Siemens SIMATIC ET 200SP Function Manual Download Page 93

Page: 93 / 362

Open User Communication

6.11 Secure Open User Communication

Communication

Function Manual, 11/2019, A5E03735815-AH

6.11

Secure Open User Communication

6.11.1

Secure OUC of an S7-1500 CPU as TLS client to an external PLC (TLS server)

The following section describes how you can set up Open User Communication via TCP

from an S7-1500 CPU as TLS client to a TLS server.

Setting up a secure TCP connection from an S7-1500 CPU as TLS client to a TLS server

S7-1500 CPUs as of firmware version V2.0 support secure communication with addressing

via a Domain Name System (DNS).
For secure TCP communication over the domain name you need to create a data block with

the TCON_QDN_SEC system data type yourself, assign parameters and call it directly at

one of the instructions TSEND_C, TRCV_C or TCON.
Requirements:

●

Current date and time are set in the CPU.

●

Your network includes at least one DNS server.

●

You have configured at least one DNS server for the S7-1500 CPU.

●

TLS client and TLS server have all the required certificates.

To set up a secure TCP connection to a TLS server, follow these steps:
1.

Create a global data block in the project tree.

Define a tag of the data type TCON_QDN_SEC in the global data block.
The example below shows the global data block "Data_block_1" in which the tag

"DNS ConnectionSEC" of the data type TCON_QDN_SEC is defined.

Figure 6-12 Data type TCON_QDN_SEC

Summary of Contents for SIMATIC ET 200SP

Page 1: ...Communication ...

Page 2: ...de 1 Product overview 2 Communications services 3 PG communication 4 HMI communication 5 Open User Communication 6 S7 communication 7 Point to point link 8 OPC UA communication 9 Routing 10 Connection resources 11 Diagnostics and fault correction 12 Communication with the redundant system S7 1500R H 13 Industrial Ethernet Security with CP 1543 1 14 ...

Page 3: ...ly by personnel qualified for the specific task in accordance with the relevant documentation in particular its warning notices and safety instructions Qualified personnel are those who based on their training and experience are capable of identifying risks and avoiding potential hazards when working with these products systems Proper use of Siemens products Note the following WARNING Siemens prod...

Page 4: ...rs the following Overview of the communication services Properties of the communication services Overview of the user activities for setting up the communication services Basic knowledge required The following knowledge is required in order to understand the Function manual General knowledge of automation technology Knowledge of the industrial automation system SIMATIC Knowledge about how to use S...

Page 5: ... OPC UA server only performs a restart during download from the TIA Portal when the newly downloaded data has an effect on the data management of the OPC UA server Server interface modeling It is now possible in the TIA Portal to model server interfaces or import OPC UA Companion Specifications and map them to the PLC data management Section OPC UA communication Page 126 What s new in the Communic...

Page 6: ... s new What are the customer benefits Where can I find the information OPC UA server OPC UA is a uniform standard for data commu nication and is independent of any particular operating system platforms OPC UA uses integrated safety mechanisms on various automation systems for example with data exchange at application level for the legit imation of the user The OPC UA server provides a large amount...

Page 7: ... threats it is necessary to implement and continuously maintain a holistic state of the art industrial security concept Siemens products and solutions constitute one element of such a concept Customers are responsible for preventing unauthorized access to their plants systems machines and networks Such systems machines and components should only be connected to an enterprise network or the interne...

Page 8: ...ices Field Services Technical Support spare parts and training offers Forums For answers and solutions concerning automation technology mySupport Your personal working area in Industry Online Support for messages support queries and configurable documents This information is provided by the Siemens Industry Online Support in the Internet http www siemens com automation service support Industry Mal...

Page 9: ...ficates with STEP 7 43 3 6 5 Examples for the management of certificates 47 3 6 6 Example HTTP over TLS 53 3 7 SNMP 57 3 7 1 Disabling SNMP 57 3 7 2 Example Disabling SNMP for a CPU 1516 3 PN DP 58 4 PG communication 60 5 HMI communication 63 6 Open User Communication 65 6 1 Overview of Open User Communication 65 6 2 Protocols for Open User Communication 66 6 3 Instructions for Open User Communica...

Page 10: ...ting PKI key pairs and certificates yourself 153 9 2 6 Secure transfer of messages 156 9 3 Using the S7 1500 as an OPC UA server 159 9 3 1 Interesting information about the OPC UA server of the S7 1500 CPUs 159 9 3 1 1 The OPC UA server of the S7 1500 CPUs 159 9 3 1 2 End points of the OPC UA server 161 9 3 1 3 Runtime behavior of the OPC UA server 163 9 3 2 Configuring access to PLC tags 165 9 3 ...

Page 11: ...7 9 3 6 5 Request of a remote client failed 238 9 3 6 6 Subscription diagnostics 240 9 3 6 7 Summarizing diagnostics 243 9 4 Using the S7 1500 CPU as an OPC UA client 245 9 4 1 Overview and requirements 245 9 4 2 Useful information about the client instructions 246 9 4 3 Number of client instructions that can be used simultaneously 248 9 4 4 Example configuration for OPC UA 249 9 4 5 Creating clie...

Page 12: ... IP addresses 325 13 2 Response to Snycup 331 13 3 Response to primary backup switchover 331 13 4 Connection resources of the redundant system S7 1500R H 332 13 5 HMI communication with the redundant system S7 1500R H 334 13 5 1 HMI connection via the system IP address 334 13 6 Open User Communication with the redundant system S7 1500R H 336 13 6 1 Setting up the connection of the Open User Commun...

Page 13: ...e specific information you require Basic information System manuals and Getting Started manuals describe in detail the configuration installation wiring and commissioning of the SIMATIC S7 1500 ET 200MP ET 200SP and ET 200AL systems use the corresponding operating instructions for CPU 1516pro 2 PN The STEP 7 online help supports you in configuration and programming Device information Product manua...

Page 14: ...e Internet S7 1500 ET 200MP https support industry siemens com cs ww en view 86140384 ET 200SP https support industry siemens com cs ww en view 84133942 ET 200AL https support industry siemens com cs ww en view 95242965 mySupport With mySupport your personal workspace you make the best out of your Industry Online Support In mySupport you can save filters favorites and tags request CAx data and com...

Page 15: ... and communications processors PROFINET and PROFIBUS DP interfaces are integrated in the S7 1500 CPUs The CPU 1516 3 PN DP for example has two PROFINET interfaces and one PROFIBUS DP interface Other PROFINET and PROFIBUS DP interfaces are available by using communications modules CM and communications processors CP PROFINET interface X2 with 1 port PROFINET interface X1 with 2 port switch PROFIBUS...

Page 16: ...unications modules Interfaces of communications modules CMs extend the interfaces of CPUs for example the communication module CM 1542 5 adds a PROFIBUS interface to S7 1500 automation system PROFIBUS DP interface Figure 2 2 PROFIBUS DP interface of the CM 1542 5 and CM DP to an ET 200SP CPU ...

Page 17: ... additional functionality to what is provided by the integrated interfaces of the CPUs CPs allow special applications for example the CP 1543 1 provides Industrial Ethernet security functions for protecting Industrial Ethernet networks via its Industrial Ethernet interface Industrial Ethernet interface Figure 2 3 Industrial Ethernet interface of the CP 1543 1 ...

Page 18: ... to point connections The communication modules for point to point connections provide communication via their RS 232 RS 422 and RS 485 interfaces for example Freeport or Modbus communication Interface for point to point connections Figure 2 4 Example of interface for point to point connection at the CM PtP RS422 485 BA ...

Page 19: ...ted I O ET 200MP ET 200SP and ET 200AL to PROFINET or PROFIBUS of the higher level IO controller or DP master PROFINET interface with 2 port switch Figure 2 5 PROFINET interfaces IM 155 5 PN ST ET 200MP IM 155 6 PN ST ET 200SP and IM 157 1 PN ET 200AL Communications services The communications services described below use the interfaces and communication mechanisms provided by the system via CPUs ...

Page 20: ...tion2 On commissioning testing diagnostics X X HMI communication2 On operator control and monitoring X X Open communication via TCP IP2 Data exchange via PROFINET Industrial Ethernet with TCP IP Instructions TSEND_C TRCV_C TSEND TRCV TCON T_DISCON X Open communication using ISO on TCP2 Data exchange via PROFINET Industrial Ethernet with ISO on TCP Instructions TSEND_C TRCV_C TSEND TRCV TCON T_DISC...

Page 21: ... UA clients X Communication via Modbus TCP Data exchange via PROFINET with Modbus TCP protocol Instructions MB_CLIENT MB_SERVER X E mail Sending process alarms via e mail Instruction TMAIL_C X FTP only CPs with PROFINET Industrial Ethernet interface File management and file access via FTP File Transfer Protocol CP can be FTP client and FTP server Instruction FTP_CMD X Fetch Write only CPs with PRO...

Page 22: ...section Communication with the redundant system S7 1500R H Page 324 Additional information Application example CPU CPU communication with SIMATIC controllers compendium You can find the application example on the Internet https support industry siemens com cs ww en view 20982954 This FAQ https support industry siemens com cs ww en view 102420020 describes how to configure fetch write communication...

Page 23: ...0 CPUs and S7 1500 communication modules The following table shows the protocols supported by the S7 1500 CPUs ET 200SP CPUs and the CPUs 1513 1516pro 2 PN The S7 1500 software controllers also support the protocols listed in the following table for the Ethernet interfaces that are assigned to the software controller Table 3 2 Layers and protocols of the S7 1500 CPUs and software controllers via P...

Page 24: ... col 25 4 TCP Simple mail transfer proto col SMTP is used for sending e mails SMTPS SMTP over TLS 465 4 TCP Secure SMTP SMTP is used for sending e mails over secure connections SMTP with STARTTLS 25 587 4 TCP Simple mail transfer proto col with the SMTP com mand STARTTLS SMTP with STARTTLS is used for send ing e mails over secure connections HTTP Hypertext transfer proto col 80 4 TCP Hypertext tra...

Page 25: ... 4 TCP 4 UDP Open User Communication TCP UDP Secure Open User Com munication TLS OUC instructions provide connection establishment connection termination and data transfer based on the socket layer 2000 5000 Recom mended 5001 49151 can be used to limited extent2 IGMPv2 Internet Group Management Protocol Not relevant 3 Network layer Internet Group Management Protocol Network protocol for the organi...

Page 26: ... Simple mail transfer proto col 25 4 TCP Simple mail transfer protocol SMTP is used for sending e mails HTTP Hypertext transfer proto col Adjustable 1 4 TCP Hypertext transfer protocol HTTP is used for communication with CPU internal web server You can change the port number to avoid conflict with other web serv ers on Windows If you want to use web server access you must activate the port in the ...

Page 27: ...addition to those listed in the tables for the S7 1500 communications modules e g CP 1543 1 Table 3 4 Layers and protocols of S7 1500 communications modules Protocol Port number 2 Link layer 4 Transport layer Function Description PROFINET Industrial Ethernet protocols Connection oriented communications protocols FTP File transfer protocol 20 data 21 control 4 TCP File transfer proto col FTP is use...

Page 28: ... by the CPU Each CPU has reserved connection resources for PG HMI and web server communication In addition there are available resources for other communication services e g for SNMP e mail connections HMI and S7 communication as well as for open communication When are connection resources allocated The time for allocation of connection resources depends on how the connection is set up automatic p...

Page 29: ...on You set up the programmed connection in the program editor of STEP 7 in the context of a CPU by assigning instructions for communication for example TSEND_C When specifying the connection parameters in the Inspector window in the properties of the instruction you are supported by the easy to use user interface Figure 3 1 Programmed setup ...

Page 30: ...ication Function Manual 11 2019 A5E03735815 AH 29 Setting up a configured connection You set up the configured connection in the network view of the Devices networks editor of STEP 7 in the context of a CPU or a software controller Figure 3 2 Configured setup ...

Page 31: ...resources already used and those still available How do I set up a connection Table 3 5 Setting up the connection Connection Automatically Programmed setup Configured setup Programming device connection X HMI connection X X Web communication X OPC UA server communication X OPC UA client communication X Open communication via TCP IP connection X X Open communication via ISO on TCP connection X X Op...

Page 32: ...ion for communication is interrupted for example by a hardware interrupt OB with higher priority This interrupts the transfer of the data area If the user program in this OB now changes the data that has not yet been processed by the communication instruction the transferred data originates from different times The following figure shows a data area that is smaller than the maximum size of the con...

Page 33: ...struction only transfers as much data from the source data area into the destination data area as fits in the consistent data area At time T2 the instruction transfers the rest of the source data area to the destination data area After the transfer data from different points in time exist in the destination data area If the data in the source data area has changed in the meantime an inconsistency ...

Page 34: ...sured in the user program Note Measures in the user program To achieve data consistency you can copy transferred data to a separate data area for example global data block While the user program continues to work with the original data you can transfer the data saved in the separate data area consistently with the communication instruction For the copying use uninterruptible instructions such as U...

Page 35: ...ansport Layer Security is used as the encryption protocol TLS is the successor for the SSL Secure Sockets Layer protocol Objectives of secure communication Secure communication is used to achieve the following objectives Confidentiality i e the data are secret cannot by read by eavesdroppers Integrity i e the message that reaches the recipient is the same message unchanged that the sender sent The...

Page 36: ...public key in a certificate is valid and when it expires X 509 certificates contain information about the issuer of the certificate in secure form The following paragraphs give an overview of these basic concepts which are required for managing certificates in STEP 7 TIA Portal for example and for programming communication instructions for secure Open User Communication sOUC Secure communication w...

Page 37: ...ements placed by the application you can select different security levels for the end point security You will find the description of the OPC UA server functionality in the section Using the S7 1500 as an OPC UA server Page 159 3 6 2 Confidentiality through encryption Message encryption is an important element of data security When encrypted messages are intercepted by third parties during communi...

Page 38: ...s his message with the symmetric key Alice decrypts the encrypted message with the symmetric key Figure 3 7 Symmetric encryption The process can be compared to a briefcase to which the sender and recipient have the same key which both locks and opens the case Advantage Symmetric encryption algorithms such as AES Advanced Encryption Algorithm are fast Disadvantages How can the key be sent to a reci...

Page 39: ...As only Alice has the private key and never discloses it only she can decrypt the message With her private key she can decrypt any message encrypted with her public key not only messages from Bob Figure 3 8 Asymmetric encryption The system can be compared to a mailbox into which anyone can put a message but from which only the person with the key can remove messages Advantages A message encrypted ...

Page 40: ...ot tell what identity is assigned to a public key from the bit string A fraud could provide their public key and claim to be someone else If a third party then uses this key thinking that they are addressing their required communication partner confidential information could end up with the fraud The fraud then uses their private key to decrypt the message that was not intended for them and sensit...

Page 41: ...pplicant can be clearly established the certificate authority confirms that identity by issuing a signed certificate The applicant has now become the certificate subject The figure below is a simplified overview of the process It does not show how Alice can check the digital signature Figure 3 9 Signing of a certificate by a certificate authority Self signed certificates Self signed certificates a...

