ABB RTU500 series User manual

  • Hello! I am an AI chatbot trained to assist you with the ABB RTU500 series User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
RTU500 series
RTU500 series Remote Terminal Unit
User manual
Web server Release 12
Revision RTU500 series Remote Terminal Unit
1KGT 150 924 V000 1 - ABB AG
Revision
Document identity: 1KGT 150 924 V000 1
Revision: Date: Changes:
0 07/2016 New document for Release 12.0
RTU500 series Remote Terminal Unit Contents
ABB AG - 1KGT 150 924 V000 1 | I
Contents
1 Introduction.................................................................................................................... 1-1
1.1 Preface................................................................................................................1-1
1.2 Structure of this document................................................................................. 1-1
1.3 References..........................................................................................................1-1
1.4 Access to the Web server.................................................................................. 1-2
1.5 Presentation of the RTU500 series Web Pages.................................................. 1-4
2 Management.................................................................................................................. 2-1
2.1 Configuration Management................................................................................. 2-1
2.2 Firmware Management....................................................................................... 2-2
2.3 License Management..........................................................................................2-4
2.4 Language Management...................................................................................... 2-5
2.4.1 Change language of the Web server..................................................2-6
2.5 User Management.............................................................................................. 2-7
2.5.1 Security Policies.................................................................................2-8
2.5.2 User Accounts / Passwords.............................................................2-10
2.5.3 User Roles....................................................................................... 2-12
2.5.4 Change own user password............................................................ 2-14
2.5.5 Password file management..............................................................2-15
2.5.6 Password file harmonization.............................................................2-16
2.6 Certificate Management.................................................................................... 2-19
2.7 System Help Page with pre-requisitions............................................................2-19
3 Diagnostics.....................................................................................................................3-1
3.1 System Log........................................................................................................ 3-1
3.2 System Event Status.......................................................................................... 3-2
3.3 Hardware Tree.................................................................................................... 3-3
3.3.1 General Overview...............................................................................3-3
3.3.2 Board Diagnosis.................................................................................3-4
4 Test & Simulation........................................................................................................... 4-1
4.1 Enable Logging and Debugging..........................................................................4-1
4.2 Time Administration............................................................................................ 4-2
4.3 General Overview: Test Mode............................................................................. 4-3
4.3.1 Opening the user interface.................................................................4-3
4.4 Inputs and Outputs view - elements of the user interface....................................4-3
4.4.1 Signals grid........................................................................................ 4-3
4.4.2 Multiple simulation interval................................................................. 4-7
4.4.3 STOP button......................................................................................4-7
4.4.4 Control panel for process connection................................................ 4-8
4.4.5 Status indicator................................................................................4-14
4.4.6 Log file download link...................................................................... 4-15
4.5 SEV and SSC view - Elements of the user interface......................................... 4-15
Contents RTU500 series Remote Terminal Unit
II | 1KGT 150 924 V000 1 - ABB AG
4.5.1 Signals grid...................................................................................... 4-15
4.5.2 Input for multiple simulation interval................................................. 4-15
4.5.3 STOP button....................................................................................4-16
4.5.4 Control panel for process connection.............................................. 4-16
4.5.5 Status indicator................................................................................4-16
4.5.6 Log file download link...................................................................... 4-16
4.6 Security Events view - elements of the user interface........................................4-16
4.6.1 Signals grid...................................................................................... 4-16
4.6.2 Input for multiple simulation interval................................................. 4-16
4.6.3 STOP button....................................................................................4-16
4.6.4 Log file download link...................................................................... 4-17
5 Operation....................................................................................................................... 5-1
5.1 Starting the Integrated HMI.................................................................................5-1
5.2 General Overview: Archives................................................................................ 5-1
5.3 Process Archives................................................................................................ 5-2
5.4 File Archive......................................................................................................... 5-3
5.5 Security Event Archive........................................................................................ 5-4
6 Engineering.....................................................................................................................6-1
6.1 Use case 1: Pre-configured RTU520.................................................................. 6-1
6.2 Use case 2: RTU520 online configuration........................................................... 6-2
7 Secure Web server access............................................................................................ 7-1
7.1 RTUtil500 configuration.......................................................................................7-1
7.2 HTTPS Web server access.................................................................................7-3
7.3 Certificate handling............................................................................................. 7-4
7.3.1 Self-signed certificate.........................................................................7-4
7.3.2 External certificate..............................................................................7-5
8 PPP Installation.............................................................................................................. 8-1
8.1 Windows 7..........................................................................................................8-1
9 USB RNDIS Driver Installation........................................................................................ 9-1
9.1 Windows 7..........................................................................................................9-1
10 Glossary....................................................................................................................... 10-1
RTU500 series Remote Terminal Unit Introduction
Preface
ABB AG - 1KGT 150 924 V000 1 | 1-1
1 Introduction
1.1 Preface
The document describes the requirements and installation steps needed to build up a full RTU500
series engineering environment. The base configuration of the Microsoft Windows Operating System
and the tools required for the engineering process are described. System requirement are defined
in chapter Chapter 2.7 in figure "Fig. 28: Page for general information and pre-requisitions" .
