InTouch_TSE_DG_1.0.docx Rev. 1.0 Client 139 InTouch for Terminal Services Deployment Guide Planning and Implementation Guidelines

  Revision: 1.0 © Copyright 2013, Invensys Systems Inc.

  Rev. 1.0 Client 139 © 2013 Invensys Systems, Inc. All rights reserved.

  No part of the material protected by this copyright may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, broadcasting, or by any information storage and retrieval system, without permission in writing from Invensys Systems, Inc.

  Invensys, Wonderware, ArchestrA, InTouch, ActiveFactory, InControl, and Factelligence are trademarks and registered trademarks of Invensys plc, its subsidiaries and affiliated companies. All other brands and product names may be the trademarks or service marks of their respective owners.

  Wonderware, a business unit of Invensys 26561 Rancho Parkway South Lake Forest, CA 92630

  Rev. 1.0 Client 139 Table of Contents

  

  

  

  

  

  

  

  

  

  

  

  

  

  

  

  

  

  

  

  

  

  Rev. 1.0 Client 139

  

  

  

  

  

  

  

  

  

  

  Rev. 1.0 Client 139

  

  

  

  

  

  

  

  

  Rev. 1.0 Client 139 CKNOWLEDGEMENTS A

  This Deployment Guide was authored, tested and reviewed by an I.O.M. Global Customer Support team, which includes the following people:

UTHORING AND TESTING

  A :

   Alicia Rantos (GCS Lake Forest)  Nagat Mahmoud (GCS Cairo)  Mohamed Salah (GCS Cairo)  Ragaei Mahmoud (GCS Cairo)  Mohamed AbouELSoud (GCS Cairo)  Amr Shebl (GCS Cairo)

EVIEW AND

  ISTRIBUTION R D

   Ray Norman (Application Engineering Lake Forest)  Marco Siscovich (GCS Italy)  Denis Lebrun (Wonderware France)  John Krajewski (Lake Forest)  Rob Kambach (Lake Forest)  Eduardo Ballina (Lake Forest)  Michael Boor (GCS Lake Forest)

  Rev. 1.0 Client 139 ELCOME TO N OUCH FOR ERMINAL ERVICES W

  I T T S

  Before You Begin The InTouch for Terminal Services Deployment Guide is intended to help you efficiently plan, deploy and run InTouch applications on Windows 2008 R2 Remote Desktop Services (formally Terminal Services). As a complement to the InTouch for Terminal Services User’s Guide, it provides greater detail in architecture design, hardware selection, and how to leverage the features of Terminal Services in an industrial environment. It specifically addresses the RDP protocol. Additional information on RDP and related protocols are available at the following websites:

  

   Microsoft Terminal Services Overvie

  

   Remote Desktop Services Overvie

  

  

  Remote Desktop Services

  

   Automation Control Products (ACP Note: Adding ACP ThinManager™ increases the available client types to non- Windows-based workstations, including UNIX, Linux, and industrial display panels. Consult your vendor to verify Wonderware support for a particular non- Windows-based operating system.

  ERMINOLOGY T

   Console: This is the normal desktop experience on the computer that has Terminal Services installed.  RDP: Remote Desktop Protocol. The default connection protocol installed with Windows Terminal Services.  RDS: Remote Desktop Services  Session: A log-on instance where 100 percent of the resources

  (processing, memory, and hard disk) are managed under a virtual user account, referred to as a Session ID.  Terminal Services: A service that enables a server-grade computer for multi-user processing and management.

  Rev. 1.0 Client 139

   Thin Client: (a.k.a. Terminal) A device that allows you to send commands to another computer. At a minimum, this usually means a keyboard, a display screen, and some simple circuitry.

  A SSUMPTIONS

  This manual assumes you are:

  „ Familiar with the Windows 2008 R2 operating system working environment. „ Knowledgeable of how to use of a mouse, Windows menus, select options, and accessing online Help.

„ Experienced with a programming or macro language. For best results,

  you should have an understanding of programming concepts such as variables, statements, functions and methods.

