Proficy HMI/SCADA -

CIMPLICITY 2022
Getting Started

GE Digital Proficy Historian and Operations Hub: Data Analysis in Context 1

Proprietary Notice
The information contained in this publication is believed to be accurate and reliable. However, General Electric Company assumes no
responsibilities for any errors, omissions or inaccuracies. Information contained in the publication is subject to change without notice.

No part of this publication may be reproduced in any form, or stored in a database or retrieval system, or transmitted or distributed in any
form by any means, electronic, mechanical photocopying, recording or otherwise, without the prior written permission of General Electric
Company. Information contained herein is subject to change without notice.

© 2022, General Electric Company. All rights reserved.

Trademark Notices
GE, the GE Monogram, and Predix are either registered trademarks or trademarks of General Electric Company.

Microsoft® is a registered trademark of Microsoft Corporation, in the United States and/or other countries.

All other trademarks are the property of their respective owners.

We want to hear from you. If you have any comments, questions, or suggestions about our documentation, send them to the following email
address:

[email protected]
Chapter 1. HMI/SCADA CIMPLICITY Introduction.................................................................... 4

About HMI/SCADA CIMPLICITY.............................................................................................. 4

Customer and Technical Support Contact Information................................................................. 4

System Architecture Overview...................................................................................................... 5
System Architecture Overview.............................................................................................. 5
CIMPLICITY Server and Viewer Defined............................................................................7
Chapter 2. CIMPLICITY Applications Tour................................................................................... 9
CIMPLICITY Applications Tour...................................................................................................9
Part 1. CIMPLICITY Tour............................................................................................................ 9
Part 2. CIMPLICITY Tour.......................................................................................................... 10
Part 3. CIMPLICITY Tour.......................................................................................................... 11
Part 4. CIMPLICITY More Features...........................................................................................12
Part 5. CIMPLICITY Options..................................................................................................... 14
Chapter 3. Common Licensing........................................................................................................16
About Common Licensing........................................................................................................... 16
System Requirements................................................................................................................... 20
Configure Common Licensing.....................................................................................................21
Step 1: Order Email and Downloads...................................................................................21
Step 2: Common Licensing Software..................................................................................22
Step 3: Activating Licenses................................................................................................. 28
Step 4: Returning Licenses.................................................................................................. 42
Reconcile Device ID with Tolerant ID....................................................................................... 45
Reconcile Device ID with Tolerant ID................................................................................45
Chapter 4. SCADA Web Configuration.......................................................................................... 48
About CIMPLICITY SCADA Web Configuration..................................................................... 48
Enable, Launch, and Log in to SCADA Web Configuration......................................................48
Enable, Launch, and Log in to SCADA Web Configuration.............................................. 48
Enable SCADA Web Configuration....................................................................................49

Launch SCADA Web Configuration................................................................................... 50

Log in to SCADA Web Configuration................................................................................52
 Contents | iii

Select and Browse an OPC UA Device...................................................................................... 53

Create SCADA Points..................................................................................................................54
Generate SSL Certificate to secure SCADA Web Configuration............................................... 57
Generate SSL Certificate to secure SCADA Web Configuration....................................... 57
Using an External Certificate Authority.............................................................................. 58
Update validity of SSL Certificate...................................................................................... 60
Install SSL Certificate on a Viewer or Remote Machine............................................................61
Advanced Configuration Options................................................................................................ 61
Advanced Configuration Options........................................................................................ 61
Configure SCADA Web Configuration Services................................................................ 61
Configure Certificates from External Certificate Authorities for SCADA Web
Configuration........................................................................................................................64
Chapter 1. HMI/SCADA CIMPLICITY
Introduction

About HMI/SCADA CIMPLICITY

This section contains information on customer and technical support, the basic CIMPLICITY
architecture, a tutorial describing CIMPLICITY applications, and some information on optimal usage
of the CIMPLICITY online help system.

Customer and Technical Support Contact Information

For information on how to contact our Technical Support team, see

digitalsupport.ge.com.
 Getting Started | 1 - HMI/SCADA CIMPLICITY Introduction | 5

System Architecture Overview

System Architecture Overview

CIMPLICITY software is scalable from a Human Machine Interface to a fully networked

Supervisory Control and Data Acquisition (SCADA) system. The networking capabilities inherent
at all levels within the product line let you achieve levels of integration that virtually eliminate
redundant configuration within a network.
Getting Started | 1 - HMI/SCADA CIMPLICITY Introduction | 6

rect 3, 2, 273, 88 (page 6)

rect 6, 90, 273, 182 (page 6)
rect 4, 183, 274, 269 (page 6)
V Viewer Connects to Server

Status monitoring and control

Viewer options available

Development configuration

Graphics configuration

S Server Connects to Viewer

Status monitoring and control

Development configuration

Graphics configuration

Data collection

Server options available

C Industrial controllers N/A

CIMPLICITY is based on a client–server architecture consisting of Servers and Viewers. Servers are
responsible for the collection and distribution of data. Viewers connect into Servers and have full
access to the collected data for viewing and control actions.

Servers and Viewers can be easily networked together to seamlessly share data without the need
to replicate your point database from node to node. For example, points are configured once and
only once on a server. Screens can be developed and stored in a single location on the network and
accessed by any other CIMPLICITY display on the network.

CIMPLICITY provides the flexibility to build a larger system through multiple smaller nodes
without forcing you to purchase large and expensive server hardware to service multiple users.
 Getting Started | 1 - HMI/SCADA CIMPLICITY Introduction | 7

CIMPLICITY Server and Viewer Defined

HMI/SCADA CIMPLICITY provides the following three options. The server or viewer's license
determines which option it will use.

Options are:

1 CIMPLICITY Server Receives data from the PLC.

Stores data.

Provides CIMPLICITY configuration tools.

Performs calculations.

Displays data through Viewers

Displays data

2 Viewer Enables configuration on the server from a separate computer.

Displays data from the server.

Displays data from the server.

3 Web Client N/A

You have to install at least one CIMPLICITY server. The total number of servers and viewers you
can install depends on your licensing agreement.

Tip: CIMPLICITY also provides numerous options (page 14) for remotely interacting with
your CIMPLICITY projects.
Getting Started | 1 - HMI/SCADA CIMPLICITY Introduction | 8

Contact your sales representative (page 4) with questions about purchase options.
Chapter 2. CIMPLICITY Applications Tour

CIMPLICITY Applications Tour

CIMPLICITY provides an extraordinary selection of features that enable you to configure
comprehensive and robust projects.

Once you have installed CIMPLICITY this quick tour will guide you through the order for
configuring a basic project.

This tour provides links to the related subject in the documentation. Once you think you understand
the basic concepts about the subject, you can come back to the tour at any time.

The tour is divided into five parts that provide links to documentation that describes:
CIMPLICITY APPLICATIONS TOUR

Part 1 (page 9) How to set up the foundation for your system goals.

