SIEMENS 109822009 Brownfield Connectivity BFC Gateway User Manual
- June 16, 2024
- SIEMENS
Table of Contents
109822009 Brownfield Connectivity BFC Gateway
Product Information
The Brownfield Connectivity BFC Gateway is a software that
enables communication and data exchange between different systems
and devices in a brownfield environment. It allows for seamless
integration and interoperability, facilitating efficient operation
and management of industrial processes.
Specifications
- Software: Brownfield Connectivity – Release 1.11
- BFC Client, Version 2.15
- BFC Gateway, Version 1.11
- Valid until: November 2022
Requirements
In order to use the Brownfield Connectivity BFC Gateway, the
following requirements must be met:
-
Compatible operating system (refer to the system requirements
documentation) -
Sufficient hardware resources (RAM, storage, etc.)
-
Access to the network where the systems and devices are
connected -
Properly configured network settings
-
Installation of the BFC Client software (Version 2.15) on the
client device
Installing the BFC Gateway
To install the BFC Gateway, follow these steps:
-
Download the BFC Gateway installation package from the official
Siemens website. -
Run the installation package and follow the on-screen
instructions. -
Specify the installation directory and any additional
configuration settings as required. -
Complete the installation process and ensure that there are no
errors or issues reported.
Operating the BFC Gateway
Once the BFC Gateway is installed, you can start using it to
facilitate communication between systems and devices in your
brownfield environment. Here are some key operations and
functionalities:
Using the BFC Client
The BFC Client software (Version 2.15) is used to interact with
the BFC Gateway. It provides a user-friendly interface for
configuring and managing the gateway. To use the BFC Client, follow
these steps:
-
Launch the BFC Client software on your client device.
-
Enter the necessary connection details, such as the IP address
or hostname of the BFC Gateway. -
Authenticate with the appropriate credentials to establish a
secure connection. -
Once connected, you can access various configuration options
and settings to customize the behavior of the gateway.
Using an OPC UA Server
The BFC Gateway supports communication with OPC UA servers,
allowing for seamless integration with OPC UA-enabled systems and
devices. To use an OPC UA server with the BFC Gateway, follow these
steps:
-
Ensure that the OPC UA server is properly configured and
accessible on the network. -
In the BFC Client software, navigate to the OPC UA
configuration section. -
Add a new OPC UA server connection by providing the necessary
connection details (e.g., server address, security settings). -
Save the configuration and establish a connection to the OPC UA
server. -
You can now exchange data and interact with the connected OPC
UA-enabled systems and devices.
Client Interface with HTTP REST Protocol
The BFC Gateway also provides a client interface that supports
communication using the HTTP REST protocol. This allows for easy
integration with web-based applications and services. To use the
client interface with the HTTP REST protocol, follow these
steps:
-
In the BFC Client software, navigate to the client interface
configuration section. -
Enable the HTTP REST protocol and specify the necessary
settings (e.g., port number, authentication). -
Save the configuration and restart the BFC Gateway for the
changes to take effect. -
You can now send HTTP requests to the BFC Gateway using the
specified protocol and interact with the connected systems and
devices.
BFC Gateway API
The BFC Gateway provides an API (Application Programming
Interface) that allows for programmatic access and control.
Developers can use this API to integrate the gateway functionality
into their own applications or build custom solutions on top of it.
Detailed documentation and examples for the BFC Gateway API are
available in the provided developer resources.
File Transfer
The BFC Gateway supports file transfer capabilities, allowing
for seamless exchange of files between systems and devices. To
transfer files using the BFC Gateway, follow these steps:
-
In the BFC Client software, navigate to the file transfer
section. -
Select the source and destination systems/devices for the file
transfer. -
Specify the file(s) to be transferred and any additional
options or settings. -
Initiate the file transfer process and monitor its
progress. -
Once completed, verify the successful transfer of the file(s)
between the specified systems/devices.
Configuring the SSA Gateway
The BFC Gateway allows for configuration of the SSA (System
Security Agent) gateway, which provides additional security
features and functionalities. To configure the SSA gateway with the
BFC Gateway, follow these steps:
-
In the BFC Client software, navigate to the SSA gateway
configuration section. -
Specify the necessary settings and parameters for the SSA
gateway, such as access control rules, encryption settings, and
authentication mechanisms. -
Save the configuration and restart the BFC Gateway for the
changes to take effect. -
The SSA gateway will now enforce the configured security
measures to protect the systems and devices connected through the
BFC Gateway.
Configuring the AMP Gateway
The BFC Gateway also allows for configuration of the AMP (Asset
Management Platform) gateway, which facilitates asset management
and monitoring capabilities. To configure the AMP gateway with the
BFC Gateway, follow these steps:
-
In the BFC Client software, navigate to the AMP gateway
configuration section. -
Specify the necessary settings and parameters for the AMP
gateway, such as asset discovery options, monitoring intervals, and
notification preferences. -
Save the configuration and restart the BFC Gateway for the
changes to take effect. -
The AMP gateway will now provide asset management and
monitoring functionalities for the systems and devices connected
through the BFC Gateway.
BFC Apps
The BFC Gateway supports various apps that extend its
functionality and provide additional features. These apps can be
installed and configured through the BFC Client software. To
install and use BFC apps, follow these steps:
-
In the BFC Client software, navigate to the app management
section. -
Browse through the available apps and select the desired ones
for installation. -
Follow the on-screen instructions to complete the installation
process for each app. -
Once installed, configure the apps according to your specific
requirements and use them to enhance the capabilities of the BFC
Gateway.
FAQ (Frequently Asked Questions)
Q: Can I use the BFC Gateway on multiple operating systems?
A: The BFC Gateway is compatible with specific operating
systems. Please refer to the system requirements documentation for
detailed information on supported platforms.
Q: Is there a limit to the number of systems and devices that
can be connected through the BFC Gateway?
A: The BFC Gateway can handle a large number of connections, but
the exact limit may depend on factors such as hardware resources
and network capacity. It is recommended to consult the
documentation and perform load testing if you anticipate a high
number of connections.
Q: Can I customize the behavior and settings of the BFC
Gateway?
A: Yes, the BFC Gateway provides various configuration options
and settings that can be customized according to your specific
requirements. The BFC Client software allows you to access and
modify these settings.
Q: Is technical support available for the BFC Gateway?
A: Yes, Siemens provides service and support for the BFC
Gateway. Please refer to the “Service and Support” section in the
documentation for contact information and further assistance.
Q: Are there any additional legal considerations or
disclaimers?
A: Please refer to the “Legal Information” section in the
documentation for detailed information regarding liability,
warranty, and other legal aspects related to the use of Siemens
products.
Brownfield Connectivity BFC Gateway
Function Manual
Valid for software: Brownfield Connectivity – Release 1.11: – BFC Client,
Version 2.15 – BFC Gateway, Version 1.11 11/2022
A5E49457327B AF
Introduction
1
Security instructions
2
Product information
3
Requirement
4
Installing the BFC gateway
5
6 Operating the BFC gateway
Using the BFC client
7
Using an OPC UA server
8
Client interface with HTTP REST protocol
9
BFC gateway API
10
File transfer
11
Configuring the SSA gateway
12
Configuring the AMP gateway
13
BFC apps
14
Appendix
A
Legal information
Warning notice system This manual contains notices you have to observe in
order to ensure your personal safety, as well as to prevent damage to
property. The notices referring to your personal safety are highlighted in the
manual by a safety alert symbol, notices referring only to property damage
have no safety alert symbol. These notices shown below are graded according to
the degree of danger.
DANGER indicates that death or severe personal injury will result if proper
precautions are not taken.
WARNING indicates that death or severe personal injury may result if proper
precautions are not taken.
CAUTION indicates that minor personal injury can result if proper precautions
are not taken.
NOTICE indicates that property damage can result if proper precautions are not
taken. If more than one degree of danger is present, the warning notice
representing the highest degree of danger will be used. A notice warning of
injury to persons with a safety alert symbol may also include a warning
relating to property damage.
Qualified Personnel The product/system described in this documentation may be
operated only by personnel qualified for the specific task in accordance with
the relevant documentation, in particular its warning notices and safety
instructions. Qualified personnel are those who, based on their training and
experience, are capable of identifying risks and avoiding potential hazards
when working with these products/systems.
Proper use of Siemens products Note the following:
WARNING Siemens products may only be used for the applications described in
the catalog and in the relevant technical documentation. If products and
components from other manufacturers are used, these must be recommended or
approved by Siemens. Proper transport, storage, installation, assembly,
commissioning, operation and maintenance are required to ensure that the
products operate safely and without any problems. The permissible ambient
conditions must be complied with. The information in the relevant
documentation must be observed.
Trademarks All names identified by ® are registered trademarks of Siemens AG.
The remaining trademarks in this publication may be trademarks whose use by
third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability We have reviewed the contents of this publication to
ensure consistency with the hardware and software described. Since variance
cannot be precluded entirely, we cannot guarantee full consistency. However,
the information in this publication is reviewed regularly and any necessary
corrections are included in subsequent editions.
Siemens AG Digital Industries Postfach 48 48 90026 NÜRNBERG GERMANY
A5E49457327B AF 12/2022 Subject to change
Copyright © Siemens AG 2019 – 2022. All rights reserved
Table of contents
1 Introduction ……………………………………………………………………………………………………………………….. 11
1.1
About Brownfield Connectivity – Gateway ………………………………………………………………… 11
1.2
About this documentation ……………………………………………………………………………………. 13
1.3
Feedback on the technical documentation ………………………………………………………………. 15
1.4
mySupport documentation …………………………………………………………………………………… 15
1.5
Service and Support…………………………………………………………………………………………….. 16
1.6
Using OpenSSL …………………………………………………………………………………………………… 17
1.7
Compliance with the General Data Protection Regulation……………………………………………. 17
2 Security instructions ……………………………………………………………………………………………………………. 19
2.1 2.1.1 2.1.2 2.1.3
Fundamental safety instructions…………………………………………………………………………….. 19 General safety instructions……………………………………………………………………………………. 19 Warranty and liability for application examples …………………………………………………………. 19 Security information ……………………………………………………………………………………………. 19
2.2
Specific security instructions………………………………………………………………………………….. 20
2.3
Improvements to product security ………………………………………………………………………….. 22
3 Product information…………………………………………………………………………………………………………….. 27
3.1
Form in which the BFC client is delivered…………………………………………………………………. 27
3.2
Form in which the BFC gateway is delivered …………………………………………………………….. 27
3.3 3.3.1 3.3.2 3.3.3
BFC update ………………………………………………………………………………………………………… 28 BFC Gateway update (docker-based)……………………………………………………………………….. 28 BFC Gateway update (Kubernetes- based)…………………………………………………………………. 33 BFC client update ………………………………………………………………………………………………… 35
3.4
Contacting the hotline …………………………………………………………………………………………. 36
4 Requirement ………………………………………………………………………………………………………………………. 39
4.1
Specialist know-how ……………………………………………………………………………………………. 39
4.2
General conditions………………………………………………………………………………………………. 39
4.3 4.3.1 4.3.2 4.3.3 4.3.3.1 4.3.3.2 4.3.4 4.3.5 4.3.6 4.3.7
System requirements …………………………………………………………………………………………… 40 BFC gateway ………………………………………………………………………………………………………. 40 BFC apps……………………………………………………………………………………………………………. 44 BFC client ………………………………………………………………………………………………………….. 44 Hardware and operating software ………………………………………………………………………….. 44 Network ……………………………………………………………………………………………………………. 46 FANUC client………………………………………………………………………………………………………. 49 MTConnect client………………………………………………………………………………………………… 51 Modbus client…………………………………………………………………………………………………….. 52 OPC UA client……………………………………………………………………………………………………… 53
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
3
Table of contents
4.3.8 4.3.9 4.3.10 4.3.11 4.3.12 4.3.13 4.3.14
