Step 1 - Log onto the EWS and Start TIA
Log on to the EWS using the following credentials:
Username: iaea
Password: iaea
After logging on to the EWS, start the Siemens Totally Integrated Automation (TIA) Portal by double-clicking the TIA Portal V13 icon on the Desktop of the EWS.
Step 2 - Open the TIA Project
Open the process by selecting IAEA_PROCESS in the Open Project Window and then click the Open button.
Step 3 - Connect to the PLC
Click the Online & Diagnostics tab on the left side of the TIA screen. Wait a moment for the screen to update, and then double-click on the PLC_1 icon found in the center of the screen.
The display should change to the screen below. This screen displays the online status of EWS/PLC communications. The EWS is now receiving real-time values from the PLC.
Notice that all the Input/Output (I/O) tags on the right of the screen have green checkmarks by them. This means that the EWS is properly connected to the PLC and receiving real-time values.
Step 4 - Simulate the HMI
Start a local runtime Human Machine Interface (HMI) screen on the EWS. Select Portal view (lower left corner of the window), and at the main menu of the TIA portal, click the Visualization tab on the left side of the screen. Wait a moment for the screen to update and then select the Simulate Device button. Press the Simulate Runtime bullet on the right side of the screen then the Simulate runtime button. It will take a minute to start the simulation runtime and generate the HMI display.
Interact with the process by clicking on the various buttons found on the HMI screen. You can do this on either the EWS runtime or directly on the HMI touch screen panel.
Questions
Q1: What different actions can you take when using the HMI? What pump(s) can you start or stop? Are you able to manipulate the output valve?
Q2: Can you fill the tank faster than it can be drained? Can you drain the tank faster than it can be filled? What (percentage) value do you need to set on the output valve to keep the tank filling and draining at the same rate?
Q3: What happens when you press the E-STOP button on the HMI screen? Are you able to operate any part of the control system with the E-STOP activated?
Q4: Does the system work equally well from the HMI runtime on the EWS compared to the HMI touch screen? Are there differences? If so, what are they?
Q5: Press the button that is located on the back (near the bottom) of the I&C case. What effect does this have on the system? Make sure to press the button again to ensure the system works properly.
Step 5 - Run I&C Exercise 1
Open the Firefox browser and click on the Automated Lab Exercise bookmark. The Automated Lab Exercise Web Server is located at http://192.168.0.200. Click the Continue button and then click the Instrumentation & Control icon link. Click on the I&C Exercise 1 icon link. While watching the EWS screen, press the Run Exercise button. Do not log back into the EWS until the next step!
Question
Q6: Pause and think about what happened when the button was pressed. Why was the EWS screen locked? Is there any information given to you on the lock screen?
Step 6 - Log back into the EWS
Log back into the EWS using the same credentials as before – username ‘iaea’ and password ‘iaea’.
Question
Q7: What has changed? What do you think may have happened? How did the calculator get started? Who started the calculator application?
Hint: You can check the running process on the computer using the Task Manager. This will display the running processes and applications along with information about who started the process. You can start the Task Manager by right-clicking the taskbar and selecting Start Task Manager or by pressing [Ctrl + shift + Esc] .
Step 7 - Review Event Logs
On the EWS, review the event log information by building a Microsoft Management Console (MMC):
Press the [Windows Key + R] , and run the following command: mmc.exe . When asked if you want to allow the program to make changes to this computer, click Yes .
Add a Snap-in to view the Windows Logging information. Do this by clicking File , Add/Remove Snap-In… or pressing [Ctrl+M] .
In the list of Available snap-ins, select Event Viewer and click the Add button in the middle of the dialogue.
When the Select Computer dialogue opens, ensure the Local Computer radio-button is selected and then click OK .
Now click the OK button to close the Add/Remove Snap-ins dialogue box.
The MMC console will now have the Event Viewer (Local) available in the Console Root. Expand the Event Viewer tree and determine what information is available. Note: Some Windows Event Logs require Administrator permissions. If you are having difficulty at this time, please notify your instructor.
Questions
Q8: What information is shown in the Event Viewer? What are the limitations of the various Windows logs?
Q9: Inspect the entries in the Security logs with Event ID 4624. These are interactive logon event logs. Examine the Details of the 4624 events and note the LogonType information (Type 2 Interactive, Type 3 Network, and Type 10 RemoteInteractive). Are you able to identify any remote logon activities? If so, what was the remote IP address?
Q10: How did the User log onto the EWS remotely? Do you expect users to logon remotely?
Step 8 - Review Windows Firewall Logs
On the EWS, add the Windows Firewall Snap-in to your MMC Console by performing the same steps when you added the Windows Event Logs: click File , Add/Remove Snap-In… and then select and add the Windows Firewall snap-in.
Question
Q11: Examine the Inbound Rules of the Windows Firewall. What rules could be changed to restrict or disable Remote Desktop logon capabilities?
Step 9 - Disable Firewall Rules
Disable the Remote Desktop (TCP-In) rule in the Windows Firewall Inbound Rules. Right-click on the rule and select Disable Rule .
Question
Q12: Close the Calculator on the EWS. Attempt to run the exercise again by pressing the Run Again button for I&C Exercise 1. Was the exercise successful? What was different this time?
Additional Exercise
Alternatively, Remote Desktop can be enabled or disabled in the Control Panel. Open the Control Panel and type System in the search bar in the top right corner. Now click on the item to Allow remote access to your computer . Here you can disable or modify settings that govern Remote Desktop Access.