Añadir a la recogida (s) Añadir a salvo
  1. Ninguna Categoria
Subido por enzocapasa51

49368181 WinCC virtualization v2 en

Anuncio 
WinCC Virtualization
WinCC V7.4 SP1 / WinCC Professional V15
https://support.industry.siemens.com/cs/ww/en/view/49368181
Siemens
Industry
Online
Support
Warranty and Liability
Warranty and Liability
ã Siemens AG 2018 All rights reserved
Note
The Application Examples are not binding and do not claim to be complete with regard to
configuration, equipment or any contingencies. The Application Examples do not
represent customer-specific solutions. They are only intended to provide support for
typical applications. You are responsible for the correct operation of the described
products. This Application Example does not relieve you of the responsibility of safely and
professionally using, installing, operating and servicing equipment. When using this
Application Example, you recognize that we cannot be made liable for any damage/claims
beyond the liability clause described. We reserve the right to make changes to this
Application Example at any time and without prior notice. If there are any deviations
between the recommendations provided in this Application Example and other Siemens
publications – e. g. catalogs – the contents of the other documents shall have priority.
We do not accept any liability for the information contained in this document.
Any claims against us – based on whatever legal reason – resulting from the use of
the examples, information, programs, engineering and performance data etc.,
described in this Application Example shall be excluded. Such an exclusion shall
not apply in the case of mandatory liability, e.g. under the German Product Liability
Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life,
body or health, guarantee for the quality of a product, fraudulent concealment of a
deficiency or breach of fundamental contractual obligations (“wesentliche
Vertragspflichten”). The compensation for damages due to a breach of a
fundamental contractual obligation is, however, limited to the foreseeable damage,
typical for the type of contract, except in the event of intent or gross negligence or
injury to life, body or health. The above provisions do not imply a change of the
burden of proof to your detriment.
Any form of duplication or distribution of these Application Examples or excerpts
hereof is prohibited without the expressed consent of Siemens AG.
Security
information
Siemens provides products and solutions with Industrial Security functions that support
the secure operation of plants, systems, machines and networks.
To protect plants, systems, machines and networks against cyber threats, it is necessary
to implement (and continuously maintain) a holistic, state-of-the-art Industrial Security
concept. Products and solutions from Siemens are only one part of such a concept.
It is the customer’s responsibility to prevent unauthorized access to the customer’s plants,
systems, machines and networks. Systems, machines and components should only be
connected with the company’s network or the Internet, when and insofar as this is
required and the appropriate protective measures (for example, use of firewalls and
network segmentation) have been taken.
In addition, Siemens’ recommendations regarding appropriate protective action should be
followed. For more information on Industrial Security, visit
http://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them even
more secure. Siemens strongly recommends to carry out updates as soon as the
respective updates are available and always only to use the current product versions. Use
of product versions that are no longer supported, and failure to apply latest updates may
increase customer’s exposure to cyber threats.
In order to always be informed about product updates, subscribe to the Siemens Industrial
Security RSS Feed at http://www.siemens.com/industrialsecurity.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
2
Table of Contents
Table of Contents
Warranty and Liability .............................................................................................. 2
1
Preface ............................................................................................................ 5
1.1
1.2
2
Automation Task ............................................................................................ 6
2.1
2.2
2.3
3
Licensing with a single license ......................................................... 23
Licensing with floating licenses ........................................................ 23
Diagnostic capabilities ................................................................................. 24
ã Siemens AG 2018 All rights reserved
6.1
6.2
6.3
7
General hardware compatibility ........................................................ 15
Configuration of the host systems .................................................... 15
Configuration of guest systems ........................................................ 17
General information ......................................................................... 17
Configuration of network cards......................................................... 18
Remote access ................................................................................ 19
Communication................................................................................ 21
Name resolution .............................................................................. 21
VLANs ............................................................................................. 21
Redundancy connection between servers ........................................ 21
SIMATIC software redundancy ........................................................ 22
Licensing of SIMATIC Products ................................................................... 23
5.1
5.2
6
WinCC system architecture in virtual environment.............................. 7
What is virtualization? ........................................................................ 8
Definition ........................................................................................... 8
Server-based virtualization (type 1: native)....................................... 10
Client-based virtualization (type 2: hosted) ....................................... 10
Summary of server-based and client-based virtualization ................. 11
Advantages and disadvantages of the virtualization ......................... 12
SIMATIC Virtualization as a Service................................................. 14
Configuration ................................................................................................ 15
4.1
4.1
4.2
4.2.1
4.2.2
4.3
4.4
4.4.1
4.4.2
4.4.3
4.5
5
Introduction ....................................................................................... 6
Virtualization requirements................................................................. 6
Fields of application for virtualization.................................................. 6
Automation Solution ...................................................................................... 7
3.1
3.2
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.3
4
Purpose of the document ................................................................... 5
Validity .............................................................................................. 5
Diagnostics using VMware vSphere client ........................................ 24
Diagnostics in the virtual system ...................................................... 25
Performance problems..................................................................... 27
Further Notes, Tips and Tricks .................................................................... 28
7.1
7.2
7.3
7.3.1
7.3.2
7.3.3
7.3.4
7.3.5
7.3.6
7.3.7
7.3.8
7.3.9
WinCC Virtualization
Entry ID: 49368181, V2.0,
Pass-through (VMDirectPath IO)...................................................... 28
Managed USB HUB ......................................................................... 29
General recommendations............................................................... 30
Snapshots ....................................................................................... 30
vMotion or vMotion Storage ............................................................. 30
SDRS (Storage DRS) ...................................................................... 31
Fault Tolerance................................................................................ 31
Cloning virtual machines (VM) ......................................................... 31
VMware Tools ................................................................................. 31
Increasing performance of vnetflt.sys driver ..................................... 32
Hard drives ...................................................................................... 33
Unnecessary hardware in virtual machines ...................................... 33
08/2018
3
Table of Contents
7.3.10
7.4
7.4.1
7.4.2
7.4.3
7.4.4
Synchronizing the virtual machines .................................................. 33
Security settings .............................................................................. 34
Disabling automatic update of VMware Tools ................................... 34
Time synchronization through NTP .................................................. 35
Applying patches for ESXi ............................................................... 35
Security in general ........................................................................... 35
8
Glossary........................................................................................................ 36
9
Appendix....................................................................................................... 39
Service and Support ........................................................................ 39
Links and literature .......................................................................... 40
Change documentation .................................................................... 41
ã Siemens AG 2018 All rights reserved
9.1
9.2
9.3
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
4
1 Preface
1
Preface
1.1
Purpose of the document
This document describes the virtualization of WinCC V7 and WinCC Professional
in connection with an ESXi server. In this document you will find
1.2
·
Information on the infrastructure for the use of WinCC
·
Demonstration of special features
·
Diagnostic capabilities
Validity
ã Siemens AG 2018 All rights reserved
This document is based on the following versions
·
WinCC V7.4 SP1
·
WinCC Professional V15
·
VMware ESXi V6.0
·
VMware vSphere V6.0
General statements are also valid for other WinCC V7 and WinCC Professional
versions.