Page 42: ...signing or key encryption When you create a new certificate with STEP 7 for example in the context of Secure Open User Communication select the correct entry from the list of possible usages e g TLS Specification of a Subject Alternative Name SAN which is used in secure communication with Web servers HTTP over TLS for example to ensure that the certificate in the address bar of the Web browser als...

Page 43: ...ned by the certificate authority The figure below shows how Alice uses the public key in the certificate from Twent who represents the certificate authority CA to verify the signature on Bob s public key All that is required for verification is therefore the availability of the certificate from the certificate authority at the moment of checking The validation itself is executed automatically in t...

Page 44: ...ed over multiple intermediate certificates until the end entity certificate The end entity certificate is the certificate of the user who is to be identified The validation process runs through the hierarchy in the opposite direction As described above the certificate issuer is established and the signature checked with the issuer s public key then the certificate of the higher level certificate i...

Page 45: ...ctor window of the CPU allow the creation of new certificates or the selection of existing ones Protection Security Certificate manager for the generation and assignment of all types of certificates TLS certificates for Secure Open User Communication are preset for the generation of certificates Web server Security for the generation and assignment of Web server certificates OPC UA Server Security...

Page 46: ... certificate memory of the CPU You do not have access for example to imported certificates or root certificates Without these certificates only a restricted functionality is available You can for example only generate self signed certificates If you use the certificate manager in the global security settings and you are logged on as an administrator you have access to the global project wide certi...

Page 47: ...d encrypted in the global project wide certificate memory If you do not use global security settings the private key is stored encrypted in the local CPU specific certificate memory The existence of the private key which is required to decrypt data for example is displayed in the Private key column of the Device certificates tab of the certificate manager in the global security settings When the h...

Page 48: ...nection is being established handshake the communication partners as a rule only communicate their end entity certificates device certificates Therefore the CA certificates required to verify the transmitted device certificate must be located in the certificate memory of the respective communication partner Secure Open User Communication between two S7 1500 CPUs Two S7 1500 CPUs PLC_1 and PLC_2 ar...

Page 49: ...he Protection Security section Click in an empty line in the Certificate subject column in the Device certificates table to add a new certificate 4 In the drop down list for selecting a certificate click the Add button The Create Certificate dialog opens 5 Leave the default settings in this dialog They are tailored to the usage of Secure Open User Communication usage TLS Tip Supplement the default...

Page 50: ... for self signed certificates To ensure that self signed certificates can be verified you have to include the self signed certificates of the communication partner into the list of trusted partner devices for each CPU To this purpose you must have activated the Use global security settings for certificate manager option and be logged in as a user in the global security settings Proceed as follows ...

Page 51: ...ertificates for verifying the certificate path You have to import these certificates into the global certificate memory of the S7 1500 CPU Proceed as follows to import certificates of the communication partner 1 Open the certificate manager in the global security settings in the project tree 2 Select the appropriate table trusted certificates and root certificate authorities for the certificate to...

Page 52: ... User Communication between an S7 1500 CPU as TLS server and an external device as TLS client If the S7 1500 CPU acts as TLS server and the external device for example an ERP system Enterprise Resource Planning System establishes the TLS connection session you require the following certificates For the S7 1500 CPU you generate a device certificate server certificate with a private key and download...

Page 53: ...blishment of the TLS connection session Proceed as follows to import certificates of the mail server 1 Open the certificate manager in the global security settings in the project tree 2 Select the appropriate table trusted certificates and root certificate authorities for the certificate to be imported 3 Right click in the table to open the shortcut menu Click Import and import the required certif...

Page 54: ...efore V2 0 you were able to set Permit access only with HTTPS when setting the Web server properties without specific requirements applying You did not have to handle certificates for these CPUs the CPU automatically generates the certificates required for the Web server For S7 1500 CPUs as of firmware V2 0 STEP 7 generates the server certificate end entity certificate for the CPU You assign a ser...

Page 55: ...interface of the CPU This is necessary because the identity of the CPU changes with the IP address and the identity requires a signature in accordance with the PKI rules You can avoid this problem by addressing the CPU with a domain name instead of its IP address for example myconveyer cpu room13 myfactory com For this purpose you have to manage the domain names of the CPU via a DNS server Supplyi...

Page 56: ... TLS However the course can be applied to all communication options that are based on the usage of TLS i e also for Secure Open User Communication see Basics for secure communication Figure 3 14 Handshake with https The figure does not show the measures taken at Alice s end browser to verify the certificate sent by the Web server Whether Alice can trust the Web server certificate received and ther...

Page 57: ...ate in the form of a signed message so that Alice can verify the integrity of the certificate chain The certificates often contain the URLs of the certificate issuer Alice can load the required intermediate certificates from these URLs When you work with certificates in STEP 7 it is always assumed that you have imported the intermediate certificates and the root certificate into the project and as...

Page 58: ...ons it is useful to disable SNMP Examples The security guidelines in your network do not allow the use of SNMP You use your own SNMP solution e g with your own communications instructions If you disable SNMP for a device various diagnostics options for the network topology e g in the PRONETA tool or in the Web server of the CPU are no longer available Disabling SNMP To disable SNMP for one of the ...

Page 59: ...hat contains the structure of data record B071H The figure below shows the data block Deactivate SNMP The data block Deactivate SNMP contains the data record B071H as well as additional tags that you use to transfer the data record The tag snmp_deactivate is used to trigger the job for WRREC Place this tag in the retentive memory area so that the value is also available in the startup OB OB100 Fig...

Page 60: ...NIZATION_BLOCK Using program code You will find the full program code here Follow these steps to apply the program code to your project 1 Copy the entire program code to the clipboard with Ctrl A Ctrl C 2 Open a text editor e g Editor 3 Paste the content of the clipboard to the text editor with Ctrl V 4 Save the document as an scl file e g SNMP_DEACT scl 5 Open your project in STEP 7 6 Import the ...

Page 61: ...on data run tests and evaluate diagnostic information These functions are integrated in the operating system of the module capable of communication Requirements The PG PC is physically connected to the communication capable module If the communication capable module is to be reached via S7 routing the hardware configuration has to be loaded in the participating stations S7 router and end point Pro...

Page 62: ...ist select the PG PC interface e g Ind Ethernet card you want to use to establish the online connection Select the interface or the S7 subnet with which the programming device PC is physically connected from the Connection to interface subnet drop down list If the communication capable module can be reached via an S7 router gateway select the S7 router that connects the subnets in question from th...

Page 63: ...at you can address with PG communication appear shortly thereafter in the table Compatible devices in target subnet 5 In the Compatible devices in target subnet table select the relevant CPU and confirm with Go online Additional information You can find more information on Go online in the STEP 7 online help ...

Page 64: ...tting up HMI communication As soon as you drag and drop a tag for example a tag from a global data block into an HMI screen or into the HMI tag table STEP 7 automatically sets up an HMI connection Alternatively you can also set up the HMI connection yourself To set up an HMI connection follow these steps 1 Configure the HMI device in an existing configuration with a CPU in the network view of the ...

Page 65: ...s of the HMI connection some of which you can change Figure 5 1 Setting up HMI communication 5 Download the hardware configuration to the CPU 6 Download the hardware configuration to the HMI device Additional information You can find information on S7 routing for HMI connections in the section S7 Routing Page 289 You can find more information on setting up HMI connections in the STEP 7 online help...

Page 66: ...ng as these support the connection types available Secure Communication To protect your automation system you can exchange data securely over Open User Communication With Secure Open User Communication the data is sent signed and encrypted Open User Communication is possible in various automation systems see technical specifications of the respective manuals Examples Integrated PROFINET Ind Ethern...

Page 67: ... Modbus TCP TCP according to RFC 793 E mail TCP according to RFC 793 FTP TCP according to RFC 793 TCP ISO on TCP ISO UDP Prior to data transfer these protocols except UDP establish a transport connection to the communications partner Connection oriented protocols are used when potential loss of data needs to be avoided The following is possible with UDP Unicast to one device or broadcast to all de...

Page 68: ...The Modbus protocol is a communication protocol with linear topology based on a master slave architecture In the Modbus TCP Transmission Control Protocol the data is transmitted as TCP IP packets Communication is controlled solely by suitable instructions in the user program E mail and FTP You can use email to send for example data block contents e g process data as an attachment You can use the F...

Page 69: ...configuring the connection in STEP 7 in the hardware and network editor Regardless of whether you set up the connection by programming or configuring instructions are always required in the user programs of both communications partners for sending and receiving the data Setting up the connection via the user program If the connection is set up by programming the connection establishment and termin...

Page 70: ...on for Open User Communication between two S7 1500 CPUs Protocols system data types and employable instructions for programmed setup The following table shows the protocols of the Open User Communication and the matching system data types and instructions Table 6 3 Instructions for programmed setup of the connection Protocol System data type Instructions TCP TCON_QDN TCON_IP_v4 Establish connectio...

Page 71: ... connections of the Secure Open User Communication and the matching system data types and instructions Secure OUC connection System data type Instructions Secure TCP connection from an S7 1500 CPU as TLS client to a third party PLC TLS server Secure TCP connection from an S7 1500 CPU as TLS server to a third party PLC TLS client TCON_QDN_SEC TSEND_C TRCV_C TCON TSEND TRCV Secure TCP connection bet...

Page 72: ...C or TSEND TRCV or TUSEND TURCV ISO on TCP ISO according to ISO IEC 8073 Class 4 UDP Send receive data via TSEND_C TRCV_C or TUSEND TURCV FDL Send receive data via TSEND_C TRCV_C or TSEND TRCV or TUSEND TURCV Modbus TCP Not supported E mail Not supported FTP Not supported Additional instructions for open communication You can use the following instructions for connections set up in the user progra...

Page 73: ...al information The STEP 7 online help describes The user and system data types The instructions for open communication The connection parameters You will find information about the allocation and release of connection resources in the section Allocation of connection resources Page 311 See also Secure Open User Communication Page 92 ...

Page 74: ...etwork as a requirement for communication via DNS The S7 1500 software controller supports communication via DNS for all interfaces that are assigned to the software controller Setting up communication via DNS The DNS client of the CPU must know the IPv4 address of at least one DNS server so that a CPU can establish a connection to a communication partner via its domain name The CPU supports up to...

Page 75: ...on partner follow these steps 1 Create a global data block in the project tree 2 Define a tag of the data type TCON_QDN in the global data block The example below shows the global data block Data_block_1 in which the tag DNS Connection1 of data type TCON_QDN is defined Figure 6 2 Data type TCON_QDN 3 Program the parameters of the TCP connection for example the fully qualified domain name FQDN in t...

Page 76: ... contrast to the TCP the UDP protocol does not work connection oriented For every edge at the block parameter REQ the TUSEND or TURCV command performs queries of the DNS server This can lead to high network load or load on the DNS server Additional information You can find more information about the system data types TCON_QDN TADDR_SEND_QDN and TADDR_RCV_IP in the STEP 7 online help How to set up ...

Page 77: ...Connection parameters group Until you select a connection partner only the empty drop down list for the partner end point is enabled All other input options are disabled The connection parameters already known are displayed Name of the local end point Interface of the local end point IPv4 address of the local end point Figure 6 4 Connection parameters for TSEND_C ...

Page 78: ...unspecified device or a CPU in the project as the communication partner Certain connection parameters are then entered automatically The following parameters are set Name of the partner end point Interface of the partner end point IPv4 address of the partner end point If the connection partners are networked the name of the subnet is displayed 5 In the Configuration type drop down list select betw...

Page 79: ... list a new data block with the changed name but with the same structure and content is generated and used for the connection Changed names of a data block must be unique in the context of the communication partner A connection description DB must have the structure TCON_Param TCON_IP_v4 or TCON_IP_RFC depending on CPU type and connection A data block cannot be selected for an unspecified partner ...

Page 80: ...O on TCP UDP ISO only with Configuration mode Use configured connection You can edit the input boxes in the address details Depending on the selected protocol you can edit the ports for TCP and UDP or the TSAPs for ISO on TCP and ISO 9 Use the Active connection establishment check box to set the connection establishment characteristics for TCP ISO and ISO on TCP You can decide which communication ...

Page 81: ...ies of the connection in the Properties tab in the General area for example the name of the connection and the interfaces of the communications partner that will be used For connections to an unspecified partner set the address of the partner You can find the local ID reference of the connection in the user program in the Local ID area 6 In the Project tree select the Program blocks folder for one...

Page 82: ...n type you will need to select the Use ISO protocol check box in the properties of the CP so that addressing using MAC addresses will work Figure 6 5 Select CP 1543 1 ISO protocol Additional information The STEP 7 online help describes The instructions for open communication The connection parameters This FAQ https support industry siemens com cs ww en view 109479564 describes how the instructions...

Page 83: ...et up a configured FDL connection in STEP 7 1 Create a TSEND_C instruction in the program editor 2 Select the TSEND_C instruction and go to Properties General Connection parameters in the Inspector window 3 Under End point select the partner end point Use one of the two partner end points below CPU S7 1500 with CM 1542 5 Unspecified 4 Under Configuration type select Use configured connection 5 Und...

Page 84: ...lock of the TCON_FDL system data type yourself in each case assign parameters and call it directly at the instruction Follow these steps 1 Create a global data block in the project tree 2 In the global data block define a tag of the data type TCON_FDL The example below shows the global data block FDL_connection in which the tag FDL_connection of the data type TCON_FDL is defined Figure 6 7 Program...

Page 85: ...g Modbus TCP The MB_CLIENT instruction communicates as a Modbus TCP client via the TCP connection You establish a connection between the client and the server with the instruction send Modbus requests to the server and receive the corresponding Modbus responses You also control the setup of the TCP connection with this instruction The MB_SERVER instruction communicates as a Modbus TCP server via t...

Page 86: ...NT or MB_SERVER instruction Observe the following rules An IPv4 server address must be specified for each MB_CLIENT connection Each MB_CLIENT or MB_SERVER connection must use a unique instance DB with one of the data structures TCON_IP_v4 TCON_QDN or TCON_Configured Each connection requires a unique connection ID The connection ID and instance DB belong together in pairs and must be unique for eac...

Page 87: ...se would forward the request to the correct Modbus RTU slave address You do not have to program the gateway function yourself You can find the MB_UNIT_ID parameter in the instance data block associated with MB_CLIENT instruction You can find more information on the MB_UNIT_ID parameter in the STEP 7 online help Reference This FAQ https support industry siemens com cs ww en view 94766380 describes ...

Page 88: ...ters to the instruction TMAIL_C for example enter the subject of the e mail in Subject 3 In a global data block create a variable of the type TMAIL_v4 TMAIL_v6 only CP 1543 1 or TMAIL_FQDN only CP 1543 1 4 Set the connecting parameters of the TCP connection in the variable in the Start value column Enter the IPv4 address of the mail server for example for the MailServerAddress for TMAIL_v4 Note Co...

Page 89: ...w FTP client and server functionality Files can be sent by a CPU to an FTP server and can be received from the FTP server Communication with FTP is only possible for the S7 1500 using the CP 1543 1 The CP can be an FTP server FTP client or both FTP clients can also be third party systems PCs For the FTP server functionality configure the CP accordingly in STEP 7 You can use the FTP client function...

Page 90: ... 7 At the same time you need to select the option Permit access with PUT GET communication from remote partner PLC HMI OPC in the HW configuration of the S7 1500 CPU under the Protection area navigation in the section Connection mechanisms 2 Make the following settings in the properties of the CP under FTP configuration Select the Use FTP server for S7 CPU data check box Assign the CPU a data bloc...

Page 91: ... within this DB a tag of the type FTP_CONNECT_IPV4 FTP_CONNECT_IPV6 or FTP_CONNECT_NAME 5 Interconnect the tag within the data block with the FTP_CMD instruction 6 For the connection to the FTP server specify the following in the DB The user name the password and the IP address for the FTP access in the relevant data type FTP_CONNECT_IPV4 FTP_CONNECT_IPV6 or FTP_CONNECT_NAME 7 Download the hardwar...

Page 92: ...alling TSEND_C TRCV_C or TCON Calling TSEND_C TRCV_C or TCON on the active partner starts connection establishment If the connection could be established there is positive feedback to the instructions in the user program After you have terminated a connection using the instruction T_RESET the connec tion is reestablished If the connection aborts the active partner attempts to re establish the conn...

Page 93: ...mmunication over the domain name you need to create a data block with the TCON_QDN_SEC system data type yourself assign parameters and call it directly at one of the instructions TSEND_C TRCV_C or TCON Requirements Current date and time are set in the CPU Your network includes at least one DNS server You have configured at least one DNS server for the S7 1500 CPU TLS client and TLS server have all...

Page 94: ...can set up a non secure TCP or UDP connection in this case ExtTLSCapabilities If you enter the value 1 the client validates the subjectAlternateName in the X 509 V3 certificate of the server to verify the identity of the server This validation is executed in the context of the instruction TLSServerCertRef ID of the X 509 V3 certificate usually a CA certificate that is used by the TLS client to val...

Page 95: ...ons TSEND_C TRCV_C or TCON with the tags of the data type TCON_QDN_SEC In the example below the CONNECT parameter of the TCON instruction is interconnected with the tag DNS connectionSEC data type TCON_QDN_SEC Figure 6 14 TCON instruction Additional information You can find more information on the TCON_QDN_SEC system data type in the STEP 7 online help For additional information on secure communic...

Page 96: ...system data type yourself assign parameters and call it directly at one of the instructions TSEND_C TRCV_C or TCON Requirements Current date and time are set in the CPU Your network includes at least one DNS server You have configured at least one DNS server for the S7 1500 CPU TLS client and TLS server have all the required certificates To set up a secure TCP connection to a TLS client follow the...

Page 97: ... 16 Certificate handling from the perspective of the S7 1500 as TLS server TLSClientCertRef ID of the X 509 V3 certificate or a group of X 509 V3 certificates that is used by the TLS server to validate TLS client authentication If this parameter is 0 the TLS server uses all CA certificates currently loaded in the server certificate store to validate the client authentication 5 Create one of the in...

Page 98: ... process one S7 1500 CPU acts as TLS client active establishing of the connection and the other S7 1500 CPU as TLS server passive establishing of the connection Setting up a secure TCP connection between two S7 1500 CPUs For secure TCP communication between two S7 1500 CPUs you need to create a data block with the TCON_IP_V4_SEC system data type yourself in every CPU assign parameters and call it ...

Page 99: ...lock The example below shows the global data block Data_block_1 in which the tag SEC connection 1 TLS Client of the data type TCON_IP_V4_SEC is defined Figure 6 19 IP_V4_SEC_Client 3 Set the connection parameters of the TCP connection in the Start value column For example enter the IPv4 address of the TLS server for RemoteAddress Note Connection parameter Interface ID Note that you can enter the v...

Page 100: ...the certificate manager of the global security settings TLSClientCertRef ID of the own X 509 V3 certificate 5 Create one of the instructions TSEND_C TRCV_C or TCON in the program editor 6 Interconnect the CONNECT parameter of one of the instructions TSEND_C TRCV_C or TCON with the tags of the data type TCON_IP_V4_SEC Settings at the TLS server To set up a secure TCP connection in the TLS server fo...

Page 101: ...he TIA Portal project SHA256 or the value 1 reference to the CA certificate of the TIA Portal project SHA1 If you use a different CA certificate enter the corresponding ID from the certificate manager of the global security settings 5 Create one of the instructions TSEND_C TRCV_C or TCON in the program editor 6 Interconnect the CONNECT parameter of one of the instructions TSEND_C TRCV_C or TCON wi...

Page 102: ...efore apply These are described below Handling certificates for CPs The following applies in general You have to be logged on at the certificate manager in the global security settings The generation of self signed certificates also requires logon for the global security settings You have to have sufficient rights as a user administrator or user with the Standard role with the right to Configure s...

Page 103: ...P If a communication partner is an external device for example an MES or ERP system a device certificate also has to exist for this device The root certificate CA certificate with which the device certificate of the communication partner is signed must also be located in the certificate memory of the CP or in the certificate memory of the external device If you use intermediate certificates you ha...

Page 104: ...client Figure 6 23 IP_V4_SEC_Client 3 Set the connection parameters of the TCP connection in the Start value column For example enter the IPv4 address of the TLS server for RemoteAddress 4 Set the parameters for secure communication in the Start value column ActivateSecureConn Activation of secure communication for this connection If this parameter has the value FALSE the subsequent security param...

Page 105: ...ion in the TLS server follow these steps 1 Create a global data block in the project tree 2 Define a tag of the data type TCON_IP_4_SEC in the global data block The example below shows the global data block Data_block_1 in which the tag SEC connection 1 TLS Server of the data type TCON_IP_V4_SEC is defined The interface ID has the value of the HW identifier of the IE interface of the local CP TLS ...

Page 106: ...P 7 project the certificates of the CP are not uploaded in contrast to the certificates of the CPU After the device has been loaded as a new station no more certificates are contained in the corresponding tables of the CPs for the device certificates You have to perform configuration of certificates again after the upload Otherwise renewed loading of the configuration results in the certificates t...

Page 107: ...t and TLS server have all the required certificates Example of setting up a secure Modbus TCP connection to a Modbus TCP server The following section describes how you can set up a Secure Open User Communication over Modbus TCP from a Modbus TCP client to a Modbus TCP server To set up a secure connection from a Modus TCP client TLS client to a Modbus TCP server TLS server and set up the IPv4 addre...

Page 108: ...S client to validate the authentication of the Modbus TCP server 5 Create an MB_CLIENT instruction in the program editor 6 Interconnect the CONNECT parameter of the MB_Client instruction with the tags of the data type TCON_IP_4_SEC 6 11 6 Secure OUC via e mail Setting up a secure connection to a mail server over the CPU interface For secure communication to a mail server you need to create a data ...

Page 109: ... TLS the client sends the command to establish a secure connection The mail server uses the SMTP command STARTTLS to do this The client then establishes a secure connection to the mail server Advantage If the mail server does not support TLS client and mail server can communicate unsecured with each other You use the Remote Port setting in the data types at the block parameter MAIL_ADDR_PARAM to d...

Page 110: ...2 Define a tag of the data type TMAIL_V4_SEC in the global data block The example below shows the global data block MailConnDB in which the tag MailConnectionSEC of the data type TMAIL_V4_SEC is defined Figure 6 26 Data type TMAIL_V4_SEC 3 Set the connection parameters of the TCP connection in the Start value column Enter the IPv4 address of the mail server for example for the MailServerAddress No...

Page 111: ...MAIL_ADDR_PARAM parameter of the TMAIL_C instruction is interconnected with the tag MailConnectionSEC data type TMAIL_V4_SEC Figure 6 27 TMAIL_C instruction Setting up a secure connection to a mail server over the interface of a communication module For secure communication to a mail server over a communication module you need to create a data block with one of the system data types TMAIL_V4_SEC T...

Page 112: ... show how you can use the CP of an S7 1500 or S7 1200 station to set up a secure connection to an email server and send an email with the default application TMAIL_C from the S7 CPU Additional information You can find more information about the system data types TMail_V4_SEC and TMAIL_QDN_SEC in the STEP 7 online help For additional information on secure communication refer to the section Secure C...

Page 113: ...For an S7 connection configured at one end the configuration for this connection takes place in only one communication partner and is only downloaded to it A one sided S7 connection can be configured to a CPU that is only a server of an S7 connection e g CPU 315 2 DP The CPU is configured and the address parameters and interfaces are thus known In addition a one sided S7 connection can be configur...

Page 114: ...CPU configuration in the Protection area This FAQ https support industry siemens com cs ww en view 82212115 provides information about how to configure and program an S7 instruction and the GET and PUT communication instructions for data exchange between two S7 1500 CPUs BSEND BRCV The BSEND instruction sends data to a remote partner instruction of the type BRCV The BRCV instruction receives data ...

Page 115: ...ive device on PROFIBUS You can only set up S7 connections configured at one end for this DP slave Figure 7 1 Test commissioning routing check box Configuring S7 connections for PUT GET instructions You can create S7 connections and assign the parameters for these in the connection parameter assignment of the PUT GET instructions Changed values are checked immediately by the connection parameter as...

Page 116: ... a connection partner only the empty drop down list for the partner end point is enabled All other input options are disabled The connection parameters already known are displayed Name of the local end point Interface of the local end point IPv4 address of the local end point Figure 7 2 Connection configuration for PUT instruction ...

Page 117: ...been loaded into the hardware To achieve fully functional communication make sure that you load not only the connection description of the local CPU on the device but also that of the partner CPU as well Configuring S7 connections for e g BSEND BRCV If you want to use the instructions for BSEND BRCV for S7 communication for example you first need to configure an S7 connection To configure a S7 con...

Page 118: ...OB1 8 At the ID parameter of the instruction assign the local ID of the configured connection to be used for the transmission of data 9 Assign the parameters for the instructions indicating which data will be written to where and which data will be read from where 10 Download the hardware configuration and user program to the CPU s S7 communication via CP 1543 1 If you set up S7 communication via ...

Page 119: ...option of using an S7 connection over multiple S7 subnets PROFIBUS PROFINET Industrial Ethernet S7 routing Page 289 1 Configure the communications partners in the network view of the Devices networks editor of STEP 7 2 Select the Network button 3 Connect the relevant interfaces with the S7 subnets PROFIBUS PROFINET Industrial Ethernet using drag and drop ...

Page 120: ...ections button and the S7 connection entry from the drop down list 5 Using drag and drop in our example connect PLC_1 in the left S7 subnet PROFIBUS to PLC_3 in the right S7 subnet PROFINET The S7 connection between CPU 1 and CPU 3 is configured Figure 7 4 S7 connections via different subnets ...

Page 121: ...IC PC station to None or a different Windows setting Since the PLC now no longer handles routing functions for this connection when the CPU 1515SP PC F is compiled no message relating to the invalid connection is displayed The invalid routed S7 connection is displayed only when the end points of the connection are compiled The interfaces required for routed S7 connections must remain explicitly as...

Page 122: ...tners are possible Protocols for communication via a point to point connection Freeport protocol also called ASCII protocol Procedure 3964 R Modbus protocol in RTU format RTU Remote Terminal Unit USS protocol universal serial interface protocol The protocols use different layers according to the ISO OSI reference model Freeport Uses layer 1 physical layer 3964 R USS and Modbus Use layer 1 and 2 ph...

Page 123: ... Configure an S7 1500 configuration with CPU and CM in the device view of the hardware and network editor of STEP 7 2 Select the interface of the CM in the device view of STEP 7 3 Assign the parameters of the interface for example connection communication configuration of message sending in the Inspector window of STEP 7 under Properties General 4 Select the Send_P2P or Receive_P2P instruction in ...

Page 124: ...on data is overwritten but not stored permanently in the target system The Port_Config instruction is used for the program controlled configuration of the relevant port of the communications module The P3964_Config instruction is used for the dynamic configuration of protocol parameters Properties of the USS protocol Simple serial data transfer protocol with cyclic message frame traffic in half du...

Page 125: ...change parameters on the drive 4 Assign the parameters for the instructions according to your configuration 5 Download the hardware configuration and user program to the CPU Properties of the Modbus protocol RTU Communication takes the form of serial asynchronous transfer with a transmission speed of up to 115 2 kbps half duplex Data transfer works according to the master slave principle The Modbu...

Page 126: ...ion The Modbus_Master instruction is used for Modbus master functionality The Modbus_Slave instruction is used for Modbus slave functionality 4 Assign the parameters for the instructions according to your configuration 5 Download the hardware configuration and user program to the CPU Additional information You can find more detailed information on communication via point to point connections and b...

Page 127: ...re transfer procedures and the semantic description of data Machine data controlled variables measured values or parameters can also be transferred in this way An important component of this concept is that OPC UA communication can take place in parallel with real time communication for time critical machine level data transfer OPC UA is highly scalable so that a consistent information exchange be...

Page 128: ...thin a network e g relating to the CPU the OPC UA server itself the data and the data types An OPC UA client accesses this information Implementation in different programming languages The OPC Foundation has implemented the OPC UA standard in several programming languages Stacks for NET ANSI C and Java are available although maintenance has been discontinued for the stacks for ANSI C and Java The ...

Page 129: ...le of the OPC Foundation This profile is functionally equivalent to the core server facet and defines the OPC UA TCP binary protocol as the required transport profile The profile allows for connections without UA Security and does not allow subscriptions or method calls Support for diagnostic objects and variables is optional for this profile Additional profiles build on the Nano Embedded Device 2...

Page 130: ...ces to types are optimized over time These optimizations lead to new versions of the OPC UA Specification e g V1 03 V1 04 PLC tag mapping The information of the OPC UA server for example the PLC tags is modeled as nodes connected to one another via references The semantics are displayed by the server in the address space and can be acquired by clients while navigating This makes it possible to bro...

Page 131: ...o set out how to integrate companion specifications into the address space of the OPC UA server OPC UA server of the S7 1200 CPU As of firmware V4 4 an S7 1200 CPU is equipped with an OPC UA server The OPC UA server is generally configured as it is for an S7 1500 CPU the scope of functions and the quantity limits are limited according to the supported Micro Embedded Device 2017 Server Profile Unli...

Page 132: ...mplify handling the API we offer a higher level NET helper class The client API is based on the NET OPC UA stack of the OPC Foundation The application example shows how to establish connections between servers and clients for example It also demonstrates the reading and writing of PLC tags Link to download OPC UA NET client for the SIMATIC S7 1500 OPC UA Server http support automation siemens com ...

Page 133: ... a virtual interface W1 IP based applications can then be accessed via the IP address parameters of this virtual interface The schematic is shown in the following figure CPU S7 1500 FW V2 8 or higher e g CPU 1515 2 PN CP 1543 1 FW V2 2 or higher Virtual interface W1 Protocol conversion PROFINET Industrial Ethernet on backplane bus or backplane bus on PROFINET Industrial Ethernet Backplane bus Figu...

Page 134: ...U the following interfaces of the S7 1500 station are available The local PROFINET interfaces of the S7 1500 CPU The Ethernet interface of a CP 1543 1 firmware version V2 2 and higher The following figure shows an example of a possible configuration The CPU could also have the role OPC UA client and the device on the subnet of the CP could have the role OPC UA server Figure 9 2 Example Access of O...

Page 135: ...ia an S7 1500 CPU in which case the S7 1500 CPU operates as an IP Forwarder This configuration option allows for flexible expansion of existing systems Figure 9 3 Example Access of OPC UA clients to OPC UA servers via S7 1500 CPU with activated IP Forwarding Additional information Additional information on access options via the virtual interface and via IP forwarding can be found in the following...

Page 136: ... information about the given OPC UA server These nodes can be found in the namespace of the OPC Foundation and have the index 0 The OPC Foundation also defines data types and tag types Namespace Namespace In addition to the above described namespace of the OPC Foundation the namespace for accessing CPU data is of interest All the tags or methods of an S7 1500 OPC UA server are contained in the nam...

Page 137: ...can consist of several components The individual components are then separated by a dot The following example reads the MyDB array data block completely This data block contains an array with ten integer values All ten values should be read in one pass Therefore 0 9 is entered at the array range Example of NodeIds identifiers and namespaces The following figure illustrates the relation between Nod...

Page 138: ...igure below shows where the PLC tags in the example are located in the address space of the OPC UA server excerpt from UA client The MyDB data block is a global data block The data block is therefore located below the node DataBlocksGlobal StartTimer is a memory tag and is therefore stored below the Memory node Figure 9 4 PLC tags in the address space of the OPC UA server ...

Page 139: ...019 A5E03735815 AH Methods in the address space of the OPC UA server If you implement a method via your user program it takes the following form in the address space of the OPC UA Server see Providing methods on the OPC UA server Page 227 Figure 9 5 Methods in the address space of the OPC UA server ...

Page 140: ...nts of the OPC UA servers Page 161 Reading out information from the OPC UA server When a connection to an end point of the server exists you can use the navigation function of the client You navigate starting from a defined starting point from the root node through the address space of the server The following information is provided in the process Enabled PLC tags data blocks and data block compo...

Page 141: ... Range you specify which components of the array you want to overwrite The Good status code indicates that the values were transferred successfully However you can only write the values to the S7 1500 but not the time stamps of these values The time stamps can only be read Faster access through registration Registered Read Write lends itself to repeated optimized access to data with maximum perfor...

Page 142: ...l is the time interval in which the server sends new values to the client in a notification data change notification In the following example a subscription has been created The client receives a message with the new values publishing interval 50 ms every 50 milliseconds here Preventing server overload You can set the OPC UA server of the S7 1500 CPU by means of the Minimum publishing interval so ...

Page 143: ... example the length of the queue is set to 1 Only one value is read from the CPU at an interval of 50 milliseconds and subsequently sent to the OPC UA client when the value has changed The Deadband parameter in this example is 0 1 Changes in value have to amount to 0 1 Volt only then does the sender send the new value to the client The server does not send smaller changes in value You can use this...

Page 144: ... that the tag is actually the SIMATIC data type COUNTER With this knowledge the client reconstructs the data type Table 9 1 SIMATIC and OPC UA data types SIMATIC data type OPC UA data type BOOL Boolean BYTE BYTE Byte WORD WORD UInt16 DWORD DWORD UInt32 LWORD LWORD UInt64 SINT SByte INT Int16 DINT Int32 LINT Int64 USINT Byte UINT UInt16 UDINT UInt32 ULINT UInt64 REAL Float LREAL Double S5TIME S5TIM...

Page 145: ...nt repeatedly on the line For the tags the DataType attribute indicates the basic data type The attributes ValueRank and ArrayDimensions show whether or not you are dealing with an array and how large the array is Data types based on arrays There are SIMATIC data types for which an OPC UA value is mapped to an array of bytes An array of these data types is then mapped to a two dimensional array Ex...

Page 146: ... can be read and interpreted more quickly and easily A client only determines the setup of the structure once before or during the first access and then uses this information for the duration of the session Special SIMATIC data types SIMATIC data types that are not in the table above and cannot be defined as elements of a structure or PLC data type are not supported by the OPC UA client These are ...

Page 147: ...cludes an OPC UA security policy with the setting no security which corresponds to the end point None Note Disabling security policies you do not want If you have enabled all security policies in the secure channel settings of the S7 1500 OPC UA server thus also the end point None no security unsecured data traffic neither signed nor encrypted between the server and client is also possible The OPC...

Page 148: ...the client and classifies it as trusted See section Handling client and server certificates Page 183 The client must also check and trust the certificate of the server The server and client must show their identities and prove that they are what they claim to be They must prove their identity Mutual authentication of client and server for example prevents man in the middle attacks Man in the middl...

Page 149: ...blic key of the program person or organization An X509 certificate thus links an identity name of a program person or an organization to the public key of the program person or organization Check during connection establishment When a connection is being established between the client and server the devices check all information from the certificate that is required to determine its integrity such...

Page 150: ...igns your certificate with the private key of the certificate authority For this purpose you send a CSR Certificate Signing Request to the certificate authority You yourself create a certificate and sign it To this purpose you use for example the Opc Ua CertificateGenerator program of the OPC Foundation Alternatively you use OpenSSL You can find additional information in Generating PKI key pairs a...

Page 151: ...er unchanged The plain text message has been manipulated or has been distorted during transfer Encryption Encrypting data prevents unauthorized parties from reading the content X509 certificates are not encrypted they are public and can be viewed by anyone Encryption involves the sender encrypting the plain text message with the public key of the recipient To do so the sender requires the recipien...

Page 152: ...s X 509 certificate identifies a specific version of the client or server software These certificates contain attributes that describe which tests this version of the software has passed during certification by the OPC Foundation or recognized test laboratories For the Organization name attribute you enter the name of the company that has developed or markets the software Note Software certificate...

Page 153: ... the first program start The documentation for this example describes the procedure for handling these certificates Using the certificate generator of the TIA Portal If you use an OPC UA client that does not generate a client certificate you can create self signed certificates with STEP 7 To do this follow these steps 1 In the properties of the CPU double click Add new under Protection Security Ce...

Page 154: ...OpenSSL under Windows If you are using a 64 bit version of the operating system install OpenSSL in the C OpenSSL Win64 directory for example You can obtain OpenSSL Win64 as a download from various providers for open source software 2 Create a directory for example C demo 3 Open the command prompt To do so click Start and enter cmd or command prompt in the search field Right click cmd exe in the re...

Page 155: ...Country name for example DE for Germany FR for France State or province name for example Bavaria Location Name for example Augsburg Organization Name Enter the name of your company Organizational Unit Name for example IT Common Name for example OPC UA client of machine A Email Address Note Note for S7 1500 CPU as server with firmware version V2 5 The IP address of the client program has to be stor...

Page 156: ...wn in the next step Signing the certificate yourself Enter the following command so that you can generate and sign your certificate self signed certificate yourself x509 req days 365 in myRequest csr signkey myKey key out myCertificate crt The figure below shows the command line with the command and OpenSSL The command generates an X 509 certificate with the attributes that you transfer with the C...

Page 157: ... In order to use this security policy establish a connection to a None end point of a server Signing All message are signed This allows the integrity of the messages received to be checked Manipulations are detected In order to use this security policy establish a connection to a Sign end point of a server Sign Encrypt All messages are signed and encrypted This allows the integrity of the messages...

Page 158: ...ta to the session The secure channel forwards data of the session that is to be sent to the transport layer In Sign security mode the secure channel signs the data messages that is sent When a message is received the secure channel checks the signature to detect any manipulations With a SignAndEncrypt security policy the secure channel signs and encrypts the send data Data received is decrypted by...

Page 159: ...uted as follows 1 The client starts establishing the session by sending a CreateSessionRequest to the server This message contains a Nonce a random number that is only used once The server must sign this random number Nonce to prove that it is the owner of the private key The private key belongs to the certificate that the server uses to establish the secure channel This message and all subsequent...

Page 160: ...he CPU over the backplane bus of the automation system is not possible via CPs under the following conditions Configuration with TIA Portal Version V16 or higher S7 1500 CPU firmware version 2 8 or higher and CP 1543 1 firmware version V2 2 or higher For configuration see Access to OPC UA applications Page 131 Direct access to the OPC UA server of the CPU over the backplane bus of the automation s...

Page 161: ...ddress space of the OPC UA server of an S7 1500 CPU In the figure above the MyValue tag is selected highlighted in gray This tag is located below the Memory node which has the node class Object Memory is below the PLC_1 node also an Object Address space The nodes are linked over references for example the reference HasComponent which represents a hierarchical relationship between a node and its su...

Page 162: ...ress 192 168 178 151 in the example Port number for OPC UA 4840 standard port The port number can be configured Security setting for messages Message Security Mode None Sign SignAndEncrypt Encryption and hash procedures Security Policy None Basic128Rsa15 Basic256 Basic256Sha256 in the example The following figure shows the UA Sample Client of the OPC Foundation The client has established a secure ...

Page 163: ...er OPC UA servers provide a wide range of information The values of PLC tabs and DB components which clients may access The data types of these PLC tags and DB components Information on the OPC UA server itself and on the CPU This gives clients an overview and allows them to read out specific information Previous knowledge of the PLC program and the CPU data is not required You do not need to ask ...

Page 164: ...e information 9 3 1 3 Runtime behavior of the OPC UA server OPC UA server in operation The OPC UA server of the S7 1500 CPU starts when you activate the server and download the project to the CPU How to activate the OPC UA server is described here Behavior in the operating state STOP of the CPU An activated OPC UA server remains in operation even if the CPU switches to STOP The OPC UA server conti...

Page 165: ...estarts STEP 7 does not show a warning in this case When objects are downloaded in RUN operating state of the CPU the OPC UA server only stops if the downloaded objects are or could be OPC UA relevant The OPC UA server restarts after re initialization due to the modified OPC UA data Before OPC UA relevant objects are loaded into the CPU and stop the OPC UA server STEP 7 displays a warning in the p...

Page 166: ...the manual DeviceManual or firmware version HardwareRevision 9 3 2 Configuring access to PLC tags 9 3 2 1 Managing write and read rights Enabling PLC tags and DB tags for OPC UA OPC UA clients can have read and write access to PLC tags and DB tags if the tags are enabled for OPC UA default setting For an enabled tag the check box Accessible from HMI OPC UA is activated You can change the default s...

Page 167: ... and therefore cannot influence execution of the S7 program Removing write and read rights To write protect and read protect a tag disable the Accessible from HMI OPC UA option for that tag checkbox not selected This makes the OPC UA server remove the tag from its address space OPC UA clients can no longer see that CPU tag Result OPC UA clients and HMI devices can neither read nor write the tag Wr...

Page 168: ...167 This setting overrules the settings for the components in the DB editor See also Coordinating write and read rights for CPU tags Page 169 9 3 2 2 Managing write and read rights for a complete DB Hiding DBs or DB contents for OPC UA clients You can easily prevent access to a complete data block by an OPC UA client With this option the data of the corresponding DB including instance DBs of funct...

Page 169: ...nents can no longer be accessed or written Tip Using the overview of all program blocks If you are using multiple data blocks it is appropriate to use the detailed overview of the Program blocks folder for selective activation or deactivation of the OPC UA accessibility Follow these steps 1 Select the Program blocks folder in the project tree 2 Select the Overview command in the View menu 3 Select...

Page 170: ... of write and read rights read write Definition of write and read rights in STEP 7 When you define tags you specify the access rights using the properties Accessible from HMI OPC UA and Writable from HMI OPC UA Example of the assignment of write and read rights Figure 9 13 Example of the assignment of write and read rights Interaction between write and read rights If you have imported an OPC UA se...

Page 171: ...be met to block all access In this case review whether the tag in the OPC UA server interface is actually necessary at all Access table Accessible from HMI OPC UA must be set if access over OPC UA is to be possible at all Writable from HMI OPC UA must be set to allow an OPC UA client to write a tag DB element Please see the table for the resulting access right Table 9 2 Access table OPC UA XML STE...

Page 172: ...e OPC UA server the attribute AccessLevel defines the access AccessLevelEx is defined bit by bit in this case the relevant bits are Bit 0 CurrentRead Bit 1 CurrentWrite Bits 2 to 7 are not relevant for the OPC UA server of an S7 1500 CPU The meaning of the bit combinations is explained in the section on read and write rights The following bits for consistency are also added Bit 8 NonatomicRead the...

Page 173: ...n the language usage of OPC UA within a program cycle of an S7 1500 CPU is ensured at the nodes of the server interface for the following data types BOOL BYTE WORD DWORD LWORD SINT INT LINT DINT USINT UINT ULINT UDINT REAL LREAL DATE LDT TIME LTIME TIME_OF_DAY LTIME_OF_DAY S5TIME CHAR WCHAR System data types and hardware data types that are based on the above mentioned data types are also consiste...

Page 174: ...OPC UA server If you access specific tags regularly recurring access you should use the functions RegisteredRead and RegisteredWrite Allow a greater communication load for the PLC by increasing the value for Cycle load due to communication Make sure that your application still works properly with the changed settings Procedure for creating an array DB You can create arrays for example in global da...

Page 175: ...del of an OPC UA server to be provided to a client in advance or information models can be downloaded to an OPC UA server A file in this format is called a nodeset file because it describes an information model as a set of nodes With STEP 7 TIA Portal you can easily export the standard SIMATIC information model of the S7 1500 CPU as a server to an OPC UA XML file node set file including all PLC va...

Page 176: ...ng the OPC UA server Requirement If you use certificates for secured communication e g HTTPS Secure OUC OPC UA make sure that the modules involved have the current time of day and the current date Otherwise the modules evaluate the used certificates as invalid and secure communication does not work You have acquired a runtime license for the operation of the OPC UA functions see License for OPC UA...

Page 177: ...UA client of the CPU when connecting to an OPC UA Server This means that the CPU enters this application name automatically as ApplicationName for the instruction OPC_UA_Connect tag of type OPC_UA_SessionConnectInfo at the parameter SessionConnectInfo of the instruction OPC_UA_Connect When you program the instruction OPC_UA_Connect you must therefore assign an empty string to the ApplicationName Y...

Page 178: ... version V2 2 or higher For configuration see Access to OPC UA applications Page 131 Direct access to the OPC UA server of the CPU over the backplane bus of the automation system is not possible via CMs With SIMATIC S7 1500 SW controllers access to the OPC UA server is possible via PROFINET interfaces that are assigned to the software PLC Additional access options of SW controllers are described i...

