Ba CC7 76

Preface
Application and functions 1

LEDs, Connectors,
2
SIMATIC Buttons, CLP
Installation, wiring,
commissioning 3
Industrial Ethernet -
CloudConnect 4
SIMATIC CC7 Configuration
Diagnostics and
maintenance 5
Operating Instructions
Technical specifications 6
Approvals 7
Dimension drawings 8
Accessories A
Escape sequences B
Syslog messages C
SIMATIC CloudConnect 712 (6GK1411-1AC00)

SIMATIC CloudConnect 716 (6GK1411-5AC00)
10/2020
C79000-G8976-C503-03
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to
prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a
safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices
shown below are graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger
will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning
relating to property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the
specific task in accordance with the relevant documentation, in particular its warning notices and safety
instructions. Qualified personnel are those who, based on their training and experience, are capable of
identifying risks and avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant
technical documentation. If products and components from other manufacturers are used, these must be
recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning,
operation and maintenance are required to ensure that the products operate safely and without any
problems. The permissible ambient conditions must be complied with. The information in the relevant
documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this
publication may be trademarks whose use by third parties for their own purposes could violate the rights of
the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in
subsequent editions.
Siemens AG C79000-G8976-C503-03 Copyright © Siemens AG 2019 -

Digital Industries Ⓟ 10/2020 Subject to change 2020.
Postfach 48 48 All rights reserved
90026 NÜRNBERG
GERMANY
Preface
CAUTION
To prevent injury, read the manual before use.
Products
This document contains information on the following products:
SIMATIC CC712 / SIMATIC CC716
Hardware product version 1
Firmware version V1.5
Gateway for connection of a SIMATIC S7, OPC UA, or Modbus station to a cloud system,
OPC UA server for SIMATIC S7 data
Figure 1 SIMATIC CC716
The MAC address of the device is located below the socket for the power supply. You
will find the article number on the device front.
You will find the hardware product version on the right side of the device as placeholder
"X". "X 2 3 4", for example, indicates hardware product version 1.
Validity
This manual is valid for the following products:
Product name Article number Functions

SIMATIC CloudConnect 712 6GK1411-1AC00 Connection of 1 process station over Ethernet
SIMATIC CloudConnect 716 6GK1411-5AC00 Connection of up to 7 process stations
In addition: 1 digital input, 1 digital output,
PROFIBUS DP connection
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 3
Preface
Individual paragraphs or sections that are only valid for the CC716 are labelled with the
short form of the device.
Example: "PROFIBUS (CC716)"
Purpose of the manual

This manual describes the properties of the modules and shows application examples. It
supports you when installing, connecting up and commissioning the modules.
The required configuration steps are described. You will also find instructions for
operation and information about the diagnostics options.
Required experience
To install, commission and operate the module, you require experience in the following
areas:
• Data transfer via Ethernet / Internet / PROFIBUS
• Cloud systems, MQTT
• OPC UA
• Automation engineering
Terminology: Names and abbreviations

The following terms and abbreviations are used in this document:
• CC712
Short form for the gateway SIMATIC CloudConnect 712
• CC716
Short form for the gateway SIMATIC CloudConnect 716
• Device / Gateway / Module
Designations for the two products "SIMATIC CC712" and "SIMATIC CC716"
If content in the manual applies to only one of the two device variants, this will be
explicitly pointed out.
• Station
Process station (SIMATIC S7 / OPC UA station using OPC UA client / Modbus)
• WBM
Web Based Management
Web pages of the device for configuration and diagnostics data
• DB
Data block of a SIMATIC CPU
SIMATIC CC7
4 Operating Instructions, 10/2020, C79000-G8976-C503-03
Preface
New in this release

• New firmware version with:
– OPC UA client as station link
– Extension of topic editor
– Extended data buffering
• Editorial revision
Replaced edition
Edition 10/2019
Current edition of the manual and application example on the Internet

You can find the current version of this manual on the Internet pages of Siemens
Industry Online Support:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/25621/man)
You can find an application example here:
Link: (https://support.industry.siemens.com/cs/ww/en/view/109766675)
Cross references
In this document there are cross references to other sections.
To be able to return to the initial page after jumping to a cross reference, some PDF
readers support the command <Alt>+<left arrow>.
Lizenzbedingungen Open Source - aufrufbar aus WBM
License conditions
Note
Open source software
Read the license conditions for open source software carefully before using the product.
You will find the license conditions as a loadable file on the WBM pages of the device.
You will find the description of opening and loading license conditions in section Logging
into the WBM (Page 60).
You can find the file with the license conditions for Open Source software under the
following name:
• OSS_CloudConnect_99.html
Siemens provides products and solutions with industrial security functions that support
the secure operation of plants, systems, machines, and networks.
SIMATIC CC7
Preface
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art
industrial security concept. Siemens’ products and solutions form one element of such a
concept.
Customers are responsible for preventing unauthorized access to their plants, systems,
machines and networks. These systems, machines and components should only be
connected to the enterprise network or the Internet if and only to the extent necessary
and with appropriate security measures (firewalls and/or network segmentation) in
place.
You can find more information on protective measures in the area of industrial security
by visiting:
https://www.siemens.com/industrialsecurity
(https://www.siemens.com/industrialsecurity).
Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends performing product updates as soon as they are
available and using only the latest product versions. Use of product versions that are no
longer supported, and failure to apply latest updates may increase customer’s exposure
to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security
RSS Feed under
https://www.siemens.com/industrialsecurity
(https://www.siemens.com/industrialsecurity).
Firmware
The firmware is signed and encrypted. This ensures that only firmware created by
Siemens can be downloaded to the device.
Device defective
If a fault develops, please send the device to your Siemens representative for repair.
Repairs on-site are not possible.
Decommissioning
Shut down the device properly to prevent unauthorized persons from accessing
confidential data in the device memory.
To do this, restore the factory settings on the device.
Also restore the factory settings on the storage medium.
SIMATIC CC7
Preface
Recycling and disposal

The product is low in pollutants, can be recycled and meets the requirements of the
WEEE directive 2012/19/EU "Waste Electrical and Electronic Equipment".
Do not dispose of the product at public disposal sites. For environmentally friendly
recycling and the disposal of your old device contact a certified disposal company for
electronic scrap or your Siemens contact.
Keep to the local regulations.
You will find information on returning the product on the Internet pages of Siemens
Industry Online Support:
SIMATIC NET glossary

Explanations of many of the specialist terms used in this documentation can be found in
the SIMATIC NET glossary.
You will find the SIMATIC NET glossary on the Internet at the following address:
Training, Service & Support

You will find information on training, service and support in the multilanguage document
"DC_support_99.pdf" on the Internet pages of Siemens Industry Online Support:
SIMATIC CC7
Preface
SIMATIC CC7
Table of contents
Preface .........................................................................................................................................................3
1 Application and functions....................................................................................................................... 13
1.1 Application ......................................................................................................................................... 13
1.2 Functions and communication services ...................................................................................... 13
1.3 Configuration examples .................................................................................................................. 15
1.4 Other services and properties ....................................................................................................... 19
1.5 Configuration limits - communication ......................................................................................... 20
1.6 Range of functions of the WBM .................................................................................................... 21
1.7 Scope of delivery and requirements ............................................................................................. 22
2 LEDs, Connectors, Buttons, CLP ........................................................................................................... 27
2.1 LEDs ................................................................................................................................................... 27
2.2 Connections ...................................................................................................................................... 29
2.2.1 Ethernet interfaces P1/P2 ............................................................................................................. 29
2.2.2 PROFIBUS/MPI interface (CC716) .............................................................................................. 29
2.2.3 Digital Input / Output (CC716) ...................................................................................................... 30
2.2.4 External power supply ..................................................................................................................... 31
2.3 The button "SET" ............................................................................................................................. 32
2.4 CLP Slot ............................................................................................................................................. 33
3 Installation, wiring, commissioning....................................................................................................... 35
3.1 Important notes on using the device............................................................................................ 35
3.1.1 Notes on use in hazardous areas ................................................................................................. 35
3.1.2 Notes on use in hazardous areas according to ATEX / IECEx ................................................ 36
3.1.3 General notices on use in hazardous areas according to UL HazLoc / FM ........................ 38
3.2 Installation ......................................................................................................................................... 39
3.3 Connecting ......................................................................................................................................... 44
3.4 Commissioning ................................................................................................................................. 48
3.4.1 Commissioning ................................................................................................................................. 48
3.4.2 Using a CLP ....................................................................................................................................... 49
4 Configuration ............................................................................................................................................ 53
4.1 Security recommendations............................................................................................................. 53
4.2 Overview of the WBM pages.......................................................................................................... 56
4.3 General functions of the WBM ...................................................................................................... 57
4.4 Calling the WBM............................................................................................................................... 59
4.4.1 Establishing a connection to the WBM ....................................................................................... 59
4.4.2 Logging into the WBM..................................................................................................................... 60
SIMATIC CC7
Table of contents
4.4.3 Log out ................................................................................................................................................61

4.5 Start page ...........................................................................................................................................62
4.5.1 Info .......................................................................................................................................................62
4.6 Interface configuration ....................................................................................................................63
4.6.1 Ethernet ..............................................................................................................................................63
4.6.2 PROFIBUS / MPI (CC716) ..............................................................................................................65
4.6.3 DI/DO (CC716) ..................................................................................................................................70
4.7 Process access ..................................................................................................................................71
4.7.1 S7 / Modbus station ........................................................................................................................71
4.7.1.1 S7 Ethernet ........................................................................................................................................72
4.7.1.2 S7 PROFIBUS / MPI.........................................................................................................................74
4.7.1.3 Modbus / TCP ...................................................................................................................................76
4.7.2 OPC UA Station .................................................................................................................................77
4.7.2.1 OPC UA Security ...............................................................................................................................80
4.7.2.2 User authentication ..........................................................................................................................83
4.8 OPC UA server ...................................................................................................................................84
4.8.1 OPC UA Security ...............................................................................................................................86
4.8.2 User authentication ..........................................................................................................................90
4.8.3 Properties of the OPC UA server ...................................................................................................90
4.9 Cloud configuration ..........................................................................................................................91
4.9.1 Notes on data structuring and configuration ..............................................................................91
4.9.2 Profile ..................................................................................................................................................94
4.9.2.1 Configuring profile ............................................................................................................................94
4.9.2.2 MQTT configuration .........................................................................................................................97
4.9.2.3 Certificates .........................................................................................................................................99
4.9.2.4 Device parameters ........................................................................................................................ 101
4.9.3 Publisher .......................................................................................................................................... 101
4.9.3.1 Configuring topics .......................................................................................................................... 102
4.9.3.2 User data format ............................................................................................................................ 107
4.9.3.3 Data point assignment ................................................................................................................. 115
4.9.4 Subscriber ....................................................................................................................................... 118
4.9.4.1 Configuring topics .......................................................................................................................... 118
4.9.4.2 Payload format ............................................................................................................................... 119
4.9.4.3 Data point assignment ................................................................................................................. 120
4.10 Data points ...................................................................................................................................... 122
4.10.1 Transmission time and transferred data .................................................................................. 122
4.10.2 Data points ...................................................................................................................................... 123
4.10.3 Import variables ............................................................................................................................. 131
4.10.4 OPC UA browsing .......................................................................................................................... 134
4.11 Maintenance ................................................................................................................................... 135
4.11.1 System time .................................................................................................................................... 135
4.11.2 Certificate management ............................................................................................................... 138
4.11.3 User .................................................................................................................................................. 139
4.11.4 Firmware .......................................................................................................................................... 140
4.11.5 Backup and Restore ...................................................................................................................... 141
4.11.6 Communication / Restart ............................................................................................................. 143
4.11.7 Diagnostics ..................................................................................................................................... 144
4.11.8 Logging ............................................................................................................................................ 145
SIMATIC CC7
Table of contents
5 Diagnostics and maintenance ............................................................................................................. 147

5.1 Diagnostics options ....................................................................................................................... 147
5.2 Loading new firmware................................................................................................................... 147
5.3 Restarting and resetting ............................................................................................................... 148
5.4 Device replacement in the event of a fault ............................................................................... 150
6 Technical specifications ....................................................................................................................... 151
6.1 Technical specifications - CloudConnect 712 .......................................................................... 151
6.2 Technical Specifications - CloudConnect 716 ......................................................................... 152
7 Approvals ................................................................................................................................................ 155
8 Dimension drawings .............................................................................................................................. 159
A Accessories ............................................................................................................................................. 161
A.1 Power supply ................................................................................................................................... 161
A.2 CLPs.................................................................................................................................................. 162
B Escape sequences ................................................................................................................................. 163
B.1 JSON escape sequences .............................................................................................................. 163
C Syslog messages.................................................................................................................................... 165
C.1 Structure of the messages ........................................................................................................... 165
C.1.1 Structure of the Syslog messages .............................................................................................. 165
C.1.2 Variables in Syslog messages ..................................................................................................... 166
C.2 Syslog messages ............................................................................................................................ 167
C.2.1 Process communication status ................................................................................................... 167
C.2.2 IACS User identification and authentication ............................................................................ 168
C.2.3 Account management ................................................................................................................... 169
C.2.4 Unsuccessful login attempts ....................................................................................................... 169
C.2.5 Remote session termination ........................................................................................................ 170
C.2.6 Concurrent session control .......................................................................................................... 170
C.2.7 Non-repudiation (config change)................................................................................................ 170
C.2.8 Communication integrity............................................................................................................... 171
C.2.9 Session authenticity ...................................................................................................................... 171
C.2.10 IACS Backup.................................................................................................................................... 171
C.2.11 IACS Recovery and Reconstitution ............................................................................................. 172
Index ........................................................................................................................................................ 175
SIMATIC CC7
Table of contents
SIMATIC CC7
Application and functions 1
1.1 Application
Applications of the gateway

The gateway connects process stations to the following target systems:
• A cloud system via MQTT
Connecting process stations:
– S7 Ethernet (CC712 / CC716)
– S7 PROFIBUS (CC716)
– Modbus/TCP (CC712 / CC716)
– OPC UA station via integrated OPC UA client (CC712 / CC716)
• External OPC UA clients
Connecting process stations:
– S7 Ethernet (CC712 / CC716)
– S7 PROFIBUS (CC716)
– Modbus/TCP (CC712 / CC716)
– OPC UA station via integrated OPC UA client (CC712 / CC716)
1.2 Functions and communication services
Process stations
The gateway can communicate with the following process stations:
• SIMATIC S7-300/400/1200/1500/LOGO!
S7 communication via:
– Ethernet
– PROFIBUS/MPI (CC716)
• Modbus controllers
Communication via Ethernet (Modbus/TCP)
• OPC UA Station
Communication via Ethernet and integrated OPC UA client
SIMATIC CC7
Application and functions
1.2 Functions and communication services
Protocols for the cloud connection

The gateway supports the following protocols for communication with a cloud broker or
cloud server:
• MQTT
According to OASIS standard version 3.1 / 3.1.1
Supported cloud systems

The gateway supports the connection to cloud systems that support a broker
functionality with the above-mentioned requirements and the functions described below.
The cloud access ("Cloud profile") of the gateway is adapted to communication with the
following cloud systems and supports the listed services and functions:
• MindSphere (Siemens)
Service: MindConnect IoT Extension
Function: Publisher
• AWS (Amazon)
Service: IoT Core
Function: Publisher and Subscriber
• Azure (Microsoft)
Service: IoT Hub
• IBM Cloud (IBM)
Service: Watson IoT Platform
• Other Cloud
Profile for another cloud system
OPC UA server for process data

The gateway can be used as OPC UA server for transferring process data. The gateway
reads process data from a connected process station and makes it available to one or
more OPC UA clients as an OPC UA server.
The server function can be enabled or disabled in the configuration.
The OPC UA server supports the following functions:
• Reading and writing variables
• Monitoring variables (MonitoredItems) using Subscriptions
• Hierarchical address browsing
SIMATIC CC7
1.3 Configuration examples
The OPC UA server is implemented based on the "Micro Embedded Device 2017 Server
Profile" of the OPC Foundation. For details, see:
Link:
(https://apps.opcfoundation.org/ProfileReporting/ModifyProfile.aspx?ProfileID=19dfd3d
2-eb5a-40b0-b80b-b2b181d9fc51)
The OPC UA server supports the functions relevant for this profile from the following
specifications:
• IEC/TR 62541-1 (08-2012) OPC Unified Architecture - Part 1: Overview and Concepts
• IEC/TR 62541-2 (02-2009) OPC Unified Architecture - Part 2: Security Model
For the supported security profiles, refer to the section OPC UA Security (Page 86).
• IEC 62541-3 (08-2012) OPC Unified Architecture - Part 3: Address Space Model
For the supported data types, refer to the section Data points (Page 123).
• IEC 62541-4 (08-2012) OPC Unified Architecture - Part 4: Services
• IEC 62541-5 (08-2012) OPC Unified Architecture - Part 5: Information Model
• IEC 62541-6 (08-2012) OPC Unified Architecture - Part 6: Mappings
• IEC 62541-7 (09-2010) OPC Unified Architecture - Part 7: Profiles
Configuration using the WBM

You configure the gateway parameters in Web Based Management (WBM). The WBM
consists of Web pages stored in the gateway. From a configuration PC you connect to
the WBM of the gateway via HTTPS.

Below you will find examples of possible configurations with the "CloudConnect 7"
gateway:
Connecting process stations

In the configurations shown, the gateway reads process data from one or more S7
stations and transfers them via MQTT to a cloud broker and/or makes the data available
to OPC UA clients via the OPC UA server.
SIMATIC CC7
A Modbus station or an OPC UA server, for example the automation device of a third-
party manufacturer, can also be connected to a cloud broker for data transfer.
• When it is connected to a SIMATIC S7, the gateway communicates using an S7
connection. Alternatively, S7 stations with OPC UA servers, e.g. a CPU1500 or a
CPU1200 as of FW 4.0, can also communicate via an OPC UA connection. The
gateway is the OPC UA client here. Data from the S7 station with activated block
optimization can also be accessed via OPC UA.
• When it is connected to a Modbus station, the gateway communicates using
Modbus/TCP.
• When connected to an OPC UA server, the gateway communicates with the process
station as an OPC UA client.
Configuring a CC712
The process station is a SIMATIC S7-300 in this example.
Figure 1-1 CloudConnect 712: Connection of a station to the cloud
SIMATIC CC7
Configuring a CC716
You can connect up to 7 stations over Ethernet or PROFIBUS using the CC716 gateway.
The gateway transfers the data to a cloud broker using MQTT.
In the example shown, an S7 300 is connected via Ethernet, an S7 1200 and an S7 400
via PROFIBUS and an S7-1500 via OPC UA.
Figure 1-2 CloudConnect 716: Connection of stations to the cloud
SIMATIC CC7
Connection of process stations to external OPC UA clients
Configuring a CC712
In the configuration shown, the CC712 gateway transfers process data of an S7 station
over OPC UA to a central control room or one or more OPC UA clients.
The gateway reads process data from the S7 station and, as OPC UA server, makes it
available to one or more OPC UA clients.
Figure 1-3 CloudConnect 712: Connection of a station to OPC UA clients
Via the CC716 gateway, up to 7 SIMATIC S7, OPC UA or Modbus stations can be
connected via Ethernet or PROFIBUS and the data can be exchanged with the external
OPC UA clients.
SIMATIC CC7
1.4 Other services and properties
1.4 Other services and properties
Other services and properties

• IP configuration
– The gateway supports IP addresses according to IPv4.
IPv6 is supported in addition at the cloud interface. For details, see section
Ethernet (Page 63).
– Address assignment:
The IP address, the subnet mask and the address of the default router can be set
in the configuration.
– DHCP: Alternatively, the IP address at the cloud interface P1 can be obtained from
a DHCP server.
– DNS: DNS servers can be optionally set up to resolve the host names of
communication partners.
• Time-of-day synchronization over Industrial Ethernet
Time-of-day synchronization of the gateway can be configured according to the
following NTP method (Network Time Protocol):
– NTP
– NTP (secure)
For more information, refer to the section System time (Page 135).
• CLP (Exchangeable storage medium)
The gateway can save the configuration data on a CLP. The CLP is an external
storage medium and does not ship with the product.
For information on the CLP slot, see section CLP Slot (Page 33).
For information on the functions of the CLP, see section Using a CLP (Page 49).
For ordering data of the available CLPs, see appendix CLPs (Page 162).
• Diagnostics
With the following means and methods, you can obtain the diagnostics data of the
gateway:
– LEDs
– Web diagnostics
You will find more information on diagnostics in the section Diagnostics (Page 144).
SIMATIC CC7
1.5 Configuration limits - communication
1.5 Configuration limits - communication

The gateway supports the following maximum quantity structure.
Connection resources over the process interface

• Number of connections via S7 protocol
– CC712: Max. 1 S7 connection with an S7 station via Ethernet
– CC716: Max. 7 S7 connections with S7 stations via Ethernet or PROFIBUS
• Number of connections via UPC UA client
– CC712: Max. 1 OPC UA client connection to an external OPC UA server
– CC716: Max. 7 OPC UA client connections to external OPC UA servers
• Number of connections via Modbus/TCP
Max. 10 connections to Modbus stations
• Number of connections to the configuration PC
Max. 1 HTTPS connection
Maximum number of connections

S7 connections and OPC UA client connections are counted together. The maximum
number is:
• CC712: 1 connection
• CC716: 7 connections
Number of process data

• Variables in the data area of S7 or OPC UA stations
– CC712: Max. 500 variables in total
– CC716: Max. 3500 variables in total
• Variables per S7 or OPC UA stations
Max. 500 variables
• Variables per array (import from S7 CPU)
Max. 500 variables
• Variables in the data area of Modbus stations
Max. 100 variables per Modbus station
SIMATIC CC7
1.6 Range of functions of the WBM
Connections over the Cloud interface

• Number of sessions with the broker
Max. 1 session
• Number of connections of the integrated OPC UA server to external OPC UA
clients
Max. 10 simultaneous sessions with OPC UA clients
OPC UA server
As OPC UA server, the gateway supports the following quantity structure.
• Number of variables
– CC712: Total of max. 500 symbols / PLC tags
– CC716: Total of max. 3500 symbols / PLC tags
• Number of supported subscriptions
Max. 5 subscriptions per session
In total maximum of 50 subscriptions at the same time
• Number of items per subscription
Max. 500 variables per subscription
Max. 2500 variables over all subscriptions
1.6 Range of functions of the WBM
Web Based Management (WBM)

You configure the gateway using its Web Based Management (WBM). The WBM
consists of Web pages that can be called up in the Web browser of a connected PC.
From your PC you connect to the WBM via HTTPS.
For information on the Web browsers that can be used on the PC, see section Scope of
delivery and requirements (Page 22).
Access to the WBM

To call the WBM, you need to establish a connection between the PC and the gateway
via LAN, see section Establishing a connection to the WBM (Page 59).
SIMATIC CC7
1.7 Scope of delivery and requirements
Overview of the functions of the WBM

The WBM provides the following functions:
• User management
In the open WBM, you specify the user name and the password for the
"Administrator" role. You can only access the WBM with this administrator
information.
• Configuration
Using the WBM, configure the following function areas:
– Basic functions such as the time of day or IP address
– Connection of the process station
– Connection to the higher-level network (cloud, OPC clients)
– Communication functions
• Maintenance and diagnostic functions
– Diagnostics
– Loading and storing the configuration data
– Downloading new firmware versions
Reusing the configuration file

