myBOX - mySCADA Technologies · PDF fileRestore from Backup ... Upload Speed 5.76Mbps...
52
myBOX User Manual Version JAN 2016 www.myscada.org ©mySCADA Technologies s.r.o. 2016
Transcript of myBOX - mySCADA Technologies · PDF fileRestore from Backup ... Upload Speed 5.76Mbps...
myBOX
UserManual VersionJAN2016
www.myscada.org ©mySCADATechnologiess.r.o.2016
2
SAFETYPRECAUTIONS
1. PLEASECHANGETHEDEFAULTPASSWORDBEFOREUSINGTHEDEVICEINAPRODUCTIONENVIRONMENTASNOTDOINGSOMAYRESULTINASYSTEMINTRUSIONANDANYPERSONCOULDEASILYGAINAFULLACCESSTOTHECONTROLLEDTECHNOLOGY!!!
2. USEINTEGRATEDFIREWALLTOBLOCKALLSERVICESYOUDONOTNEEDTOACCESS.
3
TableofContents
GeneralInformation.............................................................................................................................5
1. HardwareOverview.......................................................................................................................6HardwareFeatures......................................................................................................................................................................................6TechnicalSpecifications.............................................................................................................................................................................7Dimensions...................................................................................................................................................................................................10
2. InstallingYourDevice..................................................................................................................11MountingtheDevice.................................................................................................................................................................................12PowerWiringandDeviceStart-Up....................................................................................................................................................12GettingOnlineHelpfrommySCADA.................................................................................................................................................13ResettoDefaultSettings.........................................................................................................................................................................13
3. CommunicationConnections.......................................................................................................14ConnectingtoNetworksviaEthernetInterface...........................................................................................................................15ConnectingtoNetworksviaRS-232/485Interface...................................................................................................................17UsingtheRS-232Interface....................................................................................................................................................................17UsingtheRS-485Interface....................................................................................................................................................................19ConnectingtoNetworksviaWireless3GInterface....................................................................................................................20AccessPointModewithWirelessWi-FiIntegratedCard.........................................................................................................21
4. GraphicalUserInterface..............................................................................................................22MainScreen-SCADA/HMIViews,Trends&Alarms.................................................................................................................22VisualizationViews...................................................................................................................................................................................23Trends.............................................................................................................................................................................................................24Alarms.............................................................................................................................................................................................................27Data-LogViews...........................................................................................................................................................................................30
5. AdministrationLevel....................................................................................................................33MyAccount...................................................................................................................................................................................................33System............................................................................................................................................................................................................33Date&Time..................................................................................................................................................................................................33NTP...................................................................................................................................................................................................................33SMTP...............................................................................................................................................................................................................34SendInfoEmailAfterBoot....................................................................................................................................................................34SMS...................................................................................................................................................................................................................35Language........................................................................................................................................................................................................35Update.............................................................................................................................................................................................................35Backup............................................................................................................................................................................................................36RestorefromBackup................................................................................................................................................................................37Status...............................................................................................................................................................................................................37Reboot.............................................................................................................................................................................................................39Network.........................................................................................................................................................................................................39NETWORKMODE......................................................................................................................................................................................39LAN/WAN...................................................................................................................................................................................................40Name server.................................................................................................................................................................................................413GModem.....................................................................................................................................................................................................41Use3GasInternetBack-up...................................................................................................................................................................42DHCPServer.................................................................................................................................................................................................42NAT/Routers.............................................................................................................................................................................................43
4
Firewall..........................................................................................................................................................................................................43DDNS...............................................................................................................................................................................................................44PPTP................................................................................................................................................................................................................44CiscoVPN......................................................................................................................................................................................................45OPENVPN.....................................................................................................................................................................................................46IPSec................................................................................................................................................................................................................48Ping..................................................................................................................................................................................................................49Status...............................................................................................................................................................................................................49Logout.............................................................................................................................................................................................................50
6. AppendixA–TerminationandBiasinganRS-485Network...........................................................51
7. AppendixB–ListofsupportedwebbrowsersfortheGUI...........................................................52
5
GeneralInformation
PurposeofThisManual
ThismanualisareferenceguideformyBOXdevicewhosepurposeisto:
• explainhowtoinstallandwireyourdevice
• giveyouanoverviewofthedevicesystem
• explainhowtosetupallnecessarysettingsofthedeviceforacorrectoperation
WhoShouldUseThisManual
Usethismanualifyouareresponsiblefordesigning,installing,programmingortroubleshootingcontrolsystems
usingthisdevice.Youshouldhaveabasicunderstandingofelectricalcircuitryandfamiliaritywiththerelaylogic.
Important:IFYOUDONOTHAVETHISNECESSARYKNOWLEDGE,PLEASEOBTAINANAPPROPRIATETRAININGBEFOREUSINGTHEPRODUCT!
ImportantInformation
Theexamplesanddiagramsinthismanualareincludedsolelyforillustrativepurposes.InnoeventwillmySCADA
Technologiess.r.o.beresponsibleorliableforindirectorconsequentialdamagesresultingfromtheuseor
applicationofthisequipment.Reproductionofthecontentsinthismanual,inwholeorinpart,withoutwritten
permissionofmySCADATechnologiess.r.o.,isprohibited.mySCADATechnologiess.r.o.reservestherightto
changethismanualatanytimewithoutanotification.
Copyright–©2016mySCADATechnologiess.r.o.
Trademark–thenamesusedforidentificationareallregisteredtrademarksoftheirrespectivecompanies.
GettingHelp
Fortechnicalsupport,pleasevisitSUPPORTsectiononourwebsitehttp://www.myscada.org,whereyoucan
submitaticket.
Youcanalsosendusanemailtosupport@myscada.org.Pleasedonotforgettowritetheproductnameasthe
emailsubjectandprovideasmuchinformationaspossible,sowecanbestassistyou.
Itisalwayspossibletoviewthismanualbyclickingon icon,whichislocatedintheupperrightcornerofthe
device’suserinterface(descibedlaterinthemanual).Itisstronglyrecommendedtohavethismanualprintedout
andkeptwithinreachofmaintanancestaffpersonnel.
Warranty
AllproductsmanufacturedbymySCADATechnologiess.r.o.™areunderwarranty,regardingdefectivematerials
foraperiodofoneyearfromthedateofdeliverytotheoriginalpurchaser.
