Beruflich Dokumente
Kultur Dokumente
SMP Gateway
For use with SMP Gateway software version 6.0 or later. Cooper Power Systems, SMP and Yukon are valuable trademarks of Cooper Industries. All brand and product names appearing in this document are the trademark or registered trademark of their respective holders.
2011 Cooper Power Systems, LLC All rights reserved. The information in this document is subject to change without notice.
GUI-00316-00001 T, version 22
Contents
1 Welcome
1.1 1.2 1.3 1.4 1.5
SMP Gateway Models ...........................................................................................1 Related Documentation .........................................................................................2 Getting Assistance .................................................................................................2 Getting Started .......................................................................................................3 Overview ...............................................................................................................3
Principles of Operation
2.1 2.1.1 2.1.2 2.1.3 2.1.4 2.2 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6
Logical Architecture ..............................................................................................5 Masters and Slaves ..................................................................................5 Introducing the SMP Gateway in the Automation System......................6 SMP Gateway Internals...........................................................................6 Communications Components ................................................................7 The Transparent SMP Gateway ..............................................................9 Using the SMP Gateway as a Protocol Translator ................................11 Using the SMP Gateway as a Data Concentrator ..................................11 Using the SMP Gateway as a Communication Processor .....................12 Putting It All Together ..........................................................................13 Securing the Substation .........................................................................14
3 4
17 19
Main Window ......................................................................................................19 Adding an SMP Gateway ....................................................................................20 Information Provided by the SMP Gateway Icon ................................................21 Customizing the Display .....................................................................................22 4.4.1 4.4.2 Adding or Removing a Column ............................................................22 Changing the Position of a Column ......................................................23
25
Device Prefix and Naming Conventions for Data Points ......................28 Configuring the Master Protocol General Settings................................28 Accessing Protocol-Specific Documentation ........................................29 Adding Data Points from a Protocol Template .....................................31
Configuring the Data Points ................................................................................29 Creating a Template from a Master Protocol Instance ........................................31 Duplicating a Master Protocol Instance...............................................................31 Configuring the Communications Links .............................................................32 5.5.1 5.5.2 5.5.3 5.5.4 5.5.5 5.5.6 Configuring the Serial Port Interfaces ...................................................32 Serial port naming conventions .............................................................33 Configuring the Operation of the Serial Ports .......................................34 Reserving a Serial Port for Radio Usage ...............................................35 Configuring TCP/IP Master Connections .............................................36 Configuring UDP/IP Master Connections .............................................36
5.6 5.7
Associating a Master Protocol Instance with a Communications Link ...............37 Validating and Saving the Configuration ............................................................38 5.7.1 5.7.2 Sending the Configuration to the SMP Gateway ..................................38 Retrieving an SMP Gateway Configuration File...................................39 Selecting Cells and Rows ......................................................................39 Duplicating a Row.................................................................................40 Copying a Value to a Group of Cells ....................................................40 Re-sequencing a Group of Rows ...........................................................41 Deleting an Item ....................................................................................43 Using Tooltips .......................................................................................43 Searching and Replacing Points in a Configuration ..............................43
5.8
Working with SMP Config ..................................................................................39 5.8.1 5.8.2 5.8.3 5.8.4 5.8.5 5.8.6 5.8.7
45
Information Provided by SMP Log .....................................................................45 SMP Log Features ...............................................................................................46 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.2.6 Searching in SMP Log ..........................................................................46 Printing a Log........................................................................................46 Saving a Log File ..................................................................................46 Viewing Multiple Log Folders at Once .................................................46 Changing How Time Information is Displayed ....................................47 Deactivating the Auto Scroll Feature ....................................................47
7
ii
49
Contents
7.1 7.2
Information Provided by SMP Trace...................................................................49 SMP Trace Features ............................................................................................50 7.2.1 7.2.2 7.2.3 7.2.4 7.2.5 7.2.6 Searching in SMP Trace........................................................................50 Printing Traces ......................................................................................51 Recording Live Traces ..........................................................................51 Saving all the Scrolled Information.......................................................51 Changing How Time Information is Displayed ....................................52 Deactivating the Auto Scroll Feature ....................................................52
53
Information Provided by SMP Stats ....................................................................54 SMP Stats Features ..............................................................................................54 8.2.1 8.2.2 8.2.3 Resetting Statistics ................................................................................54 Printing Statistics ..................................................................................54 Changing How Time Information is Displayed ....................................55
57
Connecting to the SMP Gateway Website...........................................................57 Navigating Through the SMP Gateway Website .................................................57 Applying a Filter to a Data Point Display ...........................................................58 Acknowledging Data Point Value Changes ........................................................59
10
61
Creating Slave Protocol Instances .......................................................................61 Configuring Slave Protocol Instances .................................................................61 Subscribing to the Master Data Points.................................................................62 Configuring the Data Points ................................................................................64 Configuring the Communications Links .............................................................64 10.5.1 Setting up a TCP/IP Slave Connection..................................................64 10.5.2 Setting up a UDP/IP Slave Connection .................................................65
Associating a Slave Protocol Instance with a Communications Link .................66 Validating and Activating the Configuration ......................................................66 Testing the Configuration ....................................................................................67
11
69
Configuring an SMP Gateway for Commissioning .............................................69 Activating the Commissioning Feature ...............................................................70 Opening a Commissioning Session .....................................................................70 11.3.1 The Commissioning Tab .......................................................................71
iii
11.3.2 Forcing an Input Point ...........................................................................72 11.3.3 Un-Forcing an Input Point.....................................................................73 11.3.4 Performing a Control Operation ............................................................73 11.3.5 Closing the Commissioning Session .....................................................74 11.4 Deactivating the Commissioning Feature............................................................75
12
Security
12.1
77
Meeting NERC CIP Requirements ......................................................................77 12.1.1 Displaying Appropriate Use Banners ....................................................77 12.1.2 Identifying Which Ports are Open in the SMP Gateway Firewall.........78
12.2
Substation Network Security Considerations ......................................................79 12.2.1 The SMP Gateway Built-in Firewall .....................................................79 12.2.2 Using SMP Tools through a Substation LAN Firewall .........................80
12.3 12.4
Extending the SMP Gateway Security Model .....................................................80 Managing SMP Gateway Security Databases .....................................................81 12.4.1 Accessing the Login Information Window ...........................................81 12.4.2 Defining your Authentication Policy ....................................................81 12.4.3 Groups and Privileges ...........................................................................84 12.4.4 Editing User Groups and Privileges ......................................................84 12.4.5 Managing User Groups and Privileges..................................................86 12.4.6 Validating the Security Database ..........................................................87 12.4.7 Exporting the Security Database ...........................................................87 12.4.8 Sending the Security Database to One or More SMP Gateways ...........87 12.4.8.1 12.4.8.2 Sending a Previously Saved Security Database ........ 88 The Security Status ................................................... 88
12.4.9 Retrieving the Security Database of an SMP Gateway .........................89 12.4.10 Removing the Security Database from One or More SMP Gateways ......................................................................................89 12.4.11 Unlocking a User Account ....................................................................90 12.4.12 Viewing the Security Log .....................................................................90 12.5 File Certification and Integrity Checking ............................................................91 12.5.1 Detecting an Integrity Check Failure ....................................................91 12.5.2 Recovering from an Integrity Failure ....................................................91 12.6 Configuring the Firewall .....................................................................................92 12.6.1 Setting Firewall Rules ...........................................................................92 12.6.2 Restricting Access to Other Services ....................................................93 12.6.3 Disabling the Built-in Firewall ..............................................................93 12.6.4 Disabling the Firewall Log ....................................................................94 iv Contents
12.7
Locking Incoming RAS and Passthrough Connections .......................................94 12.7.1 Locking or Unlocking All Incoming RAS Dialup Connections............95 12.7.1 Locking or Unlocking a Passthrough Connection .................................95
12.8 12.9
Security-Related System Data Points ..................................................................96 Legacy SMP Gateway Software and Tools Compatibility ..................................96 12.9.1 Accessing SMP Gateways with Legacy Software Installed ..................96 12.9.2 Using Legacy SMP Tools with Recent SMP Gateway Software ..........98 12.9.3 Using Recent SMP Tools with Legacy SMP Gateway Software ..........98 12.9.4 Using VPN Connections .......................................................................98 12.9.4.1 Manually Setting Up a VPN Connection .................. 98
13
101
Principles of Operation ...................................................................................... 101 13.1.1 The Direct Access Port and the Command Line Interface .................. 102 Setting up Passthrough Connections ................................................................. 103 13.2.1 Defining SMP Gateway Passthrough Settings .................................... 103 13.2.2 Installing a Loopback Cable, if Necessary .......................................... 105 13.2.3 Setting Up a List of Applications and Loopback Connections............105
Connecting to the Device .................................................................................. 108 Testing the Passthrough Connection ................................................................. 108 Deactivating the Passthrough Connection ......................................................... 109 Using the Trace of Passthrough Connection Events .......................................... 109 Changing How Time Information is Displayed in SMP Connect ..................... 110
14
111
Defining System Folders ................................................................................... 111 Configuring Master Protocols for Event File Retrieval ..................................... 113
15
115
Events ................................................................................................................ 115 15.1.1 Supported Data Point Types................................................................ 115 15.1.2 Trigger Conditions .............................................................................. 115 15.1.3 Quality Flags ....................................................................................... 116
15.2
Sequence-of-Events Log Entries ....................................................................... 116 15.2.1 Additional Entries ............................................................................... 116 15.2.2 Syslog 116
15.3
Configuring the SER ......................................................................................... 116 15.3.1 Activating the SER .............................................................................. 116
15.3.2 Customizing the Format of the Different Event Log Entries ..............117 15.3.3 Selecting Event-Generating Data Points ............................................. 119 15.3.4 Defining Point-Specific Labels for Log Entries .................................. 120 15.3.5 Changing How Time Information is Displayed in Log Entries........... 120 15.4 Activating Syslog Reporting of Events ............................................................. 121
16
123
Activating the Annunciator Option ................................................................... 125 Setting Up the Annunciator ............................................................................... 125 16.2.1 Defining Alarm Categories ................................................................. 126 16.2.2 Configuring Alarm Inputs ................................................................... 127 16.2.3 Setting Up the Alarms Page ................................................................ 128 16.2.4 Setting Up the Blocked Page............................................................... 131 16.2.5 Setting Up the History Page ................................................................ 132 16.2.6 Setting Up the System State Page ....................................................... 133 16.2.7 Creating a User-Defined Readings Page ............................................. 134 16.2.8 Selecting the Pages to Display ............................................................ 141 16.2.9 Selecting the Page Displayed at Startup .............................................. 141 16.2.10 Changing How Time Information is Displayed .................................. 142 16.2.11 Setting Up an Alarm Buzzer ............................................................... 142 16.2.12 Temporarily Deactivating the Annunciator ......................................... 142
16.3
Setting Up the Touch Screen ............................................................................. 142 16.3.1 Connecting the Touch Screen to the SMP Gateway............................ 142 16.3.2 Setting Up a Screen Saver using SMP Config .................................... 143
Uploading the Configuration to the SMP Gateway ........................................... 143 Calibrating the Touch Screen ............................................................................ 144 Using the SMP Gateway Annunciator............................................................... 144 16.6.1 Navigating Through the Different Pages............................................. 144 16.6.2 Managing Alarms ................................................................................ 145 16.6.3 Blocking Alarm Inputs ........................................................................ 147 16.6.4 Using the Single Alarm Display.......................................................... 147 16.6.5 Using the History Log ......................................................................... 148 16.6.6 Monitoring System State ..................................................................... 149 16.6.7 Performing Control Operations From a Readings Page ...................... 152 16.6.8 Using the Screen Saver ....................................................................... 153
17
Automation
17.1
155
vi
Contents
17.2
The Soft PLC ..................................................................................................... 155 17.2.1 The CoDeSys Development Environment .......................................... 156 17.2.2 Using CoDeSys to Create SMP Gateway Automation Scripts ............ 156
18
159
19
Redundancy
19.1
161
Redundant Group Operation.............................................................................. 161 19.1.1 Redundant IEDs .................................................................................. 161 19.1.2 Giving Priority to an SMP Gateway of the Group .............................. 162
19.2
Grouping 2 SMP Gateways for Redundancy..................................................... 162 19.2.1 Prerequisites ........................................................................................ 163 19.2.2 Setting Up a Redundancy Group Using SMP Manager ...................... 163 19.2.3 SMP Manager Redundancy Column ................................................... 167
19.3
Managing Redundancy ...................................................................................... 169 19.3.1 Forcing an Active SMP Gateway to Fall on Standby.......................... 169 19.3.2 Additional Failover Conditions ........................................................... 169 19.3.3 Modifying the Redundancy Settings of an Existing Group ................. 169 19.3.4 Ungrouping SMP Gateways ................................................................ 169 19.3.5 Testing and Validating the Configuration ........................................... 169 19.3.6 Monitoring Redundancy Status ........................................................... 170 19.3.7 Testing a Redundant Network ............................................................. 170
19.4 19.5
Hot Standby ....................................................................................................... 171 Teaming NICs for Network Fault Tolerance (SMP 16 Only) ........................... 172
20
173
SNMP Traps ...................................................................................................... 173 Configuring the SNMP Server .......................................................................... 173
21
Time Adjustment
21.1 21.2 21.3
175
Monitoring Time Information ........................................................................... 175 Setting the SMP Gateway Internal Clock .......................................................... 175 Automatic Clock Adjustment ............................................................................ 176 21.3.1 About GPS, IRIG-B and SNTP ........................................................... 177 21.3.2 Configuring the SMP 16 GPS Clock Option ....................................... 177 21.3.3 Using IRIG-B for Internal Clock Adjustment ..................................... 178 21.3.4 Setting Up the SMP Gateway as an SNTP Client ............................... 178 21.3.5 Using the Time Adjustment Feature of a SCADA Protocol ............... 179
vii
21.4
Using the SMP Gateway as a Time Source ....................................................... 179 21.4.1 Configuring IRIG-B Time Distribution .............................................. 180 21.4.2 Setting Up the SMP Gateway to Act as an SNTP Server .................... 181 21.4.3 Adjusting Devices Clocks Using Master Protocols............................. 182
22
183
Windows Vista Setup Procedure ....................................................................... 183 22.1.1 Setting Up a Dial-Up (Modem) Connection ....................................... 183 22.1.2 Incoming Direct Serial Connections and Windows Vista ................... 186
22.2
Windows XP Setup Procedures ......................................................................... 186 22.2.1 Setting Up a Dial-Up (Modem) Connection ....................................... 186 22.2.2 Setting Up a Direct Serial Connection ................................................ 189
23
193
Specifying Which Serial Ports Have Modems .................................................. 193 Creating a Modem Pool ..................................................................................... 194 Adding a Modem to a Modem Pool .................................................................. 195 Adding a Modem Pool Master Connection ....................................................... 196 Adding a Modem Pool Slave Connection ......................................................... 197
24
199
Software Architecture of the SMP Gateway ..................................................... 199 Version Packs .................................................................................................... 200 Updating the SMP Tools on the PC................................................................... 200 Updating the SMP Gateway Software ............................................................... 201 24.4.1 Updating the SMP Gateway Firmware ............................................... 201 24.4.2 Updating the SMP Gateway Application ............................................ 202 24.4.3 Updating the Configuration File ......................................................... 203
25
205
Updating the License of an SMP Gateway ........................................................ 205 25.1.1 Protocol Classes .................................................................................. 206
26
207
SMP Manager Features ..................................................................................... 207 26.1.1 Modifying SMP Manager Settings ...................................................... 207 SMP Config Features ........................................................................................ 208 SMP Loader....................................................................................................... 209 26.3.1 Setting up SMP Loader ....................................................................... 209 26.3.2 Main Window ..................................................................................... 210
viii
Contents
26.3.3 Transferring Files to the SMP Gateway .............................................. 211 26.3.4 Viewing the Log File .......................................................................... 212 26.3.5 Updating Bootstraps under Unusual Circumstances ........................... 212
27
215
Starting SMP Console ....................................................................................... 215 Firewall Manager .............................................................................................. 215 27.2.1 R Command ........................................................................................ 216 27.2.2 S Command ......................................................................................... 216 27.2.3 H Command ........................................................................................ 216 27.2.4 Q Command ........................................................................................ 216
27.3 27.4
Time and Date ................................................................................................... 216 Clock Manager .................................................................................................. 217 27.4.1 D Command ........................................................................................ 218 27.4.2 H Command ........................................................................................ 218 27.4.3 Q Command ........................................................................................ 218
27.5
28
Troubleshooting
219
28.1.1 Getting Additional Help ...................................................................... 219 28.1.2 Creating an SMP Gateway Report File ............................................... 219 28.1.3 Viewing an SMP Gateway Report File ............................................... 221 28.2 Startup Problems ............................................................................................... 221 28.2.1 No Configuration File ......................................................................... 221 28.2.2 Protocols Failed................................................................................... 221 28.2.3 Critical Components Missing .............................................................. 222 28.3 Communications Problems ................................................................................ 222 28.3.1 Physical Layer ..................................................................................... 223 28.3.2 Link Layer ........................................................................................... 223 28.3.3 Protocol Layer ..................................................................................... 224 28.4 28.5 28.6 Problems with Data Validity ............................................................................. 224 Problems Executing a Control Operation .......................................................... 224 Firewall-Related Problems ................................................................................ 225 28.6.1 Recovering from a Firewall Lockout .................................................. 225
29
Appendices
227 A-1
ix
B-1
Contents
Figures
Figure 2-1 A simple SCADA-device master-slave configuration .................................................. 6 Figure 2-2 The SMP Gateway as a Master-and-Slave system ....................................................... 6 Figure 2-3 SMP Gateway internals: master and slave protocols with RTDX ................................ 7 Figure 2-4 SMP Gateway communication components ................................................................. 8 Figure 2-5 The transparent SMP Gateway ..................................................................................... 9 Figure 2-6 Additional SMP Gateway functions ........................................................................... 10 Figure 2-7 The SMP Gateway as a protocol translator ................................................................ 11 Figure 2-8 The SMP Gateway as a data concentrator .................................................................. 12 Figure 2-9 The SMP Gateway as a communication processor ..................................................... 13 Figure 2-10 The substation SMP Gateway ..................................................................................... 14 Figure 2-11 The SMP Gateway integrated firewall........................................................................ 15 Figure 13-1 The passthrough process explained .......................................................................... 102 Figure 19-1 Using the best of automation function to support redundant IEDs ....................... 162 Figure 19-2 Typical failover scenario of a SMP Gateway redundancy group ............................. 163 Figure 19-3 Typical failover scenarios in a redundant network configuration ............................. 170 Figure 19-4 Acquisition data flow in a hot standby redundancy SMP Gateway group................ 172 Figure 28-1 Network layers where most communication problems occur ................................... 223
xi
Tables
Table 4-1 Table 4-2 Table 5-1 Status icons in SMP Manager ..................................................................................... 22 Columns in SMP Manager ......................................................................................... 22 Serial port interfaces ................................................................................................... 33
Table 10-1 TCP ports reserved for core components or specific protocols .................................. 65 Table 10-2 SMP Gateway icons in SMP Manager ....................................................................... 66 Table 12-1 Ports to open for SMP Tools usage in a substation LAN firewall .............................. 80 Table 12-2 Authentication policy settings in SMP Manager ........................................................ 83 Table 12-3 Privileges and groups.................................................................................................. 84 Table 12-4 Ports to open in a substation LAN firewall, when not using VPN ............................. 97 Table 12-5 Optional ports to open in a substation LAN firewall, regardless of VPN usage......... 97 Table 12-6 Ports to open in a substation LAN firewall, when using VPN ................................... 97 Table 12-7 Ports that are commonly used for RTU/SCADA communications ............................ 97 Table 15-1 Sequence of events recorder entry format keywords ................................................ 118 Table 16-1 Annunciator readings page editing toolbar controls, in SMP Config ....................... 136 Table 21-1 Time adjustment solutions available for each model ................................................ 177 Table 21-2 Time distribution delays ........................................................................................... 180 Table 22-1 Setting up a dial-up (modem) connection under Windows Vista ............................. 186 Table 22-2 Setting up a dial-up (modem) connection under Windows XP................................. 189 Table 22-3 Setting up a direct serial connection under Windows XP ......................................... 191 Table 23-1 Caller identification procedures in regard to the protocol used ................................ 194 Table 23-2 Modem pool call dispatcher settings in SMP Config ............................................... 195 Table 23-3 Modem settings in SMP Config ............................................................................... 196 Table 24-1 SMP Tools to use to update specific SMP Gateway components ............................ 200 Table A-1 Table B-1 System data points ....................................................................................................A-4 RTDX status flags .................................................................................................... B-3
xiii
Welcome
Congratulations on acquiring your new SMP Gateway! You now have unlimited connectivity for all the equipment in your substation. In this manual, we will show you how to use the SMP Gateway to integrate existing and new RTUs, IEDs, PLCs and control centers into a single modern, homogeneous substation automation system. You will learn how to set up your SMP Gateway as a:
Protocol Translator. The SMP Gateway translates standard or proprietary device protocols to control center protocols such as DNP3, TEJAS, IEC-60870-5-101/103/104 or IEC-61850 (UCA 2.0). Data Concentrator. The SMP Gateway collects the data from all connected devices, regardless of protocol, and makes it available to control centers using LAN, WAN, modem or serial connections. Terminal Server. The SMP Gateway supports centralized maintenance, monitoring and control of all devices by using the passthrough communication mode. Substation Communications Gateway. The advanced capabilities of the SMP Gateway make it the ideal choice for any substation automation project.
1.1
The SMP 4 has 4 ports. It comes in a compact and economical format that allows it to be installed directly within relay protection enclosures. There is also an optional internal modem available, which allows the SMP 4 to communicate with a SCADA or device via a dialup connection. The SMP 4/DP is enhanced version of the SMP 4. It provides 2 Ethernet ports and is equipped with more memory and a faster processor. An optional internal modem is also available. The SMP 16, which can be mounted in a 19-inch rack, comes in two versions, both of which have the same basic characteristics:
The SMP 16/CP is a gateway that offers 16 RS-232/422/485 universal serial ports, 2 Ethernet ports and an integrated modem. The SMP 16/SG has, in addition, expansion slots where accessories and options can be added to make it an ideal communications gateway for all your automation projects.
Note: Both SMP 16 versions can also be equipped with the PM option, a new 1.4 GHz Pentium-M processor that improves the gateway's speed tenfold. This is ideal for high-capacity application or complex automation schemes.
The manual applies to all models, and differences are indicated where applicable. Refer to your SMP Gateway installation guide for a detailed description of your particular SMP Gateway model.
1.2
Related Documentation
This manual provides you with the basic information you need to get started with your SMP Gateway. To reduce paper use, we have included the following related documentation on the CD-ROM you received with the product. Should you want printed documents, you can order them from Cooper Power Systems using reference number P-DPRN-0102. The Documentation folder contains the following related manuals:
SMP 4 Installation Guide, GUI-00316-00026 T. This document gives you detailed instructions on installing and setting up the SMP 4. SMP 4/DP Installation Guide. This document gives you detailed instructions on installing and setting up the SMP 4/DP. SMP 16 Installation Guide, GUI-00316-00032 T. This document gives you detailed instructions on installing and setting up the SMP 16/CP or the SMP 16/SG. SMP 16 GPS Clock Option Installation Guide, AUT-00316-0047-T. This document describes how to install the wiring and setup the software if you have the GPS clock option for the SMP 16. Master Protocol Common Concepts, GUI-00316-00063 T. This document describes the concepts and settings common to the protocols used by most substation devices. Separate documents describe the protocol-specific settings.
In the same folder, you will also find useful documentation about the protocols implemented for the SMP Gateway, technical notes that give additional information about the most advanced features of the SMP Gateway, and application notes that will help you use the SMP Gateway in your projects.
1.3
Getting Assistance
If you have any question regarding the performance, application or testing of any component of this Cooper Power Systems product, do not hesitate to contact us. Our staff will be pleased to assist you. Technical Support Cooper Power Systems Energy Automation Solutions 730 Commerciale Street, Suite 200 Saint-Jean-Chrysostome, Quebec Canada G6Z 2C5 Email: Phone: Fax: PSSJ-support@cooperindustries.com +1.418.834.0009 +1.514.227.5256
Business hours are from 8 a.m. and 5 p.m. EST, Monday to Friday.
Chapter 1: Welcome
1.4
Getting Started
When you receive your SMP Gateway, you have to go through several steps before you can perform the tasks described in this document. Namely, you have to do the following:
Unpack the SMP Gateway. Install the SMP Gateway. Set-up the SMP Gateway. Install the PC software. Make the SMP Tools aware of your new SMP Gateway. Load the SMP Gateway firmware.
SMP 4 Installation Guide SMP 4/DP Installation Guide SMP 16 Installation Guide
Make sure you have performed all the steps described in those documents before proceeding with the material explained in the present document.
1.5
Overview
Once you have performed all the steps explained in your SMP Gateway installation guide, you are ready to perform the following tasks, as described in this user manual:
Configure your SMP Gateway so that it can communicate with your devices:
Define the hardware. Configure the master protocol instances that will communicate with your substation devices. Configure the data points. Set-up the communications links between the SMP Gateway and the substation devices. Associate master protocol instances with communications links. Validate, activate and test your configuration. The SMP Gateway log files. Protocol exchanges. Communications statistics. Data points, using a Web browser. Configure a slave protocol instance for each control center. Have each control center subscribe to the data points. Associate slave protocol instances with communications links.
Configure your SMP Gateway so that it can communicate with one or more control centers:
You will also become familiar with the following SMP Gateway features:
Security. Passthrough connections. DFR and event file processing. Automation functions. Annunciator. Redundancy. SNMP exporting. Time synchronization. SMP Gateway access through a direct or dial-up connection. SMP Gateway access through a dial-up connection for DNP3 and IEC 60870-5-101 protocols. Commissioning tool.
You will also learn how to update the SMP Gateway software and tools, and to troubleshoot any problems you may encounter with your SMP Gateway.
Chapter 1: Welcome
Principles of Operation
Electrical power utilities face a number of challenges when attempting to automate their substations. They have legacy devices that they want to continue using. They want to integrate new devices. They may want to add one or more control centers. They may want to use a local HMI in order to keep a close watch on all events that occur in the substation. There are a number of problems to contend with: connectivity, protocol incompatibilities, interoperability problems, security considerations, logistics for migration, downtime, and not the least of which, total project cost. The SMP Gateway has been specifically designed to address all these issues. It is the ideal product to ensure a smooth, safe and cost-effective approach to substation modernization. Indeed, you can use a step-by-step approach. You decide which steps to take, in which order, and when.
