background image

Overview
1.4 Operating Temperature Range and Behavior

Communication

• Log messages should be delivered using TLS-encrypted syslog over TCP to pre-

vent them from being sent as plain text.

Physical/Remote Access

• Do not connect the device to the Internet. Deploy the device only within a secure

network perimeter.

• Exercise extreme caution when changing any settings in the BIOS. For example,

USB and PXE boot are disabled by default; enabling these settings is not advis-

able for securing the module.

• Control access to the USB, SD Card slot, and gigabit Ethernet ports to the same

degree as any physical access to the module.

• Be aware of enabling any non-secure protocols on the module. Appropriate safe-

guards against non-secure protocols should be taken to prevent unauthorized ac-

cess to the module/network.

Policy

• Periodically audit the module to make sure it complies with these recommenda-

tions and/or any internal security policies.

• Review the user documentation for other Siemens products used in coordination

with RUGGEDCOM APE for further security recommendations.

1.4

Operating Temperature Range and Behavior

The RUGGEDCOM APE is rated for operation within the temperature range of -40 to

70 °C (-40 to 158 °F).

1.5

Rebooting/Powering Down the RUGGEDCOM APE Module

The RUGGEDCOM APE may be powered down or reset using the 

Power

 button on the

front face of the module. The 

Power

 button is recessed and can only be reached us-

ing either a pin, unfolded paper clip, or a small screwdriver.

NOTICE

Whenever possible, shut down or reboot the RUGGEDCOM APE from the operat-

ing system instead of requesting a shutdown or reboot with the 

Power

 button. This

helps to safeguard against improper shutdowns and protect data integrity.

Powering Down the RUGGEDCOM APE

To fully power down the module, press the 

Power

 button with a pin and hold for 4 to

5 seconds .

4

RUGGEDCOM APE (Application Processing Engine)

Configuration Manual, 12/2019, C79000-G8976-1121-05

Summary of Contents for RUGGEDCOM APE1402

Page 1: ...Edition 12 2019 Configuration Manual SIMATIC NET Networking Components RUGGEDCOM APE Application Processing Engine For APE1402 APE1402W7 APE1404 APE1404 ADM APE1404W7 APE1404CKP https www siemens com ...

Page 2: ...DCOM APE Application Processing Engine Configuration Manual For APE1402 APE1402W7 APE1404 APE1404 ADM APE1404W7 APE1404CKP Preface Overview 1 Configuring and Using the RUGGEDCOM APE 2 Frequently Asked Questions 3 12 2019 C79000 G8976 1121 05 ...

Page 3: ... personnel are those who based on their training and experience are capable of identify ing risks and avoiding potential hazards when working with these products systems Proper Use of Siemens Products Note the following WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation If products and components from other manufactur...

Page 4: ...s and WAN Networking 9 2 Configuring and Using the RUGGEDCOM APE 11 2 1 Logging in to RUGGEDCOM APE 11 2 2 Using the RUGGEDCOM APE as a Firewall 11 2 3 Upgrading Windows Embedded Standard 7 Drivers 12 2 4 Adding a User Linux Only 13 2 5 Setting the Root and User Passwords Linux Only 13 2 6 Setting the BIOS Password 14 2 7 Disabling Alternative Boot Options 14 2 8 Setting the BIOS Bootloader Passwo...

Page 5: ...Table of Contents 2 15 Troubleshooting the RUGGEDCOM APE 22 3 Frequently Asked Questions 25 iv RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 ...

Page 6: ... related to this product that may be of interest Unless indicated otherwise each document is available on the Siemens Industry On line Support SIOS https support industry siemens com website Note Documents listed are those available at the time of publication Newer versions of these documents or their associated products may be available For more informa tion visit SIOS or consult a Siemens Custom...

Page 7: ...ining specific to the customer s application For more information about training services and course availability visit https www siemens com or contact a Siemens Sales representative Customer Support Customer support is available 24 hours 7 days a week for all Siemens customers For technical support or general information contact Siemens Customer Support through any of the following methods Onlin...

Page 8: ...ce Customer Support Ask questions or share knowledge with fellow Siemens customers and the support community RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 vii ...

Page 9: ...Preface Customer Support viii RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 ...

Page 10: ...le APE1402 APE1402W7 APE1404 APE1404 ADM APE1404W7 APE1404CKP Requires a valid Check Point GAiA license for activation 1 2 3 4 5 6 1 Drive Activity LED 2 Power LED 3 Power Button 4 USB Ports 5 Gigabit Ethernet GbE Port 6 DVI D Video Port Figure 1 1 RUGGEDCOM APE Module 1 1 Operating System Each RUGGEDCOM APE module comes with a pre installed operating system Module Operating System APE1402 Debian ...

