Introduction

The BMENUA0100 module with embedded OPC UA server appears in the Control Expert hardware catalog as a communications module. It consumes one I/O channel.

When a new BMENUA0100 module comes from the factory, its cybersecurity operating mode is set to Secured mode by default. To configure the new module for Secured mode operations, follow the scenario for Secured Mode Commissioning set forth below.

To change the cybersecurity operating mode for a module that has previously been configured, including a new module you plan to configure for Standard mode operations, perform a Security Reset operation for the module. After the Security Reset operation, you can follow the scenario for either Secured Mode Commissioning or Standard Mode Commissioning.

Secured Mode Commissioning

Commissioning a BMENUA0100 module to operate in Secured mode, requires the completion of two configuration processes:

  • Cybersecurity configuration, using the module web pages.

  • IP address, NTP client, and SNMP agent configuration, using the Control Expert configuration tool.

Only a Security Administrator, using the Secured mode default username / password combination can commission the module in Secured mode.

NOTE: Perform these configuration processes in following order:

  • Use Control Expert to configure the control and backplane IP addresses.

  • Use the module webpages to configure the cybersecurity settings.

  • Use Control Expert to complete the NTP client and SNMP agent configurations.

NOTE: For commissioning in secure mode with manual enrollment, refer to the topic Manual Enrollment.

The following procedure is intended for a new module that has not been previously configured. If you are using a module that has previously been configured, perform a Security Reset operation before proceeding with the following steps.

To commission the module in Secured operating mode:

  1. Configure IP address settings:

    1. Open the Control Expert configuration tool.

    2. In Control Expert, create a New Project add a BMENUA0100 module to the project from the Hardware Catalog then configure the IP address settings.

  2. Configure cybersecurity settings:

    1. With the module detached from the rack, use the plastic screwdriver that ships with the module to set the rotary switch to the [Secured] position.

    2. Install the module into an Ethernet slot on the local, main Ethernet rack and cycle power.

    3. Use your Internet browser to connect your configuration PC to the module, using either the control port or the backplane port, and navigate to the module web pages at the configured IP address.

    4. If your Internet browser displays a message indicating a potential security risk, proceed to make the connection by clicking Accept the Risk and Continue (or similar, browser-specific language).

    5. In the user login page, enter the default username / password combination.

    6. Change and confirm the password. Refer to the User Management topic for password requirements. The module Home page is displayed.

    7. Starting from the Home page, navigate to the module web pages and configure its cybersecurity settings.

  3. Configure NTP client, and SNMP agent settings:

    1. Open the Control Expert configuration tool.

    2. In Control Expert, configure the NTP client, and SNMP agent settings.

    3. When the Control Expert project configuration is complete, connect to the PAC and transfer the project to the PAC.

NOTE: When the configuration is loaded in the BMENUA0100 module the module state changes from NOT CONFIGURED to CONFIGURED. The SECURE LED indicates if the module is not configured or configured, and if the OPC UA server is connected to an OPC UA client.

Standard Mode Commissioning

In Standard mode, a cybersecurity configuration is not required. Only the IP address, NTP client, and SNMP agent settings are configured using the Control Expert configuration tool. In Standard mode, the module begins to communicate when it is placed on the rack, power is applied, and it receives a valid configuration from Control Expert.

Use the Installer default username / password combination to commission the module in Standard mode.

To commission the module in Standard mode:

  1. With the module detached from the rack, use the plastic screwdriver that ships with the module to set the rotary switch to the Standard position.

  2. Place the module an Ethernet slot on the local, main Ethernet rack and cycle power.

  3. Open the Control Expert configuration tool.

  4. In Control Expert, create a New Project , add a BMENUA0100 module to the project from the Hardware Catalog, then configure the IP address, NTP client, and SNMP agent settings.

  5. When the Control Expert project configuration is complete, connect to the PAC and transfer the project to the PAC.

NOTE: When operating in Standard mode, the SECURE LED will be OFF.

Security Reset Operation

For a module that has previously been configured, or for a new module you want to configure for Standard mode cybersecurity operations, perform a Security Reset operation before proceeding with cybersecurity configuration. A reset operation sets the cybersecurity settings to their factory default values. You can perform a reset by using the module web pages, or the rotary switch located on the back of the module.

Web pages: For a BMENUA0100 module that is presently configured for Secured mode operations:

  1. Navigate to the Configuration Management > RESET web page.

  2. Click Reset.

    NOTE: The Security Reset operation is complete when the RUN LED is solid green, and both the NS control port LED and BS backplane port LED are solid red.

  3. Cycle power to the module in one of the following ways:

    • Turn off power to the module rack, then turn power back on.

    • Physically remove the module from the rack, then re-insert it.

    You can now proceed with Secured mode commissioning.

Rotary Switch: For any BMENUA0100 module:

  1. With the module detached from the rack, use the plastic screwdriver that ships with the module to set the rotary switch to the Security Reset position.

  2. Install the module into an Ethernet slot on the local, main Ethernet rack, and cycle power.

    NOTE: This restores the factory default settings to the module, including the control port default IP address of 10.10.MAC5.MAC6.

    Upon completion, the RUN LED is solid green, and both the NS control port LED and BS backplane port LED are solid red. You can turn off power, remove the module from the rack, and proceed with either Secured Mode Commissioning or Standard Mode Commissioning.