6
HardwareOverview
HardwareFeatures
Thehardwarefeaturesofthedeviceareshowninthepicturesbelow:
Feature Description
1 Port1(optionalEthernetportorRS-232/RS-485ports)
2 Port2(optionalEthernetportorRS-232/RS-485ports)
3 MicroSDcardslot
4 SIMcardcompartment
5 Ethernetport
6 Reset/Switch-offpinhole
7 StatusLEDindicators
8 Powersupplysocket
9 Wi-FiantennaconnectorSMA(onlyforWi-Fiversion)
10 GPSantennaconnectorSMA(onlyfor3Gversion)
11 GSMantennaconnectorSMA(onlyfor3Gversion)
1 2 3 4 5 6 7 8
9 10 11
7
Feature Description
12 DINRailholder
TechnicalSpecifications
Parameters
Storage 1(2)GBFlashNANDMemory
OptionalSSDDrive
SDCard Yes
Ethernet10/100Mbit Upto3ports
RS-232 Upto4ports
RS-485 Upto2ports
HWWatchdog Integrated
Power 12-48VDC
Size 127x33x128mm(WxHxD)
Temperaturerange 0°to70°C
-40°to85°C(ITVersion)
-20°to70°C(ITwith3Gmodem)
12
8
Certification CE,FCC,RoHS
Ecology Highlyrecyclable,RoHS,Ultralowpowerconsumption
Networking
DHCP ClientandServer
Interface Routingandbridgingsupported
NetworkAddressTranslation(NAT) Supported
Firewall Integrated
DynamicDNS Supported
Security
VPNPPTP ClientandServer
CiscoVPN Directimportofpcffiles
IPSEC Fullsupport
WiFiModule
Type 802.11b/g
AccessPointMode Yes
No.ofsimultaneouslyconnected
clients
Max7
Frequency 2.4GHzWLAN
HWEncryption WEP,TKIP,andAES
Speed 72.2Mbpsfor20MHzchannel
150Mbpsfor40MHzchannel
Frequencyrange USA:2.400~2.483GHz
Europe:2.400~2.483GHz
Japan:2.400~2.497GHz
China:2.400~2.483GHz
Certifications CE,FCC,RoHS
3GModule
Type Quad-bandHSPA+/HSUPA/HSDPA/WCDMA
2100/1900/900/850(MHz)
9
Quad-bandGSM/GPRS/EDGE850/900/1800/1900(MHz)
DownloadSpeed 21Mbps
UploadSpeed 5.76Mbps
Certifications CE,FCC,RoHS,IC,GCF,PTCRB,CCC
GPS
Type StandaloneGPS,A-GPS,GPSExtra
Dataformat Server-SideScriptreadable–JSON
PLCProtocols
SiemensS7 S7-1200,S7-300,S7-400,…
EtherNet/IP ControlLogix,CompactLogix,Micrologix1200,Micrologix
1400,Micrologix1500,SLC500,PLC5,OmronPLCs,…
ModbusTCP Wago,Schneider,Micrologix,ABB,RTUs,…
ModbusSerial(canbeusedonanyport
RS-232andRS-485)
IPCDAS,ADAM,RTUs,…
MelsecBinary Melsec-Q,E71controllertype,3Epackets
Toyopuc Fullsupportwithhierarchy
OPCUA OPCUAclientconformingtoIEC62541.Supportofplain,
cryptedanduserlogin.
10
Dimensions
11
InstallingYourDevice
CompliancetoEUDirectives
ThisproducthastheCEmarkandisapprovedforinstallationwithintheEuropeanUnionandEEAregions.Ithas
beendesignedandtestedtomeetthefollowingdirectives:
EMCDirective
ThisproductistestedtomeetCouncilDirective89/336/EECElectromagneticCompatibility(EMC)andthe
followingstandards,inwholeorinpart,documentedinatechnicalconstructionfile:
TestStandards
• EN61000-4-2ed.2:2009�
• EN61000-4-3ed3:2006+A1+A2
• EN61000-4-4ed2:2005+A1�
• EN61000-4-5ed.2:2007�
• EN61000-4-6ed.3:2009�
• EN55022ed2:2007+A1art.6,10
RelatedStandards
• EN61326-1:2006�EN61000-6-1ed2:2007
• EN61000-6-2ed3:2006
• EN61000-6-3ed2:2007
• EN61000-6-4ed2:2007
• EN55024ed.2:2011
InstallationConsiderations
Mostapplicationsrequireinstallationinanindustrialenclosuretoreducetheeffectsofelectricalinterferenceand
environmentalexposure.Locateyourdeviceasfaraspossiblefromanypowerlines,loadlines,andothersources
ofelectricalnoise,suchashard-contactswitches,relays,andACmotordrives.
Thisproductisintendedfortheuseinanindustrialenvironment.
SafetyConsiderations
Safetyconsiderationsareanimportantelementofpropersysteminstallation.Activelythinkingaboutthesafety
ofyourselfandothers,aswellastheconditionofyourequipment,isofprimaryimportance.
PreventingExcessiveHeat
Formostapplications,normalconvectivecoolingkeepsthedevicewithinthespecifiedoperatingrange.Ensure
thatthespecifiedtemperaturerangeismaintained.Properspacingofcomponentswithinanenclosureisusually
sufficientforheatdissipation.Pleasetakeintoconsiderationthatinsomeapplicationsotherequipmentinsideor
outsideoftheenclosuremayproduceasubstantialheatamount.Inthiscase,placeblowerfansinsidethe
enclosuretoassistinaircirculationandreduce“hotspots”nearthedevice.Additionalcoolingprovisionsmight
benecessarywhenhighambienttemperaturesareencountered.
12
Donotbringinunfilteredoutsideair.Placethedeviceinanenclosuretoprotectitfromacorrosiveatmosphere.
Harmfulcontaminantsordirtcouldcauseimproperoperationordamagetothecomponents.Inextremecases,
youmayneedtouseairconditioningforprotectingthedeviceagainsttheheatbuild-upwithintheenclosure.
MountingtheDevice
Thisdeviceissuitableforuseinanindustrialenvironmentwheninstalledinaccordancetotheseinstructions.It
canbemountedverticallyorhorizontally.Youshouldprovidemin.50mm(approx.2inches)ofspaceonallsides
ofthedeviceforadequateventilation.Keepinmindtomaintainspacingfromenclosingwalls,wireways,adjacent
equipment,etc.
DINRailMounting
ThedevicecanbemountedtoEN50022-35x7.5orEN50022-35x15DINrails.Thereisnoneedforusingany
screwdriversortools.SimplyhookthetopslotovertheDINrailandthen,whilepressingthedevicedownagainst
thetopoftherail,snapthebottomofthedeviceintoposition.ToremoveyourcontrollerfromtheDINrailpress
thebottomjuttingpartoftheholder(youmayneedascrewdrivertodoso)andreleasethedevicefromtheDIN
railbycarefullypullingitupandtowardsyou.
PowerWiringandDeviceStart-Up
Beforeyouinstallandwireanydevice,makesuretodisconnecttheelectricpowerfromthesystem!Stripthe
endsofthecablesoitcouldbeslippedintothesuppliedgreenconnector(asshownonthepicturebellow).Do
notforgettocheckthecorrectpolarity!Tightentheterminalscrew,usingasmallflat-bladescrewdriver.
PLEASEKEEPINMINDTHEPOWERINPUTVOLTAGEMUSTALWAYSBE
WITHINTHERANGEOF12~48VDC!
Mounting Dismounting
1) Hook
2) Snap
1) Pull up
2) Release
13
Whenthewiresareattachedpluginthegreenconnectortothegreensocket,locatedinthebottomrightcorner
ofthefrontpanelandplugitintotheelectricalsocket.Thedeviceautomaticallystartsupandperformsthe
initializationprocess,indicatedbytheLEDstatusindicators.
GettingOnlineHelpfrommySCADA
ShouldyouneedhelpwithsettingupyourmyBOX,youarewelcometouseouronlinehelpdesk.Pleasewriteto
Priortothesetonlinehelp,pleasemakesureyourboxisconnectedtotheInternet.PressandholdtheRESET
buttonuntilSYSTEMledstartsblinking.Now,theboxshouldbesecurelyconnectedtoourmySCADAhelpdesk
throughasecureVPNserviceandmySCADAsupportteamcanaccessyourdeviceandhelpyouonline.
