Technical Information

Technical Information Virtualization Guideline for Yokogawa System Products Yokogawa Electric Corporation 2-9-32, Nakacho, Musashino-shi, Tokyo, 180-8750 Japan Tel.: 81-422-52-5634 Fax.: 81-422-52-9802 Copyright Feb. 2014 (YK) 3rd Edition Feb. 2015 (YK)

Blank Page

Preface This document is to be used as a guideline for applying virtualization to Yokogawa IA system products. i Virtualization is a technique for running multiple logical computers on one physical computer to reduce the number of computers. This document describes how to apply virtualization to an OTS (operator training system) and a real plant system. This document is suitable for readers who have basic knowledge of: Plant Instrumentation Systems. Information technology (IT) including the computer, networking, security, etc. Yokogawa s industrial automation systems (e.g. CENTUM VP, ProSafe-RS, Exa Series software packages). Drawing conventions Some drawings may be partially emphasized, simplified, or omitted, for the convenience of description. Trademark CENTUM, ProSafe, Exaopc, Exaquantum, Exapilot, Exasmoc, Exarqe, Exaplog, FAST/ TOOLS, and PRM are registered trademarks of Yokogawa Electric Corporation. OmegaLand is a registered trademark of Yokogawa Electric Corporation and Omega Simulation Co.,Ltd. VMware is a trademark or registered trademark of VMware, Inc. in the United States and other countries. All other company and product names mentioned in this document are trademarks or registered trademarks of their respective companies. Yokogawa does not use TM or marks to indicate those trademarks or registered trademarks in this document. All Rights Reserved Copyright 2014, Yokogawa Electric Corporation

ii Glossary The following table describes words and terms commonly used in this document. Table Words and terms Term ENG FCS Guest OS HIS Hypervisor NIC OPKB OS OTS Physical Server Real Environment SCS SENG SSH (Secure Shell) Server Virtualization Thin Client Virtual Disk Virtual Environment Virtual Machine Virtualization Environment Virtualization Server Virtualization Software Virtualization Technology VM VMware vsphere CENTUM VP Engineering Station CENTUM VP Field Control Station Description Operating System running on a virtual machine CENTUM VP Human Interface Station A method of implementing virtualization software that runs directly on the hardware independently of the operating system Network Interface Card CENTUM VP Operation Keyboard Operating System of a computer Operator Training Simulator/System A server computer that exists physically An environment where the computer running the operating system is the actual physical computer or an environment which is composed of physical computers only ProSafe-RS Safety Control Station ProSafe-RS Safety Engineering Station A protocol to safely communicate with a remote computer using cryptographic and authentication technologies where every network communication including authentication of a password for example, is to be encrypted. A technique for dividing a single physical server into multiple logical servers A client terminal implementing just the minimum necessary functions for the user to connect to and use a server Storage used by a virtual machine An environment where the computer running the operating system is implemented as a virtual machine A machine with the actual physical computer running the operating system implemented virtually by software An environment with the same computer configuration as a real environment implemented in a virtualization server A physical server with the virtualization software installed Software for dividing physical resources such as the CPU, memory, and network resources of a physical server and assigning them to virtual machines Software technology independent of the actual physical hardware for virtually implementing the same functions and services as the physical hardware Abbreviation for Virtual Machine Virtualization software sold by VMware, Inc.

Toc-1 Virtualization Guideline for Yokogawa System Products 3rd Edition CONTENTS 1. Overview of Virtualization... 1-1 1.1 What is Virtualization?... 1-1 1.2 Merits of Virtualization... 1-3 1.3 Concerns for Virtualization... 1-3 2. Target Products for Virtualization... 2-1 2.1 Target Products... 2-1 2.2 Target System... 2-2 2.3 Virtualization System... 2-4 3. Operating Environment of a Virtualized System... 3-1 3.1 Hardware Requirements... 3-1 3.1.1 Virtualization Server (ESXi Host)... 3-1 3.1.2 Management Client... 3-8 3.1.3 Centralized Management Server... 3-8 3.1.4 HMI Client... 3-9 3.1.5 Peripheral Devices... 3-9 3.2 Software Requirements...3-10 3.2.1 Virtual Machine...3-10 3.2.2 Virtualization Server...3-10 3.2.3 Management Client... 3-11 3.2.4 Centralized Management Server... 3-11 3.2.5 HMI Client...3-12 3.2.6 Concerns for Operating Yokogawa Products...3-12 3.2.7 Concerns for the Virtualization Server Management...3-13 4. Guidelines for Considering a Virtualization System... 4-1 4.1 Virtualization System Viewed from RAS Viewpoints... 4-1 4.1.1 Reliability... 4-1 4.1.2 Availability... 4-2 4.1.3 Serviceability... 4-3 4.1.4 Performance... 4-3 4.2 Improved Reliability in Virtualized Systems... 4-4 4.2.1 Availability... 4-4 4.2.2 Serviceability... 4-5

Toc-2 4.3 Examples of Virtualization System used for Yokogawa Products... 4-6 4.3.1 Operator Training System (OTS)... 4-6 4.3.2 Real Plant System... 4-7 4.4 Allotting Resources to Virtual Machines... 4-8 4.5 Implementation Considerations...4-10 4.5.1 Virtualization Target Considerations...4-10 4.5.2 Estimating the Hardware Resources of the Physical Server... 4-10 4.5.3 Peripheral Devices...4-13 4.5.4 Time Synchronization...4-14 4.6 Other Information...4-15 4.6.1 Licenses...4-15 4.6.2 Support Contract...4-16 5. Implementation Procedure... 5-1 5.1 Setup Preparation... 5-2 5.1.1 IP Address... 5-2 5.1.2 Administrator Account and Password... 5-2 5.1.3 Virtualization Software... 5-2 5.1.4 Centralized Management Server Software... 5-3 5.1.5 Other Software... 5-4 5.2 ESXi Host Implementation... 5-5 5.2.1 Hardware Setup... 5-5 5.2.2 Installing VMware ESXi... 5-8 5.2.3 Configuring the Management Network...5-16 5.3 Setting up a Management Client...5-25 5.3.1 Installing VMware vsphere Client...5-25 5.3.2 Installing Tera Term...5-29 5.4 Setting up the ESXi Host...5-34 5.4.1 Adoption of License...5-34 5.4.2 Time Settings...5-38 5.4.3 ESXi Host Security Settings...5-41 5.5 Setting up a Virtual Machine Environment...5-49 5.5.1 Virtual Network Settings...5-49 5.6 Setting up a Centralized Management Server...5-57 5.6.1 Virtual Network Settings...5-57 5.6.2 Deploying the vcenter Server...5-60 5.6.3 Activating vcenter Server...5-67 5.6.4 vcenter Server Security Settings...5-78 5.7 Managing ESXi Host with vcenter Server...5-86 5.7.1 Application of license...5-86 5.7.2 Registration of ESXi Host...5-89 5.7.3 Log Collection Settings...5-94

Toc-3 5.8 Setting up the Guest OS...5-96 5.8.1 Creating the Virtual Machine...5-96 5.8.2 Installing the Guest OS...5-107 5.8.3 Installing the VMware Tools... 5-115 5.8.4 Configuring the Guest OS... 5-118 5.9 Setting up Yokogawa Products...5-126 5.9.1 Installing Yokogawa Products...5-126 5.9.2 Settings after Installing Yokogawa Products...5-131 5.10 Setting up the HMI Client...5-132 5.10.1 Setting up the Wyse TCX Suite...5-133 5.10.2 Wyse T10 Setup...5-139 5.10.3 Setting up a Windows PC...5-141 5.11 Operation Checks...5-141 5.11.1 Checking the Connection between the HMI Client and Guest OS... 5-141 5.11.2 Check Yokogawa Product Startup...5-141 6. Operation... 6-1 6.1 Backup/Restore... 6-1 6.2 Security... 6-2 6.2.1 Guest OS Security... 6-2 6.2.2 Hypervisor Security... 6-2 6.2.3 Client Security... 6-3 6.2.4 Virtual Appliance Security... 6-4 6.3 Applying the Virtual Machine Technology... 6-5 6.3.1 Snapshots... 6-5 6.3.2 Clones... 6-5 6.4 Performance Management... 6-6 6.5 Updating Virtualization Software... 6-7 7. Maintenance... 7-1 7.1 Startup and Shutdown of the Virtualization Server... 7-1 7.1.1 Virtualization Server Startup Procedure... 7-1 7.1.2 Virtualization Server Shutdown Procedure... 7-2 7.2 Changing the Virtual Machine Configuration... 7-5 7.3 Using an External Storage Device... 7-8 7.3.1 USB Device... 7-8 7.3.2 Optical Drives...7-17 7.4 Acquiring Performance Information...7-20 7.5 Acquiring Virtualization Server Logs...7-23 7.6 Operating the ESXi Shell...7-24 7.7 Executing a Backup or Restore...7-25 7.8 Using the vsphere Web Client...7-30 7.8.1 Installing Adobe Flash Player...7-30

Toc-4 7.8.2 Setting up the WEB Browser...7-31 7.8.3 Logging in to vcenter Server...7-31 7.9 Adding VMkernel Port for Time Synchronization of ESXi Host... 7-33 7.10 Using Windows OS as an NTP Server...7-40

1. Overview of Virtualization 1. Overview of Virtualization 1-1 1.1 What is Virtualization? Virtualization is a technique used to make a single piece of physical hardware look like multiple pieces of logical hardware or multiple pieces of physical hardware look like a single piece of logical hardware. Well-known examples of the virtualization technique include server virtualization, desktop virtualization, storage virtualization, and network virtualization. This document describes the YOKOGAWA IA system which uses the server virtualization technique. Server Virtualization Server virtualization is a technique used to divide the hardware resources of a single physical server into multiple logical resources using virtualization software. A virtual hardware environment created using the logical resources is called a virtual machine, and an operating system installed on the virtual machine is called the guest OS. Computer performance enhancements and the advancement of virtualization enables multiple virtual machines to on a single physical server. This allows hardware resources, different operating systems and applications to run independently from each other. Virtualization Software A variety of software is currently available for the virtualization technique. Since they all have their advantages and disadvantages, there is a need to select the appropriate virtualization software according to the virtualization purpose. Virtualization software for virtualizing servers is classified into two types according to the implementation method: Host and Hypervisor. They have features such as those described in the following table. Table 1-1 Comparison of Virtualization Software Characteristics of the virtualization software Host Hypervisor Host OS Required Not required Software manageability Easy Need knowledge Resource control of the physical server Overhead is big Overhead is small Scale of intensity Small scale Large scale Virtualization machine performance Low, not stable High, stable This document describes how to configure server virtualization using hypervisor virtualization software.

1. Overview of Virtualization 1-2 Physical Server Virtual Machine App. Guest OS Virtual Machine App. Guest OS Virtual Machine App. Guest OS Hypervisor Hardware Memory CPU NIC Disk Figure 1-1 Server Virtualization (Hypervisor type) F010101.ai Physical Server Virtual Machine App. Guest OS Virtual Machine App. Guest OS Application Virtualization Software Host OS Hardware Memory CPU NIC Disk Figure 1-2 Server Virtualization (Host type) F010102.ai

1.2 Merits of Virtualization 1. Overview of Virtualization 1-3 One of the advantages of virtualization is the ability to reduce the user s total cost of ownership (TCO) as described below. Reducing the Number of Physical Servers Multiple virtual machines can be created on a single physical server and the hardware resources can be utilized. In addition, operating systems can be run independently on virtual machines, reducing the number of physical servers. Costs are also reduced by lowering the footprint and power consumption. Reducing the Management Costs Maintenance and other management costs can be lowered by reducing the number of physical servers. Power consumption can also be reduced. Reducing the Lifecycle Costs Since virtualization software exists between the physical server hardware and each OS, the relationship between the software (guest OSs and applications) and hardware is loose. A smooth migration to a new physical server from an old one is possible without updating the software. As a result, the maintenance costs can be reduced. Easy Backup and Restoration All virtual machine data is handled as files, facilitating easy backup. Furthermore, since dependence on the physical server hardware is low, restoration can be performed quickly in the event of a failure or disaster. Productivity can be improved by reducing the downtime of the system. 1.3 Concerns for Virtualization The following issues must be considered when introducing virtualization. Initial cost Hardware or a client device with superior specifications, virtualization software, and a Windows license not bundled with the computer itself are required for virtualization. The initial cost can be higher than using non-virtualization. Influence upon Virtualization Server Failure Multiple systems are integrated within a single server, thus when hardware fails it may cause significant influences over the entire system. These influences may be reduced by taking measures in system configuration, but cannot be fully eliminated. For details, refer to Chapter 4 - Guidelines for Considering a Virtualization System. Performance Virtualization enables emulation to be performed without using hardware, which may slow down the server performance, such as screen display speed.

2. Target Products for Virtualization 2-1 2. Target Products for Virtualization This chapter describes Yokogawa IA system products that support virtualization and the application range. A virtualization applicable range differs depending on the real plant system and operator training system (OTS). Even in the real plant, virtualization is available for a component which is not directly connected with a control bus (Vnet/IP). 2.1 Target Products The following table shows the Yokogawa system products that are compatible with virtualization. Table Target Products for Virtualization Product Release No. Model Name Software Name CENTUM VP ProSafe-RS R5.03.00 or later R3.02.00 or later LHS1100/LHM1101, etc. LHS5100/LHM5100, etc. Standard Operation and Monitoring Function, other HIS software Standard Builder Function, other ENG software Operator Training System Real Plant System Yes Yes LHS5420/LHM5150 Test Function Yes LHS5425 LHS5426 LHS5427 CHS5100 CHS5200 Expanded Test Functions FCS Simulator Package HIS Simulator Package Safety System Generation and Maintenance Function Package CENTUM VP/CS 3000 Integration Engineering Package Yes Yes Yes Exaopc R3.71 or later NTPF100 OPC Interface Package Yes Exaquantum R2.80 or later NTPP001, etc. Plant Information Management System Yes Yes Exapilot R3.96 or later NTPS200 Operation Efficiency Improvement Package Yes Yes Exasmoc R4.03.20 or later NTPS410 Multivariable Optimising Control Package Yes Yes Exarqe R4.03.20 or later NTPS420 Robust Quality Estimator Package Yes Yes Exaplog R3.40 or later NTPS100 Event Analysis Package Yes Yes FAST/TOOLS PRM OmegaLand R10.01 or later R3.12 or later V2.5SP3 or later RVSVRN-S11-SA, etc. HMIWEB-S11-001, etc. SSS7700 SSS7710 SSS7740 SSS7780 Visual Modeler, etc. (*1) Exatif R5.03.00 or later LOM9001 (*1) *1: This is a product of Omega Simulation Co., Ltd. Windows Server Package Web-HMI Server Package PRM Server PRM Client PRM Advanced Diagnosis Server PST Scheduler Package Integrated Environment for Dynamic Simulation DCS Connection Interface for Training Simulator Yes Yes Yes Yes

2.2 Target System 2. Target Products for Virtualization 2-2 This Section describes examples of Yokogawa IA system configuration using virtualization. Operator Training System (OTS) Virtualization is applicable to an OTS using the expanded test functions of CENTUM VP or ProSafe-RS and the Exa series target products shown in Section 2.1. The following Figure shows a typical OTS example. HMI Client - OmegaLand Operation HMI Client - CENTUM VP ENG/HIS HMI Client - Exaquantum Client Management Client - VMware vsphere Client RDP Network Management Network Virtualization Server (ESXi Host) OmegaLand - Visual Modeler - EXEC - DB - ITK Exatif - Link Software Lib CENTUM VP - Builder Func. - Test Func. - Expanded Test Exatif - HIS Interface CENTUM VP - Standard O&M - HIS Simulator Exatif - FCS Interface CENTUM VP - FCS Simulator Exaopc - OPC Server Exaquantum - PIMS Server - Web Server Hypervisor (VMware ESXi) Figure 2-1 Example of OTS Using Virtualization F020201.ai For details on an operator training system using the test functions of CENTUM VP, refer to the following GSs. GS 33K10D50-50E LHS5420 Test Function GS 33K10D60-50E LHS5425, LHS5426, LHS5427 Expanded Test Functions, FCS Simulator Package, HIS Simulator Package

Real Plant System 2. Target Products for Virtualization 2-3 Virtualization is applicable to a real plant system using the Exa series, PRM and other target products shown in Section 2.1. The following Figure shows a typical Real Plant system example. Centralized Management Server - vcenter Server Management Client - VMware vsphere Client - SSH Client - WEB Client Management Network Virtualization Server (ESXi Host) Exaquantum - PIMS Server - Web Server PRM - Device Management Server Exaquantum - Explorer Client - Web Client PRM - Device Management Client Hypervisor (VMware ESXi) Application Network (Ethernet) CENTUM VP / HIS - Standard Operation & Monitoring Function Exaopc - OPC Server PRM - Field Communication Server Control Network (Vnet/IP) CENTUM VP / FCS - Control Function for Field Control Station Figure 2-2 Example of a Real Plant System Using Virtualization F020202.ai

2.3 Virtualization System 2. Target Products for Virtualization 2-4 Yokogawa has adopted the VMware vsphere as the virtualization software approved for Yokogawa system products as other competitor products resulted in failures during the evaluation tests. The components that will make up the virtualization system are described below. Virtual Machine In an environment without virtualization, this component would itself exist as a single computer. In virtualization, it refers to the combination of a guest OS that runs on the virtualization server and the software that runs within the guest OS. Virtualization Server This is the physical server on which the virtualization software and virtual machine are run. Multiple virtual machines can be run on one virtualization server. The virtual server in which VMware vsphere was installed is called an ESXi host. Management Client This is the PC used to manage the virtualization server (ESXi host) over the network. The virtualization server is accessed via a vsphere Client running on the PC. Centralized Management Server This is the server in which VMware vcenter Server is installed. The introduction of this server to a virtualization environment enhances the management/monitoring function provided for virtualization software. HMI Client This is the terminal which works as a Human Machine Interface (HMI) of the software on a virtual machine. It connects via a Remote Desktop Protocol (RDP) network. A thin client (dedicated client device) needs to be provided or a PC compatible with Windows 7 or later. Virtual Network A virtual network is a software-based network configured in a virtualization server. The virtual network connects between a virtual machine and a physical NIC, or among virtual machines, and it consists of a virtual NIC and a virtual switch. The virtual switch is connected to an external physical network via the physical NIC connected to it. The virtual machine on the virtual network can be operated in the same way as if connected to the conventional physical network.

2. Target Products for Virtualization 2-5 Figure 2-3 Virtual Network F020301.png USB Redirection The function to connect an USB device connected to an HMI client s USB port with the virtual machine via a network is called USB Redirection. For this function, the USB Redirection Software has to be installed on the guest OS of the virtual machine where the USB devices are connected. Figure 2-4 USB Redirection F020302.png

3. Operating Environment of a Virtualized System 3-1 3. Operating Environment of a Virtualized System 3.1 Hardware Requirements 3.1.1 Virtualization Server (ESXi Host) Virtualization Server Models A VMware adaptable computer is required for use as a virtualization server. An HP or Dell server computer based on Intel CPU is recommended. Please refer to the following VMware Compatibility Guide, and select the server in this list. http://www.vmware.com/resources/compatibility/search.php If the latest model is not found at the above website, please contact the server vendor. Requirements for the Virtualization Server Software for virtualization to be installed on the server has to be determined prior to defining the virtualization server specifications. Required hardware specifications differ by Yokogawa products and related software. The virtualization server specifications must fulfill all requirements. Hardware resources required for Yokogawa products are described below. The calculation method and technique for determining the virtual server are described in Chapter 4. The hardware resources used were contained in each product s GS as of August 31st, 2014. To obtain the latest hardware resources, refer to the current product(s) GS. Hardware resources were determined from each GS by using the following rules: CPU The frequency is the same numeric value as described in the GS and the number of cores is 2 times that described in the GS. This is true if the hyper-threading function of a virtualization server is enabled. If the hyper-threading function is disabled, the number of cores needs to be estimated at half. Video memory If the GS describes graphics specifications such as CRT resolution and display color then the video memory capacity is 128MB or more. In other cases, the memory capacity is 8MB or more. Essential and recommended resources If the GS describes both essential and recommended hardware resource values, the recommended values are used. OS If hardware resource values differ between operating systems, the numeric values of Windows 7 and Windows Server 2008 R2 are used.

3. Operating Environment of a Virtualized System 3-2 Disk The disk space shown in each table is the amount of free disk space required to install the product. The amount of space required to store the data used by the product needs to be estimated separately. CENTUM VP ENG Station Resources CPU Memory Video memory Disk Requirements 4 cores or more, at least 2.93 GHz (for Windows Server OS) 4 cores or more, at least 2.13 GHz (for Windows Desktop OS) At least 8 GB (for Windows Server OS) At least 6 GB (for Windows Desktop OS) At least 128 MB At least 50 GB FCS Simulator Resources CPU Memory Video memory Disk Requirements 4 cores or more, at least 2.93 GHz (for Windows Server OS) 4 cores or more, at least 2.13 GHz (for Windows Desktop OS) At least 8 GB (for Windows Server OS) At least 6 GB (for Windows Desktop OS) At least 8 MB At least 50 GB HIS Simulator Resources CPU Memory Video memory Disk Requirements 4 cores or more, at least 2.93 GHz (for Windows Server OS) 4 cores or more, at least 2.13 GHz (for Windows Desktop OS) At least 8 GB (for Windows Server OS) At least 6 GB (for Windows Desktop OS) At least 128 MB At least 50GB ProSafe-RS SENG Station Resources CPU Memory Video memory Disk Requirements 4 cores or more, at least 2.93 GHz (for Windows Server OS) 4 cores or more, at least 2.13 GHz (for Windows Desktop OS) At least 4 GB At least 128 MB At least 50GB

3. Operating Environment of a Virtualized System 3-3 SCS Simulator Resources CPU Memory Video memory Disk Requirements 4 cores or more, at least 2.93 GHz (for Windows Server OS) 4 cores or more, at least 2.13 GHz (for Windows Desktop OS) At least 4 GB At least 8 MB At least 50 GB Exaopc Without the CAMS for HIS Support function (NTPF100-S1/S3/SB) Resources CPU Memory Video memory Disk Requirements 4 cores or more, at least 2.93 GHz (for Windows Server OS) 4 cores or more, at least 2.66 GHz (for Windows Desktop OS) At least 4 GB At least 8 MB At least 50 GB With the CAMS for HIS Support function (NTPF100-S6) Resources CPU Memory Video memory Disk Requirements 8 cores or more, at least 2.80 GHz (for Windows Server OS) 8 cores or more, at least 2.80 GHz (for Windows Desktop OS) At least 4 GB At least 8 MB At least 40 GB Exaquantum PIMS Server Resources CPU (*1) Memory (*1) (*2) Video memory Disk Requirements Less than 20,000 tags: 4 cores, at least 2.13 GHz 20,000 to 50,000 tags: 4 cores, at least 3.00 GHz More than 50,000 tags: 8 cores, at least 3.00 GHz Less than 20,000 tags: At least 4 GB (till Windows Server 2008 R2) (ditto) At least 8 GB (from Windows Server 2012) 20,000 tags or more: At least 6 GB (till Windows Server 2008 R2) (ditto) At least 10 GB (from Windows Server 2012) At least 8 MB At least 10 GB *1: The requirements for the PIMS server for Exaquantum vary by the volume of the data. *2: When the PIMS server and Web server coexist (combined server), sum the required memory sizes. It is not need to add the memory for clients.

3. Operating Environment of a Virtualized System 3-4 Web Server Resources CPU Memory (*1) Video memory Disk 4 cores, at least 2.13 GHz At least 2GB At least 8 MB At least 2 GB Requirements *1: When the PIMS server and Web server coexist (combined server), sum the required memory sizes. It is not need to add the memory for clients. Client Resources CPU Memory (*1) Video memory Disk 2 cores, at least 2.0 GHz At least 2 GB At least 8 MB At least 3 GB Requirements *1: When the PIMS server and Web server coexist (combined server), sum the required memory sizes. Exapilot Resources CPU Memory Video memory Disk 4 cores, at least 2.66 GHz At least 2 GB At least 8 MB At least 4 GB Requirements Exasmoc APC Server Resources CPU Memory Video memory Disk 4 cores, at least 2.13 GHz At least 3 GB At least 128 MB At least 40 GB Requirements Web Server Resources CPU Memory Video memory Disk 4 cores, at least 2.13 GHz At least 3 GB At least 128 MB At least 60 GB Requirements

3. Operating Environment of a Virtualized System 3-5 Client Resources CPU Memory Video memory Disk 4 cores, at least 2.13 GHz At least 3 GB At least 128 MB At least 40 GB Requirements Exarqe APC Server Resources CPU Memory Video memory Disk 4 cores, at least 2.13 GHz At least 3 GB At least 128 MB At least 40 GB Requirements Web Server Resources CPU Memory Video memory Disk 4 cores, at least 2.13 GHz At least 3 GB At least 128 MB At least 60 GB Requirements Client Resources CPU Memory Video memory Disk 4 cores, at least 2.13 GHz At least 3 GB At least 128 MB At least 40 GB Requirements Exaplog Resources CPU Memory Video memory Disk 4 cores, at least 2.13 GHz At least 2 GB At least 128 MB At least 50 GB Requirements

3. Operating Environment of a Virtualized System 3-6 FAST/TOOLS SCADA Server Resources CPU Memory Video memory Disk 4 cores, at least 3.40 GHz At least 8 GB At least 8 MB At least 300 GB Requirements Web-HMI Server Resources CPU Memory Video memory Disk 4 cores, at least 3.40 GHz At least 8 GB At least 8 MB At least 200 GB Requirements Web-HMI Client Resources CPU Memory Video memory Disk 4 cores, at least 2.50 GHz At least 4 GB At least 128 MB At least 200 GB Requirements PRM PRM Server Resources CPU (*1) Memory (*2) Video memory Disk (*2) Requirements 2 cores, at least 1.00 GHz (300 units or less) 2 cores, at least 2.80 GHz (1000 units or less) 4 cores, at least 2.80 GHz (3000 units or less) At least 2 GB (for Windows Server OS) At least 4 GB (for Windows Desktop OS) At least 128 MB At least 6 GB (300 units or less) At least 8 GB (1000 units or less) At least 13 GB (3000 units or less)

3. Operating Environment of a Virtualized System 3-7 PRM Client Resources CPU (*1) Memory (*2) Video memory Disk (*2) 2 cores, at least 1.00 GHz Requirements At least 2 GB (for Windows Server OS) At least 4 GB (for Windows Desktop OS) At least 128 MB At least 2 GB PRM Advanced Diagnosis Server Resources CPU (*1) Memory (*2) Video memory Disk (*2) Requirements 2 cores, at least 2.80 GHz (300 units or less) 4 cores, at least 2.80 GHz (1000 units or less) 4 cores, at least 2.80 GHz (3000 units or less) At least 2 GB (for Windows Server OS) At least 4 GB (for Windows Desktop OS) At least 8 MB At least 1 GB (300 units or less) At least 3 GB (1000 units or less) At least 8 GB (3000 units or less) Device Diagnosis Data Historian Server Resources CPU (*1) Memory (*2) Video memory Disk (*2) Requirements 2 cores, at least 1.00 GHz (300 units or less) 4 cores, at least 2.80 GHz (1000 units or less) 4 cores, at least 2.80 GHz (3000 units or less) At least 2 GB (for Windows Server OS) At least 4 GB (for Windows Desktop OS) At least 8 MB At least 10 GB (300 units or less) At least 19 GB (1000 units or less) At least 39 GB (3000 units or less) PST Scheduler Server Resources CPU (*1) Memory (*2) Video memory Disk (*2) Requirements 2 cores, at least 2.80 GHz At least 2 GB (for Windows Server OS) At least 4 GB (for Windows Desktop OS) At least 128 MB At least 1 GB

3. Operating Environment of a Virtualized System 3-8 PST Scheduler Client Resources CPU (*1) Memory (*2) Video memory Disk (*2) 2 cores, at least 1.00 GHz Requirements At least 2 GB (for Windows Server OS) At least 4 GB (for Windows Desktop OS) At least 128 MB At least 1 GB *1: If multiple resources are installed together, select a resource that requires the highest specification among those resources. *2: If multiple resources are installed together, sum the capacities of each resources. OmegaLand Resources CPU Memory Video memory Disk Requirements 4 cores or more, at least 2.13 GHz At least 2 GB At least 128 MB At least 50 GB 3.1.2 Management Client The management client sets up and manages the virtualization server via a network using VMware dedicated software (vsphere Client). The setting up of this component is not always necessary because it is used just for management. For a security and management operation, a notebook PC can also be used. Select a management client that meets the following condition: PC running Windows 7 or later 3.1.3 Centralized Management Server A Centralized Management server is a server to enhance the management/monitoring function provided for virtualization software, using the VMware-dedicated software (VMware vcenter Server). This server uses a physical server on which Windows Server OS operates or a virtualization server as one of virtual machines. Hardware requirements differ depending on the number of virtualization servers or virtual machines to be managed. To select a server that meets the requirements, refer to VMware vcenter Server Installation Manual Installation and Setup of vsphere at: https://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html Physical Server Server computer on which a 64-bit Windows Server OS operates For details about other requirements, refer to the VMware manual described above. Virtualization Server Server computer on which the VMware vsphere ESXi host operates For details about other requirements, refer to the VMware manual described above.

3.1.4 HMI Client 3. Operating Environment of a Virtualized System 3-9 An HMI client is a device for operation and monitoring of the software installed in the virtualization machine via a network. A Windows PC or a dedicated Thin Client can be used as the HMI client. The followings describe the hardware requirement: PC: Windows 7 or later Thin Client: T10 from Wyse Technology Inc. 3.1.5 Peripheral Devices OPKB An OPKB may be used with the operation monitoring function (HIS) of CENTUM VP. In this case, a USB connection type OPKB should be prepared. Specifically, the following models can be used: AIP827 AIP830/AIP831 The HMI client using AIP830 or AIP831 as the OPKB needs to have at least two available USB ports. Sound Hardware for playing sound needs to be installed on the HMI client. Multiple Monitors The HMI client needs to meet the following requirements. Compatible with multiple monitors Capable of displaying a resolution of 1280x1024 or better on each screen USB Hardware Key A hardware key for a network license is necessary to use OmegaLand. The key will connect to a USB port on a virtualization server.

3.2 Software Requirements 3.2.1 Virtual Machine OS 3. Operating Environment of a Virtualized System 3-10 The software executing environment for Yokogawa system products apply to the Guest OS on the virtual machine. If the client uses multiple monitors, Windows Server 2008 R2 has to be used as the Guest OS. Software products The same software environment is required for each software product in a virtual implementation as in the real environment. Additional Virtualization Software To use an OPKB connected to a HMI client for HIS, software capable of USB redirection is required. Wyse TCX Suite 5.1 or later This software has to be installed on the Guest OS of HIS. Patch Software CENTUM VP R5.03.xx Patch This patch software is required when using the HIS test function installed in the guest OS of Windows Server 2008 R2 from the HMI client connected via the remote desk top. This patch was applied by CENTUM VP R5.04. Microsoft KB2927767 Applying this patch to the guest OS is suggested when the HMI client connected via the remote desk top is used for audio playing. This patch is automatically installed in CENTUM VP R5.04 or later. 3.2.2 Virtualization Server Virtualization software VMware vsphere 5.5 Standard This software is the first to be installed on the ESXi host to configure hypervisor type virtualization system. Refer to Section 5.1.3 for obtaining the VMware software.

3.2.3 Management Client Virtualization server management software 3. Operating Environment of a Virtualized System 3-11 This software monitors, maintains, and sets up the virtualization server for the VMWare vsphere 5.5 virtualization software. It is divided into two types by the interface format as the following: VMware vsphere Client 5.5 This is the software that operates on the Windows OS. To use this software, install it in the Management Client. This software is essentially required in the initial stage of system construction. VMware Web Client 5.5 This software is the Web interface of the virtualization server centralized management software VMware vcenter Server. To use this software, an Web browser and Adobe Flash Player needs to be installed first in the Management Client. For information on the Web browser type and version and Adobe Flash Player version, refer to the following. [VMware vsphere Documentation] - [vsphere Installation and Setup Guide] https://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html The VMware vsphere Client is essentially required. The VMware Web Client is also required essentially for a virtualization system in which to set up the centralized management server. SSH Connection Software This is the software for use in case of problems the Virtualization Server Management software cannot remedy or system maintenance. To use this software, install it in the Management Client. Tera Term 4.83 or later This is a terminal emulator to be connected from a management client to a virtualization server with SSH. 3.2.4 Centralized Management Server Virtualization Server Centralized Management Software VMware vcenter Server 5.5 This is the software for automating the operation/management of virtual machines and ESXi host, setting the availability function and centralizing management of multiple virtualization servers. To use this software, install it in the Centralized Management server. The Windows version and virtual appliance version are provided for VMware vcenter Server software. The Windows version is compatible with every scale system, but rather a package for a large-scale system (a few thousand VMs or more). This virtual appliance version is oriented for a system of middle scale or less (1000VMs or less). This version is also an all-in package where an OS and software have been set up, thus being easy to introduce and manage and advantageous in cost reduction. Therefore, the virtual appliance version is used for the virtualization of the Yokogawa IA system due to the scale of system and usability of software.

3.2.5 HMI Client 3. Operating Environment of a Virtualized System 3-12 A Windows PC or a dedicated thin client can be used as an HMI Client. The followings describe the software environment. PC Windows 7 SP1 32bit/64bit or later Windows Server 2008 R2 Thin Client Wyse ThinOS 8.0 3.2.6 Concerns for Operating Yokogawa Products Concerns for using Yokogawa products in the virtualization environment are described as follows: CENTUM VP When an HIS is used, the following limitations are applied. 1) Panel set does not function. 2) Execution function from the scheduler will not be implemented. 3) Sequence message request (%RQ) cannot be implemented. 4) A window cannot be displayed for calling up other HIS windows. 5) When a new message is generated, the message window is not automatically displayed. When an HIS is used, an adoption of an OPKB is recommended. Select the OPKB as the destination for output buzzer sounds. Exapilot When the remote desk top is connected, the task bar icon does not blink, but will light up upon receiving a new message. VoiceExe2 for Exapilot cannot be used because it fails to output a sound. OmegaLand OmegaLand software, with the standard software license, cannot be launched from the remote desk top. OmegaLand has to be launched from the management client which directly accesses the VM on the virtualization environment.

3. Operating Environment of a Virtualized System 3-13 3.2.7 Concerns for the Virtualization Server Management Accumulated data may be lost or data display stop when the following actions are taken while Yokogawa products are in operation on the virtualization server. Ensure that Yokogawa products are stopped prior to implementing them, or implement them under conditions that data loss or display stop do not influence the operation. Creation of a new virtual machine File uploading to the data store (*1) Execution of clone/snapshot *1: A disk space to layout the virtual machine image files.

4. Guidelines for Considering a Virtualization System 4-1 4. Guidelines for Considering a Virtualization System This Chapter provides guidelines for building a virtualization system. A real plant system requires a high degree of availability as a control system, thus the high reliability of the system becomes increasingly important. There needs to be a system configuration study taking the above into account, even if using the virtualization technology. However, some system configuration may be difficult to implement due to the virtualization technology. Since an OTS is not a real control system but a simulation system, it may not require a system configuration that achieves high availability. As guidelines to evaluate computer system performance, viewpoints of RAS (Reliability, Availability and Serviceability) are commonly used. The next Section describes the characteristics of a virtualization system from RAS viewpoints. 4.1 Virtualization System Viewed from RAS Viewpoints Individual viewpoints of RAS, they will be minimum failure occurrence, continued operation with minimum effect after failure occurrence and fastest recovery from failure, respectively. 4.1.1 Reliability It can be considered that a virtualization system improves reliability more than a real environment. The following describes reliability for both the software and hardware. Software Software failure means User requirements/needs are not met, notifying the user of software perfection level. A virtualization system requires 3 pieces of software, namely a Guest OS, Yokogawa System Product, and Virtualization Software. A virtualization environment also uses the same programs of Guest OS and Yokogawa System Product as used in a real environment. As a result, this system seems to have the same level of software perfection as that in a real environment. VMware vsphere Virtualization Software is a tried-and-true technologie for Server Virtualization and has a large track record in real environments. As long as Yokogawa has implemented in-company tests, vsphere is the software that meets the needs most satisfactorily and seems to have a high level of perfection. However, vsphere has little track record when used for a control system, thus having some possibilities of encountering unexpected problems. Hardware A basic strategy to reduce hardware failure is to use high-reliability components and reduce the number of hardware components. In server virtualization, the frequency of hardware failures has reduced thanks to use of a higher-reliability server machine than a PC and reduction of the number of PCs through integration. It is also considered that a Thin Client has a lower failure rate than a PC used as an HMI client. However, note that the ripple effect will spread when a virtualization server failed.

4.1.2 Availability 4. Guidelines for Considering a Virtualization System 4-2 The probability of occurrence of the event where the whole system halts due to server failure increases steadily in server virtualization, compared with that in a real environment. The graph in Figure 4-1 shows the probability of occurrence of the event where the whole system function stops. It shows the calculation results of event probability in systems with 3 PCs and 10 PCs in use respectively and the system that has adopted server virtualization. It is clear that the difference in probability increases as the number of integrated PCs increases. Event Probability of System Halt Server 3 PCs all failure 10 PCs all failure 1 Event Probability of System Halt 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 0 0.2 0.4 0.6 PC Failure Rate 0.8 1 Figure 4-1 Image of Event Probability of Virtualization System Halt F040101.ai Consequently, there is a need to reduce system halt time upon system operation. Common measures against this are as follows. Eliminate the period until time to replace spare parts through hardware redundancy. Reduce time to detect a system malfunction. Reduce time to switch to a backup system. Reduce time to restore the system from backup data. The proper use of virtualization technology allows these measures to be supported.

4.1.3 Serviceability 4. Guidelines for Considering a Virtualization System 4-3 The distributed physical PCs can be integrated in a virtualization server using the Server Virtualization technique. This allows control target physical PCs to be reduced in number and brought into uniform management. There will need to begin management/monitoring of virtualization layers such as the virtual machine and hypervisor. Under server virtualization, the user cannot directly view PCs, network, etc. physically existing in a real environment, since they are configured in a virtualization server just like software. For this reason, it is important that the system administrator must fully grasp the whole plant system configuration and be familiar with the architecture of virtualization software in addition to the conventional knowledge of real environments. Management/Monitoring/Diagnostics Various types of sensors are mounted on the hardware of physical servers. The system monitors the hardware using these sensors. The system administrator can gain information such as resource state and performance status from virtualization layers by comprehensively monitoring the information. As the number of virtualization servers increases and the integration quantity becomes massive, there will be a need to select and introduce software to aid these monitoring tasks. Server Replacement A virtual machine is encapsulated and independent of the virtualization server hardware. Thus, a shift to a new server or restoration from a backup is easily made. A current server can also be replaced easily with an alternative. Software Maintenance A virtualization server and virtual machine can be remotely managed using a management client. The clone/snap technology of a virtual machine can also be used for reducing administrator s workload. 4.1.4 Performance Various pieces of hardware are emulated as software in a virtualization system. Screen transfer or mouse/keyboard operation of a virtual machine is always performed through an HMI client via the network. Consequently, screen drawing performance and operability in the HMI environment are inferior to those in a real environment where real hardware operates.

4. Guidelines for Considering a Virtualization System 4-4 4.2 Improved Reliability in Virtualized Systems This Section introduces measures to improve virtualization reliability. 4.2.1 Availability The following will improve availability. Measure 1 - Hardware Failure When using server virtualization, all virtual machines that use redundant hardware can receive the benefits of redundancy. There is no need to change any applications, including the guest OS, before and after implementing redundancy. Use hot-swappable hardware, if available. Examples include: Hot swappable disks with RAID (RAID 1 or RAID 1+0 is recommended) Hot swappable dual configuration power supply Use of ECC memory. Measure 2 - Server Failure due to Hardware Life The probability of server failure due to hardware usage can be reduced by replacing the hardware within its expected life. At the time of replacement, virtualization software maintenance can be performed. A server is commonly provided with a mechanism that manages hardware status. Examples include the periodic replacement of the: Cooling fans Power units Disks Solid State memory, if used. Measure 3 - System Halt Time Reduction <<Currently under study>> Measure 4 - Reduce Unexpected Troubles Implement backup procedures to deal with non-redundant hardware and accidental failures. Examples include: Store backup data within a redundant external network-link storage device. It can be difficult to restore data to a standby system when using a disk(s) in the physical server of a virtualization server. If using a UPS, each virtual machine (vma) is required to run a UPS agent program. If a power outage results in the UPS being used then the virtualization server will be shut down via this agent as the UPS power begins to fail.

4.2.2 Serviceability The following measures will improve serviceability. 4. Guidelines for Considering a Virtualization System 4-5 Measure 1 - Understanding System Conditions Performance and event logs for hypervisor and virtual machines are useful for checking the state of the virtualization system daily and isolating individual problems in a physical server. To understand the condition of a virtualized server, consider the installation of a vcenter Server. Virtualization layers information would be collected within the vcenter Server database to provide an alarm mechanism to continually monitor the collected data, allowing the administrator to be informed of changes in virtualization layer state and any event occurrences. The information provided is futher enhanced if used in combination with monitoring mechanisms (hardware and software) provided with the virtualized server. Measure 2 - System Restoration onto Alternative Server A virtual machine is encapsulated and independent of the virtualization server hardware. When restoring the system to an alternative server, the physical server hardware specification must be identical to the failed server. A virtual machine can be restored onto multiple distributed virtualization servers. Measure 3 - Recovery from an Operating Error If a system error occurs during a software patch, application work, guest OS or Yokogawa IA product update, etc, the use of a clone or snapshot to restore the system to its pre-operation state can be used.

4. Guidelines for Considering a Virtualization System 4-6 4.3 Examples of Virtualization System used for Yokogawa Products This Section shows examples of systems implemented to apply virtualization to Yokogawa products. 4.3.1 Operator Training System (OTS) Figure 4-2 shows an example of an OTS implemented with one virtualization server and Figure 4-3 shows an OTS implemented with two virtualization servers. Virtual Machine Virtualization Server Management Client (vsphere Client) OmegaLand PlantSimulator OmegaLand View-PC ENG/SENG HIS Simulator FCS/SCS Simulator HMI Client (PC or Thin client) HMI Client for HIS (Thin client) VMKernel APP Network Hypervisor OPKB Management Network Virtual Switch L2SW RDP Network Figure 4-2 Example of OTS Implemented with One Virtualization Server F040301.ai Virtual Machine Virtualization Server Management Client (vsphere Client) OmegaLand PlantSimulator OmegaLand View-PC ENG/SENG HIS Simulator FCS/SCS Simulator Exaopc Exaquantum Exapilot Exasmoc/Exareq HMI Client (PC or Thin client) HMI Client for HIS (Thin client) Hypervisor OPKB VMKernel VMKernel Virtual Switch L2SW Management Network APP Network RDP Network Figure 4-3 Example of OTS Implemented with Two Virtualization Servers F040302.ai Both of these examples are composed of HMI clients and a virtualization server(s) to allow easy replacement of an operator training system. Each system has configuration that concentrates data on a virtualization server.

4.3.2 Real Plant System 4. Guidelines for Considering a Virtualization System 4-7 The following figures show examples in which virtualization is applied to a real plant system. Virtual Machine Virtualization Server Data Store Management Client (vsphere Client) vcenter Server Exaquantum Server PRM Server HMI Client (PC or Thin client) Exaquantum Client PRM Client Virtual Switch VMkernel Hypervisor VMkernel Hypervisor Management Network APP Network RDP Network Ethernet HIS Exaopc L2SW Field Communications Server Vnet/IP FCS Figure 4-4 Example of Real Plant System Configuration Using Exaquantum and PRM F040303.ai Virtual Machine Virtualization Server Data Store Management Client (vsphere Client) vcenter Server FAST/TOOLS - SCADA Server - Web HMI Server HMI Client (PC or Thin client) FAST/TOOLS - Web HMI Client Virtual Switch VMkernel Hypervisor VMkernel Hypervisor Management Network APP Network RDP Network Control Network (Ethernet) STARDOM L2SW Ethernet Figure 4-5 Example of Real Plant System Configuration Using FAST/TOOLS F040304.ai Yokogawa IA system products used in direct connection with the control bus (V net or Vnet/ IP) are not targeted for virtualization. The introduction of vcenter Server allows constant collection and long storage of performance data of virtualization layers, thus increasing serviceability. The hardware resources of the physical server are periodically monitored by the management client using the monitoring function the server provides.

4. Guidelines for Considering a Virtualization System 4-8 The client products in the Yokogawa IA system individually require a monitor, and therefore may not receive a great benefit from integration. The system stores data (ESXi configuration information, virtual machine clone in the poweroff state) into a network-linked data storage and a local disk in the virtualization server that is used as simple backup data. 4.4 Allotting Resources to Virtual Machines This Section describes important points to be considered when allocating hardware resources to virtual machines in order to run Yokogawa products in a virtualized environment. Virtualization software is designed to use the hardware of the physical server as effectively as possible. There is therefore the possibility that the resources available for a certain machine will be insufficient because of the operating state of another virtual machine. To guarantee the operation of Yokogawa products on a virtual machine, it is necessary to ensure that the virtual machine has the necessary resources. Be sure to allocate the hardware resources for the corresponding Yokogawa products contained in Chapter 3 (Operating Environment of a Virtualized System) to the virtual machine. CPU Allocate the number of cores shown in the hardware requirements to the virtual machine. Also specify [Reservation] of CPU resource allocation to ensure that the resources are allocated to the virtual machine. The frequency to set is calculated as follows. (CPU reservation frequency) = (CPU frequency) x (Number of cores) 2 Use the CPU frequency and number of cores shown in the hardware requirements. If the frequency of the CPU installed in the physical server differs from the CPU frequency shown in the hardware requirements, change the number of cores to allocate to the virtual machine as follows. (Preliminary number of cores) = (CPU reservation frequency) (Frequency of CPU of physical server) Obtain the required number of cores by multiplying by a coefficient depending on whether hyperthreading (HT) of the physical server is enabled or disabled and is to be rounded up. When HT is enabled: (Number of cores) = (Preliminary number of cores) x 2 When HT is disabled: (Number of cores) = (Preliminary number of cores) Example: When the required CPU resources are 3.00 GHz and 4 cores, the CPU frequency of the physical server is 2.8 GHz, and HT is enabled (CPU reservation frequency) = 3.00 GHz x 4 cores 2 = 6000 MHz (Preliminary number of cores) = 6000 2800 = 2.14 (Number of cores) = 2.14 2 = 4.28 5 (rounded up) Memory Allocate the memory size shown in the hardware requirements to the virtual machine. Also specify [Reserve all guest memory (All locked)] to ensure that the resources are allocated to the virtual machine.

Video Memory Storage 4. Guidelines for Considering a Virtualization System 4-9 Allocate the video memory size shown in the hardware requirements to the virtual machine. There are three format types available for a virtual disk. Type Thin provisioning Lazy Zeroed Thick provisioning Eager Zeroed Description Enables expanding just the used portion of the disk area until it reaches the maximum capacity because space is allocated on demand. The specified space is allocated when the virtual disk is created. The data remaining on the physical disk is not deleted during creation, but is deleted on demand at a later time when the virtual machine writes. The specified space is allocated and the data remaining on the physical disk is zeroed out when the virtual disk is created. It may take longer to create disks in this format. For the disk format of a virtual machine that will run Yokogawa products, specify thick provisioning (eager zeroed) to secure the area to be used in advance and zero format the target area. Securing the area before use ensures that the disk area resources are available. The disk area resources can also be secured before use with thick provisioning (lazy zeroed) but it is recommended thick provisioning (eager zeroed) is used because of the advantages in terms of performance.

4. Guidelines for Considering a Virtualization System 4-10 4.5 Implementation Considerations This Section describes important points to be considered with regards to estimating the hardware specifications of the virtualization server implementing the system and the related devices. 4.5.1 Virtualization Target Considerations Take the following steps when defining a virtualization server. 1. Decide which products to be virtualized. Refer to Section 2.1 for the applicable Yokogawa Products and their release numbers that are compliant with virtualization. 2. Confirm if the hardware resources (CPU, memory, video memory, hard disk capacity) of the applicable product are sufficient for virtualization. Refer to Section 3.1.1 for the required hardware resource of Yokogawa products. 3. Finalize the CPU specifications, memory capacity, and hard disk capacity in accordance with Sections 4.4 and 4.5.2. 4. Finalize the required number of network ports in accordance with the guideline described in Section 4.5.2. 5. Find a server machine suitable for virtualization that fulfills the above conditions. 6. In the case of a server that satisfies the required hardware resources, the virtualization server has to be divided. 4.5.2 Estimating the Hardware Resources of the Physical Server This Section describes the estimating of hardware resources for the physical server for implementing the virtualization server. Estimate the hardware resources for the physical server based on the hardware resources investigated in Section 4.5.1 (Virtualization Target Considerations) as required for each Yokogawa product to be virtualized. CPU Calculate the sum of CPU reservation frequencies of all the Yokogawa products that work on a virtualization server, compare the CPU resources of the physical servers, and select a CPU that satisfies the CPU reservation frequency. If only Yokogawa products are installed on a server Σ [CPU reservation frequency of Yokogawa Products] x 1.25 < [CPU resource] If Yokogawa products and vcenter Server are installed on the same server (Σ [CPU reservation frequency of Yokogawa Products] + 4 GHz) x 1.25 < [CPU resource] For instance, when an ENG station and an FCS simulator are working on virtual machines respectively; ENG Station: 3.00 GHz x 4 cores / 2 = 6.00 GHz FCS Simulator: 3.00 GHz x 4 cores / 2 = 6.00 GHz Sum of CPU reservation frequency = 6.00 + 6.00 = 12.00 GHz

4. Guidelines for Considering a Virtualization System 4-11 VMware s overhead has to be taken into consideration for configuring the virtualization server, which is equivalent to 25% of the Yokogawa products. Therefore, multiply 1.25 to the sum of the CPU reservation frequency calculated above. 12.00 x 1.25 = 16.00 GHz Find a server machine with the CPU resource higher than the above value from the computer vendors in the market. The CPU resource is calculated as follows: [CPU resource] = [CPU frequency - in GHz] x [No. of cores] x [No. of CPUs] For instance, the CPU resource for a server machine with frequency 2.60 GHz and 8 cores is calculated as: 2.6 GHz x 8 cores = 20.8 GHz In this case, a server machine with this CPU specification can be selected. Memory In a virtual environment, it is possible to assign a memory size that is larger than the size of the physical memory installed in the physical server to a virtual machine. However, to guarantee the operation of Yokogawa products, that virtual machine needs to have the memory available for use. Calculate the total memory size required to run the nodes (Yokogawa products) on one virtual server. Then add the memory size used by Hypervisor to that total. The physical server just needs enough memory to cover this total value. If only Yokogawa products are installed on a server [the physical server s memory size] 6 GB + Σ[Yokogawa product s memory size] + Σ[Yokogawa product s video memory] If Yokogawa products and vcenter Server are installed on the same server Virtual machine (*1): 100 pieces or less [the physical server s memory size] 14 GB + Σ [Yokogawa product s memory size] + Σ [Yokogawa product s video memory] Virtual machine (*1): 100 to 1500 pieces [the physical server s memory size] 22 GB + Σ [Yokogawa product s memory size] + Σ [Yokogawa product s video memory] *1: The total number of virtual machines on the virtualization server managed by vcenter Server

Disk 4. Guidelines for Considering a Virtualization System 4-12 Calculate the total disk size required to run the nodes (Yokogawa products) on one physical server. Then add the disk size used by virtualization software to that total. The physical server just needs enough disk space to cover this total value. Furthermore, the disk (storage) device is the slowest device in the hardware resources. Care is required concerning equipment selection and virtual machine placement. Consider selecting a high-speed serial attached SCSI (SAS) hard disk drive and a fast RAID configuration. The following shows the disk capacity the virtualization software requires. Disk size for Hypervisor] = 8 GB [Disk size for virtual machine management] = 100 GB + 2 Σ [memory size] + N Σ [Disk size] (*1)(*2) [Disk size for vcenter Server] = 160 GB *1: Memory size and disk size indicate the memory capacity and disk capacity of each Yokogawa product. Each capacity is summed for the number of virtual machines to be created. *2: N represents the maximum number of times a snapshot runs. Network Card For a network card (NIC) to be installed on a physical server for virtualization, provide one Ethernet card (minimum of 1 Gbps) so that it can collectively manage NICs of multiple virtual machines. In order to prevent the network overloading, segregation of network into three categories is recommended. In such cases, select the kinds and quantity of NICs to have three or more physical LAN ports. 1. Management Network for the virtualization server The management network is a network to manage the virtualization server. In the case where the network is overloaded and information management of the virtualization server cannot be performed, segregation from other networks is recommended. 2. APP Network for application data communication The APP network is a data exchange network among the virtual machine, Yokogawa products and other applications. This is equivalent to the Ethernet communication network in the real environment. In order to avoid influences from other networks, segregation from other networks is recommended. 3. RDP Network for connecting virtual machines to HMI clients. In the virtualization system, the guest OS is operated on the virtual machine via network. In order to avoid the network overloading by the HMI client and/or influences caused by 1 or 2, segregation from other networks is recommended.

4. Guidelines for Considering a Virtualization System 4-13 Virtual Machine Virtual Machine Virtualization Server (ESXi host) Hypervisor (ESXi) Management Client (vsphere Client) HMI Client (RDP Client) VMKernel Physical hardware Management Network APP Network RDP Network Figure 4-6 Example of Network Card Usage F040501.ai Figure 4-6 shows an example of a PC using three NIC with one LAN port; however, an NIC with multiple LAN ports is also available in the market. 4.5.3 Peripheral Devices This Section provides important details regarding the peripheral devices used in the system. HMI Client A display cannot be connected to a virtual machine on a virtualization server. Therefore, an HMI client connected via a network is required to perform operation and monitoring while viewing the screens of Yokogawa products on a virtual machine. HMI client terminal types include not only ordinary PCs but also thin client terminals. There is a need to determine which type of client terminal is appropriate based on things like security, installation location, and function requirements of the client terminal. Multiple Monitors To use multiple monitors with the HMI client, the hardware of the client terminal needs to support multiple monitors and the guest OS of the virtual machine that the client will connect to needs to be Windows Server 2008 R2. OPKB For using a device which is USB-connected to the HMI client on the guest OS, the input/output signals of the USB device must be transmitted via a network. Multiple editions of software to enable such transmittal is available in the market; however, performance of the software is not always guaranteed. The use of the software verified by Yokogawa is recommended. When the applied software, other than the one that Yokogawa recommended, does not function properly, contact each software vendor for technical support.

Printer It is recommended using a network printer be used. 4. Guidelines for Considering a Virtualization System 4-14 UPS A UPS is recommended to protect the physical server implementing the virtualization server from power failures, lightning surges, and other power problems. Unlike in a conventional physical computer environment, multiple virtual machines (guest OSs) can be protected with one UPS. Sound There is no sound generator or speakers in a virtual machine of a virtualization server. Outputting sound from Yokogawa products on a virtual machine thus involves sending the sound data to the HMI client via a network and then playing the sound data with the sound generator and speakers of the HMI client. Sound dropouts, sound loss, and other problems tend to occur when sound is output via a network. Sufficient testing is required before introduction. Remote Server Management Controller A remote server management controller is commonly installed in a physical server to be used as a virtualization server. To refer to physical server logs the BIOS has recorded during operation of the virtualization server, perform this through the management controller for which a license is required. Purchase the license when the physical server(s) is purchased. 4.5.4 Time Synchronization In the virtualization system, the time stamp of the virtual server and each virtual machine are independent from others, and time synchronization by the following method is needed. Time synchronization for the guest OS which tends to desynchronize is strongly recommended. If the virtual machine is managed by the domain controller or multiple number of virtualization servers exist An NTP server has to be set outside of the virtualization server. Let the virtualization server time synchronize to the NTP server. The domain controller s time also has to be synchronized to the NTP server. The time of each virtual machine is to be synchronized to the virtualization server. For detail setting, refer to Chapter 5 (Implementation Procedure). If the system is composed of only one virtualization server with no domain management. Installation of an external NTP server is not mandatory unless time synchronization to the real time is needed. In such cases the virtualization server becomes the time master. Each virtual machine has to synchronize its time to the virtualization server. For detail setting, refer to Section 5.8.4 (Configuring the Guest OS). If the system is composed of a virtualization server and real PCs Installation of an external NTP server is not mandatory, but if time synchronization between each real PC and virtualization server is needed, install the NTP server. Let each virtual machine time synchronize to the virtualization server. For details about settings, refer to Chapter 5 (Implementation Procedure) and Section 7.9 (Adding VMkernel Port for Time Synchronization of ESXi Host).

4.6 Other Information 4.6.1 Licenses 4. Guidelines for Considering a Virtualization System 4-15 The license information related to each software is described in this Section. VMware License Two types of VMware licenses are available paid or free. When the VMware is applied as a system, obtain the software and its paid license suitable for the virtualization server from the computer vendor. When the free license is needed for evaluation or demonstration purposes, it can be downloaded from the VMware, Inc. website. The free license key is also available from the same website. The free software can be upgraded to the paid version. Obtain a license key from VMware, Inc. or its agent. For details, contact VMware, Inc. or its agent. Windows OS License Obtain Windows OS to be used as the guest OS from the computer vendor or other source when purchasing the virtualization server. For cost saving, Microsoft has publicized the license guideline for a virtualization environment as shown below: http://www.microsoft.com/licensing/about-licensing/virtualization.aspx A Windows OEM license bundled with the computer is valid only with the computer where the license is installed. It cannot be transferred to another computer, which is against the license policy. In order to transfer the Windows OEM license to another PC as the virtualization guest OS, a separate license for the virtualization server has to be provided. Downgrading from the newest Windows OS to a previous OS is partly available. Refer to the Microsoft website for more details. Use the publicized information in accordance with Yokogawa products support environment. http://www.microsoft.com/licensing/about-licensing/briefs/downgrade-rights.aspx For more details, contact Microsoft or the computer vendor. Yokogawa Product License Yokogawa product licenses to be installed to each guest OS are the same as the real environment.

4.6.2 Support Contract 4. Guidelines for Considering a Virtualization System 4-16 To receive the support service such as analysis of problems derived from virtualization software and supply of patch software, please purchase Support&Subscription (SnS) from VMware, Inc. Simultaneous purchase of SnS is essential upon purchase of a VMware product. Since SnS has an expiry date (one year at earliest), there is a requirement to repurchase SnS before expiration to extend the period of validity. A service contact differs depending on the purchase method of virtualization software. If both virtualization software and server hardware are simultaneously purchased from a server vendor (OEM) The server vendor can support both server hardware and virtualization software at its support window. It is convenient in case of trouble because the user is provided with support from both aspects of hardware and software. If unbundled virtualization software is purchased Server hardware is supported by your server vendor. As for software, a support contact differs depending on the VMware original part of virtualization software and the driver part supplied by the hardware vendor. As a result, it may take much time to locate the source of trouble if any occurs.

5. Implementation Procedure 5. Implementation Procedure 5-1 The following diagram provides an overview of the virtualization implementation procedure. Start Setup Preparation ESXi Host Implementation Setting Up Management Client Setting Up ESXi Host Setting Up a Virtual Machine Environment Setting Up the Guest OS Setting Up Yokogawa Products Setting Up the Operation Monitoring Client Operation Checks End F050001.ai Figure 5-1 Virtualization System Implementation Procedure

5.1 Setup Preparation This Section describes the setup preparation requirements. 5.1.1 IP Address 5. Implementation Procedure 5-2 Decide the IP addresses to assign to the ESXi host, management client, and virtual machines. Depending on the configuration of the virtual network, at least two IP addresses will be required for the virtual machine (for APP network and RDP network). The ESXi host is provided with two IP addresses to the same network segment for its own server and remote server management controller. If using the centralized management server, prepare another IP address to be allocated to this server. 5.1.2 Administrator Account and Password Decide the administrator accounts and passwords to use for the ESXi host, and management client. If using the centralized management server, the administrator account needs to be used in this server. 5.1.3 Virtualization Software VMware, Inc. offers hypervisor-type software for purchase and for free. The free software allows using limited functions, and upgrading to the priced version is available. A license key must be obtained for using VMware vsphere. The following Section describes how to obtain VMware vsphere and its license key. Newly Purchasing an ESXi Host VMware vsphere and its license key are obtained from a computer vendor. The vendor provides the software that matches with the purchased server specifications and the priced license key. Free software can be downloaded from the VMware website. Use an existing or a rental PC for demonstration purpose Download the VMware vsphere that matches with the server specifications from the PC vendor s website. For the priced version software, please place an order to VMware, Inc. or its agent. The license key for the free software can be obtained via VMware s website as shown below.