The configuration data you create in the WBM is saved in the gateway. If you have
plugged in a CLP, the configuration data of the gateway is also written to the CLP after
clicking the "Apply" button.
If you are using multiple gateways with partially identical configuration data, you can
export the configuration file of a gateway and download it to additional gateways where
you can adapt it as needed.
Scope of delivery
The following positions ship with the gateway:
• Gateway "CloudConnect 7"
• Terminal block for power supply of the gateway
• Terminal block for the digital input and the digital output (CC716)
SIMATIC CC7
Required accessories
The following accessories (which do not ship with the product) are required for gateway
operation:
• Power supply
You need a 24 V DC external voltage source.
• PC
To configure the gateway, you need a configuration PC with suitable Web browser
(see below).
• LAN cable
For the connection of the configuration PC to the X2 LAN interface of the gateway,
you need a Cat 5 or higher ITP cable.
• Cable for the process connections
To connect the process station(s) with the gateway, you need the appropriate LAN or
PROFIBUS cable.
Communication partner
• Process access
For process access you need a station in productive operation, alternatively:
– S7 station
– OPC UA station with OPC UA server
– Modbus station
• Cloud access / External OPC clients
– For cloud access, you need the access set up to a cloud broker.
– You need at least one configured OPC UA client to connect external OPC UA
clients.
Requirements in the S7 stations
WARNING
Writing values to outputs
When referencing to outputs with write access, note that the values are written
immediately to the outputs of the CPU without first being processed by the user
program.
Writing values has a direct influence on the process.
SIMATIC CC7
The following requirements need to be met in your STEP 7 project or in the connected
S7 stations.
• Variables / symbols
For access to the process data by referencing to variables of the CPU, variables or
symbols must be created in the relevant CPU.
Write access via the MQTT Subscriber function of the gateway is only possible in DB
variables of the CPU.
STEP 7 Professional: The "Optimized block access" option must be disabled for DBs
and access via an S7 connection. The option need not be disabled for access via the
OPC UA server of the CPU.
The variables of the CPU must be marked as follows for use by OPC UA services
(options selected):
– "Accessible from HMI/OPC UA"
– "Writable from HMI/OPC UA"
Required for write access
For further details, see section Data points (Page 123).
• OPC UA: Components of the identifier
During configuration, note that the following names are used as part of the identifier
in the NodeId of a variable:
– CPU name
– Name of the DB variable
• CPU 1200/1500 via S7 connection
– Read protection cannot be configured under "Protection & Security" in the CPU.
– Access via PUT/GET must be configured under "Protection & Security" in the CPU.
• CPU 300/400 via S7 connection
Read protection cannot be configured under "Protection" in the CPU.
• CP 300/400 via S7 connection
The following requirements must be met on the CP for access to the station via a CP:
– When "IP access protection" is configured, the IP address of the gateway must be
configured with the right "A".
• CP 1200 via S7 connection
For access to the station via a telecontrol CP, S7 communication must be enabled on
the CP under "Communication types".
SIMATIC CC7
Web browser for the configuration PC

For access to the WBM of the gateway, the configuration PC needs one of the following
Web browsers.
• Apple Safari
• Firefox Quantum
• Google Chrome
• Microsoft Edge
The Web browser must accept cookies. The application uses a cookie.
JavaScript must be enabled in your Web browser.
Recommendation: Use the latest available version of the Web browser.
Optional
• CLP
Exchangeable storage medium for storing configuration data
• NTP server - can be reached over interface P1 / P2
• DHCP server - can be reached over interface P1
• DNS server - accessible via the P1 / P2 interface (P2 if the "Cloud interface in same
subnet" option is enabled)
SIMATIC CC7
LEDs, Connectors, Buttons, CLP 2
2.1 LEDs
The LEDs on the front show the states of the module.
The LED symbols in the table below correspond to the following states of the LEDs:
LED symbol
LED status OFF ON (steady light) * Flashing
* : Part flashes yellow and part lit green
Meaning of the LED displays
LED name LED pat- Meaning / Module status

(colors) tern
Power Power supply
(green) Power OFF
Power ON
Device Connec- Connection to process stations
tion No connection to configured process stations
(green / yellow)
Existing connection to all configured process stations
No connection to at least one of the configured process stations
No communication with process stations Possible causes:

• Incorrect configuration
• Stop of communication via:
– WBM: "Maintenance > Communication / Restart"
– CC716: Digital input
No process station configured
Cloud Connection Connection to Cloud
(green / yellow) No connection to cloud server
Existing connection to cloud server
Connection establishment to cloud server
No communication with cloud server. Possible causes:

• Incorrect configuration
• Interrupted operation of the cloud server
SIMATIC CC7
LEDs, Connectors, Buttons, CLP
2.1 LEDs
LED name LED pat- Meaning / Module status

(colors) tern
No cloud server configured
Diagnosis Diagnostics
(green / yellow) No error
Diagnostic message available, see WBM "Maintenance > Diagnostic messages".
Reset is initiated (button pressed during startup).
Reset is executed (button can be released).

Security
No secure connection with the cloud server / external OPC UA clients configured
(green)
All connections with the cloud server / external OPC UA clients securely config-
ured
At least one unsecured connection with the cloud server / external OPC UA cli-
ents configured
P1 / P2 Connection to Ethernet at interface P1 or P2

(green / yellow) No Ethernet connection
Existing Ethernet connection
Existing connection with data traffic
LEDs only on CC716
MPI/DP Connection to PROFIBUS/MPI
(green / yellow) No connection to PROFIBUS/MPI
PROFIBUS fault (wire break, short circuit)
Established connection to PROFIBUS/MPI

DI Digital input
(yellow) Digital input ON (1)
Digital input OFF (0)
DO Digital output
(yellow) Digital output ON (1)
Digital output OFF (0)
SIMATIC CC7
2.2 Connections
2.2 Connections
2.2.1 Ethernet interfaces P1/P2
Ethernet interfaces
The gateway has two Ethernet interfaces according to Gigabit standard IEEE 802.3ab,
designed as RJ45 socket.
• P1
Cloud interface for connecting a cloud broker and external OPC clients
• P2
Process interface for connecting the stations of the automation plant
Note
Connection to subnets
The two Ethernet interfaces are not designed as a switch but are intended for
connection to different networks.
If the connection to the cloud is in the same subnet as the process connection, enable
the "Cloud interface in the same subnet" option in the "Interface configuration" in the
configuration.
You can find the properties of the Ethernet interfaces in section Technical specifications
(Page 151).
2.2.2 PROFIBUS/MPI interface (CC716)
9-pin D-sub socket (MPI/DP)

The PROFIBUS/MPI connection is a 9-pin D-sub socket and operates according to the
RS-485 standard.
You also have the option of connecting to optical PROFIBUS networks via an Optical Bus
Terminal OBT or an Optical Link Module OLM.
You can find the properties of the PROFIBUS interface in section Technical
specifications (Page 151).
SIMATIC CC7
2.2 Connections
2.2.3 Digital Input / Output (CC716)

The CC716 gateway has a digital input and a digital output. They can be used as follows:
• Digital Input
The input can be used alternatively as a trigger for the following functions:
– External trigger for transferring data points
– Stop/start trigger for process communication
• Digital output
The output is a switch and can be used to generate a status signal:
– Connection status to the cloud
The functions are configurable, see section DI/DO (CC716) (Page 70).
For information on allocation of the terminal blocks, see section Connecting (Page 44).
Digital input
SIMATIC CC7
2.2 Connections
Digital output
The output is a switch that switches the signal at +DO to -DO.
2.2.4 External power supply
External power supply

The connector (socket) for the external 24 V DC power supply is located on the front of
the gateway. The external power supply is redundant (optional use).
The power supply is connected to the gateway with the supplied 5-pin plug-in terminal
block.
The connection has a mechanical reverse polarity protection. The terminal block is
designed so that it can only be inserted in one position into the socket of the gateway.
SIMATIC CC7
2.3 The button "SET"
Figure 2-1 Socket of the external power supply
For information on allocation of the socket and for the connection, see section
Connecting (Page 44).
You will find further data on the power supply in section Technical specifications
(Page 151).
2.3 The button "SET"
Functions of the button
WARNING
EXPLOSION HAZARD
Do not press the button if there is a potentially explosive atmosphere.
The "SET" button has the following functions:

• Resetting to factory settings
Note
Configuration data is deleted
By resetting to factory settings, the gateway is reset to the status as it was delivered
from the factory. This deletes all the configured settings.
The data on an optional CLP are deleted as well.
For the precise effects of resetting, refer to the section Restarting and resetting
(Page 148).
SIMATIC CC7
2.4 CLP Slot
Pressing the button
Duration of press- Function and operation

ing the button (sec-
onds)
≥5s Resetting to factory settings
1. Turn off the power supply.
2. Switch the power supply on again while pressing the button.
Hold down the button for at least 5 seconds during startup.
Reset is prepared while the "Diagnosis" LED flashes.
3. Release the button when the LED stops flashing.
While the LED lights up with a green steady light, the gateway performs the reset.
Once reset is complete, the gateway performs a restart and can be reached using the default
IP address set at the factory.
2.4 CLP Slot

The slot for an optional CLP is located on the back of the module.
For information on inserting and removing the CLP, see section Using a CLP (Page 49).
Figure 2-2 Slot for optional CLP on the back of the device
SIMATIC CC7
2.4 CLP Slot
SIMATIC CC7
Installation, wiring, commissioning 3
3.1 Important notes on using the device
Safety notices on the use of the device

Note the following safety notices when setting up and operating the device and during all
associated work such as installation, connecting up or replacing the device.
WARNING
If the device is installed in a cabinet, the inner temperature of the cabinet corresponds
to the ambient temperature of the device.
3.1.1 Notes on use in hazardous areas
WARNING
EXPLOSION HAZARD
DO NOT OPEN WHEN ENERGIZED.
WARNING
EXPLOSION HAZARD
Replacing components may impair suitability for Class 1, Division 2 or Zone 2.
WARNING
The device may only be operated in an environment with pollution degree 1 or 2 as

described in IEC 60991-1.
WARNING
The device may only be operated in an environment with pollution degree 1 or 2 (see
IEC 60664-1).
SIMATIC CC7
Installation, wiring, commissioning
WARNING
EXPLOSION HAZARD
Do not connect or disconnect cables to or from the device when a flammable or
combustible atmosphere is present.
WARNING
When used in hazardous environments corresponding to Class I, Division 2 or Class I,

Zone 2, the device must be installed in a cabinet or a suitable enclosure.
WARNING
If a device is operated in an ambient temperature of more than 60 to 70 °C, the

temperature of the device housing may be higher than 70 °C. The device must
therefore be installed so that it is only accessible to service personnel or users that are
aware of the reason for restricted access and the required safety measures at an
ambient temperature higher than 60 °C.
3.1.2 Notes on use in hazardous areas according to ATEX / IECEx
WARNING
DIN rail
In the ATEX and IECEx area of application only the Siemens DIN rail 6ES5 710-8MA11
may be used to mount the modules.
WARNING
Requirements for the cabinet/enclosure
To comply with EC Directive 2014/34 EU (ATEX 114) or the conditions of IECEx, this
enclosure or cabinet must meet the requirements of at least IP54 (in compliance with
EN 60529) according to EN 60079-7.
SIMATIC CC7
WARNING
Cable
If the cable or conduit entry point exceeds 70 °C or the branching point of conductors
exceeds 80 °C, special precautions must be taken. If the equipment is operated in an
air ambient in excess of 50 °C, only use cables with admitted maximum operating
temperature of at least 80 °C.
WARNING
Take measures to prevent transient voltage surges of more than 40% of the rated
voltage. This is the case if you only operate devices with SELV (safety extra-low
voltage).
WARNING
LAN connection (Local Area Network)
A LAN or LAN segment with all the interconnected devices should be contained
completely in a single low voltage power distribution system in a building. The LAN is
designed either for “Environment A” according to IEEE802.3 or "Environment 0"
according to IEC TR 62102.
Do not connect any electrical connectors directly to the telephone network (Telephone
Network Voltage) or a WAN (Wide Area Network).
WARNING
EXPLOSION HAZARD
Do not press the SET button if there is a potentially explosive atmosphere.
SIMATIC CC7
3.1.3 General notices on use in hazardous areas according to UL HazLoc / FM

This equipment is suitable for use in Class I, Division 2, Groups A, B, C and D or non-
hazardous locations only.
This equipment is suitable for use in Class I, Zone 2, Group IIC or non-hazardous
locations only.
WARNING
EXPLOSION HAZARD
You may only connect or disconnect cables carrying electricity when the power supply
is switched off or when the device is in an area without inflammable gas
concentrations.
WARNING
EXPLOSION HAZARD
The equipment is intended to be installed within an ultimate enclosure. The inner
service temperature of the enclosure corresponds to the ambient temperature of the
module. Use installation wiring connections with admitted maximum operating
temperature of at least 30 ºC higher than maximum ambient temperature.
WARNING
Wall mounting is only permitted if the requirements for the housing, the installation
regulations, the clearance and separating regulations for the control cabinets or
housings are adhered to. The control cabinet cover or housing must be secured so that
it can only be opened with a tool. An appropriate strain-relief assembly for the cable
must be used.
WARNING
Substitution of components may impair suitability for Division 2.
SIMATIC CC7
3.2 Installation
3.2 Installation
WARNING
Open equipment
The device is "open equipment" acc. to the standard UL 61010-2-201. To fulfill
requirements for safe operation with regard to mechanical stability, flame retardation,
stability, and protection against contact, the following alternative types of installation
are specified:
• Installation in a suitable cabinet.
• Installation in a suitable enclosure.
• Installation in a suitably equipped, enclosed control room.
Note
You must not install the device on a wall in hazardous areas.
WARNING
Wall mounting outside of the control cabinet or housing does not fulfill the
requirements of the FM approval.
WARNING
Cable temperatures
If the cable or housing socket exceeds 70 °C or the branching point of the cables
exceeds 60 °C, special precautions must be taken. If the equipment is operated in an
ambient environment in excess of 40 °C, only use cables with permitted maximum
operating temperature of at least 80 °C.
NOTICE
Install and remove the device only when the power is off.
Switch off the power supply of the device before you install or remove the device.
Installing and removing devices with the power supply on can lead to damage to the
devices and to loss of data.
SIMATIC CC7
3.2 Installation
Installation options
You have the following options to install the gateway:
• Wall mounting
• Mounting on the following rail types (rack):
– DIN rail
– S7-1500 standard rail
– S7-300 standard rail
You can find suitable standard rails in the Siemens accessories program for
automation technology, for example:
35 mm standard mounting rail for 19" cabinets, article numbers 6ES5710-8MA11
• Mounting on pedestal
You can use the SCALANCE M pedestal 6GK5898-8MD00 for table mounting (does
not ship with the product).
Installation location
NOTICE
Installation location - Dependency of the temperature range
Note the dependency of the permitted temperature range of the installation location.
• Horizontal installation of the rack (DIN rail) means a vertical position of the modules.
• Vertical installation of the rack (DIN rail) means a horizontal position of the modules.
You will find the permitted temperature ranges in the section Technical specifications
(Page 151).
Installation of the rack Installation position of the modules

Horizontal installation of the rack
Vertical installation of the rack
SIMATIC CC7
3.2 Installation
Minimum clearances
Mount the device so that its upper and lower ventilation slits are not covered, allowing
adequate ventilation as protection from overheating.
Keep to the following minimum clearances for the circulation of air when the rack is
installed horizontally:
• Above the device: At least 33 mm
• Below the device: At least 25 mm
Wall mounting
1. Prepare the drill holes for wall mounting. For the dimensions, refer to the section
"Dimension drawings (Page 159)".
2. Secure the device to the wall with two screws (4 mm).
SIMATIC CC7
3.2 Installation
Installation on a DIN rail

1. Insert the device with the respective guide ① into the standard rail:
– Top guide for S7-1500 standard rail
– Center guide for S7-300 standard rail
– Bottom guide for DIN rail
2. Tilt the device to the back until the mounting rail release audibly locks in place ②.
3. Ground the mounting rail.
NOTICE
Grounding
For reasons of electrical safety, the DIN rail must be connected to the protective
conductor system (PE) of the electrical system.
Note
Protecting the modules from slipping on the DIN rail
If you install the modules in an area with mechanical load, use suitable clamping devices
at both ends of the device group to secure the modules on the DIN rail, e.g. Siemens and
retainer 8WA1808.
The end retainers prevent the modules separating under mechanical load.
SIMATIC CC7
3.2 Installation
Mounting on pedestal
1. Insert the device with the bottom housing guide on the top edge of the pedestal ①.
2. Press the device against the pedestal until the mounting rail release audibly locks in
place ②.
Uninstalling
Follow the steps below to remove the device from the rail:
1. Turn off the supply voltage of the device.
2. Pull the power supply plug and the cables of the communication networks.
3. Pull down the mounting rail release on the rear of the device.
4. Tilt the device out of the standard rail.
SIMATIC CC7
3.3 Connecting
3.3 Connecting
WARNING
Safety Extra-Low Voltage (SELV) by a Limited Power Source (LPS)
The equipment is designed for operation with Safety Extra-Low Voltage (SELV) by a
Limited Power Source (LPS).
This means that only SELV / LPS complying with IEC 60950-1 / EN 60950-1 /
VDE 0805-1 must be connected to the power supply terminals. The power supply unit
for the device must meet NEC Class 2 according to the National Electrical Code (r)
(ANSI / NFPA 70).
If the equipment is connected to a redundant power supply (two separate power
supplies), both must meet these requirements.
NOTICE
Suitable fusing for the power supply cables (corresponds to "Limited Energy")
The current on the terminal must not exceed 3 A. Use a fuse for the power supply that
protects against currents > 3 A.
The fuse has to be designed for protection of DC power supply circuits as well as for
the following requirements.
• In areas subject to the NEC or CEC, the fuse must meet the following requirements:
– Suitable for DC (min. 60 V / max. 3 A)
– Breaking current min. 10 kA
– UL/CSA listet (UL 248-1 / CSA 22.2 No. 248.1)
– Classes R, J, L, T or CC
• In other areas:
– Approved for power supply circuits (branch circuits) according to local regulations
(e.g. IEC 60127-1, EN 60947-1)
– Breaking characteristics: B or C circuit breakers and fuses
SIMATIC CC7
3.3 Connecting
If the properties of the supplying current source are known, the following fuse is also
possible:
– Breaking current > highest possible current of the current source (incl. short
circuit current and fault)
– Approval in accordance with UL 1077 or CSA C22.2 No. 235
• In other areas, the fuse must meet the following requirements:
– Approval according to IEC/EN 60934
– Breaking characteristics: Max. 120 s at 2 x In
You do not need a fuse for the power supply cable if you use a voltage source according
to NEC Class 2 or a power supply from the range of accessories, see appendix Power
supply (Page 161).
Recommendation: Use the power supply of a process station if this is in the vicinity of
the gateway.
Note
Protective ground
A PELV circuit contains a connection to protective ground. Without a connection to
protective ground, or in case there is a fault in the connection to the protective ground,
the voltage for the circuit is not stabilized.
SIMATIC CC7
3.3 Connecting
NOTICE
Fuses for the cables of the digital output (corresponds to "Limited Energy")
The current on the terminal must not exceed 1 A. Use a fuse for the power supply that
protects against currents > 1 A.
The fuse has to be designed for protection of DC power supply circuits as well as for
the following requirements.
– UL/CSA listet (UL 248-1 / CSA 22.2 No. 248.1)
– Classes R, J, L, T or CC
• In other areas:
– Approved for power supply circuits (branch circuits) according to local regulations
(e.g. IEC 60127-1, EN 60947-1)
– Breaking characteristics: B or C circuit breakers and fuses
The following fusing is also possible for the digital output:

– Approval according to UL 1077 or CSA C22.2 No. 235
• In other areas, the fuse must meet the following requirements:
– Approval according to IEC/EN 60934
– Breaking characteristics: max. 120s at 2 x In
Order of the work
NOTICE
Connection only with power off
Only connect the device with the power switched off.
The device can be disconnected from the power supply with the terminal block.
SIMATIC CC7
3.3 Connecting
Requirement: The device is mounted.

1. Connect the external power supply to the terminal block of the device.
Use functional earthing (see below) to ground the gateway.
2. Connect the cables of the two Ethernet networks to the interfaces of the device.
See the note in section Ethernet interfaces P1/P2 (Page 29).
3. CC716:
Connect the gateway on the RS485 socket to PROFIBUS via a plug-in cable.
NOTICE
Contacting the shield of the cable on the connector
The shield of the cable must be contacted. To do this, strip the insulation from the
end of the cable and connect the shield to functional earth.
4. CC716:
If necessary, connect the cable for the digital input/output to the terminal block of the
device.
– Always wire the digital input and output in pairs.
– The maximum permitted cable length is 30 m.
For information on the position of the terminals, see section Digital Input / Output
(CC716) (Page 30).
5. Turn the power supply on only after the device has been completely wired and
connected.
The further procedure is described in the section Commissioning (Page 48).
Terminal blocks for digital input/output and power supply

The plug-in terminal blocks for the sockets have mechanical reverse polarity protection.
You can find additional technical details in the section Technical specifications
(Page 151).
Digital input/output (CC716)
Table 3- 1 Assignment of the sockets for the digital input (DI) and digital output (DQ)
Terminal Assignment
DI+ DC 24 V
DI- (ground) -
DO+ Max. 24 V DC / max. 1 A
DO- -
SIMATIC CC7
3.4 Commissioning
Power supply
Note
The power supply unit of the device is not electrically isolated.
Use only copper cables for the power supply.
Table 3- 2 Pin assignment of the socket for the power supply
Terminal Assignment
L1+ DC 24 V
M1 Reference ground
M2 Ground reference for redundant connection
L2+ 24 V DC for redundant connection (optional)
Functional earth
3.4 Commissioning
3.4.1 Commissioning
Commissioning
1. After connecting the power supply to the gateway, switch on the power supply.
2. Connect the configuration PC to the gateway for configuration, refer to the section
Establishing a connection to the WBM (Page 59).
If you want to use a CLP, turn off the power supply before you start configuring, insert
the CLP and turn on the power supply again.
To make it easier to commission multiple gateways, see section Backup and Restore
(Page 141).
Requirements for operation

At least the following requirements apply to operating the gateway:
• Configuration of the device
• At least one running process station
• A configured cloud service or external OPC UA client on the internal OPC UA server
• Connecting the gateway to the networks of the communication partners
SIMATIC CC7
3.4 Commissioning
Applying the configuration data during commissioning

For information on the buttons of the WBM, see section General functions of the WBM
(Page 57).
The "Save" button
Confirm all your entries by clicking the "Save" button. This causes the settings to be
stored in the buffer, but not yet applied by the device. This prevents inconsistent
changes from being loaded to the Runtime system when the WBM page is changed.
The "Apply" button
All saved configuration data is applied to the Runtime system by clicking on the "Apply"
symbol.
3.4.2 Using a CLP
Exchangeable storage medium CLP

The gateway can be operated with an exchangeable CLP. The configuration data can be
stored on this exchangeable medium and this is retained if there is a power failure.
This removable medium simplifies the replacement of the gateway. By simply
exchanging the plug, all data can be transferred without having to be configured again.
The CLP is supplied with power by the gateway. The CLP retains all data permanently
when the power is turned off.
Note
Using brand-new CLPs
If you are using a brand-new CLP, follow the steps below:
1. Insert the CLP into the turned-off gateway.
2. Switch on the power of the gateway.
3. Format the CLP.
See section Backup and Restore (Page 141) for more on this.
Clicking the "Apply" button automatically writes the configuration data of the gateway to
the CLP.
Startup of the gateway with configuration file on CLP

If a configuration file is stored on the CLP and you plug the CLP into a gateway, this
configuration is overwritten by clicking the "Apply" button.
By inserting a CLP with valid configuration data into a brand-new gateway or a gateway
that was reset to factory settings, you can cause the gateway to start up with the
configuration file saved on the CLP.
SIMATIC CC7
3.4 Commissioning
Function
The configuration of the gateway is automatically saved on the CLP when you apply the
configuration in the WBM.
A device with the CLP plugged in only uses the configuration data on the CLP during
startup if it has been reset to the factory settings. This is, however, only possible when
the data was written by a compatible device type.
This allows fast and simple replacement of the basic device. If a device is replaced, the
CLP is taken from the failed device and inserted in the replacement. As soon as it starts
up, the replacement automatically applies the same device configuration as the failed
device.
Inserting the CLP and startup behavior
Note
Insert and remove only when power is off
The CLP may be inserted or removed only when the power is off!
The slot for the CLP is located on the back of the device, see section CLP Slot (Page 33).
To insert the CLP, follow these steps:
1. Turn off the power to the gateway.
2. Insert the CLP in the slot.
The CLP can only be inserted in one position.
3. Switch on the voltage again.
The behavior of the gateway depends on the state of the gateway and the CLP:
SIMATIC CC7
3.4 Commissioning
• Gateway is reset to factory settings (e.g. brand new)

– CLP unformatted (factory state) or previously used in a different device type:
Gateway starts up without configuration data, CLP remains unformatted.
– CLP formatted by a compatible gateway CLP without configuration data
Gateway starts up without configuration data.
– CLP formatted by a compatible gateway - CLP with valid configuration data:
Gateway starts with the configuration data of the CLP.
• Gateway with internally stored configuration data
– CLP unformatted (factory state) or previously used in a different device type:
Gateway starts with internal configuration, CLP remains unformatted.
– CLP formatted by a compatible gateway CLP without configuration data
The gateway starts up with internal configuration data. By changing and applying
the configuration, it is written to the CLP.
– CLP formatted by a compatible gateway - CLP with valid configuration data:
The gateway starts up with internal configuration data. By changing and applying
the configuration, it is written to the CLP.
Removing the CLP

1. Turn off the power to the device.
2. Insert a screwdriver between the front edge of the CLP and the slot and remove the
CLP.
Diagnostics
Malfunctions of the CLP are signaled by diagnostic messages.
SIMATIC CC7
3.4 Commissioning
SIMATIC CC7
Configuration 4
4.1 Security recommendations
Keep to the following security recommendations to prevent unauthorized access to the
system.
General
• You should make regular checks to make sure that the device meets the following
recommendations and other internal security guidelines if applicable.
• Evaluate your plant as a whole in terms of security. Use a cell protection concept with
suitable products.
• Check regularly for security updates of the products and use them.
• Check regularly for new features on the Siemens Internet pages.
– Here you will find information on industrial security:
Link: (http://www.siemens.com/industrialsecurity)
– Here you will find information on security in industrial communication:
Link: (http://w3.siemens.com/mcms/industrial-communication/en/ie/industrial-
ethernet-security/Seiten/industrial-security.aspx)
• Keep the software up to date. Always use the latest software version of the device.
Information regarding product news and new software versions is available at the
following address:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/25621/pm)
Physical access
Restrict physical access to the devices to qualified personnel.
Security functions of the product

Think about the services with which you want to enable access to the process stations
via public networks.
This product must not be operated on unprotected/trustworthy networks (e.g. the
Internet) without additional upstream protective devices.
Use the options for security settings in the configuration of the product:
• Activate the security functions of the product and the devices involved.
• Use secure protocol variants (see below).
SIMATIC CC7
Configuration
Passwords
• Define rules for the use of devices and assignment of passwords.
• Make sure that all passwords are protected and inaccessible to unauthorized
personnel.
• Do not use one password for different users and systems.
Protocols
Secure and insecure protocols

• Only activate protocols that you require to use the system.
• Use secure protocols when access to the device is not prevented by physical
protection measures.
– The NTP protocol provides a secure alternative with NTP (secure).
– Access to the Web server is only possible with HTTPS.
Server ports
The following table provides you with an overview of the open ports on this device.
• Protocol / function
Protocols that the device supports.
• Port number (protocol)
Port number assigned to the protocol.
• Default of the port
– Open
The port is open at the start of the configuration.
– Closed
The port is closed at the start of the configuration.
• Port status
– Open
The port is always open and cannot be closed.
– Open after configuration
The port is open if it has been configured.
• Authentication
Specifies whether or not the protocol authenticates the communications partner
during access.
SIMATIC CC7
Configuration
Table 4- 1 Server ports
Protocol / func- Port number (proto- Default of the port Port status Authentication
tion col)
HTTPS 443 (TCP) Open Open Yes
OPC UA server 4840 (or individually Closed Open after configuration Yes, when security is
port configured) (TCP) (server) enabled.
Client ports
Make sure that you open port 443 in your configuration PC (HTTPS) as well as the
required client ports of the services used in the respective firewall in the subnet of the
cloud in intermediary routers/gateways.
This can be:
• Broker port
– MQTT unsecured: 1883 (TCP)
– MQTT via TLS: 8883 (TCP)
The port number can be set in WBM.
• OPC UA client / 4840 (TCP)
• NTP / 123 (UDP)
• DNS / 53 (UDP)
• DHCP / 67, 68 (UDP)
• Syslog / 514 (UDP)
HTTPS connection over the process interface

For security reasons, you can only establish a connection to the WBM via the process
interface of the gateway from your PC.
Note
Ensure that the PC and gateway are located in a protected network.
The cloud interface is blocked for access to the WBM.
SIMATIC CC7
Configuration
4.2 Overview of the WBM pages
4.2 Overview of the WBM pages
Opening the WBM pages

All page titles that you need for navigation through the WBM are located at the top of
each WBM page.
Open a WBM page by clicking the page title.
The WBM tabs

The following list provides an overview of the WBM pages and their functions.
• Start page (Page 62)
– Info
The page provides an overview of important status and configuration data of the
gateway.
• Interface configuration (Page 63)
– Configuring the gateway interfaces
– Configuration of the digital input/output (CC716)
• Process access (Page 71)
– Configuration of S7 / Modbus station (S7 Ethernet / S7 PROFIBUS/MPI /
Modbus/TCP)
– Configuration of OPC UA station
• OPC UA server (Page 84)
– Configuring the OPC UA server
• Cloud configuration (Page 91)
– Configuring the cloud access
– Configuring the MQTT settings
– Certificate management
– Publisher: Configuring the topics/groups and the payload format
– Subscriber: Configuring the topics
• Data points (Page 122)
– Configuring the data points of the process stations
SIMATIC CC7
Configuration
4.3 General functions of the WBM
• Maintenance (Page 135)

– Time-of-day synchronization / setting the time
– Importing the Web server certificate
– User management
– Firmware update
– Configuration backup
– Process communication, restart
– Diagnostic messages
– Exporting logging data
Symbols in the toolbar

You can reach the following functions using the displays and symbols in the toolbar:
Symbol Function
Time and date of the runtime system
Switching the WBM language
Opens the online help of the WBM.
Apply
All saved data is applied to the Runtime system.
Apply
Applies saved configuration data to the Runtime system. The
Runtime system is restarted with the applied settings.
Counter which displays the remaining time of the current session.
By clicking the time display, the counter of the session duration is
reset.
Log off: Ends the connection to the WBM
Menu bar
The menu bar shows the tabs of the WBM over which you reach the different pages of
the WBM.
SIMATIC CC7
Configuration
When you minimize your browser window, the display of the tabs disappears and the
following symbol is displayed:
Symbol Function
Shows the tab titles as navigation with a minimized browser win-
dow.
Input boxes with filter

Input boxes as shown below have a filter function. If you enter a character or a character
string, all existing elements containing this character string are displayed.
You find these input boxes in the assignment of data points to topics, for example.
Figure 4-1 Empty input box with cursor
Figure 4-2 Input box in which "To" was entered.
In the example, all topics containing the characters "To" are displayed.
Save
Confirm all your entries by clicking the "Save" button. Your settings are thus saved to the
buffer.
The saved configuration data is not applied by the device yet by saving. This prevents
inconsistent changes from being loaded to the Runtime system when the WBM page is
changed.
Application to the runtime system

All saved configuration data is applied to the Runtime system by clicking on the "Apply"
symbol.
Incorrect entries in the configuration

The input boxes of the WBM are checked during input for faulty content and consistency.
Notes are output for boxes with detected errors during saving. The settings can only be
saved after the error has been corrected.
Grayed out fields cannot be edited.
SIMATIC CC7
Configuration
4.4 Calling the WBM
4.4 Calling the WBM
4.4.1 Establishing a connection to the WBM
Requirements
You can establish a connection between a PC and the gateway via HTTPS:
You can establish a connection over the P2 interface of the gateway.
The condition for access to the gateway is that the PC is located in the same subnet and
that the gateway can be reached.
First connection setup with preset IPv4 address

Use the following preset IPv4 address of the gateway during the first connection setup:
• P2 interface address: 192.168.0.55 / 24
Note
IP address of the CP
By default, the DHCP client of the gateway is disabled. Make sure that the PC has a
fixed IP address during the first connection setup and that it is located in the same
subnet as the connected interface of the gateway.
When using a DHCP server you do not need to specify the addressing on the PC to be
connected. When it is connected to the network, the PC is assigned an address.
Connection to the Web server of the gateway

Follow the steps below to connect the PC to the Web server of the gateway:
1. Open the Web browser.
2. Enter the IP address of the gateway in the address line of the Web browser:
– https://<Address>
With HTTPS connections when you log in, a warning can appear that the Web page is
not secure or that the certificate is not trustworthy. If you are sure that you have
entered the correct address, ignore the message. If necessary add the connection to
the exceptions (depending on the Web browser).
When the connection setup is successful, the logon window of the WBM opens.
SIMATIC CC7
Configuration
4.4 Calling the WBM
4.4.2 Logging into the WBM
HTTPS connection
Only HTTPS connections are supported.
You can establish a connection between a PC and the WBM of the device.
Changing standard user data
Note
Changing standard user data
For security reasons, the factory set user data (user name, password) of the standard
user must be changed when you log in the first time, see section User (Page 139).
Standard user data for the first login to the WBM is preassigned by the system:
User data Default values set in the factory

User name admin
Password admin
An administrator can be set up with all available rights for operation of the WBM.
Logging in
After establishing a connection between the PC and the device, the WBM opens with the
logon page.
Note
Entering the wrong user name or password
After entering an incorrect user name or password three times, a lockout period of one
minute begins. Only after the lockout time has expired can you try to log in again.
• User name
Enter the user name here.
• Password
Enter the password here.
• Logging in
Click the button to set up the connection to the WBM.
When you log in for the first time, you are prompted to change the default user data. You
can find the rules for password assignment in the section User (Page 139).
SIMATIC CC7
Configuration
4.4 Calling the WBM
Open Source Software and links to additional information

You can find the following links at the bottom of the login page:
• Online help
Opens the online help of the WBM.
• Open Source Software
Opens the license terms document for the Open Source Software.
If necessary, you can save the document on your PC.
• Siemens Industry Online Support
Opens the page of the gateway in the Internet portal of Siemens Industry Online
Support.
4.4.3 Log out
Manual logout using the button

You log out from the WBM by clicking on this button in the toolbar.
The connection to the device is terminated. All changes to the configuration data not
saved previously are lost.
Automatic logout after timeout

After 600 seconds without saving or changing the WBM page, you are logged out and
disconnected from the WBM. In this case, you must log in again.
In the WBM toolbar you can see the counter in the upper right-hand corner which
displays the remaining time of the current session. By clicking the time display, the
counter of the session duration is reset and the time of the session duration starts all
over again.
SIMATIC CC7
Configuration
4.5 Start page
4.5 Start page
4.5.1 Info
The page provides an overview of important status and configuration data of the device.
Status
• Operating state
Operating state of the device
• Process communication
Shows the status of the communication with the process stations.
• System runtime (dd-hh-mm-ss)
Time since the last startup (dd-hh-mm-ss)
• Serial number
Serial number of the device
• Article number
Article number of the device
• Hardware product version
Hardware product version of the device
• U-Boot version
Current U-Boot version for the firmware bootloader
• Software version
Current firmware version of the device
• CLP
Shows whether a CLP is currently inserted.
Process interface (P2)

The parameter group displays the current address data of the P2 interface.
• MAC address
• IPv4
Address parameters, Default router
SIMATIC CC7
Configuration
4.6 Interface configuration
Cloud interface (P1)

The parameter group displays the current address data of the P1 interface.
• MAC address
• IPv4 / IPv6
Address parameters, Default router
DNS server
The parameter group shows the IPv4 addresses of up to two configured DNS servers.
4.6.1 Ethernet
In this tab, you configure the address data of the Ethernet interfaces of the device.
Interface and factory default addresses

You configure the following interfaces on the web page:
• Process interface (P2)
The interface (P2) is used for connecting to the subnet of the process stations.
• Cloud interface (P1)
The interface (P1) is used for connecting to the Internet or to a router over which the
broker or the network with external OPC UA clients can be reached.
The device supports IPv4 addresses, and for cloud access also IPv6 addresses.
The following address data is preset in the factory:
Table 4- 2 Preset address data
Address data preset in the factory

Process interface (P2) Cloud interface (P1)
IPv4 address 192.168.0.55 192.168.121.55
IPv6 address - -
Subnet mask 255.255.255.0 255.255.255.0
SIMATIC CC7
Configuration
Process interface / Cloud interface
Note
No address check / configuration rules
The address bands are not checked automatically.
Make sure that the subnets of the two interfaces are not the same.
Configuration of link local, multicast and broadcast addresses is not allowed for the IPv6
address.
You configure both interfaces separately.

• Cloud interface in the same subnet
You can find this option under the parameter group of the Cloud interface.
Only enable the option if the connection to the cloud is in the same subnet as the
process connection.
When the option is enabled, the Cloud interface is disabled and the corresponding
input fields are locked.
The following parameters apply to both interfaces.
• MAC address
MAC address of the interface
• IPv4 / IPv6
Enable the respective IPv4 address.
Alternatively, the Cloud interface supports IPv6 addresses.
Note
No reachability when IP address data of the process interface is applied
The IP parameters of the process interface must match the settings of the IP address
data of your PC.
• IP address
Shows the default or last configured IP address. The actual IP address is displayed on
the "Info" start page.
During the initial configuration: Assign the IP address of the respective interface or
activate addressing by a DHCP server.
SIMATIC CC7
Configuration
• IP address via DHCP

Enable the option if you want to obtain the address data of the Cloud interface from a
DHCP server.
When the option is enabled, the address data boxes are grayed out, and the values
obtained from the DHCP server are displayed.
Note
DHCP server
The device supports the DHCP client function at the cloud Cloud interface. To use the
function, a DHCP server must be located in the subnet.
• Subnet mask
Shows the preset, last configured or the last subnet mask to be obtained from the
DHCP server.
During the initial configuration: Assign the subnet mask of the respective interface.
• Default router
Shows the configured IP address of the router being used or the one last obtained
with DHCP.
During the initial configuration: Assign the IP address of the router.
DNS server
• DNS server
You have the option of configuring the IP addresses of up to two DNS servers. The
DNS servers can be located in the subnet that is connected to the Cloud interface.
With an activated DHCP server, the related IP addresses of the DNS server are
displayed.
If no DNS server is used, the address box is empty.
4.6.2 PROFIBUS / MPI (CC716)

In this tab, you configure the address data of the PROFIBUS interface and the bus
parameters for the network connection of the gateway.
During manual configuration ("Automatic configuration" disabled), take into account
address assignment due to existing bus nodes, the transmission speed set on the bus,
and the profile of the connected PROFIBUS network.
SIMATIC CC7
Configuration
PROFIBUS configuration
• Address
Unique PROFIBUS/MPI address of the gateway in the bus system
Range of values: 0...126
Note:
You configure the address of the gateway communication partner in the tab "Process
access > Station configuration".
• Automatic configuration
– Option enabled
The gateway reads all relevant configuration data from the connected PROFIBUS
network. The following parameters are hidden for the configuration.
– Option disabled
You configure the PROFIBUS parameters yourself.
• Transmission speed
Transmission speed on the bus, value range - depending on the profile:
9.6 kbps, 19.2 kbps, 45.45 kbps, 93.75 kbps, 187.5 kbps, 500 kbps, 1.5 Mbps, 3 Mbps,
6 Mbps, 12 Mbps
With the "Universal" profile, max. 1.5 Mbps
• Highest address
Highest possible PROFIBUS address of a node in the PROFIBUS bus system
• Profile
Here you can specify the method (algorithm) with which the bus parameters
important for PROFIBUS operation should be calculated. The various methods are
optimally adapted to the respective operating mode of the subnet and result in stable
network operation.
– Standard/DP
The DP profile is suitable for using the DP protocol. For a homogenous DP
network with maximum one Class 1 DP master and no other DP masters
(additional PG is possible).
The standard profile is suitable for multi-protocol and multi-master operation with
fast bus nodes, for example, all SIMATIC NET S7 PROFIBUS CPs.
SIMATIC CC7
Configuration
– Universal
For operation with stations that cannot be operated in the DP or Standard
categories.
This option can only be selected with a transmission speed ≤ 1.5 Mbps.
– User-defined
With this setting, you can configure some bus parameters.
This profile should only be selected by trained specialists. You should only change
the default values if you are familiar with the configuration of the bus profile for
PROFIBUS.
• Number of masters / Number of slaves
When using the "Standard/DP" and "Universal" profiles, you can specify the number
of masters and slaves in the network in these two text boxes. The number of masters
and slaves is used for calculating the bus parameters in the network.
Permissible value ranges for these profiles:
– Number of masters: 0..126
– Number of slaves: 0..126
If you are using the "User defined" profile, the two text boxes are disabled. In this
case, the boxes have a fixed presetting:
– Number of masters: 1
– Number of slaves: 126
Bus parameters
The parameters (see table) that describe the properties of the PROFIBUS subnet are
mostly preset:
• The bus parameters are fixed or are calculated from them with the use of the
"Standard/DP" "Universal" profiles.
• If you are using the "User-defined" profile, you can configure some bus parameters.
Note
Configuring the bus parameters
We recommend applying the values already set in the connected PROFIBUS network for
the bus parameters.
SIMATIC CC7
Configuration
Bus parameter Range of values * Meaning ***

(default setting) **
Tslot 815/995...16383 * Slot time [t_Bit]
(100...3000) The slot time specifies the maximum length of time the sender will wait
for a response from an addressed partner.
For the calculation, the following parameters which have an effect on
the bus hardware are used as basis:
• Cable length: 1...1100 m
• Number of repeaters: 0...10
Max. Tsdr 76...1023 * Maximum protocol processing time [t_Bit]
(55...980) The maximum protocol processing time specifies the maximum time
allowed for the responding station to answer.
Max. Tsdr must be less than the slot time.
Min. Tsdr 11...75 * Minimum protocol processing time [t_Bit]
(11...150) The minimum protocol processing time specifies the minimum amount
of time after which the responding station can answer.
Tset 1...255 * Trigger time [t_Bit]
(1...240) The trigger time is the time that can elapse in the station between re-
ceiving a data frame and reacting to it.
Tqui 0...10 * Modulator quiet time [t_Bit]
(0...9) The modulator quiet time is the time that a sending station needs to
switch from send to receive after frame end.
GAP Factor 1...100 * The gap update factor specifies how many token round trips occur be-
(10...1000) fore a new active station can be included in the logical token ring.
Retry limit 1...15 * This parameter specifies the maximum number of attempts (frame repe-
(1...10) titions) allowed to access a station.
Tid2 55...980 Idle time 2 [t_Bit]
Calculated value Idle time 2 defines the minimum amount of time after sending an
unacknowledged frame after which a sending station can send the next
frame.
Trdy 11...150 Ready time [t_Bit]
Calculated value The ready time specifies the minimum amount of time after which a
sending station can receive a response frame.
Tid1 37...515 Idle time 1 [t_Bit]
Calculated value Idle time 1 defines the minimum amount of time after receiving an an-
swer after which a sending station can send the next frame.
SIMATIC CC7
Configuration
Bus parameter Range of values * Meaning ***

(default setting) **
Ttr 256...16777960 * Target Rotation Time [t_Bit]
(0...49888) The target rotation time is the maximum length of time available for a
token round trip. During this time, all active stations (DP master etc.) are
in possession of the token once. The difference between the target rota-
tion time and the actual token holding time of a station determines the
length of time remaining for the other active stations (PG, additional DP
masters etc.) to send frames.
Recommendation for the value: 5000 * "Highest PROFIBUS address"
Ttr (ms) Calculated value Target Rotation Time [milliseconds], calculated from "Ttr".
* value can only be defined under "User-defined" profile; value range depending on transmission speed.
** Default: Values depending on the profile and transmission speed.
*** The parameter values are specified in t_Bit. Exception: Ttr (ms)
Bit time (t_Bit)

The bit time is the time that elapses when sending a bit. It is calculated from the
reciprocal value of the transmission speed.
Using the "Bit time" unit has the advantage that the bus parameters can be specified
independently of the transmission speed used.
To calculate the time in milliseconds from the number of bit time units, use the following
formula:
SIMATIC CC7
Configuration
4.6.3 DI/DO (CC716)