Software-dependent releases can be found in the Compatibility tool \3\
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
5
2 Automation Task
2
Automation Task
2.1
Introduction
Virtualization of servers is already of high importance in information technology. In
automation technology the advantages of virtualization shall also be achieved.
2.2
Virtualization requirements
The availability of the plant and the automation technology has the highest priority.
The same applies for plants with real computers and for plants that are operated in
a virtual environment.
For plant operation in a virtual environment, there should be no visible difference to
real computers.
2.3
Fields of application for virtualization
Depending on the area of application, different hardware and software are used for
the virtualization solutions.
ã Siemens AG 2018 All rights reserved
Application
Virtualization solution
Engineering, training and short tests
VMware Player, VMware Workstation, Windows
Virtual PC…
VMware vSphere, HyperV
Production plants
VMware vSphere, HyperV
Topics not covered by this application
This document describes the use and the approach using VMware ESXi and
VMware vSphere.
The VMware Workstation or VMware Player is not considered. These products are
not released for productive operation.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
6
3 Automation Solution
3
Automation Solution
3.1
WinCC system architecture in virtual environment
ã Siemens AG 2018 All rights reserved
Figure 3-1
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
7
3 Automation Solution
3.2
What is virtualization?
3.2.1
Definition
Virtualization is the abstraction of physical hardware from the
operating system. For this purpose, a special virtualization layer, the so-called
hypervisor, is located on a real computer.
This makes it possible to implement several virtual machines (VM) that are isolated
from each other, with their own virtual hardware components and their proprietary
operating systems on a real, physical computer (host system).
They act like real computers and can execute applications themselves.
Layout for virtualization
ã Siemens AG 2018 All rights reserved
Figure 3-2
Tasks of the hypervisor
Among other things, the hypervisor has the following tasks:
·
The hypervisor is the virtualization layer in which the VMs run.
·
The hypervisor manages the resource allocation of the real hardware to the
VMs and the execution of the VMs.
·
The hypervisor is also called VMM (Virtual Machine Manager or Monitor).
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
8
3 Automation Solution
Physical and virtual setup
ã Siemens AG 2018 All rights reserved
Figure 3-3
Variants
Basically, there are two types of virtualization, which differ in terms of configuration
and structure.
·
Server-based virtualization (type 1: native)
·
Client-based virtualization (type 2: hosted)
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
9
3 Automation Solution
3.2.2
Server-based virtualization (type 1: native)
The virtualization variant is characterized by the following characteristics:
·
The hypervisor runs directly on the hardware of the host and is more efficient.
It requires fewer resources, but has to provide all drivers.
·
No direct operation: The VMs are operated via remote clients.
·
Fields of application are data centers and production plants.
·
Examples for type 1 are "VMware ESX/ESXi" and "Hyper-V".
ã Siemens AG 2018 All rights reserved
Figure 3-4
3.2.3
Client-based virtualization (type 2: hosted)
This virtualization variant is characterized by the following characteristics:
·
The hypervisor is based on a fully-fledged operating system, e.g. Windows,
and uses the device drivers of the operating system.
·
Direct operation: The VMs are operated directly on the computer via graphics
card and monitor.
·
Areas of application are mainly engineering and short tests.
·
Examples for type 2 are "VMware Workstation and VMware Player",
"VirtualBox" or "Windwos Virtual PC".
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
10
3 Automation Solution
Figure 3-5
Note
Summary of server-based and client-based virtualization
ã Siemens AG 2018 All rights reserved
3.2.4
This document describes only type 1 with VMware ESX/ESXi.
Server-based virtualization
Type 1 native (ESXi server)
Client-based virtualization
Type 2 hosted (VMware Workstation)
·
The hypervisor runs directly on the
hardware of the host and is more
efficient. It requires fewer resources,
but has to provide all drivers.
·
The hypervisor is based on a fullyfledged operating system (e.g.
Windows) and uses the device drivers
of the operating system.
·
No direct operation:
The VMs are operated via remote
clients.
·
Direct operation:
The VMs are operated directly on the
computer via graphics card and
monitor
·
Areas of application:
Data centers and production plants
·
Areas of application:
Engineering and short tests
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
11
3 Automation Solution
3.2.5
Advantages and disadvantages of the virtualization
Table 3-1
ã Siemens AG 2018 All rights reserved
Advantages
Disadvantages
Costs
Reduction of costs
·
Consolidation of physical
computers, cables, switches,
etc.
