SAFRAN 2400 Secure Sync Time Server User Manual
- June 1, 2024
- Safran
Table of Contents
- SAFRAN 2400 Secure Sync Time Server
- Product Information
- Product Usage Instructions
- Frequently Asked Questions
- Getting Started
- Specifications
- Installation Overview
- Connecting Supply Power
- Setting up an IP Address
- Configure Network Settings
- References
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
SAFRAN 2400 Secure Sync Time Server
Product Information
Specifications
- Input Power: AC/DC
- GNSS Receiver
- 10 MHz Output with Oscillator Phase Noise (dBc/Hz)
- Multi I/O
- DCLS Output with 1PPS Output
- 10/100/1000 Ethernet Port (RJ45)
- 10/100/1000 Ethernet Port (SFP)
- RS-232 Serial Port (Rear Panel)
- USB Serial Port (Front Panel)
- Cables
- Protocols Supported
- Mechanical and Environmental Specifications
Product Usage Instructions
Setup
Installation Overview
Follow the main installation steps provided in the manual.
Unpacking and Inventory
Check that all components are present as listed in the manual.
Safety
Ensure to follow safety guidelines during installation.
Accessing the Web UI
To access the SecureSync Web UI, enter the designated IP address in a web browser.
Frequently Asked Questions
- Q: How do I configure network settings?
- A: Navigate to the Configuration MANAGEMENT Menu in the Web UI to configure network settings such as general network settings, network ports, network services, static routes, access rules, HTTPS, SSH, SNMP, VLAN support, and system time message.
- Q: What is the process for setting up an IP address?
- A: You can set up an IP address dynamically or statically. Refer to the manual for detailed instructions on assigning a static IP address via different methods including the front panel, DHCP network, serial port, and Ethernet cable.
ELECTRONICS & DEFENSE
SecureSync
2400 MODEL
User Manual
Document Part No.: 2400-5000-0050 Revision: 7.0
Date: 5-March-2024
© 2024 Safran. All rights reserved.
Information furnished by Safran is believed to be accurate and reliable.
However, no responsibility is assumed by Safran for its use, nor for any
infringements of patents or other rights of third parties that may result from
its use. Safran reserves the right to make changes without further notice to
any products herein. Safran makes no warranty, representation or guarantee
regarding the suitability of its products for any particular purpose, nor does
Safran assume any liability arising out of the application or use of any
product or circuit, and specifically disclaims any and all liability,
including without limitation consequential or incidental damages. No license
is granted by implication or otherwise under any patent or patent rights of
Safran. Trademarks and registered trademarks are the property of their
respective owners. Safran products are not intended for any application in
which the failure of the Safran product could create a situation where
personal injury or death may occur. Should Buyer purchase or use Safran
products for any such unintended or unauthorized application, Buyer shall
indemnify and hold Safran and its officers, employees, subsidiaries,
affiliates, and distributors harmless against all claims, costs, damages, and
expenses, and reasonable legal fees arising out of, directly or indirectly,
any claim of personal injury or death associated with such unintended or
unauthorized use, even if such claim alleges that Safran was negligent
regarding the design or manufacture of the part.
Safran Electronics & Defense
safran-navigation-timing.com
Safran Trusted 4D
· 45 Becker Road, Suite A, West Henrietta, NY 14586 USA · 3, Avenue du Canada,
91974 Les Ulis, France
The industry- leading Spectracom/Orolia products you depend on are now brought
to you by Safran.
Do you have questions or comments regarding this User Manual? è E-mail:
[email protected]
SecureSync 2400 User Manual
CHAPTER 1 ·
SecureSync 2400 User Manual
1
Getting Started
1.1
Getting Started
Welcome to the SecureSync User Reference Guide.
Where to start:
First-time users: “SecureSync Introduction” below.
Users with some knowledge of Time and Frequency Servers: “Installation
Overview” on page 42.
If your unit is up and running and you want to change a setting: “Managing
Time” on page 197, or “System Administration” on page 273.
1.2 SecureSync Introduction
SecureSync 2400 Time and Frequency Synchronization System® is the latest-
version, security-hardened 1-rack unit network appliance designed to meet
rigorous network security standards and best practices. It ensures accurate
timing through multiple references, tamper-proof management, and extensive
logging. Robust network protocols are used to allow for easy but secure
configuration. Features can be enabled or disabled based on your network
policies. Installation is aided by DHCP (IPv4), AUTOCONF (IPv6), and a front-
panel keypad and OLED display.
The unit supports multi-constellation GNSS input (SAASM GPS receivers,
supporting L1/L2, available for authorized users and required for the US DoD
are available), IRIG input and other input references. The unit is powered by
AC on an IEC60320 connector. DC power as back-up to AC power, or as the
primary input power source, is also available, and power selections can
involve either fixed or Hot Swap configurations.
SecureSync combines Safran’s precision master clock technology and secure
network-centric approach with a compact modular hardware design to bring you a
2
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.3 SecureSync Front Panel
powerful time and frequency reference system at the lowest cost of ownership.
Military and commercial applications alike will benefit from its extreme
reliability, security, and flexibility for synchronizing critical operations.
An important advantage of SecureSync is its unique rugged and flexible modular
chassis that can be configured for your specific needs. Built- in time and
frequency functions are extended with up to six input/output modules.
You can choose from a variety of configurable option cards, each with an
assortment of input/output timing signal types and quantity, including
additional 1PPS, 10 MHz, timecode (IRIG, ASCII, HAVE QUICK), other frequencies
(5MHz, 2.048 MHz, 1.544 MHz, 1MHz), Precision Timing Protocol (PTP)
input/output, multi-Gigabit Ethernet (10/100/1000Base-T), telecom T1/E1 data
rates and multinetwork NTP, allowing SecureSync to be customized for your
exact requirements.
A variety of internal oscillators is available, depending on your requirements
for holdover capability and phase noise.
Note: Some of the features described are not available on all SecureSync
variants.
1.2.1
SecureSync’s Inputs and Outputs
SecureSync provides multiple outputs for use in networked devices and other
synchronized devices. A 10 MHz frequency reference provides a precise,
disciplined signal for control systems and transmitters. A 1-Pulse-Per-Second
(1PPS) output acts as a precise metronome, counting off seconds of System Time
in the selected timescale (such as UTC, TAI or GPS); this BNC connector can
also be configured to produce IRIG, HaveQuick, or GPO signals. A multi-I/O 15
pin connector provides default IRIG, ATC, and HaveQuick Inputs, as well as
IRIG, IRIG AM, HaveQuick, and ATC Outputs. These options can all be configured
to suit your application (see “Configurable Connectors” on page 167).
SecureSync’s outputs are driven by its inputs most notably, Global
Navigation Satellite System (GNSS), or IRIG signal generators and other
available input references. GNSS-equipped SecureSyncs can track up to 72 GNSS
satellites simultaneously and synchronize to the satellite’s atomic clocks.
This enables SecureSync- equipped computer networks to synchronize anywhere on
the planet.
1.3 SecureSync Front Panel
The front panel of a SecureSync unit consists of:
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
3
1.3 SecureSync Front Panel
an LED time display seven illuminated status LED menu buttons a front panel
control keypad an OLED information display menu micro-B USB serial console
intake for temperature-controlled cooling fans The OLED information display is
configurable using the front panel controls. The micro USB serial interface
and the front panel controls provide a means to configure the unit’s network
settings and perform other functions without requiring access to the Web UI.
SecureSync units with the SAASM GPS receiver option module installed also have
an encryption key fill connector and key zeroize pin switch on the left-hand
side of the front panel.
1.3.1
Figure 1-1: SecureSync front panel layout
Status LEDs
SecureSync’s front panel status LEDs provide a real-time status overview:
Seven (7) LEDs indicate the unit’s current operating state.
Figure 1-2: Front panel LEDs
4
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.3 SecureSync Front Panel
1.3.1.1
Blinking Intervals
The status LEDs can communicate four different operating states: “OFF” “ON”
“FAST”: blinking interval @ 2Hz “SLOW HEARTBEAT”: sinus-shaped interval @ 1Hz
1.3.1.2
LED Lighting Patterns
The table below indicates LED status light patterns for common SecureSync
operating statuses.
Table 1-1: Common light patterns
Start-up Software upgrade/reboot
ON
OFF
OFF
OFF
OFF
OFF
OFF
HEARTBEAT PATTERN IN ORDER, BECOMING SOLID LEFT TO RIGHT TO REPRESENT PROGRESS
1.3.1.3
Legend, individual LEDs
Table 1-2: Legend for Status LEDs
Icon
Light
Meaning
OFF
No power
ON
Powered
OFF HEARTBEAT
FAST ON
No GNSS reception (0 satellites) GNSS acquisition in process ( 1 satellite(s), or 1PPS OK, or Time OK Antenna short circuit GNSS is available as reference (1PPS and Time OK)
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
5
1.3 SecureSync Front Panel
1.3.2
Icon
Light OFF FAST ON OFF ON FAST
OFF ON OFF ON OFF FAST
Meaning No valid references Using non-primary reference Using primary
reference Unit is in Holdover (valid) In Sync (valid) Not In Sync (Holdover
period exceeded, or oscillator damaged) No output signal(s) detected/all
outputs are disabled
At least one enabled output
Both ETH0 and ETH1 invalid
At least one Ethernet connection valid
Unit OK
At least one active alarm, see Web UI
LED Patterns during Boot Sequence
For the first five seconds after power-up all LEDs will be OFF. Then the Power
LED will be blinking before it will be lit permanently.
Responding to Alarms
If you are in front of your units, the fastest way to determine the origin of
alarms is to press the button that is flashing; this will automatically bring
up the menu of the category with a difficulty. See “Front Panel Keypad, and
Display” below for more information.
Front Panel Keypad, and Display
To simplify operation and to allow local access to SecureSync, a keypad and an
OLED information display menu are provided on the front panel of the unit.
The front panel keypad, information display menu, and status LED menu buttons
can be used to configure basic network settings and obtain status information.
For more complex functionality, users should refer to the Web UI or Command
Line Interface (CLI).
6
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.3 SecureSync Front Panel
For instruction on changing the front panel time display or locking front
panel access, see “Configuring the Front Panel” on page 309.
1.3.2.1 Using the Keypad
The functions of the five keys are:
arrow keys: Navigate to a menu option (will be highlighted); move the focus on
the screen; switch between submenus
arrow keys: Scroll through parameter values in edit displays; move the focus
on the screen
ENTER key: Select a menu option, or confirm a selection when editing
menu buttons: Press these buttons to navigate to each of the seven main menus.
1.3.2.2
Using the Front Panel Display
There are seven main menu screens on the SecureSync front information display.
Figure 1-3: Status LED menu buttons
1. Your front panel screen will timeout and darken after two minutes of
inactivity. If your screen is dark, press any menu or keypad button to wake.
2. Press a menu button to enter that menu on the front panel display. 3.
After entering a menu, the cursor will automatically begin on the submenu
selection that you last visited. 4. Use the left and right buttons to switch
between submenus if necessary.
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
7
1.3 SecureSync Front Panel
5. To enter into a submenu body, press the down button. You will only be able
to highlight fields that can be changed.
6. If the field has arrows on either side of your selection, use the
directional arrow keys; OR:
7. If the line is highlighted, press the ENTER button to change a value, and
use the directional keys to obtain the desired setting.
8. Once your editing is done, press the ENTER button. 9. Press ENTER again to
confirm your choice in the confirmation menu that
will appear on the right side of the screen.
Front Panel Display: Menu Tree
The illustration below shows how the menu is organized, and which functions
can be accessed via the front panel (i.e. without using the Web UI):
Figure 1-4: Front panel menu tree
8
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.3 SecureSync Front Panel
The main menu options and their functions are as follows:
Power Menu: Management
halt the unit (see “Issuing the HALT Command Before Removing Power” on page
275) reboot the unit (see “Rebooting the System” on page 276) restore the
factory defaults (see “Resetting the Unit to Factory Configuration” on page
357) Monitoring
view the temperature status: Board Temp, CPU Temp, and OSC (oscillator) Temp
view the Fan(s) Speed System
view model number view serial number view software version view licenses view
a rolling ribbon of option cards installed Hot Swap this sub menu will only be
available if you have a Hot Swap Power Supply configuration. See “Hot Swap
Power Supply” on page 56 for more information.
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
9
1.3 SecureSync Front Panel
GNSS Antenna Menu: Constellations
view the status for GPS, GLONASS, BeiDou, Galileo, QNSS, and SBAS turn
reception OFF or ON to any satellite system by selecting the status Settings
view or change receiver position mode view or set position view or change
delay Monitoring
view the following information: antenna status PPS validity time validity
state
view for each satellite system: chart of all visible satellites
Inputs Menu: Settings
10
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.3 SecureSync Front Panel
view reference table enable or disable references (see “Configuring Input
Reference Priorities” on page 215 Monitoring
view each input reference view reference state, time, validity, and phase
error Time Menu: Settings:
change the current time display Monitoring:
view the oscillator type, disciplining state, and TFOM value Date:
view the Day Month Year. Outputs Menu:
Settings
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
11
1.3 SecureSync Front Panel
view list of outputs available see outputs format enable or disable outputs
(see “Signature Control” on page 194) Network Menu: Settings: Scroll to each
ETH connection to view information or perform actions (see “Setting Up an IP
Address via the Front Panel” on page 65):
enable or disable DHCP view or set IP address view or change gateway view MAC
address Monitoring: View a graph for each ETH connection (highlight eth0 or
eth1 and toggle left and right)
Alerts Menu: Status
show current major or minor alarms and descriptions Monitoring
monitor memory usage monitor CPU usage monitor disk usage Test
12
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.4 Unit Rear Panel
confirm that the buttons on your front panel are working (highlight Press
VALID to start testing buttons and push the ENTER key).
1.4 Unit Rear Panel
The SecureSync rear panel contains the connectors for all input and output
references.
GPS/GNSS antenna connector (SMA) 10 MHz output (BNC female connector) Multi
I/O (sub HD15 connector) 1PPS out, configurable DCLS Output (BNC female
connector) ETH0 1GB Ethernet (RJ45 connector) ETH1 Ethernet (SFP connector)
Serial console (RJ45 connector) Two or six slots for option cards AC power
input connection
Figure 1-5: Standard rear panel
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
13
1.4 Unit Rear Panel
Optional input/output connectors depend on the installed option cards.
The ANTENNA connector is an SMA connector for the GNSS input from your GNSS
antenna via a coax cable.
The 10 MHz BNC connector provides a 10 MHz sine-wave output signal.
The HD15 multi I/O connector provides 6 different configurable channels. These
channels can be set to provide various outputs and inputs, such as 1PPS,
HaveQuick, IRIG, ATC, and GPIO.
The DCLS OUT BNC connector can be set to produce 1PPS, IRIG output, HaveQuick
output, or GPIO output. The default 1PPS signal offers a onceper-second square
wave output signal, and can be configured to have either its rising or falling
edge to coincide with the system’s on-time point.
The Ethernet RJ45 (Eth0) and SFP (Eth1) connectors provide an interface to the
network for NTP synchronization and to obtain access to the SecureSync product
Web UI for system management. Eth0 has two small indicator lamps, “Good Link”
(green LED), and “Activity” (orange LED). The “Good Link” light indicates a
connection to the network is present. The “Activity” light will illuminate
when network traffic is detected.
Table 1-3: Ethernet status indicator lights
LED
State
Meaning
Orange On Off
Green
On
Off
LAN Activity detected No LAN traffic detected
LAN Link established, 10 or 100 Mbps No link established
The rear Serial Console accepts commands to locally configure the unit via
CLI.
The AC Power connector is the input for the AC power (does not include an
ON/OFF switch).
The chassis ground on the rear panel is a supplementary ground. SecureSync is
grounded through the power connector.
Typically, option cards will be installed at the factory. Should you purchase
an extra option card at a later point, you will need to undergo field
installation (for technically proficient service personnel only). Your local
Sales Office will gladly assist you with the optimal option cards selection
for your application.
14
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.5 Option Cards
1.5 Option Cards
Option Cards are circuit boards that can be installed into a SecureSync unit
in order to add input and output functionality. Installation is normally done
in the factory when the unit is built. Many cards, however, can be retrofitted
in the field by qualified customer personnel (see “Option Card Field
Installation Instructions” on page 380).
SecureSync has the capacity to hold either two or six option cards, depending
on whether or not an extension board is installed in your unit. If you are not
sure whether or not you have an extension board, identify the part number of
your unit:
In the Web UI, navigate to TOOLS > Upgrade/Backup. In the System Configuration
panel, your product number is listed under Model. OR;
On the front panel display, press the POWER button, and navigate over to the
System submenu. Your part number is listed under Model Number.
If your product number begins with the numbers 2402, then your unit does not
contain an extension board and has a two-option card capacity. If your product
number begins with the numbers 2406, then your unit contains an extension
board, and can house up to six option cards. For more information, contact
your Safran sales personnel.
Caution: NEVER install an option card from the back of the unit, ALWAYS from
the top. It is therefore necessary to remove the top cover of the main chassis
(housing).
Input and outputs can be categorized by:
Communication direction:
Input
Output
Signal type:
Frequency: 1/5/10/[programmable] MHz
Wave form (square, sinus)
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
15
1.5 Option Cards
1PPS TTS CTCSS Signal protocol: ASCII time code IRIG STANAG Have Quick E1/T1
data Telecom timing, etc. Ethernet (NTP, PTP) Time code I/O Alarm out, etc.
Functionality: Networking card (incl. NTP, PTP) Time code I/O Alarm output
Special functionality e.g., revertive selector, bidirectional communication
Connector type: BNC DB-9/25 Terminal block RJ-12/45 SFP ST fiber optic To
visually identify an option card installed in your unit, or to obtain an
overview which option cards are available for SecureSync, see “Option Cards
Overview” on the facing page. To obtain detailed information on a specific
option card, using its ID number, see “Option Card Identification” on page 20.
To locate option card topics in this manual by their heading or functionality,
see “Option Cards” on page 373. This Chapter also includes information on
field installation and Web UI functionality.
16
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.5 Option Cards
1.5.1
To visually identify a connector type, see “Option Card Connectors” on page
23.
Option Cards Overview
The table below lists all SecureSync option cards available at the time of
publication of this document, sorted by their function.
The table column (see table below) Web UI Name refers to the names under which
the cards installed in a SecureSync unit are listed in the INTERFACES > OPTION
CARDS drop-down menu.
Detailed specifications and configuration assistance for every card can be
found in the APPENDIX. To quickly access the APPENDIX topic for your option
card(s), you may use the hyperlinks in table “Option cards listed by their ID
number” on page 21.
Note: * Every option card has a unique 2-digit ID number located on its cover
plate, and in the center column of the table below. The complete Safran Part
Number for option cards is 1204-xx (e.g., 1204-18).
Table 1-4: Option cards identification
Function Web UI Name
Illustration
Time and Frequency Cards
Quad 1PPS 1PPS Out BNC out (TTL)
Quad 1PPS 1PPS Out 10V out (10 V)
Quad 1PPS out (RS485) Quad 1PPS out (fiber optic) 1in/3out 1PPS (TTL [BNC]) 1in/2out 1PPS/freq (fiber optic) 5MHz out
1PPS Out, RS485 1PPS Out, Fiber 1PPS/Frequency RS-485 1PPS In/Out, Fiber 5MHz Out
ID*
Inputs
18 0 19 0 21 0 2B 0 28 1PPS (1x)
2A 1PPS (1x)
08 0
Outputs Conn.’s
1PPS, TTL (4x) 1PPS, 10 V (4x) 1PPS, RS485 (4x)
1PPS, F/O (4x)
1PPS (3x)
BNC (4x) BNC (4x) Terminal block, 10-pin ST Fiber optic (4x) BNC (4x)
1PPS (2)
ST Fiber optic (3x)
5MHz (3x) BNC (3x)
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
17
1.5 Option Cards
Function Web UI Name 10 MHz out 10 MHz Out
1MHz out 1MHz Out
Progr. frequ. out (Sine Wave) Progr. frequ out (TTL)
Prog Freq Out, Sine Prog Freq Out, TTL
Prog frequ out (RS485) Square Wave out
Prog Freq Out, RS-485 Square Wave Out, BNC
1PPS in/out 1PPS/Fre+ frequ. in quency BNC 1PPS in/out 1PPS/Fre+ frequ. in quency RS-485
CTCSS, Data Sync/Clock
Simulcast
Telecom Timing Cards
E1/T1 data, E1/T1 Out BNC 75
E1/T1 data, E1/T1 Out Ter100/120 minal
E1/T1 data, E1/T1 Out BNC 75 E1/T1 data, E1/T1 Out Ter100/120 minal
Time Code Cards
Illustration
ID*
Inputs
1C 0
26 0
13 0
Outputs Conn.’s
10 MHz (3x) BNC (3x)
1MHz (3x) BNC (3x)
progr. clock, sine (4x)
BNC (4x)
2F 0
progr. clock, TTL/sq. (4x)
BNC (4x)
30 0
progr. clock, RS485 (4x)
Terminal block, 10-pin
17 0
square wave, TTL (4x)
BNC (4x)
01 Var. frequ. + 1PPS (TTL) BNC
1PPS
(3x)
03 10 MHz + 1PPS 1PPS
Terminal block, 10-pin
14 0
data clock, CTCSS frequ., 1PPS, 1 alarm (3x)
RJ-12 & DB-9
09 0 0A 0 53 0 4C 0
1.544/2.048 MHz (1x) unbal. E1/T1 (2x)
BNC (3x)
1.544/2.048 MHz (1x) unbal. E1/T1 (2x)
Terminal block, 10-pin
unbal. E1/T1 BNC
(4x)
(4x)
unbal. E1/T1 Terminal
(4x)
block,
10-pin
18
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.5 Option Cards
Function Web UI Name
ASCII Time ASCII TimeCode RS- code RS-232 232
ASCII Time ASCII TimeCode RS- code RS-485 485
IRIG BNC
IRIG In/Out BNC
IRIG Fiber IRIG In/Out,
Optic
Fiber
Illustration
IRIG out, BNC IRIG out, fiber optic
IRIG Out BNC IRIG Out, Fiber
IRIG out, RS-485
IRIG Out, RS485
STANAG input STANAG in, isol. STANAG out
STANAG In
STANAG In, Isolated STANAG Out
STANAG out, isol.
STANAG Out, Isolated
HAVE QUICK out BNC
HAVE QUICK Out, BNC
HAVE QUICK out RS-485
HAVE QUICK Out, RS-485
HAVE QUICK
HAVE QUICK
Networking Cards
1Gb PTP: Gb PTP Master only
ID*
02 1
Inputs
04 1
05 1 27 1
15 0 1E 0
22 0
1D 2x 24 2x 11 0
25 0
10 0
1B 0
29 1
32 0
Outputs Conn.’s RS-232 (1x) DB-9
(2x)
1
2 2
4 4
4
1x 1x 2x STANAG, 1x 1PPS 2x STANAG, 1x 1PPS 4 (TTL)
Terminal block, 10-pin BNC (3x) ST Fiber optic (3x) BNC (4x) ST Fiber optic
(4x) Terminal block, 10-pin DB-25 (1x) DB-25 (1x) DB-25 (1x)
DB-25 (1x)
BNC (4x)
4
Terminal
block,
10-pin
3
BNC
(4x)
1PPS (1x BNC), SFP (1x)
BNC (1x), SFP (1x)
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
19
1.5 Option Cards
1.5.2
Function Web UI Name
Illustration
Quad 1 Gb Quad 1 Gb NTP Server
Dual 1 Gb Dual 1 Gb NTP Server
Communication and Specialty Cards
STL (Satel- STL lite Time and Location)
Event in, Broadcast out
Event Broadcast
Revertive n/a Selector (“Failover”)
Alarm
Relay Output
Relay Out
ID*
Inputs
4A 0
49 0
Outputs Conn.’s
4
SFP
ports
2
SFP
ports
3E Satellite, Eth. 0
(Maintenance)
SMA, RJ45
23 BNC: Event
trigger
2E Frequ. or 1
PPS: (2x)
DB-9: Event broadcast Frequ. or 1PPS(1x)
DB-9 + BNC (1x each) BNC (3x)
0F 0
Relay Out (3x)
Terminal block, 10-pin
Option Card Identification
Here are a few ways to identify the option card(s) installed in your
SecureSync unit:
a. Using the Web UI, navigate to the INTERFACES > OPTION CARDS dropdown menu,
and compare the list displayed in your UI with the table “Option cards
identification” on page 17.
b. If you have physical access to your SecureSync unit, inspect its rear
panel, and compare the 2-digit ID number printed in the lower left-hand corner
on each option card with the table below.
1.5.2.1
Option Card Identification by ID/Part Number
If you are looking for information specific to a particular option card, the
table below can help you find this information in this User Manual.
Note: * Every option card has a 2-digit identification (ID) number that can be
found in the corner of its cover plate, and in the table below. The ID number
is comprised of the two center digits of your option card’s Safran Part
Number: 1204-0180-0600.
20
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.5 Option Cards
Figure 1-6: Option Card ID number
The table lists all option cards available at the publication date of this documentation, sorted by their ID number. Locate the option card ID number on its cover plate, and follow the corresponding hyperlink in the right-hand column.
