BaseLine Software Platform

Maintenance and Monitoring Tool

03/2017

webApp

www.schneider-electric.com
Rev 1.0 (17-03-2017)

Change Control
Rev Date Description
1.0 09-08-2015 Initial revision

Relevant information for the user

As a result of the multiple uses of the product, the personnel in charge of the application and use of this control device
must ensure these usages comply with all safety and performance requirements applicable in each application. The
requirements include the applicable industry-related laws, norms, regulations and standards.
Throughout this manual some notes are included in order to alert the user about specific circumstances.
NOTICE
NOTICE box identifies information about practices and circumstances which could result in a malfunction of the
equipment.

Restricted Liability
Electrical equipment should be serviced and maintained only by qualified personnel.
No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this manual. This
document is not intended as an instruction manual for untrained persons.
The illustrations, dialog boxes, programming models and examples shown in this manual are intended for exemplary
purposes. As there are installation-specific variables and requirements, Schneider Electric will not be held responsible for
the misuse of the equipment based on the examples herein published.
NOTICE
An inadequate use of the equipment, or misuse by ignoring these specifications, may comprise the system’s security.

It is highly recommendable to backup the application programs frequently using the appropriate storage media to avoid
potential data loss.

The Saitel platform and all its components have been developed in accordance to the requirements for a quality
management system, complying with the ISO 9001 Norm.

Document: FTE-WAT-S856
Revision / Date: Rev 1.0 / 17-03-2017
File: User Manual of webApp_EN_Rev1.0.pdf
Retention period: Permanent throughout its validation period + 3 years after its
cancellation.

webApp User Manual 1

 Rev 1.0 (17-03-2017)

Table of Contents
Chapter 1 - Overview of webApp.................................................................................................................................. 1-1
1.1 Introduction......................................................................................................................................................... 1-1
1.2 Home .................................................................................................................................................................. 1-1
1.3 Monitoring and Control ....................................................................................................................................... 1-2
1.4 Diagnostic........................................................................................................................................................... 1-3
1.5 Maintenance ....................................................................................................................................................... 1-4
1.6 Settings .............................................................................................................................................................. 1-5
Chapter 2 - Accessing webApp ..................................................................................................................................... 2-1
2.1 Introduction......................................................................................................................................................... 2-1
2.2 SAT and RBAC model ........................................................................................................................................ 2-1
2.3 Default Users ...................................................................................................................................................... 2-1
2.4 Roles .................................................................................................................................................................. 2-2
2.5 System Security Parameters .............................................................................................................................. 2-4
2.6 Accessing Saitel via webApp.............................................................................................................................. 2-5
Chapter 3 - Data Consultation and Monitoring Pages ................................................................................................... 3-1
3.1 Home Page ........................................................................................................................................................ 3-1
3.2 Monitoring & Control ........................................................................................................................................... 3-2
3.2.1 System Information..................................................................................................................................... 3-2
3.2.2 Data ............................................................................................................................................................ 3-4
Chapter 4 - Diagnostic and Maintenance ...................................................................................................................... 4-1
4.1 Introduction......................................................................................................................................................... 4-1
4.2 Diagnostic........................................................................................................................................................... 4-1
4.2.1 Events Log ................................................................................................................................................. 4-1
4.2.2 System Log ................................................................................................................................................ 4-2
4.2.3 Cyber Security Log ..................................................................................................................................... 4-2
4.3 Maintenance ....................................................................................................................................................... 4-3
4.3.1 Clock .......................................................................................................................................................... 4-3
4.3.2 Acquisition .................................................................................................................................................. 4-4
Chapter 5 - Advanced Maintenance .............................................................................................................................. 5-1
5.1 Introduction......................................................................................................................................................... 5-1
5.2 Users Management ............................................................................................................................................ 5-1
5.3 IP Configuration .................................................................................................................................................. 5-2
5.4 Software Upgrade .............................................................................................................................................. 5-3
5.5 Configurations Management .............................................................................................................................. 5-6
5.5.1 Saving Configurations ................................................................................................................................ 5-7
5.5.2 Uploading Configurations ........................................................................................................................... 5-8
5.6 Settings .............................................................................................................................................................. 5-9
5.6.1 Protocols and Physical ports Configuration .............................................................................................. 5-10
5.6.2 Synchronization Settings .......................................................................................................................... 5-11

2 webApp User Manual

Rev 1.0 (17-03-2017)

