manualshive.com logo in svg

Automation Direct Stride SGW-MQ1611, Руководство пользователя

Поделиться
Скачать
Automation Direct Stride SGW-MQ1611 Скачать руководство пользователя страница 39

Appendix A: Safety and Security Considerations

Stride MQTT Gateway User Manual, 1st Edition

A-2

Security Considerations for Control Systems Networks

Manufacturers are realizing that to stay competitive, their Automation and Control Systems need to be 
more integrated within their plant. The systems often need to be integrated with upstream Enterprise Data 
Systems, and even further integrated to allow information to be accessible across multiple plants, or even 
through the Internet. This convergence of the IT world with the Automation World creates challenges in 
maintaining secure systems and protecting your investments in processes, personnel, data and intellectual 
property. 

While Automation Networks and Systems have built-in password protection schemes, this is only one very 
small step in securing your systems. Automation Control System Networks need to incorporate data protection 
and security measures that are at least as robust as a typical business computer system. We recommend that 
users of PLCs, HMI products and SCADA systems perform your own network security analysis to determine 
the proper level of security required for you application. However, the National Security Agency has provided 
direction related to network security and safety under an approach described as “Defense in Depth”, which 
is published at 

http://www.nsa.gov/ia/_files/support/defenseindepth.pdf

.

This comprehensive security strategy involves physical protection methods, as well as process and policy 
methods. This approach creates multiple layers and levels of security for industrial automation systems. Such 
safeguards include the location of control system networks behind firewalls, their isolation from business 
networks, the use of intrusion detection systems, and the use of secure methods for remote access such as 
Virtual Private Networks (VPNs).

Further, users should minimize network exposure for all control system devices and such control systems and 
these systems should not directly face the internet. Following these procedures should significantly reduce 
your risks both from external sources as well as internal sources, and provide a more secure system.

It is the user’s responsibility to protect such systems, just as you would protect your computer and business 
systems. AutomationDirect recommends using one or more of these resources in putting together a secure 
system:

•  US-CERT’s Control Systems Security Program at the following web address: 

www.us-cert.gov/control_systems/

•  Special Publication 800-82 of the National Institute of Standards and Technology – Guide to 

Industrial Control Systems (ICS) Security 

http://csrc.nist.gov/groups/SMA/fisma/ics/documents/

oct23-2009-workshop/nist-ics3_10-23-2009.pdf

•  ISA99, Industrial Automation and Control Systems Security 

http://www.isa.org/MSTemplate.

cfm?MicrositeID=988&CommitteeID=6821

 (please note this is a summary and these standards 

have to be purchased from ISA)

This set of resources provides a comprehensive approach to securing a control system network and reducing 
risk and exposure from security breaches. Given the nature of any system that accesses the internet, it is 
incumbent upon each user to assess the needs and requirements of their application, and take steps to 
mitigate the particular security risks inherent in their control system.

Содержание Stride SGW-MQ1611

Страница 1: ...Manual Number SGW MQ1611 USER M MQTT Gateway USER MANUAL...

Страница 2: ......

Страница 3: ...ent in hazardous environments requiring fail safe performance such as in the operation of nuclear facilities aircraft navigation or communication systems air traffic control direct life support machin...

Страница 4: ...de soporte de vida o sistemas de armamentos en las cuales la falla del producto puede resultar directamente en muerte heridas personales o da os f sicos o ambientales severos Actividades de Alto Riesg...

Страница 5: ...n cessitant une s curit absolue par exemple l exploitation d installations nucl aires les syst mes de navigation a rienne ou de communication le contr le de la circulation a rienne les quipements de s...

Страница 6: ...ber and the Manual Issue both shown below when communicating with Technical Support regarding this publication Manual Number SGW MQ1611 USER M Issue 1st Edition Issue Date 8 2019 Publication History I...

Страница 7: ...up Modbus Devices 2 6 Configure MQTT Broker 2 10 Other Options 2 14 Recovery Mode 2 18 Appendix A Safety and Security Considerations Security Considerations for Control Systems Networks A 2 Safety Gui...

Страница 8: ...Table of Contents Stride MQTT Gateway User Manual 1st Edition ii...

Страница 9: ...apter Chapter 1 1 1 In This Chapter Hardware Overview 2 2 Specifications 2 3 Dimensional Drawings 2 4 Installation 2 5 Mounting 2 5 Wiring 2 6 Operation 2 7 Front Panel Indicators 2 8 Recovery Mode 2...

Страница 10: ...roup will work with you to answer your questions They are available Monday through Friday from 9 00 a m to 6 00 p m Eastern Time We also encourage you to visit our web site where you can find technica...

Страница 11: ...structure can be configured to better adapt to different MQTT brokers e g Amazon AWS IBM Watson IoT Mosquitto etc It is possible to remotely update the firmware through the web interface The gateway h...

Страница 12: ...us Ethernet Connections 8 WiFi Specifications Model SGW MQ1611 WF Only WiFi Standards 802 11 a b g n ac Frequency Bands 2400MHz 5500MHz Antenna Internal Network Ports Web User Interface 80 Modbus 502...