2.1
Logical Architecture
The SMP Gateway is designed to meet all the requirements for power substation automation. It has an open architecture that allows you to easily add new protocols, devices, local area networks, wide area networks, and control centers. In this section, we will describe the logical architecture of the SMP Gateway and we will see how it implements all the functions required of a substation gateway.
2.1.1
SCADA
MASTER
SLAVE
DEVICE
Figure 2-1
2.1.2
MASTER
SLAVE
MASTER
SLAVE
DEVICE
Figure 2-2
2.1.3
Besides storing the current value of all the device data points, it also stores the different types of information than can be provided by a substation device, such as the quality and timestamp of the data. It also stores information such as device tags used for control functions.
SCADA
SLAVE PROTOCOL
MASTER PROTOCOL
DEVICE
Figure 2-3
2.1.4
Communications Components
SMP Gateway protocol components process the messages exchanged among the control centers and the devices. However, these messages can be transmitted using various communications methods. For instance, the MODBUS protocol can be used on a TCP/IP network or on an RS-232 serial link. SMP Gateway communications components implement all the functions required to communicate with a device or control center using a variety of communications technologies. Cooper Power Systems provides communications components for asynchronous serial ports, RS-232, RS-422, RS-485, TCP/IP and modems.
CONTROL CENTER
DEVICE
Figure 2-4
2.2
Identifying the SMP Gateway model and the installed options. Creating a master protocol component for each device that is connected to the SMP Gateway. Defining all the data points in the device. Defining the communications link to be used to connect the device to the SMP Gateway. Creating a slave protocol component for each SCADA or control center. Defining the data points that the SMP Gateway will report to the SCADA. Defining the communications link to be used to connect to the SCADA. Adding a firewall and optionally a security server that supports corporate network users.
Thus, the configuration settings define the functions that the SMP Gateway performs. These settings are stored in a file that you load onto the gateway. The flexibility of the SMP Gateway architecture is the basis of Cooper Power Systems step-by-step substation modernization strategy. In the following sections, we will show you how you can configure the SMP Gateway to perform all the functions required of a substation gateway.
2.2.1
RS-232 CONNECTION
MODBUS SLAVE
MODBUS MASTER
RS-232 CONNECTION
DEVICE
Figure 2-5
In this configuration, the master component polls the device and stores the values in the RTDX. The slave component processes the SCADA polling requests and sends the values provided by the device.
There is not much use for a transparent gateway. However, it contains much more than the components that we described previously. Simply by adding the SMP Gateway to the substation, you now have access to the following advanced functions:
Centralized automation functions, using the built-in Automation functions or the IEC 61131-3 Soft PLC logic processor. Real-time data display, using the built-in Web server. Transparent access to devices, using the passthrough server, for local or remote IED maintenance. SNMP support to monitor communications status. Sophisticated HMI, interactive diagrams, data logging and reporting, using Cooper Power Systems Visual T&D software. Sophisticated Windows tools for remote or local maintenance. A sophisticated security server to support corporate network users.
Even more important, the transparent SMP Gateway is the first step in integrating new substation devices to your existing SCADA and automation system.
SCADA INTERNET EXPLORER VISUAL T&D HMI
RS-232 CONNECTION
MODBUS SLAVE
WEB SERVER
PASSTHROUGH
REAL-TIME DATA EXCHANGE MAINTENANCE TOOLS MODBUS MASTER IEC 61131 SOFT PLC SNMP
RS-232 CONNECTION
STATS
LOGS
TRACES
DEVICE
Figure 2-6
10
2.2.2
TCP/IP CONNECTION
DNP3 SLAVE
MODBUS MASTER
RS-232 CONNECTION
DEVICE
Figure 2-7
2.2.3
11
SCADA
TCP/IP CONNECTION
DNP3 SLAVE
MODBUS MASTER
SEL MASTER
RS-232 CONNECTION
RS-232 CONNECTION
DEVICE
DEVICE
Figure 2-8
2.2.4
12
SCADA
MAINTENANCE CENTER
RS-232 CONNECTION
TCP/IP CONNECTION
MODBUS SLAVE
DNP3 SLAVE
MODBUS MASTER
RS-232 CONNECTION
DEVICE
Figure 2-9
2.2.5
13
SCADA
SCADA
INTERNET EXPLORER
TOUCH SCREEN
RS-232 CONNECTION
TCP/IP CONNECTION
MODBUS SLAVE
DNP3 SLAVE
WEB SERVER
LOCAL HMI
PASSTHROUGH
MODBUS MASTER
SEL MASTER
SNMP
RS-232 CONNECTION
RS-232 CONNECTION
STATS
LOGS
TRACES
DEVICE
DEVICE
MAINTENANCE TOOLS
2.2.6
comply with authentication and authorization policies; set up a firewall to protect from substation LAN security breaches; monitor and lock out remote connections.
Communications between the maintenance tools and the SMP Gateway are now performed through TLS-encrypted links. File integrity check is also periodically performed on the SMP Gateway files. The access inside the firewall protection has additional layers of protection, so that only a few users of your choice will have the possibility to modify parameters inside the substation.
14
SPECIFIC IP ADDRESS OPEN PORT HARD-WIRE CONNECTION FIREWALL PROTECTION RS-232 CONNECTION TLS TLS TCP/IP CONNECTION TLS
MODBUS SLAVE
DNP3 SLAVE
WEB SERVER
PASSTHROUGH
MODBUS MASTER
SEL MASTER
SNMP
RS-232 CONNECTION
RS-232 CONNECTION
STATS
LOGS
TRACES
HARD-WIRE CONNECTION
HARD-WIRE CONNECTION
TLS
DEVICE
DEVICE
MAINTENANCE TOOLS
Figure 2-11 The SMP Gateway integrated firewall In the following chapters, we will learn how to configure the SMP Gateway to perform these functions.
15
To assist you with the tasks you will want to perform with the SMP Gateway s in your organization, we have provided you with our suite of SMP Tools. The SMP Tools are Microsoft Windows-based programs that make it easy for you to configure the SMP Gateway and perform maintenance functions. They run on a PC, are simple to use, and provide advanced features that allow you to rapidly configure all the devices and communications links in your substation. They can be used locally or remotely through a LAN, WAN or VPN. When security is activated, users must log in before they can use any function. The SMP Tools include the following applications. SMP Manager Manages all the SMP Gateways in your organization. It displays the state of each gateway, manages their configuration files and local security database, allows you to group two gateways together to achieve redundancy, and is used to invoke the configuration and maintenance tools for any gateway to which it is connected. From SMP Manager, you can also start Internet Explorer to view the data points, logs and traces in real time, and you can start a console session in order to set-up certain advanced features such as dial-up access. SMP Config Used to configure the SMP Gateway. It has a spreadsheet-like grid that you use to specify the devices and control centers connected to the gateway, their protocols, their communications links and their data points. Advanced editing functions make it easy for you to enter the data points. Template editing allows you to pre-define standard devices with standard data points, thereby reducing labor intensity and the possibility of errors. 61850 Config Used to configure the IEC 61850 and UCA 2.0 protocols on the SMP Gateway. SMP Log Used to browse through and manage the log files maintained by the SMP Gateway. All significant events are logged, including local and remote control events, system failures, special protocol events, and so on. SMP Stats Used to browse through and manage a large variety of dynamically updated statistics, ranging from full communications statistics for each link to the processor load for each protocol component.
17
SMP Trace Used to browse through the real-time traces generated by the SMP Gateway. SMP Trace can display detailed traces of all protocol and communications link activity. Traces are displayed in both hexadecimal and application protocol format. The tracing functions are similar to those usually provided by protocol analyzers, with the notable exception that they can be used remotely at any time on any SMP Gateway and that they decode information at the application level. As such, they constitute an excellent commissioning or debugging tool. SMP Connect Used to establish passthrough connections with any IED connected to an SMP Gateway, for the purpose of doing remote configuration and maintenance of IEDs using manufacturer-provided software. SMP Loader Used to load the secondary bootstrap program. Refer to Appendix A and to your SMP Gateway installation guide for details on using SMP Loader. Event Translator Used to convert event files to the COMTRADE format. The next chapter will discuss how to create a list of SMP Gateways with SMP Manager, and will then explain how to do a complete configuration of your SMP Gateway using SMP Config.
18
SMP Manager
SMP Manager is the doorway to your SMP Gateways. It runs on your PC, as do all the tools you launch through SMP Manager. You are already familiar with the application, since you added your new gateway to the list of SMP Gateways managed by SMP Manager when you installed your SMP Gateway. This section goes over a few of the points that were covered in your SMP Gateway installation guide, and provides additional information. To start SMP Manager: On the Windows taskbar, click start. Point to Programs, then Cooper Power Systems, and then SMP Tools. From the SMP Tools menu, choose SMP Manager. The SMP Manager main screen appears The Login Information window may appear. If it is the case, enter valid credentials and click OK to login.
4.1
Main Window
The following figure shows a typical SMP Manager window.
19
The list of SMP Gateways and the tools that are currently running for each gateway in the list. The current status of each SMP Gateway in the list (started, failed, safe mode, max safe mode, on standby, and various intermediate states), along with the license expiration date, if any. The SMP Gateway model/platform (ex. SMP 4/DP, SMP 16/CP, etc.) The version number of the SMP Gateway application that is installed on the gateway. The primary IP address of the SMP Gateway. Whether the SMP Gateway's built-in firewall is active or not.
You can choose which columns you want to display and their order of appearance, by rightclicking on the column header.
4.2
Type the name by which you want to identify your SMP Gateway in the SMP Gateway name box. 20 Chapter 4: SMP Manager
The Configuration file box is automatically filled with a default configuration file name. This is the file that will be created and opened by default in SMP Config. If you change this file name afterwards through the File menu, you must come back to this dialog box and change the name in the Configuration File text box, so it opens the right file at startup. In the First IP Address box, type the IP address of the first Ethernet port. You can also type the address of the second Ethernet port in the Second IP Address box, although it is not necessary to do so. If the SMP Gateway cannot be directly accessed through the network, but requires a dialup connection, clear the Automatically poll SMP Gateways status at startup check box to prevent SMP Manager from polling the gateway for its status. To use a version of the SMP Tools that is different from the version of the software installed on this specific SMP Gateway: Select Use specific version. Select the desired version in the corresponding box. Note: Only versions for which a version pack is installed on the computer will be available. To learn more about version packs, see Version Packs, page 200. Otherwise, select Use same version as SMP Gateway. Click Add. The SMP Gateway gets added to the list, and SMP Manager automatically detects the gateway model and whether an internal modem is installed.
4.3
21
Icon
Description
A device and a telephone, grayed. The gateway is configured for remote dialup but not currently connected to SMP Manager. A device with 2 red LEDs, and a yellow telephone. SMP Manager is unable to establish a connection with the gateway over the remote dialup connection.
Table 4-1
4.4
Description
The list of SMP Gateways and, if you request it, the tools that are currently running for each gateway in the list. The IP address of any SMP Gateways you have grouped together in SMP Manager. This column is not available by default. The current status of each SMP Gateway in the list (started, failed, safe mode, max safe mode, on standby, and various intermediate states). The SMP Gateway model (ex. SMP 4/DP, SMP 16/CP, etc.) Whether the SMP Gateway built-in firewall is active. This information is available only if your version of the SMP Gateway software supports security features. Indicates if the SMP Gateway is connected to SMP Manager using VPN or not. This column shows the virtual address given to the redundancy group. If the address is modified, the new address will appear beside the old one, separated by an arrow. Upon the next reboot, the device will be grouped under the new address only. This column shows whether the security is activated or not, if it is global or local, and how recent it is.
IP Address
Status
Platform Firewall
VPN Group
Security
Table 4-2
4.4.1
22
From the View menu, choose Columns, and then click the name of a column you want to add or remove.
4.4.2
23
As we saw under Principles of Operation, page 5, you have to configure the SMP Gateway before you can use it. For this, you use SMP Config to define the characteristics of your SMP Gateway and the functions it has to perform. The configuration is stored in a file that is then loaded onto the SMP, where it is stored in non-volatile flash memory. Using SMP Config, you will perform the following configuration steps:
For an SMP 16/SG, define the hardware options installed. Create a master protocol instance for each device to be supported. Define each data point on each device. Configure the communications link to be used to connect to each device. Create a slave protocol instance for each SCADA or control center. Configure the communications link to be used to connect to the SCADA. Map the device data points to SCADA data points.
You will then use SMP Manager to send the configuration file to the SMP Gateway. Note: There can only be one instance of SMP Config running at any given time. If you launch the tool for a given SMP Gateway and then launch it again for a second SMP Gateway, SMP Config will prompt you to save any changes you have made, close the configuration file of the first gateway, and then open the configuration file of the second gateway. To create a configuration file for your SMP Gateway: Start SMP Manager. Select the SMP Gateway. From the Tools menu, choose SMP Config to start the application.
25
The SMP Config display includes 3 panes. The left pane is a tree structure of all the configuration topics. The top right pane displays the settings for the topic you have selected in the left pane. The bottom right pane appears when your request that the configuration be validated; it displays error and warning messages. The gateway name is the name you assigned when you added the SMP Gateway in SMP Manager. The configuration file name on the title bar was also assigned when you added the SMP Gateway in SMP Manager. If you open the Master Protocols and Slave Protocols branches, you will see that the tree structure offers you a fixed set of protocols. These are the protocols currently supported by your product license.
5.1
You can use a template, which eases the task of configuring the master protocol instance, by automatically entering the points list for the device. SMP Config provides templates for a number of common substation devices. If no template is available, you will need to enter the points list. If you are configuring a number of devices of the same type, you can save the first device configuration as a template that you will then use to configure the other devices.
Once you have added a master protocol instance and entered its data points (manually or via a template), you can click a particular data point type in the left pane and see the list of data points and their settings in the right pane, as shown next.
26
To create a master protocol instance from a template: In the left pane, open the Master Protocols branch, to display the list of master protocols provided under your product license. In the left pane, click the protocol for which you want to add an instance. The list of all defined master protocol instances appears in the right pane. From the Tools menu, choose New Instance From Template. Choose the appropriate template, and click Open. In the dialog box, enter:
The name of the new instance. The following characters cannot be used as part of an instance name: the comma (,), the quotation mark (") and the slash (/). The device prefix. The device prefix is a string that identifies the device and is used as a prefix for all of its data point names. The prefix ensures that every name in the system is unique. An explanation of the usage of prefixes is provided under Device Prefix and Naming Conventions for Data Points, page 28.
Note: The following reserved words and characters cannot be used as part of a device prefix: the word _smp (which is the device prefix of system data points), the comma (,), the quotation mark ("), the semicolon (;) and the grave accent (`). The new instance appears in the left pane. If you open its tree structure and click the various physical data point types, all the data points supported by the device will be displayed in the right pane.
27
To create a master protocol instance manually: In the left pane, open the Master Protocols branch, to display the list of master protocols provided under your product license. In the left pane, click the protocol for which you want to add an instance. The list of all defined master protocol instances appears in the right pane. In the right pane, type the name of the new instance at the end of the list of names, and press the TAB key on your keyboard. Note: The following characters cannot be used as part of an instance name: the comma (,), the quotation mark (") and the slash (/). The new protocol instance is added in the left pane, under the protocol type you had selected. If you expand its tree branch and click an item, the corresponding protocol settings will be displayed in the right pane. Note that if you click a physical data point type in the left pane, the right pane will display an empty row since you will have to add the physical data points manually.
5.1.1
A data source name, such as the substation name: MAPLE, CEDAR. A voltage level: 220 or 25. A device name: L1 to indicate a line, T1 to indicate a transformer, F1 to indicate a feeder, BUS for a bus bar. A signal name: V_phsA_mag to indicate the phase A voltage magnitude, A_phsA_mag to indicate the phase A current magnitude, Pos_st to indicate the status of a breaker or a line switch.
With such a convention, a data point called CEDAR_220_BUS_V_phsA_mag clearly indicates the voltage magnitude of phase A on the 220 kV bus of the CEDAR substation. A data point called MAPLE_025_F1_Pos_st indicates the status of the breaker switch of feeder 1 at the Maple substation.
5.1.2
28
The string you enter will be used as a prefix for all the I/O point names of the device. It is mandatory for each instance of a protocol. It is used to distinguish data point names that are on the same device type, but on multiple physical devices. The device prefix ensures that every data point name in the system is unique. Device prefixes are described in the Device Prefix and Naming Conventions for Data Points section, page 28. Note: The following reserved words and characters cannot be used as part of a device prefix: the word _smp (which is the device prefix of system data points), the comma (,), the quotation mark ("), the semicolon (;) and the grave accent (`). Still in the General settings, enter the scanning settings. For instance, to configure a MODBUS master protocol, you would provide settings such as the following:
A Device Address, typically 1. A MODBUS Type, typically RTU Serial. A Scan Interval, typically 1000 milliseconds.
A complete description of all settings is provided in the document entitled Master Protocol Common Concepts. Protocol-specific settings are described in individual documents, such as the DNP3 Master Protocol Reference Manual. Note: The following characters cannot be used as part of a data point name: the comma (,), the quotation mark ("), the semicolon (;) and the grave accent (`).
5.1.3
5.2
29
A logical data point is a value managed by the SMP Gateway. These data points are built-in and cannot be modified, but they can be disabled. Protocol components typically support physical and logical data points of the following types:
Analog inputs are measured values. The system keeps 2 values for each analog measurement obtained: a raw value, which is usually the value retrieved from the device, and a calculated value expressed in engineering units, obtained using the following standard formula: Engineering value = (Raw Value X Scaling Factor) + Offset Binary inputs represent the state of a data point. The state is either ON or OFF. Analog and binary outputs are typically initiated by a slave component, which sends a control request originating from a control center, to the master component involved. When you create a data point, you specify the type of data and indicate how the SMP Gateway will retrieve it. General properties such as name, type and units, are independent of the type of device or protocol used. Protocol-specific properties indicate how the SMP Gateway will retrieve the data from the device. Each protocol uses its particular form of addressing, such as index values or data offsets. For example, to add a data point for a MODBUS device: Click the appropriate branch under the protocol instance. In the right pane, type the name of the data point and fill in all the appropriate settings. For instance, to define an analog input you would provide the following settings:
The name of the data point, such as BUS_VA. SMP Config will automatically add the device prefix to this name, thereby generating the full name of the data point. The input source, such as Input Registers. The input format, such as Unsigned Integer. The input size, such as 16 or 32 bits. The word offset in the MODBUS device memory. The scaling information required to convert the raw value to engineering units. The Units and Description strings used to provide meaningful data displays.
A complete description of all settings is provided in the document entitled Master Protocol Common Concepts. Protocol-specific settings are described in individual documents, such as the Modicon Modbus Master Protocol Reference Manual. A complete description of system data points can be found in the section entitled Appendix A - System Data Points on page A-1 of this manual. To access the various protocol documents: Click start, on the Windows taskbar. Point to Programs, then Cooper Power Systems, then SMP Tools, and then Documentation. From the Documentation menu, choose Protocols.
30
5.2.1
5.3
5.4
31
From the Tools menu, choose Duplicate. A dialog box appears, prompting you for the instance name and device prefix.
Type the name and prefix of the protocol instance. Click OK. The new protocol instance now appears in the left pane.
5.5
5.5.1
32
Interface
Asynchronous RS-232
Description
Use this value to indicate that the serial port is dedicated to establishing a standard asynchronous RS-232 connection. Use this value to indicate that the serial port is dedicated to establishing an asynchronous RS-422 or RS-485 connection. This value indicates that the port is used for modem asynchronous communication. The value is automatically assigned to the Modem port of an SMP 16 or of an SMP 4/DP equipped with an internal modem, and to the COM4 Board A port of an SMP 4 equipped with an internal modem. Use this value to indicate that the serial port is configured to accept incoming direct serial connections. This type of connection allows you to use the SMP Tools as if you were connected to the SMP Gateway via a normal network connection. By default, the CONSOLE port is always configured for RAS. Refer to the SMP 4 Installation Guide, GUI-00316-00026 T, the SMP 4/DP Installation Guide, or to the SMP 16 Installation Guide, GUI-00316-00032 T, for instructions on setting up a RAS IP address pool. Then refer to SMP Tools Remote Access to the SMP Gateway, page 183, in the present manual, for the step-by-step installation procedure.
Asynchronous RS-422/485
Modem Asynchronous
Redundancy
Use this value to indicate that the serial port is reserved for connecting two SMP Gateways together as a redundancy group. See Grouping 2 SMP Gateways for Redundancy, page 162. Use this value to indicate that the touch input information of an Elo Touchscreen will be transmitted to the SMP 16 using a serial cable, through this serial port. This interface is not available on the SMP 4 and the SMP 4/DP.
Elo Touchscreen
Radio
Use this value to indicate that a radio will be connected to this serial port. Use this value to indicate that the serial port is used to communicate with MiCOM relays from AREVA that provide a K-BUS interface. This interface can only be assigned to serial ports A02 and A10 of an SMP 16. For an SMP 4 or an SMP 4/DP, connect a KITZ 101 interface unit between the serial port of the gateway and the K-BUS interface of the relay.
K-BUS
Reserved
Use this value to indicate that the serial port is reserved for purposes other than those stated previously.
Table 5-1
5.5.2
33
The SMP 16 provides 16 serial ports, identified as A01 through A16. It also has a modem port labeled MODEM, which has a Modem Asynchronous interface. The SMP 16/SG can also house up to 2 additional serial ports boards, which will be identified as B01 to B16 and D01 to D16. The SMP 4/DP provides 4 serial ports, identified as COM1 through COM4. If the SMP 4/DP is equipped with an internal modem, the modem port is labeled Modem, and the Modem Asynchronous interface is assigned to it. The SMP 4 provides 4 built-in serial ports. These ports are identified as COM1 Board A through COM4 Board A. The SMP 4 also provides a built-in CONSOLE serial port. This port is identified as Built-in Console 1 Board A. This feature allows you to use the CONSOLE port as a standard serial port. If the SMP 4 has an internal modem, then it provides 3 built-in serial ports and 1 built-in modem port. These ports are also identified as COM1 Board A through COM4 Board A; however, the Interface column in the right pane indicates that the interface for COM4 Board A is Modem Asynchronous.
5.5.3
34
Select XON/XOFF (Input). The serial port driver will transmit the XOFF character if it receives more characters than it can handle, and will transmit the XON character when it will be ready to receive and process more characters. In the XON Limit cell, type the number of bytes that must be left in the reception buffer, following the transmission of the XOFF character, before transmitting the XON character. For example, if the XOFF character had to be transmitted to the device and the XON Limit setting value is set to 1, the serial port driver will wait until there is only 1 character left in the reception buffer before transmitting the XON character. In the XOFF Limit cell, type the minimum amount of free space, in bytes, that must be left in the reception buffer, before transmitting an XOFF character. For example, if the reception buffer can hold up to 500 bytes and the XOFF Limit setting value is set to 5, it means that the XOFF character will be transmitted as soon as there is 495 characters waiting to be processed in the reception buffer. If the device supports non-standard values for the XON and XOFF characters, type these values in the XON Char and XOFF Char cells, using the C-programming language notation (0x).
5.5.4
Spread Spectrum. Uses a large number of channels to send data from one radio to the other. The channel hopping is defined in a scheme common to the pair of radios. License frequency. Uses a single frequency/channel. It generally requires paying a fee for the use of the frequency. Custom. If the radio used does not correspond to any of the aforementioned type, select this value.
Expand the Radios branch, and then select the given serial port branch. Specify the serial communication settings to use for this serial port. The required settings are usually provided in the device manufacturers reference manual: Choose the device communications settings: Baud Rate, Byte Size, Parity and number of Stop Bits, such as 9600 baud, 8 bits, no parity, and 1 stop bit. Choose the device hardware handshaking mode:
35
In the RTS (Output) cell, specify how to handle the RTS (Request-to-Send) signal. In most cases, the default value will work. If RTS (Output) is set to TX Request: Specify, in the RTS Pre-delay cell, the time to wait, in milliseconds, after the raise of the signal and before the transmission of the first byte. Specify, in the RTS Post-delay cell, the time to wait, in milliseconds, after the transmission of the last byte, before lowering the signal. In the DTR (Output) cell, specify how to handle the DTR (Data Terminal Ready) signal. In most cases, the default value will work. In the CTS (Input) cell, specify how to handle the CTS (Clear-to-Send) signal. In most cases, the default value will work. In the CD (Input) cell, specify how to handle the CD (Carrier Detect) signal. In most cases, the default value will work.
5.5.5
5.5.6
36
To configure a UDP/IP connection for a master protocol component: In the left pane, click Connections, and then on UDP/IP Masters, to display the list of defined connections. In the right pane, enter the settings for the new UDP/IP connection in an empty row of the grid: Provide a significant name for the connection. In the Destination IP Address cell, type the IP address of the device. In the Destination Port cell, type the UDP port number of the device. This information is provided by the device manufacturer. In the Source Port cell, type the UDP port number that will be used on the SMP Gateway for transmission and reception. To use a random port number, type 0. (Optional) For the connection to receive data addressed to a multicast group, type the IP address of this group in the Listen IP Multicast cell.
5.6
37
5.7
From the File menu, choose Save. Note: You cannot save a configuration file that contains errors. This feature is intended to prevent you from inadvertently loading an invalid configuration file onto an SMP Gateway. However, you can save your configuration file if the Messages pane displays warnings only.
5.7.1
38
The SMP Gateway will go through a series of startup steps, which will be displayed in the Status column of your SMP Gateway. When startup is complete, if your configuration file is correct, the Status column will show Started, to indicate that the gateway has started normally. If your configuration file is incorrect, the Status column will indicate that there is a problem. There are a number of conditions that can prevent the SMP Gateway from activating a configuration. For instance, the hardware settings may not match the actual physical configuration of the SMP Gateway. If the gateway does not start up normally, turn to Troubleshooting, page 219. Now that you have a working configuration file with all the master data points, you can use the other SMP Tools and Internet Explorer to see what is going on with the SMP Gateway and with the connected device.
5.7.2
5.8
5.8.1
39
To select a group of rows or columns in a sequential order, select the header of the first one, hold down the SHIFT key and select the last one.
