ABB RTU500 series User manual

RTU500 series

RTU500 series Remote Terminal Unit

User manual

Web server Release 12

Revision RTU500 series Remote Terminal Unit

1KGT 150 924 V000 1 - ABB AG

Revision

Document identity: 1KGT 150 924 V000 1

Revision: Date: Changes:

0 07/2016 New document for Release 12.0

RTU500 series Remote Terminal Unit Contents

ABB AG - 1KGT 150 924 V000 1 | I

Contents

1 Introduction.................................................................................................................... 1-1

1.1 Preface................................................................................................................1-1

1.2 Structure of this document................................................................................. 1-1

1.3 References..........................................................................................................1-1

1.4 Access to the Web server.................................................................................. 1-2

1.5 Presentation of the RTU500 series Web Pages.................................................. 1-4

2 Management.................................................................................................................. 2-1

2.1 Configuration Management................................................................................. 2-1

2.2 Firmware Management....................................................................................... 2-2

2.3 License Management..........................................................................................2-4

2.4 Language Management...................................................................................... 2-5

2.4.1 Change language of the Web server..................................................2-6

2.5 User Management.............................................................................................. 2-7

2.5.1 Security Policies.................................................................................2-8

2.5.2 User Accounts / Passwords.............................................................2-10

2.5.3 User Roles....................................................................................... 2-12

2.5.4 Change own user password............................................................ 2-14

2.5.5 Password file management..............................................................2-15

2.5.6 Password file harmonization.............................................................2-16

2.6 Certificate Management.................................................................................... 2-19

2.7 System Help Page with pre-requisitions............................................................2-19

3 Diagnostics.....................................................................................................................3-1

3.1 System Log........................................................................................................ 3-1

3.2 System Event Status.......................................................................................... 3-2

3.3 Hardware Tree.................................................................................................... 3-3

3.3.1 General Overview...............................................................................3-3

3.3.2 Board Diagnosis.................................................................................3-4

4 Test & Simulation........................................................................................................... 4-1

4.1 Enable Logging and Debugging..........................................................................4-1

4.2 Time Administration............................................................................................ 4-2

4.3 General Overview: Test Mode............................................................................. 4-3

4.3.1 Opening the user interface.................................................................4-3

4.4 Inputs and Outputs view - elements of the user interface....................................4-3

4.4.1 Signals grid........................................................................................ 4-3

4.4.2 Multiple simulation interval................................................................. 4-7

4.4.3 STOP button......................................................................................4-7

4.4.4 Control panel for process connection................................................ 4-8

4.4.5 Status indicator................................................................................4-14

4.4.6 Log file download link...................................................................... 4-15

4.5 SEV and SSC view - Elements of the user interface......................................... 4-15

Contents RTU500 series Remote Terminal Unit

II | 1KGT 150 924 V000 1 - ABB AG

4.5.1 Signals grid...................................................................................... 4-15

4.5.2 Input for multiple simulation interval................................................. 4-15

4.5.3 STOP button....................................................................................4-16

4.5.4 Control panel for process connection.............................................. 4-16

4.5.5 Status indicator................................................................................4-16

4.5.6 Log file download link...................................................................... 4-16

4.6 Security Events view - elements of the user interface........................................4-16

4.6.1 Signals grid...................................................................................... 4-16

4.6.2 Input for multiple simulation interval................................................. 4-16

4.6.3 STOP button....................................................................................4-16

4.6.4 Log file download link...................................................................... 4-17

5 Operation....................................................................................................................... 5-1

5.1 Starting the Integrated HMI.................................................................................5-1

5.2 General Overview: Archives................................................................................ 5-1

5.3 Process Archives................................................................................................ 5-2

5.4 File Archive......................................................................................................... 5-3

5.5 Security Event Archive........................................................................................ 5-4

6 Engineering.....................................................................................................................6-1

6.1 Use case 1: Pre-configured RTU520.................................................................. 6-1

6.2 Use case 2: RTU520 online configuration........................................................... 6-2

7 Secure Web server access............................................................................................ 7-1

7.1 RTUtil500 configuration.......................................................................................7-1

7.2 HTTPS Web server access.................................................................................7-3

7.3 Certificate handling............................................................................................. 7-4

7.3.1 Self-signed certificate.........................................................................7-4

7.3.2 External certificate..............................................................................7-5

8 PPP Installation.............................................................................................................. 8-1

