BMENUA0100 OPC UA Embedded
Module
Installation and Configuration Guide
Original instructions
11/2020
PHA83350.02
www.schneider-electric.com
The information provided in this documentation contains general descriptions and/or technical
characteristics of the performance of the products contained herein. This documentation is not
intended as a substitute for and is not to be used for determining suitability or reliability of these
products for specific user applications. It is the duty of any such user or integrator to perform the
appropriate and complete risk analysis, evaluation and testing of the products with respect to the
relevant specific application or use thereof. Neither Schneider Electric nor any of its affiliates or
subsidiaries shall be responsible or liable for misuse of the information contained herein. If you
have any suggestions for improvements or amendments or have found errors in this publication,
please notify us.
You agree not to reproduce, other than for your own personal, noncommercial use, all or part of
this document on any medium whatsoever without permission of Schneider Electric, given in
writing. You also agree not to establish any hypertext links to this document or its content.
Schneider Electric does not grant any right or license for the personal and noncommercial use of
the document or its content, except for a non-exclusive license to consult it on an "as is" basis, at
your own risk. All other rights are reserved.
All pertinent state, regional, and local safety regulations must be observed when installing and
using this product. For reasons of safety and to help ensure compliance with documented system
data, only the manufacturer should perform repairs to components.
When devices are used for applications with technical safety requirements, the relevant
instructions must be followed.
Failure to use Schneider Electric software or approved software with our hardware products may
result in injury, harm, or improper operating results.
Read these instructions carefully, and look at the equipment to become familiar with the device
before trying to install, operate, service, or maintain it. The following special messages may appear
throughout this documentation or on the equipment to warn of potential hazards or to call attention
to information that clarifies or simplifies a procedure.
PHA83350 11/20207
PLEASE NOTE
Electrical equipment should be installed, operated, serviced, and maintained only by qualified
personnel. No responsibility is assumed by Schneider Electric for any consequences arising out of
the use of this material.
A qualified person is one who has skills and knowledge related to the construction and operation
of electrical equipment and its installation, and has received safety training to recognize and avoid
the hazards involved.
BEFORE YOU BEGIN
Do not use this product on machinery lacking effective point-of-operation guarding. Lack of
effective point-of-operation guarding on a machine can result in serious injury to the operator of
that machine.
UNGUARDED EQUIPMENT
Do not use this software and related automation equipment on equipment which does not have
point-of-operation protection.
Do not reach into machinery during operation.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
This automation equipment and related software is used to control a variety of industrial processes.
The type or model of automation equipment suitable for each application will vary depending on
factors such as the control function required, degree of protection required, production methods,
unusual conditions, government regulations, etc. In some applications, more than one processor
may be required, as when backup redundancy is needed.
Only you, the user, machine builder or system integrator can be aware of all the conditions and
factors present during setup, operation, and maintenance of the machine and, therefore, can
determine the automation equipment and the related safeties and interlocks which can be properly
used. When selecting automation and control equipment and related software for a particular
application, you should refer to the applicable local and national standards and regulations. The
National Safety Council's Accident Prevention Manual (nationally recognized in the United States
of America) also provides much useful information.
In some applications, such as packaging machinery, additional operator protection such as pointof-operation guarding must be provided. This is necessary if the operator's hands and other parts
of the body are free to enter the pinch points or other hazardous areas and serious injury can occur.
Software products alone cannot protect an operator from injury. For this reason the software
cannot be substituted for or take the place of point-of-operation protection.
Ensure that appropriate safeties and mechanical/electrical interlocks related to point-of-operation
protection have been installed and are operational before placing the equipment into service. All
interlocks and safeties related to point-of-operation protection must be coordinated with the related
automation equipment and software programming.
WARNING
8PHA83350 11/2020
NOTE: Coordination of safeties and mechanical/electrical interlocks for point-of-operation
protection is outside the scope of the Function Block Library, System User Guide, or other
implementation referenced in this documentation.
START-UP AND TEST
Before using electrical control and automation equipment for regular operation after installation,
the system should be given a start-up test by qualified personnel to verify correct operation of the
equipment. It is important that arrangements for such a check be made and that enough time is
allowed to perform complete and satisfactory testing.
EQUIPMENT OPERATION HAZARD
Verify that all installation and set up procedures have been completed.
Before operational tests are performed, remove all blocks or other temporary holding means
used for shipment from all component devices.
Remove tools, meters, and debris from equipment.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Follow all start-up tests recommended in the equipment documentation. Store all equipment
documentation for future references.
Software testing must be done in both simulated and real environments.
Verify that the completed system is free from all short circuits and temporary grounds that are not
installed according to local regulations (according to the National Electrical Code in the U.S.A, for
instance). If high-potential voltage testing is necessary, follow recommendations in equipment
documentation to prevent accidental equipment damage.
Before energizing equipment:
Remove tools, meters, and debris from equipment.
Close the equipment enclosure door.
Remove all temporary grounds from incoming power lines.
Perform all start-up tests recommended by the manufacturer.
WARNING
PHA83350 11/20209
OPERATION AND ADJUSTMENTS
The following precautions are from the NEMA Standards Publication ICS 7.1-1995 (English
version prevails):
Regardless of the care exercised in the design and manufacture of equipment or in the selection
and ratings of components, there are hazards that can be encountered if such equipment is
improperly operated.
It is sometimes possible to misadjust the equipment and thus produce unsatisfactory or unsafe
operation. Always use the manufacturer’s instructions as a guide for functional adjustments.
Personnel who have access to these adjustments should be familiar with the equipment
manufacturer’s instructions and the machinery used with the electrical equipment.
Only those operational adjustments actually required by the operator should be accessible to
the operator. Access to other controls should be restricted to prevent unauthorized changes in
operating characteristics.
10PHA83350 11/2020
About the Book
At a Glance
Document Scope
This manual describes the features and use of the M580 BMENUA0100 Ethernet communication
module with embedded OPC UA server.
NOTE: The specific configuration settings contained in this guide are intended to be used for
instructional purposes only. The settings required for your specific configuration may differ from the
examples presented in this guide.
Validity Note
This document is valid for an M580 system when used with EcoStruxure™ Control Expert 15.0 or
later.
The technical characteristics of the devices described in the present document also appear online.
To access the information online:
StepAction
1Go to the Schneider Electric home page
2In the Search box type the reference of a product or the name of a product range.
3If you entered a reference, go to the Product Datasheets search results and click on the
4If more than one reference appears in the Products search results, click on the reference that
5Depending on the size of your screen, you may need to scroll down to see the datasheet.
6To save or print a datasheet as a .pdf file, click Download XXX product datasheet.
www.schneider-electric.com
Do not include blank spaces in the reference or product range.
To get information on grouping similar modules, use asterisks (
reference that interests you.
If you entered the name of a product range, go to the Product Ranges search results and click
on the product range that interests you.
interests you.
.
*
).
The characteristics that are described in the present document should be the same as those
characteristics that appear online. In line with our policy of constant improvement, we may revise
content over time to improve clarity and accuracy. If you see a difference between the document
and online information, use the online information as your reference.
PHA83350 11/202011
Related Documents
Title of documentationReference number
Modicon M580 Standalone, System Planning Guide
for Frequently Used Architectures
Modicon M580, System Planning Guide for Complex
Topologies
Modicon M580 Hot Standby, System Planning Guide
for Frequently Used Architectures
Modicon M580, M340, and X80 I/O Platforms,
Standards and Certifications
M580 BMENOS0300, Network Option Switch,
Installation and Configuration Guide
The Modicon BMENUA0100 OPC UA server module brings high performance OPC UA capabilities
to Modicon M580 ePAC systems.
OPC UA is a modern, secure, open, reliable communications platform for industrial
communications, designed to be flexible and scalable from resource constrained IoT sensors in
the field through to enterprise grade servers hosted in the data center or the cloud. Beyond
connecting and moving data around, OPC UA defines a comprehensive information model for
publishing and managing meta-information and system context to simplify automation engineering
and systems integration.
In realizing a communications standard for modern, connected industrial operations, OPC UA
provides a common link between connected products in the field, automation and edge controllers,
and enterprise applications and analytics. As such it is designed to be compatible with modern IT
and security infrastructure such as firewalls, VPNs and proxies. OPC UA scales for both functional
requirements and bandwidth.
Features
The BMENUA0100 module includes an OPC UA server and an embedded Ethernet switch. It is
Included in the Control Expert Hardware Catalog in the Communication module group,
The BMENUA0100 brings the following features to the Modicon M580 platform:
General:
Direct and optimized access to Control Expert data dictionary for simple mapping between
Control Expert and OPC UA variables
Support for Hot Standby configurations via OPC UA Redundancy
Compatibility with M580 Safety systems as a type 1 non-interfering module as defined by TÜV
Rheinland.
Seamless Ethernet backplane communications.
DHCP/FDR client for downloading stored (non-cybersecurity) configuration settings.
NTP time server
Multiple diagnostic methods, including LEDs
variables and data items
SNMP
(see page 145)
Firmware Upgrade via the EcoStruxure™ Maintenance Expert (see page 133) tool.
Firmware integrity checking.
Hardware secured storage.
(see page 116)
(see page 49)
and client synchronization.
(see page 124)
(see page 137)
, Syslog
, and secure web pages
.
, DDT
(see page 140)
(seepage146)
(see page 53)
(see page 128)
, Modbus
(see page 144)
(see page 129).
.
, OPC_UA
,
16
PHA83350 11/2020
BMENUA0100 Module Characteristics
Cybersecurity:
Secure communications via HTTPS, OPC UA (optional), and IPSEC (optional).
Module-level OPC UA security
The ability to control inbound and outbound communication flow by enabling and disabling
communication services
IPSEC
(see page 99)
based on a pre-shared key (PSK) for securing services such as SNMPv1,
(see page 96)
(seepage97)
configurable via HTTPS.
.
Modbus/TCP, Syslog, and NTPv4.
NOTE: The BMENUA0100 supports main mode IPSEC, not aggressive mode. An IPSEC
channel can be opened by either the BMENUA0100 server or a remote OPC UA client. On a
PC client, IPSEC is supported and validated on Windows 7, 10 and Windows server 2016
systems.
Authentication management:
Role based access control (RBAC) and user authentication
(see page 108)
for HTTPS and
OPC UA clients.
Certificates
(see page 101)
for OPC UA client application entities.
M580 communication module features include:
DHCP/FDR client for downloading stored non-cybersecurity configuration settings.
Direct and optimized access to Control Expert data dictionary, for mapping Control Expert
variables to OPC UA server variables
Ethernet backplane port for Ethernet communication over the local main Ethernet rack.
X Bus backplane port for 24 Vdc power and rack addressing.
NTP time server
Compatibility with Hot Standby configurations via OPC UA Redundancy
Safety configuration as a type 1 non-interfering module as defined by TÜV Rheinland.
Multiple diagnostic methods, including LEDs
variables and data items
SNMP
(see page 119)
Firmware Upgrade via the EcoStruxure™ Maintenance Expert
Hardware secured storage.
Integrity checking of firmware.
(see page 116)
(see page 137)
, and secured web pages
(see page 49)
and client synchronization.
(see page 124)
, Syslog
.
, DDT
(see page 140)
(see page 143)
(see page 53)
(see page 128)
, Modbus
(see page 144)
.
(see page 153)
.
, OPC_UA
tool.
,
PHA83350 11/202017
BMENUA0100 Module Characteristics
Module Description
Introduction
Schneider Electric offers two Ethernet communication modules with an embedded OPC UA server
for communication with OPC UA clients, including SCADA:
BMENUA0100 module for standard environments.
BMENUA0100H module for harsh environments.
The module can be installed only in an Ethernet slot, on a main, local Ethernet rack. Refer to the
Supported BMENUA0100 Module Configurations (see page 62)
topic
supported module placements, including the maximum number of BMENUA0100 modules that can
be placed into a rack.