1.2 Structure of this document
This document is divided in two main parts:
The first part describes the RTU500 series Web server functionality:
The first part describes the RTU500 series Web server functionality:
Management functions:
Configuration management
Firmware management
User management
Loading of password files
Help page
Diagnosis functions
System logs
Process diagnosis functionality (Hardware Tree)
The Network Tree
Test & Simulation functions
Enable Logging and Debugging functions
Test mode functions
Operation functions
Starting the Integrated HMI
File archive functions
Engineering
Changing individual parameters online
Onlne generation of a new RTU configuration
The second part includes the installation and configuration of the environment.
PPP Installation
USB Installation
Establishing the connection
Network configuration
The hardware required for the connection
1.3 References
Additional Information is available in the documents:
Introduction RTU500 series Remote Terminal Unit
Access to the Web server
1-2 | 1KGT 150 924 V000 1 - ABB AG
[1] 1KGT 150 722 Security Deployment Guide Line
[2] 1KGT 150 801 RTUtil500 User's Guide
1.4 Access to the Web server
The integrated Web server of the RTU500 series is accessed by a Web browser, using the IP ad-
dress of one of the Ethernet Interfaces of the RTU Communication Unit. The figure below shows an
example with the Microsoft Internet Explorer.
Figure 1: HTTPS access to an RTU Web server
The access to the RTU500 series Web server is enabled by default, but it is possible to disable the
access for each Ethernet interface in the configuration tool RTUtil500 [2]. See chapter "RTUtil500
configuration" for information how to disable the RTU500 series Web server.
Besides the secure standard HTTPS access, the RTU500 series Web server supports also HTTP.
For more information about the secure access see chapter 7-1. This chapter describes the
configuration and the certificate handling required for the secure HTTPS access.
After a successful connection, the RTU500 series Web server requests a user name and password
for log-in. An example for the log-in dialog presented by the Web browser is shown in the figure
below. Information about the default user names and passwords can be found in chapter "User
Accounts / Passwords".
RTU500 series Remote Terminal Unit Introduction
Access to the Web server
ABB AG - 1KGT 150 924 V000 1 | 1-3
Figure 2: Log-in dialog of Web server
After completing the working session it is recommended to log-off from the RTU500 series Web
server and to close the used Web browser. This prevents the usage of supplied user names and
passwords by unauthorized persons. The log-off is done by selecting the link "Logout" as shown in
the figure below. The appearing dialog must be confirmed with Ok to execute the log-off.
Figure 3: Log-off from Web server
Additional to the manual log-off, the user will be logged off by the RTU500 series after a configurable
time of inactivity. The timeout for automatic logout after user inactivity could be disabled and is
configurable between 1 minute and 24 hours. In RTUtil500 the inactivity timeout parameter is placed
in the "Parameter" tap at an RTU (Network or Hardware tree). The figure below shows the according
RTUtil500 parameter user interface.
Figure 4: User inactivity timeout parameter
Introduction RTU500 series Remote Terminal Unit
Presentation of the RTU500 series Web Pages
1-4 | 1KGT 150 924 V000 1 - ABB AG
When using the Microsoft Internet Explorer as Web browser the advanced option "Show friendly
HTTP error messages" shall be disabled in the Internet Explorer. Without this option the detailed
error information of the RTU500 series Web server are not shown. The option can be found in the
"Advanced" tab of the "Internet Options" (see figure below).