Part 2 (page 10) How to set up points and alarms.

Part 3 (page 11) How to create powerful applications that can graphically deal with system data for whoever
has access privileges.

Part 4 (page 12) Many other powerful tools.

Part 5 (page 14) CIMPLICITY options.

Part 1. CIMPLICITY Tour

Part 1 of the CIMPLICITY tour provides links to documentation that describes how to set up the
foundation for your system goals.

Part 1 of CIMPLICITY Tour

Step 1. Open the CIMPLICITY Workbench. The Workbench is at the center of your CIMPLICITY project.

Step 2. Create a new project. A project contains the configuration that defines what CIMPLICITY will do for
your system and how it will work.

Step 3. Look over the Workbench. The Workbench provides the power you need to view, configure,
organize, and manage every component of your project through one easy to use window.
Getting Started | 2 - CIMPLICITY Applications Tour | 10

Part 1 of CIMPLICITY Tour

Step 4. Configure a device including:

• A port, which is a communication socket, connects one or more factory devices such as PLC's
to the computer

• A device is anything that can communicate point data to CIMPLICITY software.

CIMPLICITY software can read data from and write data to devices. Examples of devices
are programmable controllers such as the Series 90. The Quick Device Setup in the
documentation gives you quick start for both.

Step 5. Define security and routing including:

• Resources are the physical or conceptual units that comprise your facility.

• A user is an individual person working with a CIMPLICITY project.

• A role specifies what privileges its users have when they work in CIMPLICITY.

Part 2. CIMPLICITY Tour

Part 2 of the CIMPLICITY tour provides links to documentation that describes how to set up points
and alarms.

Note: CIMPLICITY collects or calculates point data that it distributes to:

• CimView screens
• Alarm Viewer screens
• Alarm printers
• Logging tables
• Other CIMPLICITY software options

The collection and distribution of point data is handled by the Point Management subsystem.

Part 2 of CIMPLICITY Tour

Step 6. Create points including:

• A device point communicates back and forth with a device that is attached to the server
for monitoring and control purposes.

• A virtual point provides you with the ability to calculate and report data that is independent
of any one device.
 Getting Started | 2 - CIMPLICITY Applications Tour | 11

Part 2 of CIMPLICITY Tour

Step 7. Configure alarms.

• Point alarms alert users when points are in a defined alarm states. You create and modify
point alarms in the Point Properties dialog box or the Alarm Definition dialog box through
the Alarms folder.

• System event alarms alert users for alarm states such as device failures, program
terminations, system startups, and system shutdowns. You create and modify system
event alarms in the Alarm Definition dialog box through the Alarms folder.

Step 8. Test your configuration in the Point Control Panel.

• The Point Control Panel provides you with a forum in which you can easily review and
change point values and status during runtime.

Part 3. CIMPLICITY Tour

Part 3 of the CIMPLICITY tour provides links to documentation that describes how to create
powerful applications that graphically deal with system data for whoever has access privileges.
Getting Started | 2 - CIMPLICITY Applications Tour | 12

Part 3 of CIMPLICITY Tour

Step 9.
• Configure a CimEdit screen.

• CimEdit combines the features commonly found in high-powered graphics applications,

with an abundant number of state of the art configuration tools. They all help you take
advantage of CIMPLICITY's extensive runtime capabilities. Consequently, you can
create CimView screens that are clear, easy, and robust.

• CimEdit Screens provide you with several diverse features and capabilities that you can
use at any time during your screen design session. Some, but not all of the capabilities
include:
◦ Preliminary Layout CimEdit offers you a wide assortment of objects and object
types to place on your CimEdit screen. Consequently, you can place objects that
deal with data from any source you specify and display the data or evaluation
results in a manner that is most effective for your project's runtime requirements.
◦ Inanimate Visual Features enable you to modify the appearance of an object.
They range from modifying its size so it will fit where you want it go, to displaying a
several similar objects that represent similar but independent functions.
◦ Runtime movement and Animation provides several choices to create activity on
your screens that makes it easy for a CimView user to quickly determine the status
of a point or expression.
◦ Points report specific conditions in the system. Points are the result of detailed
configuration, which is done in the Point Properties dialog box. As with other
CIMPLICITY applications, when you are in CimEdit, you can find and use any point
that is already in any broadcasting project on your network. In addition, you can
create new points by opening the Point Properties dialog box through CimEdit.
◦ Variables can be used in an expression to represent different types of values
◦ Events trigger a procedure or call a script. CimEdit provides a long list of events
from which you can choose the best one for your requirements.
◦ Procedures contain one or more actions that are triggered in the specified order
when an event occurs and while the screen is displayed in CimView. CimEdit
provides several actions from which a screen designer can easily compile a
meaningful list.

Step 10. Test your configuration through CimView.

• CimView is a runtime, interactive graphical user interface through which you can monitor
and control your facility. CimView displays screens that were created in CimEdit for
specific applications.

Part 4. CIMPLICITY More Features

CIMPLICITY is so powerful that you will constantly discover new possible solutions as you
continue to use it.

Part 4 provides links to documentation for CIMPLICITY's many other powerful tools. Which tools
you use depend on your system needs. (Some of the tools are options that you can purchase through
your CIMPLICITY representative.)
 Getting Started | 2 - CIMPLICITY Applications Tour | 13

Feature Description
Alarm Management
• Alarm Classes are groups of Alarms with similar characteristics.

• Alarm Strings name alarm states. An alarm displays the string for its alarm state
when %State is included in the alarm message.

• The Stand-alone Alarm Viewer, AMV, is useful for a user to quickly monitor and
responds to alarms anywhere in the system.
• The Alarm Viewer Control is an ActiveX object that you embed in a CimEdit screen.
The AMV Control provides a powerful tool for you to fully integrate the Alarm Viewer
capability with your other CimEdit screens.

• Database Logging provides you with a seamless way to analyze your system
processes and equipment performance by logging data to and reporting data from a
wide variety of ODBC (Open Database Connectivity)-compliant databases.
• Trend Control is an ActiveX Control that enables you to review, evaluate and log
point values over time.
• Historical Alarm Viewer Control is an ActiveX control through which you can easily
review logged alarm data through CimView in an easy-to-read table format and print
one or more pages of the display at any time during a session.

Basic Control Engine The Basic Control Engine option consists of three main components:

• Program Editor provides a set of sophisticated development tools that let you create
programs with a Visual Basic compliant programming language. These programs can
then be executed as actions in response to events. The programming language has a
rich set of nearly 500 standard Basic functions, and also provides an object interface
to CIMPLICITY points, alarms and the Status Logger, further enriching the language.

