Client/Server and Multi-User in FIM - Field Information Manager | ABB - Basic Concept of ABB Field Information Manager - FIM Software (Learning Center for ABB Field Information Manager - FIM Software

Client/Server and Multi-User

ABB Field Information Manager Learning Center

Field Information Manager supports various different use cases from standalone to client/server applications to enable multiple users to work on the same project.

The Field Information Manager Server runs on a central node and takes care of e.g. devices and datasets, device packages and other tool data.

The Field Information Manager Client is started on a client node, connects to a server and provides the user interface to that data. It can be started multiple times on the same node, e.g. to connect to different servers or allow multiple logged-in users to work in parallel.

Note:
For standalone applications, Field Information Manager Server and Client are both installed on the same machine and behave like one application.

Connection of Field Information Manager Client to Server

A Field Information Manager Client always requires a connection to an active server in order to start up.

This connection is established according to the following scheme:

If there is already a configured Field Information Manager Server for the current user, then Field Information Manager Client connects to this automatically.
Note: A selection dialog is opened at startup if multiple Field Information Manager Servers are defined for the client.
If there is no configured Field Information Manager Server yet, then Field Information Manager Client checks for a local server on the same machine and connects to this automatically.
If there is neither an already configured nor a local Field Information Manager Server, then Field Information Manager Client asks for connection details at startup.

Note:
Standalone applications start up without any configuration dialog.
Client/Server applications are only configured once at first startup.

Client/Server Settings

All information about client/server architecture, certificates and related settings are handled in Tools Menu - OPTIONS - CLIENT/SERVER SETTINGS.

Connections
All information about Field Information Manager Servers and connected clients of various types is available in the tab card "Connections".
The currently used Field Information Manager Server is listed with its connection information and is displayed as highlighted. New servers can be added to the list, e.g. to connect to other servers from the same client node. Existing server entries can be edited or deleted.
Connected clients are listed with their connection information like name/address, user name and user role.

Note:
A connected client can be disconnected manually by a user with user role "Full
Access".
The user must authorize the action by entering the correct user password as all active processes of this client will be terminated and any pending changes will be lost.

Trusted Certificates
A list of all trusted certificates is available in the tab card "Trusted Certificates".
New trusted certificates can be added with a specified name to identify the origin of the certificate.
Already listed certificates can be selected and deleted from the list if not needed anymore.

Own Certificate
The tool certificate of Field Information Manager is available in the tab card "Own Certificate".
The current tool certificate can be replaced by a new one if needed.
In addition, the own certificate can be exported to a specified file location to use it for the certificate exchange with e.g. connectivities or OPC UA clients.

Synchronization with Field Information Manager Server

Field Information Manager Server is the central storage for all data related to devices, datasets and device packages.

Actions performed via a connected Field Information Manager Client are synchronized by the server among all other clients.

Import of files (e.g. license file, device packages, datasets, etc.) are done via a connected Field Information Manager Client and are then also available for all other clients.

Note:
Certain operations (e.g. changing to another project) are only possible with one connected Field Information Manager Client.
These actions are blocked with a dialog informing about other connected clients which must be disconnected first before trying to start the operation again.

Multi-User

Multiple Field Information Manager Clients can work on one project at the same time.

A device is reserved automatically whenever it is accessed by the user (e.g. by opening a device view). The Configuration View provides information about the current reservation status of devices in the column "RESERVED BY".

An existing reservation prevents other users from accessing the device.

Reserved Device with Notify Option

The reserved device is released automatically when the access (e.g. an open device view) is closed. This allows other users to access the device again.

Other users can also activate a notification to get informed automatically when the reserved device was released. This notification is added in the Info Center and the Show button allows a quick navigation to the corresponding device.

In case of a bulk selection, the blocked context menu shows the number of reserved devices within the selection. Enabled notifications for a bulk selection generate a notification for each of the reserved devices when they were released.

Setup of Field Information Manager Server for Domains

The Field Information Manager Server can operate in an Active Directory environment which must be prepared according to the instructions in this chapter before starting the Field Information Manager Installer.

Note:
This description includes external links which are not maintained by ABB.
The external websites should be a reference to support in the configuration process.

Note:
Many powershell commands do not provide feedback if they were successful.
Please continue with the instructions if no feedback is displayed after sending a command.
Errors are indicated with a corresponding message.