S7 client ……………………………………………………………………………………………………………. 54 Heidenhain client………………………………………………………………………………………………… 56 Beckhoff client ……………………………………………………………………………………………………. 59 Ethernet IP client…………………………………………………………………………………………………. 60 Omron client ……………………………………………………………………………………………………… 61 HTTP script client for HP 3D printers ……………………………………………………………………….. 61 SFTP client …………………………………………………………………………………………………………. 62
5 Installing the BFC gateway …………………………………………………………………………………………………… 63
5.1
Requirement………………………………………………………………………………………………………. 63
5.2
Installing the docker CE………………………………………………………………………………………… 64
5.3
Installing the BFC gateway ……………………………………………………………………………………. 67
5.4
Installing BFC Gateway in a Kubernetes cluster …………………………………………………………. 71
6 Operating the BFC gateway ………………………………………………………………………………………………….. 79
6.1
Icons and buttons ……………………………………………………………………………………………….. 79
6.2 6.2.1 6.2.2 6.2.3
“Landing page” area …………………………………………………………………………………………….. 80 Log in to the BFC gateway …………………………………………………………………………………….. 80 Installing a user-defined certificate …………………………………………………………………………. 81 Starting processing ……………………………………………………………………………………………… 83
6.3 6.3.1 6.3.2
“Activation” area …………………………………………………………………………………………………. 83 Show activation ………………………………………………………………………………………………….. 84 Importing activation ……………………………………………………………………………………………. 85
6.4 6.4.1 6.4.2 6.4.2.1 6.4.2.2 6.4.2.3 6.4.3 6.4.3.1 6.4.3.2 6.4.3.3 6.4.3.4 6.4.3.5 6.4.3.6 6.4.3.7 6.4.3.8 6.4.3.9 6.4.3.10 6.4.3.11 6.4.3.12 6.4.3.13 6.4.3.14 6.4.3.15 6.4.3.16 6.4.3.17 6.4.4 6.4.5
“Commissioning” area ………………………………………………………………………………………….. 86 Starting the configuration …………………………………………………………………………………….. 86 BFC Protect ………………………………………………………………………………………………………… 87 Integrating the tunnel device ………………………………………………………………………………… 88 Configuring BFC Protect for clients………………………………………………………………………….. 89 Example: Configuring BFC Protect for the Modbus client …………………………………………….. 90 Creating clients (Import) ………………………………………………………………………………………. 96 Creating a BFC client ……………………………………………………………………………………………. 97 Creating a FANUC client ……………………………………………………………………………………… 103 Creating an MTConnect client ……………………………………………………………………………… 111 Creating a Modbus client ……………………………………………………………………………………. 117 Creating an OPC UA client …………………………………………………………………………………… 127 Creating an S7 client ………………………………………………………………………………………….. 134 Creating an HTTP REST client……………………………………………………………………………….. 145 Creating an HTTP script client………………………………………………………………………………. 147 Creating a Heidenhain client ……………………………………………………………………………….. 157 Creating a Beckhoff client……………………………………………………………………………………. 165 Creating an Ethernet IP client ………………………………………………………………………………. 171 Creating an Omron client ……………………………………………………………………………………. 180 Creating an MQTT client……………………………………………………………………………………… 187 MQTT client – configuring scriptlogic …………………………………………………………………….. 189 MQTT client – calling connection data……………………………………………………………………. 193 Creating an SFTP client……………………………………………………………………………………….. 194 Defining a dataset configuration…………………………………………………………………………… 198 Displaying/editing the client ………………………………………………………………………………… 205 Using configured datasets …………………………………………………………………………………… 206
BFC Gateway
4
Function Manual, 11/2022, A5E49457327B AF
Table of contents
6.4.5.1 6.4.5.2 6.4.6 6.4.6.1 6.4.7 6.4.8 6.4.8.1 6.4.8.2 6.4.8.3 6.4.8.4 6.4.8.5 6.4.8.6 6.4.8.7 6.4.8.8 6.4.8.9 6.4.8.10 6.4.8.11 6.4.8.12 6.4.8.13 6.4.8.14 6.4.8.15 6.4.8.16 6.4.8.17
Exporting datasets from a client …………………………………………………………………………… 207 Importing data sets into a client …………………………………………………………………………… 209 Creating Middlewares (Processing) ……………………………………………………………………….. 211 Creating script logic …………………………………………………………………………………………… 211 Creating the plant hierarchy ………………………………………………………………………………… 214 Creating gateways (Export) …………………………………………………………………………………. 218 Gateways (Export) …………………………………………………………………………………………….. 218 Creating a MindSphere gateway …………………………………………………………………………… 218 Creating the MindConnectLib asset ………………………………………………………………………. 224 MySQL export gateway ………………………………………………………………………………………. 226 Creating a MySQL export gateway ………………………………………………………………………… 230 Creating the AMP 4.1 export gateway……………………………………………………………………. 238 Creating an MQTT export gateway ……………………………………………………………………….. 246 Elasticsearch gateway ………………………………………………………………………………………… 254 Creating an Elasticsearch gateway ………………………………………………………………………… 255 InfluxDB gateway ………………………………………………………………………………………………. 261 Creating an InfluxDB gateway………………………………………………………………………………. 263 HTTP gateway …………………………………………………………………………………………………… 269 Creating an HTTP gateway ………………………………………………………………………………….. 270 MS SQL gateway ……………………………………………………………………………………………….. 277 Creating an MS SQL gateway……………………………………………………………………………….. 283 Kafka gateway ………………………………………………………………………………………………….. 290 Creating a Kafka gateway ……………………………………………………………………………………. 291
6.5 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5
“System State” area ……………………………………………………………………………………………. 297 Displaying information ………………………………………………………………………………………. 297 Area “Clients (Import)” ……………………………………………………………………………………….. 299 “Middlewares (Logic)” area ………………………………………………………………………………….. 303 “Gateways (Export)” area…………………………………………………………………………………….. 307 System State Report …………………………………………………………………………………………… 311
6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.4.1 6.6.4.2 6.6.4.3
“Usermanagement” area …………………………………………………………………………………….. 313 Creating a new user …………………………………………………………………………………………… 315 Adapting an existing user……………………………………………………………………………………. 316 Deleting an existing user…………………………………………………………………………………….. 316 Using an external IAM system ……………………………………………………………………………… 317 Requirements …………………………………………………………………………………………………… 317 Adjusting the configuration in the user management of the BFC gateway ……………………. 317 Logging on over an external IAM ………………………………………………………………………….. 318
6.7
“Custom Variable List” area ………………………………………………………………………………….. 319
7 Using the BFC client…………………………………………………………………………………………………………… 321
7.1 7.1.1 7.1.2 7.1.2.1 7.1.2.2 7.1.3 7.1.4 7.1.5 7.1.6 7.1.7
Installing a BFC client …………………………………………………………………………………………. 321 Requirement…………………………………………………………………………………………………….. 321 Installing the BFC client on SINUMERIK 840D sl / 828D……………………………………………… 321 Preparing the installation ……………………………………………………………………………………. 321 Synchronizing date and time ……………………………………………………………………………….. 322 Installing the BFC client on HMI- Advanced……………………………………………………………… 323 Installing the BFC client on SINUMERIK Operate under Windows (PCU)………………………… 326 Installing the BFC client on SINUMERIK Operate under Linux ……………………………………… 329 Configuring data buffering ………………………………………………………………………………….. 337 BFC client update ………………………………………………………………………………………………. 337
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
5
Table of contents
7.2 7.2.1 7.2.2 7.2.3
Deinstalling a BFC client……………………………………………………………………………………… 338 Deinstalling the BFC client on HMI-Advanced………………………………………………………….. 338 Deinstalling the BFC client on SINUMERIK Operate under Windows (PCU)…………………….. 339 Uninstalling the BFC client from SINUMERIK Operate under Linux ………………………………. 339
7.3 7.3.1 7.3.2 7.3.2.1 7.3.2.2 7.3.2.3 7.3.2.4 7.3.2.5 7.3.2.6 7.3.2.7
Configuring high-frequency data acquisition…………………………………………………………… 340 Requirement…………………………………………………………………………………………………….. 342 Configuration……………………………………………………………………………………………………. 343 Performing the configuration ………………………………………………………………………………. 343 Compiling signals………………………………………………………………………………………………. 344 Defining a start/stop operation …………………………………………………………………………….. 345 Changing the sampling rate for signals………………………………………………………………….. 347 Saving the configuration …………………………………………………………………………………….. 348 Accept configuration ………………………………………………………………………………………….. 349 Test configuration ……………………………………………………………………………………………… 350
7.4 7.4.1 7.4.2 7.4.3 7.4.3.1 7.4.3.2
BFC client diagnostics ………………………………………………………………………………………… 351 Analyzing the BFC client……………………………………………………………………………………… 351 Checking the accessibility of the BFC gateway in the network ……………………………………. 354 Trace ………………………………………………………………………………………………………………. 356 Activating the trace……………………………………………………………………………………………. 356 Analyzing the trace file……………………………………………………………………………………….. 357
8 Using an OPC UA server ……………………………………………………………………………………………………… 361
8.1
Overview …………………………………………………………………………………………………………. 361
8.2 8.2.1
Configuring a certificate ……………………………………………………………………………………… 361 Uploading the client certificates in the ConfigUI ………………………………………………………. 362
8.3
OPC UA address space ………………………………………………………………………………………… 363
8.4
Changing the system configuration while in operation……………………………………………… 367
8.5 8.5.1 8.5.2 8.5.3 8.5.4 8.5.5
Write access to variables……………………………………………………………………………………… 368 Configuring the release list for write accesses …………………………………………………………. 368 Writing variables using the “WriteData” method ………………………………………………………. 371 Call method “WriteData” ……………………………………………………………………………………… 372 Feedback after write process ……………………………………………………………………………….. 374 Direct write access via variables……………………………………………………………………………. 376
8.6
Historical Access ……………………………………………………………………………………………….. 376
8.7
Companion Specification…………………………………………………………………………………….. 379
8.8
Other OPC UA server settings ………………………………………………………………………………. 389
9 Client interface with HTTP REST protocol ……………………………………………………………………………… 391
9.1
Overview …………………………………………………………………………………………………………. 391
9.2
Test and documentation …………………………………………………………………………………….. 391
9.3
Authorization……………………………………………………………………………………………………. 393
9.4
Format for time stamp ……………………………………………………………………………………….. 395
9.5
Method POST /datasets ………………………………………………………………………………………. 396
9.6
Method POST /datasets/raw…………………………………………………………………………………. 397
BFC Gateway
6
Function Manual, 11/2022, A5E49457327B AF
Table of contents
9.7
Method POST /events …………………………………………………………………………………………. 401
9.8
Method POST /hfdataset……………………………………………………………………………………… 402
9.9
GET /writes method……………………………………………………………………………………………. 403
9.10
POST /writes/{ID}/ack method ………………………………………………………………………………. 404
10 BFC gateway API ……………………………………………………………………………………………………………….. 407
10.1
SwaggerUI ……………………………………………………………………………………………………….. 407
10.2
Authentication………………………………………………………………………………………………….. 407
10.3
Client configuration …………………………………………………………………………………………… 408
10.4
Middleware configuration …………………………………………………………………………………… 438
10.5
Gateway configuration ……………………………………………………………………………………….. 450
11 File transfer………………………………………………………………………………………………………………………. 465
11.1
Configuring access rights ……………………………………………………………………………………. 467
11.2
Using the WebDAV interface with curl …………………………………………………………………… 470
11.3
Using the WebDAV interface as Windows network drive …………………………………………… 470
11.4
Using the WebDAV interface under Linux……………………………………………………………….. 472
11.5
Using the WebDAV interface with WinSCP………………………………………………………………. 473
11.6
Directory structure on SINUMERIK machines…………………………………………………………… 474
12 Configuring the SSA gateway ……………………………………………………………………………………………… 479
12.1
Overview …………………………………………………………………………………………………………. 479
12.2
Requirement…………………………………………………………………………………………………….. 479
12.3
Check status of the middleware……………………………………………………………………………. 479
12.4
Creating aspects in MindSphere …………………………………………………………………………… 480
12.5
Creating the asset type “bfc_ssa_sinumerik”……………………………………………………………. 481
12.6 12.6.1 12.6.2 12.6.3
Connecting a new machine to SSA ……………………………………………………………………….. 484 Creating a new asset of the type “bfc_ssa_sinumerik”……………………………………………….. 485 Generating connection information of the assets…………………………………………………….. 488 Creating a MindSphere gateway for SSA ………………………………………………………………… 489
12.7
Configuring the BFC client data acquisition …………………………………………………………….. 495
12.8
Creating and saving a machine identity …………………………………………………………………. 499
13 Configuring the AMP gateway …………………………………………………………………………………………….. 503
13.1
System requirements relating to the AMP server ……………………………………………………… 503
13.2 13.2.1 13.2.1.1 13.2.1.2 13.2.1.3 13.2.2
Configuring the AMP server…………………………………………………………………………………. 504 General settings in the AMC server……………………………………………………………………….. 504 Setting to process alarms ……………………………………………………………………………………. 504 Configuring the http interface ……………………………………………………………………………… 505 Adapting Pit.ini …………………………………………………………………………………………………. 505 Configuring the machine in the AMP server ……………………………………………………………. 512
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
7
Table of contents
13.3 13.3.1 13.3.2 13.3.3
Configuring the AMP gateway ……………………………………………………………………………… 515 Configuration parameters of an AMP gateway ………………………………………………………… 515 Data selection and topics of the AMP gateway ………………………………………………………… 517 Environment variables of the AMP gateway ……………………………………………………………. 518
13.4 13.4.1 13.4.2
Script logic to link FANUC clients to AMP………………………………………………………………… 518 Creating a script configuration for a client………………………………………………………………. 519 Restarting the script logic……………………………………………………………………………………. 520
14 BFC apps ………………………………………………………………………………………………………………………….. 523
14.1 14.1.1 14.1.2 14.1.3
IBase app …………………………………………………………………………………………………………. 523 Using the IBase app……………………………………………………………………………………………. 524 Manually sending data to IBase ……………………………………………………………………………. 525 Sending data semiautomatically to IBase ……………………………………………………………….. 526
14.2 14.2.1 14.2.2 14.2.3 14.2.4
Optimization Check app ……………………………………………………………………………………… 527 Storing licenses…………………………………………………………………………………………………. 527 Creating a log …………………………………………………………………………………………………… 529 Using the Optimization Check app………………………………………………………………………… 529 Recording a trace session ……………………………………………………………………………………. 532
A Appendix………………………………………………………………………………………………………………………….. 535
A.1
List of abbreviations…………………………………………………………………………………………… 535
A.2
Checking the connection to a Heidenhain control ……………………………………………………. 536
A.3
Checking the connection to the MTConnect control …………………………………………………. 539
A.4
Check connection to FANUC control system……………………………………………………………. 540