• Event Editor enables you to define actions to take in response to events that occur
in a process. An event can be defined as a changing point, alarm state, or even a
particular time of day. One event may invoke multiple actions, or one action may be
invoked by many events.
• Basic Control Engine monitors for events and executes the configured actions. The
Basic Control Engine is based on a multi-threaded design that allows the system to
invoke and execute multiple Visual Basic programs concurrently.
• Classes enable you to do the basic configuration once and use it over and over
instead of repeating configuration, which may include creating complex CimEdit/
CimView screens, for several objects that have similar requirements.
• Class Objects provide an easy way to do complex configuration for one or more
objects that are similar. Class objects, which are based on a Class template, can
include pre-configured attributes, points, events, actions and scripts.
• Dynamic Graphic Replay is a powerful tool to help you troubleshoot problems that
have occurred in your processes.
• XY Plot provides you with the ability to visually represent values in relation to each
other. For example, you can plot real data vs. calculated date, or elements such
pressure vs. temperature.
• Remote Projects need to be defined when a project starts, the Point Bridge or
Point Data Logger need to get points from projects on other computers running
CIMPLICITY projects.
• Recipes enable you to create and manage recipe data for your production processes.
The Recipes interface consists of a spreadsheet format in which you enter the
configuration data for each of your recipes. This format allows you to group similar
products together.
Getting Started | 2 - CIMPLICITY Applications Tour | 14

Feature Description
Object Model Interfaces into components (e.g. objects, services, CimEdit screens both configuration
and runtime, Project configuration Trend control, XY Plot control) that enable a developer
to manipulate the components from a programming or scripting language, such as
CIMPILICITY Basic, VB, C++, VBA, VBScript.

• CIMPLICITY Configuration Object Model

• CimEdit/CimView Object Model

• CIMPLICITY XY Plot Object Model

• CIMPLICITY Safe Array Object Model

• CIMPLICITY Historical Data Connector Object Model

Part 5. CIMPLICITY Options

Option Description
Options
• CIMPLICITY OPC Server provides a standards-based interface to some form of run-time
data. The data may come from a specific physical device (e.g. a PLC) or from a Distributed
Control System. The OPC Server conforms to the OLE for Process Control (OPC) 2.0 Data
Access standards, a technology standard initially developed by a group of automation industry
companies and now managed by the not-for-profit organization called the OPC Foundation.

• Server Redundancy in automated systems, provides for switchover of functionality to a

backup component in case of failure of a primary component. The switchover is considered
automatic if no operator intervention is required. Redundancy applies to both hardware and
software, and implies minimal loss of continuity during the transfer of control between primary
(active) and redundant (backup) components.

• Statistical Process Control enhances your ability to manage a quality control program by
addressing the four major phases of quality control: measurement, analysis, improvement,
control.

Tracker There are two distinct, yet interrelated pieces to Tracker: Production Tracking (PRT) and Routing
Control Objects (RCO).

• Production Tracking module monitors the progress of items through the production process.

• Routing Control Objects performs routing decisions for enhanced production flow.
 Getting Started | 2 - CIMPLICITY Applications Tour | 15

Option Description
Order Execution Order Execution Management provides a comprehensive addition to Tracker that enables you to
Management track, store, categorize and sequence your customers' orders based on your configured criteria.
Order Execution Management includes:

• XMLT tools take raw data orders, translates them into an .xml format and enters valid data
into PRT and TADB.

• Directory Watcher confirms that order files have completed downloading to XMLT output
directory and moves files to the POMS input directory.

• Product Order Management System (POMS) can be the hub of your Order Execution
Management order management system. POMS is essentially a project that contains the
basic configuration on which you can build your customized system.

• CimView Order Entry provides order entry screens if you find that you have to manually edit
an order item.

• Tracker Attribute Database (TADB) stores comprehensive data about items, including orders
and product components.

• Range Source Architecture (RSA) enhances the traditional RCO concept of a Tracker source
(source region).

• Tracker Query Engine is a powerful high level query engine that has its own syntax for forming
queries. It pulls data from both the Tracker Attribute Database and the Order Execution
Management runtime memory map. Queries may be named and stored for future use, or for
subdividing and abbreviating complicated queries.

• Order Execution Management Broadcast is the delivery of a configurable list of product

related information (including at least build options, location information, other/supporting data
and subsets of the unit bill of material) to plant floor devices and to suppliers.

• Alarm Cast messaging engine is a standardized interface between personal communication

devices and applications sending messages through either an internal paging service and/or
external service providers.

• Marquee Manager product family monitors manufacturing environments and sends real time,
automated messages to visual and/or audible devices.
Chapter 3. Common Licensing

About Common Licensing

Common Licensing simplifies administration and support while providing more secure license
activation and management.

You can use Common Licensing to:

• View current licenses for GE products on your computer.

• Choose your licensing method: Internet, local intranet, GE USB Hardware Key, file-based.
• Manage your licenses: Activate, return, refresh, and clean.

Visit the GE Customer Center web site at https://digitalsupport.ge.com to obtain information about
the latest GE product offerings.
Table 1. Common Licensing documentation links to view the latest updates:
Document Link
Common Licensing https://www.ge.com/digital/documentation/licensing/quickstart/
Quickstart Guide g_licensing_quick_start_overview.html

(Online)

Common Licensing Help https://www.ge.com/digital/documentation/licensing/index.html

(Online)

The following Common Licensing software enable you to activate your GE product licenses:

1. License client
2. Local License Server (LLS)
3. License Server Tools

Note: You do not have to install all the above software in your system. The software required to
activate your licenses depend on whether you are using a physical machine or a virtual machine.

To configure Common Licensing on your computer (physical machine or virtual machine), you
should go through the following:

Prerequisites (page )| Step 1: Order Email and Downloads (page )| Step 2: Common
Licensing Software (page )| | Step 3: Activating Licenses (page )| Step 4: Returning
Licenses (page )
 Getting Started | 3 - Common Licensing | 17

Prerequisites
Use the following links to check the supported operating system requirements and virtual machines.
Ensure you have enough disk space and memory.

• (page )
• System Requirements (page 20)

1. Order Email and Downloads

You will receive an order e-mail from GE Digital after your successful purchase of GE products.
Login to the website as specified in the order email using the same e-mail address. For more details,
refer Step 1: Order Email and Downloads (page 21).

2. Common Licensing Software

After you execute CommonLicensing_<version>.exe, you can install the software: 1)
License Client, 2) Local License Server, and 3) License Server Tools
Getting Started | 3 - Common Licensing | 18

You must run CommonLicensing_<version>.exe as an Administrator. After installing the

licensing software, restart your computer.

Download your codes using the Local License Server Administration Tool. Run License Client to
activate your GE Digital software product licenses. After you complete the installation steps, confirm
that all the product licenses appear in License Client. For detailed steps, refer Step 2: Common
Licensing Software (page 22)
 Getting Started | 3 - Common Licensing | 19

3. Activating Licenses
In License Client, the Activate Licenses tab provides several options for activating a license on your
computer. You can select one of the options based on your system configuration. For detailed steps,
refer Step 3: Activating Licenses (page 28).
Getting Started | 3 - Common Licensing | 20

4. Returning Licenses
The Return Licenses tab is used to return licenses from your computer to the GE Cloud Server or a
Local License Server. For detailed steps, refer Step 4: Returning Licenses (page 42).

