SAFRAN 2400 Secure Sync Time Server User Manual

June 1, 2024
Safran

SAFRAN-logo

SAFRAN 2400 Secure Sync Time Server

SAFRAN-2400-Secure-Sync-Time-Server-image

Product Information

Specifications

  • Input Power: AC/DC
  • GNSS Receiver
  • 10 MHz Output with Oscillator Phase Noise (dBc/Hz)
  • Multi I/O
  • DCLS Output with 1PPS Output
  • 10/100/1000 Ethernet Port (RJ45)
  • 10/100/1000 Ethernet Port (SFP)
  • RS-232 Serial Port (Rear Panel)
  • USB Serial Port (Front Panel)
  • Cables
  • Protocols Supported
  • Mechanical and Environmental Specifications

Product Usage Instructions

Setup

Installation Overview

Follow the main installation steps provided in the manual.

Unpacking and Inventory

Check that all components are present as listed in the manual.

Safety

Ensure to follow safety guidelines during installation.

Accessing the Web UI

To access the SecureSync Web UI, enter the designated IP address in a web browser.

Frequently Asked Questions

  • Q: How do I configure network settings?
    • A: Navigate to the Configuration MANAGEMENT Menu in the Web UI to configure network settings such as general network settings, network ports, network services, static routes, access rules, HTTPS, SSH, SNMP, VLAN support, and system time message.
  • Q: What is the process for setting up an IP address?
    • A: You can set up an IP address dynamically or statically. Refer to the manual for detailed instructions on assigning a static IP address via different methods including the front panel, DHCP network, serial port, and Ethernet cable.

ELECTRONICS & DEFENSE
SecureSync
2400 MODEL
User Manual
Document Part No.: 2400-5000-0050 Revision: 7.0
Date: 5-March-2024

© 2024 Safran. All rights reserved.
Information furnished by Safran is believed to be accurate and reliable. However, no responsibility is assumed by Safran for its use, nor for any infringements of patents or other rights of third parties that may result from its use. Safran reserves the right to make changes without further notice to any products herein. Safran makes no warranty, representation or guarantee regarding the suitability of its products for any particular purpose, nor does Safran assume any liability arising out of the application or use of any product or circuit, and specifically disclaims any and all liability, including without limitation consequential or incidental damages. No license is granted by implication or otherwise under any patent or patent rights of Safran. Trademarks and registered trademarks are the property of their respective owners. Safran products are not intended for any application in which the failure of the Safran product could create a situation where personal injury or death may occur. Should Buyer purchase or use Safran products for any such unintended or unauthorized application, Buyer shall indemnify and hold Safran and its officers, employees, subsidiaries, affiliates, and distributors harmless against all claims, costs, damages, and expenses, and reasonable legal fees arising out of, directly or indirectly, any claim of personal injury or death associated with such unintended or unauthorized use, even if such claim alleges that Safran was negligent regarding the design or manufacture of the part.
Safran Electronics & Defense
safran-navigation-timing.com
Safran Trusted 4D
· 45 Becker Road, Suite A, West Henrietta, NY 14586 USA · 3, Avenue du Canada, 91974 Les Ulis, France
The industry- leading Spectracom/Orolia products you depend on are now brought to you by Safran.
Do you have questions or comments regarding this User Manual? è E-mail: techpubs@nav-timing.safrangroup.com

SecureSync 2400 User Manual

CHAPTER 1 ·

SecureSync 2400 User Manual

1

Getting Started

1.1

Getting Started

Welcome to the SecureSync User Reference Guide.
Where to start:
First-time users: “SecureSync Introduction” below.
Users with some knowledge of Time and Frequency Servers: “Installation Overview” on page 42.
If your unit is up and running and you want to change a setting: “Managing Time” on page 197, or “System Administration” on page 273.
1.2 SecureSync Introduction
SecureSync 2400 Time and Frequency Synchronization System® is the latest- version, security-hardened 1-rack unit network appliance designed to meet rigorous network security standards and best practices. It ensures accurate timing through multiple references, tamper-proof management, and extensive logging. Robust network protocols are used to allow for easy but secure configuration. Features can be enabled or disabled based on your network policies. Installation is aided by DHCP (IPv4), AUTOCONF (IPv6), and a front- panel keypad and OLED display.
The unit supports multi-constellation GNSS input (SAASM GPS receivers, supporting L1/L2, available for authorized users and required for the US DoD are available), IRIG input and other input references. The unit is powered by AC on an IEC60320 connector. DC power as back-up to AC power, or as the primary input power source, is also available, and power selections can involve either fixed or Hot Swap configurations.
SecureSync combines Safran’s precision master clock technology and secure network-centric approach with a compact modular hardware design to bring you a

2

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.3 SecureSync Front Panel

powerful time and frequency reference system at the lowest cost of ownership. Military and commercial applications alike will benefit from its extreme reliability, security, and flexibility for synchronizing critical operations.
An important advantage of SecureSync is its unique rugged and flexible modular chassis that can be configured for your specific needs. Built- in time and frequency functions are extended with up to six input/output modules.
You can choose from a variety of configurable option cards, each with an assortment of input/output timing signal types and quantity, including additional 1PPS, 10 MHz, timecode (IRIG, ASCII, HAVE QUICK), other frequencies (5MHz, 2.048 MHz, 1.544 MHz, 1MHz), Precision Timing Protocol (PTP) input/output, multi-Gigabit Ethernet (10/100/1000Base-T), telecom T1/E1 data rates and multinetwork NTP, allowing SecureSync to be customized for your exact requirements.
A variety of internal oscillators is available, depending on your requirements for holdover capability and phase noise.
Note: Some of the features described are not available on all SecureSync variants.

1.2.1

SecureSync’s Inputs and Outputs
SecureSync provides multiple outputs for use in networked devices and other synchronized devices. A 10 MHz frequency reference provides a precise, disciplined signal for control systems and transmitters. A 1-Pulse-Per-Second (1PPS) output acts as a precise metronome, counting off seconds of System Time in the selected timescale (such as UTC, TAI or GPS); this BNC connector can also be configured to produce IRIG, HaveQuick, or GPO signals. A multi-I/O 15 pin connector provides default IRIG, ATC, and HaveQuick Inputs, as well as IRIG, IRIG AM, HaveQuick, and ATC Outputs. These options can all be configured to suit your application (see “Configurable Connectors” on page 167).
SecureSync’s outputs are driven by its inputs ­ most notably, Global Navigation Satellite System (GNSS), or IRIG signal generators and other available input references. GNSS-equipped SecureSyncs can track up to 72 GNSS satellites simultaneously and synchronize to the satellite’s atomic clocks. This enables SecureSync- equipped computer networks to synchronize anywhere on the planet.

1.3 SecureSync Front Panel
The front panel of a SecureSync unit consists of:

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

3

1.3 SecureSync Front Panel
an LED time display seven illuminated status LED menu buttons a front panel control keypad an OLED information display menu micro-B USB serial console intake for temperature-controlled cooling fans The OLED information display is configurable using the front panel controls. The micro USB serial interface and the front panel controls provide a means to configure the unit’s network settings and perform other functions without requiring access to the Web UI. SecureSync units with the SAASM GPS receiver option module installed also have an encryption key fill connector and key zeroize pin switch on the left-hand side of the front panel.

1.3.1

Figure 1-1: SecureSync front panel layout
Status LEDs
SecureSync’s front panel status LEDs provide a real-time status overview: Seven (7) LEDs indicate the unit’s current operating state.

Figure 1-2: Front panel LEDs

4

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.3 SecureSync Front Panel

1.3.1.1

Blinking Intervals
The status LEDs can communicate four different operating states: “OFF” “ON” “FAST”: blinking interval @ 2Hz “SLOW HEARTBEAT”: sinus-shaped interval @ 1Hz

1.3.1.2

LED Lighting Patterns
The table below indicates LED status light patterns for common SecureSync operating statuses.
Table 1-1: Common light patterns

Start-up Software upgrade/reboot

ON

OFF

OFF

OFF

OFF

OFF

OFF

HEARTBEAT PATTERN IN ORDER, BECOMING SOLID LEFT TO RIGHT TO REPRESENT PROGRESS

1.3.1.3

Legend, individual LEDs

Table 1-2: Legend for Status LEDs

Icon

Light

Meaning

OFF

No power

ON

Powered

OFF HEARTBEAT
FAST ON

No GNSS reception (0 satellites) GNSS acquisition in process ( 1 satellite(s), or 1PPS OK, or Time OK Antenna short circuit GNSS is available as reference (1PPS and Time OK)

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

5

1.3 SecureSync Front Panel

1.3.2

Icon

Light OFF FAST ON OFF ON FAST
OFF ON OFF ON OFF FAST

Meaning No valid references Using non-primary reference Using primary reference Unit is in Holdover (valid) In Sync (valid) Not In Sync (Holdover period exceeded, or oscillator damaged) No output signal(s) detected/all outputs are disabled
At least one enabled output
Both ETH0 and ETH1 invalid
At least one Ethernet connection valid
Unit OK
At least one active alarm, see Web UI

LED Patterns during Boot Sequence
For the first five seconds after power-up all LEDs will be OFF. Then the Power LED will be blinking before it will be lit permanently.
Responding to Alarms
If you are in front of your units, the fastest way to determine the origin of alarms is to press the button that is flashing; this will automatically bring up the menu of the category with a difficulty. See “Front Panel Keypad, and Display” below for more information.

Front Panel Keypad, and Display
To simplify operation and to allow local access to SecureSync, a keypad and an OLED information display menu are provided on the front panel of the unit.
The front panel keypad, information display menu, and status LED menu buttons can be used to configure basic network settings and obtain status information. For more complex functionality, users should refer to the Web UI or Command Line Interface (CLI).

6

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.3 SecureSync Front Panel
For instruction on changing the front panel time display or locking front panel access, see “Configuring the Front Panel” on page 309.
1.3.2.1 Using the Keypad

The functions of the five keys are:
arrow keys: Navigate to a menu option (will be highlighted); move the focus on the screen; switch between submenus
arrow keys: Scroll through parameter values in edit displays; move the focus on the screen
ENTER key: Select a menu option, or confirm a selection when editing
menu buttons: Press these buttons to navigate to each of the seven main menus.

1.3.2.2

Using the Front Panel Display
There are seven main menu screens on the SecureSync front information display.

Figure 1-3: Status LED menu buttons
1. Your front panel screen will timeout and darken after two minutes of inactivity. If your screen is dark, press any menu or keypad button to wake.
2. Press a menu button to enter that menu on the front panel display. 3. After entering a menu, the cursor will automatically begin on the submenu
selection that you last visited. 4. Use the left and right buttons to switch between submenus if necessary.

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

7

1.3 SecureSync Front Panel
5. To enter into a submenu body, press the down button. You will only be able to highlight fields that can be changed.
6. If the field has arrows on either side of your selection, use the directional arrow keys; OR:
7. If the line is highlighted, press the ENTER button to change a value, and use the directional keys to obtain the desired setting.
8. Once your editing is done, press the ENTER button. 9. Press ENTER again to confirm your choice in the confirmation menu that
will appear on the right side of the screen.
Front Panel Display: Menu Tree
The illustration below shows how the menu is organized, and which functions can be accessed via the front panel (i.e. without using the Web UI):

Figure 1-4: Front panel menu tree

8

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.3 SecureSync Front Panel
The main menu options and their functions are as follows:
Power Menu: Management
halt the unit (see “Issuing the HALT Command Before Removing Power” on page 275) reboot the unit (see “Rebooting the System” on page 276) restore the factory defaults (see “Resetting the Unit to Factory Configuration” on page 357) Monitoring
view the temperature status: Board Temp, CPU Temp, and OSC (oscillator) Temp view the Fan(s) Speed System
view model number view serial number view software version view licenses view a rolling ribbon of option cards installed Hot Swap this sub menu will only be available if you have a Hot Swap Power Supply configuration. See “Hot Swap Power Supply” on page 56 for more information.

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

9

1.3 SecureSync Front Panel
GNSS Antenna Menu: Constellations
view the status for GPS, GLONASS, BeiDou, Galileo, QNSS, and SBAS turn reception OFF or ON to any satellite system by selecting the status Settings
view or change receiver position mode view or set position view or change delay Monitoring
view the following information: antenna status PPS validity time validity state
view for each satellite system: chart of all visible satellites
Inputs Menu: Settings

10

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.3 SecureSync Front Panel
view reference table enable or disable references (see “Configuring Input Reference Priorities” on page 215 Monitoring
view each input reference view reference state, time, validity, and phase error Time Menu: Settings:
change the current time display Monitoring:
view the oscillator type, disciplining state, and TFOM value Date:
view the Day Month Year. Outputs Menu:
Settings

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

11

1.3 SecureSync Front Panel
view list of outputs available see outputs format enable or disable outputs (see “Signature Control” on page 194) Network Menu: Settings: Scroll to each ETH connection to view information or perform actions (see “Setting Up an IP Address via the Front Panel” on page 65):
enable or disable DHCP view or set IP address view or change gateway view MAC address Monitoring: View a graph for each ETH connection (highlight eth0 or eth1 and toggle left and right)
Alerts Menu: Status
show current major or minor alarms and descriptions Monitoring
monitor memory usage monitor CPU usage monitor disk usage Test

12

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.4 Unit Rear Panel
confirm that the buttons on your front panel are working (highlight Press VALID to start testing buttons and push the ENTER key).
1.4 Unit Rear Panel
The SecureSync rear panel contains the connectors for all input and output references.
GPS/GNSS antenna connector (SMA) 10 MHz output (BNC female connector) Multi I/O (sub HD15 connector) 1PPS out, configurable DCLS Output (BNC female connector) ETH0 1GB Ethernet (RJ45 connector) ETH1 Ethernet (SFP connector) Serial console (RJ45 connector) Two or six slots for option cards AC power input connection

Figure 1-5: Standard rear panel

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

13

1.4 Unit Rear Panel

Optional input/output connectors depend on the installed option cards.
The ANTENNA connector is an SMA connector for the GNSS input from your GNSS antenna via a coax cable.
The 10 MHz BNC connector provides a 10 MHz sine-wave output signal.
The HD15 multi I/O connector provides 6 different configurable channels. These channels can be set to provide various outputs and inputs, such as 1PPS, HaveQuick, IRIG, ATC, and GPIO.
The DCLS OUT BNC connector can be set to produce 1PPS, IRIG output, HaveQuick output, or GPIO output. The default 1PPS signal offers a onceper-second square wave output signal, and can be configured to have either its rising or falling edge to coincide with the system’s on-time point.
The Ethernet RJ45 (Eth0) and SFP (Eth1) connectors provide an interface to the network for NTP synchronization and to obtain access to the SecureSync product Web UI for system management. Eth0 has two small indicator lamps, “Good Link” (green LED), and “Activity” (orange LED). The “Good Link” light indicates a connection to the network is present. The “Activity” light will illuminate when network traffic is detected.

Table 1-3: Ethernet status indicator lights

LED

State

Meaning

Orange On Off

Green

On

Off

LAN Activity detected No LAN traffic detected
LAN Link established, 10 or 100 Mbps No link established

The rear Serial Console accepts commands to locally configure the unit via CLI.
The AC Power connector is the input for the AC power (does not include an ON/OFF switch).
The chassis ground on the rear panel is a supplementary ground. SecureSync is grounded through the power connector.
Typically, option cards will be installed at the factory. Should you purchase an extra option card at a later point, you will need to undergo field installation (for technically proficient service personnel only). Your local Sales Office will gladly assist you with the optimal option cards selection for your application.

14

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.5 Option Cards

1.5 Option Cards

Option Cards are circuit boards that can be installed into a SecureSync unit in order to add input and output functionality. Installation is normally done in the factory when the unit is built. Many cards, however, can be retrofitted in the field by qualified customer personnel (see “Option Card Field Installation Instructions” on page 380).
SecureSync has the capacity to hold either two or six option cards, depending on whether or not an extension board is installed in your unit. If you are not sure whether or not you have an extension board, identify the part number of your unit:
In the Web UI, navigate to TOOLS > Upgrade/Backup. In the System Configuration panel, your product number is listed under Model. OR;
On the front panel display, press the POWER button, and navigate over to the System submenu. Your part number is listed under Model Number.
If your product number begins with the numbers 2402, then your unit does not contain an extension board and has a two-option card capacity. If your product number begins with the numbers 2406, then your unit contains an extension board, and can house up to six option cards. For more information, contact your Safran sales personnel.
Caution: NEVER install an option card from the back of the unit, ALWAYS from the top. It is therefore necessary to remove the top cover of the main chassis (housing).
Input and outputs can be categorized by:
Communication direction:
Input
Output
Signal type:
Frequency: 1/5/10/[programmable] MHz
Wave form (square, sinus)

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

15

1.5 Option Cards
1PPS TTS CTCSS Signal protocol: ASCII time code IRIG STANAG Have Quick E1/T1 data Telecom timing, etc. Ethernet (NTP, PTP) Time code I/O Alarm out, etc. Functionality: Networking card (incl. NTP, PTP) Time code I/O Alarm output Special functionality e.g., revertive selector, bidirectional communication Connector type: BNC DB-9/25 Terminal block RJ-12/45 SFP ST fiber optic To visually identify an option card installed in your unit, or to obtain an overview which option cards are available for SecureSync, see “Option Cards Overview” on the facing page. To obtain detailed information on a specific option card, using its ID number, see “Option Card Identification” on page 20. To locate option card topics in this manual by their heading or functionality, see “Option Cards” on page 373. This Chapter also includes information on field installation and Web UI functionality.

16

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.5 Option Cards

1.5.1

To visually identify a connector type, see “Option Card Connectors” on page 23.
Option Cards Overview
The table below lists all SecureSync option cards available at the time of publication of this document, sorted by their function.
The table column (see table below) Web UI Name refers to the names under which the cards installed in a SecureSync unit are listed in the INTERFACES > OPTION CARDS drop-down menu.
Detailed specifications and configuration assistance for every card can be found in the APPENDIX. To quickly access the APPENDIX topic for your option card(s), you may use the hyperlinks in table “Option cards listed by their ID number” on page 21.
Note: * Every option card has a unique 2-digit ID number located on its cover plate, and in the center column of the table below. The complete Safran Part Number for option cards is 1204-xx (e.g., 1204-18).

Table 1-4: Option cards identification

Function Web UI Name

Illustration

Time and Frequency Cards

Quad 1PPS 1PPS Out BNC out (TTL)

Quad 1PPS 1PPS Out 10V out (10 V)

Quad 1PPS out (RS485) Quad 1PPS out (fiber optic) 1in/3out 1PPS (TTL [BNC]) 1in/2out 1PPS/freq (fiber optic) 5MHz out

1PPS Out, RS485 1PPS Out, Fiber 1PPS/Frequency RS-485 1PPS In/Out, Fiber 5MHz Out

ID*

Inputs

18 0 19 0 21 0 2B 0 28 1PPS (1x)

2A 1PPS (1x)

08 0

Outputs Conn.’s

1PPS, TTL (4x) 1PPS, 10 V (4x) 1PPS, RS485 (4x)
1PPS, F/O (4x)
1PPS (3x)

BNC (4x) BNC (4x) Terminal block, 10-pin ST Fiber optic (4x) BNC (4x)

1PPS (2)

ST Fiber optic (3x)

5MHz (3x) BNC (3x)

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

17

1.5 Option Cards

Function Web UI Name 10 MHz out 10 MHz Out

1MHz out 1MHz Out

Progr. frequ. out (Sine Wave) Progr. frequ out (TTL)

Prog Freq Out, Sine Prog Freq Out, TTL

Prog frequ out (RS485) Square Wave out

Prog Freq Out, RS-485 Square Wave Out, BNC

1PPS in/out 1PPS/Fre+ frequ. in quency BNC 1PPS in/out 1PPS/Fre+ frequ. in quency RS-485

CTCSS, Data Sync/Clock

Simulcast

Telecom Timing Cards
E1/T1 data, E1/T1 Out BNC 75

E1/T1 data, E1/T1 Out Ter100/120 minal

E1/T1 data, E1/T1 Out BNC 75 E1/T1 data, E1/T1 Out Ter100/120 minal
Time Code Cards

Illustration

ID*

Inputs

1C 0

26 0

13 0

Outputs Conn.’s

10 MHz (3x) BNC (3x)

1MHz (3x) BNC (3x)

progr. clock, sine (4x)

BNC (4x)

2F 0

progr. clock, TTL/sq. (4x)

BNC (4x)

30 0

progr. clock, RS485 (4x)

Terminal block, 10-pin

17 0

square wave, TTL (4x)

BNC (4x)

01 Var. frequ. + 1PPS (TTL) BNC

1PPS

(3x)

03 10 MHz + 1PPS 1PPS

Terminal block, 10-pin

14 0

data clock, CTCSS frequ., 1PPS, 1 alarm (3x)

RJ-12 & DB-9

09 0 0A 0 53 0 4C 0

1.544/2.048 MHz (1x) unbal. E1/T1 (2x)

BNC (3x)

1.544/2.048 MHz (1x) unbal. E1/T1 (2x)

Terminal block, 10-pin

unbal. E1/T1 BNC

(4x)

(4x)

unbal. E1/T1 Terminal

(4x)

block,

10-pin

18

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.5 Option Cards

Function Web UI Name

ASCII Time ASCII TimeCode RS- code RS-232 232

ASCII Time ASCII TimeCode RS- code RS-485 485

IRIG BNC

IRIG In/Out BNC

IRIG Fiber IRIG In/Out,

Optic

Fiber

Illustration

IRIG out, BNC IRIG out, fiber optic

IRIG Out BNC IRIG Out, Fiber

IRIG out, RS-485

IRIG Out, RS485

STANAG input STANAG in, isol. STANAG out

STANAG In
STANAG In, Isolated STANAG Out

STANAG out, isol.

STANAG Out, Isolated

HAVE QUICK out BNC

HAVE QUICK Out, BNC

HAVE QUICK out RS-485

HAVE QUICK Out, RS-485

HAVE QUICK

HAVE QUICK

Networking Cards

1Gb PTP: Gb PTP Master only

ID*
02 1

Inputs

04 1

05 1 27 1

15 0 1E 0

22 0

1D 2x 24 2x 11 0

25 0

10 0

1B 0

29 1

32 0

Outputs Conn.’s RS-232 (1x) DB-9
(2x)

1
2 2
4 4
4
1x 1x 2x STANAG, 1x 1PPS 2x STANAG, 1x 1PPS 4 (TTL)

Terminal block, 10-pin BNC (3x) ST Fiber optic (3x) BNC (4x) ST Fiber optic (4x) Terminal block, 10-pin DB-25 (1x) DB-25 (1x) DB-25 (1x)
DB-25 (1x)
BNC (4x)

4

Terminal

block,

10-pin

3

BNC

(4x)

1PPS (1x BNC), SFP (1x)

BNC (1x), SFP (1x)

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

19

1.5 Option Cards

1.5.2

Function Web UI Name

Illustration

Quad 1 Gb Quad 1 Gb NTP Server

Dual 1 Gb Dual 1 Gb NTP Server
Communication and Specialty Cards

STL (Satel- STL lite Time and Location)

Event in, Broadcast out

Event Broadcast

Revertive n/a Selector (“Failover”)

Alarm

Relay Output

Relay Out

ID*

Inputs

4A 0

49 0

Outputs Conn.’s

4

SFP

ports

2

SFP

ports

3E Satellite, Eth. 0
(Maintenance)

SMA, RJ45

23 BNC: Event
trigger
2E Frequ. or 1
PPS: (2x)

DB-9: Event broadcast Frequ. or 1PPS(1x)

DB-9 + BNC (1x each) BNC (3x)

0F 0

Relay Out (3x)

Terminal block, 10-pin

Option Card Identification
Here are a few ways to identify the option card(s) installed in your SecureSync unit:
a. Using the Web UI, navigate to the INTERFACES > OPTION CARDS dropdown menu, and compare the list displayed in your UI with the table “Option cards identification” on page 17.
b. If you have physical access to your SecureSync unit, inspect its rear panel, and compare the 2-digit ID number printed in the lower left-hand corner on each option card with the table below.

1.5.2.1

Option Card Identification by ID/Part Number
If you are looking for information specific to a particular option card, the table below can help you find this information in this User Manual.
Note: * Every option card has a 2-digit identification (ID) number that can be found in the corner of its cover plate, and in the table below. The ID number is comprised of the two center digits of your option card’s Safran Part Number: 1204-0180-0600.

20

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.5 Option Cards

Figure 1-6: Option Card ID number

The table lists all option cards available at the publication date of this documentation, sorted by their ID number. Locate the option card ID number on its cover plate, and follow the corresponding hyperlink in the right-hand column.