A.5
API calls of the FOCAS interface……………………………………………………………………………. 543
A.6 A.6.1 A.6.2 A.6.3 A.6.4 A.6.5 A.6.6
AMP gateway……………………………………………………………………………………………………. 546 AMP gateway signals………………………………………………………………………………………….. 546 Script logic example: AMP_SIGNAL set…………………………………………………………………… 547 Script logic example: AMP_PARTCOUNT set …………………………………………………………….. 548 Script logic example: AMP_CYCLEDATA set ……………………………………………………………… 548 Alarms in the AMP gateway…………………………………………………………………………………. 549 AMP gateway logging ………………………………………………………………………………………… 550
A.7 A.7.1 A.7.2 A.7.3 A.7.4 A.7.5 A.7.6
BFC client data points ………………………………………………………………………………………… 551 Overview …………………………………………………………………………………………………………. 551 NC variables……………………………………………………………………………………………………… 551 PLC tags…………………………………………………………………………………………………………… 552 Machine data……………………………………………………………………………………………………. 553 Global User Data (GUD)………………………………………………………………………………………. 554 Drive parameters ………………………………………………………………………………………………. 557
A.8 A.8.1 A.8.2 A.8.3 A.8.4 A.8.5 A.8.6 A.8.7
FANUC client data points (reading)……………………………………………………………………….. 561 cnc_rdtimer ……………………………………………………………………………………………………… 561 cnc_sysinfo………………………………………………………………………………………………………. 562 cnc_statinfo……………………………………………………………………………………………………… 562 cnc_rddynamic2 ……………………………………………………………………………………………….. 563 cnc_rdpdf_subdirn …………………………………………………………………………………………….. 564 cnc_rdpdf_subdir ………………………………………………………………………………………………. 564 cnc_rdpdf_alldir ………………………………………………………………………………………………… 564
BFC Gateway
8
Function Manual, 11/2022, A5E49457327B AF
Table of contents
A.8.8 A.8.9 A.8.10 A.8.11 A.8.12 A.8.13 A.8.14 A.8.15 A.8.16 A.8.17 A.8.18
A.8.19
A.9 A.9.1 A.9.2 A.9.3 A.9.4
A.10 A.10.1 A.10.2
A.11 A.11.1 A.11.2 A.11.3 A.11.4 A.11.5 A.11.6
A.12 A.12.1 A.12.2 A.12.3
A.13
A.14 A.14.1 A.14.2 A.14.3 A.14.4 A.14.5 A.14.6
A.15
A.16 A.16.1 A.16.2 A.16.3 A.16.4 A.16.5
A.17 A.17.1
cnc_rdparam ……………………………………………………………………………………………………. 565 cnc_diagnoss
……………………………………………………………………………………………………. 565
cnc_rdset…………………………………………………………………………………………………………. 566
cnc_rdsetnum…………………………………………………………………………………………………… 566
cnc_rdaxisdata………………………………………………………………………………………………….. 566
cnc_rdaxisname………………………………………………………………………………………………… 567 cnc_rdpdlname
…………………………………………………………………………………………………. 567
cnc_alarm2………………………………………………………………………………………………………. 567 pmc_get_number_of_pmc
………………………………………………………………………………….. 567 pmc_rdmcrng
…………………………………………………………………………………………………… 567 cnc_exeprgname
………………………………………………………………………………………………. 568
tooldata…………………………………………………………………………………………………………… 568
FANUC client data points (writing) ……………………………………………………………………….. 569
cnc_wrparam……………………………………………………………………………………………………. 569 cnc_wrset
………………………………………………………………………………………………………… 569 pmc_wrpncrng
…………………………………………………………………………………………………. 570 cnc_wrtimer
…………………………………………………………………………………………………….. 570
S7 client ………………………………………………………………………………………………………….. 571 Addressing in the
SIMATIC PLC……………………………………………………………………………… 571 Data types, accuracy and
formatting for write operations …………………………………………. 572
Heidenhain client data points (reading)…………………………………………………………………. 574
Structure of the datapoints………………………………………………………………………………….. 574 GetRunInfo
………………………………………………………………………………………………………. 574 GetMachineParameters
………………………………………………………………………………………. 577
DataGetValue……………………………………………………………………………………………………. 577 ReadMemory
……………………………………………………………………………………………………. 577 Examples of important Heidenhain
datapoints ……………………………………………………….. 578
Heidenhain client data points (writing) …………………………………………………………………. 579
SetMachineParameters……………………………………………………………………………………….. 579 DataSetValue
……………………………………………………………………………………………………. 580
WriteMemory……………………………………………………………………………………………………. 580
Data points Beckhoff client ………………………………………………………………………………….. 581
EIP client………………………………………………………………………………………………………….. 582 Addressing of data,
general ………………………………………………………………………………… 582 Addressing in the PCCC message
format ……………………………………………………………….. 582 Interpretation of 16 and 32-bit numbers,
signed or unsigned…………………………………….. 584 Addressing in the Allen-Bradley CIP
message format with tags …………………………………… 584 Addressing arrays
……………………………………………………………………………………………… 586 Reading and writing very large 64-bit
numbers ………………………………………………………. 586
Data points of the Omron client …………………………………………………………………………… 586
MQTT export gateway………………………………………………………………………………………… 587 Topics
……………………………………………………………………………………………………………… 587 Data format: data set
…………………………………………………………………………………………. 588 Data format: alarms
…………………………………………………………………………………………… 590 Data format: alarm state
changes…………………………………………………………………………. 591 Data format: high frequency
data…………………………………………………………………………. 592
OPC UA……………………………………………………………………………………………………………. 595 Supported OPC UA profiles
………………………………………………………………………………….. 595
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
9
Table of contents
A.18
MindSphere MMM Dashboard ……………………………………………………………………………… 596
A.19
MS SQL gateway ……………………………………………………………………………………………….. 601
A.20
HTTP script client ………………………………………………………………………………………………. 602
A.21
Further notes ……………………………………………………………………………………………………. 605
A.22
Troubleshooting………………………………………………………………………………………………… 609
A.23
Release Notes V1.11 ………………………………………………………………………………………….. 611
Glossary …………………………………………………………………………………………………………………………… 613
BFC Gateway
10
Function Manual, 11/2022, A5E49457327B AF
Introduction
1
1.1
About Brownfield Connectivity – Gateway
Brownfield Connectivity (BFC) is software that can establish a connection
between a heterogeneous production network and higher-level information
systems. BFC integrates itself into the structural framework of an existing
software and architecture concept, known as a brownfield situation. Via a
central BFC Gateway, you can connect SINUMERIK control systems, third-party
controls and automation systems to higher-level systems. The system offers
wide ranging options, such as reading and writing variables, preprocessing
acquired data, transferring files from IT to OT and “trigger”-based reading
from a central connectivity management system.
1SPEVDUJPOOFUXPSL
.PECVT5$1
)5513&45 4/6.&3,
*OUFSOBMTZTUFN
)JHIFSMFWFM JOGPSNBUJPOTZTUFNT
.255 )FJEFOIBJO
SPXOFME$POOFDUJWJUZ(BUFXBZ
.JOE4QIFSF
4
$VTUPNFSDMPVE
.5$POOFDU
01$6″
*OUFSOBMEBUBCBTF
‘”/6$
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
11
Introduction 1.1 About Brownfield Connectivity – Gateway
Note High availability of the BFC Gateway To increase the system reliability
of BFC Gateway, high system availability can be implemented together with end
users on a project-specific basis. If you are interested in the solution and
require more detailed information, then contact your local Siemens sales
partner.
Note Performance dips in the network communication Performance dips can occur
in the network communication, for example as a result of incorrect
configuration of connected devices. If a high number of data points are added,
when commissioning and configuring the BFC Gateway, carefully ensure that
performance dips do not occur in the network communication in the existing
network infrastructure. Carry out network analysis before and after the BFC
Gateway installation.
Architecture
The “BFC Gateway” software forms the architecture for this solution, which is
installed on a virtual or physical system between your networked machines and
office network. This software provides a connection between the various
machines of the factory and a higher-level IT system.
The BFC client can be installed on SINUMERIK controls to connect them to the
BFC gateway.
The BFC driver is a component of the BFC gateway that enables a connection to
the BFC devices in the machine park of a factory.
A BFC device is a data source like a SINUMERIK control, third-party control,
or another automation solution.
For devices that do not support encrypted communication, an encrypted
configuration can be offered on a project-for-project basis between the device
and the BFC Gateway. In the following diagram, this project-specific solution
is declared as “BFC project” as example. If you are interested in the solution
and require more detailed information, then contact your local Siemens sales
partner.
Note
The BFC Gateway is neither a real-time nor deterministic system. As a
consequence, data exchange in a precisely defined time interval cannot be
guaranteed.
BFC Gateway
12
Function Manual, 11/2022, A5E49457327B AF
1SPEVDUJPO #’$EFWJDF %
).*”EWBODFE
’$DMJFOU
’$EFWJDF %
0QFSBUF
’$DMJFOU
’$EFWJDF
’$1SPUFDU
’$EFWJDF9
Introduction 1.2 About this documentation
‘BDUPSZ 0DF*OUSBOFU
*OUFSOFU
OUFSOBMTZTUFN 1$ #’$HBUFXBZ #’$ESJWFS
*OUFSOBMEBUBCBTF
.JOE4QIFSF &YUFSOBMTZTUFN
1.2
Different data formats Different devices code their information in the various
manufacturer-specific formats. The BFC Gateway transfers the data from the
various devices and control systems unchanged. The higher-level system must be
able to interpret the manufacturer-specific data. If you wish to scale, link
or preprocess the data, then you can configure this on a project-forproject
basis. If this data is to be visible in MindSphere Fleet Manager, then
configuration operations are also required in MindSphere. If you are using
Apps, then carefully check the data and interface compatibility.
About this documentation
Contact your regional Siemens sales partner for training courses on the BFC
Gateway. This salesperson will provide you with a quotation for a training
course that meets your individual requirements.
Note To install and configure the BFC Gateway, you should first participate in
an appropriate training course offered by Siemens AG.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
13
Introduction 1.2 About this documentation
FAQs
You can find answers to Frequently Asked Questions in the Service&Support pages at Product Support (https://support.industry.siemens.com/cs/products?dtp=Faq&mfn=ps&lc=en-DE).
Target group
This documentation addresses appropriately qualified commissioning engineers.
The document provides information for commissioning engineers that they
require to commission and parameterize the software.
Disclaimer
All product designations, product names, etc. may contain trademarks or other rights of Siemens AG, its subsidiaries or third parties. Unauthorized use may violate the rights of the respective owners.
Write accesses and file write accesses to connected controls and devices.
The BFC Gateway is only responsible for transferring data in the form of
digital messages between sender and receiver.
The sender is responsible for the content of this message. This must be
observed in particular for messages to control systems and devices that are to
be executed as write accesses on the respective target device.
For file write accesses to controls and devices, too, the sender is
responsible for the contents of the files transferred and, in particular, for
the consequences of writing these files onto the target device.
Standard scope
This documentation only describes the functionality of the standard version.
This may differ from the scope of the functionality of the system that is
actually supplied. Please refer to the ordering documentation only for the
functionality of the supplied drive system.
It may be possible to execute other functions in the system which are not
described in this documentation. This does not, however, represent an
obligation to supply such functions with a new control or when servicing.
For reasons of clarity, this documentation cannot include all of the detailed
information on all product types. Further, this documentation cannot take into
consideration every conceivable type of installation, operation and
service/maintenance.
The machine manufacturer must document any additions or modifications they
make to the product themselves.
BFC Gateway
14
Function Manual, 11/2022, A5E49457327B AF
Introduction 1.4 mySupport documentation
Websites of third-party companies This document may contain hyperlinks to
third-party websites. Siemens is not responsible for and shall not be liable
for these websites and their content. Siemens has no control over the
information which appears on these websites and is not responsible for the
content and information provided there. The user bears the risk for their use.
1.3
Feedback on the technical documentation
If you have any questions, suggestions or corrections regarding the technical documentation which is published in the Siemens Industry Online Support, use the link “Send feedback” link which appears at the end of the entry.
1.4
mySupport documentation
With the “mySupport documentation” web-based system you can compile your own individual documentation based on Siemens content, and adapt it for your own machine documentation.
To start the application, click on the “My Documentation” tile on the “mySupport links and tools” (https://support.industry.siemens.com/cs/ww/en/my) portal page:
The configured manual can be exported in RTF, PDF or XML format.
Note Siemens content that supports the mySupport documentation application can
be identified by the presence of the “Configure” link.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
15
Introduction 1.5 Service and Support
1.5
Service and Support
Product support You can find more information about products on the internet: Product support (https://support.industry.siemens.com/cs/ww/en/) The following is provided at this address: · Up-to-date product information (product announcements) · FAQs (frequently asked questions) · Manuals · Downloads · Newsletters with the latest information about your products · Global forum for information and best practice sharing between users and specialists · Local contact persons via our Contacts at Siemens database ( “Contact”) · Information about field services, repairs, spare parts, and much more ( “Field Service”)
Technical support
Country-specific telephone numbers for technical support are provided on the
internet at address (https://support.industry.siemens.com/cs/ww/en/sc/4868) in
the “Contact” area.
