UMC Redundancy (User Management Component)

Jose Manuel Luque 02 Mar, 2025

PLC SIEMENS WinCC Unified WinCC Unified

UMC Redundancy (User Management Component)

Once we have configured our UMC Server, our engineering station, and our redundant WinCC Unified, the next step is the bonus :-).

We are going to configure a second UMC server, for this, we need to prepare the servers. These steps involve reconfiguring our UMC server and we must install the Network Load Balancing. This must be installed on all the servers we are going to configure

Once we have followed the wizard, we will have the application available for configuration:
Server Manager -> Tools -> Network Load Balancing Manager.

We have installed Network Load Balancing on our two servers, we have configured the servers to be on the same network, and both machines are powered on to proceed with the next steps:

We run the application and we are going to create a new cluster:
Cluster -> New Cluster

We enter the name of our primary server and follow the wizard

When defining the cluster IP address, it must be an unused IP that will be common to our entire cluster. Within the options for the cluster operation mode, select "multicast".

Here is where we must define the rules for which ports. By default, the included rule is to allow all traffic on all ports from 0 to 65535.

We now have our primary server and we are going to add our backup server. Within the cluster, we select "Add Host to Cluster".

We enter the name of our second server; however, the machine must be previously configured to be on the same network. 🙂

Just like we did with our primary server, we follow the wizard.

The image has an empty ALT attribute; its filename is UMC2RingServer-12.png

We have completed the configuration

What we have just configured is that each machine that is part of the cluster has its own IP and, in turn, shares a Virtual IP that we have defined. This functionality will balance the traffic, redirecting to the server that has a higher priority and, if it is not available, the next one will assume the role.

To verify that everything is working correctly, you should check that both servers have the configuration completed and, additionally, from a third machine, ping each one while disconnecting one and the other from the network to see if you can access correctly.

On this second server, we are going to repeat all the installation and operating system preparation steps as we described on the primary server, and what will change is the configuration, but all requirements must still be met, so follow the previous steps until the configuration moment

We run the command .\UMConf.exe -j -f

This command is to join an existing ring server
So the next response is obvious :-)

Now we need to specify our existing and online server ;-)

It will ask for the UMC Server username and password, not the operating system's; if everything is correct, we will get a warning that if we have configured Active Directory users, we have to do it here, which is not my case

After a few seconds, we will confirm the certificate between servers.

The certificates are hosted on their respective servers:

We have now configured our second server

Now we need to deploy on IIS and run the script that creates the entire architecture.

BACKUP SERVER

PRIMARY SERVER

TIPS

Install all certificates on the WinCC RT Unified Servers.
Check from the WinCC RT Unified servers that you can access via HTTPS and it is a secure connection. (Image below https://10.10.1.254/umc-idp/idpauthsite/index.html )
Use the Virtual IP, which redirects you to the operational server.
100% Recommended Use the hosts file to define names / IPs in a Windows workgroup
If you want to remove the configuration, run the command UMConf.exe -D -f

And with all these steps, everything should work perfectly :-)

Jose Manuel Luque

Industrial Automation Technician.