Danfoss MCX15B2, MCX20B2 User guide

User Guide

MCX15B2/MCX20B2

Programmable controller

Ver 1.10

ADAP-KOOL® Refrigeration Control System

www.danfoss.com

User Guide | MCX15B2/MCX20B2, Programmable controller

Contents

1. Overview .......................................................................................................................................................................................3

2. Login ....................................................................................................................................................................................... 3

3. Conﬁguration ................................................................................................................................................................................. 3

3.1 First time conﬁguration......................................................................................................................................................3

3.2 Settings .................................................................................................................................................................................... 4

3.2.1 Site name & localization settings ...................................................................................................................... 4

3.2.2 Network Settings ..................................................................................................................................................... 5

3.2.3 Date and Time acquisition mode ......................................................................................................................6

3.2.4 Email notiﬁcations .................................................................................................................................................. 6

3.2.4.1 Gmail conﬁguration ............................................................................................................................................ 7

3.2.5 History ......................................................................................................................................................................... 7

3.2.6 System Overview ..................................................................................................................................................... 7

3.2.7 FTP ................................................................................................................................................................................ 7

3.2.8 Modbus TCP .............................................................................................................................................................. 7

3.2.9 Syslog .......................................................................................................................................................................... 7

3.2.10 Security ....................................................................................................................................................................... 8

3.2.10.1 Certiﬁcates ............................................................................................................................................... 8

3.3 Network Conﬁguration ...................................................................................................................................................10

3.3.1 Node ID .....................................................................................................................................................................10

3.3.2 Description ..............................................................................................................................................................10

3.3.3 Application and CDF ............................................................................................................................................10

3.3.4 Alarm mail ................................................................................................................................................................11

3.4 Files .....................................................................................................................................................................................11

3.5 Users’ Conﬁguration ..........................................................................................................................................................12

3.6 Diagnostic .............................................................................................................................................................................13

3.7 Info 13

3.8 Logout ....................................................................................................................................................................................13

4. Network .....................................................................................................................................................................................14

4.1 Network overview ..............................................................................................................................................................14

4.2 System overview.................................................................................................................................................................14

4.3 History ....................................................................................................................................................................................14

4.4 Network Alarm ....................................................................................................................................................................16

5. Device Pages .................................................................................................................................................................................17

5.1 Overview ...............................................................................................................................................................................17

5.1.1 Customization of the Overview page ............................................................................................................17

5.1.2 Creation of a Customized System Overview page ....................................................................................19

5.2 Parameter settings .............................................................................................................................................................20

5.3 Alarms.....................................................................................................................................................................................21

5.4 Physical I/O ...........................................................................................................................................................................21

5.5 Runtime chart ......................................................................................................................................................................21

5.6 Copy/Clone ...........................................................................................................................................................................21

5.6.1 Backup .......................................................................................................................................................................21

5.6.2 Copy from File ........................................................................................................................................................21

5.6.3 Clone from ﬁle ........................................................................................................................................................21

5.7 Upgrade .................................................................................................................................................................................22

5.7.1 Application Upgrade ............................................................................................................................................22

5.7.2 BIOS Upgrade .........................................................................................................................................................22

5.8 Device Info ............................................................................................................................................................................22

6. Install web pages updates .....................................................................................................................................................23

7. USB .....................................................................................................................................................................................24

7.1 Read current network conﬁguration without web interface .............................................................................24

7.2 BIOS and Application upgrade ......................................................................................................................................24

7.2.1 Install application upgrades from USB ﬂash drive ....................................................................................24

7.2.2 Install BIOS upgrades from USB ﬂash drive .................................................................................................24

7.3 Emergency actions through USB ..................................................................................................................................24

7.4 Datalogging .........................................................................................................................................................................25

8. Security .....................................................................................................................................................................................25

8.1 Security architecture .........................................................................................................................................................25

8.1.1 Foundation ..............................................................................................................................................................25

