Installation Information
- Last UpdatedJul 21, 2025
- 7 minute read
If you are not familiar with Plant SCADA, the following topics include information you need to know about the installation process and some specific requirements.
Plant SCADA supports two different software licensing models:
-
Sentinel Licensing
Sentinel Licensing uses physical USB keys that plug in to each computer in your Plant SCADA system.
To use Sentinel Licensing, you need to install the Sentinel USB Driver. It can be selected for installation via the Extensions branch of the products/components page of the Plant SCADA installer.
-
AVEVA™ Enterprise Licensing
The AVEVA™ Enterprise Licensing system is a common platform solution that allows you to manage AVEVA Enterprise Software product licenses.
The system is comprised of a browser-based License Manager and a License Server that allow you to share and deliver licenses for your installed AVEVA applications. This distributed architecture enables centralized management of activated licenses and flexible topologies to support systems of any size.
The AVEVA Enterprise Licensing system is required for Industrial Graphics applications.
In both cases, Plant SCADA uses a Dynamic Point Count to determine if your system is operating within the limitations of your license agreement. This process tallies the number of I/O device addresses being used by the runtime system.
You can run Plant SCADA without a key in demonstration (demo) mode. Demo mode lets you use every feature normally, but with runtime and I/O restrictions (15 minutes with a maximum of 50,000 real I/O, or 10 hours with a maximum of one dynamic real I/O).
Note: In Plant SCADA 2023 and 2023 R2, Schneider Electric's Floating License Manager is no longer supported. Existing users of the Floating License Manager will need to reconfigure their system to use AVEVA Enterprise Licensing.
You can only perform certain operations within Plant SCADA's engineering and runtime environments with relevant permissions. A page in Configurator allows you to grant these permissions to local and domain user groups.
Plant SCADA creates a set of security roles and local Windows user groups on a computer during installation. By default the local Windows user groups are associated with these security roles as members. Each role provides a different level of access to features, applications and project resources.
If you are installing Plant SCADA on a clean computer (one that has not hosted an earlier version), the following security roles and local Windows user groups will be created and mapped as follows:
|
Security Role |
Windows User Group |
Description |
|
Configuration Users |
SCADA.ConfigUsers |
Members of this role can run configuration tools (such as Plant SCADA Studio or Computer Setup Wizard) and start the runtime display client and server processes. Note: It is recommended that members of this role only start runtime for development purposes and not in a production system environment. |
|
Runtime Users |
SCADA.RuntimeUsers |
Members of this role can run the runtime display client and make local CtAPI connections. |
|
Server Users |
SCADA.ServerUsers |
Members of this role can run Plant SCADA as a server process. If you are not running Plant SCADA as a service, add a member to this role who needs to run a Plant SCADA server (including a display client with [CtAPI]Remote enabled). |
If you choose to install Deployment Server components on a clean computer, additional security roles and local Windows user groups will be created and mapped as follows:
|
Security Role |
Windows User Group |
Description |
|
Deployment Administrators |
SCADA.DeploymentAdmins |
Members of this role can add or remove client computers to/from deployment server. They can also perform upload and deploy operations. |
|
Deployment Uploaders |
SCADA.DeploymentUploaders |
Members of this role can upload a new project version to the deployment server. |
|
Deployment Users |
SCADA.DeploymentUsers |
Members of this role can deploy a new project to a connected deployment client computer. |
If you choose to install an Industrial Graphics Server on a computer, additional security roles and local Windows user groups will be created and mapped as follows:
|
Security Role |
Windows User Group |
Description |
|
Industrial Graphics Users |
AIGUsers |
Members of this role can connect and authenticate with the Industrial Graphics Server with read-only access. Note: You should avoid adding individual users to this security role. To allow authorization in a distributed system, only add domain groups to an Industrial Graphics security role. |
|
Industrial Graphics R/W Users |
AIGUsersRW |
Members of this role can connect and authenticate with the Industrial Graphics Server. They will also be able to write to variable tags in a Plant SCADA system, provided the tags have been configured to support writes via the Write Roles property. See Enable Tag Writes for Industrial Graphics Applications. Note: You should avoid adding individual users to this security role. To allow authorization in a distributed system, only add domain groups to an Industrial Graphics security role.Members of this role can upload a new project version to the deployment server. |
If you are upgrading Plant SCADA from an earlier version, equivalent user groups will already exist on the computer. If the installer detects these existing groups, they will be retained. Only the security roles will be created and mapped to the existing local Windows user groups.
|
Security Role |
Windows User Group Name |
|
|
Clean installation |
Upgrade from earlier version |
|
|
Configuration Users |
SCADA.ConfigUsers |
Citect.Engineers |
|
Runtime Users |
SCADA.RuntimeUsers |
Citect.LocalUsers |
|
Server Users |
SCADA.ServerUsers |
Citect.ServerUsers |
|
Deployment Administrators |
SCADA.DeploymentAdmins |
Asb.Deployment.AdminRole |
|
Deployment Uploaders |
SCADA.DeploymentUploaders |
Asb.Deployment.UploadRole |
|
Deployment Users |
SCADA.DeploymentUsers |
Asb.Deployment.DeployRole |
Note: In an upgrade scenario, the Asb.Deployment.ReadRole user group is obsolete and not associated with any security role.
