WIN-911 can be installed on a single computer as a standalone system or distributed over several computers (E.g., allowing Email notification access to the Internet from the DMZ while the rest of WIN-911 resides on the plant network). This document provides an overview of WIN-911 distributed systems, outlines some considerations for such systems, and describes their installation procedure.
Note: Distributing the WIN-911 modules is an optional method for installation.
A. WIN-911 Logical Systems
WIN-911 is a system of modular components working together to provide alarm notification and information access. These modules belong to one of the following categories:
- Notifiers – Manage contact points and interaction with notification providers; handle runtime interaction with end users (e.g. Email via SMTP and IMAP/POP3)
- Sources – Manage alarm and data points and interaction with SCADA (e.g. Rockwell, GE or Wonderware or OPC-DA)
- Support – Manage strategic notification, reporting, and other functions that bring together Sources and Notifiers (e.g. Dispatcher)
The set of modules comprising a WIN-911 System can be installed together on a single physical machine.
The set of modules comprising a WIN-911 System can be distributed across multiple physical machines.
B. Industrial Control System Architecture
ISA-99 adopts the Purdue Enterprise Reference Architecture (PERA) as a model for network segregation in Industrial Control systems. Within the manufacturing/industrial zone of the network, SCADA/HMI applications typically inhabit Level 2; historians, plant apps, and domain controllers typically inhabit Level 3. Email and Web access is typically restricted to a higher level - Level 4 or to a level 3.5 DMZ as shown.
A Distributed WIN-911 System can span multiple levels to allow communication with both SCADA and the Internet.
The ability to distribute Source and Notifier modules gives WIN-911 tremendous flexibility to fit into your existing network architecture. However, it is often not necessary to distribute all sources or all notifiers. First, many Source modules allow for network connectivity with the SCADA and need not be installed on the same machine as the SCADA system. Refer to source-specific documentation and network diagrams as found in the WIN-911 Installation Checklist document. Likewise, your notifier module instance may not require direct internet access. Your organization may employ an internal mail server that can be reached on the LAN and relays to an external mail server. Similarly, an internal VoIP server may be accessible that can relay external calls. You will need to work with your network administrator to identify the best deployment option for your organization. WIN-911 recommends installation across a minimal number of physical machines to reduce maintenance.
D. MS SQL Server
In addition to distributing WIN-911 modules, the MS SQL Server instance(s) hosting the WIN-911 configuration can reside on any of the WIN-911 host machines or be distributed onto a separate physical machine. More information can be found in our article on WIN-911 Best Practices for SQL Server. Again, you will want to consult with your organization's IT team to determine how best to deploy WIN-911 and MS SQL within your existing network.
E. Distributed Installation
To create a distributed system, you will need to define a WIN-911 System network (Create Distributed System) and then deploy the remaining modules on each of the remote nodes that will complete your WIN-911 System (Join Distributed System). Note that you can also extend an existing standalone system by installing an additional set of modules using the "Join Distributed System" option; this will convert your standalone system into a distributed system.
The initial screen of the WIN-911 installer allows for the creation and extension of distributed systems.
When joining an existing system, it is necessary to identify all existing modules that reside elsewhere on the network. The installer will attempt to discover such modules later in the installation process with a broadcast on UDP port 3702; however, this discovery attempt will be blocked on many networks. If the discovery results do not display all existing modules, simply click the browse button and browse for or enter the computer name for the target system hosting WIN-911 modules. If no modules can be found on the target system, verify that your network environment allows for communication and authentication of the user attempting this install.
The installer will prompt for the location of existing modules when joining a distributed system.
IMPORTANT: Do not continue the installation until all existing modules appear in the list. A complete network map of existing modules is required for proper functionality of the logical system.
Browse for the host of ALL existing modules when joining a distributed system.
After confirming that the network map of existing modules is complete, the installation will proceed as usual. Once the installation process has completed on all WIN-911 module hosts, the installation of the WIN-911 distributed system is complete. The system can then be configured from any node on the network by accessing WIN-911 Workspaces.
To create a support case, you can use your Maintenance Support number or your CD Tracking number. You can create a Case online or contact the product support line: (512)326-1011.