Page 11: ...t Check Point GAiA Licensing To run Check Point GAiA on the RUGGEDCOM APE the Check Point operating sys tem must be activated after the RUGGEDCOM APE module has been installed 1 2 Requirements and Restrictions Note the following requirements and restrictions for using the RUGGEDCOM APE Operating Temperature Range Each module is rated for operation within the temperature range of 40 to 75 C 40 to 1...

Page 12: ...d to gain access to the net work behind the module When using the Windows based version of the RUGGEDCOM APE use Bitlocker to avoid unauthorized access to sensitive information stored on the hard drive Authentication When using the Linux based version of the RUGGEDCOM APE add an adminis trative account disable the root user on Debian Linux and replace any default passwords For a list of default us...

Page 13: ... these recommenda tions and or any internal security policies Review the user documentation for other Siemens products used in coordination with RUGGEDCOM APE for further security recommendations 1 4 Operating Temperature Range and Behavior The RUGGEDCOM APE is rated for operation within the temperature range of 40 to 70 C 40 to 158 F 1 5 Rebooting Powering Down the RUGGEDCOM APE Module The RUGGED...

Page 14: ...m of the screen To change the boot device press F5 immediately after the RUGGEDCOM APE starts to boot up The RUGGEDCOM APE will boot from the chosen device During the next boot cycle the RUGGEDCOM APE will revert back to the default boot device selected in the BIOS Contact Siemens if any BIOS related issues are experienced 1 7 Internal Network Interface In addition to the gigabit Ethernet interfac...

Page 15: ...lable for Linux platforms Siemens RUGGEDCOM ELAN product family solves a wide range of issues related to communications and data integration from the substation to the control center and into the enterprise The RUGGEDCOM ELAN family of products provide Open flexible access to all substation and distribution devices from any autho rized user or application Preservation of investment in legacy devic...

Page 16: ...EDCOM APE is essentially a two port industrial computer When the RUGGEDCOM APE is inserted into a chassis the first internal Ethernet port is acti vated on the connector that carries power to to the RUGGEDCOM APE The second RUGGEDCOM APE Ethernet port is available for use on the faceplate of the RUGGED COM APE line module To the RX15xx device the RUGGEDCOM APE internal Ethernet port appears like a...

Page 17: ... 192 168 0 1 either manually by the user or automatically by a pre configured DHCP server to allow it to communicate on VLAN1 It has also been assigned a unique subnet to its ETH1 port The RUGGEDCOM APE can also access services and network management of the RUGGEDCOM RX1500 control module at its 192 168 0 2 address These services in clude SSH HTTP and HTTPS services for network management DHCP NTP...

Page 18: ...UGGEDCOM APE port onto its own VLAN and creating a point to point connection between it and the control module The figure shows six serial ports available on serial LM 3 In order to become net work accessible these ports must be configured as socket ports that allow incom ing calls on TCP ports 5001 ser 3 1 through 5006 ser 3 6 While any address on the RX1500 control module may be used to connect ...

Page 19: ...Overview 1 10 2 Example RX15xx Services and WAN Networking 10 RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 ...

Page 20: ...name Default Password Windows Embedded Standard 7 There is no default username or password for Windows Embedded Standard 7 installations The username and password is set by the user during the first boot Linux root admin Linux CROSSBOW ADM admin admin Check Point GAiA admin admin 2 2 Using the RUGGEDCOM APE as a Firewall The RUGGEDCOM APE can be used as a firewall as an external network interface ...

Page 21: ...APE firewall is returned to the RX15xx device on other VLANs 2 3 Upgrading Windows Embedded Standard 7 Drivers Windows Embedded Standard 7 drivers for the Atom e6xx chip set used on the RUGGEDCOM APE module can be obtained from Siemens For more information con tact Siemens Customer Support Note Updated drivers are typically provided with each Linux distribution To upgrade the Windows Embedded Stan...

Page 22: ...password passwd password updated successfully Changing the user information for admin Enter the new value or press ENTER for the default Full Name Administrator Room Number Work Phone Home Phone Other Is the information correct Y n y root wheezyape 2 5 Setting the Root and User Passwords Linux Only For security reasons the default root Linux password should be changed before the module is deployed...

Page 23: ... 2 Power on the RUGGEDCOM APE 3 Press F2 to access the BIOS 4 Select Security NOTICE Use strong passwords Avoid weak passwords such as password1 123456789 abcdefgh etc Note Users logging in to the BIOS using a user password can only change settings for their own account Note Supervisor level users are granted full control of all RUGGEDCOM APE settings 5 Enable Power On Password 6 Set the superviso...

Page 24: ... before the BIOS is loaded NOTICE If the BIOS bootloader password is lost the module must be returned to Siemens for service For more information contact Siemens Customer Support This service is not supported by warranty To set the BIOS bootloader password do the following Note Only supervisor level users are permitted to change the BIOS bootloader password NOTICE Use strong passwords Avoid weak p...

Page 25: ... following line GRUB_ENCRYPTED_PASSWORD Add the GRUB password created in Step 2 to this line e g press P or p in vim or Ctrl U in nano For example GRUB_ENCRYPTED_PASSWORD grub pbkdf2 sha512 10000 82BA3D30037BBB B0A5EEED9395A036E973299517EAC3530A46 45406C692279EBDF12603E11E0E2F02BF32888A2F61DD8467FA8C0F3641CF8F DA452F40571E988 BF312D710D4E451A63264 C47C8CCBF40D429E1D6FF21D6AE95CA36F2D9AEE44C37AE1DF...

Page 26: ...Using vim or nano open the file etc ssh sshd_config 3 In the file locate the following line PermitRootLogin no 4 Change the line to the following PermitRootLogin no 5 Save and close the file 6 Restart the SSHD service by typing etc init d sshd restart 2 13 Disabling the Gigabit Ethernet Port Linux Only To disable the RJ45 gigabit Ethernet port on the front face of the RUGGEDCOM APE module do the f...

Page 27: ... be performed sequentially Debian v9 Stretch cannot be installed on a device running Debian v7 Wheezy The Linux software on the RUGGEDCOM APE must be upgraded to Debian 8 Jessie before it can be upgraded to Debian v9 Stretch Note Unless otherwise indicated Siemens does not provide specific software support for third party applications Preliminary Steps Prior to updating the software do the followi...

Page 28: ...ic keys 7 Upgrade previously installed packages by executing the following command apt get V upgrade If prompted select dev sda as the device path 8 Reboot the system by executing the following command reboot 9 Upgrade the Linux kernel by executing the following command apt get install linux image 686 pae 10 Reboot the system again by executing the following command reboot Upgrading from Debian v7...

Page 29: ...ences be tween upgrade and dist upgrade When prompted either allow or disallow the system to disable SSH password au thentication for the root account When prompted do not allow the system to upgrade the blacklist 5 Optional Install or update an existing Graphical User Interface GUI by execut ing the following command apt get install gui Where gui is the name of the GUI to install e g xfce4 gnome ...

Page 30: ...ch main deb http deb debian org debian stretch updates main deb src http deb debian org debian stretch updates main deb http security debian org debian security stretch updates main deb src http security debian org debian security stretch updates main When done save and close the file 2 Update the apt sources list by executing the following command apt get upgrade 3 Upgrade previously installed pa...

Page 31: ...utoremove reboot Once these steps are complete the RUGGEDCOM APE will be running the latest ver sion of Debian v9 Stretch 2 15 Troubleshooting the RUGGEDCOM APE The following describes potential solutions for common problems Lost IP Address The simplest resolution to this problem occurs when the RUGGEDCOM APE is easily reached and a monitor is attached The RUGGEDCOM APE can be queried for the IP a...

Page 32: ...DCOM APE is sufficient For information about power requirements refer to the Installation Manual for your RUGGEDCOM RX15xx device If power is sufficient the syslog file should be examined for irregularities during the boot The last boot may have occurred some time in the past and may no longer be recorded in the syslog If this is the case the module can be rebooted by disabling it and re enabling ...

Page 33: ...Configuring and Using the RUGGEDCOM APE 2 15 Troubleshooting the RUGGEDCOM APE 24 RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 ...

Page 34: ...ined from https www checkpoint com Linux Q How do I recover an image of the original factory settings A Siemens strongly recommends creating a backup image of the RUGGEDCOM APE before it is configured If this image is available it can be easily restored If an original backup image is not available contact Siemens Customer Support for assistance In most cases the RUGGEDCOM APE module must be return...

Page 35: ...Frequently Asked Questions 26 RUGGEDCOM APE Application Processing Engine Configuration Manual 12 2019 C79000 G8976 1121 05 ...

Page 36: ...ttps www siemens com Industry Online Support service and support https support industry siemens com Industry Mall https mall industry siemens com Siemens AG Digital Industry Process Automation Postfach 48 48 90026 NÜRNBERG GERMANY ...

Reviews: