manualshive.com logo in svg

Siemens RUGGEDCOM APE1402, Configuration Manual

The Siemens RUGGEDCOM APE1402 Configuration Manual is available for free download on our website. This comprehensive manual provides detailed instructions and guidance on configuring and optimizing the performance of the APE1402 device. Get your free copy now from manualshive.com to unlock the full potential of this remarkable product.

Share
Download
background image

Overview

1.3 Security Recommendations

1.3

Security Recommendations

To prevent unauthorized access to the module, note the following security recom-

mendations:

Hardware/Software

• Before commissioning the RUGGEDCOM APE line module, apply the latest secu-

rity updates from Debian or from Microsoft as per standard Windows® 10 Enter-

prise update procedure. For more information on applying security updates from

Debian, refer to the user documention provided by Debian or Microsoft.

• Before using the RUGGEDCOM APE, make sure all relevant CERT security advi-

sories and applications are applied. Security advisories that include links to ap-

plications are available on the 

Industrial Security website [http://www.indus-

try.siemens.com/topics/global/en/industrial-security/news-alerts/Pages/alerts.as-

px]

 or the 

ProductCERT Security Advisories website [http://www.siemens.com/in-

novation/en/technology-focus/siemens-cert/cert-security-advisories.htm]

. Up-

dates to Siemens Product Security Advisories can be obtained by subscribing to

the RSS feed on the Siemens ProductCERT SSecurity Advisories website, or by fol-

lowing @ProductCert on Twitter.

• Only enable the services that will be used on the module, including physical

ports. Unused physical ports could potentially be used to gain access to the net-

work behind the module.

• When using the Windows®-based version of the RUGGEDCOM APE, use Bitlocker

to avoid unauthorized access to sensitive information stored on the hard drive.

Authentication

• When using the Linux-based version of the RUGGEDCOM APE, add an adminis-

trative account, disable the root user on Debian Linux, and replace any default

passwords. For a list of default user profiles and passwords, refer to 

"Logging in

to RUGGEDCOM APE (Page 11)"

.

• To prevent unauthenticated access to the BIOS, configure a supervisor password

and set the user passwords . For more information, refer to 

"Setting the BIOS

Password (Page 14)"

.

• When using the Linux-based version of the RUGGEDCOM APE, ensure the GRUB

bootloader password is configured. For more information, refer to 

"Setting the

GRUB Bootloader Password (Page 16)"

.

• Use strong passwords. Avoid weak passwords such as 

password1

123456789

,

abcdefgh

, etc.

• Passwords should not be re-used across different usernames and systems, or af-

ter they expire.

• Make sure to take appropriate precautions when shipping the module beyond

the boundaries of the trusted environment:
• If SSH and SSL keys are configured, replace the existing keys with 

throwaway

keys prior to shipping.

• If SSH and SSL keys are configured, take the existing keys out of service.

When the module returns, create and program new keys for the module.

RUGGEDCOM APE (Application Processing Engine)

Configuration Manual, 12/2019, C79000-G8976-1121-05

3

Summary of Contents for RUGGEDCOM APE1402

Page 1: ...Edition 12 2019 Configuration Manual SIMATIC NET Networking Components RUGGEDCOM APE Application Processing Engine For APE1402 APE1402W7 APE1404 APE1404 ADM APE1404W7 APE1404CKP https www siemens com ...

Page 2: ...DCOM APE Application Processing Engine Configuration Manual For APE1402 APE1402W7 APE1404 APE1404 ADM APE1404W7 APE1404CKP Preface Overview 1 Configuring and Using the RUGGEDCOM APE 2 Frequently Asked Questions 3 12 2019 C79000 G8976 1121 05 ...

Page 3: ... personnel are those who based on their training and experience are capable of identify ing risks and avoiding potential hazards when working with these products systems Proper Use of Siemens Products Note the following WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation If products and components from other manufactur...