Page 179: ...e IP address at which the OPC UA server can be accessed from the Ethernet subnet 192 168 1 TCP Port number Default 4840 standard port The port number can be changed under OPC UA Server Port Dynamic IP addresses In the example below the IP address for the PROFINET interface X2 has not yet been specified Figure 9 15 Display of the server addresses with dynamic IP address The placeholder dynamically ...

Page 180: ...d standard SIMATIC server interface Even if you disable the standard SIMATIC server interface OPC UA clients can read general device information about the OPC UA server of the CPU Examples of such device information DeviceManual DeviceRevision OrderNumber In this case however all objects of the application program remain invisible to clients If you want to prevent that this device information is n...

Page 181: ...nt place cursor in field Each registration ties up resources Note No error message following attempt to register more than the configured maximum number of registrable nodes If a client tries to register more nodes during runtime than the configured maximum number the server of the S7 1500 CPU only registers the configured maximum number Starting from the configured maximum number of registrable n...

Page 182: ...nterpret a simpler solution was introduced with OPC UA Specification V1 04 attribute DataTypeDefinition at the data type node If your client supports the OPC UA specification V1 04 or higher then disable the option Advantages of the data type definitions according to OPC UA specification as of V1 04 The server starts faster The memory is used more efficiently The Browse function is faster 9 3 3 4 ...

Page 183: ...blishing interval With Minimum publishing interval you set the time intervals at which the server sends a message to the client with the new values in the event of changes 250 ms is used as the Minimum sampling interval in the figure below The value 200 ms is entered as the Minimum publishing interval Figure 9 18 Subscription settings In the example following a value change the OPC UA server will ...

Page 184: ...umber of monitored elements monitored items In this field you specify the maximum number of elements that the OPC UA server of the CPU simultaneously monitors for a value change The monitoring ties up resources The maximum number of monitored elements is dependent on the utilized CPU Additional information Information about the system limits of the OPC UA server of the S7 1500 CPUs firmware V2 0 a...

Page 185: ...e directory of the CPU You can view and manage this directory with the local certificate manager of the CPU exporting or deleting certificates The figure below shows the local certificate manager of the CPU with the automatically generated certificate for the OPC UA server Figure 9 19 Local certificate manager of the CPU Alternatively you can also generate a server certificate yourself The certifi...

Page 186: ... client certificate come from Client of the S7 1500 If you are using the OPC UA client of an S7 1500 CPU OPC UA client enabled you can create certificates for these clients with STEP 7 V15 and higher 1 In the project tree select the CPU you want to use as a client 2 Double click Device configuration 3 In the properties of the CPU click Protection Security Certificate manager 4 Double click Add new...

Page 187: ...rtificates Announcing client certificates to the server You need to send client certificates to the server to allow a secure connection to be established To do this follow these steps 1 Select the Use global security settings for certificate manager option in the local certificate manager of the server This makes the global certificate manager available You will find this option under Protection S...

Page 188: ...at you have imported 15 Click the button with the green check mark 16 Compile the project 17 Load the configuration onto the S7 1500 CPU Result The server now trusts the client If the server certificate is also considered trusted the server and client can establish a secure connection Accepting client certificates automatically When you select the option Automatically accept all client certificate...

Page 189: ... 1500 OPC UA server default setting thus also the end point None no security unsecured data traffic neither signed nor encrypted between the server and client is also possible The identity of the client remains unknown with No security Each OPC UA client can then connect to the server irrespective of any subsequent security settings When configuring the OPC UA server make sure that only security p...

Page 190: ... signing Basic256Sha256 Sign Encrypt Secure endpoint supports a series of algorithms for 256 bit hashing and 256 bit encryption This endpoint protects the integrity and confidentiality of the data through signing and encryption To enable the security setting click the check box in the relevant line Note If you use the settings Basic256Sha256 Sign and Basic256Sha256 Sign Encrypt the OPC UA server a...

Page 191: ...or the security of the OPC UA server use the global security settings The global security settings are enabled in the CPU properties under Protection Security Certificate manager Customizing server certificates STEP 7 automatically generates a certificate for the OPC UA server of the S7 1500 when you activate the server see Activating the OPC UA server Page 175 In the process STEP 7 uses the defau...

Page 192: ...A5E03735815 AH 191 3 The dialog for generating new certificates is displayed figure below The values for an example are already entered Figure 9 22 Customizing server certificates 4 Use other parameters if this is necessary in accordance with the security specifications in your company or your customer ...

Page 193: ...e project name is PLC1 In the properties of the CPU set the project name under General Project information Name Keep the default or enter a different name that is more meaningful for the OPC UA server under Certificate holder Signature Here you select the hash and encryption process that is to be used when signing the server certificate The following entries are available sha1RSA sha256RSA Valid f...

Page 194: ...168 1 1 The important thing here is that the IP addresses via which the OPC UA server of the CPU can be accessed are entered here See Access to the OPC UA server Page 177 This allows OPC UA clients to verify whether a connection to the OPC UA server of the S7 1500 is really to be established or whether in fact an attacker is trying to send manipulated values from another PC to the OPC UA client 9 ...

Page 195: ... General If you select this option the user management for the open project will also be used for user authentication for the OPC UA server The same user names and passwords are then valid in OPC UA as in the current project Proceed as follows to activate user management for the project Click Security settings Settings in the project tree Click the Protect this project button Enter your user name ...

Page 196: ... this setting you tell the client the user name and password that it is to use for client authentication for the server The settings for the client and server must correspond The user name and password used by the client to log on must have been set up on the server and assigned the required authorizations Function rights for server and client The corresponding function rights for the client or th...

Page 197: ...hentication with one of the user names and corresponding passwords that have been centrally defined and loaded to the CPU User authentication of the OPC UA client This function right apples on the OPC UA client of the S7 1500 CPU with client instructions Only when this option is selected can the user of the client of CPU PLC_2 who has been assigned the role PLC opcua role all inclusive use the use...

Page 198: ...tics behavior that supports the most important diagnostics without appreciably increasing the communication load You enable diagnostics for subscriptions when the OPC UA server also uses subscriptions i e if necessary during the commissioning phase only Reason A large volume of diagnostic activity generates a high communication load in the CPU and may suppress other important messages Or the high ...

Page 199: ...uired for CPU 1511 CPU 1512 CPU 1513 ET 200SP CPUs CPU 1515SP PC SIMATIC OPC UA S7 1500 medium required for CPU 1515 CPU 1516 Software Controller CPU 1507 CPU 1516pro 2PN SIMATIC OPC UA S7 1500 large required for CPU 1517 CPU 1518 The required license type is displayed under Properties General Runtime licenses OPC UA Type of required license Figure 9 26 OPC UA server Runtime licenses To confirm pu...

Page 200: ...olding machines This information model is realized in the form of OPC UA nodes in the address space of an OPC UA server OPC UA clients can access these OPC UA nodes You can also use the server interface type Companion specification for example to download company internal information models e g in SiOME If you implement a certain companion specification in your project you apply the specifications...

Page 201: ...g machines the companion specification Euromap defines a whole series of OPC UA nodes which you can combine in a server interface Other OPC UA nodes of the CPU are not included in this server interface This provides a better overview Example of user defined server interface A CPU should control the production of workpieces Production begins when a production job arrives from the higher level contr...

Page 202: ...y passing through Gate_1 The CPU publishes a server interface via which the driverless transport systems arrange for Gate_1 to open The server interface contains the server method smOpenGate for opening the gate and the tag Gate_1_State which indicates the status of the gate open or closed Creating a user defined server interface To create an Server interface follow these steps 1 Select the CPU th...

Page 203: ... Cell_1 7 Drag the OPC UA elements into the Add new line of the new server interface Note The following applies in general If you store data blocks or technology objects in the left area of the table STEP 7 TIA Portal creates an object in the server interface The elements of the data blocks are arranged as separate nodes below this If you store structures in the left area of the table STEP 7 creat...

Page 204: ...sing because industrial trucks do not need access to the server methods and tags of the robot In this case it is best to disable the standard server interface SIMATIC namespace in the OPC UA properties of the S7 1500 CPU so that the filtered nodes cannot be accessed any other way Figure 9 30 Disabling the standard server interface You can also disable the visibility of each configured server inter...

Page 205: ... node in the Inspector window OPC UA attributes area such as node ID node class node type and description BrowseName The language neutral name of the user defined server interface is at the top BrowseName This name can be freely selected The names BrowseNames of the individual OPC UA nodes that have been added to the server interface are under the name of the interface You cannot change the name o...

Page 206: ...lways be called Local data The SIMATIC data type of the data block in the CPU from which the value of an OPC UA node UAVariable type is read or to which a value is written Consistency check You have the option to check the server interface During the consistency check STEP 7 checks whether the OPC UA nodes of the server interface are each assigned to a suitable OPC UA element identical data type o...

Page 207: ... are typically structured in functional or technological units and these units are then standardized Companion specifications offer machine and plant operators the benefits of a standardized interface For example all RFID readers that comply with the AutoID specifications can be integrated in the same way This means that all RFID readers that comply with the AutoID specifications can be addressed ...

Page 208: ...interface of an injection molding machine that complies with Euromap 77 Using Euromap 77 Overview To use Euromap 77 proceed as follows 1 Generate an XML file by creating an instance of the type IMM_MES_InterfaceType using the SiOME program How to proceed is described below in Step 1 Create instances in SiOME 2 In STEP 7 TIA Portal create PLC tags and server methods that correspond to the instance ...

Page 209: ...IMM_MES_InterfaceType The object type must be instantiated in order for the information model of the specific machine to appear in the address space of the OPC UA server The object type IMM_MES_InterfaceType is the root object type of Euromap 77 IMM stands for Injection Moulding Machine Follow these steps 1 Download the files Opc_Ua EUROMAP77 NodeSet2 xml and Opc_Ua_EUROMAP83_NodeSet2 xml from the...

Page 210: ...ces area on OPC UA Modelling Editor Project or on Namespaces and select Add Namespace SiOME opens the Add Namespace dialog 9 Enter the name of a new namespace The YourCompany org namespace is used in the example SiOME now also displays the new namespace Figure 9 35 Display of the namespace in SiOME 10 Create an instance from the root object type IMM_MES_InterfaceType of the Companion specification...

Page 211: ...data type InjectionUnitType To do this right click on the InjectionUnits directory in the Information model area and select Add Instance SiOME displays the Add Instance dialog For Name enter a meaningful name for the instance In the example enter InjectionUnit_1 For TypeDefinition select InjectionUnitType Click OK 14 Create a new Mould_1 instance of the MouldType object type in the Moulds director...

Page 212: ... the XML file To do so click the Export XML button in the Information model area Figure 9 38 Export XML button in SiOME SiOME shows the Export XML dialog 18 Leave all namespaces activated and click OK SiOME displays the Save as dialog 19 Select a meaningful name and save the exported file In the example name the XML file IMM_Manufacturer_01234 Result You have now created an XML file which uses the...

Page 213: ...is data type has the same structure as InjectionUnit in the type IMM_MES_InterfaceType Make sure that you use SIMATIC data types that are compatible with the OPC UA data types see Mapping of data types below Figure 9 39 Creating a UDT in STEP 7 2 Add a new global data block to your STEP 7 project In the example name the data block IMM_Manufacturer_01234 so that there is a reference to the injectio...

Page 214: ...rface to be imported OPC UA XML file and change the namespace in the relevant places The file thus changed can then be imported Integrity of the OPC UA XML files OPC UA XML files represent the server address space These files are for example imported by you in the context of OPC UA Companion specifications as a server interface after adaptation to the application loaded with the hardware configura...

Page 215: ... You can also use the listed data types for example as elements of structures UDTs for input and output parameters of self created server methods UAMethod_InParameters and UAMethod_OutParameters Table 9 3 Mapping of data types SIMATIC data type OPC UA data type BOOL Boolean SINT SByte INT Int16 DINT Int32 LINT Int64 USINT Byte UINT UInt16 UDINT UInt32 ULINT UInt64 REAL Float LREAL Double LDT DateT...

Page 216: ...ment for the use of the basic data types listed above as variables in the application program The basic data types have to exist as complex data types that are structured exactly like the corresponding OPC UA basic data types OpcUa_NodeId and OpcUa_QualifiedName exist as system data types that s why you can use these data types not only for single variables but also as elements of a structure For ...

Page 217: ...or tag depends on the identifier type Numeric identifier The node is labeled with a number for example 12345678 String identifier The node is labeled with a name for example MyTag No distinction is made between upper and lower case IdentifierType UDINT Type of identifier 0 Numeric identifier 1 String identifier 2 GUID 3 Opaque System data type OPC_UA_QualifiedName See the following table for the s...

Page 218: ...ncodingByte indicates which fields Locale or Text are available EncodingByte Meaning 0 The fields Locale and Text are empty 1 The field Locale has content the field Text is empty 2 The field Locale is empty the field Text has content 3 The fields Locale and Text have content UDT ByteString For the basic data type ByteString create the following PLC data type in this case for example a ByteString a...

Page 219: ...ing machines is also discussed in detail there Using this companion standard the S7 1500 CPU can control an injection molding machine for example and provide an OPC UA client such as a higher level MES system with an interface for accessing the functions and tags of injection molding machine An OPC UA server interface of the type Companion Standard limits the access of clients to exactly those fun...

Page 220: ...UA server 2 In the project tree click OPC UA communication Server interfaces 3 Double click Add new server interface 4 To select this type of server interface click Companion specification A general name for the new server interface is entered in the dialog for example Server_Interface_1 5 Change the name of the new server interface so that it is descriptive in your project The name should have th...

Page 221: ...s an information model The Using OPC UA companion specifications Page 206 section describes how to create such an XML file with the SiOME tool The figure below shows a section from the information model IMM_MANUFACTURER_0123456 an instance use of the type IMM_MES_InterfaceType which was defined by Euromap 77 InjectionUnit_1 is an instance of the InjectionUnitType type of Euromap 77 ...

Page 222: ...ng namespaces in the lower area of the OPC UA interface editor Properties tab To do this select the server interface in the project tree here IMM_Manufacturer_01234 and select the Namespaces area in the inspector window Missing namespaces are selected If one or more namespaces are missing in your STEP 7 project create a new server interface of the Reference namespace type for each namespace The Cr...

Page 223: ...s used here According to the companion specification the instance name should begin with IMM followed by the name of the manufacturer of the injection molding machine the serial number of the machine is added to the end This allows a unique identification of the machine The names of all other lower level nodes are defined by the specification in the example above by Euromap 77 These node names mus...

Page 224: ... of the server interface click on the following icon in the toolbar of the OPC UA server interface editor Export interface You have the option of exporting the OPC UA server interface as an XML file This XML file contains all data type definitions referenced by the server interface To export the OPC UA server interface click on the following icon in the toolbar of the OPC UA server interface edito...

Page 225: ...rg euromap83 http www euromap org euromap77 The following description shows you how to proceed Creating a server interface for a reference namespace To create a server interface for a namespace proceed as follows 1 Select the CPU that you want to use as an OPC UA server 2 Click OPC UA communication Server interfaces 3 Double click Add new server interface STEP 7 TIA now displays the dialog Add new...

Page 226: ...cification uses additional namespaces add a new server interface for each namespace Add additional server interfaces for Euromap77 For Euromap 77 you still need the following namespaces http www euromap org euromap83 http www euromap org euromap77 First add a server interface for the namespace http www euromap org euromap83 This namespace contains basic definitions for Euromap 77 therefore it is r...

Page 227: ... found on the Internet https support industry siemens com cs ww en ps td A violation of configuration limits results in an error message Table 9 4 Configuration limits for OPC UA server interfaces Technical specification value CPU 1510SP F CPU 1511 C F T TF CPU 1512C CPU 1512SP F CPU 1513 F CPU 1505 S SP SP F SP T SP TF CPU 1515 F T TF CPU 1515 SP PC F T TF CPU 1516 F T TF CPU 1507S F CPU 1517 F T...

Page 228: ...ciple operates like a know how protected function block that is called by an external OPC UA client in runtime The OPC UA client only sees the defined inputs and outputs The content of the function block the method or algorithm remains hidden to the external OPC UA client The OPC UA client receives feedback on successful execution and values returned by the function block method or an error messag...

Page 229: ... example access to other function blocks or global data blocks If the server method uses input parameters these parameters are available to you This section of the server method should only be executed if an OPC UA client has called the server method After successful execution of the method you set the output parameters of the server method if the method has output parameters 3 Responding to serve...

Page 230: ... has called the server method Cool If the server method has not been called program execution returns directly to the cyclic user program over and The CPU resumes the cyclic user program after Cool1 If the server method has been called this information is returned to the server method Cool over The actual functionality is now executed in the Cool server method see Method Functionality in the graph...

Page 231: ...stance that the method has been called called Synchronous call of the instruction OPC_UA_ServerMethodPre as a multi instance stating the storage area for the input data from the OPC UA server The return value indicates whether or not the method has been called by the OPC UA client Check whether the method has been completed or is still active busy D Check whether the method has been completed If i...

Page 232: ...f the data types You can also use the listed data types for example as elements of structures arrays UDTs for input and output parameters of self created server methods UAMethod_InParameters and UAMethod_OutParameters SIMATIC data type OPC UA data type BOOL Boolean SINT SByte INT Int16 DINT Int32 LINT Int64 USINT Byte UINT UInt16 UDINT UInt32 ULINT UInt64 REAL Float LREAL Double LDT DateTime WSTRI...

Page 233: ...method instances OPC_UA_ServerMethodPre OPC_UA_ServerMethodPost in structions 20 50 100 Maximum number of arguments per method More than the specified number of arguments can be configured and loaded into the CPU but an OPC UA client cannot call the method 20 20 20 Error message when exceeded If the maximum number of server methods is exceeded the OPC_UA_ServerMethodPre or OPC_UA_ServerMethodPost ...

Page 234: ...tics Sessions Diagnostics Subscriptions Diagnostics In the address space of the server for example the following nodes are available with diagnostic information ServerDiagnosticsSummary Server diagnostics summary CurrentSessionCount Number of active sessions SecurityRejectedSessionCount Number of sessions rejected due to mismatching end point security settings between client and server SessionsDia...

Page 235: ...e also shows the properties of the client application accessing the server within the session Figure 9 47 Sessions diagnostics with the properties of the client application Diagnostics of the connection between client and server To diagnose the status of the connection during program runtime in the client use the following instruction OPC_UA_ConnectionGetStatus Read connection status ...

Page 236: ... service request from a partner client Requirement The Change of OPC UA server status option is selected OPC UA Server Diagnostics in the OPC UA properties of the CPU Note If this option is selected the CPU also automatically enters the lowest set security policy into the diagnostic buffer after startup Examples If the OPC UA server of the CPU shuts down due to a download process and then starts w...

Page 237: ...and state transitions Description of the server states The individual states that the OPC UA server can assume are explained below Server states Explanation Shutdown Initial status After POWER ON After loading the hardware configuration with activated or deactivated OPC UA server After loading OPC UA relevant data Starting OPC UA address space in server is initialized Running OPC UA server running...

Page 238: ...e diagnostic buffer Subscription states and state transitions Client connects to server login with correct authentication data correct credentials Client closes connection correctly Client no longer sends messages session ends with timeout Client connects to server login with incorrect authentication data Figure 9 49 Session states and state transitions 9 3 6 4 Check for security events If the CPU...

Page 239: ... are able to create an entry in the diagnostic buffer for the following events Bad client requests incorrect use Service error occurred CPU specific high limits of the OPC UA server were violated Example of a faulty client request For example there is an incorrect request when a client addresses a node tag that does not exist or if a resource is requested that does not exist In this case the corre...

Page 240: ...ective client application converts the requests into the service requests defined in OPC UA The names of these services are defined and grouped according to their use see also opcfoundation org In the case of an incorrect use you can find precisely these names of the services together with the corresponding session ID in the diagnostic buffer as the service that caused the error The services avail...

Page 241: ...as of firmware version V2 8 are able to create an entry in the diagnostic buffer at state changes of a subscription The diagnostic buffer displays the new state exception KeepAlive Requirement In the OPC UA properties of the CPU the option Subscriptions Change of status OPC UA Server Diagnostics is selected Example An OPC UA client is connected to an S7 1500 CPU as OPC UA server and generates a su...

Page 242: ...lowing states Status Meaning Creating Client has requested a subscription in the server the server creates the sub scription Normal Subscription is created in the server and active Closed Client has deleted the subscription KeepAlive Status if the monitored items do not change over a long period of time These state transitions are not entered in the diagnostic buffer Late Client has generated a su...

Page 243: ...nto the diagnostic buffer Requirement In the OPC UA properties of the CPU the option Subscriptions Sampling time errors OPC UA Server Diagnostics is selected Error free subscription In the case of an OPC UA subscription to various elements such as tags the OPC UA server of the SIMATIC S7 1500 must check the elements for value changes at specified intervals sampling interval This check referred to ...

Page 244: ... diagnostics To prevent the diagnostics buffer being swamped by large numbers of identical OPC UA diagnostics as of STEP 7 V16 service pack 1 you can set parameters so that these diagnostics are entered in the diagnostics buffer as group alarm Per interval monitoring time the CPU then only generates one group alarm per OPC UA diagnostics The following sections describe which diagnostics the CPU gr...

Page 245: ...up alarm per subsequent interval A diagnostic surge leaves the following pattern in the diagnostics buffer Three individual messages followed by a series of group alarms This series can consist of two three or more group alarms depending on the selected monitoring time and duration of the diagnostic surge Diagnostic results of a group of a type for example Sampling rate could not be reached Interv...

Page 246: ...en OPC UA client for IEC61131 3 Convenient editors in STEP 7 For the parameter assignment of the instructions for OPC UA clients a convenient editor is available in the TIA Portal the connection parameter assignment Page 175 As of Version 15 1 STEP 7 also features an editor for client interfaces Page 251 This section describes how you work with these editors First you will be shown how to create a...

Page 247: ...PC UA client instructions you are able to control communication for the following tasks with the S7 1500 CPU as an OPC UA client Read write tags of the OPC UA server Call methods in the OPC UA server Optional instructions can be used to determine the following information The status of the connection between the OPC UA client and OPC UA server Node IDs of nodes with known hierarchy of the address ...

Page 248: ...h inserted instruction for requesting for example the NodeIDs of nodes of the OPC UA server You can determine the connection status between the establishment and termination of the connection in parallel with other instructions Instructions for clean up Figure 9 56 Run sequence of optional instructions Convenient editors in STEP 7 The OPC UA client instructions are described in detail in the refer...

Page 249: ...r connection terminations Registered Read Registered Write Registered Method Call 9 4 3 Number of client instructions that can be used simultaneously SIMATIC error codes for OPC UA client instructions The following limits apply to the simultaneous use of OPC UA client instructions up to date technical specifications of the CPUs can be found on the Internet https support industry siemens com cs ww ...

Page 250: ... 10 40 OPC_UA_ConnectionGetStatus 4 10 40 maximum 1 per connection Maximum number of usable OPC UA client interfaces If you create OPC UA client interfaces using the connection parameter assignment the number of client interfaces is limited to 40 Create the OPC UA client interfaces by double clicking the Add new client interface symbol in the project tree of the OPC UA communication area The maxim...

Page 251: ...fication number of the blank The tag has the data type Int Temperature This tag contains temperature values recorded during the production of the blank The tag is an array with elements of the Real data type In addition this CPU provides the following writable tag ProductionEnabled The tag is set by the OPC UA client The tag has the data type BOOL If the value is set to TRUE the production line is...

Page 252: ...ition the client interface contains all methods that the OPC UA server provides and that you want to call with your user program that acts as an OPC UA client If you create a client interface STEP 7 also creates data blocks for the parameter assignment of the connection to the OPC UA server from which you want to read data or to which you want to write data Maximum number of client interfaces You ...

Page 253: ... You configure a connection in the properties of the client interface see Example configuration for OPC UA Page 249 Client_Interface_1_Data A data block for the PLC tags that you want to read or write from an OPC UA server as well as for methods that you want to call in the OPC UA server You use this data block in your user program This data block is currently still empty 5 Select a descriptive na...

Page 254: ...ss space of an OPC UA server The address space of an OPC UA server contains all PLC tags and server methods published by an OPC UA server OPC UA clients can access this address space Read PLC tags Write PLC tags Calling Server Methods The address space of an OPC UA server can be divided into one or more server interfaces For creating server interfaces see Creating a server interface for companion ...

Page 255: ...r Follow the same procedure with the ProductNumber tag The figure below shows the right field of the editor Figure 9 59 Read list in the OPC UA server interface Alternative You can also select a new read list by dragging the right field of the editor OPC UA Server interface to a node of the type Object or Folder and then dragging it to Add new read list in the left field of the editor The new read...

Page 256: ...itor STEP 7 adds a new list with the name ReadList_1 For the example change the name to WriteListStatus Now add the new write list of all OPC UA server tags to which you want to assign new values In the example add the WriteListStatus tag to the write list ProductionEnabled Select the Tag of right field of the editor OPC UA Server interface Drag the tag to the write list in the middle field of the...

Page 257: ... method list by selecting a method node of the type Object in the right field of the editor OPC UA Server interface and then dragging it to Add new method list in the left field of the editor The new method list then contains the method of the relevant node The following figure shows the content of the method list Figure 9 62 Methods list If you want to call another method of the OPC UA server you...

Page 258: ...d list node and the node is already used in a programmed block for the method call OPC_UA_MethodCall the compilation of the project leads to consistency errors During the compilation the UDTs of the method are generated with the changed name The references to the method used in the program are then no longer correct To correct the consistency errors you can either undo the name change of the metho...

Page 259: ... OPC UA client In addition the data block contains general default values for parameter assignment of the connection to an OPC UA server If you are working with connection parameter assignment this data block will be filled ProductionLine_Data A data block for the PLC tags that you have entered in the client interface editor In the example this data block is called Productionline_Data The figure b...

Page 260: ...eck whether a read value is valid Check whether the value in Productionline_Data ReadListProduct NodeStatusList 1 is equal to 0 Optional Check when this value was sent from the OPC UA server This value is in Productionline_Data Product TimeStamps 1 If no time stamp is requested the communication load is reduced Example Writing the ProductEnabled value Transfer the new values for PLC tags in the ex...

Page 261: ...data types used match For methods Do the number name order and data types of method arguments match 9 4 6 Determine server interface online With STEP 7 TIA Portal you can determine the interface of an OPC UA server online This provides information on which tags of a connected OPC UA server you can read or set write with OPC UA clients It also provides information on which server methods of the OPC...

Page 262: ...1 3 Double click the selected client interface The editor for client interfaces is displayed Figure 9 64 Editor for client interface 4 In the left section of the editor click Add new read list Add new write list or Add new method list 5 In the right field of the editor select Online as data source for Source of server data ...

Page 263: ...necting after a disconnection select the Connect to Online Server button next to the Online selection field In the top right enter the IP address of the OPC UA server whose server interface you want to determine online 7 Click Find selected server STEP 7 establishes a connection to the OPC UA server and determines all security settings server endpoints that the server holds in readiness STEP 7 dis...

Page 264: ...cted a secure end point then keep the default None 10 How do you want log on If you want to log onto the OPC UA server as guest then apply the default with User authentication If you want to log on with user name and password select User name and password Use the user name and password which was stored during the configuration of the OPC UA server in the properties of the CPU under General OPC UA ...

Page 265: ...dditional lower level folders Figure 9 67 Online view of OPC UA server interface See also Mapping of data types Page 142 Creating client interfaces Page 251 9 4 7 Using multilingual texts In the client interface editor you are also importing texts that can be displayed in different languages with the OPC UA XML files information models Multilingualism is optional and each node can be defined diffe...

Page 266: ...or displays the text from the OPC UA XML file in the columns Name of the node corresponds to DisplayName and Description corresponds to Description The following cascading rules determine which language is shown for a node When the node contains text in the currently used editing language the text is also displayed in the editing language Setting the editing language In the project tree select the...

Page 267: ...d writing values of complete structures provided by an OPC UA server How the client of the S7 1500 CPU accesses structures The OPC UA client of the S7 1500 CPU uses neither TypeDictionaries nor DataTypeDefinition attributes which a server offers for the resolution of these structures These options of the OPC UA client for checking structural elements in runtime are limited in the client Rules for ...

Page 268: ...mple tagA and tagB are swapped and the read list remains the same in the client the assignment is no longer correct The total length of the data remains the same only the order has changed The configuration of the structure is different for client and server WARNING No error message in the case of different structure configuration between client and server If the structures of client and server do...

Page 269: ...ace The section Create client interface Page 251 describes how to create a client interface 2 Click the Properties tab Inspector window if the tab is not already displayed STEP 7 now displays the connection parameter assignment for the instructions of the OPC UA client The General tab is open 3 Click on the Configuration tab and set the connection to the OPC UA server Setting the connection parame...

Page 270: ... client interface The entry then consists of the components OPC Schematic Prefix IP address Port number and Server path for example opc tcp 192 168 0 10 4840 example path The following figure shows the entry of the IP address for the OPC UA server Figure 9 70 Connection parameters 4 If the OPC UA server is not using the standard port 4840 you must insert the port number here For example enter the ...

Page 271: ...ulations can thus be detected Sign Encrypt OPC UA server and OPC UA client sign and encrypt the data transmission all messages Security policy Set the encryption techniques for the signing and encryption of messages The following settings are possible No security Basic128Rsa15 Basic256 Basic256Sha256 To configure a secure connection you must observe the following items A certificate is required fo...