8.1 Windows 7..........................................................................................................8-1

9 USB RNDIS Driver Installation........................................................................................ 9-1

9.1 Windows 7..........................................................................................................9-1

10 Glossary....................................................................................................................... 10-1

RTU500 series Remote Terminal Unit Introduction

Preface

ABB AG - 1KGT 150 924 V000 1 | 1-1

1 Introduction

1.1 Preface

The document describes the requirements and installation steps needed to build up a full RTU500

series engineering environment. The base configuration of the Microsoft Windows Operating System

and the tools required for the engineering process are described. System requirement are defined

in chapter Chapter 2.7 in figure "Fig. 28: Page for general information and pre-requisitions" .

1.2 Structure of this document

This document is divided in two main parts:

The first part describes the RTU500 series Web server functionality:

•

Management functions:

– Configuration management

– Firmware management

– User management

– Loading of password files

– Help page

•

Diagnosis functions

– System logs

– Process diagnosis functionality (Hardware Tree)

– The Network Tree

•

Test & Simulation functions

– Enable Logging and Debugging functions

– Test mode functions

•

Operation functions

– Starting the Integrated HMI

– File archive functions

•

Engineering

– Changing individual parameters online

– Onlne generation of a new RTU configuration

The second part includes the installation and configuration of the environment.

•

PPP Installation

•

USB Installation

•

Establishing the connection

•

Network configuration

•

The hardware required for the connection

1.3 References

Additional Information is available in the documents:

Introduction RTU500 series Remote Terminal Unit

Access to the Web server

1-2 | 1KGT 150 924 V000 1 - ABB AG

[1] 1KGT 150 722 Security Deployment Guide Line

[2] 1KGT 150 801 RTUtil500 User's Guide

1.4 Access to the Web server

The integrated Web server of the RTU500 series is accessed by a Web browser, using the IP ad-

dress of one of the Ethernet Interfaces of the RTU Communication Unit. The figure below shows an

example with the Microsoft Internet Explorer.

Figure 1: HTTPS access to an RTU Web server

The access to the RTU500 series Web server is enabled by default, but it is possible to disable the

access for each Ethernet interface in the configuration tool RTUtil500 [2]. See chapter "RTUtil500

configuration" for information how to disable the RTU500 series Web server.

Besides the secure standard HTTPS access, the RTU500 series Web server supports also HTTP.

For more information about the secure access see chapter 7-1. This chapter describes the

configuration and the certificate handling required for the secure HTTPS access.

After a successful connection, the RTU500 series Web server requests a user name and password

for log-in. An example for the log-in dialog presented by the Web browser is shown in the figure

below. Information about the default user names and passwords can be found in chapter "User

Accounts / Passwords".

RTU500 series Remote Terminal Unit Introduction

Access to the Web server

ABB AG - 1KGT 150 924 V000 1 | 1-3

Figure 2: Log-in dialog of Web server

After completing the working session it is recommended to log-off from the RTU500 series Web

server and to close the used Web browser. This prevents the usage of supplied user names and

passwords by unauthorized persons. The log-off is done by selecting the link "Logout" as shown in

the figure below. The appearing dialog must be confirmed with Ok to execute the log-off.

Figure 3: Log-off from Web server

Additional to the manual log-off, the user will be logged off by the RTU500 series after a configurable

time of inactivity. The timeout for automatic logout after user inactivity could be disabled and is

configurable between 1 minute and 24 hours. In RTUtil500 the inactivity timeout parameter is placed

in the "Parameter" tap at an RTU (Network or Hardware tree). The figure below shows the according

RTUtil500 parameter user interface.

Figure 4: User inactivity timeout parameter

Introduction RTU500 series Remote Terminal Unit

Presentation of the RTU500 series Web Pages

1-4 | 1KGT 150 924 V000 1 - ABB AG

When using the Microsoft Internet Explorer as Web browser the advanced option "Show friendly

HTTP error messages" shall be disabled in the Internet Explorer. Without this option the detailed

error information of the RTU500 series Web server are not shown. The option can be found in the

"Advanced" tab of the "Internet Options" (see figure below).

Figure 5: Internet Explorer Settings

1.5 Presentation of the RTU500 series Web Pages

All the pages used to in the RTU Web Server are structured with frames:

•

Status frame (1)

•

Navigation tiles (2)

•

Presentation and selection frame (3)

RTU500 series Remote Terminal Unit Introduction

Presentation of the RTU500 series Web Pages

ABB AG - 1KGT 150 924 V000 1 | 1-5

Figure 6: Structure of the Web server pages

The 'status frame' (1) is fixed during runtime, but depending on the configuration of the RTU.