You set the function of the digital input and output for the CC716 here.
If you do not need the input or output, select the "No function" option.
Digital Input
Configuration
The input can be disabled or used alternatively as a trigger for the following functions:
• No function
The input is disabled.
• Use as data point trigger
– 1→0
A falling edge at the input triggers the transfer of the topics with the assigned data
points once with the 1 → 0 trigger condition.
– 0→1
A rising edge at the input triggers the transmission of the topics with the assigned
data points with the trigger condition 0 → 1 once.
• Control process communication
An edge change at the input causes the following:
– 1 → 0: Stop
With a negative edge at the input, communication with all process stations is
stopped.
– 0 → 1: start
With a positive edge at the input, communication with all process stations is
started.
SIMATIC CC7
Configuration
4.7 Process access
Digital output
Configuration
The output can be disabled or used alternatively as a display for the following functions:
• No function
The output is disabled.
• Connection to the cloud
The output signal shows the following:
– 0: disconnected
The output signal 0 indicates that the connection of the gateway to the cloud has
been terminated.
– 1: connected
The output signal 1 indicates that the connection of the gateway to the cloud has
been established.
4.7 Process access
4.7.1 S7 / Modbus station
Add station
Here you create new process stations as communication partners.
• Station name
To create a new station, enter a unique name in the text box.
• Add
Creates a new station with the previously entered name in the configuration data of
the gateway.
SIMATIC CC7
Configuration
4.7 Process access
Station configuration
• Select station
Select one of the created stations to configure its settings.
• Protocol
Select the protocol type for the selected station:
– S7 Ethernet
– S7 PROFIBUS / MPI
– Modbus / TCP
After selecting the protocol, click on the tab "S7 Ethernet", "S7 PROFIBUS / MPI",
"OPC UA client" or "Modbus / TCP". The configurable parameters for this station are
displayed.
• Delete station
By clicking the button, the selected station is deleted.
Note
Accidental deletion
If you accidentally delete a station, you cannot undo the deletion.
4.7.1.1 S7 Ethernet
The gateway and the SIMATIC S7 station communicate over S7 connections. The
connection type is TCP. The gateway is the active partner during connection setup.
Requirements:
• PUT/GET communication must be activated in the S7 CPU.
• STEP 7: The "Optimized access" option must be deactivated for data blocks of the
CPU that are accessed by the gateway via an S7 connection.
You do not necessarily have to create a connection at the station end for the gateway to
communicate with the S7 station. The CPU reserves connection resources to unspecified
partners.
If you nevertheless want to create fixed connections, disable the "Active communication
establishment" option in the connection properties of the CPU. In this case, write down
the TSAP of the connection assigned by STEP 7 for each station.
SIMATIC CC7
Configuration
4.7 Process access
Parameters:
• IP address
IPv4 address of the station interface (CPU or CP)
• Controller family
Select the controller family of the connected station from the drop-down list:
– S7-1200/1500
– S7-300/400
– LOGO!
• Standard TSAPs
When the option is enabled, the device uses the standard TSAPs for its local TSAP
and the remote TSAP (S7 CPU). The standard settings for the remote TSAP are
intended for the case that you have not configured a connection to the gateway in the
STEP 7 project.
TSAPs are entered as hexadecimal values. For an S7-300/400, the TSAP references
the rack, the slot and the type of CPU connection resource.
Examples for an S7-300 CPU:
– TSAP: 11.02
Rack 0, slot 2, connection resource 11
– TSAP: 03.02
Connection configured at one end (Local end point "One-way") Connection partner
"unspecified"; the gateway as connection partner is not configured.
A connection resource for a connection configured at one end with unspecified
partner has the value 03.
A connection resource for a connection configured at both ends with unspecified
partner has the range of values 0x10...0xDF.
Recommendation for station configuration:
Use the configuration 0/0 or 0/1 for the rack/slot.
The following standard TSAP IDs are used:
– Local TSAP of the gateway: 01.01
– Remote TSAP of the controller family:
- S7-1200/1500: 02.01
- S7-300/400: 03.02
- LOGO!: 20.00
Disable the option if the remote TSAPs do not match the preset standard TSAPs. In
this case, configure the TSAP that is assigned in the STEP 7 project.
SIMATIC CC7
Configuration
4.7 Process access
• Local TSAP
Range of values: 01.01 ... 7E.7E
We recommend using the default TSAP (01.01).
• Remote TSAP
Enter the TSAP of the S7 connection assigned in STEP 7 at the station end if you
have configured a connection with an unspecified partner in the CPU for the gateway.
When using a configured unspecified connection, disable the "Active connection
establishment" option in STEP 7.
• Polling cycle (ms)
Cycle time in milliseconds in which the gateway reads the data from the station.
Range of values: 50...100 000 000
Note: If you transfer large volumes of data, the actual cycle time may be longer than
configured.
4.7.1.2 S7 PROFIBUS / MPI

Only for CC716
The gateway and the SIMATIC S7 station communicate over S7 PROFIBUS connections.
The gateway is the active station.
Requirements:
The same requirements apply as described in section "S7 Ethernet" above.
Parameters:
• PROFIBUS / MPI address
PROFIBUS address of the S7 station (gateway communication partner)
• Controller family
Select the controller family of the connected station from the drop-down list:
– S7-300
– S7-400
– S7-1200
– S7-1500
SIMATIC CC7
Configuration
4.7 Process access
• Standard TSAPs
When the option is enabled, the device uses the standard TSAPs for its local TSAP
and the remote TSAP (S7 CPU). The standard settings for the remote TSAP are
intended for the case that you have not configured a connection to the gateway in the
STEP 7 project.
TSAPs are entered as hexadecimal values. For an S7-300/400, the TSAP references
the rack, the slot and the type of CPU connection resource.
Examples for an S7-300 CPU:
– TSAP: 11.02
– TSAP: 03.02
Connection configured at one end (Local end point "One-way") Connection partner
"unspecified"; the gateway as connection partner is not configured.
A connection resource for a connection configured at one end with unspecified
partner has the value 03.
A connection resource for a connection configured at both ends with unspecified
partner has the range of values 0x10...0xDF.
The following standard TSAP IDs are used:
– Local TSAP of the gateway: 01.01
– Remote TSAP of the controller family:
- S7-1200/1500: 01.01
- S7-300: 02.02
- S7-400: 03.03
Disable the option if the remote TSAPs do not match the preset standard TSAPs. In
this case, configure the TSAP that is assigned in the STEP 7 project.
• Local TSAP
Range of values: 01.01 ... 7E.7E
We recommend using the default TSAP (01.01).
• Remote TSAP
Enter the TSAP of the S7 connection assigned in STEP 7 at the station end if you
have configured a connection with an unspecified partner in the CPU for the gateway.
• Polling cycle (ms)
Cycle time in milliseconds in which the gateway reads the data from the station.
Range of values: 50...1 000 000 00
Note: If you transfer large volumes of data, the actual cycle time may be longer than
configured.
You configure the transmission speed and the other network parameters in the tab
"Interface configuration > PROFIBUS".
SIMATIC CC7
Configuration
4.7 Process access
4.7.1.3 Modbus / TCP

The gateway and the Modbus station communicate over Modbus/TCP connections. The
gateway is the active partner during connection setup.
• RTU number
RTU number of the Modbus slave
• IP address
IPv4 address of the station interface
• Port number
Port number of the station interface. Default: 502
• Connection establishment attempts
Maximum number of attempts to establish a connection to a station.
After reaching the configured number of attempts, no additional connection attempts
are made until the gateway is restarted.
Range of values: -1...32768
With "-1" the number of connection attempts is unlimited.
• Polling interval (s)
Cycle time in seconds in which the gateway reads the data from the station.
• Reconnection delay (s)
Wait time (seconds) before a new connection attempt is made when the station
cannot be reached or the connection is terminated.
A wait time makes sense, for example, to wait for short-term network faults to be
removed or restart of a station.
• Timeout (ms)
When the gateway does not receive a response from the station within the configured
time (milliseconds), it repeats the station request.
• Max. number of faulty responses
Maximum number of outstanding or faulty station responses.
When reaching the maximum number, the gateway considers the station to be faulty
and terminates the connection. When a connection is terminated, the gateway tries to
re-establish the connection.
SIMATIC CC7
Configuration
4.7 Process access
• Retries
Maximum number of retries of the station query when the gateway does not receive
any or a faulty response from the station.
• Endianness
You use this option to specify the order in which the data of the station read word by
word is saved.
– Big Endian
The higher byte 1 is saved first. (Modbus standard)
– Little Endian
The lower byte 0 is saved first.
Numbering of the two bytes of a word: | 1 | 0 |
4.7.2 OPC UA Station
Add station
This is where you create new OPC UA stations as communication partners.
• Station name
To create a new station, enter a unique name in the text box.
• Add
Creates a new station with the previously entered name in the configuration data of
the gateway.
Station configuration
You configure the station settings here
• Select station
Select one of the created stations to configure the settings.
SIMATIC CC7
Configuration
4.7 Process access
Settings
• Application URI
Unique URI of the station with the following default components:
<Scheme (protocol)>:<Authority (station)>:<Path>
Default:
– urn:cc7-device:Siemens:OPCStation1@cc7-device
• Application name
Name of the OPC UA application of the gateway. The application name is required to
display the station at the server.
Default:
– OPCStation1@cc7-device
• Server address
Set the IPv4/IPv6 address or the DNS name of the OPC UA server to which the
station connects.
• Port number
You can change the port number of the station here. As default port number 4840 is
used, the standard TCP port for the OPC UA binary protocol. Permitted port numbers
are as follows:
– 1024 .. 65535
• Service call timeout (ms)
Enter the required time in milliseconds. If there are no service calls to the lower-level
OPC UA server after this period of time, the service calls are automatically
interrupted.
• Connection timeout (ms)
Enter the required time in milliseconds. If no connection to the lower-level OPC UA
server is established after this period of time, the connection is automatically
terminated.
• Watchdog time (ms)
Enter the required time in milliseconds. If a connection fails, this is the time interval
between connection checks or attempts to reconnect.
• Watchdog timeout (ms)
Enter the required time in milliseconds. If the connection to the lower-level OPC UA
server is not successfully checked after this time, the check is automatically aborted.
SIMATIC CC7
Configuration
4.7 Process access
• Delete station
By clicking the button, the selected station is deleted.
Note
Accidental deletion
If you accidentally delete a station, you cannot undo the deletion.
• Discover
When using "Discover", a connection is established with the server address and port
number specified above. If an OPC UA server is found, the application name, the
application UI and the discovery URLs of the OPC UA server are displayed.
Clicking on one of the discovery URLs displays the available endpoints of the OPC UA
server connection. If one of the available endpoints with the desired encryption is
selected and accepted with "Save", this security policy is set and the OPC UA server
certificate is automatically saved.
Note that an OPC UA client certificate must first be created or imported before an
endpoint != None - None can be saved.
Note
Update interval of the data
The OPC UA client works with subscriptions instead of polling. This allows the load
on the CPU side to be reduced as much as possible while still increasing the actuality
of the data in the gateway. This is why it is not necessary to specify the polling cycle
as is the case with S7 or Modbus stations.
SIMATIC CC7
Configuration
4.7 Process access
4.7.2.1 OPC UA Security
OPC UA security
First, use the first two options to specify whether the OPC UA station should use a self-
signed or an imported certificate.
• Use self-signed certificate
Select the option if the station should use a self-signed certificate.
When the option is enabled, the corresponding GUI elements are shown:
– Created client certificate
Shows the name of the created certificate.
– +
Opens the following dialog for configuring the certificate to be created:
"Create client certificate."
In this dialog, you configure the parameters of the certificate you are going to create.
– Issuer
Issuer of the certificate. Default: Siemens
– Common name of subject (CN)
Application name of the station
– Signing Algorithm
Select the required hash algorithm and the encryption method.
– Validity period (days)
Enter the required period of validity. Default: 365 days
– Subject alternate name (SAN)
As an alternate name (SAN), you can specify the IP address, host name, URI or an
e-mail address of the station.
The URI must be configured; either the IP address or the host name.
URI of the client with the following default components:
<Scheme (protocol)>:<Authority (station)>@<Path>
Default: urn:Siemens:UA:CC7
The protocol part (urn) must not be changed, the other components can be
configured.
After you have created a certificate, the certificate properties are displayed. For the
meaning of the parameters, see below, section "Trusted clients".
In addition, the following icons are shown next to the certificate name:
– Export client certificate
By clicking on the icon, you open a dialog for saving the certificate on your PC.
SIMATIC CC7
Configuration
4.7 Process access
– Delete certificate
By clicking on the icon, the self-created certificate is deleted.
• Import client certificate and private key
Select the option if you alternatively want to import the client certificate and key into
the station.
Requirement: The files are saved on your PC.
– Import client certificate / Import private key
Shows the name of the selected certificate or key file in the file system.
– Browse
Opens the browser for browsing your PC file system.
– Imported client certificate / Imported private key
Shows the name and path of the last imported certificate or key file.
You can delete the respective file with the "Delete" symbol.
• Security Policy
Select the required option in the table.
The station supports the following options of the "SecurityPolicy":
– None (not recommended)
– Basic128Rsa15 (not recommended)
Signing and 128-bit encryption
– Basic256 (not recommended)
– Basic256Sha256 (SecurityPolicy [B])
Signing and 256-bit encryption (SHA-256)
– Aes128_Sha256_RsaOaep
– Aes256_Sha256_RsaPss
The supplementary Conformance Units (Signing / Encryption) mean:
– Sign
The station only allows communication with signed frames.
– Sign and encrypt
The station only allows communication with signed and encrypted frames.
SIMATIC CC7
Configuration
4.7 Process access
Trusted servers
• No certificate validation
With this option you disable the validation of the partner certificates.
If this option is enabled, the client generally allows communication even if the
certificate validation criteria mentioned below are not met or if the server certificate
is not available in the list of trusted servers.
If this option is disabled, the station checks the certificates of its partners, except
when "SecurityPolicy - None" is selected.
For information on the check mechanisms, refer to the "Certificate validation" section
below.
• Import server certificate
You use this option to import the certificates of communication partners you trust.
Requirement for import of a certificate is that it is available in the PC file system. You
can open the certificate with the "Browse" button.
Imported certificates are displayed in a table with their parameters.
• Imported server certificates
The following parameters are displayed:
– File
The name and path of the certificate file are displayed.
– Issuer
Certificate authority that issued the certificate.
– Certificate owner (CN)
Name of the device (or certificate authority) for which the certificate was issued.
– Valid from
Start date of the period of validity of the certificate
– Valid to
End date of the period of validity of the certificate
– Finger print
Finger print (Digest) of the certification data
Certificate validation
If the "No certificate validation" option is disabled, the UA server of the station checks
the certificates of its communication partners, except if "SecurityPolicy - None" is
configured.
SIMATIC CC7
Configuration
4.7 Process access
If a partner certificate is invalid or is not trustworthy, communication is aborted.

Communication is aborted in the following cases:
• The IP address of the communications partner is not identical to the IP address in its
certificate.
• The use stored in the certificate (OPC UA client/server) differs from the function
(OPC UA client/server) of the communications partner.
• The current time of the station is beyond the period of validity for the partner
certificate.
Requirements for connection setup

The following requirements must be met to set up a connection regardless of the
certificate validation:
• The application URI sent by the requesting station must match the URI of the
station's server application.
• If the partner certificate is not trustworthy, the station must have stored at least one
self-signed certificate of the partner.
• At least one authentication option is enabled (see below).
Partner certificates issued by multiple CAs (certificate chains) are not supported by the
station.
4.7.2.2 User authentication
User authentication
Use the option to set the access authorization of the OPC UA station:
• Authentication via user name and password
If you activate the option, the text boxes for the user of the OPC UA station open. The
station can only access the OPC UA data with user authentication.
• User name
User name of the communication partner
• Password
Password of the communication partner
The user data must be configured on the respective server.
SIMATIC CC7
Configuration
4.8 OPC UA server
4.8 OPC UA server
Requirements
CPU variables
The process data that the gateway makes available to the OPC UA services originate
from the connected process stations. The permissible memory areas of the different
station types and the supported data types are described in section Data points
(Page 123).
The data point names assigned during data point configuration are included in the
NodeID of an item as part of the identifier, see section Properties of the OPC UA server
(Page 90).
Note:
Where possible, read variables in data blocks block by block per DB to achieve a higher
speed.
Security settings: Server certificate

If you enable the OPC UA server of the gateway, you must create or import a self-signed
server certificate.
OPC UA server
• Host name (optional)
Optional text box for a host name that can be used instead of the IP address of the
UA endpoint of the gateway.
If you do not want to use a host name, leave the box empty.
• Application URI
Unique OPC UA server URI of the gateway with the following preset components:
<Scheme (Protocol)>:<Authority (Server)>:<Path>
Default:
– urn:Siemens:UA:CC7
The protocol part (urn) must not be changed; the other components can be
configured.
Name of the OPC UA application of the gateway. The application name is required for
display of the OPC UA server at the clients.
Default:
– SIMATIC Cloud Connect 7 OPC UA Server
SIMATIC CC7
Configuration
4.8 OPC UA server
• Enable OPC UA server

Select the option to enable the OPC UA server function of the gateway.
• Server address (IPv4) / (IPv6)
The IPv4 address and the IPv6 address, if available, of the cloud interface (P2) are
displayed in the two boxes.
Settings
Here you configure the server settings.
• Port number
Here, you can change the port number of the server application. As default port
number 4840 is used, the standard TCP port for the OPC UA binary protocol.
Permitted port numbers are as follows:
– 1024 .. 65535
• Min. publishing interval (ms)
Here you set the minimum publishing interval that the server application of the
gateway should support. Lower values requested by OPC UA clients are not taken
into account.
The OPC UA server provides the clients with the UA data in the cycle of the
publishing interval.
Range of values: 100 .. 65535 ms
Default setting: 500 ms
• Min. sampling interval (ms)
Here you set the minimum sampling interval that the server application of the
gateway should support. Lower values requested by OPC UA clients are not taken
into account.
The OPC UA server of the gateway samples its internal process image with the
sampling interval.
You specify reading from the station with the polling cycle, see section S7 / Modbus
station (Page 71).
The default is suitable for most applications. A smaller sampling interval can be
selected for reading fewer data points when the polling cycle is configured with a
smaller value as well.
Range of values: 100 .. 65535 ms
Default setting: 500 ms
SIMATIC CC7
Configuration
4.8 OPC UA server
4.8.1 OPC UA Security
Security mechanisms
The gateway supports the following security profiles in accordance with the OPC UA
specification:
• SecurityPolicy
It determines the signing and encryption of the transferred data.
• UserToken
Enables authentication using certificates.
• Authentication of the communications partners with user name and password
See section User authentication (Page 90) for more on this.
For information on the OPC UA profiles of the OPC Foundation, see:
Profiles (https://apps.opcfoundation.org/ProfileReporting)
Server security
First you specify with the first two options whether the OPC UA server of the gateway is
to use a self-signed or an imported certificate.
• Use self-signed certificate
Select this option when the gateway is to use a self-signed server certificate.
– Created server certificate
Shows the name of the created certificate.
– +
Opens the following dialog for configuring the certificate to be created:
"Create new certificate"
In this dialog, you configure the parameters of the certificate you are going to create.
Note:
Ensure the consistency with the configuration data of the OPC UA server in section
OPC UA server (Page 84).
SIMATIC CC7
Configuration
4.8 OPC UA server
– Issuer
Issuer of the certificate. Default: Siemens
– Common name of subject (CN)
Application name of the gateway
– Signing Algorithm
Select the required hash algorithm and the encryption method.
– Validity period (days)
Enter the required period of validity.
– Subject alternate name (SAN)
As alternative name (SAN), you can specify the IP address, the host name, the URI
or an e-mail address of the gateway.
The URI must be configured; either the IP address or the host name.
URI of the gateway with the following default components:
<Scheme (Protocol)>:<Authority (Server)>:<Path>
Default: urn:Siemens:UA:CC7
The protocol part (urn) must not be changed; the other components can be
configured.
After you have created a certificate, the certificate properties are displayed. For the
meaning of the parameters, see below, section "Trusted clients".
In addition, the following icons are shown next to the certificate name:
– Export server certificate
By clicking on the icon, you open a dialog for saving the certificate on your PC.
– Delete certificate
By clicking on the icon, the self-created certificate is deleted.
• Import server certificate and private key
Select this option if you want to import the server certificate and the key into the
gateway as an alternative.
Requirement: The files are saved on your PC.
– Import server certificate / Import private key
Shows the name of the selected certificate or key file in the file system.
– Browse
Opens the browser for browsing your PC file system.
– Imported server certificate / Imported private key
Shows the name and path of the last imported certificate or key file.
SIMATIC CC7
Configuration
4.8 OPC UA server
You can delete the respective file with the "Delete" symbol.
• Security Policy
Select the required option in the table.
If you enable several options, then the client selects a suitable profile depending on
the settings on the gateway.
The gateway supports the following options of the "SecurityPolicy":
– None (not recommended)
– Basic128Rsa15 (not recommended)
– Basic256 (not recommended)
– Basic256Sha256 (SecurityPolicy [B])
Signing and 256-bit encryption (SHA-256)
The supplementary Conformance Units (Signing / Encryption) mean:
– Sign
The gateway only allows communication with signed frames.
– Sign and encrypt
The gateway only allows communication with signed and encrypted frames.
Trusted clients
• No certificate validation
With this option you disable the validation of the partner certificates.
When this option is enabled, the gateway generally permits communication even if
the criteria of the certificate validation listed below are not met or when the client
certificate is not included in the list of trusted clients.
When the option is disabled, the gateway validates the certificates of its partners,
except if "SecurityPolicy - None" is selected.
For information on the check mechanisms, refer to the "Certificate validation" section
below.
• Import client certificate
You use this option to import the certificates of communication partners you trust.
Requirement for import of a certificate is that it is available in the PC file system. You
can open the certificate with the "Browse" button.
Imported certificates are displayed in a table with their parameters.
SIMATIC CC7
Configuration
4.8 OPC UA server
• Imported client certificates

The following parameters are displayed:
– File
– Issuer
– Certificate owner (CN)
– Valid from
– Valid to
– Finger print
Certificate validation
The UA server of the gateway checks the certificates of its communication partners
when the "No certificate validation" option is disabled, except if "SecurityPolicy - None"
is configured.
If a partner certificate is invalid or is not trustworthy, communication is aborted.
Communication is aborted in the following cases:
• The IP address of the communications partner is not identical to the IP address in its
certificate.
• The use stored in the certificate (OPC UA client/server) differs from the function
(OPC UA client/server) of the communications partner.
• The current time on the gateway is outside the period of validity of the partner
certificate.
Requirements for connection setup

The following requirements must be met to set up a connection regardless of the
certificate validation:
• The application URI sent by the requesting client must match the URI of the server
application of the gateway.
• If the partner certificate is not trustworthy, the gateway must at least have stored a
self-signed certificate of the partner.
• At least one authentication option is enabled (see below).
The gateway does not support partner certificates that were issued by multiple CAs
(certificate chains).
SIMATIC CC7
Configuration
4.8 OPC UA server
4.8.2 User authentication
User authentication
You use the two options to set the access authorization of the communication partners
(clients) to the OPC UA data of the gateway. Select one or both (parallel operation
possible) options.
• Enable anonymous access
Clients can access the OPC UA data without user authentication when this option is
activated.
• Authentication via user name and password
Clients can only access the OPC UA data with user authentication when this function
is activated.
• Add user
With enabled "Authentication via user name and password" option, you use this
button to open the text boxes for a new user.
• User name
User name of the communication partner
• Password
Password of the communication partner
The user data must be configured for the respective client.
4.8.3 Properties of the OPC UA server
Identification and addressing