Page 4: ...s and WAN Networking 9 2 Configuring and Using the RUGGEDCOM APE 11 2 1 Logging in to RUGGEDCOM APE 11 2 2 Using the RUGGEDCOM APE as a Firewall 11 2 3 Upgrading Windows Embedded Standard 7 Drivers 12 2 4 Adding a User Linux Only 13 2 5 Setting the Root and User Passwords Linux Only 13 2 6 Setting the BIOS Password 14 2 7 Disabling Alternative Boot Options 14 2 8 Setting the BIOS Bootloader Passwo...

Page 5: ...Table of Contents 2 15 Troubleshooting the RUGGEDCOM APE 22 3 Frequently Asked Questions 25 iv RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 ...

Page 6: ... related to this product that may be of interest Unless indicated otherwise each document is available on the Siemens Industry On line Support SIOS https support industry siemens com website Note Documents listed are those available at the time of publication Newer versions of these documents or their associated products may be available For more informa tion visit SIOS or consult a Siemens Custom...

Page 7: ...ining specific to the customer s application For more information about training services and course availability visit https www siemens com or contact a Siemens Sales representative Customer Support Customer support is available 24 hours 7 days a week for all Siemens customers For technical support or general information contact Siemens Customer Support through any of the following methods Onlin...

Page 8: ...ce Customer Support Ask questions or share knowledge with fellow Siemens customers and the support community RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 vii ...

Page 9: ...Preface Customer Support viii RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 ...

Page 10: ...le APE1402 APE1402W7 APE1404 APE1404 ADM APE1404W7 APE1404CKP Requires a valid Check Point GAiA license for activation 1 2 3 4 5 6 1 Drive Activity LED 2 Power LED 3 Power Button 4 USB Ports 5 Gigabit Ethernet GbE Port 6 DVI D Video Port Figure 1 1 RUGGEDCOM APE Module 1 1 Operating System Each RUGGEDCOM APE module comes with a pre installed operating system Module Operating System APE1402 Debian ...

Page 11: ...t Check Point GAiA Licensing To run Check Point GAiA on the RUGGEDCOM APE the Check Point operating sys tem must be activated after the RUGGEDCOM APE module has been installed 1 2 Requirements and Restrictions Note the following requirements and restrictions for using the RUGGEDCOM APE Operating Temperature Range Each module is rated for operation within the temperature range of 40 to 75 C 40 to 1...

Page 12: ...d to gain access to the net work behind the module When using the Windows based version of the RUGGEDCOM APE use Bitlocker to avoid unauthorized access to sensitive information stored on the hard drive Authentication When using the Linux based version of the RUGGEDCOM APE add an adminis trative account disable the root user on Debian Linux and replace any default passwords For a list of default us...

Page 13: ... these recommenda tions and or any internal security policies Review the user documentation for other Siemens products used in coordination with RUGGEDCOM APE for further security recommendations 1 4 Operating Temperature Range and Behavior The RUGGEDCOM APE is rated for operation within the temperature range of 40 to 70 C 40 to 158 F 1 5 Rebooting Powering Down the RUGGEDCOM APE Module The RUGGED...

Page 14: ...m of the screen To change the boot device press F5 immediately after the RUGGEDCOM APE starts to boot up The RUGGEDCOM APE will boot from the chosen device During the next boot cycle the RUGGEDCOM APE will revert back to the default boot device selected in the BIOS Contact Siemens if any BIOS related issues are experienced 1 7 Internal Network Interface In addition to the gigabit Ethernet interfac...

Page 15: ...lable for Linux platforms Siemens RUGGEDCOM ELAN product family solves a wide range of issues related to communications and data integration from the substation to the control center and into the enterprise The RUGGEDCOM ELAN family of products provide Open flexible access to all substation and distribution devices from any autho rized user or application Preservation of investment in legacy devic...

Page 16: ...EDCOM APE is essentially a two port industrial computer When the RUGGEDCOM APE is inserted into a chassis the first internal Ethernet port is acti vated on the connector that carries power to to the RUGGEDCOM APE The second RUGGEDCOM APE Ethernet port is available for use on the faceplate of the RUGGED COM APE line module To the RX15xx device the RUGGEDCOM APE internal Ethernet port appears like a...