Table 1-5: Option cards listed by their ID number
Card ID*
Card Name
Name in UI
See …
01
1PPS/freq input (TTL
levels) module
1PPS/Frequency “1PPS In/Out, 10 MHz In
BNC
[1204-01, -03]” on page 408
02
ASCII Time Code module ASCII Timecode “ASCII Time Code In/Out
(RS-232)
RS-232
[1204-02, -04]” on page 491
03
1PPS/freq input (RS-485 1PPS/Frequency “1PPS In/Out, 10 MHz In
levels) module
RS-485
[1204-01, -03]” on page 408
04
ASCII Time Code module ASCII Timecode “ASCII Time Code In/Out
(RS-485)
RS-485
[1204-02, -04]” on page 491
05
IRIG module, BNC (1 input, IRIG In/Out BNC “IRIG In/Out [1204-05, -27]”
2 outputs)
on page 449
08
5 MHz output module (3
5 MHz Out
outputs)
“Frequency Out [1204-08, -1C, -26]” on page 415
09
T1-1.544 (75 ) or E1-2.048 E1/T1 Out BNC
“T1/E1 Out [1204-09, -0A, -4C,
(75 ) module
-53]” on page 435
0A
T1-1.544 (100 ) or E1-
2.048 (120 ) module
E1/T1 Out Terminal
“T1/E1 Out [1204-09, -0A, -4C, -53]” on page 435
0F
Alarm module
Relay Output
“Alarm Relay Out [1204-0F]” on page 533
10
HaveQuick output module HAVE QUICK Out, “HAVE QUICK Out [1204-10, –
(TTL)
BNC
1B]” on page 479
11
STANAG output module STANAG Out
“STANAG Out [1204-11, -25]”
on page 464
13
Programmable Frequency Prog Freq Out,
“Programmable Frequency
Output module (Sine
Sine
Out [1204-13, -2F, -30]” on
Wave)
page 418
14
CTCSS, Data Sync/Clock Simulcast
module (“Simulcast”)
“Simulcast (CTCSS/Data Clock) [1204-14]” on page 426
15
IRIG module, BNC (4 out- IRIG Out BNC
“IRIG Out [1204-15, -1E, -22]”
puts)
on page 443
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
21
1.5 Option Cards
Card ID*
17 18 19 1B 1C 1D 1E 1F 21 22 23 24 25 26 27 28 29 2A 2B 2E
Card Name
Name in UI
See …
Square Wave (TTL) output Sq Wv Out, BNC “Programmable Square Wave
module
Out [1204-17]” on page 423
Quad 1 PPS output module 1PPS Out BNC (TTL)
“1PPS Out [1204-18, -19, -21, 2B]” on page 398
Quad 1 PPS output module 1PPS Out 10V (10 V)
“1PPS Out [1204-18, -19, -21, 2B]” on page 398
HaveQuick output module HAVE QUICK Out, “HAVE QUICK Out [1204-10, –
(RS-485)
RS-485
1B]” on page 479
10 MHz output module (3 outputs)
10 MHz Out
“Frequency Out [1204-08, -1C, -26]” on page 415
STANAG input module
STANAG In
“STANAG In [1204-1D, -24]” on page 472
IRIG module, Fiber Optic (4 IRIG Out, Fiber outputs)
“IRIG Out [1204-15, -1E, -22]” on page 443
NENA Card
NENA
“NENA-Compliant Option Card [-1F]” on page 538
Quad 1 PPS output module 1PPS Out, RS-485 “1PPS Out [1204-18, -19, -21, –
(RS-485 [terminal block])
2B]” on page 398
IRIG module, RS-485 (4 out- IRIG Out, RS-485 “IRIG Out [1204-15, -1E, -22]”
puts)
on page 443
Event Broadcast module
Event Broadcast “Event Broadcast [1204-23]” on page 550
STANAG isolated input module
STANAG In, Isol- “STANAG In [1204-1D, -24]”
ated
on page 472
STANAG isolated output module
STANAG Out, Isol- “STANAG Out [1204-11, -25]”
ated
on page 464
1 MHz output module (3 outputs)
1MHz Out
“Frequency Out [1204-08, -1C, -26]” on page 415
IRIG module, Fiber Optic (1 IRIG In/Out, Fiber “IRIG In/Out [1204-05, -27]”
input, 2 outputs)
on page 449
1-in/3-out 1 PPS module (TTL [BNC])
1PPS/Frequency “1PPS In/Out [1204-28, -2A]”
RS-485
on page 403
1-in/3-out HaveQuick mod- HAVE QUICK ule (TTL [BNC])
“HAVE QUICK In/Out [120429]” on page 485
1-in/3-out 1 PPS module (Fiber Optic)
1PPS In/Out, Fiber “1PPS In/Out [1204-28, -2A]” on page 403
Quad 1 PPS output module 1PPS Out, Fiber (Fiber Optic)
“1PPS Out [1204-18, -19, -21, 2B]” on page 398
Revertive Selector module n/a (“Failover”)
“Revertive Selector Card [1204-2E]” on page 548
22
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.5 Option Cards
1.5.3
Card ID*
2F
Card Name Programmable Frequency Output module (TTL)
Name in UI Prog Freq Out, TTL
30
Programmable Frequency Prog Freq Out,
Output module (RS-485) RS-485
32
1Gb PTP module
Gb PTP
3E
STL input module
STL
49
Dual 1 Gb NTP Server
Dual 1GBE
4A
Quad 1 Gb NTP Server
Quad 1GBE
4C
Differential Terminal Block E1/T1 Out Quad
4 Port E1/T1 module
Terminal
53
Single-ended BNC 4 port E1/T1 Out Quad
E1/T1 module
BNC
See …
“Programmable Frequency Out [1204-13, -2F, -30]” on page 418 “Programmable
Frequency Out [1204-13, -2F, -30]” on page 418 “PTP Grandmaster [1204-32]” on
page 507 “STL Option Module [12043E]” on page 525 “NTP and Networking [4A,
49]” on page 503 “NTP and Networking [4A, 49]” on page 503 “T1/E1 Out
[1204-09, -0A, -4C, -53]” on page 435 “T1/E1 Out [1204-09, -0A, -4C, -53]” on
page 435
Option Card Connectors
The table below lists the connector types used in SecureSync option cards.
Table 1-6: Option card connectors
Connector
Illustration
Electr. Signals
Timing signals
BNC ST Fiber Optic
Differential TTL xV, sine wave, programm. square wave, AM sine wave, DCLS AM sine wave, DCLS
1PPS, frequency, IRIG, HAVE QUICK, PTP IRIG, 1PPS
Terminal Block [Recommended mating connector: Phoenix Contact, part no. 182 7787]
RS-485
1PPS, frequency, ASCII time code, IRIG, HAVEQUICK, Alarm, T1/E1
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
23
Specifications
Connector DB-9
DB-25 RJ-12
RJ-45 SFP SMA
Illustration
Electr. Signals
RS-232, RS-485
Differential TTL xV, RS-485 RS-485
Gb-Ethernet
Timing signals
ASCII time code, GPS NMEA, data clocks, CTCSS frequency, 1PPS, Alarm signal
STANAG data clock, CTCSS frequency, 1PPS, Alarm PTP timing signal
Ethernet RF, differential TTL xV, sine wave, programm. square wave, AM sine wave, DCLS
NTP timing signal, PTP timing signal 1PPS, frequency
1.6
Specifications
The specifications listed below apply to the SecureSync standard model, i.e.
not including any option cards, and are based on “normal” operation, with
SecureSync synchronized to valid Time and 1PPS input references (in the case
of GNSS input, this is with the GNSS receiver operating in Stationary mode).
Specifications for the available option cards are provided in their
corresponding topics; see “Option Cards Overview” on page 17.
1.6.1
Input Power
AC power source: 100 to 240 VAC, ±10 %, 50/60 Hz
DC power source (option): 12-17 VDC -15%, +20%, or 21-60 VDC -15%, +20%,
secure locking device
24
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.6 Specifications
1.6.2 1.6.3
Maximum power draw: TCXO/OCXO oscillator installed: 40 W normal (50 W start-
up) Rubidium (Rb) oscillator installed: 50 W normal (80 W start-up) Low-Phase
Noise (LPN) Rubidium oscillator installed: 52 W normal (85 W start-up)
Backup Battery: SecureSync has an internal battery to support the Real Time
Clock. The battery is a small recharging lithium coin cell that is not
customerreplaceable. This battery will keep approximate time and date in a
shutdown state over ~135 days before requiring recharge. After full drain, the
battery will require ~5 days to fully recharge. Minimum battery life is ~30+
years. Hot Swap Power Supply: Some SecureSync models have hot-swappable power
supplies and can ensure power redundancy in case of failure. Each power sled
has the same specifications as the standard AC or DC specifications (see
above). For information on safe operation, see “Hot Swap Power Supply” on page
56.
GNSS Receiver
Model: u-blox M8T Compatible signals:
GPS L1 C/A Code transmissions at 1575.42 MHz GLONASS L1 0F transmissions
centered at 1602.0 MHz Galileo E1 B/C transmissions at 1575.42 MHz BeiDou B1
transmissions centered at 1561.098 MHz QZSS L1-SAIF transmissions at 1575.42
MHz Satellites tracked: Up to 72 simultaneously Update rate: up to 2Hz
(concurrent) Acquisition time: Typically < 27 seconds from cold start Antenna
requirements: Active antenna module, +5V, powered by SecureSync, 16 dB gain
minimum Antenna connector: SMA (SMA to N-type conversion cable included in
anxillary kit)
10 MHz Output
Signal: 10 MHz sine wave Signal Level: +13 dBm ±2dB into 50 Harmonics: 40 dBc
minimum
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
25
1.6 Specifications
Spurious: 70 dBc minimum; 60 dBc minimum (Rb)
Connector: BNC female
Signature Control: This configurable feature removes the output signal
whenever a major alarm condition or loss of time synchronization condition is
present. The output will be restored once the fault condition is corrected.
Accuracy rating depends on the oscillator selected during the ordering
process.
Table 1-7: 10 MHz output — oscillator types and accuracies
Oscillator Type
Accuracy
Low-phase noise Rubidium Rubidium Low-phase noise OCXO OCXO TCXO
1×10-12 typical 24-hour average locked to GPS 1×10-11 per day (5×10-11 per month) typical aging unlocked 1×10-12 typical 24-hour average locked to GPS 1×10-11 per day (5×10-11 per month) typical aging unlocked 1×10-12 typical 24-hour average locked to GPS 2×10-10 per day typical aging unlocked 1×10-12 typical 24-hour average locked to GPS 1×10-9 per day typical aging unlocked 1×10-12 typical 24-hour average locked to GPS 1×10-8 per day typical aging unlocked
Note: Oscillator accuracies are stated as fractional frequency (i.e. the relative frequency departure of a frequency source), and as such are dimensionless.
See also “Configuring the Oscillator” on page 267.
Table 1-8: 10 MHz output — oscillator stability
Oscillator Type
Medium-Term Stability (without GPS after 2 weeks
of GPS lock)
Short-Term Stability (Allan variance)
1 sec.
10 sec.
100 sec.
Temperature Stability (pp)
Low-phase noise Rubidium
5×10-11/month (3×1011/month typical)
1×10-11 1×10-11 5×10-12 1×10-10
Rubidium
5×10-11/month (3×1011/month typical)
1×10-11 9×10-12 4×10-12 1×10-10
26
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.6 Specifications
Oscillator Type
Low-phase noise OCXO OCXO TCXO
Medium-Term Stability (without GPS after 2 weeks
of GPS lock)
Short-Term Stability (Allan variance)
1 sec.
10 sec.
100 sec.
Temperature Stability (pp)
2×10-10/day
1×10-11 9×10-12 8×10-12 1×10-9
5×10-10/day 1×10-8/day
1×10-11 9×10-12 2.5×10-9 1×10-9
9×10-12 5×10-9 5×10-10 1×10-6
1.6.3.1
10 MHz Output — Oscillator Phase Noise (dBc/Hz)
Oscillator Type
Low-phase noise Rubidium Rubidium Low-phase noise OCXO OCXO TCXO
@ 1Hz @ 10 Hz @ 100 Hz @ 1KHz @ 10 KHz
100
128
80
98
100
128
95
123
./.
./.
148 120 148 140 110
150 140 150 145 135
150 140 150 150 140
1.6.4
Multi I/O
The Multi I/O HD15-pin connector can be configured to provide different output
and input types. For more information, see “Configurable Connectors” on page
167. Connector: 15 pin D-Sub (HD15) female Available signals:
DCLS IN: Input level 1.5 V (min), impedance 50
DCLS OUT: Output level 5 V (peak), impedance 50
IRIG AM OUT: Output impedance – 50 Output level: 10 V (peak to peak max, user
configurable)
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
27
1.6 Specifications
RS232: Output level: ± 5.0 V, impedance 300 Input level: -15 to 15 V (max),
threshold 0.6 V min to 2.4 V max, impedance 3 k min
RS485 (2): Output level: ± 1.5 V, impedance 54 Input level: -7 to 12 V (max),
sensitivity – ± 200 mV, impedance 12 k min
Available Output Types: 1PPS, ASCII Time Code, IRIG (DCLS), IRIG (AM),
HAVEQUICK, GPO Available Input (“Reference”) Types: 1PPS, ASCII Time Code,
HAVEQUICK, IRIG (DCLS) Pinout:
Figure 1-7: Multi I/O connector, viewed in mating direction on rear of unit
Table 1-9: Multi I/O connector signal pinout
Pin
Signal
1
DCLS IN
2
GND
3
(First signal) RS485 A, non-inverting
4
(Second signal) RS485 A, non-inverting
5
RS232 TX OUT
28
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.6 Specifications
1.6.5
Pin
Signal
6
DCLS OUT
7
GND
8
GND
9
GND
10
GND
11
IRIG AM OUT
12
GND
13
(First signal) RS485 B, inverting
14
(Second signal) RS485 B, inverting
15
RS232 RX IN
Table 1-10: Multi I/O signal defaults
Pins
Channel
6&7 1&2 15 & 10 5 & 10 3, 8, 13 4, 9, 14 11 & 12
DCLS OUT DCLS IN RS232 IN RS232 OUT RS485 (1) RS485 (2) IRIG AM OUT
Default Signal
IRIG OUT IRIG IN ATC IN ATC OUT HAVEQUICK OUT HAVEQUICK IN IRIG OUT (AM ONLY)
DCLS Output
The rear panel DCLS OUT BNC female connector defaults to a 1PPS Output (see
below), but can be configured to produce different output signals: IRIG
Output, HaveQuick Output, and GPIO Output. For more information, see
“Configurable Connectors” on page 167.