System Requirements
The following are the system requirements for Common Licensing.

Supported Operating System

GE recommends using the latest service packs for Windows operating systems. The user should have
the software that support Common Licensing installers:

You must have one of the following operating systems :

• Microsoft Windows 7 SP1

• Microsoft Windows 8.1
• Microsoft Windows 10
• Microsoft Windows Server 2019 Standard
• Microsoft Windows Server 2016 Standard
• Microsoft Windows Server 2012 Standard
• Microsoft Windows Server 2012 Standard R2
• Microsoft Windows Server 2008 Standard R2 SP1

Note: Microsoft Windows 7 SP1, Microsoft Windows Server 2008 R2 SP1, and Microsoft
Windows Server 2012, with Common Licensing 18.8 and higher, require the latest Windows Updates
to enable TLS 1.2 as default secure protocol.

Note: Microsoft Windows XP, Microsoft Windows Server 2003, and Microsoft Windows Server
2008 are no longer supported in Common Licensing 18.4 and higher. If you are using one of these
operating systems, use Common Licensing 18.3.

Supported Virtual Machines

License Client

• VMware ESXi 5.X

• Microsoft Hyper-V on Windows Server 2008 R2, 2012, 2016, or 2019

Local License Server

• VMware ESXi 5.x

 Getting Started | 3 - Common Licensing | 21

• Microsoft Hyper-V 6.1, 6.3

Common Licensing was tested on VMware and the Parallels virtual machine software running on a
Macintosh computer.

Configure Common Licensing

Step 1: Order Email and Downloads

Order Email
After you receive an order email from GE Digital with your activation codes, similar to
the one below. You can download the required products and install them on your computer
(physical machine or virtual machine). After you download the required product, you will see
CommonLicensing_<version>.exe (for example: CommonLicensing_v19_4_1848_0.exe).
Use the steps that follow to accomplish the license activation task.

Download Common Licensing

1. Select the link in the email from GE Digital to access the web site.
2. Login using the same e-mail address that the activation codes were sent to. After a successful
login, you will be navigated to the Software Order Download page, that includes Product
List, and a link to Proficy License Installer.
3. Select Proficy License Installer from Other helpful links. The GE Licensing Installer page
that contains Common Licensing software appears.
Getting Started | 3 - Common Licensing | 22

4. Double-click CommonLicensing<version>.exe to start the licensing download.

Note: This license install will have all the licensing functionalities that can be administrated
from the same computer.

Refer, Step 2: Common Licensing Software (page 22) to proceed to next steps.

Step 2: Common Licensing Software

Overview
Perform the following steps to install the required Common Licensing software on your computer:

1. Execute CommonLicensing<version>.exe (page 22)

2. Install License Client (page 23)
3. Install the Local License Server (page 25)
4. Install License Server Tools (page 26)

Important: When you run CommonLicensing_<version>.exe, you must be logged

in as an Administrator.

Before you begin, follow the below important notes on the Common Licensing software installation
for your system configuration.

Note:

• For a physical machine, the License Client is the only software that must be configured. The
physical machine can collect the GE product licenses from the GE cloud server or from the
Local License Server, and then the GE products are activated through the License Client.
• For a virtual machine, all the three software: 1) License Client, 2) Local License Server, and the
3) License Server Tools must be installed. If you have a separate computer pre-installed with
Local License Server, you do not have to install Local License Server in your virtual machine.
The virtual machine can collect the GE product licenses from the Local License Server and then
the GE products are activated through the License Client.

Execute CommonLicensing<version>.exe

1. Confirm that you are logged in as an Administrator.

2. Browse the folder where you downloaded the CommonLicensing<version>.exe file.
3. Right-click the CommonLicensing<version>.exe file, and select Run as
Administrator. A message appears asking if you want to allow this application to make
changes to your device.
4. Select Yes. The Common Licensing screen appears, as shown in the following figure.
 Getting Started | 3 - Common Licensing | 23

Install License Client

1. From the Common Licensing screen, select Install License Client.

2. The installation process may take a few moments, and may require some prerequisites to install.
The following screen appears.
Getting Started | 3 - Common Licensing | 24

3. Select Next. The License Agreement appears.

4. Select I accept the terms of this license agreement and select Next to continue.
5. If a message to install USB HASP Drivers appears, leave the default (selected), and select Next.
Otherwise, the Ready to Install the Program screen appears.
6. Select Install. When the installation completes, the InstallShield Wizard Complete screen
appears.
 Getting Started | 3 - Common Licensing | 25

7. Select the I would like to create a shortcut on my Desktop check box.

8. Select Finish to complete the installation.

Install Local License Server

1. From the Common Licensing screen, select Install Local License Server .
2. The installation process may take a few moments, and may require some prerequisites to finish
the installation. When the installation completes, the InstallShield Wizard Completed screen
appears.
Getting Started | 3 - Common Licensing | 26

3. Select the I would like to create a shortcut on my Desktop check box.

4. Select Finish to complete the installation.

Install License Server Tools

1. From the Common Licensing screen, select Install License Server Tools.
2. The installation process may take a few moments, and may require some prerequisites to install.
The welcome screen appears.
 Getting Started | 3 - Common Licensing | 27

3. Select Next. The License Agreement page appears.

4. Select I accept the terms of this license agreement option, and then select Next. The Ready to
Install the Program page appears.
5. Select Install. When the installation completes, the InstallShield Wizard Complete screen
appears.
Getting Started | 3 - Common Licensing | 28

6. Select the I would like to create a shortcut on my Desktop option.

7. Select Finish to complete the installation.

After you have configured the software as per your system requirements from the Common
Licensing screen, you can proceed to the next step, Step 3: Activating Licenses (page 28).

Step 3: Activating Licenses

Activating Licenses Scenarios
Following are the scenarios to activate your GE product licenses:

1. Computer (online) connected to the GE Cloud License Server (page 28)

2. Computer (online) or VM connected to a Local License Server (page 30)
3. Computer (offline) Licenses Activation by using GE USB Hardware Key (page 34)
4. Computer (offline) Licenses Activation by using Request and Response Files (page 36)

Scenario 1: Computer (online) connected to the GE Cloud License Server

 Getting Started | 3 - Common Licensing | 29

The computer (physical machine or virtual machine) with GE Cloud License Server is connected to
internet, the GE product licenses are collected from GE Cloud License Server and then the licenses
are activated in the computer installed with License Client.

1. In License Client, select Activate Licenses, select the option 1, Yes, for this computer from
the GE Cloud License Server.