Page 17: ... 192 168 0 1 either manually by the user or automatically by a pre configured DHCP server to allow it to communicate on VLAN1 It has also been assigned a unique subnet to its ETH1 port The RUGGEDCOM APE can also access services and network management of the RUGGEDCOM RX1500 control module at its 192 168 0 2 address These services in clude SSH HTTP and HTTPS services for network management DHCP NTP...

Page 18: ...UGGEDCOM APE port onto its own VLAN and creating a point to point connection between it and the control module The figure shows six serial ports available on serial LM 3 In order to become net work accessible these ports must be configured as socket ports that allow incom ing calls on TCP ports 5001 ser 3 1 through 5006 ser 3 6 While any address on the RX1500 control module may be used to connect ...

Page 19: ...Overview 1 10 2 Example RX15xx Services and WAN Networking 10 RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 ...

Page 20: ...name Default Password Windows Embedded Standard 7 There is no default username or password for Windows Embedded Standard 7 installations The username and password is set by the user during the first boot Linux root admin Linux CROSSBOW ADM admin admin Check Point GAiA admin admin 2 2 Using the RUGGEDCOM APE as a Firewall The RUGGEDCOM APE can be used as a firewall as an external network interface ...

Page 21: ...APE firewall is returned to the RX15xx device on other VLANs 2 3 Upgrading Windows Embedded Standard 7 Drivers Windows Embedded Standard 7 drivers for the Atom e6xx chip set used on the RUGGEDCOM APE module can be obtained from Siemens For more information con tact Siemens Customer Support Note Updated drivers are typically provided with each Linux distribution To upgrade the Windows Embedded Stan...

Page 22: ...password passwd password updated successfully Changing the user information for admin Enter the new value or press ENTER for the default Full Name Administrator Room Number Work Phone Home Phone Other Is the information correct Y n y root wheezyape 2 5 Setting the Root and User Passwords Linux Only For security reasons the default root Linux password should be changed before the module is deployed...

Page 23: ... 2 Power on the RUGGEDCOM APE 3 Press F2 to access the BIOS 4 Select Security NOTICE Use strong passwords Avoid weak passwords such as password1 123456789 abcdefgh etc Note Users logging in to the BIOS using a user password can only change settings for their own account Note Supervisor level users are granted full control of all RUGGEDCOM APE settings 5 Enable Power On Password 6 Set the superviso...

Page 24: ... before the BIOS is loaded NOTICE If the BIOS bootloader password is lost the module must be returned to Siemens for service For more information contact Siemens Customer Support This service is not supported by warranty To set the BIOS bootloader password do the following Note Only supervisor level users are permitted to change the BIOS bootloader password NOTICE Use strong passwords Avoid weak p...

Page 25: ... following line GRUB_ENCRYPTED_PASSWORD Add the GRUB password created in Step 2 to this line e g press P or p in vim or Ctrl U in nano For example GRUB_ENCRYPTED_PASSWORD grub pbkdf2 sha512 10000 82BA3D30037BBB B0A5EEED9395A036E973299517EAC3530A46 45406C692279EBDF12603E11E0E2F02BF32888A2F61DD8467FA8C0F3641CF8F DA452F40571E988 BF312D710D4E451A63264 C47C8CCBF40D429E1D6FF21D6AE95CA36F2D9AEE44C37AE1DF...

Page 26: ...Using vim or nano open the file etc ssh sshd_config 3 In the file locate the following line PermitRootLogin no 4 Change the line to the following PermitRootLogin no 5 Save and close the file 6 Restart the SSHD service by typing etc init d sshd restart 2 13 Disabling the Gigabit Ethernet Port Linux Only To disable the RJ45 gigabit Ethernet port on the front face of the RUGGEDCOM APE module do the f...

Page 27: ... be performed sequentially Debian v9 Stretch cannot be installed on a device running Debian v7 Wheezy The Linux software on the RUGGEDCOM APE must be upgraded to Debian 8 Jessie before it can be upgraded to Debian v9 Stretch Note Unless otherwise indicated Siemens does not provide specific software support for third party applications Preliminary Steps Prior to updating the software do the followi...

Page 28: ...ic keys 7 Upgrade previously installed packages by executing the following command apt get V upgrade If prompted select dev sda as the device path 8 Reboot the system by executing the following command reboot 9 Upgrade the Linux kernel by executing the following command apt get install linux image 686 pae 10 Reboot the system again by executing the following command reboot Upgrading from Debian v7...