Figure 5: Internet Explorer Settings
1.5 Presentation of the RTU500 series Web Pages
All the pages used to in the RTU Web Server are structured with frames:
Status frame (1)
Navigation tiles (2)
Presentation and selection frame (3)
RTU500 series Remote Terminal Unit Introduction
Presentation of the RTU500 series Web Pages
ABB AG - 1KGT 150 924 V000 1 | 1-5
Figure 6: Structure of the Web server pages
The 'status frame' (1) is fixed during runtime, but depending on the configuration of the RTU.
The navigation tiles (2) is fixed during runtime and used to navigate through the different Web server
functions.
The 'presentation frame' (3 left side) depends also on the configuration of the RTU, but will not be
updated, as long as the frame is shown.
The 'selection frame' (3 right side)
will be updated cyclically (approximately every 2 seconds) or
must be updated on demand by the user.
Introduction RTU500 series Remote Terminal Unit
Presentation of the RTU500 series Web Pages
1-6 | 1KGT 150 924 V000 1 - ABB AG
RTU500 series Remote Terminal Unit Management
Configuration Management
ABB AG - 1KGT 150 924 V000 1 | 2-1
2 Management
2.1 Configuration Management
To navigate to the Configuration-File Managerpage, click on "Management" and on "Configurations
Management" in the navigation frame. The different table columns show the properties of the dif-
ferent files.
Figure 7: Configuration files: navigation tiles
The files on the RTU will be displayed on top of this page. Below is the drop in area. Here you can drop
new configuration files to be downloaded to the RTU. Only one file is needed for the configuration
of an RTU: <name>.rcd (RTU configuration data)
On the RTU there can be stored 4 different RTUtil500 configuration files:
Active: The active configuration file is at the moment executed by the RTU
Backup: It is possible to store one backup copy of a configuration file. This file can be activated
again.
Base: A configuration file downloaded from the PC will be shown as base configuration file
Editing: A configuration file generated by the WebUI configuration is called editing
In addition the Integrated HMI project files can be downloaded with this page.
The different table columns show the properties of the different configuration files.
Management RTU500 series Remote Terminal Unit
Firmware Management
2-2 | 1KGT 150 924 V000 1 - ABB AG
Figure 8: Configuration File Manager
Send file to device
With this button the configuration file can be downloaded to the RTU. First the config-
uration file must be dropped into the drop file area. Then the file can be downloaded
to the RTU. The downloaded file will become the new base configuration file. It must
be activated in a next step.
Receive file from device
With this button the configuration file on the RTU can be uploaded to the PC.
Delete file
With this button the configuration can be deleted.
Activate configuration
By selecting this button the base or backup configuration will become the new active
configuration.
Backup configuration
Press this button in the active configuration row to generate a new backup of the ac-
tive configuration. The new backup configuration will override an existing backup con-
figuration.
Table 1: Configuration Management: Operation buttons on the left side of the tables
2.2 Firmware Management
To navigate to the Firmware-File Managerpage, click on "Management" and on "Firmware Manage-
ment" in the navigation frame. The different table columns show the properties of the different files.
RTU500 series Remote Terminal Unit Management
Firmware Management
ABB AG - 1KGT 150 924 V000 1 | 2-3
Figure 9: Firmware files: navigation tiles
The files on the RTU will be displayed on top of this page. Below is the drop in area. Here you can
drop new firmware files to be downloaded to the RTU.
The loading of the different software files is independent. The software is not distributed to other
boards while loading.
Figure 10: Firmware File Manager
Management RTU500 series Remote Terminal Unit
License Management
2-4 | 1KGT 150 924 V000 1 - ABB AG
Send file to device
With this button the firmware file can be downloaded to the RTU. First
the firmware file must be dropped into the drop file area. Than the file can
be downloaded to the RTU. The downloaded file will replace the existing
firmware file on the flash. It must be activated in a next step. After a suc-
cess full download a red exclamation mark will appear and the activate
botton will become visible.
Receive file from device
With this button the firmware file on the RTU can be uploaded to the PC.
Delete file
With this button a firmware file be deleted.
Activate
By selecting this button the firmware file will be activated and the RTU will be restart-
ed.
the red exclamation mark
This sign indicated a difference between the firmware file on the flash and the firmware
under operation for the the RTU. The activation of the firmware is required.