·
Reduction of energy
consumption
·
Reduction of space
requirements less expensive
hardware can be used for
clients (so-called thin client
solutions)
Software costs for the operating
system remain.
Additional license costs for
virtualization depending on
the range of functions
Security
Increased security
·
Increased security due to
remote access and centralized
rights management
·
Reduced attack possibilities
with thin clients; central
protection on the ESXi server
for the virtual machines
Possibly increased security
expenses (additional layer,
data security)
Availability
Increased availability
·
Easy exchange of virtual
machines on ESXi server
possible
·
Flexibility
·
Increased flexibility
·
Hardware independence of the
virtual machines
·
Virtual machines with different
operating systems on one ESXi
server
·
Additional virtual machines can
be added by starting another
VMware session
·
Hardware RAID can be
configured as software RAID
(ESXi Server)
·
Securing commissioning
·
Simple recording in the event of
system failures
System complexity
·
·
WinCC Virtualization
Entry ID: 49368181, V2.0,
Danger of a "Single
Point of Failure"
Support may not come
from a single source
08/2018
Significantly increasing
system complexity
Higher administration
effort
12
3 Automation Solution
Support
If a problem occurs while operating a virtual machine, the support required for this
may become time-consuming. In this case, the responsibility must first be clarified,
as can be seen in the following diagram.
Figure 3-6
ã Siemens AG 2018 All rights reserved
Note
When using SIMATIC Virtualization as a Service (see chap. 3.3) you not only
receive pre-installed and pre-configured ESXi servers including WinCC
installations in the form of VMs, but also the service for these complete systems
from a single source.
You can use a support request to determine the power requirements of a
virtualized SIMATIC WinCC system. Further information is available in the following
FAQ: "Where do you obtain technical support for the configuration of a virtual
SIMATIC PCS 7 / WinCC System?". \4\
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
13
3 Automation Solution
3.3
SIMATIC Virtualization as a Service
SIMATIC Virtualization as a Service is a pre-configured, ready-to-use virtualization
system for implementing efficient automation solutions for SIMATIC systems.
ã Siemens AG 2018 All rights reserved
Figure 3-7
A hypervisor is installed on a powerful server that manages the hardware
resources and dynamically distributes them to the virtual machines. Central
management, configuration and maintenance of the virtual machines and the
virtualization server are carried out via a management console.
The virtual machines are equipped with SIMATIC PCS 7 or SIMATIC WinCC
installations and are preconfigured depending on the automation task (e.g. PCS 7
ES/Client, WinCC Server).
The virtualization system can be easily and efficiently extended by preconfigured
virtual machines and is therefore scalable to different plant sizes. A highly available
system can be realized by using additional virtualization servers.
Further information on SIMATIC Virtualization as a Service is available at the
following link:
·
SIMATIC Virtualization as a Service \5\
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
14
4 Configuration
4
Configuration
4.1
General hardware compatibility
Each ESXi host and its components must be listed in the VMware's HCL
(Hardware Compatibility List) for each ESXi version and license.
For more information, please use the following link:
https://www.vmware.com/resources/compatibility/search.php \6\
4.1
NOTICE
Configuration of the host systems
The user/administrator is obliged to provide and secure sufficient system
resources on the virtualization server and the virtual systems.
Minimum system requirements for installing ESXi/ESX (1003661)
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=
displayKC&externalId=1003661 \7\
Best practices to install or upgrade to ESXi 6.0 (2109712)
ã Siemens AG 2018 All rights reserved
https://kb.vmware.com/s/article/2109712 \8\
Hardware example
Here is an example from practical experience.
·
The configured main memory (RAM) of all VMs running simultaneously
must not exceed 90% of the physically available RAM.
·
The ratio 2:1 of the virtually configured CPU cores of all simultaneously
running VMs to the physically available CPU cores should not be
exceeded.
The following table shows an example of a possible assignment:
Hardware
Number
Intel® Xeon® Processor
E5-2640V4
(25MB Cache, 2.40 GHz,
8.00 GT/s QPI)
10 Cores
Usage
1 core for host
1x ES
1x OS Server:
5x OS Client:
4 vCores
2 vCores
10 vCores
·
For performance reasons, the size of the data stores on the individual
RAID systems should not exceed 2TB.
·
Using a RAID 10 system for the data stores offers the best read/write
performance.
·
A better performance of WinCC can be achieved if a CPU with fewer cores
and higher clock frequency is preferred to a CPU with more cores and
lower clock frequency.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
15
4 Configuration
Network
The following figure shows an example of the communication principle of a
virtualization system:
·
The internal communication between ES, WinCC server and WinCC client.
·
The communication of ES, WinCC server and WinCC client to the outside,
e.g. to the AS via the physical network cards of the ESXi server.
ã Siemens AG 2018 All rights reserved
Figure 4-1
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
16
4 Configuration
4.2
Configuration of guest systems
4.2.1
General information
ã Siemens AG 2018 All rights reserved
Features
1)
Note
Requirements
1)
VM Version
8,9,10 or 11
Hard drive storage
management
Use type: "Thick Provision Eager Zeroed"
Virtual network modules
There are as many network cards to configure as would be
the case with real WinCC stations. A redundant OS server
would therefore have 3 virtual network cards.
Separation of networks
It is recommended to physically/virtually separate terminal,
system and redundancy bus and not to use VLANs.
The IP addresses of terminal, system and redundancy
buses have to be located in different subnets.
Network cards
All network cards are assigned to the "Private" network
profile within Windows via group policy.
CPU load
The CPU continuous load of the assigned logical CPU
cores must not exceed 70% - 80%.
Note:
When archiving large data volumes a respective reserve is
required (high I/O load).
This load is given at a capacity of 70% - 80%.
VMware Tools
"VMware Tools" must be installed inside the virtual
machines. This results in better performance and
maintainability of the VMs.
Operating states
Suspend/Resume of the VMs, as well as VMware options,
(e.g. vMotion) are not supported. The VMs must be treated
like real WinCC stations.
A downgrade of the VM version is not possible.
Card type of virtual network cards
The card type of the virtual network cards has to be "E1000" or "vmxnet3"
(recommended).
The card type "vmxnet3" cannot be used until VMware Tools is installed in the
VM.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
17
4 Configuration
4.2.2
NOTICE
Note
Configuration of network cards
Faulty process communication
·
No unused network cards may exist in the Windows "Network and Sharing
Center". Unused cards must be disabled or removed from the virtual
machine configuration.
·
No network card should be assigned to the public network profile.
·
When adding/removing network cards, their order changes in Windows. After
making changes to the network configuration, check the order of the network
cards according to the WinCC documentation.
The following group policy can be used to ensure that no network card is
assigned to the "Public network" network category:
Local Computer Policy > Computer Configuration > Windows Settings > Security
Settings > Network Manager Policies > Non-identified Networks: Set the location
type from "Not configured" to "Private".
ã Siemens AG 2018 All rights reserved
Note
First uninstall unused network cards in the Windows device manager. If you do
not do this, "remaining files" will be left in the properties of the VM in Windows
after you delete network cards. These "remaining files" must first be made visible
in the device manager before they can be uninstalled. If these "remaining files"
are not removed, the name of the deleted network card cannot be used again.
Tip: If BGInfo (not included in Windows) is used, the desktop can show whether
"remaining files" are available.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
18
4 Configuration
4.3
Remote access
The VMs can be accessed with a thin client or a remote system via RDP,
RealVNC, vSphere Client or vSphere Web Client.
General information
ã Siemens AG 2018 All rights reserved
The following points apply to all remote connections:
·
All operator stations can be operated via exactly one open remote connection.
·
For a remote connection, the existing session must be taken over. This means
that a user must be logged in at the operating station.
·
Remote Desktop may only be used via "mstsc/console" or "mstsc/admin".
·
An RDP connection may only be used for access to clients without additional
functions (web functions).
·
With WinCC servers or the single-user system, RPP is only permitted if WinCC
is running in service mode.
·
When using an RDP connection to a VM, the automatic logon to Windows has
to be configured in this VM, e.g. using "control userpasswords2" or "Autologon
for Windows" (Windows Sysinternals).
·
In order to access a VM with automatic logon via RDP, the following registry
entry may not be present as of Windows Server 2012 R2 and Windows 10
(default setting): "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\ForceAutoLogon"
·
Disabling the TCP auto tuning level: The TCP auto tuning settings can be
disabled using the following command:
netsh interface tcp set global autotuninglevel=disabled
You can find information on this in the FAQ entry: "Which settings should you
make when an OVF export fails using the "VMware vSphere Client"
application?" \9\
RealVNC
Audio signals cannot be transmitted via a RealVNC connection.
The released version of RealVNC for WinCC is included in the compatibility tool:
http://www.siemens.de/kompatool \3\
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
19
4 Configuration
vSphere Client
ã Siemens AG 2018 All rights reserved
Opening the console ("Open Console") of a VM in the vSphere client can take
relatively long (35 sec). One possible reason for this is that certificates cannot be
verified if there is no internet connection. This can be prevented by configuring the
following group policy:
Set "Computer Configuration\Administrative Templates\System\Internet
Communication Management\Internet Communication settings\Turn off Automatic
Root Certificates Update" to "enabled".
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
20
4 Configuration
4.4
Communication
4.4.1
Name resolution
In a virtual environment, a management network is usually also used to manage
the virtual infrastructure. In this management network it is recommended to use a
DNS server for the name resolution of ESXi servers.
Note
The name resolution of the VMs necessary for the operation of WinCC must take
place when using a DNS/WINS server via the terminal bus or by using the locally
configured hosts and lmhosts files.
The name resolution has to be done via the IPv4 protocol.
4.4.2
VLANs
VLANs can be used in WinCC. You can find information on this in the FAQ entry
"How do you configure a Virtual Local Area Network (VLAN) in PCS 7?“.\10\
ã Siemens AG 2018 All rights reserved
VLANs must not be used on the dedicated network card of the ES to the fieldbus
(PROFINET).
4.4.3
Redundancy connection between servers
The connection between redundant WinCC servers for redundancy adjustment
must be made via Ethernet.
The following figure shows settings within the configuration of SIMATIC Shell:
·
Selection of the virtual network card for the redundancy bus in the redundancy
settings
·
Disabling the serial port
Figure 4-2
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
21
4 Configuration
4.5
SIMATIC software redundancy
With a redundant WinCC system, the runtime is active on both servers (master and
standby). This has the following characteristics:
·
The clients are distributed between both servers (load balancing).
·
After a failure, the data status is synchronized on both servers by archive
adjustment
ã Siemens AG 2018 All rights reserved
The fault tolerance provided by vmWare is not a replacement for the SIMATIC
redundancy and therefore cannot be used.
(see chapter 7.3.4 Fault Tolerance).
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
22
5 Licensing of SIMATIC Products
5
Licensing of SIMATIC Products
General information
As a general rule, you have to license all products/software according to the
respective manufacturer's license terms and conditions.
In terms of licensing, a SIMATIC software installation on a virtual machine does not
differ from the installation on a real machine. Therefore, each SIMATIC software
installation on a virtual machine,
e.g. SIMATIC WinCC and other SIMATIC applications, has to be licensed
accordingly.