2. The Activate Licenses from the GE Cloud Server page appears.

Note: Internet connectivity is verified before this page is displayed. An error message
is displayed if the GE Cloud License Server is not accessible, and the No Licenses on this
Computer page is automatically displayed.

3. Enter your first activation code, and then select Add Code.
4. Repeat the previous step for each license you have.
5. Select Activate. The Licenses screen should now display all the licenses activated on the server.
Getting Started | 3 - Common Licensing | 30

Scenario 2: Computer (online) or VM connected to a Local License Server

The computer (physical machine or virtual machine) with Local License Server is connected to
internet, the GE product licenses are collected by communicating with GE Cloud License Server and
then the licenses are activated in the intranet computer installed with License Client.

The virtual machine with all the three software: 1) License Client, 2) Local License Server and the
3) License Server Tools must be installed. If you have a separate computer pre-installed with Local
License Server, you do not have to install Local License Server in your virtual machine.

Follow the below steps for a physical machine or a virtual machine installed with Local License
Server software:

1. From the Windows Services console (Press Windows+R on your keyboard, then enter
services.msc and press the Enter button), confirm that the License Server is running.
 Getting Started | 3 - Common Licensing | 31

2. Navigate to C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\General Electric, and then select Local License Server Administration Tool. A
message appears prompting you to confirm the changes.
3. Select Yes to continue. The Local License Server Administration Tool screen appears, as
shown in the following figure.

4. Select Add Licenses. The following screen appears.

Getting Started | 3 - Common Licensing | 32

5. Enter your first activation code, and then select Add Code.

Note: You can find the activation codes in your GE order e-mail.

6. Repeat the previous step for each license you have.

7. Select Activate. The Licenses screen should now display all the licenses activated on the server,
as shown in the following figure.
 Getting Started | 3 - Common Licensing | 33

Activate your Product Licenses on License Client

1. Navigate to C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\General Electric and then select License Client. A message appears prompting you to
confirm the changes.
2. Select Yes to continue. The License Client screen appears, as shown in the following figure.

3. In License Client, select Activate Licenses.

4. You have the Local Licensing Server already installed on the same computer, hence select the
option 2, Yes, for this computer from a local license server . The Lease licenses from a
local license server screen appears, as shown in below figure.

5. Select the check box for the products you want to activate, and then select Activate.
Getting Started | 3 - Common Licensing | 34

Confirm the License Client Displays Licenses

1. In License Client, select View Licenses. The activated licenses for the selected server appears,
similar to the screen below. In the Licensed Products section, select the products listed to view
the license information.

2. Confirm that your license information appears correctly for each product you activated.

Scenario 3: Computer (offline) Licenses Activation by using GE USB Hardware

Key

• Configurable GE USB Hardware Keys: Configurable keys are plugged-in to a computer with
internet to activate licenses and then used in the computer that does not have internet.
• Non-configurable GE USB Hardware Keys: Pre-loaded with the licensing information for your
products.

1. Insert the GE USB Hardware Key to your online computer (physical machine or a virtual
machine).
2. In License Client, select Activate Licenses, select the option 3, Yes, for the inserted
Hardware key.
 Getting Started | 3 - Common Licensing | 35

Note: If you did not install the Sentinel USB drivers, error messages appear and the
disabled USB icon appears in the footer.

If you did install the Sentinel USB drivers, the License Client detects and reads the GE USB
Hardware Key (up to two minutes), and then the Activate Licenses on GE USB Hardware
Key page appears, as shown below.
Getting Started | 3 - Common Licensing | 36

3. Enter your first activation code, and then select Add Code.
4. Repeat the previous step for each license you have.
5. Select Activate. The Licenses screen should now display all the licenses activated on the server.
6. Remove the GE USB Hardware Key from your online computer and plug-in to the offline
computer.

Scenario 4: Computer (offline) Licenses Activation by using Request and

Response Files

A Request file and a Response file is used as a medium between a computer having internet and GE
Cloud server to activate the licenses in the offline computer.

In License Client, select Activate Licenses, to activate licenses on client computers that are not
connected to the internet. Activating licenses on an offline computer includes the following steps:

1. Generate a request file from the offline computer. Send the request file to the online computer.
 Getting Started | 3 - Common Licensing | 37

2. From an online computer, send the request file to the GE cloud license server and generate a
response file.
3. Send the response file to the offline computer and activate the licenses.

Generating a Request File

1. From License Client, select the Activate Licenses tab. The License Client detects that the
client computer is not connected to the internet. The "Do you need to activate a License?" page
appears.

2. Select Yes, for a permanently offline computer. The Generate a Request File to activate
licenses page appears.
Getting Started | 3 - Common Licensing | 38

3. Browse to the media device or the network location where the request file is saved.
4. Enter each activation code and select Add Code to add it to the Activation Codes area.

Note: You can find the activation code(s) in your GE order e-mail.

5. Select Generate File to create and save a request file to the specified location.
6. The Complete Offline Process page appears. A message appears indicating the request file
location and when it was created.
 Getting Started | 3 - Common Licensing | 39

Generating a Response File

Collect the request file from the offline computer and then generate a response file from an online
computer.

1. Select Complete Offline Process. The Complete Offline Process page appears. A message
appears indicating the response file location and when it expires.
Getting Started | 3 - Common Licensing | 40

2. Select Generate a response file from an online computer. The Generate a Response File
page appears.

3. If necessary, insert the media device into the computer.

 Getting Started | 3 - Common Licensing | 41

4. Select the request file and response folder location, then select Generate File. The response file
is generated and saved to the specified location on a media device or network drive that can be
accessed by the offline computer.

Note: The response file expires 24 hours after being created. The application indicates the
time remaining before the response file expires.

Activating Licenses

After generating a request file from your offline computer and a response file from an online
computer, you can activate licenses on the offline computer.

1. On the Complete Offline Process page, select Use the response file to update licenses on the
original offline computer.

The Use the Response File to Update Licenses page appears.

Getting Started | 3 - Common Licensing | 42

2. If necessary, insert the media device with the response file into the computer.
3. Browse to the location of the response file, and select the file.
4. Select Update Licenses.

Note: After the response file is imported, the response file extension is modified to
''response_imported''.

Step 4: Returning Licenses

You can return your licenses for time being and re-activate them later. You can also re-active your
licenses on a different computer using License Client.

The Return Licenses tab in License Client is used to return licenses from your computer (physical
machine or virtual machine).
 Getting Started | 3 - Common Licensing | 43

Following are the steps for returning your licenses if your computer is connected to a Local License
Server, or to the GE Cloud License Server, or a computer with a GE USB Hardware key:

1. In License Client, select Return Licenses.

2. The return licenses server page displays information for each license on your computer.
3. Select the check box for each license to return, and then select Return.

Note: The Activate Licenses tab appears, indicating that licenses have been successfully
returned to your respective license server.