Страница 13: ...4 F to 158 F Humidity 0 90 noncondensing Maximum Altitude 2000m IP Rating IP20 Installation Indoor Category of Installation II Pollution Degree 2 EMC Immunity Emission EN61000 6 2 EN61000 6 4 Agency A...

Страница 14: ...e gateway Avoid placing raceways or other objects where airflow could be obstructed Avoid mounting the gateway above equipment that generates heat ideally locate the gateway in the lower part of the p...

Страница 15: ...to improve our products and services so we reserve the right to make changes to the products and or publications at any time without notice and without obligation This publication may also discuss fe...

Страница 16: ...ion to MQTT broker and one or more Modbus TCP or Modbus RTU over TCP servers USB x2 Future Use Terminal Connector Wiring Specifications Wire Size 0 8 2 1 mm2 14 18 AWG Torque 0 5 N m Stripping Length...

Страница 17: ...Front Panel Indicators The Stride MQTT Gateway has four status LEDs as shown below Front Panel LEDs LED Color State Description PWR GREEN ON Device powered OFF Device unpowered ERR YELLOW OFF No erro...

Страница 18: ...rmware updates To enter Recovery Mode press and hold the recessed reset button on the front of the gateway while applying power Continue to hold the reset button until the ERR light stops blinking abo...

Страница 19: ...up Modbus Devices 2 6 Configure Modbus Device 2 6 Configure Modbus Variables 2 7 Configure MQTT Topics 2 8 Configure MQTT Broker 2 10 Other Options 2 14 Date Time 2 14 Import Export Configuration 2 14...

Страница 20: ...sary connection information on hand to connect to your MQTT broker 3 You have a device on hand with a web browser and the ability to connect to the MQTT gateway via its RJ 45 Ethernet port either over...

Страница 21: ...etwork interfaces from the More Options menu in the upper right corner of the web UI Enter the desired network parameters and click SAVE then CONFIRM the changes NOTE The gateway will always use its p...

Страница 22: ...gateway can communicate over both RS 485 and Ethernet Before setting up a Modbus device in the gateway you must configure the RS 485 or Ethernet communications channel Click on the CHANNEL tab to defi...

Страница 23: ...ter the Baud Rate Data bits Stop bits and Parity For Modbus TCP or RTU over TCP enter the IP address and TCP Port of the Modbus device Enter the Timeout value the maximum time in ms within which a val...

Страница 24: ...er the communications channels are defined you can configure the connection and variables for each Modbus device Configure Modbus Device Click on the DEVICES tab to define the Modbus devices to be que...

Страница 25: ...ncheck Read only to make the variable writable if desired Select the Format for the variable and check Unsigned if necessary Available variable formats are Modbus Variable Formats Category Format Digi...

Страница 26: ...t Multiple Registers 32 bit INT Big endian 16 Preset Multiple Registers 32 bit INT Little endian 32 bit FP Big endian 32 bit FP Little endian To linearly scale the values if desired define two raw mea...

Страница 27: ...ees the delivery of the message once and only once to a receiver If Retain is checked the MQTT broker will hold the most recently published message in this topic to sent in reply to future client Subs...

Страница 28: ...ection to an MQTT broker Set the Broker Address and Broker Port Set the ClientId as required by your MQTT broker Set the Keep Alive frequency in seconds Select Clean session if desired to require rene...

Страница 29: ...Each field can be edited to customize the message payload by clicking the pencil icon to the right of the selection The information to be returned by each field can be edited For the Sampled value a...

Страница 30: ...Chapter 2 Setup and Operation Stride MQTT Gateway User Manual 1st Edition 2 12...

Страница 31: ...the outgoing message frequency If the message queue is enabled the gateway will collect messages in a queue to send as a batch once the minimum delay or maximum queue length has been reached Unsent me...

Страница 32: ...Network interfaces settings were covered in Setup Network Connection on page 2 3 The remaining features under this menu are discussed below Date Time Enter the date and time manually or click Enable N...

Страница 33: ...l minutes of inactivity To log out immediately click Logout from the More Options menu Maintenance The Maintenance dialog provides the ability to update firmware download a system log or restart the d...

Страница 34: ...AutomationDirect s firmware notification service at https notify automationdirect com firmware To update the device firmware download the firmware file to your PC and unzip it then select More Option...

Страница 35: ...TT Gateway User Manual 1st Edition After the firmware is updated the gateway will reboot If for any reason the firmware update is unsuccessful restart the gateway in Recovery Mode as discussed in the...

Страница 36: ...Mode press and hold the recessed reset button on the front of the gateway while cycling power Continue to hold the reset button until the ERR light stops blinking about 5 seconds after applying power...

Страница 37: ...ows PC Firmware Upgrade Upgrading firmware from within the Recovery Mode UI follows the same steps as performing a firmware upgrade in normal operating mode as described in Firmware on page 2 16 It ma...

