Domain Controller Redundancy
For applications consisting of or expanding to more than 10 FactoryTalk computers, it is
recommended to use a Windows Domain and have at least two Domain Controllers
configured for redundancy and high availability on the same network segment as the
FactoryTalk System. When used in a domain environment, FactoryTalk View SE requires
that a Domain Controller always be available, or performance degradation will eventually
occur.
FactoryTalk Services in a distributed environment depend on 3 critical functions to operate:
Name Resolution, Time Synchronization and Authentication. If any of these three
functions are unavailable or performing poorly then the entire distributed system will be
adversely impacted. A Windows domain may be utilized to provide these functions in a
centralized and secure manner but should be implemented in a fashion to guarantee
performance and resiliency.
Authentication:
Authentication in a Windows domain environment is centralized and performed by a
domain controller. This authentication utilizes Kerberos. A Kerberos ticket has a default
maximum lifetime of 600 minutes in a Windows domain environment. Tickets are only
needed when authenticating new connections with servers. Ongoing connections are
not impacted by expiring tickets. In a trusted domain environment, the Kerberos ticket
for access to a resource in a different domain is generated at the local domain
controller (which communicates with the remote domain controller) and then passed to
the remote domain controller that is hosting the resource the user wants access to. As
part of its security, it is required that all clocks within the system be synchronized
within 5 minutes or Kerberos authentications will begin to fail.
Windows domains may also be utilized to provide additional centralized services beyond
these core services which also may adversely impact application performance if
domain controller(s) are not available or performing poorly. If a domain becomes unable
to provide its services, FactoryTalk components will begin to fail over time (e.g., wire
frames, slow screen updates, slow screen navigation, complete system failure) depending
on the configuration of timeouts for these domain functions.
A Windows workgroup environment may be used in lieu of a Windows domain with the
following considerations:
1.
If a locally scoped DNS server is not available, it is recommended to implement
static IP addressing along with hosts files across all machines in the distributed
environment for name resolution.
2. To synchronize the clocks of all machines in the distributed environment, it is
recommended that an external NTP server is made accessible to at least one
machine, then that machine is configured to sync to this external NTP server and
have its own NTP server enabled, and lastly, all other machines are configured to use
the local NTP server to synchronize their time from. By default, in a non-domain
environment, individual machines may attempt to synchronize with
time.windows.com which may not be accessible or desired.