1.6.5.1
1PPS Output
Signal: One pulse-per-second square wave (ext. reference connected to GNSS
receiver)
Signal level: TTL compatible, 4.3 V minimum, base-to-peak into 50
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
29
1.6 Specifications
1.6.6 1.6.7
Pulse width: Configurable pulse width (200 ms by default) Pulse width range:
20 ns to 900 ms Rise time: <10 ns Accuracy: Positive edge within ±50 ns of UTC
when locked to a valid, traceable input reference
Connector: BNC female
Table 1-11: 1PPS output accuracies
Oscillator Type
Accuracy to UTC (1 sigma locked to
GPS)
Holdover (constant temp. after 2 weeks of GPS lock)
After 4 hours
After 24 hours
Low-phase noise Rubid- ±15 ns ium
Rubidium
±15 ns
Low-phase noise OCXO
±15 ns
OCXO
±25 ns
TCXO
±50 ns
0.2 s
0.2 s 0.5 s
1s 12 s
1s
1s 10 s
25 s 450 s
10/100/1000 Ethernet Port (RJ45)
ETH0 Function: 10/100/1000 Base-T, auto-sensing LAN connection for NTP/SNTP
and remote management and configuration, monitoring, diagnostics and upgrade
Connector: RJ45, Network IEEE 802.3
10/100/1000 Ethernet Port (SFP)
ETH1 Function: 10/100/1000 (speed depends on connection) Base- T, auto-
sensing LAN connection for NTP/SNTP and remote management and configuration,
monitoring, diagnostics and upgrade Connector: Ethernet via SFP
Bel SFP-1GBT-05 (available from Safran as SFP-COPPER) Bel SFP-1GBT-06 GBIC
1000BASE-T 6COM 6C-SFP-T Avago ABCU-5740RZ
30
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.6 Specifications
Avago ABCU-5741ARZ Finisar FCLF8522P2BTL Molex 1837022037 Avago AFBR-5710LZ (available from Safran as SFP-FIBER-MM) Finisar FTLF1318P3BTL (available from Safran as SFP-FIBER-SM) An SFP module found to NOT be supported: Arista SFP- 1G-T
1.6.8
RS-232 Serial Port (Rear Panel)
Function: Accepts commands to locally configure the IP network parameters via
CLI for initial unit configuration.
Connector: RJ45
Character structure: ASCII, 115200 baud, 1 start, 8 data, 1 stop, no parity
1.6.9
USB Serial Port (Front Panel)
Function: Accepts commands to locally configure the IP network parameters via
CLI for initial unit configuration.
Connector: micro-B USB (requires installed driver; if your driver does not
automatically install, visit: https://www.ftdichip.com/Drivers/VCP.htm)
Character structure: ASCII, 115200 baud, 1 start, 8 data, 1 stop, no parity
1.6.10 Cables
CA08R-D500-0001
This cable option is available for purchase for the multi-I/O (15-pin)
connector on the front panel.
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
31
1.6 Specifications
Figure 1-8: CA08R-D500-0001 drawing
1.6.11
Protocols Supported
NTP: NTP Version 4. Provides MD5, Stratum 1 through 15 (RFC 5905).
Clients supported: The number of users supported depends on the class of
network and the subnet mask for the network. A gateway greatly increases the
number of users.
TCP/IP application protocols for browser-based configuration and monitoring:
HTTP, HTTPS
SFTP: For remote upload of system logs and (RFC 959)
Syslog: Provides remote log storage (RFCs 3164 and 5424)
SNMP: Supports v1, v2c, and v3
Telnet/SSH: For limited remote configuration
Security features: Up to 32- character password, Telnet Disable, FTP Disable,
Secure SNMP, SNMP Disable, HTTPS/HTTP Disable, SCP, SSH, SFTP.
Authentication: LDAP v2 and v3, RADIUS, MD5 Passwords, TACAS+.
1.6.12
Mechanical and Environmental Specifications
Dimensions: Designed for EIA 19″ rack mount: Housing w/o connectors and
brackets: 17.1″ W x 1.74″ H [1U] x 15.17″ D actual (434 mm W x 44 mm H x 385
mm D)
32
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
Specifications
Figure 1-9: Mechanical dimensions
Weight: 6.0 lbs (2.72 kg) for base unit with AC power supply Temperature:
Operating: 20°C to +65°C (55°C with Rubidium oscillator option) Storage:
40°C to +85°C Humidity: 10% – 95% relative humidity, non-condensing @ 40°C
Altitude: Operating: 100-240 VAC: up to 13120 ft (3999 m) Storage range: up to
45000 ft (13716 m) Shock and Vibration (Operating and Storage): Shock: 516.8
15g, 11 ms halfsine Vibration: 514.8C-2 cat 4 and 514.8D-11, cat 21 1.1 g rms
vertical and 0.8 g rms longitudinal
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
33
1.7 The SecureSync Web UI
MIL-STD-810G: 500.6, 501.6, 502.6, 503.6, 507.6 MIL-STD-810H: 514.8, 516.8
1.7 The SecureSync Web UI
SecureSync has an integrated web user interface (referred to as “Web UI”
throughout this documentation) that can be accessed from a computer over a
network connection, using a standard web browser. The Web UI is the most
complete way to configure the unit, and for status monitoring during everyday
operation.
Note: If you prefer, an integrated Command-Line Interpreter interface (CLI)
allows the use of a subset of commands. See “CommandLine Interface” on page
559.
Note: Should it ever be necessary, you can restore SecureSync’s configuration to the factory settings at any time. See “Resetting the Unit to Factory Configuration” on page 357.
1.7.1
The Web UI HOME Screen
Note: Screens displayed in this manual are for illustrative purposes. Actual
screens may vary depending upon the configuration of your product.
The HOME screen of the SecureSync web user interface (“Web UI”) provides
comprehensive status information at a glance, including:
vital system information
current status of the references
key performance/accuracy data
major log events.
The HOME screen can be accessed from anywhere in the Web UI, using the HOME
button in the Primary Navigation Bar:
The Primary Navigation Bar provides access to all menus:
34
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.7 The SecureSync Web UI
1.7.2
HOME: Return to the HOME screen (see above) INTERFACES: Access the
configuration pages for …
… references (e.g., GNSS, NTP) … outputs (e.g. 10 MHz, PPS, NTP) and …
installed input/output option cards. MANAGEMENT: Access the NETWORK setup
screens, and OTHER setup screens e.g., to configure Reference Priorities,
System Time, and the Oscillator. TOOLS: Opens a drop-down menu for access to
the system maintenance screens and system logs. HELP: Provides Safran Service
Contact Information and high-level system configurations you may be required
to furnish when contacting Safran Service.
The INTERFACES Menu
The INTERFACES menu on the Main screen provides access to SecureSync’s:
External REFERENCES e.g., the GNSS reference input Detected OUTPUTS, such as
10 MHz and 1PPS Installed OPTION CARDS.
Clicking on any of the line items will open a status screen, providing real-
time information on the selected interface e.g., availability, performance
data and events history.
To configure settings for the selected interface, click the GEAR icons or
buttons provided on most of the status screens. Icons like the INFO symbol
provide access to more detailed status information and history data.
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
35
1.7 The SecureSync Web UI
Note: Many of the interfaces can be accessed through different menu items e.g., an optional output will be available under the OPTION CARDS menu and the OUTPUTS menu.
1.7.3
The headings of each of the INTERFACES drop-down menus (white on orange) open
overview status screens for the respective menu items.
The Configuration MANAGEMENT Menu
The MANAGEMENT menu on the Web UI’s Main screen provides access to
SecureSync’s configuration screens and settings.
On the left side, under NETWORK, the following standard setup screens can be
found:
Pin Layout Network Setup HTTPS Setup SSH Setup SNMP Setup NTP Setup PTP Setup
Under OTHER, you can access non-network related screens: Authentication:
Manage user accounts, Security Policy, LDAP Setup, RADIUS setup, Login
Preference and Remote Servers. Change My Password is also available.
Reference Priority: Define the order of priority for timing inputs.
Notifications: Configure the notifications triggered by SecureSync’s events. A
notification can be a combination of a mask alarm and/or SNMP Trap and/or
email.
Time Management: Manage the Local Clock, UTC Offset, DST Definition and Leap
Second information.
Log Configuration: Manage the system logs. Disciplining: Manage oscillator
disciplining. Change My Password: Configure the admin password.
36
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.8 Regulatory Compliance
1.7.4
The TOOLS Menu
The TOOLS menu on the Web UI’s Main screen provides access to: The System
Upgrade screen System and network monitoring screens Miscellaneous system
administration screens Log screens
1.8 Regulatory Compliance
This product has been found to be in conformance with the following regulatory
publications.
FCC
This equipment has been tested and found to comply with the limits for a Class
A digital device, pursuant to Part 15 of the FCC Rules.
These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This
equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with the user documentation, may cause
harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful
interference in which case the user will be required to correct the
interference at his/her own expense.
Note: This is a Class A product. In a domestic environment this product may
cause radio interference in which case the user may be required to take
adequate measures.
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
37
1.8 Regulatory Compliance
Safety
This product has been tested and meets the requirements specified in: IEC
62368-1:2014 (Second Edition) EN 62368-1:2014 +A11:2017 UL 62368-1:2014
CAN/CSA-C22.2 NO. 62368-1-14 IEC62368-1(2014) + Japanese deviation (or
J62368-1(2020))
EMC Compliance
This product has been tested and meets the following standards: EN
55032:AC:2015 FCC CFR 47 PART 15 SubPart B: 2016 CAN/CSA-CISPR 22-10/ ICES-003
Issue 6: Class A AS/NZS CISPR 32:2015/ AMDI1.2019 EN 55035:2017: Class A
CISPR32(2015:2nd) + Japanese deviation (or J55032(H29)) EN61000- 3- 2:2014,
EN61000- 3- 3:2013, EN61000- 4- 2:2009, EN61000- 43:2006: +A1:2008 + A2:2010,
EN61000- 4- 4:2012, EN61000- 4- 5:2006, EN61000-4-6:2009, EN61000-4-8:2010,
EN61000-4-11:2004 EN 301 489-1 V2.0.1 (2016-11) and EN 301 489-19 V1.2.1
(2002-11)
Radio Spectrum Efficiency:
EN 303 413 V1.1.1
European Directives
This product has been tested and complies with the following: 2014/30/EU
Electromagnetic Compatibility (EMC) 2014/35 EU Low Voltage (LVD) 2011/65/EU
with Amendment 2015/863/EU on the Restriction of Hazardous Substance (RoHS3)
2014/53/EU Radio Equipment Directive (RED)
38
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
1.8 Regulatory Compliance
Environmental Compliance
WEEE (Waste Electrical and Electronic Equipment) REACH (Registration,
Evaluation, Authorization and Restriction of Chemicals)
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
39
1.8 Regulatory Compliance
BLANK PAGE.
40
CHAPTER 1 · SecureSync 2400 User Manual Rev. 7.0
CHAPTER 2
SETUP
The following topics are included in this Chapter:
Installation Overview
42
2.2 Unpacking and Inventory
43
2.3 Required Tools and Parts
44
2.4 SAFETY
45
2.5 Mounting the Unit
48
2.6 Connecting the GNSS Input
50
2.7 Connecting Network Cables
51
2.8 Connecting Inputs and Outputs
52
2.9 Connecting Supply Power
52
2.10 Powering Up the Unit
61
2.11 Zero Configuration Setup
62
2.12 Setting up an IP Address
63
2.13 Accessing the Web UI
71
2.14 Configure Network Settings
72
2.15 Configure NTP
111
2.16 Configuring PTP
151
2.17 GPSD Setup
166
2.18 Configurable Connectors
167
2.19 Configuring Input References
172
2.20 Configuring Outputs
180
2.21 The Option Cards Screen
192
2.22 Signature Control
194
CHAPTER 2 ·
SecureSync 2400 User Manual
41
2.1 Installation Overview
2.1
2.1.1
Installation Overview
This section provides an outline of the steps that need to be performed prior
to putting SecureSync into service. This includes:
Installation: Hardware setup, mechanical installation, physical connections.
Setup: Establish basic access to the unit, so as to allow the use of the web
user interface (“Web UI”). Configuration: Access the Web UI, configure the
network, input and output references, protocols (e.g., NTP), other settings.
The following factors determine which steps need to be taken: a. Your existing
infrastructure and how you plan on integrating SecureSync into it (for
example, integrating it into an existing Ethernet network, or setting-up a
standalone installation.) b. How you would like to setup basic network
configuration parameters: Using the unit’s front panel keypad and information
display Using a PC connected to SecureSync via serial cable Using a PC
connected to SecureSync via network cable. You can connect your PC to
SecureSync either… …directly by means of a dedicated Ethernet cable, or
…indirectly, using your existing Ethernet network (using a network hub). c.
The option cards configuration of your unit: Is your SecureSync equipped with
any option cards, such as additional input references, or additional signal
distribution cards? If so, they need to be configured separately via the
SecureSync Web UI, once the network configuration is complete.
Main Installation Steps
The following list is a recommendation. Deviations are possible, depending on
the actual application and system configuration.
1. Read the Safety instructions: “SAFETY” on page 45. 2. Unpack the unit, and
take inventory: “Unpacking and Inventory” on the
facing page. 3. Obtain required tools and parts: “Required Tools and Parts” on
page 44. 4. Mount the unit: .”Mounting the Unit” on page 48.
42
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.2 Unpacking and Inventory
5. Connect Input References such as your GNSS antenna, and network cable (s):
“Connecting the GNSS Input” on page 50, and “Connecting Network Cables” on
page 51.
6. Connect your power supply/-ies: “Connecting Supply Power” on page 52.
7. Power up the unit: “Powering Up the Unit” on page 274.
8. Setup basic network connectivity….
i. …via front panel keypad and information display: “Setting Up an IP Address
via the Front Panel” on page 65
ii. …or via serial port, using a PC with a CLI: “Setting Up an IP Address via
the Serial Port” on page 69
iii. …or via Ethernet, using a PC with a web browser, and the SecureSync Web
UI: “Accessing the Web UI” on page 71.
9. Register your product: “Product Registration” on page 313.
2.2
Unpacking and Inventory
Caution: Electronic equipment is sensitive to Electrostatic Discharge (ESD).
Observe ESD precautions and safeguards when handling the unit.
Unpack the equipment and inspect it for damage. If any equipment has been
damaged in transit, or you experience any problems during installation and
configuration of your Safran product, please contact Safran (see “Technical
Support” on page 611).
