Sie sind auf Seite 1von 90

RTU500 series

RTU500 series Remote Terminal Unit


User manual
Web server Release 12
Revision RTU500 series Remote Terminal Unit

Revision
Document identity: 1KGT 150 924 V001 1
Revision: Date: Changes:
0 07/2016 New document for Release 12.0
1 07/2016 Update: Chapter 'Opening the user interface' (PR#33042)
08/2017 Update: Chapter 'Diagnostics, Hardware tree, General
Overview' (PR#33036)

1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Contents

Contents
1 Introduction.................................................................................................................... 1-1
1.1 Preface................................................................................................................1-1
1.2 Structure of this document................................................................................. 1-1
1.3 References.......................................................................................................... 1-1
1.4 Access to the Web server.................................................................................. 1-2
1.5 Presentation of the RTU500 series Web Pages.................................................. 1-4

2 Management.................................................................................................................. 2-1
2.1 Configuration Management................................................................................. 2-1
2.2 Firmware Management....................................................................................... 2-2
2.3 License Management..........................................................................................2-4
2.4 Language Management...................................................................................... 2-5
2.4.1 Change language of the Web server..................................................2-6
2.5 User Management.............................................................................................. 2-7
2.5.1 Security Policies.................................................................................2-8
2.5.2 User Accounts / Passwords.............................................................2-10
2.5.3 User Roles....................................................................................... 2-12
2.5.4 Change own user password............................................................ 2-14
2.5.5 Password file management..............................................................2-15
2.5.6 Password file harmonization.............................................................2-16
2.6 Certificate Management.................................................................................... 2-19
2.7 System Help Page with pre-requisitions............................................................2-19

3 Diagnostics.....................................................................................................................3-1
3.1 System Log........................................................................................................ 3-1
3.2 System Event Status.......................................................................................... 3-2
3.3 Hardware Tree.................................................................................................... 3-3
3.3.1 General Overview...............................................................................3-3
3.3.2 Board Diagnosis.................................................................................3-4

4 Test & Simulation........................................................................................................... 4-1


4.1 Enable Logging and Debugging..........................................................................4-1
4.2 Time Administration............................................................................................ 4-2
4.3 General Overview: Test Mode............................................................................. 4-3
4.3.1 Opening the user interface.................................................................4-3
4.4 Inputs and Outputs view - elements of the user interface....................................4-3
4.4.1 Signals grid........................................................................................ 4-3
4.4.2 Multiple simulation interval................................................................. 4-7
4.4.3 STOP button......................................................................................4-7
4.4.4 Control panel for process connection................................................ 4-8
4.4.5 Status indicator................................................................................4-14
4.4.6 Log file download link...................................................................... 4-15
4.5 SEV and SSC view - Elements of the user interface......................................... 4-15

ABB AG - 1KGT 150 924 V001 1 | I


Contents RTU500 series Remote Terminal Unit

4.5.1 Signals grid...................................................................................... 4-15


4.5.2 Input for multiple simulation interval................................................. 4-15
4.5.3 STOP button....................................................................................4-16
4.5.4 Control panel for process connection.............................................. 4-16
4.5.5 Status indicator................................................................................4-16
4.5.6 Log file download link...................................................................... 4-16
4.6 Security Events view - elements of the user interface........................................4-16
4.6.1 Signals grid...................................................................................... 4-16
4.6.2 Input for multiple simulation interval................................................. 4-16
4.6.3 STOP button....................................................................................4-16
4.6.4 Log file download link...................................................................... 4-17

5 Operation....................................................................................................................... 5-1
5.1 Starting the Integrated HMI.................................................................................5-1
5.2 General Overview: Archives................................................................................ 5-1
5.3 Process Archives................................................................................................ 5-2
5.4 File Archive......................................................................................................... 5-3
5.5 Security Event Archive........................................................................................ 5-4

6 Engineering.....................................................................................................................6-1
6.1 Use case 1: Pre-configured RTU520.................................................................. 6-1
6.2 Use case 2: RTU520 online configuration........................................................... 6-2

7 Secure Web Server Access........................................................................................... 7-1


7.1 RTUtil500 configuration.......................................................................................7-1
7.2 HTTPS Web server access................................................................................. 7-3
7.3 Certificate handling............................................................................................. 7-4
7.3.1 Self-signed certificate.........................................................................7-4
7.3.2 External certificate..............................................................................7-5

8 PPP Installation.............................................................................................................. 8-1


8.1 Windows 7..........................................................................................................8-1

9 USB RNDIS Driver Installation........................................................................................ 9-1


9.1 Windows 7..........................................................................................................9-1

10 Glossary....................................................................................................................... 10-1

II | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Introduction
Preface

1 Introduction

1.1 Preface
The document describes the requirements and installation steps needed to build up a full RTU500
series engineering environment. The base configuration of the Microsoft Windows Operating System
and the tools required for the engineering process are described. System requirement are defined
in chapter Chapter 2.7 in figure "Fig. 28: Page for general information and pre-requisitions" .

1.2 Structure of this document


This document is divided in two main parts:

The first part describes the RTU500 series Web server functionality:

The first part describes the RTU500 series Web server functionality:
• Management functions:
– Configuration management
– Firmware management
– User management
– Loading of password files
– Help page

• Diagnosis functions
– System logs
– Process diagnosis functionality (Hardware Tree)
– The Network Tree

• Test & Simulation functions


– Enable Logging and Debugging functions
– Test mode functions

• Operation functions
– Starting the Integrated HMI
– File archive functions

• Engineering
– Changing individual parameters online
– Onlne generation of a new RTU configuration

The second part includes the installation and configuration of the environment.

• PPP Installation
• USB Installation
• Establishing the connection
• Network configuration
• The hardware required for the connection

1.3 References
Additional Information is available in the documents:

ABB AG - 1KGT 150 924 V001 1 | 1-1


Introduction RTU500 series Remote Terminal Unit
Access to the Web server

[1] 1KGT 150 722 Security Deployment Guide Line


[2] 1KGT 150 801 RTUtil500 User's Guide

1.4 Access to the Web server


The integrated Web server of the RTU500 series is accessed by a Web browser, using the IP ad-
dress of one of the Ethernet Interfaces of the RTU Communication Unit. The figure below shows an
example with the Microsoft Internet Explorer.

Figure 1: HTTPS access to an RTU Web server

The access to the RTU500 series Web server is enabled by default, but it is possible to disable the
access for each Ethernet interface in the configuration tool RTUtil500 [2]. See chapter "RTUtil500
configuration" for information how to disable the RTU500 series Web server.

Besides the secure standard HTTPS access, the RTU500 series Web server supports also HTTP.
For more information about the secure access see chapter 7-1. This chapter describes the
configuration and the certificate handling required for the secure HTTPS access.

After a successful connection, the RTU500 series Web server requests a user name and password
for log-in. An example for the log-in dialog presented by the Web browser is shown in the figure
below. Information about the default user names and passwords can be found in chapter "User
Accounts / Passwords".

1-2 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Introduction
Access to the Web server

Figure 2: Log-in dialog of Web server

After completing the working session it is recommended to log-off from the RTU500 series Web
server and to close the used Web browser. This prevents the usage of supplied user names and
passwords by unauthorized persons. The log-off is done by selecting the link "Logout" as shown in
the figure below. The appearing dialog must be confirmed with Ok to execute the log-off.

Figure 3: Log-off from Web server

Additional to the manual log-off, the user will be logged off by the RTU500 series after a configurable
time of inactivity. The timeout for automatic logout after user inactivity could be disabled and is
configurable between 1 minute and 24 hours. In RTUtil500 the inactivity timeout parameter is placed
in the "Parameter" tap at an RTU (Network or Hardware tree). The figure below shows the according
RTUtil500 parameter user interface.

Figure 4: User inactivity timeout parameter

ABB AG - 1KGT 150 924 V001 1 | 1-3


Introduction RTU500 series Remote Terminal Unit
Presentation of the RTU500 series Web Pages

When using the Microsoft Internet Explorer as Web browser the advanced option "Show friendly
HTTP error messages" shall be disabled in the Internet Explorer. Without this option the detailed
error information of the RTU500 series Web server are not shown. The option can be found in the
"Advanced" tab of the "Internet Options" (see figure below).

Figure 5: Internet Explorer Settings

1.5 Presentation of the RTU500 series Web Pages


All the pages used to in the RTU Web Server are structured with frames:
• Status frame (1)
• Navigation tiles (2)
• Presentation and selection frame (3)

1-4 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Introduction
Presentation of the RTU500 series Web Pages

Figure 6: Structure of the Web server pages

The 'status frame' (1) is fixed during runtime, but depending on the configuration of the RTU.

The navigation tiles (2) is fixed during runtime and used to navigate through the different Web server
functions.

The 'presentation frame' (3 left side) depends also on the configuration of the RTU, but will not be
updated, as long as the frame is shown.

The 'selection frame' (3 right side)


• will be updated cyclically (approximately every 2 seconds) or
• must be updated on demand by the user.

ABB AG - 1KGT 150 924 V001 1 | 1-5


Introduction RTU500 series Remote Terminal Unit
Presentation of the RTU500 series Web Pages

1-6 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Management
Configuration Management

2 Management
2.1 Configuration Management
To navigate to the Configuration-File Manager page, click on "Management" and on "Configurations
Management" in the navigation frame. The different table columns show the properties of the dif-
ferent files.

Figure 7: Configuration files: navigation tiles

The files on the RTU will be displayed on top of this page. Below is the drop in area. Here you can drop
new configuration files to be downloaded to the RTU. Only one file is needed for the configuration
of an RTU: <name>.rcd (RTU configuration data)

On the RTU there can be stored 4 different RTUtil500 configuration files:


– Active: The active configuration file is at the moment executed by the RTU
– Backup: It is possible to store one backup copy of a configuration file. This file can be activated
again.
– Base: A configuration file downloaded from the PC will be shown as base configuration file
– Editing: A configuration file generated by the WebUI configuration is called editing

In addition the Integrated HMI project files can be downloaded with this page.

The different table columns show the properties of the different configuration files.

ABB AG - 1KGT 150 924 V001 1 | 2-1


Management RTU500 series Remote Terminal Unit
Firmware Management

Figure 8: Configuration File Manager

With this button the configuration file can be downloaded to the RTU. First the config-
uration file must be dropped into the drop file area. Then the file can be downloaded
to the RTU. The downloaded file will become the new base configuration file. It must
be activated in a next step.
Send file to device

With this button the configuration file on the RTU can be uploaded to the PC.