Page 272: ... area of the Configuration tab you can for example influence the language of the texts returned by the server as follows In the Languages area enter a number of languages that the server transfers to the client during connection setup The language or the local ID language code associated with it that you enter in the first line is the language preferred by the client If the server can provide the ...

Page 273: ...described here Generating PKI key pairs and certificates yourself Page 153 Working with the certificate generator of the OPC Foundation is described here Creating self signed certificates Page 152 Certificate of the OPC UA client of the S7 1500 CPU A secure connection between the OPC UA server and an OPC UA client is only established if the server classifies the certificate of the client as truste...

Page 274: ... can generate the client certificate as follows 1 In the project tree select the CPU you want to use as a client 2 Double click Device configuration 3 In the properties of the CPU click Protection Security Certificate manager 4 Double click Add new in the Device certificates table STEP 7 opens a dialog 5 Click the Add button 6 Select the OPC UA client entry from the Usage list 7 Click OK STEP 7 no...

Page 275: ...roject tree Double click Global security settings Double click Certificate manager STEP 7 opens the global certificate manager Click the Device certificates tab Right click in the tab on a free area not on a certificate Select the Import shortcut menu The dialog for importing certificates is displayed Select the client certificate that the server is to trust Click Open to import the certificate Th...

Page 276: ...e user must prove authorization no anonymous access The OPC UA server checks whether the client user is authorized to access the server Authorization is given by the user name and the correct password These inputs cannot be checked by the client interface which means all values are accepted as being valid Note STEP 7 stores user name and password unencrypted in the data block instance data block R...

Page 277: ...onnection can be established in runtime S7 1500 as OPC UA client OPC UA server which supports no encryption of authentication data when No Security none is set as security policy See also Users and roles with OPC UA function rights Page 194 9 4 9 4 Using a configured connection Introduction This section shows you how to use a configured connection for OPC UA instructions third step Requirements Yo...

Page 278: ...odeReleaseHandleList instruction can be omitted if OPC_UA_Disconnect is called immediately afterwards Figure 9 71 Call sequence for write and read operations STEP 7 TIA Portal automatically supplies the parameters of these instructions if you are using a client interface and a configured connection to an OPC UA server The procedure is shown in the following section Using a client interface and con...

Page 279: ...mming language uses the following display The editor for the Ladder Logic LAD programming language displays the instruction similarly 4 Click the toolbox symbol in the editor for FBD or LAD The symbol is located in the heading of the instruction If you are using the editor for STL or SCL Click the small green rectangle below the first character of the instance name The example Page 249 uses OPC_UA...

Page 280: ...the OPC UA client of the example Page 249 uses for data exchange with the OPC UA server ProductionLine 6 Using drag and drop move the UA_NamespaceGetIndexList instruction into the program editor You will find the instruction under Instructions Communication OPC UA in the TIA Portal Select the Multi instance call option Click the toolbox symbol LAD and FBD or the small green box below the instance ...

Page 281: ...tion Click the toolbox symbol LAD and FBD or the small green box below the instance name STL and SCL if the editor is not already open Select the client interface that you want to use The example uses the ProductionLine client interface Under Data access Read Writelist select the read list that you want to use in the example the read list Product STEP 7 now automatically interconnects all paramete...

Page 282: ...CPU as an OPC UA client Communication Function Manual 11 2019 A5E03735815 AH 281 If you want to write data to an OPC UA server select the write list you want to use under Data access Read Writelist the ProductionStatus write list in the example ...

Page 283: ... server under Data access Writelist ProductionStatus write list in the example 9 If you use different read lists or write lists as program controlled lists in your user program move the UA_NodeReleaseHandleList instruction to the program editor using drag and drop operation Select the client interface that you want to use Now select a read list or write list that you want to release Only release r...

Page 284: ...instructions STEP 7 automatically supplies the parameters if you are using a client interface and a configured connection to an OPC UA server OPC_UA_Connect OPC_UA_NamespaceGetIndexList OPC_UA_NodeGetHandleList OPC_UA_MethodGetHandleList OPC_UA_MethodReleaseHandleList OPC_UA_ReadList OPC_UA_WriteList OPC_UA_MethodCall OPC_UA_NodeReleaseHandleList OPC_UA_Disconnect ...

Page 285: ... of the respective CPU The information is based on a sampling publishing interval of 1 second You can find additional information in the FAQ 109755846 https support industry siemens com cs us en view 109755846 Select the same sampling and publishing intervals for the OPC UA client and for the OPC UA server Avoid arrays and structures as elements of subscriptions if the process allows Reason If eve...

Page 286: ...to improved performance when loading in RUN Tip Using the detailed object display in the TIA Portal you can easily mark the non OPC UA relevant data blocks as not accessible from OPC UA Consistent transfer of data beyond the limits of simple data types is only possible with OPC UA methods If you use other OPC UA functions Subscriptions Read Write you must ensure data consistency in the application...

Page 287: ...e project When you create the master copy in a global library it can be used in different projects The OPC UA capable CPUs differentiate between 3 interface types of the OPC UA server Standard OPC UA server interface Companion specification interface Namespace reference When adding the OPC UA interface in the project tree under OPC UA Communication each interface type gets its own symbol The same ...

Page 288: ...ou want to create as master copies 2 Right click on the Master copies folder or any of its subfolders in the library 3 In the shortcut menu select Paste as a single master copy command If multiple interfaces are added to a master copy from the OPC UA server or OPC UA client the label and the symbol in the library are changed accordingly A symbol with is displayed instead of the simple symbol Figur...

Page 289: ...nets Simple access from the control level to the field level for configuration and pa rameter assignment of devices e g via PDM or Web browser Simplified integration of devices for re mote access e g for diagnostics during remote maintenance or firmware update IP forwarding Page 294 Data record routing Data can be sent over PROFINET from an engineer ing station to field devices via multiple networ...

Page 290: ...S7 subnets the following order must be kept to when downloading First download the hardware configuration to the CPU s directly connected to the same S7 subnet as the PG PC then download one by one the CPUs of the S7 subnets beyond this starting with the nearest S7 subnet through to the S7 subnet furthest away The PG PC you want to use to establish a connection via a S7 router must be assigned to ...

Page 291: ...ions With the PG PC you can reach devices beyond S7 subnets for example to do the following Download user programs Download a hardware configuration Execute test and diagnostics functions In the following figure CPU 1 is the S7 router between S7 subnet 1 and S7 subnet 2 Figure 10 1 S7 routing PROFINET PROFINET ...

Page 292: ... subnet 2 CPU 2 is the S7 router between S7 subnet 2 and S7 subnet 3 Figure 10 2 S7 routing PROFINET PROFIBUS S7 routing for HMI connections You have the option of setting up an S7 connection from an HMI to a CPU via different subnets PROFIBUS and PROFINET or Industrial Ethernet In the following figure CPU 1 is the S7 router between S7 subnet 1 and S7 subnet 2 Figure 10 3 S7 routing via HMI connec...

Page 293: ...e is described based on examples in the section S7 communication Page 112 Figure 10 4 S7 routing via CPU CPU communication Using S7 routing For the CPU select the PG PC interface and the S7 subnet in the Go online dialog of STEP 7 S7 routing is performed automatically Number of connections for S7 routing The number of connections available for S7 routing in the S7 routers CPUs CMs or CPs can be fo...

Page 294: ...sing TeleService Additional information The allocation of connection resources with S7 routing is described in the section Allocation of connection resources Page 311 You can find more information on setting up TeleService in the STEP 7 online help You can find more information on S7 routing and TeleService adapters when you search the Internet using the following links Device manual Industrial So...

Page 295: ...d IP subnets or to a configured router The following figure shows how a programming device accesses data of an HMI device Programming device and HMI device are located in different IP subnets The IP subnets are connected to the two interfaces X1 and X2 of the CPU Figure 10 6 Access of a programming device to an HMI via IP forwarding Areas of application Easy access from the control level to the fi...

Page 296: ...U forwards received IP packets that are not addressed to itself How the CPU forwards the IP packets is defined in its internal IP route table The CPU automatically creates the IP route table from the following information of the loaded hardware configuration IP configuration of the Ethernet interfaces Configured router Example of a configuration with IP forwarding The following figure shows a samp...

Page 297: ... in the following IP routing table for the CPU Table 10 1 IP route table of the CPU Network destination Interface Gateway 0 0 0 0 0 10 10 0 10 10 10 0 1 192 168 1 0 24 192 168 1 1 192 168 2 0 24 192 168 2 1 10 10 0 0 24 10 10 0 10 For IP communication between the PG PC and the HMI device you need to set up additional IP routes to the IP subnet of the HMI device both in the PC and in the IP router ...

Page 298: ... route add destination IP subnet mask subnet mask gateway However you need certain access rights for this For this example enter the following prompt route add 192 168 2 0 mask 255 255 255 0 192 168 4 20 In an IP router you set up additional routes e g via a web interface Set up the following route for this example Destination IP subnet 192 168 2 0 Subnet mask 255 255 255 0 Gateway 10 10 0 10 ...

Page 299: ...e reached via exactly one configurable router Because the S7 1500 CPU does not support additional IP routes you cannot build bi directional IP router cascades In the following configuration you can configure either Router 1 or Router 2 in the CPU Router 1 is configured as an example In this case you cannot configure Router 2 IP communication between the PC and the HMI device is not possible becaus...

Page 300: ...ly reach devices in the IP subnet of interface X3 via interfaces X1 and X2 but also C C Runtime From the C C Runtime of the CPU 1518 4 PN DP MFP you reach all devices in the IP subnets of the interfaces X1 X2 and X3 Conditions IP forwarding is enabled for the CPU 1518 4 PN DP MFP The IP address of C C Runtime and the IP address of interface X3 are located in the same IP subnet The routes to the IP...

Page 301: ... the CPU The CPU accesses the devices in the remote light green IP subnet A via the router The Access to PLC via communication module function is enabled for the CP 1543 in the CPU The CPU reaches all devices within the IP subnet D via W1 interface If IP forwarding is enabled in the CPU then a device from IP subnet A can access any device within IP subnets B C and D close to the CPU Protect your a...

Page 302: ...tworks Since the engineering station addresses the field devices using standardized records and these records are routed via S7 devices the term data record routing is used to refer to this type of routing The data sent using data record routing include the parameter assignments for the participating field devices slaves and device specific information e g setpoint values limit values Data record ...

Page 303: ...t automation siemens com WW view en 87611392 The figure below shows an example configuration with the data record routing with PCT Figure 10 13 Example configuration for data record routing with PCT Additional information The differences that exist between normal routing and data record routing are described in this FAQ https support industry siemens com cs ww en view 7000978 Whether or not the CP...

Page 304: ...al interface is not a fully diagnosable interface with the familiar properties of conventional interfaces The virtual interface is not displayed in the graphical views because the internal connection via the backplane bus does not represent an S7 subnet and does not have any ports A physical connection by means of a network cable therefore cannot be established The IP address of the virtual interf...

Page 305: ... support this function because R H CPUs do not support CPs Configuration of the virtual interface W1 In the properties of an S7 1500 CPU as of firmware V2 8 you can assign a plugged communication module to the virtual interface W1 under Advanced Configuration Access to PLC via communication module You can then use this for external access to the CPU If no CPs are plugged in or the plugged CPs do n...

Page 306: ... configured and loaded IP address parameters of the virtual interface via display T_CONFIG instruction or online the loaded configuration is active again after the CPU restarts Configuration changes on the CP A change of the assigned communication module may have an effect on the configuration of the virtual interface In the properties of the CPU Assignment of a different CP The configuration is u...

Page 307: ...over the virtual interface This means the security functions of the communication module cannot protect the data traffic via the virtual interface NOTICE Connecting to non secure networks If you connect the CP to a non secure network it is absolutely necessary to connect an additional firewall between the CP and the non secure network For example use the security modules SCALANCE S602 V3 and SCALA...

Page 308: ...rmined by the CPU Reserved connection resources Each CPU has reserved connection resources for PG HMI and Web server communication This ensures for example that a PG can always establish at least one online connection with the CPU regardless of how many other communications services are already using connection resources Dynamic connection resources In addition dynamic resources exist The differen...

Page 309: ...tation Available connection resources of the station of which A Reserved connection resources of the station A B Connection resources of CPU 1518 C Connection resources of communications module CM 1542 1 D Connection resources of communications processor CP 1543 1 Maximum communications resources of the station using the example of a configuration from CPU 1518 CM 1542 1 and CP 1543 1 Figure 11 1 ...

Page 310: ...32 40 84 128 32 64 Additional connection re sources CM 1542 1 64 Additional connection re sources CP 1543 1 118 Additional connection re sources CM 1542 5 40 Additional connection re sources CP 1542 5 16 The number of connection resources that a CPU or a communication module supports is specified in the device manuals in the Technical Specifications Example You have configured a CPU 1516 3 PN DP w...

Page 311: ...ection resources are reserved for stations with S7 1500 CPU ET 200SP CPU and ET 200pro CPU based on S7 1500 4 for PG communication required by STEP 7 for example for test and diagnostics functions or downloading to the CPU 4 for HMI communication which are occupied by the first HMI connections configured in STEP 7 2 for communication with the Web server ...

Page 312: ...communication The Web server connection occupies at least one connection resource in the station The number of occupied connections depends on the browser PG communication The PG connection occupies one connection resource in the station OPC UA client server communication Connection resource allocation for the server see below OPC UA client server communication Connection resource allocation for t...

Page 313: ...e occupied for HMI communication in the CPU Connection resources for OPC UA client communication Each connection that the OPC UA client of the CPU has established to an OPC UA server occupies a connection resource in the station When establishing and closing an OPC UA connection the OPC UA client temporarily occupies an additional connection resource According to RFC 793 this connection resource i...

Page 314: ...resources table The number of resources for S7 routing depends on the CPU You will find the resources for S7 routing in the technical specifications of the CPU in Number of S7 routing connections Connection resource for S7 communication Special connection resources for S7 routing Figure 11 3 Connection resources with S7 routing Data record routing also enables transfer of data beyond S7 subnets fr...

Page 315: ...tion is downloaded to the CPU After using a configured connection for data transfer the connection is not terminated The connection resource is permanently occupied To release the connection resource again you need to delete the configured connection in STEP 7 and download the modified configuration to the CPU PG connection As soon as you have connected the PG to a CPU online in STEP 7 connection ...

Page 316: ...on resources is exceeded STEP 7 signals this with a suitable warning Online The CPU monitors the use of connection resources in the automation system If you establish more connections in the user program than those provided by the automation system the CPU acknowledges the instruction to establish the connection with an error S7 1500 and S7 300 comparison You will find a comparison of how the comm...

Page 317: ...pecific connection resources The columns of the station specific connection resources provide information about the used and available connection resources of the station In the example a maximum of 256 station specific connection resources are available for the automation system 10 reserved connection resources of which 4 are already in use and a further 6 available The used resources are divided...

Page 318: ...ion resources from the CPU CP and CM either use a CPU with a higher maximum number of available station specific connection resources or reduce the number of communications connections Module specific connection resources The columns of the module specific connection resources provide information about the use of resources on the CPUs CPs and CMs of an automation system The display is per module a...

Page 319: ...iew of the Connection resources table in addition to the offline view also contains columns with the connection resources currently being used Thus the online view displays all used connection resources in the automation system regardless of how the connection was set up The Other communication row displays connection resources assigned for communication with external devices The table is updated ...

Page 320: ...er of connection resources for HMI communication and HTTP communications used offline in the HMI If the maximum number of available connection resources for an HMI device is exceeded a corresponding message is output by STEP 7 Maximum number of used PLC resources per HMI connection This parameter is a factor that is to be multiplied by the number of HMI connections used offline The product is the ...

Page 321: ...ine view After selecting a CPU in the Devices networks editor of STEP 7 you will see the status of your connections displayed in the online view of the connections table Figure 12 1 Online view of the connections table After selecting the connection in the connections table you obtain detailed diagnostic information in the Connection information tab ...

Page 322: ...s and fault correction 12 1 Connection diagnostics Communication Function Manual 11 2019 A5E03735815 AH 321 Connection information tab Connection details Figure 12 2 Diagnostics of connections connection details ...

Page 323: ...rver of a CPU On the Communication Web page you will find the following information about communication via PROFINET in various tabs Information on the PROFINET interfaces of the CPU for example addresses subnets physical properties Information on the quality of the data transfer for example number of data packets sent received error free Information about the allocation availability of connection...

Page 324: ...d IP address You can set an emergency address regardless of the protection level of the CPU When do you need an emergency address Your CPU cannot be reached in the following cases The IP address of your PROFINET interface is assigned twice The subnet mask is set incorrectly Requirements You have selected Set IP address in the project for the IP protocol in the device configuration in STEP 7 The CP...

Page 325: ... S7 1500R H redundant system Open User Communication no configured connections Secure Open User Communication Not supported as certificate management is not possible for the R H CPUs If you have activated Secure OUC then although you can compile the user program and load it you cannot add certificates to the R H CPUs no FDL connections Email The S7 1500R H CPUs with firmware version V2 6 support t...

Page 326: ...l primary CPU in redundant operation There is a virtual MAC address for each system IP address You enable the system IP addresses in STEP 7 Advantages of the system IP addresses compared to device IP addresses The communication partner communicates specifically with the primary CPU Communication of the S7 1500R H redundant system via a system IP address still also works in the event of the failure...

Page 327: ... system IP address X2 If the CPUs of the S7 1500R H redundant system have two PROFINET interfaces preferably use the PROFINET interface X2 for communication with other devices The following figure shows a configuration in which the communication partners are connected via the respective PROFINET interfaces X2 with the CPUs of the redundant system S7 1500R H Open User Communication between a differ...

Page 328: ... connects the communication partners with the respective PROFINET interfaces X1 of the two CPUs As the CPU 1513R only has one PROFINET interface connection via the PROFINET ring is the only possibility of communicating via the system IP address X1 Open User Communication between the S7 1500R H redundant system and a different CPU HMI communication with the S7 1500R H redundant system Open User Com...

Page 329: ...ROFINET devices which are connected to the interfaces X1 of the CPUs communicate via the system IP address X1 PROFINET devices which are connected to the interfaces X2 of the CPUs communicate via the system IP address X2 Open User Communication between the S7 1500R H redundant system and a different CPU HMI communication with the S7 1500R H redundant system Open User Communication between the S7 1...

Page 330: ... 1500R H redundant system IP packets are forwarded even if one CPU fails In the following figure the PC is connected to the two X2 interfaces of the S7 1500R CPUs Enter the system IP address X2 as gateway in the PC for the route to the HMI device The HMI device is connected to the PROFINET ring of the redundant system S7 1500 via a switch The system IP address X1 is configured as router in the HMI...

Page 331: ...ies General Ethernet addresses in the area System IP address for switched communication 3 Select the check box Enable the system IP address for switched communication STEP 7 automatically creates a system IP address Figure 13 5 Configure IP address 4 Change the system IP address if necessary 5 If required change the virtual MAC address To do this in Virtual MAC address assign a project wide unique...

Page 332: ...YNCUP The processing of running instances of the instructions TSEND and TRCV is stopped The block parameter STATUS returns 80C4H temporary communication error 13 3 Response to primary backup switchover Response of communication connections via the system IP address during a primary backup switchover Running instances of the instructions TSEND and TRCV are stopped and return the status 80C4H tempor...

Page 333: ... S7 1500R H redundant system Each communication connection to the redundant system S7 1500R H occupies connection resources in the S7 1500R H station The S7 1500R H station comprises the hardware setup of both CPUs of the redundant S7 1500R H system Depending on the IP address used a communication connection also uses connection resources in one or both CPUs of the redundant S7 1500R H system The ...

Page 334: ...on resources in STEP 7 Requirements Online connection to the redundant system S7 1500R H You will find the online display of the connection resources in the inspector window under Diagnostics Connection information STEP 7 always displays the connection resources of the selected CPU and the S7 1500R H station Figure 13 6 Display of the connection resources of the S7 1500R H redundant system in STEP...

Page 335: ...e PROFINET interface of the HMI device and a PROFINET interface of the S7 1500R H redundant system The HMI device and the S7 1500R H redundant system are networked together Figure 13 7 Networking an HMI device with the S7 1500R H redundant system 3 In the list of functions click the Connections icon This activates connection mode 4 Using a drag and drop operation draw a line between the HMI device...

Page 336: ...FINET interface In the event of the failure of this CPU then the HMI connection to this CPU permanently fails Figure 13 9 Properties of the HMI connection Note Automatic setup of HMI connection When you drag and drop a tag from the S7 1500R H redundant system into an HMI screen or into the HMI tag table STEP 7 automatically sets up an HMI connection This HMI connection exists by default between th...

Page 337: ...N_IP_v4 TADDR_Param TADDR_SEND_QDN TADDR_RCV_IP Establish connection and send receive data via TSEND_C TRCV_C TUSEND TURCV TRCV connection can be terminated via TDISCON Modbus TCP TCON_IP_v4 TCON_QDN MB_CLIENT MB_SERVER 13 6 1 Setting up the connection of the Open User Communication with the redundant S7 1500R H system Introduction The S7 1500R H redundant system can communicate with other devices...

Page 338: ...connection via a system IP address The following describes how to establish a connection to another CPU via a system IP address of a PROFINET interface of the redundant S7 1500R H system You set up the connection in the user program of the redundant system S7 1500R H with a TSEND_C instruction You create a corresponding TRCV_C instruction in the user program of the other CPU The procedure is descr...

Page 339: ...munication 338 Function Manual 11 2019 A5E03735815 AH TSEND_C instruction in the user program of the S7 1500R H redundant system To set up a TCP connection to a different CPU follow these steps 1 Create a TSEND_C instruction in the user program Figure 13 11 S7 1500R H TSEND_C instruction 2 Select the TSEND_C instruction ...

Page 340: ...selected The system IP address of the S7 1500R H redundant system is in Address Figure 13 12 S7 1500R H Assigning parameters to the TSEND_C instruction in STEP 7 4 In Partners under End point select the CPU 1516 3PN DP as the communication partner 5 In Partners under Interface select the PROFINET interface X2 of the CPU 1516 3PN DP 6 In Local under Connection data select the setting new STEP 7 cre...

Page 341: ...500R H Communication 340 Function Manual 11 2019 A5E03735815 AH TRCV_C instruction in the user program of the CPU 1516 3PN DP Create a TRCV_C instruction in the user program of the CPU 1516 3PN DP and assign parameters as below Figure 13 13 S7 1500 3PN DP Assigning parameters to the TRCV_C instruction in STEP 7 ...

Page 342: ...device IP address of one of the two CPUs Select a suitable PROFINET interface of the S7 1500R H redundant system Deselect the Use address of H system check box Figure 13 14 OUC connection via a device IP address Reference You can find additional information on system states in the S7 1500R H https support industry siemens com cs ww en view 109754833 system manual See also PROFINET FUNCTION MANUAL ...

Page 343: ...to IEEE 802 3 layer 2 Bandwidth limitation Global firewall rules All network nodes located in the internal network segment of a CP 1543 1 are protected by its firewall Exception If you access the CPU via the interface of the CP with the Access to PLC via communication module function the firewall does not protect this connection Logging To allow monitoring events can be stored in log files that ca...

Page 344: ...rview with links to the most important contributions on Industrial Security is available in this FAQ https support industry siemens com cs ww en view 92651441 14 1 Firewall Tasks of the firewall The purpose of the firewall functionality is to protect networks and stations from outside influences and disturbances This means that only certain previously specified communications relations are permitt...

Page 345: ...3 1 As an alternative it is also possible to record on a network server The parameter assignment and evaluation of these functions is only possible with a network connection Recording events with logging functions You specify which events should be recorded with the log settings Here you can configure the following recording variants Local logging With this variant you record the events in local b...

Page 346: ...on using the Simple Network Management Protocol SNMP To achieve this an SNMP agent is installed on the CP CPU that receives and responds to the SNMP queries Information about the properties of devices capable of SNMP is contained in so called MIB files Management Information Base for which the user needs to have the appropriate rights With SNMPv1 the community string is also sent The community str...

Page 347: ...l Private Network tunnels provide a secure data connection through the non secure external network The module uses the IPsec protocol tunnel mode of IPsec for tunneling In STEP 7 you can assign VPN groups to security modules VPN tunnels are automatically established between all modules of a VPN group A module in one project can belong to several different VPN groups at the same time in the process...

Page 348: ...ntrol if the primary CPU fails Bus Transmission medium that connects several devices together Data transmission can be performed electrically or via optical fibers either in series or in parallel Client Device in a network that requests a service from another device in the network server CM Communications module Communications module Module for communications tasks used in an automation system as ...

Page 349: ...ficates Such certificates are signed by a certificate authority CA The signature of an end entity certificate is checked with the public key of the certificate authority certificate The Subject attribute must not be identical to the Issuer attribute The Subject for example contains the name of a program as with the OPC UA application certificate Issuer is the certificate authority that signed the ...

Page 350: ...etwork adapter Electronic circuitry for connecting a computer to an Ethernet network It allows the exchange of data communication within the network FETCH WRITE Server services using TCP IP ISO on TCP and ISO for access to system memory areas of S7 CPUs Access client function is possible from a SIMATIC S5 or a third party device PC FETCH Read data directly WRITE Write data directly Field device De...

Page 351: ...ieldbus to the CPU IO controller DP master and prepares the data for the I O modules Intermediate CA certificate This is a certificate authority certificate that is signed with the private key of a root certificate authority An intermediate certificate authority signs end entity certificates with its private key The signature of these end entity certificates is verified with the public key of the ...

Page 352: ...umber is divided into a network part and a host part ISO protocol Communications protocol for message or packet oriented transfer of data in an Ethernet network This protocol is hardware oriented very fast and allows dynamic data lengths The ISO protocol is suitable for medium to large volumes of data ISO on TCP protocol Communications protocol capable of S7 routing for packet oriented transfer of...

Page 353: ...thernet NTP uses the connectionless UDP transport protocol for the Internet OPC UA OPC Unified Automation is a protocol for communication between machines developed by the OPC Foundation Operating states Operating states describe the behavior of a single CPU at a specific time The CPUs of the SIMATIC standard systems have the STOP STARTUP and RUN operating states The primary CPU of the redundant s...

Page 354: ...s image output as a signal state to the output modules The CPU then reads the signal states of the input modules into the process image input The CPU then executes the user program PROFIBUS Process Field Bus European Fieldbus standard PROFIBUS address Unique identifier of a device connected to PROFIBUS The PROFIBUS address is sent in the frame to address a device PROFIBUS device Device with at lea...

Page 355: ...ssed in exactly the same way as the centralized IO PROFINET IO as the Ethernet based automation standard of PROFIBUS PROFINET International defines a cross vendor communication automation and engineering model With PROFINET IO a switching technology is used that allows all devices to access the network at any time In this way the network can be used much more efficiently through the simultaneous d...

Page 356: ...gure the OPC UA server of an S7 1500 in the TIA Portal the TIA Portal generates an end entity certificate for the OPC UA server and signs that certificate with its own private key The signature of this end entity certificate can be verified with the public key of the TIA Portal This key can be found in the root CA certificate of the TIA Portal Router Network node with a unique identifier name and ...

Page 357: ...ue to the destruction of data Self signed certificates These are certificates that you sign with your private key and use as end entity certificates The signature of these end entity certificates is verified with your public key The Subject and Issuer attributes of self signed certificates must be identical You have signed your certificate yourself The CA field must be set to False You can for exa...

Page 358: ...the redundant system S7 1500R H supports system IP addresses System IP address for the X1 PROFINET interfaces of the two CPUs system IP address X1 System IP address for the X2 PROFINET interfaces of the two CPUs system IP address X2 You use the system IP addresses for communication with other devices for example HMI devices CPUs PG PC The devices always communicate over the system IP address with ...

Page 359: ...ndard with the RJ 45 connector system UDP User Datagram Protocol communications protocol for fast and uncomplicated data transfer without acknowledgment There are no error checking mechanisms as found in TCP IP User program In SIMATIC a distinction is made between the CPU operating system and user programs The user program contains all instructions declarations and data by which a system or proces...

Page 360: ...or 14 Communications services Connection resources 27 Connection Diagnostics 320 Instructions for Open User Communication 68 Connection diagnostics 320 Connection resources Data record routing 313 HMI communication 312 Module specific 317 occupying 314 Overview 27 307 S7 routing 313 Station specific 316 Consistency of data 31 CP 14 D Data consistency 31 Data record routing 301 Digital certificates...

Page 361: ...cation 193 Basics 159 Commissioning 175 Customizing the server certificate 190 Generating a server certificate 184 Performance 173 Performance increase 173 Publishing interval 182 Runtime licenses 197 198 Sampling interval 183 Security settings 188 Subscription 180 TCP port 179 181 Write and read rights 165 XML export file 174 Open communication Connection configuration 75 Setting up e mail 87 Set...

Page 362: ...y configuring 80 ISO connection with CP 1543 1 81 Signature 41 SNMP 19 345 SSL 39 Symmetric encryption 37 Syslog 344 System data type 69 T TCON 68 TCP 19 66 75 TDISCON 68 Time of day synchronization 19 TLS 39 Transport Layer Security 39 TRCV 68 TRCV_C 68 TSEND 68 TSEND_C 68 U UDP 19 66 75 URCV 113 USEND 113 USS protocol 121 W Web server 19 Write 19 X X 509 35 ...

Search results

Summary of Contents for SIMATIC ET 200SP

Reviews:

Brands by name

Popular brands

Siemens SIMATIC ET 200SP, Function Manual

Search results

Summary of Contents for SIMATIC ET 200SP

Reviews:

Brands by name

Popular brands