Page 29: ...ences be tween upgrade and dist upgrade When prompted either allow or disallow the system to disable SSH password au thentication for the root account When prompted do not allow the system to upgrade the blacklist 5 Optional Install or update an existing Graphical User Interface GUI by execut ing the following command apt get install gui Where gui is the name of the GUI to install e g xfce4 gnome ...

Page 30: ...ch main deb http deb debian org debian stretch updates main deb src http deb debian org debian stretch updates main deb http security debian org debian security stretch updates main deb src http security debian org debian security stretch updates main When done save and close the file 2 Update the apt sources list by executing the following command apt get upgrade 3 Upgrade previously installed pa...

Page 31: ...utoremove reboot Once these steps are complete the RUGGEDCOM APE will be running the latest ver sion of Debian v9 Stretch 2 15 Troubleshooting the RUGGEDCOM APE The following describes potential solutions for common problems Lost IP Address The simplest resolution to this problem occurs when the RUGGEDCOM APE is easily reached and a monitor is attached The RUGGEDCOM APE can be queried for the IP a...

Page 32: ...DCOM APE is sufficient For information about power requirements refer to the Installation Manual for your RUGGEDCOM RX15xx device If power is sufficient the syslog file should be examined for irregularities during the boot The last boot may have occurred some time in the past and may no longer be recorded in the syslog If this is the case the module can be rebooted by disabling it and re enabling ...

Page 33: ...Configuring and Using the RUGGEDCOM APE 2 15 Troubleshooting the RUGGEDCOM APE 24 RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 ...

Page 34: ...ined from https www checkpoint com Linux Q How do I recover an image of the original factory settings A Siemens strongly recommends creating a backup image of the RUGGEDCOM APE before it is configured If this image is available it can be easily restored If an original backup image is not available contact Siemens Customer Support for assistance In most cases the RUGGEDCOM APE module must be return...

Page 35: ...Frequently Asked Questions 26 RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 ...

Page 36: ...ttps www siemens com Industry Online Support service and support https support industry siemens com Industry Mall https mall industry siemens com Siemens AG Digital Industry Process Automation Postfach 48 48 90026 NÜRNBERG GERMANY ...

Reviews:

No comments

Related manuals for RUGGEDCOM APE1402

Eaton CMA User Manual preview
CMA
Brand: Eaton Pages: 50
Hardi HC5500 Quick Manual preview
HC5500
Brand: Hardi Pages: 2
YASKAWA CC-Link Technical Manual preview
CC-Link
Brand: YASKAWA Pages: 64
V2 Phoenix Programming Manual preview
Phoenix
Brand: V2 Pages: 3
Daikin Madoka User Manual preview
Madoka
Brand: Daikin Pages: 2
Daikin BRC7E530W8 Operation Manual preview
BRC7E530W8
Brand: Daikin Pages: 12
Daikin BRC1H81K Installation And Operation Manual preview
BRC1H81K
Brand: Daikin Pages: 12
Daikin BRC1H71W Operation Manual preview
BRC1H71W
Brand: Daikin Pages: 46
Daikin BRC1D71 Operation Manual preview
BRC1D71
Brand: Daikin Pages: 21
Daikin BRC1D517 Operation Manual preview
BRC1D517
Brand: Daikin Pages: 20
Fancom 743 Installer Manual preview
743
Brand: Fancom Pages: 31
3M SST Manual preview
SST
Brand: 3M Pages: 90
Samson 3277 Mounting And Operating Instructions preview
3277
Brand: Samson Pages: 48
YUGE LCC Series Hardware Manual preview
LCC Series
Brand: YUGE Pages: 69
Quectel EC25 series Command Manual preview
EC25 series
Brand: Quectel Pages: 232
Quectel L76 Reference Design preview
L76
Brand: Quectel Pages: 9
Quectel BC26 Manual preview
BC26
Brand: Quectel Pages: 73
Rane ZR1 Datasheet preview
ZR1
Brand: Rane Pages: 2

Brands by name

Popular brands

Load more brands