ResettoDefaultSettings
Ifneccessary,thedevicecanberesettothefactorysettingsbythefollowingprocedure:
1) Powertheuniton(unplugandplugthepowercord)2) WaitfortheSYSTEMledtolighton
3) PressandholdtheRESETbutton(useapapercliptodoso)4) WhentheUSERledlightson,releasetheRESETbutton
5) Nowthesystemrestoresintodefault,pleasewaitapprox.5minutesforreboot
DONOTINTERRUPTTHISPROCEDUREASTHEUNITCOULDBECOMEBLOCKED!
!!!Attention:Oncethedeviceisreset,allsaveddatastoredintheinternalmemorywillbeerased!!!
SYSTEM - system ready
MODEM/COM - modem/serial status
USER – user control LED
1 – hardware initialization
LED indicators
14
CommunicationConnections
Thisdeviceprovidesthefollowingcommunicationchannels:
• Ethernetport,RJ-45
• AdditionalEthernetport,RJ-45(2x)
• Optionalsetof2xRS-232and1xRS-485ports
Thisdevicesupportsthefollowingindustrialcommunicationprotocols:
• EtherNet/IP
• ModbusTCP
• SiemensS7(S7-300/400/1200syntax)
• MelsecQ3
• Toyopuc
• OPCUA-OPCUnifiedArchitecturedriver
• KNX
Atypicalnetworktopologyispicturedbelow:
Oncethedeviceisconnectedtoalocalareanetwork,itcanbeeasilyaccessedandconfiguredviaawebbrowser
installedonyourcomputer.AfterenteringavalidIPaddressinyourwebbrowseryouwillseetheconfiguration
interfaceofthedevice.ThedefaultIPaddressissetto:
192.168.13.20
Youneedtoenterthecorrectusernameandpasswordtoaccesstheadvancedsystemsettings.Defaultlogin
detailsare:
user name: admin
password: admin
DONOTFORGETTOCHANGETHEDEFAULTPASSWORDAFTERYOULOGINTOAVOIDANYUNAUTHORIZEDACCESSTOYOURDEVICE!!
Allcomponentsandsettingsoftheconfigurationinterfacearedescribedlaterinthismanual.
PLC/PAC
WAN
tocomputerEthernetcard
15
ConnectingtoNetworksviaEthernetInterface
TheEthernetcommunicationchannelallowsyourdevicetobeconnectedtoalocalareanetworkforvarious
devices,providing10Mbps/100Mbpstransferrate.Shielded6Ecategorytwisted-pair10/100Base-Tcableswith
RJ-45connectorsareonlysupported.ThemaximumcablelengthbetweentheEthernetportofthedeviceandthe
10/100Base-TportonanEthernetrouter/switch(withoutrepeatersorfiber)shouldbe100m(323ft).However,
inindustrialapplicationthecablelengthshouldbekepttoaminimum.
TheconnectionsaremadedirectlyfromthedevicetoanEthernetrouterorswitchvia8-wiretwisted-pair
straight-throughcables.ThefollowingEthernetsettingsaresupported(modeselectionisautomatic):
• 10Mbpshalfduplexorfullduplex
• 100Mbpshalfduplexorfullduplex
TheEthernetcablingwithstraight-throughmethodisrecommendedasbelow.
PLEASEMAKESUREYOUDONOTMAKEANINCORRECTCONNECTION!
Pin PinName CableColor
1 Tx+TransmitData Orange/White
2 Tx-TransmitData Orange
3 Rx+ReceiveData Green/White
4 Nousedby10/100Base-T Blue
5 Nousedby10/100Base-T Blue/White
6 Rx-ReceiveData Green
7 Nousedby10/100Base-T Brown/White
8 Nousedby10/100Base-T Brown
16
UsefulInformationonEthernetWiring:
ThemostcommonwiringforRJ-45cablesisthe"straight-through"cable,whichmeansthatthepin1oftheplug
ononeendisconnectedtothepin1oftheplugontheotherend.ThestraightthroughRJ-45cableiscommonly
usedforconnectingnetworkcardswithhubson10Base-Tand100Base-Txnetworks.Onnetworkcards,thepair
1-2servesasatransmitter,andthepair3-6asareceiver.Theothertwopairsarenotused.Onhubsthepair1-2
isthereceiverand3-6thetransmitter.Itmaybebesttowireyourcableswiththesamecolorsequence.Inthis
cablelayout,allpinsarewiredone-to-onetotheotherside.ThepinsontheRJ-45connectorareassignedinpairs
andeverypaircarriesonedifferentialsignal.Eachlinepairhastobetwisted.
Inasmallnetworkwithonlytwocomputerstheuseofthe"crossover"RJ-45cableisnecessary,wherethetransmittingandreceivinglinesonbothRJ-45connectorsarecrossconnected.Thecolor-codingforthecrossover
RJ-45cablehasbeendefinedintheEIA/TIA568Astandard.Inthecrossovercablelayoutyoushouldremember
thatoneendisnormalandtheotherendhasthecrossoverconfiguration.
17
ConnectingtoNetworksviaRS-232/485Interface
Notethatthischapterisapplicableonlyiftheoptional“Serialports”kithasbeenpurchasedwiththedevice.
Thekitcomprisesofthreeserialports,describedinthetablebelow:
PortName PortType Connection
COM1 RS-232 EIA/TIA-561
COM2 RS-232 Proprietary
RS-485 RS-485 Proprietary
Allthesethreeserialportsarelocatedinthe“Port1”ofthedevice(physicallyRJ-45Ethernetport).The
connectionschemeofthe“Port1”isasfollows:
RJ-45Pin PinName Description
1 GND SignalGround
2 RxD COM2Receivepin
3 TxD COM2Transmitpin
4 GND SignalGround
5 RxD COM1Receivepin
6 TxD COM1Transmitpin
7 A RS-485Aalsodenotedas(-)
8 B RS-485Balsodenotedas(+)
UsingtheRS-232Interface
COM1isroutedaccordingtoEIA/TIA-561PinLayout(serialinterfacevia8-pinconnector)whileusingonlyRx,TxandGroundpins.EveryserialdeviceconnectedtotheportCOM1musthaveaninterfacecableconformingto
EIA/TIA-561standard.OnoneendthiscablemusthaveamaleRJ-45plugandontheotherenditmusthavea
connectorfittingintoyourserialdevice.ThediagramshowsthepinconnectionsfortheCOM1conversioncable
fromRJ-45“Port1”intoregular“CANONDB-9”connector.
18
RJ-45Pin PinName CANONDB-9Pin Function
1 GND DoNotUse DoNotUse
2 RxD DoNotUse DoNotUse
3 TxD DoNotUse DoNotUse
4 GND 5 SignalGround
5 RxD 2 Receivepin
6 TxD 3 Transmitpin
7 A DoNotUse DoNotUse
8 B DoNotUse DoNotUse
COM2isusingonlyRx,TxandGroundpins.EveryserialdeviceconnectedtoportCOM1musthaveaninterface
cablethatconformstothedefinedpinout.OnoneendthiscablemusthaveamaleRJ-45plug,ontheotherendit
musthaveaconnectorthatfitsintoyourserialdevice.ThediagramshowsthepinconnectionsfortheCOM2
conversioncableRJ-45“Port1”toregular“CANONDB-9”connector.
RJ-45Pin PinName CANONDB-9Pin Function
1 GND 5 SignalGround
2 RxD 2 Receivepin
3 TxD 3 Transmitpin
4 GND DoNotUse DoNotUse
5 RxD DoNotUse DoNotUse
6 TxD DoNotUse DoNotUse
7 A DoNotUse DoNotUse
8 B DoNotUse DoNotUse
19
UsingtheRS-485Interface
TheRS-485porthastri-statecapabilitiesandallowsasinglepairofwirestoshare,transmitandreceivesignalsfor
half-duplexcommunications.This"twowire"configuration(notethatanadditionalgroundconductorshouldbe
used)reducesthecablingcost.RS-485devicesmaybeinternallyorexternallyconfiguredfortwowiresystems.
RS-485portisinternallyconfiguredandthusitsimplyprovidesAandBconnections(sometimeslabeled"-"and
"+").
RJ-45Pin PinName CANONDB9Pin Function
1 GND 5 SignalGround
2 RxD DoNotUse DoNotUse
3 TxD DoNotUse DoNotUse
4 GND DoNotUse DoNotUse
5 RxD DoNotUse DoNotUse
6 TxD DoNotUse DoNotUse
7 A 3 (-)
8 B 7 (+)
AlternativelyA,BandGNDwirescanbeconnecteddirectlytothePLCordevicewithoutaneedofusingBD-9
connectorassuch.
20
ConnectingtoNetworksviaWireless3GInterface
Pleasenotethischapterisapplicableonlyfortheh3Gdeviceversions,equippedwithawirelessmodem.
Connectingyourdeviceviaamobilenetworkvirtuallyallowsforanaccessfromanywhereintheworld.Thiscan
bedoneonconditionthatfirstly,thedeviceisinstalledinanareawithamobilenetworkaccess.Secondly,the
devicehascontainsaSIMcardwithanactivemobiledataplan(contactyourlocalmobilenetworkproviderfor
moreinformation).
Thebuilt-inwirelessmodemsupportsthefollowingtechnologyformobilenetworks:
• GSM-GlobalSystemforMobileCommunications
• GPRS-GeneralPacketRadioService
• EDGE-EnhancedDataratesforGSMEvolution
• UMTS-UniversalMobileTelecommunicationsSystem,aka3G
• HSDPA/HSUPA-High-SpeedDownlink/UplinkPacketAccess,aka3G+
• LTE-a4Gmobilecommunicationsstandard
PLEASEMAKESURETHEPOWERSUPPLYTOTHEDEVICEISCOMPLETELYDISCONNECTEDBEFOREHANDLINGTHESIMCARD”
TheSIMcardcanbeinsertedintothefrontslot.
Itisrecommendedthatyouusethesuppliedaerial/antenna,howeverthanktothestandardSMAconnectoryou
mayuseanyotherGSMantennaavailableonthemarket.
Assoonasthedeviceispoweredon,theinternalwirelessmodemstartstoautomaticallyloginintoapresetAPN
(AccessPointName).Therefore,thecorrectAPNmustbesetforproperoperation–thiscanbealsodonethrough
thewebuserinterface,whichisdescribedlaterinthismanual.BydefaulttheAPNissetas“internet”.
Suppliedantenna/aerial
SIMcardslot
21
AccessPointModewithWirelessWi-FiIntegratedCard
PLEASENOTETHEFOLLOWINGINFORMATIONAPPLIESONLYTOTHEWI-FIVERSIONSOFmyBOX,WHICHAREEQUIPPEDWITHTHEWIRELESSMODEM.
myBOXcanbeequippedwithaWi-Fiaccesspointcard.Ifactivated,youcanconnecttoyourdeviceviaWi-Fi
networks.Pleasenotethatstandardprotectioncanbeappliedforsecurityreasonsandthereisamaximumof7
simultaneousconnectionsthatcanbeachieved.
22
GraphicalUserInterface
Thegraphicaluserinterface(GUI)ofthisdeviceisbasedonstandardwebpages,meaningthatanywebbrowser
installedonyourcomputer,suchasMSInternetExplorer,AppleSafari,Firefox,Chrome,etc.canviewit.Toaccess
theGUIsimplyenterthecorrectIPaddressofthedeviceintotheaddressbarinyourwebbrowser.
TheGUIisdividedintotwomainparts(levels):
1. HMI–allowsviewingHMIscreensandloggeddata(data-logsandalarms)
2. Administration–aftersuccessfullogin,variousadvancedsettingscanbesetandadjusted,suchasnetwork,VPNs,accesses,SMTP,etc.
InthischaptertheHMIlevelisdescribed,whiletheAdministrationlevelisdescribedlaterinthechapter“GUI–Admistrationlevel”.
MainScreen-SCADA/HMIViews,Trends&Alarms
CreatingavisualrepresentationofthesystemthatmyBOXshouldbemonitoringsimplifiestheproject
management.WithrespecttothecapabilityofmySCADAtocreatemimicgraphicswithanimations,observation
ofyoursystemoperationscanbedoneviaawebbrowserinstalledonyourcomputer.
Themaintoolbarislocatedintheupperpartofthemainscreenandisdividedintotheseparts:
1. Mainmenuinwhichyoucanswitchbetweenavailablevisualizationviews,trendsandactivealarmsstoredin
theparticularmyBOXunit.
2. Zoomslider–providedthereisavisualizationshowedinthewebbrowserscreen,itcanbeeasilyresizedbyslidingthezoombar.Whenaviewislarge,itispossibleto“zoomin”itinordertoseethevisualizationview
inmoredetails.Dragtheslidertothelefttozoomout(shrink),ortotherighttozoomin(enlarge).The
actuallevelofzoomisindicatedbypercent(10%to1000%).
TIP:Youcanalsozoomusingthemousescrollwheeloratrackpad.
3. Generalmenusettings–Byclickingonthemonitoricontherightcornerofthemaintoolbar,youcanlogin
intothesettingspartofthemyBOX.
Ontheleftandrightofthezoomslider,therearethreeiconswhosefunctionsaredescribedbelow:
Icon Description
Byclickingonthisiconyouwillgetgeneralinformationaboutthecurrentloaded
visualizationviewanditsassociatedtags.
AllowsloginintoHMIforregisteredusers.Dependingonthesetrights,theloggeduser
canviewHMI,writevalues,acknowledgealarmsandalsosetupadvancedconfiguration.
Users’accountscreationandmanagementisdescribedinmanualformyPROJECT
Designer.
VisualizationViews
Thepossibilitiesarevirtuallyendlesswhenitcomestochoosinghowyouwishtorepresenttheoveralldesignof
yoursystem.Simplepageelementsareincorporatedintoacompletedesignanddependingontheamountof
effortputintothefabricationoftherepresentation,averydetailedsystemimitationcanbeachieved.
SuchdetailedvisualizationscreenscanbeeasilycreatedbyapowerfulsotwaretoolmyPROJECTDesignerwhichisavailablefordownloadingatwww.myscada.orgfreeofcharge.
Oncethereisavisualizationviewshowed,youcanoperatethezoomintwooptions(thisisavailableinmenu
Mode):
Icon Description
Fittopage–aviewiszoomedtoshowitsentirecontentinthewindow
Manualsize–aviewcanberesizedusingthezoomslider
Tip:Youcanalsoeasilyresizetheviewbythemousescrollingwheel.
24
IfyoupressSHIFT+Dyoucanseedetailedinfoaboutthevisualisation.Thispagecontainsglobalinfo(suchasnumberofdefiniedtags,refreshperiod…),listofloadedtagsandlistofvariableswiththeircurrentvalues.Itmay
beusefulwhenyouaredebuggingyourproject.
