Introduction

Use the BMENUA0100 web pages to create, manage and diagnose a cybersecurity configuration for the module, and to view event and OPC UA diagnostic data.

NOTE: The BMENUA0100 module web pages support HTTPS communication over IPv4 and IPv6 protocols.

For the BMENUA0100 module to operate in Secured mode, a cybersecurity configuration is required and must be performed before its IP address, NTP client, and SNMP settings can be configured using Control Expert. A cybersecurity configuration can be configured only locally for each BMENUA0100 module by connecting a configuration PC, running an HTTPS browser, to the BMENUA0100 module:

  • Control port, if the control port is enabled.

  • Backplane port (via a BMENOC0301/11 or the CPU), if the control port is disabled.

NOTE: Before the BMENUA0100 module checks the validity of the cybersecurity settings entered in the web pages, it first sets the IP address settings for both the control port and the backplane port that are configured in Control Expert.

For the BMENUA0100 module to operate in Standard mode, cybersecurity settings are not required and cannot be configured.

NOTE:

  • When using a self-signed certificate, some browsers may report the connection between the PC and the module as “Unsecured”.

  • For BMENUA0100 modules operating in Secured mode in a Hot Standby system, verify that the cybersecurity settings for the BMENUA0100 module in the primary PAC are the same as the cybersecurity settings for the BMENUA0100 module in the standby PAC. The system will not automatically perform this check for you.

The accessibility of web pages depends on the cybersecurity operating mode:

Web Page or Group

Secured Mode

Standard Mode

Home

Settings (device security)

Certificates Management

Access Control

Configuration Management

Diagnostic

✔ : web pages are accessible.

– : web pages are not accessible.

Initial Configuration of Cybersecurity Settings

You can configure initial cybersecurity settings for a BMENUA0100 module that has:

  • Never been configured, and retains its initial factory default configuration.

  • Previously been configured, but had its factory default configuration restored by executing the Security Reset command.

After a module has been configured with cybersecurity settings, and is operating in Secured mode, you can also modify the cybersecurity settings using the web pages.

Refer to the commissioning topic for instructions on how to apply an initial configuration to the module.

First Login to the Web Pages

When you login to an unconfigured BMENUA0100 module, the following screen displays:

Despite the warning language, the connection is secured via HTTPS. Proceed with the initial login by clicking [Accept the Risk and Continue] (or other similar browser-specific language).

NOTE: The above message appears because the module does not yet have a valid configuration and is using a self-signed certificate.

Logging In to the Web Pages

On the first login, the security administrator enters the default User Name and Password combination. Immediately thereafter, the administrator is required to change the administrator’s default password.

You need to login each time you open the web pages for the BMENUA0100 module. Only persons that have been assigned a valid user account – with a valid username and password combination created by a security administrator in the Access Control > User Management web page – can access the module web pages.

In the login page, select a language from the drop-down list, then enter your User Name and Password .

NOTE: The module cybersecurity operating mode is displayed by the lock icon in the upper-right part of the dialog (indicated by the red arrow, above). If the lock is:

Web Page Banner

Every web page presents a banner at the top of the page:

The banner presents the following information about the BMENUA0100 module:

  • Secure Mode:

  • Event log:

    • The Event log service is disabled.

    • The Event log service is enabled; the log server is reachable.

    • The Event log service is enabled; the log server is not reachable.

    • The Event log service is enabled, but an error has been detected.

  • Control Port:

    • The control port is enabled.

    • The control port is disabled.

  • Global Status:

    • All services are operational.

    • At least one service is not operational.

  • Data dictionary:

    • Available: the data dictionary functionality is available.

    • NotAvailable: the data dictionary functionality is not available or is not enabled.

  • Connected Clients: the number of currently connected OPC UA clients.

  • Apply/Discard Configuration: Indicates the state of the current module cybersecurity web page configuration:

    • Unchanged configuration: The cybersecurity configuration contains no pending or invalid edits. The Apply and Discard commands are disabled.

    • Pending configuration: One or more changes to the cybersecurity configuration has not yet been applied. Both the Apply and the Discard commands are enabled.

    • Invalid configuration: The cybersecurity configuration is incomplete or incorrect. The Apply command is disabled; the Discard command is enabled. In this state, the web page GUI displays, next to each affected menu item, a red circle that contains the number of invalid configuration settings reachable via that menu path. When you navigate to a page with an invalid configuration setting, the GUI identifies the invalid configuration setting.

Web Page Help

Many Web pages offer parameter-level context sensitive help. To get help for a specific parameter, or field, place your cursor pointer over the icon.