| In an attempt to close security holes in Windows XP, Microsoft has made several security enhancements that when combined will provide a new level of protection to the users of Windows XP. In making these new security enhancements Microsoft also affected some of the operations of a few existing applications, principally those that use DCOM or (Distributed Component Object Model).
For OPC users DCOM is the technology that allows you to remotely connect an OPC Client application with an OPC Server application. The key word here is "remotely". If your application consists of one or more OPC Client applications running on the same PC as your OPC Server products then you do not have to be concerned with the effects of installing Service Pack 2 for XP.
However, if your applications consist of one or more OPC Client applications running on one or more PCs accessing your OPC Server products remotely over your network, then you will be affected by installing Service Pack 2 for XP.
There are several new security features that are part of the Service Pack 2 upgrade. Chief among those features is the new Microsoft Firewall. A firewall as you may know blocks or shields a PC from certain types of messages that may be sent to or from a PC over the network or the internet. In its initial settings the new Microsoft Firewall is configured to block many of the operations and messages that are used by DCOM. Additional security settings that become active with SP2 also prohibit programs from accessing and launching applications, which is also used in remote OPC applications. With the Firewall and other security settings in place, your remote OPC applications will not function until you properly configure your XP installation.
|
|
Our recommendations are based largely on the nature of your OPC application, the nature of your network environment, and your personal goals for the security of your OPC applications.
In general if your OPC applications are not operating remotely, then Kepware sees no issue with you performing the SP2 installation. If you are currently using OPC remotely by DCOM or plan to do so in the near future, Kepware recommends that you delay your installation of SP2 for XP with specific caveats. While we feel that the installation of SP2 should be delayed if possible, we do believe that you should consider the benefits of SP2 in terms of security if your application is linked to the internet in any way or the ability to control the software installed in the system is not guaranteed. In those cases where your system has or may have internet access then SP2 may be a step you wish to take for the added levels of security. As we have stated this will stop your remote OPC applications until you properly configure the new XP Firewall and Security settings for DCOM. Once these security changes are made to your SP 2 installation you will be able to achieve normal remote OPC operation.
Shown below are both a Kepware edited white paper initially supplied by the OPC Foundation that details the steps required to properly configure Microsoft Windows XP SP2 for DCOM operation. We have added significant detail to this document. Additionally, we offer a step-by-step tutorial in the form of a Viewlet that will also take you through the procedure.
Please review both of these guides before you upgrade your XP system to service Pack 2. With help from these guides and a little patience, you will have your OPC applications running at peak performance under XP SP2 quickly.
|