Note: Retain original packaging for use in return shipments if necessary.
The following items are included with your shipment:
SecureSync unit
QuickStart Guide (printed version)
Ancillary items (except for rack mounting items, the contents of this kit may
vary based on equipment configuration and/or regional requirements)
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
43
2.3 Required Tools and Parts
Purchased optional equipment (note that option cards listed on the purchase order will be pre-installed in the unit). See “Option Card Identification” on page 20 and “Option Cards Overview” on page 17.
2.3
2.3.1
Required Tools and Parts
Depending on your application and system configuration, the following tools
and parts may be required:
Phillips screwdrivers to install the rack-mount ears, and to mount the unit in
a 19″-rack Ethernet cables (see “Connecting Network Cables” on page 51).
Required GNSS Antenna Components
Should you plan on using a GNSS reference with your SecureSync, you will also
need the following items (sold separately):
Antenna cable with SMA connector, or conversion cable
Note: The SMA-to-N-type conversion cable included in the ancillary kit is
approved for pull weight of up to 60 lbs. If you are using a heavier cable,
you will need to apply appropriate strain relief.
GNSS antenna with mounting bracket
GNSS antenna surge suppressor (recommended)
GNSS antenna inline amplifier (optional for short cable lengths)
For antenna installation guidelines, see the separate documentation shipped
with the antenna components.
44
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.4 SAFETY
2.4
SAFETY
Safety: Symbols Used
Table 2-1: Safety symbols used in this document, or on the product
Symbol
Signal word
Definition
DANGER! CAUTION!
Potentially dangerous situation which may lead to personal injury or death! Follow the instructions closely. Caution, risk of electric shock.
CAUTION! NOTE ESD
Analog Ground Recycle
Potential equipment damage or destruction! Follow the instructions closely.
Tips and other useful or important information.
Risk of Electrostatic Discharge! Avoid potential equipment damage by following
ESD Best Practices. Shows where the protective ground terminal is connected
inside the instrument. Never remove or loosen this screw! Recycle the
mentioned components at their end of life. Follow local laws.
SAFETY: Before You Begin Installation
This product has been designed and built in accordance with state-of-the-art
standards and the recognized safety rules. Nevertheless, its use may
constitute a risk to the operator or installation/maintenance personnel, if
the product is used under conditions that must be deemed unsafe, or for
purposes other than the product’s designated use, which is described in the
introductory technical chapters of this guide.
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
45
2.4 SAFETY
DANGER! If the equipment is used in a manner not specified by the
manufacturer, the protection provided by the equipment may be impaired.
Before you begin installing and configuring the product, carefully read the
following important safety statements. Always ensure that you adhere to any
and all applicable safety warnings, guidelines, or precautions during the
installation, operation, and maintenance of your product.
DANGER! — INSTALLATION OF EQUIPMENT: Installation of this product is to be
done by authorized service personnel only. This product is not to be installed
by users/operators without legal authorization. Installation of the equipment
must comply with local and national electrical codes.
DANGER! — DO NOT OPEN EQUIPMENT, UNLESS AUTHORIZED: The interior of this
equipment does not have any user-serviceable parts. Contact Safran Technical
Support if this equipment needs to be serviced. Do not open the equipment,
unless instructed to do so by Safran Service personnel. Follow Safran Safety
instructions and observe all local electrical regulatory requirements.
DANGER! IF THE EQUIPMENT MUST BE OPENED: Never remove the cover or blank
option card plates while power is applied to this unit. The unit may contain
more than one power source. Disconnect AC and DC power supply cords before
removing the cover to avoid electrical shock.
46
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.4 SAFETY
DANGER! — GROUNDING: This equipment must be EARTH GROUNDED. This product is
grounded through the power supply. There is an additional, supplementary
chassis ground on the rear panel. Never defeat the ground connector or operate
the equipment in the absence of a suitably installed earth ground connection.
Contact the appropriate electrical authority or an electrician if you are
unsure that suitable earth grounding is available.
DANGER! This unit might have more than one power supply connection. All
connections must be removed to de-energize the unit
Caution: Electronic equipment is sensitive to Electrostatic Discharge (ESD).
Observe all ESD precautions and safeguards when handling Safran equipment.
SAFETY: User Responsibilities
The equipment must only be used in technically perfect condition. Check
components for damage prior to installation. Also check for loose or scorched
cables on other nearby equipment. Make sure you possess the professional
skills, and have received the training necessary for the type of work you are
about to perform. Do not modify the equipment. Use only spare parts authorized
by Safran. Always follow the instructions set out in this User Manual, or in
other Safran documentation for this product. Observe generally applicable
legal and other local mandatory regulations.
SAFETY: Other Tips
Keep these instructions at hand, near the place of use. Keep your workplace
tidy. Apply technical common sense: If you suspect that it is unsafe to use
the product, do the following:
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
47
2.5 Mounting the Unit
Disconnect the supply voltage from the unit. Clearly mark the equipment to prevent its further operation.
2.5
Mounting the Unit
SecureSync units can be operated on a desktop or in a rack in a horizontal,
rightside-up position. The location needs to be well-ventilated, clean and
accessible.
Caution: For safety reasons the SecureSync unit is intended to be operated in
a HORIZONTAL POSITION, RIGHT-SIDE-UP.
The SecureSync unit will install into any EIA standard 19-inch rack.
SecureSync occupies one rack unit of space for installation, however, it is
recommended to leave empty space of at least one rack unit above and below the
SecureSync unit to allow for best ventilation.
Rack mounting requirements:
The maximum ambient operating temperature must be observed. See “Mechanical
and Environmental Specifications” on page 32 for the operating temperature
range specified for the type of oscillator installed in your SecureSync unit.
If the SecureSync unit is to be installed in a closed rack, or a rack with
large amounts of other equipment, a rack cooling fan or fans should be part of
the rack mount installation.
Installation of the unit in a rack should be such that the amount of air flow
required for safe operation of the equipment is not compromised.
Follow the mounting directions described below to prevent uneven mechanical
loading, possibly resulting in a hazardous condition.
Do not overload power supply circuits. Use only supply circuits with adequate
overload protection. For power requirements, see “Input Power” on page 24.
Reliable grounding of rack-mounted equipment must be maintained. Particular
attention must be given to supply connections other than direct connections to
the branch circuit (e.g., use of power strips).
48
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.5 Mounting the Unit
2.5.1
Rack Mounting (Ears)
The SecureSync ancillary kit contains the following parts needed for rack
mounting:
2 each 2400-1000-0714 equipment rack mount ears
6 each HM20R-04R7-0010 M4 flat head Phillips screws
The 2400-0000-0704 ruggedization ancillary kit (optional) contains additional
mounting items available for purchase:
2 each 2400-1000-0706 rear rack mount ears
2 each HM20R-04R7-0010 M4 flat head Phillips screws
The following customer supplied items are also needed:
4 each #10-32 pan head rack mount screws
1 each #2 Phillips head screwdriver
1 each 3/32″ straight screwdriver
To rack mount the SecureSync unit:
1. Attach the 2400- 1000- 0714 rack mount ears to the sides of the SecureSync
with the ears facing outward, aligned with the front edge of the SecureSync
front panel. (See image below). To secure, use the #2 Phillips screwdriver,
and 3 each of the HM20R- 04R7- 0010 M4 flat head Phillips screws per side.
Figure 2-1: Rack mount installation
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
49
2.6 Connecting the GNSS Input
2. Secure the rack mount brackets to the rack using the #10-32 rack mount
screws and #2 Phillips head screwdriver, 2 each per side of the rack.
3. If you purchased additional rear rack mounts, you will align the holes
with the available pegs near the rear of the unit and slide the rail forward
into place. Secure the mount with the screw hole closest to the front of the
chassis using 1 each of the supplied HM20R-04R7-0010 screws per side.
Figure 2-2: Rear rack mount installation
2.6
Connecting the GNSS Input
Typical installations include GNSS as an external reference input. If the GNSS
receiver is not installed or if the GNSS will not be used as a SecureSync
reference, disregard the steps to install the GNSS antenna and associated
cabling.
1. Install a GNSS antenna, surge suppressor, antenna cabling, and GNSS
preamplifier (if required). Refer to the documentation included with your GNSS
antenna for information regarding GNSS antenna installation.
Note: The SMA-to-N-type conversion cable included in the ancillary kit is
approved for pull weight of up to 60 lbs. If you are using a heavier cable,
you will need to apply appropriate strain relief.
50
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.7 Connecting Network Cables
For additional information on GNSS antenna installation considerations,
including cabling, a Safran tech note is available here. 2. Connect the GNSS
cable to the rear panel antenna input jack. Initial synchronization with GNSS
input may take up to 12 minutes (approximately) when used in the default
stationary GNSS operating mode. If using GNSS, verify that GNSS is the
synchronization source by navigating to MANAGEMENT > OTHER: Reference
Priority: Confirm that GNSS is Enabled, and its Status for TIME and 1PPS is
valid (green).
2.7 Connecting Network Cables
SecureSync includes two BASE 10/100/1000 Ethernet ports (ETH0- RJ45, and ETH1-
SFP) for full NTP functionality, as well as a comprehensive web-based user
interface (“Web UI”) for configuration, monitoring and diagnostic support.
Before connecting the network cable(s), you need to decide which port(s) you
want to use for which purpose (e.g., ETH0 for configuration only, etc.), and
how you want to configure basic network connectivity e.g., the IP address:
a. Configure SecureSync via the unit’s front panel: See “Setting Up an IP
Address via the Front Panel” on page 65.
b. Configure SecureSync by means of a PC connected to an existing network.
When connecting to a hub, router, or network computer, use a straight-through
wired, shielded CAT 5, Cat 5E or CAT 6 cable with RJ45 connectors (Eth0) or
SFP connectors (Eth1). Connect one end to the Ethernet port on the SecureSync
rear panel, and the opposite end of the cable to a network hub or switch.
c. Configure SecureSync by connecting a stand-alone computer directly via a
dedicated network cable (standard-wired, or crossover cable):
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
51
2.8 Connecting Inputs and Outputs
When connecting directly to a stand-alone PC, use a network cable. Connect the
cable to the NIC card of the computer. Since no DHCP server is available in
this configuration both SecureSync, and the PC must be configured with static
IP addresses that are on the same subnet (10.1.100.1 and 10.1.100.2 with a
subnet mask value of 255.255.255.0 on both devices, for example). For more
information on configuring static IP addresses, see “Assigning a Static IP
Address” on page 65.
On Eth0: Once the unit is up and running, verify that the green link light on
the Ethernet port is illuminated. The amber “Activity” link light may
periodically illuminate when network traffic is present.
2.8
Connecting Inputs and Outputs
SecureSync can synchronize not only to an external GNSS reference signal, but
also to other optional external references such as IRIG, HAVE QUICK and ASCII
inputs (in addition to network based references such as NTP and/or PTP). At
the same time, SecureSync can output timing and frequency signals for the
consumption by other devices via the same formats as listed above.
EXAMPLE:
With the available IRIG Input/Output option card module (Model 1204-05)
installed in an option bay, IRIG time code from an IRIG generator can also be
applied as an external reference input (either in addition to, or in lieu of
GNSS, NTP, user set time and other available reference inputs).
To use e.g., an external IRIG reference, connect the IRIG time source to the
BNC connector “J1” on the optional IRIG Input/Output module. For additional
information on optional connectivity, such as pinout tables, signal levels and
other specifications, see “Option Cards” on page 373. Note that some option
cards offer both input and output functionality, while others offer only one
or the other.
2.9
Connecting Supply Power
Depending on the equipment configuration at time of purchase, SecureSync may be powered from different sources.
52
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.9 Connecting Supply Power
2.9.1
Table 2-2: SecureSync 2400 Power Supply via Part Number
Part number
Connections
Power Supply
240x-0xx
1
AC (fixed)
240x-3xx
1
12 V DC (fixed)
240x-4xx
1
24 V DC (fixed)
240x-6xx
1-2 (Hot Swap)
AC, DC (12 V or 24 V), in any combination
Before connecting power to the unit, be sure that you have read all safety information detailed in section “SAFETY” on page 45.
Using AC Input Power
Connect the AC power cord supplied in the SecureSync ancillary kit to the AC
input on the rear panel and the AC power source outlet.
Note: Important! SecureSync is earth grounded through the AC power connector.
Ensure SecureSync is connected to an AC outlet that is connected to earth
ground via the grounding prong (do not use a two prong to three prong adapter
to apply AC power to SecureSync).
2.9.2
Using DC Input Power
Note: DC power is an option chosen at time of purchase. The rear panel DC
input port connector is only installed if the DC input option is available.
Different DC power input options are available (12 V DC with a voltage range
of 12 to 17 V at 10 A maximum or 24/48 V DC input with a voltage range of 21
to 60 V at 5.5 A maximum). Review the DC power requirement chosen, prior to
connecting DC power.
DANGER! GROUNDING: SecureSync is NOT earth grounded through the 12 V DC (2-Pin) power connector. Before connecting the unit to a DC power source, connect to earth ground with a grounding ring via the grounding post.
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
53
2.9 Connecting Supply Power
DANGER! GROUNDING: SecureSync is earth grounded through the 24/48 V DC 3-Pin
power connector. Ensure that the unit is connected to a DC power source that
is connected to earth ground via the grounding pin C of the SecureSync DC
power plug supplied in the ancillary kit.
A DC power connector to attach DC power to SecureSync is included in the
ancillary kit provided with the equipment. A cable of 6 feet or less, using
16AWG wire, with adequate insulation for the DC voltage source should be used
with this connector. The cable clamp provided with the DC power plug for
strain relief of the DC power input cable should be used when DC power is
connected to SecureSync.
DC power- +12 V and +24/48 V identification
To eliminate confusion, the two different voltages for DC power use different
connectors. The DC connectors are identical between the fixed or hot-swappable
versions. The +12 V DC power supply uses a 2-pin connector and has a 12 V
label, either above the input or on the body of the power supply module (for
Hot Swap models). The connector is keyed to prevent incorrect insertion. The
+24/48 V DC power supply uses a 3-pin connector and has a 24/48 V label,
either above the input or on the body of the power supply sled (for Hot Swap
models). This connector is also keyed to prevent incorrect insertion.
DC power connectors
SecureSync units can be ordered in a DC version that includes the following DC
receptacle on the back panel: DC Receptacle , 2-pin, chassis mount: Amphenol
97-3102A-10SL-4P(946); (Safran P/N J240R-0021-000G) or DC Receptacle , 3pin,
chassis mount: Amphenol 97- 3102A- 10SL- 3P (946) (Safran P/N J240R0032-012F):
Figure 2-3: DC Plug, 2-Pin and DC Plug, 3-Pin
54
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.9 Connecting Supply Power
The DC ancillary kit includes, among other things, the following connector
parts: Mating 12 VDC Connector, circular, 2-pin, solder socket,
16AWG,13A,300V: Amphenol P/N 97-3106A10SL-4S(946); (Safran P/N
P240R-0021-000G) OR, Mating 24/48 VDC Connector, circular, 3-pin, solder
socket, 16AWG,13A,300V: Amphenol P/N DL3106A10SL-3S; (Safran part no.
P240R-0032-002F):
Figure 2-4: DC Connector, 2-Pin and DC Connector, 3-Pin
Cable Clamp, circular: Amphenol P/N: 97-3057-1004(621); (Safran part no.
MP06R-0004-0001)
Figure 2-5: Cable Clamp, DC Power
Pinout description, DC connectors
Pin B goes to the most positive DC voltage of the DC source. For +12 V or
+24/48 V this would be the positive output from the DC source. For a -12 V or
24/48 VDC source this would be the ground or return of the DC source. Pin A
goes to the most negative voltage of the DC source. For +12 V or +24/48 V this
would be the ground or return output from the DC source. For a -12 V or 24/48
VDC source this would be the negative output from the DC source. Pin C goes to
the Earth ground of the DC source (on +24/48 V units ONLY). The grounding post
provides an earth ground for the +12 V power supply (using a customer-supplied
grounding ring)
AC/DC Converter
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
55
2.9 Connecting Supply Power
A +24/48 VDC power supply can optionally be used as an AC input: Safran offers
a kit containing an AC/DC converter with assembled DC connector: The part
number for this adapter kit is PS06R-2Z1M-DT01.
Figure 2-6: DC to AC Converter
2.9.3
Hot Swap Power Supply
DANGER! Remove the connected power source BEFORE attempting to remove a power
sled for replacement.
Caution: Only use Safran-approved replacement parts. Incorrect parts may cause
damage to the product.
The hot swap power supply (HSPS) option consists of two bays with redundant
power systems. The sleds in the unit can be a mix of AC and DC power supplies.
When both power supplies are active, the electrical draw is shared between the
two bays. If one power supply is damaged or removed, the other bay will
automatically take the entire power load without any additional configuration.
56
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.9.3.1 Hot Swap Installation
2.9 Connecting Supply Power
Figure 2-7: Hot Swap Power Supply installation (rear view)
To remove a power supply, first unplug the power input to be removed. (If you
are working with a 12 VDC (2-Pin) sled, you will need to remove the ground
connection from the post after disconnecting power). Then, press the lever
fully down and pull on the handle.
To install a power supply, first insert the sled until the latch clicks and
the rear panel of the supply is aligned with the rear panel of the SecureSync.
(Be sure to connect power AFTER the sled is fully inserted, and not before).
Then, plug in the power input. (If you are working with a 12 VDC (2-Pin) sled,
you will also connect a grounding ring to the external post before connecting
power).
2.9.3.2
Hot Swap Monitoring
After installing power supplies, functionality can be confirmed through the
Web UI, CLI, front panel, or via SNMP.
Web UI Hot Swap Monitoring
You can view the status of the power supplies through the Web UI: navigate to
MANAGEMENT > OTHER > Hot Swap:
The Hot Swap Overall Status light at the top right of this page indicates
whether the unit has at least one active, valid power supply.
Green indicates all detected power supplies are valid
The status will show yellow if one power supply is not valid.
Red if there is no single HSPS module working properly (urgent need for
replacement).
Grey if the monitoring on both sleds has been disabled.
In this panel, you can also download (or clear) a file of the most recent
monitoring information for both bays.
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
57
2.9 Connecting Supply Power
The Rear View panel of the Hot Swap page will display a rendering of the rear
panel. You can hover over a power supply to confirm the bay number, and power
specifications.
The Hot Swap Status panels for Bay 1 and Bay 2 each provide information and
charts related to monitoring the power supplies of the unit, and contain the
following elements:
Health: OK, Warning, Fault, or Monitoring Disabled Present: Installed or Not
Installed Monitoring: ON/OFF. Monitoring of Hot Swap Power Supply statuses can
be disabled to reduce logging and health status updates. This setting disables
alarming in the case of power supply failure or issue (it is still possible to
view statistics for the bay if monitoring is disabled).
Note: It is recommended to disable monitoring on a bay if you choose to remove
a power supply long term or keep one inserted that you know is faulty.
Disabling monitoring on a faulty supply or empty bay will cause the overall
status to display as Okay (provided there is one fully functional power supply
installed).
Power Type: AC 110/220 V, DC 12/24 V, or DC 24/48 V Voltage (V) Current (A)
Fan Speed (RPM)
58
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.9 Connecting Supply Power
Temperature (C°) Voltage graph Current graph Fan Speed graph Temperature graph
CLI Hot Swap Monitoring
Functionality and status of the Hot Swap Power Supplies can also be obtained
by using the CLI command HS_GetStatus. This command will return the overall
Hot Swap status and total current, as well as the status and details for each
of the bays (health status, present, power type, fan speed, temp, voltage,
current, percentage).
Front Panel Hot Swap Monitoring
If your unit is configured with hot swappable power supplies, an additional
menu will be visible on the front panel OLED information menu.
Press the Power Menu button (you will need to pres twice if the first press
was waking up the display on the front panel). Press the right button to
highlight the Hot Swap sub-menu:
Press the down button to toggle between specific information for Bay 1 and Bay
2:
In the case of faulty power supplies, the front panel will flash on the
important parameter(s) to indicate the need for attention (in the image above,
the issue on Bay 2 is with the fan speed and voltage). You can also disable
monitoring on a specific bay by pressing the ENTER key while the bay is
highlighted. Bays with disabled monitoring will be noted on the front panel:
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
59
2.9 Connecting Supply Power
Note: Disabling monitoring on a single bay will remove it from consideration
in the Overall Hot Swap Status and remove alarming for the bay.
SNMP/Notifications Hot Swap Monitoring
If your unit is configured with hot swappable power supplies, additional
options will be visible in the Web UI under MANAGEMENT > Notifications in the
System tab:
You can configure these notifications to be send via SNMP: “Setting Up SNMP
Notifications” on page 283.
Hot Swap Power Supply Alarms
There are two Hot Swap specific alarms: The Hot Swap, Major Alarm will cause
the status to appear red in the Web UI and is triggered if one of the power
supplies falls within the following thresholds:
Voltage (< 11V) or (> 13V) Current (> 9A) Fan Speed (< 10,000 RPM) or (>
18,000 RPM) The Hot Swap, Minor Alarm will cause the status to appear yellow
in the Web UI and is triggered if one of the power supplies falls within the
following thresholds: Temperature AC sled (<-25 °C) or (> 85°C) Temperature DC
sled (<-40 °C) or (> 85°C) Unknown Sled Type installed
Note: An alarm can also be triggered if one of the power supplies is only
partially inserted into the unit, and not inserted enough for the latch to
click, or if you disconnect, but do not remove, a power supply. It is also
possible that the hot swap power supply may shift during shipping or setup
enough to trigger this alarm. In this case, remove the power supply and
attempt to reinsert it.
60
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.10 Powering Up the Unit
2.10
Powering Up the Unit
1. After installing your SecureSync unit, and connecting all references and
network(s), verify that power is connected, and wait for the device to boot
up.
Note: SecureSync does not have a power switch. When the unit is plugged in,
the power will be on (unless you have an additional condition, such as your
unit has been halted).
2. Observe that the front panel illuminates The time display will reset and then start incrementing the time.
Figure 2-8: SecureSync front panel
1. Check the front panel status LED indicators:
The Power LED should be lit (not flashing).
The GNSS LED will be either OFF or flashing HEARTBEAT, since synchronization
has not yet been achieved.
The Alarms LED light should be OFF (startup behavior) or HEARTBEAT (acquiring
fix behavior). A FAST blinking pattern would indicate the unit requires
attention. For additional information, see “Status LEDs” on page 4 and “Status
Monitoring via Front Panel” on page 314.
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
61
2.11 Zero Configuration Setup
2.11
Zero Configuration Setup
As an alternative to conventional network configuration, SecureSync can also
be set up using the zero-configuration networking technology (“zeroconf”).
Note: You can use Zeroconf on either Ethernet port if DHCP is enabled.
Zeroconf must be used with a DHCP server.
When using zeroconf, a TCP/IP network will be created automatically, i.e.
without the need for manual configuration: Once SecureSync’s ETH connector is
connected to a network, you can directly access the SecureSync Web UI, using a
standard web browser, without any configuration.
Zeroconf can be used to connect to the unit through the Web UI:
when you need to identify the IP address assigned to your unit through DHCP in
circumstances when your unit is not connected directly to a PC when you wish
to access the Web UI of your SecureSync without using the CLI commands or
serial connection anytime the IP address of a unit is not known (for instance,
if you have “lost” your unit on a network).
Zeroconf Requirements
Prior to using zeroconf, ensure the following requirements are met: Your
network is DHCP enabled, and DHCP is enabled on the individual ETH port you
are using (this is the default setting). The PC you will use to communicate
with your unit is connected to the same network as your SecureSync. Windows
7/8 users should install Bonjour Print Services, otherwise access to *.local
addresses will not be possible. Windows 10 already supports mDNS and DNS-SD,
hence there is no need to install additional software.
62
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
Setting up an IP Address
2.11.1
Using Zeroconf
Connect to the Web UI of your SecureSync unit in these steps:
1. Obtain the last 6 digits of the MAC address: e.g., “0E 51 7B”. The MAC
address can be found:
On the front panel display under the Network menu
On the serial number label on the side on the unit
Through the CLI using the ifconfig command.
2. Connect the SecureSync to a router on your LAN via ETH0 or ETH1 connector.
3. Connect the power supply to the SecureSync unit.
4. On a connected computer, open your web browser and in the URL field type
the following:
securesync-[xxxxxx].local/
where the [xxxxxx] of the hostname are the last six digits of the MAC address.
(If your browser doesn’t recognize the information as an address, it may be
necessary to add the prefix http:// or https://)
You should now connected to the unit Web UI and can login using the factory
default credentials:
Username: spadmin
Password: admin123
Once you logged into the SecureSync via zeroconf, you can retrieve the DHCP
address for future use:
Navigate to MANAGEMENT: NETWORK > Network Setup. In the Ports panel, click on
the information button next to each Ethernet port. The popup window will
display the assigned DCHP IP address for the selected port.
See “Setting up an IP Address” below or “Accessing the Web UI” on page 71 for
more information.
2.12
Setting up an IP Address
In order for SecureSync to be accessible via your network, you need to assign
an IP address to SecureSync, as well as a subnet mask and gateway, unless you
are
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
63
2.12 Setting up an IP Address
using an address assigned by a DHCP server. There are several ways to setup an
IP address, described below:
via the front panel keypad and information display remotely …
… via serial cable … via dedicated network cable … via a DHCP network.
Before you continue …
… please obtain the following information from your network administrator:
Available static IP address This is the unique address assigned to the
SecureSync unit by the network administrator. Make sure the chosen address is
outside of the DHCP range of your DHCP server.
Note: The default static IP addresses of the SecureSync unit are: 192.168.1.1
for eth0 192.168.1.2 for eth1
Subnet mask (for the network) The subnet mask defines the number of bits taken
from the IP address that are used in the network portion. The number of
network bits used in the net mask can range from 8 to 30 bits.
Gateway address The gateway (default router) address is needed if
communication to the SecureSync is made outside of the local network. By
default, the gateway is disabled.
Note: Make sure you are assigning a static IP address to your SecureSync unit
that is outside of the DHCP range defined for the DHCP server. Your system
administrator will be able to tell you what this range is.
64
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.12 Setting up an IP Address
2.12.1
Dynamic vs. Static IP Address
On a DHCP network (Dynamic Host Configuration Protocol), SecureSync’s IP
address will be assigned automatically once it is connected to the DHCP
server. This negotiated address and other network information are displayed on
the unit front panel when the unit boots up.
If you plan on allowing your SecureSync to use this negotiated DHCP Address on
a permanent basis, you can skip the following topics about setting up an IP
address, and instead proceed to “Accessing the Web UI” on page 71, in order to
complete the SecureSync configuration process.
Please note:
Unless you are using DNS in conjunction with DHCP (with the client configured
using SecureSync’s hostname instead of IP address), Safran recommends to
disable DHCP for SecureSync, and instead use a static IP address. Failure to
do this can result in a loss of time synchronization, should the DHCP server
assign a new IP address to SecureSync.
2.12.2
Assigning a Static IP Address
Safran recommends assigning a static IP address to SecureSync, even if the
unit is connected to a DHCP server.