Table 2: Firmware Management: Operation buttons on the left side of the tables
ADVICE
On the RTU there is no backup of the firmware files available. Deletes files must be replaced by
files from the PC.
2.3 License Management
Each communication unit has a separate license on the memory card, containing:
a license for the basic functions
the maximum number of process data points
a license for 'local archives' and 'PLC' (option)
a license for the 'integrated HMI' (option)
It is possible to upgrade the RTU license with an license extension file (ABBRTU500Ext.lic), generated
by ABB, by uploading the file via the Web server.
The function is available with the license file manager
RTU500 series Remote Terminal Unit Management
Language Management
ABB AG - 1KGT 150 924 V000 1 | 2-5
Figure 11: License file: navigation tiles
The data of the license file is checked during loading the file. The new licenses are activated after
a reset.
Figure 12: License Upgrade.
2.4 Language Management
To navigate to the Language Manager page, click on "Management" and on "Language Manage-
ment" in the navigation frame. The different table columns show the properties of the different files.
For each language 2 language files are required. For example for english langage:
webserver_en-US.stb (CSV format)
RTUi_en-US.rdt (XML format)
Management RTU500 series Remote Terminal Unit
Language Management
2-6 | 1KGT 150 924 V000 1 - ABB AG
Figure 13: Copy language file
Send file to device
With this button the language file can be downloaded to the RTU. First the language
file must be dropped into the drop file area. Than the file can be downloaded to the
RTU.
Receive file from device
With this button the language file on the RTU can be uploaded to the PC.
Delete file
With this button the language can be deleted.
Activate
By selecting this button the language will become the new active language. A reboot
of the RTU is required.
Table 3: Language Management: Operation buttons on the left side of the tables
2.4.1 Change language of the Web server
The language of the Web server can be selected in the status frame. For changing the langage a
reboot of the RTU is required.
RTU500 series Remote Terminal Unit Management
User Management
ABB AG - 1KGT 150 924 V000 1 | 2-7
Figure 14: Change language of the Web server
2.5 User Management
All modification of user accounts are done via the RTU500 series Web server. In the Web server
menu the link "User Management" is the entry point for the user account management. This link can
be found under the menu item "Management" as shown in the figure below. Due to the sensible
information in the user account management the following notice has to be considered.
ADVICE
The web pages of this functionality require secure HTTPS access. It is not possible to open the
web pages with standard HTTP access.
Figure 15: Web server menu user account management
The link starts a user interface to modify the following properties:
Enable or disable functional policies
Enable or disable password policies
Add new or delete existing user accounts
Change user account passwords
Add new or delete existing user roles
Change assignments of user and permissions to/from user roles
The user interface for the account management consists of several menu tabs. The first 3 menu tabs
cover the password policies, the user accounts and the user roles. On each tab the corresponding
information are shown for display and modification.
Common for all menu tabs are 2 buttons at the top of each tab. These buttons control the changes
done by the administrator. At startup all control elements are disabled showing the current config-
uration. If changes shall be done the administrator just start to access the user interface. Then the
both control buttons get active. After finishing the administrator can accept and store the changes
Management RTU500 series Remote Terminal Unit
User Management
2-8 | 1KGT 150 924 V000 1 - ABB AG
by pressing the button "Save" or returning to the former configuration by declining the changes with
the button "Cancel". It is irrelevant on which tab the control buttons are used. The change process
could be started or finished on each tab.
ADVICE
Be sure to save any wanted modification in the user account management by pressing the "Save"
button.
When the changes are accepted an additional dialog appears to confirm the decision. The changed
account configuration is active right after accepting the changes. There is no need to reset the RTU
but all users are logged out and a re-login is required. During accepting the changes are distributed
within the RTU CMU's which could take a few seconds.
To avoid conflicts no access is possible via the Web server when an administrator has started the
account change process. This compromises the access from other CMU's as well. The next chap-
ters describe each menu tab in detail.
2.5.1 Security Policies
In the first tab of the user management the security policies of the RTU500 series are defined.
Security policies are general rules, which are valid for all users and for the whole RTU500 system.
As shown in the figure below the security policies are divided into the following two sections:
Functional policies that define restrictions in the access to the RTU500 series and
Password policies that define rules that a password must fulfill to get accepted.
Figure 16: Menu tab security policies
The following sections describes the functional and password policies in detail.
Functional policies
The functional policies define restrictions in the access to the RTU500 series. When activated certain
functionalities are disabled and cannot be used anymore. The following functional policies can be
activated for the whole system:
PLC online debugging
Disable the access to the PLC online debugging. This includes start/stop of PLC programs,
display and setting of PLC variables.
COMPROTware RIO Server
Disable the access to the COMPROTware RIO Server. That means disable the possibility to lis-
tening of telegram traffic on serial and Ethernet interfaces.
Web server Test Mode
Disable the Web server testing and simulation mode. This includes time administration, simula-
tion of process inputs and commands in the test manager.
RTU500 series Remote Terminal Unit Management
User Management
ABB AG - 1KGT 150 924 V000 1 | 2-9
Online parameter change
Disable the possibility to change single parameters online with the Web server.
Online configuration change
Disable the possibility to change the RTU configuration online with the web server.
See part (1) of the Web server screen shoot "Fig. 16: Menu tab security policies" for the password
policies user interface.
Password policies
The password policies define rules that a password must fulfill to get accepted by the RTU500 series.
To enable the password policies the check box "Enforce password policies" must be checked (see
figure in last chapter). Changes in the password policies are considered for new passwords only.
That means existing passwords are not checked against the policies and the passwords are still
valid and usable. To be sure that all passwords are compliant the passwords must be changed after
defining a password policy.
After enabling the password policies the control elements are enabled and changes could be done.
The following parameters are editable:
Minimum length of a password. The required length of a password could be set to 0 which
means no required length or to a value between 6 and 31. In case of 0 the password must be
at least 3 characters long (see implicit rules below).
Maximum lifetime of a password. This parameter defines the time after a password became
invalid and could not be used anymore. The time is configured in days with a range from 0 to
1000. The value 0 means that the password never became invalid.
Contains lower case characters. If this check box is set the passwords must contains at least
one lower case character.
Contains upper case characters. If this check box is set the passwords must contains at least
one upper case character.
Contains numeric characters. If this check box is set the passwords must contains at least one
numeric character '0' to '9'.
Contains special characters. If this check box is set the passwords must contains at least one
of the listed special character:
" [!£$%^&*@?<>+_]\"
Even when the password policies are not enabled there are certain rules for passwords. These are
minimal rules to ensure proper system functionality. These implicit rules are:
A password must be at least 3 characters long.
A password must not be more than 31 characters long.
A whitespace character is not allowed as part of the password.
For passwords the following characters are allowed:
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOBQRSTUVWXYZ"
"0123456789"
"[!£$%^&*@?<>+_]\"
Independent from the password policies there are as well implicit rules for user names. These rules
are:
A user name must be at least 3 characters long.
A user name must not be more than 31 characters long.
Management RTU500 series Remote Terminal Unit
User Management
2-10 | 1KGT 150 924 V000 1 - ABB AG
A whitespace character is not allowed as part of the user name.
For user names the following characters are allowed:
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOBQRSTUVWXYZ"
"0123456789"
See part (2) of the Web server screen shoot "Fig. 16: Menu tab security policies" for the password
policies user interface.
2.5.2 User Accounts / Passwords
In the second menu tab the user accounts are defined. The tab shows in a table the names of
the existing user accounts (see figure below). The password of a user account can be changed by
selecting the lock symbol at the left side of the table and by selecting the trash can symbol the user
account can be deleted. Be careful, there is no security query when deleting a user account and a
once deleted user account could not be restored.
On the right side of the table are the assigments of the user roles. One or several roles can be
assigned to an user account. The user role can be assigned or withdrawn by selecting the corre-
sponding checkbox at the user account. The specific permissions assigned to a user role are defined
in the menu tab "User Roles" described in the next chapter.
Figure 17: Menu tab user accounts
At the end of the table of existing user accounts there is an empty field for adding a new user. A
new user account is created by typing a user name and pressing <ENTER>. Then a dialog appears
to set the initial password of the new user account (as shown in the next figure). By confirming the
dialog with "Ok" the user account is created. For information about rules that must be consider when
choosing a user name or password see chapter about the password policies.
When changing a user password the same dialog appears as when setting the initial password.
In the dialog the affected user name is displayed and 2 text fields to type the new password. The
password must be typed two times to eliminate, unintentional typing errors. The new password is
accepted only if both text fields contain the same password.
/