Once WinCC Unified Redundancy has been tested without the configuration of UMC, the next step is its configuration and operation.
I have based this on the following documentation for its configuration and in the installation manual itself.
We start by preparing the Operating System with the following roles and features.
Install the Web Server Role (IIS) with the following features.
We download and install the following components: URL Rewrite and Application Request Routing.
We have now configured and have our (IIS) running by default with HTTP.
The next step is to configure a certificate to work with HTTPS and this is where we have innovated. The Siemens manual explains how to do this with the open-source software XCA, but...
Siemens in WinCC & WinCC Unified has the application to generate CA certificates and it works correctly, so why isn’t there one for the configuration of UMC?
From the installation of WinCC RT Unified, I have taken the following files that are necessary for the application to work correctly without any additional dependencies as you can see in the following image.
We run the application and we are going to generate our certificate, we follow the steps and for more detail you can see the article with WinCC Web Navigator.
We now have the certificate we just created and installed.
The next step is to assign it to our (ISS) when we are configuring HTTPS.
For this, we select Default Web Site -> Bindings ... (It appears on the right side).
We leave only the HTTPS protocol and remove the HTTP entry.
We have now correctly configured and running our first step :-)
The next step is the installation and configuration of UMC.
The software we need to install is on DVD2 of the corresponding TIA Portal V.x, in my case TIA Portal V20, which you can download here.
Once as administrator we will follow the next steps:
We go to the installation directory and run UMConf.exe.
The first thing we need to define is the name we will designate as UM domain name.
Note: This does not refer to your Active Directory domain if you are working on it.
The next step is to define the administrator user of our UMC.
Note: It does not have to be a Windows user.
The next step is to create a user and password to run the service, this one must be a Windows user; you can use NT SERVICE\UMC Service, this does not require a password.
And finally, if you are in a domain and want to access Active Directory, in this last step you will select [y], in our case [n].
And with those steps, we have finished configuring the UMC.
The next step is the deployment in IIS of the entire architecture and structure; for this, we run the following script, and if you observe the IIS, you will see how it has been generated.
And we have finished configuring it :-)
The next step is to log in and manage our UMC.
The next step is to link the UMC to our TIA Portal in the next article.