As standard equipment, the controller provides an embedded Web server with a predefined, built-in website. You can use the pages of the website for module setup and control as well as application diagnostics and monitoring. These pages are ready to use with a Web browser. No configuration or programming is required.
The Web server can be accessed by the web browsers listed below:
oGoogle Chrome (version 30.0 or higher)
oMozilla Firefox (version 1.5 or higher)
The Web server is limited to 10 TCP connections.
NOTE: The Web server can be disabled by unchecking the Web Server active parameter in the Ethernet Configuration tab.
The Web server is a tool for reading and writing data, and controlling the state of the controller, with full access to all data in your application. However, if there are security concerns over these functions, you must at a minimum assign a secure password to the Web Server or disable the Web server to prevent unauthorized access to the application. By enabling the Web server, you enable these functions.
The Web server allows you to monitor a controller and its application remotely, to perform various maintenance activities including modifications to data and configuration parameters, and change the state of the controller. Care must be taken to ensure that the immediate physical environment of the machine and process is in a state that will not present safety risks to people or property before exercising control remotely.
|
|
|
UNINTENDED EQUIPMENT OPERATION |
|
oDefine a secure password for the Web Server, and do not allow unauthorized or otherwise unqualified personnel to use this feature. oEnsure that there is a local, competent, and qualified observer present when operating on the controller from a remote location. oYou must have a complete understanding of the application and the machine/process it is controlling before attempting to adjust data, stopping an application that is operating, or starting the controller remotely. oTake the precautions necessary to assure that you are operating on the intended controller by having clear, identifying documentation within the controller application and its remote connection. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
NOTE: The Web server must only be used by authorized and qualified personnel. A qualified person is one who has the skills and knowledge related to the construction and operation of the machine and the process controlled by the application and its installation, and has received safety training to recognize and avoid the hazards involved. No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this feature.
Access to the Web server is controlled by User Rights when they are enabled in the controller. For more information, refer to Users and Groups Tab Description.
If User Rights are not enabled in the controller, you are prompted for a user name and password unique to the Web server. The default user name is Anonymous and no password is required.
NOTE: You cannot modify the default user name and password. To secure the Web server functions, you must do so with Users and Groups.
|
|
|
UNAUTHORIZED DATA ACCESS |
|
oSecure access to the FTP/Web server using User Rights. oIf you do not enable User Rights, disable the FTP/Web server to prevent any unwanted or unauthorized access to data in your application. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
In order to change the password, go to Users and Groups tab of the device editor. For more information, refer to the EcoStruxure Machine Expert Programming Guide.
NOTE: The only way to gain access to a controller that has user access-rights enabled and for which you do not have the password(s) is by performing an Update Firmware operation. This clearing of User Rights can only be accomplished by using a SD card or USB key (depending on the support of your particular controller) to update the controller firmware. In addition, you may clear the User Rights in the controller by running a script (for more information, refer to EcoStruxure Machine Expert Programming Guide). This effectively removes the existing application from the controller memory, but restores the ability to access the controller.
To access the website home page, type in your navigator the IP address of the controller.
This figure shows the Web Server site login page:
This figure shows the home page of the Web Server site once you have logged in:
NOTE: Schneider Electric adheres to industry best practices in the development and implementation of control systems. This includes a "Defense-in-Depth" approach to secure an Industrial Control System. This approach places the controllers behind one or more firewalls to restrict access to authorized personnel and protocols only.
|
|
|
UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED MACHINE OPERATION |
|
oEvaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in-Depth, before connecting the automation system to any network. oLimit the number of devices connected to a network to the minimum necessary. oIsolate your industrial network from other networks inside your company. oProtect any network against unintended access by using firewalls, VPN, or other, proven security measures. oMonitor activities within your systems. oPrevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions. oPrepare a recovery plan including backup of your system and process information. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
Monitoring Web Server Variables
To monitor Web server variables, you must add a Web Data Configuration object to your project. Within this object, you can select all variables you want to monitor.