This can be accomplished in several ways:
a. Via the keypad and information display on the front panel of the unit, see
“Setting Up an IP Address via the Front Panel” below
b. By connecting the SecureSync to an existing DHCP network, temporarily using
the assigned DHCP address, see “Setting Up a Static IP Address via a DHCP
Network” on page 68.
c. By connecting a Personal Computer to SecureSync via a serial cable, see
“Setting Up an IP Address via the Serial Port” on page 69.
d. By connecting a Personal Computer directly to SecureSync via a dedicated
Ethernet cable, see “Setting up a Static IP Address via Ethernet Cable” on
page 70.
2.12.2.1
Setting Up an IP Address via the Front Panel
Assigning an IP address to SecureSync, using the front panel keypad and
information display is a preferred way to provide network access to the unit,
thus enabling you thereafter to complete the setup process via the Web UI.
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
65
2.12 Setting up an IP Address
Note: The following instructions apply to IPv4. To configure static addresses
in IPv6, you will need to use either the CLI or the front panel.
Keypad Operation
Figure 2-9: Front panel keypad and menu buttons
The functions of the keys are: arrow keys: Navigate to a menu option (will be
highlighted); move the focus on the screen; switch between submenus arrow
keys: Scroll through parameter values in edit displays; move the focus on the
screen ENTER key: Select a menu option, or confirm a selection when editing
menu buttons: Press these buttons to navigate to each of the seven main menus.
Detailed information on the front panel display menus can be found at “Front
Panel Keypad, and Display” on page 6
IP configuration, step-by-step instructions:
A. Disable DHCP: 1. Press the Network.Menu Button. Ensure that you are on the
Settings submenu.
66
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.12 Setting up an IP Address
2. Using the arrow key, press down once and press L/R to select the Ethernet
interface for which DHCP is to be disabled, such as eth0.
3. Press down to highlight the current DHCP state [ON or OFF], and press
ENTER to change the setting.
4. Use the arrow keys to select OFF, and press the ENTER key twice (once to
enter the setting, and once to confirm when the confirmation menu appears to
the right).
B. Enter IP Address and Subnet Mask: 1. Select the IPv4 Address row, press
ENTER to allow changes, and use the up and down arrows to change
000.000.000.000/00 to the value of the static IP address and subnet
mask/network bits to be assigned (for a list of subnet mask values refer to
the table “Subnet mask values” on page 70).
2. Press the ENTER key once to enter the setting, then again to confirm the
new setting in the confirmation menu.
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
67
2.12 Setting up an IP Address
C. Enter the Gateway Address (if required)
1. Highlight the gateway row. Press the key once to enter the setting.
2. The display will change, allowing you to input an address at
000.000.000.000. Enter the gateway address here. The address entered must
correspond to the same network IP address assigned to SecureSync.
The remainder of the configuration settings can be performed via the Web UI
(accessed via an external workstation with a web browser such as Firefox® or
Chrome®). For more information, see “The Web UI HOME Screen” on page 34.
2.12.2.2
Setting Up a Static IP Address via a DHCP Network
To setup a permanent static IP address, after connecting SecureSync to a DHCP
network:
1. Enter the IP address shown on the front panel information display of your
SecureSync unit into the address field of your browser (on a computer
connected to the SecureSync network). If the network supports DNS, the
hostname may also be entered instead (the default hostname is
productnamemacaddress. See “Zero Configuration Setup ” on page 62to identify
your MAC address). The start screen of the SecureSync Web UI will be
displayed.
2. Log into the Web UI as an administrator. The factory-default user name and
password are:
Username: spadmin
Password: admin123
3. Disable DHCP by navigating to MANAGEMENT > Network Setup. In the Ports
panel on the right, click the GEAR icon next to the Ethernet Port you are
using. In the Edit Ethernet Port Settings window, uncheck the Enable DHCPv4
field. Do NOT click Submit or Apply yet.
4. In the fields below the Enable DHCPv4 checkbox, enter the desired Static
IP address, Netmask, and Gateway address (if required). Click Submit.
For subnet mask values, see “Subnet Mask Values” on page 70.
5. Verify on the front panel information display that the settings have been
accepted by SecureSync.
6. Enter the static IP address into the address field of the browser, and
again log into the Web UI in order to continue with the configuration; see:
“The Web UI HOME Screen” on page 34.
68
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.12 Setting up an IP Address
2.12.2.3
Setting Up an IP Address via the Serial Port
SecureSync’s rear panel serial port connector is a standard DB9 female
connector. Communication with the serial port can be performed using a PC with
a terminal emulator program (such as PuTTY or TeraTerm) using a pinned
straightthru standard DB9M to DB9F serial cable.
SecureSync’s front panel serial port connector is a standard micro-B USB
female connector.
The serial ports can be used to make configuration changes (such as the
network settings), retrieve operational data (e.g., GNSS receiver information)
and log files, or to perform operations such as resetting the admin password.
The serial ports are account and password protected. You can login using the
same user names and passwords as would be used to log into the SecureSync Web
UI. Users with “administrative rights” can perform all available commands.
Users with “user” permissions only can perform “get” commands that retrieve
data, but cannot perform any “set” commands or change/reset any passwords.
To configure an IP address via the serial port:
1. Connect a serial cable to a PC running PuTTY, Tera Term, or HyperTerminal,
and to your SecureSync. For detailed information on the serial port
connection, see “Setting up a Terminal Emulator” on page 559
2. Login to SecureSync with a user account that has “admin” group rights,
such as the default spadmin account (the default password is admin123).
3. Disable DHCP, type: dhcp4set X off
Note: For a list of CLI commands, type helpcli, or see “CLI Commands” on page 560.
4. Configure the IP address and subnet mask, type:
ip4set x y.y.y.y z.z.z.z
5. Configure the gateway by typing gw4set x y.y.y.y
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
69
2.12 Setting up an IP Address
6. Remove the serial cable, connect SecureSync to the network, and access the
Web UI, using the newly configured IP address. (For assistance, see “Accessing
the Web UI” on the facing page).
The remainder of the configuration settings will be performed via the Web UI
(accessed via an external workstation with a web browser such as Firefox® or
Chrome®).
2.12.2.4 Setting up a Static IP Address via Ethernet Cable
This procedure will allow you to configure SecureSync using the Web UI
directly via the Ethernet port, if you cannot or do not wish to use a DHCP
network.
1. First, disable DHCP using the front panel keypad and information display:
see “Setting Up an IP Address via the Front Panel” on page 65.
2. Change the workstation IP address to be on the same network as SecureSync.
3. Connect workstation and SecureSync with an Ethernet cable.
The remainder of the configuration settings will be performed via the Web UI
(accessed via an external workstation with a web browser such as Firefox® or
Chrome®). For more information, see “The Web UI HOME Screen” on page 34.
2.12.3
Subnet Mask Values
Table 2-3: Subnet mask values
Network Bits Equivalent Netmask Network Bits Equivalent Netmask
30
255.255.255.252
18
255.255.192.0
29
255.255.255.248
17
255.255.128.0
28
255.255.255.240
16
255.255.0.0
27
255.255.255.224
15
255.254.0.0
26
255.255.255.192
14
255.252.0.0
25
255.255.255.128
13
255.248.0.0
24
255.255.255.0
12
255.240.0.0
23
255.255.254.0
11
255.224.0.0
22
255.255.252.0
10
255.192.0.0
21
255.255.248.0
9
255.128.0.0
20
255.255.240.0
8
255.0.0.0
19
255.255.224.0
70
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.13 Accessing the Web UI
2.13
Accessing the Web UI
SecureSync’s web user interface (“Web UI”) is the recommended means to
interact with the unit, since it provides access to nearly all configurable
settings, and to obtain comprehensive status information without having to use
the Command Line Interpreter (CLI).
You can access the Web UI either by using the automatically assigned DHCP IP
address, or by using a manually set static IP address (see “Assigning a Static
IP Address” on page 65):
1. On a computer connected to the SecureSync network, start a web browser,
and enter the IP address shown on the SecureSync front panel.
2. When first connecting to the Web UI, a warning about security certificates
may be displayed:
Select Continue….
Note: “Cookies” must be enabled. You will be notified if Cookies are disabled
in your browser.
Note: HTTPS only: Depending on your browser, the certificate/security pop-up
window may continue to be displayed each time you open the Web UI until you
saved the certificate in your browser.
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
71
Configure Network Settings
Note: Static IP address only: To prevent the security pop-up window from opening each time, a new SSL Certificate needs to be created using the assigned IP address of SecureSync during the certificate generation. See “HTTPS” on page 79 for more information on creating a new SSL certificate.
3. Log into the Web UI as an administrator. The factory-default administrator
user name and password are: Username: spadmin Password: admin123
Caution: For security reasons, it is advisable to change the default
credentials, see: “Managing Passwords” on page 290.
4. Upon initial login, you will be asked to register your product. Safran
recommends to register SecureSync, so as to receive software updates and
services notices. See also “Product Registration” on page 313.
Number of login attempts
The number of failed login attempts for ssh is hard-set to (4) four. This
value is not configurable. The number of failed login attempts for the Web UI
(HTTP/HTTPS) is hard-set to (5) five failed login attempts, with a 60 second
lock. These two values are not configurable.
To continue with the configuration, see e.g., “The Web UI HOME Screen” on page
34. To learn more about setting up different types of user accounts, see
“Managing User Accounts” on page 286.
2.14
Configure Network Settings
Before configuring the network settings, you need to setup access to
SecureSync web user interface (“Web UI”). This can be done by assigning a
static IP address, or using a DHCP address. For more information, see “Setting
up an IP Address” on page 63.
72
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.14 Configure Network Settings
Once you have assigned the IP address, login to the Web UI. For more
information, see “Accessing the Web UI” on page 71. To configure network
settings, or monitor your network, navigate to SecureSync’s Network Setup
screen. To access the Network Setup screen:
Navigate to MANAGEMENT > Network Setup. The Network Setup screen is divided
into three panels:
The Actions panel provides:
General Settings: Allows quick access to the primary network settings
necessary to connect SecureSync to a network. See “General Network Settings”
on the next page.
Web Interface Settings:
Web interface timeout: Determines how long a user can stay logged on. For more
information, see “Web UI Timeout” on page 294.
Web Security Level: High security will not allow browsers to use TLS below
v1.3 (to prevent known security vulnerabilities).
Access Control: Allows the configuration of access restrictions from assigned
networks/nodes.
Login Banner: Allows the administrator to configure a custom banner message to
be displayed on the SecureSync Web UI login page and the CLI (Note: There is a
2000 character size limit).
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
73
2.14 Configure Network Settings
SSH: This button takes you to the SSH Setup window. For details on setting up
SSH, see “SSH” on page 91.
System Time Message: Setup a once-per-second time message to be sent to
receivers via multicast. For details, see “System Time Message” on page 109.
VLAN: This button will reveal the VLAN Setup popup window. For more
information, see “VLAN Support” on page 109.
HTTPS: This button takes you to the HTTPS Setup window. For details on setting
up HTTPS, see “HTTPS” on page 79.
The Network Services panel is used to enable (ON) and disable (OFF) network
services, as well as the Web UI display mode, details see: “Network Services”
on page 76.
The Ports panel not only displays STATUS information, but is used also to set
up and manage SecureSync’s network ports via three buttons:
INFO button: Displays the Ethernet port Status window for review purposes.
GEAR button: Displays the Ethernet port settings window for editing purposes.
TABLE button: Displays a window that allows adding, editing, and reviewing
Static Routes.
2.14.1
General Network Settings
To expedite network setup, SecureSync provides the General Settings window,
allowing quick access to the primary network settings.
To access the General Settings window:
1. Navigate to MANAGEMENT > Network Setup. In the Actions Panel on the left,
click General Settings.
2. Populate the fields: Hostname: This is the server’s identity on the network or IP address.
74
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.14 Configure Network Settings
Default IPv4 Port: Unless you specify a specific Port to be used as Default
Port, the factory default port eth0 will be used as the gateway (default
gateway).
Default IPv6 Port: Unless you specify a specific Port to be used as Default
Port, the factory default port eth0 will be used as the gateway (default
gateway).
The General Settings window also displays the IPv4 Address and default IPv4
Gateway.
2.14.2
Network Ports
Ports act as communication endpoints in a network. The hardware configuration
of your unit will determine which ports (e.g., Eth0, Eth1, …) are available
for use.
To enable & configure, or view a network port:
1. Navigate to MANAGEMENT > NETWORK: Network Setup.
2. The Ports panel on the right side of the screen lists the available
Ethernet ports, and their connection STATUS:
Green: CONNECTED (showing the connection speed)
Yellow: CABLE UNPLUGGED (the port is enabled but there is no cable attached)
Red: DISABLED.
Locate the port you want to configure (eth0 or eth1) and click the GEAR button
to enable & configure the port, or the INFO button to view the port status.
3. Ethernet ports are enabled by default. If the port is not already enabled,
in the Edit Ethernet Ports Settings window, click the Enable check box. The
Edit Ethernet Ports Settings window will expand to show the options needed to
complete the port setup.
Fill in the fields as required:
Enable eth0: [Checkbox] Enable DHCPv4: [Checkbox] Check this box to enable the
delivery of IP addresses from a DHCP Server using the DHCPv4 protocol.
Static IPv4 Address: This is the default, or the unique address assigned by
the network administrator. The default subnet is: 255.255.0.0
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
75
2.14 Configure Network Settings
Netmask: This is the network subnet mask assigned by the network
administrator. In the form “xxx.xxx.xxx.xxx.” See “Subnet Mask Values” on page
70 for a list of subnet mask values.
IPv4 Gateway: The gateway (default router) address is needed if communication
to the SecureSync is made outside of the local network. By default, the
gateway is disabled.
IPv6 Auto Configuration: Choose between Disabled (disable auto configuration),
Auto (stateless auto configuration using SLAAC and DHCP), and Stateful (auto
configuration using DHCP only).
Domain: This is the domain name to be associated with this port.
DNS Primary: This is the primary DNS address to be used for this port.
Depending on how your DHCP server is configured, this is set automatically
once DHCP is enabled. Alternatively, you may configure your DHCP server to NOT
use a DNS address. When DHCP is disabled, DNS Primary is set manually, using
the format “#.#.#.#” with no leading zeroes or spaces, where each #’ is a decimal integer from the range [0,255]. DNS Secondary: This is the secondary DNS address to be used for this port. Depending on how your DHCP server is configured, this is set automatically once DHCP is enabled, or your DHCP server may be configured NOT to set a DNS address. When DHCP is disabled, DNS Secondary is set manually, using the format “#.#.#.#” with no leading zeroes or spaces, where each#’ is a decimal
integer from the range [0,255].
Edit IPv6 Address: Click on this button to configure a static IPv6 address.
4. To apply your changes, click Submit (the window will close), or Apply.
2.14.3
Network Services
Several standard network services can be enabled or disabled via the easily
accessible Network Services Panel under MANAGEMENT > Network Setup:
The Network Services panel has ON/OFF toggle switches for the following
daemons and features:
System Time Message: A once-per second Time Message sent out via Multicast;
for details, see “System Time Message” on page 109.
Daytime Protocol, RFC-867: A standard Internet service, featuring an ASCII
daytime representation, often used for diagnostic purposes.
Time Protocol, RFC-868: This protocol is used to provide a machine-readable,
site-independent date and time.
76
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.14 Configure Network Settings
Telnet: Remote configuration
SSH+SFTP: Secure Shell cryptographic network protocol for secure data
communication and secure access to logs.
HTTP: Hypertext Transfer Protocol
tcpdump: A LINUX program that can be used to monitor network traffic by
inspecting tcp packets. Default = ON. If not needed, or wanted (out of concern
for potential security risks), tcpdump can be disabled permanently: Once
toggled to OFF, and after executing a page reload, tcpdump will be deleted
from the system: The toggle switch will be removed, and the function cannot be
enabled again (even after a software upgrade) unless a full CLEAN upgrade is
performed. Removing tcpdump on this page will also remove the PTP-specific
functionality (see “The PTP TCP Dump Collection Panel” on page 162).
Note: A listing of recommended and default network settings can be found under
“Default and Recommended Configurations” on page 359.
2.14.4
Static Routes
Static routes are manually configured routes used by network data traffic,
rather than solely relying on routes chosen automatically by DHCP (Dynamic
Host Configuration Protocol). With statically configured networks, static
routes are in fact the only possible way to route network traffic.
To view, add, edit, or delete a static route:
1. Navigate to the MANAGEMENT > Network Setup screen.
2. The Ports panel displays the available Ethernet ports, and their
connection status.
3. To view all configured Static Routes for all Ethernet Ports, or delete one
or more Static Routes, click the TABLE icon in the top-right corner.
4. To add a new Route, view or delete an existing Route for a specific
Ethernet Port, locate the Port listing you want to configure, and click the
TABLE button next to it. The Static Routes window for the chosen Port will
open, displaying its Routing Table, and an Add Route panel.
In the Add Route panel, populate these fields in order to assign a Static
Route to a Port:
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
77
2.14 Configure Network Settings
Net Address: This is the address/subnet to route to. Prefix: This is the
subnet mask in prefix form e.g., “24”. See also “Subnet Mask Values” on page
70. Router Address: This is where you will go through to get there. Click the
Add Route button at the bottom of the screen.
Note: To set up a static route, the Ethernet connector must be physically
connected to the network.
Note: Do not use the same route for different Ethernet ports; a route that has been used elsewhere will be rejected.
Note: The eth0 port is the default port for static routing. If a port is not given its own static route, all packets from that port will be sent through the default.
2.14.5
Access Rules
Network access rules restrict access to only those assigned networks or nodes
defined. If no access rules are defined, access will be granted to all
networks and nodes.
Note: In order to configure Access Rules, you need ADMINISTRATOR rights.
To configure a new, or delete an existing access rule: 1. Navigate to the MANAGEMENT > Network Setup screen. 2. In the Actions panel on the left, click on Access Control. 3. The Network Access Rules window displays:
78
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.14 Configure Network Settings
4. In the Allow From field, enter a valid IP address. It is not possible,
however, to add direct IP addresses, but instead they must be input as blocks,
i.e. you need to add /32 at the end of an IP address to ensure that only that
address is allowed. Example: 10.2.100.29/32 will allow only 10.2.100.29
access.
IP address nomenclature:
IPv4–10.10.0.0/16, where 10.10.0.0 is the IP address and 16 is the subnet mask
in prefix form. See the table “Subnet Mask Values” on page 70 for
a list of subnet mask values.
IPv6–2001:db8::/48, representing 2001:db8:0:0:0:0:0:0 to
2001:db8:0:ffff:ffff:ffff:ffff:ffff.
5. Click the Add button in the Action column to add the new rule.
6. The established rule appears in the Network Access Rules window. Click the
Delete button next to an existing rule, if you want to delete it.
2.14.6
HTTPS
HTTPS stands for HyperText Transfer Protocol over SSL (Secure Socket Layer).
This TCP/IP protocol is used to transfer and display data securely by adding
an encryption layer to protect the integrity and privacy of data traffic.
Certificates issued by trusted authorities are used for sender/recipient
authentication.
Note: In order to configure HTTPS, you need ADMINISTRATOR rights.
Note that SecureSync supports two different modes of HTTPS operation: The Standard HTTPS Level (default), and a High-Security Level. For more information, see “HTTPS Security Levels” on page 308.
2.14.6.1
Accessing the HTTPS Setup Window
1. Navigate to MANAGEMENT > NETWORK: HTTPS Setup (or, navigate to MANAGEMENT
Network Setup, and click HTTPS in the Actions panel on the left):
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
79
2.14 Configure Network Settings
The HTTPS Setup window has five tabs:
Create Certificate Request: This menu utilizes the OpenSSL library to generate
certificate Requests and self-signed certificates.
Subject Alternative Name Extension: This menu is used to add alternative names
to an X.509 extension of a Certificate Request.
Certificate Request: A holder for the certificate request generated under the
Create Certificate Request tab. Copy and paste this Certificate text in order
to send it to your Certificate Authority.
Upload X.509 PEM Certificate: Use the window under this tab to paste your
X.509 certificate text and upload it to SecureSync.
Upload Certificate File: Use this tab to upload your certificate file returned
by the Certificate Authority. For more information on format types, see
“Supported Certificate Formats” on the facing page.
Exit the HTTPS Setup window by clicking the X icon in the top right window
corner, or by clicking anywhere outside the window.
Should you exit the HTTPS Setup window while filling out the certificate
request parameters form before clicking the Submit button, any information you
entered will be lost. Exiting the HTTPS Setup window will not lose and Subject
Alternative Names that have been entered. When switching between tabs within
the HTTPS Setup window, the information you have entered will be retained.
2.14.6.2 About HTTPS
HTTPS provides secure/encrypted, web-based management and configuration of
SecureSync from a PC. In order to establish a secure HTTPS connection, an SSL
certificate must be stored inside the SecureSync unit.
80
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.14 Configure Network Settings
SecureSync uses the OpenSSL library to create certificate requests and
selfsigned certificates. The OpenSSL library provides the encryption
algorithms used for secure HTTP (HTTPS). The OpenSSL package also provides
tools and software for creating X.509 Certificate Requests, Self Signed
Certificates and Private/Public Keys. For more information on OpenSSL, please
see www.openssl.org. Once you created a certificate request, submit the
request to an external Certificate Authority (CA) for the creation of a third
party verifiable certificate. (It is also possible to use an internal
corporate Certificate Authority.) If a Certificate Authority is not available,
or while you are waiting for the certificate to be issued, you can use the
default Safran self-signed SSL certificate that comes with the unit until it
expires, or use your own self-signed certificate. The typical life span of a
certificate (i.e., during which HTTPS is available for use) is about 10 years.
Note: If deleted, the HTTPS certificate cannot be restored. A new certificate
will need to be generated.
Note: In a Chrome web browser, if a valid certificate is deleted or changed
such that it becomes invalid, it is necessary to navigate to Chrome’s
Settings> More Tools> Clear browsing data> Advanced and clear the Cached
images and files in the history. Otherwise Chrome’s security warnings may make
some data unavailable in the Web UI.
Note: If the IP Address or Common Name (Host Name) is changed, you need to
regenerate the certificate, or you will receive security warnings from your
web browser each time you log in.
2.14.6.3 Supported Certificate Formats
SecureSync supports X.509 PEM and DER Certificates, as well as PKCS#7 PEM and
DER formatted Certificates. You can create a unique X.509 self-signed
Certificate, an RSA private key and X.509 certificate request using the Web
UI. RSA private keys are supported because they are the most widely accepted.
At this time, DSA keys are not supported.
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
81
2.14 Configure Network Settings
2.14.6.4 Creating an HTTPS Certificate Request
Caution: If you plan on entering multiple Subject Alternative Names to your
HTTPS Certificate Request, you must do so before filling out the Create
Certificate Request tab to avoid losing any information. See “Adding HTTPS
Subject Alternative Names” on page 85.
To create an HTTPS Certificate Request: 1. Navigate to MANAGEMENT > NETWORK:
HTTPS Setup, or in the MANAGEMENT > NETWORK Setup, Actions panel, select
HTTPS:
2. Click the Create Certificate Request tab (this is the default tab). 3.
Check the box Create Self Signed Certificate, in order to open up all menu
items. This checkbox serves as a security feature: Check the box only if you
are certain about generating a new self-signed Certificate.
Caution: Once you click Submit, a previously generated Certificate (or the
Safran default Certificate) will be overwritten.
Note that an invalid Certificate may result in denial of access to SecureSync
via the Web UI!
82
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
2.14 Configure Network Settings
4. Fill in the available fields:
Signature Algorithm: Choose the algorithm to be used from:
MD4
SHA1
SHA256
SHA512
Private Key Pass Phrase: This is the RSA decryption key. This must be at least
4 characters long.
RSA Private Key Bit Length: 2048 bits is the default. Using a lower number may
compromise security and is not recommended.
Two-Letter Country Code: This code should match the ISO-3166-1 value for the
country in question.
State Or Province Name: From the address of the organization creating up the
Certificate.
Locality Name: Locale of the organization creating the Certificate.
Organization Name: The name of the organization creating the Certificate.
Organization Unit Name: The applicable subdivision of the organization
creating the Certificate.
Common Name (e.g. Hostname or IP): This is the name of the host being
authenticated. The Common Name field in the X.509 Certificate must match the
hostname, IP address, or URL used to reach the host via HTTPS.
Email Address: This is the email address of the organization creating the
Certificate.
Challenge Password: Valid response password to server challenge.
Optional Organization Name: An optional name for the organization creating the
Certificate.
Self-Signed Certificate Expiration (Days): How many days before the
Certificate expires. The default is 7200.
You are required to select a signature algorithm, a private key passphrase of
at least 4 characters, a private key bit length, and the Certificate
expiration in days. The remaining fields are optional.
It is recommended that you consult your Certificate Authority for the required
fields in an X 509-Certificate request. Safran recommends all fields be filled
out and match the information given to your Certificate Authority.
CHAPTER 2 · SecureSync 2400 User Manual Rev. 7.0
83
2.14 Configure Network Settings
For example, use all abbreviations, spellings, URLs, and company departments
recognized by the Certificate Authority. This helps to avoid problems the
Certificate Authority might otherwise have reconciling Certificate request and
company record information. If necessary, consult your web browser vendor’s
documentation and Certificate Authority to see which key bit lengths and
signature algorithms your web browser supports. Safran recommends that when
completing the Common Name field, the user provide a static IP address,
because DHCP-generated IP addresses can change. If the hostname or IP address
changes, the X.509 Certificate must be regenerated. It is recommended that the
RSA Private Key Bit Length be a power of 2 or multiple of 2. The key bit
length chosen is typically 1024, but can range from 512 to 4096. Long key bit
lengths of up to 4096 are not recommended because they can take several hours
to generate. The most common key bit length is the value 1024.
Note: The default key bit length value is 2048.
When using a self-signed Certificate, choose values based on your company’s
security policy. 5. When the form is complete, confirm that you checked the
box Create Self Signed Certificate at the top of the window, then click
Submit. Clicking the Submit button automatically generates the Certificate
Request in the proper format for subsequent submission to the
References
- navigation-timing.com/
- Sign in to Outlook
- Product Registration
- The World Leader in Resilient PNT - Safran - Navigation & Timing
- Clock and Timing Solutions | Microchip Technology
- Daylight Saving Time - When do we change our clocks?
- PuTTY: a free SSH and Telnet client
- Tools For Google Earth
- Convert Coordinates
- Welcome to the home of the Network Time Protocol (NTP) Project.
- Welcome to the home of the Network Time Protocol (NTP) Project.
- OpenSSH
- OpenSSH
- /index.html
- /index.html
- WorldTimeServer.com: Current Local Time and Date in any Zone
- Strict-Transport-Security - HTTP | MDN
- GitHub - kravietz/pam_tacplus: TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
- The World Leader in Resilient PNT - Safran - Navigation & Timing
- Contact Us - Safran - Navigation & Timing
- Support Hub - Safran - Navigation & Timing
- Time Zone Database
- NMEA Over UDP - Safran - Navigation & Timing