Physical Description
This figure shows the external features of the BMENUA0100 module:
for a description of
18
1 LED array
2 Control port with Ethernet link and activity LEDs
3 Ethernet backplane port
4 X Bus backplane port
5 Cybersecurity operating mode rotary selector switch
Refer to the topic LED Diagnostics
(see page 124)
for information on reading module LEDs.
PHA83350 11/2020
If the Ethernet control port is not enabled, use the stopper that ships with each module to help
prevent debris from entering the control port:
External Ports
The BMENUA0100 module includes the following external ports:
PortDescription
Control port The control port is the single port located on the front of the BMENUA0100 module. Its features
BMENUA0100 Module Characteristics
include:
When the control port is enabled, it is the exclusive interface for OPC UA communications.
Operating speed up to 1 Gb/s. When operating at the speed of:
1 Gb/s, use only CAT6 copper shielded twisted four-pair cables.
10/100 Mb/s, use CAT5e or CAT6 copper shielded twisted four-pair cables.
Dual IP stack that supports both IPv4 (32 bit) and IPv6 (128 bit) IP addressing:
Both IPv4 and IPv6 are configured for the module.
IPv6 configuration can be static or dynamic (via SLAAC).
IPv4 default setting
(see page 113)
is auto-assigned based on the module MAC address,
if an IP address is not configured.
Secure access to the OPC UA server via both IPv4 and IPv6 protocols.
HTTPS secure protocol (over IPv4) for firmware upgrade
configuration
NTPv4 secure protocol support.
IPsec-provided security for non-secure services, including SNMPv1, Modbus TCP, and
(seepage88)
.
(see page 153)
and cybersecurity
Syslog.
PHA83350 11/202019
BMENUA0100 Module Characteristics
PortDescription
Ethernet
backplane
port
X Bus
backplane
port
The BMENUA0100 Ethernet backplane port supports the IPv4 (32 bit) protocol. When the
control port is disabled, the backplane port can support OPC UA communications. the
backplane port includes the following features:
Operating speed up to 100 Mb/s.
Modbus TCP IPv4 Ethernet connectivity to the CPU:
The Ethernet backplane port is the exclusive port for Modbus diagnostics.
Exclusive port for non-cybersecurity configuration (IP, NTPv4, SNMPv1), by:
Control Expert v14.1 and later
FDR/DHCP server
If the control port is disabled, the Ethernet backplane port provides secure access to the
OPC UA server via the IPv4 protocol, and supports the following services:
HTTPS secure protocol for firmware upgrade
configuration
NTPv4, SNMPv1 and Syslog.
The BMENUA0100 module uses X Bus backplane communication to:
Receive 24 Vdc power.
Discover the rack and slot address of the BMENUA0100 module.
NOTE: No other communication is performed via the X Bus backplane port of the
BMENUA0100 module.
Rotary Switch
A three-position rotary switch is located on the back of the module. Use only the small, plastic
screwdriver that ships with the module to change the switch position and configure a cybersecurity
operating mode for the module.
(seepage88)
(see page 153)
.
and cybersecurity
20
NOTICE
RISK OF UNINTENDED OPERATION
Use only the small, plastic screwdriver that ships with the module to change the rotary switch
position. Using a metal screwdriver can damage the switch, rendering it inoperable.
Failure to follow these instructions can result in equipment damage.
PHA83350 11/2020
BMENUA0100 Module Characteristics
The positions on the rotary switch are:
The settings are:
Secured mode
Standard mode
Security Reset
NOTE:
The rotary switch is not accessible when the module is placed on the rack.
In a Hot Standby system, verify that the BMENUA0100 module rotary switch positions – in both
the primary and the standby local main racks – are the same. The system does not automatically
perform this check for you.
Refer to the description of cybersecurity operating modes
(seepage28)
for information on each
rotary switch position setting.
PHA83350 11/202021
BMENUA0100 Module Characteristics
Module LEDs
LED Display
A 7-LED display panel is located on the front of the BMENUA0100 module:
The LEDs display information about the module as follows:
LEDDescribes the state of the module:
RUNOperating condition.