Receive file from device

With this button the configuration can be deleted.

Delete file

By selecting this button the base or backup configuration will become the new active
configuration.

Activate configuration

Press this button in the active configuration row to generate a new backup of the ac-
tive configuration. The new backup configuration will override an existing backup con-
figuration.

Backup configuration

Table 1: Configuration Management: Operation buttons on the left side of the tables

2.2 Firmware Management


To navigate to the Firmware-File Manager page, click on "Management" and on "Firmware Manage-
ment" in the navigation frame. The different table columns show the properties of the different files.

2-2 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Management
Firmware Management

Figure 9: Firmware files: navigation tiles

The files on the RTU will be displayed on top of this page. Below is the drop in area. Here you can
drop new firmware files to be downloaded to the RTU.

The loading of the different software files is independent. The software is not distributed to other
boards while loading.

Figure 10: Firmware File Manager

ABB AG - 1KGT 150 924 V001 1 | 2-3


Management RTU500 series Remote Terminal Unit
License Management

With this button the firmware file can be downloaded to the RTU. First
the firmware file must be dropped into the drop file area. Than the file can
be downloaded to the RTU. The downloaded file will replace the existing

Send file to device firmware file on the flash. It must be activated in a next step. After a suc-
cess full download a red exclamation mark will appear and the activate
botton will become visible.

With this button the firmware file on the RTU can be uploaded to the PC.

Receive file from device

With this button a firmware file be deleted.

Delete file

By selecting this button the firmware file will be activated and the RTU will be restart-
ed.

Activate

This sign indicated a difference between the firmware file on the flash and the firmware
under operation for the the RTU. The activation of the firmware is required.

the red exclamation mark

Table 2: Firmware Management: Operation buttons on the left side of the tables

ADVICE

On the RTU there is no backup of the firmware files available. Deletes files must be replaced by
files from the PC.

2.3 License Management


Each communication unit has a separate license on the memory card, containing:

• a license for the basic functions


• the maximum number of process data points
• a license for 'local archives' and 'PLC' (option)
• a license for the 'integrated HMI' (option)

It is possible to upgrade the RTU license with an license extension file (ABBRTU500Ext.lic), generated
by ABB, by uploading the file via the Web server.

The function is available with the license file manager

2-4 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Management
Language Management

Figure 11: License file: navigation tiles

The data of the license file is checked during loading the file. The new licenses are activated after
a reset.

Figure 12: License Upgrade.

2.4 Language Management


To navigate to the Language Manager page, click on "Management" and on "Language Manage-
ment" in the navigation frame. The different table columns show the properties of the different files.

For each language 2 language files are required. For example for english langage:
– webserver_en-US.stb (CSV format)
– RTUi_en-US.rdt (XML format)

ABB AG - 1KGT 150 924 V001 1 | 2-5


Management RTU500 series Remote Terminal Unit
Language Management

Figure 13: Copy language file

With this button the language file can be downloaded to the RTU. First the language
file must be dropped into the drop file area. Than the file can be downloaded to the
RTU.

Send file to device

With this button the language file on the RTU can be uploaded to the PC.

Receive file from device

With this button the language can be deleted.

Delete file

By selecting this button the language will become the new active language. A reboot
of the RTU is required.

Activate

Table 3: Language Management: Operation buttons on the left side of the tables

2.4.1 Change language of the Web server


The language of the Web server can be selected in the status frame. For changing the langage a
reboot of the RTU is required.

2-6 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Management
User Management

Figure 14: Change language of the Web server

2.5 User Management


All modification of user accounts are done via the RTU500 series Web server. In the Web server
menu the link "User Management" is the entry point for the user account management. This link can
be found under the menu item "Management" as shown in the figure below. Due to the sensible
information in the user account management the following notice has to be considered.

ADVICE

The web pages of this functionality require secure HTTPS access. It is not possible to open the
web pages with standard HTTP access.

Figure 15: Web server menu user account management

The link starts a user interface to modify the following properties:

• Enable or disable functional policies


• Enable or disable password policies
• Add new or delete existing user accounts
• Change user account passwords
• Add new or delete existing user roles
• Change assignments of user and permissions to/from user roles

The user interface for the account management consists of several menu tabs. The first 3 menu tabs
cover the password policies, the user accounts and the user roles. On each tab the corresponding
information are shown for display and modification.

Common for all menu tabs are 2 buttons at the top of each tab. These buttons control the changes
done by the administrator. At startup all control elements are disabled showing the current config-
uration. If changes shall be done the administrator just start to access the user interface. Then the
both control buttons get active. After finishing the administrator can accept and store the changes

ABB AG - 1KGT 150 924 V001 1 | 2-7


Management RTU500 series Remote Terminal Unit
User Management

by pressing the button "Save" or returning to the former configuration by declining the changes with
the button "Cancel". It is irrelevant on which tab the control buttons are used. The change process
could be started or finished on each tab.

ADVICE

Be sure to save any wanted modification in the user account management by pressing the "Save"
button.

When the changes are accepted an additional dialog appears to confirm the decision. The changed
account configuration is active right after accepting the changes. There is no need to reset the RTU
but all users are logged out and a re-login is required. During accepting the changes are distributed
within the RTU CMU's which could take a few seconds.

To avoid conflicts no access is possible via the Web server when an administrator has started the
account change process. This compromises the access from other CMU's as well. The next chap-
ters describe each menu tab in detail.

2.5.1 Security Policies


In the first tab of the user management the security policies of the RTU500 series are defined.
Security policies are general rules, which are valid for all users and for the whole RTU500 system.
As shown in the figure below the security policies are divided into the following two sections:

• Functional policies that define restrictions in the access to the RTU500 series and
• Password policies that define rules that a password must fulfill to get accepted.

Figure 16: Menu tab security policies

The following sections describes the functional and password policies in detail.

Functional policies

The functional policies define restrictions in the access to the RTU500 series. When activated certain
functionalities are disabled and cannot be used anymore. The following functional policies can be
activated for the whole system:

• PLC online debugging


Disable the access to the PLC online debugging. This includes start/stop of PLC programs,
display and setting of PLC variables.
• COMPROTware RIO Server
Disable the access to the COMPROTware RIO Server. That means disable the possibility to lis-
tening of telegram traffic on serial and Ethernet interfaces.
• Web server Test Mode
Disable the Web server testing and simulation mode. This includes time administration, simula-
tion of process inputs and commands in the test manager.

2-8 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Management
User Management

• Online parameter change


Disable the possibility to change single parameters online with the Web server.
• Online configuration change
Disable the possibility to change the RTU configuration online with the web server.

See part (1) of the Web server screen shoot "Fig. 16: Menu tab security policies" for the password
policies user interface.

Password policies

The password policies define rules that a password must fulfill to get accepted by the RTU500 series.
To enable the password policies the check box "Enforce password policies" must be checked (see
figure in last chapter). Changes in the password policies are considered for new passwords only.
That means existing passwords are not checked against the policies and the passwords are still
valid and usable. To be sure that all passwords are compliant the passwords must be changed after
defining a password policy.

After enabling the password policies the control elements are enabled and changes could be done.
The following parameters are editable:

• Minimum length of a password. The required length of a password could be set to 0 which
means no required length or to a value between 6 and 31. In case of 0 the password must be
at least 3 characters long (see implicit rules below).
• Maximum lifetime of a password. This parameter defines the time after a password became
invalid and could not be used anymore. The time is configured in days with a range from 0 to
1000. The value 0 means that the password never became invalid.
• Contains lower case characters. If this check box is set the passwords must contains at least
one lower case character.
• Contains upper case characters. If this check box is set the passwords must contains at least
one upper case character.
• Contains numeric characters. If this check box is set the passwords must contains at least one
numeric character '0' to '9'.
• Contains special characters. If this check box is set the passwords must contains at least one
of the listed special character:
" [!£$%^&*@?<>+_]\"

Even when the password policies are not enabled there are certain rules for passwords. These are
minimal rules to ensure proper system functionality. These implicit rules are:

• A password must be at least 3 characters long.


• A password must not be more than 31 characters long.
• A whitespace character is not allowed as part of the password.
• For passwords the following characters are allowed:
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOBQRSTUVWXYZ"
"0123456789"
"[!£$%^&*@?<>+_]\"

Independent from the password policies there are as well implicit rules for user names. These rules
are:

• A user name must be at least 3 characters long.


• A user name must not be more than 31 characters long.

ABB AG - 1KGT 150 924 V001 1 | 2-9


Management RTU500 series Remote Terminal Unit
User Management

• A whitespace character is not allowed as part of the user name.


• For user names the following characters are allowed:
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOBQRSTUVWXYZ"
"0123456789"

See part (2) of the Web server screen shoot "Fig. 16: Menu tab security policies" for the password
policies user interface.

2.5.2 User Accounts / Passwords


In the second menu tab the user accounts are defined. The tab shows in a table the names of
the existing user accounts (see figure below). The password of a user account can be changed by
selecting the lock symbol at the left side of the table and by selecting the trash can symbol the user
account can be deleted. Be careful, there is no security query when deleting a user account and a
once deleted user account could not be restored.

On the right side of the table are the assigments of the user roles. One or several roles can be
assigned to an user account. The user role can be assigned or withdrawn by selecting the corre-
sponding checkbox at the user account. The specific permissions assigned to a user role are defined
in the menu tab "User Roles" described in the next chapter.

Figure 17: Menu tab user accounts

At the end of the table of existing user accounts there is an empty field for adding a new user. A
new user account is created by typing a user name and pressing <ENTER>. Then a dialog appears
to set the initial password of the new user account (as shown in the next figure). By confirming the
dialog with "Ok" the user account is created. For information about rules that must be consider when
choosing a user name or password see chapter about the password policies.

When changing a user password the same dialog appears as when setting the initial password.
In the dialog the affected user name is displayed and 2 text fields to type the new password. The
password must be typed two times to eliminate, unintentional typing errors. The new password is
accepted only if both text fields contain the same password.

2-10 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Management
User Management

The new password is checked against the policies rules when the button "OK" is selected. In case
of violations the password is declined, an error message is shown and a valid password must be
defined. The dialog can be finished by pressing the button "Cancel". In this case the password is
not changed and the old password is still valid.

Figure 18: Dialog to change the password of a user

In delivery status the RTU500 series contains the following predefined user accounts, with their
assigned user roles and their defined default user role:

Default Default Assigned user roles Default user role


user name password

Show Show Viewer Viewer

Load Load Installer Installer

Control Control Installer Installer


Engineer

Admin Admin Engineer Engineer


Administrator

Operator Operator Operator Operator

Default Default Viewer Viewer


Operator
Installer
Engineer
SECAUD
RBACMNT
SECADM
Administrator

Table 4: Default user accounts in the RTU

During migration from the previous RTU560 user account management (before release 12) the ex-
isting user accounts are taken as they are. That means user names, passwords and role assign-
ments remains unchanged after the migration.

ABB AG - 1KGT 150 924 V001 1 | 2-11


Management RTU500 series Remote Terminal Unit
User Management

ADVICE

The predefined superuser Default is added to the user accounts during migration from the pre-
vious RTU560 user account management. So, if the user accounts are defined individual be sure
to remove the superuser after the migration.

2.5.3 User Roles


In the third menu tab the user roles and there permission assignments are defined. The tab shows in
a table the names of the existing user roles (see figure below). A user role can be deleted by selecting
the trash can symbol on the left side of the table. Be careful, there is no security query when deleting
a user role and a once deleted role could not be restored.

On the right side of the table are the specific permissions assigned to a user role. A permission can
be assigned or withdrawn by selecting the corresponding checkbox at the user role.

Figure 19: Menu tab user roles

There is an empty field at the end of the table of existing roles for adding a new user role. A new
user role is created by typing a role name and pressing <ENTER>. There are the following rules
defined for role names:

• A role name must be at least 3 characters long.


• A role name must not be more than 19 characters long.
• Whitespace characters are allowed as part of the role name
• For role names the following characters are allowed:
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOBQRSTUVWXYZ"
"0123456789 "

The account permissions available in the RTU500 series are fix defined and cannot be changed.
Each defined account permission allows several actions within the RTU500 series Web server or
Integrated HMI. The table below shows all available permissions and describes the allowed actions
for every permission in detail.

2-12 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Management
User Management

Permission Definition Description

viewData@ABBRTU500 Read and view RTU data:


– View system diagnosis log in Web server.
– View and download system diagnosis file in Web server.
– View RTU500 series process data in hardware tree of Web server.
– Enable and disable RIO protocol logging mode in the Web server. Once enabled
there is no restriction on the access to the RIO server. That means the real access
is not protected by user name and password. The RIO protocol logging mode is
disabled after a fix timeout of 30 minutes if no online connection exists.
– View and download process archive information via the Web server (events and in-
dications, measured values and integrated total).
– Download archived disturbance record files via the Web server.
– View online parameter changes in the engineering part of the Web server.
– View online configuration in the engineering part of the Web server.

config@ABBRTU500 Change configuration files:


– Upload and download all RTU500 series configuration files via the Web server.
This comprises the RTU configuration and the Integrated HMI configuration.
– Restart of RTU500 series via RTU500 series Web server.

firmware@ABBRTU500 Change firmware files:


– Upload and download all RTU500 series firmware files via the Web server. This
comprises the RTU basic firmware, the communication controller firmware and the
Integrated HMI firmware.
– Restart of RTU500 series via RTU500 series Web server.
– View, upgrade and extend RTU500 series protocol/function licences (via Web
server).

account@ABBRTU500 User account management:


– Add, modify and delete user accounts (via Web server).
– Add, modify and delete user roles (via Web server).
– Assign and withdraw user accounts to user roles (via Web server).
– Assign and withdraw account permissions to user roles (via Web server).
– Change user passwords (via Web server).
– Upload and download password files (via Web server).
– Prohibit RIO protocol logging mode (via Web server).
– Prohibit PLC online debug mode (via Web server).
– Prohibit RTU500 series test mode (via Web server).
– Prohibit online configuration changes (via Web server).
– Prohibit online parameter changes (via Web server).

userRole@ABBRTU500 User role management:


– Assign and withdraw user accounts to user roles (via Web server).
– Assign and withdraw account permissions to user roles (via Web server).
– Change user passwords (via Web server).

viewEvent@ABBRTU500 View security event logging / audit trails:


– View logged security events in Web server.
– Download logged security events in predefined CSV format (via Web server).

Table 5: Account permissions available in the RTU

ABB AG - 1KGT 150 924 V001 1 | 2-13


Management RTU500 series Remote Terminal Unit
User Management

Permission Definition Description

enableTest@ABBRTU500 Enabling and use simulation and test mode:


– Enable/Disable RTU500 series test mode via the Web server. The test mode al-
lows the simulation of inputs/outputs in the test manager of the Web server.
– Enable/Disable time administration test mode to allow setting of the RTU system
time via the Web server.
– Enable/Disable IEC 61850 startup logging (via Web server).
– Enable/Disable Ethernet and PPP interface logging (via Web server).
– Enable/Disable IEC 61850 debug trace interface (via Web server).
– Enable/Disable VxWorks debug interface (via Web server).
– Simulate inputs, outputs, system events and security events in the RTU500 series
test mode via the Web server (If test mode is enabled).
– Set system time of RTU via Web server, if time administration test mode is en-
abled.

enablePlc@ABBRTU500 Enable and use PLC online debug mode:


– Enable/Disable PLC online debug mode via the Web server. Once enabled there
is no restriction on the access to the PLC. That means the real access is not pro-
tected by user name and password. The PLC debug mode is disabled after a fix
timeout of 30 minutes if no online connection exists.

onlineConf@ABBRTU500 Online configuration changes:


– Online configuration changes (Engineering via the RTU500 web server)

onlinePara@ABBRTU500 Online parameter changes:


– Online parameter changes (Engineering via the RTU500 web server)

viewDataHmi@ABBRTU500 Read and view data on the Integrated HMI:


– View all configured Integrated HMI pages.
– View and download process archive information in the HMI event list (events and
indications, measured values and integrated total).
– Acknowledge alarms in the HMI alarm list.

ctrlOpHmi@ABBRTU500 Control operations on the Integrated HMI:


– View all configured Integrated HMI pages.
– View and download process archive information in the HMI event list (events and
indications, measured values and integrated total).
– Acknowledge alarms in the HMI alarm list.
– Do control operations in the Integrated HMI

Table 5: Account permissions available in the RTU

2.5.4 Change own user password


The Administrator can change the passwords of all user accounts. A normal user can change the
own password, only. To change the own password the user must select the tab "User Accounts"
in the user account management. In this case the user account table shows the logged in user and
the password can be changed by selecting the lock symbol. The new password is checked against
the policies rules and set when the button "Ok" is selected. By pressing the button "Cancel" the
password is not changed and the old password is still valid. The following figure shows the user
interface for changing the own password.

2-14 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Management
User Management

Figure 20: Dialog to change the own password

2.5.5 Password file management


The password file of the RTU500 series can be reset to factory default and be exchanged between
different RTUs. For this functionality the password file can be reset, uploaded and downloaded via
the RTU500 series Web server. The corresponding user interface can be found under the link "User
Management" in the menu item "Management". The figure below shows the user interface for the
password file management in the tab "Password File".

Figure 21: Menu tab password file management

To reset the password file to factory default the button "Reset" has to be used. When pressed a
dialog appears to confirm the reset. After confirmation with "Ok" the default password file is active
directly. A reset of the RTU500 series is not necessary, but all users are logged out and a re-login
is required. After the reset all user accounts and passwords are reset to the default values. That
means the re-login must happen with a default user and password.

For the exchange of a password file the file must be downloaded from an RTU first. This is done
by selecting the button "Download" in the tab "Password File". When pressed an information status
bar appears like shown in the figure below. To save the downloaded password file on the host PC
select the button "Save".

ABB AG - 1KGT 150 924 V001 1 | 2-15


Management RTU500 series Remote Terminal Unit
User Management

Figure 22: Download password file

To upload a before downloaded password file on another RTU the file can be dropped to the dotted
area shown in the figures above or the area can be clicked with the mouse. In the second case a
file select dialog appears to choose the password file to upload. In both cases a confirmation dialog
appears to confirm the upload. After confirmation with "Ok" the existing password file is replaced
by the uploaded file. If successful, the new password file is active directly. A reset of the RTU500
series is not necessary, but all users are logged out and a re-login is required.

2.5.6 Password file harmonization


In normal operation mode all changes described in chapter "User Management" are automatically
distributed to all communication units and stored in the password file of each unit (no restart of the
RTU required).

In case of:

– Adding a new communication unit into the system


– Missing/faulty communication unit during the changes

the password file between different CMU's can became inconsistent.

In case the password file is inconsistent between different CMU's the RTU500 series goes into a
restricted mode. In this mode a login is possible but the only function available is the harmonization
of the password file. The harmonization of the password file requires administrator permissions.
In restricted mode the Web server shows after login without administrator permissions the error
message displayed below.

2-16 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Management
User Management

Figure 23: Error message administrator permissions required

ADVICE

Be sure to disable the advanced option "Show friendly HTTP error messages" if the Microsoft
Internet Explorer is used as Web client. Without this option the detailed error information of the
RTU500 series Web server are not shown. The option can be found in the "Advanced" tab of
the "Internet Options".

After login with administrator permission the RTU500 series Web Server shows the normal user
interface. But due to the restricted mode each function, besides the harmonization of the password
file, is locked. If a locked function is selected the Web server shows a corresponding error message,
like shown in the next figure.

Figure 24: Error message passwort file inconsistency

ABB AG - 1KGT 150 924 V001 1 | 2-17


Management RTU500 series Remote Terminal Unit
User Management

To start the password file harmonization the link "User Management", found under the menu item
"Management", must be selected (see figure below). When selected the user interface for the ac-
count management appears. The last tab (called "Harmonization") in the user interface is used for
the password file harmonization by authenticate all available CMU's. Due to the sensible information
in the authentication the following notice has to be considered.

ADVICE

The web pages of this functionality require secure HTTPS access. It is not possible to open the
web pages with standard HTTP access.

Figure 25: Web server menu user account management

Before a harmonization of the password file is possible, the authentication of the administration user
must be provided by the user for all detected CMU's. The provided authentications are compared
with authentications requested from the other CMU modules. Only if all authentications are correct
the password file can be harmonized and distributed to the other CMU modules.

The next figure shows an example for an RTU with 2 CMU's. For each detected CMU the rack and
slow address is shown. Furthermore there are input fields for user name, password and a button
to authenticate each CMU. A CMU is authenticated by typing a user account with administrator
permissions and selecting the button "Authenticate". A correct authenticated CMU is identified by
the check box on the right side.

