您好,欢迎访问联智博库

上传文档

当前位置:首页 > 工控技术 > PLC > FactoryTalk Security System Configuration Guide

FactoryTalk Security System Configuration Guide

  • 小库
  • 14 人阅读
  • 0 人下载
  • 2019-02-20 11:07:22

还剩... 页未读,继续阅读

免费阅读已结束,点击付费阅读剩下 ...

¥ 0 元,已有14人购买

免费阅读

阅读已结束,您可以下载文档离线阅读

¥ 1 元,已有0人下载

付费下载

文档部分内容文本提取

SYSTEMCONFIGURATIONGUIDE PUBLICATION FTSEC-QS001D-EN-E–November 2011 Supersedes Publication FTSEC-QS001C-EN-EINTEGRATED PRODUCTION &PERFORMANCE SUITESecurityFTAE-RM001A-EN-E:Layout 1 4/28/08 4:51 PM Page 1Contact RockwellCustomer Support Telephone — 1.440.646.3434Online Support — http://support.rockwellautomation.comCopyright Notice© 2011 Rockwell Automation, Inc. All rights reserved. Printed in USA.This document and any accompanying Rockwell Software products are copyrighted by Rockwell Automation, Inc. Any reproduction and/or distribution without prior written consent from Rockwell Automation, Inc. is strictly prohibited. Please refer to the license agreement for details.Trademark NoticesAllen-Bradley, Arena, ControlLogix, Data Highway Plus, DH+, Data Highway II, Datapac, Emonitor, Enlab, Enlube, Enpac, Enshare, Entek, Entrx, Enwatch, eProcedure, FactoryTalk, GuardLogix, GuardPLC, Logix5000, Logix5550, MicroLogix, MobileView, MobileView Guard, MotorMonitor, PanelBuilder, PanelView, PhaseManager, PlantLink, PLC-2, PLC-3, PLC-5, Powermonitor, ProcessLogix, Propack Data, Rockwell, Rockwell Automation, Rockwell Software, RSAssetSecurity, RSBizWare, RSBizWare BatchCampaign, RSBizWare BatchHistorian, RSBizWare Coordinator, RSBizWare Historian, RSBizWare MaterialTrack, RSBizWare PlantMetrics, RSBizWare Scheduler, RSBizWare Tracker, RSEnergyMetrix, RSLinx, RSLogix, RSLoop Optimizer, RSNetWorx, RSNetWorx for ControlNet, RSNetWorx for DeviceNet, RS PMX, RSPower, RSSql, RSTune, RSView, RSView Administration Console, SIMAN, SLC, SoftLogix, VersaView, WINtelligent, and XM are trademarks of Rockwell Automation, Inc. Any Rockwell Automation software or hardware not mentioned here is also a trademark, registered or otherwise, of Rockwell Automation, Inc.Other TrademarksActiveX, Microsoft, Microsoft Access, SQL Server, Visual Basic, Visual C++, Visual SourceSafe, Windows, Windows ME, Windows NT, Windows 2000, Windows Server-, Windows XP, Windows 7, and Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.Adobe, Acrobat, and Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.Oracle is a registered trademarks of Oracle Corporation.ControlNet is a registered trademark of ControlNet International.DeviceNet is a trademark of the Open DeviceNet Vendor Association, Inc. (ODVA)All other trademarks are the property of their respective holders and are hereby acknowledged.WarrantyThis product is warranted in accordance with the product license. The product’s performance may be affected by system configuration, the application being performed, operator control, maintenance, and other related factors. Rockwell Automation is not responsible for these intervening factors. The instructions in this document do not cover all the details or variations in the equipment, procedure, or process described, nor do they provide directions for meeting every possible contingency during installation, operation, or maintenance. This product’s implementation may vary among users.This document is current as of the time of release of the product; however, the accompanying software may have changed since the release. Rockwell Automation, Inc. reserves the right to change any information contained in this document or the software at anytime without prior notice. It is your responsibility to obtain the most current information available from Rockwell when installing or using this product.Version: 2.50 (CPR 9 SR 5)Modified: November 2, 2011 9:06 amPrefaceAbout this publication xiRequired software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiRequired hardware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiAdditional resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiChapter 1FactoryTalk Security overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Understanding automation security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1What problem does FactoryTalk Security solve?. . . . . . . . . . . . . . . . . . . . . 2How does FactoryTalk Security protect the application layer? . . . . . . . . . 2Where to start. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Chapter 2Plan your system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5About the FactoryTalk system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5The FactoryTalk Services Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 5The FactoryTalk Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Two directories on each computer. . . . . . . . . . . . . . . . . . . . . . . . . . . 6Examples of FactoryTalk systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Example: Stand-alone system on a single computer. . . . . . . . . . . . . . . . 6Example: Distributed system on a network. . . . . . . . . . . . . . . . . . . . . . 7Chapter 3Install and activate FactoryTalk software. . . . . . . . . . . . . . . . . . . . . . . . 9Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9What you need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Follow these steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Install FactoryTalk-enabled software. . . . . . . . . . . . . . . . . . . . . . . . . . . 12Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Chapter 4Getting started with FactoryTalk Security . . . . . . . . . . . . . . . . . . . . . . 19Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19What you need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Follow these steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20ContentsFactoryTalk Security System Configuration Guide• • • • •ivOpening FactoryTalk Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Log on to FactoryTalk using an administrator account . . . . . . . . . . . . . 21The FactoryTalk Administration Console. . . . . . . . . . . . . . . . . . . . . . . . . 21The Explorer window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Action groups (System folder). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Policies (System folder). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Computers and groups (System folder). . . . . . . . . . . . . . . . . . . . . . . . . . 25Networks and devices (System folder) . . . . . . . . . . . . . . . . . . . . . . . . . . 26Users and groups (System folder) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Specify the Network Directory location . . . . . . . . . . . . . . . . . . . . . . . . . 27Run the FactoryTalk Directory Server Location Utility . . . . . . . . . . . . . 27Point client computers to the Network Directory Server computer. . . . . 27Log on to FactoryTalk using a Windows Administrator account . . . . . . . . . . 28Security settings are separate in the Network and Local Directory . . . . . . . 29FactoryTalk Directory Configuration Wizard. . . . . . . . . . . . . . . . . . . . 30Securing the actions users can perform . . . . . . . . . . . . . . . . . . . . . . . . . 30Action groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Default securable actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Common actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Tag actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34User action groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Tightening security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35On a new system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35On an upgraded system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Logging on and off with single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . 39Setting up single sign-on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Two ways to log on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Logging on as administrator with single sign-on. . . . . . . . . . . . . . . . . . 42Two ways to log off. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42When to disable single sign-on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Chapter 5Creating user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45What you need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Contents• • • • •vFollow these steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46FactoryTalk user accounts and Windows-linked user accounts . . . . . . . . . . 46Planning your accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Where to start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Scenario for securing parts of a system . . . . . . . . . . . . . . . . . . . . . . . . . 48Create a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Create a user group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Chapter 6Assigning permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55What you need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Follow these steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Allow and deny permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Understanding “inheritance” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Order of precedence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Categories of permissions for actions. . . . . . . . . . . . . . . . . . . . . . . . . . . 59Assigning permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Viewing permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Understanding effective permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Creating action groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Create the action groups for our example scenario . . . . . . . . . . . . . . . 63Working with action groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Chapter 7Setting up system-wide policies and product policies. . . . . . . . . . . . . . . 67Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68What you need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Follow these steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68System-wide policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Assigning system policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Product policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Product policies and inheritance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71How are product policies and actions different?. . . . . . . . . . . . . . . . . . . . 71

小库

92篇文档

文档介绍: FactoryTalk Security System Configuration Guide

评论

发表评论
< /254 > 付费下载 ¥ 1 元

Powered by DS文库

Copyright © 联智博库 All Rights Reserved. 鲁ICP备18004091号-4
×
保存成功