This table describes how to add a Web Data Configuration object:
|
Step |
Action |
|---|---|
|
1 |
Right click the Application node in the Applications tree tab. |
|
2 |
Click Add Object > Web Data Configuration.... Result: The Add Web Data Configuration window is displayed. |
|
3 |
Click Add. Result: The Web Data Configuration object is created and the Web Data Configuration editor is open. NOTE: As a Web Data Configuration object is unique for a controller, its name cannot be changed. |
Web Data Configuration Editor
Click the Refresh button to be able to select variables, this action will display all the variables defined in the application.
Select the variables you want to monitor in the web server:
NOTE: The variable selection is possible only in offline mode.
Monitoring: Data Parameters Submenu
The Data Parameters submenu allows you to create and monitor some lists of variables. You can create several lists of variables (maximum 10 lists), each one containing several variables of the controller application (maximum 20 variables per list).
Each list has a name, and a refresh period. The lists are saved in the Flash memory of the controller, so that a created list can be accessed (loaded, modified, saved) from any Web client application accessing this controller.
The Data Parameters submenu allows you to display and modify variable values:
|
Element |
Description |
|---|---|
|
Add |
Adds a list description or a variable |
|
Del |
Deletes a list description or a variable |
|
Refresh period |
Refreshing period of the variables contained in the list description (in ms) |
|
Refresh |
Enables I/O refreshing: oGray button: refreshing disabled oOrange button: refreshing enabled |
|
Load |
Loads saved lists from the controller internal Flash to the Web server page |
|
Save |
Saves the selected list description in the controller (/usr/web directory) |
NOTE: The IEC objects (%MX, %IX, %QX) are not directly accessible. To access IEC objects you must first group their contents in located registers (refer to Relocation Table).
The IO Viewer submenu allows you to display and modify the current I/O values:
|
Element |
Description |
|---|---|
|
Refresh |
Enables I/O refreshing: oGray button: refreshing disabled oOrange button: refreshing enabled |
|
1000 ms |
I/O refreshing period in ms |
|
<< |
Goes to previous I/O list page |
|
>> |
Goes to next I/O list page |
Monitoring: Oscilloscope Submenu
The Oscilloscope submenu can display up to 2 variables in the form of a recorder time chart:
|
Element |
Description |
|---|---|
|
Reset |
Erases the memorization |
|
Refresh |
Starts/stops refreshing |
|
Load |
Loads parameter configuration of Item0 and Item1 |
|
Save |
Saves parameter configuration of Item0 and Item1 in the controller |
|
Item0 |
Variable to be displayed |
|
Item1 |
Variable to be displayed |
|
Min |
Minimum value of the variable axis |
|
Max |
Maximum value of the variable axis |
|
Period(ms) |
Page refresh period in milliseconds |
This figure shows the remote ping service:
Diagnostics: Scanner Status Submenu
The Scanner Status submenu displays status of the Modbus TCP I/O Scanner (IDLE, STOPPED, OPERATIONAL) and the health bit of up to 64 Modbus slave devices:
For more information, refer to EcoStruxure Machine Expert Modbus TCP User guide.
Diagnostics: EtherNet/IP Status Submenu
The EtherNet/IP Status submenu displays the status of the EtherNet/IP Scanner (IDLE, STOPPED, OPERATIONAL) and the health bit of up to 16 EtherNet/IP target devices:
For more information, refer to EcoStruxure Machine Expert EtherNet/IP User guide.
The Maintenance page provides access to the /usr/Syslog/ and /usr/CFG/ folders of the controller flash memory.
Maintenance: Post Conf Submenu
The Post Conf submenu allows you to update the post configuration file saved on the controller:
|
Step |
Action |
|---|---|
|
1 |
Click Load. |
|
2 |
|
|
3 |
Click Save. NOTE: The new parameters will be considered at next Post Configuration file reading. |
Maintenance: EIP Config Files Submenu
The file tree only appears when the Ethernet IP service is configured on the controller.
Index of /usr:
|
File |
Description |
|---|---|
|
My Machine Controller.gz |
GZIP file |
|
My Machine Controller.ico |
Icon file |
|
My Machine Controller.eds |
Electronic Data Sheet file |