Figure 26: Password file harmonization

2-18 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Management
Certificate Management

When all CMU's are authenticated the distribution of the password file is started by selecting the
button "Harmonize" at the top of the page. The harmonization distributes the password file of the
connected CMU to all other CMU's. The distribution within the RTU can take a few seconds. If the
distribution was successful, the harmonized password file is active directly. A reset of the RTU500
series is not necessary, but all users are logged out and a re-login is required.

2.6 Certificate Management


See chapter "External certificate".

2.7 System Help Page with pre-requisitions


A System Help Page is available, showing the pre-requisitions for the Web server of the RTU500
series.

Figure 27: System help page: navigation tiles

Figure 28: Page for general information and pre-requisitions

ABB AG - 1KGT 150 924 V001 1 | 2-19


Management RTU500 series Remote Terminal Unit
System Help Page with pre-requisitions

2-20 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Diagnostics
System Log

3 Diagnostics
3.1 System Log
The system log pages give information about the actual state of the RTU.

The logged information can be filtered in different areas (see "Fig. 30: System Log: General View"):

• All
• System
• Activies
• I/O boards
• Connected I/O devices

Figure 29: System Log: navigation tiles

ABB AG - 1KGT 150 924 V001 1 | 3-1


Diagnostics RTU500 series Remote Terminal Unit
System Event Status

Figure 30: System Log: General View

3.2 System Event Status


The state of the system is represented by 'System Events'.

To view the status of the system events in the RTU500 series Web server the link "System Event
Status" must be selected. This item can be found under the navigation tile "Diagnostics" as shown
in the figure below.

Figure 31: Web server menu system events

3-2 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Diagnostics
Hardware Tree

Figure 32: Displaying system events

3.3 Hardware Tree

3.3.1 General Overview

Figure 33: Hardware tree: navigation tiles

ABB AG - 1KGT 150 924 V001 1 | 3-3


Diagnostics RTU500 series Remote Terminal Unit
Hardware Tree

The Hardware tree page gives information about the configuration of the RTU and about the actual
values of the process objects according the configuration in RTUtil500 (see "Fig. 34: Hardware tree
pages").

The channel number, process object ID and the current value of the data point is shown in the right
window. The value and the status information is updated cyclically.

Figure 34: Hardware tree pages

The formerly functionality to perform any commands from this display directly to the connected pri-
mary process is obsolete and replaced by the TestMode functionality. Please see "Test & Simula-
tion" chapter.

3.3.2 Board Diagnosis


Select a communication unit in the hardware tree to get information about it's state.

Figure 35: State of a communication unit

3-4 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Diagnostics
Hardware Tree

Select a serial communication line, connected to a communication unit, to get static and dynamic
information about this line.

Figure 36: State of a serial communication line

ABB AG - 1KGT 150 924 V001 1 | 3-5


Diagnostics RTU500 series Remote Terminal Unit
Hardware Tree

3-6 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Test & Simulation
Enable Logging and Debugging

4 Test & Simulation


4.1 Enable Logging and Debugging
If one or more logging/debug interfaces are granted (see Chapter 2.5.1), the user with the necessary
privileges has to enable the logging/debug interface, before the function can be used.

Figure 37: Activation of Debugging Options

– Time administration test mode:


If this feature is enabled, the Time admistration dialog is enabled and it is possible to set the
RTU time manually
– Signal test mode:
If this feature is activted Signal can be simulated with the navigation frame items Input and Out-
put, Systemevent and system command and Security events.
– PLC online debugging:
If the PLC debugging feature is activated by one user, all other user, having this privilege, can
use this PLC debugging option of Multiprog wt. This feature must be enabled to get online
access between Multiprog wt and the RTU. The debugging option is 'disabled' again after a
restart of the RTU, and must be 'enabled' again.
– RIO protocol logging:
If this feature is enabled RIO protocol logging function together with the Comprotware CPTT
tool can be used.

ABB AG - 1KGT 150 924 V001 1 | 4-1


Test & Simulation RTU500 series Remote Terminal Unit
Time Administration

– IEC 61850 startup log:


If feature is enabled a detailed log of the IEC 61850 connections will be dumped to the internal
file system of the RTU
– PPP logging:
This logging functionality is helpful to handle startup and failure diagnostic for resolving Point to
Point Protocol issues. Two ring buffered logfiles are created: syslog and syslog.0 (each limited
to 256 KB). The PPP events logged to these files may be analyzed for failed negotioations be-
tween RTU and the other peers e.g. because of wrong password or other parameters.
– VPN/E1/E2 logging:
These options offer the functionality to capture packets on network interfaces between RTU
and remote destinations. All packets sent or received on the interfaces E1, E2 or VPN via PPP
are written to a pcap compatible file. That created file can be loaded into Wireshark, which in
turn allows analysis of the stream(s) sent and received on the monitored network interface. For
VPN this functionality is helpful to analyze failed IKE negotiations.

The developer debug interfaces shall only be activated on special request.

For support cases a system information file can be downloaded to a PC. This file is used by the
RTU support line to analyze the status of this RTU. The file includes all information visible in the Web
server in a condensed form and the generated PPP/VPN/E1/E2 debug output, so that the user can
investigate anomalous behavior during initialization and running of PPP/VPN connections between
RTU and remote peer.

4.2 Time Administration


To navigate to the Time Administration page, click on "Test & Simulation" and on "Time Administra-
tion" in the navigation frame. The Time Administartion page is shown below.

Figure 38: System Signaling, Time Administration

This feature is available:


– the user is connected to a CMU in the state 'Time Administration Master'
– the debugging option is generally enabled (see Chapter 2.5.1)

4-2 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Test & Simulation
General Overview: Test Mode

– the Time administration test mode is temporary enabled (see Chapter 4.1)
– the user has the privileges to perform commands (see Chapter 2.5.3)

The time can be set:


– manually or
– according to the client time of the connected PC

4.3 General Overview: Test Mode

4.3.1 Opening the user interface


If the Web server can be accessed, a button with name "Simulation & Test" can be observed. By
clicking the button an additional menu appears.

This feature is available:


– if the test modus is generally enabled (see Chapter 2.5.1, "Security Policies")
– if the Signal test mode is temporary enabled (see Chapter 4.1, "Enable Logging and Debug-
ging")
– if the user has the privileges to perform commands (see Chapter 2.5.3, "User Roles"). See step
1 in the figure below.
– if the test modus is not already open in second browser window on same PC or in browser
window in other session (by other user)

Following menu items refer to the different test mode views (see step 2 in figure below):
– Inputs and outputs (process data objects)
– System events and system commands
– Security Events

Figure 39: Test Mode user interface - inputs and outputs

4.4 Inputs and Outputs view - elements of the user interface

4.4.1 Signals grid


The central element of the user interface is a grid or table containing the signals which are configured
in the RTU500 series. The grid has eight columns and as many rows (each row representing a signal)
as it is selected by the user.

Figure 40: Control of the number of signals showed in the grid

ABB AG - 1KGT 150 924 V001 1 | 4-3


Test & Simulation RTU500 series Remote Terminal Unit
Inputs and Outputs view - elements of the user interface

Figure 41: Signals grid

The first three columns give the user the possibility of filtering the signals to be displayed in the
grid. From left to right, these columns are the following:
– Signal type:
The first column includes the type of signal. The user can filter signals by selecting a signal type
from the drop list at the bottom of the column or by writing in the search box at the top of the
column. For example, if the user writes "i", all signals whose type contains an "i" (SPI, DPI, STI,
etc.) will be filtered. If the user writes now "pi", both SPI and DPI signals will be filtered.
– Signal identifier:
This column contains the full name of each signal, including the names of the different levels of
the signal tree to which the signal belongs. The user can filter signals by writing partial names of
the signals (e.g. the name of a group in the signal tree). It is also possible to write multiple parts
of the signal identifier in order to filter the signals which contain all these part in their names.
Fig. 42 is an example of this kind of filtering.
– Signal source:
The third column contains the name of the sub-device (or local IO) to which each signal be-
longs. Similar to the first column, the user can both select a name from the drop list at the bot-
tom of the column and write the name (or part of it) in the search box at the top to filter the sig-
nals to be showed in the grid.

Figure 42: Example of filtering by signal identifier

At the top of the next to last column, there is a button called "Clear filter". By clicking on it, the user
clears all filters set in the three first columns of the grids.

4-4 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Test & Simulation
Inputs and Outputs view - elements of the user interface

The next three columns provide the dynamic information about the signal, i.e. its value and cause
of transmission. At the same time, they are also used by the user to specify the value (and cause
of transmission) with which the signals will be simulated. These columns are the following:
– Cause of transmission:
This column contains the cause of transmission with which the signal is sent. The possible val-
ues for each specific signal are listed in a drop list: SPONT (spontaneous), PERIOD (periodic),
BACKG (background), REQ (required), INTERROG (interrogated), RET_REM (returned by re-
mote command), RET_LOC (returned by local command), ACT (activation), ACT_CON (acti-
vation confirmation), DEACT (deactivation), DEACT_CON (deactivation confirmation) and AC-
T_TERM (activation termination).
The column includes a drop list with gray background at the bottom. If one of the options of
this gray drop list is selected, all drop lists in the column containing the same option will change
their selected option to the one specified at the bottom. (Fig. 43).

Figure 43: Example of using the bottom drop list selector


– Confirm:
For process commands (outputs; SCO, DCO, RCO, ASO, DSO, FSO and BSO), this column
includes the confirmation field of the cause of transmission. The two possible values are includ-
ed in a drop list: POS (positive confirmation) and NEG (negative confirmation). The column pos-
sesses another gray drop list at the bottom, whose function is the same described for the pre-
vious column.

ABB AG - 1KGT 150 924 V001 1 | 4-5


Test & Simulation RTU500 series Remote Terminal Unit
Inputs and Outputs view - elements of the user interface

– Value:
This column displays the value with which the signal is transmitted. For signals whose values
are predefined (SPI, DPI, SCO, DCO and RCO), the value is represented as the selected option
of a drop list. In contrast, for signals whose values are integers (ITI and STI), natural numbers
(BSI and BSO), normalized percentages (AMI, DMI, ASO and DSO) or floating-point numbers
(MFI and FSO), the value is contained in an input box.
The qualifiers that accompany the value of a signal can be observed and/or set by right clicking
on the cell where the value is contained. After the right click, a dialog is prompted with the cur-
rent qualifiers, and the user has the possibility of changing them (Fig. 44).