The navigation tiles (2) is fixed during runtime and used to navigate through the different Web server

functions.

The 'presentation frame' (3 left side) depends also on the configuration of the RTU, but will not be

updated, as long as the frame is shown.

The 'selection frame' (3 right side)

•

will be updated cyclically (approximately every 2 seconds) or

•

must be updated on demand by the user.

Introduction RTU500 series Remote Terminal Unit

Presentation of the RTU500 series Web Pages

1-6 | 1KGT 150 924 V000 1 - ABB AG

RTU500 series Remote Terminal Unit Management

Configuration Management

ABB AG - 1KGT 150 924 V000 1 | 2-1

2 Management

2.1 Configuration Management

To navigate to the Configuration-File Managerpage, click on "Management" and on "Configurations

Management" in the navigation frame. The different table columns show the properties of the dif-

ferent files.

Figure 7: Configuration files: navigation tiles

The files on the RTU will be displayed on top of this page. Below is the drop in area. Here you can drop

new configuration files to be downloaded to the RTU. Only one file is needed for the configuration

of an RTU: <name>.rcd (RTU configuration data)

On the RTU there can be stored 4 different RTUtil500 configuration files:

– Active: The active configuration file is at the moment executed by the RTU

– Backup: It is possible to store one backup copy of a configuration file. This file can be activated

again.

– Base: A configuration file downloaded from the PC will be shown as base configuration file

– Editing: A configuration file generated by the WebUI configuration is called editing

In addition the Integrated HMI project files can be downloaded with this page.

The different table columns show the properties of the different configuration files.

Management RTU500 series Remote Terminal Unit

Firmware Management

2-2 | 1KGT 150 924 V000 1 - ABB AG

Figure 8: Configuration File Manager

Send file to device

With this button the configuration file can be downloaded to the RTU. First the config-

uration file must be dropped into the drop file area. Then the file can be downloaded

to the RTU. The downloaded file will become the new base configuration file. It must

be activated in a next step.

Receive file from device

With this button the configuration file on the RTU can be uploaded to the PC.

Delete file

With this button the configuration can be deleted.

Activate configuration

By selecting this button the base or backup configuration will become the new active

configuration.

Backup configuration

Press this button in the active configuration row to generate a new backup of the ac-

tive configuration. The new backup configuration will override an existing backup con-

figuration.

Table 1: Configuration Management: Operation buttons on the left side of the tables

2.2 Firmware Management

To navigate to the Firmware-File Managerpage, click on "Management" and on "Firmware Manage-

ment" in the navigation frame. The different table columns show the properties of the different files.

RTU500 series Remote Terminal Unit Management

Firmware Management

ABB AG - 1KGT 150 924 V000 1 | 2-3

Figure 9: Firmware files: navigation tiles

The files on the RTU will be displayed on top of this page. Below is the drop in area. Here you can

drop new firmware files to be downloaded to the RTU.

The loading of the different software files is independent. The software is not distributed to other

boards while loading.

Figure 10: Firmware File Manager

Management RTU500 series Remote Terminal Unit

License Management

2-4 | 1KGT 150 924 V000 1 - ABB AG

Send file to device

With this button the firmware file can be downloaded to the RTU. First

the firmware file must be dropped into the drop file area. Than the file can

be downloaded to the RTU. The downloaded file will replace the existing

firmware file on the flash. It must be activated in a next step. After a suc-

cess full download a red exclamation mark will appear and the activate

botton will become visible.

Receive file from device

With this button the firmware file on the RTU can be uploaded to the PC.

Delete file

With this button a firmware file be deleted.

Activate

By selecting this button the firmware file will be activated and the RTU will be restart-

ed.

the red exclamation mark

This sign indicated a difference between the firmware file on the flash and the firmware

under operation for the the RTU. The activation of the firmware is required.

Table 2: Firmware Management: Operation buttons on the left side of the tables

ADVICE

On the RTU there is no backup of the firmware files available. Deletes files must be replaced by

files from the PC.

2.3 License Management

Each communication unit has a separate license on the memory card, containing:

•

a license for the basic functions

•

the maximum number of process data points

•

a license for 'local archives' and 'PLC' (option)

•

a license for the 'integrated HMI' (option)

It is possible to upgrade the RTU license with an license extension file (ABBRTU500Ext.lic), generated

by ABB, by uploading the file via the Web server.

The function is available with the license file manager

RTU500 series Remote Terminal Unit Management

Language Management

ABB AG - 1KGT 150 924 V000 1 | 2-5

Figure 11: License file: navigation tiles

The data of the license file is checked during loading the file. The new licenses are activated after

a reset.

Figure 12: License Upgrade.

2.4 Language Management

To navigate to the Language Manager page, click on "Management" and on "Language Manage-

ment" in the navigation frame. The different table columns show the properties of the different files.

For each language 2 language files are required. For example for english langage:

– webserver_en-US.stb (CSV format)

– RTUi_en-US.rdt (XML format)

Management RTU500 series Remote Terminal Unit

Language Management

2-6 | 1KGT 150 924 V000 1 - ABB AG

Figure 13: Copy language file

Send file to device

With this button the language file can be downloaded to the RTU. First the language

file must be dropped into the drop file area. Than the file can be downloaded to the

RTU.

Receive file from device

With this button the language file on the RTU can be uploaded to the PC.

Delete file

With this button the language can be deleted.

Activate

By selecting this button the language will become the new active language. A reboot

of the RTU is required.

Table 3: Language Management: Operation buttons on the left side of the tables

2.4.1 Change language of the Web server

The language of the Web server can be selected in the status frame. For changing the langage a

reboot of the RTU is required.

RTU500 series Remote Terminal Unit Management

User Management

ABB AG - 1KGT 150 924 V000 1 | 2-7

Figure 14: Change language of the Web server

2.5 User Management

All modification of user accounts are done via the RTU500 series Web server. In the Web server

menu the link "User Management" is the entry point for the user account management. This link can

be found under the menu item "Management" as shown in the figure below. Due to the sensible

information in the user account management the following notice has to be considered.

ADVICE

The web pages of this functionality require secure HTTPS access. It is not possible to open the

web pages with standard HTTP access.

Figure 15: Web server menu user account management

The link starts a user interface to modify the following properties:

•

Enable or disable functional policies

•

Enable or disable password policies

•

Add new or delete existing user accounts

•

Change user account passwords

•

Add new or delete existing user roles

•

Change assignments of user and permissions to/from user roles

The user interface for the account management consists of several menu tabs. The first 3 menu tabs

cover the password policies, the user accounts and the user roles. On each tab the corresponding

information are shown for display and modification.

Common for all menu tabs are 2 buttons at the top of each tab. These buttons control the changes

done by the administrator. At startup all control elements are disabled showing the current config-

uration. If changes shall be done the administrator just start to access the user interface. Then the

both control buttons get active. After finishing the administrator can accept and store the changes

Management RTU500 series Remote Terminal Unit

User Management

2-8 | 1KGT 150 924 V000 1 - ABB AG

by pressing the button "Save" or returning to the former configuration by declining the changes with

the button "Cancel". It is irrelevant on which tab the control buttons are used. The change process

could be started or finished on each tab.

ADVICE

Be sure to save any wanted modification in the user account management by pressing the "Save"

button.

When the changes are accepted an additional dialog appears to confirm the decision. The changed

account configuration is active right after accepting the changes. There is no need to reset the RTU

but all users are logged out and a re-login is required. During accepting the changes are distributed

within the RTU CMU's which could take a few seconds.

To avoid conflicts no access is possible via the Web server when an administrator has started the

account change process. This compromises the access from other CMU's as well. The next chap-

ters describe each menu tab in detail.

2.5.1 Security Policies

In the first tab of the user management the security policies of the RTU500 series are defined.

Security policies are general rules, which are valid for all users and for the whole RTU500 system.

As shown in the figure below the security policies are divided into the following two sections:

•

Functional policies that define restrictions in the access to the RTU500 series and

•

Password policies that define rules that a password must fulfill to get accepted.

Figure 16: Menu tab security policies

The following sections describes the functional and password policies in detail.

Functional policies

The functional policies define restrictions in the access to the RTU500 series. When activated certain

functionalities are disabled and cannot be used anymore. The following functional policies can be

activated for the whole system:

•

PLC online debugging

Disable the access to the PLC online debugging. This includes start/stop of PLC programs,

display and setting of PLC variables.

•

COMPROTware RIO Server

Disable the access to the COMPROTware RIO Server. That means disable the possibility to lis-

tening of telegram traffic on serial and Ethernet interfaces.

•

Web server Test Mode

Disable the Web server testing and simulation mode. This includes time administration, simula-

tion of process inputs and commands in the test manager.

RTU500 series Remote Terminal Unit Management

User Management

ABB AG - 1KGT 150 924 V000 1 | 2-9

•

Online parameter change

Disable the possibility to change single parameters online with the Web server.

•

Online configuration change

Disable the possibility to change the RTU configuration online with the web server.

See part (1) of the Web server screen shoot "Fig. 16: Menu tab security policies" for the password

policies user interface.

Password policies

The password policies define rules that a password must fulfill to get accepted by the RTU500 series.

To enable the password policies the check box "Enforce password policies" must be checked (see

figure in last chapter). Changes in the password policies are considered for new passwords only.

That means existing passwords are not checked against the policies and the passwords are still

valid and usable. To be sure that all passwords are compliant the passwords must be changed after

defining a password policy.

After enabling the password policies the control elements are enabled and changes could be done.

The following parameters are editable:

•

Minimum length of a password. The required length of a password could be set to 0 which

means no required length or to a value between 6 and 31. In case of 0 the password must be

at least 3 characters long (see implicit rules below).

•

Maximum lifetime of a password. This parameter defines the time after a password became

invalid and could not be used anymore. The time is configured in days with a range from 0 to

1000. The value 0 means that the password never became invalid.

•

Contains lower case characters. If this check box is set the passwords must contains at least

one lower case character.

•

Contains upper case characters. If this check box is set the passwords must contains at least

one upper case character.

•

Contains numeric characters. If this check box is set the passwords must contains at least one

numeric character '0' to '9'.

•

Contains special characters. If this check box is set the passwords must contains at least one

of the listed special character:

" [!£$%^&*@?<>+_]\"

Even when the password policies are not enabled there are certain rules for passwords. These are

minimal rules to ensure proper system functionality. These implicit rules are:

•

A password must be at least 3 characters long.

•

A password must not be more than 31 characters long.

•

A whitespace character is not allowed as part of the password.

•

For passwords the following characters are allowed:

"abcdefghijklmnopqrstuvwxyz"

"ABCDEFGHIJKLMNOBQRSTUVWXYZ"

"0123456789"

"[!£$%^&*@?<>+_]\"

Independent from the password policies there are as well implicit rules for user names. These rules

are:

•

A user name must be at least 3 characters long.

•

A user name must not be more than 31 characters long.

Management RTU500 series Remote Terminal Unit

User Management

2-10 | 1KGT 150 924 V000 1 - ABB AG

•

A whitespace character is not allowed as part of the user name.

•

For user names the following characters are allowed:

"abcdefghijklmnopqrstuvwxyz"

"ABCDEFGHIJKLMNOBQRSTUVWXYZ"

"0123456789"

See part (2) of the Web server screen shoot "Fig. 16: Menu tab security policies" for the password

policies user interface.

2.5.2 User Accounts / Passwords

In the second menu tab the user accounts are defined. The tab shows in a table the names of

the existing user accounts (see figure below). The password of a user account can be changed by

selecting the lock symbol at the left side of the table and by selecting the trash can symbol the user

account can be deleted. Be careful, there is no security query when deleting a user account and a

once deleted user account could not be restored.

On the right side of the table are the assigments of the user roles. One or several roles can be

assigned to an user account. The user role can be assigned or withdrawn by selecting the corre-

sponding checkbox at the user account. The specific permissions assigned to a user role are defined

in the menu tab "User Roles" described in the next chapter.

Figure 17: Menu tab user accounts

At the end of the table of existing user accounts there is an empty field for adding a new user. A

new user account is created by typing a user name and pressing <ENTER>. Then a dialog appears

to set the initial password of the new user account (as shown in the next figure). By confirming the

dialog with "Ok" the user account is created. For information about rules that must be consider when

choosing a user name or password see chapter about the password policies.

When changing a user password the same dialog appears as when setting the initial password.

In the dialog the affected user name is displayed and 2 text fields to type the new password. The

password must be typed two times to eliminate, unintentional typing errors. The new password is

accepted only if both text fields contain the same password.

Page is loading ...

ABB RTU500 series User manual

ABB RTU500 series User manual

Related papers

Other documents