Index of Figures
Figure 1-1 – Disclaimer information.................................................................................................................................... 1-1
Figure 1-2 – Home view ..................................................................................................................................................... 1-1
Figure 1-3 – Monitoring and Control view – System information ........................................................................................ 1-2
Figure 1-4 – Monitoring and Control view – Data ............................................................................................................... 1-2
Figure 1-5 – Diagnostic view – System log ........................................................................................................................ 1-3
Figure 1-6 – Diagnostic view - SOE ................................................................................................................................... 1-3
Figure 1-7 – Diagnostic view – Security log ....................................................................................................................... 1-3
Figure 1-8 – Maintenance view – Clock ............................................................................................................................. 1-4
Figure 1-9 – Maintenance view – Acquisition ..................................................................................................................... 1-4
Figure 1-10 – Maintenance view – IP configuration............................................................................................................ 1-4
Figure 1-11 – Maintenance view – Software ...................................................................................................................... 1-5
Figure 1-12 – Maintenance view – Configuration ............................................................................................................... 1-5
Figure 1-13 – Settings view ................................................................................................................................................ 1-6
Figure 2-1 – Security certificate warning ............................................................................................................................ 2-5
Figure 2-2 – Login window ................................................................................................................................................. 2-5
Figure 3-1 – Home page .................................................................................................................................................... 3-1
Figure 3-2 – Home page .................................................................................................................................................... 3-1
Figure 3-3 – System status ................................................................................................................................................ 3-2
Figure 3-4 – Redundancy status ........................................................................................................................................ 3-3
Figure 3-5 – Power supplies status .................................................................................................................................... 3-3
Figure 3-6 – Serial communications status ........................................................................................................................ 3-3
Figure 3-7 – Data - Status .................................................................................................................................................. 3-4
Figure 4-1 – Event log ........................................................................................................................................................ 4-1
Figure 4-2 – System log ..................................................................................................................................................... 4-2
Figure 4-3 – Cyber security log .......................................................................................................................................... 4-2
Figure 4-4 – Date / Time (user with no permissions for change it) ..................................................................................... 4-3
Figure 4-5 – Date / Time (Auto mode) ................................................................................................................................ 4-3
Figure 4-6 – Date / Time (Manual mode) ........................................................................................................................... 4-3
Figure 4-7 – Date / Time (Manual mode) ........................................................................................................................... 4-4
Figure 4-8 – Calibration of analog points............................................................................................................................ 4-5
Figure 5-1 – Users management ........................................................................................................................................ 5-1
Figure 5-2 – IP configuration .............................................................................................................................................. 5-2
Figure 5-3 – Adding or editing a router ............................................................................................................................... 5-3
Figure 5-4 – Firmware in the RTU ...................................................................................................................................... 5-3
Figure 5-5 – Firmware upgrade – Step 1............................................................................................................................ 5-4
Figure 5-6 – Firmware upgrade – Step 2............................................................................................................................ 5-4
Figure 5-7 – Firmware upgrade – Step 3............................................................................................................................ 5-5
Figure 5-8 – Firmware upgrade – Step 4............................................................................................................................ 5-5
Figure 5-9 – Firmware upgrade – Step 5............................................................................................................................ 5-5
Figure 5-10 – Firmware upgrade – Step 6.......................................................................................................................... 5-6
Figure 5-11 – Firmware upgrade – Step 7.......................................................................................................................... 5-6

webApp User Manual 3

 Rev 1.0 (17-03-2017)
Figure 5-12 – Configuration management .......................................................................................................................... 5-7
Figure 5-13 – Save active configuration ............................................................................................................................. 5-7
Figure 5-14 – Saving a store configuration......................................................................................................................... 5-8
Figure 5-15 – Uploading configurations.............................................................................................................................. 5-8
Figure 5-16 – Uploading configuration into a Slot............................................................................................................... 5-9
Figure 5-17 – Setting .......................................................................................................................................................... 5-9
Figure 5-18 – Configuring SCADA protocols .................................................................................................................... 5-10
Figure 5-19 – Configuring channels ................................................................................................................................. 5-11
Figure 5-20 – New values marked in orange color. .......................................................................................................... 5-11
Figure 5-21 – Invalid synchronization source. .................................................................................................................. 5-12

4 webApp User Manual

Rev 1.0 (17-03-2017)

Index of Tables
Table 2-1. Default users and roles. .................................................................................................................................... 2-1
Table 2-2. Default RBAC model in Saitel. .......................................................................................................................... 2-2
Table 2-3. Right for each role ............................................................................................................................................. 2-3
Table 2-4. System Security Parameters ............................................................................................................................. 2-5
Table 3-1. Quality information ............................................................................................................................................ 3-6
Table 4-1. Acquisition status .............................................................................................................................................. 4-4

webApp User Manual 5

 Rev 1.0 (17-03-2017)

Manual Contents
I. Scope
This manual provides information about webApp used in a Saitel environment. This tool provides a new HMI for
SM_CPU866e, depending on the release of the Baseline Software. webApp is currently available for SM_CPU866e V1 of
Saitel. All information in this document refers to this CPU.
webApp can be accessed by a web browser and it is designed responsive and multi browser.
This document is addressed to developers and users of the BaseLine software platform and more specifically to the users
of the web services and front end application.

II. Arrangement
This manual is divided in different chapters. The following lines describe briefly the contents covered by each chapter.

Chapter 1 – Overview of to webApp

General description of webApp.

Chapter 2 – Accesing webApp

Information about cyber security webApp, including default users and privileges.

Chapter 3 – Data Consultation and Monitoring

General information about the RTU, including system performance and information in coreDb.

Chapter 4 – Diagnostic and Maintenance

Description of the system logs, maintenance of the system date/time and I/O modules.

Chapter 5 – Advance Maintenance

Description of other operations available for advanced users: User management, IP configuration, etc…

III. Reference Manuals

Additional information to this document can be found in the following documents:

Manual’s name Document

Configuration & Startup of Saitel DR FTE-CYP-F800
Saitel DR Modules FTE-MOD-F800
Configuration & Startup of Saitel DP FTE-CYP-F700
Saitel DP Modules FTE-MOD-F700
Easergy Builder – User Manual FTE-MSS-S854
Table 1 - Reference manuals.

IV. Software Versions

Following table shows the baseline version for each compatible CPU. The information included in this document is valid for the
versions of the Baseline listed below and subsequent.

6 webApp User Manual

Rev 1.0 (17-03-2017)

CPU Baseline Version

SM_CPU866 No compatible
SM_CPU866e (V1) 11.06.00
HU_B / HU_BI No compatible
HU_A / HU_AF No compatible
Table 2 - Software versions covered by this manual.

webApp User Manual 7

Rev 1.0 (17-03-2017)

Chapter 1 - Overview of webApp

1.1 Introduction
NOTICE
webApp has been designed to work only with the cyber security brick. This functionality is not available in systems that
don’t include the cyber security brick, and doesn’t work in systems without the external web server either. Pages are
loaded dynamically according to the user’s roles.

webApp is the local and remote user interface for consulting and monitoring SM_CPU866e V1 operating, maintenance,
and application configuration data. Once the username and password have been entered, all data in the HTML pages can
be viewed simply by clicking on the links in the ribbon at the top of the screen.
Following message is shown previously to access the main menu of the tool:

Figure 1-1 – Disclaimer information.

Please, read this information and take it into account.

This ribbon contains 5 menus:
• Home
• Monitoring & Control
• Diagnostic
• Maintenance
• Settings

1.2 Home

Figure 1-2 – Home view

webApp User Manual 1-1

 Rev 1.0 (17-03-2017)
The information on this page identifies the system to which the user is connected. Some of this information can be filled in
by the user:
• GPS coordinates corresponding to the substation or location where the RTU is installed.
• Image associated to the RTU. It could be useful to include a location map corresponding to the GPS coordinates.
• Notes added by users.
• Device information: name, description, owner, …
• Factory information: manufacturer, model and current software version installed.

1.3 Monitoring and Control

Figure 1-3 – Monitoring and Control view – System information

Please take into account that the correspondent supervision points must be installed, otherwise, you will see a warning
like the one in the example above (PLC information not available). If RAM or CPU usage information is not available, the
unavailability information will be displayed the following way:

This menu is used to view system and data information:

• System information includes: RTU status, configuration, redundancy and power supplies.
• Data information includes information about all signal types stored in coreDb. The following picture shows
information about analog points.

Figure 1-4 – Monitoring and Control view – Data

1-2 webApp User Manual

Rev 1.0 (17-03-2017)

1.4 Diagnostic
This menu is used to view the data logs recorded in real time by the RTU:
• Event log
• System log
• Security log (Security administration rights are required)
All these logs can be exported to “csv” file and download it to the PC.

Figure 1-5 – Diagnostic view – System log

Figure 1-6 – Diagnostic view - SOE

Figure 1-7 – Diagnostic view – Security log

webApp User Manual 1-3

 Rev 1.0 (17-03-2017)

1.5 Maintenance
This menu helps with maintenance of the SM_CPU866e V1 by supplying the relevant information or by allowing
configuration of the standard RTU applications:
• Clock: Information and configuration of the RTU time.

Figure 1-8 – Maintenance view – Clock

• Acquisition: Information about I/O modules. All configured modules are displayed in tabs.

Figure 1-9 – Maintenance view – Acquisition

• Advanced maintenance:
o IP configuration. Network interfaces can be configured from webApp.

Figure 1-10 – Maintenance view – IP configuration

o Software. Information about current software and installation of new revisions.

1-4 webApp User Manual

Rev 1.0 (17-03-2017)

Figure 1-11 – Maintenance view – Software

o Configuration management. The webApp can store several different configurations but is active only one of
them.

Figure 1-12 – Maintenance view – Configuration

1.6 Settings
From webApp, basic settings can be modified for channels, protocols (Devices) and synchronization. The current Devices
supported are:
• DNP slave
• IEC101 slave
• IEC104 slave
• Modbus master

webApp User Manual 1-5

 Rev 1.0 (17-03-2017)

Figure 1-13 – Settings view

1-6 webApp User Manual

Rev 1.0 (17-03-2017)

Chapter 2 - Accessing webApp

2.1 Introduction
The module SM_CPU866e V1 is provided with a standard security policy and a default RBAC (Role-Based Access Control)
model). This model is defined and managed by a special tool - SAT (Security Administration Tool). Based in this model,
using webApp, authorized users can create and manage other users in the system.

2.2 SAT and RBAC model

SAT is the security administration tool for managing the security policy and defining the restrictions for accessing the
system or the communication interfaces. It is a software tool for installing on a PC.
The SM_CPU866e V1 security policy consists in structuring the rights and responsibilities within the system and defining
who is authorized to do what, when, and how, based on an RBAC (role-based access control) model.
A key aspect of the RBAC model is that all access is controlled via roles. A role is essentially a set of permissions, and all
users receive these permissions via the role to which they are assigned, or via roles that they inherit through the hierarchy
of roles.
This RBAC model allows the SM_CPU866e V1 to:
• Secure local and remote connections for maintenance: HTTPS, SSH.
• Secure file transfer protocols: SFTP.
SM_CPU866e V1 is supplied with a predefined RBAC model allowing different levels of user access adapted to this CPU
usage compliant with standard IEC 62351-8.
It is not strictly necessary, therefore, to modify this default RBAC model if it is suitable. The SAT will therefore not be used
for general use of the SM_CPU866e V1. The SAT can, however, be used to create its own user database along with
definition of its own roles, as well as to manage the RBAC models for each device centrally.

2.3 Default Users

. The SAT can be used during the engineering phase to redefine or change the system access restrictions, including the
access rights and responsibilities (via an RBAC model).
Since the roles and access levels are already predefined in the RBAC model, webApp is used to add or delete users,
modify passwords, and assign or modify one or more predefined roles to users.
In the default user database, the SecurityAdmin user is the only user with sufficient rights (SECADM role) to administer
Saitel cybersecurity actions (see table below). Consequently, this is the only user who can manage/modify user
passwords and rights (roles).

Username Password Role

Viewer Viewer1! VIEWER
Operator Operator1! OPERATOR
Engineer Engineer1! ENGINEER

Users Installer Installer1! INSTALLER

SecurityAdmin Security1! SECADM
SecAud Secaud1! SECAUD
RbacMnt Rbacmnt1! RBACMNT

Table 2-1. Default users and roles.

It is not possible to modify the rights assigned to a role using webApp.

WARNING
For security purposes, passwords must be changed during commissioning.

webApp User Manual 2-1

 Rev 1.0 (17-03-2017)

2.4 Roles
Role-based-access-control (RBAC) is a control mechanism that defines roles which have certain privileges. These
privileges are defined by objects and the action that user can do with them.
Following table shows actions allowed for each object type. Depending on the rol of the user logged in webApp, an action
is allowed or not.

Object ID Action Meaning

Read Download coreDb configuration files from RTU.
coreDb configuration files. CONF_DB Upload coreDb configuration files to RTU. The user can
Write
execute applications reset too.
Read Download system configuration files from RTU.
System configuration files. CONF_SYS
Write Upload webApp configuration files.
View Read version of the Baseline and BSP.
Baseline’s paths FIRMWARE Read Read status of the firmware update.
Write Update firmware and web server files.
Web server WEBSERVICES Access Web server access permission.
BLMon application BLMON Access Not available through webApp.
Read Download log files (sysLog and soeLog). CS log excluded.
Syslog files SYS_LOG
Write Not available through webApp.
SSH and SFTP SSH Access Not available through webApp.
Linux’s shell OS_SHELL Access Not available through webApp.
Read Access to CS brick configuration files (SAT dependency).
CS Brick configuration files. RBAC
Write Access to CS brick configuration files (SAT dependency).
CS Brick log files. RBAC_LOG Read Download CS log files.
Local and remote reset. (Application reload and system
Reboot and applications reset RESET Access
reboot).
Read Read information stored in coreDb.
Information in coreDb DATA
Write Change information stored in coreDb.

