You should run Security Synchronizer from only one location for each set of iFIX security files you maintain. If all nodes on a company network use a shared set of iFIX security files that are stored on a file server, then only one node on the network should run Security Synchronizer to update the security configuration. If each iFIX node maintains its own set of iFIX security files, then you must run Security Synchronizer on each node in order to update the security configuration for each node.
NOTE: Actions on an iClient node that affect data in the iFIX database require that the iFIX user have the proper privileges on both the SCADA and View node; this requires that iFIX security configurations are identical on both nodes. You may want to update all iFIX security configurations using Security Synchronizer at or near the same time to keep separate security configurations synchronized with each other.
Because the Security Synchronizer runs as a background task, you must execute it from a command prompt window or use a similar method to supply command line parameters to the program.
You cannot start the Security Synchronizer by double-clicking the file in Windows Explorer because you need to supply command line parameters to start the synchronization process. This inability to launch the Synchronizer provides added security by preventing you from clicking the program icon in Explorer and initiating the synchronization process at an inappropriate time, which could lead to an incorrect security configuration.
You can, however, execute the program using an icon you create that contains the appropriate command line parameters. You can create a Windows shortcut that points to the Security Synchronizer program and supplies the command line parameters. Use the Shortcut tab of a shortcut to the SecuritySynchronizer.exe to enter the appropriate information to create your shortcut.
NOTE: The Security Synchronizer only synchronizes iFIX groups.
To run Security Synchronizer, you must:
- Install iFIX on the computer that will run Security Synchronizer.
- Log the computer into the Windows domain from which user accounts will be retrieved, either the local computer domain or a global domain.
All output that results from running the Security Synchronizer is directed to the security log file. The security log file is located in the iFIX Alarm path. Optionally, these messages can be directed to the iFIX alarm destinations as text messages. Refer to Using the Command Line for more information.
The following figure shows typical messages written to the security log file while the Security Synchronizer runs. In this example, several users, such as FBROWN and OPERATOR1, configured to use the domain2 domain in the Windows Security configuration, are added to the iFIX security configuration.
Security Log/Audit Trail
You cannot run the iFIX Security Configuration program and the Security Synchronizer at the same time. The system prevents the two from running simultaneously, which prevents one program from overwriting changes that the other program is currently trying to make to the security files.
To determine if the Security Synchronizer has completed, you can:
- Check the alarm destinations or security log file for a message indicating this state. An alarm destination can be the alarm history, alarm file, or alarm printers.
- Use the Completion Status tag command line parameter.