Likewise, each SIMATIC WinCC Client installation on a virtual machine has to be
licensed accordingly.
5.1
Licensing with a single license
Unlimited duration standard license that can be transferred to any computer and
used on this computer. The Certificate of License (CoL) defines the type of use.
Licenses of the single license type can only be used locally.
ã Siemens AG 2018 All rights reserved
5.2
Licensing with floating licenses
Unlimited license duration that can be transferred to any computer and used on this
computer. The license can also be obtained from a license server over the network.
Note
The freedoms gained in handling virtualization entail the risk of easily damaging
or destroying virtual machines. When things get serious, a virtual machine will be
irretrievably lost, including all installations and licenses.
To minimize the risk of losing licenses, use a license server with SIMATIC
floating licenses. This additionally facilitates handling licenses.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
23
6 Diagnostic capabilities
6
Diagnostic capabilities
Troubleshooting and performance (Chap 4.4 109486064)
VMware provides various means to diagnose performance bottlenecks. Below, we
will briefly describe use of the vSphere Client and of the "esxtop" tool.
For more information, see the manual "vSphere Monitoring and Performance".
https://www.vmware.com/support/pubs/ \11\
6.1
Diagnostics using VMware vSphere client
General information
You can use the vSphere Client not only to configure the virtual machines (guest
systems), but also to monitor the ESXi server and the individual virtual systems.
Monitoring options
ã Siemens AG 2018 All rights reserved
You can display these points as curves with the vSphere client:
·
Main memory usage
·
Operating state
·
CPU load
·
Hard drive
·
Network utilization
The procedure in detail
Table 6-1
No.
Step/action
1.
Log on to the ESX(i) server
·
Start your VMware VSphere client.
The Logon dialog appears:
·
Enter the IP address of your virtualization server and your user data.
The vSphere Client starts.
2.
Navigate to ESX(i) server diagnostics
·
In the navigation tree, select the top item. (The virtualization server.)
·
Then select the “Performance” tab.
A diagram appears that shows the performance data graph.
3.
Customizing the ESX(i) server diagnostics
To monitor the values used for these measurements, proceed as follows:
·
In the top area of the tab, click “Trend settings…”.
The “Adjust performance trend” dialog appears.
·
Monitoring the RAM
–
In the “Trend settings” tree, expand the “RAM” item.
–
In “RAM”, click “Realtime”.
–
In the “Performance logs” fields, deselect everything and select only
“active”.
–
Confirm with OK.
In the diagram, you can now monitor the active RAM.
·
Monitoring the CPU load
–
In the “Trend settings” tree, expand the “CPU” item.
–
In “CPU”, click “Realtime”.
–
In the “Performance logs” field, deselect everything and select only
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
24
6 Diagnostic capabilities
No.
Step/action
–
6.2
“usage”.
Confirm with OK.
In the diagram, you can now monitor the CPU load.
4.
Navigate to diagnostics of the virtual system
·
In the navigation tree, select the item of the virtual system to be monitored.
·
Then select the “Performance” tab.
A diagram appears that shows the performance data graph.
5.
Customizing diagnostics of the virtual system
To do this, proceed as described in step 3.
Diagnostics in the virtual system
For diagnostics in the virtual system, use the Windows tool
Windows Performance Monitor.
The procedure in detail
Table 6-2
ã Siemens AG 2018 All rights reserved
No.
Step/action
1.
Starting the tool
Click “Start > Performing".
The “Run...” dialog appears.
·
Enter “Perfmon” and click OK.
The monitoring tool starts.
2.
Customizing the performance indicators
Remove all performance logs from the lower right area.
·
In this area, right-click. In the menu, select “Add performance logs...”.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
25
6 Diagnostic capabilities
No.
Step/action
·
·
·
·
ã Siemens AG 2018 All rights reserved
·
The “Add performance logs” dialog appears.
To display the CPU load as a percentage, select the “Processor” data object
and select the “% Processor Time” performance log. Select “_Total” as the
instance.
Click on "Add…".
To display the main memory allocation, select the “Memory” data object and
select the “Committed Bytes” data object.
Click “Add” and select “Close” to close the dialog.
Note
It is a problem to display both values simultaneously in one diagram. The axis
scaling differs.
For optimum display, adjust the scaling using the “Properties” button and the
“Graphics” tab.
For more information, follow this link:
"What diagnostics options are available for WinCC and PCS 7 OS?" \12\
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
26
6 Diagnostic capabilities
6.3
Performance problems
To prevent your VM from running with poor performance, define the hardware
configuration of the VM before installing the operating system. This mainly applies
to:
·
Number of virtual sockets
·
Number of virtual cores per socket
If you make changes to the hardware configuration, you must adjust the HCL of the
VM again.
Further information is available at:
·
Modifying the Hardware Abstraction Layer (HAL) for a Windows virtual
machine (1003978)
ã Siemens AG 2018 All rights reserved
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd
=displayKC&externalId=1003978 \13\
·
Troubleshooting a converted virtual machine that experiences poor
performance (1013857)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cm
d=displayKC&externalId=1013857 \14\
·
Troubleshooting ESX/ESXi virtual machine performance issues (2001003)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cm
d=displayKC&externalId=2001003 \15\
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
27
7 Further Notes, Tips and Tricks
7
Further Notes, Tips and Tricks
7.1
Pass-through (VMDirectPath IO)
General information
Pass-through support in VMware vSphere Server (ESXi) allows you to pass certain
physical components of the server directly to the virtual machines.
The virtual machine detects the new hardware automatically, if necessary
appropriate drivers are installed later.
As long as you use pass-through function:
·
the hardware is a part of the virtual machine
·
the HyperVisor no longer has access
Various SIMATIC NET CPs have been tested for the pass-through function and
can be used.
Note
This is where you can find information about pass-through configurations
ã Siemens AG 2018 All rights reserved
http://kb.vmware.com/kb/1010789 \16\
Note
When using SIMATIC NET CPs in a virtual environment, observe the
requirements and dependencies of SIMATIC NET.
"SIMATIC NET PC-Software SIMATIC NET PC Software V14 SP1 installation
manual – chapter 3 and 4"
Installation, configuration of SIMATIC NET CPs in a VMware vSphere server
(ESXi)
https://support.industry.siemens.com/cs/ww/en/view/77377602 \17\
Other compatibilities can be found here
https://support.industry.siemens.com/kompatool/pages/main/index.jsf \3\
You can use WinCC ASIA dongle via pass-through. The number of ASIA dongles
depends on the international USB hubs and not on the number of USB ports. Only
one USB HUB is forwarded at a time.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
28
7 Further Notes, Tips and Tricks
7.2
Managed USB HUB
General information
The following diagram shows you how a USB HUB is connected to a virtual
infrastructure via the Ethernet LAN.
You configure the assignment of the USB ports to the virtual machine via the hub's
Web interface.
Furthermore, every virtual machine that you connect to the USB HUB needs a
corresponding software. Using this software, the virtual machine accesses the
respective USB port (port groups). The USB devices connected to these ports are
passed on to the respective virtual machine via the Ethernet LAN.
Note
A guide showing the detailed configuration of the USB HUB is available on the
manufacturer’s website:
http://www.digi.com/products/usb/anywhereusb \18\
ã Siemens AG 2018 All rights reserved
Figure 7-1
VM VM VM VM
VM VM VM VM
VM
RealPort USB
software drivers
Ethernet LAN
AnywhereUSB
USB Device
SmartCard
Remote Client
The following USB HUBs were compatibility-tested:
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
29
7 Further Notes, Tips and Tricks
http://www.digi.com/products/usb/anywhereusb \18\
You can use WinCC ASIA dongle via USB HUB.
7.3
General recommendations
7.3.1
Snapshots
Do not use snapshots during productive operation. This can negatively affect the
virtual machine's general performance capability.
For more information, follow this link:
https://www.vmware.com/pdf/vcops-vapp-585-deploy-guide.pdf (p. 15) \19\
Search KB entry 2000986 "Snapshots are not backups" for "Best practices for
virtual machine snapshots in the VMware environment".
https://kb.vmware.com/selfservice/microsites/microsite.do \20\
7.3.2
vMotion or vMotion Storage
ã Siemens AG 2018 All rights reserved
Do not use vMotion or vMotion Storage for virtual machines in which SIMATIC
software is active.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
30
7 Further Notes, Tips and Tricks
7.3.3
SDRS (Storage DRS)
Storage DRS enables moving virtual machines automatically within a data store
cluster. A data storage cluster consists of individual data stores.
Do not move virtual machines with active SIMATIC software.
7.3.4
Fault Tolerance
Fault Tolerance (FT) provides uninterrupted availability by assuring that the states
of the primary and secondary virtual machine are identical for the entire time the
instruction is being executed.
FT is not supported in conjunction with SIMATIC software and is not considered in
this application example.
7.3.5
Cloning virtual machines (VM)
Cloning a virtual machine is not compatibility-tested and not released.
7.3.6
VMware Tools
ã Siemens AG 2018 All rights reserved
Install the latest version of the VMware Tools.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
31
7 Further Notes, Tips and Tricks
7.3.7
Increasing performance of vnetflt.sys driver
You can increase the performance of WinCC within the VM by uninstalling the
"vnetflt.sys" driver.
Table 7-1
Start the VMware converter.
2.
Select "Change" and click on the “Next" button
3.
Uninstall the "NSX Network Introspection Driver" in "VMCI Driver > NSX File
Introspection Driver"
4.
Restart the computer.
ã Siemens AG 2018 All rights reserved
1.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
32
7 Further Notes, Tips and Tricks
7.3.8
Hard drives
Thick provisioned eager zeroed Format
Create the hard drives in the format "Thick Provision Eager Zeroed". It will provide
the best performance properties.
For more information, follow this link:
https://www.vmware.com/pdf/vcops-vapp-585-deploy-guide.pdf (p. 15) \19\
Distributing multiple hard drives of a virtual machine
Distribute the hard drives evenly across the virtual SCSI adapters.
For more information, see the book "Virtualizing Microsoft Business Critical
Applications on VMware vSphere" (p. 90).
I/O-intensive applications
ã Siemens AG 2018 All rights reserved
Use the paravirtual storage adapter (PVSCSI) for I/O intensive applications. It
reduces the CPU load and is capable of improving especially the system's overall
performance. Also observe the information provided by the following links. For
more information, follow this link:
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/v
mware-perfbest-practices-vsphere6-0-white-paper.pdf \21\
Or in KB article 1010398. Search for "Configuring disks to use VMware Paravirtual
SCSI adapters".
https://kb.vmware.com/selfservice/microsites/microsite.do \20\
Note
7.3.9
The use of SSD brings a considerable improvement in performance.
Unnecessary hardware in virtual machines
Remove all unnecessary hardware from the configuration. Each unnecessary
element can negatively affect the performance capability of your virtual machine.
For more information, follow this link:
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/v
mware-perfbest-practices-vsphere6-0-white-paper.pdf \21\
This includes:
7.3.10
·
Floppy disk
·
CD ROM
·
HD audio
Synchronizing the virtual machines
The host (ESXi) must use the same time source as the operating systems within
the virtual machines. Before time synchronization mechanisms take effect in the
virtual machine, the host's time is used when starting the virtual machine. If the two
times differ, undesired behavior can occur as a result.
In the virtual machine, use one of the following time synchronization methods:
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
33
7 Further Notes, Tips and Tricks
·
VMware Tools or
·
Time synchronization - Time synchronization in the automation environment
In this entry you will find the most important entries on the 'Time Synchronization' topic
in Industry Online Support.
https://support.industry.siemens.com/cs/ww/en/view/86535497.\22\
Synchronization of the hosts
The ESXi hosts need a time source. Set this source accordingly using the vSphere
Client.
ã Siemens AG 2018 All rights reserved
Figure 7-2
Figure 7-3
7.4
Security settings
7.4.1
Disabling automatic update of VMware Tools
An automatic upgrade of the VMware Tools may cause the host operating system
to be restarted automatically.
Note
During the restart, e.g. a WinCC server is not available or WinCC clients cannot
be operated.
Disable the automatic installation of VMware Tools:
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
34
7 Further Notes, Tips and Tricks
7.4.2
Time synchronization through NTP
Synchronize your ESXi host with a time source. Use the same time source as for
time synchronization of your operating systems within the VMs.
7.4.3
Applying patches for ESXi
Always keep the patches of your ESXi hosts up to date. You can do so using the
Update Manager for example.
NOTICE
Restart of the host and thus also the virtualized machines necessary
You may need to restart the host to successfully install patches. Note that the
virtual machines running on the server also have to be restarted.
WinCC servers of this host are not available for this period and WinCC clients of
this host cannot be operated. WinCC servers or WinCC clients of other hosts are
not affected.
ã Siemens AG 2018 All rights reserved
For more information, follow this link:
https://www.vmware.com/support/policies/security_response \24\
7.4.4
Security in general
Siemens provides products and solutions with Industrial Security functions that
support the secure operation of plants, systems, machines and networks.
Further information can be found at the following links.
·
Which security precautions help against unauthorized access in the
SIMATIC PCS 7 / WinCC environment?
https://support.industry.siemens.com/cs/ww/en/view/44443744 \23\
·
SIMATIC process control system PCS 7 safety concept PCS 7 & WinCC
(basic)
https://support.industry.siemens.com/cs/ww/en/view/60119725
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
35
8 Glossary
8
Glossary
ESX(i)
Product from VMware. The software has/is its own operating system and provides
virtual systems with workspace.
The software is used for virtualization on the server side.
Core installation
Operating system installation without a graphical user interface; replaced by a
simplified platform such as a CMD command prompt or PowerShell.
Guest
A guest is a virtualized computer running within a host (equivalent to VM).
Host
ã Siemens AG 2018 All rights reserved
The “host” for virtual machines, regardless of whether this refers to the “host” for
desktop or server virtualization.
In this document, “host” is equivalent to virtualization server.
HyperV
This software environment is provided by Microsoft through different paths and
allows the user to provide, manage and run virtual machines on a Windows server
or core server.
HyperVisor
Software for virtualization (of a virtualization server).
Hyper-threading
Technology for better processing of commands for the processor. Here,
with hyper-threading, one processor core appears as 2 process cores to the
operating system.
IOPS
Input/Output Operations per Second.
Management Station
A PC that performs the configuration, maintenance and monitoring of one or more
virtualization servers.
The VMware Converter or vSphere Client applications can be used in this context.
RDP
Remote Desktop Protocol is a Microsoft solution for operator control and
monitoring of remote computers.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
36
8 Glossary
SCADA
SCADA stands for “Supervisory Control and Data Acquisition”.
SSD
SD stands for "solid-state drive" and is a data memory.
VDS
Virtual Distributed Switch
Virtualization server (and virtual system)
The real PC on which the VMware ESX(i) software runs that provides its resources
to virtual systems.
Computers that run within the VMware ESXi software are virtualized systems.
Virtual hardware
Real resources are not directly provided to the virtualized systems to allow shared
use.
Such shared hardware can be network cards, processor cores or hard drives.
This hardware can be used partially and jointly by all virtualized systems.
ã Siemens AG 2018 All rights reserved
Virtual processor core
A processor core provided to the virtual machine.
A vCPU is not equivalent to a pCPU or pCore. A vCPU also includes the “double
cores” due to HT.
In addition, VMware does not distinguish between the core and the CPU; this is
only relevant to the guest system.
Virtual network
A network which only exists within a virtualization server and allows communication
between multiple virtual systems (within one virtualization server).
VNC
Virtual Network Control is an option for operator control and monitoring of remote
computers.
VMware
Company and vendor of virtualization software.
VMware vCenter Converter
A VMware product for converting, transferring and creating virtual systems.
VMware Workstation
A VMware product for creating and using virtual systems on existing operating
systems.
vSphere Client
A VMware product for configuring, monitoring and running a VMware ESXi Server.
vSphere Server
A VMware product that is installed on the server hardware.
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
37
8 Glossary
Also known as a HyperVisor, VMware ESX(i) Server or ESX(i) host.
vSphere vCenter Server
A VMware product that is used in order to manage multiple ESX(i) HyperVisors
using a vSphere Client.
The vSphere VCenter Server is used to combine multiple ESX(i) hosts into a
cluster, which increases effectiveness based on the available functionality.
VSS
ã Siemens AG 2018 All rights reserved
Virtual Standard Switches
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
38
9 Appendix
9
Appendix
9.1
Service and Support
Industry Online Support
Do you have any questions or need support?
Siemens Industry Online Support offers access to our entire service and support
know-how as well as to our services.
Siemens Industry Online Support is the central address for information on our
products, solutions and services.
Product information, manuals, downloads, FAQs and application examples – all
information is accessible with just a few mouse clicks at
https://support.industry.siemens.com
Technical Support
Siemens Industry's Technical Support offers quick and competent support
regarding all technical queries with numerous tailor-made offers
– from basic support right up to individual support contracts.
