Simatic Logon
7 Minute Read
Article to figure out what to order for Simatic Logon and how to get going quickly. Video tutorial link at end.
To work in a network with Windows operating system, the computers must belong to a workgroup or domain. The main difference between these two user administrations is the central distribution of resources, such as access to directories, printers, or Internet access, and the ability to manage the security settings of execution rights, access information, or group policies.
In a domain, the domain controller is a server on which the central headquarters for security and privileges of all user-profiles and computer accounts of the domain are maintained.
Simatic Logon in this link between Active Directory controlled by the domain and a WinCC runtime system in the many forms. Ultimately this is a tool that helps simplify the validation of plants in conformity to FDA 21 CFR Part 11.
Users have to be created one time in windows environment and also the existing domain or workgroup users could be used Logging the following events:
User Logon/Logoff
User authentication
Changing password
Electronic signature
There are two main SIMATIC Logon (SL) Licenses:
SIMATIC Logon V1.6, software Single license for 1 installation R-SW, SW and documentation on CD, License key on USB flash drive, Class A, 7 languages (de,en, fr,it, sp,jp, ch), executable in Windows 7 Ultimate Windows 10 Enterprise LTSB Server 2012 R2 Reference HW: PC/PG Reference HW: PC/PG ******************************* Content: Set (1x DVD + 1x USB)
SIMATIC Logon, software Remote Access for 3 clients, (WinCC flexible from 2007 or WinCC TIA Portal), Single license for 1 installation E-SW, without SW, without documentation License key on USB flash drive, Class A, Reference HW: PC/PG ******************************* Content: 1x USB
**alternative 10 qty available too
Example Network Diagram for Simatic Logon Configuration on Comfort Panel
The Alarm buffer of the Comfort Panel, for example, can display connection information for SIMATIC Logon using the System Events being visible in the Alarm buffer. Using HMI Options + you can see in the alarm display that the system events report successful connection to the Simatic Logon server.
No. 260039 System event code generated by Comfort Panel showing successful access to Simatic Logon services
Configuration of the Simatic Logon services and User Administration is linked in settings within TIA Portal. Encryption is available and an example of required settings is also posted on SIOS website. The following doesn't involve the configuration of these services but the following link has an FAQ about how to implement the settings.
Runtime Settings of the panel allows for the configuration of Simatic Logon services in the Comfort panel
Here's the true squeeze, Do not rely on any group name for your policy enforcement that is already existing in a windows environment. For example, you cannot use the group name "Users". This already exists in windows for every account that is available, and the Simatic Logon can only enforce one user group at a time. Create Custom user groups, and interlace them with the same user groups available in the TIA Portal configuration. Also, provide yourself a way out in case the Simatic Logon services aren't properly connected or functioning. This is often referred to as an Emergency Logon user. In the SIOS application example below there are specific details on configuring Simatic Logon services for a comfort panel among other WinCC platforms.
Configuring users in TIA Portal with correct naming that matches in Active Directory, be sure not to forget the Emergency Local account
Active Directory containing the same users and group assignments as in the TIA Portal configuration
If you install SIMATIC Logon on the Plant Domain Computer then a “Logon_Administrator” group is created automatically. If you do not install SIMATIC Logon on the Domain you need to create the group. The users that will be authorized to configure SIMATIC Logon need to be added as members.
Assign administrative rights to access and configure Simatic Logon
Run the Simatic Logon Configuration as an administrator, and login using the user credentials same as current users login. Default users and Default groups do not have to be a windows group or user. The user must be a member of Logon_Administrator to function correctly.
Launch the interface with "Run as administrator"
For server, and where it gets the user information, Simatic Logon Server allows for connection to the working environment in two distinct ways. This computer or a work domain as the setting allows the computer to connect directly to the Domain controller or the local "computers and users" that use the active directory. As an alternative any computer on the network can be selected using "another computer"; this could include a system that doesn't implement an active directory but chooses to drive it with a workgroup instead.
Used for recording SIMATIC logon events. Options include filtering events of certain criteria, applying comments, and exporting the log as a .CSV, .PDF, .XML