization Entry ID: 49368181, V2.0, Danger of a "Single Point of Failure" Support may not come from a single source 08/2018 Significantly increasing system complexity Higher administration effort 12 3 Automation Solution Support If a problem occurs while operating a virtual machine, the support required for this may become time-consuming. In this case, the responsibility must first be clarified, as can be seen in the following diagram. Figure 3-6 ã Siemens AG 2018 All rights reserved Note When using SIMATIC Virtualization as a Service (see chap. 3.3) you not only receive pre-installed and pre-configured ESXi servers including WinCC installations in the form of VMs, but also the service for these complete systems from a single source. You can use a support request to determine the power requirements of a virtualized SIMATIC WinCC system. Further information is available in the following FAQ: "Where do you obtain technical support for the configuration of a virtual SIMATIC PCS 7 / WinCC System?". \4\ WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 13 3 Automation Solution 3.3 SIMATIC Virtualization as a Service SIMATIC Virtualization as a Service is a pre-configured, ready-to-use virtualization system for implementing efficient automation solutions for SIMATIC systems. ã Siemens AG 2018 All rights reserved Figure 3-7 A hypervisor is installed on a powerful server that manages the hardware resources and dynamically distributes them to the virtual machines. Central management, configuration and maintenance of the virtual machines and the virtualization server are carried out via a management console. The virtual machines are equipped with SIMATIC PCS 7 or SIMATIC WinCC installations and are preconfigured depending on the automation task (e.g. PCS 7 ES/Client, WinCC Server). The virtualization system can be easily and efficiently extended by preconfigured virtual machines and is therefore scalable to different plant sizes. A highly available system can be realized by using additional virtualization servers. Further information on SIMATIC Virtualization as a Service is available at the following link: · SIMATIC Virtualization as a Service \5\ WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 14 4 Configuration 4 Configuration 4.1 General hardware compatibility Each ESXi host and its components must be listed in the VMware's HCL (Hardware Compatibility List) for each ESXi version and license. For more information, please use the following link: https://www.vmware.com/resources/compatibility/search.php \6\ 4.1 NOTICE Configuration of the host systems The user/administrator is obliged to provide and secure sufficient system resources on the virtualization server and the virtual systems. Minimum system requirements for installing ESXi/ESX (1003661) http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd= displayKC&externalId=1003661 \7\ Best practices to install or upgrade to ESXi 6.0 (2109712) ã Siemens AG 2018 All rights reserved https://kb.vmware.com/s/article/2109712 \8\ Hardware example Here is an example from practical experience. · The configured main memory (RAM) of all VMs running simultaneously must not exceed 90% of the physically available RAM. · The ratio 2:1 of the virtually configured CPU cores of all simultaneously running VMs to the physically available CPU cores should not be exceeded. The following table shows an example of a possible assignment: Hardware Number Intel® Xeon® Processor E5-2640V4 (25MB Cache, 2.40 GHz, 8.00 GT/s QPI) 10 Cores Usage 1 core for host 1x ES 1x OS Server: 5x OS Client: 4 vCores 2 vCores 10 vCores · For performance reasons, the size of the data stores on the individual RAID systems should not exceed 2TB. · Using a RAID 10 system for the data stores offers the best read/write performance. · A better performance of WinCC can be achieved if a CPU with fewer cores and higher clock frequency is preferred to a CPU with more cores and lower clock frequency. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 15 4 Configuration Network The following figure shows an example of the communication principle of a virtualization system: · The internal communication between ES, WinCC server and WinCC client. · The communication of ES, WinCC server and WinCC client to the outside, e.g. to the AS via the physical network cards of the ESXi server. ã Siemens AG 2018 All rights reserved Figure 4-1 WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 16 4 Configuration 4.2 Configuration of guest systems 4.2.1 General information ã Siemens AG 2018 All rights reserved Features 1) Note Requirements 1) VM Version 8,9,10 or 11 Hard drive storage management Use type: "Thick Provision Eager Zeroed" Virtual network modules There are as many network cards to configure as would be the case with real WinCC stations. A redundant OS server would therefore have 3 virtual network cards. Separation of networks It is recommended to physically/virtually separate terminal, system and redundancy bus and not to use VLANs. The IP addresses of terminal, system and redundancy buses have to be located in different subnets. Network cards All network cards are assigned to the "Private" network profile within Windows via