Schneider Electric M580 Installation Manual

M580

PHA83350 11/2020
M580
BMENUA0100 OPC UA Embedded Module Installation and Configuration Guide
11/2020
PHA83350.02
www.schneider-electric.com
The information provided in this documentation contains general descriptions and/or technical characteristics of the performance of the products contained herein. This documentation is not intended as a substitute for and is not to be used for determining suitability or reliability of these products for specific user applications. It is the duty of any such user or integrator to perform the appropriate and complete risk analysis, evaluation and testing of the products with respect to the relevant specific application or use thereof. Neither Schneider Electric nor any of its affiliates or subsidiaries shall be responsible or liable for misuse of the information contained herein. If you have any suggestions for improvements or amendments or have found errors in this publication, please notify us.
You agree not to reproduce, other than for your own personal, noncommercial use, all or part of this document on any medium whatsoever without permission of Schneider Electric, given in writing. You also agree not to establish any hypertext links to this document or its content. Schneider Electric does not grant any right or license for the personal and noncommercial use of the document or its content, except for a non-exclusive license to consult it on an "as is" basis, at your own risk. All other rights are reserved.
All pertinent state, regional, and local safety regulations must be observed when installing and using this product. For reasons of safety and to help ensure compliance with documented system data, only the manufacturer should perform repairs to components.
When devices are used for applications with technical safety requirements, the relevant instructions must be followed.
Failure to use Schneider Electric software or approved software with our hardware products may result in injury, harm, or improper operating results.
Failure to observe this information can result in injury or equipment damage. © 2020 Schneider Electric. All rights reserved.
2 PHA83350 11/2020

Table of Contents

Safety Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About the Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 1 BMENUA0100 Module Characteristics. . . . . . . . . . . . . . 15
Module Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Module LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 2 Standards and Certifications. . . . . . . . . . . . . . . . . . . . . . 23
Standards and Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
BMENUA0100 Module Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . .
BMENUA0100 Firmware Compatibility with
EcoStruxure™ Control Expert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 3 BMENUA0100 Functional Description . . . . . . . . . . . . . . 27
3.1 Cybersecurity Operating Mode Settings . . . . . . . . . . . . . . . . . . . . . . .
Cybersecurity Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2 OPC UA Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
BMENUA0100 OPC UA Server Operating Characteristics . . . . . . . . .
OPC UA Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
BMENUA0100 OPC UA Server Stack Services . . . . . . . . . . . . . . . . .
BMENUA0100 OPC UA Server Stack Data Access Services. . . . . . .
BMENUA0100 OPC UA Server Stack Discovery and Security Services BMENUA0100 OPC UA Server Stack Publish and Subscribe Services
BMENUA0100 OPC UA Server Stack Transport Services . . . . . . . . .
3.3 Discovering PAC Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Mapping Control Expert PAC Variables to OPC UA Data Logic
Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.4 Hot Standby and Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OPC UA Server Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 4 Supported Architectures . . . . . . . . . . . . . . . . . . . . . . . . . 61
Supported BMENUA0100 Module Configurations. . . . . . . . . . . . . . . .
Isolated Control Network with M580 Hot Standby PACs . . . . . . . . . . .
Non-Isolated Flat Network with M580 Hot Standby . . . . . . . . . . . . . . .
Flat Network with Multiple M580 Standalone CPUs and Single SCADA
16 18 22
24 25
26
28 28 34 35 37 39 40 42 44 48 49
49 53 53
62 64 66 68
PHA83350 11/2020 3
Flat Network with Multiple M580 Standalone CPUs and Redundant
SCADA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Flat Network with M580 Hot Standby CPUs and Redundant SCADA . Hierarchical Network featuring Multiple M580 Standalone CPUs
Connected to Control Network and Redundant SCADA . . . . . . . . . . .
Hierarchical Network with Multiple M580 Hot Standby CPUs and
Redundant SCADA Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
70 72
74
76
Chapter 5 Commissioning and Installation . . . . . . . . . . . . . . . . . . . . 79
Commissioning Checklist for the BMENUA0100 Module. . . . . . . . . . .
Commissioning the BMENUA0100 Module . . . . . . . . . . . . . . . . . . . . .
Installing the BMENUA0100. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80 81 84
Chapter 6 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
6.1 Configuring the BMENUA0100 Cybersecurity Settings . . . . . . . . . . . .
Introducing the BMENUA0100 Web Pages . . . . . . . . . . . . . . . . . . . . .
Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Certificates Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.2 Configuring the BMENUA0100 in Control Expert. . . . . . . . . . . . . . . . .
Configuring IP Address Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring the Network Time Service. . . . . . . . . . . . . . . . . . . . . . . . .
SNMP Agent Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.3 Configuring M580 CPU Settings for OPC UA Client - Server
Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring M580 CPU Security Settings . . . . . . . . . . . . . . . . . . . . . .
88 89 93
96 101 108 110 112 113 116 119
122 122
Chapter 7 Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
LED Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
BMENUA0100 Derived Data Type (DDT) . . . . . . . . . . . . . . . . . . . . . .
Configuring the READ_DDT Elementary Function. . . . . . . . . . . . . . . .
OPC UA Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Modbus Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SNMP Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OPC UA Diagnostic Web Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
124 128 133 137 140 144 145 146
Chapter 8 Optimizing BMENUA0100 Performance. . . . . . . . . . . . . . 147
Optimizing BMENUA0100 Performance . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting the BMENUA0100 Module . . . . . . . . . . . . . . . . . . . .
148 151
4 PHA83350 11/2020
Chapter 9 Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
EcoStruxure™ Automation Device Maintenance Tool . . . . . . . . . . . .
Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix A CPU Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
OPC UA Server to CPU Connections . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix B IPSEC Windows Scripts . . . . . . . . . . . . . . . . . . . . . . . . . 159
IKE/IPSEC Windows Firewall Configuration Scripts . . . . . . . . . . . . . .
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
153 155
157
159 163 165
PHA83350 11/2020 5
6 PHA83350 11/2020

Safety Information

Important Information
NOTICE
Read these instructions carefully, and look at the equipment to become familiar with the device before trying to install, operate, service, or maintain it. The following special messages may appear throughout this documentation or on the equipment to warn of potential hazards or to call attention to information that clarifies or simplifies a procedure.
PHA83350 11/2020 7
PLEASE NOTE
Electrical equipment should be installed, operated, serviced, and maintained only by qualified personnel. No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this material.
A qualified person is one who has skills and knowledge related to the construction and operation of electrical equipment and its installation, and has received safety training to recognize and avoid the hazards involved.
BEFORE YOU BEGIN
Do not use this product on machinery lacking effective point-of-operation guarding. Lack of effective point-of-operation guarding on a machine can result in serious injury to the operator of that machine.
UNGUARDED EQUIPMENT
Do not use this software and related automation equipment on equipment which does not have
point-of-operation protection.
Do not reach into machinery during operation.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
This automation equipment and related software is used to control a variety of industrial processes. The type or model of automation equipment suitable for each application will vary depending on factors such as the control function required, degree of protection required, production methods, unusual conditions, government regulations, etc. In some applications, more than one processor may be required, as when backup redundancy is needed.
Only you, the user, machine builder or system integrator can be aware of all the conditions and factors present during setup, operation, and maintenance of the machine and, therefore, can determine the automation equipment and the related safeties and interlocks which can be properly used. When selecting automation and control equipment and related software for a particular application, you should refer to the applicable local and national standards and regulations. The National Safety Council's Accident Prevention Manual (nationally recognized in the United States of America) also provides much useful information.
In some applications, such as packaging machinery, additional operator protection such as point­of-operation guarding must be provided. This is necessary if the operator's hands and other parts of the body are free to enter the pinch points or other hazardous areas and serious injury can occur. Software products alone cannot protect an operator from injury. For this reason the software cannot be substituted for or take the place of point-of-operation protection.
Ensure that appropriate safeties and mechanical/electrical interlocks related to point-of-operation protection have been installed and are operational before placing the equipment into service. All interlocks and safeties related to point-of-operation protection must be coordinated with the related automation equipment and software programming.
WARNING
8 PHA83350 11/2020
NOTE: Coordination of safeties and mechanical/electrical interlocks for point-of-operation protection is outside the scope of the Function Block Library, System User Guide, or other implementation referenced in this documentation.
START-UP AND TEST
Before using electrical control and automation equipment for regular operation after installation, the system should be given a start-up test by qualified personnel to verify correct operation of the equipment. It is important that arrangements for such a check be made and that enough time is allowed to perform complete and satisfactory testing.
EQUIPMENT OPERATION HAZARD
Verify that all installation and set up procedures have been completed.Before operational tests are performed, remove all blocks or other temporary holding means
used for shipment from all component devices.
Remove tools, meters, and debris from equipment.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Follow all start-up tests recommended in the equipment documentation. Store all equipment documentation for future references.
Software testing must be done in both simulated and real environments. Verify that the completed system is free from all short circuits and temporary grounds that are not
installed according to local regulations (according to the National Electrical Code in the U.S.A, for instance). If high-potential voltage testing is necessary, follow recommendations in equipment documentation to prevent accidental equipment damage.
Before energizing equipment:
Remove tools, meters, and debris from equipment.Close the equipment enclosure door.Remove all temporary grounds from incoming power lines.Perform all start-up tests recommended by the manufacturer.
WARNING
PHA83350 11/2020 9
OPERATION AND ADJUSTMENTS
The following precautions are from the NEMA Standards Publication ICS 7.1-1995 (English version prevails):
Regardless of the care exercised in the design and manufacture of equipment or in the selection
and ratings of components, there are hazards that can be encountered if such equipment is improperly operated.
It is sometimes possible to misadjust the equipment and thus produce unsatisfactory or unsafe
operation. Always use the manufacturer’s instructions as a guide for functional adjustments. Personnel who have access to these adjustments should be familiar with the equipment manufacturer’s instructions and the machinery used with the electrical equipment.
Only those operational adjustments actually required by the operator should be accessible to
the operator. Access to other controls should be restricted to prevent unauthorized changes in operating characteristics.
10 PHA83350 11/2020

About the Book

At a Glance
Document Scope
This manual describes the features and use of the M580 BMENUA0100 Ethernet communication module with embedded OPC UA server.
NOTE: The specific configuration settings contained in this guide are intended to be used for instructional purposes only. The settings required for your specific configuration may differ from the examples presented in this guide.
Validity Note
This document is valid for an M580 system when used with EcoStruxure™ Control Expert 15.0 or later.
The technical characteristics of the devices described in the present document also appear online. To access the information online:
Step Action
1 Go to the Schneider Electric home page 2 In the Search box type the reference of a product or the name of a product range.
3 If you entered a reference, go to the Product Datasheets search results and click on the
4 If more than one reference appears in the Products search results, click on the reference that
5 Depending on the size of your screen, you may need to scroll down to see the datasheet. 6 To save or print a datasheet as a .pdf file, click Download XXX product datasheet.
www.schneider-electric.com
Do not include blank spaces in the reference or product range.To get information on grouping similar modules, use asterisks (
reference that interests you. If you entered the name of a product range, go to the Product Ranges search results and click on the product range that interests you.
interests you.
.
*
).
The characteristics that are described in the present document should be the same as those characteristics that appear online. In line with our policy of constant improvement, we may revise content over time to improve clarity and accuracy. If you see a difference between the document and online information, use the online information as your reference.
PHA83350 11/2020 11
Related Documents
Title of documentation Reference number Modicon M580 Standalone, System Planning Guide
for Frequently Used Architectures
Modicon M580, System Planning Guide for Complex Topologies
Modicon M580 Hot Standby, System Planning Guide for Frequently Used Architectures
Modicon M580, M340, and X80 I/O Platforms, Standards and Certifications
M580 BMENOS0300, Network Option Switch, Installation and Configuration Guide
Modicon M580, Hardware, Reference Manual EIO0000001578 (English),
Modicon M580, RIO Modules, Installation and Configuration Guide
Modicon M580, Change Configuration on the Fly, User Guide
Modicon X80, Discrete Input/Output Modules, User Manual
Modicon X80, BMXEHC0200 Counting Module, User Manual
HRB62666 (English), HRB65318 (French), HRB65319 (German), HRB65320 (Italian), HRB65321 (Spanish), HRB65322 (Chinese)
NHA58892 (English), NHA58893 (French), NHA58894 (German), NHA58895 (Italian), NHA58896 (Spanish), NHA58897 (Chjnese)
NHA58880 (English), NHA58881 (French), NHA58882 (German), NHA58883 (Italian), NHA58884 (Spanish), NHA58885 (Chinese)
EIO0000002726 (English), EIO0000002727 (French), EIO0000002728 (German), EIO0000002730 (Italian), EIO0000002729 (Spanish), EIO0000002731 (Chinese)
NHA89117 (English), NHA89119 (French), NHA89120 (German), NHA89121 (Italian), NHA89122 (Spanish), NHA89123 (Chinese)
EIO0000001579 (French), EIO0000001580 (German), EIO0000001582 (Italian), EIO0000001581 (Spanish), EIO0000001583 (Chinese)
EIO0000001584 (English), EIO0000001585 (French), EIO0000001586 (German), EIO0000001587 (Italian), EIO0000001588 (Spanish), EIO0000001589 (Chinese),
EIO0000001590 (English), EIO0000001591 (French), EIO0000001592 (German), EIO0000001594 (Italian), EIO0000001593 (Spanish), EIO0000001595 (Chinese)
35012474 (English), 35012475 (German), 35012476 (French), 35012477 (Spanish), 35012478 (Italian), 35012479 (Chinese)
35013355 (English), 35013356 (German), 35013357 (French), 35013358 (Spanish), 35013359 (Italian), 35013360 (Chinese)
12 PHA83350 11/2020
Title of documentation Reference number Grounding and Electromagnetic Compatibility of PLC
Systems, Basic Principles and Measures, User Manual
EcoStruxure™ Control Expert, Program Languages and Structure, Reference Manual
EcoStruxure™ Control Expert, System Bits and Words, Reference Manual
EcoStruxure™ Control Expert, Operating Modes 33003101 (English), 33003102 (French),
EcoStruxure™ Control Expert, Installation Manual 35014792 (English), 35014793 (French),
Web Designer for FactoryCast User Manual 35016149 (English), 35016150 (French), 35016151
Modicon Controllers Platform Cyber Security, Reference Manual
33002439 (English), 33002440 (French), 33002441 (German), 33003702 (Italian), 33002442 (Spanish), 33003703 (Chinese)
35006144 (English), 35006145 (French), 35006146 (German), 35013361 (Italian), 35006147 (Spanish), 35013362 (Chinese)
EIO0000002135 (English), EIO0000002136 (French), EIO0000002137 (German), EIO0000002138 (Italian), EIO0000002139 (Spanish), EIO0000002140 (Chinese)
33003103 (German), 33003104 (Spanish), 33003696 (Italian), 33003697 (Chinese)
35014794 (German), 35014795 (Spanish), 35014796 (Italian), 35012191 (Chinese)
(German), 35016152 (Italian), 35016153 (Spanish), 35016154 (Chinese)
EIO0000001999 (English), EIO0000002001 (French), EIO0000002000 (German), EIO0000002002 (Italian), EIO0000002003 (Spanish), EIO0000002004 (Chinese)
You can download these technical publications and other technical information from our website at
www.schneider-electric.com/en/download
PHA83350 11/2020 13
.
14 PHA83350 11/2020
M580 BMENUA0100 Module Cha racteristics PHA83350 11/2020

BMENUA0100 Module Cha racteristics

Chapter 1
BMENUA0100 Module Characteristics
Introduction
This chapter describes the BMENUA0100 Ethernet communications module with embedded OPC UA server.
What Is in This Chapter?
This chapter contains the following topics:
Module Features 16 Module Description 18 Module LEDs 22
Topic Page
PHA83350 11/2020 15
BMENUA0100 Module Characteristics

Module Features

Introduction
The Modicon BMENUA0100 OPC UA server module brings high performance OPC UA capabilities to Modicon M580 ePAC systems.
OPC UA is a modern, secure, open, reliable communications platform for industrial communications, designed to be flexible and scalable from resource constrained IoT sensors in the field through to enterprise grade servers hosted in the data center or the cloud. Beyond connecting and moving data around, OPC UA defines a comprehensive information model for publishing and managing meta-information and system context to simplify automation engineering and systems integration.
In realizing a communications standard for modern, connected industrial operations, OPC UA provides a common link between connected products in the field, automation and edge controllers, and enterprise applications and analytics. As such it is designed to be compatible with modern IT and security infrastructure such as firewalls, VPNs and proxies. OPC UA scales for both functional requirements and bandwidth.
Features
The BMENUA0100 module includes an OPC UA server and an embedded Ethernet switch. It is Included in the Control Expert Hardware Catalog in the Communication module group,
The BMENUA0100 brings the following features to the Modicon M580 platform: General:
Direct and optimized access to Control Expert data dictionary for simple mapping between
Control Expert and OPC UA variables
Support for Hot Standby configurations via OPC UA RedundancyCompatibility with M580 Safety systems as a type 1 non-interfering module as defined by TÜV
Rheinland.
Seamless Ethernet backplane communications.DHCP/FDR client for downloading stored (non-cybersecurity) configuration settings.NTP time serverMultiple diagnostic methods, including LEDs
variables and data items SNMP
(see page 145)
Firmware Upgrade via the EcoStruxure™ Maintenance Expert (see page 133) tool.Firmware integrity checking.Hardware secured storage.
(see page 116)
(see page 49)
and client synchronization.
(see page 124)
(see page 137)
, Syslog
, and secure web pages
.
, DDT
(see page 140)
(seepage146)
(see page 53)
(see page 128)
, Modbus
(see page 144)
(see page 129).
.
, OPC_UA
,
16
PHA83350 11/2020
BMENUA0100 Module Characteristics
Cybersecurity:
Secure communications via HTTPS, OPC UA (optional), and IPSEC (optional).Module-level OPC UA securityThe ability to control inbound and outbound communication flow by enabling and disabling
communication services
IPSEC
(see page 99)
based on a pre-shared key (PSK) for securing services such as SNMPv1,
(see page 96)
(seepage97)
configurable via HTTPS.
.
Modbus/TCP, Syslog, and NTPv4. NOTE: The BMENUA0100 supports main mode IPSEC, not aggressive mode. An IPSEC channel can be opened by either the BMENUA0100 server or a remote OPC UA client. On a PC client, IPSEC is supported and validated on Windows 7, 10 and Windows server 2016 systems.
Authentication management:
Role based access control (RBAC) and user authentication
(see page 108)
for HTTPS and
OPC UA clients.
Certificates
(see page 101)
for OPC UA client application entities.
M580 communication module features include:
DHCP/FDR client for downloading stored non-cybersecurity configuration settings.Direct and optimized access to Control Expert data dictionary, for mapping Control Expert
variables to OPC UA server variables
Ethernet backplane port for Ethernet communication over the local main Ethernet rack.X Bus backplane port for 24 Vdc power and rack addressing.NTP time serverCompatibility with Hot Standby configurations via OPC UA RedundancySafety configuration as a type 1 non-interfering module as defined by TÜV Rheinland.Multiple diagnostic methods, including LEDs
variables and data items SNMP
(see page 119)
Firmware Upgrade via the EcoStruxure™ Maintenance ExpertHardware secured storage.Integrity checking of firmware.
(see page 116)
(see page 137)
, and secured web pages
(see page 49)
and client synchronization.
(see page 124)
, Syslog
.
, DDT
(see page 140)
(see page 143)
(see page 53)
(see page 128)
, Modbus
(see page 144)
.
(see page 153)
.
, OPC_UA
tool.
,
PHA83350 11/2020 17
BMENUA0100 Module Characteristics

Module Description

Introduction
Schneider Electric offers two Ethernet communication modules with an embedded OPC UA server for communication with OPC UA clients, including SCADA:
BMENUA0100 module for standard environments.BMENUA0100H module for harsh environments.
The module can be installed only in an Ethernet slot, on a main, local Ethernet rack. Refer to the
Supported BMENUA0100 Module Configurations (see page 62)
topic supported module placements, including the maximum number of BMENUA0100 modules that can be placed into a rack.
Physical Description
This figure shows the external features of the BMENUA0100 module:
for a description of
18
1 LED array 2 Control port with Ethernet link and activity LEDs 3 Ethernet backplane port 4 X Bus backplane port 5 Cybersecurity operating mode rotary selector switch
Refer to the topic LED Diagnostics
(see page 124)
for information on reading module LEDs.
PHA83350 11/2020
If the Ethernet control port is not enabled, use the stopper that ships with each module to help prevent debris from entering the control port:
External Ports
The BMENUA0100 module includes the following external ports:
Port Description Control port The control port is the single port located on the front of the BMENUA0100 module. Its features
BMENUA0100 Module Characteristics
include:
When the control port is enabled, it is the exclusive interface for OPC UA communications.Operating speed up to 1 Gb/s. When operating at the speed of:
1 Gb/s, use only CAT6 copper shielded twisted four-pair cables.10/100 Mb/s, use CAT5e or CAT6 copper shielded twisted four-pair cables.
Dual IP stack that supports both IPv4 (32 bit) and IPv6 (128 bit) IP addressing:
Both IPv4 and IPv6 are configured for the module.IPv6 configuration can be static or dynamic (via SLAAC).IPv4 default setting
(see page 113)
is auto-assigned based on the module MAC address,
if an IP address is not configured.
Secure access to the OPC UA server via both IPv4 and IPv6 protocols.HTTPS secure protocol (over IPv4) for firmware upgrade
configuration
NTPv4 secure protocol support.IPsec-provided security for non-secure services, including SNMPv1, Modbus TCP, and
(seepage88)
.
(see page 153)
and cybersecurity
Syslog.
PHA83350 11/2020 19
BMENUA0100 Module Characteristics
Port Description Ethernet
backplane port
X Bus backplane port
The BMENUA0100 Ethernet backplane port supports the IPv4 (32 bit) protocol. When the control port is disabled, the backplane port can support OPC UA communications. the backplane port includes the following features:
Operating speed up to 100 Mb/s.Modbus TCP IPv4 Ethernet connectivity to the CPU:
The Ethernet backplane port is the exclusive port for Modbus diagnostics.
Exclusive port for non-cybersecurity configuration (IP, NTPv4, SNMPv1), by:
Control Expert v14.1 and laterFDR/DHCP server
If the control port is disabled, the Ethernet backplane port provides secure access to the
OPC UA server via the IPv4 protocol, and supports the following services:
HTTPS secure protocol for firmware upgrade
configuration
NTPv4, SNMPv1 and Syslog.
The BMENUA0100 module uses X Bus backplane communication to:
Receive 24 Vdc power.Discover the rack and slot address of the BMENUA0100 module.
NOTE: No other communication is performed via the X Bus backplane port of the
BMENUA0100 module.
Rotary Switch
A three-position rotary switch is located on the back of the module. Use only the small, plastic screwdriver that ships with the module to change the switch position and configure a cybersecurity operating mode for the module.
(seepage88)
(see page 153)
.
and cybersecurity
20
NOTICE
RISK OF UNINTENDED OPERATION Use only the small, plastic screwdriver that ships with the module to change the rotary switch
position. Using a metal screwdriver can damage the switch, rendering it inoperable. Failure to follow these instructions can result in equipment damage.
PHA83350 11/2020
BMENUA0100 Module Characteristics
The positions on the rotary switch are:
The settings are:
Secured modeStandard modeSecurity Reset
NOTE:
The rotary switch is not accessible when the module is placed on the rack.In a Hot Standby system, verify that the BMENUA0100 module rotary switch positions – in both
the primary and the standby local main racks – are the same. The system does not automatically perform this check for you.
Refer to the description of cybersecurity operating modes
(seepage28)
for information on each
rotary switch position setting.
PHA83350 11/2020 21
BMENUA0100 Module Characteristics

Module LEDs

LED Display
A 7-LED display panel is located on the front of the BMENUA0100 module:
The LEDs display information about the module as follows:
LED Describes the state of the module: RUN Operating condition. ERR Detected errors. UACNX OPC UA connections. BS Backplane port. NS Control port. SEC Cybersecurity condition. BUSY Data dictionary status
Refer to the LED Diagnostics topic diagnose the state of the BMENUA0100 module.
Control Port LEDs
The control port, on the front of the module, presents two LEDs describing the state of the Ethernet link over the port:
The ACT LED indicates the presence of Ethernet activity on the port.The LNK LED indicates the existence of an Ethernet link and the link speed.
Refer to the LED Diagnostics topic LEDs to diagnose the state of the BMENUA0100 module control port.
22
(see page 124)
(see page 127)
for information on how to use these LEDs to
for information on how to use the control port
PHA83350 11/2020
M580 Standards and Certificat ions PHA83350 11/2020

Standards and Certificat ions

Chapter 2
Standards and Certifications
Overview
This chapter describes the standards and certifications that apply to the BMENUA0100 Ethernet communications module with embedded OPC UA server.
What Is in This Chapter?
This chapter contains the following topics:
Standards and Certifications 24 BMENUA0100 Module Standards 25 BMENUA0100 Firmware Compatibility with EcoStruxure™ Control Expert 26
Topic Page
PHA83350 11/2020 23

Standards and Certifications

Standards and Certifications
Download
Click the link that corresponds to your preferred language to download standards and certifications (PDF format) that apply to the modules in this product line:
Title Languages Modicon M580, M340, and X80 I/O Platforms,
Standards and Certifications
English: French: German: Italian: Spanish: Chinese:
EIO0000002726
EIO0000002727
EIO0000002728
EIO0000002730
EIO0000002729 EIO0000002731
24
PHA83350 11/2020

BMENUA0100 Module Standards

Agency Requirements
The BMENUA0100 OPC UA embedded Ethernet communication module conforms to the following agency standards:
Marking Requirement
OPC UA V1.03: OPC Unified Architecture machine to machine communication protocol.
K3/C3 – K3/C2 nuclear certification; Cx certification validates overall quality level of the PAC system, application, and with respect to our processes (to provide traceability, development process and mastering, maturity in our overall quality management…); K3 deals with climatic or mechanical constraints, and consists of full environmental tests under specific mechanical constraints.
Standards and Certifications
PHA83350 11/2020 25
Standards and Certifications

BMENUA0100 Firmware Compatibility with EcoStruxure™ Control Expert

Compatibility
Applications created with EcoStruxure™ Control Expert software are compatible with BMENUA0100 module firmware as follows:
BMENUA0100 Firmware Version
1.01 Fully compatible Only legacy features of firmware version 1.01 are
1.10 Fully compatible Fully compatible
1. If a BMENUA0100 module with firmware version 1.01 receives an application generated with EcoStruxure™ Control Expert V15 where:
configure fast monitoring is Activated (in the IPConfig tab
implemented.
IPv4 is de-activated for the control port, the module control port will be configured with the IPv4 address
that appears grayed-out in the IPConfig tab for the module.
EcoStruxure™ Control Expert Software Version
14.0 15.0
supported by software
(seepage114)
1, 2, 3
), this setting will not be
NOTE: The grayed-out IPv4 address can be the most recently user-input IPv4 address, or the IPv4
address automatically input by the EcoStruxure™ Control Expert software (172.16.12.1) if no IPv4 address was previously entered.
NTP
(see page 118)
indicate NTP is operational when the NTP service actually is not operational.
2. If two BMENUA0100 modules with firmware version 1.01 are configured in a Hot Standby rack with EcoStruxure™ Control Expert V15, the limitations described in the preceding items also apply to these modules.
3. If SNMP is enabled in Control Expert, include the IPv4 address of the SNMP manager in the SNMP tab for the BMENUA0100 module
has been configured with an IPv6 address, the module web pages mistakenly
(see page 119)
so that the SNMP manager can access the SNMP MIB.
26
PHA83350 11/2020
M580 Functional Description PHA83350 11/2020

BMENUA0100 Functional Description

Chapter 3
BMENUA0100 Functional Description
Introduction
This chapter describes the supported functions of the BMENUA0100 Ethernet communications module with embedded OPC UA server.
What Is in This Chapter?
This chapter contains the following sections:
Section Topic Page
3.1 Cybersecurity Operating Mode Settings 28
3.2 OPC UA Services 34
3.3 Discovering PAC Variables 49
3.4 Hot Standby and Redundancy 53
PHA83350 11/2020 27
Functional Description

Cybersecurity Operatin g Mode Settings

Section 3.1
Cybersecurity Operating Mode Settings

Cybersecurity Operating Modes

Introduction
The BMENUA0100 module can be configured to operate in either Secured or Standard mode. The 3-position rotary selector switch on the back of the module determines the operating mode.
The three rotary switch positions are:
Secured modeStandard modeSecurity Reset
NOTE:
The module’s default, out-of-the-box configuration, is the Secured mode.You can view the current position of the rotary switch in the Home page
module web pages.
Because the rotary selector switch is not accessible while the module is on the rack, the switch position can be changed only when the module is powered off and removed from the rack. After a new switch position is selected, the module can be re-inserted into the rack and power applied.
NOTE: Use only the small, plastic screwdriver that ships with the module the switch position and configure a cybersecurity operating mode.
(see page 93)
(seepage20)
of the
to change
28
PHA83350 11/2020
Changing Operating Mode
Each time you switch the cybersecurity operating mode from Secured mode to Standard mode, or from Standard mode to Secured mode, perform a Security Reset operation configuring the new mode.
The position of the rotary switch determines the operating state of the module, as follows:
A new (out-of-the-box factory default) module, or a module for which a Security Reset has been performed, can be commissioned for either Standard mode
(seepage81)
operations.
The process for configuring the module for Secured mode operations varies, depending on whether you are connecting to the module configuration settings for the first time after performing a security reset:
(see page 82)
Functional Description
(see page 83)
before
or Secured mode
1 For information about managing the configuration, refer to the configuration chapter. 2 For information on performing a configuration on first connection, refer to the topic Secured Mode
Commissioning
PHA83350 11/2020 29
(seepage81)
.
(see page 87)
Functional Description
Secured Mode
When operating in Secured mode, the module will not engage in process communications – over either the control port or the backplane port – until valid cybersecurity settings have been configured. After Secured mode has been configured, you can configure cybersecurity settings using the module web pages either the backplane or control ports. In Secured mode, the module supports the level of cybersecurity that is specified in the cybersecurity configuration. Only after cybersecurity settings have been configured, can IP address, NTP client, and SNMP agent settings configured using the Control Expert configuration software.
Standard Mode
When operating in Standard mode, module communications can begin immediately. Cybersecurity settings are not required and cannot be configured. Only the IP address and other settings available in Control Expert can be configured.
Security Reset
The Security Reset command restores the out-of-the-box factory default configuration settings. It deletes any existing cybersecurity configuration, white lists, certificates, and role based access control settings. While the process of restoring factory default settings is ongoing, the RUN LED continues blinking green. After completion of process, the RUN LED turns to solid green, and all services are disabled. To complete the security reset, either cycle power (off, then on) to the BMENUA0100 module, or physically remove the module from the rack (which turns off power) then re-insert the module into the rack (which turns power back on).
This setting can be made using either the rotary switch or the web pages (when operating in Secured mode):
If set via rotary switch: the module ceases to be functional until the module is removed from the
rack, the rotary switch is re-set to either the Secured or Standard position, and the module is again placed on the rack. The necessary configuration(s) will need to be applied.
If set via the web pages: upon completion of the process cycle power (off / on) to – or hot swap
– the module in Standard or in Secured mode. Both the cybersecurity and IP address settings need to be configured.
NOTE: After a Security Reset of the BMENUA0100 module, the following conditions apply to the module:
No device certificates are preserved.All services are disabled except for HTTPS, which is used to create the cybersecurity
configuration via the control port.
Factory default settings are applied, including:
Username / Password default settingsIP address default setting of 10.10.MAC5.MAC6
(seepage88)
, which can be accessed via the HTTPS protocol over
(see page 31)
(see page 113)
(see page 112)
.
.
be
30
PHA83350 11/2020
Loading...
+ 136 hidden pages