Figure 44: Qualifiers (right click on the Value column)

The gray drop list at the bottom of the column is similar to the ones in the two previous columns. It
has no effect on the input boxes contained in the column; it only affects the drop lists.

The two final columns contain the elements that trigger the simulation of signals: the next to last
column includes buttons to force the simulation, while the last column contains a checkbox for each
row to enable multiple sequential forcing.

Note that the simulate button and checkbox for input signals (SPI, DPI, STI, AMI, DMI, MFI, BSI and
ITI) are not visible until these signals are disconnected from process (see Chapter , "Disconnecting
signals in monitoring direction").

On the other hand, the simulation buttons and checkbox for output commands (SCO, DCO, RCO,
ASO, DSO, FSO and BSO) are always visible. These output signals possess two simulation buttons:
"Se" (to perform a command selection) and "Ex" (to perform a command execution). The buttons
also signalize the status of the command (selection or execution) by means of bold letters. For
example, in Fig. 45, the first command is an execution, while the second is a selection.

Figure 45: Selection - Execution

To simulate an input signal or to send an output command, the user has just to click on the "Simulate"
or "Se"/"Ex" button in the row of the appropriated signal. A green flash in the row confirms that the
signal has been forced into the RTU and transmitted to the host systems (Fig. 46). In fact, each time
that a spontaneous change happens in a signal, the green flash appears in the row and the value
and cause of transmission fields are updated.

4-6 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Test & Simulation
Inputs and Outputs view - elements of the user interface

Figure 46: Single forcing example

It is also possible to simulate a sequence of signals. The checkboxes in the last column are used
with this purpose. If the user selects multiple checkboxes in different rows (even in different pages
of the grid) and then clicks on any "Simulate", "Se" or "Ex" button, all the selected signals will be
simulated sequentially, from top to bottom (Fig. 47). The "All" button at the top of the column selects
(or deselects) all checkboxes in the current page of the grid.

Figure 47: Multiple forcing example

A dialog will be prompted before starting a multiple forcing (Fig. 48). This may avoid undesired
sequence simulation.

Figure 48: Multiple forcing dialog

4.4.2 Multiple simulation interval


It is possible to specify the time interval between each signal in a multiple simulation sequence. This
time span is defined by the user in seconds. An interval less than a second is also possible to be
defined (for instance "0.1" seconds).

4.4.3 STOP button


The user has the possibility to stop a running simulation sequence by clicking on the STOP button.
This action will also disable the Test Mode and set the RTU500 back in normal operation.

ABB AG - 1KGT 150 924 V001 1 | 4-7


Test & Simulation RTU500 series Remote Terminal Unit
Inputs and Outputs view - elements of the user interface

Figure 49: Simulation interval and STOP button

4.4.4 Control panel for process connection


In the upper right corner of the user interface, the control panel for process connection can be found.
Please notice that this element do not signalize any status, it just provides the option to proceed with
disconnection/reconnection of signals and to set the automatic simulation of command responses
and reactions.

The actions carried out in this control panel have only effect on the signals which are displayed at
that moment in the grid, and not on the rest of hidden signals.

In the control panel, the user can select to disconnect or reconnect signals, and in which direction
(monitoring, controlling or both). See figure Fig. 50 and figure Fig. 51 depict this:

Figure 50: Process connection - direction

Figure 51: Process connection - value

When the appropriate direction and value are selected, the user must click on the "Proceed" button
to apply the changes.

Disconnecting signals in monitoring direction

When a signal is disconnected from process in monitoring direction, the RTU500 will block that
object's inputs, not sending them to the host system and not updating the RTU500 database with
the real value of the signal.

In the following example (Fig. 52), a SPI signal which belongs to a sub-device has been disconnected
from process in monitoring direction. Updates in the SPI's real value are blocked and not sent to the
host systems. Instead, the user can simulate the signal by means of the Test Mode user interface.

4-8 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Test & Simulation
Inputs and Outputs view - elements of the user interface

Figure 52: Disconnecting signals in monitoring direction

Regarding the user interface, process information inputs (SPI, DPI, STI, AMI, DMI, MFI, BSI and
ITI) are shown in the signals grid without checkbox and "Simulate" button. Only when they are
disconnected from process, the button and checkbox appear, and the text in the row (signal type,
identifier and source) turns bold green.

Figure 53: Disconnection in monitoring direction (user interface)

Therefore, process information inputs whose text is bold green are signals which are disconnected
from process in monitoring direction. That is, these are signals which are being simulated, since their
current values do not correspond with the real physical values of those inputs.

Disconnecting signals in controlling direction

When a signal is disconnected from process in controlling direction, the RTU500 will block that
object's output commands, not sending them to the target local output board or sub-device. In
other words, the RTU500 blocks the physical execution of the output.

In the following example (Fig. 54), a SCO signal which belongs to a sub-device has been disconnect-
ed from process in controlling direction. Output commands sent by a host system to the SCO are
blocked by the RTU500 and not sent to the target-subdevice. Test Mode generates automatically a

ABB AG - 1KGT 150 924 V001 1 | 4-9


Test & Simulation RTU500 series Remote Terminal Unit
Inputs and Outputs view - elements of the user interface

response (positive or negative confirmation) to the command, and sends it to the host system. This
response is the same one that should be expected if the SCO would have not been disconnected
from process.

Figure 54: Disconnecting signals in controlling direction

From the host system's point of view, there is no difference in the process, since the command
output workflow remains the same as usual (a command response is generated by the RTU500
and sent back to the host system). However, the physical output is not executed in the sub-device
(or local output board).

Regarding the user interface, process command outputs (SCO, DCO, RCO, ASO, DSO, FSO and
BSO) are always shown in the signals grid with checkbox and "Se"/"Ex" buttons, since it is always
possible to send output commands locally from the user interface. If the signals are not disconnected
from process in controlling direction, these outputs commands will be physically executed.

When the process command outputs are disconnected from process the text in the row (signal type,
identifier and source) turns bold. From this moment on, the outputs are blocked and the command
responses are simulated.

Figure 55: Disconnection in controlling direction (user interface)

When at least one of the process command signals shown in the signals grid is disconnected from
process in controlling direction, an additional element appears in the control panel for process con-
nection (upper right corner of the user interface):

4-10 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Test & Simulation
Inputs and Outputs view - elements of the user interface

Figure 56: Control panel for process connection

In this second row of the panel, it is possible to set the automatic simulation of command responses
and command reactions (drop list "Type"):

Figure 57: Automatic simulation - type

The "Command response" option gives the user the possibility to pre-define the command response
(positive or negative confirmation) that the RTU500 sends back to host systems when a command
output to a disconnected from process (in controlling direction) signal is received. The user shall
select an option from the "Value" drop list and click on the "Apply" button.

Figure 58: Automatic simulation - command response

In the user interface, the text of the signals for which the automatic simulation of pre-defined com-
mand responses are set turns green. If the mouse pointer is placed over these rows, a tooltip shows
the value of the pre-defined command response (Fig. 59).

Figure 59: Setting automatic simulation of command responses

The second type of automatic simulation that the user can set in the control panel is "Command
reaction". This is the simulation of the process information signal defined by the user in RTUtil500 as
response indication for SCO and DCO objects (Process information parameter, SCO/DCO - General
parameters). That process information signal must have been disconnected from process as well
by the user.

The user shall select the value with which the command reaction is simulated (same or opposite value
to the output command's value) and, optionally, the delay in milliseconds between the command
response and the command reaction (Fig. 60). Finally, the button "Apply" must be clicked.

Figure 60: Automatic simulation - command reaction

ABB AG - 1KGT 150 924 V001 1 | 4-11


Test & Simulation RTU500 series Remote Terminal Unit
Inputs and Outputs view - elements of the user interface

Figure 61: Simulation of command reaction - delay parameter

In the user interface, the text of the output command signals whose command reactions are being
automatically simulated becomes italic.

Figure 62: Setting automatic simulation of command reactions

Disconnecting signals in both directions

It is possible for the user to select the disconnection of the signals shown in the signal grid in "Both"
directions.

Figure 63: Process connection - "Both" direction

When this option is chosen (with value set to "Disconnect" and after clicking on "Proceed"), the
process information inputs shown in the signals grid are disconnected from process in monitoring
direction, while the process command outputs are disconnected in controlling direction. The behav-
ior is the same described in Chapter , "Disconnecting signals in monitoring direction" and Chapter ,
"Disconnecting signals in controlling direction".

4-12 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Test & Simulation
Inputs and Outputs view - elements of the user interface

Figure 64: Disconnection in both directions

Regarding the user interface, the visualization of the rows containing the disconnected signals
change in the same way described previously: the text corresponding to process information inputs
turns bold and green (and the "Simulate" buttons appear), while the one corresponding to process
command outputs becomes bold.

Figure 65: Disconnection in both directions (user interface)

If at least one of the signals shown in the signals grid is a process command output, after discon-
necting signals in "Both" connections, the control panel will show the option to set automatic sim-
ulation, as explained in Chapter , "Disconnecting signals in controlling direction".

Reconnecting signals

To reconnect signals means to stop blocking inputs or outputs which had been previously discon-
nected from process.

Figure 66: Process reconnection

ABB AG - 1KGT 150 924 V001 1 | 4-13


Test & Simulation RTU500 series Remote Terminal Unit
Inputs and Outputs view - elements of the user interface

Besides, when a process information input (SPI, DPI, STI, AMI, DMI, MFI, BSI and ITI) is reconnected
in monitoring direction, Test Mode updates the RTU500 database with the current real value of the
signal. The host systems receive this data update as well, and the Test Mode user interface displays
the signal's real value as well.

Figure 67: Reconnection in both directions

Regarding the visualization of the signals in the Test Mode user interface, the reconnected signals are
displayed with normal text again (no longer bold and/or green). The "Simulate" button and check-
boxes disappear for process information inputs, since it is not possible to simulate an input if the
signal is not disconnected from process.

Figure 68: Reconnection in both directions (user interface)

4.4.5 Status indicator


The indicator in the upper left corner of the user interface displays the number of signals that are
currently disconnected from process, that is, the number of signals which are being simulated. The
indicator is independent of the signals that are currently displayed in the signals grid; it counts the
total number of signals disconnected from process.

If the number of simulated signals is zero, the indicator is black (Fig. 69).

Figure 69: No signals simulated

4-14 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Test & Simulation
Inputs and Outputs view - elements of the user interface

If one or more signals are disconnected from process, the amount of them is displayed in the indi-
cator, whose color turns green (Fig. 70).

Figure 70: Several signals simulated

If the mouse pointer is placed over the indicator, a tooltip shows the number of signals that are
disconnected in monitoring and controlling direction (Fig. 71).

Figure 71: Several signals simulated - extended information

4.4.6 Log file download link


The "Download log file" link at the bottom of the user interface triggers the download of a text file.
This file includes all input simulations and output commands generated by the user in the current
session of the user interface. When the user interface is closed, the log file is emptied.

Figure 72: Download of the text file

Each time the link is clicked a new text file will be generated, containing all logs since the beginning
of the session.

4.5 SEV and SSC view - Elements of the user interface

4.5.1 Signals grid


The signal grid, like in the Inputs and Outputs view, is central element of the user interface in the
SEV and SSC view. For this reason, please read Chapter 4.4.1 carefully.

In this view's grid, there are two new columns: "ID" and "Description". They substitute the "Signal
Identifier" column from the Inputs and Outputs view. Their purpose is to help the user to filter the
signals properly. The rest of the columns and their functionality remains the same as explained in
Chapter 4.4.1

4.5.2 Input for multiple simulation interval


See Chapter 4.4.2.

ABB AG - 1KGT 150 924 V001 1 | 4-15


Test & Simulation RTU500 series Remote Terminal Unit
SEV and SSC view - Elements of the user interface

4.5.3 STOP button


See Chapter 4.4.3.

4.5.4 Control panel for process connection


This control panel is the same explained in Chapter 4.4.4.

From the point of view of process disconnection, SEV are treated in the same way that process
information inputs (SPI, DPI, STI, AMI, DMI, MFI, BSI and ITI). That is, they are disconnected in
monitoring direction.

On the other hand, SSC are treated in the same manner as process command outputs (SCO, DCO,
RCO, ASO, DSO, FSO and BSO). They are disconnected in controlling direction. Note that automatic
simulation of pre-defined command responses and command reactions are not allowed here.

4.5.5 Status indicator


See Chapter 4.4.5.

4.5.6 Log file download link


See Chapter 4.4.6.

4.6 Security Events view - elements of the user interface

4.6.1 Signals grid


The signal grid, like in the other two views, is central element of the user interface in the Security
events view. For this reason, please read Chapter 4.4.1 carefully.

In this view's grid, the three first column help the user to filter the appropriate signals, while the two
last ones trigger the simulation. As the security events have no value or cause of transmission, this
grid has not such columns.

4.6.2 Input for multiple simulation interval


See chapter Chapter 4.4.2.

4.6.3 STOP button


See chapter Chapter 4.4.3.

4-16 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Test & Simulation
Security Events view - elements of the user interface

4.6.4 Log file download link


See chapter Chapter 4.4.6.

ABB AG - 1KGT 150 924 V001 1 | 4-17


Test & Simulation RTU500 series Remote Terminal Unit
Security Events view - elements of the user interface

4-18 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Operation
Starting the Integrated HMI

5 Operation
5.1 Starting the Integrated HMI
The Integrated HMI can be started directly from the navigation tile (see below) or from the 'Hardware
Tree'. This feature is only available, if an 'Integrated HMI' is configured.

Figure 73: Starting the Integrated HMI

Before an HMI application can be started, the following files must be uploaded to the RTU:
• HMILib.jar (using the Firmware File Manager (see chapter Chapter 2.2))
• HMILibInterface.jar (using the Firmware File Manager (see chapter Chapter 2.2))
• HMI Application (using the Configuration File Manager (see chapter Chapter 2.1))

This feature is available:


– an 'Integrated HMI' is configured.
– the user has the privileges to use the integrated HMI (see chapter Chapter 2.5.3)

5.2 General Overview: Archives


Archives are stored on the memory card of a communication unit. RTU500 series supports follow-
ing archives:
– Process Archives (see Chapter 5.3, "Process Archives")
– File Archives (see Chapter 5.4, "File Archive")
– Security Event Archive (see Chapter 5.5, "Security Event Archive")

The archive size can be configured with RTUtil500 [2].

ABB AG - 1KGT 150 924 V001 1 | 5-1


Operation RTU500 series Remote Terminal Unit
Process Archives

Figure 74: Archive Configuration in RTUtil500

One page of a list shows in maximum 50 events. To navigate inside the archive lists there are sev-
eral buttons above the list. The buttons have the following meanings (from left to right):

Go to end of the list to show the newest entries.

To scroll one page forward in the list (towards newer entries).

To scroll one page backward in the list (towards older entries).

Go to beginning of the list to show the oldest entries.

Download the complete list in predefined CSV format to the PC.

5.3 Process Archives


Process archives are available for:

• Events and Indications


• Measurements
• Pulse Counter Values

5-2 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Operation
File Archive

Figure 75: Events and Indications

5.4 File Archive


Within RTU500 series Webserver there is an own page for the file archive. This page shows the files
in a variable structure, configurable by the user. This page is also used for the file transfer of the
files to the workplace PC.

Figure 76: File Archive: navigation tiles

ABB AG - 1KGT 150 924 V001 1 | 5-3


Operation RTU500 series Remote Terminal Unit
Security Event Archive

Figure 77: File archive: root directory

Figure 78: File archive: load file

Navigation and file download:


– Click on the folder to navigate between the different folders
– Click on a file to load the file to the PC.

The RTU does no conversion of the format of the files in the archives. The file format depends on the
format provided by the IED. Different conversion routines are provided on request. For more details
see RTU500 series function description - part 7: archive functions (1KGT 150 946)

5.5 Security Event Archive


The archive for security events stores all user actions, which are relevant for the security of the
RTU500 series. For more information about security features see [1].

To view the security event archive in the RTU500 series Web server the link "Security Archive" must
be selected. This link can be found under the menu item "Operation" as shown in the figure below.

5-4 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Operation
Security Event Archive

Figure 79: Web server menu security archive

One page of the security event list shows in maximum 50 events. An example of the event archive
is shown in the next figure.

Figure 80: Displaying security event archive

To navigate inside the list there are several buttons above the list. The buttons have the following
meanings (from left to right):


Go to end of the security event list to show the newest entries.

To scroll one page forward in the event list (towards newer entries).

To scroll one page backward in the event list (towards older entries).

Go to beginning of the security event list to show the oldest entries.

Download complete security event list in predefined CSV format.

ABB AG - 1KGT 150 924 V001 1 | 5-5


Operation RTU500 series Remote Terminal Unit
Security Event Archive

For displaying and downloading of the security event list the following definitions apply:

• For each security event an event text is shown. The text depends on the specific event id and
is in the language selected for the whole RTU500 series Web server. To change the event text,
the text must be modified in the language file of the Web server (like the other texts in the Web
server as well).
• All time stamps of the security events are shown in local time (local time zone) as defined for
the whole RTU.
• When downloading the security event list the resulting CSV file contains the events in the same
format and language as shown in the Web server display. This applies as well for the time
stamps that are in local time.
• The size of the security event archive is configurable in RTUtil500. If the configured limit is
reached the oldest security events in the archive are overwritten, when new events occur.

For more information about the localization support see chapter "Language Management". For de-
tailed information about the available security event archive limits please refer to the RTU500 series
Security Deployment Guideline [1].

5-6 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Engineering
Use case 1: Pre-configured RTU520

6 Engineering
6.1 Use case 1: Pre-configured RTU520

RTUl500

RTU520 storage

Figure 81: Use case 1: Pre-configured RTU520

With this engineering use case the RTU520 is preconfigured with RTUtil500. Within the RTUtil500
configuration several parameters can be defined as online engineering parameters. These parame-
ters must then be configured via the Web server. For more details please referr to the demonstration
video: Web server engineering: Pre-configured RTU520.

This feature is available:


– for RTU520
– if a base configuration file generated by RTUtil500 with pre-configuration is loaded to the RTU
(see Chapter 2.1)
– the online parameter change is generally enabled (see Chapter 2.5.1)
– the user has the privileges to do online parameter changes (see Chapter 2.5.3)

ABB AG - 1KGT 150 924 V001 1 | 6-1


Engineering RTU500 series Remote Terminal Unit
Use case 2: RTU520 online configuration

6.2 Use case 2: RTU520 online configuration

Web Applicaon

Figure 82: RTU520 online configuration

With this use case the complete RTU520 configuration will be done via the Web server, without
using RTUtil560. For more details please referr to the demonstration video: Web server engineering:
RTU520 easy engineering.

This feature is available:


– for RTU520
– if no configuration file generated by RTUtil500 is active (see Chapter 2.1)
– the online configuration change is generally enabled (see Chapter 2.5.1)
– the user has the privileges to do online configuration (see Chapter 2.5.3)

Parameter name Default Parameter location

Station preconfigurable disabled RTU - Parameters

only pre-configuration is done via RTUtil500.


Final parameter setting with RTU Web server

Figure 83: RTUtil560 configuration parameter: Station preconfigurable

6-2 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Engineering
Use case 2: RTU520 online configuration

Figure 84: RTUtil500 window for preconfiguration

ABB AG - 1KGT 150 924 V001 1 | 6-3


Engineering RTU500 series Remote Terminal Unit
Use case 2: RTU520 online configuration

6-4 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Secure Web Server Access
RTUtil500 configuration

7 Secure Web Server Access


For secure access, the RTU500 series Web server supports Hypertext Transfer Protocol Secure
(HTTPS). HTTPS is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to
provide encryption and secure identification of the server. Detailed information about HTTPS could
be found in RFC2818 “HTTP Over TLS”.

For the identification the RTU500 series Web server uses as default self-signed public key certificates
not issued by a certification authority (CA). The default self-signed certificates are created at startup
depending on the configuration. In addition the RTU500 series Web server supports the upload of
external generated HTTPs certficates. This allows to use trusted certificates issued by a certification
authority (CA).

Client authentication with user certificates is not supported by the RTU500 series. The authentication
of the user is ensured by a user name and a password.

ADVICE

For security reasons, the web client has to be closed after each working session. This prevents
the usage of supplied user names and passwords by unauthorized persons.

The following chapters describe configuration, access and certificate handling for the secured
RTU500 series Web server.