Trends
Visualizationoftrendscanbevitalwhenmonitoringyoursystem.Trendsallowtagvaluestodepictcertain,
potentiallydangerouspatterns.Foracorrecttrendoperation,therecordingofthecurrentandpreviousvaluesis
needed.Thedisplayeddataareloadedfromtheinnerunitmemory.
25
Therearetwopossiblewayshowtovisualizetrends:
1. Online-dataisshownstartingfromthecurrentvalue
2. History-dataisshownfromacertainentereddate
OnlineMode:
Timerangeshowedinatrendcanbeeasilychangedinthebarbellowtheactualgraph.Dragtheslidertochange
thetimerangeshown(from1minuteupto1year)
Settingcustomtimeinterval:
Whenyouclickonatimeintervalontheright,youwillbepresentedwithadialogenablingyoutosetupcustom
timeintervalforviewing.
26
HistoryMode:
Switchtothehistorymodeisdonebyclickingonthetimericoninthelowerleftcorner.
Inthismode,youcanspecifyadaterangeinwhichdatawillbeshown-clickonadatetoset:
Byclickingontheleftandrightarrows,itispossibletochangethedateinaccordancewithanalreadysetTime
range.Clickingontheveryleftarrowwillshowfirstrecordsavailable,clickingontheveryrighticonwillshowthe
latestrecordsavailable.Again,byclickingonthetimeintervalontheright,youwillbepresentedadialog
enablingyoutosetupacustomviewingtimeinterval.
TIP:Themaximumof10000valuescanbeshowninonetrendatonetime.Ifthereismorethan10000valuesina
selectedTimerange,thesystemwillaskyoutoreducethecurrentTimerange.
27
Alarms
Thecrucialpartofmonitoringyoursystemisbeingnotifiedimmediatelywhensomethingunusualoccursi.e.tags
reachinganundesiredstatuswilltriggeralarms.Theinformationregardingthisdangerousand/orimportant
statuswillbedeliveredimmediatelytothedevicefortimelyandappropriateactionstotakeplace.
Alarmscansignalthatsomedeviceorprocesshasceasedoperatingwithinacceptable,predefinedlimits,orthey
canindicatebreakdown,wear,oraprocessmalfunction.Often,itisalsoimportanttohavearecordofthealarms
andwhethertheyhavebeenacknowledged.
Youcanalsosetanacoustingwarning,indicatingthatthealarmreacheditsseveritylevel.
OnlineAlarmsThealarmwindowallowstheoperatortoperformacompletemanagementofthetechnologyalarms.The
windowallowsyoutovisualizethealarmspresentinthetechnologyorinarestrictedareaofthetechnology.
Thealarmwindowdisplaysallthealarmsoftechnologyoronlyasetofthem,arrangedbyareasdefinedbythe
programmer.Ifnecessary,theoperatorcanselectthedesiredareabyclickingonthefilterbuttonandfillingthe
areaname.
AlarmAcknowledgement
TheoperatorcanacknowledgeHMIalarmsdisplayedinthealarmwindow.Acknowledgingthealarmsdoesnot
correcttheircauses,butindicatesthattheoperatorisawareofthem.
SortingandFilteringinrun-time
Bydefault,thealarminformationinthealarmsummaryisfirstlysortedbythedateandtime,thenbyseverityand
theareaname.
Thismeansthatalarmsarepresentedinachronologicalorderi.e.iftwoormorealarmshavethesametimeand
date,theywillbepresentedinorderofseverity;ifanyalarmshavethesametimeanddateandthesame
severity,thentheywillbesortedbytheareaname
HistoryAlarmsmySCADAengineautomaticallylogsyouralarmsintohistory.Everyalarmactionisloggedwithallrelevantdata,
suchascurrenttime(withprecisionto1millisecond).YoucanbrowsethroughthealarmhistoryintheAlarm
HistoryWindow.Asideofdirectdatabrowsing,youcanalsofilteryourdatabasedoncriteriaandexportthe
shownalarmshistoryintoMSExcel.
28
Severity
Alarmscanrangeinseverityfrom0(themostsevere)upto4byteunsignedintegervalue(theleastsevere),to
indicatedifferentlevelsofimportance.Forexample,analarmwithseverityof10mightbewarningthatatankis
halffullofliquid,whileseverityof5indicatesthatthetankisabouttooverflow.Bothalarmsmonitorthesame
tagbuthavedifferentseveritylevels.
Whenyouaresettingupthealarmseverity,youneedtospecifywhattheseveritylevelsmeanandwhatactions
theywilltrigger.Severitydeterminestheorderinwhichalarmsaredisplayedinthealarmbanner.
AlarmAreas
Thealarmscanbegroupedintodifferentareassothattheycanbedisplayedinthealarmwindow,basedonthe
areatheybelongto.Thismaybehelpfulfordividingthealarmsbytheplantzonestheycomefrom.
Message
Thealarmmessagesreportinformationaboutalarms.
Device
Youcandefinemultiplealarmsforasingledevice.Inthelivealarmvieworduringbrowsingofthealarmhistory
youcanfilteryourdata,basedonadevicevalue.
ChangingDate&Time
Tochangethedateorintervalsofshownresults,usethebottomtimetoolbar.
Youcanspecifythedaterangeinwhichdatawillbeshown-clickonthedatetoset:
29
Byclickingontheleftandrightarrows,itispossibletochangethedateinaccordancewithalreadysetTime
range.Clickingontheveryleftarrowwillfirstlyshowtherecordsavailable,clickingontheveryrighticonwill
showthelatestrecordsavailable.
Byclickingonthetimeintervalontheright,youwillbepresentedadialogenablingyoutosetupacustomtime
intervalforviewing.
TIP:ThemaximumnumberofshownrowsislimitedbytheLIMITbutton,locatedonthetopbar.Youcanchange
thisvalueanytimeduringviewingthedata.
30
ExporttoMSExcel
Asideofthedatapreview,youcanexportthedataintoMSExcel.Todoso,presstheexportbuttonlocatedonthe
toptoolbar.
Data-LogViews
YoucanlogeventuallyanydataorinformationavailableinmySCADA.Fortheuserconvenienceandeasyaccess
thedataaregroupedintosocalled"Data-Logs".Youcanthinkofdata-logsasofsimilardatacollections.Itcanbe
e.g.asetoftemperaturesreadeachsecondfromthePLC,motorstart-upvoltageandthecurrentloggedeach
100milliseconds,runhoursofprocess,operators’actionsorcomputedproductionstatistics.
EachdatalogcanhavedefinedmultipleData-LogViews.Thedata-Logsarethusviewedinatabularform
representedbyoneormultipleData-LogViews.Data-LogViewsareaccessiblefromthemainmenubyclickingon
“…”button.
TherearetwopossiblewayshowtooperateData-Logviews:
1. Online-dataisshownstartingfromthecurrentvalue
2. History-dataisshownfromacertainentereddate
31
OnlineMode:
Timerangeshowedinadata-logcanbeeasilychangedinthebarbellowtheactualgraph.Dragthesliderto
changethetimerangeshown(from1minuteupto1year)
Settingacustomtimeinterval:
Whenyouclickonatimeintervalontheright,youwillbepresentedwithadialogenablingyoutosetupcustom
timeintervalforviewing.
HistoryMode:
Switchtohistorymodeisdonebyclickingonthetimericoninthelowerleftcorner.
Inthismode,youcanspecifyadaterangeinwhichdatawillbeshown-clickonadatetoset:
32
Byclickingontheleftandrightarrows,itispossibletochangethedateinaccordancewithalreadysetTime
range.Clickingonaleftmostarrowwillshowfirstrecordsavailable,clickingonarightmosticonwillshowlatest
recordsavailable.Againbyclickingonatimeintervalontheright,youwillbepresentedwithadialogenabling
youtosetupcustomtimeintervalforviewing.