ERRDetected errors.
UACNXOPC UA connections.
BSBackplane port.
NSControl port.
SECCybersecurity condition.
BUSYData dictionary status
Refer to the LED Diagnostics topic
diagnose the state of the BMENUA0100 module.
Control Port LEDs
The control port, on the front of the module, presents two LEDs describing the state of the Ethernet
link over the port:
The ACT LED indicates the presence of Ethernet activity on the port.
The LNK LED indicates the existence of an Ethernet link and the link speed.
Refer to the LED Diagnostics topic
LEDs to diagnose the state of the BMENUA0100 module control port.
22
(see page 124)
(see page 127)
for information on how to use these LEDs to
for information on how to use the control port
PHA83350 11/2020
M580
Standards and Certificat ions
PHA83350 11/2020
Standards and Certificat ions
Chapter 2
Standards and Certifications
Overview
This chapter describes the standards and certifications that apply to the BMENUA0100 Ethernet
communications module with embedded OPC UA server.
What Is in This Chapter?
This chapter contains the following topics:
Standards and Certifications24
BMENUA0100 Module Standards25
BMENUA0100 Firmware Compatibility with EcoStruxure™ Control Expert26
TopicPage
PHA83350 11/202023
Standards and Certifications
Standards and Certifications
Download
Click the link that corresponds to your preferred language to download standards and certifications
(PDF format) that apply to the modules in this product line:
TitleLanguages
Modicon M580, M340, and X80 I/O Platforms,
The BMENUA0100 OPC UA embedded Ethernet communication module conforms to the following
agency standards:
MarkingRequirement
OPC UA V1.03: OPC Unified Architecture machine to machine communication protocol.
K3/C3 – K3/C2 nuclear certification; Cx certification validates overall quality level of the
PAC system, application, and with respect to our processes (to provide traceability,
development process and mastering, maturity in our overall quality management…); K3
deals with climatic or mechanical constraints, and consists of full environmental tests
under specific mechanical constraints.
Standards and Certifications
PHA83350 11/202025
Standards and Certifications
BMENUA0100 Firmware Compatibility with EcoStruxure™ Control Expert
Compatibility
Applications created with EcoStruxure™ Control Expert software are compatible with
BMENUA0100 module firmware as follows:
BMENUA0100 Firmware
Version
1.01Fully compatibleOnly legacy features of firmware version 1.01 are
1.10Fully compatibleFully compatible
1. If a BMENUA0100 module with firmware version 1.01 receives an application generated with
EcoStruxure™ Control Expert V15 where:
configure fast monitoring is Activated (in the IPConfig tab
implemented.
IPv4 is de-activated for the control port, the module control port will be configured with the IPv4 address
that appears grayed-out in the IPConfig tab for the module.
EcoStruxure™ Control Expert Software Version
14.015.0
supported by software
(seepage114)
1, 2, 3
), this setting will not be
NOTE: The grayed-out IPv4 address can be the most recently user-input IPv4 address, or the IPv4
address automatically input by the EcoStruxure™ Control Expert software (172.16.12.1) if no IPv4
address was previously entered.
NTP
(see page 118)
indicate NTP is operational when the NTP service actually is not operational.
2. If two BMENUA0100 modules with firmware version 1.01 are configured in a Hot Standby rack with
EcoStruxure™ Control Expert V15, the limitations described in the preceding items also apply to these
modules.
3. If SNMP is enabled in Control Expert, include the IPv4 address of the SNMP manager in the SNMP tab for
the BMENUA0100 module
has been configured with an IPv6 address, the module web pages mistakenly
(see page 119)
so that the SNMP manager can access the SNMP MIB.
26
PHA83350 11/2020
M580
Functional Description
PHA83350 11/2020
BMENUA0100 Functional Description
Chapter 3
BMENUA0100 Functional Description
Introduction
This chapter describes the supported functions of the BMENUA0100 Ethernet communications
module with embedded OPC UA server.
What Is in This Chapter?
This chapter contains the following sections:
SectionTopicPage
3.1Cybersecurity Operating Mode Settings28
3.2OPC UA Services34
3.3Discovering PAC Variables49
3.4Hot Standby and Redundancy53
PHA83350 11/202027
Functional Description
Cybersecurity Operatin g Mode Settings
Section 3.1
Cybersecurity Operating Mode Settings
Cybersecurity Operating Modes
Introduction
The BMENUA0100 module can be configured to operate in either Secured or Standard mode. The
3-position rotary selector switch on the back of the module determines the operating mode.
The three rotary switch positions are:
Secured mode
Standard mode
Security Reset
NOTE:
The module’s default, out-of-the-box configuration, is the Secured mode.
You can view the current position of the rotary switch in the Home page
module web pages.
Because the rotary selector switch is not accessible while the module is on the rack, the switch
position can be changed only when the module is powered off and removed from the rack. After a
new switch position is selected, the module can be re-inserted into the rack and power applied.
NOTE: Use only the small, plastic screwdriver that ships with the module
the switch position and configure a cybersecurity operating mode.
(see page 93)
(seepage20)
of the
to change
28
PHA83350 11/2020
Changing Operating Mode
Each time you switch the cybersecurity operating mode from Secured mode to Standard mode, or
from Standard mode to Secured mode, perform a Security Reset operation
configuring the new mode.
The position of the rotary switch determines the operating state of the module, as follows:
A new (out-of-the-box factory default) module, or a module for which a Security Reset has been
performed, can be commissioned for either Standard mode
(seepage81)
operations.
The process for configuring the module for Secured mode operations varies, depending on
whether you are connecting to the module configuration settings for the first time after performing
a security reset:
(see page 82)
Functional Description
(see page 83)
before
or Secured mode
1 For information about managing the configuration, refer to the configuration chapter.
2 For information on performing a configuration on first connection, refer to the topic Secured Mode
Commissioning
PHA83350 11/202029
(seepage81)
.
(see page 87)
Functional Description
Secured Mode
When operating in Secured mode, the module will not engage in process communications – over
either the control port or the backplane port – until valid cybersecurity settings have been
configured. After Secured mode has been configured, you can configure cybersecurity settings
using the module web pages
either the backplane or control ports. In Secured mode, the module supports the level of
cybersecurity that is specified in the cybersecurity configuration. Only after cybersecurity settings
have been configured, can IP address, NTP client, and SNMP agent settings
configured using the Control Expert configuration software.
Standard Mode
When operating in Standard mode, module communications can begin immediately. Cybersecurity
settings are not required and cannot be configured. Only the IP address and other settings
available in Control Expert can be configured.
Security Reset
The Security Reset command restores the out-of-the-box factory default configuration settings. It
deletes any existing cybersecurity configuration, white lists, certificates, and role based access
control settings. While the process of restoring factory default settings is ongoing, the RUN LED
continues blinking green. After completion of process, the RUN LED turns to solid green, and all
services are disabled. To complete the security reset, either cycle power (off, then on) to the
BMENUA0100 module, or physically remove the module from the rack (which turns off power) then
re-insert the module into the rack (which turns power back on).
This setting can be made using either the rotary switch or the web pages (when operating in
Secured mode):
If set via rotary switch: the module ceases to be functional until the module is removed from the
rack, the rotary switch is re-set to either the Secured or Standard position, and the module is
again placed on the rack. The necessary configuration(s) will need to be applied.
If set via the web pages: upon completion of the process cycle power (off / on) to – or hot swap
– the module in Standard or in Secured mode. Both the cybersecurity and IP address settings
need to be configured.
NOTE: After a Security Reset of the BMENUA0100 module, the following conditions apply to the
module:
No device certificates are preserved.
All services are disabled except for HTTPS, which is used to create the cybersecurity
configuration via the control port.
Factory default settings are applied, including:
Username / Password default settings
IP address default setting of 10.10.MAC5.MAC6
(seepage88)
, which can be accessed via the HTTPS protocol over
(see page 31)
(see page 113)
(see page 112)
.
.
be
30
PHA83350 11/2020
Loading...
+ 136 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.