Introduction:
Some parts of the setup require Active Directory domain administrator privileges and must be executed on the domain controller. Other parts require local administrator privileges on the machine that will run the Field Information Manager Server which can be a Windows Workstation or Windows Server Operating System. Both machines require a powershell console and the powershell module named ActiveDirectory. Use the following command to check if the module is available on the machine:
Get-Module -ListAvailable -Name ActiveDirectory
For Windows Server and Windows Workstation Operating Systems, different steps are necessary to install this module. For Windows 10 and later operating systems, install the Remote Server Administration Tools which can be found on the Microsoft website:
https://www.microsoft.com/en-us/download/details.aspx?id=45520
For Windows Server Operating Systems, the module is installed as a feature via the server (Remote Administration Tools \ Role Administration Tools \ AD DS and AD LDS Tools \ Active Directory module for Windows PowerShell).

Preparation of Key Distribution Service (KDS)
To support authentication of Active Directory users, Field Information Manager must be configured to operate as a Managed Service Account (MSA) which is described on the Microsoft website:
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-service-accounts#standalone-managed-service-accounts
Managed Service Accounts synchronize passwords using the Key Distribution Service (KDS). Follow the steps in this chapter on the domain controller with domain admin privileges to ensure that the KDS is running properly.

Ensure that a KDS Root Key exists.
Official documentation for creating KDS Root Keys is available on the Microsoft website: https://learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/create-the-key-distribution-services-kds-root-key
1. Use the following powershell command line to check if a root key exists:
  Get-KdsRootKey
2. If information about a key is displayed, the key has already been created.
  If no information is displayed at all, please create a new key with the following command:
  Add-KdsRootKey -EffectiveImmediately
3. Use the Get-KdsRootKey one more time to verify that the key has been created successfully.
Make sure the Microsoft Kerberos Key Distribution Service (KdsSvc) is running and configured to start.
1. Open the Services control panel (services.msc) and inspect the service mentioned above. If it is not configured to start automatically after the network is on, use the following command to change the configuration:
  sc kdssvc start/networkon

Creation of Managed Server Account (MSA)
Once the KDS is set up appropriately, the MSA can be created on any machine in the domain. However, Active Directory Admin privileges are required. Follow the steps below to create an MSA and to ensure its password can be synchronized across computers.

Determine the DNS host name of the Field Information Manager Server machine to produce the service principal name.
For server side authentication, the client must specify a service principal name (SPN) that is assigned to the user account running Field Information Manager Server. The client user does not need to provide this name; it is calculated from the server's DNS name. To enable this, the server must assign an SPN according to a special pattern that is described here.
1. Use the following powershell command from the DnsClient module to determine the DNS Name of the server computer (assuming the server computer name is MyFIMServerComputer - choose an appropriate other name instead):
  resolve-dnsname MyFIMServerComputer
2. To determine the service principal name, add the postfix /FimServer to the DNS name that is displayed.
  Example: If the DNS name displayed by the command is MyFIMServerComputer.MyDomain, the SPN is MyFIMServerComputer.MyDomain/FimServer.
Create a standalone Managed Service Account (sMSA).
1. Choose a name for the Field Information Manager Server user. The following powershell command creates a standalone managed service account named FimServer1 (assuming the SPN determined earlier is MyFIMServerComputer.MyDomain/FimServer):
  New-ADServiceAccount -Name FimServer1 -RestrictToSingleComputer -ServicePrincipalNames MyFIMServerComputer.MyDomain/FimServer
2. Notice that the argument -ServicePrincipalNames creates a service principal name with the provided name and assigns it to the new MSA.
Assign the standalone Managed Service Account to the Field Information Manager
Server machine.
1. A standalone managed service account can only be used on a single computer in the domain. Use the following command to store the identity of the server computer in a variable (assuming the server machine name is FimServer1):
  $FimServerComputer = Get-ADComputer -identity MyFIMServerComputer
2. Use the following command to assign the the managed service account to machine with the identity defined above (assuming the service account was named FimServer1):
  Add-ADComputerServiceAccount -Identity $FimServerComputer -ServiceAccount FimServer1

Installation of Field Information Manager Server with Service Account
Now that the MSA is created, further steps need to be performed on the machine where Field Information Manager Server shall be installed. Executing these steps requires local administrator privileges on the target machine.

Note:
The powershell module named ActiveDirectory is required on the target machine for the next steps. Please ensure that it is installed and available as described in section "Introduction".

Make the MSA available on the target machine using the powershell following command (assuming the name of the MSA installed above is FimServer1):
Install-ADServiceAccount -Identity FimServer1
Check if the service account is installed correctly by executing the following command:
Test-ADServiceAccount FimServer1
If the output of this command is true everything works as expected.
Start Field Information Manager Installer on the machine which you have assigned to the service account in the previous step.
1. Select profile "Server" in the Welcome View.
2. Select "Active Directory" in the section "Authentication Method of Field Information Manager Server".
3. Enter the domain qualified name of Managed Service Account followed by a dollar character, e.g.: MyDomain\FIMServer1$
  
  Note:
  The dollar character "$" at the end is mandatory for a successful installation.

Basic Concept

Navigation

FIM Homepage

General information about Field Information Manager

Free trial software

Download free trial Field Information Manager software

License ordering

Field Information Manager editions, connectivity options, license ordering

Connectivities

Supported Local and Remote Connectivities

Learning Center

Learn the Field Information Manager with FAQs, Instructions and Videos

Contact us

Submit your inquiry and we will contact you
Contact us
Find a channel partner

Quickly find an ABB channel partner
Find a channel partner

Select region / language

Europe
Americas
Middle East and Africa
Asia and Oceania

Global - English
Austria - German
Belgium - Dutch | French
Bulgaria - Bulgarian
Croatia - Croatian
Czech Republic - Czech
Denmark - Danish
Estonia - Estonian
Finland - Finnish
France - French
Germany - German
Greece - Greek
Hungary - Hungarian
Ireland - English
Italy - Italian
Latvia - Latvian
Lithuania - Lithuanian
Luxembourg - French
Netherlands - Dutch
Norway - Norwegian
Poland - Polish
Portugal - Portuguese
Romania - Romanian
Russia - Russian
Serbia - Serbian
Slovakia - Slovakian
Slovenia - Slovenian
Spain - Spanish
Sweden - Swedish
Switzerland - French | German | Italian
Turkiye - Turkish
United Kingdom - English

Global - English
Argentina - Spanish
Aruba - Spanish
Bolivia - Spanish
Brazil - Portuguese
Canada - English | French
Chile - Spanish
Colombia - Spanish
Costa Rica - Spanish
Dominican Republic - Spanish
Ecuador - Spanish
El Salvador - Spanish
Guatemala - Spanish
Honduras - Spanish
Mexico - Spanish
Panama - Spanish
Peru - Spanish
Puerto Rico - Spanish
United States of America - English
Uruguay - Spanish

Global - English
Algeria - English | French
Angola - English | French
Bahrain - English | French
Botswana - English | French
Cameroon - English | French
Côte d'Ivoire - English | French
Egypt - English | French
Ghana - English | French
Israel - Hebrew
Jordan - English
Kenya - English | French
Kuwait - English
Lebanon - English
Madagascar - English | French
Mali - English | French
Mauritius - English | French
Morocco - English | French
Namibia - English | French
Nigeria - English | French
Oman - English
Pakistan - English
Palestine - English
Qatar - English
Saudi Arabia - English
Senegal - English | French
South Africa - English
Tanzania - English | French
Tunisia - English | French
Uganda - English | French
United Arab Emirates - English
Zambia - English | French
Zimbabwe - English | French

Global - English
Australia - English
Bangladesh - English
China - Chinese | English
India - English
Indonesia - English
Japan - Japanese
Kazakhstan - Russian
Malaysia - English
Mongolia - Mongolian | English
New Zealand - English
Philippines - English
Singapore - English
South Korea - Korean
Sri Lanka - English
Taiwan (Chinese Taipei) - Chinese - Traditional
Thailand - English
Vietnam - English

abb.com privacy settings

Our website uses cookies which are necessary for running the website and for providing the services you request. We would also like to set the following optional cookies on your device. You can change these settings any time later by clicking "Change cookie settings" at the bottom of any page. For more information, please read our privacy notice.

Analytics

We collect statistics to understand how many visitors we have, how our visitors interact with the site and how we can improve it. The collected data does not directly identify anyone.

Preferences

We store choices you have made so that they are remembered across visits in order to provide you a more personalized experience.

Advertising and tracking

Your browsing behavior is tracked across websites by advertising and social network service providers. You may see tailored advertising and content on other websites based on your browsing profile.

Show details

Hide details

privacy notice.

Accept selected

Refuse all

Accept all