Table 1-5: Option cards listed by their ID number

Card ID*

Card Name

Name in UI

See …

01

1PPS/freq input (TTL

levels) module

1PPS/Frequency “1PPS In/Out, 10 MHz In

BNC

[1204-01, -03]” on page 408

02

ASCII Time Code module ASCII Timecode “ASCII Time Code In/Out

(RS-232)

RS-232

[1204-02, -04]” on page 491

03

1PPS/freq input (RS-485 1PPS/Frequency “1PPS In/Out, 10 MHz In

levels) module

RS-485

[1204-01, -03]” on page 408

04

ASCII Time Code module ASCII Timecode “ASCII Time Code In/Out

(RS-485)

RS-485

[1204-02, -04]” on page 491

05

IRIG module, BNC (1 input, IRIG In/Out BNC “IRIG In/Out [1204-05, -27]”

2 outputs)

on page 449

08

5 MHz output module (3

5 MHz Out

outputs)

“Frequency Out [1204-08, -1C, -26]” on page 415

09

T1-1.544 (75 ) or E1-2.048 E1/T1 Out BNC

“T1/E1 Out [1204-09, -0A, -4C,

(75 ) module

-53]” on page 435

0A

T1-1.544 (100 ) or E1-

2.048 (120 ) module

E1/T1 Out Terminal

“T1/E1 Out [1204-09, -0A, -4C, -53]” on page 435

0F

Alarm module

Relay Output

“Alarm Relay Out [1204-0F]” on page 533

10

HaveQuick output module HAVE QUICK Out, “HAVE QUICK Out [1204-10, –

(TTL)

BNC

1B]” on page 479

11

STANAG output module STANAG Out

“STANAG Out [1204-11, -25]”

on page 464

13

Programmable Frequency Prog Freq Out,

“Programmable Frequency

Output module (Sine

Sine

Out [1204-13, -2F, -30]” on

Wave)

page 418

14

CTCSS, Data Sync/Clock Simulcast

module (“Simulcast”)

“Simulcast (CTCSS/Data Clock) [1204-14]” on page 426

15

IRIG module, BNC (4 out- IRIG Out BNC

“IRIG Out [1204-15, -1E, -22]”

puts)

on page 443

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

21

1.5 Option Cards

Card ID*
17 18 19 1B 1C 1D 1E 1F 21 22 23 24 25 26 27 28 29 2A 2B 2E

Card Name

Name in UI

See …

Square Wave (TTL) output Sq Wv Out, BNC “Programmable Square Wave

module

Out [1204-17]” on page 423

Quad 1 PPS output module 1PPS Out BNC (TTL)

“1PPS Out [1204-18, -19, -21, 2B]” on page 398

Quad 1 PPS output module 1PPS Out 10V (10 V)

“1PPS Out [1204-18, -19, -21, 2B]” on page 398

HaveQuick output module HAVE QUICK Out, “HAVE QUICK Out [1204-10, –

(RS-485)

RS-485

1B]” on page 479

10 MHz output module (3 outputs)

10 MHz Out

“Frequency Out [1204-08, -1C, -26]” on page 415

STANAG input module

STANAG In

“STANAG In [1204-1D, -24]” on page 472

IRIG module, Fiber Optic (4 IRIG Out, Fiber outputs)

“IRIG Out [1204-15, -1E, -22]” on page 443

NENA Card

NENA

“NENA-Compliant Option Card [-1F]” on page 538

Quad 1 PPS output module 1PPS Out, RS-485 “1PPS Out [1204-18, -19, -21, –

(RS-485 [terminal block])

2B]” on page 398

IRIG module, RS-485 (4 out- IRIG Out, RS-485 “IRIG Out [1204-15, -1E, -22]”

puts)

on page 443

Event Broadcast module

Event Broadcast “Event Broadcast [1204-23]” on page 550

STANAG isolated input module

STANAG In, Isol- “STANAG In [1204-1D, -24]”

ated

on page 472

STANAG isolated output module

STANAG Out, Isol- “STANAG Out [1204-11, -25]”

ated

on page 464

1 MHz output module (3 outputs)

1MHz Out

“Frequency Out [1204-08, -1C, -26]” on page 415

IRIG module, Fiber Optic (1 IRIG In/Out, Fiber “IRIG In/Out [1204-05, -27]”

input, 2 outputs)

on page 449

1-in/3-out 1 PPS module (TTL [BNC])

1PPS/Frequency “1PPS In/Out [1204-28, -2A]”

RS-485

on page 403

1-in/3-out HaveQuick mod- HAVE QUICK ule (TTL [BNC])

“HAVE QUICK In/Out [120429]” on page 485

1-in/3-out 1 PPS module (Fiber Optic)

1PPS In/Out, Fiber “1PPS In/Out [1204-28, -2A]” on page 403

Quad 1 PPS output module 1PPS Out, Fiber (Fiber Optic)

“1PPS Out [1204-18, -19, -21, 2B]” on page 398

Revertive Selector module n/a (“Failover”)

“Revertive Selector Card [1204-2E]” on page 548

22

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.5 Option Cards

1.5.3

Card ID*
2F

Card Name Programmable Frequency Output module (TTL)

Name in UI Prog Freq Out, TTL

30

Programmable Frequency Prog Freq Out,

Output module (RS-485) RS-485

32

1Gb PTP module

Gb PTP

3E

STL input module

STL

49

Dual 1 Gb NTP Server

Dual 1GBE

4A

Quad 1 Gb NTP Server

Quad 1GBE

4C

Differential Terminal Block E1/T1 Out Quad

4 Port E1/T1 module

Terminal

53

Single-ended BNC 4 port E1/T1 Out Quad

E1/T1 module

BNC

See …
“Programmable Frequency Out [1204-13, -2F, -30]” on page 418 “Programmable Frequency Out [1204-13, -2F, -30]” on page 418 “PTP Grandmaster [1204-32]” on page 507 “STL Option Module [12043E]” on page 525 “NTP and Networking [4A, 49]” on page 503 “NTP and Networking [4A, 49]” on page 503 “T1/E1 Out [1204-09, -0A, -4C, -53]” on page 435 “T1/E1 Out [1204-09, -0A, -4C, -53]” on page 435

Option Card Connectors
The table below lists the connector types used in SecureSync option cards.

Table 1-6: Option card connectors

Connector

Illustration

Electr. Signals

Timing signals

BNC ST Fiber Optic

Differential TTL xV, sine wave, programm. square wave, AM sine wave, DCLS AM sine wave, DCLS

1PPS, frequency, IRIG, HAVE QUICK, PTP IRIG, 1PPS

Terminal Block [Recommended mating connector: Phoenix Contact, part no. 182 7787]

RS-485

1PPS, frequency, ASCII time code, IRIG, HAVEQUICK, Alarm, T1/E1

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

23

Specifications

Connector DB-9
DB-25 RJ-12
RJ-45 SFP SMA

Illustration

Electr. Signals

RS-232, RS-485

Differential TTL xV, RS-485 RS-485
Gb-Ethernet

Timing signals
ASCII time code, GPS NMEA, data clocks, CTCSS frequency, 1PPS, Alarm signal STANAG data clock, CTCSS frequency, 1PPS, Alarm PTP timing signal

Ethernet RF, differential TTL xV, sine wave, programm. square wave, AM sine wave, DCLS

NTP timing signal, PTP timing signal 1PPS, frequency

1.6

Specifications

The specifications listed below apply to the SecureSync standard model, i.e. not including any option cards, and are based on “normal” operation, with SecureSync synchronized to valid Time and 1PPS input references (in the case of GNSS input, this is with the GNSS receiver operating in Stationary mode).
Specifications for the available option cards are provided in their corresponding topics; see “Option Cards Overview” on page 17.

1.6.1

Input Power
AC power source: 100 to 240 VAC, ±10 %, 50/60 Hz
DC power source (option): 12-17 VDC -15%, +20%, or 21-60 VDC -15%, +20%, secure locking device

24

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.6 Specifications

1.6.2 1.6.3

Maximum power draw: TCXO/OCXO oscillator installed: 40 W normal (50 W start- up) Rubidium (Rb) oscillator installed: 50 W normal (80 W start-up) Low-Phase Noise (LPN) Rubidium oscillator installed: 52 W normal (85 W start-up)
Backup Battery: SecureSync has an internal battery to support the Real Time Clock. The battery is a small recharging lithium coin cell that is not customerreplaceable. This battery will keep approximate time and date in a shutdown state over ~135 days before requiring recharge. After full drain, the battery will require ~5 days to fully recharge. Minimum battery life is ~30+ years. Hot Swap Power Supply: Some SecureSync models have hot-swappable power supplies and can ensure power redundancy in case of failure. Each power sled has the same specifications as the standard AC or DC specifications (see above). For information on safe operation, see “Hot Swap Power Supply” on page 56.
GNSS Receiver
Model: u-blox M8T Compatible signals:
GPS L1 C/A Code transmissions at 1575.42 MHz GLONASS L1 0F transmissions centered at 1602.0 MHz Galileo E1 B/C transmissions at 1575.42 MHz BeiDou B1 transmissions centered at 1561.098 MHz QZSS L1-SAIF transmissions at 1575.42 MHz Satellites tracked: Up to 72 simultaneously Update rate: up to 2Hz (concurrent) Acquisition time: Typically < 27 seconds from cold start Antenna requirements: Active antenna module, +5V, powered by SecureSync, 16 dB gain minimum Antenna connector: SMA (SMA to N-type conversion cable included in anxillary kit)
10 MHz Output
Signal: 10 MHz sine wave Signal Level: +13 dBm ±2dB into 50 Harmonics: 40 dBc minimum

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

25

1.6 Specifications

Spurious: 70 dBc minimum; 60 dBc minimum (Rb)
Connector: BNC female
Signature Control: This configurable feature removes the output signal whenever a major alarm condition or loss of time synchronization condition is present. The output will be restored once the fault condition is corrected.
Accuracy rating depends on the oscillator selected during the ordering process.

Table 1-7: 10 MHz output — oscillator types and accuracies

Oscillator Type

Accuracy

Low-phase noise Rubidium Rubidium Low-phase noise OCXO OCXO TCXO

1×10-12 typical 24-hour average locked to GPS 1×10-11 per day (5×10-11 per month) typical aging unlocked 1×10-12 typical 24-hour average locked to GPS 1×10-11 per day (5×10-11 per month) typical aging unlocked 1×10-12 typical 24-hour average locked to GPS 2×10-10 per day typical aging unlocked 1×10-12 typical 24-hour average locked to GPS 1×10-9 per day typical aging unlocked 1×10-12 typical 24-hour average locked to GPS 1×10-8 per day typical aging unlocked

Note: Oscillator accuracies are stated as fractional frequency (i.e. the relative frequency departure of a frequency source), and as such are dimensionless.

See also “Configuring the Oscillator” on page 267.

Table 1-8: 10 MHz output — oscillator stability

Oscillator Type

Medium-Term Stability (without GPS after 2 weeks
of GPS lock)

Short-Term Stability (Allan variance)

1 sec.

10 sec.

100 sec.

Temperature Stability (pp)

Low-phase noise Rubidium

5×10-11/month (3×1011/month typical)

1×10-11 1×10-11 5×10-12 1×10-10

Rubidium

5×10-11/month (3×1011/month typical)

1×10-11 9×10-12 4×10-12 1×10-10

26

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.6 Specifications

Oscillator Type
Low-phase noise OCXO OCXO TCXO

Medium-Term Stability (without GPS after 2 weeks
of GPS lock)

Short-Term Stability (Allan variance)

1 sec.

10 sec.

100 sec.

Temperature Stability (pp)

2×10-10/day

1×10-11 9×10-12 8×10-12 1×10-9

5×10-10/day 1×10-8/day

1×10-11 9×10-12 2.5×10-9 1×10-9

9×10-12 5×10-9 5×10-10 1×10-6

1.6.3.1

10 MHz Output — Oscillator Phase Noise (dBc/Hz)

Oscillator Type
Low-phase noise Rubidium Rubidium Low-phase noise OCXO OCXO TCXO

@ 1Hz @ 10 Hz @ 100 Hz @ 1KHz @ 10 KHz

100

128

80

98

100

128

95

123

./.

./.

148 120 148 140 110

150 140 150 145 135

150 140 150 150 140

1.6.4

Multi I/O
The Multi I/O HD15-pin connector can be configured to provide different output and input types. For more information, see “Configurable Connectors” on page 167. Connector: 15 pin D-Sub (HD15) female Available signals:
DCLS IN: Input level 1.5 V (min), impedance 50
DCLS OUT: Output level 5 V (peak), impedance 50
IRIG AM OUT: Output impedance – 50 Output level: 10 V (peak to peak max, user configurable)

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

27

1.6 Specifications
RS232: Output level: ± 5.0 V, impedance 300 Input level: -15 to 15 V (max), threshold 0.6 V min to 2.4 V max, impedance 3 k min
RS485 (2): Output level: ± 1.5 V, impedance 54 Input level: -7 to 12 V (max), sensitivity – ± 200 mV, impedance 12 k min
Available Output Types: 1PPS, ASCII Time Code, IRIG (DCLS), IRIG (AM), HAVEQUICK, GPO Available Input (“Reference”) Types: 1PPS, ASCII Time Code, HAVEQUICK, IRIG (DCLS) Pinout:

Figure 1-7: Multi I/O connector, viewed in mating direction on rear of unit

Table 1-9: Multi I/O connector signal pinout

Pin

Signal

1

DCLS IN

2

GND

3

(First signal) RS485 A, non-inverting

4

(Second signal) RS485 A, non-inverting

5

RS232 TX OUT

28

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.6 Specifications

1.6.5

Pin

Signal

6

DCLS OUT

7

GND

8

GND

9

GND

10

GND

11

IRIG AM OUT

12

GND

13

(First signal) RS485 B, inverting

14

(Second signal) RS485 B, inverting

15

RS232 RX IN

Table 1-10: Multi I/O signal defaults

Pins

Channel

6&7 1&2 15 & 10 5 & 10 3, 8, 13 4, 9, 14 11 & 12

DCLS OUT DCLS IN RS232 IN RS232 OUT RS485 (1) RS485 (2) IRIG AM OUT

Default Signal
IRIG OUT IRIG IN ATC IN ATC OUT HAVEQUICK OUT HAVEQUICK IN IRIG OUT (AM ONLY)

DCLS Output
The rear panel DCLS OUT BNC female connector defaults to a 1PPS Output (see below), but can be configured to produce different output signals: IRIG Output, HaveQuick Output, and GPIO Output. For more information, see “Configurable Connectors” on page 167.

1.6.5.1

1PPS Output
Signal: One pulse-per-second square wave (ext. reference connected to GNSS receiver)
Signal level: TTL compatible, 4.3 V minimum, base-to-peak into 50

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

29

1.6 Specifications

1.6.6 1.6.7

Pulse width: Configurable pulse width (200 ms by default) Pulse width range: 20 ns to 900 ms Rise time: <10 ns Accuracy: Positive edge within ±50 ns of UTC when locked to a valid, traceable input reference
Connector: BNC female

Table 1-11: 1PPS output accuracies

Oscillator Type

Accuracy to UTC (1 sigma locked to
GPS)

Holdover (constant temp. after 2 weeks of GPS lock)

After 4 hours

After 24 hours

Low-phase noise Rubid- ±15 ns ium

Rubidium

±15 ns

Low-phase noise OCXO

±15 ns

OCXO

±25 ns

TCXO

±50 ns

0.2 s
0.2 s 0.5 s
1s 12 s

1s
1s 10 s
25 s 450 s

10/100/1000 Ethernet Port (RJ45)
ETH0 Function: 10/100/1000 Base-T, auto-sensing LAN connection for NTP/SNTP and remote management and configuration, monitoring, diagnostics and upgrade Connector: RJ45, Network IEEE 802.3
10/100/1000 Ethernet Port (SFP)
ETH1 Function: 10/100/1000 (speed depends on connection) Base- T, auto- sensing LAN connection for NTP/SNTP and remote management and configuration, monitoring, diagnostics and upgrade Connector: Ethernet via SFP
Bel SFP-1GBT-05 (available from Safran as SFP-COPPER) Bel SFP-1GBT-06 GBIC 1000BASE-T 6COM 6C-SFP-T Avago ABCU-5740RZ

30

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.6 Specifications

Avago ABCU-5741ARZ Finisar FCLF8522P2BTL Molex 1837022037 Avago AFBR-5710LZ (available from Safran as SFP-FIBER-MM) Finisar FTLF1318P3BTL (available from Safran as SFP-FIBER-SM) An SFP module found to NOT be supported: Arista SFP- 1G-T

1.6.8

RS-232 Serial Port (Rear Panel)
Function: Accepts commands to locally configure the IP network parameters via CLI for initial unit configuration.
Connector: RJ45
Character structure: ASCII, 115200 baud, 1 start, 8 data, 1 stop, no parity

1.6.9

USB Serial Port (Front Panel)
Function: Accepts commands to locally configure the IP network parameters via CLI for initial unit configuration.
Connector: micro-B USB (requires installed driver; if your driver does not automatically install, visit: https://www.ftdichip.com/Drivers/VCP.htm)
Character structure: ASCII, 115200 baud, 1 start, 8 data, 1 stop, no parity

1.6.10 Cables

CA08R-D500-0001
This cable option is available for purchase for the multi-I/O (15-pin) connector on the front panel.

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

31

1.6 Specifications

Figure 1-8: CA08R-D500-0001 drawing

1.6.11

Protocols Supported
NTP: NTP Version 4. Provides MD5, Stratum 1 through 15 (RFC 5905).
Clients supported: The number of users supported depends on the class of network and the subnet mask for the network. A gateway greatly increases the number of users.
TCP/IP application protocols for browser-based configuration and monitoring: HTTP, HTTPS
SFTP: For remote upload of system logs and (RFC 959)
Syslog: Provides remote log storage (RFCs 3164 and 5424)
SNMP: Supports v1, v2c, and v3
Telnet/SSH: For limited remote configuration
Security features: Up to 32- character password, Telnet Disable, FTP Disable, Secure SNMP, SNMP Disable, HTTPS/HTTP Disable, SCP, SSH, SFTP.
Authentication: LDAP v2 and v3, RADIUS, MD5 Passwords, TACAS+.

1.6.12

Mechanical and Environmental Specifications
Dimensions: Designed for EIA 19″ rack mount: Housing w/o connectors and brackets: 17.1″ W x 1.74″ H [1U] x 15.17″ D actual (434 mm W x 44 mm H x 385 mm D)

32

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

Specifications

Figure 1-9: Mechanical dimensions
Weight: 6.0 lbs (2.72 kg) for base unit with AC power supply Temperature:
Operating: ­20°C to +65°C (55°C with Rubidium oscillator option) Storage: ­40°C to +85°C Humidity: 10% – 95% relative humidity, non-condensing @ 40°C Altitude: Operating: 100-240 VAC: up to 13120 ft (3999 m) Storage range: up to 45000 ft (13716 m) Shock and Vibration (Operating and Storage): Shock: 516.8 15g, 11 ms halfsine Vibration: 514.8C-2 cat 4 and 514.8D-11, cat 21 1.1 g rms vertical and 0.8 g rms longitudinal

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

33

1.7 The SecureSync Web UI

MIL-STD-810G: 500.6, 501.6, 502.6, 503.6, 507.6 MIL-STD-810H: 514.8, 516.8
1.7 The SecureSync Web UI
SecureSync has an integrated web user interface (referred to as “Web UI” throughout this documentation) that can be accessed from a computer over a network connection, using a standard web browser. The Web UI is the most complete way to configure the unit, and for status monitoring during everyday operation.
Note: If you prefer, an integrated Command-Line Interpreter interface (CLI) allows the use of a subset of commands. See “CommandLine Interface” on page 559.

Note: Should it ever be necessary, you can restore SecureSync’s configuration to the factory settings at any time. See “Resetting the Unit to Factory Configuration” on page 357.

1.7.1

The Web UI HOME Screen
Note: Screens displayed in this manual are for illustrative purposes. Actual screens may vary depending upon the configuration of your product.

The HOME screen of the SecureSync web user interface (“Web UI”) provides comprehensive status information at a glance, including:
vital system information
current status of the references
key performance/accuracy data
major log events.
The HOME screen can be accessed from anywhere in the Web UI, using the HOME button in the Primary Navigation Bar:
The Primary Navigation Bar provides access to all menus:

34

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.7 The SecureSync Web UI

1.7.2

HOME: Return to the HOME screen (see above) INTERFACES: Access the configuration pages for …
… references (e.g., GNSS, NTP) … outputs (e.g. 10 MHz, PPS, NTP) and … installed input/output option cards. MANAGEMENT: Access the NETWORK setup screens, and OTHER setup screens e.g., to configure Reference Priorities, System Time, and the Oscillator. TOOLS: Opens a drop-down menu for access to the system maintenance screens and system logs. HELP: Provides Safran Service Contact Information and high-level system configurations you may be required to furnish when contacting Safran Service.
The INTERFACES Menu
The INTERFACES menu on the Main screen provides access to SecureSync’s: External REFERENCES e.g., the GNSS reference input Detected OUTPUTS, such as 10 MHz and 1PPS Installed OPTION CARDS.

Clicking on any of the line items will open a status screen, providing real- time information on the selected interface e.g., availability, performance data and events history.
To configure settings for the selected interface, click the GEAR icons or buttons provided on most of the status screens. Icons like the INFO symbol provide access to more detailed status information and history data.

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

35

1.7 The SecureSync Web UI

Note: Many of the interfaces can be accessed through different menu items e.g., an optional output will be available under the OPTION CARDS menu and the OUTPUTS menu.

1.7.3

The headings of each of the INTERFACES drop-down menus (white on orange) open overview status screens for the respective menu items.
The Configuration MANAGEMENT Menu
The MANAGEMENT menu on the Web UI’s Main screen provides access to SecureSync’s configuration screens and settings.
On the left side, under NETWORK, the following standard setup screens can be found:
Pin Layout Network Setup HTTPS Setup SSH Setup SNMP Setup NTP Setup PTP Setup Under OTHER, you can access non-network related screens: Authentication: Manage user accounts, Security Policy, LDAP Setup, RADIUS setup, Login Preference and Remote Servers. Change My Password is also available.
Reference Priority: Define the order of priority for timing inputs. Notifications: Configure the notifications triggered by SecureSync’s events. A notification can be a combination of a mask alarm and/or SNMP Trap and/or email.
Time Management: Manage the Local Clock, UTC Offset, DST Definition and Leap Second information.
Log Configuration: Manage the system logs. Disciplining: Manage oscillator disciplining. Change My Password: Configure the admin password.

36

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.8 Regulatory Compliance

1.7.4

The TOOLS Menu
The TOOLS menu on the Web UI’s Main screen provides access to: The System Upgrade screen System and network monitoring screens Miscellaneous system administration screens Log screens

1.8 Regulatory Compliance
This product has been found to be in conformance with the following regulatory publications.
FCC
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the user documentation, may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his/her own expense.
Note: This is a Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

37

1.8 Regulatory Compliance
Safety
This product has been tested and meets the requirements specified in: IEC 62368-1:2014 (Second Edition) EN 62368-1:2014 +A11:2017 UL 62368-1:2014 CAN/CSA-C22.2 NO. 62368-1-14 IEC62368-1(2014) + Japanese deviation (or J62368-1(2020))
EMC Compliance
This product has been tested and meets the following standards: EN 55032:AC:2015 FCC CFR 47 PART 15 SubPart B: 2016 CAN/CSA-CISPR 22-10/ ICES-003 Issue 6: Class A AS/NZS CISPR 32:2015/ AMDI1.2019 EN 55035:2017: Class A CISPR32(2015:2nd) + Japanese deviation (or J55032(H29)) EN61000- 3- 2:2014, EN61000- 3- 3:2013, EN61000- 4- 2:2009, EN61000- 43:2006: +A1:2008 + A2:2010, EN61000- 4- 4:2012, EN61000- 4- 5:2006, EN61000-4-6:2009, EN61000-4-8:2010, EN61000-4-11:2004 EN 301 489-1 V2.0.1 (2016-11) and EN 301 489-19 V1.2.1 (2002-11)
Radio Spectrum Efficiency:
EN 303 413 V1.1.1
European Directives
This product has been tested and complies with the following: 2014/30/EU Electromagnetic Compatibility (EMC) 2014/35 EU Low Voltage (LVD) 2011/65/EU with Amendment 2015/863/EU on the Restriction of Hazardous Substance (RoHS3) 2014/53/EU Radio Equipment Directive (RED)

38

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

1.8 Regulatory Compliance
Environmental Compliance
WEEE (Waste Electrical and Electronic Equipment) REACH (Registration, Evaluation, Authorization and Restriction of Chemicals)

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

39

1.8 Regulatory Compliance
BLANK PAGE.

40

CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0

CHAPTER 2

SETUP

The following topics are included in this Chapter:

Installation Overview

42

2.2 Unpacking and Inventory

43

2.3 Required Tools and Parts

44

2.4 SAFETY

45

2.5 Mounting the Unit

48

2.6 Connecting the GNSS Input

50

2.7 Connecting Network Cables

51

2.8 Connecting Inputs and Outputs

52

2.9 Connecting Supply Power

52

2.10 Powering Up the Unit

61

2.11 Zero Configuration Setup

62

2.12 Setting up an IP Address

63

2.13 Accessing the Web UI

71

2.14 Configure Network Settings

72

2.15 Configure NTP

111

2.16 Configuring PTP

151

2.17 GPSD Setup

166

2.18 Configurable Connectors

167

2.19 Configuring Input References

172

2.20 Configuring Outputs

180

2.21 The Option Cards Screen

192

2.22 Signature Control

194

CHAPTER 2 ·

SecureSync 2400 User Manual

41

2.1 Installation Overview

2.1
2.1.1

Installation Overview
This section provides an outline of the steps that need to be performed prior to putting SecureSync into service. This includes:
Installation: Hardware setup, mechanical installation, physical connections. Setup: Establish basic access to the unit, so as to allow the use of the web user interface (“Web UI”). Configuration: Access the Web UI, configure the network, input and output references, protocols (e.g., NTP), other settings.
The following factors determine which steps need to be taken: a. Your existing infrastructure and how you plan on integrating SecureSync into it (for example, integrating it into an existing Ethernet network, or setting-up a standalone installation.) b. How you would like to setup basic network configuration parameters: Using the unit’s front panel keypad and information display Using a PC connected to SecureSync via serial cable Using a PC connected to SecureSync via network cable. You can connect your PC to SecureSync either… …directly by means of a dedicated Ethernet cable, or …indirectly, using your existing Ethernet network (using a network hub). c. The option cards configuration of your unit: Is your SecureSync equipped with any option cards, such as additional input references, or additional signal distribution cards? If so, they need to be configured separately via the SecureSync Web UI, once the network configuration is complete.
Main Installation Steps
The following list is a recommendation. Deviations are possible, depending on the actual application and system configuration.
1. Read the Safety instructions: “SAFETY” on page 45. 2. Unpack the unit, and take inventory: “Unpacking and Inventory” on the
facing page. 3. Obtain required tools and parts: “Required Tools and Parts” on page 44. 4. Mount the unit: .”Mounting the Unit” on page 48.

42

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.2 Unpacking and Inventory

5. Connect Input References such as your GNSS antenna, and network cable (s): “Connecting the GNSS Input” on page 50, and “Connecting Network Cables” on page 51.
6. Connect your power supply/-ies: “Connecting Supply Power” on page 52.
7. Power up the unit: “Powering Up the Unit” on page 274.
8. Setup basic network connectivity….
i. …via front panel keypad and information display: “Setting Up an IP Address via the Front Panel” on page 65
ii. …or via serial port, using a PC with a CLI: “Setting Up an IP Address via the Serial Port” on page 69
iii. …or via Ethernet, using a PC with a web browser, and the SecureSync Web UI: “Accessing the Web UI” on page 71.
9. Register your product: “Product Registration” on page 313.

2.2

Unpacking and Inventory
Caution: Electronic equipment is sensitive to Electrostatic Discharge (ESD). Observe ESD precautions and safeguards when handling the unit.

Unpack the equipment and inspect it for damage. If any equipment has been damaged in transit, or you experience any problems during installation and configuration of your Safran product, please contact Safran (see “Technical Support” on page 611).
Note: Retain original packaging for use in return shipments if necessary.

The following items are included with your shipment:
SecureSync unit
QuickStart Guide (printed version)
Ancillary items (except for rack mounting items, the contents of this kit may vary based on equipment configuration and/or regional requirements)

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

43

2.3 Required Tools and Parts

Purchased optional equipment (note that option cards listed on the purchase order will be pre-installed in the unit). See “Option Card Identification” on page 20 and “Option Cards Overview” on page 17.

2.3
2.3.1

Required Tools and Parts
Depending on your application and system configuration, the following tools and parts may be required:
Phillips screwdrivers to install the rack-mount ears, and to mount the unit in a 19″-rack Ethernet cables (see “Connecting Network Cables” on page 51).
Required GNSS Antenna Components
Should you plan on using a GNSS reference with your SecureSync, you will also need the following items (sold separately):
Antenna cable with SMA connector, or conversion cable
Note: The SMA-to-N-type conversion cable included in the ancillary kit is approved for pull weight of up to 60 lbs. If you are using a heavier cable, you will need to apply appropriate strain relief.

GNSS antenna with mounting bracket
GNSS antenna surge suppressor (recommended)
GNSS antenna inline amplifier (optional for short cable lengths)
For antenna installation guidelines, see the separate documentation shipped with the antenna components.

44

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.4 SAFETY

2.4

SAFETY

Safety: Symbols Used

Table 2-1: Safety symbols used in this document, or on the product

Symbol

Signal word

Definition

DANGER! CAUTION!

Potentially dangerous situation which may lead to personal injury or death! Follow the instructions closely. Caution, risk of electric shock.

CAUTION! NOTE ESD
Analog Ground Recycle

Potential equipment damage or destruction! Follow the instructions closely. Tips and other useful or important information.
Risk of Electrostatic Discharge! Avoid potential equipment damage by following ESD Best Practices. Shows where the protective ground terminal is connected inside the instrument. Never remove or loosen this screw! Recycle the mentioned components at their end of life. Follow local laws.

SAFETY: Before You Begin Installation
This product has been designed and built in accordance with state-of-the-art standards and the recognized safety rules. Nevertheless, its use may constitute a risk to the operator or installation/maintenance personnel, if the product is used under conditions that must be deemed unsafe, or for purposes other than the product’s designated use, which is described in the introductory technical chapters of this guide.

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

45

2.4 SAFETY
DANGER! If the equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired.
Before you begin installing and configuring the product, carefully read the following important safety statements. Always ensure that you adhere to any and all applicable safety warnings, guidelines, or precautions during the installation, operation, and maintenance of your product.
DANGER! — INSTALLATION OF EQUIPMENT: Installation of this product is to be done by authorized service personnel only. This product is not to be installed by users/operators without legal authorization. Installation of the equipment must comply with local and national electrical codes.
DANGER! — DO NOT OPEN EQUIPMENT, UNLESS AUTHORIZED: The interior of this equipment does not have any user-serviceable parts. Contact Safran Technical Support if this equipment needs to be serviced. Do not open the equipment, unless instructed to do so by Safran Service personnel. Follow Safran Safety instructions and observe all local electrical regulatory requirements.
DANGER! ­ IF THE EQUIPMENT MUST BE OPENED: Never remove the cover or blank option card plates while power is applied to this unit. The unit may contain more than one power source. Disconnect AC and DC power supply cords before removing the cover to avoid electrical shock.

46

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.4 SAFETY
DANGER! — GROUNDING: This equipment must be EARTH GROUNDED. This product is grounded through the power supply. There is an additional, supplementary chassis ground on the rear panel. Never defeat the ground connector or operate the equipment in the absence of a suitably installed earth ground connection. Contact the appropriate electrical authority or an electrician if you are unsure that suitable earth grounding is available.
DANGER! This unit might have more than one power supply connection. All connections must be removed to de-energize the unit
Caution: Electronic equipment is sensitive to Electrostatic Discharge (ESD). Observe all ESD precautions and safeguards when handling Safran equipment.
SAFETY: User Responsibilities
The equipment must only be used in technically perfect condition. Check components for damage prior to installation. Also check for loose or scorched cables on other nearby equipment. Make sure you possess the professional skills, and have received the training necessary for the type of work you are about to perform. Do not modify the equipment. Use only spare parts authorized by Safran. Always follow the instructions set out in this User Manual, or in other Safran documentation for this product. Observe generally applicable legal and other local mandatory regulations.
SAFETY: Other Tips
Keep these instructions at hand, near the place of use. Keep your workplace tidy. Apply technical common sense: If you suspect that it is unsafe to use the product, do the following:

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

47

2.5 Mounting the Unit

Disconnect the supply voltage from the unit. Clearly mark the equipment to prevent its further operation.

2.5

Mounting the Unit
SecureSync units can be operated on a desktop or in a rack in a horizontal, rightside-up position. The location needs to be well-ventilated, clean and accessible.
Caution: For safety reasons the SecureSync unit is intended to be operated in a HORIZONTAL POSITION, RIGHT-SIDE-UP.

The SecureSync unit will install into any EIA standard 19-inch rack. SecureSync occupies one rack unit of space for installation, however, it is recommended to leave empty space of at least one rack unit above and below the SecureSync unit to allow for best ventilation.
Rack mounting requirements:
The maximum ambient operating temperature must be observed. See “Mechanical and Environmental Specifications” on page 32 for the operating temperature range specified for the type of oscillator installed in your SecureSync unit.
If the SecureSync unit is to be installed in a closed rack, or a rack with large amounts of other equipment, a rack cooling fan or fans should be part of the rack mount installation.
Installation of the unit in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised.
Follow the mounting directions described below to prevent uneven mechanical loading, possibly resulting in a hazardous condition.
Do not overload power supply circuits. Use only supply circuits with adequate overload protection. For power requirements, see “Input Power” on page 24.
Reliable grounding of rack-mounted equipment must be maintained. Particular attention must be given to supply connections other than direct connections to the branch circuit (e.g., use of power strips).

48

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.5 Mounting the Unit

2.5.1

Rack Mounting (Ears)
The SecureSync ancillary kit contains the following parts needed for rack mounting:
2 each 2400-1000-0714 equipment rack mount ears
6 each HM20R-04R7-0010 M4 flat head Phillips screws
The 2400-0000-0704 ruggedization ancillary kit (optional) contains additional mounting items available for purchase:
2 each 2400-1000-0706 rear rack mount ears
2 each HM20R-04R7-0010 M4 flat head Phillips screws
The following customer supplied items are also needed:
4 each #10-32 pan head rack mount screws
1 each #2 Phillips head screwdriver
1 each 3/32″ straight screwdriver
To rack mount the SecureSync unit:
1. Attach the 2400- 1000- 0714 rack mount ears to the sides of the SecureSync with the ears facing outward, aligned with the front edge of the SecureSync front panel. (See image below). To secure, use the #2 Phillips screwdriver, and 3 each of the HM20R- 04R7- 0010 M4 flat head Phillips screws per side.

Figure 2-1: Rack mount installation

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

49

2.6 Connecting the GNSS Input
2. Secure the rack mount brackets to the rack using the #10-32 rack mount screws and #2 Phillips head screwdriver, 2 each per side of the rack.
3. If you purchased additional rear rack mounts, you will align the holes with the available pegs near the rear of the unit and slide the rail forward into place. Secure the mount with the screw hole closest to the front of the chassis using 1 each of the supplied HM20R-04R7-0010 screws per side.

Figure 2-2: Rear rack mount installation

2.6

Connecting the GNSS Input
Typical installations include GNSS as an external reference input. If the GNSS receiver is not installed or if the GNSS will not be used as a SecureSync reference, disregard the steps to install the GNSS antenna and associated cabling.
1. Install a GNSS antenna, surge suppressor, antenna cabling, and GNSS preamplifier (if required). Refer to the documentation included with your GNSS antenna for information regarding GNSS antenna installation.
Note: The SMA-to-N-type conversion cable included in the ancillary kit is approved for pull weight of up to 60 lbs. If you are using a heavier cable, you will need to apply appropriate strain relief.

50

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.7 Connecting Network Cables
For additional information on GNSS antenna installation considerations, including cabling, a Safran tech note is available here. 2. Connect the GNSS cable to the rear panel antenna input jack. Initial synchronization with GNSS input may take up to 12 minutes (approximately) when used in the default stationary GNSS operating mode. If using GNSS, verify that GNSS is the synchronization source by navigating to MANAGEMENT > OTHER: Reference Priority: Confirm that GNSS is Enabled, and its Status for TIME and 1PPS is valid (green).
2.7 Connecting Network Cables

SecureSync includes two BASE 10/100/1000 Ethernet ports (ETH0- RJ45, and ETH1- SFP) for full NTP functionality, as well as a comprehensive web-based user interface (“Web UI”) for configuration, monitoring and diagnostic support.
Before connecting the network cable(s), you need to decide which port(s) you want to use for which purpose (e.g., ETH0 for configuration only, etc.), and how you want to configure basic network connectivity e.g., the IP address:
a. Configure SecureSync via the unit’s front panel: See “Setting Up an IP Address via the Front Panel” on page 65.
b. Configure SecureSync by means of a PC connected to an existing network.
When connecting to a hub, router, or network computer, use a straight-through wired, shielded CAT 5, Cat 5E or CAT 6 cable with RJ45 connectors (Eth0) or SFP connectors (Eth1). Connect one end to the Ethernet port on the SecureSync rear panel, and the opposite end of the cable to a network hub or switch.
c. Configure SecureSync by connecting a stand-alone computer directly via a dedicated network cable (standard-wired, or crossover cable):

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

51

2.8 Connecting Inputs and Outputs

When connecting directly to a stand-alone PC, use a network cable. Connect the cable to the NIC card of the computer. Since no DHCP server is available in this configuration both SecureSync, and the PC must be configured with static IP addresses that are on the same subnet (10.1.100.1 and 10.1.100.2 with a subnet mask value of 255.255.255.0 on both devices, for example). For more information on configuring static IP addresses, see “Assigning a Static IP Address” on page 65.
On Eth0: Once the unit is up and running, verify that the green link light on the Ethernet port is illuminated. The amber “Activity” link light may periodically illuminate when network traffic is present.

2.8

Connecting Inputs and Outputs
SecureSync can synchronize not only to an external GNSS reference signal, but also to other optional external references such as IRIG, HAVE QUICK and ASCII inputs (in addition to network based references such as NTP and/or PTP). At the same time, SecureSync can output timing and frequency signals for the consumption by other devices via the same formats as listed above.
EXAMPLE:
With the available IRIG Input/Output option card module (Model 1204-05) installed in an option bay, IRIG time code from an IRIG generator can also be applied as an external reference input (either in addition to, or in lieu of GNSS, NTP, user set time and other available reference inputs).
To use e.g., an external IRIG reference, connect the IRIG time source to the BNC connector “J1” on the optional IRIG Input/Output module. For additional information on optional connectivity, such as pinout tables, signal levels and other specifications, see “Option Cards” on page 373. Note that some option cards offer both input and output functionality, while others offer only one or the other.

2.9

Connecting Supply Power

Depending on the equipment configuration at time of purchase, SecureSync may be powered from different sources.

52

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.9 Connecting Supply Power

2.9.1

Table 2-2: SecureSync 2400 Power Supply via Part Number

Part number

Connections

Power Supply

240x-0xx

1

AC (fixed)

240x-3xx

1

12 V DC (fixed)

240x-4xx

1

24 V DC (fixed)

240x-6xx

1-2 (Hot Swap)

AC, DC (12 V or 24 V), in any combination

Before connecting power to the unit, be sure that you have read all safety information detailed in section “SAFETY” on page 45.

Using AC Input Power
Connect the AC power cord supplied in the SecureSync ancillary kit to the AC input on the rear panel and the AC power source outlet.
Note: Important! SecureSync is earth grounded through the AC power connector. Ensure SecureSync is connected to an AC outlet that is connected to earth ground via the grounding prong (do not use a two prong to three prong adapter to apply AC power to SecureSync).

2.9.2

Using DC Input Power
Note: DC power is an option chosen at time of purchase. The rear panel DC input port connector is only installed if the DC input option is available. Different DC power input options are available (12 V DC with a voltage range of 12 to 17 V at 10 A maximum or 24/48 V DC input with a voltage range of 21 to 60 V at 5.5 A maximum). Review the DC power requirement chosen, prior to connecting DC power.

DANGER! GROUNDING: SecureSync is NOT earth grounded through the 12 V DC (2-Pin) power connector. Before connecting the unit to a DC power source, connect to earth ground with a grounding ring via the grounding post.

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

53

2.9 Connecting Supply Power
DANGER! GROUNDING: SecureSync is earth grounded through the 24/48 V DC 3-Pin power connector. Ensure that the unit is connected to a DC power source that is connected to earth ground via the grounding pin C of the SecureSync DC power plug supplied in the ancillary kit.
A DC power connector to attach DC power to SecureSync is included in the ancillary kit provided with the equipment. A cable of 6 feet or less, using 16AWG wire, with adequate insulation for the DC voltage source should be used with this connector. The cable clamp provided with the DC power plug for strain relief of the DC power input cable should be used when DC power is connected to SecureSync.
DC power- +12 V and +24/48 V identification
To eliminate confusion, the two different voltages for DC power use different connectors. The DC connectors are identical between the fixed or hot-swappable versions. The +12 V DC power supply uses a 2-pin connector and has a 12 V label, either above the input or on the body of the power supply module (for Hot Swap models). The connector is keyed to prevent incorrect insertion. The +24/48 V DC power supply uses a 3-pin connector and has a 24/48 V label, either above the input or on the body of the power supply sled (for Hot Swap models). This connector is also keyed to prevent incorrect insertion.
DC power connectors
SecureSync units can be ordered in a DC version that includes the following DC receptacle on the back panel: DC Receptacle , 2-pin, chassis mount: Amphenol 97-3102A-10SL-4P(946); (Safran P/N J240R-0021-000G) or DC Receptacle , 3pin, chassis mount: Amphenol 97- 3102A- 10SL- 3P (946) (Safran P/N J240R0032-012F):

Figure 2-3: DC Plug, 2-Pin and DC Plug, 3-Pin

54

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.9 Connecting Supply Power
The DC ancillary kit includes, among other things, the following connector parts: Mating 12 VDC Connector, circular, 2-pin, solder socket, 16AWG,13A,300V: Amphenol P/N 97-3106A10SL-4S(946); (Safran P/N P240R-0021-000G) OR, Mating 24/48 VDC Connector, circular, 3-pin, solder socket, 16AWG,13A,300V: Amphenol P/N DL3106A10SL-3S; (Safran part no. P240R-0032-002F):
Figure 2-4: DC Connector, 2-Pin and DC Connector, 3-Pin
Cable Clamp, circular: Amphenol P/N: 97-3057-1004(621); (Safran part no. MP06R-0004-0001)

Figure 2-5: Cable Clamp, DC Power
Pinout description, DC connectors
Pin B goes to the most positive DC voltage of the DC source. For +12 V or +24/48 V this would be the positive output from the DC source. For a -12 V or 24/48 VDC source this would be the ground or return of the DC source. Pin A goes to the most negative voltage of the DC source. For +12 V or +24/48 V this would be the ground or return output from the DC source. For a -12 V or 24/48 VDC source this would be the negative output from the DC source. Pin C goes to the Earth ground of the DC source (on +24/48 V units ONLY). The grounding post provides an earth ground for the +12 V power supply (using a customer-supplied grounding ring)
AC/DC Converter

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

55

2.9 Connecting Supply Power
A +24/48 VDC power supply can optionally be used as an AC input: Safran offers a kit containing an AC/DC converter with assembled DC connector: The part number for this adapter kit is PS06R-2Z1M-DT01.

Figure 2-6: DC to AC Converter

2.9.3

Hot Swap Power Supply
DANGER! Remove the connected power source BEFORE attempting to remove a power sled for replacement.

Caution: Only use Safran-approved replacement parts. Incorrect parts may cause damage to the product.
The hot swap power supply (HSPS) option consists of two bays with redundant power systems. The sleds in the unit can be a mix of AC and DC power supplies. When both power supplies are active, the electrical draw is shared between the two bays. If one power supply is damaged or removed, the other bay will automatically take the entire power load without any additional configuration.

56

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.9.3.1 Hot Swap Installation

2.9 Connecting Supply Power

Figure 2-7: Hot Swap Power Supply installation (rear view)
To remove a power supply, first unplug the power input to be removed. (If you are working with a 12 VDC (2-Pin) sled, you will need to remove the ground connection from the post after disconnecting power). Then, press the lever fully down and pull on the handle.
To install a power supply, first insert the sled until the latch clicks and the rear panel of the supply is aligned with the rear panel of the SecureSync. (Be sure to connect power AFTER the sled is fully inserted, and not before). Then, plug in the power input. (If you are working with a 12 VDC (2-Pin) sled, you will also connect a grounding ring to the external post before connecting power).

2.9.3.2

Hot Swap Monitoring
After installing power supplies, functionality can be confirmed through the Web UI, CLI, front panel, or via SNMP.

Web UI Hot Swap Monitoring
You can view the status of the power supplies through the Web UI: navigate to MANAGEMENT > OTHER > Hot Swap:
The Hot Swap Overall Status light at the top right of this page indicates whether the unit has at least one active, valid power supply.
Green indicates all detected power supplies are valid
The status will show yellow if one power supply is not valid.
Red if there is no single HSPS module working properly (urgent need for replacement).
Grey if the monitoring on both sleds has been disabled.
In this panel, you can also download (or clear) a file of the most recent monitoring information for both bays.

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

57

2.9 Connecting Supply Power
The Rear View panel of the Hot Swap page will display a rendering of the rear panel. You can hover over a power supply to confirm the bay number, and power specifications.
The Hot Swap Status panels for Bay 1 and Bay 2 each provide information and charts related to monitoring the power supplies of the unit, and contain the following elements:

Health: OK, Warning, Fault, or Monitoring Disabled Present: Installed or Not Installed Monitoring: ON/OFF. Monitoring of Hot Swap Power Supply statuses can be disabled to reduce logging and health status updates. This setting disables alarming in the case of power supply failure or issue (it is still possible to view statistics for the bay if monitoring is disabled).
Note: It is recommended to disable monitoring on a bay if you choose to remove a power supply long term or keep one inserted that you know is faulty. Disabling monitoring on a faulty supply or empty bay will cause the overall status to display as Okay (provided there is one fully functional power supply installed).
Power Type: AC 110/220 V, DC 12/24 V, or DC 24/48 V Voltage (V) Current (A) Fan Speed (RPM)

58

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.9 Connecting Supply Power
Temperature (C°) Voltage graph Current graph Fan Speed graph Temperature graph
CLI Hot Swap Monitoring
Functionality and status of the Hot Swap Power Supplies can also be obtained by using the CLI command HS_GetStatus. This command will return the overall Hot Swap status and total current, as well as the status and details for each of the bays (health status, present, power type, fan speed, temp, voltage, current, percentage).
Front Panel Hot Swap Monitoring
If your unit is configured with hot swappable power supplies, an additional menu will be visible on the front panel OLED information menu.
Press the Power Menu button (you will need to pres twice if the first press was waking up the display on the front panel). Press the right button to highlight the Hot Swap sub-menu:
Press the down button to toggle between specific information for Bay 1 and Bay 2:
In the case of faulty power supplies, the front panel will flash on the important parameter(s) to indicate the need for attention (in the image above, the issue on Bay 2 is with the fan speed and voltage). You can also disable monitoring on a specific bay by pressing the ENTER key while the bay is highlighted. Bays with disabled monitoring will be noted on the front panel:

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

59

2.9 Connecting Supply Power
Note: Disabling monitoring on a single bay will remove it from consideration in the Overall Hot Swap Status and remove alarming for the bay.
SNMP/Notifications Hot Swap Monitoring
If your unit is configured with hot swappable power supplies, additional options will be visible in the Web UI under MANAGEMENT > Notifications in the System tab:
You can configure these notifications to be send via SNMP: “Setting Up SNMP Notifications” on page 283.
Hot Swap Power Supply Alarms
There are two Hot Swap specific alarms: The Hot Swap, Major Alarm will cause the status to appear red in the Web UI and is triggered if one of the power supplies falls within the following thresholds:
Voltage (< 11V) or (> 13V) Current (> 9A) Fan Speed (< 10,000 RPM) or (> 18,000 RPM) The Hot Swap, Minor Alarm will cause the status to appear yellow in the Web UI and is triggered if one of the power supplies falls within the following thresholds: Temperature AC sled (<-25 °C) or (> 85°C) Temperature DC sled (<-40 °C) or (> 85°C) Unknown Sled Type installed
Note: An alarm can also be triggered if one of the power supplies is only partially inserted into the unit, and not inserted enough for the latch to click, or if you disconnect, but do not remove, a power supply. It is also possible that the hot swap power supply may shift during shipping or setup enough to trigger this alarm. In this case, remove the power supply and attempt to reinsert it.

60

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.10 Powering Up the Unit

2.10

Powering Up the Unit
1. After installing your SecureSync unit, and connecting all references and network(s), verify that power is connected, and wait for the device to boot up.
Note: SecureSync does not have a power switch. When the unit is plugged in, the power will be on (unless you have an additional condition, such as your unit has been halted).

2. Observe that the front panel illuminates The time display will reset and then start incrementing the time.

Figure 2-8: SecureSync front panel
1. Check the front panel status LED indicators:
The Power LED should be lit (not flashing).
The GNSS LED will be either OFF or flashing HEARTBEAT, since synchronization has not yet been achieved.
The Alarms LED light should be OFF (startup behavior) or HEARTBEAT (acquiring fix behavior). A FAST blinking pattern would indicate the unit requires attention. For additional information, see “Status LEDs” on page 4 and “Status Monitoring via Front Panel” on page 314.

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

61

2.11 Zero Configuration Setup

2.11

Zero Configuration Setup
As an alternative to conventional network configuration, SecureSync can also be set up using the zero-configuration networking technology (“zeroconf”).
Note: You can use Zeroconf on either Ethernet port if DHCP is enabled. Zeroconf must be used with a DHCP server.

When using zeroconf, a TCP/IP network will be created automatically, i.e. without the need for manual configuration: Once SecureSync’s ETH connector is connected to a network, you can directly access the SecureSync Web UI, using a standard web browser, without any configuration.
Zeroconf can be used to connect to the unit through the Web UI:
when you need to identify the IP address assigned to your unit through DHCP in circumstances when your unit is not connected directly to a PC when you wish to access the Web UI of your SecureSync without using the CLI commands or serial connection anytime the IP address of a unit is not known (for instance, if you have “lost” your unit on a network).
Zeroconf Requirements
Prior to using zeroconf, ensure the following requirements are met: Your network is DHCP enabled, and DHCP is enabled on the individual ETH port you are using (this is the default setting). The PC you will use to communicate with your unit is connected to the same network as your SecureSync. Windows 7/8 users should install Bonjour Print Services, otherwise access to *.local addresses will not be possible. Windows 10 already supports mDNS and DNS-SD, hence there is no need to install additional software.

62

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

Setting up an IP Address

2.11.1

Using Zeroconf
Connect to the Web UI of your SecureSync unit in these steps:
1. Obtain the last 6 digits of the MAC address: e.g., “0E 51 7B”. The MAC address can be found:
On the front panel display under the Network menu
On the serial number label on the side on the unit
Through the CLI using the ifconfig command.
2. Connect the SecureSync to a router on your LAN via ETH0 or ETH1 connector.
3. Connect the power supply to the SecureSync unit.
4. On a connected computer, open your web browser and in the URL field type the following:
securesync-[xxxxxx].local/
where the [xxxxxx] of the hostname are the last six digits of the MAC address.
(If your browser doesn’t recognize the information as an address, it may be necessary to add the prefix http:// or https://)
You should now connected to the unit Web UI and can login using the factory default credentials:
Username: spadmin
Password: admin123
Once you logged into the SecureSync via zeroconf, you can retrieve the DHCP address for future use:
Navigate to MANAGEMENT: NETWORK > Network Setup. In the Ports panel, click on the information button next to each Ethernet port. The popup window will display the assigned DCHP IP address for the selected port.
See “Setting up an IP Address” below or “Accessing the Web UI” on page 71 for more information.

2.12

Setting up an IP Address
In order for SecureSync to be accessible via your network, you need to assign an IP address to SecureSync, as well as a subnet mask and gateway, unless you are

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

63

2.12 Setting up an IP Address
using an address assigned by a DHCP server. There are several ways to setup an IP address, described below:
via the front panel keypad and information display remotely …
… via serial cable … via dedicated network cable … via a DHCP network.
Before you continue …
… please obtain the following information from your network administrator: Available static IP address This is the unique address assigned to the SecureSync unit by the network administrator. Make sure the chosen address is outside of the DHCP range of your DHCP server.
Note: The default static IP addresses of the SecureSync unit are: 192.168.1.1 for eth0 192.168.1.2 for eth1
Subnet mask (for the network) The subnet mask defines the number of bits taken from the IP address that are used in the network portion. The number of network bits used in the net mask can range from 8 to 30 bits.
Gateway address The gateway (default router) address is needed if communication to the SecureSync is made outside of the local network. By default, the gateway is disabled.
Note: Make sure you are assigning a static IP address to your SecureSync unit that is outside of the DHCP range defined for the DHCP server. Your system administrator will be able to tell you what this range is.

64

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.12 Setting up an IP Address

2.12.1

Dynamic vs. Static IP Address
On a DHCP network (Dynamic Host Configuration Protocol), SecureSync’s IP address will be assigned automatically once it is connected to the DHCP server. This negotiated address and other network information are displayed on the unit front panel when the unit boots up.
If you plan on allowing your SecureSync to use this negotiated DHCP Address on a permanent basis, you can skip the following topics about setting up an IP address, and instead proceed to “Accessing the Web UI” on page 71, in order to complete the SecureSync configuration process.
Please note:
Unless you are using DNS in conjunction with DHCP (with the client configured using SecureSync’s hostname instead of IP address), Safran recommends to disable DHCP for SecureSync, and instead use a static IP address. Failure to do this can result in a loss of time synchronization, should the DHCP server assign a new IP address to SecureSync.

2.12.2

Assigning a Static IP Address
Safran recommends assigning a static IP address to SecureSync, even if the unit is connected to a DHCP server.
This can be accomplished in several ways:
a. Via the keypad and information display on the front panel of the unit, see “Setting Up an IP Address via the Front Panel” below
b. By connecting the SecureSync to an existing DHCP network, temporarily using the assigned DHCP address, see “Setting Up a Static IP Address via a DHCP Network” on page 68.
c. By connecting a Personal Computer to SecureSync via a serial cable, see “Setting Up an IP Address via the Serial Port” on page 69.
d. By connecting a Personal Computer directly to SecureSync via a dedicated Ethernet cable, see “Setting up a Static IP Address via Ethernet Cable” on page 70.

2.12.2.1

Setting Up an IP Address via the Front Panel
Assigning an IP address to SecureSync, using the front panel keypad and information display is a preferred way to provide network access to the unit, thus enabling you thereafter to complete the setup process via the Web UI.

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

65

2.12 Setting up an IP Address
Note: The following instructions apply to IPv4. To configure static addresses in IPv6, you will need to use either the CLI or the front panel.
Keypad Operation
Figure 2-9: Front panel keypad and menu buttons
The functions of the keys are: arrow keys: Navigate to a menu option (will be highlighted); move the focus on the screen; switch between submenus arrow keys: Scroll through parameter values in edit displays; move the focus on the screen ENTER key: Select a menu option, or confirm a selection when editing menu buttons: Press these buttons to navigate to each of the seven main menus.
Detailed information on the front panel display menus can be found at “Front Panel Keypad, and Display” on page 6
IP configuration, step-by-step instructions:
A. Disable DHCP: 1. Press the Network.Menu Button. Ensure that you are on the Settings submenu.

66

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.12 Setting up an IP Address
2. Using the arrow key, press down once and press L/R to select the Ethernet interface for which DHCP is to be disabled, such as eth0.
3. Press down to highlight the current DHCP state [ON or OFF], and press ENTER to change the setting.
4. Use the arrow keys to select OFF, and press the ENTER key twice (once to enter the setting, and once to confirm when the confirmation menu appears to the right).
B. Enter IP Address and Subnet Mask: 1. Select the IPv4 Address row, press ENTER to allow changes, and use the up and down arrows to change 000.000.000.000/00 to the value of the static IP address and subnet mask/network bits to be assigned (for a list of subnet mask values refer to the table “Subnet mask values” on page 70).
2. Press the ENTER key once to enter the setting, then again to confirm the new setting in the confirmation menu.

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

67

2.12 Setting up an IP Address

C. Enter the Gateway Address (if required)
1. Highlight the gateway row. Press the key once to enter the setting.
2. The display will change, allowing you to input an address at 000.000.000.000. Enter the gateway address here. The address entered must correspond to the same network IP address assigned to SecureSync.
The remainder of the configuration settings can be performed via the Web UI (accessed via an external workstation with a web browser such as Firefox® or Chrome®). For more information, see “The Web UI HOME Screen” on page 34.

2.12.2.2

Setting Up a Static IP Address via a DHCP Network
To setup a permanent static IP address, after connecting SecureSync to a DHCP network:
1. Enter the IP address shown on the front panel information display of your SecureSync unit into the address field of your browser (on a computer connected to the SecureSync network). If the network supports DNS, the hostname may also be entered instead (the default hostname is productnamemacaddress. See “Zero Configuration Setup ” on page 62to identify your MAC address). The start screen of the SecureSync Web UI will be displayed.
2. Log into the Web UI as an administrator. The factory-default user name and password are:
Username: spadmin
Password: admin123
3. Disable DHCP by navigating to MANAGEMENT > Network Setup. In the Ports panel on the right, click the GEAR icon next to the Ethernet Port you are using. In the Edit Ethernet Port Settings window, uncheck the Enable DHCPv4 field. Do NOT click Submit or Apply yet.
4. In the fields below the Enable DHCPv4 checkbox, enter the desired Static IP address, Netmask, and Gateway address (if required). Click Submit.
For subnet mask values, see “Subnet Mask Values” on page 70.
5. Verify on the front panel information display that the settings have been accepted by SecureSync.
6. Enter the static IP address into the address field of the browser, and again log into the Web UI in order to continue with the configuration; see: “The Web UI HOME Screen” on page 34.

68

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.12 Setting up an IP Address

2.12.2.3

Setting Up an IP Address via the Serial Port
SecureSync’s rear panel serial port connector is a standard DB9 female connector. Communication with the serial port can be performed using a PC with a terminal emulator program (such as PuTTY or TeraTerm) using a pinned straightthru standard DB9M to DB9F serial cable.
SecureSync’s front panel serial port connector is a standard micro-B USB female connector.
The serial ports can be used to make configuration changes (such as the network settings), retrieve operational data (e.g., GNSS receiver information) and log files, or to perform operations such as resetting the admin password.
The serial ports are account and password protected. You can login using the same user names and passwords as would be used to log into the SecureSync Web UI. Users with “administrative rights” can perform all available commands. Users with “user” permissions only can perform “get” commands that retrieve data, but cannot perform any “set” commands or change/reset any passwords.
To configure an IP address via the serial port:
1. Connect a serial cable to a PC running PuTTY, Tera Term, or HyperTerminal, and to your SecureSync. For detailed information on the serial port connection, see “Setting up a Terminal Emulator” on page 559
2. Login to SecureSync with a user account that has “admin” group rights, such as the default spadmin account (the default password is admin123).
3. Disable DHCP, type: dhcp4set X off , where X is the Ethernet port you wish to configure (Eth0, Eth1).

Note: For a list of CLI commands, type helpcli, or see “CLI Commands” on page 560.

4. Configure the IP address and subnet mask, type:
ip4set x y.y.y.y z.z.z.z (where x is the desired interface (eth0, eth1), “y.y.y.y” is the desired IP address for SecureSync, and “z.z.z.z” is the full subnet mask for the network (For a list of subnet mask values, see “Subnet Mask Values” on the next page.)
5. Configure the gateway by typing gw4set x y.y.y.y (where x indicates the interface routing table to add the default gateway (eth0, eth1), and “y.y.y.y” is the default gateway address).

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

69

2.12 Setting up an IP Address

6. Remove the serial cable, connect SecureSync to the network, and access the Web UI, using the newly configured IP address. (For assistance, see “Accessing the Web UI” on the facing page).
The remainder of the configuration settings will be performed via the Web UI (accessed via an external workstation with a web browser such as Firefox® or Chrome®).

2.12.2.4 Setting up a Static IP Address via Ethernet Cable
This procedure will allow you to configure SecureSync using the Web UI directly via the Ethernet port, if you cannot or do not wish to use a DHCP network.
1. First, disable DHCP using the front panel keypad and information display: see “Setting Up an IP Address via the Front Panel” on page 65.
2. Change the workstation IP address to be on the same network as SecureSync.
3. Connect workstation and SecureSync with an Ethernet cable.
The remainder of the configuration settings will be performed via the Web UI (accessed via an external workstation with a web browser such as Firefox® or Chrome®). For more information, see “The Web UI HOME Screen” on page 34.

2.12.3

Subnet Mask Values

Table 2-3: Subnet mask values
Network Bits Equivalent Netmask Network Bits Equivalent Netmask

30

255.255.255.252

18

255.255.192.0

29

255.255.255.248

17

255.255.128.0

28

255.255.255.240

16

255.255.0.0

27

255.255.255.224

15

255.254.0.0

26

255.255.255.192

14

255.252.0.0

25

255.255.255.128

13

255.248.0.0

24

255.255.255.0

12

255.240.0.0

23

255.255.254.0

11

255.224.0.0

22

255.255.252.0

10

255.192.0.0

21

255.255.248.0

9

255.128.0.0

20

255.255.240.0

8

255.0.0.0

19

255.255.224.0

70

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.13 Accessing the Web UI

2.13

Accessing the Web UI
SecureSync’s web user interface (“Web UI”) is the recommended means to interact with the unit, since it provides access to nearly all configurable settings, and to obtain comprehensive status information without having to use the Command Line Interpreter (CLI).
You can access the Web UI either by using the automatically assigned DHCP IP address, or by using a manually set static IP address (see “Assigning a Static IP Address” on page 65):
1. On a computer connected to the SecureSync network, start a web browser, and enter the IP address shown on the SecureSync front panel.
2. When first connecting to the Web UI, a warning about security certificates may be displayed:

Select Continue….
Note: “Cookies” must be enabled. You will be notified if Cookies are disabled in your browser.
Note: HTTPS only: Depending on your browser, the certificate/security pop-up window may continue to be displayed each time you open the Web UI until you saved the certificate in your browser.

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

71

Configure Network Settings

Note: Static IP address only: To prevent the security pop-up window from opening each time, a new SSL Certificate needs to be created using the assigned IP address of SecureSync during the certificate generation. See “HTTPS” on page 79 for more information on creating a new SSL certificate.

3. Log into the Web UI as an administrator. The factory-default administrator user name and password are: Username: spadmin Password: admin123
Caution: For security reasons, it is advisable to change the default credentials, see: “Managing Passwords” on page 290.

4. Upon initial login, you will be asked to register your product. Safran recommends to register SecureSync, so as to receive software updates and services notices. See also “Product Registration” on page 313.
Number of login attempts
The number of failed login attempts for ssh is hard-set to (4) four. This value is not configurable. The number of failed login attempts for the Web UI (HTTP/HTTPS) is hard-set to (5) five failed login attempts, with a 60 second lock. These two values are not configurable.
To continue with the configuration, see e.g., “The Web UI HOME Screen” on page 34. To learn more about setting up different types of user accounts, see “Managing User Accounts” on page 286.

2.14

Configure Network Settings
Before configuring the network settings, you need to setup access to SecureSync web user interface (“Web UI”). This can be done by assigning a static IP address, or using a DHCP address. For more information, see “Setting up an IP Address” on page 63.

72

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.14 Configure Network Settings
Once you have assigned the IP address, login to the Web UI. For more information, see “Accessing the Web UI” on page 71. To configure network settings, or monitor your network, navigate to SecureSync’s Network Setup screen. To access the Network Setup screen:
Navigate to MANAGEMENT > Network Setup. The Network Setup screen is divided into three panels:

The Actions panel provides:
General Settings: Allows quick access to the primary network settings necessary to connect SecureSync to a network. See “General Network Settings” on the next page.
Web Interface Settings:
Web interface timeout: Determines how long a user can stay logged on. For more information, see “Web UI Timeout” on page 294.
Web Security Level: High security will not allow browsers to use TLS below v1.3 (to prevent known security vulnerabilities).
Access Control: Allows the configuration of access restrictions from assigned networks/nodes.
Login Banner: Allows the administrator to configure a custom banner message to be displayed on the SecureSync Web UI login page and the CLI (Note: There is a 2000 character size limit).

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

73

2.14 Configure Network Settings

SSH: This button takes you to the SSH Setup window. For details on setting up SSH, see “SSH” on page 91.
System Time Message: Setup a once-per-second time message to be sent to receivers via multicast. For details, see “System Time Message” on page 109.
VLAN: This button will reveal the VLAN Setup popup window. For more information, see “VLAN Support” on page 109.
HTTPS: This button takes you to the HTTPS Setup window. For details on setting up HTTPS, see “HTTPS” on page 79.
The Network Services panel is used to enable (ON) and disable (OFF) network services, as well as the Web UI display mode, details see: “Network Services” on page 76.
The Ports panel not only displays STATUS information, but is used also to set up and manage SecureSync’s network ports via three buttons:
INFO button: Displays the Ethernet port Status window for review purposes.
GEAR button: Displays the Ethernet port settings window for editing purposes.
TABLE button: Displays a window that allows adding, editing, and reviewing Static Routes.

2.14.1

General Network Settings
To expedite network setup, SecureSync provides the General Settings window, allowing quick access to the primary network settings.
To access the General Settings window:
1. Navigate to MANAGEMENT > Network Setup. In the Actions Panel on the left, click General Settings.

2. Populate the fields: Hostname: This is the server’s identity on the network or IP address.

74

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.14 Configure Network Settings

Default IPv4 Port: Unless you specify a specific Port to be used as Default Port, the factory default port eth0 will be used as the gateway (default gateway).
Default IPv6 Port: Unless you specify a specific Port to be used as Default Port, the factory default port eth0 will be used as the gateway (default gateway).
The General Settings window also displays the IPv4 Address and default IPv4 Gateway.

2.14.2

Network Ports
Ports act as communication endpoints in a network. The hardware configuration of your unit will determine which ports (e.g., Eth0, Eth1, …) are available for use.
To enable & configure, or view a network port:
1. Navigate to MANAGEMENT > NETWORK: Network Setup.
2. The Ports panel on the right side of the screen lists the available Ethernet ports, and their connection STATUS:
Green: CONNECTED (showing the connection speed)
Yellow: CABLE UNPLUGGED (the port is enabled but there is no cable attached)
Red: DISABLED.
Locate the port you want to configure (eth0 or eth1) and click the GEAR button to enable & configure the port, or the INFO button to view the port status.
3. Ethernet ports are enabled by default. If the port is not already enabled, in the Edit Ethernet Ports Settings window, click the Enable check box. The Edit Ethernet Ports Settings window will expand to show the options needed to complete the port setup.
Fill in the fields as required:
Enable eth0: [Checkbox] Enable DHCPv4: [Checkbox] Check this box to enable the delivery of IP addresses from a DHCP Server using the DHCPv4 protocol.
Static IPv4 Address: This is the default, or the unique address assigned by the network administrator. The default subnet is: 255.255.0.0

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

75

2.14 Configure Network Settings

Netmask: This is the network subnet mask assigned by the network administrator. In the form “xxx.xxx.xxx.xxx.” See “Subnet Mask Values” on page 70 for a list of subnet mask values.
IPv4 Gateway: The gateway (default router) address is needed if communication to the SecureSync is made outside of the local network. By default, the gateway is disabled.
IPv6 Auto Configuration: Choose between Disabled (disable auto configuration), Auto (stateless auto configuration using SLAAC and DHCP), and Stateful (auto configuration using DHCP only).
Domain: This is the domain name to be associated with this port.
DNS Primary: This is the primary DNS address to be used for this port. Depending on how your DHCP server is configured, this is set automatically once DHCP is enabled. Alternatively, you may configure your DHCP server to NOT use a DNS address. When DHCP is disabled, DNS Primary is set manually, using the format “#.#.#.#” with no leading zeroes or spaces, where each #’ is a decimal integer from the range [0,255]. DNS Secondary: This is the secondary DNS address to be used for this port. Depending on how your DHCP server is configured, this is set automatically once DHCP is enabled, or your DHCP server may be configured NOT to set a DNS address. When DHCP is disabled, DNS Secondary is set manually, using the format “#.#.#.#” with no leading zeroes or spaces, where each#’ is a decimal integer from the range [0,255].
Edit IPv6 Address: Click on this button to configure a static IPv6 address.
4. To apply your changes, click Submit (the window will close), or Apply.

2.14.3

Network Services
Several standard network services can be enabled or disabled via the easily accessible Network Services Panel under MANAGEMENT > Network Setup:
The Network Services panel has ON/OFF toggle switches for the following daemons and features:
System Time Message: A once-per second Time Message sent out via Multicast; for details, see “System Time Message” on page 109.
Daytime Protocol, RFC-867: A standard Internet service, featuring an ASCII daytime representation, often used for diagnostic purposes.
Time Protocol, RFC-868: This protocol is used to provide a machine-readable, site-independent date and time.

76

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.14 Configure Network Settings

Telnet: Remote configuration
SSH+SFTP: Secure Shell cryptographic network protocol for secure data communication and secure access to logs.
HTTP: Hypertext Transfer Protocol
tcpdump: A LINUX program that can be used to monitor network traffic by inspecting tcp packets. Default = ON. If not needed, or wanted (out of concern for potential security risks), tcpdump can be disabled permanently: Once toggled to OFF, and after executing a page reload, tcpdump will be deleted from the system: The toggle switch will be removed, and the function cannot be enabled again (even after a software upgrade) unless a full CLEAN upgrade is performed. Removing tcpdump on this page will also remove the PTP-specific functionality (see “The PTP TCP Dump Collection Panel” on page 162).
Note: A listing of recommended and default network settings can be found under “Default and Recommended Configurations” on page 359.

2.14.4

Static Routes
Static routes are manually configured routes used by network data traffic, rather than solely relying on routes chosen automatically by DHCP (Dynamic Host Configuration Protocol). With statically configured networks, static routes are in fact the only possible way to route network traffic.
To view, add, edit, or delete a static route:
1. Navigate to the MANAGEMENT > Network Setup screen.
2. The Ports panel displays the available Ethernet ports, and their connection status.
3. To view all configured Static Routes for all Ethernet Ports, or delete one or more Static Routes, click the TABLE icon in the top-right corner.
4. To add a new Route, view or delete an existing Route for a specific Ethernet Port, locate the Port listing you want to configure, and click the TABLE button next to it. The Static Routes window for the chosen Port will open, displaying its Routing Table, and an Add Route panel.
In the Add Route panel, populate these fields in order to assign a Static Route to a Port:

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

77

2.14 Configure Network Settings

Net Address: This is the address/subnet to route to. Prefix: This is the subnet mask in prefix form e.g., “24”. See also “Subnet Mask Values” on page 70. Router Address: This is where you will go through to get there. Click the Add Route button at the bottom of the screen.
Note: To set up a static route, the Ethernet connector must be physically connected to the network.

Note: Do not use the same route for different Ethernet ports; a route that has been used elsewhere will be rejected.

Note: The eth0 port is the default port for static routing. If a port is not given its own static route, all packets from that port will be sent through the default.

2.14.5

Access Rules
Network access rules restrict access to only those assigned networks or nodes defined. If no access rules are defined, access will be granted to all networks and nodes.

Note: In order to configure Access Rules, you need ADMINISTRATOR rights.

To configure a new, or delete an existing access rule: 1. Navigate to the MANAGEMENT > Network Setup screen. 2. In the Actions panel on the left, click on Access Control. 3. The Network Access Rules window displays:

78

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.14 Configure Network Settings

4. In the Allow From field, enter a valid IP address. It is not possible, however, to add direct IP addresses, but instead they must be input as blocks, i.e. you need to add /32 at the end of an IP address to ensure that only that address is allowed. Example: 10.2.100.29/32 will allow only 10.2.100.29 access.
IP address nomenclature:
IPv4–10.10.0.0/16, where 10.10.0.0 is the IP address and 16 is the subnet mask in prefix form. See the table “Subnet Mask Values” on page 70 for
a list of subnet mask values.
IPv6–2001:db8::/48, representing 2001:db8:0:0:0:0:0:0 to 2001:db8:0:ffff:ffff:ffff:ffff:ffff.

5. Click the Add button in the Action column to add the new rule.
6. The established rule appears in the Network Access Rules window. Click the Delete button next to an existing rule, if you want to delete it.

2.14.6

HTTPS
HTTPS stands for HyperText Transfer Protocol over SSL (Secure Socket Layer). This TCP/IP protocol is used to transfer and display data securely by adding an encryption layer to protect the integrity and privacy of data traffic. Certificates issued by trusted authorities are used for sender/recipient authentication.

Note: In order to configure HTTPS, you need ADMINISTRATOR rights.

Note that SecureSync supports two different modes of HTTPS operation: The Standard HTTPS Level (default), and a High-Security Level. For more information, see “HTTPS Security Levels” on page 308.

2.14.6.1

Accessing the HTTPS Setup Window
1. Navigate to MANAGEMENT > NETWORK: HTTPS Setup (or, navigate to MANAGEMENT

Network Setup, and click HTTPS in the Actions panel on the left):

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

79

2.14 Configure Network Settings

The HTTPS Setup window has five tabs:
Create Certificate Request: This menu utilizes the OpenSSL library to generate certificate Requests and self-signed certificates.
Subject Alternative Name Extension: This menu is used to add alternative names to an X.509 extension of a Certificate Request.
Certificate Request: A holder for the certificate request generated under the Create Certificate Request tab. Copy and paste this Certificate text in order to send it to your Certificate Authority.
Upload X.509 PEM Certificate: Use the window under this tab to paste your X.509 certificate text and upload it to SecureSync.
Upload Certificate File: Use this tab to upload your certificate file returned by the Certificate Authority. For more information on format types, see “Supported Certificate Formats” on the facing page.
Exit the HTTPS Setup window by clicking the X icon in the top right window corner, or by clicking anywhere outside the window.
Should you exit the HTTPS Setup window while filling out the certificate request parameters form before clicking the Submit button, any information you entered will be lost. Exiting the HTTPS Setup window will not lose and Subject Alternative Names that have been entered. When switching between tabs within the HTTPS Setup window, the information you have entered will be retained.
2.14.6.2 About HTTPS
HTTPS provides secure/encrypted, web-based management and configuration of SecureSync from a PC. In order to establish a secure HTTPS connection, an SSL certificate must be stored inside the SecureSync unit.

80

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.14 Configure Network Settings
SecureSync uses the OpenSSL library to create certificate requests and selfsigned certificates. The OpenSSL library provides the encryption algorithms used for secure HTTP (HTTPS). The OpenSSL package also provides tools and software for creating X.509 Certificate Requests, Self Signed Certificates and Private/Public Keys. For more information on OpenSSL, please see www.openssl.org. Once you created a certificate request, submit the request to an external Certificate Authority (CA) for the creation of a third party verifiable certificate. (It is also possible to use an internal corporate Certificate Authority.) If a Certificate Authority is not available, or while you are waiting for the certificate to be issued, you can use the default Safran self-signed SSL certificate that comes with the unit until it expires, or use your own self-signed certificate. The typical life span of a certificate (i.e., during which HTTPS is available for use) is about 10 years.
Note: If deleted, the HTTPS certificate cannot be restored. A new certificate will need to be generated.
Note: In a Chrome web browser, if a valid certificate is deleted or changed such that it becomes invalid, it is necessary to navigate to Chrome’s Settings> More Tools> Clear browsing data> Advanced and clear the Cached images and files in the history. Otherwise Chrome’s security warnings may make some data unavailable in the Web UI.
Note: If the IP Address or Common Name (Host Name) is changed, you need to regenerate the certificate, or you will receive security warnings from your web browser each time you log in.
2.14.6.3 Supported Certificate Formats
SecureSync supports X.509 PEM and DER Certificates, as well as PKCS#7 PEM and DER formatted Certificates. You can create a unique X.509 self-signed Certificate, an RSA private key and X.509 certificate request using the Web UI. RSA private keys are supported because they are the most widely accepted. At this time, DSA keys are not supported.

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

81

2.14 Configure Network Settings
2.14.6.4 Creating an HTTPS Certificate Request
Caution: If you plan on entering multiple Subject Alternative Names to your HTTPS Certificate Request, you must do so before filling out the Create Certificate Request tab to avoid losing any information. See “Adding HTTPS Subject Alternative Names” on page 85.
To create an HTTPS Certificate Request: 1. Navigate to MANAGEMENT > NETWORK: HTTPS Setup, or in the MANAGEMENT > NETWORK Setup, Actions panel, select HTTPS:

2. Click the Create Certificate Request tab (this is the default tab). 3. Check the box Create Self Signed Certificate, in order to open up all menu
items. This checkbox serves as a security feature: Check the box only if you are certain about generating a new self-signed Certificate.
Caution: Once you click Submit, a previously generated Certificate (or the Safran default Certificate) will be overwritten.
Note that an invalid Certificate may result in denial of access to SecureSync via the Web UI!

82

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

2.14 Configure Network Settings
4. Fill in the available fields:
Signature Algorithm: Choose the algorithm to be used from:
MD4
SHA1
SHA256
SHA512
Private Key Pass Phrase: This is the RSA decryption key. This must be at least 4 characters long.
RSA Private Key Bit Length: 2048 bits is the default. Using a lower number may compromise security and is not recommended.
Two-Letter Country Code: This code should match the ISO-3166-1 value for the country in question.
State Or Province Name: From the address of the organization creating up the Certificate.
Locality Name: Locale of the organization creating the Certificate.
Organization Name: The name of the organization creating the Certificate.
Organization Unit Name: The applicable subdivision of the organization creating the Certificate.
Common Name (e.g. Hostname or IP): This is the name of the host being authenticated. The Common Name field in the X.509 Certificate must match the hostname, IP address, or URL used to reach the host via HTTPS.
Email Address: This is the email address of the organization creating the Certificate.
Challenge Password: Valid response password to server challenge.
Optional Organization Name: An optional name for the organization creating the Certificate.
Self-Signed Certificate Expiration (Days): How many days before the Certificate expires. The default is 7200.
You are required to select a signature algorithm, a private key passphrase of at least 4 characters, a private key bit length, and the Certificate expiration in days. The remaining fields are optional.
It is recommended that you consult your Certificate Authority for the required fields in an X 509-Certificate request. Safran recommends all fields be filled out and match the information given to your Certificate Authority.

CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0

83

2.14 Configure Network Settings
For example, use all abbreviations, spellings, URLs, and company departments recognized by the Certificate Authority. This helps to avoid problems the Certificate Authority might otherwise have reconciling Certificate request and company record information. If necessary, consult your web browser vendor’s documentation and Certificate Authority to see which key bit lengths and signature algorithms your web browser supports. Safran recommends that when completing the Common Name field, the user provide a static IP address, because DHCP-generated IP addresses can change. If the hostname or IP address changes, the X.509 Certificate must be regenerated. It is recommended that the RSA Private Key Bit Length be a power of 2 or multiple of 2. The key bit length chosen is typically 1024, but can range from 512 to 4096. Long key bit lengths of up to 4096 are not recommended because they can take several hours to generate. The most common key bit length is the value 1024.
Note: The default key bit length value is 2048.
When using a self-signed Certificate, choose values based on your company’s security policy. 5. When the form is complete, confirm that you checked the box Create Self Signed Certificate at the top of the window, then click Submit. Clicking the Submit button automatically generates the Certificate Request in the proper format for subsequent submission to the

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals