Using OPC via DCOM with
Microsoft Windows XP
Service Pack 2
F O U N D A T I O N
Version 1.10
© 2004-2006 OPC Foundation, Inc. -1- All Rights Reserved
Abstract
The major goal of Windows XP Service Pack 2 is to reduce common available
scenarios for malicious attack on Windows XP. The Service Pack will reduce the
effect of most common attacks in four ways:
1. Improvement in shielding Windows XP from the network
a. RPC and DCOM communication enhancements
b. Enhancements to the internal Windows firewall
2. Enhanced memory protection
3. Safer handling of e-mail
4. Internet Explorer security enhancements.
Most OPC Clients and Servers use DCOM to communicate over a network and
thus will be impacted due to the changes in Service Pack 2. When Service Pack
2 is installed with its default configuration settings, OPC communication via
DCOM will cease to work. This paper describes the settings necessary to restore
OPC communication when using XP Service Pack 2 (SP2).
SP2 includes many changes and security enhancements, two of which directly
impact OPC via DCOM. First new DCOM limit settings have been added.
Secondly the software firewall included with XP has been greatly enhanced and
is turned on by default.
Since the callback mechanism used by OPC essentially turns the OPC Client into
a DCOM Server and the OPC Server into a DCOM Client, the instructions
provided here must be followed on all nodes that contain either OPC Servers or
OPC Clients.
Note: OPC communication that is confined to a single machine (using COM, but
not DCOM) will continue to work properly after installing XP SP2 without
following the instructions in this white paper.
Windows Firewall
The Windows Firewall allows traffic across the network interface when initiated
locally, but by default stops any incoming “unsolicited” traffic. However, this
firewall is “exception” based, meaning that the administrator can specify
applications and ports that are exceptions to the rule and can respond to
unsolicited requests.
The firewall exceptions can be specified at two main levels, the application level
and the port and protocol level. The application level is where you specify which
applications are able to respond to unsolicited requests and the port and protocol
level is where you can specify the firewall to allow or disallow traffic on a specific
port for either TCP or UDP traffic. To make any OPC client/server application
work via DCOM, changes need to be made on both levels.
评论1