Following are the steps for returning your licenses if your computer is offline, that is your computer
is not connected to the internet:

1. Generate a request file from the offline computer. Send the request file to the online computer.
2. From an online computer, send the request file to the GE cloud license server and generate a
response file.
3. Send the response file to the offline computer and return the licenses.

Generating a Request File

Note: Generate a request file from an online computer before returning licenses from an offline
computer.

1. On the offline computer, in License Client, select the Return Licenses tab. The License Client
detects that the client computer is not connected to the internet.
2. The Generate a Request File to return licenses page appears.
Getting Started | 3 - Common Licensing | 44

3. Select the licenses to be returned.

4. Browse the location where you want to save the request file.
5. Save the license request file to a device or network drive that can be accessed by the online
computer.
6. If you are using a portable media device, remove it and return to the online computer.

Generating a Response File

Note: Generate a response file from an online computer before returning licenses from an offline
computer.

1. Select Complete Offline Process. The Complete Offline Process page appears. A message
appears indicating the response file location and when it expires.
2. Select Generate a response file from an online computer. The Generate a Response File
page appears.
3. If necessary, insert the media device into the computer.
4. Select the request file(s) and response folder location, then select Generate File. The response
file is generated and saved to the specified location on a media device or network drive that can
be accessed by the offline computer.

Note: The response file expires 24 hours after being created. The application indicates the
time remaining before the response file expires.

5. If you are using a portable media device to store the response file, remove it and return to the
offline computer.

Returning a License

After generating a request file from your offline computer and a response file from an online
computer, you can return licenses from the offline computer.

1. On the Complete Offline Process page, select Use the response file to update licenses on the
original offline computer. The Use the Response File to Update Licenses page appears.
2. If necessary, insert the media device with the response file into the computer.
3. Browse the location of the response file, and select the file.
4. Select Return License.

Note: After the response file is imported, the response file extension is modified to
''response_imported''.
 Getting Started | 3 - Common Licensing | 45

Reconcile Device ID with Tolerant ID

Reconcile Device ID with Tolerant ID

If your device ID changes, you may face some issues with your GE product licenses. You must
perform the reconcile operation to make your device ID tolerant against any further changes to the
device ID.

Follow the below important notes on Common Licensing software version requirements.

Note:

• If you are installing Common Licensing software for the first time in your computer, then your
device ID will be tolerant when you install Common Licensing version 19.4 or higher and
reconcile operation is not required.
• If you are already using Common Licensing software in your computer, you must upgrade to
Common Licensing version 19.4 or higher, and run the reconcile operation to make your device
ID tolerant.

The reconcile operation is required to:

• Avoid any license issues when the device ID changes

• Run your activated licenses seamlessly and more efficiently.

Note: Perform the reconcile operation, to ensure your device ID is tolerant even if your
computer device ID is intact and not changed.

Before you begin with your reconcile operation:

• You must not use the GE products while reconciling the device ID.
• If you are not connected to GE Cloud Server, you must return the existing licenses offline
before the reconcile operation. However, if you are connected to GE Cloud Server, the existing
licenses are automatically returned when you reconcile the device ID.

Following are the steps for reconciliation of your device ID with new tolerant device ID:

1. In License Client, select View Licenses tab. The activated licenses are already mapped to 12
characters device ID.
Getting Started | 3 - Common Licensing | 46

2. Select Advanced tab, and then select View or Reconcile Tolerant Device ID.

3. Select the Confirm button to start your reconciling operation.

 Getting Started | 3 - Common Licensing | 47

Note: After the reconcile operation, the 12 characters of existing device ID will change to 36
characters.

In the View Licenses tab, you will see that your licenses are still valid and are now mapped to 36
characters device ID.
Chapter 4. SCADA Web Configuration

About CIMPLICITY SCADA Web Configuration

You can use SCADA Web Configuration to discover the address space of an OPC UA Server and
automatically create points from the address space.

You are provided with access to a web application where you can browse through the OPC UA
Servers configured in a project and create CIMPLICITY points.

Enable, Launch, and Log in to SCADA Web Configuration

Enable, Launch, and Log in to SCADA Web Configuration

Before you enable, launch, and log in to SCADA Web Configuration, perform the following steps:

1. In Workbench, create a new project or access an existing project.

2. Access the Project Properties window, select the General tab, and under Protocols, select the
OPC UA Client check box.
 Getting Started | 4 - SCADA Web Configuration | 49

3. Select OK.
4. Create a device for each OPC UA Server and configure the device.

Enable SCADA Web Configuration

To enable web configuration for a project, in Workbench, access the Project Properties window,
select the Options tab, and then select the Allow web configuration for this project check box.
Getting Started | 4 - SCADA Web Configuration | 50

Note: If you do not enable web configuration for a project as mentioned above, you can enable it
when you launch SCADA Web Config.

Launch SCADA Web Configuration

To launch SCADA Web Configuration, in Workbench, select SCADA Web Config, and double-
click the SCADA Web Config file.
 Getting Started | 4 - SCADA Web Configuration | 51

Note: If web configuration was not enabled for the project, a LaunchWebConfig window
appears, prompting you to enable web configuration for the project. Select OK.
Getting Started | 4 - SCADA Web Configuration | 52

The CIMPLICITY SCADA Web Configuration web page appears.

To view the list of OPC UA Devices that your project contains, you must log in to SCADA Web
Configuration.

Log in to SCADA Web Configuration

On the CIMPLICITY SCADA Web Configuration webpage, enter the username and password
from the project configuration, and then select Log in.

The OPC UA Device selection webpage appears.

 Getting Started | 4 - SCADA Web Configuration | 53

Select and Browse an OPC UA Device

The Select OPC UA Device list displays the list of devices that have been configured for OPC UA
Servers in your project. Select an OPC UA Device.

All the nodes in the OPC UA Device are displayed. You can browse through them.
Getting Started | 4 - SCADA Web Configuration | 54

Create SCADA Points

You can create SCADA points from the objects displayed for the selected OPC UA Device.

To create SCADA points:

1. Select the objects.

Note: To select the children of a node, right-click the node, and then select Select all
children. Alternately, to select the children of a node, you can double-click the node.

To clear the children of a node, right-click the node, and then select Clear children selection.
Alternately, to clear the children of a node, you can press and hold Alt, and double-click the
node.
2. Select Create Points.

3. (Optional) You can use the following fields to perform specific actions:
• NAME PREFIX: Enter a prefix to the name of the points that will be created.
• NUMBER OF LEVELS TO STRIP: Enter the number of levels in the namespace to be
stripped off from the beginning of the point IDs.
• SEARCH: Enter text to display point IDs that contain the entered text.
 Getting Started | 4 - SCADA Web Configuration | 55

When the project is running, if you turn on the Dynamic mode toggle key, the points that are
created will be available immediately. If you turn off the Dynamic mode toggle key, the points
that are created will become available only after the project restarts.

