Adding a TLS device (Secure Modbus) to a project

Secure Modbus is used to increase the security of the Modbus protocol. Security is increased by adding a TLS (Transport Layer Security) layer to wrap the application layers of the existing Modbus protocols sent over the ethernet. Secure Modbus drivers are used for connecting to devices that support Secure Modbus communication. By taking advantage of this capability, your installations will benefit from TLS-encrypted communications.

NOTE: For projects restored from EcoStruxure Power Operation 2022 or earlier versions, it is recommended to export the Micrologic device profiles from Profile Editor.

Prerequisites:

  • Two I/O servers are set up and the ports are renamed. For more information, refer to the PWRMODBUS driver help file.
  • Security certificates have been configured using Cybersecurity Admin Expert (CAE) software.

To add a TLS device to a project:

  1. In Power Operation Studio, click Projects > Home and verify that the project to which you want to add the device is active.
  2. Click Topology > I/O Devices > I/O Device Manager.

    3. The I/O Device Manager displays.

  3. Click Manage a Single Device.

    4. The I/O Device Manager wizard displays.

  4. Click Create an I/O Device in the project and then click Next.

  5. Select the first device profile that you want to use to add a device from the Choose profile screen and click Next.

  6. In the Instance Information screen, type a descriptive profile name. For example, CM4Bay1Circuit1 (no spaces or punctuation; 16 characters recommended). Click Next.

  7. Click Supports Redundancy and select the primary and secondary servers in the Select I/O servers screen, and click Next.

  8. (Optional) Choose the communications method used for the first sub-profile in this project in the Configure Sub-Profile Communications Method screen, and click Next.

  9. Enter the Gateway Address and Device Address, and select the Certificate Type for each of the servers in the Communications Settings screen, and click Next.

  10. Select Same as Primary to use the same addresses for the primary and standby servers.

  11. (Optional) You can rename each of the ports in the Port Settings screen and click Next. A new port will be generated for each new name.

  12. The Ready to perform action screen displays. Click Next.

    Once the devices are added successfully, a message is displayed.

    1. To view a detailed list of all the devices and operations performed in the project, click View audit log.

    2. To add or remove additional devices, click Next. Repeat steps 3 through 10.

  13. After adding devices, uncheck Add/remove more equipment, and click Finish.

  14. Compile the project. Correct the compile errors and then compile the project again.

  15. To view the runtime environment, click Run.

The steps to add a device vary by protocol. For more information see , Adding a TCP device

For each device added using the I/O Device Manager wizard, follow the same redundancy steps outlined in Add Redundant NetworkTagsDEv and zOL Devices. Be sure to select a primary I/O Server and a standby I/O Server, each from a different Network Address.