Страница 38: ...Appendix Appendix Appendix A A A Safety and Security Considerations In This Appendix Security Considerations for Control Systems Networks A 2 Safety Guidelines A 3...

Страница 39: ...security for industrial automation systems Such safeguards include the location of control system networks behind firewalls their isolation from business networks the use of intrusion detection system...

Страница 40: ...r your particular application Make sure you follow all national state and local government requirements for the proper installation and use of your equipment The best way to provide a safe operating e...

Страница 41: ...ix B B B Modbus Address Notation AutomationDirect Devices In This Appendix Stride MQTT Gateway Modbus to AutomationDirect PLC Address Maps A 2 CLICK PLCs A 2 DirectLogic PLCs A 4 Do more PLCs A 5 Prod...

Страница 42: ...ls Function Code 1 Function Code MQTT Gateway Modbus Address Data Format CLICK Address 1 8192 1 bit Y1 1 8207 Y16 1 8224 Y101 1 8239 Y116 1 8256 Y201 1 8273 Y216 1 8287 Y301 1 8302 Y316 1 8320 Y401 1...

Страница 43: ...175 X516 2 192 X601 2 207 X616 2 224 X701 2 239 X716 2 256 X801 2 271 X816 2 45056 T1 2 45555 T500 2 49152 CT1 2 49401 CT250 2 61440 SC1 2 62439 SC1000 Reading Holding Registers Function Code 3 Functi...

Страница 44: ...DirectLogic Address 2 0 1 bit GX0 2 2047 GX3777 2 2048 X0 2 3071 X1777 2 3072 SP0 2 3583 SP777 Reading Input Registers Function Code 4 Function Code MQTT Gateway Modbus Address Data Format DirectLogi...

Страница 45: ...teway Modbus Address Data Format Do more Address 4 0 16 bit INT or 1 bit MIR1 4 1 MIR2 4 65534 MIR65535 4 0 32 bit INT 4 1 2 MIR2 D 4 65533 65534 MIR65534 D 4 0 32 bit FP 4 1 MIR2 RD 4 65533 65534 MIR...

Страница 46: ...ftware Reading Input Registers Function Code 4 Function Code MQTT Gateway Modbus Address Data Format Productivity Address 4 0 16 bit INT or 1 bit 300001 4 1 300002 4 65534 365535 4 0 32 bit INT 300001...

Страница 47: ...Appendix Appendix Appendix C C C MQTT Broker Examples In This Appendix Introduction C 2 Example using Mosquitto C 3 Example using ThingsBoard io C 7...

Страница 48: ...broker using Mosquitto or other MQTT software The steps to set up the Stride MQTT Gateway are essentially identical regardless of which MQTT Broker you plan to use but a given broker may require spec...

Страница 49: ...functionality and the network path Be sure that a valid Default Gateway is specified LAN IP address of the router and accessible DNS addresses are being used to be able to access the Broker Address U...

Страница 50: ...ide MQTT Gateway User Manual 1st Edition C 4 Setup a valid Channel under the Channels setup tab In this case Modbus RTU is being used back to a PC running Modbus Slave available at https www modbustoo...

Страница 51: ...n Create a device in the Devices tab to specify a Modbus address and a MQTT topic In this example we are targeting Modbus RTU device 1 requesting Modbus address 400001 Function Code 3 offset 0 and Pub...

Страница 52: ...published by the gateway type in the myTopic Topic name in the Subscribe Unsubscribe Topic field and click on the Subscribe button You should see the value in 400001 being published at a 1 second int...

Страница 53: ...tion processing and visualization for your IoT solution They offer multiple tiers of service We ll use a demo of their Community Edition to demonstrate a full fledged IoT solution including data visua...

Страница 54: ...er the account has been created go to https demo thingsboard io Sign in and go to the DEVICES tab on the left hand side Click on the red button on the bottom right hand side to create a new Device Ent...

Страница 55: ...OKEN Click on the COPY DEVICE ID and then paste CTRL V into the ClientID field of the MQTT setup tab in the MQTT gateway setup field 3 in the screen capture below Click on the COPY ACCESS TOKEN button...

Страница 56: ...on choose 1883 3 This is the value that comes from the COPY DEVICE ID button of the thingsboard Device setup 4 This is the value that comes from the COPY ACCESS TOKEN button of the thingsboard Device...

Страница 57: ...Create a new Device and choose the Channel just selected Choose the Address of your Modbus RTU device In this example we are reading Modbus address 400001 Function Code 3 Offset 0 This example is pub...

Страница 58: ...T Gateway and switch back over to the thingsboard dashboard In the Device setup go to the LATEST TELEMETRY tab If the communications are setup correctly in the MQTT Gateway there will be an updating v...

Страница 59: ...1st Edition There is a list of widgets to choose from For this example we will choose a simple digital gauge as shown below Click on the ADD TO DASHBOARD option after selecting a Widget We will creat...

Страница 60: ...the Modbus RTU device at 40001 There are many other widgets and many display options available To edit the dashboard and widgets click on the pencil in the bottom right hand corner Dashboard after adj...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды