FactoryTalk Security System Configuration Guide

FactoryTalk Security System Configuration Guide

Version 6.40.00

Quick Start

Original Instructions

Important User Information

Read this document and the documents listed in the additional resources section about installation, configuration, and operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards. Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required to be carried out by suitably trained personnel in accordance with applicable code of practice. If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired. In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment. The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for actual use based on the examples and diagrams. No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software described in this manual. Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is prohibited. Throughout this manual, when necessary, we use notes to make you aware of safety considerations.

WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to personal injury or death, property damage, or economic loss.

ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.

IMPORTANT: Identifies information that is critical for successful application and understanding of the product.

These labels may also be on or inside the equipment to provide specific precautions.

SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present.

BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous temperatures.

ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory requirements for safe work practices and for Personal Protective Equipment (PPE).

The following icon may appear in the text of this document.

Tip: Identifies information that is useful and can help to make a process easier to do or easier to understand.

Rockwell Automation recognizes that some of the terms that are currently used in our industry and in this publication are not in alignment with the movement toward inclusive language in technology. We are proactively collaborating with industry peers to find alternatives to such terms and making changes to our products and content. Please excuse the use of such terms in our content while we implement these changes.

2

FTSEC-QS001T-EN-E - November 2023

Rockwell Automation, Inc.

Contents

About FactoryTalk systems.................................................................................................................................................................................................................... 12 FactoryTalk systems.............................................................................................................................................................................................................................................................. 12 FactoryTalk Directory types.......................................................................................................................................................................................................................................13 Accounts and groups..................................................................................................................................................................................................................................................14 Account types...............................................................................................................................................................................................................................................................15 Applications and areas...............................................................................................................................................................................................................................................17 Security in a FactoryTalk system..............................................................................................................................................................................................................................17 Example: Two directories on one computer..........................................................................................................................................................................................................18

Install FactoryTalk Services Platform...................................................................................................................................................................................................20 FactoryTalk Services Platform installation...................................................................................................................................................................................................................... 20 Step 1: Launch the Setup wizard and select what to install...............................................................................................................................................................................21 Step 2: Configure the communication protocol................................................................................................................................................................................................... 22 Step 3: Read and accept license agreements...................................................................................................................................................................................................... 23 Step 4: Start the installation....................................................................................................................................................................................................................................23 Step 5: Finish the installation..................................................................................................................................................................................................................................23 Switch the communication protocol to HTTPS.....................................................................................................................................................................................................23 Modify FactoryTalk Services Platform...............................................................................................................................................................................................................................24 Switch the communication protocol to HTTP....................................................................................................................................................................................................... 24

Getting started with FactoryTalk Security............................................................................................................................................................................................26 FactoryTalk Security............................................................................................................................................................................................................................................................. 26 Security on a local directory....................................................................................................................................................................................................................................27 Security on a network directory..............................................................................................................................................................................................................................27 How security authenticates user accounts...........................................................................................................................................................................................................28 Things you can secure..............................................................................................................................................................................................................................................28 Best practices............................................................................................................................................................................................................................................................. 29 Audit trails and regulatory compliance..................................................................................................................................................................................................................30 Configure a computer to be the FactoryTalk Directory network server.....................................................................................................................................................................32 Configure a computer to be the network directory server................................................................................................................................................................................33 Configure a network directory client computer...................................................................................................................................................................................................33 Check the network directory server performance in system operation......................................................................................................................................................... 34 FactoryTalk Directory Server Location Utility........................................................................................................................................................................................................35

Manage users.........................................................................................................................................................................................................................................36 Manage users.........................................................................................................................................................................................................................................................................36

Rockwell Automation, Inc.

FTSEC-QS001T-EN-E - November 2023

3

Add a FactoryTalk user account.............................................................................................................................................................................................................................. 36 Add a Windows-linked user account.......................................................................................................................................................................................................................37 Add group memberships to a user account......................................................................................................................................................................................................... 38 Remove group memberships from a user account............................................................................................................................................................................................. 39 Delete a user account............................................................................................................................................................................................................................................... 39 Manage user groups...............................................................................................................................................................................................................................41 Manage user groups..............................................................................................................................................................................................................................................................41 Add a FactoryTalk user group...................................................................................................................................................................................................................................42 Add a Windows-linked user group...........................................................................................................................................................................................................................42 Add an Azure AD user group.................................................................................................................................................................................................................................... 44 Configure Azure Active Directory............................................................................................................................................................................................................................ 44 Azure AD Group Properties....................................................................................................................................................................................................................................... 46 Edit or view user group properties.........................................................................................................................................................................................................................46 Delete a user group................................................................................................................................................................................................................................................... 47 Add accounts to a FactoryTalk user group............................................................................................................................................................................................................47 Remove accounts from a FactoryTalk user group............................................................................................................................................................................................... 48 Manage computers................................................................................................................................................................................................................................ 49 Manage computers................................................................................................................................................................................................................................................................49 Add a computer.......................................................................................................................................................................................................................................................... 49 Delete a computer......................................................................................................................................................................................................................................................50 Edit or view computer properties...........................................................................................................................................................................................................................50 Manage authentication services........................................................................................................................................................................................................... 52 Add an Azure AD site............................................................................................................................................................................................................................................................53 Add an OpenID Connect site............................................................................................................................................................................................................................................... 53 Historical Usage.....................................................................................................................................................................................................................................55 Configure feature security for Historical Usage.............................................................................................................................................................................................................55 Users tab................................................................................................................................................................................................................................................................................ 56 Items on the Users tab........................................................................................................................................................................................................................................................56 Meanings of the column headings on the Users tab..................................................................................................................................................................................................... 56 Disable a user account with Historical Usage................................................................................................................................................................................................................ 57 Enable a user account with Historical Usage................................................................................................................................................................................................................. 57 Delete a user account with Historical Usage.................................................................................................................................................................................................................. 57 Computers tab....................................................................................................................................................................................................................................................................... 57 Items on the Computers tab.............................................................................................................................................................................................................................................. 58 Meanings of the column headings on the Computers tab............................................................................................................................................................................................58

4

FTSEC-QS001T-EN-E - November 2023

Rockwell Automation, Inc.

Delete a computer with Historical Usage........................................................................................................................................................................................................................ 58 Filter records in Historical Usage......................................................................................................................................................................................................................................59 Meanings of the filter conditions in Historical Usage................................................................................................................................................................................................... 59 Sort records in Historical Usage........................................................................................................................................................................................................................................60 Add and remove user-computer pairs.................................................................................................................................................................................................. 61 Add and remove user-computer pairs...............................................................................................................................................................................................................................61

Add a user-computer pair......................................................................................................................................................................................................................................... 61 Remove a user-computer pair.................................................................................................................................................................................................................................62 Edit or view user account properties.....................................................................................................................................................................................................................62 Add and remove action groups.............................................................................................................................................................................................................64 Add and remove action groups..........................................................................................................................................................................................................................................64 Add an action group.................................................................................................................................................................................................................................................. 64 Delete an action group..............................................................................................................................................................................................................................................64 Add an action to an action group...........................................................................................................................................................................................................................65 Remove an action from an action group...............................................................................................................................................................................................................65 Set system policies................................................................................................................................................................................................................................67 Authorize an application to access the FactoryTalk Directory.....................................................................................................................................................................................67 FactoryTalk Service Application Authorization......................................................................................................................................................................................................68 FactoryTalk Service Application Authorization settings......................................................................................................................................................................................68 Publisher Certificate Information.............................................................................................................................................................................................................................71 Digitally signed FactoryTalk products...................................................................................................................................................................................................................... 71 Authorize a service to use FactoryTalk Badge Logon.................................................................................................................................................................................................... 72 FactoryTalk Badge Authorization.............................................................................................................................................................................................................................73 FactoryTalk Badge Authorization settings............................................................................................................................................................................................................. 73 Assign user rights to make system policy changes.......................................................................................................................................................................................................74 User rights assignment policies.............................................................................................................................................................................................................................. 74 User Rights Assignment Policy Properties.............................................................................................................................................................................................................75 Configure Securable Action...................................................................................................................................................................................................................................... 75 Select a user or group...............................................................................................................................................................................................................................................76 Change the default communications protocol................................................................................................................................................................................................................ 76 Default communications protocol settings............................................................................................................................................................................................................77 Live Data Policy Properties.......................................................................................................................................................................................................................................78 Set network health monitoring policies............................................................................................................................................................................................................................78 Health Monitoring Policy Properties........................................................................................................................................................................................................................79 Set audit policies...................................................................................................................................................................................................................................................................81

Rockwell Automation, Inc.

FTSEC-QS001T-EN-E - November 2023

5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.