TIP:MaximumnumberofshownrowsislimitedbyaLIMITbuttonlocatedatthetopbar.Youcanchangethis
valueanytimeduringviewingadata.
33
AdministrationLevel
MyAccount
Inthismenuyoucanchangeadministratorpasswordandotherusefulsettingssuchasemailandphonenumber.
System
Inthissectionyoucansetupallsettingsrelatedtothedevicesystem.
Date&Time
Enterthecurrentdateandtimethenclickon„Change“tosave.Youcanalsosetatimezonewhereyour
country/cityislocatedin.
NTP
ThisfeatureallowstimesynchronizationwithaNetworkTimeProtocolserver(e.g.time.nist.gov).NetworkTime
Protocol(NTP)isanetworkingprotocolforclocksynchronizationbetweencomputersystemsoverpacket-
switched,variable-latencydatanetworks.
34
SMTP
Hereyoucansetanemailservertobeusedtosendemailmessages(thisisprovidedbyyourISP).
• SMTPServer–theIPaddressoftheSMTPserver
• Port–chooseTCPport25(SMTP)orport587(Submission),orothergivenbyyourITdepartmentorISP
provider
• Mailfrom–anemailaddresswhichemailmessageswillbesentfrom.Usetheformuser@company.domain
• UseauthenticationSSL/TSL–fillintheusernameandpasswordprovidedyoudesiretouseSecureSockets
Layer(SSL)orTransportLayerSecurity(TLS)forenhancedcommunicationsecurity
SendInfoEmailAfterBoot
Incaseofunitrebootthischoicegeneratesaninformationalemailforthespecifiedgroupofusers.
• Enable–enabletheservice
• Sendtogroup-setthegroupofuserstowhichwillbeinformationalmailsend.
35
SMS
Ifyouhaveunitwith3GModem,youshouldsetuptheSMSCentersettings.
• SMSCenter-yourserviceproviderSMScenter
• MaxSMSpermin–maximumnumberofSMSsentduringaminute.ThischoicelimitsthepriceofSMS
servicestobepaid.
• TestSMS/Sendto–trytosendtheSMStogivennumbertotestcorrectfunctionality
Language
Itispossibletochangealanguageofthewholedevice’sGUI–chooseoneofavailablelanguageswhicharelisted
inthedrop-downmenu.Youmayhavetoreloadyourwebbrowserforthechangetotakeeffect.
Update
IfthedeviceisconnectedtotheInternetyoucanusethe“AutoupdatefromInternet”optiontoautomatically
havethesoftwareupdated,providedthereisanewversionoffirmwareavailable.IfthereisnoInternet
connectionyoucanstillupdatemanuallyfromafile.
Backup
Thisfunctionisonlyavailable,whenthemicroSDcardisinsertedintheslot.Youcanbackupcompletesystem,or
selectonlypartialbackup.
• Project
• Data-logsincludingalarmhistory,useractionshistory,advancedtrends
• Networkconfiguration
• Systemconfiguration
Toperformthebackup,putformattedmicroSDcardintoafrontmicroSDslotofthedevice.Youmightneedto
restartthedevicetorecognizethecardinsertion.
• Make–createsback-up
• Format–microSDcardformattingwiththefilesystemFAT32
!!!!PleasenotethatallthedatastoredonthemicroSDcardwillbedeleted!!!!
• Restore/Delete-restoretheback-updata,deletetheback-updatafromthemicroSDcard
Youcanalsoperformaperiodicbackupsbasedonyourtimeselection.Thiswayyoucankeepyourdata
redundantinacaseyouwouldencounteraproblemwithabox.
37
RestorefromBackup
Thisfunctionisonlyavailable,whenthemicroSDcardisinsertedintheslot.Youcanuserestorefrombackupto
quicklysetupanewboxorswitchexistingoneinacaseoffailure.
Toperformarestorefrombackup,gototheBackupmenuandselectfromavailablebackups.
IMPORTANT:Youwillhavetorebootyourunittocompleteabackup.Ifyourselectedbackupcontainsalso
networksettings,IPaddressofrestoredboxcanchange.
Status
Thissectionprovidesusefulinformationonthedevice’ssystem,forexample:
• Versionofusedfirmware
• Device’sserialnumber
• Runningtimesincethelastreboot
• SMScounter–countsthetotalnumberofsentSMS
• ActiveVPNuser–displaystheactiveVPNusers
• Thegreen/redchartshowsused/availablephysicalmemoryofthedevice.
• Scriptsstatus
o Status–displaysscriptlogandrestartscripts
o Mainscript–displaysthestatusofmain(initial)script
o Timers–displaysthestatusofeachperiodicallystartedscript
• NTPServerstatus–displaystheserverstatussetfortimesynchronization.
*–timesynchronized,
=–timesynchronizationinprogress
• SystemLEDblinking–makesthesystemLEDlightonthepaneltoblink.Usefulforidentificationofthe
equipmentinthetechnology.
• Location–enterthelocationofthedevice,e.g.anameofyourcityorfactory
(thisisusedforidentificationinsomeSMS/e-mailnotice)
• Hostname–againcanbeusedtoenterauserdefinedtextorname,e.g.theconnectedrouter
• Downloadforsupport–generatesazippedfilecontainingallsettingswhichcanbelatersenttoasupport
personnel,[email protected]
38
Reboot
Whenitisrequired,youcanrebootthedevice’ssystembyclickingonthemenuitem“Reboot”.Youwillbepromptedtoconfirmtherebootingprocedure.
Network
Anetworkgrantsyoutheabilitytoshareresourcesandinformationamongyourinterconnecteddevices.To
communicatewithothercomputersanddevices,acommunicationchannelmustbeproperlyestablished.
NETWORKMODE
Toproperlyoperatethedevice,youmustfirstsettheNetworkMode.Selectthedesirednetworkedmodeby
lookingattheoptions(whichdependsontheversionofyourdevice).YoucanreadthroughtheModedescription
whenyouselectit.Ifyoupressapplynewmodeisselected.
40
IndividualportssettingdependontheHWconfigurationwithfollowingoptions:
RoutedportisastandaloneportwithitsownIPaddressdependingonthetypeoftheportLAN,WAN.
Bridgedportisaportincludedinthebridgegroup((br0).IPandotherfeaturesaresetforthewholebridge.
3GWANisamobileconnectionandisconsideredtobetheonlyaccesspointintoWAN.
3GBackupisaback-upconnectionintoWAN(forsettingseechapter6.4.2)
LAN/WAN
Inthissectionbasicnetworksettingscanbesetorchanged.TherearesettingsforWAN,LAN,LAN2andwireless
modem.Dependingonwhichversionofthedeviceispurchased,thefollowingsettingsareavailable:
Interface Mode
LAN/WAN Routed
LAN/WAN Bridged
3G/LTE WAN
3G/LTE Backup
41
SettingauniqueIPaddressforthedeviceisessentialforproperfunctionalityinacomputernetwork.Thereare
twooptionshowtoassignanIPaddresstothedevicealongwithothernetworkinformation:
1. DHCP–thedevicecanobtainIPaddressandallothernetworkinformationfromaDHCP(DynamicHost
ConfigurationProtocol)serverautomatically.TheserveralsoeliminatesduplicateIPassignments.
2. STATIC–manuallyenteranIPaddressandalltherequirednetworkinformation
Name server
Anameserverisacomputerserverthathostsanetworkserviceforprovidingresponsestoqueriesagainsta
directoryservice.Itmapsahuman-recognizableidentifiertoasystem-internal,oftennumericidentificationor
addressingcomponent.Thisserviceisperformedbytheserverinresponsetotherequestofthenetworkservice
protocol.Youcanuseapublicname-serversuchas8.8.8.8orusetheoneprovidedbyyourISP.
3GModem
Ifisyourunitequippedwiththe3Gmodem,youshouldsetitupbeforeuse.Modemparametersmustbefilledin
ordertooperatecorrectly.ForconcreteparameterssuchasAPN,pleaseconsultyourSIMdataprovider.
• Useauthentication–enterthecorrectusername&password(notalwaysrequired)
• Connectiontype–selectfrom2G,3GorAutooption(autooptionwillswitchautomaticallybasedonthe
signalstrength)
• PIN–whennecessaryenteravalidPINfortheSIMcardinserted
• APN–AccessPointName(itisprovidedbyyourmobileoperator,defaultnameis“internet”)
• Dialnumber–enterthecorrectnumberfordataaccess(itisprovidedbyyourmobileoperator)
• UsepeerDNS–allowspeerDNS• Connectafterreboot-starttheserviceafterrebootingthedevice• Watchdog–watchdogperformsperiodictestingoftheIPaddressaccessibility.Notethatwithoutwatchdog
parameterset,connectioncheckwillbedisabled,solostconnectionwouldnotrestartthe3GModem.
42
Use3GasInternetBack-up
IfyouuseWANportasyourprimaryconnectiontothenetwork,youcanuse3GModemasyourredundant
connection.Ifyourprimaryconnectionwillgodown,3Gmodemwilldialupandestablishaconnection.Thisway,
yourunitwillbealwaysreachable.
The“connectafterreboot”settingisnotavailableinthismodeasmodemconnectsonlyonprimaryconnection
failure.Themodemwillbeconnectedonlyifthereisnoreplyforpingcommandforhostdefinedintheitem
“watchdog“.Thefallbacktoprimaryconnectionwillberecoveredafterthetimespecifiedinthe“Backup
timeout”parameter.
DHCPServer
InternalDHCP(DynamicHostConfigurationProtocol)serverautomaticallyassignsnetworkinformation,suchasIP
addresses.YourunitcanworkasDHCPserver.
TohaveDHCPserveralwaysrunning,tick“Startafterreboot”option.
43
NAT/Routers
NAT(networkaddresstranslation)allowsmultiplehostsonaVPNtoaccesstheInternetfromasingleIPaddress.
Itessentiallyactsasanagentbetweenapublicnetwork(e.g.theInternet)andalocal/privatenetwork.
Sourceroutingallowsahostwhoistransmittingpacketsofdatatopartiallyorcompletelyspecifytheroutein
whichthepacketwilltravelthroughthenetwork.Todefineanewroute,youwouldneedtoenteritsIPaddress,
MaskandGateway.
Arebootofthedevice’ssystemmusttakeplaceinorderforthechangestotakeeffect.
Firewall
Firewallisanetworksecuritysystemthatcontrolstheincomingandoutgoingnetworktrafficbyanalyzingthe
datapacketsanddeterminingwhethertheyshouldbeallowedthroughornot,basedonappliedruleset.A
firewallestablishesabarrierbetweenatrusted,secureinternalnetworkandanothernetwork(e.g.,theInternet)
thatisnotassumedtobesecureandtrusted.IntheFirewalloptionyoucanseeallopenportsforeverynetwork
interfaceinyoursystem.Youcanblockanyport(disablingserviceonthatport)forgivenservice.
“Addservice”–addyourownsettingforuserdefinedport.Thisfeatureisusefullforuserdefinedcommunication
inserversidescripts.
44
DDNS
UpdateofDNS(InternetDomainNameSystem)nameservers.DynamicDNS(DDNS)isamethodofautomatically
updatinganameserverintheDomainNameSystem(DNS),ofteninrealtime,withtheactiveDNSconfiguration
ofitsconfiguredhostnames,addressesorotherinformation.
Toenablethisoption,pleasetickenableserviceandfillintheappropriatefields.Donotforgettotick“Startafter
reboot”option,tohaveyourservicerunningafteraunitrestarts.
PPTP
APPTP(Point-to-pointTunnelingProtocol)servergivesyoutheabilitytosecurelyconnecttoaLANfromaremote
location.Thisallowsyoutoreceivethesameserviceofyourworkplaceinthecomfortofyourownhome.The
Point-to-PointTunnelingProtocol(PPTP)isamethodforimplementingvirtualprivatenetworks.PPTPusesa
controlchanneloverTCPandaGREtunneloperatingtoencapsulatePPPpackets.
45
• UniqueIPAddress–enterauniqueIPaddress(whichisnotusedanywhereelseinyournetwork)
• DHCPIPrange–setarangeofIPaddresses
• Startafterreboot–startthenetworkserviceafterrebootingthedevice
• PPTPServerusers–youcanaddseveralPPTPServerusers
APPTPClientallowsyoutoconnecttoaPPTPbasedVPN(VirtualPrivateNetwork).
• ConnecttoIP–anaddressofPPTPserver
• Username&Password–enterthecorrectusernameandpassword
• Addroutetoremotenetwork–routeisdefinedas“IPaddress/networkmask”,e.g.192.168.1.1/24
• Startafterreboot–startthenetworkserviceafterrebootingthedevice
• Watchdog–testingoftheIPaddressaccessibilityviaVPN(willbereconnectedwhennecessary)
• Dialhang-up–manualdialingup
CiscoVPN
SimilarlytothePPTPthisservicegivesyouanoptiontosecureyournetworkbyencryptingcommunication
betweeninterconnectedcomputersanddevices.
46
• Importconfigfromafile–ifyoualreadyhaveaprofileconfigurationfile(*.pcf)thatspecifiesthe
configurationofyourVPN,youcanloaditfromyourcomputerbyselecting“Browse”.Oncethefileisloaded,
select“Import”.
• IPSecID–usedtoidentifywhichIPSecSecrettouse
• IPSecgateway–enteravalidgateway
• IPSecsecret–usedtosecuretheexchangeoftheusernameandpasswordbetweentheclientandthe
server.
• Xauthpassword–enteravalidpassword
• Xauthusername–enteravalidusername
• IKEAuthmode–allowsusageofIKEAutmode
• Connectafterreboot–starttheserviceafterrebootingthedevice
• Watchdog–testingoftheIPaddressaccessibilityviaVPN(willbereconnectedwhennecessary)
OPENVPN
OpenVPNisanopensourcesoftwareapplicationthatimplementsvirtualprivatenetwork(VPN)techniquesfor
creatingsecurepoint-to-pointorsite-to-siteconnectionsinroutedorbridgedconfigurationsandremoteaccess
facilities.ItusesacustomsecurityprotocolthatutilizesSSL/TLSforkeyexchange.Itiscapableoftraversing
networkaddresstranslators(NATs)andfirewalls.
OpenVPNonmyBOXisimplementedinthewayitisveryeasytosetup.YoucanusetheboxasanOPENVPN
serveroruseitasanOPENVPNClient.
OpenVPNSERVERConfiguration
ToenableopenVPNServerfillinUniqueServerIPandticstartafterreboot.