Table 2-2. Default RBAC model in Saitel.

You need to connect to the RTU as a SecurityAdmin user to be able to perform the user and role administration
operations described in table below:

2-2 webApp User Manual

Rev 1.0 (17-03-2017)

OPERATOR

INSTALLER
ENGINEER
Rights Defined For Each Role/User 1

RBACMNT
SECADM

SECAUD
VIEWER
Object Description Action

Read ɣ ɣ ɣ ɣ
CONF_DB Operating with coreDb configuration files.
Write ɣ ɣ
Read ɣ ɣ ɣ
CONF_SYS Operating with system configuration files.
Write ɣ ɣ
View ɣ ɣ ɣ
FIRMWARE Upgrading firmware. Read ɣ ɣ
Write ɣ ɣ
WEBSERVICE Accesing to web server Access ɣ ɣ ɣ ɣ ɣ
SSH Easergy Builder 2, console. Access ɣ ɣ
OS_SHELL Linux shell. Access ɣ
BLMON Accessing to BLMon Access ɣ
Read ɣ ɣ ɣ ɣ
SYS_LOG System and SOE log files
Deletion ɣ ɣ
Read ɣ SAT 3
System security (users, password,
RBAC
access right)
Write ɣ SAT3

RBAC_LOG Security log file Deletion ɣ SAT3 SAT3

Device data (signals, measurements,

Read ɣ ɣ ɣ ɣ
DATA
counters, etc…)
Write ɣ ɣ ɣ
RESET Device reset. Access ɣ ɣ
Table 2-3. Right for each role

1 It is not possible to modify the rights assigned to a role via webApp. This can only be done via SAT. Refer to
the SAT manual for more information on how to administer the roles and associated rights in the RBAC
model.
2To have full access to read and write a configuration in Easergy Builder, you will need the services "SSH"
and "OS_SHELL". So, only the access Engineer allows this possibility.
3 "SAT" means that this user/role cannot access the Web server, but has the rights assigned via the SAT only.
webApp User Manual 2-3

2.5 System Security Parameters
Cybersecurity involves a certain number of system parameters that are applied to the security policy. These parameters
are summarized in the table below and cannot be modified in the SAT tool.
Parameter
Idle session timeout
Authorize user lockout
Maximum number of connections
Password timeout
Account auto-unlock
Account lock duration
Password complexity
Monitoring and recording standards
Syslog server IP address
Syslog server IP port
SNMP Client/Server IP address
Rev 1.0 (17-03-2017)
Description
After a period of inactivity, user access to the Web server lapses. The user
must re-enter their username and password to reconnect (Default: 15
minutes).
Option to lock/unlock a user account (Default: Authorized)
The maximum number of connection attempts a user can make (Default: 5
attempts)
Maximum time period allowed for entering password (Default: 3 minutes)
Automatic unlocking of a user account after a defined duration (see below) if
the account has been locked out (Default: unlocking enabled)
Maximum time period for an account to remain locked (Default: 240
seconds).
Choice of policy (strength) used for creating or modifying passwords. 3
levels of complexity are possible, compliant with standards:
• None (Default)
o 1 character minimum.
o Valid characters: ASCII [33,122]
• IEEE Std 1686:
o 8 characters minimum.
o Valid characters: ASCII [33,122], including:
 1 lower case letter.
 1 upper case letter.
 1 digit.
 1 special character (! " # $ % & ' ( ) * , - . / : ; < = > ?
@ [ ] ^_ `).
• NERC:
o 6 characters minimum.
o Valid characters: ASCII [33,122], including:
 1 letter
 1 digit
 1 non-alphanumeric character
List of supported standards:
• BDEW (Default)
• E3
• NERC_CIP
• IEEE 1686
• IEC 62351
• CS_PH1
IP address for the Syslog server (Default: 10.22.90.14 by default)
IP port number for the Syslog server (Default: 601)
Not available
2-4 webApp User Manual
Rev 1.0 (17-03-2017)

Parameter Description
Rights activation Options for activating user rights:
• Cybersecurity rights (Default)
• Generic rights
High security banner Not available
Medium security banner Not available
Low security banner Not available
Table 2-4. System Security Parameters

2.6 Accessing Saitel via webApp

For accessing the webApp, please type in the web browser’s navigation bar the following:

https://[RTU’s IP]

If a security warning is shown, ignore the warning and go to the web page, for example, in Internet Explorer select
“Continue to this website”

Figure 2-1 – Security certificate warning

From the login page, the language can be set (currently available: Spanish, English and French). Only RBAC users are
allowed to log in webApp.

Figure 2-2 – Login window

webApp User Manual 2-5

Rev 1.0 (17-03-2017)

Chapter 3 - Data Consultation and

Monitoring Pages
3.1 Home Page
Once the username and password have been entered to access webApp, the Home page is displayed automatically:

Figure 3-1 – Home page

This page contains the following general information:

• Device information: It is possible to add the names of the operators who have used or configured the equipment
or a specific custom note that can be viewed each time a connection is established to this RTU. This information
can be changed using button “Edit”, next to “Device information”.
• Notes: This zone allows the user to include notes that are shown to others users that connect to the RTU using
webApp.
• Location: The GPS coordinates for the RTU location (place, latitude, longitude, and altitude) should be entered
here by the installer. Location is not set automatically. The image must be include manually by clicking button
on map.

Figure 3-2 – Home page

webApp User Manual 3-1

 Rev 1.0 (17-03-2017)
The new image can be select from a file or simply drag and drop using the explorer.
NOTICE
The image must be in JPG, PNG or JPEG format and with a maximum size of 100 KB.

• Factory Information: This zone shows the manufacturer, model and the version of the software loaded on the
SM_CPU866e module. Using button “Edit” next to the text “Factory Information”, it is also possible to include an
image of the particular RTU or CPU for identification purposes.
NOTICE
The image must be in JPG, PNG or JPEG format and with a maximum size of 100 KB.

3.2 Monitoring & Control

This menu is used to view:
• System information.
• Information about coreDb points.
Please take into account that the correspondent supervision points must be installed, otherwise, you will see a warning
like this:

For example, if RAM usage information is not available, the unavailability information will be displayed the following way:

In following paragraphs, each signal is indicated on the picture into a blue square. Please, consult the Easergy Builder
manual for more information about supervision points.

3.2.1 System Information

Monitoring & Control  System Information

Four information blocks are available:

System

Figure 3-3 – System status

3-2 webApp User Manual

Rev 1.0 (17-03-2017)

Redundancy
The second block shows information relative to redundancy:

Figure 3-4 – Redundancy status

Power supplies
The third one show information related to power supplies:

Figure 3-5 – Power supplies status

Serial communications
An extra block may be shown if SM_SER are configured. It will show the state of the correspondent SM_SER:

Figure 3-6 – Serial communications status

webApp User Manual 3-3

 Rev 1.0 (17-03-2017)

3.2.2 Data
There are 4 pages in the SM_CPU866e Web server for viewing status and measurement data or for sending commands.
• Status page: For viewing the status of the digital data.

Monitoring & Control  Status

• Command page: For sending change of state commands based on the digital data.

Monitoring & Control  Command

• Analog page: For viewing measurement values.

Monitoring & Control  Analog

• Setpoint page: For forcing parameter values.

Monitoring & Control  Setpoint

For example, following picture shows the first page of the status points.

Figure 3-7 – Data - Status

For all point types, each page has the same format, with the following information displayed on the screen:

Refresh period

The data refresh period can be configured in 1 of 3 ways:

• Fast: Data is refreshed every second.

• Normal: Data is refreshed every 4 seconds.

• Slow: Data is refreshed every 10 seconds.

Number of Points
The number of point on each page can be set between 10, 20 and 50.

3-4 webApp User Manual

Rev 1.0 (17-03-2017)

Filtering information
It’s possible to set a filter to display data by Source or Destination to limit the amount of data displayed on screen.

Only devices used as Source and Destination will be shown in the filter.

Point information
The description of a data item is displayed over 3 columns:
• Point name: Internal name of the data item in coreDb.
• Description: Detailed description.
• Value: Point’s value in coreDb.

By clicking the button associated with the Value field, you can manually edit the state or value of a Command or
Setpoint data item.
Similarly, for a Status or Analog data item, you can force its status or value. However, this type of data is only processed
in read mode; forcing is only applied in simulation. To do this, the actual data item must first be locked by clicking the
Locking option.
Once the data is locked, the “Edit” button associated with the Value field then becomes accessible and can be used to
change its status or value in simulation mode.

NOTICE
The modified value also impacts the remote retransmission. This allows you, for instance, to simulate the state of a
variable and to test its retransmission, without affecting the actual equipment operation.

Disabling the Locking option cancels the simulation and returns to the actual status or value of the data item.

Quality Information
Two icons displayed in the Quality column provide an indication of the data processing quality. The quality of a data item
can give an indication of the validity of the status or value entered on the Web server page.
This quality is indicated for the following 2 sources:
• Local source: Reflects the quality of the data item from the viewpoint of its processing at the SM_CPU866e end.
• Remote source: Reflects the quality of the data item sent by the information source (device) processing the
data.

webApp User Manual 3-5

 Rev 1.0 (17-03-2017)
In the same way as for a change of state or value for Status or Analog data, it is possible to manually simulate the quality

of a data item. To do this you must first lock the data item using the Locking option. Then click the button associated
with the Quality field. The possible choices for the local and remote source quality are then displayed on screen.

Disabling the Locking option cancels the simulation and returns to the actual quality of the data item.
The table below shows the correspondence of the different quality types that can be simulated after having locked a data
item. Note that this also gives an indication of the different quality types that can be obtained in actual operation.

Local Source Quality Description

Overflow An overflow has occurred on a counter.
Rollover An overflow and an automatic reset have occurred on a counter.
Counter adjustment The counter has been adjusted.
Chatter Excessive change on a digital input.
Locked The data item is locked.
Manual The data item has been manually replaced.
Not typical The data item has not yet been written to the database.
Invalid data Data item is invalid.
Critical alarm The value of the data item has exceeded the High-High alarm threshold.
High level alarm The value of the data item has exceeded the High alarm threshold.
Low level alarm The value of the data item is below the Low alarm threshold.
Signal alarm The value of the data item is below the Low-Low alarm threshold.
Invalid time The data item time-stamp is invalid or inaccurate (the SM_CPU866e is not
synchronized by a source)
Remote Source Quality Description
Overflow An overflow has occurred on a counter.
Rollover An overflow and an automatic reset have occurred on a counter.
Counter adjustment The counter has been adjusted.
Chatter Excessive change on a digital input.
Locked The data item is locked.
Substituted data The data item has been manually replaced.
Not typical The data item has not yet been written to the database.
Invalid data Data item is invalid.
Invalid time The data item time-stamp is invalid.
Table 3-1. Quality information

3-6 webApp User Manual

Rev 1.0 (17-03-2017)

Chapter 4 - Diagnostic and Maintenance

4.1 Introduction
The menu Diagnostic is used to view the data logs recorded in real time by the SM_CPU866e:
• Event log
• System log
• Security log (Security administration rights are required)
The menu Maintenance helps with maintenance of the SM_CPU866e by supplying relevant information or by allowing
configuration of:
• Users (Security administration rights are required)
• Clock
• Acquisition modules
• IP configuration
• Software upgrade
• Managing configurations.

