You are on page 1of 57

Secure Remote

Maintenance
User's manual

Version: 1.32 (December 2017)


Model no.: MASRM-ENG

Translation of the original documentation


All values in this manual are current as of its publication. We reserve the right to change the contents of this manual
without notice. B&R Industrial Automation GmbH is not liable for technical/editorial errors or incomplete information
in this manual. In addition, B&R Industrial Automation GmbH shall not be liable for incidental or consequential
damages in connection with or arising from the furnishing, performance or use of this material. The software names,
hardware names and trademarks used in this document are registered by their respective companies.
Table of contents

1 General information.................................................................................................. 5
1.1 Manual history.................................................................................................................................................5
1.2 Safety guidelines.............................................................................................................................................6
1.2.1 Organization of safety notices...................................................................................................................6
1.2.2 Introduction................................................................................................................................................ 6
1.2.3 Intended use..............................................................................................................................................6
1.2.4 Protection against electrostatic discharge.................................................................................................6
1.2.4.1 Packaging.............................................................................................................................................6
1.2.4.2 Guidelines for proper ESD handling....................................................................................................6
1.2.5 Transport and storage............................................................................................................................... 7
1.2.6 Operation................................................................................................................................................... 7
1.2.6.1 Protection against touching electrical parts......................................................................................... 7
1.2.6.2 Environmental conditions - Dust, moisture, corrosive gases...............................................................7
1.2.6.3 Viruses and dangerous programs....................................................................................................... 8
1.2.7 Environmentally friendly disposal.............................................................................................................. 8
1.2.7.1 Separation of materials........................................................................................................................8

2 Secure Remote Maintenance................................................................................... 9

3 System overview..................................................................................................... 10
3.1 Overview........................................................................................................................................................10
3.2 GateManager.................................................................................................................................................11
3.2.1 General information................................................................................................................................. 11
3.2.2 Order data............................................................................................................................................... 12
3.2.3 Technical data......................................................................................................................................... 12
3.2.4 LED status indicators.............................................................................................................................. 13
3.2.5 Operating and connection elements....................................................................................................... 13
3.2.5.1 Reset button.......................................................................................................................................13
3.2.5.2 Ethernet interfaces............................................................................................................................. 13
3.2.5.3 USB interfaces................................................................................................................................... 13
3.2.5.4 Power supply......................................................................................................................................13
3.2.6 Activating the GateManager and ordering licenses................................................................................ 14
3.2.6.1 Delivery and installation of licenses.................................................................................................. 15
3.2.7 Service agreements.................................................................................................................................16
3.2.7.1 LogTunnel – Remote data logging.................................................................................................... 16
3.2.8 User authorization management............................................................................................................. 17
3.2.8.1 GateManager server administrator.................................................................................................... 17
3.2.8.2 GateManager domain administrator.................................................................................................. 17
3.2.8.3 LinkManager user.............................................................................................................................. 18
3.2.8.4 Domain observer................................................................................................................................18
3.3 SiteManager.................................................................................................................................................. 19
3.3.1 General information................................................................................................................................. 19
3.3.2 Order data............................................................................................................................................... 20
3.3.2.1 SiteManager Embedded.................................................................................................................... 20
3.3.2.2 SiteManager Hardware...................................................................................................................... 20
3.3.3 Technical data......................................................................................................................................... 22
3.3.3.1 SiteManager Embedded.................................................................................................................... 22
3.3.3.2 SiteManager Hardware...................................................................................................................... 22
3.3.4 Accessories..............................................................................................................................................24
3.3.4.1 Terminal blocks.................................................................................................................................. 24
3.3.4.2 Antennas............................................................................................................................................ 24
3.3.5 LED status indicators.............................................................................................................................. 26
3.3.6 Operating and connection elements....................................................................................................... 27
3.3.6.1 Reset button.......................................................................................................................................27
3.3.6.2 Ethernet interfaces (DEV1 and UPLINK1).........................................................................................27
3.3.6.3 Power supply......................................................................................................................................27
3.3.6.4 I/O interfaces......................................................................................................................................28
Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 3
Table of contents

3.3.6.5 Connection of inputs / outputs...........................................................................................................28


3.3.7 Installation................................................................................................................................................ 29
3.3.8 Initial configuration via controller.............................................................................................................30
3.3.8.1 Ethernet configuration........................................................................................................................ 30
3.3.9 SiteManager 1115/1135/1145 - Initial Setup............................................................................................31
3.3.9.1 Applying UPLINK settings for accessing the Internet........................................................................31
3.3.9.2 Settings for GateManager server connection.................................................................................... 32
3.3.9.3 Internet access via integrated broadband......................................................................................... 32
3.3.9.4 Internet access via integrated WiFi module...................................................................................... 33
3.3.10 Automation Studio................................................................................................................................. 34
3.3.10.1 Standard function model.................................................................................................................. 34
3.3.10.2 Meaning of "Standard" function model............................................................................................ 38
3.4 LinkManager..................................................................................................................................................39
3.4.1 General information................................................................................................................................. 39
3.4.2 Order data............................................................................................................................................... 39
3.5 Starter package.............................................................................................................................................40
3.5.1 Order data............................................................................................................................................... 40
3.6 Network safety.............................................................................................................................................. 41

4 Getting started with the system components......................................................42

5 Additional documentation...................................................................................... 44

6 Solution models...................................................................................................... 46
6.1 Remote maintenance - On-demand access for programming and trouble-shooting.................................... 46
6.2 Remote monitoring - Secure data logging (between 2 SiteManagers).........................................................46
6.3 Remote monitoring - For secure data logging..............................................................................................47
6.4 Full network access...................................................................................................................................... 47
6.5 Direct Internet access - For data logging and video surveillance................................................................ 48

7 End customer scenarios........................................................................................ 49


7.1 SiteManager and machine in an isolated network....................................................................................... 50
7.2 Machine network isolated behind DMZ and SiteManager............................................................................51
7.3 SiteManager isolated in its own DMZ...........................................................................................................52
7.4 SiteManager an machine in separate networks........................................................................................... 53
7.5 Remote maintenance - Complete scenario.................................................................................................. 54

8 Standards and certifications..................................................................................55


8.1 Directives and standards.............................................................................................................................. 55
8.2 Declarations and certifications...................................................................................................................... 56

9 Terms and abbreviations........................................................................................57

4 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
General information

1 General information

Information:
B&R makes every effort to keep user's manuals as current as possible. The most current versions can
be downloaded from the B&R website www.br-automation.com.

1.1 Manual history


Version Date Comment
1.32 December 2017 • New SiteManager hardware module 0RMSM1135.4G-JP
1.31 June 2017 • Renaming EasyLogging to LogTunnel
• Adapted description of SiteManager LED
• Section "SiteManager": "Order data" divided into "Embedded" and "Hardware". Order data extended with
optional accessories and content of delivery
• Section "SiteManager": "Technical data" divided into "Embedded" and "Hardware". Added technical data
of SiteManager Embedded
• Updated section "Additional documentation"
• Editorial changes
1.30 March 2017 • Updated section "Secure Remote Maintenance" with new device models. Highlighted standalone B&R
solution as compared to Secomea
• Updated section "System overview" to include the minimum system design
• Updated section "GateManager": "General" to include AWS support and the GateManager hosting service
• Updated section "Service agreements": 3 new service levels and the Logtunnel option
• Updated sections "SiteManager": "General", "Order data" and "Technical data". New SiteManager hard-
ware module with 4G/LTE support and SiteManager Embedded
• New section "Accessories": Antennas for mobile network and Wi-Fi.
• Updated section "Automation Studio" to include I/O mapping - Register overview and further register
descriptions
• New section "Starter package": Easy installation allows new customers getting started faster
• Section "Additional documentation" with new remote data logging grouping
• Editorial changes
1.20 October 2016 • Replaced section "SiteManager" with data sheet "SiteManager"
• Adapted chapter structure of the included data sheets
• Added section "Reset button" for SiteManager
• Added contents of SiteManager information sheet to the "SiteManager" data sheet
• Added contents of GateManager information sheet to the "GateManager" section
• Updated section "Additional documentation" to include LogTunnel
• Updated description of the main configuration entries (WiFi KEY mandatory, etc.)
• Moved parameter table of the main configuration to section "Standard function model"
• Updated and reorganized section "Standards and certifications"
• Added section "Definitions and abbreviations"
• Editorial changes
1.11a June 2016 • Added section" Delivery and installation of licenses"
1.11 • Updated section "Getting started"
• Updated additional documentation with further notes and explanations regarding the listed vendor doc-
uments
• Editorial changes
1.10 March 2016 • Modified chapter structure
• Updated system overview and device overviews
• Added end customer scenarios / use cases
• Updated link list of associated vendor documents
• Editorial changes
1.00 February 2016 First edition

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 5
General information

1.2 Safety guidelines


1.2.1 Organization of safety notices

Safety notices in this manual are organized as follows:


Safety notice Description
Danger! Failure to observe these safety guidelines and notices can result in death.
Warning! Failure to observe these safety guidelines and notices can result in severe injury or substantial damage to property.
Caution! Failure to observe these safety guidelines and notices can result in injury or damage to property.
Information: These instructions are important for avoiding malfunctions.

Table 1: Description of the safety notices used in this documentation

1.2.2 Introduction

The components of B&R's Secure Remote Maintenance solution have been designed, developed and manufac-
tured for conventional use in industrial environments. They were not designed, developed and manufactured for
any use involving serious risks or hazards that could lead to death, injury, serious physical damage or loss of any
kind without the implementation of exceptionally stringent safety precautions. In particular, such risks and hazards
include the use of these devices to monitor nuclear reactions in nuclear power plants, flight control systems, flight
safety, the control of mass transportation systems, medical life support systems and the control of weapons sys-
tems.
All tasks such as the installation, commissioning and servicing of devices are only permitted to be carried out by
qualified personnel. Qualified personnel are those who are familiar with the transport, mounting, installation, com-
missioning and operation of devices and who also have the appropriate qualifications (e.g. IEC 60364). National
accident prevention regulations must be observed.
The safety notices, connection descriptions (type plate and documentation) and limit values listed in the technical
data are to be read carefully before installation and commissioning and must be observed.

1.2.3 Intended use

Electronic devices are never completely failsafe. If the programmable control system, operating/monitoring device
or uninterruptible power supply fails, the user is responsible for ensuring that other connected devices, e.g. motors,
are brought to a secure state.
Modules from B&R are designed as "open equipment" (EN 61131-2) and "open type equipment" (UL). They are
therefore designated for installation in an enclosed control cabinet. In all cases, it is necessary to observe and
comply with all applicable national and international standards and guidelines, such as machinery directive 2006/42/
EC.

1.2.4 Protection against electrostatic discharge

Electrical components that can be damaged by ESD (ElectroStatic Discharge) must be handled accordingly.

1.2.4.1 Packaging

• Electrical components with a housing


...do not require special ESD packaging, but must be handled properly.
(See "Electrical components with a housing" on page 6).
• Electrical components without a housing
...are protected by ESD-suitable packaging.

1.2.4.2 Guidelines for proper ESD handling

Electrical components with a housing


• Do not touch the connector contacts on the device (bus data contacts).
• Do not touch the connector contacts on connected cables
• Do not touch the contact tips on circuit boards

6 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
General information

Electrical components without a housing


The following points apply in addition to the points listed under "Electrical components with a housing":
• Any persons handling electrical components or devices with installed electrical components must be
grounded.
• Components are only permitted to be touched on their narrow sides or front plate.
• Components should always be stored in a suitable medium (ESD packaging, conductive foam, etc.).

Information:
Metallic surfaces are not suitable storage surfaces.

• Components should not be subjected to electrostatic discharge (e.g. through the use of charged plastics).
• Ensure a minimum distance of 10 cm from monitors and TV sets.
• Measuring instruments and equipment must be grounded.
• Probes on potential-free measuring instruments must be discharged on sufficiently grounded surfaces be-
fore taking measurements.

Individual components
• ESD protective measures for individual components are thoroughly integrated at B&R (conductive floors,
footwear, arm bands, etc.).
• These increased ESD protective measures for individual components are not necessary for customers
handling B&R products.

1.2.5 Transport and storage

During transport and storage, devices must be protected against undue stress (mechanical loads, temperature,
moisture, corrosive atmospheres, etc.).
Devices contain components sensitive to electrostatic charges that can be damaged by inappropriate handling. It
is therefore necessary to provide the required protective measures against electrostatic discharge when installing
or removing these devices (see "Protection against electrostatic discharge" on page 6).

1.2.6 Operation

1.2.6.1 Protection against touching electrical parts

To operate programmable logic controllers, operating and monitoring devices, and uninterruptible power supplies,
certain components must carry dangerous voltage levels. Touching one of these parts can result in a life-threatening
electric shock. This could lead to death, severe injury or damage to property.
Before turning on the programmable logic controller, operating/monitoring devices or uninterruptible power supply,
the housing must be properly grounded (PE rail). Ground connections must be established even when testing or
operating operating/monitoring devices or the uninterruptible power supply for a short time!
Before switching on the device, all parts that carry voltage must be securely covered. During operation, all covers
must remain closed.

1.2.6.2 Environmental conditions - Dust, moisture, corrosive gases

The use of operating/monitoring devices (e.g. industrial PCs, Power Panels, Mobile Panels) and uninterruptible
power supplies in very dusty environments must be avoided. The collection of dust on devices can affect function-
ality and may prevent sufficient cooling, especially in systems with active cooling (fans).
The presence of corrosive gases can also result in impaired functionality. In combination with high temperature and
humidity, corrosive gases – e.g. with sulfur, nitrogen and chlorine components – can induce chemical reactions
that can damage electronic components very quickly. The presence of corrosive gases is indicated by blackened
copper surfaces and cable ends on existing installations.
When operated in dusty or moist environments that could potentially impair functionality, operating/monitoring
devices such as the Automation Panel and Power Panel are protected on the front against the ingress of dust
or moisture when installed properly (e.g. cutout installation). The back of all devices must be protected from the
ingress of dust and moisture, however; any collected dust must be removed at suitable intervals.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 7
General information

1.2.6.3 Viruses and dangerous programs

This system is subject to potential risk each time data is exchanged or software is installed from a data storage
device (e.g. diskette, CD-ROM, USB flash drive, etc.), network connection or the Internet. The user is responsible
for assessing these risks, implementing preventive measures such as virus protection programs, firewalls, etc. and
making sure that software is obtained only from trusted sources.

1.2.7 Environmentally friendly disposal

All B&R control components are designed to inflict as little harm on the environment as possible.

1.2.7.1 Separation of materials

It is necessary to separate different materials so the device can undergo an environmentally friendly recycling
process.
Component Disposal
Programmable logic controllers Electronics recycling
Operating/Monitoring devices
Uninterruptible power supply
Batteries and rechargeable batteries
Cables
Cardboard box / Paper packaging Cardboard box / Paper recycling
Plastic packaging Plastic recycling

Table 2: Separation of materials

Disposal must comply with applicable legal regulations.

8 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
Secure Remote Maintenance

2 Secure Remote Maintenance

The secure remote maintenance solution of B&R allows simple diagnostics and maintenance of machines and
plants from a distance in accordance with current IT and security policies.
In addition, a certified and encrypted VPN connection is established between the SiteManager on the machine
and a gateway, which is usually located at the machine manufacturer's service center. All access rights for up to
10,000 machines can be stored there. The SiteManager has integrated digital inputs and outputs. These could be
used to connect a key switch, for example, that must be actuated to permit access for maintenance. An integrated
firewall provides protection against unauthorized third-party access. In order to avoid security conflicts with plant
firewalls, communication to the Internet is handled using firewall-compatible encrypted Web protocols. Therefore
no additional ports must be opened.

Machine pool management


Machine builders have many customers – and even more machines in the field. In order to use remote maintenance
effectively, centralized machine pool management is a must-have subsystem of a modern remote maintenance
solution. This manages the machines in the field as well as the access rights of service staff operating the individual
machines. A machine pool management system is the key feature for an easy-to-use, Secure Remote Maintenance
system. Access to machine pool management is possible via a web portal that is accessible via the Internet. This
web portal is part of the GateManager.

Possibilities
• Diagnostics using the System Diagnostics Manager in Automation Studio
• Read logbook entries and application data
• Change machine settings and parameters
• Updating programs and firmware via Automation Studio

Strong partnership with technology leader


The secure remote maintenance solution is a brand labeled product that is developed by Secomea. Secomea is
a leading manufacturer of industrial communication equipment with a strong focus on security and usability of the
products.
The B&R versions of the hardware and software products used are slightly different than the Secomea products:
• The B&R SiteManager hardware does not have any USB or serial interfaces. Instead, it is fully integrated
into Automation Studio and thus can be configured in your Automation Studio project.

Information:
The Secomea SiteManagers cannot be configured that way.

• In addition, B&R versions of the GateManager, SiteManager and LinkManager software variants are used.

Information:
The software versions from Secomea are not compatible with the B&R versions and are not
permitted to be used with B&R's Secure Remote Maintenance solution!

• For LinkManager connection via VNC protocol, a dedicated VNC agent must be used (enter dedicated
address and port number, e.g. 192.168.0.8:5910).

Information:
The Secomea solution always uses VNC port 5900 as standard.

• B&R only uses GateManager Premium Administrator accounts.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 9
System overview

3 System overview

3.1 Overview
B&R's Secure Remote Maintenance solution was developed to provide the highest level of network security as
well as simple and intuitive operation in order to give a service technician remote access to a machine. For this
purpose, a secure connection is established between the machine and the service technician during a service call.
The service technician only needs a web browser, the Connect Client program and an Internet connection in order
to log onto the GateManager web portal. The machine also connects to the web portal via the SiteManager, a
remote maintenance gateway with built-in firewall. The Machine Pool Manager integrated in the web portal then
allows authorized connections to be made between the service technician and the machine, and a secure VPN
connection is established.
VPN networks, firewalls and appropriate strategies for establishing a connection provide maximum protection for
the remote connection. This protection even extends to man-in-the-middle and denial-of-service attacks and makes
the remote maintenance solution as secure as possible.
In cases where a LAN or WLAN connection is not possible or not desired, the VPN connection can be established
via a mobile network.

System design
Secure Remote Maintenance consists of at least the following components:
• 1 GateManager (0RMGM.4260-TP or 0RMGM.sw)
• 1x LinkManager (0RMLM.WIN) and LinkManager Mobile (0RMLM.MOB) license
• 1x SiteManager (0RMSM11x5) or SiteManager Embedded (0RMSME.x)
• Service Agreement ENTRY (0RMAS.entry)
Based on this minimum configuration, various starter packages are offered for quick entry into the remote mainte-
nance solution (see "Starter package" on page 40).

SiteManager
Embedded

SiteManager 1115
Ethernet
Integrated I/O

LinkManager
Internet SiteManager 1135
Ethernet & LTE/4G/3G
Integrated I/O
GateManager

SiteManager 1145
Ethernet & Wi-Fi
Integrated I/O

10 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.2 GateManager
3.2.1 General information

The GateManager is the central connection platform for technicians and machines, which both dial in to establish
a connection (the GateManager acts as a secure proxy for the SiteManager and LinkManager). Connections are
established according to the defined authorization settings i.e. the configured user accounts and access rights.
User accounts, authorization settings and machines can be managed easily and intuitively by authorized personnel
via a web portal (Machine Pool Management).
The GateManager can be set up according to specific customer requirements. This allows machine builders to set
up their own internal portal, for example via a dedicated GateManager hardware server (see "Typical hardware
installation") or via a virtual machine image (see "Software image for virtualization platforms").
The GateManager is the only component that has open ports to the Internet. This means that the GateManager
must have an FQDN (Fully-Qualified Domain Name) and its user interface is, of course, also web-based. Regarding
these issues, the GateManager does not differ from a normal web server on which, for example, the company web
page can be hosted. Access and connections are only permitted with the correct X.509 certificate.
Administrators have the option of creating domains. Domains are used to structure and subdivide a GateManager
in a logical manner. Each domain can be assigned one more domain administrators that can only view and manage
the content of the assigned domain.

Information:
GateManagers are delivered with a LinkManager and LinkManager Mobile license preinstalled.

Typical hardware installation


The WAN interface on the GateManager is connected to an intranet that is connected to the Internet through a
firewall. The firewall has a fixed IP address on the Internet side.

Internet
Intranet / DMZ
NAT router (firewall)

For details, see GateManager hardware - Server model 4260 - Installation and configuration guide.

Software image for virtualization platforms


The GateManager software variant is based on a virtual machine image. MS Hyper V, VMWare/ESXi or AWS
(Amazon Web Services) are supported as a virtualization platform. Download the GateManager software via http://
www.br-automation.com/gatemanager.
If a company's IT is already being operated in the AWS Cloud, the second variant offers the possibility to install the
B&R GateManager on server instances. The AMI (Amazon Machine Image) file is freely available in the AWS cloud.
For details, see GateManager Software - Server model 8250 - Installation STEP 0 - Preparing the LINUX installation
or GateManager Software - Server model 9250 - Installation STEP 1 - for the IT department.

GateManager hosting service


Various starter packages (see "Starter package" on page 40), which include the GateManager hosting service,
are offered for quick entry into the remote maintenance solution.
With the GateManager hosting service, the Secure Remote Maintenance solution can be used without having to
install and operate a GateManager. This relieves the customer the initial expenses for purchasing the GateManager
variant and does away with the need for integration in their IT landscape.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 11
System overview

3.2.2 Order data


Model number Short description Figure
GateManager
0RMGM.4260-TP Secure Remote Maintenance - GateManager (hardware de-
vice), manages max. 2000 SiteManagers, 1x LinkManager and
1x LinkManager Mobile license included, service agreement EN-
TRY included and must be activated and unlocked according to
the manual.
0RMGM.SW Secure Remote Maintenance - GateManager (software ver-
sion), available for MS Hyper V, VMWare/ESXI or AWS, man-
ages max. 10000 SiteManagers, 1x LinkManager and 1x
LinkManager Mobile license included, service agreement EN-
TRY included and must be activated and unlocked according to
the manual.

Table 3: 0RMGM.4260-TP, 0RMGM.SW - Order data

Information:
Download the GateManager software via http://www.br-automation.com/gatemanager.

3.2.3 Technical data


Model number 0RMGM.4260-TP
General information
B&R ID code 0xE8EB
Functionality
Number of supported SiteManagers Up to 2000
Mains connector
Mains input voltage 100 to 240 V
Frequency 50 to 60 Hz
Installed load 36 W
Controller
Processor
Type Dual core Intel AtomTM C2358
Clock frequency 1.7 GHz
Flash 32 GB
DRAM 2 GB
Interfaces
IF1 interface
Type CONSOLE
Design 1x RJ45 shielded
Cable length Max. 100 m between 2 nodes (segment length)
Transfer rate Max. 10/100/1000 Mbit/s
IF2 interface
Type USB 2.0
IF3 interface
Type USB 2.0
IF4 interface
Type LAN
Design 1x RJ45 shielded
Transfer rate Max. 10/100/1000 Mbit/s
IF5 interface
Type WAN
Design 1x RJ45 shielded
Transfer rate Max. 10/100/1000 Mbit/s
IF6 interface
Type AUX1
Design 1x RJ45 shielded
Transfer rate Max. 10/100/1000 Mbit/s
IF7 interface
Type AUX2
Design 1x RJ45 shielded
Transfer rate Max. 10/100/1000 Mbit/s
Environmental conditions
Temperature
Operation 0 to 40°C
Mechanical characteristics
Dimensions
Width 177 mm
Height 44 mm
Depth 145.5 mm
Weight 1.2 kg

Table 4: 0RMGM.4260-TP - Technical data

12 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.2.4 LED status indicators


Figure LED Color Status Description

STATUS
STATUS Red Blinking quickly Booting
(0.5 s ON, 0.5 s OFF)
Blinking slowly Check the file system.
(2 s ON, 2 s OFF) File system verification is performed on every 20th boot (or every 180 days). This
check can take up to 5 minutes.

Important!
POWER
Possible damage to the device!
Do not disconnect the module from the power supply while the file
system is being checked!

POWER Green ON Power supplied.

3.2.5 Operating and connection elements

3.2.5.1 Reset button

The reset button currently has no effect, but is reserved for future use.

3.2.5.2 Ethernet interfaces

The interfaces are 10/100/1000 Mbit/s. Use standard CAT5 cables (or a later version) to connect to a switched
network. The interfaces are auto-sensing crossover connections, so a direct connection to a PC (e.g. for configu-
ration) can be made using a crossover cable or a standard cable.
The WAN interface is used for normal operation. The LAN interface is only for debugging and special configurations.
The two interfaces AUX1 and AUX2 currently have no effect, but are reserved for future use.

3.2.5.3 USB interfaces

USB interfaces are used for backup and restore and/or connecting an optional external USB modem for SMS text
message notifications and/or login authentication.

Information:
SMS text message support can be achieved through configuration of an external SMS gateway.
See Configuring SMS gateways on GateManager.
The interfaces support a USB 2.0 flash drive that is formatted as FAT 32. The recommended size is 4 GB or more.

3.2.5.4 Power supply

Use the supplied power supply on a 100-240 V and 50-60 Hz power outlet.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 13
System overview

3.2.6 Activating the GateManager and ordering licenses

A GateManager is delivered in trial/demo mode. There is 1 LinkManager and 1 LinkManager Mobile license prein-
stalled; a maximum of 3 SiteManagers and 2 at the same time can be managed. There are no functional restrictions
in demo mode.
To use the GateManager to its full extent, it must be activated. For activation, the license ID and hostname of the
GateManager must be reported to B&R. Based on this information, a license key is generated that can be used to
activate the GateManager (a license is created only for a particular GateManager identified by its license ID and
hostname). LinkManager and LinkManager Mobile licenses and users are all managed in the GateManager.

Information:
The hostname can be freely defined in the GateManager settings and must be an FQDN, e.g. "re-
mote.companyname.com". The use of an IP address instead of an FQDN is not supported for gener-
ating licenses. In addition, please note that no changes can be made after the hostname has been
successfully activated since this would invalidate all installed licenses.
The GateManager includes a special form to simplify the process of transmitting the GateManager information to a
B&R representative. LinkManager and LinkManager Mobile licenses can be ordered from a local B&R represen-
tative via telephone, email or fax. After the official order, the form shown must be used to submit the necessary
GateManager information.

Fill out the form as follows:


1. Specify information about your B&R representative. This is included on the delivery note for your GateMan-
ager. Please use the contact and email field to enter the name and email address of your sales representative
at B&R HQ or a B&R subsidiary.
2. The necessary GateManager information is filled in automatically. Please enter your purchase order number
from the GateManager delivery note here as well as your company name. Use the comment field to give
additional information.
3. This section shows the currently active agreement of service for the GateManager. It also shows how many
licenses and SiteManagers are installed and how they can be added to this service agreement.

By clicking <Submit Information>, the complete form is sent to B&R and to the B&R representative.

14 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.2.6.1 Delivery and installation of licenses

B&R then compares the transferred data with the existing order data. After successful verification, the activation
license is automatically transferred to and installed on the GateManager to be activated. Since licenses are tied to
the hostname and license ID of the GateManager, there is no need to archive the licensing files. For this reason,
licenses are delivered during the automatic installation process on the GateManager.
If the GateManager is offline or otherwise unreachable, delivery takes place via e-mail to the e-mail address spec-
ified under item 2 in the form. The e-mail also contains instructions for installing the licenses.
The delivery and installation procedure is identical for the activation license and all other GateManager licenses
(LinkManager / LinkManager Mobile licenses, SiteManager Embedded licenses, etc.). Licenses are delivered ex-
clusively in digital form.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 15
System overview

3.2.7 Service agreements

The service agreements describe certain terms and framework of use for Secure Remote Maintenance (number
of managed SiteManagers and the number of installed LinkManager and LinkManager Mobile licenses on the
GateManager). The actual service agreement is calculated automatically according to the size of the B&R solution
for remote maintenance.
Model number GateManager Max. licenses Max. licenses Max. amount
Service level LinkManager LinkManager Mobile SiteManager
0RMAS.entry ENTRY 2 8 100
0RMAS.BRONZE BRONZE 4 50 300
0RMAS.SILVER SILVER 6 100 500
0RMAS.GOLD GOLD 8 250 Unlimited
0RMAS.unlimited UNLIMITED Unlimited Unlimited Unlimited

Information:
A specific service agreement applies for each installed GateManager and is independent of the Gate-
Manager version (incl. GateManager hosting service).
With an active service agreement, current software versions as well as updates and patches are avail-
able on the B&R website (see http://www.br-automation.com/gatemanager).
The service agreements are billed once a year and are automatically renewed for a period of one year
if they are not canceled one month prior to the renewal date.

3.2.7.1 LogTunnel – Remote data logging

Optional extensions are also available for the service agreements listed:
Model number Description
0RMAS.LOG Secure Remote Maintenance - LogTunnel and Usage Statistics license, needs at least service level BRONZE
0RMAS.LOG.TRIAL Secure Remote Maintenance - LogTunnel trial, LogTunnel 30 days test license, only for GateManager Hosting Service customers

LogTunnel makes it possible to record machine data to a central database server (log server) in the machine
builder's data center.
LogTunnel is supported starting with service level BRONZE. Automatic upgrade from ENTRY to BRONZE if the
LogTunnel license is installed on a GateManager.

Information:
0RMAS.log includes the functions for usage statistics from the previous optional service agreement
(0RMUS.unlimited).

16 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.2.8 User authorization management

All user accounts on the remote maintenance system are set up and serviced on the GateManager. Each user
account must be assigned a user role that allows certain activities in the remote maintenance system. This user
authorization management acts as function separation and represents another important data link layer in the
remote maintenance system.
The GateManager logs, among other things, every change in the configuration, every user login, every connection
established with a user account, executed actions and events. All these events are logged with a timestamp,
description and the user who executed them.
The most important user roles are:
• GateManager server administrator
• GateManager domain administrator
• LinkManager user
• Domain observer
The system can be configured in such a way that access to the SiteManager and its device agents are only carried
out by LinkManager users. Administrators then cannot establish any connections to SiteManagers or device agents
within the GateManager user interface. Administrators can then only assign the SiteManager and LinkManager
user accounts to domains or subdomains.

3.2.8.1 GateManager server administrator

The user role is used for a system administrator. The server administrator's task is to create the initial server
configuration and to ensure continued error-free operation. The server administrator can set up, approve, disable,
etc. all available user roles for users.
The server administrator has access to all domains on the GateManager. The most important tasks that can be
performed with a server administrator user account are listed below:
• Creating additional server administrator user accounts and user accounts with other roles
• Access to the GateManager configuration (email settings, server log, license maintenance, firmware repos-
itory, etc.)
• Creating backups of SiteManager settings
• Upgrading SiteManager firmware
• Creating actions and alerts
• Creating domains and subdomains
• Moving user accounts, SiteManagers and device agents throughout domains.

3.2.8.2 GateManager domain administrator

This user role is similar to the one for a server administrator. The domain administrator can set up and maintain user
accounts in their assigned domain as well as create subdomains and subdivide their domain in this way. The domain
administrator has no information about possible additional domains that are still located on the GateManager. The
domain administrator can also arrange SiteManagers and device agents into subdomains and in this way allow or
deny LinkManagers user accounts access to machines.
Below, activities are listed that can be carried out with a domain administrator user account. This is only possible
in the domain which the domain administrator is responsible for:
• Creating user accounts (no server administrator users!)
• Creating backups of SiteManager settings
• Upgrading SiteManager firmware
• Creating actions and alerts
• Creating subdomains
• Moving user accounts, SiteManagers and device agents into subdomains.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 17
System overview

3.2.8.3 LinkManager user

This user role is intended for a service technician who requires access to machines or machine components. Via
pre-configured device agents, the service technician can connect via PC to the device agents. The LinkManager
user does not have access to the GateManager user interface and depends on the correct configuration of its
access rights to SiteManagers and their device agents by the domain administrator.

3.2.8.4 Domain observer

This user role provides the user insight into all details of a domain, including audit logs, licenses as well as SiteM-
anagers and device agents. This role is only for monitoring and viewing activities in a domain. The domain observer
can neither make changes to the configuration nor set up new user accounts.

18 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.3 SiteManager
3.3.1 General information

The SiteManager enables the machine or machine network to connect to the GateManager and further to the
Internet. All SiteManager variants are equipped with integrated inputs and outputs as well as at least one Ethernet
interface for the uplink to the Internet. The integrated firewall controls all access to the machine network. This means
that communication between the GateManager and machine network is not possible if corresponding firewall rules
have not been created.
All SiteManager variants can be configured in Automation Studio. The SiteManager only has to be installed once.
If it becomes necessary to replace the SiteManager, all parameters are transferred from the machine’s PLC to the
new SiteManager. When the SiteManager logs onto the service portal for the first time, one-time authentication
is all that is necessary.

Information:
Access to the GateManager from the SiteManager must be enabled through the end customer's firewall.
The SiteManager supports proxy servers that enable this access to be regulated more exactly. What is
important is that port 443 is allowed in both directions for the SiteManager. This port is used for SSL
VPN communication with the GateManager. In addition, it is also possible to communicate over other
ports other than 443 (e.g. 11444). The SiteManager can be configured accordingly.

SiteManager Embedded
SiteManager Embedded is the software variant for the SiteManager and can be used on x86 Windows and Linux
Automation/Panel PCs. SiteManager Embedded for LinkManager offers the same access possibilities to the ma-
chine network as the hardware variants of the SiteManager.
Simply download and install the SiteManager Embedded installation package. Download the SiteManager software
via http://www.br-automation.com/sitemanager.
SiteManager Embedded licenses are installed on the GateManager and assigned to SiteManager Embedded in-
stances.
SiteManager Embedded is available in two variants.
• SiteManager Embedded BASIC: The BASIC variant allows access on the Automation/Panel PC where
SiteManager Embedded is installed. Access via the machine network and the corresponding network sta-
tions is not possible.
• SiteManager Embedded EXTENDED: The EXTENDED variant is based on the functionality of the BASIC
variant and allows access via the machine network and other network stations. This version offers the same
functionality as the hardware SiteManager.

SiteManager hardware
The SiteManager hardware variants are primarily distinguished by the number of uplink ports available:
• SiteManager 1115: 1x Ethernet uplink port
• SiteManager 1135: 1x GPRS/3G uplink port and 1x Ethernet uplink port
• SiteManager 1135.4G-xx: 1x LTE/4G/3G uplink port and 1x Ethernet uplink port
• SiteManager 1145: 1x Wi-Fi uplink port and 1x Ethernet uplink port

Information:
SiteManager variant 1135.4G-xx is available in editions for the following regions: USA, EMEA, Japan
and China. Each edition supports dedicated frequencies/bands and mobile network operator. All Site-
Manager 1135.4G-xx variants also support 3G, in case 4G is not yet available in a specific region.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 19
System overview

3.3.2 Order data

3.3.2.1 SiteManager Embedded

0RMSME.x
Model number Short description
SiteManager
0RMSME.B Secure Remote Maintenance - SiteManager Embedded BASIC license for Windows/Linux, 2 device agents
0RMSME.E Secure Remote Maintenance - SiteManager Embedded EXTENDED license for Windows/Linux, 5 device agents

Table 5: 0RMSME.B, 0RMSME.E - Order data

Information:
Download the SiteManager software via http://www.br-automation.com/sitemanager.

3.3.2.2 SiteManager Hardware

0RMSM1115
Model number Short description Figure
SiteManager
0RMSM1115 Secure Remote Maintenance -SiteManager, LAN 1x Ethernet
100BASE-T uplink port, 5 device agents, integrated firewall, 2x
digital inputs, 2x digital outputs, 24 VDC
Optional accessories
Terminal blocks
0TB6110.2010-01 Accessory terminal block, 10-pin (3.81), screw clamp terminal
block 1.5 mm²

Table 6: 0RMSM1115 - Order data

0RMSM1135
Model number Short description Figure
SiteManager
0RMSM1135 Secure Remote Maintenance -SiteManager, GPRS/3G, 1x Eth-
ernet 100BASE-T uplink port, 1x GPRS/3G uplink port, 5 device
agents, integrated firewall, 2x digital inputs, 2x digital outputs,
24 VDC
0RMSM1135.4G-CN Secure Remote Maintenance -SiteManager, LTE/4G/3G, for re-
gion CHINA 1x Ethernet 100BASE-T uplink port, 1x GPRS/3G
uplink port, 5 device agents, integrated firewall, 2x digital inputs,
2x digital outputs, 24 VDC
0RMSM1135.4G-EU Secure Remote Maintenance -SiteManager, LTE/4G/3G; for re-
gion EMEA 1x Ethernet 100BASE-T uplink port, 1x GPRS/3G
uplink port, 5 device agents, integrated firewall, 2x digital inputs,
2x digital outputs, 24 VDC
0RMSM1135.4G-JP Secure Remote Maintenance -SiteManager, LTE/4G/3G, for re-
gion JAPAN 1x Ethernet 100BASE-T uplink port, 1x GPRS/3G
uplink port, 5 device agents, integrated firewall, 2x digital inputs,
2x digital outputs, 24 VDC
0RMSM1135.4G-US Secure Remote Maintenance -SiteManager, LTE/4G/3G, for re-
gion US 1x Ethernet 100BASE-T uplink port, 1x GPRS/3G up-
link port, 5 device agents, integrated firewall, 2x digital inputs,
2x digital outputs, 24 VDC
Optionales Zubehör
Antennas
0RMSM.A3G-10 GSM/3G puck antenna Frequencies: 880-960/1710-2170 MHz,
SMA connector (male), 2.5 m cable, Screw or hole mounting,
IP67, compatible with 0RMSM1135

Table 7: 0RMSM1135, 0RMSM1135.4G-CN, 0RMSM1135.4G-EU, 0RMSM1135.4G-JP, 0RMSM1135.4G-US - Order data

20 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview
Model number Short description Figure
0RMSM.A3G-20 GSM/3G mini antenna Frequencies: 824-960/1710-2170 MHz,
SMA connector (male), 3 m cable, magnetic attachment, com-
patible with 0RMSM1135
0RMSM.AMB-10 GSM/3G/LTE broadband antenna Frequencies: 750-1250,
1650-2700 MHz, SMA male connector, 3 m cable, Screw or hole
mounting, compatible with 0RMSM1135, base plate needed for
optimal amplification, IP67
Terminal blocks
0TB6110.2010-01 Accessory terminal block, 10-pin (3.81), screw clamp terminal
block 1.5 mm²

Table 7: 0RMSM1135, 0RMSM1135.4G-CN, 0RMSM1135.4G-EU, 0RMSM1135.4G-JP, 0RMSM1135.4G-US - Order data

0RMSM1145
Model number Short description Figure
SiteManager
0RMSM1145 Secure Remote Maintenance -SiteManager, WiFi 1x Ethernet
100BASE-T uplink port, 1x WiFi uplink port, 5 device agents,
integrated firewall, 2x digital inputs, 2x digital outputs, 24 VDC
Optional accessories
Antennas
0RMSM.AWIFI-10 Wi-Fi puck antenna, 2.4 & 5 GHz, compatible with 0RMSM1145,
2 m cable
Terminal blocks
0TB6110.2010-01 Accessory terminal block, 10-pin (3.81), screw clamp terminal
block 1.5 mm²

Table 8: 0RMSM1145 - Order data

Content of delivery
Quantity Description
1 WiFi antenna, 2.4 GHz, compatible with 0RMSM1145, slewable with RP-SMA connector

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 21
System overview

3.3.3 Technical data

3.3.3.1 SiteManager Embedded

Model number 0RMSME.B 0RMSME.E


General information
System requirements
Hardware requirements
Processor Intel x86 or compatible CPU
RAM 10 MB available RAM
Hard drive space 5 MB
Software requirements
Operating system Windows: XP/7/8, 32/64-bit, Standard or Embedded
Linux: Typical x86 distributions such as Debian, Ubuntu, CentOS, etc.

Table 9: 0RMSME.B, 0RMSME.E - Technical data

3.3.3.2 SiteManager Hardware

Model number 0RMSM1115 0RMSM1135 0RMSM1135. 0RMSM1135. 0RMSM1135. 0RMSM1135. 0RMSM1145


4G-CN 4G-EU 4G-JP 4G-US
General information
B&R ID code 0xE8E9 0xE8EA 0xEE28 0xEE27 0xF241 0xEE26 0xE908
Reset button Yes
Status LED Supply voltage Supply voltage
Status Status
LinkManager LinkManager connection
connection Wireless connection
Power consumption Max. 3 W Max. 5 W Max. 3 W
Functionality
Data transfer
Integrated broadband modem
LTE band - B1 (FDD 2100) B1 (2100) B1 (2100) B2 (1900) -
B3 (FDD 1800) B3 (1800) B3 (1800) B4 (1700/AWS)
B7 (FDD 2600) B7 (2600) B8 (900) B5 (850)
B38 (TDD B8 (900) B18 (FDD B17 (700)
2600) B20 (800DD) 800/850 JP#4)
B39 (TDD B38 (TDD B19 (FDD
1900) 2600) 800/850 JP#5)
B40 (TDD B40 (TDD B20 (800DD)
2300) 2300) B38 (TDD
B41 (TDD 2600)
2500) B40 (TDD
2300)
B41 (TDD
2500)
UMTS/HSDPA/HSPA+ - B1 (2100) B1 (2100) B2 (1900) -
B8 (900) B6 (850 JP#1) B5 (850)
B8 (900)
TD-SCDMA - B34 -
(2010-2025)
B39
(1800-1920)
WCDMA - 850 MHz -
1900 MHz
2100 MHz
GPRS/EDGE - 850 MHz (B10) 900 MHz (B10) 900 MHz -
900 MHz (B13) (B13) 1800 MHz
1800 MHz 1800 MHz
1900 MHz
Integrated WiFi module - 2400 MHz for
client mode
Controller
Processor
Type ARM Cortex A5
Clock frequency 563 MHz

Table 10: 0RMSM1115, 0RMSM1135, 0RMSM1135.4G-CN, 0RMSM1135.4G-


EU, 0RMSM1135.4G-JP, 0RMSM1135.4G-US, 0RMSM1145 - Technical data

22 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview
Model number 0RMSM1115 0RMSM1135 0RMSM1135. 0RMSM1135. 0RMSM1135. 0RMSM1135. 0RMSM1145
4G-CN 4G-EU 4G-JP 4G-US
Interfaces
IF1 interface
Type Ethernet UPLINK1
Design Shielded RJ45
Cable length Max. 100 m between 2 nodes (segment length)
Transfer rate Max. 10/100 Mbit/s
Transmission
Physical layer 10BASE-T/100BASE-TX
Half-duplex Yes
Full-duplex Yes
Autonegotiation Yes
Auto-MDI / MDIX Yes
IF2 interface
Type DEV1
Design Shielded RJ45
Transfer rate Max. 10/100 Mbit/s
IF3 interface
Type - 3G/GPRS 4G/3G/GPRS -
Design - SMA female -
Transfer rate - Downlink: 50 Mbit/s (10 MHz bandwidth) -
Uplink: 25 Mbit/s (10 MHz bandwidth)
IF4 interface
Type - WiFi
Design - RP-SMA
female
Electrical characteristics
Nominal voltage 12 to 24 VDC
Environmental conditions
Temperature
Operation -25 to 60°C -25 to 45°C -25 to 60°C
Relative humidity
Operation 5 to 95%
Storage 5 to 95%
Transport 5 to 95%
Mechanical characteristics
Material Aluminum
Dimensions
Width 32 mm
Height 107 mm
Depth 97 mm
Weight 0.5 kg

Table 10: 0RMSM1115, 0RMSM1135, 0RMSM1135.4G-CN, 0RMSM1135.4G-


EU, 0RMSM1135.4G-JP, 0RMSM1135.4G-US, 0RMSM1145 - Technical data

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 23
System overview

3.3.4 Accessories

3.3.4.1 Terminal blocks

Model number Short description Figure


Terminal blocks
0TB6110.2010-01 10-pin accessory screw clamp terminal block (3.81)

Table 11: 0TB6110.2010-01 - Order data

3.3.4.2 Antennas

Information:
When installing the SiteManager in the control cabinet and using an antenna, mounting the antenna
outside the control cabinet is recommended!
For UL conformity, the antenna must be mounted outside the control cabinet!
Model number Short description Figure
Antennas
0RMSM.A3G-10 GSM/3G puck antenna Frequencies: 880-960/1710-2170 MHz,
SMA connector (male), 2.5 m cable, Screw or hole mounting,
IP67, compatible with 0RMSM1135

Table 12: 0RMSM.A3G-10 - Order data


Model number Short description Figure
Antennas
0RMSM.A3G-20 GSM/3G mini antenna Frequencies: 824-960/1710-2170 MHz,
SMA connector (male), 3 m cable, magnetic attachment, com-
patible with 0RMSM1135

Table 13: 0RMSM.A3G-20 - Order data

24 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview
Model number Short description Figure
Antennas
0RMSM.AMB-10 GSM/3G/LTE broadband antenna Frequencies: 750-1250,
1650-2700 MHz, SMA male connector, 3 m cable, Screw or hole
mounting, compatible with 0RMSM1135, base plate needed for
optimal amplification, IP67

Table 14: 0RMSM.AMB-10 - Order data


Model number Short description Figure
Antennas
0RMSM.AWIFI-10 Wi-Fi puck antenna, 2.4 & 5 GHz, compatible with 0RMSM1145,
2 m cable

Table 15: 0RMSM.AWIFI-10 - Order data

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 25
System overview

3.3.5 LED status indicators

All variants have three LEDs used to indicate the module power supply, module status and LinkManager connec-
tion. For variants 1135 and 1145, another LED is available that is used to indicate the status of the wireless con-
nection:
Figure LED Color Status Description
UPLINK2 Green Off 1135: No SIM card detected.
1145: Possible causes:
• No Wi-Fi SSID configured.
• SSID configured, but no Wi-Fi key configured.
• SSID and Wi-Fi key configured, but no access point that matches
the SSID found.
3x blinking 1135: Incorrect or missing SIM PIN code.
2x blinking 1135: SIM PIN code is OK, but no connection available
(Error correction in the SiteManager GUI).
1145: Wi-Fi SSID found, but not yet connected.
Possible error with Wi-Fi key.
On + 1x blinking 1135: Connection successful. Slow connection (GPRS).
On 1135: Connection successful. Fast connection.
1145: Wi-Fi connected successfully.
POWER Green On Power supplied.
STATUS Red Blinking Booting
2x blinking GateManager disconnected or in the process of establishing a connection.
On Possible causes:
• UPLINK is physically disconnected.
• GateManager configuration is missing on the SiteManager.
• No connection to the GateManager host because its address is config-
ured as DNS name and a DNS server has not been configured or is not
accessible or is not functioning properly.
Green On GateManager connected.
CONNECT Green Long pause + Remote management has been disabled using Input 1 or the SiteManager GUI.
2x blinking
On LinkManager connected.

Information:
Please note that it may take some time until the status LED indicates a new status. For example, it
may – depending on the keep alive interval setting on the GateManager – take up to 4 minutes until
the disconnecting the GateManager is indicated.

26 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.3.6 Operating and connection elements

3.3.6.1 Reset button

The SiteManager has a reset button at the top, which can also be used to restore the factory settings.
• If the reset button is pressed, the SiteManager is restarted.
• If the reset button is pressed for more than 5 seconds, the SiteManager is not only restarted but also reset
to the factory settings.

3.3.6.2 Ethernet interfaces (DEV1 and UPLINK1)

The SiteManager has Ethernet interfaces on the front. Use a standard Ethernet patch cable (straight or cross over)
to connect the UPLINK1 interface to a switch in a network that has access to the Internet.
Refer to the following possible wirings and configurations:

192.168.2.2/24 192.168.2.100/24

Machine network
IP 10.0.0.2 Machine network
The DEV1 interface can be connected to an existing network However, it is also possible to just connect the UPLINK1 inter-
that is separate from the UPLINK1 network, or a separate de- face and only access equipment on the Uplink side.
vice network can be created isolated from the UPLINK1 net-
work.

Below, some prohibited cabling and configuration scenarios are shown.

192.168.2.2/24

192.168.2.5/24
Do not connect DEV1 and UPLINK1 interfaces to the same Do not assign DEV1 address to the same logical network as
physical network. UPLINK1.

3.3.6.3 Power supply

The SiteManager has a terminal block on the bottom. Power should be applied to the GND and +12-24V in terminals
only!

Information:
It is recommended to connect the earth ground in order to reduce interference of noise.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 27
System overview

3.3.6.4 I/O interfaces

The SiteManager has a terminal block on the bottom.

Digital inputs (Input 1, Input 2):


The digital inputs are in "OFF" (inactive) state at 2.34 V or higher, and in "ON" state at 0.16 V or below. The behavior
for input voltages between 0.16 V and 2.34 V is undefined. There is an internal 10 kΩ pull-up resistor to 3.3 V so
that an unconnected input is in "OFF" state.
Input 1 is assigned to toggle GateManager access by default. By connecting a simple on/off switch, you can control
when remote maintenance should be allowed.
The configurable Input 2 can be used for user-defined e-mail / SMS alarm triggering.

Relay output (Output 1a und Output 1b):


Output 1 is a "dual-pin" connector on which both pins are isolated in the "OFF" state and shorted together in the
"ON" state. The maximum sink current is 0.5 A and the maximum voltage is 24 V.
By default, the output is configured so that it is active if a LinkManager is connected and can be used to turn on
a lamp that informs the user that the device is being used.

Digital output (Output 2)


Output 2 is a "single-pin" terminal, which is pulled to GND in "ON" state and is high-impedance in "OFF" state. The
terminal is an "open drain" type, which means that no voltage is output by the terminal itself ((just like a switch), but
must be supplied either from an external source (max. 24 V) or from terminal +5V out. In "OFF" (inactive) state,
the impedance is min. 24 MΩ. In "ON" state, the impedance is max. 0.5 Ω. The maximum sink current is 0.2 A.

3.3.6.5 Connection of inputs / outputs

For a general description of how to operate SiteManager inputs and outputs, see SiteManager xx29, xx39 and
xx49 - Working with I/O ports, or consult the online help installed on the SiteManager (select menu item HELP).

Important!
To ensure error-free operation, it is strongly recommended to connect the inputs and outputs using a
relay circuit. With respect to the individual I/O channels:
• Output 1: floating
• Output 2: B&R input module (sink) (e.g. X20DI2372)
• Input 1: B&R relay module (e.g. X20DO4649)
• Input 2: B&R relay module (e.g. X20DO4649)

Important!
Do not connect voltages (e.g. 24 V) directly to a SiteManager output. This could permanently damage
the output.

Information:
In addition to the power supply, the SiteManager also has a GND and a permanent 5 V output. It is
recommended to use these to connect the SiteManager's inputs and outputs.

28 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.3.7 Installation

Top-hat rail mounting

Push the SiteManager up to apply tension to the spring- Release and ensure that the SiteManager it is firmly mount-
1 lock and in the same motion push it over the top of the top- 2 ed.
hat rail.

Information:
When installing the SiteManager in the control cabinet and using an antenna, mounting the antenna
outside the control cabinet is recommended!

Conditions for UL-compliant mounting

Information:
In order to meet the UL safety certification for this product, this product must be installed in a "Re-
stricted Access Location".
For a UL-compliant mounting, the following points must be taken into account:
• The SiteManager must be supplied using a SELV/PELV source.
In addition, a UL CCN JDYX2/8 max. 3A fuse must be used.
• An antenna must be mounted outside the control cabinet. Suitable cable grommets must be used for wiring.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 29
System overview

3.3.8 Initial configuration via controller

In its unconfigured state (factory settings) a SiteManager is configured via the controller. To do this, the SiteManager
must be added to the Automation Studio project on the desired Ethernet interface of the controller. In the event
that the SiteManager needs to be replaced later on, this allows the most important settings to be restored in order
to establish a remote maintenance connection.
The initial configuration by the controller is also required so that register "ModuleOK" for I/O mapping can carry
out its function.
For the controller to configure the SiteManager automatically, the DEV1 port must be connected to an Ethernet
interface on the controller. There must not be a routed network in between them. Only an Ethernet switch or hub
is permitted.
A SiteManager module ID must be unique on the controller's interfaces and throughout the entire Layer 2 network.
In order to use multiple SiteManagers, they must have different module IDs.

Network diagram

3.3.8.1 Ethernet configuration

Interface on the controller


The network interface on the controller must be configured with a private IPv4 address.
• 10.x.x.x
• 172.16.x.x
• 192.168.x.x
If an invalid IP address is used, the SiteManager cannot perform the automatic configuration for security reasons.

DEV1 port on SiteManager


The DEV1 port should be in the same subnet as the interface on the controller, otherwise static routes must be set.

30 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.3.9 SiteManager 1115/1135/1145 - Initial Setup

3.3.9.1 Applying UPLINK settings for accessing the Internet

The SiteManager must be able to access the Internet via an UPLINK interface in order to target a GateManager
server. By default it will receive its IP address via DHCP, and the uplink settings must be configured manually only if
a fixed IP is used on the Ethernet interface (UPLINK1). For a SiteManager variant with wireless option (UPLINK2),
additional broadband settings (variant 1135) or WLAN settings (variant 1145) must be configured.
Select one of the following 4 methods:
1 Using Automation Studio:

a) Refer to "Automation Studio" on page 34

2 Using Appliance Launcher:

a) Download the Appliance Launcher tool from http://www.br-automation.com/appliance-launcher and


install it.
b) Connect the DEV1 or UPLINK1 interface of the SiteManager to the local network, and power it on.
The SiteManager must be on the same subnet as your PC. Alternatively connect the SiteManager
directly to your PC using an Ethernet cable.
c) Power on the SiteManager and wait about 1 minute for it to get ready.
d) Start the Appliance launcher and the SiteManager should be listed on the first screen. If it does not
appear immediately, press the search button a couple of times. (Note that the Appliance launcher
only displays the SiteManager if your PC has a genuine private IP address (10.x.x.x, 172.16-31.x.x,
192.168.x.x, or 169.254.x.x)).
e) Follow the wizard and set the UPLINK1 address if you want to use a fixed IP address, or continue
the wizard to the UPLINK2 menu to set the PIN code for the integrated broadband module (variant
1135 only), or SSID / WiFi KEY for the integrated WiFi module (variant 1145 only).

3 Using default IP address (10.0.0.1)

a) Connect the DEV1 interface of the SiteManager to the Ethernet interface of your PC using a stan-
dard Ethernet cable.
b) Configure your PC's Ethernet adapter to 10.0.0.2, subnet mask 255.255.255.0.
c) Power on the SiteManager and wait about 1 minute for it to get ready.
d) Type the following in your web browser: https://10.0.0.1
e) Login with the administrator user and the MAC address of the SiteManager as password (printed
on the label).
f) Enter the System > UPLINK1 menu and set the UPLINK1 address if you want to use a fixed IP
address, or enter the UPLINK2 menu to set the PIN code for the integrated broadband module
(variant 1135 only), or SSID / WiFi KEY for the integrated WiFi module (variant 1145 only).
g) To configure GateManager settings, continue with the following section: "Settings for GateManager
server connection" on page 32

4 Using DHCP server:

a) Connect the UPLINK interface of the SiteManager to your local network and power it on.
b) After approx. 1 minute the SiteManager should have received an IP address from your DHCP
server.
c) Check the lease list of the DHCP server to see the IP address.
d) Enter the IP address in your web browser with previous https:// (e. g. https://192.168.41.13).
e) Login with the administrator user and the MAC address of the SiteManager as password (printed
on the label).
f) Enter the System > UPLINK1 menu and set the UPLINK1 address if you want to use a fixed IP
address, or enter the UPLINK2 menu to set the PIN code for the integrated broadband module
(variant 1135 only), or SSID / WiFi KEY for the integrated WiFi module (variant 1145 only).
g) To configure GateManager settings, continue with the following section: "Settings for GateManager
server connection" on page 32

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 31
System overview

3.3.9.2 Settings for GateManager server connection

1 In the SiteManager Web GUI enter the GateManager > General menu (if using the Appliance Launcher,
follow the wizard to the GateManager parameters page).
2 Enter the IP address of the GateManager server to which the SiteManager should connect to and a domain
token for the domain where the SiteManager should be displayed. You should have received this information
from your administrator, or from where you received the SiteManager.
3 After entering the settings, you should restart the SiteManager. Wait until the LED Status is permanently
green, which means that the SiteManager is connected to the GateManager.
4 Once connected to the GateManager, you can use the GateManager console or a LinkManager client to
remotely access the SiteManager Web GUI to perform additional configurations (DEV interface, agents,
etc.).
5 For detailed instructions refer to "Additional documentation" on page 44.

3.3.9.3 Internet access via integrated broadband

Information:
This section is only valid for variant 1135.
The broadband modem connection is referred to as UPLINK2. The SiteManager will always try to use the Ethernet
connection (UPLINK1) by default and only use UPLINK2 if the Internet connection is lost on UPLINK1. Once a
connection is established on UPLINK2, a switch to UPLINK1 will not take place until the next restart or if the Internet
connection is lost on UPLINK2.
If the modem uses a SIM PIN code, the PIN code should be entered into the System > UPLINK2 menu of the
SiteManager. The SiteManager will automatically detect the APN (access point name) from an internal table, but
this can also be entered manually via UPLINK2 menu .
If the SIM card used does not have a PIN code, no further configuration of UPLINK2 is required in the SiteManager
(the PIN code can be removed from a SIM card by inserting it into a standard mobile phone and use the remove
SIM card function of the phone).
In order to reduce the data traffic, you can configure UPLINK2 so that the mobile network connection changes
to the sleep mode when not in use. The connection is restored when an SMS text message is sent to the phone
number on the SIM card.
A mini SIM card (standard SIM card) is required. The SIM card must be inserted as follows:

32 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

• Slide the SIM card into the slot.

• Use a thin object, such as a screwdriver to press the SIM card further into the slot (approx. 2 mm) until
you hear the spring latch click.

• The SIM card is inserted correctly when it is flush with the SiteManager housing.

3.3.9.4 Internet access via integrated WiFi module

Information:
This section is only valid for variant 1145.
The SiteManager can connect to a WiFi access point using its integrated WiFi module. The connection is referred
to as UPLINK2.
When enabling the WiFi client, the SiteManager will attempt to connect with the SSID "sitemanager" and the
SiteManager's MAC address as the WiFi KEY by default.
SSID and WiFi KEY can be configured in the System > UPLINK2 menu.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 33
System overview

3.3.10 Automation Studio

Information:
The different variants of the SiteManager have fixed device IDs in Automation Studio Only one SiteM-
anager of each variant may therefore be used per CPU module.

Information:
By default, ports 50000 and 51000 are enabled for connecting and configuring B&R "safety technology"
modules using a B&R Secure Remote Maintenance solution. These ports can be used to send data
from Automation Studio to safety modules (e.g. configuration) and to receive data from them (e.g.
status information).
In Automation Studio, it is possible to freely define the port number of a safety module. If a port number
is set that is not the enabled by default in the SiteManager for Secure Remote Maintenance (50000 or
51000), then these ports have to be enabled in the SiteManager.
A new B&R agent (under Agents) must be created via the SiteManager GUI, which must include a port
expansion with the port number set in the safety module.

3.3.10.1 Standard function model

I/O mapping - Register overview


Register Name Description Data Read Write
type Cyclic Acyclic Cyclic Acyclic

0 ModuleOK Module status (1 = module inserted) BOOL ●

4 SerialNumber Serial number UDINT ●


10 ModuleID Module code UINT ●
16 ConfigurationMismatch Parameters for the main configuration changed BOOL ●

0 RefreshCnt01 Request counter UINT ●


4 RemoteManagement01 Current value for remote management USINT ●
5 ConnectionStatus01 Current connection status USINT ●
8 StatusUPLINK1 Status of the UPLINK1 interface USINT ●
9 StatusUPLINK2 Status of the UPLINK2 interface USINT ●
10 StatusUPLINK3 Status of the UPLINK3 interface USINT ●
11 StatusUPLINK4 Status of the UPLINK4 interface USINT ●
12 StatusDEV1 Status of the DEV1 interface USINT ●
13 StatusDEV2 Status of the DEV2 interface USINT ●
14 StatusDEV3 Status of the DEV3 interface USINT ●
15 StatusDEV4 Status of the DEV4 interface USINT ●
16 RemoteManagementControlFlags01 Status bits for remote management control USINT ●

0 RemoteManagementControl01 Control of remote access (overwrites RemoteM- USINT ●


anagement01)
1 RemoteManagementControlEnable01 Enable remote management control BOOL ●

Automation Studio main configuration


The main configuration includes all the settings needed to establish a connection from the SiteManager to the
GateManager. Transfer to the SiteManager is initially possible one time (see "Initial configuration via controller" on
page 30). To re-transfer the SiteManager configuration, press and hold the Reset button for at least 5 seconds.
The following table shows the parameters of the main configuration that can be accessed via Automation Studio:
Parameter Description
DEV1 port
IP address IP address of the DEV1 port on the SiteManager
Network mask Subnet mask of the DEV1 port on the SiteManager
UPLINK1 port
Mode Mode of the UPLINK1 interface: DHCP or Static (activates the following four entries)
IP address IP address of the UPLINK1 port on the SiteManager (mode = Static)
Network mask Subnet mask of the DEV1 network on the SiteManager (mode = Static)
Standard gateway Default gateway (mode = Static)
DNS server DNS server address, when hostname for GateManager or proxy is used (mode = Static)
UPLINK2 interface (only for device variants 1135 and 1145)
Integrated modem (1135) Enable/disable the UPLINK2 port (activates two of the following entries, depending on the variant)
Wi-Fi module (1145)
APN (1135) Access Point Name (UPLINK2 = Mobile network)

34 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview
Parameter Description
SIM PIN Code (1135) SIM PIN Code (UPLINK2 = Mobile network)
SSID (1145) WLAN network name (UPLINK2 = Wi-Fi)
Wi-Fi KEY (1145) Wi-Fi KEY (UPLINK2 = Wi-Fi)
For security reasons, WLAN networks are protected with a password. An ASCII character string with a minimum of 8 and a
maximum of 63 characters must be entered.
GateManager settings
Remote management1) GateManager access Controls connection setup between the SiteManager and GateManager. The following options can be
selected (see also "RemoteManagement01" on page 36):
• Disabled: Do not connect to the GateManager. All remote maintenance and management options will be disabled (similar
to switching off the respective SiteManager).
• Heartbeat only: Connect to the GateManager, but only to send periodic status information and optionally provide a
connection to the SiteManager itself (if permitted by "Go To Appliance" settings).
• Enabled: Connect to the GateManager and allow remote access to the SiteManager (if permitted by "Go To Appliance"
settings) and connected devices.
• Heartbeat and relays only: Connect to the GateManager with static device and activated server relay, but only to send
periodic status information and optionally provide a connection to the SiteManager itself (if permitted by "Go To Appliance"
settings).
Go To Appliance1) Displays the connection options for accessing the SiteManager's user interface.
This option specifies if and how a GateManager administrator or LinkManager user is able to use the "Go To Appliance" function
to connect to the SiteManager's user interface (this cannot be set via Appliance Launcher):
• Disabled: Access to "Go To Appliance" is blocked.
• Manual Login: When using "Go To Appliance", the normal login data (user and password) for the SiteManager must be
entered in order to log in to the SiteManager.
• Automatic Login: When using "Go To Appliance" in the GateManager portal or in the LinkManager console domain
view, the dynamic password generated by the GateManager can be used. If the GateManager console is configured for
automatic login, the login data is provided to the SiteManager automatically. If the GateManager console is configured
for manual login, the login dialog box appears.
• Manual, not LinkManager: Like manual login, but "Go To Appliance" is not possible from the LinkManager console
domain view.
• Automatic, not LinkManager: Like automatic login, but "Go To Appliance" is not possible from the LinkManager console
domain view.
Appliance Name Name of the device on the GateManager server with a maximum of 127 characters.
This name is used by the GateManager administrator to identify the respective SiteManager. The value in this field corresponds
with the %N field code from the device name format specifications. According to the default device name format, if this field is
empty, then the Device Name is used. If that is also empty, the SiteManager serial number is used.
Domain Token Domain on the GateManager server with a maximum of 127 characters (including spaces and decimals)
The Domain Token is only used to establish the first connection. If a multiple-domain account is used and a complete domain token
would require 48 or more characters, use a higher-level token (e.g. TOPLEVEL.INTERNATIONAL.AUSTRIA.EGGELSBERG).
GateManager address Address of the GateManager server (IP address or DNS hostname)
If it is an alternative IP address for accessing the same GateManager server, then both addresses should be entered here,
separated by a space. If using Appliance Launcher to configure the GateManager, the DNS button must be pressed so the two
IP addresses can be entered (separated by a space).
Proxy settings
Proxy Enable/disable proxy settings (activates the following three entries)
Web proxy address Proxy address for the GateManager connection (IP address or hostname)
The IP address (and optionally the port number, separated by a colon) of the web proxy via which the SiteManager should connect
to the GateManager. Alternatively, you can specify a web proxy auto-discovery (WPAD) URL, from which the SiteManager can
obtain the actual web proxy address, for example http://172.16.1.1:8080/wpad.dat.
Web proxy user Proxy username
Web proxy password Proxy password
1) These Automation Studio project parameters are not verified and can be changed later on using the web-based GUI on the SiteManager.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 35
System overview

3.3.10.1.1 ModuleOK

Information that the module in the slot is physically present and configured.
Data type Value Information
BOOL 0 Module not ready for operation
1 Module connected and configured

3.3.10.1.2 SerialNumber

The module's unique serial number can be read using this register. This serial number is printed in hexadecimal
form on the module's housing.
The complete serial number is made up of "ModuleID" and SerialNumber as follows: Serial number = (Hardware
ID * 1E+7) + SerialNumber
Example
Hardware ID = E908
SerialNumber = 000BC76
Serieal number = E908 * 10000000 + 000BC76= E908000BC76
Data type Values
UDINT 0 to 4,294,967,295

3.3.10.1.3 ModuleID

The module hardware ID used to determine the type of device can be read from this register. This is also listed in
the corresponding technical data as the "B&R ID code". In addition, a serial number is printed on each module; the
module hardware ID corresponds to the first four positions of the serial number.
Data type Values
UINT 0 to 65,535

3.3.10.1.4 ConfigurationMismatch

This data point can be used to determine if a parameter in the main configuration has been changed.
A list of all parameters that are checked is provided in the main configuration table in Automation Studio, see
"Automation Studio main configuration" on page .
Data type Value Information
BOOL 0 The Automation Studio project configuration is identical to the configuration on the SiteManager.
1 At least one parameter in the main configuration on the device has been changed or the Automa-
tion Studio project configuration does not match the configuration on the device.

3.3.10.1.5 RefreshCnt01

The request counter is incremented after every time the status information is read.
Data type Values
UINT 0 to 65,535

3.3.10.1.6 RemoteManagement01

Current value of the "Remote management" setting. Defines the connection setup from the SiteManager to the
GateManager.
Data type Value Name Information
USINT 0 Disabled Remote maintenance access disabled
1 Heartbeat only Connection check with GateManager
2 Enabled Remote maintenance access enabled
3 Heartbeat and relays only Connection check and relays enabled
4 to 255 - Reserved

36 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.3.10.1.7 ConnectionStatus01

Status of the current GateManager connection:


Data type Value Information
USINT 0 NC
1 GateManager connection OK (Heartbeat OK)
2 Remote maintenance connection active (access via LinkManager)
3 to 255 Reserved

3.3.10.1.8 StatusUPLINK1 to 4

Status of the respective uplink port. The actual number of uplink ports depends on the device variant:
Data type Value Information
USINT 0 DOWN
1 UP, default interface
2 UP, secondary interface
3 to 254 Reserved
255 Not installed

3.3.10.1.9 StatusDEV1 to 4

Status of the respective DEV interface:


Data type Value Information
USINT 0 DOWN
1 10 Mbps HDX
2 10 Mbps FDX
3 100 Mbps HDX
4 100 Mbps FDX
5 Reserved
6 1000 Mbps FDX
7 to 254 Reserved
255 Not installed

3.3.10.1.10 RemoteManagementControl01

Controls connection setup from the SiteManager to the GateManager. This data point can be used to overwrite
the value of the "Remote management" setting
Data type Value Name Information
USINT 0 Disabled Remote maintenance access disabled
1 Heartbeat only Connection check with GateManager
2 Enabled Remote maintenance access enabled
3 Heartbeat and relays only Connection check and relays enabled
4 to 255 - Reserved

3.3.10.1.11 RemoteManagementControlEnable01

Enable remote management control.


The desired value must first be set using the data point RemoteManagementControl01.
Data type Value Information
BOOL 0 Switch off RemoteManagementControl.
1 Switch on RemoteManagementControl.

Once RemoteManagementControlEnable01 has been reset to FALSE, the "Remote management" setting returns
to the originally configured value.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 37
System overview

3.3.10.1.12 RemoteManagementControlFlags01

Status bits for remote management control:


Data type Bit Name Information
USINT 0 RemoteManagementControlAck01 Acknowledgment of RemoteManagementControlEnable01
1 RemoteManagementControlStatus01 Status of remote management control (0 = OK)
2 to 7 - Reserved

RemoteManagementControlAck01
This bit is used to check if the action set with RemoteManagementControlEnable01 has been completed. If Re-
moteManagementControlAck01 takes on the value of RemoteManagementControlEnable01, transfer has been
carried out. It is then possible to read RemoteManagementControlStatus01 to determine if the operation was suc-
cessful.

RemoteManagementControlStatus01
This bit is set when an error occurs while enabling/disabling remote management control. This may be caused
by the following:
• Value of RemoteManagementControl01 data point is invalid
• Network connection was lost

3.3.10.2 Meaning of "Standard" function model

The "Remote management" configuration parameter can be used to set the connection type permitted by the
SiteManager. This value can be controlled at runtime.
To do this, the desired value must first be set using the RemoteManagementControl01 data point. Then remote
management control is enabled by setting RemoteManagementControlEnable01 to TRUE. Once RemoteManage-
mentControlAck01 has changed to TRUE, RemoteManagementControlStatus01 can be used to check whether
the change has been applied successfully.
Resetting RemoteManagementControlEnable01 to FALSE resets "Remote management" back to the original value
of the configuration parameter.

38 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.4 LinkManager
3.4.1 General information

The LinkManager is an easy-to-install Windows application that runs on the service technician's PC. The LinkMan-
ager connects via 2-factor authentication to the GateManager and, together with the SiteManagers, enables se-
cure access to remote devices. Once connected, it makes the remote device appear to the field engineer as if the
Windows PC was connected directly to the device and it is possible to establish connections to the remote device
via FTP, web, RDP, VNC or Automation Studio.
A browser-based and reduced version of the LinkManager is also available with the LinkManager Mobile variant.
No software must be installed in order to use LinkManager Mobile. LinkManager Mobile runs on every operating
system (Windows, iOS, Android, Mac and much more). It supports Internet, RDP and VNC protocol connections.

Information:
A maximum of 10 parallel LinkManager connections are possible via a SiteManager.

Information:
For connection via VNC protocol, a dedicated VNC agent must be used (dedicated address and port
number, e.g. 192.168.0.8:5910).

3.4.2 Order data


Model number Short description Figure
LinkManager
0RMLM.MOB Secure remote maintenance - LinkManager mobile license, in-
dividual license, non-floating, independent of operating system
0RMLM.WIN Secure remote maintenance - LinkManager license, floating li-
cense, Win XP/7/8/10

Table 16: 0RMLM.MOB, 0RMLM.WIN - Order data

Information:
Download the LinkManager-Software via http://www.br-automation.com/linkmanager.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 39
System overview

3.5 Starter package


A starter package is helpful for quick entry into the remote maintenance solution. It contains the following compo-
nents:
• GateManager: 1x GateManager hosting service
• SiteManager: 1x any SiteManager model or 1x SiteManager Embedded EXTENDED license
• LinkManager: 1x LinkManager licence and 1x LinkManager Mobile license
• Service agreements: ENTRY service agreement
The core of a starter package is access to a GateManager provided and administered by B&R (GateManager
hosting service). It can then be used by customers to manage their own SiteManager and LinkManager.
A starter package can be extended as required, for example by switching to a different service level or purchasing
additional LinkManager licenses and a SiteManager. Changing from the GateManager hosting service to a owned
GateManager – as a hardware or software variant – is also possible at any time.

3.5.1 Order data


Model number Description
0RMGM:SP.1115 GateManager hosting service - Starter package with ENTRY service level, includes 1x SiteManager 0RMSM1115, 1x LinkManager
and 1x LinkManager Mobile license, no service level costs in the first year
0RMGM:SP.1135 GateManager hosting service - Starter package with ENTRY service level, includes 1x SiteManager 0RMSM1135, 1x LinkManager
and 1x LinkManager Mobile license, no service level costs in the first year
0RMGM:SP.1135.4GCN GateManager hosting service - Starter package with ENTRY service level, includes 1x SiteManager 0RMSM1135.4G-CN, 1x
LinkManager and 1x LinkManager Mobile license, no service level costs in the first year
0RMGM:SP.1135.4GEU GateManager hosting service - Starter package with ENTRY service level, includes 1x SiteManager 0RMSM1135.4G-EU, 1x
LinkManager and 1x LinkManager Mobile license, no service level costs in the first year
0RMGM:SP.1135.4GJP GateManager hosting service - Starter package with ENTRY service level, includes 1x SiteManager 0RMSM1135.4G-JP, 1x
LinkManager and 1x LinkManager Mobile license, no service level costs in the first year
0RMGM:SP.1135.4GUS GateManager hosting service - Starter package with ENTRY service level, includes 1x SiteManager 0RMSM1135.4G-US, 1x
LinkManager and 1x LinkManager Mobile license, no service level costs in the first year
0RMGM:SP.1145 GateManager hosting service - Starter package with ENTRY service level, includes 1x SiteManager 0RMSM1145, 1x LinkManager
and 1x LinkManager Mobile license, no service level costs in the first year
0RMGM:SP.SME.E GateManager hosting service - Starter package with ENTRY service level, includes 1x SiteManager Embedded EXTENDED
license, 1x LinkManager and 1x LinkManager Mobile license, no service level costs in the first year

40 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
System overview

3.6 Network safety


Communication between the components of the remote maintenance solution is based on SSL VPN with AES
encryption. The LinkManager communicates with the SiteManager exclusively via the GateManager. LinkManager
and SiteManager register themselves via 2-factor authentication on the GateManager.
2-factor authentication is based on an X.509 certificate. Every GateManager is capable of generating unique TLS
certificates to which a SiteManager binds itself. This connection is established once and can only be lifted by the
GateManager or SiteManager, which makes a man-in-the-middle attack impossible. Alternatively, authentication
via SMS can be used for the LinkManager.
The SiteManager can be configured so that it transfers information in cyclic intervals (standard setting 10 min) to
the GateManager (keep-alive signal). In addition, remote access can also be physically controlled by the machine
operator. This is possible by interrupting the power supply or via a switch on the digital input that interrupts or
permits the connection to the GateManager.
An important factor in network security is the integrated firewall in the SiteManager. The firewall is configured
with device agents, which correspond to firewall rules. A device agent can define which protocol and via which
ports access to a network participant is permitted. The device agent then only permits access to this one network
participant. In addition, the device agents can also be assigned to LinkManager users. This also allows exact
access control on the user level.
The remote maintenance solution fulfills all security standards that were specified by the "National Institute of
Standards and Technology" (www.nist.gov) for encryption and key transfer.

Information:
To make the most of IT security, we strongly recommend using the latest GateManager, SiteManager
and LinkManager software versions.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 41
Getting started with the system components

4 Getting started with the system components

The following steps guide you through the most important additional documentation and user tips (see "Additional
documentation" on page 44) for setting up the GateManager, SiteManager and LinkManager for first use.

GateManager

Information:
The steps in this section are only necessary if the GateManager is not hosted by B&R.
Otherwise, access has to be requested from B&R in order to receive an email with the GateManager
address and access data for activation (certificate and password).
1. If the virtualization platform is used as GateManager, then follow the instructions from in document GateM-
anager Software - Server model 9250 - Installation STEP 1 - for the IT department to install the software and
use the document GateManager software - Server model 9250 - Installation STEP 2 - for the GateManager
server administrator to configure the GateManager server.
When using AWS, follow the instructions in the documents GateManager Software - Server model 8250 -
Installation STEP 0 - Preparing the LINUX installation and GateManager Software - Server model 8250 -
Installation STEP 1 - GateManager installation on Linux
Also view the following video tutorial: GateManager on Amazon Cloud.
2. If you use the GateManager hardware server, then follow the instructions in document GateManager hard-
ware - Server model 4260 - Installation and configuration guide to install and configure the hardware (firewall
configuration, installation verification, GateManager settings).

Information:
A GateManager that was set up with the named documents is now ready for operation with all
functions but only in test/demo mode for the moment (max. 3 SiteManager can be managed). To
use the full functionality of the GateManager, it must be activated by selecting the ENTRY service
agreement. See section "Activating the GateManager and ordering licenses" on page 14.

3. Use the instructions from the document Getting started GateManager PREMIUM domain administration to
configure the GateManager software and to create and manage domains (see also "Managing domains and
their content" on page 43.

SiteManager
4. Follow the instructions from the information sheet (SiteManager 1115-1135-1145 initial setup) respectively
from section SiteManager 1115/1135/1145 - Initial Setup in order to configure the SiteManager and to perform
the settings that are necessary for the Internet connection and connection to the GateManager server.
The following download option is also available for the appliance launcher:
http://www.br-automation.com/appliance-launcher
5. When configuring the SiteManager with Automation Studio, see the AS help system concerning the
SiteManager, respectively also section "Automation Studio" on page 34.

42 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
Getting started with the system components

Managing domains and their content

Information:
The GateManager is the point where the LinkManager user and the SiteManager are managed.
Users and licenses can be subsequently managed within the domains.
Separate accounts must be set up for GateManager administrators and LinkManager users.
Device agents can be set up on a device. A device agent can be either a PLC or a rule set. Device agents therefore
enable access to network participants on the device network of the SiteManager.
The web interface of the selected SiteManager can be opened using the <SiteManager GUI> button in the Gate-
Manager. The agents can be suitably created for the separate devices in the section GateManager ► Agents.

LinkManager

Information:
In order to use the LinkManager, you have to have received an email with access data (LinkManager
user certificate and the appropriate account password) from your GateManager administrator.
6. If the LinkManager has not been installed yet, do so now. LinkManager can also be downloaded here: http://
www.br-automation.com/linkmanager
7. Start the LinkManager. A browser window is opened where you can enter the LinkManager user certificate
and the account password for the LinkManager.

8. After logging in, the present domain is displayed on the left side. The SiteManager and its agents (e.g. a
PLC) are on the right side.

9. The individual agents can now be accessed with the LinkManager.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 43
Additional documentation

5 Additional documentation

User's manuals and data sheets are available for all B&R SiteManager variants and associated GateManager and
TrustGate products. Additional documents are listed below. Links to the PDF manuals are also on the B&R website
www.br-automation.com under the general information about the products, e.g.
https://www.br-automation.com/en/products/software/remote-maintenance/gatemanager/0rmgm4260-tp/,
https://www.br-automation.com/en/products/software/remote-maintenance/sitemanager/0rmsm1115/,
https://www.br-automation.com/en/products/software/remote-maintenance/linkmanager/0rmlmwin/,
...

Information:
The following documents refer to Secomea product models and also refer to features, such as a serial
or USB interfaces, that is not available on B&R SiteManager models.
GateManager documentation
Downloadable PDF manuals Information about:
GateManager Software - Server model 8250 - Installation STEP 0 - Preparing the LINUX installation GM - -
This document describes the typical steps for preparing a Linux platform for installation of GateManager model
8250. This document describes installation on Linux CentOS.
GateManager Software - Server model 8250 - Installation STEP 1 - GateManager installation on Linux GM - -
This document describes installation of GateManager 8250 software on a Linux platform. This document is intend-
ed for IT administrators with Linux experience.
GateManager software - Server model 9250 - Installation STEP 1 GM - -
This document describes how to install the GateManager software.
GateManager software - Server model 9250 - Installation STEP 2 - for the GateManager server administrator GM - -
This document describes how to configure the GateManager server with a minimum of settings.
GateManager hardware - Server model 4260 - Installation and configuration guide GM - -
This document describes how to install the GateManager 4260 hardware unit.
Getting started GateManager 4260 guide GM - -
GateManager information sheet for getting started, see also "Getting started with the system components" on
page 42.
Enabling and working with usage statistics on GateManager GM - -
The usage statistics package is a paid option for GateManager version 5.5 and higher. This document explains
how to activate and operate this option.
Getting started GateManager PREMIUM domain administration GM - LM
This document helps to get started with domain administration for the hosted GateManager.
This document does not explain all the functions and possibilities of the GateManager domain administrator, but
only the most frequently used functions for managing SiteManagers and LinkManagers.
Upgrade guide GateManager version 5.x to 5.x GM - -
This document explains how to upgrade a GateManager 5 server.

SiteManager documentation
Downloadable PDF manuals Information about:
SiteManager 1115-1135-1145 initial setup - SM -
SiteManager information sheet for initial installation, see also "Getting started with the system components" on
page 42.
SiteManager_3439 initial setup - SM -
SiteManager information sheet for initial installation, see also "Getting started with the system components" on
page 42.
SiteManager xx29, xx39 and xx49 - Working with I/O ports GM SM -
This document describes how to use the input and output connections on SiteManagers 1115, 1135 and 1145.
Application note ping/trace tool - SM -
This document briefly describes the ping/trace tool in a SiteManager.
The document consists of standard instructions not specific to any particular customer solution.
Application note configuration of a sniffer agent - SM -
This document guides you through the setup of a sniffer agent. This allows a device (PLC/HMI) that is not present
on the standard agent list on a SiteManager to be monitored by a sniffer agent to see if it is working at all.
The document consists of standard instructions not specific to any particular customer solution.
Application note using SiteManager SMS wakeup - SM LM
It is possible to wake the mobile network interface on SiteManager 1135 by sending an SMS text message to the
phone number of the mobile network SIM card.
This document guides you through the configuration of a SiteManager 1135 with a mobile network connection with
regard to the SMS wakeup function.
The document consists of standard instructions not specific to any particular customer solution.

44 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
Additional documentation

LinkManager documentation
Downloadable PDF manuals Information about:
LinkManager startup and connection troubleshooting guide - - LM
This document describes measures for troubleshooting and error correction when starting the LinkManager appli-
cation or connecting to the GateManager.
Application note accessing web devices running unsigned or self-signed Java applets - - LM
Beginning with Java 7 Update 51, Oracle has expanded its Java security model to make user systems less sus-
ceptible to external attack. The new version of Java does not allow users to run applications that are either un-
signed or self-signed (i.e. not signed by a trusted issuer) or applications that are missing authorization features.
These application tips explain the issue and possible workarounds.
LinkManager Mobile user guide - - LM
This document explains the options available with LinkManager Mobile and how it can be operated from different
platforms. LinkManager Mobile enables remote connection to devices that are controlled by device agents on Site-
Managers.

Application notes
Downloadable PDF manuals Information about:
B&R PLC and Automation Studio - - LM
This document provides support when establishing a remote or online connection to B&R devices on-site at the
customer's location using B&R Automation Studio.
The document consists of standard instructions not specific to any particular customer solution.
Application Note SiteManager web proxy relay for voice and web traffic GM SM -
This document guides you through the use of the web proxy relay service.
The document consists of standard instructions not specific to any particular customer solution.
Application note NTP server access via SiteManager GM SM -
This document describes how a server relay is set up in order to act as an NTP (time) server for a device connect-
ed to a SiteManager.
Application note working with SiteManager SMS and email alerts GM SM -
This document provides an overview of the different alarm mechanisms supported by a SiteManager.
Application note using SiteManager as a web proxy and/or mail relay server GM SM -
This document explains how to configure a SiteManager so that devices on the SiteManager's device page can
use it as a web proxy for accessing the Internet and/or a mail relay server to send emails.
Logging via SiteManager EasyTunnel client - deployment overview GM SM -
This document describes how to use the SiteManager's EasyTunnel VPN client function to capture protocol data
from devices onto a central server as well as access other services on the devices from a central network.
Configuring SMS gateways on GateManager GM SM -
This document explains the different types of external SMS gateways that can be configured for a GateManager.
Troubleshooting SiteManager to GateManager access via a corporate intranet GM SM -
These instructions provide support for verifying whether the conditions for accessing GateManager are met.
Remote access solution - security guidelines best practice GM SM LM
These instructions offer recommendations for good security behavior when using the remote maintenance solu-
tion in areas where the solution itself cannot impose any strict security strategies on the user or where the solution
cannot check user behavior itself due to external factors.
Setting up "Tunnel agent" on a SiteManager, aka "Auto subnet agent" - SM LM
These instructions explain how to set up a tunnel agent (also known as an "auto subnet agent") on a SiteManager
and also show the advantages and disadvantages of this solution compared to vendor-specific device agents.
Using the custom > forwarding and routing (SCADA) agents on SiteManager - SM -
This document describes the principles of configuring an agent for accessing a device on the device network from
the uplink network and vice versa. This document does not fully cover all functionality of the agents.
See Automation Help in the SiteManager web interface for more information.
Adding additional services to an existing SiteManager agent (FTP and web) - SM -
This document explains how to add an additional service such as FTP or web support to a device agent that does
not natively include these services. It also explains how to activate agents simultaneously from the LinkManager.
TrustGate (EasyTunnelVPN) - Initial setup - - -

Remote data logging


Downloadable PDF manuals Information about:
LogTunnel deployment guide GM SM -
This manual describes the deployment process when using the SiteManager LogTunnel function to move log data
from devices to a central server and access it when necessary.
Logging via SiteManager relay chains - deployment overview GM SM -
This document describes how to use the SiteManager's server/device relay functions to move protocol data from
devices to a central server.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 45
Solution models

6 Solution models

6.1 Remote maintenance - On-demand access for programming and trou-


ble-shooting

This is the primary function of the B&R Industry solution. The purpose is to provide multiple technicians program-
ming access to devices at multiple sites.
Who has access to what, is centrally controlled by the technician's LinkManager account on the GateManager, on
which all access is logged as well.
No fixed or public IP addresses are needed, and all connections by SiteManagers and LinkManagers use standard
web-based SSL/TLS protocols, thus making the solution extremely firewall friendly.

6.2 Remote monitoring - Secure data logging (between 2 SiteManagers)

This feature enables to make static connections between devices that are behind SiteManagers at different loca-
tions. This is an easy method to e.g. allow a log server to collect data from devices, and is typically used for utility
installations.
The setup can be based on either a Device Relay or a Server Relay, depending on whether the devices should
push log data to the server, or the server should collect them from the device. The setup is based on virtual IP
addresses, which means that subnet conflicts will not occur. In fact all devices could have the same IP address.
Just like the solution above, this setup is only used web-based SSL/TLS connections, which means it is extremely
firewall friendly.

Information:
For video streaming or full tunneling, see the solutions from the following sections: "Remote monitor-
ing - For secure data logging" on page 47, "Full network access" on page 47 and "Direct Internet
access - For data logging and video surveillance" on page 48

46 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
Solution models

6.3 Remote monitoring - For secure data logging

This setup uses the same relay principles as solution 2, but is based on the GateManager server being installed
at the same site as the server.
The advantage is, that now the relay connections can be used for bandwidth intensive data, such as video. Similar
to a VPN concentrator, the GateManager server needs to be accessible on a public IP address, but the server itself
could be placed in a DMZ or behind a firewall that uses an NAT for the connection to the GateManager.
As above, the setup is based on virtual IP addresses, which means that subnet conflicts will not occur and all
devices could have the same IP address, and the solution is based solely on web based SSL/TLS connections,
which means it is extremely firewall friendly.

6.4 Full network access

This feature is used for having central services simultaneously monitor multiple devices at different sites.
Although it resembles an ordinary VPN infrastructure, the feature makes use of the B&R EasyTunnel VPN concept
and includes a B&R TrustGate EasyTunnel concentrator.
EasyTunnel is just as secure as ordinary AES/x509 IPSec based VPN, but enable users to create tunnels with
single clicks and without any networking skills.

Information:
Both the SiteManagers and the TrustGate concentrator are still remotely managed by the GateManager
server, so status/configuration changes, upgrades, etc. are handled independently of the tunnels and
do not require incoming firewall ports to be opened.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 47
Solution models

6.5 Direct Internet access - For data logging and video surveillance

This feature is enabled by the SiteManager Forwarding Agent. Basically this allows a device to use the SiteManager
as an Internet gateway for sending log data to a web service.
Alternatively, it can be used by a video surveillance system that is connected to the IP address of the SiteManager.
This, in turn, forwards the connection request to a defined port on the device. (In order to do this, the SiteManager
must be assigned a public IP address; SiteManagers connected via GPRS/3G normally have an Internet agreement
with a static IP address.)

Information:
Both the SiteManagers and the TrustGate concentrator are still remotely managed by the GateManager
server, so status, configuration changes, upgrades etc. is a standard part of the solution.

48 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
End customer scenarios

7 End customer scenarios

The operator of the remote maintenance system is usually the machine manufacturer who looks after their end
customers and operates the GateManager in a separate IT department. This means that every shipped system/ma-
chine has access to the GateManager in order to be able to carry out remote maintenance safely and securely.
Installing the GateManager in a DMZ (separate network zone) is recommended due to IT security concerns. The
LinkManager user can then connect through the firewall with the GateManager in the DMZ. Alternatively, the
LinkManager user can also be a part of the GateManager DMZ and therefore has access from their PC – via the
encrypted VPN tunnel – to the GateManager. In this way, the service technician's PC can be found in the subnet of
the GateManager. Unencrypted communication from the same PC to the office network is verified by the firewall
of the DMZ.
GateManager in the IT network
Variant 1 Variant 2

Internet Internet

DMZ DMZ

GateManager GateManager
LinkManager

ERP ERP

LinkManager
Office network Office network

Machine builder's network Machine builder's network

Generally, it should be noted that the machine manufacturer usually defines the device agents for the SiteManager
and integrates the SiteManager into the end customer's machine network. Usually the end customer has a machine
network and an office network. Often in doing so, devices from the machine network must access the office network
in order to receive recipe and order data. It strongly depends on the end customer's available IT infrastructure
which of the following scenarios can be carried out. Below, some scenarios are outlined that present an option for
integrating the SiteManager into a factory or machine network.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 49
End customer scenarios

7.1 SiteManager and machine in an isolated network


Machine network and office network are separated from each other by a firewall. Only selected machines gain
access to the office network. Data traffic of machine network as well as of SiteManager from and into the Internet
is controlled via a firewall.
Corresponding device agents have to be defined by the machine manufacturer for communication through the
SiteManager's firewall. Communication from remote maintenance access is only possible via the device agents.
A separate web proxy of the end customer could be used in order to provide the SiteManager with access to the
GateManager.

Internet

ERP SCADA

Machine network DMZ Office network


End customer's network

50 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
End customer scenarios

7.2 Machine network isolated behind DMZ and SiteManager


Machine network and office network are separated from each other by the SiteManager. It is possible for a LinkMan-
ager user to access the devices in the machine network – but not the office network – through the device agents.
Only selected machines gain access to the office network. This can be achieved through static routes or port for-
warding on the SiteManager.

Internet

ERP SCADA

Machine network DMZ Office network

End customer's network

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 51
End customer scenarios

7.3 SiteManager isolated in its own DMZ


In this scenario the office and machine networks are not separated from each other. The SiteManager is integrated
in its own DMZ. Any data traffic from the SiteManager to the machines must pass a firewall. Because the endpoint
of the VPN communication lies in the DMZ, an application firewall, located between the DMZ and office networks,
can now view data traffic and verify malware. In addition, this firewall can restrict access to the office network,
making unwanted access impossible if there are potential configuration errors in the device agents.

Internet

ERP SCADA
DMZ Office network

End customer's network

52 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
End customer scenarios

7.4 SiteManager an machine in separate networks


In this scenario the office and machine networks are separated and the SiteManager is installed in a separate
DMZ. Even here the endpoint of the VPN connection lies in a DMZ and the data stream from the SiteManager
into the machine network can be verified by the application firewall. The SiteManager cannot access devices on
the office network (e.g. ERP system) because the office network is not integrated in the machine network. This
scenario offers the most security of the use cases listed here.

Internet

ERP SCADA

DMZ Office network

Machine network

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 53
End customer scenarios

7.5 Remote maintenance - Complete scenario


The image clarifies a possible implementation scenario. The GateManager is installed in its own DMZ on the
machine builder side. Service technicians connect from the office network via the LinkManager to the DMZ. The
firewall between the office network and DMZ regulates who can access the DMZ. A similar structure is selected on
the end customer and machine side. Here, the SiteManager and the machine network are separated by a separate
DMZ from the office network of the end customer. The firewall between the networks is used to control access.

Internet

DMZ DMZ

GateManager SiteManager
Machine(s)

ERP ERP

LinkManager
Office network Office network

Machine builder's network End customer's network

54 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
Standards and certifications

8 Standards and certifications

8.1 Directives and standards


• WEEE directive
• RoHS directive
Standard Description
EN 55022 Information technology equipment -
Class A Radio disturbance characteristics - Limits and methods of measurement
EN 55024 Information technology equipment -
Immunity characteristics - Limits and methods of measurement
EN 61000-3-2 Electromagnetic compatibility (EMC) -
Part 3-2: Limits - Limits for harmonic current emissions (equipment input current <= 16 A per phase)
EN 61000-3-3 Electromagnetic compatibility (EMC) -
Part 3-3: Limits - Limitation of voltage changes, voltage fluctuations and flicker in public low-voltage supply systems, for equipment
with rated current <= 16 A per phase and not subject to conditional connection
EN 61000-4-2 Electromagnetic compatibility (EMC) -
Part 4-2: Testing and measurement techniques - Electrostatic discharge immunity test
EN 61000-4-3 Electromagnetic compatibility (EMC) -
Part 4-3: Testing and measurement techniques - Radiated, radio-frequency, electromagnetic field immunity test
EN 61000-4-4 Electromagnetic compatibility (EMC) -
Part 4-4: Testing and measurement techniques - Electrical fast transient/burst immunity test
EN 61000-4-5 Electromagnetic compatibility (EMC) -
Part 4-5: Testing and measurement techniques - Surge immunity test
EN 61000-4-6 Electromagnetic compatibility (EMC) -
Part 4-6: Testing and measurement techniques - Immunity to conducted disturbances, induced by radio-frequency fields
EN 61000-4-8 Electromagnetic compatibility (EMC) -
Part 4-8: Testing and measurement techniques - Power frequency magnetic field immunity test
EN 61000-4-11 Electromagnetic compatibility (EMC) -
Part 4-11: Testing and measurement techniques –- Voltage dips, short interruptions and voltage variations immunity tests
IEC 60950 Safety of information technology equipment

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 55
Standards and certifications

8.2 Declarations and certifications


Products and services from B&R comply with applicable standards. This includes international standards from
organizations such as ISO, IEC and CENELEC, as well as national standards from organizations such as UL, CSA,
DNV GL, etc. We are committed to ensuring the reliability of our products in an industrial environment.

Information:
The certifications that apply to a particular module can be found in the following locations:
• On the side of the module housing

CE mark

Product complies with all applicable directives and their harmonized EN standards.

UL certification
Products with this mark have been tested by Underwriters Laboratories and are listed
as "Industrial Control Equipment". This mark is valid for the USA and Canada and
simplifies the certification of your machines and systems in these areas.

Underwriters Laboratories (UL) in accordance with standard UL 508, UL 61010-1, UL


61010-2-201
Canadian (CSA) standard in accordance with C22.2 No. 142-M1987, C22.2 No.
61010-1, C22.2 No. 61010-2-201

FCC 47 CFR Part 15 Subpart B class A


"This device complies with Part 15 of the FCC Rules and with Industry Canada li-
cense-exempt RSS standard(s). Operation is subject to the following two conditions:
(1) this device may not cause harmful interference, and
(2) this device must accept any interference received, including interference that may
cause undesired operation".

RCM

Products with this mark have been tested by an accredited testing laboratory and cer-
tified by the ACMA. This mark is valid in Australia/Oceania and simplifies the certifi-
cation of your machines and systems in these areas (based on EU compliance).

56 Secure Remote Maintenance User's manual V1.32 Translation of the original documentation
Terms and abbreviations

9 Terms and abbreviations

Abbreviation Term Function


DMZ Demilitarized Zone A computer network with security-controlled access to the connected servers.
ERP Enterprise-Resource-Planning Usually designates the software used to plan the resources of all types that exist in a company
(e.g. SAP) .
FQDN Fully-Qualified Domain Name A complete computer name that is displayed as a fully qualified domain name (e.g. remote.com-
panyname.com).
The FQHN is a unique designation for a specific computer.
SCADA Supervisory Control and Data Acquisition Monitoring and controlling technical processes by means of a computer system.

Secure Remote Maintenance User's manual V1.32 Translation of the original documentation 57

You might also like