Documentation Center

  • Trial Software
  • Product Updates

Set Up for OPC Toolbox Software

Preparation Introduction

Before you can communicate with OPC servers on your network, you need to prepare your workstation (and possibly the OPC server host computer) to use the technologies on which OPC Toolbox™ software is built. These technologies, described in About OPC, allow you to browse for and connect to OPC servers on your network, and allow those OPC servers to interact with your MATLAB® session using OPC Toolbox software.

The specific steps are described in the following sections.

Install the OPC Foundation Core Components

The OPC Foundation has provided a set of tools for browsing other computers on your network for OPC servers, and for communicating with the OPC servers. These tools are called the OPC Foundation Core Components, and are shipped with OPC Toolbox software.

To install the OPC Foundation Core Components, you use the opcregister function. You can also use the opcregister function to remove or repair the OPC Foundation Core Components installation.

Installing, repairing, and removing the OPC Foundation Core Components follows the same steps:

  1. If you are repairing or removing the OPC Foundation Core Components, make sure that you do not have any OPC Toolbox objects in memory. Use the opcreset function to clear all objects from memory.

    opcreset;
  2. Run opcregister with the action you would like to perform. If you do not supply an option, the function assumes that you want to install the components. Otherwise, use 'repair' to repair an installation (reinstall the files), or 'remove' to remove the components.

    opcregister('install')
  3. You will be prompted to type Yes to confirm the action you want to perform. You must type Yes exactly as shown, without any quotes. This confirmation question is used to ensure that you acknowledge the action that is about to take place.

  4. The OPC Foundation Core Components will be installed, repaired, or removed from your system.

  5. If you receive a warning about having to reboot your computer, you must quit MATLAB and restart your computer for the changes to take effect.

Configure DCOM

DCOM is a client-server based architecture for enabling communication between two applications running on distributed computers. The OPC DA and HDA specifications utilize DCOM for communication between the OPC client (for example, OPC Toolbox software) and the OPC server. To successfully use DCOM, those two computers must share a common security configuration so that the two applications are granted the necessary rights to communicate with each other.

To connect successfully to OPC Servers using OPC Toolbox, you must configure DCOM permissions between the client computer (on which MATLAB is installed) and the server computer (running the OPC Server). This section describes two typical DCOM configuration options for OPC Toolbox software. Other DCOM options might provide sufficient permissions for the toolbox to work with an OPC server; the options described here are known to work with tested vendors' OPC servers.

There are two configuration types described in this section:

  • Configure DCOM to Use Named User Security describes how to provide security between the client and server negotiated on a dedicated named user basis. You do not have to be logged in as the named user in order to use this mechanism; all communications between the client and the server are performed using the dedicated named user, independently of the user making the OPC requests. However, the identity used to run the OPC server must be available on the client machine, and the password of that identity must match on both machines.

  • Configure DCOM to Use No Security describes a configuration that provides no security between the client and server. Use this option only if you are connecting to an OPC server on a dedicated, private network. This configuration option has been known to cause some Microsoft® Windows® services to fail, and to leave the computer vulnerable to malicious intrusion from other network users.

You should use the named user configuration, unless your system administrator indicates that no security is required for OPC access.

    Caution   If your OPC server software comes with DCOM setup guidelines, you should first attempt to follow the instructions provided by the OPC server vendor. The guidelines provided in this section are generic and may not suit your specific network and security model.

    Note   The following instructions apply to the Microsoft Windows 7 operating system with Service Pack 1. Users of other Microsoft Windows operating systems should be able to adapt these instructions to configure DCOM on their systems.

Configure DCOM to Use Named User Security

To configure DCOM to use named user security, you will have to ensure that both the server machine and client machine have a common user who is granted DCOM access rights on both the server and client machines. You should consult the following sections for information on configuring each machine:

OPC Server Machine Configuration.  On the machines hosting the OPC servers, perform the following steps:

  1. Create a new local user. (You can also create a domain user if the server and client machines are part of the same domain.) The name used in these instructions is opc (displayed as OPC Server in dialogs boxes), but you can choose any name, as long as you remain consistent throughout these instructions.

  2. Select Start > Control Panel. Double-click Administrative Tools and then double-click Component Services. The Component Services dialog appears.

  3. Browse to Component Services > Computers > My Computer > DCOM Config.

  4. Locate your OPC server in the DCOM Config list. The example below shows the Matrikon™ OPC Server for Simulation.

  5. Right-click the OPC server object, and choose Properties.

  6. In the General tab, ensure that the Authentication Level is set to Default or to Connect.

  7. In the Security tab, choose Customize for the Launch and Activation Permissions, then click Edit. Ensure that the opc user is granted local Launch and Activation permissions.

    Click OK to dismiss the Local Launch and Activation Permissions dialog box.

  8. In the Security tab, choose Customize for the Access Permissions, then click Edit. Ensure that the opc user is granted local Access permissions.

    Click OK to dismiss the Local Launch and Activation Permissions dialog box.

  9. In the Identity tab, select This user and type the name and password for the opc user (created in step 1).

  10. If the OPC server runs as a service, make sure that the service runs as the opc user (created in step 1) and not as the system account. Consult your system administrator for information on how to configure a service to run as a specific user.

  11. Repeat steps 4 through 10 for each of the servers you want to connect to.

Client Machine Configuration.  On the machine(s) that will be running MATLAB and OPC Toolbox software, perform the following steps:

  1. On the client machine(s), create the identical local user with the same name and password permissions as you set up in step 1 of OPC Server Machine Configuration.

  2. Select Start > Control Panel. Double-click Administrative Tools and then double-click Component Services. The Component Services dialog appears.

  3. Browse to Component Services > Computers > My Computer. Right-click My Computer and select Properties.

  4. Click the Default Properties tab, and ensure that:

    • Enable Distributed COM is checked

    • Default Authentication Level is set to Connect

    • Default Impersonation Level is set to Identify

  5. Click the COM Security tab.

  6. For the Access Permissions, click Edit Default and ensure that the opc user is included in the Default Security list, and is granted both Local Access and Remote Access permissions.

    Click OK to close the Default Access Permissions dialog box.

  7. Still under Access Permission", click Edit Limits and ensure that the opc user is included in the Security Limits list, and is granted both Local Access and Remote Access permissions.

    Click OK to close the Security Limits dialog box.

  8. For the Launch and Activation permissions, click Edit Default and ensure that the opc user is included in the Default Security list, and is granted all rights (Local Launch, Remote Launch, Local Activation, and Remote Activation).

    Click OK to close the Default Access Permissions dialog box.

  9. Still under Launch and Activation Permission, click Edit Limits and ensure that the opc user is included in the Security Limits list, and is granted all rights (Local Launch, Remote Launch, Local Activation, and Remote Activation).

    Click OK to close the Security Limits dialog.

  10. Click OK. A dialog warns you that you are modifying machine-wide DCOM settings.

    Click Yes to accept the changes.

Your local client machine and server applications are now configured to use the same username when the server attempts to establish a connection back to the client.

Configure DCOM to Use No Security

    Caution   You should not use this option if you are not in a completely trusted network. Turning off DCOM security means that any user on the network can launch any COM object on your local machine. Consult your network administrator before following these instructions.

You must complete the following steps on both the client and server machines.

  1. Ensure that the Guest user account is enabled. (The Guest account is disabled by default on Windows 7 machines). Consult your system administrator for information on how to enable the Guest account.

  2. Select Start > Control Panel. Double-click Administrative Tools and then double-click Component Services. The Component Services dialog appears.

  3. Browse to Component Services > Computers > My Computer. Right-click My Computer and select Properties.

  4. In the Default Properties tab, make sure that Enable Distributed COM On This Computer is selected. Select None as the Default Authentication Level, and Anonymous as the Default Impersonation Level.

  5. In the COM Security tab, select Edit Limits from the Access Permissions and ensure that Everyone and ANONYMOUS LOGON are both granted Local Access and Remote Access.

  6. In the COM Security tab, select Edit Limits from the Launch and Activation Permissions and ensure that Everyone and ANONYMOUS LOGON are both granted Local and Remote permissions (Local Launch, Remote Launch, Local Activation and Remote Activation).

Both the client and the server are now configured so that anybody can access any COM object on either machine.

    Caution   This configuration is potentially dangerous in terms of security, and is recommended for debugging purposes only.

Install the Matrikon OPC Simulation Server

All examples in this guide and in the OPC Toolbox online help make use of a Matrikon simulation server that you can download free of charge from:

http://www.matrikonopc.com

    Note   You do not have to install the Matrikon OPC Simulation Server to enable any functionality of OPC Toolbox software. The Simulation Server is used here only for showing examples of the capabilities and syntax of OPC Toolbox commands, and for providing fully working example code.

To install the Matrikon OPC Simulation Server, follow the installation instructions with the software. When prompted for a server ID, use the standard server ID assigned to the Simulation Server ('Matrikon.OPC.Simulation').

Was this topic helpful?