47
Ifyouwanttohaveaccesstoyourinternalnetwork,youcanaddroutetoyourinternalnetworks.Clickonthe
“Addroute”button.
Fillinthesubnetandnetmaskandclick“Submit”
Toconnectclients,youshouldgenerateusercertificateforeachconnecteduser.Clickonthe“Generateclient
certificate”button.Giveitanameandwerecommendalsosettingtheuserpassword.
48
OpenVPNCLIENTConfiguration
YoucanconnectyourmyBOXtotheOpenVPNServer(thiscanbeeitherothermyBOXconfiguredasaopenVPN
ServeroranyotheropenVPNserver).Firstofall,importthecertificatesgeneratedfromtheserver.Ifyouhave
yourprofileprotectedbypassword,fillinthepassword.Finally,clickon“Startafterreboot”and“Change
settings”button.
IPSec
InternetProtocolSecurity(IPsec)isaprotocolsuiteforsecuringInternetProtocol(IP)communicationsby
authenticatingandencryptingeachIPpacketofacommunicationsession.IPsecincludesprotocolsfor
establishingmutualauthenticationbetweenagentsatthebeginningofthesessionandnegotiationof
cryptographickeystobeusedduringthesession.IPseccanbeusedinprotectingdataflowsbetweenapairof
hosts(host-to-host),betweenapairofsecuritygateways(network-to-network),orbetweenasecuritygateway
andahost(network-to-host).[1]
IPsecisanend-to-endsecurityschemeoperatingintheInternetLayeroftheInternetProtocolSuite,whilesome
otherInternetsecuritysystemsinwidespreaduse,suchasSecureSocketsLayer(SSL),TransportLayerSecurity
(TLS)andSecureShell(SSH),operateintheupperlayersoftheTCP/IPmodel.Hence,IPsecprotectsany
49
applicationtrafficacrossanIPnetwork.ApplicationsdonotneedtobespecificallydesignedtouseIPsec.Without
IPsec,theuseofTLS/SSLhadtobedesignedintoanapplicationtoprotecttheapplicationprotocols.
• Keepalive–allowsyoutochoosehowmanylinks/pathsdatacanbesentthroughbeforethelinkagefails
• NATTraversal–allowsNATTraversal
• Starting-starttheserviceafterrebootingthedevice
• Tunnels–itispossibletodefineseveraltunnel
Ping
ThisinternalPingserviceisparticularlyusefulwhentroubleshootingnetworkcommunication.SimplyfillinanIP
addressyouneedandhitthe“Ping”button.
Status
Acomprehensivestatusoverviewofallnetworksettingsandvariablescanbefoundhere.Alsodisplaysdetailed
accountsontheactiveroutescurrentlyinyournetworkincludingeachindividualdestination,gatewayand
generalmaskingaddress.Otherimportantinformationgivenhereistheinterfacingconfigurationofeachroute,
amountofdatatransmittedandreceived,IPSecstatus,andmuchmore–essentiallyallinformationneededto
makesureyournetworkisoperatingproperly.
IPsectunneldetailfunctiondetection.
Logout
Whenyouareloggedinthesystem,youcanlogoutofitbypressingthe“Logout”menuitem.
Alternatively,clickonthe iconinthemainscreentologout.
51
AppendixA–TerminationandBiasinganRS-485Network
Termination�
Terminationisusedtomatchimpedancewithrespecttoimpedanceofthetransmissionlinebeingused.When
impedancesaremismatchedthetransmittedsignalisnotcompletelyabsorbedbytheloadandtheportionis
reflectedbackintothetransmissionline.Ifthesource,transmissionlineandloadimpedanceareequalthese
reflectionsareeliminated.Therearedisadvantagesofterminationaswell.Terminationincreasesloadonthe
drivers,increasesinstallationcomplexity,changesbiasingrequirementsandmakesthesystemmodificationmore
difficult.
Thedecisionwhetherornottouseterminationshouldbebasedonthecablelengthandthedatarateusedbythe
system.Agoodruleofthumbisifthepropagationdelayofthedatalineismuchlessthanonebitwidth,
terminationisnotneeded.Thisrulemakestheassumptionthatreflectionswilldampoutinseveraltripsupand
downthedataline.Sincethereceivingportwillsamplethedatainthemiddleofthebit,itisimportantthatthe
signallevelbesolidatthatpoint.Inmostcasesterminationisnotrequired.
Thereareseveralmethodsofterminatingdatalines.Mostcommonlyusedisaparalleltermination.Aresistoris
addedinparallelwiththereceiver's"A"and"B"linesinordertomatchthedatalinecharacteristicimpedance
specifiedbythecablemanufacturer(120ohms.isacommonvalue).Thisvaluedescribestheintrinsicimpedance
ofthetransmissionlineandisnotafunctionofthelinelength.Aterminatingresistoroflessthan120ohms
shouldnotbeused.Terminationresistorsshouldbeplacedonlyattheextremeendsofthedataline,andno
morethantwoterminationsshouldbeplacedinanysystemthatdoesnotuserepeaters.Thistypeoftermination
clearlyaddsheavyDCloadingtoasystem.AnotherrecommendedtypeofterminationisACcoupledtermination.
ItaddsasmallcapacitorinserieswiththeterminationresistortoeliminatetheDCloadingeffect.Thepicture
belowillustratesbothparallelandACcoupledterminationonanRS-485two-wirenode.
ParallelandACTermination
BiasinganRS-485Network�
WhenanRS-485networkisinanidlestate,allnodesareinlisten(receive)mode.Underthisconditionthereare
noactivedriversonthenetwork.Alldriversaretri-stated.Withoutanythingdrivingthenetwork,thestateofthe
lineisunknown.Ifthevoltagelevelatthereceiver'sAandBinputsislessthan±200mVthelogiclevelatthe
outputofthereceiverswillbethevalueofthelastbitreceived.Inordertomaintaintheproperidlevoltagestate,
biasresistorsmustbeappliedtoforcethedatalinestotheidlecondition.Biasresistorsarenothingmorethana
pull-upresistoronthedataBline(typicallyto5volts)andapull-downresistor(toground)onthedataAline.The
picturebelowillustratestheplacementofbiasresistorsonatransceiver.Thevalueofthebiasresistorsis
dependentonterminationandnumberofnodesinthesystem.ThegoalistogenerateenoughDCbiascurrentin
thenetworktomaintainaminimumof200mVbetweentheBandAdatalines.
52
TransceiverwithBiasResistors
Biasresistorscanbeplacedanywhereinthenetworkorcanbesplitamongmultiplenodes.Theparallel
combinationofallbiasresistorsinasystemmustbeequaltoorlessthanthecalculatedbiasingrequirements.
Thisdeviceuses4.7Kohmbiasresistors.Thatvalueisadequateformostsystemswithouttermination.The
systemdesignershouldalwayscalculatethebiasingrequirementsofthenetwork.Symptomsofunderbiasing
rangefromdecreasednoiseimmunitytocompletedatafailure.Overbiasinghaslesseffectonasystem,the
primaryresultisincreasedloadonthedrivers.Somesystemscanbesensitivetooverbiasing.
AppendixB–ListofsupportedwebbrowsersfortheGUI
ThefollowingInternetwebbrowsersaresupportedandthereforerecommendedforcorrectviewingofprovided
web-basedGUI:
• MSInternetExplorer9.0andnewer
• Firefox8.0andnewer
• Opera11.6andnewer
• Apple’sSafari6.0andnewer
• Chrome22