If required, you can use Configurator to change the associated members with these security roles (see Modify the Members of a Security Role).
Following installation, your Windows Firewall settings will need to be adjusted so that Plant SCADA and its components are included in the list of authorized programs.
Plant SCADA can automatically adjust these settings for you. If Windows Firewall is operational on a computer, the installer will display a Firewall page. To allow Plant SCADA to adjust these setting for you, select Yes, please modify Windows Firewall settings.
This will add the following applications to the list of authorized programs.
|
Name |
Program |
Local Port |
|---|---|---|
|
Citect SCADA Runtime (x64) |
C:\Program Files (x86)\AVEVA Plant SCADA\Bin\Bin (x64)\Citect.exe |
All ports |
|
Plant SCADA Runtime |
C:\Program Files (x86)\AVEVA Plant SCADA\Bin\Citect32.exe |
All ports |
|
Configurator |
C:\Program Files (x86)\Common Files\ArchestrA\configurator.exe |
All ports |
|
Configurator 443 |
All programs |
443 |
|
Configurator 80 |
All programs |
80 |
|
LicenseServerPort |
All programs |
55555 |
|
LicenseServerAgentPort |
All programs |
59200 |
If during installation you select No, I will modify Windows Firewall settings later, you will need to manually configure an Inbound Rule for these components in Windows Firewall Advanced Settings (if they do not already exist).
See the topic Firewall Settings and Plant SCADA in the Runtime section of the Plant SCADA documentation.
Note: Plant SCADA networking and redundancy needs the option "Plant SCADA Runtime" to communicate through a Windows Firewall.
Plant SCADA communicates with I/O devices such as PLCs, loop controllers, bar code readers, scientific analyzers, remote terminal units (RTUs), and distributed control systems (DCS). This communication takes place with each device through the implementation of a communications driver.
The installation process allows you to select from a set of individual drivers that are specific to your system and its I/O devices. There are also certain drivers that are necessary for Plant SCADA to function correctly. These will be installed automatically.
Note: With the release of Plant SCADA 2020 R2, a classification system for the driver portfolio was introduced to indicate the level of ongoing maintenance that customers can reasonably expect for each driver. In line with these classifications, the number of drivers included by default with the Plant SCADA installation media has been reduced to a set of ‘core’ drivers that have undergone recent updates. All other drivers continue to be available for download from the Products page at the AVEVA™ Knowledge & Support Center located at https://softwaresupport.aveva.com/.
The Plant SCADA installer allows you to install a copy of Schneider Electric's OPC Factory Server.
Based on the OPC protocol, OPC Factory Server enables Windows-based OPC client applications to communicate with a range of Schneider Electric's PLCs.
Fore more information, see Install OPC Factory Server.
If a computer uses an anti-virus software product, you need to be aware of the following implications for a Plant SCADA installation.
|
|
|
SYSTEM PERFORMANCE DEGRADATION The "on access" scan in anti-virus products can lock files used by Plant SCADA, usually having the effect of slowing Plant SCADA down whilst it waits for the scan of that file to finish. Failure to follow these instructions can result in death, serious injury, or equipment damage. |
|
|
|
INOPERABLE SYSTEM OR LOSS OF DATA In some extreme cases, anti-virus software may (incorrectly) detect certain patterns within data files as being viruses. Depending on the anti-virus configuration, this may result in files being relocated or deleted, resulting in data being lost or the system being inoperable. Failure to follow these instructions can result in injury or equipment damage.
|
It is recommended that the following directories are excluded from scanning by any anti-virus products:
-
Program Files installation directory (including files and sub directories)
-
Data and Logs directories
-
Any alarm server archive paths.
The above exclusions are recommended for "on access" or "real time" scans that run continuously and scan each file that is read from or written to.
After you have completed the installation and configuration of Plant SCADA and deployed it as your production system, it is recommended that you keep your software up to date.
AVEVA will periodically publish software updates for Plant SCADA and advisories relating to safety, security and functionality. These are available from the Products page of the AVEVA™ Knowledge & Support Center website at https://softwaresupport.aveva.com. We especially recommend that you nominate a person in your organization to refer, and subscribe, to the RSS feeds for Safety and Security, as well as the latest articles on the web site.
You can run components of your Plant SCADA system in a virtual environment. The following virtualization environments are supported:
-
Microsoft Hyper-V: based on the version of Windows.
-
VMware Workstation: basic virtualization without High Availability and Disaster Recovery.
-
VMware vSphere.