8.1.2 Core ............................................................................................................................................................................25

8.1.2.1 Authorization ...........................................................................................................................................25

8.1.2.2 Policies .......................................................................................................................................................25

8.1.2.3 Secure Update .........................................................................................................................................25

8.1.2.4 Factory Conﬁguration ...........................................................................................................................26

8.1.2.5 Certiﬁcates ................................................................................................................................................26

8.1.2.6 Reset Default Settings and Recovery ..............................................................................................26

8.1.3 Monitoring ...............................................................................................................................................................26

8.1.3.1 Response ...................................................................................................................................................26

8.1.3.2 Log and email ..........................................................................................................................................26

2 | BC337329499681en-000201

User Guide | MCX15B2/MCX20B2, Programmable controller

Table of new contents

1. Overview

Manual Version Software Version New or modiﬁed Contents

1.00 Site version: 2v30 First release

1.10 Site version: 2v35 3.2.10 Security

The MCX15/20B2 controller provides a Web Interface that can be accessed with the mainstream internet browsers. The Web Interface has the following main functionalities:

• Access to local controller

• Gateway to access controllers connected with ﬁeldbus (CANbus)

• Displays log data, real time graphs and alarms

• System conﬁguration

• Firmware and application software update

This user manual covers the features of the Web Interface and few other aspects mainly related to connectivity. Some pictures in this manual may look a bit diﬀerent in the actual version. This is because newer software versions may slightly change the layout. Pictures are only provided to support the explanation and may not represent the current implementation of the software.

Disclaimer

This user manual does not describe how the MCX15/20B2 is expected to work. It describes how to perform most of the operations that the product allows.

This user manual provides no guarantee that the product is implemented and works as described in this manual. This product can be changed at any time, without previous notice, and this user manual may be outdated.

Security cannot be guaranteed, as new ways to break into systems are found every day. This product uses the best security strategies to provide the required functionalities. Updating the product regularly is critical to keep the product secure.

2. Login

3. Conﬁguration

3.1 First time conﬁguration

To login navigate with an HTML5 browser (e.g. Chrome) to the IP address of the gateway.

The screen will appear as follows:

Enter the username in the ﬁrst box and the password in the second then press the right arrow.

The default credentials to access all conﬁguration settings are:

• Username = admin

• Password = PASS Password change is requested at ﬁrst login.

Note: after each login attempt with wrong credentials a progressive delay is applied. See 3.5 Users’ Conﬁguration on how to create users.

The controller is provided with an HTML user interface that can be accessed with any browser. By default, the device is conﬁgured for dynamic IP address (DHCP):

You can get the MCX15/20B2 IP address in several ways:

• Through USB. Within 10 minutes after power up, the device writes a ﬁle with conﬁguration settings into a USB ﬂash drive, if present (see 7.1 Read current network conﬁguration without web interface).

• Through the local display of MCX15/20B2 (in models where it is present). Press and release X+ENTER immediately after power up to enter the BIOS menu. Then select GEN SETTINGS > TCP/IP.

• Through the software tool MCXWFinder, which you can download from the MCX website.

BC337329499681en-000201 | 3

User Guide | MCX15B2/MCX20B2, Programmable controller

Once connected for the ﬁrst time, you can start to:

• conﬁgure the Web Interface. See 3.2 Settings

• conﬁgure the users. See 3.5 Users’ Conﬁguration

• conﬁgure the main device MCX15/20B2 and any network of devices connected to the main MCX15/20B2 through the ﬁeldbus (CANbus). See 6. Install web pages updates.

Note: the main menu is available in the left side of any page or can be displayed by clicking on the menu symbol in the top left corner when it is not visible due to the page dimension:

3.2 Settings

3.2.1 Site name & localization settings

To install updates, follow the instructions in 6. Install web pages updates.

The Settings menu is used to conﬁgure the Web Interface. The Settings menu is visible only with the appropriate access level (Admin).

All the possible settings are described here below.

4 | BC337329499681en-000201

– Site name is used when alarms and warnings are notiﬁed with an email to the users (see 3.2.4 Email

notiﬁcations).

– Language of the Web Interface: English/Italian.

User Guide | MCX15B2/MCX20B2, Programmable controller

Further languages can be added following this procedure (for advanced users only):

• Copy the folder http\js\jquery.translate from the MCX to your computer via FTP

• Edit the dictionary.js ﬁle and add your language in the “languages” section of the ﬁle. e.g. For Spanish, add the following two lines:

Note: you must use the languages code based on RFC 4646, which speciﬁes a unique name for each culture (e.g. es-ES for Spanish), if you want to retrieve the correct translation of the application software data from the CDF ﬁle (see 3.3.3 Application and CDF).

3.2.2 Network Settings

• Using your browser, open the ﬁle and you will see an additional column with the Spanish language

• Translate all the strings and press SAVE at the end. Strings that might be too long are highlighted in red.

• Copy the new generated ﬁle dictionary.js into the MCX, in the http\js\jquery.translate folder overwriting the previous one.

– Units of measurement used by the Web Interface: °C/bar or °F/psi – Date format: Day month year or Month day year

– HTTP port: You can change the default listening port (80) to any other value. – DHCP: if DHCP is enabled by ticking the DHCP enabled box, the network settings (IP address, IP mask,

Default gateway, Primary DNS, and Secondary DNS) will be automatically assigned by the DHCP

server. Otherwise they must be manually conﬁgured.

BC337329499681en-000201 | 5

User Guide | MCX15B2/MCX20B2, Programmable controller

3.2.3 Date and Time acquisition mode

The NTP protocol is used to automatically synchronize the time setting in the local controller. By ticking the NTP enabled box, the Network Time Protocol is enabled, and the Date/Time is automatically obtained from an NTP time server.

Set the NTP server you wish to synchronize with. If you don’t know the most convenient NTP server URL of your region, use pool.ntp.org. The MCX15/20B2 real time clock will then be synchronized and set according to the deﬁned time zone and eventual daylight saving time.

Daylight Saving Time:

– OFF: deactivated – ON: activated – US: Start=Last Sunday of March – End=Last Sunday of October – EU: Start=2nd Sunday of March – End=1st Sunday of November

If the NTP enabled box is not ticked, you can set the date and time of the MCX15/20B2 manually.

3.2.4 Email notiﬁcations

Warning: the time synchronization of the MCX controllers connected via ﬁeldbus (CANbus) to

the MCXWeb is not automatic and must be implemented by the application software.

The device can be conﬁgured to send a notiﬁcation via email when the status of the application alarm changes. Tick on Mail enabled to allow MCX15/20B2 to send an email after every change of the alarm status.

Mail domain is the name of the Simple Mail Transfer Protocol (SMTP) server that you want to use. Mail address is the email address of the sender. Mail password: password to authenticate with the SMTP server

For the Mail port and Mail mode refer to the conﬁguration of the SMPT Server. Both unauthenticated and SSL or TLS connections are managed. For each mode, the typical port is automatically proposed but you can manually change it afterward.

Example of email sent by the device:

6 | BC337329499681en-000201

User Guide | MCX15B2/MCX20B2, Programmable controller

There are two types of notiﬁcations: ALARM START and ALARM STOP.

Send Test Email is used to send an email as a test to the Mail address above. Save your settings before

sending the test email.

The email destination is set when conﬁguring the users (see 3.5 Users’ Conﬁguration).

In case of mailing problems, you will receive one of the following error codes: 50 - FAIL LOADING CA ROOT CERTIFICATE 51 - FAIL LOADING CLIENT CERTIFICATE 52 - FAIL PARSING KEY 53 - FAIL CONNECTING SERVER 54 -> 57 - FAIL SSL 58 - FAIL HANDSHAKE 59 - FAIL GET HEADER FROM SERVER 60 - FAIL EHLO 61 - FAIL START TLS 62 - FAIL AUTHENTICATION 63 - FAIL SENDING 64 - FAIL GENERIC

Note: do not use private email accounts to send emails from the device as it has not been designed to be GDPR compliant.

3.2.4.1 Gmail conﬁguration

3.2.5 History

3.2.6 System Overview

3.2.7 FTP

3.2.8 Modbus TCP

Gmail may require you to enable access to less secure apps in order to send emails from embedded systems. You can enable this feature here: https://myaccount.google.com/lesssecureapps.

Specify the name and position of the datalog ﬁles as deﬁned by the MCX application software. If the name starts with 0: the ﬁle is saved in the internal MCX15/20B2 memory. In the internal memory it is possible to have max. one datalog ﬁle for variables and the name must be 0:/5. If the name starts with 1: the ﬁle is saved in the USB ﬂash drive connected to the MCX15/20B2. In the external memory (USB ﬂash drive), it is possible to have one ﬁle for logging variables (the name must be 1:/hisdata.log) and one for events like alarm start and stop (the name must be 1:/events.log) See 4.3 History for a description on how to view historical data.

Tick on System Overview enabled to create a page with the overview of the main system data including those coming from all devices connected to the main controller’s FTP communication (see 5.1.2 Creation of a Customized System Overview page).

Tick on FTP enabled to allow FTP communication. FTP communication is not secure, and it is not recommended that you enable it. It can be useful if you need to upgrade the web interface however (see 6. Install web pages updates)

Tick on Modbus TCP Slave enabled to enable Modbus TCP slave protocol, connecting over port 502. Note that the COM3 communication port must be managed by the application software on the MCX to have the Modbus TCP protocol working. In MCXDesign applications, the brick ModbusSlaveCOM3 must be used and in the InitDeﬁnes.c ﬁle in the App folder of your project the instruction #deﬁne ENABLE_MODBUS_SLAVE_COM3 must be present in the right position (see the help of the brick).

3.2.9 Syslog

Tick on Syslog enabled to enable Syslog protocol. Syslog is a way for network devices to send event messages to a logging server for diagnostic and troubleshooting purposes. Speciﬁes the IP address and port for connections to the server. Speciﬁes the kind of messages, by severity level, to be sent to the syslog server.

BC337329499681en-000201 | 7

User Guide | MCX15B2/MCX20B2, Programmable controller

3.2.10 Security

3.2.10.1 Certiﬁcates

See 8. Security for further information on MCX15/20B2 security.

Enable HTTPS with personalized server certiﬁcate if the device is not in a secure environment. Enable HTTP if the device is in a secure LAN with authorized access available (also VPN). Enable HSTS if you want to force web browsers to interact with the device only via secure HTTPS connections (and never HTTP). This helps to prevent protocol downgrade attacks.

A dedicated certiﬁcate is needed to access the webserver over HTTPS. The certiﬁcate management is the responsibility of the user. In order to generate a certiﬁcate, it is necessary to follow the steps below.

Creating a self-signed certiﬁcate

• Click GENERATE SSC to generate a self-signed certiﬁcate

PROs of Self-Signed Certiﬁcates CONs

Immediate availability Does not protect against Man In The Middle (no authentication with PKI)

Rises alerts in browsers

Supported by few browsers

Support could cease

Creating and assigning a CA-signed certiﬁcate

• Fill in the requested data about Domain, Organization, and Country

• Click GENERATE CSR to generate a Private key and Public key pair and a Certiﬁcate Sign Request (CSR) in PEM and DER format

• The CSR can be downloaded and sent to Certiﬁcation Authority (CA), public or other, to be signed

• The signed certiﬁcate can be uploaded into the control clicking the UPLOAD CERTIFICATE. Once completed the certiﬁcate information is shown in the text box, see the example below:

8 | BC337329499681en-000201

+ 18 hidden pages