If you have any technical questions, please use the online form in the
“Support Request” area.
Training
You can find information on SITRAIN at the following address (https://www.siemens.com/ sitrain). SITRAIN offers training courses for automation and drives products, systems and solutions from Siemens.
Siemens support on the go
BFC Gateway
16
Function Manual, 11/2022, A5E49457327B AF
Introduction 1.7 Compliance with the General Data Protection Regulation
With the award-winning “Siemens Industry Online Support” app, you can access
more than 300,000 documents for Siemens Industry products any time and from
anywhere. The app can support you in areas including: · Resolving problems
when implementing a project · Troubleshooting when faults develop · Expanding
a system or planning a new system Furthermore, you have access to the
Technical Forum and other articles from our experts: · FAQs · Application
examples · Manuals · Certificates · Product announcements and much more The
“Siemens Industry Online Support” app is available for Apple iOS and Android.
Data matrix code on the nameplate The data matrix code on the nameplate
contains the specific device data. This code can be read with a smartphone and
technical information about the device displayed via the “Industry Online
Support” mobile app.
1.6
Using OpenSSL
This product can contain the following software:
· Software developed by the OpenSSL project for use in the OpenSSL toolkit
· Cryptographic software created by Eric Young.
· Software developed by Eric Young
You can find more information on the internet:
· OpenSSL (https://www.openssl.org)
· Cryptsoft (https://www.cryptsoft.com)
1.7
Compliance with the General Data Protection Regulation
Siemens observes standard data protection principles, in particular the data minimization rules (privacy by design).
For this product, this means:
The product does not process or store any personal data, only technical function data (e.g. time stamps). If the user links this data with other data (e.g. shift plans) or if he/she stores person-related data on the same data medium (e.g. hard disk), thus personalizing this data, he/she must ensure compliance with the applicable data protection stipulations.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
17
Introduction 1.7 Compliance with the General Data Protection Regulation
BFC Gateway
18
Function Manual, 11/2022, A5E49457327B AF
Security instructions
2
2.1
2.1.1
Fundamental safety instructions
General safety instructions
WARNING Danger to life if the safety instructions and residual risks are not
observed If the safety instructions and residual risks in the associated
hardware documentation are not observed, accidents involving severe injuries
or death can occur. · Observe the safety instructions given in the hardware
documentation. · Consider the residual risks for the risk evaluation.
WARNING Malfunctions of the machine as a result of incorrect or changed
parameter settings As a result of incorrect or changed parameterization,
machines can malfunction, which in turn can lead to injuries or death. ·
Protect the parameterization against unauthorized access. · Handle possible
malfunctions by taking suitable measures, e.g. emergency stop or
emergency off.
2.1.2 2.1.3
Warranty and liability for application examples
Application examples are not binding and do not claim to be complete regarding
configuration, equipment or any eventuality which may arise. Application
examples do not represent specific customer solutions, but are only intended
to provide support for typical tasks. As the user you yourself are responsible
for ensuring that the products described are operated correctly. Application
examples do not relieve you of your responsibility for safe handling when
using, installing, operating and maintaining the equipment.
Security information
Siemens provides products and solutions with industrial security functions
that support the secure operation of plants, systems, machines and networks.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
19
Security instructions
2.2 Specific security instructions
In order to protect plants, systems, machines and networks against cyber
threats, it is necessary to implement and continuously maintain a
holistic, state-of-the-art industrial security concept. Siemens’ products and
solutions constitute one element of such a concept.
Customers are responsible for preventing unauthorized access to their plants,
systems, machines and networks. Such systems, machines and components should
only be connected to an enterprise network or the internet if and to the
extent such a connection is necessary and only when appropriate security
measures (e.g. firewalls and/or network segmentation) are in place.
For additional information on industrial security measures that may be
implemented, please visit https://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them
more secure. Siemens strongly recommends that product updates are applied as
soon as they are available and that the latest product versions are used. Use
of product versions that are no longer supported, and failure to apply the
latest updates may increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial
Security RSS Feed under https://www.siemens.com/cert.
Further information is provided on the Internet:
Industrial Security Configuration Manual
(https://support.industry.siemens.com/cs/ww/en/ view/108862708)
WARNING
Unsafe operating states resulting from software manipulation
Software manipulations, e.g. viruses, Trojans, or worms, can cause unsafe
operating states in your system that may lead to death, serious injury, and
property damage. · Keep the software up to date. · Incorporate the automation
and drive components into a holistic, state-of-the-art industrial
security concept for the installation or machine. · Make sure that you include
all installed products into the holistic industrial security concept. ·
Protect files stored on exchangeable storage media from malicious software by
with suitable
protection measures, e.g. virus scanners. · On completion of commissioning,
check all security-related settings.
2.2
20
Specific security instructions
Note Network traffic When using the BFC gateway, network traffic is generated
in the customer network. Ensure that sufficient bandwidth is available in your
network depending on the use of the BFC gateway.
BFC Gateway Function Manual, 11/2022, A5E49457327B AF
Security instructions 2.2 Specific security instructions
Note Connection to SINUMERIK control systems SINUMERIK control systems are
connected by default via an encrypted MQTT/TLS 1.2/TLS 1.3 connection. If a
system operator explicitly wishes to use an unencrypted connection, then this
can be implemented as part of the configuration process. You can contact the
hotline to obtain the necessary information to do this.
Note Connecting SINUMERIK control systems to the network Connecting SINUMERIK
control systems via the BFC Gateway using TLS 1.2/TLS 1.3/MQTT corresponds to
current security standards.
Note SINUMERIK control system security The company operating the systems is
solely responsible for preventing unauthorized access to your plants, systems,
SINUMERIK control systems and the network. Systems, SINUMERIK control systems
and components should only be connected to the company’s network or the
Internet if and to the extent necessary and with appropriate security measures
in place. Security measures include the use of firewalls, whitelisting, virus
scanners, network segmentation, OS patching.
NOTICE Data misuse due to an unprotected Internet connection An unrestricted
Internet connection can result in data misuse. Before establishing a network
connection, ensure your PC is only connected to the network via a secure
connection. Carefully observe the security-relevant notes and instructions.
Note Data backup before and after commissioning the BFC client Before you make
any changes, carefully ensure that data backups have been generated via the
PCU 50 (Ghost) or the CF card of the NCU (tgz file). Create a data backup
after completing all activities. Additional information about creating a data
backup is provided under: · Commissioning Manual SINUMERIK 840Di sl / 840D sl
/ 840 D, Base Software and HMI-
Advanced · Commissioning Manual SINUMERIK 840D sl Base Software and Operating
Software · Equipment Manual for SINUMERIK 828D PPU and components
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
21
Security instructions 2.3 Improvements to product security
Note Backing up the commissioning PC The necessary security measures (e.g.
virus scanner, firewalls, OS patching, etc.) must be implemented on the PCs
that are used to configure a BFC Gateway at the OEM or end user.
Note Appropriate parameterization When defining the amount of data to be
transferred to the BFC Gateway and the intervals, the system load of the
relevant control system and the network infrastructure involved must be
carefully taken into consideration. The company operating the plant or system
is responsible for carefully planning and providing the datapoints. This can
avoid performance bottlenecks at the control system and in the network.
Additional information relating to IT security is provided in Chapter:
Security information (Page 19).
NOTICE Damage to the machine by writing to control variables Writing to
control variables can damage the machine. This is why, from Version 1.11, when
configuring the permitted write access operations, an appropriate note must be
confirmed.
Note Writing to variables for SINUMERIK control systems For SINUMERIK control
systems, the BFC Gateway is prevented from writing to the following variables:
· Machine data, drive parameters, DB20, DB18 · Axis DBs: DB31-DB61 (for
SINUMERIK 828D: DB3800-DB3818, DB3900) · Basic program DBs: DB7, DB8, DB10
(for SINUMERIK 828D: DB2900)
2.3
Improvements to product security
Warnings are issued when configuring write access operations.
The area of application refers to writing to variables and deleting and/or changing files in the control system.
Note
The BFC client prevents the BFC Gateway from being able to change security-
relevant addresses and directories.
BFC Gateway
22
Function Manual, 11/2022, A5E49457327B AF
Security instructions 2.3 Improvements to product security
System requirements · The Declaration of Conformity of the machine OEM
regarding machine safety (hazardous to human life and safety) is not
diminished when using the BFC Gateway. · When using BFC write functions, users
must be warned about potential economic damage.
NOTICE Economic damage to the machine as a result of incorrect use Incorrectly
using BFC write functions can result in economic damage at the machine. This
cannot be completely prevented in the BFC Gateway, e.g. for a GUD variable
that specifies a traversing path. If the specified traversing path is too long
then the machine will be damaged.
SINUMERIK 840D PowerLine / SolutionLine / One Data areas of the SINUMERIK
control system, which have the potential of influencing “SINUMERIK Safety
Integrated”:
Note Deviating areas for SINUMERIK 828D are specified in brackets.
· Machine data / Drive parameters/ DB20 · SAFE.SPF (lock the complete
directory) (828D: is not used) · Manufacturer cycles · Safety-relevant DBs:
DB18 (828D: is not used) · Axis DBs: DB31-DB61 (828D: DB3800-DB3818, DB3900) ·
Basic program DBs: DB7, DB8, DB10 (828D: DB2900) From this, the following
addresses and directories were derived to access the control system: ·
“DB20.xxx”, “/Plc/DataBlock/xxx[c20,xxx” · “DB18.xxx”,
“/Plc/DataBlock/xxx[c18,xxx” · “DB31.xxx” – “DB61.xx”,
“/Plc/DataBlock/xxx[c31,xxx” – “/Plc/DataBlock/xxx[c61,xxx” · “DB7.xxx”,
“/Plc/DataBlock/xxx[c7,xxx” · “DB8.xxx”, “/Plc/DataBlock/xxx[c8,xxx” ·
“DB10.xxx”, “/Plc/DataBlock/xxx[c10,xxx” · “DB3800.xxx” – “DB3818.xx”,
“/Plc/DataBlock/xxx[c3800,xxx” – “/Plc/DataBlock/
xxx[c3818,xxx” · “DB2900.xxx”, “/Plc/DataBlock/xxx[c2900,xxx” ·
“xxxTEA_ACX/xxx” · “xxxSEA_ACX/xxx” · “/Nck/Configuration/xxx”
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
23
Security instructions 2.3 Improvements to product security
· “/Nck/Settings/xxx”
· “/Nck/Drive/xxx”
· “/Nck/ProtectedArea/xxx”
· “/Channel/Settings/xxx”
· “/Channel/Drive/xxx”
· “/Channel/Configuration/xxx”
· “/Channel/ProtectedArea/xxx”
· “/Axis/Drive/xxx”
· “/Axis/Settings/xxx”
· “/DriveVsa/xxx”
· “/acx/xxx”
· Directory “/NC/CST.DIR/xxx”
=> Standard cycles
· Directory “/NC/CMA.DIR/xxx”
=> Manufacturer cycles (incl. SAFE.SPF)
This involves a superset of addresses, which can be used under HMI-Advanced (PowerLine) and Operate (SolutionLine/One/828D).
Overview
You configure write access operations to variables of the control system in
the ConfigUI of the BFC client in Section “Define whitelisting configuration”.
In this section, you configure which control system addresses may be written
to.
The white list defined here (list of addresses) is transferred to the BFC
client for each change and when the machine restarts. The BFC client only
permits write access operations to addresses that are in this list. Attempts
to access other addresses are rejected with message “Access denied”.
Example:
In this example, a message is sent with two addresses to the BFC client
(connectivity/ machine/
{ “writeAccess”: [ “DB21.DBX7.1”, “DB20.DBX1” ] }
At this position, address “DB20.DBX1” is filtered out, as this lies in a
SINUMERIK data area, which potentially has influence on “SINUMERIK Safety
Integrated”. The addresses are filtered out using a regular expression.
Note Observe uppercase/lowercase letters and space characters.
The following log message is entered:
BFC Gateway
24
Function Manual, 11/2022, A5E49457327B AF
Security instructions 2.3 Improvements to product security
2022-07-13T17:09:21.246498+02:00 [E] 1254 Write access to the following
addresses is not allowed: ‘DB20.DBX1’ All files from directories
“/NC/CST.DIR/xxx” (standard cycles) and “/NC/CMA.DIR/xxx” (manufacturer cycles
incl. SAFE.SPF) are also filtered out using a regular expression in the
affected functions of the BFC client.
Application in ConfigUI ConfigUI calls a check box for “allowlist” and
“filepermissions”, which must be defined in order to save the configuration.
Note The settings in ConfigUI apply to all clients.
· To be able to release an address in the “allowlist”, you must set the check
box as shown in the following diagram.
· If there is no entry in the “allowlist”, then there is no check box for the
“allowlist”. If there is no entry with skills “delete” or “write” in the file
authorization list, then there is no check box for file authorization.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
25
Security instructions 2.3 Improvements to product security
· The check box is displayed as soon as an entry is set for one of the skills
“delete” or “write”.
· Select the check box to save the skills for the appropriate path.
You must again select the check box if you wish to edit, add or import
entries.
BFC Gateway
26
Function Manual, 11/2022, A5E49457327B AF
Product information
3
3.1
Form in which the BFC client is delivered
Siemens provides you with the software corresponding to the order data, either on a data storage medium or per download.
Siemens includes with the software an electronic form of the software documentation.
Note Software package
The software package is a zip archive that contains the software and documents
for commissioning a SINUMERIK 840D/840D sl/828D.
The Siemens Third-Party Software Disclosure Document (BFC_readme_oss.html) for
BFC is provided in the root directory of the software provided.
3.2
Form in which the BFC gateway is delivered
Siemens provides you with the software corresponding to the order data, either on a data storage medium or per download, as well as the associated Certificate of License (CoL).
Siemens includes with the software an electronic form of the software documentation.
Siemens provides a license key, which is documented on the CoL.
Note Installation
Install the software package as described in this document.
More information can be found in Chapter: Installing the BFC gateway (Page
67).
The Siemens Third-Party Software Disclosure Document (BFC_readme_oss.html) for
BFC is provided in the root directory of the software provided.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
27
Product information 3.3 BFC update
3.3
BFC update
3.3.1
BFC Gateway update (docker-based)
Preconditions
· Access data for your existing BFC installation · Root rights on the BFC Gateway host system · You can obtain the current BFC version from your regional Siemens contact person · An SSH client, for example PuTTY · An SFTP client, for example WinSCP
Upgrading BFC version from v1.7 to v1.10.1
1. Copy the new BFC version unzipped to the target system in a folder next to
the existing installation.
2. Make the setup file setup.linux.x64 so that it can be run.
sudo chmod 744 setup.linux.x64
This means that the owner of the setup is allocated the right to run this.
3. Run the setup via the Command Line Interface (CLI) of PuTTY. To do this,
run the following command with user and password of the existing BFC
installation in the folder of the BFC version to be installed: sudo
./setup.linux.x64 -u myuser -p mypass
When compared to a first installation, perform the setup without parameter
-deploy.
4. Compare file /docker/secret.env of the existing installation with file
/docker/ secret.env of the BFC version to be installed.
Lines or content are available in the new secrets.env file, which are not
available in the existing secrets.env file.
5. Expand the existing secrets.env file to include these lines/content.
Carefully ensure that you do not replace any existing “Password” or “User
name” in the existing secrets.env file.
Expand line 3 to include the following: ‘http://entry:9876/doghouse.crl’
Insert the following in line 4: BFC_CA_NAME=’BFC CA
Insert the following in line 5: BFC_CERT_HOST_FOLDER_PATH=’/etc/ssl/ certs
/ca-certificates.crt
Expand line 17 to include the following: ‘entry’
6. Before the update, copy the modified file into the docker directory of the
new version. Replace the secrets.env file saved there.
7. Delete the stacks before you execute the setup using parameter deploy.
BFC Gateway
28
Function Manual, 11/2022, A5E49457327B AF
Product information 3.3 BFC update
8. List the existing docker stacks using the following command: sudo docker
stack ls
9. Delete the listed stacks using the following command: sudo docker stack rm
stack1 stack2 … stackN
10.To do this, run the following command with user and password of the
existing BFC installation in the folder of the BFC version to be installed:
sudo ./setup.linux.x64 -deploy -u myuser -p mypass
11.For ALL configured clients, middleware and gateways, update the version
numbers of the docker image. You can now read off the new version numbers
using tile “System State”.
Note It is possible that certain IotServer services do not start as a result
of queues that have not been activated. You can check the log file of a
service using the following command: sudo docker service logs
Upgrading BFC version from v1.8 to v1.10.1 1. Copy the new BFC version
unzipped to the target system in a folder next to the existing installation.
2. Make the setup file setup.linux.x64 so that it can be run. sudo chmod 744
setup.linux.x64 This means that the owner of the setup is allocated the
right to run this. 3. Run the setup via the Command Line Interface (CLI) of
PuTTY. To do this, run the following command with user and password of the
existing BFC installation in the folder of the BFC version to be installed:
sudo ./setup.linux.x64 -u myuser -p mypass When compared to a first
installation, perform the setup without parameter -deploy. 4. Compare file
/docker/secret.env of the existing installation with file /docker/ secret.env
of the BFC version to be installed. Lines or content are available in the
new secrets.env file, which are not available in the existing secrets.env
file. 5. Expand the existing secrets.env file to include these lines/content.
Carefully ensure that you do not replace any existing “Password” or “User
name” in the existing secrets.env file. Expand line 3 to include the
following: ‘http://entry:9876/doghouse.crl’ Insert the following in line 5:
BFC_CERT_HOST_FOLDER_PATH=’/etc/ssl/ certs/ca-certificates.crt Expand line
17 to include the following: ‘entry’ 6. Before the update, copy the modified
file into the docker directory of the new version. Replace the secrets.env
file saved there.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
29
Product information 3.3 BFC update
7. Delete the stacks before you execute the setup using parameter deploy.
8. List the existing docker stacks using the following command: sudo docker
stack ls
9. Delete the listed stacks using the following command: sudo docker stack rm
stack1 stack2 … stackN
10.To do this, run the following command with user and password of the
existing BFC installation in the folder of the BFC version to be installed:
sudo ./setup.linux.x64 -deploy -u admin -p mypass
11.For ALL configured clients, middleware and gateways, update the version
numbers of the docker image. You can now read off the new version numbers
using tile “System State”.
Upgrading BFC version from v1.9 to v1.10.1 1. Copy the new BFC version
unzipped to the target system in a folder next to the existing installation.
2. Make the setup file setup.linux.x64 so that it can be run.
sudo chmod 744 setup.linux.x64
This means that the owner of the setup is allocated the right to run this.
3. Run the setup via the Command Line Interface (CLI) of PuTTY. To do this,
run the following command with user and password of the existing BFC
installation in the folder of the BFC version to be installed: sudo
./setup.linux.x64 -u myuser -p mypass
When compared to a first installation, perform the setup without parameter
-deploy.
4. Compare file /docker/secret.env of the existing installation with file
/docker/ secret.env of the BFC version to be installed.
Lines or content are available in the new secrets.env file, which are not
available in the existing secrets.env file.
5. Expand the existing secrets.env file to include these lines/content.
Carefully ensure that you do not replace any existing “Password” or “User
name” in the existing secrets.env file.
Insert the following in line 5: BFC_CERT_HOST_FOLDER_PATH=’/etc/ssl/ certs
/ca-certificates.crt
6. Before the update, copy the modified file into the docker directory of the
new version. Replace the secrets.env file saved there.
7. Delete the stacks before you execute the setup using parameter deploy.
8. List the existing docker stacks using the following command: sudo docker
stack ls
9. Delete the listed stacks using the following command: sudo docker stack rm
stack1 stack2 … stackN
BFC Gateway
30
Function Manual, 11/2022, A5E49457327B AF
Product information 3.3 BFC update
10.To do this, run the following command with user and password of the
existing BFC installation in the folder of the BFC version to be installed:
sudo ./setup.linux.x64 -deploy -u myuser -p mypass
11.For ALL configured clients, middleware and gateways, update the version
numbers of the docker image. You can now read off the new version numbers
using tile “System State”.
Upgrading BFC version from v1.10 to v1.10.1 / BFC version from v1.10.1 to
v1.11 1. Copy the new BFC version unzipped to the target system in a folder
next to the existing installation.
2. Make the setup file setup.linux.x64 so that it can be run.
sudo chmod 744 setup.linux.x64
This means that the owner of the setup is allocated the right to run this.
3. Run the setup via the Command Line Interface (CLI) of PuTTY. To do this,
run the following command with user and password of the existing BFC
installation in the folder of the BFC version to be installed: sudo
./setup.linux.x64 -u myuser -p mypass
When compared to a first installation, perform the setup without parameter
-deploy.
4. Compare file /docker/secret.env of the existing installation with file
/docker/ secret.env of the BFC version to be installed.
With the exception of “User name” and “Password”, the new secrets.env file
is identical with the existing secrets.env file. Replace the new secrets.env
file with the existing file.
5. Delete the stacks before you execute the setup using parameter deploy.
6. List the existing docker stacks using the following command: sudo docker
stack ls
7. Delete the listed stacks using the following command: sudo docker stack rm
stack1 stack2 … stackN
8. To do this, run the following command with user and password of the
existing BFC installation in the folder of the BFC version to be installed:
sudo ./setup.linux.x64 -deploy -u myuser -p mypass
9. For ALL configured clients, middleware and gateways, update the version
numbers of the docker image. You can now read off the new version numbers
using tile “System State”.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
31
Product information 3.3 BFC update
Installing BFC Analytics Version v1.0 on BFC Version v1.9 1. Copy the BFC
Analytics version unzipped to the target system in a folder next to the
existing installation. 2. Make setup file setup_bfc-analytics.sh so that it
can be run. sudo chmod 744 setup.linux.x64 This means that the owner of
the setup is allocated the right to run this. 3. Execute the following command
with user name and password of the existing BFC installation in the folder of
the BFC Analytics version to be installed: sudo ./setup.linux.x64 -user myuser
-password mypass -deploy -host myIP When doing this, ensure that you use -user
and -password (instead of -u and -p).
Upgrading BFC version v1.9 with BFC Analytics v1.0 on BFC Version v1.10.1 The
following describes how the BFC Gateway can be upgraded from version v1.9 to
version 1.10.1 without having to reinstall the BFC Analytics tool.
Requirement: · BFC version v1.9 is installed.
· BFC Analytics v1.0 is installed.
· BFC version v1.10.01 is to be installed without upgrading BFC Analytics.
The background to this is that by installing the latest BFC Analytics
version, the existing version is overwritten, and therefore no longer
functions.
Procedure: 1. Copy the new BFC version unzipped to the target system in a
folder next to the existing
installation.
2. Make the setup file setup.linux.x64 so that it can be run.
sudo chmod 744 setup.linux.x64
This means that the owner of the setup is allocated the right to run this.
3. Run the setup via the Command Line Interface (CLI) of PuTTY. To do this,
run the following command with user and password of the existing BFC
installation in the folder of the BFC version to be installed: sudo
./setup.linux.x64 -u myuser -p mypass
When compared to a first installation, perform the setup without parameter
-deploy.
4. Compare file /docker/secret.env of the existing installation with file
/docker/ secret.env of the BFC version to be installed.
Lines or content are available in the new secrets.env file, which are not
available in the existing secrets.env file.
5. Expand the existing secrets.env file to include these lines/content.
Carefully ensure that you do not replace any existing “Password” or “User
name” in the existing secrets.env file.
Insert the following in line 5: BFC_CERT_HOST_FOLDER_PATH=’/etc/ssl/ certs
/ca-certificates.crt
BFC Gateway
32
Function Manual, 11/2022, A5E49457327B AF
Product information 3.3 BFC update
6. Before the update, copy the modified file into the docker directory of the
new version. Replace the secrets.env file saved there.
7. Delete the stacks before you execute the setup.
8. List the existing docker stacks using the following command: sudo docker
stack ls
9. Delete the listed stacks using the following command: sudo docker stack rm
stack1 stack2 … stackN
10.To do this, run the following command with user name and password of the
existing BFC installation in the folder of the BFC version to be installed:
sudo ./setup.linux.x64 -deploy -u myuser -p mypass -excluded-apps bfc-
analytics
When doing this, ensure that the BFC Analytics App is not also installed:
-excludedapps bfc-analytics
11.For ALL configured clients, middleware and gateways, update the version
numbers of the docker image. You can now read off the new version numbers
using tile “System State”.
3.3.2
BFC Gateway update (Kubernetes-based)
Installing Kubernetes
Requirement · A Debian system is available. · A CentOS7 system is available. ·
The system has an Internet connection.
Procedure 1. Establish a connection to the system, e.g. using WinSCP/PuTTY. 2.
Log in as user with root rights. 3. Enter the following command:
sudo visudo 4. Scroll to Defaults secure_path. Expand the path by
/urs/local/bin:
Defaults secure_path = /sbin:/bin:/urs/sbin:/urs/bin:/usr/ local/bin 5. Enter
the following command: export KUBECONFIG=kubeconfig.yaml Map the KUBECONFIG
environment variable to the path of the Kubernetes configuration
file.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
33
Product information 3.3 BFC update
6. Install Kubernetes. Enter the following command: sudo curl -sfL
https://get.k3s.io | sh
7. Reboot the system. After logging on again, using command sudo kubectl
get nodes | grep 0/1 you can check that Kubernetes has been correctly
installed.
Installing the BFC Gateway on Kubernetes
Requirement · Kubernetes is installed on the target system.
Procedure 1. Copy the BFC version from Pridanet unzipped to the target system.
2. Make the setup file setup.linux.x64 so that it can be run. 3. Run the setup
using the following command:
./setup.linux.x64 -u
Upgrading BFC version from v1.9 to v1.10.1 1. Copy the new BFC version
unzipped to the target system in a folder next to the existing installation.
2. Make the setup file setup.linux.x64 so that it can be run. sudo chmod 744
setup.linux.x64 This means that the owner of the setup is allocated the
right to run this. 3. Run the setup via the Command Line Interface (CLI) of
PuTTY. To do this, run the following command with user name and password of
the existing BFC installation in the folder of the BFC version to be
installed: ./setup.linux.x64 -u
BFC Gateway
34
Function Manual, 11/2022, A5E49457327B AF
3.3.3
Product information 3.3 BFC update
5. Expand the existing secrets.env file to include this line. Carefully
ensure that you do not replace any existing “Password” or “User name” in the
existing secrets.env file.
Insert the following in line 5: BFC_CERT_HOST_FOLDER_PATH=’/etc/ssl/ certs
/ca-certificates.crt
6. Before the update, copy the modified file into the Kubernetes directory
kubernetes/ config/configs/ of the new version. Replace the secrets.env file
saved there.
7. Compare file /kubernetes/builds/1.9/thirdparty/broker/config/
definitions.json of the existing installation with file /kubernetes/config/
broker/definitions.json of the BFC version to be installed.
Copy the passwords of the existing definitions.json into the new
definitions.json file.
Lines 6, 11, 16, 25, 26, 31, 89 and 112 are involved.
Save the modified, new definitions.json in directory kubernetes/config/
broker/definitions.json.
8. Compare file /kubernetes/builds/1.9/infrastructure/configui/config/
settings.json of the existing installation with file
/kubernetes/config/configui/ settings.json of the BFC version to be installed.
Copy the passwords of the existing definitions.json into the new
definitions.json file.
Lines 37, 39, 50, 55 and 60 are involved.
Save the modified, new definitions.json in directory kubernetes/config/
broker/definitions.json.
9. Compare file /kubernetes/builds/1.9/infrastructure/configui/users/
users.json of the existing installation with file /kubernetes/config/users/
users.json of the BFC version to be installed.
The file comprises only one line.
Copy the ID of “passwordHash” from the existing users.json into the new
users.json file.
Save the modified, new users.json in directory kubernetes/config/users/
users.json.
10.Run the setup using the following command: sudo ./setup.linux.x64 -u admin
-p admin -kubernetes=true -k3s -kubeconfig=/etc/rancher/k3s/k3s.yaml
-namespace=bfc -deploy
BFC client update
You can perform the update of a BFC client on machines that are already
connected.
The configuration of the BFC client is not changed by the update.
This procedure is identical for all SINUMERIK control variants (HMI-Advanced /
Operate). You do not need to distinguish between different control system
types.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
35
Product information 3.4 Contacting the hotline
Procedure
1. Open the “Commissioning” area, which displays the current version of the BFC client of the affected machine.
2. Click the button to transfer a corresponding ZIP file (BFC-Client-
xx.xx.xx.zip) with the new version to the machine. The ZIP file can be
obtained through PridaNet. It is also part of the software delivery of BFC
Gateway.
3. After transferring the ZIP file to the machine, you can see which version
of the BFC client is currently installed on the machine in the “System State >
Clients” area. The new version is displayed in the “Description” column.
Restart the machine to activate the new BFC client version on the machine. You
can thus decouple the activation of a version transferred to the machine from
the transfer in terms of time.
Note In the same way, it is possible to downgrade a machine to an older BFC
client version.
3.4
Contacting the hotline
Use the service request on the Internet page “Industry Online Support” to contact the hotline.
Note Maintenance contract
Please note that to obtain support through the hotline, it is necessary to
conclude a maintenance contract (Connectivity Maintenance BF, article number:
9MC1110-1PR00-0AA5).
Requirement
You must register/log in to be able to use the “Industry Online Support” website.
BFC Gateway
36
Function Manual, 11/2022, A5E49457327B AF
Product information 3.4 Contacting the hotline
Creating a service request 1. Open this Link
(https://support.industry.siemens.com/cs/ww/en/) to open the “Industry Online
Support” website. 2. “Industry Online Support” landing page opens. Click on
“mySupport”.
3. Window “mySupport Links and Tools” opens. Select “Support Request”
4. Input window “Support Request” opens. Click on “New request”.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
37
Product information 3.4 Contacting the hotline
5. The “Create support request” input window opens. Perform a product
search using the term “BFC Brownfield Connectivity – Gateway”. Select the
product. Click on “search”.
6. A new page opens. Formulate your request to the hotline on the following
pages. Always specify the BFC client and BFC Gateway version. The hotline will
then immediately process your request and contact you.
BFC Gateway
38
Function Manual, 11/2022, A5E49457327B AF
Requirement
4
4.1
Specialist know-how
Specialist know-how is required in the following areas in order that installation and configuration can be professionally performed:
· Windows, Linux, Linux console
· Docker
· Kubernetes
· WinSCP, PuTTY
· http, https, TLS, SSH
· Handling certificates
· SINUMERIK 840D/828D/ONE: Using the service mode
· SINUMERIK 840D/828D/ONE: Creating commissioning archives
· SINUMERIK 840D/828D/ONE: Creating system backups
· MindSphere
· MindSphere API and Fleet Manager
· MindSphere application “SINUMERIK Service Assistance”
4.2
General conditions
The following constraints apply when using the BFC Gateway:
· Ensure that all of the devices, machines, PCs and higher-level customer
and/or cloud systems involved are networked and ready for operation. Network
requirements: At least 100 Mbit/s full-duplex
· Provide a specification for all of the device addresses to be read for all
of the required data and operating states as follows:
All of the required variables have been defined and documented.
If you need support with defining the necessary variables, you can order the
Application Consulting BF (article number: 9MC1110-1PR00-0AA7).
· We strongly recommend before installing the software that a malware and/or
virus check is carefully performed for every device to be networked.
· Note that the system time of all of the devices involved must be
synchronized. Synchronization can be performed by connecting to an NTP time
server or by manually entering and updating, for example.
· Provide a PC with the appropriate performance with a released Linux
distribution to install the BFC Gateway. When selecting the PC, take into
account the installation requirements. If necessary, the extensions must be
scaled using additional hardware.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
39
Requirement
4.3 System requirements
· The target system must have an Internet connection while installing and
commissioning the BFC Gateway.
· For the duration of the warranty time we recommend a remote and SSH access
to the gateway PC for maintenance and servicing. Carefully ensure that the
machines can access ports 1883 and 8883 at the gateway PC. If you require
maintenance and care by Siemens experts after the warranty period or are
unable or unwilling to provide remote access, cRSP (Common Remote Service
Platform) can enable secure access to the BFC gateway. You can find out about
the various remote services (https://support.industry.siemens.com/cs/sc/2281
/remote-services-for-processautomation?lc=de-DE). The implementation process
is described in the cRSP Remote Collaboration Regulations. You can also
contact the DI CS SD Remote Collaboration Team about this. You will find more
detailed information in the Siemens Industry Online Support (SIOS).
· At the time of commissioning, provide the appropriate access authorizations
to install the BFC client on machines equipped with SINUMERIK 840D/840D
sl/828D. Access authorizations include, for example, protection levels, logins
and passwords. When required, obtain this information from the machine OEMs.
· Because of the growing use of resources (hard disk space), you should
integrate the lowerlevel hardware or virtual machine of the BFC into the
customer’s IT monitoring.
4.3
System requirements
4.3.1
BFC gateway
Install the software on an appropriate computer with a Linux operating system
with the appropriate processing performance.
Note Kubernetes cluster You will find the system requirements for operating
BFC in a Kubernetes cluster in Installing BFC Gateway in a Kubernetes cluster
(Page 71).
To prevent data loss in the event of a power failure, we recommend the use of
an uninterruptible power supply (UPS). Perform a data backup on a regular
basis.
Note Reinstallation If the TCP/IP address of the computer on which the BFC
Gateway is installed changes, then the BFC Gateway must be reinstalled. This
is especially the case if the BFC Gateway was installed in a virtual machine,
and this virtual machine is copied or shifted.
BFC Gateway
40
Function Manual, 11/2022, A5E49457327B AF
Requirement 4.3 System requirements
Note Installation in a virtual machine Contact the hotline if you wish to
install the software in a virtual machine.
Note Hard disk memory Only use the SSD hard disk memory for installation and
operation.
Minimum system requirements
The following minimum system requirements (valid for up to 10 devices to be
connected) are applicable for the BFC Gateway.
Parameters CPU kernels CPU threads CPU basis frequency RAM Free hard disk space (SSD) Free network interfaces
Value 4 4 1.9 GHz 8 GB 480 GB 2 (1 Gbit/s)
Supplementary system requirements high-frequency data acquisition
The BFC function “High-frequency data acquisition” allows you to acquire data
with a high clock rate from a SINUMERIK control. You will find further
information on this in: Configuring highfrequency data acquisition (Page 340).
When high-frequency data acquisition is activated, additional system resources
are required on the BFC Gateway. The following additional resources are
required depending on the configured number of variables for the high-
frequency data acquisition.
Parameters CPU performance RAM Network speed Hard disk speed Memory required per hour
10 variables
20 variables
400 MHz
600 MHz
50 MB
50 MB
Can be neglected for the Gigabit communication link that is required
Can be neglected for the SSD that is required
1 GB
2 GB
Note
The overall CPU performance is obtained from: Number of kernels x CPU basis
frequency
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
41
Requirement 4.3 System requirements
Example: If you have activated high-frequency data acquisition for five
machines (for 10 variables), then the following additional resources are
required: · CPU performance: 5 x 400 MHz = 2 GHz · RAM: 5 x 50 MB = 250 MB · 5
GB HD space per hour = 120 GB per day This means that the CPU must provide 2
GHz more overall CPU performance.
Selecting an industrial PC
The following tables list as example a selection of industrial PCs as target
platform for installing the gateway.
Devices* Up to 10 Up to 30 Up to 60 Up to 60
SIMATIC IPC 427E (box PC) 427E (box PC) 627E (box PC) 647E (rack PC, 19″, 2HE)
Processor Intel® Core i5-6442EQ Intel® Xeon E3-1505L Intel® Core i7-8700 Intel® Xeon E-2176G
RAM 8 GB 8 GB 32 GB 32 GB
SSD 480 GB 480 GB 960 GB 960 GB
Article number 6AG4141-5BB00-0GA0 6AG4141-7AB00-0GA0 6AG4131-3GD30-8AA0 6AG4112-3KR03-0XX0
- The CPU performance depends on the configured client as well as the configured gateway(s). If necessary, using the same systems, the required CPU performance must be provided through scaling.
The following CPU architectures are supported:
· AMDx64
The following non-commercial Linux distributions are supported:
· Debian 10
· Debian 9
· CentOS 7
The following chapters provide information regarding the system requirements of the components that are used.
The hotline is available if you have questions or require more information.
Supported web browsers The following web browsers are supported for configuring the BFC Gateway: · Mozilla Firefox Version 91 or higher · Google Chrome Version 100 or higher Microsoft Internet Explorer and Edge are not supported.
BFC Gateway
42
Function Manual, 11/2022, A5E49457327B AF
Requirement 4.3 System requirements
Network for internal communication Within the BFC Gateway a network for
internal communication is configured on the basis of Docker. As a minimum, the
Docker version should support docker-compose file format version 3.3 and use a
docker engine from version 20.10.8 and higher. The network mask 172.18.0.0/16
is the default mask for this internal network. Please note the following: ·
Avoid any collisions on the BFC Gateway between the network masks of the
Docker network within BFC and the configured communication networks in the
customer network. · If the Docker network collides with another network
configured on the BFC Gateway host system, you must reconfigure the Docker
network.
Note You will find more information in the Docker Online Help
(https://docs.docker.com/engine/ tutorials/networkingcontainers/). To operate
BFC in swarm mode with several physical or virtual nodes, you must configure
the Docker environment according to the following instructions: · Creating a
Docker swarm (https://docs.docker.com/engine/swarm/swarm-tutorial/create-
swarm/) · Adding nodes (https://docs.docker.com/engine/swarm/swarm-tutorial
/add-nodes/) · Scaling a service (https://docs.docker.com/engine/swarm/swarm-
tutorial/scale-service/)
Overview of system limits (quantity framework) BFC Gateway supports up to 60 connected clients (BFC devices) by default. Up to 50 data points are supported per BFC device, divided into “datasets”. The shortest interval for reading datasets is 200 ms.
Empirical values for tests
The following empirical values were determined when performing tests with the
hardware example listed above (IPC427E with Intel® Core i5-6442EQ):
Client / gateway BFC client BFC driver (all) MindSphere gateway AMP gateway OPC UA server
Transmission rate [data points/seconds] 250 250 500 40 250 per client
All MindSphere and AMP gateways back up data for ~90 days up to a limit of ~5 GB or ~150,000,000 data points. The computer hard disk must have the appropriate size.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
43
Requirement 4.3 System requirements
4.3.2
BFC apps
The BFC Gateway enables the installation of applications. Currently, the
following applications are available for installation:
Application bfc-analytics
Description
BFC Analytics offers a solution to visualize data and machine tool-related
KPIs that give insights about production and machine conditions.
For more information on additional system requirements, refer to the documentation of the respective application. Any system requirements of applications must be added to the basic system requirements.
4.3.3 4.3.3.1
BFC client
The BFC client for SINUMERIK is the only client that is directly installed on
the SINUMERIK machine control system.
· Before starting installation, ensure that the machine in your network can
access the BFC gateway.
· For each machine, check the values to be read from the machine.
Additional information on the operating software is provided in:
· SINUMERIK Operate Commissioning Manual (https://
support.industry.siemens.com/cs/ww/en/view/109769186)
· Equipment Manual for SINUMERIK 828D PPU and components (https://
support.industry.siemens.com/cs/ww/en/view/109763414)
· Commissioning Manual SINUMERIK 840Di sl / 840D sl / 840D, Base Software and
HMIAdvanced (https://support.industry.siemens.com/cs/ww/en/view/109310641)
Hardware and operating software
The following tables provide an overview of the hardware and operating
software required for SINUMERIK control systems.
SINUMERIK 840D – HMI-Advanced
BFC client 02.15.00.00
Operating software 6.1 6.2 6.3 6.4 7.1 7.2 7.3 7.5 7.6
Hardware PCU 50.1 PCU 50.2 PCU 50.3 PCU 50.5
Operating system Windows NT Windows XP
BFC Gateway
44
Function Manual, 11/2022, A5E49457327B AF
Requirement 4.3 System requirements
SINUMERIK 840D – HMI-Advanced for retrofit
BFC client 02.15.00.00
Operating software 6.5 for retrofit 7.7 for retrofit
Hardware IPC427D
SINUMERIK 840D – MMC103*
BFC client
Operating software Hardware
Operating system Windows 10
Operating system
02.15.00.00
5.3
MMC103
Windows 95
- No general release for MMC103 / Windows 95 Contact your regional Siemens sales partner for additional information or project-specific solutions.
SINUMERIK 840D – SINUMERIK Operate (PCU/TCU)*
BFC client 02.15.00.00
Operating software 2.6 2.7 4.5 4.7 4.8 4.9
Hardware PCU 50.3 PCU 50.5
Operating system Windows XP Windows 7 Windows 10
- No general release for operation on an IPC
Contact your regional Siemens sales partner for additional information, other versions of the operating software or project-specific solutions.
SINUMERIK 840D – SINUMERIK Operate (NCU/TCU)
BFC client 02.15.00.00
Operating software 2.6 2.7 4.5 4.7 4.8 4.9
Hardware NCU7x0.2 NCU7x0.3
Operating system Linux
Contact your regional Siemens sales partner for additional information, other versions of the operating software or project-specific solutions.
SINUMERIK 828D – SINUMERIK Operate (PPU)
BFC client 02.15.00.00
Operating software 4.5 4.7 4.8
Hardware PPU2xx3 PPU2xx4
Operating system Linux
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
45
Requirement 4.3 System requirements
1:n connections Using the BFC client on control systems equipped with several
NCUs has not been released.
Contact your regional Siemens sales partner for additional information or
project-specific solutions.
SINUMERIK ONE – SINUMERIK Operate (NCU/TCU)
BFC client 02.15.00.00
Operating software 6.13 6.20
Hardware NCU1760
Operating system Linux
DMG CELOS
BFC client 02.15.00.00
Operating software 4.9 preliminary CELOS V06.34.22.1759
Hardware IPC627D
Operating system Windows 7 Windows 10
Note You must reinstall the BFC client for each CELOS update.
4.3.3.2
Network
The system topology with the ports used is shown in the following figure.
Activate the following ports in the network. Before you do this, talk with the
IT person responsible for the network.
BFC Gateway
46
Function Manual, 11/2022, A5E49457327B AF
Requirement 4.3 System requirements
Port 22
1883 4840
8883 9877
Open BFC gateway ports for incoming communication
Type TCP
TCP TCP
Protocol SSH
MQTT OPC UA
Usage
Commissioning/ updates Commissioning Data forwarding
Coded Yes
No Yes
TCP MQTT Data acquisition
Yes
TCP HTTPS Configuration &
Yes
HTTP REST Client &
WebDAV
Description SSH access for commissioning and system updates
Standard MQTT port for the commissioning of BFC clients Standard OPC UA server
port. Is used to present collected data. Standard MQTTS port for data
acquisition from BFC clients HTTPS WebUI to configure the BFC Gateway and file
func- tions via WebDAV
Note Ports during operation In operation, the BFC Gateway does not automatically open additional ports.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
47
Requirement 4.3 System requirements
Outgoing communication to the office network
Port Type Protocol Usage
443
TCP HTTP
Data forwarding
1883 TCP MQTT Data forwarding
3306 TCP MYSQL Data forwarding
3560 TCP HTTP
Data forwarding
8086 TCP HTTP/S Data forwarding
8883 TCP MQTT Data forwarding
9200 TCP HTTP
Data forwarding
Coded Yes No Yes/No No Yes/No Yes No
Description
Standard HTTPS port used to send data to upstream sys- tems (e.g. MindSphere)
Standard MQTT port for sending data to a customer MQTT broker
Standard MySQL server port for sending data to a custom- er MySQL database
HTTP interface of the Analyze MyPerformance (AMP) serv- er
Standard InfluxDB HTTP service port to send data to a cus- tomer Influx
database
Standard MQTTS port for sending data to a customer MQTT broker via an
encrypted connection
Standard Elasticsearch HTTP service port to send data to a customer
Elasticsearch database
Outgoing communication to the production network
Port Type Protocol Usage
80
TCP HTTP
Data acquisition
102
TCP S7 comm Data acquisition
443
TCP HTTPS Data acquisition
500
TCP TwinCAT Data acquisition
502
TCP Modbus Data acquisition
801
TCP
811
TCP
821
TCP
831
TCP
4840 TCP
8192 TCP
19000 TCP
TwinCAT TwinCAT TwinCAT TwinCAT OPC UA FOCAS LSV2
Data acquisition Data acquisition Data acquisition Data acquisition Data acquisition Data acquisition Data acquisition
44818 TCP
Ethernet Industri- al Proto- col
Data acquisition
Coded No
No Yes No No
No No No No Yes/No No No
No
Description
Standard HTTP port for connection to MTConnect agents or HTTP-REST client
Standard port ISO over TCP to SIMATIC control systems Standard HTTPS port for
connection to MTConnect agents Standard Beckhoff port for NC data Standard
Modbus port for connection to Modbus TCP de- vices Standard Beckhoff port for
PLC runtime system 1 Standard Beckhoff port for PLC runtime system 2 Standard
Beckhoff port for PLC runtime system 3 Standard Beckhoff port for PLC runtime
system 4 Standard OPC UA port for connection to OPC UA devices Standard FOCAS
port for connection to FANUC controllers Standard LSV2 communication port for
connection to Hei- denhain controls Standard EIP communication port
BFC Gateway
48
Function Manual, 11/2022, A5E49457327B AF
4.3.4
Requirement 4.3 System requirements
FANUC client
The BFC driver for machines with FANUC control supports reading and writing
data, retrieving alarms, and transferring programs via the FOCAS interface.
Interface FOCAS1 FOCAS2
FANUC models* 0i-B/C, 15i, 16i, 18i, 21i, Mate i-D, Mate i-H 0i-D/F, 30i/31i/32i-A, 30i/31i/32i/35i-B, Motion i-A
- Additional models that support FOCAS1 or FOCAS2 can possibly be released on a project-for-project basis. Contact your regional Siemens sales partner regarding verification.
The following diagram provides an overview of the data and information that can be used.
- Not available for control systems that only support the FOCAS1 interface
Requirement
· Test the connection to the FANUC control system using the “Fanuc Focas
Tester” tool. More information relating to testing the connection is provided
in Chapter: Check connection to FANUC control system (Page 540).
· Before starting installation, ensure that the FOCAS interface of the machine
is accessible in the customer network.
· You require the following to read out data from a FANUC control system via
the FOCAS interface:
Option “Extended driver/library function” for using the FOCAS interface must
be activated
Ethernet connection that is ready to operate to the FANUC control system
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
49
Requirement 4.3 System requirements
Note Older FANUC control systems FANUC control systems, which only support the
FOCAS1 interface, can only access a restricted functional scope in the
interface. · If you have any questions, contact your regional Siemens sales
partner.
Note New parameters The application is only delivered with standard
parameters. Before you parameterize new parameters that are to be read out, we
urgently recommend that you first have these parameters checked by a Siemens
AG Application Center.
More information about possible NC/PMC parameters is available in the
Internet: · The “FANUC Connection Manual Function” Manual; e.g.
30i/31i/32i/35i-B, document
B-64483EN-1
Note API calls of the FOCAS interface You can find information about the
possible API calls of the FOCAS interface in the Appendix (Page 543).
The following must be observed when transferring programs: · Controls that
only use the FOCAS1 interface are not supported. · On the FANUC side,
depending on the control type there is a limit to the maximum size of the
programs that can be transferred. · All FANUC programs must have a certain
format and contain, for example, the file name or
the program number. If this format is not given, the BFC Gateway tries to
emulate it so that the transferred target program is larger than the source
program. · The program file name and the name within the program data must
match. · If a FANUC program on the machine is in editing mode or is currently
active, it cannot be changed with the BFC Gateway. · The file size of all
files is specified as 0 bytes in the BFC Gateway.
BFC Gateway
50
Function Manual, 11/2022, A5E49457327B AF
4.3.5
Requirement 4.3 System requirements
· The access rights to individual paths or files can be defined when
configuring the FANUC client.
· The following file operations are possible: Read programs Write programs
Delete programs Overwrite existing programs Create directories Delete
directories
More information can be found in Chapter: File transfer (Page 465).
MTConnect client
For each MTConnect agent, from which data should be read, a BFC driver must be
created for one MTConnect instance. The BFC driver for MTConnect can only read
access the MTConnect IDs of the agent. This is a property of the MTConnect
specification. The general hierarchy of variables for MTConnect is structured
as follows:
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
51
Requirement 4.3 System requirements
Requirement
· Before starting the project, you require complete information relating to
the following points:
Data regarding the versions of all MTConnect agents available locally
Output of the probe response/call of the locally available MTConnect Agents
http://
Specification of the MTConnect agent available locally The scope and format
of possible control data depend on the manufacturer of the MTConnect agent and
the software version of the agent.
Specifying the data to be read out of third-party control systems
· Before starting the installation, carefully ensure that the MTConnect
interface of the machine can be accessed in the customer network.
· For each machine, determine the data made available from MTConnect agent. To
do this, from a PC in the customer network, via a web browser, call the
following URL once:
http://
http://
Save the displayed result (XML) for diagnostics.
· When updating the MTConnect agent, note that the format or data made
available can change.
· The function has been tested against MTConnect protocol versions 1.2 up to
and including 1.8 and supports MTConnect schema version up to 1.7.0. Protocol
version 1.1 is not supported.
4.3.6
Modbus client
For each device connected via Modbus TCP, you must set up an instance of the
BFC driver for Modbus as a client.
Requirement
· Before starting the installation, carefully ensure that the Modbus device
can be accessed in the customer network.
· For each device, check the data to be read from the device.
Specifications that are used The Modbus client uses the following specifications: · Connection to precisely one Modbus device · Connection via TCP/IP · Read and write access
BFC Gateway
52
Function Manual, 11/2022, A5E49457327B AF
· The following data types are supported: Boolean Integer Float
· The following Modbus functions are supported: (0x01) Read Coils (0x02)
Read Discrete Inputs (0x03) Read Holding Registers (0x04) Read Input
Registers (0x05) Write Single Coil (0x06) Write Single Holding Register
(0x16) Write Multiple Holding Registers
Requirement 4.3 System requirements
4.3.7
OPC UA client
Requirement
· Before starting the installation, carefully ensure that the OPC UA server of
the device can be accessed in the customer network.
· For each device, check the data to be read from the device.
Specifications that are used The OPC UA client uses the following specifications: · Connection to precisely one OPC UA server · Binary OPC UA transfer protocol · The XML-based transfer protocol is not supported. · The connection to the OPC UA server is either encrypted or unencrypted. · Supports the login mechanisms “Anonymous”, “User name/password” and “Certificate”. · Read-only access to OPC UA nodes of the server · The following data types are supported: String Float Integer Boolean · Only alarms with OPC UA data types “AlarmConditionType” and “CncAlarmType” are supported.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
53
Requirement 4.3 System requirements
4.3.8
S7 client
The S7 client enables the connection of the SIMATIC PLC S7 to the BFC gateway.
Requirement
· The network connection is exclusively established via PROFINET or TCP/IP
networks. For the network connection via PROFINET the PLC requires the
following equipment:
Integrated PROFINET interface Examples: SIMATIC S7-300 CPU 315-2 PN/DP or
SIMATIC S7-1200 SIMATIC S7-1500
– OR –
Additional PROFINET communications processor Examples: SIMATIC CP
243/343/443
· The network addressing is done via TCP/IPv4 and uses the RFC1006 protocol.
The PLC must be enabled for network access.
Activation takes place in the configuration of the SIMATIC STEP 7 project or
in the TIA Portal.
· For secure operation, you need a secure network infrastructure, since the
RFC1006 protocol does not implement encrypted or signed communication. An
access password set in the PLC configuration for network communication may be
compromised by recording the network communication.
BFC Gateway
54
Function Manual, 11/2022, A5E49457327B AF
Addressing
Requirement
4.3 System requirements
· Address the CPUs of the SIMATIC controls as follows:
The set IP address
The TSAP address The TSAP addressing is used for addressing on the
backplane/backplane bus of the SIMATIC PLC and is still used compatibly in the
newer PLC series with integrated PROFINET.
Rack and slot position These parameters are internally converted into a TSAP
address.
When addressing the PLC, you can set further optional parameters such as
timeouts. However, these parameters are usually not required or their default
values are sufficient in a LAN.
· Communication takes place with PDU with a pre-defined structure. The access
of the S7 client takes place via a multi-variable access, which allows
addressing of a maximum of 20 elements in the SIMATIC in a single access
operation. This type of access leads to minimum latency and maximum
performance. The maximum size of the data to be read out is limited by the
fixed structure. If scalar variables such as bit, byte, word or DWord are
addressed exclusively, the user data are not a limiting factor when reading.
Only by addressing byte arrays, character arrays and S7 strings, can the
maximum PDU user data volume be exceeded when reading. For write jobs, the
addressing and the net data (user data) are transferred to a shared PDU. As a
consequence, the quantity of net data for a write job is limited. With a PDU
size of 240 bytes for example (e.g. S7 300, S7 1200), a maximum of 12 values
can be processed in one single write job. Details are provided in the appendix
to this document. If necessary, write operations must therefore be subdivided
into several substeps. You can check the PDU sizes used in the trace outputs
of the S7 client. There you may also check how long the communication job was
processed by the PLC.
· The addressing in the data blocks does not support symbolic addressing, but
is done with byte offset addresses. For this reason, “optimized data blocks”
of the SIMATIC S7-1200 and SIMATIC S7-1500 series cannot be read out.
Manual optimization of data addressing
The setup of the PDU structure means that 2 bytes are always occupied in the
PDU structure, even for individual bits and bytes. If you want to read several
bits of a byte or word, do not address individual bits. Address the whole word
or byte and separate them in the target application or on the script level of
the BFC gateway.
Examples:
· DB1.DBX0.0, DB1.DBX0.1, … DB1.DBX0.7 Addresses the same data as DB1.DBB0,
but occupies eight times the amount in the PDU. Processing in the PLC takes
longer.
· DB1.DBX0.0, DB1.DBX0.1, …, DB1.DBX1.7 Reads the same data as DB1.DBW0, but
occupies sixteen times the amount in the PDU. Processing in the PLC takes
longer.
To optimize the required accesses to the PLC, you may also read out several
bytes as array.
Example: “E0:BYTE[8]” reads eight input bytes during one single read access.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
55
Requirement 4.3 System requirements
For addressing larger data structures in data blocks that would exceed the
usable data volume of a PDU, a reading set with a single address can be read
out. In this special case, the S7 client automatically detects if the data
must be read out in several steps. Example: DB1.DBB0:BYTE[256] is
automatically read from the PLC by the S7 client with two separate calls when
the PDU size is 240 bytes.
Performance influence on PLC cycle time
You can configure the maximum portion of the communication time of the PLC
cycle in the SIMATIC STEP 7 project. An extended PLC cycle time can be
observed due to the communication. If a communication job is not completed
within the maximum cycle time, it is continued in the next PLC cycle.
Data consistency over several PLC cycles
Read access
The PLC communication used does not guarantee data consistency of the read
values. The values that are read can originate from different PLC cycles and
I/O images, since the communication does not influence the logic of the PLC
user program.
Write access
It is not guaranteed that all data to be written within a PLC cycle is
accepted or that the addresses at the start of the write job are written into
the PLC memory before addresses at the end of the write job. If the PLC user
program write accesses the same memory during a write operation, it is not
guaranteed which data actually apply at the end. A coordination mechanism must
be implemented for shared (common) memory areas in the PLC.
Diagnostics
After establishing the connection, diagnostic data is read out from the PLC
and logged as log messages. Depending on the PLC type, only parts of the data
are provided: · Negotiated PDU size · Information on the current access
protection · Information on the PLC, such as the MLFB no. Hardware version,
serial number · Information on the CP such as the maximum number of
connections, the bandwidth of the
connection, and the backplane bus · Output of the PLC time · Listing of the
data blocks in the PLC
4.3.9
56
Heidenhain client
The BFC driver for machines equipped with a Heidenhain control system supports
reading and writing data, retrieving alarms and transferring programs via the
Ethernet. The driver supports the connection just one Heidenhain machine, but
can be started several times.
BFC Gateway Function Manual, 11/2022, A5E49457327B AF
Requirement 4.3 System requirements
The following Heidenhain machines are supported: · Heidenhain TNC 320, TNC
360, TNC 426, TNC 430, iTNC 530, TNC 620, TNC 640 · DataPilot CP 620,
DataPilot CP 640, DataPilot MP 620, DataPilot 4110, DataPilot 4290 among
others. All Heidenhain functions were tested against NC software version
340494-07 on an iTNC530. Deviations may occur with newer software versions or
other control models. Not all machines offer the same scope of functions. If
another client is already connected to the Heidenhain control system,
functions that are connected with memory accesses may fail. This is because
with the Heidenhain control system, access to this area is exclusive.
Preconditions
· Before starting the installation, make sure that the Heidenhain machine in
the customer network is operational and can be accessed.
· To read out data from the Heidenhain control system, you may have to
activate external access as follows:
In the machine or MOD operating mode, press the “External Access On/Off”
softkey.
If the “External Access On/Off” softkey is not available, the entry
“REMOTE.LOCKSOFTKEYVISIBLE = YES” must be available in the OEM.SYS
configuration file. The entry must not be commented out by a semicolon.
A password may be set in the OEM.SYS configuration file, which is required
for data access (parameters PLCPASSWORT, REMOTE.PLCPASSWORTFORCED and
REMOTE.PLCPASSWORTNEEDED).
In the OEM.SYS configuration file, access to machine parameters can also be
protected by a password (MPPASSWORD parameter).
With newer NC software versions from 340 49X-03 or higher, you can prohibit
access by certain clients. To do this, the entry “REMOTE.PERMISSION” must be
present in the TNC.SYS. This entry contains a list of IP addresses or host
names of clients for which remote access is permitted. Add the IP address or
the host name of the BFC as shown in the following example. Example:
REMOTE.PERMISSION = PC123;192.168.0.92
A password may be set in TNC.SYS that is required for access to certain
areas (parameters REMOTE.TNCPASSWORD and REMOTE.TNCPRIVATEPATH).
An SE Linux firewall is integrated in NC software versions 60642x and
higher. In addition to OEM.SYS and TNC.SYS, the Linux firewall is another way
to restrict access to the machine.
Access to some data areas is exclusive. If another application already has
access to it and does not relinquish it (no logout from the area), no other
applications can access the area.
As of software versions 34049X-03, the machine manufacturer has the
possibility to restrict access to areas or variables. The machine manufacturer
can block access in his PLC basic program. Without the machine manufacturer,
you then have no possibility of reading data.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
57
Requirement 4.3 System requirements
Specifications
The Heidenhain client uses the following specifications: · Presently, reading
and writing data is not supported. · The following data types are supported:
Boolean Integer Float String Word DWord
Note Within the BFC Gateway, Word and DWord values are treated as integer values.
The following must be observed when transferring programs: · Access rights to
individual paths or files can be defined when configuring the Heidenhain
client. · It is not possible to transfer files larger than 10 MB. · Heidenhain
machines respond differently depending on the data type transferred. It cannot
be ensured that all data types can be transferred. · If a Heidenhain program
on the machine is in the edit mode or is currently active, it cannot
be changed via the BFC Gateway. · The machine manufacturer has the option of
inhibiting file operations. · Files and directories can be protected on the
Heidenhain machine side. In cases such as these,
overwriting is not possible. · The following file operations are possible:
Read programs Write programs Delete programs Rename programs
Overwrite existing programs Create directories Delete empty directories ·
It is not possible to rename directories. · Directories that contain files or
subdirectories cannot be deleted. More information can be found in Chapter:
File transfer (Page 465).
BFC Gateway
58
Function Manual, 11/2022, A5E49457327B AF
4.3.10
Requirement 4.3 System requirements
Beckhoff client
The BFC driver for machines with Beckhoff controls supports reading and
writing of data via Ethernet. A connection to a Beckhoff machine can only be
established by the driver. However, the driver can be started multiple times
and access multiple machines in parallel instances. All Beckhoff models with
TwinCAT 2 or TwinCAT 3 are supported.
Note Writing and reading of NC programs is not supported. Reading of alarms is
not supported, but can be implemented project-specifically if necessary. Not
all control systems offer the same range of features.
Data types
The following Beckhoff data types are supported: · BOOL · BYTE · WORD · DWORD · LWORD · SINT · USINT · INT · UINT · DINT · UDINT · LINT · ULINT · REAL · LREAL · STRING · WSTRING · TIME · TIME_OF_DAY · DATE · DATE_AND_TIME
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
59
Requirement 4.3 System requirements
Note Arrays of the respective data types are supported. Note Encrypted ADS is
not supported.
Requirements
Before starting the installation, make sure that the Beckhoff machine in the customer network is operational and can be accessed.
4.3.11
Ethernet IP client
The Ethernet IP client (EIP client) enables the connection of “Allen Bradley”,
“Rockwell”, and “Omron” control systems to the BFC gateway.
Requirements
The network connection is exclusively established via TCP/IP networks.
For communication, the control system requires an Ethernet port and support
for the Ethernet Industrial Protocol.
The EIP client establishes a TCP connection to the control system, the default
port is 44818.
An IP address must be configured on the control system and communication to
the control system must be possible.
The operator is responsible for a secure network infrastructure.
Supported control system families The following control system families can be connected to BFC with the EIP client. They use different message formats of EIP communication. · CIP-EtherNet/IP TCP/IP Rockwell/Allen-Bradley ControlLogix(tm) PLCs Rockwell/Allen-Bradley CompactLogix(tm) PLCs Rockwell/Allen-Bradley Micro 850/870 PLCs Omron NX/NJ PLCs · PCCC- EtherNet/IP TCP/IP Rockwell/Allen-Bradley MicroLogix PLCs Rockwell/Allen- Bradley SLC 500 PLCs Rockwell/Allen-Bradley PLC/5 PLCs
BFC Gateway
60
Function Manual, 11/2022, A5E49457327B AF
Requirement 4.3 System requirements
Note Alternative to the EIP client As an alternative to the EIP client, some
Rockwell/Allen-Bradley control systems (e.g.: Micro 830) can be connected to
BFC with the ModBus client.
Note Supported data types The supported data types and data structures are
documented under EIP client (Page 582).
4.3.12
Omron client
The BFC driver for Omron machines supports reading and writing of data over
Ethernet. The driver can only establish a connection to one Omron machine.
However, the driver can be started multiple times and access multiple machines
in parallel instances. The driver supports all Omron models that are capable
of the FINS protocol.
Note · Writing and reading of NC programs is not supported. · Reading of
alarms is not supported. · The following data types are supported:
BOOL WORD STRING · Not all control systems offer the same range of
features.
Requirements
· Before starting the installation, make sure that the Omron machine in the
customer network is operational and can be accessed.
· Make sure that the network, node, and device identifiers are known.
4.3.13
HTTP script client for HP 3D printers
The HTTP script client is supplied with a preconfigured JavaScript for the HP
3D API version 1.2 and higher.
BFC Gateway
Function Manual, 11/2022, A5E49457327B AF
61
Requirement 4.3 System requirements
The preconfigured JavaScript supports HP Jet Fusion 3D printers of the series
(https:// developers.hp.com/3d-printing-apis): · 5200 · 4200 · 500 · 300
Requirement
· The printer must be connected to a locally installed HP SmartStream 3D
Command Center Version 3.7. Direct access to the printer is not provided. In
the client, therefore, the URL of the HP SmartStream 3D Command Center and the
printer name configured there are always used.
· To access the HP SmartStream 3D Command Center, you need HP’s access
credentials. To use https encryption securely, you need the CA certificates
for the SmartStream 3D Command Center or the included device proxy. On the
local network, you can also use the pre-installed self-signed certificates of
the HP SmartStream 3D Command Center if you activate the “Skip verification of
CA cert” option.
· Technically, the data that is available according to the documentation
(https:// developers.hp.com/3d-printing-apis) and which the printer actually
provides can be read out. Write access to HP 3D printers is not supported.
4.3.14
SFTP client
The SFTP client allows files to be accessed on devices that support the SFTP
protocol (SFTP server).
All file and directory operations (reading, writing, renaming, deleting) are
supported.
Authorization to access individual directories can be individually defined in
the BFC Gateway. More information can be found in Chapter Configuring access
rights (Page 467).
You can access SFTP devices via the WebDAV interface of the BFC Gateway.
Preconditions
· Before starting the installation, ensure that the SFTP server in the
customer network is operational and can be accessed.
· Ensure that the SFTP server access the data are known.
BFC Gateway
62
Function Manual, 11/2022, A5E49457327B AF
Installing the BFC gateway
5
This chapter describes the new installation of the BFC Gateway.
Note Procuring the BFC Gateway As an end user, contact the sales
representative responsible for you about procuring the BFC Gateway software.
As a Siemens employee, you can obtain the BFC Gateway via PridaNet.
Note Installation scope of the BFC Gateway installation By default, when you
install the BFC Gateway under Docker Swarm or Kubernetes, the BFC Analytics
application is also installed. Please note the additional system requirements
due to BFC Analytics. You
References
- analytics.sh - a really cool domain parked on Park.io
- WebDAV - Wikipedia
- item.name
- Welcome - Industry Mall - Siemens OMS
- Microsoft Artifact Registry
- set.name - This website is for sale! - Set,Games,spiel,Spielzeugset Resources and Information.
- set.name - This website is for sale! - Set,Games,spiel,Spielzeugset Resources and Information.
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
- ProfileApplication
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>