  T ECHNICAL S UPPORT

  Wonderware Technical Support offers a variety of support options to answer any questions on Wonderware products and their implementation. Prior to contacting technical support, please refer to the relevant chapter(s) in your InTouch for Terminal Services Deployment Guide for a possible solution to any problem you may have with your system. If you find it necessary to contact technical support for assistance, please have the following information available:

  1. Your software serial number.

  2. The version of InTouch you are running.

  3. The type and version of the operating system you are using. For example, Microsoft Windows 2008 R2 SP1 (or later) workstation.

  4. The exact wording of system error messages encountered.

  5. Any relevant output listing from the Wonderware Logger, the Microsoft Diagnostic utility (MSD), or any other diagnostic applications.

  6. Details of the attempts you made to solve the problem(s) and your results.

  7. Details of how to recreate the problem.

  8. If known, the Wonderware Technical Support case number assigned to your problem (if this is an on-going problem).

  Rev. 1.0 Client 139 SING ERMINAL ERVICES U T S

  Terminal Services is a configurable service included in the Microsoft Windows Server operating systems that runs Windows-based applications centrally from a server. In Terminal Services, client computers access the server node, where multiple instances of InTouch software applications run simultaneously.

  The Terminal Services environment has three main parts:  Terminal Services Server: The server manages the computing resources for each client session and provides client users with their own unique environment. The server receives and processes all keystrokes and mouse actions performed at the remote client, then directs all display output for both the operating system and applications to the appropriate client. All Terminal Services application processing occurs on the server.

   Remote Desktop Protocol (RDP): A Remote Desktop Protocol (RDP) client application passes the input data, such as keystrokes and mouse movements, to the server.

   Client: The Terminal Services client performs no local application processing; it just shows the application output. You access Terminal Services from a client by running the Terminal Services Client command on the Windows Program menu. When you connect to the Terminal server, the client environment looks the same as the Windows server. The fact that the application is not running locally is completely transparent.

  For more information about Terminal Services, including features and benefits, see your Microsoft documentation.

  Rev. 1.0 Client 139 UNNING A ANAGED N OUCH PPLICATION WITH ERMINAL ERVICES R M

  I T A T S You can run managed InTouch applications in a Terminal Services environment.

  The benefit of using Terminal Services is that it allows you to run multiple, autonomous InTouch applications simultaneously on a Terminal Server.

  EY OINTS K P

   In a typical Terminal Services architecture, application development, deployment, and client visualization are placed on separate computers.  You must deploy each InTouch application to the server running InTouch for Terminal Services.  You run each managed InTouch application in a separate terminal- services client session. For more information, see Chapter 4, Using IDE-Managed InTouch Applications at Run Time, in the InTouch® HMI and ArchestrA® Integration Guide.

  Rev. 1.0 Client 139

  The following graphic shows the Galaxy and InTouch Development Nodes in this context:

  Rev. 1.0 Client 139 D EPLOYING THE

  I N T OUCH

  V IEW A PP O BJECT IN A T ERMINAL S ERVICES E NVIRONMENT You can run managed InTouch applications in a Terminal Services environment.

  The main advantage of this architecture is that you can run multiple InTouch applications on one computer at the same time. To do this, you must:

  „ Install InTouch 10.x or later on a computer with Remote Desktop Services (RDS) installed. „ Run each managed InTouch application on its own terminal Server Node. „

  Run each InTouch View client in a separate Terminal Services client session. Note: Each Terminal Services client session uses a unique user logon.

  Rev. 1.0 Client 139 C ONFIGURE HISTORICAL LOGGING ON

  I N T OUCH FOR T ERMINAL S ERVICES We recommend using one historical logging file for all the clients.

   Configure Historical Logging using the $HistoricalLogging tagname.  Create an Application Startup script using TSEQueryRunningOnClient(). Code Example (from above figure):

  Client = TseQueryRunningOnClient();

  IF client == 1 THEN

  IOSAccessName["Tagserver","davidu6","View","Tagname"]; $HistoricalLogging = 0; ENDIF;

  Rev. 1.0 Client 139 C ONFIGURING A UTOMATIC S TARTUP Configure InTouch automatic startup from the Computer Management panel's User

properties window (following figure) in the Environment tab. Set these options for each

user.

  Rev. 1.0 Client 139 M

  ISCELLANEOUS L

  IMITATIONS IN A T ERMINAL S ERVICES E NVIRONMENT

  The following table describes the limitations and suggested solutions to run applications on a terminal server.

  Feature Supported? Comment WindowViewer Yes WindowViewer is not supported running as a service under Terminal Services.

  DDE to an I/O Device or MS Office (for example, Excel) No Use a tag server (console or separate computer). This includes DDE QuickScripts:

  WWExecute(), WWPoke() and WWRequest() .

  DDE from MS Office (for example, Hot-link configured in Excel) Yes Excel and the InTouch HMI must be running in the same session. Historical Trending Yes Use a tag server or NAD to log values.

  Multiple sessions may read the same historical files, but only a console can write to historical files. InTouch Alarm DB Logger Yes -- MEM OLE Automation No -- Printing Alarms No -- Retentive tags Yes Must use NAD or Managed Application. SPC Pro No Not supported SQL Access (ODBC) Yes Database should be on a separate computer. SuiteLink to an I/O Device or another InTouch application.

  Yes When communicating to another view session, include the Terminal Server node name and append the IP address of the desired session to the application name. For example, view10.103.25.6 .

  I/O Servers are not supported in client sessions. .

  Rev. 1.0 Client 139 NTRODUCTION TO N OUCH FOR ERMINAL ERVICES

  I I T T S

  This section provides an overview of InTouch for Terminal Services. It also presents business and industrial scenarios to help you determine if a server- centric strategy is appropriate for your particular application.

  I N T OUCH FOR T ERMINAL S ERVICES

  InTouch for Terminal Services is a variation of the regular InTouch version and is intended for computers running server versions of Windows with Terminal Services enabled. You can use InTouch for Terminal Services to run InTouch on one central server and supply InTouch functionality to multiple client computers without imposing any further software or hardware requirements on the client computers. In this environment, the hardware and software requirements for the server are relatively high and those for the clients relatively low.

  N OUCH IN THE ERMINAL ERVICES NVIRONMENT

  I T T S E

  Terminal Services is a configurable service included in the Microsoft Windows Server operating systems that runs Windows-based applications centrally from a server. In Terminal Services, client computers access the server node, where multiple instances of InTouch software applications run simultaneously.

  Remote Desktop Services (Terminal Services) _{2008 R2 Environment Application} InTouch

_{RD Terminal Server}

_{IO Server to view the InTouch session RDP\ICA protocol is used}

2008 R2

_{Modem RD Gateway ce s 2 00 8 R 2 PL Cs Int ern al RD Cl ien Internet ts RD Se} rvi External RD Clients

  Rev. 1.0 Client 139 W HY WAS T ERMINAL S ERVICES RENAMED TO

  

“R

EMOTE D ESKTOP S ERVICES

  ”

  I N W

  INDOWS S ERVER 2008 R2?

  In Windows Server 2008 and Windows Server 2008 R2, the /console switch functionality is no longer needed:  Improved application compatibility guarantees that legacy applications that have to communicate with services in session 0 are installed and are run in sessions other than session 0. Additionally, if the service that is associated with an application tries to display UI elements in session 0, a built-in capability in Windows Server 2008, Windows Server 2008 R2 and in Windows Vista enables you to view and to interact with the session 0 UI from your session. Windows Server 2008/Windows Server 2008 R2 session 0 is an interactive session that is reserved for services. Therefore, there is no need for you to explicitly connect to this session.

   Because the physical console session is never session 0, you can always reconnect to your existing session on the physical console. The Restrict Terminal Services users to a single remote session Group Policy setting determines whether you can connect to your existing physical console session. This setting is available in the Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections node of the Local Group Policy Editor. You can also configure this setting in Terminal Services Configuration. The Restrict each user to a single session setting appears in Edit settings in the General section.

ADMIN SWITCH BEHAVES

  H OW THE /

  You can run the RDC 6.1 client (Mstsc.exe) together with the /admin switch to remotely administer a Windows Server 2008-based server that has or does not have Terminal Server installed. However, if you are trying to remotely administer a Windows Server 2008-based server that does not have the Terminal Server role service installed, you do not have to use the /admin switch. In this case, the same connection behavior occurs with or without the /admin switch.

  Two active remote administration sessions can run at any point in time. To start a remote administration session, you must be a member of the Administrators group on the server to which you are connecting.

  The following graphic shows that in Windows XP, Windows Server 2003, and earlier versions of the Windows operating system. All services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 is a security risk because services run at elevated privilege and therefore are targets for malicious agents who are looking for a way to elevate their own privilege level.

  Rev. 1.0 Client 139 _{Session 0} Application 1 _{Application 2} Application 3 ^{Service 1 Service 2 Service 3 Session 1 Application 4 Application 5 Application 6} Application 7 _{Application 8 Application 9} ^{Session 2}

  With Windows Vista, Windows Server 2008, and later versions of Windows, sessions are assigned as shown in the following figure.

  Rev. 1.0 Client _{Session 0 Session 1} 139 Service 1 Service 2 _{Application 2 Application 1 Application 3} Service 3

  Session 2 Session 3

_{Application 4 Application 7}

_{Application 5 Application 8} Application 6 Application 9

  In this graphic, three users are logged on to the system. However, only services run in Session 0. The first user logs on to Session 1, and Sessions 2 and 3 represent subsequent users.

EMOTE ESKTOP ERVICES OLE

  R D S (R )

  Remote Desktop Services (formerly Terminal Services), is a server role in Windows Server® 2008 R2. This role provides technologies that enable users to access Windows-based programs installed on a Remote Desktop Session Host (RD Session Host) server, or to access the full Windows desktop.

  Rev. 1.0 Client 139 SING EMOTE ESKTOP ERVICES U R D S

   You can access an RD Session Host server from within a corporate network or from the Internet.  Remote Desktop Services lets you efficiently deploy and maintain software in an enterprise environment.  You can easily deploy programs from a central location.  Because you install the programs on the RD Session Host server and not on the client computer, programs are easier to upgrade and to maintain.  When a user accesses a program on an RD Session Host server, the program runs on the server. Each user sees only their individual session. The session is managed transparently by the server operating system and is independent of any other client session.

  When you deploy a Windows Application on an RD Session Host server instead of on each device, you have the following benefits:  Application deployment: You can quickly deploy Windows-based programs to computing devices across an enterprise. Remote Desktop Services is especially useful when you have programs that are frequently updated, infrequently used, or difficult to manage.

   Application consolidation: Programs are installed and run from an RD Session Host server, eliminating the need for updating programs on client computers. This also reduces the amount of network bandwidth that is required to access programs.  Remote access: Your users can access programs that are running on an

  RD Session Host server from devices such as home computers, kiosks, low-powered hardware, and operating systems other than Windows.

  Rev. 1.0 Client 139

EMOTE ESKTOP ERVICES OLE SERVICES

  R D S (R )

  Remote Desktop Services is a server role that consists of several role services. In Windows Server 2008 R2, Remote Desktop Services consists of the following role services:

   RD Session Host: Remote Desktop Session Host (RD Session Host), formerly Terminal Server, enables a server to host Windows-based programs or the full Windows desktop. Users can connect to an RD Session Host server to run programs, to save files, and to use network resources on that server.

   RD Web Access: Remote Desktop Web Access (RD Web Access), formerly TS Web Access, enables users to access RemoteApp and Desktop Connection through the Start menu on a computer that is running Windows 7 or through a Web browser.

  RemoteApp and Desktop Connection provide a customized view of RemoteApp programs and virtual desktops to users.  RD Licensing: Remote Desktop Licensing (RD Licensing), formerly TS

  Licensing, manages the Remote Desktop Services client access licenses (RDS CALs) that are required for each device or user to connect to an RD Session Host server.

  You use RD Licensing to install, issue, and track the availability of RDS CALs on a Remote Desktop license server.  RD Gateway: Remote Desktop Gateway (RD Gateway), formerly TS

  Gateway, enables authorized remote users to connect to resources on an internal corporate network, from any Internet-connected device.  RD Connection Broker: Remote Desktop Connection Broker (RD

  Connection Broker), formerly TS Session Broker, supports session load balancing and session reconnection in a load-balanced RD Session Host server farm. RD Connection Broker is also used to provide users access to RemoteApp programs and virtual desktops through RemoteApp and Desktop Connection.

  Rev. 1.0 Client 139 Internet ^{RD Session Host 1 Modem}

_Int

_{ern al RD Cl ien ts}

  Ex ^{RD ter na l RD Cl ien ts RD Se rve rs Se rvi ce s 20 Terminal Server 08 R2 PL Cs 2008 R2 InTouch Application IO Server Te rm inal Ser ver 20 RD 08 R2 P\IC A p roto cols i s u sed to vie w th e In Tou ch se ssio n RD Session Host 2 InTouch Application Terminal Server 2008 R2 RD Gateway RD Broker RD Web Access RD Web Access Service Installed RD Broker Service Installed RD Session Host Service Installed RD Gateway Service Installed Remote Desktop Services Terminal Services 2008 R2 Remote Desktop Services Terminal Services 2008 R2} Rev. 1.0 Client 139

NSTALLING EMOTE ESKTOP ERVICES

  I R D S

  Installing Remote Desktop Services is accomplished by completing the following tasks:

NSTALL EMOTE ESKTOP ERVICES OLE

  I R D S (R )

  1. To begin the installation, click Start/Administrative Tools/Server Manager (It’s assumed that a dedicated Windows 2008 R2 server has been setup).

  2. Click Roles in the left navigation pane and then click Add Roles in the right pane. The Add Roles Wizard appears.

  3. Click Next, then click Remote Desktop Services as the role to install on this server.

  Rev. 1.0 Client 139

  4. Click Next. The Remote Desktop Services wizard appears.

  5. Click Next.

  Rev. 1.0 Client 139

NSTALL PECIFIC EMOTE ESKTOP ERVICES

  I S R D S

  1. On the Select Server Roles panel, click Remote Desktop Services and then Next to select the specific services required.

  A warning message appears and recommends that any applications intended to be accessed by remote desktop users not be installed until the Remote Desktop Services role has been installed.

  2. Click Next to proceed to the authentication selection screen.

  Click Require Network Level Authentication to prevent users running on older operating systems without Network Level Authentication from accessing Remote Desktop Services. Network Level Authentication essentially performs authentication before the remote session is established.

  If less strict authentication is acceptable, or some users are running older operating systems, they do not require Network level Authentication. This option must be selected before clicking Next. The Specify Licensing Mode screen allows you to define the licensing method.

  When Configure later is selected, a 120-day grace period allows the system

  Rev. 1.0 Client 139

  to be used without providing licenses. This means you must provide licensing within 120 days. For Per Device mode, you are allowed a specified number of devices to connect to the service at any one time regardless of who the users are. The Per User option restricts access to the specified users, regardless of the device from which they are connecting.

  3. Select the Configure later option and click Next.

  Next, specify the users and groups allowed to access the RD Session Host. Users can be added and removed at any time by changing the members of the Remote Desktop Users Group. Click Add to add additional users.

  The final wizard allows you to define the user experience. This wizard essentially controls whether or not audio, video and desktop effects (such as the Aero user interface) are enabled on the users’ remote desktops. These features are not enabled by default because they consume considerable amounts of bandwidth and place an extra processing load on the RD Session Hosts.

  Rev. 1.0 Client 139

  Unless you need users to be able to stream audio (both to and from the session host) and video to the remote desktops and use the latest graphics- intensive desktop effects, it is recommended that these features remain disabled:

  4. Click Next. You see the Confirmation screen. Read any warnings carefully.

  The wizard typically recommends any currently-installed applications should be re-installed before remote access is provided to users.

  5. Click Install to begin the installation process.

  You must restart the Windows Server 2008 R2 system partway through the installation. After the reboot, be sure to log in as the same administrative user to complete the Remote Desktop Services configuration process. Once the process is complete, the Installation Results window appears (following figure).

  6. Click Close.

  Rev. 1.0 Client 139

  I N T OUCH FOR T ERMINAL S ERVICES

  InTouch for Terminal Services allows you to leverage the benefits of Windows 2008 Terminal Services in an industrial environment. With Terminal Services, InTouch processing is moved completely off the operator's workstation and onto a centralized server.

  I T T S ? InTouch for Terminal Services allows InTouch to run in a multi-user environment.

  HY N OUCH FOR ERMINAL ERVICES W

  For organizations wanting to increase flexibility in process visualization and to control operator workstation management costs, the InTouch for Terminal Services architecture offers an important enhancement to the traditional two- or three-tier client-server architecture.

  I T

  ERMINAL ERVICES ENEFITS FOR N OUCH T S B

  Beyond cost and scalability improvements, InTouch for Terminal Services also provides many technological advantages. For example, you can remotely control an InTouch application for quick troubleshooting and operator training. Using Microsoft's new Remote Desktop Gateway (RD Gateway) you can view your process over the web for a super-thin client, full InTouch experience. You can also provide roaming operators with real-time information and control by using wireless Ethernet.

  Lastly, using InTouch for Terminal Services with Windows CE and Mobile provides a full desktop experience on hardware that would otherwise be unable to support such operating systems. Windows CE and Mobile clients are generally dedicated purpose devices. Due to InTouch licensing and hardware requirements, full-featured HMI functionality has not been available for Windows CE and Mobile applications. InTouch for Terminal Services fully supports very thin hardware ‟ hardware with fewer components than a desktop computer. Not only are these clients less likely to fail, they can be replaced, which reduces the overall MTTR (mean time to repair).

  Rev. 1.0 Client 139

  Centralized InTouch Management By running InTouch applications on a terminal server, you only need one InTouch runtime program to be installed. Service packs, upgrades, and other related maintenance requirements are also done only once ‟ on the terminal server. All operators are ensured that they are using the current version of InTouch.

  Accordingly, the costs and challenges of updating workstation machines, especially for remote workstations, are significantly reduced. You can also reduce labor costs associated with software maintenance since only one computer (configured as a terminal server) requires InTouch and its applications to be installed. New operator interfaces can be Windows-based Terminals or other thin client computers.

  Beyond viewing the process, you can also remotely modify applications by connecting to the terminal server-based WindowMaker. Maintaining the same application version among different repositories is no longer necessary. WindowMaker does not currently support multiple users. Note: Only one person can edit an application at any one time. If another person launches WindowMaker for the same application at the same time, it may become corrupt and/or unpredictable machine operation may result.  Reduced Hardware Costs Terminal Services Clients (RDP Client) run on the following Microsoft platforms  Windows XP SP3  Vista SP2  Windows 7  RDP clients are also available for Windows CE and Windows Mobile. With the integration of InTouch and Terminal Services, you can deploy the latest applications in a fully server-centric mode. By removing the processing and data storage tasks from the client machine, you can greatly extend the life of your existing hardware. In some cases, the need to replace may not occur until the computer physically breaks down.

  Rev. 1.0 Client 139

  InTouch for Terminal Services and 3rd party industrial panel displays can also provide an economical alternative for process visualization in harsh environments. The increased cooling requirements and stronger construction typically make industrial panel displays more expensive than their desktop counterparts. With Terminal Services, industrial hardware costs are reduced because you no longer need high-powered processors, extra memory, floppy or CD-ROM drives. Many industrial panel displays now provide the ability to boot and connect to a terminal server from memory, and therefore do not require the added expense of a hard drive. The lack of moving parts also extends the life of hardware. If you need more robust hardware to replace the control panels, you can install industrial-grade computers. These machines only require the minimum components to run the emulation software, and therefore, can be purchased at a significantly reduced price.

  Remote Access Operators and other end-users gain access to a terminal server over any Transmission Control Protocol/Internet Protocol (TCP/IP) connection, including Remote Access, Ethernet, the Internet, wireless, wide area network (WAN), or virtual private network (VPN).

  Due to the reduced bandwidth requirements of the RDP/ICA protocol, Terminal Services extends the capabilities of InTouch to users who would otherwise be unable to access Wonderware applications.

  Wireless networks have traditionally been unable to support the large amount of process information for real-time monitoring and control. With InTouch for Terminal Services, applications can run with the same response time and performance as their counterparts that are directly connected to the local area network (LAN). You can therefore support real-time monitoring and control for their mobile operators. The client terminals need only the emulation software to connect to the terminal server. You can then simply launch WindowViewer to monitor the operation of choice.

  

  

  Rev. 1.0 Client 139

  Internet Access Using Microsoft's new RD Gateway (introduced in Windows Server 2008), remote users can access a terminal server over the Internet. A Remote Desktop Gateway (RD Gateway) server is a type of gateway that enables authorized users to connect to remote computers on a corporate network from any computer with an Internet connection. RD Gateway is based on the RDP feature set. RD Gateway uses the Remote Desktop Protocol (RDP) along with the HTTPS protocol to help create a secure, encrypted connection.

  In earlier versions of Remote Desktop Connection, people couldn't connect to remote computers across firewalls and network address translators because port 3389†the port used for Remote Desktop connections†is typically blocked to enhance network security. However, an RD Gateway server uses port 443, which transmits data through a Secure Sockets Layer (SSL) tunnel. The RD Gateway server provides these benefits:  Enables Remote Desktop connections to a corporate network from the Internet without having to set up virtual private network (VPN) connections.

   Enables connections to remote computers across firewalls.  Allows you to share a network connection with other programs running on your computer. This enables you to use your ISP connection instead of your corporate network to send and receive data over the remote connection.

  You can therefore support real-time monitoring and control for their mobile operators with either the Terminal Services Client software or by simply launching a web browser and connecting to remote computers on a corporate network, from any computer with an Internet connection .

  Rev. 1.0 Client 139

  Network Load Balancing (NLB) and Availability with Terminal Services NLB distributes traffic across several servers by using the TCP/IP networking protocol. You can use NLB with a terminal server farm to scale the performance of a single terminal server by distributing sessions across multiple servers. Remote Desktop Connection Broker (RD Connection Broker), formerly Terminal Services Session Broker (TS Session Broker), included in Windows Server® 2008 Standard, Windows Server 2008 Enterprise, and Windows Server 2008 Datacenter, keeps track of disconnected sessions on the terminal server farm, and ensures that users are reconnected to those sessions.

  Additionally, RD Connection Broker enables you to load balance sessions between terminal servers in a farm. This functionality is provided by the RD Connection Broker Load Balancing feature. However, this session-based load balancing feature requires a front-end load balancing mechanism to distribute the initial connection requests to the terminal server farm. You can use a load balancing mechanism such as DNS round robin, NLB or a hardware load balancer to distribute the initial connection requests. By deploying NLB together with RD Connection Broker Load Balancing, you can take advantage of both the network-based load balancing and failed server detection of NLB, and the session-based load balancing and per server limit on the number of pending logon requests that is available with RD Connection Broker Load Balancing.

  Rev. 1.0 Client 139 EMOTE ONTROL R C

  Remote Control is a Terminal Services feature that provides the ability to take control of another workstation in the event of a client hardware failure. Remote Control also provides an easy way to train operators and monitor operations without being physically next to the terminal.

  You can therefore be confident that even though failures may occur, their impact on production will be a minimum. Remote Control enables a workstation to immediately take over another that has failed. By adding a second server and installing Network Load Balancing, all the sessions are protected. _{Terminal Services for InTouch Terminal Services for InTouch}

  Benefits Benefits _{Load Balancing (NLB) Manage Network Application InTouch InTouch Applications Remote Access To InTouch Applications Web Access To} and Availability _{Terminal Server RD Session Host 1 2008 R2 IO Server Application InTouch Centralized InTouch RD P\IC Balancing (NLB) and RD A p roto Availability RD Web Access RD Broker Manage Network Load rs RD Session Host 2 Terminal Server 2008 R2} Application Management _{Te rmina Se 20 rve rve l Se 08 R2 r PLC s} cols _{is u sed RD Gateway to vie Modem w th s e In Tou ch s ess ion ien ts Internet RD Se 2008 rvi R2 ce}

_Int

_ern

_{al RD} Cl _{Ex ter na l RD Cl ien ts}

  Note: Wonderware strongly recommends that you consult a Microsoft professional and perform adequate testing before deploying load balancing into your production environment.

  Rev. 1.0 Client 139 ETTING TARTED WITH N OUCH FOR ERMINAL ERVICES G S

  I T T S NDERSTANDING N OUCH FOR ERMINAL ERVICES U

  I T T S

  InTouch for Terminal Services is a variation of the regular InTouch version and is intended for computers running server versions of Windows with Terminal Services enabled. You can use InTouch for Terminal Services to run InTouch on one central server and supply InTouch functionality to multiple client computers without imposing any further software or hardware requirements on the client computers. In this environment, the hardware and software requirements for the server are relatively high and those for the clients relatively low. This results in lower total cost of ownership (TCO) and lower ongoing operating expenses.

  EY OINTS K P

  InTouch for Terminal Services uses the Remote Desktop Protocol (RDP) to

  „ communicate between clients and the InTouch Terminal Server.

  Each client computer runs an individual InTouch session on the Terminal

  „ Server without interacting with other client sessions.

  You can run an application that is developed for standard InTouch with

  „ InTouch for Terminal Services. No application changes are necessary. „ You can use the Distributed Alarm system with InTouch for Terminal

  Services. Using the alarm client, you can select the alarm data and how to show it from WindowViewer for each Terminal Services session.  When an alarm is acknowledged in a Terminal Services environment, the

  Operator Node that gets recorded is the name of the client computer where the respective operator established the Terminal Services session.  In a typical Terminal Services architecture, application development, deployment, and client visualization are placed on separate computers.

   It is recommended that you deploy a SINGLE Engine to the Remote Desktop Server, even if it is hosting different InTouch applications.  You must deploy each InTouch application to the server running InTouch for Terminal Services.  You run each managed InTouch application in a separate terminal services client session.

  Rev. 1.0 Client 139 R UNNING

  I N T OUCH A PPLICATIONS IN A T ERMINAL S ERVICES E NVIRONMENT

  You can run InTouch applications in Terminal Services Environment in the following ways.

  I T T S ONDERWARE

  TANDALONE N OUCH FOR ERMINAL ERVICES CONFIGURATION CREATED USING S

  INDOW AKER W W M .

  These are tag-based applications, contain no ArchestrA Graphic Symbols, and are not deployed. Client nodes running a Standalone application do not require an Application Server Platform. InTouch for Terminal Services is a variation of the regular InTouch version and is intended for computers running server versions of Windows with Terminal Services enabled. You can use InTouch for Terminal Services to run InTouch on one central server and supply InTouch functionality to multiple client computers without imposing any further software or hardware requirements on the client computers. In this environment, the hardware and software requirements for the server are relatively high and those for the clients relatively low. We highly recommend the use of Network Application Distribution (NAD) when running standalone InTouch applications in a Terminal Services environment.

  Note: Configure NAD in Node Properties for each user that connects to InTouch for Terminal Services.

  I T A T S

  UNNING A ANAGED N OUCH PPLICATION WITH ERMINAL ERVICES R M

  A Managed InTouch Application is an application that is created, edited and managed in the IDE and deployed to a Platform with a View Engine. Managed Applications can access Galaxy data as well as tag data and can contain ArchestrA Graphics. This is the recommended method for running an InTouch for Terminal Services environment in version 10.x.

  You can run managed InTouch applications in a Terminal Services environment. The benefit of using Terminal Services is that it allows you to run multiple, autonomous InTouch applications simultaneously on a Terminal Server.

  Rev. 1.0 Client 139

  Best Practice: This is the recommended mode for Server 2008 R2 RDS implementation, even if the InTouch application is a Tag-Based application. Each client session manages its own instance of the application under \UserName\Application Data\ArchestrA\Managed App.

  Rev. 1.0 Client 139 UNNING A UBLISHED N OUCH PPLICATION WITH ERMINAL ERVICES R P

  

I T A T S

  are traditional InTouch for Terminal Services configurations, but are created and managed using the IDE and can include ArchestrA Graphic Symbols. Published applications are published, not deployed, and the client nodes running the published applications do not require an Application Server Platform. Note: Seat the end of this document for complete details. _{Terminal Services Environment InTouch Applications InTouch Applications Terminal Services Environment Published InTouch Application Running on RD Session Host Managed InTouch Application Running RD Session Host 1} InTouch _Application

  on RD Session Host Terminal Server _{Running InTouch RD Web Access 2008 R2}

_{RD Broker}

_`

_{IO Server Application InTouch Standalone InTouch Applications Running on RD Session Host PLC s RD P\IC A p roto cols}

_{On TS Clients RD Session Host 2}

Viewer _{is u sed to RD Gateway vie w t s Modem Terminal Server 2008 R2 RD Te 2008 Se rm inal rve rver Se rs R2 he In Tou RD ch se ssio n}

_Int

_ern

_{al RD Cl ien ts Internet Se 200 rvi 8 R} ce _{2 Ex ter na l RD Cl ien} ts YPES OF N OUCH FOR ERMINAL ERVICES T

  I T T S