ã Siemens AG 2018 All rights reserved
Please address your requests to the Technical Support via the web form:
www.siemens.en/industry/supportrequest
SITRAIN – Training for Industry
With our globally available training courses for our products and solutions and
using innovative teaching methods, we help you achieve your goals.
More information on the training courses offered as well as on locations and dates
is available at:
www.siemens.en/sitrain
Service offer
Our service offer comprises, among other things, the following services:
·
Product Training
·
Plant Data Services
·
Spare Parts Services
·
Repair Services
·
On Site and Maintenance Services
·
Retrofit and Modernization Services
·
Service Programs and Agreements
Detailed information on our service offer is available in the Service Catalog:
https://support.industry.siemens.com/cs/sc
Industry Online Support app
Thanks to the "Siemens Industry Online Support" app, you will get optimum
support even when you are on the move. The app is available for Apple iOS,
Android and Windows Phone:
https://support.industry.siemens.com/cs/ww/en/sc/2067
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
39
9 Appendix
9.2
Links and literature
Table 9-1
ã Siemens AG 2018 All rights reserved
No.
Topic
\1\
Siemens Industry Online Support
https://support.industry.siemens.com
\2\
Link to the entry page of the application example
https://support.industry.siemens.com/cs/ww/en/view/49368181
\3\
Compatibility tool
https://siemens.com/kompatool
\4\
Where do you obtain technical support for the configuration of a virtual SIMATIC
PCS 7 / WinCC System?
https://support.industry.siemens.com/cs/en/en/view/109749129
\5\
SIMATIC Virtualization as a Service
https://support.industry.siemens.com/cs/ww/en/sc/3095
\6\
VMware Compatibility Guide
https://www.vmware.com/resources/compatibility/search.php
\7\
Minimum system requirements for installing ESXi/ESX (1003661)
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=dis
playKC&externalId=1003661
\8\
Best practices to install or upgrade to ESXi 6.0 (2109712)
https://kb.vmware.com/s/article/2109712
\9\
Which settings should you make when an OVF export fails using the "VMware
vSphere Client" application?
https://support.industry.siemens.com/cs/ww/en/view/98158088"
\10\
How do you configure a Virtual Local Area Network (VLAN) in PCS 7?
\11\
Manual for vSphere monitoring and performance
https://www.vmware.com/support/pubs/
\12\
What diagnostics options are available for WinCC and PCS 7 OS?
https://support.industry.siemens.com/cs/ww/en/view/48698507
\13\
Modifying the Hardware Abstraction Layer (HAL) for a Windows virtual machine
(1003978)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=dis
playKC&externalId=1003978
\14\
Troubleshooting a converted virtual machine that experiences poor performance
(1013857)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=dis
playKC&externalId=1013857
\15\
Troubleshooting ESX/ESXi virtual machine performance issues (2001003)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=dis
playKC&externalId=2001003
\16\
Configuring VMDirectPath I/O pass-through devices on a VMware ESX or VMware
ESXi host (1010789)
http://kb.vmware.com/kb/1010789
\17\
SIMATIC NET: PC Software SIMATIC NET PC Software V14 SP1 >
Installation, configuration of SIMATIC NET CPs in a VMware vSphere server (ESXi)
https://support.industry.siemens.com/cs/ww/en/view/77377602
\18\
DIGI AnywhereUSB
http://www.digi.com/products/usb/anywhereusb#docs
\19\
vApp Deployment and Configuration Guide
https://www.vmware.com/pdf/vcops-vapp-585-deploy-guide.pdf
https://support.industry.siemens.com/cs/ww/en/view/66807297"
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
40
9 Appendix
No.
\20\
VMware Knowledge Base
https://kb.vmware.com/selfservice/microsites/microsite.do
\21\
Performance Best Practices for VMware vSphere 6.0
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/v
mware-perfbest-practices-vsphere6-0-white-paper.pdf
\22\
Time synchronization - Time synchronization in the automation environment
https://support.industry.siemens.com/cs/ww/en/view/86535497
Which security precautions help against unauthorized access in the SIMATIC PCS
7 / WinCC environment?
https://support.industry.siemens.com/cs/ww/en/view/44443744
\23\
\24\
9.3
Topic
vmware Security Response Policy
https://www.vmware.com/support/policies/security_response
Change documentation
ã Siemens AG 2018 All rights reserved
Table 9-2
Version
Date
V1.0
07/2015
First version
V2.0
08/2018
Reworking
WinCC Virtualization
Entry ID: 49368181, V2.0,
08/2018
Modification
41
Documentos relacionados
SIMATIC IT for Aerospace and Complex Manufacturing
SIMATIC IT for Aerospace and Complex Manufacturing
Toggle Handle Extension For Support in Europe refer to
Toggle Handle Extension For Support in Europe refer to
Securing the Government Infrastructure
Securing the Government Infrastructure
Through Door Mounted Rotary Handle Operator Kit For
Through Door Mounted Rotary Handle Operator Kit For
B1 WRITING ASSESSMENT 1 LET ME TELL YOU ABOUT CHUCK (1)
B1 WRITING ASSESSMENT 1 LET ME TELL YOU ABOUT CHUCK (1)
Compare VMware vSphere Features and Capabilities Across
Compare VMware vSphere Features and Capabilities Across
TRADING
TRADING
tear model of grief eskiyuky
tear model of grief eskiyuky
Land and food security.- Nature Sustainability 2018
Land and food security.- Nature Sustainability 2018
Big data virtualization. Why and how (Completo)
Big data virtualization. Why and how (Completo)
WinCC WebNavigator en-US en-US
WinCC WebNavigator en-US en-US
Descargar
Anuncio
Anuncio