5.8.2
Duplicating a Row
To duplicate a row: Click the header of the row you want to duplicate. From the Edit menu, choose Duplicate Line. The row is duplicated after the last row in the display. In the following example, we clicked on a row and clicked the Duplicate Line command twice, so the row appears twice at the bottom of the list.
5.8.3
Click in the cell that contains the value you want to copy. In the example, we clicked in the CI_01 Scale cell.
40
From the Edit menu, choose Change Selection. The value is copied to the selected cells.
To deselect the cells, click Clear Selection in the Edit menu. To add cells to the selection afterwards: Select the desired cells using the CTRL key or the SHIFT key on your keyboard, per the standard Windows procedure. From the Edit menu, choose Add to selection.
5.8.4
41
To re-sequence these rows: Click the cell with Index 8. Hold down the SHIFT key of your keyboard and click the last cell in the column. From the Edit menu, choose Select Cells. The cells turn gray. From the Edit menu, choose Resequence Selection. A dialog box appears, in which you must specify the starting sequence number (7) and the increment (1). The result is shown next.
42
5.8.5
Deleting an Item
To delete a row in a grid: In the right pane, click the header of the row you want to delete. Press the DEL key on your keyboard, and confirm your intention of deleting the row. The item disappears from the grid. To delete a protocol instance: In the left pane, click the protocol type. The list of instances of this protocol type appears in the right pane. In the right pane, click the protocol instance you want to delete. Press the DEL key on your keyboard, and confirm your intention of deleting the row. The protocol instance disappears from both panes. By their very nature, serial port connections cannot be deleted in the same way. To delete a serial port connection, you have to reserve the corresponding serial port for another usage. To delete a serial port connection: In the left pane, click Serial Ports. In the right pane, choose Reserved in the Interface list of the serial port.
5.8.6
Using Tooltips
SMP Config provides context tooltips. These tooltips are not displayed on the status bar but rather appear when you point with the mouse to a cell in any grid. This type of tooltip normally displays the editing criteria for the field. For example, it may tell you that a given timeout setting value must fall between 10 and 1000 milliseconds, that the default value is 500 milliseconds, that the field is mandatory if a certain other field is selected, and so on. So they will assist you in editing grids. Here is a sample tooltip:
This feature is a great time and effort saver, as it spares you from having to wait until you try to validate or save your SMP Gateway configuration before finding out that you have a number of errors.
5.8.7
43
To access the search function: From the Edit menu, choose Find Points. OR Press CTRL-F. In the Find Points dialog box, type the point name you are looking for and click the Find button. The results appear in the list below. Select the point in the list, the application will bring you to the configuration zone of the point.
As shown above, one point can be used in several situations. If you need to change the naming scheme in your configuration, rename the point and the other points created from it will automatically bear the new name.
44
The SMP Gateway maintains an internal log of all significant events. Using SMP Log, you can select and view the various log files in real time. You can view, print, search and save all or any information in this application. To start SMP Log and view the SMP log files: In SMP Manager, select your SMP Gateway. From the Tools menu, choose SMP Log. SMP Log starts up and displays the list of available logs.
Click a log in the left pane, to view its contents in the right pane.
6.1
The Startup log records all the steps that the SMP Gateway performed when it last started. The log indicates which configuration file was loaded and which protocol components were configured and started. You should consult the startup log each time you change the SMP configuration, in order make sure it is a success. The Reset log records the time and reason for each SMP Gateway restart. It indicates whether the reset occurred because of a power failure, a request from the front panel button, a remote request, a watchdog trip, or a fatal hardware or software problem.
45
The Control log records the steps that the SMP Gateway performed in response to a local or remote control request. The Security log records all events that concern the security options such as authentication failures, file integrity check and much more.
The other SMP log files contain information that can help you and our technical support team in identifying problems.
6.2
6.2.1
6.2.2
Printing a Log
To print a log: Select a folder. From the menu View, choose Print. You can also press CTRL-P or click the printer button in the toolbar.
6.2.3
6.2.4
46
The contents of all folders will be displayed altogether in the right pane, in chronological order.
6.2.5
6.2.6
47
Using SMP Trace, you can view a continuous stream of protocol exchanges between the SMP and the substation devices, or between the SMP Gateway and the control center. At this stage, however, since you have only configured master protocol instances, you will only see the protocol exchanges that take place between the SMP Gateway and the substation devices. You can have the information displayed in UTC or local time, highlight the rows that contain specific keywords, and you can clear the current display. SMP Trace can generate a continuous log of all the events you are tracing, to a text file on your PC. It can also print or save to a text file, a snapshot of the traced events that occurred since the last time you cleared the display. To start SMP Trace and view the protocol exchanges: In SMP Manager, select your SMP Gateway. From the Tools menu, choose SMP Trace.
7.1
49
Using SMP Trace, you can view detailed traces of all the system activity. The following traces provide information that you will find useful during the configuration and maintenance of your SMP Gateway.
Master and Slave Protocol traces display the high-level information exchanges that occur between the SMP Gateway and the other system components to which it is connected. These application-level traces are similar to those provided by a protocol analyzer. They describe the requests sent to a device and the values retrieved. The Slave Protocols folder appears only if slave protocol instances are configured on the SMP Gateway. Connection traces display the data being exchanged between the SMP Gateway and a device. These low-level traces describe, in hexadecimal format, the byte stream sent and received to and from a device.
7.2
7.2.1
50
To go to the previous result, click Search Previous in the View menu, or press SHIFT-F3. Once you have found, choose Cancel Search from the View menu and only the selected result will remain highlighted. Note: SMP Trace will keep highlighting matching results as long as you have not canceled the search. You can either deselect the binoculars in the toolbar or stop the search from the View menu.
7.2.2
Printing Traces
To print currently displayed traces: From the File menu, choose Print. You can also press CTRL-P or click the printer button in the toolbar.
7.2.3
You can also choose to save it on the SMP Gateway by selecting Record to SMP Gateway. For example, if you have an SMP 4/DP with a modem on a pole outdoors and you need to save 24 hours worth of activities, long distance costs are most of the time prohibitive. Use this option and connect again 24 hours later to pick up your data. When you wish to stop the recording, click the red button again or click Stop in the Record menu.
7.2.4
51
Type a name for the file; it will be saved in text format (TXT).
7.2.5
7.2.6
52
The SMP Gateway stores a large number of real-time statistics and internal counters to help you analyze the performance of your SMP Gateway and assist you in troubleshooting your configuration. Using SMP Stats, you can view, in real time, various statistics about the communications links and about the protocol exchanges that take place between the SMP Gateway and the devices or control centers. You can have the information displayed in UTC or local time. You can also print the statistics, reset them, or save them to a text file for subsequent analysis. To start SMP Stats and view the statistics: In SMP Manager, select your SMP Gateway. From the Tools menu, choose SMP Stats. In the left pane, click the item for which you want to view the statistics. The statistics are displayed in the right pane and you can see them change dynamically.
53
8.1
The Connections folder regroups counters and statistics pages about the performance of the SMP Gateway communications components:
The Network (TCPIP) folder contains the list of all the network connections you defined under Connections, in SMP Config. Each connection has its own statistics page. The Serial (Asynchronous) folder contains the list of all the serial connections. As in the Network folder, there is a statistics page for each connection. The Modem Pool folder contains the list of any modem pools and modems you may have defined in SMP Config. The statistics found in these folders provide an easy way to monitor the communications status of the SMP Gateway. For example, you can look at the Receive counter and Transmit counter values to determine whether the gateway is exchanging data with a connected device or control center.
Note: The Modem Pool folder is visible only for the SMP 16, which has an integrated modem, and for the SMP 4 or the SMP 4/DP purchased with the modem support option. Furthermore, a modem pool must be configured on the SMP Gateway.
The Master Protocols and Slave Protocols folders contain counters and statistics about each instance of a protocol component. Each protocol component contains protocol-specific items that describe the messages exchanged with a device or control center. (The Slave Protocols folder is missing, in the previous example, because we have to define slave protocol components first.) The System folder contains counters and statistics about the operation of the SMP Gateway hardware and software.
8.2
8.2.1
Resetting Statistics
You can reset certain statistics, such as global RTDX or Web server statistics: From the menu View, choose Reset; or click the 'X' button; or press CTRL+X.
8.2.2
Printing Statistics
To print a statistics page: Select a folder. From the File menu, choose Print. You can also press CTRL-P or click the printer button in the toolbar.
54
8.2.3
55
The built-in secure Web server (eSMP) of the SMP Gateway provides an easy way to view the log files and statistics using your Internet Explorer Web browser. It is also the easiest way to view the analog and binary input and output points in real time. Note: The eSMP Web server requires version 5.0 or a later version of the Microsoft Internet Explorer Web browser. JRE (Java Runtime Environment) must also be installed on your computer. See the SMP Gateway installation guide for details.
9.1
9.2
The Home tab gives you key information about your SMP Gateway, such as its current state, at what time it started up, and the list of master and slave protocol instances contained in your configuration.
57
The Analog Input, Analog Output, Binary Input, and Binary Output tabs display the current value of all the SMP Gateway data points. The Logs tab displays the contents of the internal SMP Gateway log files. The data is the same as provided by the SMP Log program. The Statistics tab displays the SMP Gateway real-time statistics. The data is the same as provided by the SMP Stats program. The Commissioning Tool tab is only available when commissioning has been activated on the SMP Gateway. For more information about this feature, see Using the Web Server Commissioning Tool, page 69.
Note: If password security is enabled on your SMP Gateway, everything will be de-activated until you type a valid username and password under eSMP Login.
9.3
58
Note: You may specify up to 5 criteria. For example, if you type smp clock, all data points that contain the words smp and clock will be displayed; others will be hidden. Click Apply. Only the data points that contain the filter criterion in any field (such as the point name or address) will be displayed. The criterion text is highlighted over the point name.
To remove the filter: Click Cancel. All data points of the selected tab will be displayed. Each tab preserves its own filter information, allowing you to navigate through the different tabs and specify different filter criteria for each one of them.
9.4
59
60
10
Now that we have seen how to configure master protocol instances, tested the SMP Gateway configuration and viewed the collected data, we will see how to configure, using SMP Config, a slave protocol instance in order to forward the device data to a SCADA or a control center.
10.1
10.2
61
The Master Link Address, which identifies the control center. Whether or not you want to support Unsolicited Reporting. In the left pane, click Default Variations. In the right pane, specify how you want the data points to be reported. For example, you may want to specify that when there is a change to an analog input point, you want the change reported as a 32-bit value, with the time at which the event took place. A complete description of the protocol-specific settings is available in individual documents, such as the DNP3 Slave Protocol Reference Manual, for example. To access the various protocol documents: Click Start, on the Windows taskbar. Point to Programs, then Cooper Power Systems, then SMP Tools, and then Documentation. From the Documentation menu, choose Protocols.
10.3
62
Click in the Master I/O list, to display the list of data points defined for each master protocol instance. Choose the data points you want to forward to the control center. Use the CTRL and SHIFT keys on your keyboard, to extend your selection. Click the right arrow button. The data points you choose are added to the Slave I/O list. If, for example, you click a binary input point in the Master I/O list, the point is added to Binary Inputs, in the Slave I/O list. Note: The added points will be indexed in the order they appear in the Slave I/O list. For some protocols, additional arrow buttons are available to the right of the Slave I/O list. Using these buttons, you can sort the points according to your own indexing requirements. Normally, a data point that has been transferred to the Slave I/O list disappears from the Master I/O list. However, if you want the transferred data points to continue being displayed in the Master I/O list: Select the Show all enabled points check box. If you change your mind, you can remove a data point from the Slave I/O list as follows: Click the data point in the Slave I/O list. Click the left arrow button.
63
The data point is removed from the Slave I/O list and reinserted in the appropriate data point list for the appropriate master.
10.4
Each data point is automatically assigned an Index value according to the subscription order. You should ensure that these index values correspond to those expected by the control center. The Event Class setting groups data points together for subsequent reporting to the control center.
10.5
10.5.1
64
If the control center supports TLS version 1.2 or earlier, or SSL version 3.0 or earlier, select Use SSL / TLS: all data transmitted over this connection will be encrypted using the SSL/TLS protocol and all received data that will not be encrypted will be rejected. Note: The SMP Gateway does not implement RFC 5746, which defines a TLS extension for renegotiation indication. It is also recommended to use a control center or master station that does not implement this RFC, or to deactivate the transmission of the renegotiation indication extension to the SMP Gateway. Some TCP ports are reserved for the SMP Gateway core components or for specific servers/protocols. They cannot be used for TCP/IP slave connections. These ports are presented in the following table. Reserved TCP Port
20-21 23 and 107 80, 8080 and 8008 443 123 135 139 161-162 389 1200 6650 1234-1235, 4567, 26179 and 49152 1723
Usage
FTP Telnet protocol HTTP HTTPS SNTP NETBIOS NETBIOS SSN SNMP LDAP CoDeSys SMP Gateway management port Reserved by the SMP Gateway core components. PPTP
Table 10-1
10.5.2
65
Specify a significant name for the connection. Specify the UDP port number to be used. Select from the Accessible From list box whether the connection will be accessible from any computer (Any Computer), from a specific one through the SMP Gateway built-in firewall (Specific Computer or Subnet), or via a VPN connection (VPN Only (Firewalled)). If you selected Specific computer or subnet, type an address or an address range in the Specific computer or subnet cell. In the Multicast cell, select how multicast data will be handled: If the connection does not need to handle multicast data, select None. If the connection only needs to receive data addressed to a multicast group, select Listen, and then type the IP address of the multicast group in the IP Multicast cell. If the connection is intended to receive multicast data and respond to it, select Listen and Respond, and then type the IP address of the multicast group in the IP Multicast cell. Some UDP ports are reserved for the SMP Gateway core components or for specific servers/protocols. They cannot be used for UDP/IP slave connections. These ports are presented in the following table. Reserved UDP Port
161-162 1723 6650
Usage
SNMP PPTP SMP Gateway management port
Table 10-2
10.6
10.7
66
10.8
Using SMP Log, check the Startup log, to see whether the slave component was started correctly. Using SMP Stats, open the Slave Protocols folder and check whether the slave component is processing any data. Using SMP Stats, open the Connections folder, and check whether any data is being exchanged through the slave communications link. Using SMP Trace, open the Slave Protocols folder, and check whether the component is receiving requests from the control center. Using SMP Trace, open the Connections folder, and check whether any data is being exchanged through the slave communications link. Viewing the SMP Log Files , page 45. Viewing Protocol Exchanges in Real Time, page 49. Viewing Communications Statistics in Real Time , page 53. Using a Web Browser to View Data in Real Time, page 57.
See the following sections for instructions on how to proceed to view the information:
A particularly effective way to test a slave protocol instance is to use the SMP Gateway itself to set up a master protocol instance to poll the slave. Using this approach and the SMP Tools, you can easily examine the effect of the various protocol features, such as report by exception. You can also use the Web server commissioning tool, as described in the next chapter.
67
11
The SMP Gateway built-in Web server also provides a commissioning tool that simplifies the engineering effort required for the implementation and the integration of a substation. It is intended to help technician(s) and/or engineer(s) testing the SMP Gateway configuration and connectivity with the substation devices and the SCADA. The Web server commissioning tool, when configured and activated, is accessible through a Web browser, the same way than for viewing data in real-time. It may be enabled by users that have the System Management privilege, and the operation privilege is required for users that will perform the commissioning operations, which are essentially the following:
Forcing an analog/binary input point to a specific value/state. This operation allows the validation of the configuration of the SMP Gateway slave protocol and the SCADA, by verifying if all the gateway data points are correctly mapped on both sides, if minimum/maximum values are correctly handled, etc. Performing a control operation on an analog/binary output point. This operation allows the validation of the master protocols configuration, by verifying if the IED data points are correctly configured in their corresponding masters, if scale and offset settings are correctly specified for each data point, etc.
For example, by forcing each data point of an IED on the SMP Gateway, the technician/engineer can verify that these points are correctly configured, and that transitions/changes for these are correctly handled by the SCADA. On the other side, by executing control operation directly on the SMP Gateway, instead of performing them on the SCADA, the technician/engineer can validate that the masters output points are correctly configured.
11.1
69
Select the Commissioning Tool check box. Save the configuration file and send it to the SMP Gateway, using SMP Manager. Restart the SMP Gateway. Your SMP Gateway now supports the commissioning feature, which still need to be activated by a user that has the System Management privilege, as described in the following section.
11.2
The button text will change to Deactivate, and the button on the right will become available. The operator may now open a commissioning session. Note: Commissioning will remain active until the left button is clicked again to deactivate it. If the SMP Gateway is restarted, the commissioning feature activity state will be persisted: if it was active prior to the restart, it will be active at startup and vice-versa. However, opened sessions are closed.
11.3
70
Click Yes. The button text will change to Deactivate and the Commissioning Tool tab is now available. To use the commissioning tool, click the Commissioning Tool tab.
Note: The commissioning session will remain open as long as the Web browser will remain connected to the Website, or until the user click again the button on the right. The session is also closed when the SMP Gateway restarts.
11.3.1
The toolbar, which is located at the top. Is used for filtering, forcing, control operation and acknowledging purposes. It is an extended version of the toolbar available in other data point tabs, and its content varies in function of the type of the selected data point(s). The following figure shows the toolbar for a binary input point:
71
The data points list. Displays the data points of every protocol instance or subsystem of the SMP Gateway. This implies that a data point that is configured in a master protocol and in two slave protocols will be listed three times. The Messages pane, which is located at the bottom. Displays a log of all commissioning tool operations, statuses and errors.
The columns of the data point list are mostly the same that are displayed in the other data points tabs. The following columns are specific to (or different in) the commissioning tab:
Instance. The name of the protocol instance or subsystem to which the data point belongs. Type. The data point type. Integer Value. Usually, the integer value of an analog point is displayed here. In the commissioning tool tab, it is also used for the state of a binary input point, as the State column is only used for binary output points. State. As stated above, in the commissioning tool tab, this column is used to display the current state of a binary output point.
The various commissioning operations that you can perform are described in the following sections.
11.3.2
72
11.3.3
11.3.4
Perform a control operation using the Commissioning Tool, to make sure that the point is correctly configured in the SMP Gateway master configuration and that the control result is correctly reported to the SCADA. Perform a control operation from the SCADA standpoint, as a final validation to make sure that both the SCADA and the SMP Gateway slave configurations are correct.
To perform a control operation using the commissioning tool: In the data points list, select the output point you want to test. In the commissioning toolbar: Specify the control type using the Control drop-down list. Note: If the output point supports select and execute control types, remember to test both control types. Specify the control value: If it is an analog output point, select the control value type (Integer or Float) using the appropriate drop-down list, and then type the control value in the edit box. If it is a binary output point, select the control state (Pulse, Open or Close) using the appropriate drop-down list. If you selected Pulse, type the pulse duration, in milliseconds, in the edit box. Click Execute to perform the control operation.
73
In the Messages pane, you should see two new messages: the first one indicates that the control operation has been performed; the second displays the operation result. If the operation was successful and both the SMP Gateway and the SCADA are correctly configured, the control operation result should be reported correctly up to the SCADA. Note: You cannot perform control operations on multiple output points simultaneously. As mentioned earlier in this section, the validation of the output point`s configuration at the SCADA and in the SMP Gateway is achieved by performing a control operation directly from the SCADA. Even if it does not involve the commissioning tool, the Web browser can still be useful, since it gives access to the SMP Gateway log files, including the Control log file. Various entries are added to the Control log when a control operation is executed on the SMP Gateway, making it an essential resource for this portion of the commissioning task. To consult the SMP Gateway Control log entries in the Web browser: Select the Logs tab. In the left pane, select the Control log file. All the log entries will appear in the right pane, the oldest entry being displayed at the top.
11.3.5
As stated in the dialog box, the commissioning tool will restore all forced points to their acquisition values. Click Yes. The button text will change to Activate and the Commissioning Tool tab will no longer be available, until a new session is opened.
74
11.4
The button text will change to Activate, and the button on the right will become unavailable.
75
12
Security
To derive full benefits from IED integration, substation data must be available to users at enterprise level. However, widespread data access can become an important security risk if it is compromised.
12.1
Authentication and authorization. Each user is authenticated by the SMP Gateway via a user name and a password. Strong passwords, individual user accounts, user groups, and detailed group permissions protect critical system functions from unauthorized access. All access attempts are logged, and some authentication policies can be defined to lock out specific accounts in the event of multiple failed attempts.
Note: This security model can be extended, by purchasing Yukon IED Manager Suite. See Extending the SMP Gateway Security Model, page 80 for details.
Built-in Firewall. The SMP Gateway is protected by a built-in firewall, which only allows communications with specific users, computers and programs, including those with the SMP Tools, which goes through a TLS-encrypted access port. This feature limits access to the SMP Gateway internal components and services. Monitoring and locking of remote connections. Modem and passthrough access is continuously monitored, and can be enabled or disabled by the control center. All accesses are logged and limited to authorized users. Integrity checking. All SMP Gateway software and firmware components are digitally signed in order to ensure their authenticity and integrity. All executable files are also continuously monitored to prevent execution of unauthorized code.
12.1.1
At SMP Manager startup; In the console of a terminal application, when a user connects to the SMP Gateway passthrough server command line interface via the passthrough direct access port; 77
In a Web browser, when a user tries to connect the SMP Gateway Web server without launching the browser from SMP Manager.
By default, no appropriate use banner is configured on the SMP Tools computer and on the SMP Gateway. To set up an appropriate use banner: Create a text file named Banner.txt. The file should have the following form: [Title] <Insert the Appropriate Use Banner dialog box title here.> [Text] <Insert the appropriate use banner text here> Under Title, type a title for the dialog box that may be used to display the banner. Under Text, type the banner text required by the security policies of your company. To display the banner only at SMP Manager startup, copy the banner file to the following folder: \Documents and Settings\All Users\Application Data\Cooper Power Systems\SMP Tools To display the banner for all other accesses to the SMP Gateway, upload the banner file to the SMP Gateway: In SMP Manager, from the Update menu, choose Send File(s). Select the banner text file and click Open. Restart the SMP Gateway. The following screenshot presents an example of an appropriate use banner that is displayed at SMP Manager startup.
Note: Yukon IED Manager Suite has its own appropriate use banner mechanism, which overrides the SMP Gateway local banner. Refer to the Yukon IED Manager Suite documentation for more details.
12.1.2
78
which ones are not. An easier way to get this information is to look at the SMP Gateway Security log using SMP Log. Note: Only users with security management privileges can view the Security log in SMP Log. To identify ports those are opened in the SMP Gateway firewall: Start SMP Log (see Viewing the SMP Log Files, page 45). Select the Security folder. In the right pane, navigate through the various entries until you reach the ones that are timestamped at the date and time of the last startup. There should be an entry for each firewall rule.
12.2
12.2.1
TCP/UDP 6650. This is the SMP Gateway management port. All the network messages exchanged between the SMP Gateway and the SMP Tools go through this secure port, and are encrypted using the Transport Layer Security (TLS) protocol (formerly known as Secure Sockets Layer or SSL). TCP 443. This is the Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) port, which will be used by Internet Explorer to access the SMP Gateway Web server. UDP 23. The legacy status server port. Through this port, legacy versions (5.0 or earlier) of SMP Manager can monitor the status of the SMP Gateway.
79
Firewall rules can be defined to restrict access through these ports in the firewall. However, be careful with the 6650 TCP port: if full access is restricted through this port, you may no longer be able to connect to the SMP Gateway using the SMP Tools. If this situation happens, refer to Recovering from a Firewall Lockout, page 225, to learn how to fix this issue. To configure the built-in firewall and define additional access rules, see Configuring the Firewall, page 92.
12.2.2
Port
6650
Protocol
TCP / UDP TCP UDP
443 23
Table 12-1
Prior to version 5.1 of the SMP Gateway software & tools, SMP Tools used Microsoft DCOM technology, instead of a single encrypted access port. Additional ports were also used, for Telnet communications and File Transfer Protocol (FTP) exchanges. As it is possible to use some functionality of the legacy versions of the SMP Tools with the recent gateway software, and recent versions of the SMP Tools with legacy gateway software, backward compatibility issues are discussed in the Legacy SMP Gateway Software and Tools Compatibility section, page 96.
12.3
80
12.4
Defining your authentication policy. Customizing the various user groups and privileges. Identifying your users, setting their passwords, and assigning them to user groups. Validating and saving the security database on your PC. Sending your security database to one or more SMP Gateways.
In this section, you will also learn how to perform the following actions:
Retrieving the security database of an SMP Gateway and storing it locally. Disabling the security database of one or more SMP Gateways. Unlocking a user account that has been locked out following failed login attempts. Viewing the security log.
12.4.1
12.4.2
81
The Authentication Policy dialog box appears, as shown in the next illustration, and you are ready to enter the information. The description and purpose of each setting is presented a bit later, in the following pages.
Modify the authentication policy to suit your needs, and then click OK. To modify your authentication policy on subsequent occasions: Log into SMP Manager with an authorized username and password. From the Security menu, select Edit Local Security Database. The Local Security Database Editor window appears. From the Security menu, choose Authentication Policy. The Authentication Policy dialog box appears. It contains the following elements: Element
Security Configuration
Description
This section of the dialog box provides a description of the security database, and shows when security database was last modified. Use this box to enter a meaningful description for your security database. This description will appear on the title bar of the Local Security Database Editor window. This read-only box indicates which SMP Manager user last modified the security database. This read-only box indicates the date and time when the security database was last modified.
Description
Modified by
Date modified
82
Element
Password
Description
This section of the dialog box specifies the rules that passwords must meet when users set their new passwords. Specifies the minimum number of characters that a password must contain. If selected, specifies that a password must contain at least one character from each of the following categories: English alphabetic (a through z or A through Z) Numerals (0 through 9) Non-alphanumerical (such as !, $, # or %, for example)
Account Lock
This section of the dialog box specifies whether a user account is to be locked out from SMP Gateway access if the user fails to log in properly and if so, what are the locking and unlocking parameters. If you select this check box, user accounts will be locked out if the user fails to log in properly. The parameters that follow define the locking and unlocking rules. Note: User accounts of the Administrators group may only be locked out if the Enable SMP Gateway administrator account lock check box is also selected (see below).
Maximum number of failed login attempts Lock account if max failed logins within
Specifies the number of times a user can enter incorrect login information before its account is locked out. The system will lock out the user account if the user makes the maximum number of failed login attempts within the number of minutes specified here. If selected, indicates that a locked user account will be automatically unlocked by the system after a certain amount of time (see Remove lockout after, below). The number of minutes after which a locked user account is automatically unlocked by the system. If selected, indicates that accounts of the members of the Administrators group are also subject to account locking. The number of minutes after which a locked administrator user account is automatically unlocked by the system.
Enable SMP Gateway administrator account lock Remove administrator lockout after
Table 12-2
Modify the authentication policy to suit your needs, and then click OK. The dialog box closes. The description of your security database appears in the title bar of the Local Security Database Editor window, and your authentication policy goes into effect as soon as it is sent to the concerned SMP Gateway(s).
83
12.4.3
Description
Update security database: users, groups, and privileges; unlock user accounts; access to Security and Firewall logs. Update firmware, software, license and components; configure redundancy, VPN, RAS, and SNMP; console access. Update the SMP Gateway configuration file.
Groups
Administrators
System Management
Administrators
Configuration
Administrators, technicians. Administrators, technicians, operators. Administrators, technicians, operators. Administrators, protection engineers. Administrators, technicians, operators, guests. Administrators, operators.
Read only
Diagnostic
Use the SMP Gateway diagnostics tools: SMP Log, SMP Trace and SMP Stats. Perform direct IED maintenance via passthrough connections (SMP Connect). Monitor and obtain Web access to the SMP Gateway central database.
Device maintenance
Monitoring
Operation
Perform control, tag management and force operation on I/O points; use the commissioning tool. Obtain remote access via dial-up or VPN.
Remote access
Table 12-3
12.4.4
One predefined user, namely an administrator with full privileges. 5 predefined user groups, each with predefined privileges. Privileges are described in the Local Security Database Editor, and in the Groups and Privileges section, page 84.
You may want to add, delete or rename the user groups and change their privileges to reflect the security policy of your particular organization.
84
To edit user groups and privileges: From the Security menu of SMP Manager, choose Edit Local Security Database. The Local Security Database Editor window appears. If you click a user group in the left pane, the right pane shows the privileges assigned to this group and gives a description of each privilege.
To rename a group: In the left pane, select the group to rename. From the Group menu, choose Rename. Type the new name. Note: You cannot rename the Administrators group. To delete a group: In the left pane, select the group to delete. From the Group menu, choose Delete. You will be advised if there are any users assigned to the group you are about to delete. Note: You cannot delete the Administrators group. To create a new group: From the Group menu, choose New. Type the name of the new group. You cannot create, delete or rename privileges. However, you can choose which predefined privileges you want to assign to a particular group. To assign privileges to a group: In the left pane, select the group. In the right pane, select desired privileges check boxes for this group. Clear other privileges check boxes.
85
12.4.5
To assign a password to a new user or to change the password of an existing user: In the left pane, select the user. From the User menu, choose Set Password. In the Set Password dialog box, type and confirm the new password. Note: The first time you edit the security database, we strongly suggest that you rename the user called Administrator, because the name is so revealing that it exposes the account to brute force attacks.
86
12.4.6
12.4.7
To create a backup copy. To transfer your security database from one PC to another.
To manually save the security database to a file on your PC: From the Security menu, choose Send to File. In the Send Security to File dialog box, specify a file name and click Save.
12.4.8
87
If the logged in user has security management privileges, the optional Security column contains the message Local: Up to date to indicate that the local security policy on the Abbey Road gateway matches the one located on the PC. Otherwise, the Security column only displays whether security is enabled or not on the gateway, without telling if the local security database is up-to-date.
12.4.8.1
12.4.8.2
Up to Date. The security database on the SMP Gateway is the same as the security database that is currently active on your PC. This is the normal case. Older (date and time). You sent a security database to the SMP Gateway, but subsequently modified the local
88
security settings. Therefore, the security database on the SMP Gateway is older than your local security database.
Newer (date and time). You sent a security database to the SMP Gateway, but someone on another PC subsequently modified his or her own local security database and sent it to the SMP Gateway. n/a. The software installed on the SMP Gateway does not support the security features.
If the SMP Gateway contains an older security database: Send your local security database to the SMP Gateway. The Status column will now display Local: Up to Date. If the SMP Gateway contains a newer security database: Contact the person who manages this SMP Gateway configuration, to determine if the changes are appropriate. If you agree: Retrieve the security database from the SMP Gateway in order to update your own local security database. The Status column will now display Local: Up to Date. Otherwise (if the modifications should not have been made): Send your own local security database to the SMP Gateway. The Status column will now display Local: Up to Date.
12.4.9
12.4.10
89
Note: Only your authentication policy and your user groups and privileges are disabled. Other security functions, such as integrity checking and firewall and VPN management, are not disabled. You can reactivate the security database of one or more SMP Gateways by sending them your local security database, as described under Sending the Security Database to One or More SMP Gateways, page 87.
12.4.11
Click Unlock to unlock the account(s). Following the unlocking operation, the number in the Accounts locked box is decremented accordingly.
12.4.12
All authentications, whether granted or refused. All user account locks and unlocks. All configuration, maintenance, and security management activities. All console, Web and passthrough server accesses.
90
Integrity check status information. Security server status information. All ports those are open in the SMP Gateway built-in firewall.
To view the security log: From the Tools menu of SMP Manager, choose SMP Log. In the SMP Log application window, click the Security folder in the left pane. The security-related events will appear in the right pane.
12.5
12.5.1
In the SMP Manager window, the Status column shows that the SMP Gateway is in Safe mode. All device points are tagged with a communications failure attribute. A series of alarms are generated, at the SCADA level or in a local HMI. The Reset log indicates that the integrity check function has restarted the SMP Gateway in safe mode. The Security log contains an entry indicating when the problem was detected, and several entries identifying each file that failed the integrity check. It can take up to 5 minutes for all entries to appear in the log.
12.5.2
91
If the SMP Gateway goes into safe mode after the update, contact Cooper Power Systems Technical Support (see Getting Assistance, page 2).
12.6
12.6.1
To allow a service through the firewall, select Allow. To restrict access to a specific computer of subnet, select the appropriate setting in the Accessible From cell and enter the name or address of the computer/subnet in the Specific Computer or Subnet cell. Note: If you plan to use legacy versions of the SMP Tools to monitor SMP Gateways with recent software installed, access must be given to the Legacy Status Server service. Otherwise, the legacy SMP Manager will not be able to monitor the gateway status. Moreover, depending on the strategy used to address DCOM access to the SMP Gateway, access to the VPN service may also be required. If VPN is not an option, a final alternative is the definition of all ports, including those used by DCOM, as custom firewall access rules. To learn how to define custom firewall access rules, see below. For more information regarding legacy software versions compatibility, see Legacy SMP Gateway Software and Tools Compatibility, page 96. If a service is not present in the list, refer to Restricting Access to Other Services, page 93, to see if access is not configured somewhere else in SMP Config. If it is still not the case, a custom firewall rule must be defined.
92
To define a custom firewall access rule: In SMP Config, expand the Firewall branch, and then the Rules branch. At the bottom of the right pane, a list of custom rules is displayed. Note that no custom rule is defined by default.
In the Name cell, and enter a short name to briefly describe the rule you are about to define. Select Allow to allow access. OR Clear the Allow check box to restrict access. Select the protocol (either TCP/IP or UDP/IP). In the Port Range cell, enter the number(s) of the port(s) for which you want to permit/restrict access. You can enter multiple ports, separated by commas. Port ranges are defined using a dash: for example, 1270-1280 means that the rule applies to all ports between and including ports 1270 and 1280. If the rule applies to a specific computer or subnet, enter this information in the Accessible From and Specific Computer or Subnet cell. In the Description cell, you can enter additional information to further describe the rule. This field is optional. To delete a rule: Click in the row. You will see an arrow on the left side of the right pane. Click the arrow and press the Delete key.
12.6.2
12.6.3
93
To disable the built-in firewall: From SMP Config, under the System branch, select Firewall, and then General.
12.6.4
12.7
94
12.7.1
12.7.1
95
From the Tools menu, choose SMP Config. In the left pane, expand the Passthrough branch, and then select the Connections branch. In the right pane, select the passthrough connection, and then either select or clear the Locked at Startup check box.
12.8
12.9
12.9.1
The most secure approach is to establish a VPN (Virtual Private Network) connection between the substation LAN and the client workstations on the corporate LAN. A VPN encapsulates and encrypts network messages before forwarding them to the recipient. You will not need any special setup when installing the SMP Tools. This approach will also secure access by any other tools. If you cannot use a VPN, you will need to open the necessary ports for DCOM and other SMP Gateway services on the firewalls and routers that connect to the substation LAN.
Here is the list of ports and port ranges that you have to open in the substation LAN firewall, to let a PC on one side of the firewall communicate with an SMP Gateway on the other side of the firewall: Application
FTP server Telnet SMP Gateway status Web server RPC server and DCOM
Port
21 23 23 80 135
Protocol
TCP TCP UDP TCP TCP
96
Application
DCOM SMP Gateway maintenance server
Port
1024 to 65535 49152
Protocol
TCP TCP
Table 12-4
Ports to open in a substation LAN firewall, when not using VPN Port
161 162 123 1200 32500 (configurable)
Application
SNMP server SNMP traps SNTP server CoDeSys server Passthrough direct access port
Protocol
UDP UDP TCP TCP TCP
Table 12-5
Optional ports to open in a substation LAN firewall, regardless of VPN usage Port
23 1723 -
Application
SMP Gateway status PPTP (VPN) PPTP (VPN)
Protocol
UDP TCP and UDP GRE
Table 12-7
If you configured system folders on your SMP Gateway (see Defining System Folders, page 111) and the Windows built-in firewall is enabled on your PC, you must also open the following ports:
445 (TCP protocol). 137, 138 and 139 (UDP protocol), if you are running NETBIOS on your network. 97
Note: This configuration will work only if your network does not use address translation. Check with your network administrator.
12.9.2
12.9.3
12.9.4
12.9.4.1
98
Note: To manually set up a VPN connection, the user must have the System Management privilege for the SMP Gateway. To manually set up and use a VPN connection: In SMP Manager, select the gateway for which you want to configure a VPN connection from your PC. From the Gateway menu, choose Make VPN Connection. What happens when you click this function the first time is: It creates a new connection in the Network Connections view of Windows Control Panel. In SMP Manager, in the VPN column for the selected gateway, you will see the Connecting status message, then Connected. In Windows, open the Start menu, and navigate up to the following menu: \All Programs\Accessories\Communications Select Network Connections. You will now see a new icon named after your gateway, under Virtual Private Network. You are now ready to use your tool/application through the VPN connection. Note: Microsoft Windows XP only allows 2 outgoing VPN connections simultaneously. To disconnect from the VPN: From the Gateway menu, choose Disconnect VPN.
99
13
Most manufacturers of recent IEDs provide native vendor tools (NVT) for the configuration and maintenance of their devices. These tools usually connect to the device using a serial link or, less frequently, a network connection. The optional SMP Gateway passthrough feature gives you the ability to use PC-based tools to access the devices connected to an SMP Gateway. With this feature, the SMP Gateway serves as a terminal server for remote maintenance, monitoring and control of the connected devices.
13.1
Principles of Operation
Most native vendor tools expect IEDs to be connected to serial ports on the PC. Since IEDs are now connected to the SMP Gateway instead, the passthrough function has to intercept this communications link and provide a mechanism to exchange data between the NVT and the SMP Gateway. The passthrough functionality is implemented by two software components: the SMP Connect windows application, which is part of the SMP Tools suite, and the SMP Gateway Passthrough Server. An overview of the passthrough functionality is presented in the illustration that follows.
101
PC
SCADA
VIRTUAL LOOPBACK PORT NVT
SMP CONNECT
COMM LINK
SLAVE COMPONENT
PASSTHROUGH SERVER
MASTER COMPONENT
COMM LINK
SMP GATEWAY
DEVICE
Figure 13-1 The passthrough process explained A virtual loopback connection must be set up between SMP Connect and the NVT. This allows SMP Connect to intercept the communications link from the maintenance or configuration tool, and forward the data to the SMP Gateway. The SMP Gateway passthrough server then forwards the data to the device via a serial link. The result is that maintenance and configuration tools can operate as if the device were directly connected to the PC. While the PC application is communicating with the IED or RTU, the latter may have to suspend its data acquisition; depending on the serial link and device type involved, it may be necessary for all devices on the link to suspend their data acquisition, even though only one device is engaged in communications with the PC application. This suspension is illustrated using a red X in Figure 13-1. SMP Connect terminates the passthrough connection if a problem arises or if there is no data exchanged during a specified timeout period.
13.1.1
102
For more information on this specific passthrough feature, refer to the Using the SMP Gateway Passthrough Server Command Line Interface technical note, AUT-00316-00059 T.
13.2
Using SMP Config, you identify the devices that will be accessed through passthrough connections. For each device, you provide information such as the SMP Gateway port to be used for the passthrough connection, and the timeout after which the passthrough connection is to be terminated after the last data exchange. In SMP Connect, you identify each application that will communicate with a device via a passthrough connection. For each of these applications, you specify the type of loopback connection to be established between SMP Connect and the application, and you define the communications settings of the loopback connection.
13.2.1
Create a new connection by entering the following information in the empty row:
IED Name. This name will be used to identify the device in the SMP Connect program. You should use the same name that you assigned to the device when configuring the master protocol component that it communicates with. Connection. Choose the serial port or the TCP/IP connection that links the SMP Gateway to the configuration port of the device. Some devices use separate configuration and data ports. If it is the case, you must use two separate cables to connect the device to the SMP Gateway and specify here the port that will be used by the IED maintenance and/or configuration programs; otherwise, the port must be the same as the one used by the master protocol.
Note: Encrypted master TCP/IP connections cannot be used for passthrough, as it is assumed that the NVT already encrypts communications if required by the IED. To learn how to deactivate encryption for a given master connection, see Configuring TCP/IP Master Connections, page 36.
Usage. This setting allows special passthrough usage, in configurations where multiple simultaneous connections are required, or when the client application uses a protocol that requires additional processing from the passthrough server. The following options are available:
103
Telnet. Select this value if the client application uses the Telnet protocol to communicate with the IED FTP. Select this value if the client application uses the FTP protocol to exchange files with the IED. SMP Tools. Select this value to define a passthrough connection that will be used to monitor the status and activity of another SMP gateway, using the various SMP Tools such as SMP Manager, SMP Trace and SMP Log. Web. Select this value if the client application is Web-based and uses a Web browser to communicate with the IED. Normal. Select this value for standard passthrough usage.
Note: Only Normal usage is supported for serial passthrough connections. Moreover, if the direct access port is enabled on the SMP Gateway, it is not possible to define passthrough connections for any other usage than Normal.
Connection Count. This setting indicates the number of simultaneous passthrough connections that are required for the Usage specified. In most cases, the Default value is appropriate for this setting, because the corresponding number of connections that will be created by the passthrough server is function of that usage. However, if connectivity or performance issues are encountered, try some specific values instead of Default.
Note: One typical example is the use of the Mozilla Firefox and Google Chrome browser, which require more simultaneous connections than Microsoft Internet Explorer. As the default connection count is based on Internet Explorer requirements, a custom value may be required if another web browser is used.
Suspend Link. This setting indicates that data acquisition should be suspended for all other devices sharing the multidrop link while SMP Connect is communicating with the selected device. If selected, acquisition of the remaining devices will be suspended. This setting applies only to devices that support the feature. Suspend IED. This device-specific setting indicates whether or not the master protocol component should suspend data acquisition while SMP Connect is communicating with the device. IED Address. This address identifies the device in a multidrop configuration. This setting is ignored if the Suspend IED check box is not selected. Modem Signals. This setting specifies whether or not the serial port associated with the IED supports modem control signals. If selected, the DTR and RTS modem control signals will be transferred across the passthrough connection. By default, modem control signals are NOT transferred.
104
Locked at Startup. This setting is a security feature. If selected, the passthrough connection will not be available when the SMP Gateway starts up. You can subsequently make it available by enabling specific logical data points, as explained under Locking Incoming RAS and Passthrough Connections, page 94. Inactivity Timeout. This mandatory setting specifies how long the passthrough connection link established by SMP Connect can remain inactive. If the program detects that no data exchange occurred between the device and the application during the specified timeout period, it prompts the user to either terminate the session or specify a longer wait time. Comments. This optional setting is used to store the instructions that will be displayed to the SMP Connect operator, such as telling him which communications program to use with the device.
13.2.2
Virtual serial. This is the preferred choice. Real serial. You set up this type of connection only if the device manufacturers application cannot use a virtual communications port. TCP/IP. You set up this type of connection only if the device manufacturers application uses TCP/IP.
TCP/IP and virtual serial loopbacks do not require any further physical modifications to the configuration. To set up a real serial loopback connection: Configure the device manufacturers application to use one of the PC serial ports, COM1 for example. Attach a null modem cable to this serial port. Note: A null modem cable is an RS-232 cable that crosses the sending wire with the receiving wire. Instead of attaching the other end of the cable, to the device, attach it to a second serial port of the same PC, for example COM2. Note: Most modern PCs are equipped only with a single serial port. If virtual communications ports are not supported by the application and the PC is only equipped with a single serial port, a serial expansion card must be installed on the PC.
13.2.3
105
available applications, and for each application that must remotely access a substation device, you have to provide the following information:
Specify whether the application is to be started manually, identify the path to the application, and provide any arguments required by the program. Specify what type of loopback connection is to be used between SMP Connect and the application, and define the communications settings of the loopback connection. Loopback connection types are described in section 13.2.2, above.
To start SMP Connect: In SMP Manager, select your SMP Gateway. From the Tools menu, choose SMP Connect. The SMP Connect application window appears, showing a list of all the passthrough connections you previously configured with SMP Config for this SMP Gateway.
The top portion of the screen shows the settings you entered in SMP Config, with one additional piece of information: the Status column, which indicates whether a passthrough connection is currently being used for a particular device. The bottom portion of the screen shows a trace of passthrough connection events. To access IED application and loopback settings: Select the device in the top pane of the SMP Connect window. From the Control menu, choose IED Application Settings.
106
To add an application to the list: In the IED Application Settings dialog box, click Add. In the dialog box that appears, type the application name and click OK. Select the newly created application in the list. Under Application Settings: Specify whether the application is to be started manually. If you select to start it manually, then when you connect to the device, SMP Connect will start the passthrough and loopback connections without starting the application; you will be able to start the application manually. Type the complete path to the application executable file. Type the command line arguments required by the application, if any (see the manufacturers documentation). Under Local Communication Settings: Specify whether SMP Connect is to use a virtual serial loopback, a real serial loopback, or a TCP/IP loopback connection to communicate with the NVT. Most manufacturers tools use a serial (virtual or real) connection. However, if you are using a terminal emulator program such as Microsoft HyperTerminal to communicate with the device, you can use a TCP/IP loopback connection. Click Configure to specify the loopback connection settings: The application port (serial only). The communications settings, such as parity, data bits, stop bits, flow control (serial only). The SMP Connect port (real serial only). The logical port number for the TCP/IP connection; type the same TCP/IP port number that you set in the device manufacturers tool or in the HyperTerminal program (TCP/IP only).
107
An indication whether your application uses the Telnet protocol, or not. Most terminal applications using TCP/IP do use the Telnet protocol, so the check box is selected by default (TCP/IP only). Under Remote Communication Settings: Specify whether you want the passthrough server to wait until the application first data transmission before initializing the connection between the device and the SMP Gateway, or initialize it as soon as the application is started. Specify whether you want the passthrough server to automatically reset the passthrough connection upon transmission failure. If you select this check box, specify the time to wait following the detection of the transmission failure before resetting the connection. Note: You can also use the Apply base settings for arrow-button to apply default base settings for some type of applications. Repeat the previous steps for all applications. Make sure you click OK to save the settings and close the IED Application Settings dialog box.
13.3
13.4
Using SMP Config, check the Suspend IED setting for the selected passthrough connection. If you modified the setting, remember to load the modified configuration and restart the SMP Gateway. Using SMP Connect, check the message pane to see if the passthrough connection is being activated correctly. Using SMP Trace, open the Master Protocols folder, and check whether the component is receiving requests from the control center.
108
Using SMP Trace, open the PassThruServer folder, and check whether any data is being exchanged with the device. Using SMP Trace, open the Connections folder, and check whether any data is being exchanged with the device.
13.5
13.6
109
13.7
110
14
Many devices produce digital fault records or other event files. You can setup your SMP Gateway so that it automatically retrieves these files and stores them on one or more computers for subsequent analysis. Using SMP Config, you will go through the following steps:
Define system folders. These folders can either be located on the SMP Gateway or on a remote computer. Specify in which system folder(s) master protocol instances will store the event files that they retrieve from the device.
14.1
Remote System Folders. A remote system folder is a shared folder on a remote computer, which is identified using the Unified Naming Convention (UNC). Essentially, you refer to such a folder by combining the computer and folder names (ex. \\ComputerName\SharedFolderName). To use remote folders, the SMP Gateway must have access to a WINS server in order to resolve computer names. See the SMP Gateway installation guide for more information. Local System Folders. This type of folder is located on the SMP Gateway itself. Be aware that disk space is limited on an SMP Gateway, if you compare it to nowadays computers hard drives.
To define system folders in a SMP Gateway configuration: Start SMP Manager. Select the SMP Gateway that will retrieve event files. From the Tools menu, choose SMP Config. In the left pane of the SMP Config window, click System Folders.
111
For each new remote folder, enter the following information in the Remote System Folders pane:
The numerical Folder ID, which is a number ranging from 1 to 99. On an SMP Gateway, each system folder, remote or local, must have a unique ID. The folder Name. This name references the folder in master protocols file-retrieval settings. It is also used in traces, logs and stats. The Location of the shared folder, using the Unified Naming Convention. For example, the location \\cpu104\Events refers to a shared folder called Events on a computer named cpu104. A Username and a Password, if access to the shared folder is secured. You must use the machinename\username or domainname\username format. The number of bytes that will trigger a transition on a specific logical data point, thereby advising you that space is running low (see Appendix A - System Data Points, page A1). The maximum value you can type is 2,147,483,647, and the default is 0 (no notification at all). Select the Compress check box to compress and archive event files to a ZIP file. If a given event is made of multiple files, all files will be compressed and archived together in the same ZIP file. Optionally, you can provide a description of the folder. The numerical Folder ID, which is a number ranging from 1 to 99. On an SMP Gateway, each system folder, remote or local, must have a unique ID. The folder Name. This name references the folder in master protocols file-retrieval settings. It is also used in traces, logs and stats. The number of bytes that will trigger a transition on a specific logical data point, thereby advising you that space is running low (see the Master Protocol Common Concepts document for details). The maximum value you can type is 2,147,483,647, and the default is 0 (no notification at all). Select the Compress check box to compress and archive event files to a ZIP file. If a given event is made of multiple files, all files will be compressed and archived together in the same ZIP file. Optionally, you can provide a description of the folder. Chapter 14: Retrieving Event Files from Devices
For each new local folder, enter the following information in the Local System Folders pane:
112
14.2
New files only. Only those files that were generated since the last time a file was retrieved from the device. Files from last X days. All files generated in the last X days, regardless of whether or not some of them may have already been stored in the system folder. If you choose this option, you must specify the number of days in the Max File Age box.
In the Minimum Free Disk Space box, specify the amount of disk space that has to be available in the system folder in order to store an event file. When there is less disk space 113
available than what you have specified, the event files will no longer be retrieved from the device. The maximum value you can type is 2,147,483,647, and the default is 0. If you type a value of 0, available disk space will not be verified. Optionally, you can type some meaningful information in the Extra Info box. This information will be appended to each event file name. Optionally, you can provide a description of the event file(s).
114
15
Sequence-of-events recorders (SERs) are widely used in the power industry. Some IEDs and RTUs are dedicated SERs, while other devices implement the SER functionality as part of their function set. The SMP Gateway also provides an SER function, which allows the generation of events for IEDs that do not support this feature. This chapter describes how the SMP Gateway can generate events based on real-time acquisition data, presents the format in which these events are available, and explains how to configure this feature using SMP Config.
15.1
Events
The SMP Gateway SER generates events based on the real-time data it acquires from IEDs and RTUs, notably through master protocols, when specific trigger conditions occur for selected data points: these data points are called event data points.
15.1.1
15.1.2
Trigger Conditions
An event is generated when one of the following conditions occurs:
The state (value) of an event binary input has changed. The quality of an event binary input has changed. A control operation was performed on an event analog output. A control operation was performed on an event binary output.
115
15.1.3
Quality Flags
The quality flags used for events are slightly different than those used in RTDX for real-time data. Actually, they are a subset of the RTDX quality flags:
Only the Good (OK) and Forced event quality flags have the same meaning for events than in RTDX. All other RTDX quality flags translate to the Suspect event quality flag.
For additional information about RTDX quality flags, see Appendix B - RTDX Status Flags, page B-1.
15.2
15.2.1
Additional Entries
Additional entries are added to the Sequence of Events log when:
the SMP Gateway restarts; the SMP Gateway internal clock is adjusted, which results in a time change.
15.2.2
Syslog
Entries stored in the Sequence of Events log can also be transmitted to a syslog receiver.
15.3
Activate the SER function. Customize the format of the event log entries for each point type. Select the event data points. Define point-specific labels to be used in log entries, if necessary. Change how time information is displayed in the event entries, if necessary.
15.3.1
116
To activate the SER: In SMP Manager, from the Tools menu, choose SMP Config to open it. In the left pane of SMP Config, under the SMP Gateway name branch, expand the System branch. Select the Sequence of Events branch, and then select the General branch.
15.3.2
Description
The control operation that was performed, between the following: Select Execute Direct Execute
CONTROLRESULT (analog and binary control events only) CONTROLTYPE (binary control events only)
The result of the control operation that was performed. If the operation failed, the cause is also displayed.
The execution type of the control operation that was performed, between the following: Open Close Pulse
117
Keyword
LABEL
Description
This keyword can be used to insert context-sensitive text in the log entries. For each selected event data points, you can define labels that will be inserted in the log entries depending on the current value of an input point, or on the execution type of the control operation performed on an output point: For binary events, two labels can be specified: one for state 0, and another for state 1. For analog control operation events, a single label is used for all operations, regardless of the value or execution type. For binary control operation events, three labels can be specified, one for each execution type: Open, Close and Pulse. For example, when a binary event occurs, the LABEL keyword is replaced by the text of the State 0 Label or State 1 Label specified for the corresponding point, if this keyword is present in the binary event pre-formatted entry. To learn how to specify these labels, see Defining Point-Specific Labels for Log Entries, page 120.
POINTDESC
The description of the event data point that triggered the event. This is the same description that is specified for the point in the corresponding master protocol configuration.
POINTNAME
The name of the event data point that triggered the event. This is the complete RTDX name of the point, with its device prefix.
The quality of the event data point that triggered the event. This is not the complete RTDX quality, but a simplified version of it, as described in the Quality Flags section, page 116. The state (value) of the event data point that triggered the event.
The event timestamp, in the UTC format, which is the date and time at which the event occurred. The source of the event timestamp. Depending on the IED and the protocol used to retrieve the real-time data, the timestamp will be provided by the IED (Device) or the SMP Gateway internal clock (RTC).
TIMESOURCE
TIMEZONE
The complete description of the time zone specified at configuration time, which includes the time difference with GMT, in hours, and the main locations that are found in this time zone.
Table 15-1
The default entries will fulfill most user requirements, but can be customized if necessary. To customize the format of event entries: Under the Sequence of Events branch, select the Event Entries Format branch.
118
Specify the row of the type of event that must be customized (Event Binary Inputs, Event Analog Outputs or Event Binary Outputs). In the Format cell, adjust the provided entry text as required, using plain text and the aforementioned keywords. Note: Each keyword must be surrounded by brackets (ex. [LABEL]). As a result, brackets are not allowed in event entries except for that usage.
15.3.3
Type the complete RTDX name of the point, including the device prefix. Repeat these steps for each event data point. To select event data points using the Subscribe To command: Select the Sequence of Events branch. From the Tools menu, choose Subscribe To.
119
In the Master I/O list, expand the branch of the component that produces the data points to select. Choose the data points. Use the CTRL and SHIFT keys on your keyboard to extend your selection. Click the right arrow button. The selected data points are added to the Slave I/O list, under the corresponding event point branches. For example, selected binary input points will be added to the Event Binary Inputs branch. Repeat these steps for each component that produces data points to select. To select event data points using the Select Points command: Select the Event Binary Inputs, Event Analog Outputs or Event Binary Outputs branch. In the first empty row, click in the Point Name cell. From the Tools menu, choose Select Points. In the Select Points window, expand the branch of the component that produces the data points to select. Click Paste. Repeat these steps for each event data point. Close the Select Points window.
15.3.4
15.3.5
120
To display timestamps in the local time format in log entries: Select the General branch. In the Client Time Zone cell, select the time zone setting specific to your locale. To have the SMP Gateway perform daylight saving time adjustments when required, put a checkmark in the Auto Adjust DST cell.
15.4
121
16
The SMP Gateway Annunciator option is a cost-effective solution that provides a local HMI for substation operators. Using SMP Config, you can set up alarms based on the analog and binary data points of your SMP Gateway, and design simple pages to display the current statuses and values of these points and alarms on a touch screen, which also allows you to handle the alarms and perform control operations. Note: The Annunciator option is only available for the SMP 16/CP and SMP 16/SG. With the Annunciator option, you can:
monitor a list of all active alarms, as well as alarms that have returned to normal but have not been acknowledged yet; acknowledge, block and clear alarms; consult an history log of recent alarms and operations on alarms; access some of the SMP Gateway internal statistics; monitor real-time values of the SMP Gateway data points through user-defined and highly customizable readings pages; perform control operations on your SMP Gateway on site, just like you would from the SCADA.
An example of the Annunciator display is presented on the next page. In this example, we see a readings page that has been designed to display the simplified single-line diagram of a feeder.
123
The alarm counters bar. This bar is located at the top of the display, and shows in real-time the number of active and blocked alarms.
The display tabs. The various display pages can be accessed via a tab-based navigation system. The following tabs are available:
Alarms. Display the list of all alarms that are active, or that have returned to normal and that have not been recalled yet. You can also use this tab to manage the alarms. To customize this page, see Setting Up the Alarms Page, page 128. To learn how to manage alarms, see Managing Alarms, page 145.
Readings. Display user-defined pages that show real-time values of data points and allow control operations on the SMP Gateway output points. To create reading pages, see Creating a User-Defined Readings Page, page 134. To learn how to control output points from a readings page, see Performing Control Operations From a Readings Page, page 152.
Blocked. Display the list of blocked alarm inputs. The operator can block an alarm input to disable the triggering of alarms for this given input, even when alarm conditions are met. Such
124
behavior may be required, when a certain part of the substation is under maintenance, for example. To customize this page, see Setting Up the Blocked Page, page 131. To learn how to block/unblock alarm inputs, see Blocking Alarm Inputs, page 147.
History. Display the contents of the history log file, which contains entries about recent alarm and operator actions. To customize this page, see Setting Up the History Page, page 132. To learn how to use this page, see Using the History Log, page 148.
System State. Display various system information and statistics about the SMP Gateway and the Annunciator. To customize this page, see Setting Up the System State Page, page 133. To learn how to use this page, see Monitoring System State, page 149.
The single alarm display. This part of the display is used to manage alarms one at a time. Depending on how it is customized, the oldest or most recent alarm is displayed here, and the operator can acknowledge or clear the alarm by pressing the display. The single alarm display can also be hidden at configuration time.
In the following sections, we will describe how to set up the Annunciator using SMP Config, calibrate and connect a touch screen to the SMP Gateway, and use the various functionalities of the Annunciator.
16.1
16.2
125
From the Tools menu, choose SMP Config. SMP Config opens, displaying the current configuration of your SMP Gateway. In SMP Config, from the tree view, select and expand the Annunciator branch. Select the General branch. Select the Enabled check box. To configure the Annunciator, you must go through the following steps:
Define alarm categories and configure alarm inputs. Set up display pages. Create user-defined readings pages, if you like. Select which pages will be available for display, and which one will be displayed at startup.
change how time information is displayed in the various pages; set up an alarm buzzer to warn the operator of alarm occurrences.
16.2.1
A. This is the default indicator for the appearance of an alarm, that is when the alarm condition is met for the first time. R. This is the default indicator for an alarm that returns to its normal state before it can be acknowledged. Ax, This is the default indicator for multiple appearances of an alarm, that is when the alarm condition is met again following its return to normal state, before being acknowledged. Rx. This is the default indicator for multiple appearance and return-to-normal occurrences that ended with the alarm having returned to its normal state, all before being acknowledged.
By defining additional categories, you can provide different indicators for these specific alarm states, which can be specified on a per-alarm-input basis. To define an alarm category: In SMP Config, from the tree view, expand the Alarms branch and then select the Categories branch. In the first empty row, click in the Name cell. Type a name for the new category. In the Appearance Symbol cell, type the character(s) to display instead of the A indicator for alarms of this category. In the Multiple Appearance Symbol cell, type the character(s) to display instead of the Ax indicator for alarms of this category. 126
In the Return-to-Normal Symbol cell, type the character(s) to display instead of the R indicator for alarms of this category. In the Multiple Return-to-Normal Symbol cell, type the character(s) to display instead of the Rx indicator for alarms of this category. (Optional) In the Description cell, type a short description that explains the role and purpose of this category. This information is only specified for configuration purposes, as it will not be displayed in the Annunciator. Alarm categories are assigned to alarms while configuring alarm inputs.
16.2.2
127
In the Low Threshold Description cell, you can type a description for low threshold alarms on this analog input. This description will be displayed in the various Annunciator pages when such an alarm condition is met, or when an operation (ex. acknowledge) is performed on such an alarm. The High Threshold Description setting works similarly, for high threshold alarms on this input. In the Category cell, select the category of indicators to use to display the alarm state. To use the default indicators (A, Ax, R and Rx), select Default. To define alarm conditions for a binary input: In the right pane grid, in the Name cell, type the name of an analog input for which you want to define the alarm conditions, or use the subscription feature as described above for analog inputs. In the Alarm Level cell, select a severity level for this input alarms. In the Appearance Filter cell, specify how long, in milliseconds, the binary input must keep the active state (TRUE or 1) before triggering an alarm. This setting filters false alarms. In the Disappearance Filter cell, specify how long, in milliseconds, the binary input must keep the inactive state (FALSE or 0) before considering that the alarm is no longer active. This setting filters false returns to normal. If you wish to trigger the alarm upon a 0 instead of a 1, select the Inverted check box. If you want to temporarily disable alarm conditions for this data point, select the Disabled check box. In the Category cell, select the category of indicators to use to display the alarm state. To use the default indicators (A, Ax, R and Rx), select Default. In the Description cell, you can type a description for alarms on this binary input. This description will be displayed in the various Annunciator pages when such an alarm condition is met, or when an operation (ex. acknowledge) is performed on such an alarm. Typing each point name can be a tedious task, especially if you have a lot of alarm inputs to define. Instead, you can use the same subscription mechanism you used to configure your slave protocols. To subscribe the Annunciator to master data points: Select the Analog Inputs branch. From the Tools menu, choose Subscribe To. The Subscribe to Master I/O window appears. You can then select the master points for which you want to define alarm conditions. To learn how to use this window, see Subscribing to the Master Data Points, page 62. Once you click OK, the window closes and a row is created in the Analog Inputs pane for each data points. All that is left is to specify the conditions and descriptions for these alarm inputs.
16.2.3
128
To configure the display settings of the Alarms page: In SMP Config, from the tree view, expand the Pages branch and select the Alarms branch. The resulting content of the right pane is presented in the next screenshot.
Anytime during the configuration process, you can preview, at the bottom of the pane, how the alarm list will look like on the Annunciator display. The preview pane also allows the customization of the alarm list display. To change the width of a column: Pass the mouse over the line that separates two column headers. The mouse cursor will change to this:
Click and drag the mouse to enlarge of reduce the width of the column on the left of the cursor. If you want a given column to take all the width space that is actually unused, click the column header itself. To change the column order: Drag and drop each column where you want it to appear on the display. You can also to this using the Move Up and Move Down buttons appearing under Columns at the top of the edition pane. To make a column available/unavailable to the operator: Right-click any column header in the preview display.
129
A checkmark indicates that the column will be available, and it should be displayed as is in the preview pane. Select any column name to change its availability state. The rest of the customization process is performed in the other sections at the top of the edition pane: Under Alarm list order, select which alarms should be displayed at the top of the list: The Oldest alarm at top setting is recommended if you want to deal with each alarm in order and work them down to the most recent. If you want to deal with alarms as they occur, select Most recent alarm at top. If you want the Single alarm display to appear at the bottom of the Annunciator display, put a checkmark in the Display the single alarm area check box, and then under Single alarm display, select which alarm should be displayed in this area: To see the oldest unacknowledged alarm, select Show oldest unacknowledged alarm. To see the most recent unacknowledged alarm, select Show most recent unacknowledged alarm. Note: To learn how to use the single alarm display, see Using the Single Alarm Display, page 147. Under Alarm acknowledgement, select how alarms will be acknowledged by the operator: To be free to acknowledge and recall any alarm in any given order, select Alarms can be acknowledged and recalled in any order. To force the operator to acknowledge and recall alarms in the order they occur, select Alarms must be acknowledged and recalled in the order they occurred. To automatically acknowledge and recall alarms as they occur, without the intervention of the operator, select Alarms automatically acknowledge and recall. Under Columns, select which columns should be displayed in the alarms list. Remember that you can see the result of your selection under Preview. Still under Columns, you can move the column names up and down using the Move Up and Move Down buttons. Selected columns will appear from left to right, starting with the topmost column name in the list. Under Alarm state colors, set the colors for alarm messages that appear in the Annunciator various display pages: Set the text and fill colors for active unacknowledged alarm messages. Different colors may be specified for major and minor alarms. Do the same for active acknowledged alarms, unacknowledged alarms that have returned to normal and acknowledged alarms that have returned to alarms. 130
To revert to default colors, click Default Colors. The leftmost button of the Alarms page will be used to acknowledge the appearance of new alarms. Not to be confused with the acknowledge button itself, it is as the first step undertaken by an operator to notify the system that he knows that this alarm was triggered. The name of this button can be changed, as follows: Beside Acknowledge new alarms label, type the new name of the button. For example, if the SMP Gateway is equipped with a sound buzzer, you might want to name it Clear Sound. You can see the name of the button changing in the preview section of the edition pane. You can also use the preview section of the edition pane to modify the columns width, order and availability state, like for the Alarms page (see Setting Up the Alarms Page, page 128).
16.2.4
Under Columns, select which columns should be displayed in the blocked alarms list. You can see the result of your selection under Preview.
131
Still under Columns, you can move the column names up and down using the Move Up and Move Down buttons. Selected columns will appear from left to right, starting with the topmost column name in the list. You can also use the preview section of the edition pane to modify the columns width, order and availability state, like for the Alarms page (see Setting Up the Alarms Page, page 128).
16.2.5
Under Columns, select which columns should be displayed in the messages list. You can see the result of your selection under Preview. Still under Columns, you can move the column names up and down using the Move Up and Move Down buttons. Selected columns will appear from left to right, starting with the first column name in the list. You can also use the preview section of the edition pane to modify the columns width, order and availability state, like for the Alarms page (see Setting Up the Alarms Page, page 128). The messages list can be filtered by the operator at runtime to display only alarm or operation messages, using touch buttons. To display these buttons in the History page, select the Show display types buttons check box. Finally, you can add a Clear History button to this page, by putting a checkmark in the Show clear button check box. This button allows you clear the history log of all its contents. The messages list can hold a limited number of messages, which is called the history length. 132 Chapter 16: Using the Annunciator Interface
To adjust the history length: In the tree view, under the Annunciator branch, select the General branch. In the History Length cell, specify the maximum number of alarm messages that will be preserved in the history log.
16.2.6
Under Analog Points Columns, select which columns should be displayed in analog inputs/outputs lists. You can see the result of your selection under Analog Points Preview. Still under Analog Points Columns, you can move the column names up and down using the Move Up and Move Down buttons. Selected columns will appear from left to right, starting with the first column name in the list. Under Binary Points Columns, select which columns should be displayed in binary inputs/outputs lists. You can see the result of your selection under Binary Points Preview.
133
Still under Binary Points Columns, you can move the column names up and down using the Move Up and Move Down buttons. Selected columns will appear from left to right, starting with the first column name in the list. You can also use both preview sections of the edition pane to modify the columns width, order and availability state, like for the Alarms page (see Setting Up the Alarms Page, page 128). Under Statistics, select the statistics pages you want to display, by marking the corresponding check boxes. Clear the check boxes for the categories you want to hide. If you do not want to display any statistics, clear the Show Statistics check box. The following statistics pages are available in the Annunciator:
Vital System Information. Contains the same information that is displayed in the page of the same name in SMP Stats. Information available includes hardware/software information, temperature information and power statuses. Performance (General). Contains real-time information about the SMP Gateway CPU load and memory usage. Performance (Threads). Contains real-time information about the SMP Gateway CPU load specific to each execution thread. Real Time Data Exchange. Contains statistics about real-time data that is exchanged between the masters, the slaves and other software components of the SMP Gateway. SysServer. Contains various real-time statistics that are maintained by the SMP Gateway system server. Master/slaves Scan Process. Contains the scan process statistics of every master and slave.
Note: Data point information is always displayed in the System State page.
16.2.7
134
The readings page list is found on the left. The right part of the pane is occupied by a grid of 18 rows by 9 columns. Each cell is representing a small part of a readings page, and can be used to display static text, or the current state or value of one of your SMP Gateway input points. A click action can also be configured for the cell. Supported actions include switching the focus to another readings page and controlling one of the SMP Gateway output points. Above the grid, there is a toolbar giving access to all the design functions. To create and populate a readings page: Under Page List, click Add. A new page called Page 1 was added to the list. Type a significant name for the page, or leave the default name, and press Enter. Note: You can create a clone of an existing page, by clicking Duplicate. Also, if you want to change the name of the page later, just select the page from the list and click Rename. Cell(s) selection can be performed in many ways: To select a single cell, click it. To select all cells from a given row, click the row header. To select all cells from a given column, click the column header. To select multiple cells from different adjacent rows and column, click and drag over the cells you want to select. Finally, to select all cells, click the non-editable cell found at the intersection of the row and column headers.
Select the cell at the intersection of row 1 and column A: let us call it cell 1A. When you click the cell, the grid toolbar becomes active.
135
The toolbar various controls are presented in the following table: Control(s) Description
Allow you to cut, copy and paste cells in the currently edited page or from this page to another one. Allow you to undo last edits, one at a time. If you want to revert to an edit you just undo, you can use the redo button. Note that a list of edits is preserved for each page, so you can switch back to a page you left a few minutes ago and undo the last change you did to this page, for example. Change the font and font size of cell text. Only a limited number of font and sizes are available on the SMP Gateway. Apply the Bold or Italic font style to cell text. You can also apply both styles at the same time. Change the text alignment. Available choices are: left aligned, centered and right aligned. Text is left aligned by default. Change the cell font and background colors for normal text. Click the appropriate button to apply the currently selected color (as displayed on the button itself) or click the drop-down button to select the color you like. Other color options are only accessible through the Cell Properties dialog box, which is presented later in this section. Clear the entire content of a cell. Open the Cell Properties dialog box. Depending on the shortcut button clicked, either the General, Font or Click tab will be selected. The Cell Properties dialog box is presented later in this section. Enter preview mode. This functionality is described more in details later in this section.
Table 16-1
Note: If you click on any button while multiple cells are selected, the resulting modifications will be applied to all cells, if possible. Still in cell 1A, click the General Properties button ( ).
Note: You can also open the Cell Properties dialog box by double-clicking a cell.
136
The General tab is used to select the type of content that will be displayed in the cell: static text or the current reading of an input point (analog or binary). Text and background colors can also be set here. The resulting display is previewed at the bottom of the tab. By default, every cell is configured to display static text. For the sake of our example, we will display the minute field of the SMP Gateway internal clock, which value is available in analog input _smp___clockMinute. Static text cell can also be used to display a colored cell with no text at all. Note: You can also type the text directly in the cell, from the Readings Annunciator Page pane. If you like, change the text and background colors. Click the Font tab to edit the text font, style, alignment and size. A preview is also available in this tab. Click OK to complete edition of cell 1A. To display the real-time value of an analog input: Select cell 2A and click the General Properties button. In the Select cell content box, select Display analog data point.
137
In the Data Point box, select the desired data point. For our example, select _smp___clockMinute. You can also type the point name if you prefer. Select the number of decimals you want to display after the point for the value displayed. You can also apply a scale factor to the value before displaying it. If you like, change the text and background colors. If the data point is configured as an alarm input, you can specify different text and background colors to use while the input is in alarm. You can also make the cell blinks (it toggles between the normal and alarm or state 0 and state 1 colors) by selecting the Flash check box. Similarly, you can specify different colors to use when the data point quality is bad (ex. communications failure). You can also use the Font tab to edit the text font, style, alignment and size. Note that the same font, style, alignment and size will be used when the data point is in alarm or when its quality is bad. Click OK to apply changes. To display the real-time state of a binary input point in a cell: Select the cell that will display a binary input real-time state and click the General Properties button. In the Select cell content box, select Display binary data point. In the Data Point box, select the desired data point. You can also type the point name if you prefer. The bottom part of the General tab is a bit different than for analog data points:
Type the text to display when the input state is 0. For example, if the point represents the state of a relay, you can type open. If you want the cell to blink in this state, select the Flash check box. Type the text to display when the input state is 1. For example, if the point represents the state of a relay, you can type close. If you want the cell to blink in this state, select the Flash check box. You can specify the text and background colors to use while the point is in either state, or when the point quality is bad. 138
You can also use the Font tab to edit the text font, style, alignment and size. Note that the same font, style, alignment and size will be used when the data point is in alarm or when its quality is bad. Click OK to apply changes. Using the preview mode, you can transform the grid into a preview of the Annunciator display for this readings page. When you enter this mode, all cells configured for real-time display are replaced by simulated values. To enter the preview mode: From the grids toolbar, choose Preview Mode. Value cells display zero values and the Data Point Simulator window appears.
Note: The Data Point Simulator window will remain open as long as you stay in the Readings branch of SMP Config tree view. Using the Data Point Simulator, edit the current value of the points that are used in the current page. You should see the corresponding cells changing in the preview pane. Still using the Data Point Simulator, you can also simulate bad quality for any point in the list, by selecting Error under Quality. To exit preview mode, click Preview Mode, or select any other branch in SMP Config tree view. Finally, you can also attach an On Click handler function to a cell. A handler function is an operation that is performed when a cell is pressed on screen, just like it would be clicked using a mouse pointer. For example, you might like to add, to your readings pages, buttons that allow you to control specific binary outputs or to open another readings page. By default, a cell has no handler attached to it. To add a Change page handler function to a cell: Select the cell. Double-click it, and then click the Click tab or click the On Click Properties button on the grid toolbar. In the Select action to perform when user clicks cell box, select Change page.
In the Page box, select which readings page should be displayed when the operator will press the cell. All configured pages should be available for selection, plus the following options: 139
<First>. Display the first page of the readings pages list. <Previous>. Display the page that appears just above in the readings pages list. <Next>. Display the page that appears just below in the readings pages list. <Last>. Display the last page of the readings pages list.
When you have made your selection, click OK. Binary output control requires a bit more configuration work, because you must set up a separate window that will appear when you press the cell. This window contains customizable buttons that allow you to set the output to state 0 and 1, and a Cancel button. To add a Control Binary Output handler function to a cell: Select the cell. Double-click it, and then click the Click tab or click the On Click Properties button on the grid toolbar. In the Select action to perform when user clicks cell box, select Control Binary Output.
In the Data Point box, select the output point you want to control. You can type the name of the point directly, if you prefer. In the Window Title box, type a title for the window that will appear when the cell will be pressed. In the State 0 box, customize the button that will set the output point to the state of 0: Type the button name in the Label edit box. Specify the text and background colors for the button. A preview of the button is displayed at the bottom. Repeat the previous steps, this time in the State 1 box, for the button that will set the output point to the state of 1. Click Preview, to have an idea of what it will look like on screen. Once you are finished, click OK. 140 Chapter 16: Using the Annunciator Interface
Note: To have a larger control operation button, you can select multiple cells and add to these cells the same handler function and background color. Enter text for the center cell and you end up with a button that is more visible and easier to use.
16.2.8
Select the corresponding check boxes for the pages you want to be available for display. Clear the corresponding check boxes for the pages you want to be unavailable for display.
16.2.9
141
16.2.10
16.2.11
16.2.12
16.3
16.3.1
142
A video cable. This cable should be connected to the VIDEO connector of the SMP Gateway and to the video input connector of the screen. A cable to convey screen-touching information. When a touch screen is used with a computer, the screen also acts as a mouse when its user touches it. The touch information is transmitted using either a USB or serial cable.
Note: If you have trouble connecting these cables to the SMP Gateway, refer to the SMP 16 Installation Guide. The use of a USB cable is recommended, as the SMP Gateway will detect it automatically: no configuration is required. Just connect the USB cable to the screen and to one of the USB port of the SMP Gateway. If you must use a serial cable: Connect the serial cable to the screen and to one of the serial port of the SMP Gateway. You can use any port you like, except the CONSOLE port located on the front panel of the SMP Gateway. Start SMP Manager. Select your SMP Gateway from the list. From the Tools menu, choose SMP Config. Follow the procedure described in the Configuring the Serial Port Interfaces section, page 32, to specify the appropriate interface (ELO Touchscreen) for the selected serial port.
16.3.2
16.4
upload the configuration file to the SMP Gateway and restart the system; calibrate the touch screen at runtime.
143
For a little reminder on how to upload the configuration file to the SMP Gateway, see Sending the Configuration to the SMP Gateway, page 38. Once the configuration file has been uploaded, restart the SMP Gateway. At the beginning of the SMP Gateway startup sequence, you should see some configuration information displayed on the touch screen, and then the screen should become totally black. It will remain black during the rest of the startup sequence, which may take a few minutes. The calibration screen eventually appears. Calibration is the topic of the next section.
16.5
16.6
16.6.1
In the Alarms, Blocked and History tabs, it allows you to move the selection highlight over the previous or next alarm message.
144
In the System State tab, there are two sets of up and down arrow key buttons: one under the selection pane on the left, and another under the display pane on the right. Use the left set to select an information page to display in the right pane, and the right one to scroll through the displayed page.
Blocked, History and System State tab also have home and end buttons that allow you to jump the selection highlight to the first or last item of the list. These buttons are represented by up and down double-arrows.
The index of the currently displayed readings page is displayed on the left, with the total number of pages available. On the right, two large arrow key buttons allow you to navigate through the different pages. If your configuration contains a lot of readings pages, we suggest you add Change page buttons to each page, to customize the navigation for your needs (see Creating a UserDefined Readings Page, page 134).
16.6.2
Managing Alarms
If you previously defined alarm conditions, you will have to manage the alarms that will be triggered when these conditions will be met. When an alarm condition is met for a given alarm input, this condition is detected by the Annunciator, which:
turns on the sound warning system, to alert the operator that something requires its attention; adds the data point to the Alarms page, as an alarm message that uses the text and background colors configured for the severity level of the condition (major or minor). The alarm message will be preceded by the alarm appearance indicator displayed on a red background. The A letter is used as the indicator if no specific category was defined and assigned to the corresponding alarm input.
You must turn off the sound warning system before you can acknowledge the alarm. The sound warning system also acts as an interlock, ensuring that you are aware of all the alarms that occur. To really hear a sound, you need to install a buzzer on the SMP Gateway as described in the Setting Up an Alarm Buzzer section, page 142. To turn off the sound warning system: From the Alarms page, press the leftmost button, which is named Ack New Alarms by default. You can change the name of this button using SMP Config (see Setting Up the Alarms Page, page 128).
145
To handle the alarm condition: Press General Ack/Clear to acknowledge all new alarms. It also clears the Alarms display of all data points that have returned to their normal condition. OR Press Acknowledge to acknowledge the alarm. The entire row turns to a paler shade of its original color. If more than one alarm is active, the alarm that will be acknowledged depends on the alarm acknowledgement rule selected in SMP Config for the Alarms page (see Setting Up the Alarms Page, page 128). If you selected Alarms can be acknowledged and recalled in any order, you must select the alarm to acknowledge before pressing the button. OR Press Block to move the data point in alarm to the Blocked page. Make sure the data point you want to block is selected before pressing the button. For more details about the block feature, see Blocking Alarm Inputs, page 147. The data points that are in an alarm condition remain in the alarm display until the points return to their normal condition, at which time you can clear them from the display. When a point returns to its normal condition, the sound warning system turns on again and the alarm appearance indicator is replaced by the return-to-normal indicator displayed on a green background. The R letter is used as the indicator if no specific category was defined and assigned to the corresponding alarm input.