4.2 Diagnostic
4.2.1 Events Log
Diagnostic  Events

All of the SOE events can be monitored by clicking on this menu.

Figure 4-1 – Event log

Events can be:

• Sorted, using the arrow next to the name of the column.
• Searched, writing the text to search into the textbox under the name of the column.

• Cleared, using button .

• Exported to a “csv” file and download it to the PC.

WARNING
Please, take into account that clearing events, not only clear the table. This action deletes the content of the SOE files
in the file system. Events couldn’t be recovered after confirming deletion.

webApp User Manual 4-1

 Rev 1.0 (17-03-2017)

4.2.2 System Log

Diagnostic  System

The system log is presented the same way as SOE events and they can be exported to csv too, but not cleared.

Figure 4-2 – System log

4.2.3 Cyber Security Log

Diagnostic  Cyber security

NOTICE
Only users with SECADM authorization can access this information.

The cyber security logs are presented the same way as SOE events and they can be exported to csv but not cleared.
Security administration rights are required in order to access this page.

Figure 4-3 – Cyber security log

4-2 webApp User Manual

Rev 1.0 (17-03-2017)

4.3 Maintenance
4.3.1 Clock
Maintenance  Clock

Using this page, the RTU time can be modified. This change can be done automatically (will set the PC time as RTU time)
or manually. If the user doesn’t have the proper permissions, the current RTU time only is shown for informational
purposes only as follow:

Figure 4-4 – Date / Time (user with no permissions for change it)

If the user can change the system time, this page is like as follow:

Figure 4-5 – Date / Time (Auto mode)

Pressing the green button, the date/time of the PC is sent to the RTU.
If the date/time of the RTU must be set manually, change the switch in this page to “Manual” mode.

Figure 4-6 – Date / Time (Manual mode)

Select the correct date / time and press the green button. This new date/time will be sent to the RTU.

webApp User Manual 4-3

 Rev 1.0 (17-03-2017)

4.3.2 Acquisition
Maintenance  Acquisition

This page is depending on the I/O modules installed and configured in the RTU. For example:

Figure 4-7 – Date / Time (Manual mode)

Acquisition Status
Each configured acquisition module is shown in a tab, with its name and two icons showing the current status:
Icon Meaning
Communications are OK

Communications error

Module has no diagnostics

Module has diagnostics

Table 4-1. Acquisition status

This information is also included on each tab:

Analog Calibration
Modules that contain AI (SM_AI16 / SM_AI8AO4) and AO (SM_A8AO4) show a table with the correspondent signals. If
the permissions set for the user allows it, these points can be calibrated.
For example, following picture shows a tab corresponding to a SM_AI8AO4 module. All of its signals are displayed with
the value and quality information.

4-4 webApp User Manual

Rev 1.0 (17-03-2017)

Figure 4-8 – Calibration of analog points

To start the calibration of an analog input or output, just click on the “Calibrate” button for the signal to calibrate. A window
will pop with the instructions that the user must follow. Please take into account that if the point has no good quality or it is
blocked, calibration will not start:

Press “Yes” to continue or “No” and the process is canceled.

If the analog point cannot be calibrated, following message will be shown:

webApp User Manual 4-5

Rev 1.0 (17-03-2017)

Chapter 5 - Advanced Maintenance

5.1 Introduction
Depending on the authorization level of the user logged, following task are available or not:
• Users management
• IP configuration
• Software upgrade
• Configurations management

5.2 Users Management

Maintenance  Users

Proceed as follows to change user roles and passwords:

• Connect to the RTU with the SecurityAdmin user or equivalent.
• Go to Maintenance  Users. This page shows the existing users. Click on a user to display the roles assigned to
him.

Figure 5-1 – Users management

• To assign or remove a role from a user, simply check or uncheck the box next to the specific role in the list.
Several roles can be assigned to a single user, but there must be at least one role per user.

• Once the user roles have been modified, click the button to save the changes.

• It is also possible to delete the user by clicking the button . Confirmation is requested to avoid a potential
operator error
• Click the button “Change password” to change the user password. The new password must be entered twice to
confirm it for security reasons. Password creation rules are defined in the SAT. By default, the password must
contain the following:
o At least 1 character
o Valid characters: ASCII code [33,122]
• By clicking button “Add user” , it is also possible to create a new user in addition to the default users. This opens
a new window, requesting entry of the password and definition of the roles for this user. Click “OK” to confirm
creation of this user.
webApp User Manual 5-1
 Rev 1.0 (17-03-2017)
It is possible to lock an existing user by enabling the lock.

The user will then no longer be able to connect using their login (username and password).
It is possible to assign cybersecurity administrator rights to a predefined user other than SecurityAdmin. This other user
can then perform the same role and password administration tasks for all other users, except their own

5.3 IP Configuration
Maintenance  IP configuration

Network interfaces can be configured from webApp

Figure 5-2 – IP configuration

For each ETH port, the user can set IP address, Subnet Mask and Disable/Enable this interface. IP address can be set as
Fixed or Automatic (using DHCP):

Only if ETH1 and ETH2 devices aren’t configured with a IP address, PRP1 device is enabled to be configured.

If ETH1 or ETH is configured with a IP address, then PRP1 is disabled:

Idem for PRP2 with ETH3 and ETH4.

The Router function is used to define connection rules for accessing the RTU remotely via other IP networks. It allows
devices, such as tablets or PCs that are connected to different auxiliary LANs than the SM_CPU866e, to access the CPU
via a WAN within defined connection rules and limits.

5-2 webApp User Manual

Rev 1.0 (17-03-2017)
By configuration, the IP addresses (Subnet IP) of the auxiliary LAN network able to access the RTU must be defined with
a rule limiting the number of possible hosts (Subnet mask). Only the IP addresses defined in these connection rules can
then access the RTU, which helps to strengthen security of the connections.
The SM_CPU866e uses these connection rules to authorize an identified host and determine the correct channel and IP
addresses to use to respond.
Routers can be added, edited or deleted from the Routers table:

Figure 5-3 – Adding or editing a router

Where:
• Subnet IP: IP address of the auxiliary network that wants to access the RTU.
• Subnet Mask: Used to define the usable IP address range on the auxiliary network and limit the possible number
of hosts.
• Router IP: Address of the IP network gateway to which the RTU is connected.
It is possible to define a default route through which communication will be automatically routed by the router when a
connection is established.
To do this, simply configure the router parameters as follows:
• Subnet IP: 0.0.0.0
• Subnet Mask: 0.0.0.0
• Router IP: IP address of the default gateway through which traffic is directed.

5.4 Software Upgrade

Maintenance  Software

The current versions of the firmware embedded in the SM_CPU866e module is displayed in the Software page:

Figure 5-4 – Firmware in the RTU

Step 1 / Select
Using the green button “Install new firmware” the firmware can be upgraded. A window appears on screen showing the
firmware upgrade procedure, which involves several steps:

webApp User Manual 5-3

 Rev 1.0 (17-03-2017)

Figure 5-5 – Firmware upgrade – Step 1

Click the button “Select file” and select the compress file or drag it on the square. This file (“.tar.gz” extension) must be
available on the PC connected to the Web server. Contact Schneider Electric technical support to obtain this file.

Step 2 / Upload
Click the “Upload” button to upload the file.

Figure 5-6 – Firmware upgrade – Step 2

The upload progress is indicated as a percentage in a progress bar on screen.

Step 3 / Check
After uploading the file, it will be checked. If fail, a red cross is shown next to the text “NewBspVer”

5-4 webApp User Manual

Rev 1.0 (17-03-2017)

Figure 5-7 – Firmware upgrade – Step 3

If the checking process is successful, press the new green button “Install new firmware”. The rest of the process is
automatic.

Step 4 / Install
WARNING
During this process it is very important not to close the browser nor navigate in another tab, the tracking of this process
will be lost and you will be unable to log in until the new firmware is fully installed.

New firmware will be installed and applied by rebooting the RTU.

Figure 5-8 – Firmware upgrade – Step 4

Step 5 / Reboot

Figure 5-9 – Firmware upgrade – Step 5

Step 6 / Login
After reboot the login will be prompted and you will be redirected to the home page.

webApp User Manual 5-5

 Rev 1.0 (17-03-2017)

Figure 5-10 – Firmware upgrade – Step 6

Step 7 / Application refresh

Figure 5-11 – Firmware upgrade – Step 7

Press “Go to home” and the process is finished.

5.5 Configurations Management

Maintenance  Configuration

The initial configuration of the RTU should be completed in Easergy Builder to carry out the following operations:
• Configure protocols and Devices
• Configure device synchronization
• Configure the SOE
• etc.
Once the configuration has been finalized, it is uploaded to the RTU via Easergy Builder or saved to PC as a backup file
for subsequent import into the RTU via the Web server.
Refer to the “Easergy Builder Manual” and “Configuration & Startup of Saitel DP Manual“ for more information on these
configuration operations.
On commissioning, the configuration can be changed via webApp. Once the configuration parameters have been set, the
new configuration should be saved in the device memory (slot) and to an external backup device, or imported into Easergy
Builder to create an archive.
These saved configuration files are compatible with Easergy Builder and can be imported and stored in the tool.
Before any changes are made to the RTU configuration, it is recommended that a restore point is systematically created,
i.e. that the current RTU configuration is saved before being stored to create a configuration archive.

5-6 webApp User Manual

Rev 1.0 (17-03-2017)

NOTICE
For security reasons, it is advisable to regularly back up the active configuration to an external device, in addition to the
local backups in the memory slots. An external backup can be used to retain the configuration even if the SM_CPU866e
module is replaced.

The webApp can store up to 3 different configurations (besides the active one).

Figure 5-12 – Configuration management

5.5.1 Saving Configurations

Saving the Active Configuration
Proceed as follows to save the active configuration:
• Click the button “Save configuration”

Figure 5-13 – Save active configuration

• Define a name for the backup ("conf" proposed by default), then select the destination for the file by clicking one
of the following:
o Your device: Saves the configuration to an external backup device (e.g. hard disk, USB flash drive, etc.). A
*.tar.gz compressed configuration file will be automatically saved to the PC in the normal location for web
browser downloads.
o Slot #1, #2, or #3: Saves the configuration in slots 1, 2, or 3. The date and name of the backup in the slot will
be updated with the current date and time once the backup is complete.
• Click “Save” and a progress bar informs of the process:

webApp User Manual 5-7

 Rev 1.0 (17-03-2017)
For a backup in one of the slots, the current date and time as well as the backup file name are updated in the slot
once the save is complete.

Saving a Stored Configuration

Proceed as follows to save a configuration stored in one of the slots to PC:

Figure 5-14 – Saving a store configuration

• Click button “Download configuration” for the slot from which you want to download the configuration.
• A *.tar.gz compressed configuration file is automatically saved to the PC in the normal location for web browser
downloads. Then, the backup is complete.

5.5.2 Uploading Configurations

Uploading Into the Active Configuration
Proceed as follows to replace the active configuration with a stored configuration:

• Click button “Apply configuration” to open the Apply configuration window:

Figure 5-15 – Uploading configurations

• Select the backup file source by clicking on one of the following:

o Your device: Uploads the configuration from an external backup device (e.g. hard disk, USB flash drive,
etc.).
Click “Select file”, then select the corresponding configuration file from the PC or drag and drop the file onto
the "Drag the configuration file here" section of the screen. This compressed file with a .tar.gz extension must
be available on the PC using webApp.
o Slot #1, #2, or #3: Uploads the configuration directly from slot 1, 2, or 3.
• Click “Apply configuration” to start uploading the configuration. A progress bar indicates the upload progress:

5-8 webApp User Manual

Rev 1.0 (17-03-2017)
• Once the upload is complete, the RTU is automatically rebooted. Re-enter the username and password to access
the Web server. Then, the configuration upload is complete.

Uploading into a Slot

Proceed as follows to upload a previously saved configuration from the PC into one of the slots:
• Click button “Upload configuration” to open the Upload configuration files window.
• Click button “Select file” and select the corresponding configuration file from the PC or drag and drop the file into
the "Drag the configuration file here" section of the screen. This compressed file with a “.tar.gz” extension must
be available on the PC using webApp.
• Click “Upload” to start uploading the file. A progress bar indicates the upload progress.

Figure 5-16 – Uploading configuration into a Slot

• Click “Save to slot #X” to confirm the save to the selected slot. A progress bar indicates the progress of the save
to slot operation.

• The date and name of the backup are updated in the slot once the save is complete. The configuration upload is
complete.

5.6 Settings
Setting  SM_CPU866e

From webApp, basic settings can be modified for the module SM_CPU866e:
• SCADA protocols (Slave protocols).
• Master protocols
• Physical ports (Channels)
• Synchronization

Figure 5-17 – Setting

webApp User Manual 5-9

 Rev 1.0 (17-03-2017)
The setting of channels and protocols in the default configuration can be modified via the webApp. However, the addition
or replacement of protocols or channels can only be done via Easergy Builder.
Refer to the Easergy Builder User Manual for more details on these custom settings.

5.6.1 Protocols and Physical ports Configuration

The SCADA protocols are those protocols that can be used for remote communication between the Saitel RTU and the
SCADA system using any available communication channels. These protocols are slave type since the SCADA system is
the master for communication management and the Saitel RTU is the slave.
Current protocols supported in webApp are: DNP slave, IEC101 slave and IEC104 slave.
The Master protocols are those protocols allowing the Saitel RTU to communicate as the master with auxiliary equipment
or an external IED installed in substations (slave).
Current protocol supported in webApp is Modbus master.
Parameters displayed in webApp correspond to the application parameters of the protocol installed in the RTU. These
parameters can be adjusted according to the use and the protocol parameter settings at the SCADA system end or IED.

Figure 5-18 – Configuring SCADA protocols

Refer to the User Manual for the protocol in question for more information on parameter settings.
Easergy Builder is used for the advanced protocol configuration and SCADA addressing.
If a channel is assigned to a protocol, then its settings will be accessed from the protocol’s settings. For example:

5-10 webApp User Manual

Rev 1.0 (17-03-2017)

Figure 5-19 – Configuring channels

In the example above, the channel Chan1SER1 is accessed by clicking on DNP Slave, then the Session, Link and finally
the channel. Please note that some settings cannot be changed from webApp, in this example we can see that the name
of the channel and the mode cannot be changed. It also cannot be changed to other than TCP.
If a change is done in any parameter, the color is changed in order to inform the user that current values aren’t be saved.
Then, the user can click “Save” and changes are saved or the user can click “Reset” and changes are ignored.

Figure 5-20 – New values marked in orange color.

5.6.2 Synchronization Settings

Setting  SM_CPU866e

Saitel RTU can be synchronized in a number of different ways:

• Manually, by a user action via webApp or console
• Automatically via:
o SCADA protocol
o SNTP
o GPS
o IRIGB
o PTP

webApp User Manual 5-11

 Rev 1.0 (17-03-2017)
Two synchronization sources are defined: the primary device and secondary device. The secondary device is used if
the primary device is unavailable.
Both these synchronization devices can use any of the available synchronization source. This selection and the
associated configuration are made in the Easergy Builder configuration tool. Please, refer to the Easergy Builder user
manual for more information about this configuration.
If a bad configuration was loaded from Easergy Builder, webApp shows this wrong information like follows:

Figure 5-21 – Invalid synchronization source.

webApp is only used to view the application parameters associated with these sources. However, some specific
parameters can be changed:
• Timeout (s): Time delay before the active device is declared to be in error mode and the switch is made to
another device. Default value: 30 s (Configuration range: 1 – 4294967295).
• Local time Zone
• Summer Time

Local Time and Summer Time

Internally, the system time and date-stamping for coreDb data is stored in GMT (seconds since 1970). The SNTP servers
(client, server) always operate in GMT. The time zone and summer time functions are used when it is necessary to
change the system time from GMT to local time, which involves:
• Synchronizing the master protocols: the master protocols send a synchronization message with the local time
and the slave protocols assume the synchronization message as local time.
• Time-stamping the events of the slave protocols: the events received are interpreted as local time before being
stored and broadcast by applying the local time.

5-12 webApp User Manual

Rev 1.0 (17-03-2017)

Glossary
BaseLine Schneider Electric software platform for Saitel.

CATconfig Tool Previous configuration included in the BaseLine Software Platform.

coreDb Real Time Database.

CPU Central Processing Unit.

DB DataBase.

EN English language.

SCADA Supervisory Control And Data Acquisition

GPS Global Positioning System

HU_A Advanced CPU of Saitel DR

HU_AF Advanced CPU with acquisition of Saitel DR

HU_B Basic CPU of Saitel DR

HU_BI Basic CPU with acquisition of Saitel DR

IED Integrated Device Electronics

I/O Input / Output

IP Internet Protocol

PC Personal Computer

PTP Precision Time Protocol

Rev Revision

RTOS Real Time Operating System

RTU Remote Terminal Unit

SFTP Secure File Transfer Protocol

SM_CPU866 Basic CPU of Saitel DP

SM_CPU866e High-performance CPU of Saitel DP

SNTP Simple Network Time Protocol

SOE Sequence Of Events

webApp Maintenance and Monitoring tool

webApp User Manual Glossary 1

 Fax:
Phone:
Seville, Spain
C/ Charles Darwin s/n
Schneider Electric

+34 95 541 33 75
+34 95 492 09 92
Saitel Team
www.schneider-electric.com

Parque Científico y Tecnológico de la Cartuja

© 2017 All rights reserved. The information contained in this document is confidential and is owned by Schneider Electric. It cannot
be copied or distributed in any way, unless there is express written authorization by Schneider Electric. Although this information
was verified at the time of publication, may be subject to change without notice.

Rev. 1.0 - March 2017