DCOM security and its headaches continue to be a popular support topic - our DCOM tutorial videos consistently receive the most visits each month. Speak to any OPC Classic user in the industrial automation space and they always have their own horror stories about fighting the woes of DCOM.
In our continuing Tech Support Corner blog series, this blog post provides you with a high-level review of the troubleshooting resources we make available to our users including a DCOM companion checklist that can be used with our DCOM tutorials.
For OPC users who haven't yet made the move to the infinitely more secure and less irksome OPC UA standard, it's an ongoing reality that DCOM is the platform for security and, as always, it is a less than ideal necessity. Once DCOM is configured, those OPC Classic servers and clients tend to just work for years. It's the new systems or systems that had to be reloaded for whatever reason that tend to result in the most frequent forays back into the DCOM settings of a machine.
The Software Toolbox tech support team is well-versed in DCOM woes, assisting users with DCOM issues almost daily. To that end, we have compiled a comprehensive set of DCOM tutorials over the years to help our users avoid and resolve DCOM issues as quickly as possible.
What DCOM Resources are Available?
At Software Toolbox, we've been working with DCOM security since the very beginning of OPC back in the mid-1990s so we've taken great pains to distill our experience into useful tools we can share with you, our users. To that end, you can take advantage of the following:
- DCOM Hardening Guide - Microsoft continues to tighten security on DCOM. Learn more in our technical DCOM hardening FAQ
- DCOM Tutorials/Walkthroughs - These tutorials, which are operating system specific, provide a step-by-step resource that you can follow along with on your own systems to configure DCOM with our recommended settings.
- DCOM Tutorial Videos - We have curated several YouTube playlists specific to the operating system/systems in question for your machines, with videos in those playlists covering the different pieces of the DCOM configuration:
- DCOM Settings Companion Checklist - This checklist can be used either with the videos or the step-by-step tutorials referenced above to record what your settings are and allow you to easily compare them to the recommended settings in our tutorials.
Our users generally find that a combination of the above resources gets them going and past their DCOM issues. However, if you're still banging your head against the wall, you still have an ace up your sleeve - reach out to our knowledgeable support team.
But Isn't There A Way I Avoid DCOM Configuration Issues Entirely?
Ideally, though, you can migrate away from DCOM entirely, rendering the above resources no longer necessary. Now I've mentioned the following options in several other blog posts but I like to mention them again in case you happened to miss them previously or in case you might have forgotten that there are some good alternatives to DCOM that are more secure and much easier to implement and maintain..
As I've stated in previous posts (and it's still relevant), moving away from DCOM for your process control systems is a consideration of how much pain you have and will experience as a result of configuring and troubleshooting OPC Classic systems based on DCOM security weighed against the cost of the migration.
OPC UA and Why It's Easier and More Secure than DCOM
OPC UA is the latest OPC technology intended to supersede the original OPC Classic interface in both ease-of-use, efficiency and, most of all, greater security of your process data. Software Toolbox adopted OPC UA from it's infancy and has a wide variety of OPC UA capable solutions including TOP Server for Wonderware, OmniServer, OPC Data Logger, SLIK-DA with UA, OPC Data Client and more (Click for a list of all Software Toolbox solutions supporting OPC UA).
One of the most common responses we hear when asking OPC Classic users why they aren't using OPC UA is that they have too much invested in OPC Classic systems to just rip-and-replace with OPC UA Clients and Servers.
That's one reason we have a solution called the Cogent DataHub which supports both OPC Classic and OPC UA. It can act as a "gateway" to help you switch your OPC clients and/or servers that already support OPC UA while allowing your other OPC Classic only solutions to work with OPC UA.
OPC Tunneling and Why It's Easier and More Secure than DCOM
Another option, which is existed since before OPC UA, is OPC tunneling. OPC tunneling is a great alternative to DCOM. As with most industrial process technologies, there are multiple tunneling solutions out there (see our guide on the key considerations when picking a tunneling solution).
Our solution for OPC tunneling, the Cogent DataHub, mirrors process data from your OPC server on both sides of the connection, transferring just the raw data for an extremely efficient connection. There are also configurable settings for handling connection breaks with more friendly behavior than making your OPC client wait for a callback that may never come.
And it's far more secure than DCOM - DataHub tunneling supports secure SSL encryption using a self-generated certificate or a certificate you have sourced from a reliable certificate authority such as Symantec, GlobalSign, Thawte and more.
I'm confident when I say that no one enjoys DCOM security. DCOM headaches have a tendency of popping up in unexpected and usually inconvenient ways - why worry with it when you don't have to?
If you haven't already considered migrating away from DCOM on your process systems, I would encourage you to evaluate the pros and cons of implementing an alternative like OPC UA or OPC tunneling in your control systems as you go forward. And, don't forget Software Toolbox is always here as a resource for your OPC questions - just contact us. (And, if you still haven't gotten your copy, our Free 18 Frequently Asked OPC Questions Guide is still available.)