You must once again clear the sound before you can acknowledge and recall the data point, which will then no longer be displayed in the Alarms page. To handle the return-to-normal condition: Click Clear Sound to clear the sound warning system. Handle the return-to-normal event. This can be performed in two different ways: Click General Ack./Clear to acknowledge all alarms and clear the alarm display of all data points that have returned to their normal condition. OR Press Acknowledge to acknowledge the alarm. Again, if more than one alarm can be acknowledged, the alarm that will be acknowledged depends on the alarm acknowledgement rule selected in SMP Config for the Alarms page. If you selected Alarms can be acknowledged and recalled in any order, you must select the alarm to acknowledge before pressing the button. Then, press Clear in order to clear the alarm display of the data point that has returned to normal. The alarm acknowledgement rule defined in SMP Config also applies to clear (recall) operations.
146
If an alarm is triggered more than once for a given alarm input before it can be handled, the indicator is replaced by the corresponding one defined for multiple occurrences, which is Ax or Rx if no specific category was defined and assigned to the corresponding alarm input.
16.6.3
To reactivate a blocked alarm input: From the Blocked page, select the data point that you want to reactivate. Press Reactivate. The alarm input is moved back to the Alarms page. The sound warning system turns on and you will then have to take action, to acknowledge and recall the input current condition (see Managing Alarms, page 145). To reactivate all blocked alarm inputs simultaneously: From the Blocked page, press Reactivate All.
16.6.4
147
It is used to manage alarms one at a time. Depending on how it is customized, the oldest or most recent alarm is displayed here, and the operator can acknowledge or clear the alarm by pressing the display. To customize the single alarm display, see Setting Up the Alarms Page, page 128. Using the single alarm display is easy:
If the sound warning system is on, press the single alarm display, which will give the same result than pressing Clear Sound in the Alarms page: the sound warning system is turned off and the alarm is ready to be acknowledged. If the sound warning system has already been turned off, press the single alarm display to acknowledge the alarm just like you would do using the Alarms page Acknowledge button.
16.6.5
This page resembles the Alarms page, with an additional column that indicates the type of entry. Two types of entry are displayed in the History page:
Alarms. Every time an alarm appears or returns to normal, an entry is added to the log file. The message displayed is the same that appears in the Alarms page, with the corresponding alarm state indicator.
148
Operator actions (an O is displayed in the T column). Whether the operator clears sound, acknowledges or recalls alarms, blocks or unblocks alarm inputs, or performs control operations, an entry is added to the log file. The action executed is described in the Description column.
To customize the History display page and to set the size of the history log file, see Setting Up the History Page, page 132. As stated previously, large arrow key buttons are available to scroll through the list of entries, and when you select an entry, all related entries are highlighted. Two filtering buttons are also available.
These buttons are kept pressed by default, which means that no filter is apply to the log display. To filter alarm entries: Touch the Alarms (A) button. The button will appear unpressed, and only operator action entries should be displayed. To display alarm entries: Touch the Alarms (A) button again. The button will appear pressed and the alarms entries should be displayed. To display only operator action entries: Touch the Operator (O) button. The button will appear unpressed, and only alarm entries should be displayed. To display operator action entries: Touch the Operator (O) button again. The button will appear pressed and operator action entries should be displayed. To clear the history log: Touch the Clear History button. This button is only visible if configured accordingly using SMP Config (see Setting Up the History Page, page 132).
16.6.6
149
The left pane lists all information or statistics pages that can be displayed in the right pane. Under the Data Points branch, some branch names might be displayed in orange. This means that the value of some data points displayed in these branches is unavailable due to communications failure. These points are also displayed in orange in the right pane. When an analog inputs or analog outputs branch is selected, the right pane displays the following information for each analog input:
150
Name. The input name. Floating Point Value. The input actual value. Integer Value. The input actual raw value. Low Threshold. The value under which an alarm will be triggered for this input, if configured to trigger alarms. Nothing is displayed if the data point is not configured to trigger alarms. High Threshold. The value over which an alarm will be triggered for this input, if configured to trigger alarms. Nothing is displayed if the data point is not configured to trigger alarms. Deadband. Indicates how much the value must go beyond the low or high threshold to trigger an alarm. Nothing is displayed if the data point is not configured to trigger alarms.
When a binary inputs or binary outputs branch is selected, the right pane displays the following information for each binary input:
151
Name. The input name. State. The input actual state. Alarm. Indicates it this input is in alarm (1), or not (0). Nothing is displayed if the data point is not configured to trigger alarms. Filter(s). The appearance and disappearance filters, which respectively indicates how long, in milliseconds, the binary input must keep the active state (TRUE or 1) before triggering an alarm, and how long, in milliseconds, the binary input must keep the inactive state (FALSE or 0) before considering that the alarm is no longer active. Nothing is displayed if the data point is not configured to trigger alarms.
Statistics branches/pages are quite similar to those available through the SMP Stats tool. For more information about statistics and the SMP Stats tool, see Viewing Communications Statistics in Real Time, page 53.
16.6.7
152
This window is also customizable, as described in the same section. In the snapshot above, the State 0 button is named Open and the State 1 button is named Close. To perform a control operation: Press either the State 0 or State 1 button: To force the corresponding output to state 0 (FALSE), press the State 0 button. To force the corresponding output to state 1 (TRUE), press the State 1 button. Press Cancel to close this window without forcing the output state. The control operation window is replaced by a confirmation window.
Press Execute to proceed with the execution of the control operation. Press Cancel to close this window without executing the control operation. If you pressed Execute, two entries will be added to the history log: one to indicate that a control operation has been performed on the given binary output, and another to indicate the result. The same entries, and more precise information, are also stored in the Control log file, which can be accessed using the SMP Log tool. For more information about this tool, see Viewing the SMP Log Files, page 45. If you press Cancel, the window is closed and no control operation is performed.
16.6.8
153
17
Automation
Because it is connected between the substation devices and the control centers, the SMP Gateway is well positioned to implement advanced processing functions that would be impossible to perform by less sophisticated devices. The SMP Gateway provides the following automation capabilities:
The SMP Gateway Automation Functions module, which add basic automation functions. See The SMP Gateway Automation Functions Module, next. The Soft PLC module and CoDeSys development platform, which allow the creation of sophisticated automation scripts, such as closing circuit breakers and load balancing. See The Soft PLC, page 155.
17.1
17.2
create new logical data points, with values based on the result of calculations performed on real data points; process data in real time before sending it to control centers; implement sophisticated local automation functions, such as automatic closing of circuit breakers and load balancing.
The Soft PLC module is provided with the CoDeSys development platform, a complete development environment that supports the IEC 61131 programming languages:
Structured Text (ST) Function Block Diagram (FBD) Continuous Function Chart (CFC) Ladder Diagram (LD) Sequential Function Chart (SFC)
17.2.1
17.2.2
156
Connect the CoDeSys development platform to the SMP Gateway. Load the script on the SMP Gateway and use CoDeSys advanced debugging features to test and debug the script. For complete details on using CoDeSys to create scripts for the SMP Gateway Soft PLC module, see the SMP Gateway PLC User Manual, GUI-00316-00003-T.
157
18
Syslog is a method for delivering log information from a sender to a receiver, typically across an IP network. Typically used for computer system management and security auditing, syslog is supported by a wide variety of devices and receivers across multiple platforms. Because of this, syslog can be used to integrate log data from many different types of systems into a central repository. It is then possible for the system administrator to dispatch these messages to email or SMS systems, for example. The SMP Gateway syslog component uses the UDP or TCP protocol to send its log entries to a single receiver. It is configured using SMP Config, and is active as soon as the SMP Gateway starts up. For an overview of the messages that an SMP Gateway may send to a syslog receiver, launch SMP Log and take a look at the various log files contents. To learn how to use SMP Log, see Viewing the SMP Log Files, page 45. The following section describes the few steps to follow to set up syslog on an SMP Gateway.
18.1
Setting up Syslog
Because it is based on the built-in log feature of the SMP Gateway, the syslog feature is easy to configure on an SMP Gateway. The receiver of the syslog messages must first be specified. If needed, the facility qualifiers attached to messages can be customized to your needs. To enable and configure SMP Gateway syslog, proceed as follows: In SMP Manager, from the Tools menu, choose SMP Config to open it. In the left pane, under the SMP Gateway name branch, expand the System branch. Select the Syslog branch, and then select the General branch.
Specify the general settings of the syslog transmitter: Put a checkmark in the Enabled cell. In the Time Zone cell, select the time zone used by the receiver server.
159
If the server is configured for daylight saving time schedule adjustments, put a checkmark in the Auto Adjust DST cell. If the syslog messages must be transmitted to an application or server that supports the Common Event Format (CEF), such as ArcSight Logger, select ArcSight CEF in the Message Format cell; otherwise, select RFC 3164. Select the Receiver branch.
Specify the settings of the intended recipient of all syslog messages that will be issued by the SMP Gateway: In the IP Address cell, type the IP address of the message recipient. By default, the SMP Gateway uses the UDP syslog port number 514. To use a different port number, such as the default TCP syslog port number 601, type it in the Port Number cell. In the Connection Type cell, select the syslog implementation to use between the following: UDP, TCP, or TCP SSL/TLS. If the UDP implementation is used, the source port must also be specified in the Source Port Number cell. It is recommended to use the port as the one specified in the Port Number cell. If a TCP implementation is used, type the time to wait, in seconds, for new log entries to become available before transmitting them in a single TCP frame, in the TCP Buffer Time cell. Select the Facilities branch.
For each SMP Gateway Log File: In the Facility cell, specify the facility code that will be assigned to this log files entries in syslog messages. The default settings, as illustrated above, should satisfy your requirements. Note: Facility codes are used to distinguish different classes of syslog messages. These codes are mainly useful for message classification. To transmit the log entries of the corresponding log file, clear the Disabled check box.
160
19
Redundancy
The SMP Gateway is a critical component in a substation automation system. Hence, there are circumstances in which losing an SMP Gateway can severely impact substation operations. With the redundancy option, you can group two SMP Gateways together in a redundant configuration, to ensure continued operation of the substation automation system in the event of a failure. If one gateway fails, the other one takes over. There are different types of redundancies, as IEDs, SMP Gateways and networks can be redundant in many combinations. Redundant SMP Gateways are addressed by a SCADA center as if they were a single SMP Gateway with a single IP address. In the event that one SMP Gateway fails, the second SMP Gateway immediately becomes active and takes ownership of the logical IP address. Failover from the active SMP Gateway to the standby SMP Gateway typically takes less than 5 seconds. Network connections from the control center are temporarily lost when the active gateway goes offline. The control center simply needs to reconnect to the same group IP address in order to re-establish a new connection and restore system operation. An additional benefit is that you can update SMP Gateway settings with minimum down time, by updating the settings of the standby SMP Gateway, which will take over the other SMP Gateway during its own update. Note: The redundancy function is not available on the SMP 4 and the SMP 4/DP.
19.1
19.1.1
Redundant IEDs
When needed, breakers can be monitored and controlled by multiple protection relays to make sure that a fault is always detected; normally different relays from different manufactures are used.
161
To report only one data set to the control center the SMP Gateway has the best of automation function (refer to the SMP Gateway Automation Functions Reference Manual).
ACQUISITION OVER TWO LINKS TO TWO DEVICES. INFORMATION FROM PRIMARY SOURCE IS PREFERRED INFORMATION FROM SECONDARY SOURCE IS USED TRYING TO RESTORE COMM. WITH PRIMARY SOURCE INFORMATION FROM PRIMARY SOURCE IS PREFERRED
COMMUNICATION FAILURE
COMMUNICATION RESTORED
Figure 19-1 Using the best of automation function to support redundant IEDs You should know that:
The best of automation function is protocol independent. It is a per-point redundancy, allowing any failure in the acquisition path. Connection with two links to the same device can also be done. However, this achieves almost the same as the Master link redundancy but with more configuration effort. When both IEDs have the same data map, a redundant master can be used instead of a best of configuration.
The main advantage of the best of function over master link redundancy is that the best of allows the mixing of different devices. On the other hand, the disadvantage is the size of the configuration, as 3 points are needed to get the data from a single input/output: 2 master points and 1 best of point.
19.1.2
19.2
162
10.2.15.3
10.2.15.3
10.2.15.3
10.2.15.1
10.2.15.1
10.2.15.1
10.2.15.2
ACTIVE
STANDBY
STANDBY
ACTIVE
Figure 19-2 Typical failover scenario of a SMP Gateway redundancy group You should know that:
Each SMP Gateway has its own private IP address. Both SMP Gateways share a public IP address which is assigned to the active gateway. Basic failover condition is the detection of a hardware failure on the active SMP Gateway. The standby SMP Gateway can still be accessed by its private IP address for maintenance. It is possible to force a failover, as explained in the Forcing an Active SMP Gateway to Fall on Standby section, page 169.
19.2.1
Prerequisites
Two SMP Gateways can be grouped together for redundancy if:
The same version of the software (bootstrap, firmware and application) is installed on both SMP Gateways; Both gateways have the same configuration; The redundancy option is included in the license of both SMP Gateways. Both gateways are not already part of a redundancy group.
Additionally, if NIC teaming is required, it needs to be configured on both SMP Gateways. For more information, see Teaming NICs for Network Fault Tolerance (SMP 16 Only), page 172. Finally, if both SMP Gateways are connected to IEDs through serial links, Y-cables must be used unless redundancy is also implemented at the device level (see Redundant IEDs, page 161).
19.2.2
163
Redundancy is defined by 3 categories of settings, corresponding to the tabs in the dialog box.
In the General settings tab, specify the basic properties of the group: The keep-alive settings, i.e., the frequency at which keep-alive messages are to be sent by the active SMP Gateway (every x milliseconds, where x is between 200 and 10,000), and the timeout interval after which the standby SMP Gateway presumes that the active gateway has failed and takes over as the active one (between 600 and 30,000 milliseconds). The virtual address and subnet mask used to communicate with the group. The virtual IP address must be different from the physical IP addresses you set up during the initial configuration of your SMP Gateways. It identifies the group and is used by the control center to communicate with the active gateway. If the active gateway fails, the virtual IP address and subnet mask are assigned to the standby gateway. Optionally, the virtual address and subnet mask of the secondary network, if you are using a secondary network for communication between the SMP Gateways and the control center. Optionally, you can give priority to one of the SMP Gateways: if neither SMP is in a failure state, the one that has priority will become active. Select the Links tab. The Links tab is used to specify the 2 connections that will be used to link the redundant SMP Gateways to each other. These can be any combination of LAN or serial connections. The SMP 16 supports 2 LAN connections. The active SMP Gateway uses these links to send regular heartbeat messages to the standby SMP Gateway. If the standby gateway fails to receive the messages, it automatically assumes that it should become active. 2 distinct communications links are used,
164
in order to minimize the chances of both SMP Gateways becoming active due to a single faulty connection.
Specify the Links settings: The type of first connection: LAN or serial. The type of the second connection: LAN or serial. The communication mode, either RS-232 or RS-422, if you are using one or more serial connections between the 2 SMP Gateways. Warning: To link two SMP 16 using RS-232 or RS-422, use a cable that follows the pinout specifications found in the installation guide of the corresponding SMP Gateway model (ex. SMP 16 Installation Guide). Using a cable with crossed pinout might damage the unit. Select the Failover tab. A failover will automatically happen if the active SMP Gateway faces a major problem, such as a power failure, that prevents it from sending heartbeat messages.
165
Select the conditions that will trigger a failover. The available conditions are:
High-temperature alarm (if available). If selected, a failover will be triggered when the high temperature alarm is triggered. Only legacy SMP 4-20 and SMP 8-40 models support such an alarm feature. Less than X % memory available. If selected, a failover will be triggered when the system available memory falls below the specified threshold. Low voltage alarm. If selected, a failover will be triggered when the low voltage alarm is triggered. LAN trigger. If this condition is enabled, a failover will be triggered if the active SMP Gateway is unable to detect the presence of a network through its Ethernet connectors. To extend this LAN availability check, the SMP Gateway can ping the IP address of the SCADA, control center or master station that is monitoring the SMP Gateway, instead of solely detecting network activity. To do so, select the Determine LAN availability by sending a ping to the following address check box, and enter the IP address below. The following LAN trigger options are available:
No LAN connection lost. Disable the LAN trigger condition: it will not be considered. All LANs connections lost. Trigger a failover when both LAN A and B are unreachable. LAN A connection lost. Trigger a failover when the LAN connected to ENET1 can no longer be reached. LAN B connection lost. Trigger a failover when the LAN connected to ENET2 can no longer be reached.
Click OK. SMP Manager sends the settings to both SMP Gateways. You will need to restart both SMP Gateways to activate redundancy.
166
In the Restart Gateway dialog box, choose Shutdown and Restart to have the SMP Gateways restart in normal mode. The next screenshot shows two grouped SMP Gateways in SMP Manager:
19.2.3
Active. Indicates that this SMP Gateway is active. It communicates with the field devices and sends keep alive messages at a frequency set through parameter settings. In the event of a failover, it becomes the standby SMP Gateway. Standby. Indicates that this SMP Gateway is on standby. It listens for keep alive messages from the active SMP Gateway and takes over as the active SMP Gateway if the latter fails to send a message within the expected number of milliseconds. Hot Standby. Indicates that this SMP Gateway is on hot standby. It listens for keep alive messages from the active SMP Gateway. It also synchronizes all the data points that have been set up for hot standby in SMP Config. See Hot Standby, page 171, for more information about this particular redundancy feature. Partial Hot Standby. Indicates that this SMP Gateway is on hot standby (see above), but that the SMP Gateways have different configuration files or that there are some real-time data synchronization issues.
When nothing is displayed, SMP Manager is not able to communicate with the SMP Gateway for one of the following reasons:
The SMP Gateway redundancy software is not running because you have not set its redundancy parameters. The redundancy software has not been installed correctly on the SMP Gateway. The SMP Gateway is down.
This column may also advise you of exceptional situations, as described here:
Peer IP: nnn.nnn.nnn.nnn. Indicates that one SMP Gateway of the group is not present in the SMP Gateway list of SMP Manager. To fix the problem, add the second gateway to the list. 167
Too Many SMPs. There are more than 2 SMP Gateways in this redundancy group. To fix the problem, remove the excess SMP Gateways. Different parameters. The 2 SMP Gateways in this group do not have the same redundancy settings. See below to learn how to fix this configuration problem. Peer IP: nnn.nnn.nnn.nnn => Not in redundancy. The Peer IP is in the SMP Gateway list, but is not part of the redundancy group. This can happen if one of the 2 SMP Gateways in the group lose its redundancy configuration. To fix the problem, ungroup the SMP Gateway that is still in the redundancy group (see Ungrouping SMP Gateways, page 169) and regroup both gateways again. Virtual gateway (IP: nnn.nnn.nnn.nnn). You have added, to the SMP Gateway list, an SMP Gateway with the virtual IP address you assigned as the public IP address of the redundancy group. The address of the active gateway is indicated in parentheses.
The redundancy configuration of all SMP Gateways in the list is retrieved cyclically. This mechanism allows you to see the current redundancy state of all SMP Gateways, on SMP Manager main screen. Since the refresh cycle is relatively slow, the redundancy configuration of a given SMP Gateway is automatically retrieved when the SMP Gateway is added to the list, when it is restarted, and when one or more files are sent to it. To refresh the redundancy state of all SMP Gateways: From the View menu, choose Refresh. To update the parameters of grouped SMP Gateways that have different parameters: Click one or both SMP Gateways. From the Redundancy menu, choose Group Properties. A warning message appears, telling you that SMP Manager will use the default redundancy settings and asking you if you want to go on. If you reply in the affirmative, the Group Properties dialog box appears and you can change the settings to your liking. When you close the dialog box, both SMP Gateways will have the same settings. Restart both SMP Gateways to activate the parameters. For each gateway: Select the SMP Gateway to restart. From the Gateway menu, choose Restart. In the Restart Gateway dialog box, select Shutdown and Restart. Click OK. Warning: Do not reset the SMP Gateways by pressing the reset button on the gateway itself, or you will lose your parameter settings.
168
19.3
19.3.1
Managing Redundancy
Forcing an Active SMP Gateway to Fall on Standby
To force an active SMP Gateway to fall on standby: Using SMP Manager, select the active SMP Gateway in the list. From the Redundancy menu, choose Force Standby. The selected SMP Gateway will enter standby mode, while the other SMP Gateway in the group will enter active mode.
19.3.2
19.3.3
19.3.4
19.3.5
169
In the System folder, open the Redundancy folder to view additional redundancy information and statuses.
19.3.6
19.3.7
10.2.15.1
10.3.30.1
10.2.15.2
10.2.15.1
10.3.30.1
10.2.15.2
10.3.30.2
ACTIVE
STANDBY
ACTIVE
STANDBY
SCADA SWITCHES OVER TO THE BACKUP NETWORK TO ACCESS THE ACTIVE SMP GATEWAY 10.3.30.3 10.2.15.3
10.2.15.1
10.3.30.1
10.2.15.2
10.3.30.2
THE STANDBY SMP GATEWAY TAKES OVER AS THE ACTIVE SMP GATEWAY, NO CHANGE REQUIRED AT SCADA LEVEL
Figure 19-3 Typical failover scenarios in a redundant network configuration Note: Setting up a redundant network is out of the scope of this document. However, the following procedure describes how you can use the SMP Tools IP address switching feature to test a redundant network configuration.
170
Normally, the control center accesses the primary network and switches to the secondary network only if the primary network fails. You should therefore make sure the secondary network is working properly. To do this, you need to switch to the secondary IP address of your SMP Gateway, and then run SMP Log and SMP Trace. To switch from the first IP address to the second IP address: In SMP Manager, from the Tools menu, choose Use Second Address. Note that the switch to the second IP address applies not only to the SMP Gateway that is in the redundant network, but to all the gateways in the list. From this point on, if you launch any SMP Tools, console or Internet Explorer for any SMP Gateway, these applications will use the second IP address. To switch back to the first IP address: From the Tools menu, choose Use First Address. Note that once a tool has been launched, it never switches IP addresses regardless of how many times you toggle the address selection. Address switching applies only to commands that take place after you instruct SMP Manager to switch addresses. Note further, that if there are other models in your SMP Gateway list that support only one IP address, such as the SMP 4, toggling back and forth between the first and second IP address will have no effect. You will see the same logs, traces and statistics, regardless of which address you specify.
19.4
Hot Standby
The SMP Gateway software has the possibility to maintain a complete up-to-date image of the data of the active SMP Gateway on the standby SMP Gateway. This feature is called hot standby. It is available for the most common master protocols. Whenever a transition occurs on a hot-standby data point, data point information is first updated in the real-time database of the active SMP Gateway; it is then transmitted to the standby SMP Gateway, which updates its own database. Using hot standby, integrity scans are not always required, since the hot-standby data points are already synchronized, reducing the failover time significantly. To configure a master protocol instance for hot standby, refer to the specific protocol manual found on the SMP Gateway Software & Tools CD-ROM. To take full advantage of the hot standby, the slave protocol should be configured to be active anytime, even on standby. To configure hot-standby for a slave protocol: In SMP Config, select the General node of the slave protocol instance. In the Hot-Standby Support cell, Disabled should be selected. Instead, select the behavior that is expected from the slave component, between the following:
Acquisition. The slave protocol will receive data from its masters without accepting control commands from the control center. Acquisition and control. The slave protocol will receive data from its masters and it will accept control commands from the control center. These commands will be forwarded to the active SMP Gateway, which will forward the control commands to the devices.
171
The following illustration presents the acquisition data flow for an SMP Gateway redundancy group that supports hot standby.
10.2.15.3 10.2.15.1 3 2 10.2.15.2 3
ACTIVE 1
STANDBY
1. 2. 3.
The active SMP Gateway receives data from the device. The standby SMP Gateway is updated. Data is sent to the control center by both SMP Gateways.
Figure 19-4 Acquisition data flow in a hot standby redundancy SMP Gateway group Note: The public IP address is always associated with the active SMP Gateway. When the control center wants to connect to the standby SMP Gateway, it needs to use the physical IP address.
19.5
172
20
The SNMP server is an optional software module that allows the SMP Gateway to export statistics using the SNMP (Simple Network Management Protocol) standard. The SMP Gateway SNMP agent publishes and supports both standard MIBs (management information bases) that are supported by the Windows CE operating system and custom MIBs that are supported by the SMP Gateway application. The agent supports extensive reading capabilities as well as limited writing and trap capabilities.
20.1
SNMP Traps
SNMP traps are messages that are automatically sent to selected SNMP clients when specific, unusual events occur. They are the text equivalent of alarms. Traps are automatically sent to listening SNMP clients whenever:
the SMP Gateway restarts; a communications link used by a master or slave protocol instance fails for more than 60 consecutive seconds (these traps are called link down traps); a communication link used by a master or slave protocol instance becomes active (these traps are called link up traps).
In order to send traps, the SMP Gateway needs to know the IP addresses of the SNMP clients that are listening on the network. You can enter a maximum of 32 SNMP client IP addresses using the SNMP Manager console application.
20.2
173
SNMP manager lists all available commands, as shown next: \> snmpmgr SNMP Manager Available commands (case insensitive): A Add a client. R Remove a client. L Display all clients. M Modify the community membership of a client. C Change a client description. G Add a community. D Remove a community. B Display all communities and their permissions. I Modify the permissions of a community. T Modify the name of the system contact. O Modify the location of the gateway on which the agent is running. F List information on system contact and gateway location. W Modify the firewall settings. H Display the list of all commands. esc Abort the current operation. Q Quit. (H) Help, (Q) Quit: You can display the previous list any time, by using the H command. You should specify the SNMP settings in the following order:
Add communities and their permissions. Add a system contact. Add a system location. Add a number of clients and associate them to communities.
Any modifications you make will be effective the next time the SMP Gateway will restart. Note: If the built-in firewall is enabled on the SMP Gateway, SNMP services must be allowed through the firewall. To learn how to open ports and allow services through the built-in firewall, see Setting Firewall Rules, page 92.
174
21
Time Adjustment
This chapter describes the different time adjustment features of the SMP Gateway.
21.1
Some system data points provide time information. They are all prefixed by _smp___clock and are visible using the SMP Gateway Web server (see Using a Web Browser to View Data in Real Time, page 57). For more information on system data points and an exhaustive list of time-specific points, see Appendix A - System Data Points, page A-1. Current data and time can also be seen in SMP Stats, in the Vital System Information folder, from the Internals folder located in the System folder. For more information on SMP Gateway statistics, see Viewing Communications Statistics in Real Time, on page 53. SMP 16 time information is displayed on the gateway front panel, using the SYNC LED. For a complete description of the different SYNC LED states, refer to the gateway installation guide on the SMP Gateway Software & Tools CD-ROM. Also for the SMP 16 model, more precise time information can be seen in SMP Stats, in the Clock folder, from the Internals folder located in the System folder.
21.2
175
Select whether the SMP Gateway clock will be set to UTC or Local Time. If you selected Local Time, select the time zone to use for the time conversion. Select Apply daylight saving time if needed. Note: Daylight saving time automatic adjustment is not supported by the SMP Gateway. If you use local time on your SMP Gateway, you must manually adjust the gateway internal clock at every DST clock shift. The time at which the clock will be set is displayed just above the buttons. If it is as expected, click OK to set the SMP Gateway clock to this date and time. The SMP Gateway internal clock is not an atomic clock, which means that it drifts from actual time. Over time, data timestamps become less accurate. Moreover, manual time adjustment using SMP Manager displays an accuracy of 1 second. Consequently, time adjustment via an external source is highly recommended for the SMP Gateway to provide accurate timestamps. This is the topic of the next section.
21.3
Directly from a GPS signal, if you have an SMP 16 pre-installed with the GPS clock option. You must then have a GPS antenna receiving the highly accurate satellite signal. Using an external source, such as an IRIG-B signal. It may come from another GPS antenna connected to another device that redistributes demodulated or modulated IRIG-B. It may also come from another SMP 16 equipped with the GPS clock option that distributes IRIG-B to your SMP Gateway. Directly from an SNTP server. SNTP stands for Simple Network Time Protocol, and is briefly presented in section About GPS, IRIG-B and SNTP, below. Using a SCADA protocol, such as DNP3.
Here is a list of the possible time adjustment solutions that are available for the different SMP Gateway types:
176
Protocol
SNTP
Modulated IRIG-B
Demodulated IRIG-B
*
GPS
G G
Legend: = Available, G = with the SMP 16 GPS clock option, * = .Planned for a future release Table 21-1 Time adjustment solutions available for each model
Note: Only one time adjustment solution should be implemented at a time for an SMP Gateway. These different solutions are presented in the next sections.
21.3.1
21.3.2
177
Setting up the GPS clock option is explained in detail in the SMP 16 GPS Clock Option Installation Guide, GUI-00316-00047 T, which is included on the SMP Gateway Software & Tools CD-ROM. To complete the GPS clock option configuration, using SMP Config: Under the System branch, select Time, and then select GPS Synchronization. In the Cable Length cell, type the total length, in meters, of the cable that links the SMP Gateway to the GPS antenna. By default, a 25 m length is specified. Specifying a precise cable length is essential to get the best accuracy possible during the synchronization process.
21.3.3
21.3.4
Select the Enabled check box. Under Server Address, enter the SNTP server IP address or network name.
178
Type the Refresh rate, which is the frequency, in minutes, at which the SMP Gateway will connect to the SNTP server in order to be resynchronized. Type the Recovery Refresh rate, which is the frequency, in minutes, at which the SMP Gateway will retry to connect to the SNTP server following a connection failure. This value must be smaller than the normal Refresh rate. Type the Maximum Time Variance allowed, which is the maximum time difference allowed, in minutes, between the new time provided by the server and the actual time of the SMP Gateway. If the difference is larger, the time update is ignored; this mechanism prevents the use of an invalid time source.
21.3.5
21.4
Through a modulated or demodulated IRIG-B signal. By acting as an SNTP server. Using a master protocol, such as DNP3, IEC 60870-5-101 or IEC 60870-5-104. The accuracy may be limited by the protocol, but the overall synchronization of all the devices is typically accurate to within one second.
A slight delay may be introduced in the time information transmitted to devices. Output time accuracy is function of the type of time input used to adjust the SMP Gateway internal clock, and of the type of protocol or signal used to synchronize the devices. The resulting delays are presented in the following table. Output Delay Accuracy ( ms) Protocol Output Protocol Input SNTP Input Modulated IRIG-B Input Demodulated IRIG-B Input
500 500 500 500
SNTP Output
500 100 100 100
179
SNTP Output
100
Table 21-2
For example, if the SMP Gateway is time-adjusted using demodulated IRIG-B, a device clock adjusted by the gateway using demodulated IRIG-B may show a delay of 1 milliseconds. Note that the SMP Gateway can be more accurate: consider these values as worst case scenarios. Also, the SMP Gateway does not perform accurate time-tagging when I/O changes are received from a device, because the transmission delay is unpredictable. For the time tag to be accurate, the device must time-tag the I/O changes itself. The following sections present the various time distribution features of the SMP Gateway.
21.4.1
In the Output Signal Availability cell: Select When synchronized with IRIG-B or GPS to prevent IRIG-B distribution when the SMP Gateway is not currently synchronized with a time source. OR Select Always to distribute the IRIG-B signal regardless of the current synchronization state of the SMP Gateway. This option should only be used temporarily, for testing purpose for example, as the accuracy of the signal cannot be guaranteed under this condition. If the SMP Gateway is time-adjusted using IRIG-B: Under the System branch, select Time, and then IRIG-B Distribution.
180
To reuse the IRIG-B input signal as-is, without any changes, as the IRIG-B output signal, select Forward Input Signal. The Format, Time Zone, and Auto Adjust DST settings will be ignored by the SMP Gateway software. Otherwise, specify how the conversion settings of the input signal: In the Format cell, select the IRIG-B format to which the IRIG-B input signal should be converted. In the Time Zone cell, select the time zone to use for the IRIG-B output signal. Essentially, it should be the time zone of the area where your substation is located. If required, select Auto Adjust DST to update the IRIG-B output signal for daylight savings. If the SMP Gateway is time-adjusted using GPS: Under the System branch, select Time, and then IRIG-B Distribution. In the Format cell, select the IRIG-B format to which the GPS time information should be converted. In the Time Zone cell, select the time zone to use for the GPS time information. Essentially, it should be the time zone of the area where your substation is located. If required, select Auto Adjust DST to update the GPS time information for daylight savings. If the SMP Gateway is part of a redundancy group: Under the System branch, select Time, and then IRIG-B Distribution. To distribute time information even while the SMP Gateway is on-standby, select At System Boot from the Activation cell. Otherwise, select When system has successfully started from the Activation cell.
21.4.2
Select the Enabled check box. Select from the Accessible From list box whether it will be accessible from any computer or a specific one through the SMP Gateway built-in firewall. If you selected Specific computer or subnet, type an address or an address range in the last cell.
181
21.4.3
182
22
You may want the SMP Tools to connect to an SMP Gateway that is not itself connected to your network. You would typically do this by setting up a dial-up connection and using a modem to call the SMP Gateway from your PC running Windows Vista, Windows XP or Windows 2000. Less typically, you might choose to access the SMP Gateway by setting up a direct serial connection between a serial port on your PC and a serial port or the CONSOLE port on the SMP Gateway from your PC running Windows XP or Windows 2000. This section explains how to set up dial-up and direct serial connections between a personal computer and an SMP Gateway. The procedure differs slightly, depending on whether the SMP Tools run under Windows Vista, Windows XP or Windows 2000.
22.1
Set up a dial-up (modem) connection between the PC and the SMP Gateway.
Note: Windows Vista does not support direct serial connections. For more information, see Incoming Direct Serial Connections and Windows Vista, page 186.
22.1.1
183
You must perform the steps in the order presented in the table. Step
1
To do this
Set up the SMP Gateway to accept a dial-up connection
1. From Windows Start menu, access the Control Panel. 2. Click Hardware and sound. 3. Click Device Manager. 4. Click Continue. 5. Click on the name of your PC in the three views. 6. Click the Action menu then scan for hardware changes. 7. If the modem is supported by Vista, it will configure itself. If this does not work, consult the modems manufacturer manual.
184
Step
3
To do this
Set up a new dial-up (modem) connection for the SMP Gateway
2. Click Network and Internet. 3. Click Network and Sharing Center. 4. Click Set up a connection or network. 5. In the Wizard dialog box, select Set up a dial-up connection then click Next. 6. If you have only one modem, skip this point. Click on the modem you wish to use to connect. 7. Type the phone number you will dial to connect to the SMP Gateway and a useful name then click Connect. Windows Vista will try to connect to the device for real. 8. During the connection attempt, click Skip. 9. Click Set up the connection anyway. 10. Click Finish. 11. Click Manage network connections. 12. Right-click the Dial-up Connection just created and select Rename. Write a useful name then press return. 13. Right-click the Dial-up Connection just created and select Properties. 14. From the General tab, select the modem you want to use for this connection and click Configure. 15. In the Modem Configuration dialog box, select the Enable hardware flow control check box, the Enable modem error control check box and the Enable modem compression check box. Then press Ok. 16. Click the Options tab, and then click PPP Settings. 17. In the PPP Settings dialog box, select the Enable LCP extensions check box and the Enable software compression check box. Clear the Negotiate multi-link for single link connections check box. Click OK. 18. Click the Networking tab. 19. Under This connection uses the following items, clear the Client for Microsoft Networks check box. 20. Click Internet Protocol Version 4 (TCP/IPv4), and click Properties. 21. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Advanced. 22. In the Advanced TCP/IP Settings dialog box, clear the Use default gateway on remote network check box and the Use IP header compression check box and click OK three times.
185
Step
4
To do this
Configure SMP Manager to communicate with the SMP Gateway
2. In the Gateway Properties dialog box, type a significant name for the new SMP Gateway, such as SMP Gateway via modem. 3. In the First IP Address box, type the IP pool starting address that you specified when you installed your SMP Gateway (see your SMP Gateway installation guide). 4. Do not type anything in the Second IP Address box. Click Add. Note that even if you set up a number of SMP Gateways to communicate via a dial-up connection, the PC will be able to communicate with only one SMP Gateway at a time, and will use the addresses specified here.
Table 22-1
22.1.2
22.2
set up a dial-up (modem) connection between the PC and the SMP Gateway; set up a direct serial connection between the PC and the SMP Gateway.
22.2.1
186
You must perform the steps in the order presented in the table. Step
1
To do this
Set up the SMP Gateway to accept a dial-up connection
1. From Windows Start menu, access the Control Panel. 2. Double-click Phone and Modem Options. 3. In the Phone and Modem Options dialog box, click the Modems tab. If the modem you plan to use appears in the list, skip the rest of this step and proceed to the next item in the table, since your modem is already installed. 4. Click Add. 5. In the Add Hardware Wizard dialog box, allow Windows to detect your modem automatically, and then click Next.
187
Step
To do this
Perform these steps for each SMP Gateway with which you want to communicate via modem. 1. From Windows Start menu, access the Control Panel. 2. Double-click Network Connections. 3. Double-click New Connection Wizard. 4. In the New Connection Wizard dialog box, click Next. 5. Select Connect to the network at my workplace and click Next. 6. Select Dial-up connection and click Next. 7. If your PC is only equipped with a single modem, skip this step. Otherwise, select the modem you want to use for this connection, and click Next. 8. Type a descriptive name for the connection and click Next. 9. Type the phone number you will dial to connect to the SMP Gateway and click Next. 10. If your PC is not equipped with a smart card slot, skip this step. Otherwise, the wizard will ask you if you want the use a smart card to log you into the remote network. Select the option that suits you the most and click Next (by default, the Do not use my smart card option is selected). 11. Under Create this connection for, select Anyones use, click Next and click Finish. 12. In the Connect <Connection Name> dialog box, click Properties. 13. From the General tab, select the modem you want to use for this connection and click Configure. 14. In the Modem Configuration dialog box, select the Enable hardware flow control check box, the Enable modem error control check box and the Enable modem compression check box. 15. Click the Networking tab, and then click Settings. 16. In the PPP Settings dialog box, select the Enable LCP extensions check box and the Enable software compression check box. Clear the Negotiate multi-link for single link connections check box. Click OK. 17. Under This connection uses the following items, clear the Client for Microsoft Networks check box. 18. Click Internet Protocol (TCP/IP), and click Properties. 19. In the Internet Protocol (TCP/IP) Properties dialog box, click
188
Step
To do this
1. Start SMP Manager. Select the SMP Gateway to be configured and from the File menu, choose SMP Gateway Properties. 2. In the Gateway Properties dialog box, type a significant name for the new SMP Gateway, such as SMP Gateway via modem. 3. In the First IP Address box, type the IP pool starting address that you specified when you installed your SMP Gateway (see your SMP Gateway installation guide). 4. Do not type anything in the Second IP Address box. Click Add. Note that even if you set up a number of SMP Gateways to communicate via a dial-up connection, the PC will be able to communicate with only one SMP Gateway at a time, and will use the addresses specified here.
Table 22-2
22.2.2
To do this
Set up the SMP Gateway to accept a direct connection
189
Step
2
To do this
Add a communications cable between the PC and the SMP Gateway
1. From Windows Start menu, access the Control Panel. 2. Double-click Network Connections. 3. Double-click New Connection Wizard. 4. In the New Connection Wizard dialog box, click Next. 5. Select Set up an advanced connection. Click Next. 6. Select Connect directly to another computer. Click Next. 7. Select Guest. Click Next. 8. Type a descriptive name for the connection. Click Next. 9. In the Select a device drop-down list, click Communications cable between two computers. Click Next. 10. Under Create this connection for, click Anyones use. Click Next. Click Finish. 11. In the Connect <Connection Name> dialog box, click Properties. 12. From the General tab, click Configure. 13. In the Maximum speed drop-down list, select 115200 bps. 14. Clear the Enable hardware flow control check box. Click OK. 15. Click the Networking tab, and then click Settings. 16. In the PPP Settings dialog box, clear the Enable LCP extensions check box, the Enable software compression check box, and the Negotiate multi-link for single link connections check box. Click OK. 17. Under This connection uses the following items, clear the Client for Microsoft Networks check box. 18. Click Internet Protocol (TCP/IP), and click Properties. 19. In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced.
190
Step
To do this
1. Start SMP Manager. Select the SMP Gateway to be configured and from the File menu, choose SMP Gateway Properties. 2. In the Gateway Properties dialog box, type a significant name for the new SMP Gateway, such as SMP Gateway direct connection. 3. In the First IP Address box, type the IP pool starting address that you specified when you installed your SMP Gateway (see your SMP Gateway installation guide on the SMP Gateway Software & Tools CD-ROM). 4. Do not type anything in the Second IP Address box. 5. Click Add. The PC will communicate with the SMP Gateway using the addresses specified here.
Table 22-3
191
23
The SMP Gateway could need a dialup connection for DNP3 or IEC 60870-5-101 protocols in a situation where there is no network between the SMP Gateway and the control center and you cannot establish a network connection to the SMP Gateway using the procedures described under SMP Tools Remote Access to the SMP Gateway, page 183. If the control center uses the DNP3 or IEC 60870-5-101 protocol, you can establish a serial connection, via a dial-up modem, between the SMP Gateway and the control center. The control center will call the SMP Gateway. The same holds true if you need to communicate between the SMP Gateway and a device that uses DNP3 or IEC 60870-5-101and that supports a modem connection. The SMP Gateway will call the device. Communication via modem is available on the SMP 16 model, and is available as an option on the SMP 4 and SMP 4/DP models. Note that will all SMP Gateway models, you can always plug an external modem into any serial port. Having the SMP Gateway communicates, via dial-up modem with a PC or a device using DNP3 or IEC 60870-5-101, requires that you perform the following configuration steps using SMP Config:
Define which serial ports have a modem. Create a modem pool. Add modems to the pool. Create a modem pool master connection if the SMP Gateway will call a device, or create a modem pool slave connection if the control center will call the SMP Gateway.
23.1
193
23.2
Identification Procedure
The Call Dispatcher sends an IEC 60870-5-101 RESET OF LINK broadcast frame. The slave device is expected to respond with an ACK frame containing its own DEVICE ADDRESS. The Call Dispatcher sends a DNP3 RESET OF LINK broadcast frame. The slave device is expected to respond with an ACK frame containing its own DEVICE ADDRESS as the source address.
DNP3
Table 23-1
To add a modem pool: In the left pane, click Serial Ports, then on Modem Pools. In the right pane, type the name of the pool. Edit the modem pool settings. These settings set up the behavior of the Call Dispatcher, as described in the next table. Setting
Type
Description
The communications protocol supported by the modem pool. The default value automatic means that the supported protocol will be determined automatically. Allowed values: Automatic IEC 60870-5-101 DNP Default value: Automatic
The size of the DEVICE ADDRESS, in bytes. This setting is taken into account when a frame is sent or received, since it affects the size of the frame. Range: Default value: 1 to 8 1
194
Setting
Dispatcher Response Timeout
Description
This setting specifies how much time the dispatcher will wait for the reception of a response to a request. Range: Default value: 0 to 60,000 milliseconds 10,000 milliseconds
This setting specifies the maximum time allowed between 2 received bytes of a frame, for the frame to be considered valid. Range: Default value: 0 to 10,000 milliseconds 250 milliseconds
This setting specifies how much time the dispatcher will wait after a failure (invalid frame format, etc.), before retrying. Range: Default value: 0 to 10,000 milliseconds 1,000 milliseconds
This setting specifies how many times the dispatcher will try to identify the device. Range: Default value: 0 to 20 3
Table 23-2
23.3
Description
This AT string is sent to the serial port to initialize the modem. It should be a valid AT string to which the modem will respond with an OK. Default value: ATZ
AT Off-Hook String
This AT string is sent to the modem to answer the call when a RING message is received. The modem must, therefore, be configured to NOT auto-answer the calls (avoid S0=X, where X is other than 0). Default value: ATA
195
Setting
AT Dial String
Description
This AT string is prefixed to the phone number and sent to the modem to make outgoing calls. Default value: ATDT
AT On-Hook String
This AT string is sent to the modem to hang up. After a call has been completed, the AT Init String is always sent to reinitialize the modem. Default value: ATH0
Incoming Only
Put a checkmark if you want the modem to receive incoming calls but not be able to make outgoing calls. If you do not put a checkmark, the modem will be able to make and receive calls. Allowed values: checkmark / no checkmark Default value: no checkmark
AT Response Timeout
Specifies how much time the modem pool will wait for an answer to an AT string command. There is an exception for the ATDT and ATA commands, since it can take some time to synchronize the carriers and complete the call. For these exceptions, the maximum time is set to 3 minutes. The timeout value depends on the modem and more specifically, on the response time required for the +++ and ATH commands. Range: Default value: 0 to 60,000 milliseconds 5,000 milliseconds
Table 23-3
23.4
196
23.5
197
24
This chapter explains the software architecture of the SMP Gateway and describes how to update the SMP Tools and the SMP Gateway software.
24.1
The SMP Gateway runs on Windows CE, called a firmware, the equivalent of Windows XP on your computer. Other firmware that runs on the SMP Gateway includes the bootstrap programs and the SMP Gateway application. The SMP Gateway application (.app file), which contains your protocol translators and other gateway software files. The configuration file (.par file), which tells the gateway how to communicate with the computer.
One of the SMP Tools is specialized in carrying files from the computer to the gateway: SMP Loader. Consequently, whenever you receive a CD-ROM from Cooper Power Systems (or the contents of the CD-ROM via FTP access to a download site), you should perform an update of all these pieces of software. Follow these steps, in the order they are presented: Update the PC software, i.e. the SMP Tools (see Updating the SMP Tools on the PC, page 200). For each SMP Gateway: Update the SMP Gateway firmware (see Updating the SMP Gateway Firmware, page 201). Update the SMP Gateway application (see Updating the SMP Gateway Application, page 202). Update the SMP Gateway configuration file (see Updating the Configuration File, page 203). The table below shows the exact order in which you will update the SMP Gateway components, and the SMP Tool that you will use to perform the update.
199
Component to update
Bootstrap programs
Tool(s)
SMP Manager (requires version 4.0 or later of the SMP Gateway software already installed) OR SMP Loader
SMP Manager SMP Manager SMP Manager SMP Config and SMP Manager
Table 24-1
24.2
Version Packs
A version pack is a software package that contains all that is required by SMP Manager to manage a specific version of the SMP Gateway software. This package includes:
The corresponding version of SMP Config and 61850 Config, which will be started by SMP Manager for SMP Gateways that use this specific version of the software. The corresponding versions of the SMP Gateway software, which can be uploaded to the SMP Gateway using SMP Manager. The corresponding documentation.
Version packs are integrated with the SMP Tools installer starting with version 5.2. However, for versions 5.1 or earlier, version packs are available on-demand, from Cooper Power Systems, as self-extractable files.
24.3
200
24.4
The bootstrap program, which loads the SMP Gateway application and the Windows CE operating system into memory when the SMP Gateway starts up. The Windows CE operating system, which provides real-time system services, network services, and device drivers. The resident diagnostics, which allow you to ensure that the SMP Gateway is working properly. The SMP Gateway application, which implements all the functionalities of the SMP Gateway.
24.4.1
201
Select Operating System. In the Select version box, select the version of the operating system to upload to the SMP Gateway. Note: In the case of the operating system, this version number does not refer to the version of the Windows CE operating system. This is the version number of the SMP Gateway software package, which includes a version of Windows CE that is customized for the SMP Gateway. Click OK. Click Yes. SMP Manager transfers the file to your SMP Gateway and then informs you that you have to restart your SMP Gateway for the new firmware to go into effect. In the Restart SMP Gateway dialog box, choose Shutdown and Restart to restart the SMP Gateway. Click OK. Update the resident diagnostics. Proceed as for Windows CE, but: In the Update SMP Gateway dialog box, select Diagnostics Tools. In the Select version box, select the version of the resident diagnostics to upload to the SMP Gateway. Click OK. SMP Manager transfers the file to your SMP Gateway and then informs you that you have to restart your SMP Gateway for the new firmware to go into effect. In the Restart Gateway dialog box, choose Shutdown and Restart to have the SMP Gateway restart in normal mode. Click OK. The SMP Gateway will go through a series of startup steps, which will be displayed in the Status column in SMP Manager. Once the startup is complete, the Status column will display the current status of the SMP Gateway. The Status column should display Started. If the Status column shows that the SMP Gateway did not start up normally, refer to Troubleshooting, page 219.
24.4.2
202
Click Yes. SMP Manager sends the software to the specified SMP Gateway, and then informs you that you have to restart the SMP Gateway for the new application to go into effect. In the Restart Gateway dialog box, choose Shutdown and Restart to have the SMP Gateway restart in normal mode. Click OK. The SMP Gateway will restart and load the new application.
24.4.3
203
25
Whenever you contact Cooper Power Systems to request support for a new device that you want to connect to your SMP Gateway, or to add support for a particular feature, Cooper Power Systems will provide you with a new license, which consists in an ID and a key. A license ID is a user-readable identifier that helps distinguishes one license from another. A license key is composed of up to 4 character sequences that define the list of software features supported by the license, such as redundancy, Soft PLC and automation functions. The license key also contains information about the maximum number of master protocols (one per device) and slave protocols (one per control center) that are supported.
25.1
Enter the new license information: If this information is available as a file, click Browse to open a file browser and locate the license file. 205
Otherwise, type the License ID and Key (2 or 4 rows) in the corresponding boxes. (Optional) To verify the features and limitations that are part of the specified license, click Details.
Click OK to upload the license information to the SMP Gateway. If new protocols and components are now part of the license, update the SMP Gateway application before restarting the gateway, as described in Updating the SMP Gateway Application page 202.
25.1.1
Protocol Classes
The License Information dialog box contains lots of information, including the maximum number of master and slave protocols of each class that can be configured according to a given license. Protocols are divided into classes according to their respective features and complexity. Here are the classes in increasing order of complexity, along with some examples:
Class 1. Includes commonly-used protocols, such as DNP3, Modicon MODBUS, SEL protocols and IEC 60870-5. Class 2. Includes, but is not limited to, UCA 2.0, IEEE C37.118, IEC 61850 GOOSE and IEC 61850 (master). Class 3. Currently only includes ICCP and IEC 61850 (slave).
206
26
This section presents SMP Manager and SMP Config commands that provide useful capabilities, and that were not discussed in other sections of the document.
26.1
Displaying only those SMP Gateways with which SMP Manager is currently in communication. (Click Active Gateways from the View menu.) Choosing the time display format: local time or UTC. (Click Options from the Tools menu. See also Modifying SMP Manager Settings, below.) Exporting your SMP Gateway list. (Click Export List from the File menu.) Importing an SMP Gateway list. (Click Import list from the File menu.)
Also, some SMP Manager settings can also be customized to your needs, as described in the following section
26.1.1
207
In the Time Display Format box, select the format you want to use to display time information in SMP Manager:
Local Time. Time information obtained from SMP Gateways will be adjusted to the time zone and daylight saving time information of your PC. SMP Gateway UTC. Time information obtained from SMP Gateways will be displayed as is.
Clear the Do not prompt for SMP Gateway logon credentials at startup check box if you want the Login Information window to be displayed upon startup. Under IED Manager Suite and Authentication Certificate, you will find settings that are specific to IMS authentication, which is not covered by this manual. Refer to the Yukon IED Manager Suite documentation for more information about this settings and IMS authentication. Under Paths, you can change the name and the location of the file containing the list of SMP Gateways that are currently displayed in SMP Manager. This file has a VEP extension.
26.2
Exporting your SMP Gateway configuration to a CSV file. (Click Export from the File menu.) Importing an SMP Gateway configuration previously saved as a CSV file. (Click Import from the File menu.) Clearing the message pane. (Click Clear Message Pane from the Validate menu.)
208
26.3
SMP Loader
SMP Loader should be used for the following purposes:
To update the bootstrap programs. You can, in fact, load Windows CE and the resident diagnostics with SMP Loader, but you should use SMP Manager unless there is a problem.
Note: SMP Loader cannot be used to update the SMP 4/DP software. When the SMP Gateway is powered up or reset, the following components are started up, in the order listed:
The primary bootstrap program. The secondary bootstrap program. Windows CE.
In order to use SMP Loader, you need to interrupt the startup process before it reaches Windows CE startup. You accomplish this by putting the SMP Gateway into Command mode.
26.3.1
Connect your PC to the SMP Gateway CONSOLE port. Start SMP Loader. Put the SMP Gateway into Command mode.
To connect your PC to the SMP Gateway: Connect one of the communications ports of your PC to the SMP Gateway CONSOLE port, using a standard RS-232 direct cable equipped with a DB9 male connector at one end and a DB9 female connector at the other end. Note: If you are using a portable computer that does not have an external serial port, you will need to use an USB-to-RS-232 serial converter. To start SMP Loader: Click Start on the Windows taskbar. Point to All Programs, then to Cooper Power Systems, and then to SMP Tools. From the SMP Tools menu, choose SMP Loader. From the Connection menu, choose Communication Settings to display the Communication Settings dialog box. Most of the communication settings are unavailable, as they cannot be changed. Select the communications port that will be used on your PC (ex. COM1). Specify 115,200 bps as the file transfer speed. If your computer does not support the specified speed, try a lower value for this setting. Click OK.
209
Do not close SMP Loader: it will connect to the SMP Gateway automatically when the latter will enter Command mode. To put the SMP Gateway into Command mode, you need to reset the SMP Gateway. The procedure differs, depending on the SMP gateway model. To put an SMP 4 into Command mode: Insert a pointed object in the reset aperture and apply pressure until the watchdog timer LED stops flashing. SMP Loader will automatically connect to the SMP Gateway, as described in the previous section. Warning: Do not use a lead pencil, since lead is a conductor, as it could break and damage the SMP 4. To put an SMP 16 into Command mode: Power off the SMP 16. Power it up again. SMP Loader will automatically connect to the SMP Gateway, as described in the previous section. In both cases, the SMP Loader window will show the files that are currently loaded on the SMP Gateway as soon as the latter will complete its startup into Command mode.
26.3.2
Main Window
The SMP Loader main window is shown next, for an SMP 16/SG.
As you can see, the display only shows Windows CE. The same applies to an SMP 4. It is important to note that the display area does not list the bootstrap programs, even though these do indeed reside on the SMP Gateway. However, the secondary bootstrap version is shown at the bottom right of the window, on the status bar.
210
To view the bootstrap programs version numbers: From the Connection menu, choose Bootstrap Versions. A dialog box appears, showing the versions of both bootstrap programs. Note: The dialog box indicates that the primary bootstrap version is unavailable since it resides in the ROM and cannot be modified in the field.
26.3.3
Point to SMP Tools\Version Pack\<version number>\SMP Firmware Libraries, and then to the SMP 4, SMP 16 or SMP 16 PM folder, depending on the model of SMP Gateway. Choose SMP Loader Files (*.vl) in the Files of type drop-down list. This will display one or more files with the VL extension. Select the file you want to send, and click Open. The File Information dialog box appears, giving you a description of each file, within the .VL file, that you are about to transfer and asking you to confirm your intention to carry out the transfer.
211
The transfer takes place once you have responded to the question for all the files that were listed in the VL file, and a dialog box shows you the progress of the operation. Remove the cable that you connected between the SMP Gateway CONSOLE port and the PC when you used SMP Loader. Start SMP Manager, and monitor the progress of the reset operation.
Notes:
The SMP Gateway will not use the transferred files until next reset. If you transferred a bootstrap program, it will not appear in the list even though the file has indeed been transferred. Furthermore, if you look at the bootstrap version numbers (by choosing Bootstrap Versions from the Connection menu), you will see that the secondary bootstrap number has not been updated. The version number will be updated on next reset of the SMP Gateway.
26.3.4
26.3.5
212
If the secondary bootstrap of your SMP Gateway is corrupted, contact Cooper Power Systems Technical Support (see Getting Assistance, page 2).
213
27
Console access to the SMP Gateway provides you with a command line prompt for running tools and low-level commands on the SMP Gateway. Console tools are gradually being replaced by Windows-based tools. However, if you feel more at ease with the command line interface, you can use the following console commands:
FirewallMgr (Firewall Manager) Time and Date. TCP/IP address and RAS setup, as described in the installation manual of each device. SnmpMgr (SNMP Manager), as described in the Configuring the SNMP Server section, page 173. ClockMgr (Clock Manager).
27.1
27.2
Firewall Manager
Since version 4 of the SMP Gateway Software & Tools, the firewall is configured using SMP Config. Firewall Manager can now only be used to view the current status and custom rules of the firewall. If you have setup a firewall using a previous version of the SMP Gateway software, you can still use Firewall Manager to set up rules. However, these rules will be overridden if you set up a firewall instance using SMP Config (see Configuring the Firewall, page 92). Note: To use Firewall Manager, the user must have the System Management privilege for the SMP Gateway.
215
To use Firewall Manager: In the console window, type the following command at the prompt: firewallmgr Firewall Manager displays the list of available commands, as the following shows: Firewall Manager. Available commands (case insensitive): Note: Use "SMP Config" to change the firewall configuration. R S H Q Show custom firewall rules. Show the current firewall and VPN status. Display the list of available commands. Quit.
27.2.1
R Command
The R command displays the list of firewall rules you have set-up.
27.2.2
S Command
The S command shows the current status of the firewall and VPN connections. Example: Firewall: disable Firewall log: enable VPN connections: 2
27.2.3
H Command
The H command displays the list of available commands, as shown at the beginning of this section.
27.2.4
Q Command
The Q command is used to exit the firewall manager.
27.3
216
To set the SMP Gateway time: In the console window, type the following command at the prompt: time The current UTC time is displayed, followed by a prompt for the new time. For example: The current time is: 3:22:40 PM Enter the new time (hh:mm:ss): Type the new UTC time in the requested format and press ENTER. To set the SMP Gateway date: In the console window, type the following command at the prompt: date The current time is displayed, followed by a prompt for the new time. For example: The current date is: Tuesday, June 10, 2008 Enter the new date (mm-dd-[yy]yy): Type the new date in the requested format (year can be specified using two digits) and press ENTER. Note: For both commands, the time/data will remain unchanged if you do not type anything and press ENTER.
27.4
Clock Manager
Clock Manager was used for time adjustment setup. It has been replaced by SMP Config since version 4 of the SMP Gateway Software & Tools. It is now mainly used to get an overview of the GPS clock settings; for more details, refer to the SMP 16 GPS clock option installation manual. To use Clock Manager: In the console window, type the following command at the prompt: clockmgr Clock Manager displays the list of available commands, as the following shows: Clock Manager. Available commands (case insensitive): Note: Use "SMP Config" to change the clock configuration. D H Q Display the current settings. Display the list of available commands. Quit.
217
27.4.1
D Command
The D command shows the current settings of the optional GPS clock. Example: GPS Cable length: 0 m IRIG-B distribution format for the GPS: IRIG-BXX0 IEEE 1344 Always distribute the IRIG-B signal: No
27.4.2
H Command
The H command displays the list of available commands, as shown at the beginning of this section.
27.4.3
Q Command
The Q command is used to exit the clock manager.
27.5
218
28
Troubleshooting
The SMP Gateway is a highly reliable substation-grade device. Most operational problems result from configuration errors, and there are a few simple steps you can take to identify and solve these problems. This section discusses the following types of problems:
Startup problems. Communications problems. Problems with data validity. Problems executing control operations. Firewall-related problems.
28.1.1
28.1.2
219
If after going through all the required procedures, you find that you need to contact Cooper Power Systems Technical Support, you will need to create a report file. This file will help the technical support team in identifying and solving the problem. SMP Gateway report files are stored in Reports folder of SMP Manager. Each time a report is generated, SMP Manager creates an event log file, indicating all operations performed during the report generation. The event log file is also stored in the Reports folder. To create an SMP Gateway report file: In SMP Manager, select the SMP Gateway. From the Gateway menu, choose Make Report. Note: The Make Report command is only available if the SMP Gateway is online.
Click the Tell me more button to display the information that will be collected from the SMP Gateway; Type additional information in the text box, such as the problem description, or the reason why you are requesting technical support. Assign a name to the report, in the Report Name box. SMP Manager will automatically append the date and time to the report name. Select the Extract Automatically check box, if you want to see where the report is located as soon as SMP Manager has finished retrieving the report information. The information will be displayed in a Windows Explorer window. Click OK. Select the folder where you want to save the report file. You can also change the file name here. Click Save to start the report generation. The Gateway Report progress dialog box appears, showing each operation performed and when the report generation is complete, the dialog box indicates the completion status of the operation. Click Details to display the event log for the report generation.
220
Click Close button. If you selected the Extract Automatically check box, a Windows Explorer window appears, showing where the report file is located. You will see a LOG file, a GRF file, and a folder bearing the same name as the GRF file. If you click the folder, you will see a group of files and folders with information about the data points, crashes, logs, and so on. Send the GRF file to Cooper Power Systems Technical Support with your request. The GRF file is, in fact, a zipped file, which contains the files and folders discussed previously.
28.1.3
28.2
Startup Problems
When you start the SMP Gateway or reset it using SMP Manager, it goes through a sequence of steps, after which you should see Started in the Status column of SMP Manager application window. However, if the SMP Gateway software detects a problem during startup, you may see something else in the Status column. Here are some suggestions for troubleshooting the problem. If the problem persists, do not hesitate to contact our technical support team.
28.2.1
No Configuration File
If the status is No configuration file, you have not loaded a configuration file on the SMP Gateway. To correct the problem: Create a configuration file using SMP Config, if you have not already done so. Use SMP Manager to send the file to the SMP Gateway. Restart the SMP Gateway using SMP Manager, in order to activate the configuration.
28.2.2
Protocols Failed
If the status is Protocols failed, it may be due to one of the following reasons:
You changed the SMP Gateway license, but did not update the SMP Gateway application. There is a problem with a master or slave protocol instance. There is an incompatibility in the settings. 221
To correct the problem: If you have changed the SMP Gateway license without updating your SMP Gateway application, update the SMP Gateway application using SMP Manager, as some components may be missing. See Updating the SMP Gateway Application, page 202. Otherwise, start SMP Log and examine the startup log. Make sure you are using the correct configuration file: If you are using the wrong configuration file, use SMP Manager to send the correct file to the SMP Gateway. If you are using the correct configuration file, but it contains errors, fix them all using SMP Config, and then send the file to the SMP Gateway using SMP Manager. Make sure you have described your hardware correctly. For example, you may have specified the wrong SMP Gateway model in SMP Config. Check the protocol settings. The log will show you the startup actions of each protocol instance. You will see which one failed to load or did not start up properly. Check its parameter settings. Make sure you have associated the protocol instance with an existing serial port (the number of available ports depends on the hardware configuration settings). Check the version numbers of the SMP Gateway software. A component may not be up-to-date: Send an updated version of the SMP Gateway application to the SMP Gateway, using SMP Manager. If the application update does not work, you probably need to have SMP Config convert your configuration file, after which you can send the file to the SMP Gateway. If the problem persists after the SMP Gateway has restarted, try using a reduced version of the configuration file, in an attempt to isolate the problem. For example, use a configuration file that has only one device and one protocol instance.
28.2.3
28.3
Communications Problems
Communications problems always occur in one of the following layers:
222
Figure 28-1 Network layers where most communication problems occur SMP Trace and SMP Stats are the ideal tools for you to troubleshoot a communications problem and determine in which layer the problem occurred. SMP Trace shows you the information that was sent back and forth between the SMP Gateway and the device, while SMP Stats supplies you with statistics that can help you detect an anomaly. For example, the statistics may show you that there were no exchanges whatsoever on a particular connection, or the trace may show you that the SMP Gateway never got responses when it polled a particular device.
28.3.1
Physical Layer
The physical connection between the SMP Gateway and a device is often at the root of a problem. You should therefore ask yourself the following questions:
Am I using the correct type of cable? Do I need to use a cable for RS-232 or for RS-485 communications? Should I be using a 2-wire or a 4-wire cable for RS-485 communications? Is the device connected properly? Make sure the cable is connected to the correct port. Do I need an adaptor? For example, do I need a null-modem adapter for RS-232 communications? Are the connection settings configured correctly? Use SMP Config to check the Asynchronous Serial Ports settings, under Connections:
If Im using RS-485 4-wire, did I choose RS-422? If Im using RS-485 2-wire, did I choose RS-485?
28.3.2
Link Layer
Problems in the link layer are often related to the settings of the communications component. Here are examples of settings that can cause problems:
The baud rate, parity, start and stop bit settings of both the SMP Gateway and the device, for serial communications. The TCP/IP address and port configuration, for TCP/IP communications. 223
To correct this problem: Examine the link layer byte exchanges, using SMP Trace and SMP Stats. Using SMP Config, look at the Connections settings: If your SMP Gateway communicates with the device over a serial link, check the communications settings of the link used to communicate with the device, such as baud rate and parity. These settings must be configured identically at both ends. If your SMP Gateway communicates with the device over a WAN or LAN, make sure you have specified the correct TCP/IP address and port number.
28.3.3
Protocol Layer
Protocol problems are directly related to the settings of the protocol instance used to communicate with the device. You should proceed as follows: Examine the protocol layer byte exchanges, using SMP Trace and SMP Stats. Using SMP Config, make sure you have specified the correct protocol. Look at the SMP Config general settings: Check the settings of the protocol instance, such as packet size. Make sure the device or link address is correct. Check the polling parameters. Some devices are not able to respond to rapid polling requests because they process the information very slowly. Other devices only allow slow communications links - 9600 baud or less. If you poll too quickly, the request will arrive before the last block of data is read, thereby causing communications problems.
28.4
Data point address. Is the address of the physical data point correct? Some devices have flexible configuration options, so you have to compare the SMP Config values with the values set by the device manufacturers software. Conversion factors. For physical analog data points, are the scale and offset factors correct? Polarity. For physical binary input points, is the polarity set correctly? Warning messages. Are there any warning messages in the message pane, regarding the data points that have erroneous values?
28.5
224
Use SMP Log to look in the Control log. All control operations are recorded in this log. Use SMP Trace to see the data exchanges. Note, however, that you have to be connected to the SMP Gateway to view a control operation in real time. Make the following checks to determine the cause of the failure: Using SMP Log, look at the control log and make sure the SCADA is sending the correct sequence (direct operate, select before operate) of messages. Using SMP Config, check the general settings of both the master and the slave protocol instances. Make sure each that for each of them, the Control Enabled check box is selected. Using SMP Config, make sure the binary and analog physical output points are set up correctly. For example, for the DNP3 protocol, Control Type requires a value other than Not supported. See the device manufacturers documentation for the required setup and refer to the appropriate Cooper Power Systems protocol documentation. Refer to the device manufacturers documentation to check whether the device allows for a polling message to be sent between a select and an operate or whether polling has to wait until after the select and operate have completed. Some manufacturers deselect the device if a polling message is sent between a select and an operate. If polling has to wait, use SMP Config to make sure that the Tx During SBO check box is selected in the master protocol general parameters. Using the Web browser, make sure the point called _smp___localControl is set either to 0 to enable commands from the SCADA or to 1, to enable commands from Visual T&D. If the value is not set properly, send either an open command to the point called _smp___setLocalControl to set the value to 0, or a close command to set the value to 1. Using the Web browser, check whether the point is set to inhibit operations. If so, remove the inhibition.
28.6
28.6.1
Firewall-Related Problems
Recovering from a Firewall Lockout
If, for some reasons, access to the SMP Gateway management port (TCP 6650) is restricted in the built-in firewall, you may no longer be able to connect to the SMP Gateway using any SMP Tools: this situation is called a firewall lockout. Since the firewall configuration is specified in the SMP Gateway configuration file (PAR), it is possible to recover from a firewall account if you have physical access to the SMP Gateway, to force the SMP Gateway to reset and enter the maximum safe mode, where the restrictions over the SMP Gateway management port are not effective. To recover from a firewall lockout:
Power off the SMP Gateway, and then power it up again. Pay attention to the various traces that appear in the terminal window. Eventually, the following prompt appears: ******************************************** Press ENTER now to access configuration mode
225
Note: If security is enabled on the SMP Gateway, a login prompt will be displayed. Enter a valid login name, followed by the corresponding password. The SMP Gateway enters the configuration mode and the following appears on the terminal window: *************************** Starting configuration mode *************************** Current UTC time: 2009/05/28 17:14:55 Available commands: S Set the clock C Configure TCP/IP parameters U Update the firmware F Reset the SMP Gateway configuration to the factory default D Start on-line diagnostics M Start the SMP Gateway in MAX SAFE MODE W Start the SMP Gateway Note. The SMP Gateway will start after 60 seconds if you have not pressed any key. > Type M to restart the SMP Gateway in Maximum Safe Mode. The SMP Gateway will restart and it should now be accessible via SMP Manager. If you do not have a copy of the configuration file, retrieve it from the SMP Gateway. Start SMP Config. Remove or modify the settings and/or access rules that restrict access to the SMP Gateway management port (TCP 6650). Save the configuration file. Upload the configuration file to the SMP Gateway. Restart the SMP Gateway in Normal mode. The SMP Gateway should now be working properly and should be accessible via all SMP Tools.
226
29
Appendices
227
Appendix A -
The SMP Gateway has system points for various purposes and features, such as remote access, security, time adjustment and redundancy. When they are present on an SMP Gateway, they can be seen using the SMP Gateway Web Server. When an SMP Gateway slave protocol subscribes to them, they provide useful information to the SCADA. The following list describes all available system data points: Data Point Name Description
Power Status _smp___voltage_ok If set to 1, this binary input point indicates that the voltage of the SMP Gateway power supply is within its normal range of operation. Temperature _smp___temperature (available on SMP 16/SP) This analog input point states the temperature, in C, inside the gateway.
Clock-Related Information _smp___clockYear This analog input point states the year information of the SMP Gateway internal clock. This analog input point states the month information of the SMP Gateway internal clock. This analog input point states the day information of the SMP Gateway internal clock. This analog input point states the hour information of the SMP Gateway internal clock, using the 24-hour notation. This analog input point states the minute information of the SMP Gateway internal clock. This analog input point states the second information of the SMP Gateway internal clock. If set to 1, this binary input point indicates that the internal clock of the SMP Gateway is actually synchronized with an external time source, such as GPS or IRIG-B.
_smp___clockMonth
_smp___clockDay
_smp___clockHour
_smp___clockMinute
_smp___clockSecond
_smp___clockSynchronized
A-1
Description
If set to 1, this binary input point indicates that the clock battery is operational.
Local Control _smp___setLocalControl This binary output point allows you to switch from local control (by a local HMI, such as Visual T&D), to remote control (by the SCADA). _smp___localControl indicates the current control state of the SMP Gateway. If set to 1, this binary input point indicates that the SMP Gateway is actually controlled locally, by Visual T&D or another HMI. If the gateway is currently controlled by the SCADA, this point is set to 0. At the SMP Gateway startup, this point is set to 0. This binary output point allows you to restart the SMP Gateway. This binary output point allows you to open and close the SMP Gateway normally open (NO) relay. _smp___stateNOrelay indicates the actual state of the relay. This binary input point indicates the actual state of the SMP Gateway normally open (NO) relay. If set to 1, the relay is closed. Security _smp___securityAccountLocked _smp___securityLogonFailureCount _smp___securityLogonFailure This binary input point shows if there is an account locked on the SMP Gateway. This analog input point states the number of unsuccessful user logon attempts. This binary input point indicates if a user logon attempt failed since last _smp___secLogFailCnt counter reset. This binary output point allows you to reset the _smp___secLogFailCnt analog input point to 0. It also resets the _smp___secLogFail binary input point to 0. Remote Access _smp___dialupEnable This binary output point allows you to accept or block all incoming RAS dialup connections to the SMP Gateway. Set it to 1 to accept all incoming RAS dialup connections. _smp__dialupEnabled indicates the resulting state. This binary input point indicates if all incoming RAS dialup connections to the SMP Gateway are accepted of blocked. If set to 1, all connections are accepted. This binary input point indicates whether or not there is actually communication in progress via an incoming RAS dialup connection. Passthrough (for each passthrough connection named <connection>) _smp___<connection>Enable This binary output point allows you to lock or unlock the passthrough connection. Set it to 0 to lock the connection. _smp___<connection>Enabled indicates if the connection is locked or not.
_smp___localControl
_smp___securityLogonFailureCount Reset
_smp___dialupEnabled
_smp___dialupInUse
A-2
Description
This binary input point indicates the passthrough connection lock state. If set to 0, the connection is locked and cannot be used. If set to 1, this binary input point indicates that the passthrough connection is currently active. System Folders (for each system folder named <folder name>)
_smp___<connection>InUse
If set to 1, this binary input point indicates that the system folder is available to the SMP Gateway. This analog input point states the amount of disk space that is available on the host of the system folder. If set to 1, this binary input point indicates that the system folder host is running low on disk space. Redundancy
_smp___rsLocal_ok
If set to 1, this binary input point indicates that the SMP Gateway is currently operational. This point is mirrored in the _smp___rsRemote_ok binary input point of the other SMP Gateway of the group.
_smp___rsRemote_ok
If set to 1, this binary input point indicates that the other SMP Gateway of the group is currently operational. This point is mirrored in the _smp___rsLocal_ok binary input point of the other SMP Gateway.
_smp___rsLocal_active
If set to 1, this binary input point indicates that the SMP Gateway is active. If set to 0, it indicates that the SMP Gateway is on standby.
_smp___rsRemote_standby
If set to 1, this binary input point indicates that the other SMP Gateway of the group is on standby. If set to 0, it indicates that the other SMP Gateway of the group is active.
_smp___rsRemote_hotStandby
If set to 1, this binary input point indicates that the other SMP Gateway of the group is on hot standby. For more information about Hot-Standby, refer to the Hot Standby section, page 171.
_smp___rsFirstConnection_ok
If set to 1, this binary input point indicates that the first link between the redundant SMP Gateways is operational. If set to 1, this binary input point indicates that the second link between the redundant SMP Gateways is operational. If set to 1, this binary input point indicates that the RTDX databases of both SMP Gateways of a group are synchronized.
_smp___rsSecondConnection_ok
_smp___rsSynchronized
A-3
Description
If set to 1, this binary input point indicates that SMP Gateway access to the LAN is operational. This point state can be used as a failover condition. If set to 1, this binary input point indicates that the voltage of the SMP Gateway power supply is within its normal range of operation. This point state can be used as a failover condition. If set to 1, this binary input point indicates that the internal temperature of the SMP Gateway is within an acceptable range. This point state can be used as a failover condition. If set to 0, this binary input point indicates that the SMP Gateway is running low on memory. This point state can be used as a failover condition. If set to 0, this binary input point indicates that the public IP address defined for the group conflicts with another device that uses the same address. This point state can be used as a failover condition. Soft PLC
_smp___rsVoltage_ok
_smp___rsTemp_ok
_smp___rsMem_ok
_smp___rsGroupAddress_ok
_smp___plcProgramRunning
If set to 1, the binary input point indicates that a Soft PLC automation script is currently running on the SMP Gateway. Annunciator
This analog input point states the number of active alarms. This analog input point states the number of blocked alarms. This analog input point states the number of data points configured to trigger alarms. This analog input point states the number of alarms that require acknowledgment. This analog input point states the number of alarms that have been acknowledge and that may be cleared. If set to 1, this binary input point indicates that at least one alarm is currently active.
_annunciator___generalAlarm
Table A-1
A-4
Appendix B -
Each data point value that is stored in the real-time database (RTDX) of an SMP Gateway is tagged with a quality attribute called RTDX status. This attribute gives additional information about the precision of the value, the state of the IED that provided the value or the quality of the corresponding timestamp. The RTDX status attribute consists in a 16-bit value divided into flags. The 12 less significant bits are used to define the quality of the value, while the 4 most significant bits define the quality of the corresponding timestamp. Each status bit (flag) is independent of the others (except for the timestamp status flags), which means that a given value can be tagged with more than one status flags at the time. The following table presents the RTDX status flags that are currently supported by the SMP Gateway software and tools: RTDX Status Flag
OK / Good Unknown
Value
0x0000 0x0001
Description
Indicates that the value is valid. Indicates that the corresponding data point exists within RTDX, but that it was never updated by a master or system component. Indicates that either the originating IED or some other device along the reporting path is currently being restarted. This implies that not valid status was retrieved for the corresponding data point since the last SMP Gateway reset. Note: This status flag is DNP3-specific.
Restart
0x0002
Communication failure
0x0004
Indicates that the connection with the originating IED is currently lost, which implies that the value that is stored in RTDX for the corresponding data point is the last reported value. Indicates that the reported value was not retrieved through normal acquisition or by exception, but was forced by a human operator or by some automated process to provide to the best of our knowledge type information with no other guarantee. Indicates that the reported value is of a doubtful nature due to known hardware problems. The value might be valid, but cannot be guaranteed.
Forced
0x0008
Bad hardware
0x0010
B-1
Over range
0x0020
Indicates that the reported value is outside its normal range. This may be a direct indication from the D/A converter, or from a software component that detected that the value has reached its maximum possible value (positive or negative). Note: This status flag is reserved for analog input and output points.
Bad reference
0x0040
Indicates that the reported value provides from an analog acquisition chain containing at least one invalid reference channel. Best case is that the reported value is valid, but not accurate. Note: This status flag is reserved for analog input and output points.
Reserved Inhibited
0x0080 0x0100
Reserved for internal use. Indicates that the corresponding data point was logically inhibited by a human operator or an automation process. An inhibited input point will no longer be reported, as long as it remains inhibited, and the current value is the last one that was reported prior to the inhibition. An inhibited output point cannot be operated, as long as it remains inhibited.
Out of range.
0x0200
Indicates that the value is outside an expected range of values based on intrinsic hardware limitations. For example, consider a sensor that produces a 4 V signal, although the actual limitation of the hardware is 5 V. No status flag would be raised for a 3.9 V value; however, a 4.1 V value would raise the Out of range flag, while a 5.0 V value would raise both the Out of range and Over range status flags. An out-of-range value should be considered with caution, since this is an abnormal condition that usually points to a sensor defect or a physical installation issue. Note 1: This status flag should be confused with alarm and warning threshold that may be defined by users and operators. Based on the example above, the user may decide that any value larger than 3.0 V should trigger an alarm. That does not necessarily means that the value is incorrect, but that the operators should have a closer look to the originating device. Note 2: This status flag is reserved for analog input and output points.
Simulated
0x0400
Indicates that the reported value was not retrieved through normal acquisition or by exception, but was simulated by a human operator using the Commissioning tool. This status flag is similar to the Forced status flag, although simulated values cannot be persisted, which means that they will not be preserved when the SMP Gateway restarts, even if persistence is configured for the corresponding data points.
B-2
0x2000
Indicates that the SMP Gateway provided the timestamp of the value. Indicates that the timestamp was reported by the IED along with the value. It is assumed that the IED clock is properly synchronized with a reliable time source, and no guarantee is provided in regards to the synchronization of the IED and SMP Gateway clocks.
Device time
0xC000
Table B-1
B-3