Note: In a redundant system, for dynamic configuration to work, the CIMPLICITY

Configuration Microservice should run as the same user with the same password configured in
the redundant pair of systems.

4. Select Create (number of points selected) Points.

The points are created, and the results are displayed.

You can view the points that were not created by filtering the results based on the icon
associated with the points.
Getting Started | 4 - SCADA Web Configuration | 56

You can filter the failed points based on the type of failure associated with each point.

Note: You can view the created points in Workbench under the Points section.
 Getting Started | 4 - SCADA Web Configuration | 57

Generate SSL Certificate to secure SCADA Web

Configuration

Generate SSL Certificate to secure SCADA Web Configuration

The SCADA Web Configuration is secured through an SSL certificate.

The SSL certificate is generated through the config_service_cert batch file, which is executed during
the CIMPLICITY installation process.

Note: When you launch SCADA Web Configuration, the browser validates the domain name
provided in the URL with the value of the USERDNSDOMAIN environment variable.

If the USERDNSDOMAIN environment variable is unavailable, the connection to SCADA Web

Configuration is not secure. To make the connection secure, replace the domain name in the URL
with the computer name.

This section provides information to help you to:

• Using an External Certificate Authority (page 58)

• Update validity of SSL Certificate (page 60)
Getting Started | 4 - SCADA Web Configuration | 58

Using an External Certificate Authority

Following are the three main steps required to get an SSL certificate from an external Certificate
Authority (CA) and use it with CIMPLICITY. Follow these steps when requesting the initial
certificate and when renewing the certificate when it expires.

1. Generate the Certificate Signing Request (CSR)

2. Send the CSR to the CA and get the resulting server SSL certificate
3. Process the SSL certificate for use in CIMPLICITY

To manually execute the batch files Generate_CSR.bat and process_server_cert.bat, the following
parameters must be known:

• InstallationPath - The path where CIMPLICITY is installed.

• ConfigServicePortNumber , UABrowseServicePortNumber, and WsmServicePortNumber - The
port numbers where micro services are running (WSM is the webspace-session-manager).
• KeyPassPhraseFilePath(optional) - The file path that contains a password that protects the
private key (without the .crt/.key extension).
• ServerCertificateName - The name of the server certificate file (without the .crt/.key extension)..

Note: The default value of ServerCertificateName is server_cert. To use a different file

name, also update the variables ssl_certificate and ssl_certificate_key in nginx.conf file with the
new values and restart the CIMPLICITYNGINX service.

• PfxPassPhrase - The password to protect the generated .pfx server certificate.

To regenerate the SSL certificate, perform the following steps:

1. Generate CSR
a. In the command prompt, navigate to the path where Generate_CSR.bat is saved.
b. Enter the following command in the command prompt.
Generate_CSR.bat <InstallationPath> <CSRCertificateName>
<PassPhraseFilePath(optional)>

Example: Generate_CSR.bat “c:\Program Files (x86)\Proficy

CIMPLICITY” server_cert

c. Optional: To secure the private key with a password, add a password to a text file and save
the file. Provide the file path in the command.
Example: Generate_CSR.bat “c:\Program Files (x86)\Proficy
CIMPLICITY” server_cert “c:\Passwords\password.txt”
 Getting Started | 4 - SCADA Web Configuration | 59

d. If the certificate signing request (.crt) file or the private key (.key) file already exists in the
specified folder, you are notified and prompted to delete the files. Select Y to delete the
existing files and create new files. Select N to exit.
e. Enter the following details:

Enter the required details Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:

Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []:

An optional company name []:

f. Press Enter. The certificate signing request (.crt) file and the private key (.key) file are
generated in the ScadaConfigPki folder in the installation path. (Example: C:\Program
Files (x86)\Proficy\Proficy CIMPLICITY\ScadaConfigPki).
2. Obtain SSL Certificate
a. Send the certificate signing request (.csr) file to an external Certificate Authority (CA),
such as VeriSign or DigiCert, and request for a CA certificate.
b. Save the certificate in the ScadaConfigPki folder.
3. Process SSL certificate
a. In the command prompt, navigate to the path where process_server_cert.bat is saved.
b. Enter the following command in the command prompt.
process_server_cert.bat <InstallationPath> <CrtFileName>
<ConfigServicePortNumber> <UABrowseServicePortNumber>
<KeyPassPhraseFilePath> <PfxPassPhrase> <WsmServicePortNumber>

Example: process_server_cert.bat “c:\Program Files (x86)\Proficy

CIMPLICITY” server_cert 4955 4956 c:\passwords\password.txt
secret-pass-phrase 4957

Where:
• <CrtFileName> is the name of the crt/key files without the .crt or .key extensions.
<KeyPassPhraseFilePath> contains the pass phrase protected the .key file. This is the
same pass phrase file used in the Generate_CSR.bat command.
• <PfxPassPhrase> is the pass phrase that will be used to protect the generated .pfx file.
This is the pass phrase itself, not a path to a pass phrase file.
Getting Started | 4 - SCADA Web Configuration | 60

• <KeyPassPhraseFilePath> contains the pass phrase protected the .key file. This is the
same pass phrase file used in the Generate_CSR.bat command.
4. Verify SSL certificate
a. Launch Scada Web Config from CIMPLICITY Workbench.
b. Select , and then select Certificate.
c. Verify the CertificateInformation. It should match with the information provided at Step 1.
process_server_cert.bat <InstallationPath> <CrtFileName>
<ConfigServicePortNumber> <UABrowseServicePortNumber>
<KeyPassPhraseFilePath> <PfxPassPhrase> <WsmServicePortNumber>

Note: If the certificate is not updated, you may have to perform the following steps and re-
launch Scada Web Config:
• Delete browser cache.
• Restart the following:
◦ CIMPLICITY Configuration Microservice
◦ OPC UA Browser Microservice
◦ Webspace Session Manager Microservice
◦ CIMPLICITY NGINX Server
• Update the proxy settings to exclude the server on which the SSL certificate is hosted.

Update validity of SSL Certificate

The default validity of an SSL certificate is 2 years.

You can update the validity of the SSL certificate by applying the following steps:

1. Access the config_service_cert batch file.

2. Update the number of days for which the SSL certificate should be valid in the following
occurrences in the batch file:
REM create the rootCA certificate
%1\OpenSSL\openssl x509 -req -sha256 -extfile %rootCfgFileName%
-days <validity period in days> -signkey %rootKeyFileName% -in
%rootCsrFileName% -out %rootCrtFileName%

REM create the server certificate

%1\OpenSSL\openssl x509 -req -sha256 -extfile %serverCfgFileName
% -days <validity period in days> -CA %rootCrtFileName% -
CAkey %rootKeyFileName% -CAserial %serverSerialFileName% -in
%serverCsrFileName% -out %serverCrtFileName%

The validity of the SSL certificate is now updated.

 Getting Started | 4 - SCADA Web Configuration | 61

Install SSL Certificate on a Viewer or Remote Machine

On CIMPLICITY Server:

1. Navigate to <Installation_Path>\Proficy\Proficy CIMPLICITY

\ScadaConfigPki.
2. Copy the root certificate CimScadaConfigRootCA.crt from CIMPLICITY server to a
Viewer/Remote machine. This is a manual step.

On Viewer/Remote Machine:

1. Right-click the certificate file copied from CIMPLICITY server, and select Install Certificate.
2. Select the Store Location as Local Machine.
3. Select Place all certificates in the following store. Select Browse, and then select Trusted
Root Certification Authorities folder.
4. Select OK, and then select Next.
5. Select Finish. The certificate is imported.

Advanced Configuration Options

Advanced Configuration Options

The default settings for the SCADA Web Configuration application is sufficient for most scenarios.

This section provides information on the following advanced configuration options for the SCADA
Web Configuration application:

• Configure SCADA Web Configuration Services (page 61)

• Configure Certificates from External Certificate Authorities for SCADA Web Configuration
(page 64)

Configure SCADA Web Configuration Services

You can configure various parameters for the SCADA Web Configuration application.

Note: The default settings of the configuration files is sufficient for most scenarios. Update the
configuration files only if absolutely necessary.

You can update the following configuration files:

Getting Started | 4 - SCADA Web Configuration | 62

• nginx.conf

• cim_config_service.json

• opcua-browse-config.json

nginx.conf
The SCADA Web Configuration application is hosted in the nginx web server. To update any
parameter for nginx web server, you must edit the nginx.conf file.

You can update the following parameters in the nginx.conf file:

• listen: Enter the port number where you want to run your server.

Note: The default port number is 9443.

• client_max_body_size: Enter the maximum size (in megabytes) of a client request that goes
through the nginx server.

Note: If this value is too low and the request is too big, a 413 Payload Too Large error
will occur. If this value is too high, it could cause out-of-memory errors in the services and
application, and could allow attackers to occupy the services for too long.

• proxy_read_timeout: Enter the maximum time that the nginx server will wait for a proxied
response to be returned.

The nginx server proxies requests from a client to the CIMPLICITY Configuration service and
the OPC UA Browse service. If a response isn't returned by the service within this amount of
time, a 404 Not Found error will occur.

Note: If this value is too low, when you browse or create points, 404 errors may occur. If
this value is too high, it may take longer for issues with services to be discovered, and could
allow attackers to occupy the services for too long.

cim_config_service.json
cim-config service is a microservice which is an intermediary between the web server
and CIMPLICITY. To update any parameter in cim_config_service, you must edit the
cim_config_service.json file.
 Getting Started | 4 - SCADA Web Configuration | 63

You can update the following parameters in the cim_config_service.json file:

• port: Enter the port number on which the cim-config service is listening.

Note: You must also update the port number for cim-config service under the reverse proxy
section of the nginx.conf file.

• maxWriteRequestObjects: Enter the number of points that can be sent in a single request for
point creation. If there are several points to create, multiple requests are sent.

Note: If this value is too high, a 413 Payload Too Large or 404 Not Found error may occur.
If this value is too low, the point creation performance will be affected.

opcua-browse-config.json
OPC UA browse service is a microservice which is an intermediary between the web server and
CIMPLICITY. To update any parameter in OPC UA browse service, you must edit the opcua-
browse-config.json file.

You can update the following parameters in the opcua-browse-config.json file:

• port: Enter the port number on which the OPC UA browse service is listening.

Note: You must also update the port number for OPC UA browse service under the reverse
proxy section of the nginx.conf file.

• maxBrowseRequestObjects: Enter the number of nodes that can be sent in a single request to
the OPC UA Browse Service and the OPC UA server when browsing the OPC UA server.

Note: If this value is too high, the 413 Payload Too Large error may occur. If this value is
too low, the browsing and point creation performance will be affected.

• maxBrowseResultObjects: Enter the number of nodes that can be sent in a single response by
the OPC UA Browse Service and the OPC UA server. If a request would return several nodes,
multiple responses with OPC UA continuation points are returned.

Note: If this value is too high, the 413 Payload Too Large error may occur. If this value is
too low, the browsing and point creation performance will be affected.

maxReadRequestObjects: Enter the number of nodes that can be sent in a single request to the
OPC UA Browse Service and the OPC UA server when reading node attributes from the OPC
UA server.
Getting Started | 4 - SCADA Web Configuration | 64

Note: If this value is too high, the 413 Payload Too Large error may occur. If this value is
too low, the browsing and point creation performance will be affected.

404 and 413 Error Workaround

If you encounter a 404 error, perform either of the following actions:

• Decrease the service limits for these parameters - maxReadRequestObjects,

maxBrowseRequestObjects, maxBrowseResultObjects, and maxWriteRequestObjects.
• Increase the proxy_read_timeout parameter in the Web\exe\conf\nginx.conf file.

If you encounter a 413 error, perform either of the following actions:

• Decrease the service limits for these parameters - maxReadRequestObjects,

maxBrowseRequestObjects, maxBrowseResultObjects, and maxWriteRequestObjects.
• Increase the client_max_body_size parameter in the Web\exe\conf\nginx.conf file.

Configure Certificates from External Certificate Authorities for SCADA

Web Configuration

You can configure certificates received from external Certificate Authorities (CA), such as VeriSign
and DigiCert for the SCADA Web Configuration application.

Ensure that the certificate received from the CA can be used as an intermediate CA for signing other
certificates.

To configure a certificate from an external CA:

1. Go to the path where CIMPLICITY is installed, and delete all the files in the ScadaConfigPki
folder.

Note: Before you delete the files in the ScadaConfigPki folder, prepare a backup of the
files.

2. Copy the <RootCertificateName>.crt and <RootCertificateName>.key files from the CA and

paste them into the ScadaConfigPki folder.
3. Access Command Prompt and enter the following command:
cd <InstallationPath>

For example:
cd C:\Program Files (x86)\Proficy\Proficy CIMPLICITY
 Getting Started | 4 - SCADA Web Configuration | 65

4. Enter the following command by specifying the RootCertificateName received from the CA:
config_service_cert.bat <InstallationPath> <ConfigServicePortNumber>
<UABrowseServicePortNumber> <RootCertificateName>
<ServerCertificateName> <passphrase>

For example:
config_service_cert.bat "C:\Program Files (x86)\Proficy\Proficy
CIMPLICITY\" 4855 4865 RootCA1 server_cert cimplicity

A server certificate and private key is generated in the ScadaConfigPki folder and replicated to
the nginx configuration folder.
5. Enter the names of the server certificate and private key in the server section of the nginx.conf
file. For exanple:
server {
………………………..
………………….
ssl_certificate server_cert.crt;
ssl_certificate_key server_cert.key
}

The external CA is now used as the root authority for the SCADA Web Configuration application.