7.1 RTUtil500 configuration


The configuration parameters for the Web server access are defined for each CMU respectively
Ethernet interface within an RTU. The following parameters are configurable within RTUtil500:

• Option to disable the Web server on selected Ethernet interfaces. This is possible in single and
multiple CMU systems. The Web server must be enabled on at least one Ethernet interface to
be able to access the RTU at all. The Web server is enabled on all Ethernet interfaces by de-
fault.
• Option to secure the Web server access with HTTPS. This option can be selected on each
CMU. The HTTPS option is enabled by default
• Define the authentication type for the secure Web server. Possible are the default self-signed
certificate or an uploaded external certificate stored in the certificate store of the CMU.
• Set an entry in the certificate store of the CMU to upload external HTTPS certificates for the
Web server authentication.

In RTUtil500 the option to disable the Web server is placed at the CMU in the configuration tab of the
Ethernet interface, e.g." E1" (Hardware tree only). The figure below shows the option in the RTUtil500
user interface. The Web server is disabled by deselecting the checkbox "Enable Web server".

ABB AG - 1KGT 150 924 V001 1 | 7-1


Secure Web Server Access RTU500 series Remote Terminal Unit
RTUtil500 configuration

Figure 85: RTUtil500 Ethernet interface Web server parameter

As shown in the next figure, the configuration parameters related to the secure Web server are
located in the "General" tap at a CMU module (Hardware tree only). To secure the RTU500 series
Web server with a self-signed certificate follows these steps:

1 Select the checkbox "Secure HTTPS Web server".


2 Select the option "Self-created and self-signed certificate" in the drop-down menu "Web-server
authentication" (shall be pre-selected).

Figure 86: RTUtil500 secure Web server parameter

For the usage of an external HTTPS certificate, the certificate store has to be configured at first.
That means an entry has to be added to the certificate store representing the certificate used for
the Web server authentication. The certificate store configuration opens by pressing the button
"Configuration" shown in the figure above (near the text "Certificate Storage"). When selected a
dialog appears with several entries for certificates. Each entry represents a certificate that shall be
transferred to the CMU. To add a certificate, select the check box at the entry number and give the
entry a descriptive name. An example of the certificate store configuration is shown in the figure
below.

7-2 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Secure Web Server Access
HTTPS Web server access

Figure 87: RTUtil500 certificate store

Together with the certificate store the steps to secure the RTU500 series Web server with an external
certificate are:

1 Configure an entry in the certificate store representing the external certificate to upload. Give
the entry a descriptive name like "Web server certificate".
2 Select the checkbox "Secure HTTPS Web server".
3 Select in the drop-down menu "Web-server authentication" the certificate from the store. Here
the name given in the first step is selected.
4 Upload the external HTTPS certificate via the RTU500 series Web server.

Further information about the upload of external HTTPS certificates can be found in chapter "External
certificate".

7.2 HTTPS Web server access


To access the RTU500 series Web server via HTTPS the URL given in the Web client must begin
with “https://” followed by the IP address of the RTU. The following figure shows an example.

ABB AG - 1KGT 150 924 V001 1 | 7-3


Secure Web Server Access RTU500 series Remote Terminal Unit
Certificate handling

Figure 88: HTTPS access to an RTU Web server

The default Web server certificates used by the RTU500 series are self-signed and not issued by
a certification authority (CA). As result an actual web client shows a warning messages concerning
the missing CA, if the Web server is accessed with HTTPS. To avoid this warning message a trusted
external certificate must be configured and uploaded to the RTU500 series.

If the Web server is configured for HTTPS a standard access is not possible anymore. In case of
a standard access the Web server redirects the access to the secure pages of the RTU500 series
Web server.

If the Web server is not configured for HTTPS, a secure access is possible as well. There are no
restrictions in this case besides the possible warning message from the self-signed certificate.

See chapter "RTUtil500 configuration" for configuration and chapter "External certificate" for upload
of external certificates.

7.3 Certificate handling


For encryption and secure identification HTTPS uses public key certificates that bind together a
public key with an identity (information such as the name of an organization, their address and so
on). The certificate is used to verify that a public key belongs to an identity. In case of HTTPS the
Web server presents the certificate to the web client giving the client the public key and the identity
of the server.

This requires for the RTU a public/private key pair and a corresponding public key certificate. There
are two possibilities for this purpose. First the self-signed certificates generated by the RTU500
series firmware can be used or a trusted, extern generated certificate can be uploaded to the RTU.
When uploading, a certificate must be available for each CMU because the Web server can be
accessed on any CMU. Further information about the self-signed and extern generated certificates
can be found in the following two chapters.

7.3.1 Self-signed certificate


In the default setup the RTU500 series Web server uses self-generated and self-signed public key
certificates for encryption and secure identification. As explained above the certificate consists of a
public/private key pair and an identity information. The key pair and the certificate are generated by
the RTU firmware and stored in the internal flash of the CMU (not on the memory card).

7-4 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Secure Web Server Access
Certificate handling

The certificate contains HTTPS protocol specific information like the public key and identity informa-
tion. The identity information are set as follows.

• The identity information like country, locality and organization name are predefined to the ABB
AG, Mannheim, Germany. These cannot be changed.
• The common name of the identity is set to the configured IP address of the CMU Ethernet in-
terface E1. The common name represents the host name (server name) the web client uses to
access the Web server. In case the configuration of the IP address changes a new certificate is
generated and stored in the internal flash (overwrites the existing one).
• In subject alternative name the IP address of the Ethernet interface E1 and the USB interface
are defined. This allows the secure HTTPS access via USB as well.
• The serial number of the certificate is set to 1 for the first created certificate and increased
every time a new certificate is generated due to a configuration change.
• The expiration date of the certificate is set the 1. January 2070.

7.3.2 External certificate


The RTU500 series supports the usage of external generated and signed public-key certificates for
the encryption and secure identification of the Web server. These certificates can be uploaded to
the RTU500 series via the Web server. When creating an end-entity certificate for the RTU500 series
Web server the following issues shall be considered:

• The generated end-entity server certificate shall be signed and issued by a trusted root or inter-
mediate certificate. This avoids any warning messages in the Web client when accessing the
RTU500 series Web server via HTTPS.
• For a correct end-entity Web server certificate the attribute "keyUsage" must contain the en-
cryption values "keyEncipherment" and "dataEncipherment", at least. And the attribute "ex-
tendedKeyUsage" must contain the server authentication value "serverAuth".
• The common name of the certificate identity must not be set to an IP address used in the RTU.
It is sufficient to set the attribute "IP Address" in the subject alternative name to an used IP ad-
dress. Depending on the policies in your organization setting the attribute "DNS Name" might
be necessary as well..
• To use the same certificate for several CMU's or RTU's a list of IP addresses and DNS names
can be defined in the subject alternative name.
• The generated certificate must contain the public/private key pair of the end-entity certificate
and the whole certificate chain, including root and intermediate certificates.
• For uploading the generated certificate must be stored in PKCS#12 format with the file ending
".p12".

The upload of an external generated certificate is done via the RTU500 series Web server. In the
Web server menu the link "Certificate Management" is the entry point for the certificate upload. This
link can be found under the menu item "Management" as shown in the figure below. Due to the
sensible information in the certificate upload the following notice has to be considered.

ADVICE

The web pages of this functionality require secure HTTPS access. It is not possible to open the
web pages with standard HTTP access.

ABB AG - 1KGT 150 924 V001 1 | 7-5


Secure Web Server Access RTU500 series Remote Terminal Unit
Certificate handling

Figure 89: Web server menu certificate management

The shown link starts the user interface for the certificate upload. In the user interface are two areas.
The upper area contains the certificates actually uploaded to the RTU500 series and the lower area
controls the upload. The following figure shows this user interface. As there is no trusted, external
certificate is uploaded in the example figure, a certificate error is shown as explained in chapter
above.

Figure 90: Certificate management user interface

To upload a certificate the following steps has to be executed in the lower area of the user interface:

7-6 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Secure Web Server Access
Certificate handling

1 Select the description of the certificate to upload in the column "Certificate description". In the
selection all in RTUtil500 configured entries of the certificate store appear. The selection text is
the descriptive name set in RTUtil500 as explained in chapter about the RTUtil500 configura-
tion.
2 Select a certificate file by dropping the file on the lower area or by using the file open dialog that
appears when clicked with the mouse. The certificate file must be in PKCS#12 format with the
file ending ".p12".
3 Enter the private key passphrase by pressing the lock symbol on the left side. When pressed a
dialog appears to enter the passphrase. The passphrase is used to decrypt the private key of
the certificate after the upload. For storing on the memory card the private key is re-encrypted
with a memory card specific key. The enter passphrase is not stored on the RTU500 series.

When all steps are finished the certificate can be uploaded by pressing the upload button (see figure
below). The upload button appears not before all required information are set.

Figure 91: Start certificate upload

When the upload is finished the RTU500 series has to be restarted to activate the certificate. It may
be necessary to restart the Web client as well, to recognize the new certificate in the client. After a
successful upload and restart the certificate management looks like shown in the next figure. The
upper area contains now the information about the uploaded certificate and the certificate error due
to the missing CA is not shown anymore.

ABB AG - 1KGT 150 924 V001 1 | 7-7


Secure Web Server Access RTU500 series Remote Terminal Unit
Certificate handling

Figure 92: Certificate upload successfully finished

For certificate generation SDM600 is recommended (System Data Manager SDM600 - User Manual).

7-8 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit PPP Installation
Windows 7

8 PPP Installation

8.1 Windows 7
Before starting the installation, be sure that the current user has administrator rights in the Windows
7 operating system. These rights are needed to install new software on the computer.

To create and establish a PPP connection to an RTU, select Start > Control Panel > Network and
Sharing Center.

Figure 93: Network and Sharing Center

Select Set up a new connection or network.

ABB AG - 1KGT 150 924 V001 1 | 8-1


PPP Installation RTU500 series Remote Terminal Unit
Windows 7

Figure 94: Connection options

Choose the connection option Set up a dial-up connection.

Figure 95: Device selection

Select the device e.g. Communications cable between two computers #2.

8-2 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit PPP Installation
Windows 7

Figure 96: Create a Dial-up Connection (1)

Fill in an arbitrary Dial-up phone number to enable Connect. However, there is no option for Direct
Serial Cable Connection on this dialog. Enter a suitable Connection name.

Figure 97: Create a Dial-up Connection (2)

Select Set up the connection anyway.

To configure the PPP connection, select Start > Control Panel > Network and Sharing Center
> Change adapter settings.

ABB AG - 1KGT 150 924 V001 1 | 8-3


PPP Installation RTU500 series Remote Terminal Unit
Windows 7

Figure 98: Dial-up Connection Properties (1)

Right-click on the connection created from the previous steps and click Properties.

Figure 99: Dial-up Connection Properties (2)

Remove the Phone number and verify below Connect using Communication cable between two
computers with correct COM port is activated. Click Configure….

8-4 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit PPP Installation
Windows 7

Figure 100: Modem Configuration

For the Maximum speed (bps), select 38400 from the drop-down list.

Select the Options tab.

Figure 101: Options

Deactivate Prompt for phone number and click PPP Settings….

ABB AG - 1KGT 150 924 V001 1 | 8-5


PPP Installation RTU500 series Remote Terminal Unit
Windows 7

Figure 102: PPP Settings

Uncheck all three settings.

Select the Security tab.

Figure 103: Security

Enable the settings from the figure above.

Select the Networking tab.

8-6 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit PPP Installation
Windows 7

Figure 104: Networking

Enable the settings from the figure above and click Advanced….

Select the IP Settings tab.

Figure 105: Advanced TCP/IP Settings

Use the settings from the figure above.

The new connection is available now.

ABB AG - 1KGT 150 924 V001 1 | 8-7


PPP Installation RTU500 series Remote Terminal Unit
Windows 7

From Start > Control Panel > Network and Sharing Center > Change adapter settings select
Connect from context menu for the new connection.

Figure 106: Connect dialog (1)

Figure 107: Connect dialog (2)

If authentication is configured in the RTU enter User name and Password and click Dial.

If the connection to the RTU is established, start the Internet Explorer without using a proxy server
or bypass the proxy server for configured RTU IP address from Tools > Internet Options > Con-
nections > LAN settings.

8-8 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit USB RNDIS Driver Installation
Windows 7

9 USB RNDIS Driver Installation


The Remote Network Driver Interface Specification (RNDIS) is a Microsoft proprietary protocol used
on top of USB. It provides a virtual Ethernet link to most versions of the Windows operating system.

The USB interface on the CMU modules works as USB RNDIS target device. RNDIS host is a
Windows 7 computer. RNDIS interface’s IP address on the RTU is 169.254.0.10. The USB RNDIS
Device running on Windows host can get IP settings assigned automatically from the "link local"
block 169.254.0.0/16 (APIPA - Automatic Private IP Addressing). As described in RFC3927, it is
allocated for communication between hosts on a single link. The Windows host can obtain this
address by auto-configuration. The alternative to assign manually the IP address 169.254.0.1 on
Windows 7 host is described below.

If firewall is used on Windows 7 computer, please adjust firewall settings to allow communications
via the RNDIS interface. Subnet mask is 255.255.0.0.

The RNDIS driver is part of the Windows 7 installation, but you need to tell to the system where
it can find it. Before starting the driver installation, be sure that the current user has administrator
rights in the Windows 7 operating system. These rights are needed to install new driver software
on the computer.

This chapter describes how to install software for USB RNDIS device and setup the network interface
on Windows 7.

9.1 Windows 7
Install RTUtil500 Version 11.0.1.0 or higher.

Connect the running RTU and the Windows 7 machine via USB cable. As soon as the RTU is
detected the Windows 7 operating system will try to automatically find a driver for it, but fails.

The Windows 7 machine detects the new USB RNDIS Target Device and prompts you to install it.
The following dialog box "Driver Software Installation" appears. Select the “Close” button.

Figure 108: Driver Software Installation

ABB AG - 1KGT 150 924 V001 1 | 9-1


USB RNDIS Driver Installation RTU500 series Remote Terminal Unit
Windows 7

Launch the "Device Manager" management console (Start / Run / devmgmt.msc) or go to the
computer management console (right click on “My Computer” and choose “Manage” and open
device manager.

The USB RNDIS Target Device is marked with an exclamation mark to point out that its driver is
not running.

Figure 109: Device Manager

Right click on USB RNDIS Target Device and choose “Update Driver” from context menu. You
will be prompted with the driver selection wizard.

Answer the question "How do you want to search for driver software?". Select the option "Browse
my computer for driver software".

9-2 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit USB RNDIS Driver Installation
Windows 7

Figure 110: Update Driver Software (Step 1)

You will be prompted with the driver selection dialog. In this dialog click the ”Browse…” button
and select the folder that contains the USB RNDIS driver information file for RTU hardware (wrs_us-
b_rndis.inf):

C:\Program Files (x86)\ABB\RTUtil500_11_0_1_0\usb and click “Next >”.

ABB AG - 1KGT 150 924 V001 1 | 9-3


USB RNDIS Driver Installation RTU500 series Remote Terminal Unit
Windows 7

Figure 111: Update Driver Software (Step 2)

Answer the security warning "Windows can’t verify the publisher of this driver software". Select the
option "Install this driver software anyway".

Figure 112: Update Driver Software (Step 3)

The installation wizard will finish the installation and notify you upon complete. Click the “Close”
button to exit the installation wizard.

9-4 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit USB RNDIS Driver Installation
Windows 7

Figure 113: Update Driver Software (Completion)

The USB RNDIS device is now installed on the Windows 7 machine. RNDIS emulates a network
connection. A new network adapter is displayed in the Device Manager management console.

Figure 114: Device Manager

Launch the "Network Connections" control panel (Start / Run / ncpa.cpl)

ABB AG - 1KGT 150 924 V001 1 | 9-5


USB RNDIS Driver Installation RTU500 series Remote Terminal Unit
Windows 7

There is a new network connection named "USB Remote NDIS Device".

Figure 115: Network Connections - Control Panel

Per default a local IP address is obtained automatically for the USB RNDIS device.

Alternatively it’s possible to assign manually the IP address 169.254.0.1 on Windows 7 host. The
Internet Protocol (TCP/IP) Properties dialog is used to set a static IP address for the new con-
nection. Select context menu for the new Local Area Connection / Properties / Internet Protocol
Version 4 (TCP/IPv4) / Properties

Select the option "Use the following IP address" and enter:

IP address: 169.254.0.1

Subnet mask: 255.255.0.0

9-6 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit USB RNDIS Driver Installation
Windows 7

Figure 116: Internet Protocol Version 4 (TCP/IPv4) Properties

Select “OK” and “Close” buttons. The USB RNDIS device is now configured on the Windows 7
machine and is available for use.

The new network interface on the RTU is configured automatically with the IP address 169.254.0.10.
That means different IP addresses in the same subnet are configured on each side and communi-
cation can be started. The result is the same as creating two network devices and giving one to the
RTU and one to the Windows 7 machine.

From Windows 7 machine try to verify the connection to the RTU:

ping 169.254.0.10

Successful pings should be displayed.

Launch web browser with URL (If necessary bypass proxy server.):

http://169.254.0.10

When the USB RNDIS device is up and running you will be able to use it as you do with devices
with a “regular” Ethernet connection to the RTU.

ABB AG - 1KGT 150 924 V001 1 | 9-7


USB RNDIS Driver Installation RTU500 series Remote Terminal Unit
Windows 7

9-8 | 1KGT 150 924 V001 1 - ABB AG


RTU500 series Remote Terminal Unit Glossary

10 Glossary
AMI Analog Measured value Input

ASO Analog Setpoint command Output

BSI Bit String Input

BSO Bit String Output

CMU Communication and Data Processing Unit

DCO Double Command Output

DMI Digital Measured value Input (8, 16 bit)

DPI Double Point Input

DSO Digital Setpoint command Output (8, 16 bit)

FSO Floating Setpoint Command Output

IED Intelligent Electronic Device

ITI Integrated Totals Input

MFI Analog Measured value Floating Input

PLC Programmable Logic Control

PPP Point to Point Protocol

RCD RTU Configuration Data

RCO Regulation step Command Output

RTU Remote Terminal Unit

SCO Single Command Output

SEV System Event

SPI Single Point Input or Single point information

SSC System Single Command

STI Step position Input

USB Universal Serial Bus

VPN Virtual Private Network

ABB AG - 1KGT 150 924 V001 1 | 10-1


  RTU500 series Remote Terminal Unit

Note:

The specifications, data, design or other information contained in this document (the “Brochure”)
- together: the “Information” - shall only be for information purposes and shall in no respect be
binding. The Brochure does not claim to be exhaustive. Technical data in the Information are only
approximate figures. We reserve the right at any time to make technical changes or modify the
contents of this document without prior notice. The user shall be solely responsible for the use of
any application example or information described within this document. The described examples
and solutions are examples only and do not represent any comprehensive or complete solution. The
user shall determine at its sole discretion, or as the case may be, customize, program or add value
to the ABB products including software by creating solutions for the end customer and to assess
whether and to what extent the products are suitable and need to be adjusted or customized.

This product is designed to be connected to and to communicate information and data via a network
interface. It is the users sole responsibility to provide and continuously ensure a secure connection
between the product and users or end customers network or any other network (as the case may
be). The user shall establish and maintain any appropriate measures (such as but not limited to
the installation of firewalls, application of authentication measures, encryption of data, installation of
anti-virus programs, etc) to protect the product, the network, its system and the interface against any
kind of security breaches, unauthorized access, interference, intrusion, leakage and/or theft of data
or information. ABB AG is not liable for any damages and/or losses related to such security breaches,
any unauthorized access, interference, intrusion, leakage and/or theft of data or information.

ABB AG shall be under no warranty whatsoever whether express or implied and assumes no re-
sponsibility for the information contained in this document or for any errors that may appear in this
document. ABB AG's liability under or in connection with this Brochure or the files included within
the Brochure, irrespective of the legal ground towards any person or entity, to which the Brochure
has been made available, in view of any damages including costs or losses shall be excluded. In
particular ABB AG shall in no event be liable for any indirect, consequential or special damages,
such as – but not limited to – loss of profit, loss of production, loss of revenue, loss of data, loss
of use, loss of earnings, cost of capital or cost connected with an interruption of business or oper-
ation, third party claims. The exclusion of liability shall not apply in the case of intention or gross
negligence. The present declaration shall be governed by and construed in accordance with the
laws of Switzerland under exclusion of its conflict of laws rules and of the Vienna Convention on the
International Sale of Goods (CISG).

ABB AG reserves all rights in particular copyrights and other intellectual property rights. Any repro-
duction, disclosure to third parties or utilization of its contents - in whole or in part - is not permitted
without the prior written consent of ABB AG.

© Copyright ABB 2017

All rights reserved

2 | 1KGT 150 924 V001 1 - ABB AG

Das könnte Ihnen auch gefallen