group policy. CPU load The CPU continuous load of the assigned logical CPU cores must not exceed 70% - 80%. Note: When archiving large data volumes a respective reserve is required (high I/O load). This load is given at a capacity of 70% - 80%. VMware Tools "VMware Tools" must be installed inside the virtual machines. This results in better performance and maintainability of the VMs. Operating states Suspend/Resume of the VMs, as well as VMware options, (e.g. vMotion) are not supported. The VMs must be treated like real WinCC stations. A downgrade of the VM version is not possible. Card type of virtual network cards The card type of the virtual network cards has to be "E1000" or "vmxnet3" (recommended). The card type "vmxnet3" cannot be used until VMware Tools is installed in the VM. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 17 4 Configuration 4.2.2 NOTICE Note Configuration of network cards Faulty process communication · No unused network cards may exist in the Windows "Network and Sharing Center". Unused cards must be disabled or removed from the virtual machine configuration. · No network card should be assigned to the public network profile. · When adding/removing network cards, their order changes in Windows. After making changes to the network configuration, check the order of the network cards according to the WinCC documentation. The following group policy can be used to ensure that no network card is assigned to the "Public network" network category: Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Network Manager Policies > Non-identified Networks: Set the location type from "Not configured" to "Private". ã Siemens AG 2018 All rights reserved Note First uninstall unused network cards in the Windows device manager. If you do not do this, "remaining files" will be left in the properties of the VM in Windows after you delete network cards. These "remaining files" must first be made visible in the device manager before they can be uninstalled. If these "remaining files" are not removed, the name of the deleted network card cannot be used again. Tip: If BGInfo (not included in Windows) is used, the desktop can show whether "remaining files" are available. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 18 4 Configuration 4.3 Remote access The VMs can be accessed with a thin client or a remote system via RDP, RealVNC, vSphere Client or vSphere Web Client. General information ã Siemens AG 2018 All rights reserved The following points apply to all remote connections: · All operator stations can be operated via exactly one open remote connection. · For a remote connection, the existing session must be taken over. This means that a user must be logged in at the operating station. · Remote Desktop may only be used via "mstsc/console" or "mstsc/admin". · An RDP connection may only be used for access to clients without additional functions (web functions). · With WinCC servers or the single-user system, RPP is only permitted if WinCC is running in service mode. · When using an RDP connection to a VM, the automatic logon to Windows has to be configured in this VM, e.g. using "control userpasswords2" or "Autologon for Windows" (Windows Sysinternals). · In order to access a VM with automatic logon via RDP, the following registry entry may not be present as of Windows Server 2012 R2 and Windows 10 (default setting): "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceAutoLogon" · Disabling the TCP auto tuning level: The TCP auto tuning settings can be disabled using the following command: netsh interface tcp set global autotuninglevel=disabled You can find information on this in the FAQ entry: "Which settings should you make when an OVF export fails using the "VMware vSphere Client" application?" \9\ RealVNC Audio signals cannot be transmitted via a RealVNC connection. The released version of RealVNC for WinCC is included in the compatibility tool: http://www.siemens.de/kompatool \3\ WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 19 4 Configuration vSphere Client ã Siemens AG 2018 All rights reserved Opening the console ("Open Console") of a VM in the vSphere client can take relatively long (35 sec). One possible reason for this is that certificates cannot be verified if there is no internet connection. This can be prevented by configuring the following group policy: Set "Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Automatic Root Certificates Update" to "enabled". WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 20 4 Configuration 4.4 Communication 4.4.1 Name resolution In a virtual environment, a management network is usually also used to manage the virtual infrastructure. In this management network it is recommended to use a DNS server for the name resolution of ESXi servers. Note The name resolution of the VMs necessary for the operation of WinCC must take place when using a DNS/WINS server via the terminal bus or by using the locally configured hosts and lmhosts files. The name resolution has to be done via the IPv4 protocol. 4.4.2 VLANs VLANs can be used in WinCC. You can find information on this in the FAQ entry "How do you configure a Virtual Local Area Network (VLAN) in PCS 7?“.\10\ ã Siemens AG 2018 All rights reserved VLANs must not be used on the dedicated network card of the ES to the fieldbus (PROFINET). 4.4.3 Redundancy connection between servers The connection between redundant WinCC servers for redundancy adjustment must be made via Ethernet. The following figure shows settings within the configuration of SIMATIC Shell: · Selection of the virtual network card for the redundancy bus in the redundancy settings · Disabling the serial port Figure 4-2 WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 21 4 Configuration 4.5 SIMATIC software redundancy With a redundant WinCC system, the runtime is active on both servers (master and standby). This has the following characteristics: · The clients are distributed between both servers (load balancing). · After a failure, the data status is synchronized on both servers by archive adjustment ã Siemens AG 2018 All rights reserved The fault tolerance provided by vmWare is not a replacement for the SIMATIC redundancy and therefore cannot be used. (see chapter 7.3.4 Fault Tolerance). WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 22 5 Licensing of SIMATIC Products 5 Licensing of SIMATIC Products General information As a general rule, you have to license all products/software according to the respective manufacturer's license terms and conditions. In terms of licensing, a SIMATIC software installation on a virtual machine does not differ from the installation on a real machine. Therefore, each SIMATIC software installation on a virtual machine, e.g. SIMATIC WinCC and other SIMATIC applications, has to be licensed accordingly. Likewise, each SIMATIC WinCC Client installation on a virtual machine has to be licensed accordingly. 5.1 Licensing with a single license Unlimited duration standard license that can be transferred to any computer and used on this computer. The Certificate of License (CoL) defines the type of use. Licenses of the single license type can only be used locally. ã Siemens AG 2018 All rights reserved 5.2 Licensing with floating licenses Unlimited license duration that can be transferred to any computer and used on this computer. The license can also be obtained from a license server over the network. Note The freedoms gained in handling virtualization entail the risk of easily damaging or destroying virtual machines. When things get serious, a virtual machine will be irretrievably lost, including all installations and licenses. To minimize the risk of losing licenses, use a license server with SIMATIC floating licenses. This additionally facilitates handling licenses. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 23 6 Diagnostic capabilities 6 Diagnostic capabilities Troubleshooting and performance (Chap 4.4 109486064) VMware provides various means to diagnose performance bottlenecks. Below, we will briefly describe use of the vSphere Client and of the "esxtop" tool. For more information, see the manual "vSphere Monitoring and Performance". https://www.vmware.com/support/pubs/ \11\ 6.1 Diagnostics using VMware vSphere client General information You can use the vSphere Client not only to configure the virtual machines (guest systems), but also to monitor the ESXi server and the individual virtual systems. Monitoring options ã Siemens AG 2018 All rights reserved You can display these points as curves with the vSphere client: · Main memory usage · Operating state · CPU load · Hard drive · Network utilization The procedure in detail Table 6-1 No. Step/action 1. Log on to the ESX(i) server · Start your VMware VSphere client. The Logon dialog appears: · Enter the IP address of your virtualization server and your user data. The vSphere Client starts. 2. Navigate to ESX(i) server diagnostics · In the navigation tree, select the top item. (The virtualization server.) · Then select the “Performance” tab. A diagram appears that shows the performance data graph. 3. Customizing the ESX(i) server diagnostics To monitor the values used for these measurements, proceed as follows: · In the top area of the tab, click “Trend settings…”. The “Adjust performance trend” dialog appears. · Monitoring the RAM – In the “Trend settings” tree, expand the “RAM” item. – In “RAM”, click “Realtime”. – In the “Performance logs” fields, deselect everything and select only “active”. – Confirm with OK. In the diagram, you can now monitor the active RAM. · Monitoring the CPU load – In the “Trend settings” tree, expand the “CPU” item. – In “CPU”, click “Realtime”. – In the “Performance logs” field, deselect everything and select only WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 24 6 Diagnostic capabilities No. Step/action – 6.2 “usage”. Confirm with OK. In the diagram, you can now monitor the CPU load. 4. Navigate to diagnostics of the virtual system · In the navigation tree, select the item of the virtual system to be monitored. · Then select the “Performance” tab. A diagram appears that shows the performance data graph. 5. Customizing diagnostics of the virtual system To do this, proceed as described in step 3. Diagnostics in the virtual system For diagnostics in the virtual system, use the Windows tool Windows Performance Monitor. The procedure in detail Table 6-2 ã Siemens AG 2018 All rights reserved No. Step/action 1. Starting the tool Click “Start > Performing". The “Run...” dialog appears. · Enter “Perfmon” and click OK. The monitoring tool starts. 2. Customizing the performance indicators Remove all performance logs from the lower right area. · In this area, right-click. In the menu, select “Add performance logs...”. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 25 6 Diagnostic capabilities No. Step/action · · · · ã Siemens AG 2018 All rights reserved · The “Add performance logs” dialog appears. To display the CPU load as a percentage, select the “Processor” data object and select the “% Processor Time” performance log. Select “_Total” as the instance. Click on "Add…". To display the main memory allocation, select the “Memory” data object and select the “Committed Bytes” data object. Click “Add” and select “Close” to close the dialog. Note It is a problem to display both values simultaneously in one diagram. The axis scaling differs. For optimum display, adjust the scaling using the “Properties” button and the “Graphics” tab. For more information, follow this link: "What diagnostics options are available for WinCC and PCS 7 OS?" \12\ WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 26 6 Diagnostic capabilities 6.3 Performance problems To prevent your VM from running with poor performance, define the hardware configuration of the VM before installing the operating system. This mainly applies to: · Number of virtual sockets · Number of virtual cores per socket If you make changes to the hardware configuration, you must adjust the HCL of the VM again. Further information is available at: · Modifying the Hardware Abstraction Layer (HAL) for a Windows virtual machine (1003978) ã Siemens AG 2018 All rights reserved https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd =displayKC&externalId=1003978 \13\ · Troubleshooting a converted virtual machine that experiences poor performance (1013857) https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cm d=displayKC&externalId=1013857 \14\ · Troubleshooting ESX/ESXi virtual machine performance issues (2001003) https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cm d=displayKC&externalId=2001003 \15\ WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 27 7 Further Notes, Tips and Tricks 7 Further Notes, Tips and Tricks 7.1 Pass-through (VMDirectPath IO) General information Pass-through support in VMware vSphere Server (ESXi) allows you to pass certain physical components of the server directly to the virtual machines. The virtual machine detects the new hardware automatically, if necessary appropriate drivers are installed later. As long as you use pass-through function: · the hardware is a part of the virtual machine · the HyperVisor no longer has access Various SIMATIC NET CPs have been tested for the pass-through function and can be used. Note This is where you can find information about pass-through configurations ã Siemens AG 2018 All rights reserved http://kb.vmware.com/kb/1010789 \16\ Note When using SIMATIC NET CPs in a virtual environment, observe the requirements and dependencies of SIMATIC NET. "SIMATIC NET PC-Software SIMATIC NET PC Software V14 SP1 installation manual – chapter 3 and 4" Installation, configuration of SIMATIC NET CPs in a VMware vSphere server (ESXi) https://support.industry.siemens.com/cs/ww/en/view/77377602 \17\ Other compatibilities can be found here https://support.industry.siemens.com/kompatool/pages/main/index.jsf \3\ You can use WinCC ASIA dongle via pass-through. The number of ASIA dongles depends on the international USB hubs and not on the number of USB ports. Only one USB HUB is forwarded at a time. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 28 7 Further Notes, Tips and Tricks 7.2 Managed USB HUB General information The following diagram shows you how a USB HUB is connected to a virtual infrastructure via the Ethernet LAN. You configure the assignment of the USB ports to the virtual machine via the hub's Web interface. Furthermore, every virtual machine that you connect to the USB HUB needs a corresponding software. Using this software, the virtual machine accesses the respective USB port (port groups). The USB devices connected to these ports are passed on to the respective virtual machine via the Ethernet LAN. Note A guide showing the detailed configuration of the USB HUB is available on the manufacturer’s website: http://www.digi.com/products/usb/anywhereusb \18\ ã Siemens AG 2018 All rights reserved Figure 7-1 VM VM VM VM VM VM VM VM VM RealPort USB software drivers Ethernet LAN AnywhereUSB USB Device SmartCard Remote Client The following USB HUBs were compatibility-tested: WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 29 7 Further Notes, Tips and Tricks http://www.digi.com/products/usb/anywhereusb \18\ You can use WinCC ASIA dongle via USB HUB. 7.3 General recommendations 7.3.1 Snapshots Do not use snapshots during productive operation. This can negatively affect the virtual machine's general performance capability. For more information, follow this link: https://www.vmware.com/pdf/vcops-vapp-585-deploy-guide.pdf (p. 15) \19\ Search KB entry 2000986 "Snapshots are not backups" for "Best practices for virtual machine snapshots in the VMware environment". https://kb.vmware.com/selfservice/microsites/microsite.do \20\ 7.3.2 vMotion or vMotion Storage ã Siemens AG 2018 All rights reserved Do not use vMotion or vMotion Storage for virtual machines in which SIMATIC software is active. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 30 7 Further Notes, Tips and Tricks 7.3.3 SDRS (Storage DRS) Storage DRS enables moving virtual machines automatically within a data store cluster. A data storage cluster consists of individual data stores. Do not move virtual machines with active SIMATIC software. 7.3.4 Fault Tolerance Fault Tolerance (FT) provides uninterrupted availability by assuring that the states of the primary and secondary virtual machine are identical for the entire time the instruction is being executed. FT is not supported in conjunction with SIMATIC software and is not considered in this application example. 7.3.5 Cloning virtual machines (VM) Cloning a virtual machine is not compatibility-tested and not released. 7.3.6 VMware Tools ã Siemens AG 2018 All rights reserved Install the latest version of the VMware Tools. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 31 7 Further Notes, Tips and Tricks 7.3.7 Increasing performance of vnetflt.sys driver You can increase the performance of WinCC within the VM by uninstalling the "vnetflt.sys" driver. Table 7-1 Start the VMware converter. 2. Select "Change" and click on the “Next" button 3. Uninstall the "NSX Network Introspection Driver" in "VMCI Driver > NSX File Introspection Driver" 4. Restart the computer. ã Siemens AG 2018 All rights reserved 1. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 32 7 Further Notes, Tips and Tricks 7.3.8 Hard drives Thick provisioned eager zeroed Format Create the hard drives in the format "Thick Provision Eager Zeroed". It will provide the best performance properties. For more information, follow this link: https://www.vmware.com/pdf/vcops-vapp-585-deploy-guide.pdf (p. 15) \19\ Distributing multiple hard drives of a virtual machine Distribute the hard drives evenly across the virtual SCSI adapters. For more information, see the book "Virtualizing Microsoft Business Critical Applications on VMware vSphere" (p. 90). I/O-intensive applications ã Siemens AG 2018 All rights reserved Use the paravirtual storage adapter (PVSCSI) for I/O intensive applications. It reduces the CPU load and is capable of improving especially the system's overall performance. Also observe the information provided by the following links. For more information, follow this link: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/v mware-perfbest-practices-vsphere6-0-white-paper.pdf \21\ Or in KB article 1010398. Search for "Configuring disks to use VMware Paravirtual SCSI adapters". https://kb.vmware.com/selfservice/microsites/microsite.do \20\ Note 7.3.9 The use of SSD brings a considerable improvement in performance. Unnecessary hardware in virtual machines Remove all unnecessary hardware from the configuration. Each unnecessary element can negatively affect the performance capability of your virtual machine. For more information, follow this link: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/v mware-perfbest-practices-vsphere6-0-white-paper.pdf \21\ This includes: 7.3.10 · Floppy disk · CD ROM · HD audio Synchronizing the virtual machines The host (ESXi) must use the same time source as the operating systems within the virtual machines. Before time synchronization mechanisms take effect in the virtual machine, the host's time is used when starting the virtual machine. If the two times differ, undesired behavior can occur as a result. In the virtual machine, use one of the following time synchronization methods: WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 33 7 Further Notes, Tips and Tricks · VMware Tools or · Time synchronization - Time synchronization in the automation environment In this entry you will find the most important entries on the 'Time Synchronization' topic in Industry Online Support. https://support.industry.siemens.com/cs/ww/en/view/86535497.\22\ Synchronization of the hosts The ESXi hosts need a time source. Set this source accordingly using the vSphere Client. ã Siemens AG 2018 All rights reserved Figure 7-2 Figure 7-3 7.4 Security settings 7.4.1 Disabling automatic update of VMware Tools An automatic upgrade of the VMware Tools may cause the host operating system to be restarted automatically. Note During the restart, e.g. a WinCC server is not available or WinCC clients cannot be operated. Disable the automatic installation of VMware Tools: WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 34 7 Further Notes, Tips and Tricks 7.4.2 Time synchronization through NTP Synchronize your ESXi host with a time source. Use the same time source as for time synchronization of your operating systems within the VMs. 7.4.3 Applying patches for ESXi Always keep the patches of your ESXi hosts up to date. You can do so using the Update Manager for example. NOTICE Restart of the host and thus also the virtualized machines necessary You may need to restart the host to successfully install patches. Note that the virtual machines running on the server also have to be restarted. WinCC servers of this host are not available for this period and WinCC clients of this host cannot be operated. WinCC servers or WinCC clients of other hosts are not affected. ã Siemens AG 2018 All rights reserved For more information, follow this link: https://www.vmware.com/support/policies/security_response \24\ 7.4.4 Security in general Siemens provides products and solutions with Industrial Security functions that support the secure operation of plants, systems, machines and networks. Further information can be found at the following links. · Which security precautions help against unauthorized access in the SIMATIC PCS 7 / WinCC environment? https://support.industry.siemens.com/cs/ww/en/view/44443744 \23\ · SIMATIC process control system PCS 7 safety concept PCS 7 & WinCC (basic) https://support.industry.siemens.com/cs/ww/en/view/60119725 WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 35 8 Glossary 8 Glossary ESX(i) Product from VMware. The software has/is its own operating system and provides virtual systems with workspace. The software is used for virtualization on the server side. Core installation Operating system installation without a graphical user interface; replaced by a simplified platform such as a CMD command prompt or PowerShell. Guest A guest is a virtualized computer running within a host (equivalent to VM). Host ã Siemens AG 2018 All rights reserved The “host” for virtual machines, regardless of whether this refers to the “host” for desktop or server virtualization. In this document, “host” is equivalent to virtualization server. HyperV This software environment is provided by Microsoft through different paths and allows the user to provide, manage and run virtual machines on a Windows server or core server. HyperVisor Software for virtualization (of a virtualization server). Hyper-threading Technology for better processing of commands for the processor. Here, with hyper-threading, one processor core appears as 2 process cores to the operating system. IOPS Input/Output Operations per Second. Management Station A PC that performs the configuration, maintenance and monitoring of one or more virtualization servers. The VMware Converter or vSphere Client applications can be used in this context. RDP Remote Desktop Protocol is a Microsoft solution for operator control and monitoring of remote computers. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 36 8 Glossary SCADA SCADA stands for “Supervisory Control and Data Acquisition”. SSD SD stands for "solid-state drive" and is a data memory. VDS Virtual Distributed Switch Virtualization server (and virtual system) The real PC on which the VMware ESX(i) software runs that provides its resources to virtual systems. Computers that run within the VMware ESXi software are virtualized systems. Virtual hardware Real resources are not directly provided to the virtualized systems to allow shared use. Such shared hardware can be network cards, processor cores or hard drives. This hardware can be used partially and jointly by all virtualized systems. ã Siemens AG 2018 All rights reserved Virtual processor core A processor core provided to the virtual machine. A vCPU is not equivalent to a pCPU or pCore. A vCPU also includes the “double cores” due to HT. In addition, VMware does not distinguish between the core and the CPU; this is only relevant to the guest system. Virtual network A network which only exists within a virtualization server and allows communication between multiple virtual systems (within one virtualization server). VNC Virtual Network Control is an option for operator control and monitoring of remote computers. VMware Company and vendor of virtualization software. VMware vCenter Converter A VMware product for converting, transferring and creating virtual systems. VMware Workstation A VMware product for creating and using virtual systems on existing operating systems. vSphere Client A VMware product for configuring, monitoring and running a VMware ESXi Server. vSphere Server A VMware product that is installed on the server hardware. WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 37 8 Glossary Also known as a HyperVisor, VMware ESX(i) Server or ESX(i) host. vSphere vCenter Server A VMware product that is used in order to manage multiple ESX(i) HyperVisors using a vSphere Client. The vSphere VCenter Server is used to combine multiple ESX(i) hosts into a cluster, which increases effectiveness based on the available functionality. VSS ã Siemens AG 2018 All rights reserved Virtual Standard Switches WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 38 9 Appendix 9 Appendix 9.1 Service and Support Industry Online Support Do you have any questions or need support? Siemens Industry Online Support offers access to our entire service and support know-how as well as to our services. Siemens Industry Online Support is the central address for information on our products, solutions and services. Product information, manuals, downloads, FAQs and application examples – all information is accessible with just a few mouse clicks at https://support.industry.siemens.com Technical Support Siemens Industry's Technical Support offers quick and competent support regarding all technical queries with numerous tailor-made offers – from basic support right up to individual support contracts. ã Siemens AG 2018 All rights reserved Please address your requests to the Technical Support via the web form: www.siemens.en/industry/supportrequest SITRAIN – Training for Industry With our globally available training courses for our products and solutions and using innovative teaching methods, we help you achieve your goals. More information on the training courses offered as well as on locations and dates is available at: www.siemens.en/sitrain Service offer Our service offer comprises, among other things, the following services: · Product Training · Plant Data Services · Spare Parts Services · Repair Services · On Site and Maintenance Services · Retrofit and Modernization Services · Service Programs and Agreements Detailed information on our service offer is available in the Service Catalog: https://support.industry.siemens.com/cs/sc Industry Online Support app Thanks to the "Siemens Industry Online Support" app, you will get optimum support even when you are on the move. The app is available for Apple iOS, Android and Windows Phone: https://support.industry.siemens.com/cs/ww/en/sc/2067 WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 39 9 Appendix 9.2 Links and literature Table 9-1 ã Siemens AG 2018 All rights reserved No. Topic \1\ Siemens Industry Online Support https://support.industry.siemens.com \2\ Link to the entry page of the application example https://support.industry.siemens.com/cs/ww/en/view/49368181 \3\ Compatibility tool https://siemens.com/kompatool \4\ Where do you obtain technical support for the configuration of a virtual SIMATIC PCS 7 / WinCC System? https://support.industry.siemens.com/cs/en/en/view/109749129 \5\ SIMATIC Virtualization as a Service https://support.industry.siemens.com/cs/ww/en/sc/3095 \6\ VMware Compatibility Guide https://www.vmware.com/resources/compatibility/search.php \7\ Minimum system requirements for installing ESXi/ESX (1003661) http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=dis playKC&externalId=1003661 \8\ Best practices to install or upgrade to ESXi 6.0 (2109712) https://kb.vmware.com/s/article/2109712 \9\ Which settings should you make when an OVF export fails using the "VMware vSphere Client" application? https://support.industry.siemens.com/cs/ww/en/view/98158088" \10\ How do you configure a Virtual Local Area Network (VLAN) in PCS 7? \11\ Manual for vSphere monitoring and performance https://www.vmware.com/support/pubs/ \12\ What diagnostics options are available for WinCC and PCS 7 OS? https://support.industry.siemens.com/cs/ww/en/view/48698507 \13\ Modifying the Hardware Abstraction Layer (HAL) for a Windows virtual machine (1003978) https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=dis playKC&externalId=1003978 \14\ Troubleshooting a converted virtual machine that experiences poor performance (1013857) https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=dis playKC&externalId=1013857 \15\ Troubleshooting ESX/ESXi virtual machine performance issues (2001003) https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=dis playKC&externalId=2001003 \16\ Configuring VMDirectPath I/O pass-through devices on a VMware ESX or VMware ESXi host (1010789) http://kb.vmware.com/kb/1010789 \17\ SIMATIC NET: PC Software SIMATIC NET PC Software V14 SP1 > Installation, configuration of SIMATIC NET CPs in a VMware vSphere server (ESXi) https://support.industry.siemens.com/cs/ww/en/view/77377602 \18\ DIGI AnywhereUSB http://www.digi.com/products/usb/anywhereusb#docs \19\ vApp Deployment and Configuration Guide https://www.vmware.com/pdf/vcops-vapp-585-deploy-guide.pdf https://support.industry.siemens.com/cs/ww/en/view/66807297" WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 40 9 Appendix No. \20\ VMware Knowledge Base https://kb.vmware.com/selfservice/microsites/microsite.do \21\ Performance Best Practices for VMware vSphere 6.0 https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/v mware-perfbest-practices-vsphere6-0-white-paper.pdf \22\ Time synchronization - Time synchronization in the automation environment https://support.industry.siemens.com/cs/ww/en/view/86535497 Which security precautions help against unauthorized access in the SIMATIC PCS 7 / WinCC environment? https://support.industry.siemens.com/cs/ww/en/view/44443744 \23\ \24\ 9.3 Topic vmware Security Response Policy https://www.vmware.com/support/policies/security_response Change documentation ã Siemens AG 2018 All rights reserved Table 9-2 Version Date V1.0 07/2015 First version V2.0 08/2018 Reworking WinCC Virtualization Entry ID: 49368181, V2.0, 08/2018 Modification 41
0
Anuncio
Documentos relacionados
Descargar
Anuncio
Añadir este documento a la recogida (s)
Puede agregar este documento a su colección de estudio (s)
Iniciar sesión Disponible sólo para usuarios autorizadosAñadir a este documento guardado
Puede agregar este documento a su lista guardada
Iniciar sesión Disponible sólo para usuarios autorizados