How to download the free software 5. Implementation Procedure 5-3 The method of downloading the free software license key is shown below. 1. Go to the Download site: http://www.vmware.com/try-vmware 2. Register yourself as a user to the VMware website. 3. Click on [vsphere Hypervisor] out of [Free Product Downloads] pop menu, which appears by placing a mouse over the [Downloads] tab in the VMware top page. 4. Web page VMware vsphere Hypervisor 5.5 Download Center appears. 5. Log in to the [Register to download your Free Product] login form on the right side of the web page using the information registered at #1 above. 6. After log in, click [License & Download] tab in the middle of the VMware vsphere Hypervisor 5.5 Download Center web page. Then [License information] appears to lead you to the free software license key section. Download the free virtualization software from VMware, Inc. from the same web page as above #6. ESXi ISO image (includes VMware Tools) VMware vsphere Client Burn the ESXi ISO image file to a CD-R in preparation for software installation. 5.1.4 Centralized Management Server Software This software needs to be purchased separately from virtualization software. Software Download the centralized management server software from the VMware website. Download site: http://www.vmware.com/ VMware vcenter Server ISO image (for the Windows version) VMware vcenter Server ova file (for the virtual appliance version) License key Place an order with VMware dealer for the license of a paid version. Acquire the license key by downloading from the VMware website. Firewall configuration template file Perform firewall configuration of vcenter Server using a template file. Acquire the template file by downloading from the following VMware website. http://kb.vmware.com/kb/2047585

5. Implementation Procedure 5-4 5.1.5 Other Software USB redirection software USB redirection software is required to use an OPKB. We recommend Wyse TCX Suite that can be downloaded from the following site. To log in to the download site, register with Wyse as a user. Downloads site: http://support.wyse.com Wyse TCX Server Suite Wyse TCX Client Suite (1) Access the above Web site, and click [Dell Wyse self-service portal] at the low left part of the web page. (2) On the appeared web page, click [Wyse TCX Server Suite prod64 5.1.0.xx.msi] (for 64 bit) or [Wyse TCX Server Suite prod32 5.1.0.xx.msi] (for 32 bit), and [Wyse TCX Client Suite. msi] in order to download. Adobe Flash Player To access vcenter Server using vsphere Web Client, install the Adobe Flash Player in the WEB browser of the Management Client. Adobe Flash Player is required when executing the procedure in Section 5.6 (Setting up a Centralized Management Server). If this software has not been installed in the management client, acquire the installer of a standalone version from the following web page. A downloaded file differs depending on the WEB browser to be used. Download the file according to the instructions on the web page. http://helpx.adobe.com/flash-player.html Tera Term Tera Term is required when handling ESXi host trouble with SSH client or executing the procedure in Section 5.6 (Setting up a Centralized Management Server). To use this software, install it in the management client. Download the installer in the exe format according to the instructions on the following official web page. http://ttssh2.sourceforge.jp/index.html.en

5.2 ESXi Host Implementation 5.2.1 Hardware Setup BIOS Setting 5. Implementation Procedure 5-5 Change the BIOS settings of the physical server of the ESXi host to optimize the performance of the ESXi host. Hardware Virtualization Support Functions Enable the CPU (VT-x), MMU (Intel EPT), and I/O MMU (VT-d) virtualization support functions. Intel Turbo Boost and Hyper-Threading Technology Enable these functions if the CPU is compatible with them. NUMA Disable [Node interleaving]. Power Management Set the power plan to [High performance]. C1E Enable [C1E State] for putting the CPU in the halt state.

Hardware Clock 5. Implementation Procedure 5-6 Set the hardware clock to [UTC]. The BIOS setting differs by each server machine. Contact the computer vendor for details. The below table shows examples of DELL and HP. Table 5-1 Dell PowerEdge and HP ProLiant Gen8 Setup Examples Item DELL PowerEdge HP ProLiant Gen8 Hardware Virtualization Support Functions Intel Turbo Boost Intel Hyper-Threading NUMA Power Management C1E Hardware Clock [Processor Settings]-[Virtualization Technology]=[Enable] [Processor Settings]-[Turbo Mode]=[Enable] [Processor Settings]-[Logical Processor]=[Enable] [Memory Settings]-[Node Interleaving]=[Disable] [System Profile Settings]-[System Profile] [System Profile] = [Performance] [System Profile Settings]-[C1E]=[Disable] [Miscellaneous]-[System Time], [Miscellaneous]->[System Date] setup with UTC [System Options]-[Processor Options]-[Intel Virtualization Technology]=[Enable] [System Options]-[Processor Options]-[Intel VT-d]=[Enable] [System Options]-[Processor Options]-[No Execute Memory Protection]=[Enable] [System Options]-[Processor Options]-[Intel Turbo Boost Technology]=[Enable] [System Options]-[Processor Options]-[Intel Hyperthreading Options]=[Enable] [Advanced Options]-[Advanced Performance Tuning Options]-[Node Interleaving]=[Disable] [Power Management Options]-[HP Power Profile]=[Maximum Performance] [Power Management Options]-[Advanced Power Management Options]-[Minimum Processor Idle Power Core State]=[No C-State] [Date and Time] set clock with UTC Setting up Built-in Remote Server Management Controller A remote server management controller is commonly installed in a physical server. To refer to physical server logs the BIOS has recorded during operation of the virtualization server, you can perform this through the controller. An applicable controller is 'idrac' for Dell PowerEdge Server or 'ilo' for HP ProLiant Server. To remotely use this controller, allocate an IP address to it. The allocation method differs depending on the server. For details, contact each computer vendor. The procedure examples for setting up the two installer models for Dell and HP are shown below.

In case of DELL idrac7 (for Dell PowerEdge R720) 5. Implementation Procedure 5-7 1. Start the server, and when "[F2]=[System Setup]" is displayed, press the [F2] key. 2. The "System Setup" utility starts up. 3. Select [idrac Setting] - [Network] from the menu, and then set up as shown in the table below. Primary item Secondary item Description [NETWORK SETTINGS] [Enable NIC] Enabled [NIC Selection](*1) <LOMn (select LAN port)> [Enable IPv4] Enabled [IPV4 SETTINGS] [IP Address] <IP address> [Gateway] <gateway address> [Subnet Mask] <subnet mask> [Enable IPMI Over LAN] Enabled [IPMI SETTINGS] [Channel Privilege Level Limit] Administrator [Encryption Key] <default value> as it is *1: Select NIC (or LAN port) to which an IP address is allocated in Section 5.2.3 (Configuring the Management Network). 4. Restart the server. In case of HP ilo4 (for HP ProLiant Gen8 DL380p) 1. Start the server. 2. When "ilo4 Standard press [F8] to configure" is displayed, press the [F8] key. 3. The "Setup Utility" program starts up. 4. Select [Network] - [DNS/DHCP] from the menu. 5. Set this item to [DHCP Enable]=OFF, and then press the [F10] key. 6. Select [Network] - [NIC and TCP/IP] from the menu. 7. Input [IP Address]/[Subnet Mask]/[Gateway IP Address], and then press the [F10] key. 8. Restart the server.

5.2.2 Installing VMware ESXi 5. Implementation Procedure 5-8 (1) Boot from the VMware ESXi installation CD-ROM media. The boot menu appears. Select [ESXi Installer], and then press the [Enter] key. (2) Please wait while the installer makes the necessary preparations to install ESXi. F050201.png F050202.png

5. Implementation Procedure 5-9 (3) The installer continues preparing for the installation. Please wait a while. F050203.png (4) End User License Agreement for using ESXi appears. Press the [F11] key to continue the process. F050204.png

(5) Select a disk to install ESXi, and then press the [Enter] key. 5. Implementation Procedure 5-10 (6) Select the appropriate keyboard layout. F050205.png F050206.png

5. Implementation Procedure 5-11 (7) Set the password for ESXi. F050207.png (8) The Confirm Install screen appears. Press the [F11] key to continue the process. F050208.png

(9) The installation begins and the progress is displayed. 5. Implementation Procedure 5-12 (10) The Installation Complete screen appears. Press the [Enter] key to reboot. F050209.png F050210.png

(11) The Rebooting Server screen appears. Please wait a while. 5. Implementation Procedure 5-13 (12) The server reboots and the startup screen appears. Press the [Enter] key to continue the process. F050211.png F050212.png

5. Implementation Procedure 5-14 (13) Please wait while the boot process begins. F050213.png (14) The screen changes and the boot process continues. Please wait a while. F050214.png

5. Implementation Procedure 5-15 (15) The boot completes and the initial screen appears. The installation is now finished. F050215.png

5.2.3 Configuring the Management Network (1) Next, configure the management network. 5. Implementation Procedure 5-16 F050216.png

5. Implementation Procedure 5-17 (2) Press the [F2] key to log in to the System Customization screen. The login name and password input screen appears. Enter root for [Login Name] and the password you set in the previous section for [Password]. When you have finished entering them, press the [Enter] key. (3) The System Customization screen appears. F050217.png F050218.png

5. Implementation Procedure 5-18 (4) Select [Configure Management Network], and then press the [Enter] key. (5) Select [Network Adapters], and then press the [Enter] key. F050219.png F050220.png

5. Implementation Procedure 5-19 (6) The available network adapters appear. Select the network adapter to use for the management network, and then press the [Enter] key. (7) Select [IP Configuration], and then press the [Enter] key. F050221.png F050222.png

5. Implementation Procedure 5-20 (8) When setting a static IP, select [Set static IP address and network configuration], set [IP Address], [Subnet Mask], and [Default Gateway], and then press the [Enter] key. (9) Select [IPv6 Configuration], and then press the [Enter] key. F050223.png F050224.png

5. Implementation Procedure 5-21 (10) In this example, we will disable the IPv6 setting. Select [Enable IPv6], and then press space key (clear the x mark). Next, press the [Enter] key. (11) If you wish to configure the DNS settings, select [DNS Configuration], and then press the [Enter] key. F050225.png F050226.png

5. Implementation Procedure 5-22 (12) Set the DNS server and the host name for the ESXi server, and then press the [Enter] key. (13) When you have finished configuring all of the settings, press the [Enter] key to apply the changes to the settings. F050227.png F050228.png

5. Implementation Procedure 5-23 (14) If you have changed settings that require a reboot, a reboot confirmation dialog box appears. Press the [Y] key to reboot. (15) The Restart Host dialog box appears. Please wait a while. F050229.png F050230.png

5. Implementation Procedure 5-24 (16) If the set IP address appears on the initial screen as shown below, the settings are complete. F050231.png

5.3 Setting up a Management Client 5.3.1 Installing VMware vsphere Client 5. Implementation Procedure 5-25 Log in to the Windows PC that is the installation destination as a user with system administrator rights for the Windows PC. Run the Windows installer for VMware vsphere Client. (Use the downloaded installer by following the instructions in Section 5.1.3.) (1) A dialog box for selecting the language for the installation appears. Select [English], and then click [OK]. (2) The welcome screen of the installation wizard for VMware vsphere Client appears. Click [Next]. F050301.png F050302.png

5. Implementation Procedure 5-26 (3) The End User License Agreement screen appears. Select [I accept the terms in the license agreement], and then click [Next]. (4) Select the installation destination folder, and then click [Next]. F050303.png F050304.png

(5) The "Ready to Install the Program" screen appears. Click [Install]. 5. Implementation Procedure 5-27 (6) The installation begins. Please wait a while. F050305.png F050306.png

5. Implementation Procedure 5-28 (7) The "Installation Completed" screen appears. Click [Finish]. The installation is now finished. F050307.png

5.3.2 Installing Tera Term 5. Implementation Procedure 5-29 Install Tera Term as an SSH client to be used for handling ESXi host trouble or installing vcenter Server. Log in to a Windows PC as the user with the system administrator privilege of the PC where to install this software. Run the Windows installer of Tera Term using the following procedure. (Use the installer downloaded according to Section 5.1.5 (Other Software).) (1) The dialog box to select a language to be used for installation appears. Select [English] and then click on [OK]. (2) The "Tera Term Setup Wizard" screen is displayed. Click on [Next]. F050308.png F050309.png

5. Implementation Procedure 5-30 (3) The "License Agreement" screen is displayed. Select the radio button of "I accept the agreement", and then click on [Next]. (4) Select a destination folder in which to install Tera Term, and then click on [Next]. F050310.png F050311.png

5. Implementation Procedure 5-31 (5) On the "Select Components" screen that appears, select [Compact installation], and then click on [Next]. F050312.png (6) The "Select Language" screen is displayed. Check the "English" radio button, and then click on [Next]. F050313.png

5. Implementation Procedure 5-32 (7) The "Select Start Menu Folder" screen is displayed. Leave the default setting as it is, and then click on [Next]. (8) The "Select Additional Tasks" screen is displayed. Uncheck all the check boxes, and then click on [Next]. F050314.png F050315.png

5. Implementation Procedure 5-33 (9) The "Ready to Install" screen is displayed. Click on [Install] to start installation. (10) The "Completing the Tera Term Setup Wizard" screen is displayed. Click on [Finish]. F050316.png F050317.png

5.4 Setting up the ESXi Host 5.4.1 Adoption of License 5. Implementation Procedure 5-34 (1) The license can be applied from VMware vsphere Client. Log in to the ESXi host using vsphere Client from the management client PC. F050401.png

5. Implementation Procedure 5-35 (2) A security warning appears. Click [Ignore]. F050402.png (3) Click the [Inventory] icon. F050403.png

5. Implementation Procedure 5-36 (4) Click the [Edit] link at the top right of [Licensed Features] displayed on the [Configuration] tab. F050404.png

5. Implementation Procedure 5-37 (5) The Assign License dialog box appears. Select [Assign a new license key to this host], and then click [Enter Key]. (6) The Add License Key window appears. Enter the license key in [New license key], and then click [OK]. F050405.png F050406.png

5. Implementation Procedure 5-38 5.4.2 Time Settings Configure the time settings of the ESXi host. Time Correction 1. Log in to the virtualization server via vsphere Client from the management client. 2. Select [Time Configuration] from the [Software] section on the [Configuration] tab of vsphere Client, and then click [Properties]. 3. The Time Configuration dialog box appears. Manually set [Date and Time] to match the real time, and then click [OK]. NTP Configuration Procedure To automatically synchronize the time with the real time, use NTP. 1. Log in to the virtualization server via vsphere Client from the management client. 2. Select [Time Configuration] from the [Software] section on the [Configuration] tab of vsphere Client, and then click [Properties]. 3. The Time Configuration dialog box appears. Select the [NTP Client Enabled] check box, and then click [Options]. F050407.png

5. Implementation Procedure 5-39 4. The NTP Daemon (ntpd) Options dialog box appears. Select [NTP Settings], and then click [Add]. 5. The Add NTP Server dialog box appears. Enter the IP address of the NTP server to use, and then click [OK]. F050408.png F050409.png

5. Implementation Procedure 5-40 6. The NTP Daemon (ntpd) Options dialog box reappears. Select [General], select [Start and stop with host] for [Startup Policy], and then click [OK]. F050411.png

5.4.3 ESXi Host Security Settings 5. Implementation Procedure 5-41 Configure the security settings for the ESXi host itself. For details on which settings are suitable, refer to the Security Section in Chapter 6 (Operation). Firewall Settings Set the firewall to restrict access to VMKernel of the ESXi host itself. 1. Log in to the virtualization server via vsphere Client from the management client. 2. Click the [Security Profile] link in the [Software] section on the [Configuration] tab of vsphere Client. F050412.png

5. Implementation Procedure 5-42 3. Click [Properties] of Firewall. The Firewall Properties window appears. F050413.png

5. Implementation Procedure 5-43 4. To prevent access to a service, clear the check box. To permit access to a service, select the check box, click [Firewall], and change the setting. F050414.png Stopping Unnecessary Services Refer to Section 6.2.2 to stop unnecessary services. 1. Log in to the virtualization server via vsphere Client from the management client. 2. Click the [Security Profile] link in the [Software] section on the [Configuration] tab of vsphere Client. (Refer to "Firewall Settings.")

5. Implementation Procedure 5-44 3. Click [Properties] of [Services]. The Services Properties window appears. F050415.png

5. Implementation Procedure 5-45 4. Select the service you want to stop, and then click [Options]. The options window for the selected service appears. Click [Stop] to stop the service. F050416.png Adding users to the ESXi host 1. Log in to the virtualization server from the management client using vsphere Client. 2. Select [Local Users & Groups] from [Inventory] tab of the vsphere Client. F050417.png

5. Implementation Procedure 5-46 3. Select [Add] by right-click at a blank space of [Local Users & Groups] tab. 4. Add New User window is displayed. Key in a new user s log-in name and password, then click [OK]. F050418.png 5. This user is added on to the User Account List. F050419.png

5. Implementation Procedure 5-47 Configuring the Roles and Permissions for the Users Who Can Log In to the ESXi Host The user role and its authorization can be customized by the following procedures. It enables an efficient management of the ESXi host. 1. Log in to the virtualization server via vsphere Client from the management client. 2. Set the authority by assigning the role to each user. Select [Permissions] tab and click [Add Permission] out of the right-click menu. F050420.png 3. Assign the role to each user when Assign Permissions window is displayed. Click on [Add] button in the [Users and Groups] section. F050421.png

5. Implementation Procedure 5-48 4. Select Users and Groups window is displayed. Select a user and click on [Add] button, then [OK]. 5. Return to Assign Permissions window. Select the assigned role and click on [OK]. The below example shows the User01 is assigned a role as an Administrator. F050422.png F050423.png

5. Implementation Procedure 5-49 5.5 Setting up a Virtual Machine Environment 5.5.1 Virtual Network Settings Configure the virtual network settings of the ESXi host. The network settings need to be configured in accordance with the configuration of the virtual machines that will run on the ESXi host. Set up a network configuration that consists of the following three ports or port groups. Management Network Application Data (APP) Network Remote Desktop Protocol (RDP) Network Multiple virtual machine networks are required in accordance with the configuration of the virtual machines that will run on the ESXi host. It is recommended to use a different virtual switch to connect to each of the three network types. To connect the individually created virtual switches with external networks, assign the physical adapters (LAN port of NIC) individually. Creating the Management Network Separate the management network and VM network because they are configured with the same virtual switch in the state immediately after installation. F050501.png

5. Implementation Procedure 5-50 1. Log in to the virtualization server via vsphere Client from the management client. 2. Select [Networking] from the [Hardware] section on the [Configuration] tab of vsphere Client. 3. Click [Properties] of the standard switch to which the Management Network and VM Network are both connected at the same time. Select the [Ports] tab of the virtual switch properties, select the VM Network side, and then click [Remove] so that only the Management Network remains. F050502.png

5. Implementation Procedure 5-51 F050503.png

Creating the Application Data (APP) Network 5. Implementation Procedure 5-52 1. Log in to the virtualization server via vsphere Client from the management client. 2. Select [Networking] from the [Hardware] section on the [Configuration] tab of vsphere Client. 3. Click [Add Networking] at the top right. Select [Virtual Machine] in [Connection Types], and then click [Next]. F050504.png

5. Implementation Procedure 5-53 4. Select [Create vsphere standard switch], select the check box for the appropriate physical adapter, and then click [Next]. When creating a virtual switch that will not connect with an external network, where a physical adapter does not need to be selected. F050505.png

5. Implementation Procedure 5-54 5. Enter APP Network for the Network Label field in the [Port Group Properties] section, select [None (0)] for VLAN ID (Optional), and then click [Next]. F050506.png

6. A summary appears. Check the details, and then click [Finish]. 5. Implementation Procedure 5-55 F050507.png

Creating the RDP Network Create the RDP Network in the same way as the APP Network. 5. Implementation Procedure 5-56 F050508.png

5. Implementation Procedure 5-57 5.6 Setting up a Centralized Management Server The following shows the setup procedure to configure a Centralized Management Server as a virtual machine. 5.6.1 Virtual Network Settings Create a port group via which the virtual machine of Centralized Management Server is connected to the management network for ESXi Host. Add this port group to the virtual switch of the management network. Adding the port group for management network 1. Log in to ESXi Host via vsphere Client from the management client. 2. Select [Networking] from the [Hardware] section on the [Configuration] tab of vsphere Client. 3. Click [Properties] of the virtual switch (vswitch0 in the example shown below) to which a port named as "Management Network" is connected. F050601.png

5. Implementation Procedure 5-58 4. The Virtual Switch Properties ("vswitch0 Properties" in the example shown below) dialog will be displayed. Then, click on the [Add] button. 5. The "Add Network Wizard" dialog will be displayed. Select the radio button of [Virtual Machine] in [Connection Types], and then click [Next]. F050602.png F050603.png

5. Implementation Procedure 5-59 6. Enter a port group name for Management Network ("Management Network for VM" in the example shown below) for the Network Label field in the [Port Group Properties] section, select [None (0)] (default) for VLAN ID (Optional), and then click [Next]. 7. A summary appears. Check the details, and then click [Finish]. F050604.png F050605.png

5.6.2 Deploying the vcenter Server 5. Implementation Procedure 5-60 The following shows the procedure for installing a virtual appliance version of the vcenter Server software. 1. Copy ova files which have been downloaded for vcenter Server in "5.1.4 Centralized Management Server software" onto the management client. 2. Log in to ESXi Host via vsphere Client from the management client. 3. Click on [Deploying OVF templates] in the [File] menu of the vsphere Client. 4. The "Deploy OVF Template" dialog is displayed. 5. Click the [Browse] button to select the files mentioned in Step 1, and then click on [Next]. F050606.png

5. Implementation Procedure 5-61 6. The "OVF Templates Details" screen is displayed. Make sure that the product name is "VMware vcenter Server Appliance", and then click on [Next]. F050607.png

5. Implementation Procedure 5-62 7. Enter an appropriate name of the virtual machine in the "Name" field, and then click on [Next]. F050608.png

5. Implementation Procedure 5-63 8. Select the datastore to deploy the virtual machine there, and then click on [Next]. F050609.png

5. Implementation Procedure 5-64 9. Select [Thin Provision] as a format applied to the virtual disk, and then click on [Next]. F050610.png

5. Implementation Procedure 5-65 10. Specify the port group name created in "5.6.1 Virtual Network Settings" as "Target Network". F050611.png

11. As a summary appears, check the details and then click [Finish]. 5. Implementation Procedure 5-66 12. Deployment of the virtual appliance will begin. Wait for the operation completed. F050612.png F050613.png

5.6.3 Activating vcenter Server 5. Implementation Procedure 5-67 Since vcenter Server is now simply deployed on the target virtual machine according to the suggestions given in the previous section, indispensable settings for actual operation are still insufficient. Therefore, it is necessary to add more setup information to activate vcenter Server now. Continued installation work 1 (on vsphere Client) 1. Log in to ESXi Host via vsphere Client from the management client. 2. Select the virtual machine created according to "5.6.2 Deploying vsphere Client" from [Inventory] of vsphere Client, and click [Open Console] in the right-click menu. 3. Select [Power] - [Power ON] from the [Virtual Machine] menu on the console screen. F050614.png

5. Implementation Procedure 5-68 4. When the login screen of vcenter Server appears, press the [Enter] key. 5. Enter "root" as [User name] and "vmware" as [Password] to log in to Console. 6. Enter the following command via Console to modify the network configuration. > /opt/vmware/share/vami/vami_config_net F050615.png F050616.png

5. Implementation Procedure 5-69 7. With the network setting menu set both IP address and Netmask. When you have entered "6", press the [Enter] key. 8. Enter keys as follows according to queries posed by the program, and then press [Enter]. [Configure an IPv6 address for eth0? y/n [n]:] => n [Configure an IPv4 address for eth0? y/n [n]:] => y [Use a DHCPv4 Server instead of a static IPv4 address? y/n [n]:] => n [IPv4 Address []:] => <IP address> [Netmask []:] => <Netmask> [Is this correct? y/n [y]:] => y * Enter both IP address and netmask in the values according to the user environment. F050617.png

5. Implementation Procedure 5-70 9. When the [Main Menu] menu appears, enter "1" and press the [Enter] key. F050618.png 10. When you have returned from the network setting menu, enter "exit" to the displayed prompt and press the [Enter] key. This makes you return to the login screen shown in Step 4. Continued installation work 2 (on WEB Browser) The rest of continued installation works must be implemented on your WEB environment. Therefore, this guidance supposes that the user is at an appropriate WEB browser on the management client. In addition, use Internet Explorer as the WEB browser. 11. Start up the WEB browser from the management client, and then access to the following URL. https://<vcenter Server IP address>:5480/

5. Implementation Procedure 5-71 12. Though a warning message "There is a problem with this website's security certificate" appears, disregard it and click on [Continue to this website (not recommended)]. 13. Enter "root" as [User name] and "vmware" as [Password], and then click on [login]. F050619.png F050620.png

5. Implementation Procedure 5-72 14. The setup operation begins to continue and "Accept EULA" page will be displayed. Select the [Accept license agreement] check box, and then click on the [Next>] button. 15. "Configure Options" page will be displayed. Select the [Set custom configure] check box, and then click on the [Next>] button. F050621.png F050622.png

5. Implementation Procedure 5-73 16. "Database settings" page will be displayed. Leave the indicated default value ([Database type] = "embedded") as-is and click on the [Next>] button. 17. "SSO settings" page will be displayed. Enter the password for "administrator@vsphere. local" user and then click on the [Next>] button. F050623.png F050624.png

5. Implementation Procedure 5-74 18. "Active Directory settings" page will be displayed. Enter the following information and then click on the [Next>] button. Item [Active Directory Enabled] [Domain] [Administrator user] [Administrator password] Description Unchecked Blank Blank Blank F050625.png

5. Implementation Procedure 5-75 19. "Time synchronization" page will be displayed. Select the [VMware Tools synchronization] radio button, and then click on the [Next>] button. 20. "Review configuration" page will be displayed. Confirm the information contents and then click on the [Start] button. F050626.png F050627.png

5. Implementation Procedure 5-76 21. The setup configuration now begins to be established. When this operation finishes, click on the [Close] button. F050628.png

5. Implementation Procedure 5-77 22. This makes "VMware vcenter Server Appliance" page appear. In this page click the [Admin] tab to modify both password and period of validity of the default administrator user. Enter the required information and click on the [Submit] button. Item [Current administrator password] [New administrator password] [Retype the new password] [Administrator password expires] Description vmware <New password> <New password> Select [Yes]. F050629.png

5.6.4 vcenter Server Security Settings 5. Implementation Procedure 5-78 vsphere Web Client needs to be used for implementing the contents of this section. While referring to Section 7.8.1, make preparatory settings for the available web browser. This Section describes the procedure to set up the conditions described in Section 6.2.4 (Virtual Appliance Security). "vsphere Security Guide" "Restrict Use of the Administrator Privilege" Creating a group to which the system administrator account of vcenter Server belongs With the following procedure add the group to vcenter Server. 1. Log in to vcenter Server by accessing to vsphere Web Client via the WEB browser of the administrator client. 2. Using the object navigator of the vsphere Web Client home page select [Administration] - [Users and Groups]. 3. Click [Groups] tab and then click the [New Group] icon contained there. F050630.png

5. Implementation Procedure 5-79 4. As the "New Group" window appears, enter an appropriate group name and click on the [OK] button. F050631.png Creating a system administrator account of vcenter Server Use the following procedure to add a user account to vcenter Server. 1. Log in to vcenter Server by accessing to vsphere Web Client via the WEB browser of the management client. 2. Using the object navigator of the vsphere Web Client home page select [Administration] - [Users and Groups]. Then, select [vsphere.local] as a domain choice from the [Users] tab. F050632.png

5. Implementation Procedure 5-80 3. When you click on the [New User] icon, the "New User" window will be displayed. Enter your user name password and then click on the [OK] button. F050633.png 4. Click [Groups] tab to select a group to which the user joins and then click the [Add Members] icon. F050634.png

5. Implementation Procedure 5-81 5. The "Add Principals" window will appear. Select a setting of [Domain] = "vsphere.local", specify the user from the [User/Group] list, and then click the [Add] button. After confirming that the specified user is added in the [Users] field, click on the [OK] button. F050635.png "Restrict Use of the Administrator Role" Configuring the Roles and Permissions for Users who can log in to vcenter Server Use the following procedure to assign the roles to the group to which the user belongs. The following example shows a case where the system administrator of vcenter Server is assigned as the user's role. 1. Log in to vcenter Server by accessing to vsphere Web Client via the WEB browser of the management client.

5. Implementation Procedure 5-82 2. Use the object navigator of the vsphere Web Client home page to select [vcenter Server], select the same from the inventory list, and specify the vcenter Server for assigning appropriate roles and privileges to users. In the example shown below "VCSA.localdom" is selected. 3. Click [Permissions] tab accessible from the [Manage] tab, and then click the [Add Permission] icon contained there. F050636.png F050637.png

5. Implementation Procedure 5-83 4. The "Add Permission" window will appear. Then, click on the [Add] button. 5. The "Users and Groups" window will appear. Select [VSPHERE.LOCAL] as [Domain], select a group from the [User/Group] list, and then click the [Add] button. After confirming that the specified group is added in the [Groups] field, click on the [OK] button. F050638.png F050639.png

5. Implementation Procedure 5-84 6. Now the "Add Permission" window is restored again. Select [Administrator] as the user's role and click on the [OK] button. F050640.png "Removing the tcpdump Package from the vcenter Server Virtual Appliance" Removing an unnecessary package 1. Log in to Virtualization Server via vsphere Client from the management client. 2. Select the vcenter Server virtual machine from [Inventory] of vsphere Client, and then select [Open Console] from the right-click menu. 3. From the console of the virtual machine, log in to vcenter Server console using the administrator account (root). 4. Enter the following command to remove the tcpdump package. > rpm -e tcpdump "VMware Hardened Appliance Operations Guide" Operations described in this Guide need to be performed by SSH-connecting with vcenter Server via the management client. Accomplish your works while referring to the following pdf in which the method of various settings after connection is described in detail. http://www.vmware.com/files/pdf/techpaper/vmware-hardened-appliance-operations-guide.pdf To make up required settings the following items must be determined in advance. Item Administrator user account name New password for root user Validity term of password Remark 14 characters or more Less than 60 days is recommended.

5. Implementation Procedure 5-85 Note that the following items have been set up in Section 5.6.3 (Activating the vcenter Server). "Time Sourcing and Synchronization" The following setting items may be useful when the system log of vcenter Server is transferred to other server that plays the role of log management and analysis. However, Yokogawa is not considering any configuration and operation whereby this kind of server is combined with Yokogawa-product virtualization system. Therefore, it is recommended to pass over the relevant settings at present. "Log Forwarding Syslog-ng and Auditd" 1. Log in to Virtualization Server via vsphere Client from the management client. 2. Select the vcenter Server virtual machine from [Inventory] of vsphere Client, and then select [Open Console] from the right-click menu. 3. From the console of the virtual machine, log in to vcenter Server console using the administrator account (root). 4. After logging into the console, perform your settings on the command line according to the above-mentioned Guide published from the VMware Inc. 5. After completing the settings regarding "Dodscript.sh Script" you may find that the password length has been modified. Log out of the console once, and then log in to it again. Modify your password after completing the settings of all items. Enter the following command, and then follow the displayed instruction. > password "VMware KB2047585" "Updating the vcenter Server Appliance (vcsa) firewall rules to DISA STIG compliance" With the following procedure update the firewall of vcenter Server itself. 1. Correct the template file (firewall.txt) which has been downloaded in "5.1.4 Centralized Management Server Software" and save it as Firewall Setting File (firewall.stig). A required portion to edit is as follows: Correct the value of ipv4_whitelist to the network address of "Management Network". Example) ipv4_whitelist=172.19.0.0/255.255.0.0 2. Remotely log in to vcenter Server as the administrator user using SSH via Tera Term from the management client. (1) Start up Tera Term from the management client. (2) "New connection" dialog will be displayed. Enter as follows and click on the [OK] button. Item [TCP/IP] [Host] [Service] [SSH Version] [Protocol] Description This must be checked. IP address or host name of vcenter Server [SSH] must be checked. SSH2 UNSPEC (3) "SSH Authentication" dialog will be displayed. Put a check mark in the [Use Plain Text] check box, enter your login user name in [User Name], enter your login password in [Password], and then click the [OK] button.

5. Implementation Procedure 5-86 (4) When this authentication is successful, the login shell comes to be available on Tera Term. 3. Copy the firewall setting file (firewall.stig) to a directory under /tmp on the vcenter Server. For this operation use the SCP function of Tera Term. 4. Modify the working directory as follows: > cd /etc/sysconfig/network/scripts 5. Copy the firewall setting file (firewall.stig) to a directory under /etc/sysconfig/network/ scripts. > cp /tmp/firewall.stig./ 6. Save the current firewall setting file after renaming it. > mv firewall firewall.orig 7. Next, modify file permission specified for the new firewall setting file. > chmod 755 firewall.stig 8. Set a symbolic link to the new firewall setting file and then execute the firewall setting file. > ln s firewall.stig firewall > sh firewall 9. Restart vcenter Server to reflect the modified settings. 5.7 Managing ESXi Host with vcenter Server Management of ESXi Host is performed via the vsphere Web Client server that is connected from an appropriate WEB browser. However, it is also possible to perform the similar tasks from vsphere Client, which is one of the Windows applications. Since the management method with vsphere Web Client is regarded as standard, vsphere Client may want more functions. However, since vsphere Client can perform management either by connecting to ESXi Host or by connecting to vcenter Server to achieve centralized management of ESXi Host under its management, and no difference may arise in terms of using functions mentioned on and after Section 5.7, this document describes hereunder the procedure using vsphere Client. When ESXi Host enters under the management of the vcenter Server (as described in 5.7.2 (Registration of ESXi Host)), those functions which can be operated up until then by directly accessing from vsphere Client become restricted. In the case of operating ESXi Host that is under management of vcenter Server, the user is advised to perform the required operation via vcenter Server. 5.7.1 Application of license 1. Log in to vcenter Server via vsphere Client from the management client. If "Security Alert" dialog appears at the time of login, continue your operation by clicking the [Ignore] button. Item Description Remark IP address/name IP address or host name of vcenter Server Refer to Step (8) in Section 5.6.3. User name (*1) administrator@vsphere.local Password Password Refer to Step (17) in Section 5.6.3. *1: Users are recommended to employ user account which has been created in "Section 5.6.4 vcenter Server Security Settings".

2. Select [Administration] - [Licensing] from the [View] menu. 5. Implementation Procedure 5-87 F050701.png 3. Click [Management] tab and then select the [License Key] radio button for [View by:]. Select vcenter Server and then select [Change License Key] from the right-click menu. F050702.png

5. Implementation Procedure 5-88 4. The Assign License dialog box appears. Select [Assign a new license key to this vcenter Server], and then click [Enter Key]. 5. As the [Add License Key] dialog appears, enter the license key applicable to [New license key] and click on [OK]. F050703.png F050704.png

5.7.2 Registration of ESXi Host 5. Implementation Procedure 5-89 Register any ESXi Host that is used under management of vcenter Server. 1. Log in to vcenter Server via vsphere Client from the management client. 2. Select [Inventory] - [Hosts and Clusters] from the [View] menu of vsphere Client. 3. First, create the data center to which ESXi Host, included in the management target, belongs. Then, click on the [New Datacenter] icon. F050705.png F050706.png

5. Implementation Procedure 5-90 4. This makes the [New Data Center] added to the inventory tree. Select [Rename] from the right-click menu to modify the data center name. F050707.png 5. Next, add an ESXi Host. When you select the data center added in Step (3) and click on the [Add a host] button, the "Add Host Wizard" dialog will appear. F050708.png

5. Implementation Procedure 5-91 6. Key in the IP address of ESXi Host to be added to [Host] in the [Connection] section. To [User name] and [Password] in the [Authorization] section enter the account name and password of the ESXi Host. After this entry, click on the [OK] button. 7. The "Security Alert" dialog may appear at this time. In that case, click the [Yes] button. F050709.png F050710.png

5. Implementation Procedure 5-92 8. Information about the host to be added will be displayed. Confirm the information and then click on the [Next] button. 9. A screen for assigning license will appear. Necessary action here is only to confirm the information and then click on the [Next] button, since the license has been applied. F050711.png F050712.png

5. Implementation Procedure 5-93 10. A screen for inquiring whether to enable Lockdown Mode will appear. Uncheck [Enable Lockdown Mode], and then click on the [Next] button. F050713.png 11. When the virtual machine already exists on ESXi Host, select a location for the host's virtual machine. F050714.png

5. Implementation Procedure 5-94 12. As the host summary appears, check the details and then click the [Finish] button. 5.7.3 Log Collection Settings Modify, as required, the settings for collecting virtualization layer performance logs to other than default values. 1. Log in to vcenter Server via vsphere Client from the management client. 2. Select [Administration] - [Server Settings] from the [View] menu of vsphere Client. F050715.png 3. This makes the "vcenter Server Settings" dialog appear. Select [Statistics] from the list in the left. F050716.png

5. Implementation Procedure 5-95 4. Select the line of statistical interval to modify its setting, and then click on the [Edit] button. The "Edit Statistics Intervals" dialog will be displayed. Set the statistics intervals as follows: Check Box Interval Storage Period Statistics Level Enabled 5 minuets 4 days 3 Enabled 30 minuets 1 week 3 Enabled 2 hours 1 month 2 Enabled 1 day 1 year 2 F050717.png 5. When you finish editing the statistics intervals, click on the [OK] button to close the "vcenter Server Settings" dialog.

5.8 Setting up the Guest OS 5.8.1 Creating the Virtual Machine 5. Implementation Procedure 5-96 1. Log in to the ESXi host or vcenter Server via vsphere Client from the management client. 2. After logging in, select the ESXi host and then select [New Virtual Machine]. 3. The Create New Virtual Machine window appears. Select [Configuration] [Typical], and then click [Next]. F050801.png

5. Implementation Procedure 5-97 4. Enter the name of the virtual machine, and then click [Next]. For the convenience of management, the virtual machine can be named as <computer name>_<product name> by referring to the configuration of the guest OS setting and Yokogawa products to be installed. F050802.png

5. Implementation Procedure 5-98 5. Select the datastore to place the virtual machine, and then click [Next]. F050803.png

5. Implementation Procedure 5-99 6. Select the guest OS family and version to install on the virtual machine, and then click [Next]. F050804.png

5. Implementation Procedure 5-100 7. Set the following settings for the NICs to connect to the networks, and then click [Next]. NIC Number (*1) Network Adapter Connect at Power On NIC1 APP Network (*2) VMXNET3 Check box selected NIC2 RDP Network VMXNET3 Check box selected *1: The number of NICs to create differs depending on the virtual machine. *2: The network label name differs depending on the virtual machine. F050805.png

8. Set the following settings for the virtual disk, and then click [Next]. 5. Implementation Procedure 5-101 Virtual disk size Provisioning policy Item Description In accordance with the Yokogawa products to be installed Thick provision (Eager Zeroed) F050806.png

5. Implementation Procedure 5-102 9. A summary of the settings appears. Select the [Edit the virtual machine settings before completion] check box, and then click [Continue]. F050807.png 10. The Virtual Machine Properties dialog box appears. Select the [Hardware] tab, and then change the virtual hardware settings to match the Yokogawa products to be installed on the virtual machine. Item [Memory]-[Memory Size] [CPUs]-[Number of cores per socket] [Video card]-[total video memory] Setting Value Memory size Number of cores Video memory size

5. Implementation Procedure 5-103 F050808.png F050809.png

5. Implementation Procedure 5-104 F050810.png

5. Implementation Procedure 5-105 11. Select the [Resources] tab in the Virtual Machine Properties window, and then set the reservation settings for resource allocation. After the settings are complete, click [Finish]. Item Setting Value [CPU]-[Reservation] Reservation frequency (*1) [Memory]-[Reserve all guest memory (All locked)] Select check box *1: Refer to Section 4.5. The following shows the examples of CPU and Memory settings. F050811.png

5. Implementation Procedure 5-106 12. Check that creation of the virtual machine ended normally in [Recent Tasks] on the Home screen. F050812.png

5.8.2 Installing the Guest OS 5. Implementation Procedure 5-107 The following operations must be done for a virtual machine where a guest OS is installed. 1. Go to [Inventory] of the vsphere Client and select the virtual machine created in Section 5.8.1. Click [Open Console] from the right-click menu. F050813.png

5. Implementation Procedure 5-108 2. The console screen of the virtual machine appears. By clicking the console screen, the active virtual machine exclusively possess the mouse and keyboard operations. For segregating the mouse and keyboard operations from the virtual machine, press Alt and Ctrl keys simultaneously. 3. Click [VM] from the console screen menu and click [Edit Settings ]. F050814.png F050815.png

5. Implementation Procedure 5-109 4. The Virtual Machine Properties window will be displayed. Select [Boot Option] in the [Option] tab, then activate the check box of [The next time the virtual machine boots, force entry into the BIOS setup screen.] in [Force BIOS Setup] section. F050816.png

5. Go back to the console screen and click on [Power on] button. 5. Implementation Procedure 5-110 F050817.png

5. Implementation Procedure 5-111 6. The console screen displays the BIOS Setup Utility screen of the virtual machine. F050818.png

5. Implementation Procedure 5-112 7. Insert the OS installation media into the physical DVD drive of the Management Client that runs the vsphere Client. 8. Click the [VM s CD/DVD device on/off ] button in the console screen and select [CD/DVD drive 1], then [Connect to D:] from the menu. The CD/DVD drive number (default is 1) and the CD/DVD device driver letter (default is D) may differ by the hardware configuration of the management client of the vsphere Client, and need to be adjusted as necessary. F050819.png

5. Implementation Procedure 5-113 9. Exit the BIOS Setup Utility screen. Using the right/left cursor keys on the keyboard to move to [Exit] tab. Then, select [Exit Discarding Changes] using up/down keys, and press [Enter]. F050820.png

5. Implementation Procedure 5-114 10. The OS installation is executed by the installation media inserted into the physical DVD drive of the management client. 11. When the installation is completed, cut off the DVD drive from the virtual machine. When doing so, click on [VM DVD/CD Device on/off] button and select [CD/DVD Drive 1] [Disconnect from D:] from the menu. F050821.png F050822.png IMPORTANT By clicking the console screen with a mouse, the active virtual machine exclusively possesses the mouse and keyboard operations. To segregate the mouse and keyboard operations, press Alt and Ctrl keys simultaneously.

5.8.3 Installing the VMware Tools 5. Implementation Procedure 5-115 Install the VMware Tools to, for example, improve the performance of the guest OS, synchronize the time with the ESXi host, and improve operability. Select [Typical] when installing the VMware Tools. 1. Click [VM] [Guest] [Install/Upgrade VMware Tools] from the menu of the console. F050823.png

2. The installation disc is mounted as a DVD-ROM in the guest OS. 5. Implementation Procedure 5-116 3. Run the setup file to start the installation. F050824.png F050825.png

4. Select [Typical] for the setup type, and then click [Next]. 5. Implementation Procedure 5-117 5. Click [Install] to start the installation. F050826.png F050827.png

5. Implementation Procedure 5-118 6. When the installation is finished, a message prompting you to restart the system appears. Select [Yes] to restart the system. 5.8.4 Configuring the Guest OS F050828.png How to change the priority of the Guest OS network protocol bind In the network connection identified on the Guest OS, the priority of the network protocol bind has to be changed in the following orders. (1) APP Network (2) RDP Network 1. Log in to the virtualization server from the management client via vsphere Client. 2. Select the virtual machine from the [Inventory] of the vsphere Client, and click [Edit setting] from the right-click menu.

5. Implementation Procedure 5-119 3. Virtual Machine Properties dialog appears. In the [Hardware] tab, select network adapters which are connected to APP Network and RDP Network respectively and record the MAC addresses of the both. In this example, suppose that the MAC address of the network adapter connected to the APP Network is 00:0c:29:a4:ea:93, and that of RDP network is 00:0c:29:a4:ea:9d. F050829.png 4. Click on [Cancel] of the Virtual Machine Properties dialog of the vsphere Client, then log-in to the Guest OS from the vsphere Client s console screen. 5. Using the Guest OS administrator authority, launch the command prompt.

5. Implementation Procedure 5-120 6. Key in the following commands. >ipconfig /all After the command is executed, the following results are shown. F050830.png With the above result and the MAC addresses recorded in the step 3, it is confirmed that the Local Area Connection on the Guest OS is connected to APP Network and the Local Area Connection 2 is connected to RDP Network.

5. Implementation Procedure 5-121 7. Click the start button of the Guest OS, key in ncpa.cpl in the text box of the [Search programs and files], then press [Enter]. Network Connections window is displayed. F050831.png F050832.png

5. Implementation Procedure 5-122 8. Change the network connection names on the Guest OS following the network connections and their destinations of the Guest OS as confirmed in Step 6. In this example, the name of Local Area Connection is changed to APP Network, and Local Area Connection 2 is change to RDP Network. F050833.png 9. While viewing the Network Connections on the Guest OS, press ALT key. When the menu bar is displayed, select [Advanced] then [Advanced Settings ]. F050834.png

5. Implementation Procedure 5-123 10. Advanced Settings window appears on the Guest OS. Select [Adapters and Bindings] tab and click on [OK] after changing the connections in the following order. F050835.png Disabling Scalable Network Pack (SNP) and Task Offload in the Operating System 1. Log in to the guest OS from the console screen of vsphere Client. 2. Run Command Prompt as an administrator of the guest OS. 3. Enter the following commands. In case of Windows Vista / Windows Server 2008 > netsh int tcp set global chimney=disabled > netsh int tcp set global rss=disabled In case of Windows 7 / Windows Server 2008 R2 >netsh int tcp set global chimney=disabled >netsh int tcp set global rss=disabled >netsh int tcp set global netdma=disabled 4. Add or modify the following registry value. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters Value name: DisableTaskOffload Value type: REG_DWORD Value: 1

5. Implementation Procedure 5-124 In case of Windows Vista / Windows Server 2008, add the following correction still more. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters Value name: EnableTCPA Value type: REG_DWORD Value: 0 5. Restart the guest OS. Activating an sound function in the remote desktop environment This function is available when Windows Server is used as a Guest OS. 1. Select [Run ] from, key in [gpedit.msc], then boot the Local Group Policy Editor. 2. Go to [Computer Configuration] [Administrative Templates] [Windows Components]. a) For Windows Server 2008: Go to [Terminal Service] [Terminal Server] [Redirect Device and Resource]. b) For Windows 7 and Server 2008 R2 Go to [Remote Desktop Service] [Remote Desktop Session Host] [Device and Resource Redirection]. 3. Double-click to open [Allow audio and video playback redirection]. 4. Click on [Enabled]. 5. Enable the audio service function. Go to [Control Panel] - [Management Tools] - [Service] from the [Start] menu. 6. When double-clicking on [Windows Audio], the Properties dialog of [Windows Audio] will appear. 7. Select [Automatic] for [Startup Method] and [Start] for [Service Status] on the [General] tab, and then click the [OK] button. 8. Make a configuration of Beep Service. Start up a command prompt by the privilege of administrator and then enter the following command. > sc config beep start= auto 9. Install the desktop experience. Go to [Server Manager] - [Function]. 10. Click on [Function Overview] - [Add Function]. 11. Select the [Desktop Experience] check box on the Add Function Wizard screen. 12. Click [Add Necessary Functions] to return to the Add Function Wizard screen, and then click [Next]. 13. Confirm whether installation items include [Ink and Handwriting Service - Ink Support] and [Desktop Experience]. 14. Click [Install] to start installation. 15. After installation is complete, restart the guest OS. 16. Implement a configuration of System Sound Service. Go to [Control Panel] - [Management Tools] - [Task Scheduler] from the [Start] menu. 17. Select [Task Scheduler Library] - [Microsoft] - [Windows] - [Multimedia]. 18. Right-click on [System Sound Service], and then select [Enabled] from the menu. 19. Right-click on [System Sound Service], and then select [Run] from the menu. 20. Restart the Guest OS.

Time Synchronization Settings 5. Implementation Procedure 5-125 Change the virtual machine settings to enable periodic synchronization of the time of the guest OS and ESXi host. 1. Log in to the virtualization server or vcenter Server from the management client using vsphere Client. 2. Select the virtual machine of the guest OS from [Inventory] of vsphere Client, and then select [Edit Settings] from right-click menu. 3. Select [VM Options] [VMware Tools] [Time], and then select the [Synchronize guest time with host] check box. 4. Restart the guest OS. Disabling the HotPlug function F050836.png Implement this setting if OS is Windows Vista or Windows Server 2008. 1. Log in to Virtualization Server or vcenter Server from the management client using vsphere Client. 2. Shut down the guest OS. Select the guest OS virtual machine from [Inventory] of vsphere Client, and then select [Power] - [Shut Down Guest] from the right-click menu. 3. Select the virtual machine, and then click on [Edit Settings] from the right-click menu. 4. Select [General] - [Configuration Parameters] on the [Options] tab.

5. Implementation Procedure 5-126 5. As the "Configuration Parameters" dialog will appear, click the [Add Lines] button to enter the following settings. Name Value Item Setting Value devices.hotplug FALSE 6. Turn on power to the virtual machine. Setting up NetBIOS over TCP/IP To use FAST/TOOLS in a virtualization environment, disable "NetBIOS over TCP/IP". 1. Enter "ncpa.cpl" from [Run by Specifying File Name] to open the "Network Connection" dialog. 2. Select the network device (APP Network) that appears, and then select [Properties] from the right-click menu. 3. The "APP Network Properties" dialog will be displayed. Select [Internet Protocol Version 4 (TCP/IP4)], and then click the [Properties] button. 4. Click the [Detail Settings] button in the [General] tab. 5. The [TCP/IP Detail Settings] dialog will be displayed. Check [Disable NetBIOS over TCP/IP] in the [NetBIOS Settings] section of the [WINS] tab, and then click the [OK] button. 6. Implement the same setup for the network device (RDP Network). 5.9 Setting up Yokogawa Products 5.9.1 Installing Yokogawa Products Install Yokogawa products using the same installation procedure as for a physical environment. A special installation procedure is required in the case of the following product. How to use an installation media on the guest OS When installing Yokogawa products to the guest OS, the physical DVD drive of the management client can be used. Follow the below procedures to use the product installation media inserted into the physical DVD drive of the management client from the guest OS. Connecting and cutting off the virtual machine and the DVD drive of the management client. 1. Log in to the virtualization server or vcenter Server using vsphere Client from the management client. 2. Select the virtual machine to install the product from vsphere Client [Inventory], and rightclick [Open console] from the menu. 3. The console screen appears. Turn on the virtual machine if it is turned off. 4. Insert the product installation media into the physical DVD drive of the management client.

5. Implementation Procedure 5-127 5. Click on [VM CD/DVD Device on/off] button on the console screen and select [CD/ DVD drive 1] [Connect to D:]. The CD/DVD drive number (default is 1) and the CD/ DVD device s drive letter (default is D) may vary by the hardware configuration of the management client of the vsphere Client, and need adjustment. 6. From this step, the product installation media can be read via the DVD drive of the virtual machine. Follow the Yokogawa products installation procedures in the same manners as the physical environment to install the products. 7. When the installation is completed, cut off the connected DVD drive from the virtual machine. In doing so, click on [VM DVD/CD device connect/cut off] button and select [CD/ DVD Drive 1] [Disconnect from D:] from the menu. F050901.png F050902.png How to install the OPKB driver Install the OPKB driver to the guest OS in accordance with the following procedure. Adding a USB Controller 1. Log in to the virtualization server or vcenter Server via vsphere Client from the management client. 2. Stop the virtual machine if it is running. Log in to the guest OS from the vsphere Client console, and then shut down the guest OS. 3. Right-click the virtual machine from [Inventory] of vsphere Client, and then select [Edit Settings] from the menu. 4. The Virtual Machine Properties dialog box appears. Click [Add] on the [Hardware] tab.

5. Implementation Procedure 5-128 5. A list of the devices that can be added appears. Select [USB Controller], and then click [Next]. 6. Leave the type of USB controller type set to the default and click [Next]. F050903.png F050904.png

5. Implementation Procedure 5-129 7. A summary of the settings appears. Check the details, and then click [Finish]. Windows OS Settings from the management client. 1. In order to active an USB device connected to the management client by the vsphere Client, Windows OS settings have to be changed. Change [User Account Control Settings] of the user who executes the vsphere Client. Go to [Control Panel] [User Account] and click [Change User Account Control Settings], then select [Never notify me when:] from [User Account Control Settings]. Restart the Windows OS of the management client. 2. The same user who changed [User Account Control Settings] has to log in to the management client. 3. The OPKB drive is to be installed on the Windows OS of the management client, following the same installation procedures as the physical environment. If the OPKB driver is not installed appropriately on the Windows OS, the OPKB cannot be manipulated from the vsphere Client. F050905.png

5. Implementation Procedure 5-130 Installations of the OPKB driver and Yokogawa products to the Guest OS. 1. Log in to the virtualization server via the vsphere Client, select a virtual machine to install OPKB driver out of [Inventory], and right-click to [open console]. 2. Click on [USB Device to VM connect/cut off] button in the console screen, and select [Connect to USB device] [Yokogawa OPKB Device] from the menu. In case the OPKB models are AIP830 or AIP831, [Texas Instruments Japan USB AUDIO DAC] will also be displayed; however, do not select. 3. Insert the CENTUM installation media into the physical DVD drive of the management client. 4. Click on [VM CD/DVD Device on/off] button on the console screen and select [CD/ DVD drive 1] [Connect to D:]. The CD/DVD drive number (default is 1) and the CD/ DVD device s drive letter (default is D) may vary by the hardware configuration of the management client of the vsphere Client, and need adjustment. 5. The guest OS recognizes the CENTUM installation media. Follow the same installation procedures as in the physical environment within the guest OS to install the OPKB driver. 6. In case the OPKB models are AIP830 or AIP831, click on [VM USB device connect/cut off] button on the console screen, and select [Connect to USB device] [Texas Instruments Japan USB AUDIO DAC]. Once the connection to the Guest OS is established, [USB AUDIO DAC] driver will automatically be installed. F050906.png F050907.png 7. Continue to install Yokogawa products. 8. When the Yokogawa product installations are completed, cut off the OPKB which is connected to the Guest OS. Click on [VM USB device connect/cut off] button on the console screen, and select [USB Device 1] [Disconnect from Yokogawa OPKB Device]. As for OPKB models of AIP830/AIP831, [Disconnect from Texas Instruments Japan USB AUDIO DAC] will also be displayed. Do the same procedures to disconnect. F050908.png

Application of Software Patches 5. Implementation Procedure 5-131 If using the operation monitoring function of HIS, apply the software patches described in Section 3.2.1. Patch for use in CENTUM VP R5.03 Microsoft KB2927767 However, there is no need to apply these patches for CENTUM VP R5.04 or later. Notes on Reproducing an MIDI File To reproduce an MIDI file with the operation monitoring function of HIS, you need to install an MIDI sound source in the guest OS. If the sound card driver has been installed in the guest OS, the Windows-standard software MIDI sound source will be installed, thus allowing an MIDI file to be reproduced. Since no sound card exists in a virtual machine, however, the MIDI sound source will not be installed. If AIP830/AIP831 is set up, a built-in driver of the USB sound function is installed. This allows a MIDI file to be reproduced. 5.9.2 Settings after Installing Yokogawa Products Allowing Connections with Remote Desktop Configure the settings to allow remote connections to the guest OS. 1. Log in to the guest OS from the console of vsphere Client. 2. Click [Advanced system settings] from the properties of [Computer]. 3. Select [Allows connections only from computers running Remote Desktop with Network Level Authentication] in the Remote Desktop settings on the [Remote] tab of the [System Properties] window.

5. Implementation Procedure 5-132 F050909.png 4. Click the [Select Users] button, and then add the users for which to allow connections to the Remote Desktop Users group of the guest OS. 5.10 Setting up the HMI Client If only a Remote Desktop connection to the guest OS from an HMI client without peripheral devices in the guest OS, no special configuration is required. If peripheral devices are used, the following needs to be set up. Notes on Using an OPKB Software to perform USB redirection is required for using an OPKB that is USB-connected to the HMI Client on the Guest OS. Setup of the Remote Desktop Performance When connecting to the guest OS from the HMI client, set a low-speed broadband (256bps - 2Mbps) or equivalent connection speed to optimize the performance.

5.10.1 Setting up the Wyse TCX Suite Setup in the Guest OS 5. Implementation Procedure 5-133 1. Log in to the virtualization server via vsphere Client from the management client. 2. Right-click the virtual machine from [Inventory] of vsphere Client, and then select [Open Console] from the menu. The console screen appears. Log in to the guest OS as a user with local administrator privileges. 3. Install the server module of Wyse TCX Suite. (1) Change User Account Control Settings. Go to [Control Panel] [User Account] and click [Change User Account Control Setting] and select [Never notify me when:] at User Account Control Settings window. Ensure to take note of the previous setting. (2) Restart the Guest OS. (3) Execute the Wyse TCS Suite Server Module installer. F051001.png

(4) When the initial window is displayed, click on [Next]. 5. Implementation Procedure 5-134 (5) A warning dialog box appears, but click [Yes]. (6) When the License Agreement window is displayed, select [I accept the terms in the license agreement] and click on [Next]. F051002.png F051003.png

5. Implementation Procedure 5-135 (7) When License Information is displayed, enter the License Key and click on [Next]. (8) Then Setup Type appears. Select [Custom Install] and click on [Next]. F051004.png F051005.png

5. Implementation Procedure 5-136 (9) Check only the [USB] box at the Custom Setup window, and click on [Next]. (10) After the Summary window is displayed, click [Install], then the installation begins. F051006.png When the installation is completed, retrieve the settings in the [Change User Account Control Settings] in Step (1) and restart the Guest OS. F051007.png

5. Implementation Procedure 5-137 4. Start TCX USB Virtualizer (TCX Suite Server Configuration) in the guest OS, and then configure the setting to allow redirection of the OPKB. (1) Click [Add], and then add the OPKB setting. (2) Select [USB Device], enter the information for Device, Description, Vender ID, and Product ID, and then click [Add]. (3) Set the following according to the type of OPKB. In case of AIP830/831: Vendor ID=0B21, Product ID=0004 (Yokogawa USB Device) Vendor ID=08BB, Product ID=27C4 (Texas Instruments Japan USB/DAC) In case of AIP827: Vendor ID=0B21, Product ID=0004 F051008.png

5. Implementation Procedure 5-138 (4) Clear the check marks for all the settings except the added OPKB setting. F051009.png F051010.png Setup on the HMI Client If the OS of the Wyse Thin Client is a Windows Embedded system (WES), the client module needs to be installed.

5.10.2 Wyse T10 Setup The summary of the Wyse T10, Thin Client, setting is described below. Display Setting 5. Implementation Procedure 5-139 Set the display setting to Zero Launchpad for full-screen display. If the task bar is displayed at the bottom of the screen, "Classic desktop" is specified. Then change the setting as follows. 1. Click [Desk Top] on the task bar. 2. Click [System Setup] [Remote Connections]. 3. Check [Zero Launchpad] in the [Select Visual Experience] section on the [Visual experience] tab. Click on [OK] and reboot the PC. The followings are described assuming the display setting is set to [Zero Launchpad]. Multiple monitors The Guest OS connected to the Remote Desk Top needs the following settings to recognize multiple monitors. 1. Click [System Setting] and [Display]. 2. Select [Span Mode] in display mode of [Dual Head] tab. Select [Span both monitors] at the connection display section of the connection setting. 1. Click [Home]. 2. Click on [Edit] of the connection setting to be changed from the list of connection settings. 3. Select [Span both monitors] at the connection display section of the [Connection] tab. Remote Desk Top Identification Specify the same setting with Authorization to connect Remote Desk Top (See Section 5.7.2) of the Guest OS. 1. Click [Home] [Global Connection Settings]. 2. Select [Enable NLA] in [RDP] tab. USB Redirect Method Here describes the setting of using Wyse TCX Suite. 1. Click [Home] [Global Connection Settings]. 2. Select [TCX USB] of [USB Device Redirection Type] in [RDP] tab.

Setup of AIP830/AIP831 USB Speaker 5. Implementation Procedure 5-140 Use the following setup procedure to use the USB speaker of AIP830/AIP831, connected to Wyse T10, through Remote Desktop connection. 1. Click [Home] - [Global Connection Settings]. 2. Select [Remove Sound Device] of [USB Device Redirection] on the [Common to All Sessions] tab. 3. Select [Sound] of [Auto Connection to Local Device] on the [Common to All Sessions] tab. 4. Click [Home] - [<Arbitrary Connection Destination>] - [Edit]. Select [Local Reproduction] for [Remote Audio Reproduction] on the [Options] tab. 5. Use the operation keyboard function of AIP830/AIP831 by performing USB redirection. Changing the Toolbar Display Method The toolbar is used for calling up the management screen of Wyse T10 or replacing the guest OS screens. The toolbar is displayed by default when bringing the mouse close to the left end of screen. Change this method to display the toolbar through key depression. This is because leaving the default setting as-is might hide the operation screen of Yokogawa products against the user's intention. After performing this setting, the toolbar display method will be changed as follows: Depress the [Ctrl], [Alt] and [ ] (Up-Arrow) keys all at once. Use the following procedure to change the method. 1. Click [System Setting] - [Remote Connection Settings]. 2. Uncheck the following setting items in the [Set Up Toolbar Operation during Session Activation] section on the [Display Settings] tab. [Enable Zero Toolbar at Screen Left-end] [Disable Toolbar Display Hot Key (CTRL-ALT-UP)] Setup of the Remote Desktop Performance Reduce a communication load by disabling some functions with the following procedure. 1. Click on [Home]. 2. Click the [Edit] button of connection destination settings to be changed from the list of Connection Settings. 3. Check all setting items in the [Desktop Experience] section on the [Options] tab. Desktop Background Theme Font Smoothing Menu and Window Animation Window Information Display during Drugging

5. Implementation Procedure 5-141 5.10.3 Setting up a Windows PC Setup of the Remote Desktop Change the default setting for connecting to the remote desktop. Setting the remote desktop experience 1. Enter "mstsc.exe" from [Execute with a File Name Specified] to display the "Remote Desktop Connection" dialog. 2. Click [Options], and then click the [Experience] tab. 3. Select [Low-speed Broad Band (256Kbps-2Mbps)] for [Select Connection Speed to Optimize Performance]. 4. Save the selected setting. Select the [General] tab and then click the [Save] button. 5.11 Operation Checks 5.11.1 Checking the Connection between the HMI Client and Guest OS Log in to the guest OS from the HMI client terminal using Remote Desktop connection. Check that you can log in without an error occurring. 5.11.2 Check Yokogawa Product Startup Log in to the guest OS and then start the installed Yokogawa products and check that applications can be operated correctly.

6. Operation 6. Operation 6-1 6.1 Backup/Restore Backing up the Virtualization Server The backup targets for virtualization server are the Hypervisor area, Virtual Machine system area and Data area. It is recommended making regular backups of individual virtual machines in case of hard disk failure. Since a backup image can be restored to another virtualization server, you can also use the backup and restore functions to move a virtual machine image to another virtualization server. Data Area Data Data System Area Yokogawa Products Guest OS Yokogawa Products Guest OS ESXi Area Hypervisor(VMware ESXi) Physical Hardware Virtualization Server F060101.ai Hypervisor Area A hypervisor area will not fully be backed up. This is because this area is easily reinstalled. Immediately before an official operation, back up the configuration information in the Hypervison area. At the time of restore, reinstall the hypervisor itself and restore the configuration information that has been backed up. System Area This area is stored by fully backing up a virtual machine. Immediately before starting an official operation or after applying a software patch, a virtual machine image is fully backed up with the machine powered off. When restoring the system area, restore this virtual machine image. Data Area A data area handles data Yokogawa products have created during official operation. This area is stored according to the backup method of Yokogawa products. Virtualization software is provided online with a backup assist device. However, since Yokogawa products themselves are not compatible with VSS (Volume Shadow Copy Service), no online assist device is available.

Backup and Restore of vcenter Server 6. Operation 6-2 The vcenter Server uses virtual appliances and thus performs backup and restore of itself, conforming to the conventional virtual machine. In other words, when completing a configuration of the server such as immediately before starting an official operation, fully back up the system area. Store the performance data and log file equivalent to the data area at proper time intervals. 6.2 Security 6.2.1 Guest OS Security This Section describes guest OS security. IT Security Settings Hardware Mapping IT Security Settings When Yokogawa products are installed and used on a guest OS, the same security measures need to be taken as when they are installed and used on a real computer. We recommend configuring the security settings provided for each product and referring to documents regarding security issued by Yokogawa Electric Corporation and then taking the relevant security measures. Hardware Mapping It is recommended to not map unnecessary hardware to the virtual machine. For example, do not map USB drives and other devices that will not be used. Also, do not connect any NIC that will not be connected to a network. 6.2.2 Hypervisor Security This Section describes hypervisor security. Stopping Unnecessary Services Firewall Settings Users and Privileges Stopping Unnecessary Services Stop any of the services running on the hypervisor that are not required. Recommendations are provided here under the assumption that nothing other than vsphere Client will be used. However, if there are functions to be used in the actual environment, run the corresponding services. The services that we recommend stopping are shown below. I/O Redirector (Active Directory service; hereinafter referred to as AD (*1)) Snmpd Network Logon Server (AD) Vpxa (Agent for vcenter Server) ESXi Shell Xorg (Service related to 3D acceleration for the virtual machine) Local Security Authentication Service (AD)

6. Operation 6-3 SSH CIM Server (CIM: Common Information Model; used for hardware monitoring) *1: This service is required when a domain user is used as a log-in user to the ESXi host. Firewall Settings Configure the settings so that only the services and protocols that are used are allowed to flow through the firewall. Recommendations are provided here under the assumption that all unnecessary services are stopped. Configure the settings in accordance with the actual environment. Enable the following in the firewall settings. NTP Client vsphere Client The following shows the firewall settings to be enabled in the vcenter Server introduction environment. NFC (*1) CIM Secure Server VMware vcenter Agent *1: This service is required for the clone or transfer of a virtual machine among ESXi hosts if no data store is shared among ESXi hosts. It is recommended that this setting usually be disabled and enabled as required. Users and Privileges Users/groups and permissions can be freely created/assigned in vsphere. We recommend observing at least the following to ensure the security of the virtualization server. Do not use the root user. This user is created by default but we recommend that it not be used as a login user. Create a user account for each user who will manage the virtualization server. Limit the system administrator privileges We recommend that only a very small number of users be granted administrator privileges to freely change virtualization server settings. It is convenient to grant read-only privileges to the user you wish to be able check the current settings but not change them. 6.2.3 Client Security This Section describes the management client and HMI client security. Client PC Security If the client is a Windows PC, the assumption is that the security measures of the customer will be implemented. Therefore, in principle, priority should be given to those security measures. The security measures specifically for the virtualization client are described below. vsphere Client does not connect with system administrator privileges more than necessary We recommend that the vsphere Client does not connect with system administrator privileges except when building the virtualization server or performing maintenance work. Connect with read-only privileges to perform tasks such as checking the performance, system resources, and logs. Also, when operating Yokogawa products running in a guest OS, use the HMI client instead of vsphere Client.

6. Operation 6-4 Thin Client Security The following two types of OS are assumed as a thin client OS. Wyse ThinOS Windows Embedded OS It is recommended that the following measures are used if using a thin client as an HMI client. Application of the latest firmware The latest firmware supplied by each terminal maker of Thin Client contains various security revisions. Always keeping the firmware most up to date will be able to increase security still further. 6.2.4 Virtual Appliance Security This Section describes the security of virtual appliance to be used as a system configuration component. vcenter Server Appliance (vcsa) The following guides have been issued for vcsa security. You are recommended to implement setting in accordance with these guides. vsphere Security Guide VMware Hardened Appliance Operations Guide http://pubs.vmware.com/vsphere-55/topic/com.vmware.icbase/pdf/vsphere-esxi-vcenterserver-55-security-guide.pdf http://www.vmware.com/files/pdf/techpaper/vmware-hardened-appliance-operations- Guide.pdf Updating the vcenter Server Appliance (vcsa) firewall rules to DISA STIG compliance (2047585) http://kb.vmware.com/kb/2047585

6. Operation 6-5 Item vsphere Security Guide Restrict Use of the Administrator Privilege Restrict Use of the Administrator Role VMware Hardened Appliance Operations Guide Root password Password Expiry Dodscript.sh Script Description Creating a specific user account for administration Restricting the use of the administrator role Changing the default password Setting a password time limit Setting a script conforming to DoD Secure Shell, Administrative Accounts, and Console Access Prohibiting the root user from logging in to SSH Time Sourcing and Synchronization Setting time synchronization Log Forwarding Syslog-ng and Auditd Setting log transfer to vcenter Log Insight (*1) Boot Loader(Grub) Password Changing a password for boot setup NFS and NIS Stopping unnecessary services VMware KB2047585 Updating the vcenter Server Appliance (vcsa) firewall rules to DISA STIG compliance Updating the default firewall settings *1: Virtual appliance for log management and analysis 6.3 Applying the Virtual Machine Technology 6.3.1 Snapshots The acquisition of a virtual machine snapshot before implementing software patch application or operation setup change in the guest OS or Yokogawa products will make it easier to recover from an operation error or remove an error in restore from trial settings to old settings. To use a snapshot, observe the following precautions. Delete all snapshots created before starting an official operation from the virtual machines to be used in the official operation. If the system is operated with any virtual machine holding a snapshot, the virtual machine will deteriorate in operation performance since the operation period is extended, thus resulting in an adverse effect such as a loss of acquired data and display halt on Yokogawa products. Do not implement any snapshot in a virtual machine under official operation. Stop the Yokogawa product operation, and then implement a snapshot without any influence exerted on the system. 6.3.2 Clones When implementing a clone in a virtual machine where the guest OS and Yokogawa products have been installed and each application setup has been completed, you can create a copy of the virtual machine provided with absolutely identical setup conditions. You can transfer a created copy onto another virtual machine and data store. When using a copied virtual machine, you can also create easily a derived virtual machine to which various changes are added, beginning at the cloned machine. This allows you to make use of the clone in creating a test environment or copying an actual operation environment. To create a clone, power off the virtual machine that is a clone source or stop the Yokogawa product operation in advance. Exercise care in handling a cloned virtual machine or application license.

6.4 Performance Management 6. Operation 6-6 It is recommended to document the state of use of resources under normal operation as a baseline. If the state of use constantly exceeds the baseline, it is recommendable to investigate the cause and check whether it will affect the operation of any Yokogawa products. The following shows the target items of performance counter with a reference value under normal operation. Item (*1) Internal Name (*2) ESXi Host Target Virtual Machine Reference Value (*3) Acquisition Level (*4) CPU ready cpu.ready.summation Yes 150ms or less (*5) 1 CPU used amount cpu.usagemhz.average Yes Yes Environment dependence 1 CPU usage rate cpu.usage.average Yes Yes Environment dependence 1 Swap out Mem.swapOut.average Yes Yes 1KB or less (*6) 2 Memory used amount mem.usage.average Yes Yes Environment dependence 1 Balloon mem.vmmemctl.average Yes Yes 1KB or less (*6) 1 Contracted mem.compressed.average Yes Yes 1KB or less (*6) 2 Swap Out Rate mem.swapoutrate.average Yes Yes 1KBps or less (*6) 1 Command wait time disk.totallatency.average Yes 50ms or less (*7) 3 Physical device command wait time disk.devicelatency.average Yes 50ms or less 1 Kernel command wait time disk.kernellatency.average Yes 5ms or less 2 Maximum wait time disk.maxtotallatency.latest Yes 50ms or less 1 Read Rate Disk.read.average Yes Yes Write rate Disk.write.average Yes Yes Average command issue amount per 1s Disk.commandsAveraged. average Yes Environment dependence Environment dependence Environment dependence 2 2 2 Transmitted amount net.transmitted.average Yes Yes Received amount net.received.average Yes Yes Dropped reception packet count Dropped transmission packet count Environment dependence Environment dependence net.droppedrx.summation Yes Yes 1 or less 2 net.droppedtx.summation Yes Yes 1 or less 2 *1: Performance counter name *2: Performance counter internal name *3: Reference value of 5-minute sampling under normal operation, based on VMware Complete Introduction 3rd Edition. Reference value until determining the baseline *4: Acquisition level of statistics information on vcenter Server *5: Numeric value (on a 20s sampling basis) for each virtual CPU core. Numeric value from the test result in CIS development *6: Yokogawa IA system products will not be swapped out. 2 2

6.5 Updating Virtualization Software 6. Operation 6-7 Yokogawa product operations are verified in combination with virtualization software of the version described in this guideline. Consequently, Yokogawa will not guarantee the operation of virtualization software on versions other than specified. Updates of virtualization software, or application of patches, are at the user s own discretion.

7. Maintenance 7-1 7. Maintenance 7.1 Startup and Shutdown of the Virtualization Server Instructions on launching the virtual machine by starting up the virtualization server and how to shut the virtualization server safely are described here. Maintenance mode The maintenance mode is a mode for placing the virtualization server off-line, which belongs to a cluster where VMware HA (High Availability), etc. has been set. If the server is set to the maintenance mode, it is temporarily excluded from the cluster. Consequently, if starting or stopping the virtualization server in the cluster, maintenance mode must be entered. 7.1.1 Virtualization Server Startup Procedure 1. Power on the virtualization server. 2. Log in to the virtualization server or vcenter Server via vsphere Client from the management client. 3. After logged in to the virtualization server, exit from the maintenance mode of the virtualization server by the following procedures. (1) Select a host from [Inventory] of the vsphere Client, and select [Exit Maintenance Mode] from the right-click menu. F070101.png (2) When the maintenance mode is terminated, the words [Maintenance Mode] disappear from the host name in the [Inventory].

7. Maintenance 7-2 4. Startup the virtual machine by the following procedures and enable the HMI Client to operate the Guest OS. (1) Select the virtual machine from [Inventory] of the vsphere Client. Click [Power] [Power On] from the right-click menu. The Guest OS launches once the virtual machine starts. F070102.png 7.1.2 Virtualization Server Shutdown Procedure 1. Log in to the virtualization server or vcenter Server via vsphere Client from the management client. 2. Shutdown all the virtual machines by the following steps. (1) Exit all the applications on the Guest OS and shut the OS down. (2) When the Guest OS is shutdown, the virtual machine stops automatically. Repeat the same procedure to all the virtual machines.

7. Maintenance 7-3 3. Switch the virtualization server to maintenance mode and stop the virtualization server. (1) Select a host from [Inventory] of the vsphere Client, and click [Enter Maintenance Mode] from the right-click menu. F070103.png (2) When switched to the maintenance mode, the words maintenance mode appear next to the host name of the [Inventory]. F070104.png

7. Maintenance 7-4 (3) Select the host once again and click [Shut Down] from the right-click menu to trigger shut down of the virtualization server. Click [OK] in all dialogs that follow. Controlling Virtual Machine Auto Start/Stop in Synchronization with Virtualization Server Start/Stop F070105.png The system can be configured so that the virtual machines automatically start or stop in synchronization with the startup or stop of the virtualization server. It is recommended that this setting is applied to a product that can start service concurrently with starting a guest OS such as HIS and Exaquantum. However, you cannot activate the virtualization server in the maintenance mode. To stop the virtualization server, you need to exit the maintenance mode beforehand. Thus, the procedures for starting the virtualization server and stopping the virtualization server are simplified as follows. Procedure for starting the virtualization server 1. Power on the virtualization server. 2. Log in to the virtualization server.via vsphere Client from the management client. 3. Wait until all virtual machines have started. Procedure for stopping the virtualization server 1. Log in to the virtualization server via vsphere Client from the management client. 2. Select a host from [Inventory] of vsphere Client, and then select [Shut Down] from the rightclick menu to make the Virtualization Server shut down. Click [OK] in all dialogs that appear hereafter.

7. Maintenance 7-5 The following shows the procedure for auto starting/stopping the virtual machines. 1. Log in to the virtualization server via vsphere Client from the management client. 2. Select the ESXi host from [Inventory] of vsphere Client, and then click the [Configuration] tab. 3. Click [Virtual Machine Startup/Shutdown] in the [Software] section, and then click [Properties] at the upper right. 4. The Virtual Machine Startup and Shutdown dialog will be displayed. Set the items in the [System Setting] section as shown below. Subsection Item Setting Value - [Permit the virtual machine auto-startup and shutdown synchronized with the system] To be checked [Default shutdown delay time] [Shutdown action] Guest shutdown Additionally, select virtual machines to be auto started from the [Startup Order] section, click on the [Move Up] or [Move Down] button to place them in the [Auto Start] category in descending order of startup. When this sorting operation finishes, click on the [OK] button. 7.2 Changing the Virtual Machine Configuration Change the virtual hardware configuration (CPU, memory, etc.) of a virtual machine while the virtual machine is powered off. To power off the virtual machine, shut down the guest OS installed on the virtual machine. After changing the virtual hardware configuration, start the guest OS by powering on the virtual machine. When the virtualization server enters under management of vcenter Server (as described in Section 5.7.2 (Registration of ESXi Host)), those functions which can be operated up until then by directly accessing from vsphere Client come to be restricted. In the case of operating the virtualization server that is under management of vcenter Server, the user is advisable to perform required operation after logging in to vcenter Server. Procedure for Changing Virtual Hardware Configuration in the Virtual Machine 1. Log in to the virtualization server or vcenter Server from the management client using vsphere Client.

7. Maintenance 7-6 2. Power off the virtual machine you wish to change if it is running. Right-click the virtual machine, and then select [Power] [Shut Down Guest], and then shut down the Guest OS. 3. Right-click the virtual machine, select [Edit Settings] from the menu, and then change the virtual hardware configuration. F070201.png

7. Maintenance 7-7 4. Right-click the virtual machine, and then select [Power] [Power On] from the menu to power on the virtual machine. F070202.png

7.3 Using an External Storage Device 7. Maintenance 7-8 If an external storage device is to be used for installing applications, saving collected logs, etc., it is recommended using either the optical drive of the virtualization server or directly connecting a USB device to a USB port of the virtualization server. 7.3.1 USB Device The method of using a USB device differs depending on the location of the USB port to be used. Two types of methods are: Use the USB port of virtualization server. Use the USB port of management client. In Case of Using the USB Port of Virtualization Server Adding the USB Controller Add [USB Controller] if it does not exist on the virtual machine. A USB device cannot be used from the guest OS of the virtual machine if [USB Controller] is not installed. If it is already installed, this work is not necessary. 1. Log in to the virtualization server or vcenter Server from the management client using vsphere Client. 2. If the virtual machine with which you wish to use the USB device is running, shut down the virtual machine and wait until it is stopped. 3. Right-click the virtual machine of step 2, and then select [Edit Settings] from the menu.

7. Maintenance 7-9 4. The Virtual Machine Properties dialog box appears. Click [Add] on the [Hardware] tab, select [USB Controller] in the device list, and then click [Next]. F070301.png

7. Maintenance 7-10 5. USB Controller appears. Specify [Controller Type] (leave set to default), and then click [Next]. F070302.png

6. Ready to Complete appears. Check the settings, and then click [Finish]. 7. Maintenance 7-11 F070303.png

7. Maintenance 7-12 7. The [Hardware] tab is redisplayed. Check that New USB Controller (adding) is displayed, and then click [OK]. F070304.png Allowing a USB Device Connection If permission for USB devices to connect to the guest OS has not been granted for IT security reasons, you need to temporarily allow USB use with the StorageDeviceCTL program. For details, refer to the security guide for the corresponding Yokogawa product. Connecting the USB Device Perform the following procedure while the virtual machine to which you wish to connect the USB device is running. 1. Connect the USB device to a USB port of the virtualization server, and then turn on the power of the USB device. 2. Log in to the virtualization server or vcenter Server from the management client using vsphere Client. 3. Right-click the virtual machine to which you wish to connect the USB device, and then select [Edit Settings] from the menu.

7. Maintenance 7-13 4. The Virtual Machine Properties window appears. Click [Add] on the [Hardware] tab, select [USB Device] in the device list, and then click [Next]. 5. Select USB device appears. A list of the available USB devices connected to the virtualization server is displayed. F070305.png F070306.png

6. Select the USB device you connected in step 1, and then click [Next]. 7. Ready to Complete appears. Check the details, and then click [Finish]. 7. Maintenance 7-14 F070307.png 8. The [Hardware] tab is redisplayed. Check that New USB Device (adding) is displayed, and then click [OK]. F070308.png

7. Maintenance 7-15 9. Wait until the USB device is recognized by the guest OS on the virtual machine. Disconnecting the USB Device After you finish using the USB device, perform the following procedure to remove the USB device. 1. Click the [Safely Remove Hardware] icon in the notification area of the guest OS, and then select the USB device you have finished using, and then stop it. 2. Select the virtual machine to remove USB devices in the vsphere Client, and click [Edit settings] from the right-click menu. 3. The Virtual Machine Properties window is displayed. On the [Hardware] tab, select the USB device (which has been added on to the virtual machine using the USB device connecting procedures) that is to be removed from the hardware, and click [Remove]. F070309.png

7. Maintenance 7-16 4. Confirm that USB (Deleting) is displayed on the [Hardware] tab, and click [OK]. 5. Turn off the power of the USB device, and then disconnect the USB device from the USB port of the virtualization server. F070310.png In Case of Using the USB port of Management Client Adding the USB Controller Refer to In Case of Using the USB Port of Virtualization Server. Allowing the USB Device Connection Refer to In Case of Using the USB Port of Virtualization Server.

Connecting the USB Device 7. Maintenance 7-17 1. Connect the USB device to the USB port of the management client. Wait until the USB device is recognized by the OS on the management client. 2. Log in to the Virtualization Server or vcenter Server via vsphere Client from the management client. 3. Select the virtual machine from [Inventory] of vsphere Client, and then select [Open Console] from the right-click menu. 4. Click the [Connect/Disconnect USB Device to/from Virtual Machine] button on the Console screen, and then select [Connect to USB Device] - [<USB Device Name>] from the menu that appears. <USB Device Name> differs from each user environment. 5. Wait until the USB device is recognized by the guest OS on the virtual machine. Disconnecting the USB Device 1. Click the [Safely Remove Hardware] icon in [Notification Area] of the guest OS, and then select the USB device you have finished using to remove it. This completes disconnection of the USB device from the guest OS. 2. Click the [Connect/Disconnect USB Device to/from Virtual Machine] button on the Console screen, and then select [USB Device 1] - [Disconnect form <USB Device Name>] from the menu that appears. 3. Wait until the USB device is recognized by the OS on the management client. The USB device is disconnected from the virtual machine and recognized again by the OS on the management client. 4. Click the [Safely Remove Hardware] icon in [Notification Area] of the OS on the management client, and then select the USB device you have finished using to remove it. 5. Disconnect the USB device from the USB port of the management client. 7.3.2 Optical Drives Connecting Optical Media Perform the following procedure while the virtual machine to which you wish to connect the optical media is running. 1. Insert the optical media into the optical drive of the virtualization server. 2. Log in to the virtualization server or vcenter Server from the management client using vsphere Client. 3. Right-click the virtual machine, and then select [Open Console] from the menu.

7. Maintenance 7-18 4. Click the CD/DVD drive icon at the top of the console screen, and then click [Connect to host device]. 5. Wait until the optical media is recognized by the guest OS on the virtual machine. F070311.png

Disconnecting Optical Media 7. Maintenance 7-19 After you finish using the optical media, perform the following procedure to remove the optical media. 1. Click the CD/DVD drive icon at the top of the console screen, and then disconnect the CD/ DVD device and optical media. 2. Eject the optical media from the CD/DVD drive of the virtualization server. F070312.png

7.4 Acquiring Performance Information 7. Maintenance 7-20 It is recommended to acquire the resource usage status of the virtualization server and virtual machine when the application is running normally to use as a baseline. When trouble occurs, the information will provide clues on resolving the problem because you will be able to compare the behavior with that during normal operation. The virtualization server can only hold a certain period of real-time information (20s-interval sampling data for 1 hour). If a longer period of information for use as statistics information is required, acquire data from vcenter Server. Procedure for Acquiring Performance Information 1. Log in to the virtualization server or vcenter Server from the management client using vsphere Client. 2. Select the host or virtual machine, and then select the [Performance] tab. If logging in to vcenter Server, click the [Details] button at the upper left of the [Performance] tab. 3. Select the resource in [Switch to], and then check the performance in chart format. F070401.png

7. Maintenance 7-21 4. Click the [Save Chart] icon at the upper right part of the panel, and then save its data to a file. F070402.png

7. Maintenance 7-22 Customizing Chart Display 1. Click the [Chart Options] link. 2. The [Customize Performance Chart] window appears. F070403.png 3. Select the chart options, chart type, objects, and counters, and then click [Save Chart Settings]. Enter a name for the settings, and then click [OK]. F070404.png 4. Check that the name you entered in step 3 is displayed in [Switch to].

7.5 Acquiring Virtualization Server Logs 7. Maintenance 7-23 If any trouble occurs in the virtualization server or Yokogawa products, there may be a requirement to acquire product logs on site for problem analysis. To acquire Yokogawa product logs, observe the method instructed in each product. Extract the acquired logs from the virtualization server in accordance with Section 7.3 (Using an External Storage Device). The following shows the procedures for acquiring the logs of virtualization software and virtualization server. Acquisition of Virtualization Server Logs 1. Log in to the Virtualization Server or vcenter Server as the administrator user via vsphere Client from the management client. 2. Click [Inventory] - [Inventory] from the [View] menu. 3. Select the top object (Virtualization Server or vcenter Server) on the inventory. 4. Click [Export] - [Export System Logs] from the [File] menu. The Export System Logs dialog is opened. 5. Leave the default setting as it is for [Select System Logs], and then click on [Next]. 6. Specify the download destination folder of acquired logs for [Download Location], and then click [Next]. 7. Click [Finish] for [Complete Ready State] to start log acquisition. 8. Wait until the status of each source is complete in the Download System Log Handle dialog. Confirm that the VMware-vCenter-support-<yyyy-mm-dd@hh-mm-ss> folder has been created in the folder specified in step 7. <yyyy-mm-dd@hh-mm-ss> is a character string composed of date and time. Acquiring vcenter Server Event Logs This operation is not required on systems where vcenter Server is not installed. 1. Log in to vcenter Server as the administrator user via vsphere Client from the management client. 2. Click [Inventory] - [Inventory] from the [View] menu. 3. Select the top object (vcenter Server) on the inventory. 4. Click [Export] - [Export Events] from the [File] menu. The Export Events dialog is opened. 5. Enter a setting for each [File], [Event], [Period] and [Restriction] section, and then click the [OK] button.

7.6 Operating the ESXi Shell 7. Maintenance 7-24 The virtualization server is provided with the ESXi shell as a command line user interface. Since the ESXi shell is provided with various maintenance commands, you may need to operate this ESXi shell to solve a virtualization server problem. To use the ESXi shell, directly log in to it from the Console screen or remotely log in via SSH connection from the management client. The service for ESXi shell and SSH is stopped from the viewpoint of Hypervisor security however. Thus, the ESXi shell will need to be activated. Log in to the ESXi shell with the administrator account of ESXi host. For details on the procedure, refer to the following web page. "Using ESXi Shell in ESXi 5.x (2004746) http://kb.vmware.com/kb/2004746 If logging in to the shell as an SSH client using Tera Term, observe the following procedure. In Case of Remote Login (SSH Connection) to ESXi Host 1. Start up Tera Term from the management client. 2. The New Connection dialog will be displayed. Enter settings as follows and click on the [OK] button. Item [TCP/IP] [Host] [Service] [SSH Version] [Protocol] Description To be checked IP address or host name of the ESXi host [SSH] must be checked. SSH2 UNSPEC Select [TCP/IP]. Enter the IP address of the ESXi host to [Host], select [SSH] for [Service], and then click the [OK] button. 3. The SSH Authentication dialog will be displayed. Put a check mark in the [Use Challenge Response Authentication] check box, enter your login user name in [User Name], and then click the [OK] button. 4. The SSH Authentication Challenge dialog will be displayed. Enter your password and then click on the [OK] button. 5. When this authentication is successful, the ESXi shell comes to be available on Tera Term. In Case of SSH Connection to vcenter Server When performing SSH connection to the ESXi host, this procedure differs from the above in step (3) or later. 3. The SSH Authentication dialog will be displayed. Put a check mark in the [Use Plain Text] check box, enter your login user name in [User Name], enter your login password in [Password], and then click the [OK] button. 4. When this authentication is successful, the ESXi shell comes to be available on Tera Term.

7.7 Executing a Backup or Restore 7. Maintenance 7-25 This Section describes the procedure of a backup/restore using the VMware standard functions. These procedures are described below. Virtual Machine Backup Perform the following procedure while the virtual machine is stopped. 1. Log in to the virtualization server from the management client using vsphere Client. 2. Select the host, and then click the [Configuration] tab. 3. Click [Storage] in the Hardware column. F070701.png

7. Maintenance 7-26 4. Right-click the datastore, and then select [Browse Datastore] from the menu. 5. Download the files to the management client from the datastore. Select the folder with the name of the virtual machine on the [Folders] tab, and then click the [Download] icon. F070702.png 6. Select an appropriate location for the download destination. F070703.png

7. Maintenance 7-27 Restore 1. Log in to the virtualization server from the management client using vsphere Client. 2. Select the host, and then click the [Configuration] tab. 3. Click [Storage] in the Hardware column. 4. Right-click the datastore, and then select [Browse Datastore] from the menu. F070704.png F070705.png

7. Maintenance 7-28 5. Upload the files from the management client to the datastore. Select the root directory on the [Folders] tab, and then click the [Upload] icon. Select [Upload Folder] from the menu that appears. If a folder of the same name already exists, it will be overwritten. 6. After uploading is finished, right-click the [.vmx] file, and then select [Add to Inventory] from the menu. F070706.png F070707.png

7. Maintenance 7-29 ESXi Host A restore is executed for the ESXi host through its reinstallation. Therefore, back up configuration information (IP address, etc.) beforehand, and then execute a restore after reinstalling the ESXi host. Backing up Configuration Information 1. Start up the SSH client from the management client, and then log in to the virtualization server. 2. Execute the following commands. > vim-cmd hostsvc/firmware/sync_config > vim-cmd hostsvc/firmware/backup_config 3. Download the backup file. Start up the WEB browser from the management client, access to each URL indicated by the messages that appear upon execution of individual two commands, and then download the backup file. As for URL reread http://*/ as http://<ip address of the virtualization server>. Restore Configuration Information 1. Start up vsphere Client from the management client, and then log in to the virtualization server. 2. Select the ESXi host, and then click the [Configuration] tab. 3. Click [Storage] in the [Hardware] column. 4. Select the data store, and then click on [Browse Data Store] from the right-click menu. 5. Upload the configuration information file to the data store from the management client. Select the root directory on the [File] tab, and then click the [Upload] icon. Select [Upload File] from the clicked menu. 6. Start up the SSH client from the management client, and then remotely log in to the virtualization server through SSH connection. 7. Copy the uploaded file to directory /tmp or lower. > cp /vmfs/volumes/<datastore Name>/<Configuration File Name> /tmp/configbundle.tgz 8. Restore the configuration information file. > vim-cmd hostsvc/firmware/restore_config /tmp/configbundle.tgz

7.8 Using the vsphere Web Client 7. Maintenance 7-30 The vsphere Web Client can be used in the system to which vcenter Server has been introduced. Use the vcenter Web Client from the Web browser. vsphere Web Client differs from vcenter Client in the procedure before starting use in the system. The following shows the procedure of this software until starting use of it. 7.8.1 Installing Adobe Flash Player To use vsphere Web Client, you need to have installed Adobe Flash Player beforehand in the WEB browser. The following describes the installation procedure according to an example of using IE8. 1. Log in to a Windows PC as the user with the system administrator privilege of the PC where to install this software. 2. If the WEB browser is activated, terminate it. 3. Run the Windows installer of Adobe Flash Player. (Use the installer downloaded according to Section 5.1.5 Other Software.) 4. The Installation Wizard screen will be displayed. Check the check box of I have read and agree to the terms of the Flash Player License Agreement, and then click the [INSTALL] button. F070801.png

7. Maintenance 7-31 5. If the installation of this software is complete, the following dialog will be displayed. Select [Notify me to install updates] for [Choose your update method], and then click the [DONE] button. 7.8.2 Setting up the WEB Browser Implement the following setup for the WEB browser used in vsphere Web Client. The following describes the installation procedure according to an example of using IE8. Registration to [Trusted Site] F070802.png Register vcenter Server as [Trusted Site]. 1. Open Internet Explorer. 2. Select [Tools] - [Internet Options] from the Menu bar. 3. On the Internet Options dialog that appears, click the [Security] tab. 4. Click on the [Trusted Site] icon. 5. Click on the [Site] button. 6. The Trusted Site dialog will be displayed. Set vcenter Server for [Add this Web site to the Zone], and then click the [Add] button. Setting Format: https://<vcenter Server IP address> 7. Click the [Close] button to close the Trusted Site] dialog. 8. Click the [OK] button to close the Internet Options] dialog. 7.8.3 Logging in to vcenter Server The following shows the procedure for logging in to vcenter Server. 1. Start up the WEB browser from the management client, and then access to vsphere Web Client. Access to the following URL using the WEB browser. https://<vcenter Server IP Address or host name>:9443/vsphere-client/

7. Maintenance 7-32 2. The Login to vsphere Web Client screen will be displayed. Enter the following information. Item Description Remark User name (*1) administrator@vsphere.local Password <Password> Refer to Step 17 in Section 5.6.3. *1: Users are recommended to employ user account that has been created in Section 5.6.4 (vcenter Server Security Settings). 3. If the system succeeds in SSO (Single Sign On), the Home screen of vsphere Web Client will be displayed. F070803.png F070804.png

7.9 Adding VMkernel Port for Time Synchronization of ESXi Host 7. Maintenance 7-33 To time synchronize the ESXi host with the NTP server, the system needs to enable access to a network to which the NTP server belongs from a virtual switch to which the ESXi host VMkernel port connects. According to the virtual network configuration described in Section 5.5 (Management Network), connecting to the VMkernel port and APP Network are separated from each other. Consequently, the ESXi host and the PC on the network connecting to APP Network cannot share the NTP server. Thus implementation of multi-home configuration of VMkernel on the ESXi host by adding VMkernel ports is required. Necessary for time synchronization between ESXi Host and NTP Server Virtualization Server Management Client (vsphere Client) Virtual Machine Real Computer Firewall (ESXi Built-in) NTP Server VMKernel Hypervisor Management Network APP Network Virtual Switch Ethernet L2SW F070901.ai The following shows this configuration procedure. 1. Acquire the IP address available in the network of APP Network from the network administrator. 2. Log in to vcenter Server via vsphere Client from the management client. 3. Click a link of [Network] in the [Hardware] section on the [Configuration] tab of vsphere Client. 4. Click [Properties] of the virtual switch to which a port named as APP Network is connected. Here, the virtual switch is named as vswitch1.

7. Maintenance 7-34 5. The vswitch1 Properties dialog will be displayed. Select the [Ports] tab, and then click on the [Add] button. F070902.png

7. Maintenance 7-35 6. The Add Network Wizard dialog will be displayed. Select [VMkernel] for [Connection Types] and then click on the [Next] button. F070903.png

7. Maintenance 7-36 7. Enter a network label name into the [Network Label] field in the [Port Group Properties] section. Uncheck all check boxes of Use this port group for vmotion, Use this port group for Fault Tolerance logging and Use this port group for management traffic, and then click on the [Next] button. F070904.png

7. Maintenance 7-37 8. Select [Use the following IP settings], enter the IP address and subnet mask that have been acquired in step 1, and then click on the [Next] button. F070905.png

7. Maintenance 7-38 9. As the summary of IP settings appears, check the details and then click the [Finish] button. F070906.png 10. Next, modify firewall settings. Click a link of [Security Profile] in the [Software] section on the [Configuration] tab of vsphere Client, and then click [Properties] of [Firewall]. F070907.png

7. Maintenance 7-39 11. The Firewall Properties dialog will be displayed. Select [vsphere Client] as a service name label, and then click on the [Firewall] button. 12. As the Firewall Settings dialog appears, select the option button of [Only allow connections from the following networks], and then enter the network address of the management network. After this entry, click on the [OK] button. F070908.png 13. Similarly modify the firewall settings of the SSH server. F070909.png

7. Maintenance 7-40 7.10 Using Windows OS as an NTP Server The Windows OS can be used as an NTP server by adding SNTP server functions to the OS. The following shows this setting procedure. 1. Log in to the system as the administrator user of Windows OS. 2. Modify the following registry values. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config Name of value: AnnounceFlags Type of value: REG_DWORD Value: 5 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config Name of value: LocalClockDispersion Type of value: REG_DWORD Value: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\ NtpServer Name of value: Enabled Type of value: REG_DWORD Value: 1 3. Restart the [Windows Time] service. Execute the following commands according to the command prompt. > net stop w32time > net start w32time 4. Clear the firewall settings of NTP server reception port (UDP 123). Execute the following commands according to the command prompt. > netsh advfirewall firewall add rule name= Windows Time(NTP) dir=in action=allow protocol=udp localport=123

Blank Page

i Revision Information Title : Virtualization Guideline for Yokogawa System Products Document No. : Feb. 2014/1st Edition Newly published May 2014/2nd Edition 2.1 Exasmoc/Exarqe Software Name was revised 3.1.1 Exaquantum/PIMS Server annotation was revised 3.2.1 Patch software was revised 5.6.1 [Option] tab was revised to [Resources] tab in procedure #11 5.7.1 Applying patch software was revised Feb. 2015/3rd Edition - The description about application to a real plant was added. - The description about vcenter Server was added. - Others, plenty of descriptions were added. - Grammatical errors, wording, and expressions were corrected. Preface Introduction was changed. 2.1 Exaplog, FAST/TOOLS, PRM were added to Target Products. 2.2 Real Plant System were added to Target System. 2.3 Centralized Management Server was added to Virtualization System. 3.1.1 The description of the Virtualization Server was changed. 3.1.1 The resources of Exaplog, FAST/TOOLS and PRM were added. 3.1.3 Centralized Management Server ; This Section was newly added. 3.2.1 The description about the patch software of a virtual machine was added. 3.2.3 The description about the Management Client was changed and added 3.2.4 Centralized Management Server ; This Section was newly added. 3.2.7 An item was added to Concerns for the Virtualization Server Management 4 The description was added to the lead sentence. 4.1 Virtualization System Viewed from RAS Viewpoints ; This Section was newly added. 4.2 Improved Reliability in Virtualized Systems ; This Section was newly added. 4.3 Figure 4-2 and Figure 4-3 are changed. 4.3.2 Real Plant System ; This Section was newly added. 4.4 The Section title and the description about CPU were changed. 4.5.2 The description was added to each resource. 4.5.3 Remote Server Management Controller was added to Peripheral Devices. 4.5.4 The description was added to Time Synchronization. 4.6.2 Support Contract ; This Section was newly added. 5.1.1 The description was added to IP Address. 5.1.2 The description was added to Administrator Account and Password. 5.1.4 Centralized Management Server Software ; This Section was newly added. 5.1.5 Adobe Flash Player, Tera Term were added to Other Software. 5.2.1 Setting Up Built-in Remote Server Management Controller was added to Hardware Setup. 5.3.2 Installing Tera Term ; This Section was newly added. 5.6 Setting up Centralized Management Server ; This Section was newly added. 5.7 Managing ESXi Host with vcenter Server ; This Section was newly added. 5.8.4 The description was added to Configuring the Guest OS 5.9.1 The description was added to Installing Yokogawa Products. 5.10 The description was added to the lead sentence. 5.10.2 The description was added to Wyse T10 Setup. 5.10.3 Setting up a Windows PC ; This Section was newly added. 6.1 Procedure of Backup/Restore was moved to Section 7.7. 6.2.2 The description was added to Hypervisor Security. 6.2.3 The description was added to Client Security. 6.2.4 Virtual Appliance Security ; This Section was newly added. 6.3 Applying the Virtual Machine Technology ; This Section was newly added. 6.4 Performance Management ; This Section was newly added.

ii 6.5 Updating Virtualization Software ; This Section was newly added. 7.5 Acquiring Virtualization Server Logs ; This Section was newly added. 7.6 Operating the ESXi Shell ; This Section was newly added. 7.7 Executing a Backup or Restore ; The contents of this Section were moved from Section 6.1. 7.8 Using the vsphere Web Client ; This Section was newly added. 7.9 Adding VMkernel Port for Time Synchronization of ESXi Host ; This Section was newly added. 7.10 Using Windows OS as an NTP Server ; This Section was newly added.

Blank Page

Written by Yokogawa Electric Corporation Published by Yokogawa Electric Corporation 2-9-32 Nakacho, Musashino-shi, Tokyo 180-8750, JAPAN Subject to change without notice.