The following addressing and identification features of the OPC UA server of the
gateway apply.
• Application name, Application URI, Server URL, Port number of the application:
– See section OPC UA server (Page 84).
• Namespace of the gateway data points:
– CC7
• NodeID - Identifier:
The identifier of the NodeIDs of the data points of the "CC7" namespace is formed by
the server application of the gateway from the name of the CPU and perhaps the data
block, and the structure and the data point name:
– <CPU name>.<DB name>__<Data point name>
SIMATIC CC7
Configuration
4.9 Cloud configuration
Subscriptions
For the number of subscriptions supported by the gateway as OPC UA server for
MonitoredItems, see section Configuration limits - communication (Page 20).
The data management of the subscriptions is stored in the RAM of the gateway.
If there is power down, all data and connection information of subscriptions is lost. After
restarting the server, the client needs to re-establish the connection and set up the
subscriptions again.
Deadband
When monitoring items in the "DataChangeFilter", the OPC UA server of the gateway
uses the filter "AbsoluteDeadband".
4.9.1 Notes on data structuring and configuration
WARNING
Writing values to outputs
When referencing to outputs with write access, note that the values are written
immediately to the outputs of the CPU without first being processed by the user
program.
Writing values has a direct influence on the process.
SIMATIC CC7
Configuration
Data structures
Depending on the cloud provider, the data is structured differently for transfer to the
broker:
• AWS / Azure / IBM Cloud
– Topics
A topic is the channel for the transfer of values of one or more data points.
You can create several topics.
No groups can be configured.
• MindConnect IoT Extension / Other Cloud
– Groups
A group can contain one or multiple data points.
You can create one or more groups.
– Topic
You can assign different topics to the groups.
MindConnect IoT Extension: In the default setting, the groups are assigned to the
standard topic "s/us" of the MindConnect IoT Extension.
Structure of the topic names

Because the requirements on the format of the topics can be different depending on the
receiver (broker, cloud), a topic name is made up of different parts.
Prefix and suffix generally apply to all topics.
Prefix and suffix are not relevant for groups.
Structure of the topic names:
• Prefix
The prefix of the name is an addressing and structuring string.
• Topic name
– For the cloud provider MindConnect IoT Extension, the topic name "s/us" is a fixed
name.
– For all other cloud providers, the topic names can be configured.
By inserting multiple name components separated by forward slashes (/), you can
create hierarchy levels for later evaluation by the subscriber.
• Suffix
The suffix of the name is a format string.
SIMATIC CC7
Configuration
Name assignment for topics and groups

Because the topic or group names are incorporated in the data management structure of
the broker, later assignment and evaluation of the published data is facilitated if the
names refer to the process data of the stations.
Example:
You would like to name a group or topic "Motor5" and assign the name "Station1" to the
station. In this case, the following entry, for example, would be suitable for the topic
name or group name:
Station1/Motor5
Configuration rules
Observe the following rules for configuration:
• Topic name
The name of a topic must be unique within a cloud application.
This applies to all participating publishers and subscribers.
• Data point name
The name of a data point must be unique within a topic.
Note
Consistency check of parameters for Publisher and Subscriber
If the gateway as a subscriber receives data from a publisher during runtime, the
subscriber checks the following parameters supplied by the publisher in the user data for
each value received:
• Topic name
• Data point name
• Data type
If these three parameters of the publisher are identical with the parameters configured
in the subscriber and if the quality code of the message is "GOOD", the subscriber writes
the received data into the data block of its CPU.
If these three publisher parameters do not match the parameters configured in the
subscriber, the subscriber discards the data.
The station name of a publisher is not evaluated by the gateway as a subscriber.
Recommendations for configuration

When transferring data in a hierarchically structured system, it is generally advisable to
name the components according to this hierarchical structure.
Example for the name of a data point to be transferred:
"Plant_1/Unit_1/Aggregate_1/DB_1_Signal_1".
SIMATIC CC7
Configuration
For access to the process data of an S7 station, the gateway can directly access inputs
and outputs or tags of the CPU.
Within a cloud application, individual publishers can publish data for multiple
subscribers. Individual subscribers can subscribe to data from multiple publishers.
For better clarity of the data and to reduce the possibility of identical names, the
following procedure is recommended for configuration:
• Data point name / DB number
Use the number of the data block (DB) that the data point accesses as part of the
data point name.
• Publisher
Integrate the station name as part of the data point name, for example, as prefix. This
will result in unique data point names.
• Subscriber
Create a separate DB for each publisher in the assigned CPU.
Configuration error - Diagnostic messages

If you experience different behavior than expected after commissioning the gateway, use
the diagnostic messages of the gateway that you can find in the WBM under
"Maintenance > Diagnostics".
4.9.2 Profile
4.9.2.1 Configuring profile

The settings that you configure for the cloud access of the gateway are stored in a
profile. This will make it easier to use the device for different scenarios. Individual
settings for different scenarios can thus be summarized in different profiles without the
need to change the configuration when you switch the cloud.
You can select one of the profiles you have created via the "Profiles" drop-down list.
The activated profile applies to the publisher and the subscriber function of the gateway.
You select the desired cloud for each profile via the "Cloud provider" drop-down list. For
the preset cloud providers, certain parameters are already stored according to the
different requirements of the respective cloud.
SIMATIC CC7
Configuration
Add profile
Create at least one profile in which you save your settings for cloud access. You can
create up to 10 profiles.
• Profile name
Enter a name for the profile.
A profile summarizes your parameter settings for cloud access.
• Add
Adds the profile with the name edited on the left. The new profile is available for
selection in the "Profiles" drop-down list.
Profile selection
• Profile
Drop-down list with all created profiles.
Select the profile you are using.
By selecting a profile, you download all settings of this profile to the WBM. You can
edit all settings as needed.
To use the selected profile for productive operation, select the "Enable profile" option at
the bottom of the page.
Change profile
The topics/groups are bound to the individual profiles and are not transferred to another
profile. When a profile is changed, the topics/groups remain in the background but are
no longer displayed. The topics/groups must be created for each profile
To change the profile, follow these steps:
1. Select another profile from the "Profile" drop-down list.
2. Select the "Enable profile" option and save.
SIMATIC CC7
Configuration
Settings
• Cloud provider
Select your service provider.
Selecting the cloud provider also affects the parameters of the topic configuration;
see also section Configuring topics (Page 102).
By selecting the cloud provider, you determine whether topics or groups are
configured for the data transmission:
– AWS / Azure / IBM Cloud
You can create several topics. A topic can contain multiple data points.
– MindConnect IoT Extension
You can create several groups. A group can contain multiple data points.
A group corresponds to the "Series" structure feature in the IoT Extension.
In the default setting, all groups are assigned to the preset standard topic "s/us".
Note
Name change of the assigned topic "s/us"
If you give a different name to the assigned topic in the configuration, note that it
may not be possible for the data to be evaluated by the IoT Extension.
– Other Cloud
You can create several groups. A group can contain multiple data points.
In the default setting, all groups are assigned to a topic. You can also assign
different groups to different topics.
If you do not wish to use groups, create only a standard group and delete the entry
"<GROUP_NAME>" in the payload editor.
• Protocol
Select the desired protocol from the drop-down list.
• Enable profile
Enables the currently selected profile for configuration and for use in productive
operation.
You configure access of the device to the cloud in the additional tabs of this page.
SIMATIC CC7
Configuration
4.9.2.2 MQTT configuration
MQTT configuration
• MQTT version
Select the protocol version you are using.
• Broker address
Enter the IP address or the host name of the broker.
This information is provided by your service provider.
• Broker port
Enter the port number name of the broker.
• Client ID
Enter the client ID of the device that was assigned by your service provider or that
you defined.
• Keepalive interval (s)
Assign a value for monitoring the connection to the broker (seconds). If no further
data on transmission to the broker is pending within the configured time after the
data is sent, the device sends a keep-alive frame to the broker.
Permitted range: 0..65535
If you enter 0 (zero), the function is disabled.
Default setting: 10
• Authentication
– Select the option if you want to use a connection setup with authentication.
Authentication takes place via user name and password.
– When the option is disabled, the connection is established anonymously.
• User name
Enter the user name that was assigned by your service provider or that you defined.
• Password
Enter the password assigned by your service provider or that you defined.
• Clean session
– When the option is enabled, the session information is deleted when the
connection is terminated.
– When the option is disabled, the session information is retained when the
connection is terminated.
SIMATIC CC7
Configuration
• TLS
– When the option is enabled, the data is transferred using the secure TLS method.
The default port for encrypted transmission is 8883.
When the option is enabled, the parameter group for importing the broker
certificate is displayed, see section Certificates (Page 99).
– When the option is disabled, the data is transferred unencrypted.
The default port for unencrypted transmission is 1883.
• TLS version
From the drop-down list, select the TLS protocol version you wish to use that is also
supported by the broker.
• Use secure ciphers only
If this option is selected, ciphers that are classified as insecure are excluded.
• Last will / testament
– When the option is enabled, the functions "Last will" and "Testament" are
released.
– When the option is disabled, the use of both functions is disabled.
The functions have the following meaning:
– Last will
If the connection between device and broker is terminated, a message can be sent
to the subscribers.
As soon as the broker (server) detects that the connection to the device (client)
was terminated, it sends a message (testament) to all subscribers that have
registered for this topic on the broker.
– Testament
The testament is the content of the message that is sent to the subscribers
registered on the broker for this topic when the connection is terminated.
The testament message is saved on the broker.
• Last will topic
Enter the name of the topic that transfers the testament here.
You configure the additional parameters of the topic in the topic editor, see section
Configuring topics (Page 102).
• Testament
Here you enter the text for the message to be transferred.
Max. number of characters: 65535
SIMATIC CC7
Configuration
• Retain- Last will

– If the option is enabled, the testament is sent with the "Retain" flag to the broker.
The testament is enabled for permanent storage in the broker.
If the connection between the device and the broker is terminated, the broker
publishes the testament for each registered subscriber.
If a subscriber does not have a connection to the broker when the connection
between device and broker is terminated, the "testament" for the subscriber is
lost. When the connection to the broker is reestablished, the subscriber first
receives the "testament" with the "Retain" flag.
For more information on the flag "Retain", refer to section Configuring topics
(Page 102).
– If the option is disabled, the testament is not stored permanently in the broker.
• QoS - Last will
From the drop-down list, select the Quality of Service with which the Last will topic is
transferred.
– QoS 0 / QoS 1 / QoS 2
For significance of the three options see section Configuring topics (Page 102)
4.9.2.3 Certificates
Requirement
The parameter group is only displayed when the option "TLS" is enabled for transmission
via MQTT, see section MQTT configuration (Page 97).
The requirement for importing certificates and keys is that the corresponding files are
saved on your PC.
• The following types of certificate files are supported: *.pem, *.crt, *.cer, *.crl
• The following types of key files are supported: *.pem
MQTT server certificate manager

You use this parameter group to import the server certificate of the broker. The server
certificate is provided by your service provider.
SIMATIC CC7
Configuration
Multiple server certificates can be imported for each cloud profile.

The output field shows the name and path of the last imported certificate.
• Browse
Click this button to download a certificate.
The browser for browsing your PC file system opens.
Select the required certificate and click "Open".
The name and path of the selected certificate are displayed in the output field.
After saving, the certificate details are displayed in a table.
Certificate details
The table shows the details of the saved certificates with the following parameters:
• File
• Issuer
• Certificate owner (CN)
• Valid from
• Valid to
• Finger print
Delete
You use the Delete symbol to delete the respective certificate and key files from the
certificate store.
MQTT client certificate manager

• Use MQTT client certificate
Enable this option if you want to use a client certificate for your device. You must
create the certificate and the key yourself.
When the option is enabled, the required buttons are shown. They correspond to
those of the server certificate, see above.
• Import client certificate
Shows the name of the selected certificate file in the file system.
SIMATIC CC7
Configuration
• Imported client certificate

After saving, shows the name and path of the last imported certificate.
In case of a new import, an existing certificate is deleted and overwritten with the
new certificate.
• Import private key
Shows the name of the selected key file in the file system.
• Imported private key
Shows the name and path of the last imported key.
• Key password
Enter the password (optional) for the private key.
4.9.2.4 Device parameters

The tab is only relevant for the connection to MindConnect IoT Extension.
After the establishment of a connection between the device and
MindConnect IoT Extension, the two parameters are used for the identification of your
device and for the exchange of key material during the Onboarding process.
• Device Name
Here you enter the name under which the device is registered for the Onboarding
process.
The Device name is displayed in MindConnect IoT Extension at the following location:
Device > Device profile > "NAME"
• Device Type
The parameter is required in MindConnect IoT Extension to determine the device
type. Enter the following string:
– c8y_MQTTDevice
The Device type is displayed in MindConnect IoT Extension at the following location:
Device > Device profile > "Type"
You can find additional information on setting up the IoT Extension on the Internet at:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/25621)
4.9.3 Publisher
Overview
In this tab, you create the topics or groups for transfer to the broker for the enabled
profile. For configuration of the profile, refer to the section Configuring profile (Page 94).
You can find information on structuring the data in topics or groups for different cloud
providers and on configuring the topic names in section Notes on data structuring and
configuration (Page 91).
SIMATIC CC7
Configuration
4.9.3.1 Configuring topics
Add topic / Add group

• Topic
⇒ Validity: AWS / Azure / IBM Cloud
Enter the name of the topic that you want to create in the text box.
The name is the essential part for identifying a topic.
• Group
⇒ Validity: MindConnect IoT Extension / Other Cloud
Enter the name of the group that you want to create in the text box.
The name is the essential part for identifying a group.
You can also change the names of topics or groups later in the table below.
• Add
Click the "Add" button to create the topic/the group.
The new topic or the group is applied and displayed in the table.
Maximum number of topics of groups
CC712: 500
CC716: 3500
Topic settings
In this parameter group, you add an optional name prefix and/or an optional name suffix
for all topics. Changing the prefix or suffix has an effect on all topics.
• Prefix
By using identical prefix components, you can group different topics in topic levels.
The prefix can also contain components that are necessary for the recipient of the
topic as component of the topic name.
Configuration:
– Assign an optional prefix in front of the topic name.
– Optional forward slashes (/) can be included as separators in the prefix.
Example:
– You would like to add the prefix "evt" as identification for an event.
You can label data points for which the transfer of values is triggered by a value
trigger, for example, as an event.
– You would like to add the prefix "Plant1" for plant 1 (Topic level).
Enter the following in the "Prefix" text box:
evt/Plant1/
SIMATIC CC7
Configuration
• Suffix
By using identical suffix components, you can earmark different topics for the same
recipient.
The suffix can also contain components that are necessary for the recipient.
Configuration:
– Assign an optional suffix after the topic name.
– Optional forward slashes (/) can be included as separators in the suffix.
Example:
– You want to add "fmt".
– You want to add "json".
Enter the following in the "Suffix" text box:
/fmt/json
• Transfer on quality change
With this parameter, you specify the transfer behavior of the messages of all topics or
groups:
– Enabled
Transfer on change of "QualityCode" (Good → Bad or Bad → Good)
As soon as the quality of a data point changes, the topic is transferred.
– Disabled
No transfer on change of "QualityCode"
See below for the meaning of the "QualityCode" quality status.
Topic/group table
You can see the created topics or groups in the table and configure their properties.
• Group
⇒ Validity: Mindsphere / Other Cloud
The names of the configured groups are displayed.
• Topic
– ⇒ Validity: MindConnect IoT Extension / Other Cloud
The preset topic name "s/us" is inserted.
Use this default name when connecting to MindSphere via IoT Extension.
Adapt the name when connecting to another cloud according to the cloud
provider's specifications.
– ⇒ Validity: AWS / Azure / IBM Cloud
The names of the configured topics are displayed.
SIMATIC CC7
Configuration
• Preview
Shows the configured name with all components.
• Retain
From topics/groups with the "Retain" flag, the broker always saves the last message.
When a subscriber subscribes to a new topic or when the connection with a
subscriber returns after being terminated, the broker sends the last message on each
topic with Retain flag to the subscriber.
You can set the Retain flag for all or for individual topics/groups (option enabled in
single row).
The higher-level check box activates the function for all topics/groups of the table.
Please note:
If you want to undo the sending of the last message by the broker to newly connected
subscribers after taking up productive operation, this is not performed by retroactively
disabling the Retain flag on the topic. The broker will still send the last valid message
of the publisher to newly connected subscribers. One possibility to prevent sending of
these messages by the broker is to send an empty message (0 bytes) to the broker.
• QoS
You use the "Quality of Service" parameter to specify the transfer performance of the
messages for this topic:
– QoS 0
Transfer no more than once
The device sends the topic once to the broker. The device does not expect an
acknowledgment. If the topic is not received by the broker, it is lost.
– QoS 1
Transfer at least once
The device sends the topic to the broker until it receives a PUBACK packet as
acknowledgment from the broker.
– QoS 2
Transfer exactly once
The device sends the topic and waits until it receives the two-step
acknowledgment from the broker as specified.
This version represents the highest level of quality, but it is also associated with
the highest administrative burden for the client as well as the server.
When a connection is aborted, the data frames are buffered for QoS 1 and QoS 2. See
also the section "Connection abort" below.
SIMATIC CC7
Configuration
• Payload format
Shows the currently selected payload format. You use this button to open the Payload
editor to specify the format of the transferred paylaod. For a description, see section
User data format (Page 107).
Note
Payload format of older firmware versions cannot be changed
A payload format of older firmware versions is displayed as obsolete. Although it is
still supported by the current firmware version for runtime, it cannot be changed
without changing to a current format.
Future firmware versions will no longer support obsolete formats and a corresponding
configuration can then no longer be loaded.
• Message buffering
In the event of a connection loss between the gateway and the cloud server, the
gateway stores incoming messages in its message store up to the number entered in
the "Message buffering" field. The total size of the message store can be distributed
to the individual topics or groups. When the setting is saved, the system checks
whether the configured number for this topic or group still fits in the message store.
The required message memory space also depends on the number of data points
assigned to the topic and/or group and their maximum data width.
The message memory works chronologically, i.e. the oldest messages are sent first
(FIFO principle). As soon as the configured buffer locations for a topic or group are
full, the oldest message is overwritten.
• Data point assignment
Using the drop-down list, you assign the configured data points to a previously
created topic or a group. For a description, see section Data point assignment
(Page 115).
You assign the transferred payload to the topics in the data point configuration.
• Delete
By clicking the button, the topic of the respective row is deleted.
Note
Delete
Note that if you accidentally delete a topic or a group, you cannot undo the deletion.
Transmission and QualityCode

The "QualityCode" quality status of a data point is also transferred with the payload. The
status indicates the validity of the value.
SIMATIC CC7
Configuration
The status is set by the gateway as publisher and has the following value range:
• GOOD
The value is valid.
• BAD
The value of the variable is not valid or not current. Possible causes:
– CPU in STOP
– Value not current
– Error while reading the variable
The value of the status has the following effect on the transmission:
• Publisher → Cloud
Publishing of messages of the gateway as publisher is independent of the value of
the status.
• Cloud → Subscriber
Receiving of messages by the gateway as subscriber is independent of the value of
the status.
However, when a message with the status "BAD" is received, the value is not written
to the process station by the gateway as subscriber.
Connection abort and QualityCode

The behavior for a connection abort is as follows:
• Connection abort between station and gateway
– During the connection abort
The gateway sends the topic with empty strings for the values and the
QualityCode "Bad".
– Recurring connection
When the trigger condition is met, the gateway sends the topic with the current
values and the QualityCode "Good".
• Connection abort between gateway and cloud
– During the connection abort - cable pulled at the gateway or cloud server cannot
be reached.
The gateway is not sending data. Depending on which value you have entered for
the individual topics or groups for "Message buffering", the data is buffered in the
gateway with its current value and quality code.
– Recurring connection
The gateway first sends the buffered messages. Afterwards, the current values are
sent after the trigger conditions are triggered.
SIMATIC CC7
Configuration
See also
Configuring profile (Page 94)
Notes on data structuring and configuration (Page 91)
4.9.3.2 User data format

Because different cloud systems expect different payload formats, you must adapt the
format to the requirements of the processing systems.
In the payload editor ("Payload format" button), you will find syntax templates. You can
select the appropriate one and adapt it to the requirements of the cloud system, if
needed. You change the code in the "Payload format" text box.
Automatic data point assignment to the payload format
If the code meets the requirements, do not change it. Thus, all data points assigned to
the topic/group are always prepared according to the selected template before sending.
This means that if you remove already assigned data points from this topic/group or
assign further data points, the payload always contains the finally assigned data points.
Manual data point assignment to the payload format
If you change the payload format in the text box, the dialog selects the "User defined"
template. This defines the content and format of the payload and the gateway does not
change this format or the assignment of the data points afterwards. Not even if you
remove data points already assigned from the topic or group or assign additional data
points to the topic. Explicit references to data points that are not assigned to the topic or
group are shown as empty strings in the payload.
The UTF-8 character encoding is used for formatting the payload.
Syntax templates
The following templates are available:
• User defined
Empty template, available for editing by the user. Existing templates can be switched
to user-defined template with pre-filled text box.
• JSON generic / JSON specific
– The syntax of the JSON format according to ECMA-404 and ISO/IEC 21778:2017 is
used.
Both templates are suitable for connection to:
– AWS (Amazon) / IoT Core
– Azure (Microsoft) / IoT Hub
– IBM Cloud (IBM) / Watson IoT Platform
SIMATIC CC7
Configuration
• XML generic / XML specific

Templates for the connection to cloud services that expect the XML format.
• MindConnect IoT Extension
Template for the connection to MindSphere (Siemens) / MindConnect IoT Extension
Payload editor
You use the "Payload format" button to open the payload editor.
• Template for payload format
By default, the "Payload format" text box displays the "JSON generic" format.
You can select one of the syntax templates described above from the drop-down list.
After selecting a syntax template, you can click the pencil icon to switch to user-
defined editing.
• Payload format
In the text box, you can change the payload format to be used or create the format
according to your own requirements.
When a syntax template is selected (see above), the syntax of the template selected
above is displayed and used.
Note
Settings for the payload format
• If you change the "Template for payload format" (for example, from "User defined"
to "JSON specific"), a manually adjusted payload format is lost. However, you can
also use it to restore the automatic data point assignment to the payload format.
• The payload format must not contain more than 65,535 bytes of UTF-8 text,
otherwise it cannot be adopted.
• Use this payload format for all topics

When the option is enabled, the payload format displayed in the text box is applied to
all groups or topics to be published.
After saving, the checkmark for the option is removed from the topic editor.
Please note:
If changes are made later, the changes are only applied to the relevant topic or group
and not to all topics or groups when you press "Apply".
SIMATIC CC7
Configuration
• Escape sequences
Escape sequences which adapt the code according to the protocol used can be used
to convert certain special characters.
Special characters can occur within the following name components, for example:
– Station name
– Topic name
– Group name
The following escape sequences are available to the application for selection:
– JSON
Standard JSON escape sequences
– XML
Standard XML escape sequences
– CSV
Standard CSV escape sequences
When an option is selected, the respective special characters are converted into
escape sequences at the publisher.
At the subscriber, the escape sequences are converted in the reverse direction.
For information on the escape sequences used with the JSON format, see appendix
JSON escape sequences (Page 163).
• Apply
Applies the current settings in the topic editor.
Payload format - JSON generic

All data points assigned to the topic are mapped to the payload using a loop construct
with the specified properties and formatting.
{"Timestamp":"{{PUBLISH_TIMESTAMP}}","DataItems":[{{#DATA_POINT_ARRA
Y}}{"Variable":"{{NAME}}","Type":"{{TYPE}}","Value":"{{VALUE}}","Qua
lityCode":"{{QUALITY_CODE}}"}{{^LAST_DATA_POINT}},{{/LAST_DATA_POINT
}}{{/DATA_POINT_ARRAY}}]}
Use cases:
• Simple JSON payload format with many data points and the highest possible
performance with the lowest possible data volume.
SIMATIC CC7
Configuration
Payload format - JSON specific

If this format is selected, all assigned data points are listed individually with their
available properties. Example for 3 data points of the "ST1" station with the names
"DP1", "DP2" and "DP3":
{
"Timestamp": "{{PUBLISH_TIMESTAMP}}",
"DataItems":
[
{
"Variable": "{{ST1.DP1.NAME}}",
"Type": "{{ST1.DP1.TYPE}}",
"Value": "{{ST1.DP1.VALUE}}",
"QualityCode": "{{ST1.DP1.QUALITY_CODE}}",
"StationName": "{{ST1.DP1.STATION_NAME}}",
"Timestamp": "{{ST1.DP1.SOURCE_TIMESTAMP}}"
},
{
"Type": "{{ST1.DP2.TYPE}}",
},
{
"Type": "{{S1.DP3.TYPE}}",
}
]
}
SIMATIC CC7
Configuration
Switching from "JSON specific" to "User defined"

Each data point can be individually formatted and displayed with selected properties in
the payload. Unneeded properties of individual data points can simply be erased.
Additional (e.g. static) content can be added. The properties of selected data points can
also be referenced multiple times. The references to the data points must always be
placed within the square bracket "DataItems" [ ... ].
Use cases:
• Complex JSON payload format with somewhat few data points.
Payload format - XML generic

All data points assigned to the topic are mapped to the payload using a loop construct
with the specified properties and formatting.
<?xml version="1.0" encoding="UTF-
8"?><root><Timestamp>{{PUBLISH_TIMESTAMP}}</Timestamp><DataItems>{{#
DATA_POINT_ARRAY}}<DataItem><Variable>{{NAME}}</Variable><Type>{{TYP
E}}</Type><Value>{{VALUE}}</Value><QualityCode>{{QUALITY_CODE}}</Qua
lityCode></DataItem>{{/DATA_POINT_ARRAY}}</DataItems></root>
Use cases:
• Simple XML payload format with many data points and the highest possible
performance at the lowest possible data volume.
Payload format: XML specific

If this format is selected, all assigned data points are listed individually with their
available properties. Example for 3 data points of the "ST1" station with the names
"DP1", "DP2" and "DP3":
<?xml version="1.0" encoding="UTF-8"?>
<root>
<Timestamp>{{PUBLISH_TIMESTAMP}}</Timestamp>
<DataItems>
<DataItem>
<Var>{{ST1.DP1.NAME}}</Var>
<Type>{{ST1.DP1.TYPE}}</Type>
<Value>{{ST1.DP1.VALUE}}</Value>
<QualityCode>{{ST1.DP1.QUALITY_CODE}}</QualityCode>
<StationName>{{ST1.DP1.STATION_NAME}}</StationName>
<Timestamp>{{ST1.DP1.SOURCE_TIMESTAMP}}</Timestamp>
</DataItem>
<DataItem>
SIMATIC CC7
Configuration
</DataItem>
<DataItem>
</DataItem>
</DataItems>
</root>
Switching from "XML specific" to "User defined"
Each data point can be individually formatted and displayed with selected properties in
the payload. Unneeded properties of individual data points can simply be erased.
Additional (e.g. static) content can be added. The properties of selected data points can
also be referenced multiple times. The references to the data points must always be
placed within the XML bracket <DataItems> ... </DataItems>.
Use cases:
• Complex XML payload format with rather few data points.
• Special adaptation of the payload to third-party specifications.
Payload format - MindConnect IoT Extension

{{#DATA_POINT_ARRAY}}200,{{NAME}},{{GROUP}},{{VALUE}},{{ADDITIONAL_A
TTRIBUTE}},{{PUBLISH_TIMESTAMP}}\n{{/DATA_POINT_ARRAY}}
Code: Syntax and meaning
Description of the syntax

The description of the individual keys is structured as follows:
• Name
<Syntax>
Meaning
SIMATIC CC7
Configuration
Code key
The code for formatting the payload can consist of the following keys listed below.
If you want to use not only the keys for the transfer of payload but also want to add text,
you can add the text in front of or after a key.
The code of the formatted payload can contain the following keys depending on the
format.
• Time stamp
{{PUBLISH_TIMESTAMP}}
Time of the publication
– Example for coding the time stamp with added text "sent at ":
Syntax: "sent at {{PUBLISH_TIMESTAMP}}"
Results in string: "sent at 2019-04-20T13:58:16.192313634+00:00"
• Start and end of the loop over all assigned data points
{{#DATA_POINT_ARRAY}}
{{/DATA_POINT_ARRAY}}
• 200
200
Function code (MindConnect IoT Extension)
• Station
{{STATION_NAME}} /
{{Station.Variable.STATION_NAME}}
Station name of the data point
Configuration only for publisher
• Data point / Variable
{{NAME}} /
{{Station.Variable.NAME}}
Name of the data point
• Group
{{GROUP}} /
{{Station.Variable.GROUP}}
Group name
• Value
{{VALUE}} /
{{Station.Variable.VALUE}}
Value of the data point
SIMATIC CC7
Configuration
• Attribute
{{ADDITIONAL_ATTRIBUTE}} /
{{Station.Variable.ADDITIONAL_ATTRIBUTE}}
Additional attribute, which can be configured manually for each individual data point
(mandatory for MindConnect IoT Extension, otherwise optional).
• QualityCode
{{QUALITY_CODE}} /
{{Station.Variable.QUALITY_CODE}}
Quality status of the value
For the meaning, see section Configuring topics (Page 102).
• Data type
{{TYPE}} /
{{Station.Variable.TYPE}}
Data type alias: Data type of the data point output by the device in the payload
For the output of the data types, see section Data points (Page 123).
• Last data point (in the generic variant only)
{{#LAST_DATA_POINT}} /
{{/LAST_DATA_POINT}}
Last data point
• All except the last data point (in the generic variant only)
{{^LAST_DATA_POINT}} /
{{/LAST_DATA_POINT}}
All data points except the last data point
• Source time stamp
{{SOURCE_TIMESTAMP}} /
{{Station.Variable.SOURCE_TIMESTAMP}}
Time of the last reception from the source station.
Example for transferred payload based on the unchanged "JSON generic" template
Below you will find an example of the transferred payload of a topic.
The topic contains three variables of an S7 station for the data points "DP1", "DP2" and
"DP3".
The value of the "DataItems" key is an array with the objects of the three variables.
{ "Timestamp": "2019-05-03T09:13:46.000000000+00:00",
"DataItems": [ { "Variable":"DP1", "Type":"BOOL", "Value":"0",
"QualityCode":"GOOD" }, { "Variable":"DP2", "Type":"DOUBLE_FLOAT",
"Value":"0.496043966059748", "QualityCode":"GOOD" },
SIMATIC CC7
Configuration
{ "Variable":"DP3", "Type":"S7_STRING", "Value":"Abcd99vE",

"QualityCode":"GOOD" } ] }
4.9.3.3 Data point assignment

In this tab, you assign the configured data points to a previously created topic or a group.
Each data point can be linked to exactly one topic/one group.
Requirement
Before you assign data points to topics or groups, you need to create the data points,
see section Data points (Page 123). You also specify the data point name, data type and
the other parameters there.
Data point assignment

You assign the data points of the stations in the data point table consecutively or by
station to the configured topics or groups.
• Select station
You first select one or all stations using the drop-down list. By selecting one station,
you can increase the clarity of the following data point table.
The data point table lists all data points that are configured in the stations selected
above.
You can assign the data points to the topics / groups individually or as a bundle.
Individual assignment:
Assign each data point in the data point table individually to a topic or a group.
Bundled assignment:
Before you make the bundled assignment, select all data points in the table that you
want to assign to a topic using the check box on the left.
Then use one of the two buttons described below.
• Topic / Group
Text box with filter
When entering individual characters, all topics or groups that start with the entered
characters or contain these characters are shown. Click on an entry to select a topic
or group.
• Set for selected
By clicking on the button, all data points that you have previously selected in the table
are assigned to the topic or group selected in the text box.
• Set for all
are assigned to the topic or group selected in the text box.
SIMATIC CC7
Configuration
Data point table

• Data point name
Configured name of the data point
• Source data type
Configured data type of the data point in the source station
• Target data type
Data type of the data point output by the device in the payload (DATAPOINT_TYPE)
• Station
Configured station name of the data point
You specify the station name on the "Process access" page, see section S7 / Modbus
station (Page 71).
• Topic
When entering individual characters, all topics that start with the entered characters
or contain these characters are shown. Click on an entry to assign the data point.
If you have used bundled assignment (see above), the assigned topic names are
already shown.
• Group
⇒ Validity: MindConnect IoT Extension / Other Cloud
When entering individual characters, all groups that start with the entered characters
or contain these characters are shown. Click on an entry to assign the data point.
If you have used bundled assignment (see above), the assigned group names are
already shown.
• Attribute
The attribute is included in the payload as {{ADDITIONAL_ATTRIBUTE}} /
{{Station.Variable.ADDITIONAL_ATTRIBUTE}}, see section User data format
(Page 107).
Enter the attribute according to the requirements of the cloud provider:
– AWS / Azure / IBM Cloud / Other cloud: Optional
If no attribute is demanded or required, leave the box empty.
– IoT Extension: Mandatory
SIMATIC CC7
Configuration
With a connection to IoT Extension, the attribute is interpreted as a label of the

physical units of the respective data point. The standard units are:
– C = Temperature in degrees Celsius
– P = Pressure in bars
– mm = Length in millimeters
– km/h = Speed in km/h
– m/s2 = Acceleration in m/s2
– % = Size in percent
– %RH = Relative humidity in percent
– A = Current in amperes
– V = Voltage in volts
– W = Power in watts
– kWh = Energy in kilowatt hours
– VAh = Apparent energy in volt ampere hours
– dBm = Transmit power in decibel-milliwatts (logarithmic ratio)
– lux = Illuminance in lux (lm/m2)
Other compound units of the SI system can also be specified, for example:
m/h, m/s, m, km, mW, kW, mWh, mA, VArh
SIMATIC CC7
Configuration
4.9.4 Subscriber
Validity
In this tab, you create the topics for the subscriber function of the gateway under the
enabled profile.
Note
A subscriber topic can only contain data points which are assigned to exactly one single
station.
4.9.4.1 Configuring topics
Add topic
• Select station
From the drop-down list, select one of the configured stations to which you want to
assign this topic.
The received data is written to the CPU of this station.
• Topic
Enter the name of the topic in the text box. You can change the name later in the
topic table below.
The name of a topic must be unique within a cloud application.
• Add
Click the "Add" button to create the topic.
The new topic is applied and displayed in the topic table.
Topic settings
The "Payload format" output box specifies the syntax that is expected and required of
the received subscribed messages. Take this into account when configuring the relevant
publisher.
When a message is received with a payload format that does not correspond exactly to
this syntax, the message is discarded and the gateway generates a diagnostic message.
You can find the diagnostic messages in the WBM under "Maintenance > Diagnostics".
SIMATIC CC7
Configuration
4.9.4.2 Payload format
Payload format
Use the JSON Payload format from the template for communication between the
publisher and subscriber:
{
"Timestamp": "PUBLISH_TIMESTAMP",
"DataItems":
[
{
"Variable": "{{Var1.NAME}}",
"Type": "{{Var1.TYPE}}",
"Value": "{{Var1.VALUE}}",
"QualityCode": "{{Var1.QUALITY_CODE}}"
},
{
"Variable": "{{Var2.NAME}}",
"Type": "{{Var2.TYPE}}",
"Value": "{{Var2.VALUE}}",
"QualityCode": "{{Var2.QUALITY_CODE}}"
},
...
{
"Variable": "{{VarN.NAME}}",
"Type": "{{VarN.TYPE}}",
"Value": "{{VarN.VALUE}}",
"QualityCode": "{{VarN.QUALITY_CODE}}"
},
]
}
The time stamp is optional. It is not evaluated in the payload format.
Payload example
You will find an example of the expected syntax with different data types by clicking on
the button.
SIMATIC CC7
Configuration
Topic table
You can see the created topics in the table and configure their "Quality of Service"
parameters.
• Topic
If necessary, you can change the name of the topic here.
• QoS
You use the "Quality of Service" parameter of the topic to specify the transfer
behavior of the messages between the broker and subscriber of the gateway:
– QoS 0
Transfer no more than once
The broker sends the topic once to the gateway. The broker does not expect an
acknowledgment. If the topic is not received by the gateway, it is lost.
– QoS 1
Transfer at least once
The broker sends the topic to the gateway until it receives a PUBACK packet as
acknowledgment from the gateway.
– QoS 2
Transfer exactly once
The broker sends the topic and waits until it receives the two-step
acknowledgment from the gateway as specified.
When a connection is aborted, the data frames are buffered in the broker for QoS 1
and QoS 2.
If a lower QoS value is configured at the subscriber of the gateway than at the
publisher, the lower value applies to the communication between broker and
subscriber.
• Delete
By clicking the button, the topic of the respective row is deleted.
Note
Delete
Note that if you accidentally delete a topic, you cannot undo the deletion.
4.9.4.3 Data point assignment
Data point assignment

The data point table below contains all configured data points with "Write" access.
As with the Publisher, you can assign the data points to the topics individually or as a
bundle.
SIMATIC CC7
Configuration
Individual assignment:
Assign each data point in the table individually to a topic. To do so, you use the text box
"Topic" of the data point table (see below).
Bundled assignment:
Before you make the bundled assignment, select all data points in the table that you
want to assign to a topic using the check box on the left.
Then use one of the two buttons described below.
• Topic
When entering individual characters in the text box, the names of all topics that start
with or contain these characters are displayed. Click on an entry to select a topic.
• Set for selected
are assigned to the topic selected in the text box.
• Set for all
are assigned to the topic selected in the text box.
Data point table

• Data point name
Configured name of the data point.
• Station data type
Configured data type of the data point in the destination station.
• Source data type
Data type of the data point {{TYPE}} expected by the device in the payload in the
transmitted payload (DATAPOINT_TYPE).
• Station
Assigned station
• Topic
Assigned topic
You assign the respective data point to a topic here (single assignment). See above
for the procedure.
SIMATIC CC7
Configuration
4.10 Data points
4.10 Data points
4.10.1 Transmission time and transferred data
Note
Requirements for the transfer (Cloud)
The following conditions must be met to transfer a value:
• The data point is assigned to a topic in the configuration.
• At least one trigger condition is met.
Time of the data transfer and quantity of the transmitted data

Triggering the data transfer is different for the two target systems:
• Cloud
The transfer time is controlled via trigger, refer to the section Data points (Page 123).
You specify the time when the values of data points are transferred to the broker for
each data point with the "Trigger".
The following data are transferred together to the broker as soon as the value of a
data point is pending for transfer:
– AWS / Azure / IBM Cloud
Transmission of the values of all data points of the assigned topic
– MindConnect IoT Extension / Other Cloud
Transfer of the values of all data points of the assigned group
For all value triggers, note that the data of a topic or a group is transferred as long as
the trigger condition is met. This has effects on the transferred data volume.
• OPC UA
The OPC UA server of the gateway executes the read and write jobs of the OPC UA
clients.
For OPC UA clients with subscriptions the values are sent from the server according
to the settings in the sectionOPC UA server (Page 84) under "Min. publishing interval
(ms)" and "Min. polling interval (ms)". The trigger for this is a value change.
SIMATIC CC7
Configuration
4.10 Data points
4.10.2 Data points
Data point configuration

In this tab, you define the data points as data sources or data destinations for the
transmission, station by station.
In addition, you can export the variable information of the CPU via a source file from
STEP 7 for S7 stations and import it as basis for the data point configuration, see Import
variables (Page 131).
Note
Deletion of configured data points during import
When importing variables from STEP 7 files, you can select whether previously
configured data points should be deleted.
After importing variables from STEP 7 files, you can also manually configure more data
points.
A data point in the gateway can alternatively be configured for one of the two target
systems (Cloud / OPC UA).
However, multiple data points can be created for different target systems with reference
to the same address in the station.
• Select station
Select a station from the drop-down list whose data points you want to configure for
the transfer. The drop-down list contains all stations that were configured under
"Process access", see section Process access (Page 71).
If data points are already configured for a station, these are displayed in the table
below when selecting the station. You can change the data later.
• Add data point
Creates the row for a new data point in the table.
SIMATIC CC7
Configuration
4.10 Data points
Alternative:
• Duplicate row
You can also create new data points by copying existing data points.
To do so, select one or more data points using the check boxes (see below) and click
the "Duplicate row" button.
Then adjust the properties of the copied data points.
• Multi-editing
You use this button to open the "Data point configuration" dialog. You can set
specific parameters for all or previously selected data points in one editing step in the
dialog.
Select multiple data points for this function using the check box in the selection
column (left) of the data point table.
You can set the following parameters for multiple data points in the dialog:
– Target
– Access
– Trigger
For the meaning of the parameters, see below.
Multi-editing is practical especially when you are importing large volumes of data
points which are to receive the same values for the specified parameters.
After configuring the specified parameters in the "Data point configuration" dialog,
click on the respective check boxes of the parameters in the dialog. Only these
parameters are set.
You can then assign the parameter values to the data points:
– Set for selected
Assigns the parameter values to those data points that you selected before
opening the dialog.
– Set for all
Assigns the parameter values to all data points of the data point table.
Selection of data points using the selection column

Using the check boxes in the selection column on the left in the table, you can select
individual data points for copying, deleting and multi-editing.
You use the top check box in the table header to select all data points of the table.
SIMATIC CC7
Configuration
4.10 Data points
Deleting data points
Note
Delete
You cannot undo deleting a data point.
You can delete individual data points using the "Delete" symbol in each row of the data
point table.
You can delete multiple data points by selecting them using the selection column (left)
and then clicking on the "Delete" button below the table.
Data point table

Configure the parameters of the data points in the table and save them. You can correct
or delete incorrect data points in the table.
The parameters are different depending on the transfer protocol of the data points. The
list below contains all parameters that can be configured for S7 and Modbus/TCP.
• Selection column
By using the check boxes in the left-hand column, you can select all, individual or
multiple rows for multi-editing, copying or deleting.
• Target
Select the target system you wish to use for the respective data point.
– -
No target system is assigned to the data point. Data is not being read or
transferred.
– Cloud
– OPC UA
• Data point name
Assign a unique name to the data point.
• Data type
Configured data point of the data area of the data point to be read
You can find the data types supported in the table of data types below.
• Operand area (S7 stations only)
The following operand areas of the CPU are available for S7:
– I - Input
– M - Memory
– Q - Output
– DB - Data block
SIMATIC CC7
Configuration
4.10 Data points
• Memory area (Modbus stations only)

The following areas (tables) of the station memory area are available for selection
with Modbus/TCP:
– Discretes Input
– Coil
– Input Register
– Holding Register
• DB number (S7 stations only)
Number of the S7 CPU DB
Make sure that the number matches the actually configured number of the data
block.
• Offset / address (S7 stations only)
Address of the operand depending on the data area
Enter the value as a decimal number:
– Address (input, memory, output, DB)
Information for Bool operands in <Byte.bit>. E.g.: 0.6
Information for operands ≥ byte in <bytes>. E.g.: 3
– Offset of the operand for the start address of the operand area (coil, tab)
Information in <bytes>. E.g.: 12
• Node ID (OPC UA stations only)
ID of the node for unique identification of the object at the OPC UA server.
• Length (S7 and Modbus stations only)
Number of characters for the "String" data type (S7 station: 1 .. 254, Modbus station:
64)
• Access
The option specifies access of the communication partners to the gateway data.
• Read
Only read access is permitted.
• Read/write
Read and write access is permitted.
• Write
Write access is permitted.
SIMATIC CC7
Configuration
4.10 Data points
Trigger
You use the triggers to specify the conditions that initiate the transfer of the value saved
in the device to the broker.
Up to two triggers can be selected per data point. The following trigger classes can be
configured:
• Time trigger
– Cyclic
Cyclic transmission - configurable cycle
– Time
Once daily / Once weekly / Once monthly
• Value trigger
– Deviation: Transmission in case of deviation from the last stored value
– Threshold LOW: Transmission if value is below the threshold
– Threshold HIGH: Transmission if value is above the threshold
– Range within: Transmission when the value enters a value range
– Range outside: Transmission when the value leaves a value range
• Input trigger
– Digital input
Transfer upon edge change at the digital input
You can combine two triggers for each data point. When two triggers are configured, the
transfer is initiated as soon as one of the two trigger conditions is met.
Not all trigger types can be combined for a variable in practice. The following trigger
combinations are supported:
Permitted trigger combinations

Trigger 1 Trigger 2
Cyclic Value trigger
Time -
Value trigger Cyclic
Input trigger Value trigger
Additional restrictions can result from the trigger types supported by the individual data
types; see "Data types" table below.
SIMATIC CC7
Configuration
4.10 Data points
Trigger 1 / Trigger 2
The following types of triggers are available:
• Time trigger
For time triggers, select the value of the cycle and the respective unit of time from the
drop-down list.
– Cyclic
The value of the data point is transferred cyclically. Ranges of values:
100 .. 100 000 000 ms
1 .. 1 000 000 s
1 .. 1666 min
1 .. 27 h
– Once daily
The value is transferred once a day at the configured time.
– Once weekly
The value is transferred once a week.
– Once monthly
The value is transferred once a month.
If a month has fewer days than the day specified in the configuration, the value of
the data point is transferred at the end of the month.
• Value trigger
Select the type using the drop-down list and add the respective values.
The value ranges of the value triggers depend on the data type of the data point.
– Change
The value is transferred as soon as it changes compared to the value that was
read in before.
– Area outside
The value is transferred as soon as it is outside the configured area.
– Area within
The value is transferred as soon as it is inside the configured area.
– Threshold HIGH
The value is transferred as soon as it exceeds the configured value.
– Threshold LOW
The value is transferred as soon as it drops below the configured value.
Note:
The range of values of the station data point is converted to the range of values of the
device data point.
SIMATIC CC7
Configuration
4.10 Data points
• Input trigger
– Digital input
Transfer once upon edge change at the digital input
Alternatively with edge change 1 → 0 or 0 → 1
Data types
Not every data type supports all trigger types. The following tables list the configurable
data types and specify the supported trigger types for each data type.
Table 4- 3 Data types for S7 station
S7 station Data type in the target sys- Supported triggers

tem
Data type Bit width Operand area OPC server MQTT Time Value
BOOL 1 I, Q, M, DB Boolean BOOL x x
(value 0 only)
CHAR 8 I, Q, M, DB bytes CHAR x x
SINT** 8 I, Q, M, DB SByte INT8 x x
INT 16 I, Q, M, DB Int16 INT16 x x
DINT 32 I, Q, M, DB Int32 INT32 x x
LINT* 64 I, Q, M, DB Int64 INT64 x x
USINT** 8 I, Q, M, DB bytes UINT8 x x
UINT** 16 I, Q, M, DB UInt16 UINT16 x x
UDINT** 32 I, Q, M, DB UInt32 UINT32 x x
ULINT* 64 I, Q, M, DB UInt64 UINT64 x x
BYTE 8 I, Q, M, DB bytes UINT8 x x
WORD 16 I, Q, M, DB UInt16 UINT16 x x
DWORD 32 I, Q, M, DB UInt32 UINT32 x x
LWORD* 64 I, Q, M, DB UInt64 UINT64 x x
REAL 32 I, Q, M, DB Float SINGLE_FLOA x x
T
LREAL** 64 I, Q, M, DB Double DOUBLE_FLO x x
AT
DATE_AND_TI 64 DB DateTime S7_DT***** x -
ME***
DTL** 96 DB DateTime*** S7_DTL***** x -
*
STRING 2..256 bytes DB String STRING x -
* S7-1500 only
** S7-1200/1500 only
*** S7-300/400/1500 only
**** The accuracy of the DTL (1 ns, 10-9 seconds) is restricted to 100 ns (10-7 seconds) for OPC DateTime.
***** Formatting according to ISO 8601, e.g. "2020-03-31T08:25:59.1234+02:00".
SIMATIC CC7
Configuration
4.10 Data points
Table 4- 4 Data types for Modbus client
Modbus client Data type in the target sys- Supported triggers

tem
Data type Bit width Memory area OPC server MQTT Time Value
BOOL 1 Coil, Discrete Input Boolean BOOL x x
UINT16 16 Holding Register, UInt16 UINT16 x x
Input Register
UINT32 32 Holding Register, UInt32 UINT32 x x
Input Register
FLOAT 32 Holding Register, Float SINGLE_FLOAT x x
Input Register
STRING 64 bytes Holding Register, String STRING x -
Input Register
Modbus data types

The Modbus standard only recognizes 1-bit and 16-bit data objects. The extended data
types are transmitted as 2 or 4 consecutive 16-bit data objects.
When using other data types in the device and in downstream applications, you must
map and interpret the data read from the station in a user-specific manner.
Table 4- 5 Data types for OPC stations
OPC server Data type in the target system Supported triggers

Data type Bit width OPC server MQTT Time Value
Boolean 1 Boolean BOOL x x (value 0 only)
SByte 8 SByte INT8 x x
Int16 16 Int16 INT16 x x
bytes 8 bytes UINT8 x x
UInt16 16 UInt16 UINT16 x x
Float 32 Float SINGLE_FLOAT x x
Double 64 Double DOUBLE_FLOAT x x
DateTime 64 DateTime DTL *** x -
String* 0..256 bytes String STRING x -
S7_DATE_AN 8 bytes DateTime DT-STRING (ISO x -
D_TIME** 8601)
* If the string exceeds 256 bytes in the OPC Server, the string cannot be read by the OPC UA client and the Quali-
tyCode changes to BAD.
** An S7-1500 maps the internal data type DATE_AND_TIME as byte array with length of 8 in its OPC UA server. This
array can be interpreted by the OPC UA client of the CC7 as S7-DATE_AND_TIME variable and forwarded to the
target system with the date/time value.
*** Formatting according to ISO 8601, e.g. "2020-03-31T08:25:59.1234+02:00".
SIMATIC CC7
Configuration
4.10 Data points
Restrictions for MindConnect IoT Extension

The following data is not supported:
• Time stamp
• With S7-LINT / S7-ULINT:
Integers from 263 to 264
The following data types are only supported when they are transferred as event:
• Bool
• String
See also
User data format (Page 107)
4.10.3 Import variables

In addition to manual data point configuration, you can import the variable information
using a file exported from STEP 7 for S7 stations.
When importing variables from STEP 7 files, you can select whether or not previously
configured data points are to be deleted or not.
After importing variables from STEP 7 files, you can also manually configure more data
points.
Observe the following limits for the import:
• Maximum number of variables per file: 5000
• Maximum number of variables per station: 5000
The value also applies to the import of multiple files.
• Maximum number of elements per S7 array: 500
Requirement: Creating CPU variables in STEP 7

As a prerequisite for using the function, you need to have created variables or symbols in
the respective CPU in your STEP 7 project.
• STEP 7 Professional (TIA Portal)
– DB variables
The "Optimized block access" option must be disabled in DBs.
– PLC tags
• STEP 7 V5.6
– DB variables
– Symbols
SIMATIC CC7
Configuration
4.10 Data points
Export from STEP 7

In the STEP 7 project, export the variables into an export file.
Recommendation: Give the export files meaningful names from which the station type,
station name and possibly the DB number can be derived.
The following file formats are supported: *.db, *.awl, *.xlsx, *.sdf, *.xml, *.dif, *.asc
• STEP 7 Professional (TIA Portal)
DB variables
– Select the DB.
– Click on the shortcut menu "Generate source from blocks > Selected blocks only".
– Select the file type "DB files (*.db)" and click "Save".
PLC tags
– Open the tag table
– Click on the "Export" icon above the tag table.
– Select the relevant options in the following dialog.
– Save the PLC tags in one of the following file formats: *.xlsx, *.xml, *.sdf
• STEP 7 V5.6
DB variables
– In SIMATIC Manager, open the DB in the block directory of the CPU.
– Click on "File > Generate source" in the block editor.
– In the "New" dialog, select the sources of the CPU, assign a name for the file
under "Object name" and click on OK.
– In the next dialog "Generate source", move the DB(s) to the "Blocks selected" box
using the arrow symbol.
Select the "Absolute" option and click on OK.
– Close the block window.
– In SIMATIC Manager, in the source directory of the CPU, select the newly
generated source and click on the shortcut menu "Export source".
– In the "Export source" dialog, select the desired target directory in the PC file
system.
– Select the file type "STL source (*.awl)" and click "Save".
Symbols
– Select the S7 program of the CPU in SIMATIC Manager.
– Open the symbol table.
– Click on the menu "Table > Export".
– Save the symbol table in one of the following file formats: *.SDF, *.ASC, *.DIF
SIMATIC CC7
Configuration
4.10 Data points
Import variables
1. Save the file exported from STEP 7 with the variable information in the file system of
your PC.
2. Open the WBM tab "Data points > Import PLC configuration".
3. Click "Browse", select the desired STEP 7 file and click on "Open".
The file name is displayed in the WBM.
4. If you do not want to use the file, click "Delete source file".
Both the file and variables already imported in the table are deleted (see below) are
deleted.
5. If you want to use the file, click "Import source file".
The import process is shown by a progress bar.
If you want to import multiple files, repeat the operation "Browse" > "Import source
file".
After a source file is imported from a DB, the following columns are first shown in a
table:
– Data block (DB name)
– Operand area (DB)
– DB number
Only this box can be edited.
6. Assign the DB number according to the STEP 7 configuration and click "Save".
This does not yet apply the data to the data point list of the application.
After the DB number is assigned or a source file is imported from a variable list, the
variables are displayed in a table with the following columns.
– Selection column
Used to select data points for partial transfer into the application.
– Delete
Deletes the respective variable from the table.
– Data point name
The data point name is formed from the following two components and applied
later:
- DB variable: <DB name>__<Variable name>
- PLC tag/symbol: <Operand range>__<Symbol name>
– Data type, operand area, DB number, offset, length
The relevant data pertaining to the contents of the source file is displayed.
SIMATIC CC7
Configuration
4.10 Data points
7. Transfer the variables into the application.

– If you want to apply all variables of the table, click "Import all".
– If you only want to use some of the imported variables, select these variables (left-
hand column) and click on "Import selection".
The applied variables are deleted from the table.
8. Then go to the WBM tab "Data points", check the applied variables and click "Save".
You can continue editing the applied variables in the "Data points" tab.
4.10.4 OPC UA browsing
Browse OPC UA address space

• Select station
Select one of the created stations to display the settings.
Name of the OPC UA application of the gateway.
• Application URI
Unique URI of the station.
Name of the OPC UA application of the gateway.
• Server address (IPv4) / (IPv6)
The IPv4 or, if applicable, the IPv6 address of the station is displayed.
• Security policy
The option selected for the station is displayed.
• Status
Shows the status of the stations. Options: "Connected" or "Disconnected".
• Only show supported variables
Displayed when a successful connection to the station is established. When enabled,
all invalid data points that are not supported are hidden.
• Import
The import transfers the selected variables to the application.
SIMATIC CC7
Configuration
4.11 Maintenance
Browse OPC UA
1. Select the desired station via "Select station".
2. Click the "Connect" button.
3. Confirm the message that the connection to the server was successful.
Result: The selected station with the associated variables is displayed. The "Display
only supported variables" option can also be selected.
You can now browse through the individual folders or variables and import variables.
Import variables
Select individual variables or entire folders and click "Import". To mark an entire folder,
you need to open it once. The variables are transferred to the "Data points" WBM tab
and can be edited there.
4.11 Maintenance
4.11.1 System time

In this tab, you set the time or configure the time-of-day synchronization of the gateway.
Time-of-day format and time stamps

The device keeps the time internally as UTC. The local time configured in the WBM is
displayed with time zone and optional consideration of daylight saving / standard time.
The time stamps of the transferred data are transferred in UTC format (48 bits).
Synchronization method
You can synchronize the time of day manually or via NTP (Network Time Protocol).
Note
Time-of-day synchronization
For applications that require time-of-day synchronization, you should synchronize the
time of day of the device. If you do not synchronize the time of day regularly, there may
be deviations of several seconds each day between the device and its communication
partners.
SIMATIC CC7
Configuration
4.11 Maintenance
System time
• Using NTP server
Enable the option if the time of day is to be synchronized via NTP.
When this option is disabled, you can set the time of day of the device manually.
• NTP server address
Enter the address of the NTP server as IPv4/IPv6 address or as DNS name.
• Synchronization cycle (s)
Specifies the cycle of the time-of-day queries to the NTP server.
Range of values in seconds: 16..1024
• NTP (secure)
The secure method NTP (secure) uses authentication with symmetrical keys.
Parameters for the NTP (secure) method

• Key ID
Key ID of the NTP server. Numeric value.
Range of values: 1..65534
• Hash algorithm
Select alternatively:
– SHA-1
– MD5
• Key format
Specify the format in which you enter the key:
– ASCII
– HEX (hexadecimal)
• Key
Enter the NTP key in the selected format.
Permitted key length:
– ASCII: 5..20
– Hexadecimal: 10-40
SIMATIC CC7
Configuration
4.11 Maintenance
• Time zone
In NTP mode, it is generally UTC (Universal Time Coordinated) that is transferred.
This corresponds to GMT (Greenwich Mean Time).
The time offset from UTC can be set by configuring the local time zone.
• Use daylight saving time changeover
If enabled, the system time is changed to daylight saving time, i.e. one hour is added.
Also enter when daylight saving time should be enabled and disabled.
If disabled, the current system time is not changed.
Manual setting of date and time
Note
Time does not continue to run when no voltage is applied
If you switch off the power supply to the gateway, the manually set time will not continue
to run during the power-off period.
The text boxes for date and time are only active with disabled time-of-day
synchronization via NTP.
To set the time, use the time table and the calendar via the symbols on the right, or enter
the data according to the following specifications.
• Time
Enter the current time of day manually in the specified format:
– hh:mm:ss
Hour, minute and second can also be entered as single digits.
• Date
Enter the current date manually in the specified format:
– DD/MM/YYYY
Month and day can also be entered as single digits.
Example: March is accepted as "03" or as "3".
• Save
When you click this button, the application saves the entered settings.
• Apply
The device only applies the saved time data when you click "Apply".
SIMATIC CC7
Configuration
4.11 Maintenance
4.11.2 Certificate management
Web server certificate

The application contains a certificate issued by the manufacturer for HTTPS
communication with the WBM.
To increase security, you can also import your own server certificate and a private key.
Requirement for import: The certificate is saved on your PC.
– Click the "Browse" button.
A browser opens to search the content of your PC file system.
Select the file saved on your PC.
– Then click "Import" to download the certificate.
The file name is displayed after importing a file.
• Import private key
Requirement for import: The key is saved on your PC.
– Click the "Browse" button.
A browser opens to search the content of your PC file system.
Select the file saved on your PC.
– Then click "Import" to download the key.
The file name is displayed after importing a file.
• Apply
Click the button to use the new files.
The compatibility and integrity of the imported files is checked first.
– In case of a positive result, the web server is restarted using the new files.
– In case of a negative result, the web server continues working with the previous
files.
• Reset
Deletes imported web server certificates and keys from the gateway memory.
The certificate supplied by the factory is used again.
SIMATIC CC7
Configuration
4.11 Maintenance
4.11.3 User
Note
Loss of user data
Note changed or newly assigned user names and passwords.
When you lose the user data of the administrator, you no longer have access to the
WBM.
When losing the login data, you only have access to the WBM by resetting the device to
the factory settings. This is associated with a loss of data.
For the preset standard user data for initial login, see section Logging into the WBM
(Page 60).
Permitted length of the user name: 4...64 characters
Note
Changing the password
For security reasons, the user name and password preset at the factory must be
changed at the first login.
Passwort rules
Newly assigned user passwords must meet the following requirements:
• Minimum length: 8 characters
• At least 1 lowercase letter
• At least 1 uppercase letter
• At least 1 number
• At least one of the following special characters (ASCII 0x21..0x7E):
!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
Roles and rights

Only one administrator can be set up.
The administrator has the rights to change all data that is accessible in the WBM.
SIMATIC CC7
Configuration
4.11 Maintenance
Edit user
Note
Applying changed user data
Changed user data is applied immediately after it has been saved.
After the user data is changed, it must be used for the next login.
• Action
Select the required action:
– Change user name
– Change password
– Change user name and password
• Current password
Enter the current password before you make any changes.
• New user name
Enter a new user name to change it.
• Repeat user name
To confirm a new user name, repeat the user name entered above.
• New password
Enter a new password to change the password.
• Repeat password
Repeat the new password.
4.11.4 Firmware
You can find the current firmware version of the device on the WBM page Info (Page 62).
If a new firmware version is available, you can download the firmware file from the PC to
the gateway via this WBM page.
For new firmware files for the gateway, refer to the section Loading new firmware
(Page 147).
Note
Digitally signed and encrypted firmware
The firmware is signed and encrypted. This ensures that only firmware created by
Siemens can be downloaded to the device.
SIMATIC CC7
Configuration
4.11 Maintenance
Firmware update
• Firmware file
After selecting a firmware file stored on the PC using the "Search" button, the file
name is displayed here.
• Search
Searches the file system of the PC for a firmware file saved there that is intended to
be loaded on the gateway.
Firmware files have the file format *.upd.
After selecting the file, the name of the selected file is displayed but the firmware is
not used yet.
• Load on device
By clicking the button, you download the selected firmware file to the gateway.
The ongoing update process is indicated in the WBM by a progress bar.
After the update is complete, the gateway automatically reboots. After the restart you
will need to log in again.
Note
Firmware update
Note that updating the firmware can take a while.
• No input during activation
During activation until the gateway restarts, the WBM is not locked.
Do not change the WBM page during this time.
• No switch off of the gateway
Do not switch off the gateway during activation of the firmware. This avoids the
occurrence of inconsistent statuses.
• Automatic adoption of stored configuration changes
Configuration changes already saved but not yet adopted are automatically applied on
restart after a firmware update.
4.11.5 Backup and Restore

In this tab, you can save the configuration data of the gateway in a configuration file and
load it again.
Configuration files have the names ""CC712<Date and Time>.cfg" or "CC712<Date and
Time>.cfgp" or "CC716...".
You cannot edit configuration files because they are encrypted. If encrypted parts are
changed, the configuration file is rejected when you try to download it.
SIMATIC CC7
Configuration
4.11 Maintenance
Saving the configuration file on the PC is useful in the following cases:

• You want to use the configuration data of the gateway for another gateway.
• You want to use multiple gateways with similar configuration data.
• In case of replacement
You download the configuration data from the PC to another gateway and reconfigure
only the parameters that are different, if necessary.
You can also allow an inserted CLP to be formatted by the gateway.
CLP
Use this function to format a brand new CLP or one previously used by another device.
The formatting deletes the existing data on the CLP.
• CLP formatting
The inserted CLP is formatted after you click the "Format" button.
When the formatting process is complete, a message is displayed in the WBM. Do not
switch off the gateway before the message appears.
Export configuration
Note
Options for exporting a configuration
You have the following options when exporting a configuration:
• Without user data and PKI
This file with the *.cfg file extension only contains the device configuration with the
configured connections and data points. This file is suitable for transferring the
configuration to other gateways, since certificates and keys usually have to be
adapted.
• With user data and PKI
This file with the *.cfgp file extension contains the device configuration with the
configured connections and data points as well as all user data, passwords,
certificates and, if necessary, the corresponding private keys. With this file, another
gateway can take over all settings, e.g. when replacing parts, and immediately resume
operation.
• Password (optional)
The configuration file is stored encrypted. Additionally, you can secure the
configuration file against unauthorized use by entering a password (8-64 characters).
The configuration file can only be reloaded by entering this password.
• Export
Saves the configuration currently used by the gateway with the selected options to a
configuration file on the PC.
SIMATIC CC7
Configuration
4.11 Maintenance
Downloading a configuration
• Configuration file
After a configuration file saved on the PC is selected with the "Browse" button, the
file name is displayed here.
• Password (optional)
If a password was specified when the configuration file was saved, this password
must also be specified again when loading this configuration file.
• Browse
Searches the file system of the PC for a configuration file saved there that is intended
to be loaded on the gateway.
• Load on device
Downloads the configuration file shown under "File" to the gateway.
Note
The configuration data of the downloaded configuration file is only used by the
gateway after being applied to the runtime system ("Apply" button).
4.11.6 Communication / Restart
Process communication / Restart

On this page, you can stop or start the communication between gateway and process
stations and initiate a restart of the application.
With each command, a message is output by the system and the displayed status is
updated.
Process communication
The current status is displayed under "Status".
• Stop
Click the button to stop communication.
The labeling of the button changes.
• Start
Click the button to restart communication.
Restart
• Restart
Click the button to initiate a restart of the application.
SIMATIC CC7
Configuration
4.11 Maintenance
Reset to factory settings

Here, you can reset the application to factory settings.
Note
Data loss due to reset
Before you reset, note the effects of the reset described below.
• All configuration data, certificates, keys and user data are deleted by the reset.
• By resetting the IP parameters at the respective interface, the application can no
longer be reached using the previously configured address data.
The application can be reached at the factory set IP address of the respective
interface. For information on the preset IP parameters, see section Restarting and
resetting (Page 148).
The MAC addresses of the interfaces are not deleted by the reset.
• Reset
By clicking the button, you reset all data of the application to the factory settings.
After the reset, the application performs a restart.
4.11.7 Diagnostics
Diagnostic messages
This page contains diagnostics messages for internal events and errors.
• Update
Here you set whether and in which cycle the WBM updates the displayed diagnostic
messages.
The entries contain a time stamp and the message text.
• Notifications (NOTIFICATION) are displayed in bold
• Errors are displayed in red.
• Notes are displayed in blue.
• Warnings are displayed in yellow.
Examples of events:
- Startup
- Establishment/termination of a communications connection
- Change to the configuration
SIMATIC CC7
Configuration
4.11 Maintenance
4.11.8 Logging
Use of logging
By using the logging functions in log files, you can export important events to a file.
• Export
Click the button to export the respective file to the PC file system.
The exported files are displayed in the footer of the WBM. You can open the files from
the PC file system or directly from the WBM tab.
Export log files

• Trace
During runtime, information about important events is automatically saved. This data
contains information on the configuration, active procedures and error situations.
You should only use logging of events if you have problems with the application that
you cannot solve yourself.
Using the "Export" button, you can save this data in an "*.enc" logging file.
The information in this unreadable file is encrypted and can only be read by Siemens
Industry Online Support. Send the log file back to your contact at Siemens Industry
Online Support.
• Security messages
You can save the security events here. Possible file formats: *.log, *.csv
• Diagnostic messages
Here you can save the diagnostic messages of the device in a compressed archive
"diagnostic.tqz".
Unzip the *.tqz archive and the following extracted *.tar archive. You can find the
diagnostic messages in a *.log file.
• PROFIBUS/MPI (CC716)
Using the "Export" button, you can save this data in a "profibus.bin" logging file.
Security events
The gateway outputs Syslog messages according to RFC 5424 / RFC 5426. The
messages are based on IEC 62443-3-3.
When the address data of a Syslog server is input, the gateway sends the messages to
the server.
SIMATIC CC7
Configuration
4.11 Maintenance
If you do not have a Syslog server, leave the server address free.
• Server address
Enter the IP address of the Syslog servers.
• Server port
You can change the default server port 514 (UDP).
You will find a description of the Syslog messages in the appendix Syslog messages
(Page 165).
SIMATIC CC7
Diagnostics and maintenance 5
5.1 Diagnostics options
The following diagnostics options are available:
LEDs of the module

For information on the LED displays, refer to the section LEDs (Page 27).
Web Based Management (WBM)

To do this, you need to connect your PC to the gateway.
On the following WBM pages you obtain information on the status of the gateway:
• You will find general information on the status of the gateway on the start page of the
WBM, compare to section Info (Page 62).
• You will find the diagnostics messages on the diagnostics page of the WBM, refer to
the section Diagnostics (Page 144).
When important events occur, the gateway writes diagnostic messages to the
diagnostics buffer.
5.2 Loading new firmware

You can find the current firmware version of the device on the WBM page Info (Page 62).
New firmware versions

If a new firmware version is available for the module, you will find this on the Internet
pages of Siemens Industry Online Support:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/25621/dl)
Save the firmware file on the configuration PC.
Downloading new firmware files

You load a new firmware file from the configuration PC on the gateway via the WBM.
You will find the description in the section Firmware (Page 140).
SIMATIC CC7
Diagnostics and maintenance
5.3 Restarting and resetting
Functions and execution

The following functions are available for resetting:
• Restart
The configuration data is retained.
The gateway performs a restart.
You can perform the function via:
• Reset to factory settings
The configuration data is deleted.
The gateway performs a restart.
You can perform the function via:
– "SET" button
To operate the button, refer to the section The button "SET" (Page 32).
Restart
The gateway ends productive operation, restarts automatically and takes up productive
operation again with the existing configuration data.
Resetting to factory settings: Effect
Note
Data is deleted
With the resetting to factory settings, all configuration data and process data on the
gateway is deleted.
With a reset to factory settings, the gateway can only be reached over the factory default
address data.
SIMATIC CC7
• Deleted data
The following data is deleted in the gateway by resetting to factory settings:
– Addresses of the LAN interfaces configured by the user
They are reset to the factory default address data.
– All other configuration data of the gateway
– All process data in the memory of the gateway
– User names and passwords
– All imported certificates
– Diagnostics buffer
The following data is also deleted:
– All data on an inserted CLP
• Data not deleted
The following data is not deleted by resetting to factory settings:
– MAC address of the LAN interfaces
Restart after reset

• The gateway starts up without configuration data.
• The DHCP client function is disabled.
The gateway can only be reached over the default address data, refer to the section
Establishing a connection to the WBM (Page 59).
SIMATIC CC7
5.4 Device replacement in the event of a fault
5.4 Device replacement in the event of a fault
Device defective
If a fault develops, please send the device to your Siemens representative for repair.
Repairs on-site are not possible.
Replacing the gateway
WARNING
Before replacement
• Before replacing the gateway, read the safety notices in the section Important notes
on using the device (Page 35).
• While working on the device make sure that the power supply is turned off.
When replacing the gateway follow the steps described in the section Installation
(Page 39).
Transfer of the configuration data to the new gateway

If you have previously saved the configuration data of the gateway in a configuration file
on a PC or a CLP, you can download the data to the gateway after connecting the PC to
the gateway or after starting, refer to the section Backup and Restore (Page 141).
SIMATIC CC7
Technical specifications 6
6.1 Technical specifications - CloudConnect 712
Technical specifications - CloudConnect 712

Article number 6GK1411-1AC00
Attachment to Industrial Ethernet
Quantity 2 x gigabit interface (P1, P2)
Design RJ-45 jack, galvanically isolated
Properties
• Standard • 1000BASE-T, IEEE 802.3ab
• Transmission speeds • 10 / 100 / 1000 Mbps
• Other properties • Half duplex/full duplex, autocrossover, autonegotiation, autosensing
Power supply
Design Socket including 5-pin terminal block with reverse polarity protection
Power supply • Type of voltage • 24 V DC
• Permitted low limit • 19.2 V
• Permitted high limit • 28.8 V
Terminal block (Power supply)
Clamping screw M2
Screwdriver blade: 0.4 x 2.5 (DIN 5264)
Tightening torque 0.2...0.25 Nm
Connectable cable cross-sections • Without wire end ferrule • 0.5...2.5 mm2 / AWG 20...12
• With wire end ferrule • 0.5....1.5 mm2 / AWG 20 .. 16
Further electrical data
Current consumption (typical) 200 mA
Effective power loss (typical) 4.8 W
Overvoltage category according to Category II
IEC / EN 60664-1
Permitted ambient conditions
Ambient temperature During operation with the rack in- 0 °C ... +60 °C
stalled horizontally
During operation with the rack in- 0 °C ... +50 °C
stalled vertically
During storage -40 °C ... +70 °C
During transportation -40 °C ... +70 °C
Relative humidity During operation ≤ 60 % at 25 °C, no condensation
Permitted contaminant concentra- Corrosive gas test according to ISA-S71.04 severity level G1, G2, G3
SIMATIC CC7
Technical specifications
6.2 Technical Specifications - CloudConnect 716

tion
• SO2 • < 0.5 ppm
• H2 S • < 0.1 ppm
Design, dimensions and weight
Module format Compact module S7-1500
Degree of protection IP20
Weight 300 g
Dimensions (W x H x D) 35 x 147 x 127 mm
Mounting type • 35 mm DIN rail mounting
• S7-300 standard rail mounting
• Wall mounting
For further data, refer to section Application and functions (Page 13).

Article number 6GK1411-5AC00
Attachment to Industrial Ethernet
Quantity 2 x gigabit interface (P1, P2)
Design RJ-45 jack, galvanically isolated
Properties
• Standard • 1000BASE-T, IEEE 802.3ab
• Transmission speeds • 10 / 100 / 1000 Mbps
• Other properties • Half duplex/full duplex, autocrossover, autonegotiation, autosensing
Connection to PROFIBUS
Quantity 1 x PROFIBUS/MPI interface (MPI/DP)
Design and standard 9-pin D-sub socket, RS-485
Transmission speeds 9.6 kbps, 19.2 kbps, 45.45 kbps,
93.75 kbps, 187.5 kbps, 500 kbps,
1.5 Mbps, 3 Mbps, 6 Mbps, 12 Mbps
Maximum current consumption on 15 mA at 5 V (only for bus termination) *
the PROFIBUS interface when con-
necting network components (for
example, optical network compo-
nents)
Power supply
Design Socket including 5-pin terminal block with reverse polarity protection
Power supply • Type of voltage • 24 V DC
• Permitted low limit • 19.2 V
• Permitted high limit • 28.8 V
SIMATIC CC7

Cable cross-section connectable to • Without wire end ferrule • 0.2 .. 2.5 mm2 / AWG 24 .. 13
the terminal block
• With wire end ferrule • 0.25 .. 1.5 mm2 / AWG 24 .. 16
• With TWIN wire end ferrule • 0.5 .. 1.0 mm2 / AWG 20 .. 17
Further electrical data
Current consumption (typical) 250 mA
Effective power loss (typical) 6W
Overvoltage category according to Category II
IEC / EN 60664-1
Digital input
Quantity 1 x terminal block (DI)
Design 2-pin
Voltage Rated voltage 24 V DC Safety Extra Low Voltage (SELV)
• For state "1": 13 to 30 V DC
• For state "0": -30 to 3 V DC
Other properties • Maximum input current 8 mA
• Maximum cable length < 30 m
Cables should be routed in pairs

• Input isolated from electronics
• Minimum pulse length: 100 ms
Digital output
Quantity 1 x terminal block (DO)
Design Switch, 2-pole
Voltage Rated voltage 24 V DC Safety Extra Low Voltage (SELV)
Other properties • Internal, not current-limited
• Maximum current-carrying capacity 1 A
• Maximum cable length < 30 m
Cables should be routed in pairs

• Output isolated from electronics
Terminal blocks (power supply, digital input, digital output)
Clamping screw M2
Screwdriver blade: 0.4 x 2.5 (DIN 5264)
Tightening torque 0.2...0.25 Nm
Connectable cable cross-sections • Without wire end ferrule • 0.5...2.5 mm2 / AWG 20...12
• With wire end ferrule • 0.5....1.5 mm2 / AWG 20 .. 16
Permitted ambient conditions
Ambient temperature During operation with the rack in- 0 °C ... +60 °C
stalled horizontally
During operation with the rack in- 0 °C ... +50 °C
stalled vertically
During storage -40 °C ... +70 °C
SIMATIC CC7

During transportation -40 °C ... +70 °C
Relative humidity During operation ≤ 60 % at 25 °C, no condensation
Permitted contaminant concentra- Corrosive gas test according to ISA-S71.04 severity level G1, G2, G3
tion
• SO2 • < 0.5 ppm
• H2 S • < 0.1 ppm
Design, dimensions and weight
Module format Compact module S7-1500
Degree of protection IP20
Weight 400 g
Dimensions (W x H x D) 35 x 147 x 127 mm
Mounting type • 35 mm DIN rail mounting
• Wall mounting
* The current load due to an external consumer connected between VP (pin 6) and DGND (pin 5) must not exceed a
maximum of 15 mA (short-circuit proof) for bus termination.
For further data, refer to section Application and functions (Page 13).
SIMATIC CC7
Approvals 7
Approvals issued
Note
Issued approvals on the type plate of the device
The specified approvals apply only when the corresponding mark is printed on the
product. You can check which of the following approvals have been granted for your
product by the markings on the type plate.
EC declaration of conformity
The product meets the requirements and safety objectives of the following EC directives
and it complies with the harmonized European standards (EN) for programmable logic
controllers which are published in the official documentation of the European Union.
• 2014/34/EU (ATEX explosion protection directive)
Directive of the European Parliament and the Council of 26 February 2014 on the
approximation of the laws of the Member States concerning equipment and protective
systems intended for use in potentially explosive atmospheres, official journal of the
EU L96, 29/03/2014, pages. 309-356
• 2014/30/EU (EMC)
EMC directive of the European Parliament and of the Council of February 26, 2014 on
the approximation of the laws of the member states relating to electromagnetic
compatibility.; official journal of the EU L96, 29/03/2014, pages. 79-106
• 2011/65/EU (RoHS)
Directive of the European Parliament and of the Council of 8 June 2011 on the
restriction of the use of certain hazardous substances in electrical and electronic
equipment, official journal of the EC L174, 01/07/2011, page 88-110
The EC Declaration of Conformity is available for all responsible authorities at:
Siemens Aktiengesellschaft
Digital Industries
Process Automation
DE-76181 Karlsruhe
Germany
You can also find the EU Declaration of Conformity on the Internet at the following
address:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/25621/cert)
> Certificate: Declaration of conformity / EC/EU certificate of conformity
SIMATIC CC7
Approvals
IECEx
The product meets the requirements of explosion protection according to IECEx.
IECEx classification:
Ex ec IIC T4 Gc
Certificate: IECEx DEK 18.00xxX
Applied standards:
• EN 60079-0 - Explosive atmospheres - Part 0: Equipment - General requirements
• EN 60079-7 - Explosive Atmospheres - Part 7: Equipment protection by increased
safety 'e'
You can see the current versions of the standards in the IECEx certificate that you will
find on the Internet at the following address:
Note the conditions for the safe deployment of the product according to the section
Notes on use in hazardous areas according to ATEX / IECEx (Page 36).
You should also note the information in the document "Use of subassemblies/modules
in a Zone 2 Hazardous Area" that you will find on the Internet at the following address:
ATEX
The product meets the requirements of the EC directive:2014/34/EC "Equipment and
Protective Devices for Use in Potentially Explosive Atmospheres".
ATEX approval:
II 3 G Ex ec IIC T4 Gc
Type Examination Certificate: DEKRA 18ATEX00xxX
Applied standards:
• EN 60079-0 - Explosive atmospheres - Part 0: Equipment - General requirements
• EN 60079-7 - Explosive Atmospheres - Part 7: Equipment protection by increased
safety 'e'
The current versions of the standards can be seen in the EC Declaration of Conformity,
see above.
The conditions must be met for the safe deployment of the product according to the
section Notes on use in hazardous areas according to ATEX / IECEx (Page 36).
You should also note the information in the document "Use of subassemblies/modules
in a Zone 2 Hazardous Area" that you will find on the Internet at the following address:
EMC
The product meets the requirements of the EC Directive 2014/30/EU "Electromagnetic
Compatibility" (EMC directive).
SIMATIC CC7
Approvals
Applied standards:
• EN 61000-6-4
Electromagnetic compatibility (EMC) - Part 6-4: Generic standards - Emission
standard for industrial environments
• EN 61000-6-2
Electromagnetic compatibility (EMC) - Part 6-2: Generic standards - Immunity for
industrial environments
RoHS
The product meets the requirements of the EC directive 2011/65/EU on the restriction of
the use of certain hazardous substances in electrical and electronic equipment.
Applied standard:
• EN 50581:2012
c(UL)us
Applied standards:
• Underwriters Laboratories, Inc.: UL 61010-1 (Safety Requirements for Electrical
Equipment for Measurement, Control, and Laboratory Use - Part 1: General
Requirements)
• IEC/UL 61010-2-201 (Safety requirements for electrical equipment for measurement,
control and laboratory use. Particular requirements for control equipment)
• Underwriters Laboratories, Inc.: UL 62368-1 (Audio/video, information and
communication technology equipment - Part 1: Safety requirements)
cULus Hazardous (Classified) Locations

Underwriters Laboratories, Inc.: CULUS Listed E223122 IND. CONT. EQ. FOR HAZ. LOC.
Applied standards:
• ANSI ISA 12.12.01
• CSA C22.2 No. 213-M1987
APPROVED for Use in:
• Cl. 1, Div. 2, GP. A, B, C, D T4
• Cl. 1, Zone 2, GP. IIC T4
Ta: Refer to the temperature class on the type plate
General notices on use in hazardous areas according to UL HazLoc / FM (Page 38).
SIMATIC CC7
Approvals
FM
Factory Mutual Approval Standard Class Number 3600, 3611, 3810
FM16US0205X
Equipment rating:
Class I, Division 2, Group A, B, C, D, Temperature Class T4, Ta = 0..50/70 °C *
Class I, Zone 2, Group IIC, Temperature Class T4, Ta = 70 °C
ANSI/ISA-61010-1 (82.02.01)
* Remember that the permitted ambient temperature depends on the mounting position;
see section Technical specifications - CloudConnect 712 (Page 151).
Ta: Refer to the temperature class on the type plate
General notices on use in hazardous areas according to UL HazLoc / FM (Page 38).
Australia - RCM
The product meets the requirements of the AS/NZS 2064 standards (Class A).
MSIP 요구사항 - For Korea only

A급 기기(업무용 방송통신기자재)
이 기기는 업무용(A급) 전자파 적합기기로서 판매자 또는 사용자는 이 점을 주의하시기
바라며, 가정 외의 지역에서 사용하는것을 목적으로 합니다.
Note that in terms of the emission of interference, this device corresponds to limit class
A. This device can be used in all areas except for residential environments.
Current approvals
SIMATIC NET products are regularly submitted to the relevant authorities and approval
centers for approvals relating to specific markets and applications.
If you require a list of the current approvals for individual devices, consult your Siemens
contact or check the Internet pages of Siemens Industry Online Support:
SIMATIC CC7
Dimension drawings 8
All dimensions in the dimension drawings are in millimeters.
Figure 8-1 Front view
SIMATIC CC7
Dimension drawings
Figure 8-2 Side view
SIMATIC CC7
Accessories A
You will find details and ordering data for the products of the accessories program in the
Siemens Industry Mall, see:
Link: (https://mall.industry.siemens.com)
A.1 Power supply
Power supplies for the gateway

Excerpt from the Siemens program for power supplies SITOP and S7-1500:
• SITOP PSU100C
24 V / 0.6 A stabilized power supply, input: AC 120/230 V, output: DC 24 V / 0.6 A
Article number: 6EP1331-5BA00
• SIMATIC PM 1507 24 V / 3 A
Stabilized power supply for SIMATIC S7-1500, input: AC 120/230 V, output:
DC 24 V / 3 A
• SIMATIC PM 1507 24 V / 8 A
Stabilized power supply for SIMATIC S7-1500, input: AC 120/230 V, output:
DC 24 V / 8 A
SIMATIC CC7
Accessories
A.2 CLPs
A.2 CLPs
Usable CLPs
The device can be operated with a CLP, an exchangeable storage medium for storage of
configuration data. A CLP does not ship with the device.
The following CLPs are available:
• SCALANCE CLP 2GB
Article number: 6GK1900-0UB00-0AA0
Exchangeable storage medium for easy device replacement
• SCALANCE CLP EEC 2GB
Article number: 6GK1900-0UQ00-0AA0
Exchangeable storage medium with painted circuit boards for easy device
replacement
SIMATIC CC7
Escape sequences B
B.1 JSON escape sequences
JSON escape sequences

When the JSON format is used for the user data, the following characters are converted
into escape sequences in the Publisher:
For the subscriber, the escape sequences are converted into the reverse direction.
To transfer the user data, see section User data format (Page 107).
Characters JSON escape sequence Note

\n \\n New line *
\r \\r Line break *
\t \\t Tab *
\" \\" Quotation marks
\\ \\\\ Double backslash
\u0000 \\u0000
\u0001 \\u0001
\u0002 \\u0002
\u0003 \\u0003
\u0004 \\u0004
\u0005 \\u0005
\u0006 \\u0006
\u0007 \\u0007
\b \\u0008
\t \\u0009
\n \\u000A
\u000b \\u000B
\f" \\u000C
\r \\u000D
\\u000e \\u000E
\u000f \\u000f
\u0010 \\u0010
\u0011 \\u0011
\u0012 \\u0012
\u0013 \\u0013
\u0014 \\u0014
\u0015 \\u0015
\u0016 \\u0016
\u0017 \\u0017
SIMATIC CC7
Escape sequences
B.1 JSON escape sequences
Characters JSON escape sequence Note

\u0018 \\u0018
\u0019 \\u0019
\u001a \\u001a
\u001b \\u001b
\u001c \\u001c
\u001d \\u001d
\u001e \\u001e
\u001f \\u001f
\u007F \\u007F
* Not configurable in STEP 7 as name component
SIMATIC CC7
Syslog messages C
Security events
The gateway outputs Syslog messages according to RFC 5424. The messages are based
on IEC 62443-3-3.
C.1 Structure of the messages
C.1.1 Structure of the Syslog messages

Syslog messages record changes in device states as status information. Syslog
messages according to RFC 5424 or RFC 5426 are output by devices and transferred to a
server via the set UDP port (standard: 514). The Syslog server collects the information of
the devices and informs you about these events.
The Syslog protocol prescribes a fixed sequence and structure of the possible
parameters. Syslog messages according to RFC5424 have the following structure:
Part / Parameter Explanation

HEADER
PRI Priority of the Syslog message, divided into:
• Severity (Severity)
Possible values:
– 0 Emergency
– 1 Alert
– 2 Critical
– 3 Error
– 4 Warning
– 5 Notice
– 6 Information
– 7 Debug
• Facility (Origin)
Possible values, e.g.: Sub-system, service, user
VERSION Version number of the Syslog specification
TIMESTAMP Time stamp of the device as local time including time zone and correction for daylight sav-
ing/standard time
Format: YYYY-MM-DDThh:mm:ss.msmsmsms+xx:yy
Example: 2010-01-01T02:03:15.0003+02:00
SIMATIC CC7
Syslog messages
C.1 Structure of the messages
Part / Parameter Explanation

HOSTNAME Identifies the source device by either:
• FQDN
• IPv4 address according to RFC1035: Bytes in decimal representation: XXX.XXX.XXX.XXX
• IPv6 address according to RFC4291 Section 2.2
• Host name
"-" is output if information is missing.
In the product: The configured IPv4 address of the process interface P2
APP-NAME Device or application from which the message originates. "-" is output if information is miss-
ing.
In the product: "-"
PROCID The process ID serves to clearly identify the individual processes, for example during analysis
and troubleshooting. "-" is output if information is missing.
In the product: "-"
MSGID ID to identify the message. "-" is output if information is missing.
In the product: "-"
STRUCTURED-DATA
timeQuality The structured data element "timeQuality" provides information on system time with the two
parameters "tzKnown" and "isSynced".
Example: [timeQuality tzKnown="0" isSynced="0"]
• tzKnown
This parameter specifies whether the time zone is known in the source device.
– 1 = known
– 0 = unknown
• isSynced
This parameter specifies whether the source device is synchronized with a reliable exter-
nal time source, e.g. via NTP.
– 1 = synchronized
– 0 = not synchronized
MSG
MESSAGE Message text as ASCII string (English)
You can read more detailed information on the structure of the Syslog messages and on
the meaning of the parameters in the RFCs:
https://tools.ietf.org/html/rfc5424
https://tools.ietf.org/html/rfc5426
C.1.2 Variables in Syslog messages

The variables are displayed in the section "Syslog messages" in the field "Message text"
within curly brackets {variable}.
SIMATIC CC7
Syslog messages
C.2 Syslog messages
The output messages can contain the following variables:
Variable Description Format Possible values or ex-

ample
{IP address} IPv4 address according to RFC1035 %d.%d.%d.%d 192.168.1.105
IPv6 address according to RFC4291 Section 2.2 XXX.XXX.XXX.XXX 2001:DB8::8:800:200C:41
7A
{FQHN} Fully Qualified Host Name: Completely specified FQDN: host1.com server1
host name; specification as domain (FQDN) or as IPv4: %d.%d.%d.%d 192.168.1.105
IP address.
{Protocol} Layer 4 protocol or service used that generated the %s UDP | TCP | WBM | PB |
event. OPC
{User name} String (without spaces) that identifies the authen- %s <Admin>
ticated user by his or her name.
{Time mi- Number of minutes %d 1
nute}
{Timeout}
{Time sec- Number of seconds %d 600
ond}
{Failed login Number of failed login attempts %d 3
count}
{Max ses- Maximum number of sessions %d 1
sions}
{Version} Name of the version (without spaces) %s V1.2.6
{Config de- String to identify the WBM session. %s ELXsKPKGzxFey7ap92bq
tail} BbbU7uxtazb7QCEaptnp
ZDGoaO05XK5l6UpbF1H
UTFV2
C.2 Syslog messages

The gateway outputs the following SYSLOG messages, sorted by classes:
C.2.1 Process communication status
SE_COMMUNICATION_STARTED_(protocol)
Message text {Protocol}: User {User name} started the process communication.
Example Console: User <user name> started the process communication.
Explanation The user has started the process communication.
Severity Notice
Facility local0
Standard -
SIMATIC CC7
Syslog messages
C.2 Syslog messages
SE_COMMUNICATION_STOPPED_(protocol)
Message text {Protocol}: User {User name} stopped the process communication.
Example Console: User <user name> stopped the process communication.
Explanation The user has stopped the process communication.
Severity Notice
Facility local0
Standard -
C.2.2 IACS User identification and authentication
SE_NETWORK_SUCCESSFUL_LOGON_(protocol)
Message text {Protocol}: User {User name} logged in from {IP address}.
Example Console: User admin logged in from 192.168.0.1.
Explanation Login with valid login information
Severity Info
Facility local0
Standard IEC 62443-3-3 Reference: SR 1.1
SE_NETWORK_UNSUCCESSFUL_LOGON_(protocol)
Message text {Protocol}: User {User name} failed to log in from {IP address}.
Example Console: User admin failed to log in from 192.168.0.1.
Explanation Incorrect user name or password specified during login.
Severity Error
Facility local0
SE_LOGOFF (protocol)
Message text {Protocol}: User {User name} logged out from {IP address}.
Example Console: User admin logged out from 192.168.0.1.
Explanation Session ended with user logout.
Severity Info
Facility local0
SIMATIC CC7
Syslog messages
C.2 Syslog messages
SE_DEFAULT_USER_AUTHENTICATION_USED (protocol)
Message text {Protocol}: Default user {User name} logged in from {IP address}.
Example Console: Default user <user name> logged in from 192.168.0.1.
Explanation Default user has logged in via the IP address.
Severity Info
Facility local0
Standard IEC 62443-3-3 Reference: n/a (NERC-CIP 007-R5)
C.2.3 Account management
SE_ACCESS_PWD_CHANGED_(protocol)_(own password)
Message text {Protocol}: User {User name} has changed the password.
Example Console: User admin has changed the password.
Explanation User has changed own password.
Severity Notice
Facility local0
SE_ACCOUNT_NAME_CHANGE_(protocol)_(user)
Message text {Protocol}: Default user account was changed to {User name}.
Example Console: Default user account was changed to <new user>.
Explanation The default account was changed.
Severity Notice
Facility local0
C.2.4 Unsuccessful login attempts
SE_ACCOUNT_LOCKED_TEMP_(protocol)_(User)
Message text {Protocol}: User {User name} account is locked for {Time minute} minutes after {Failed login
count} unsuccessful login attempts.
Example Console: User admin account is locked for 544 minutes after 2 unsuccessful login attempts.
Explanation After too many failed login attempts, the corresponding user account is locked for a specific
time.
Severity Warning
Facility local0
SIMATIC CC7
Syslog messages
C.2 Syslog messages
C.2.5 Remote session termination
SE_RAS_SESSION_TERMINATED_INACTIVITY_(protocol)
Message text {Protocol}: Remote session {Config detail} was closed after {Time second} seconds of inactiv-
ity.
Example WBM: Remote session o1cs3jjKy... was closed after 600 seconds of inactivity.
Explanation The session was closed after a period of inactivity.
Severity Notice
Facility local0
C.2.6 Concurrent session control
SE_ACCESS_DENIED_NUMBER_OF_CONCURRENT_SESS_(protocol)
Message text {Protocol}: The maximum number of {Max sessions} concurrent login session exceeded.
Example WBM: The maximum number of 1 concurrent login session exceeded.
Explanation The maximum number of simultaneous sessions has been reached.
Severity Warning
Facility local0
C.2.7 Non-repudiation (config change)
SE_CONFIG_CHANGE_(protocol)_(complete configuration)
Message text {Protocol}: User {User name} has changed configuration.

Example WBM: User admin has changed configuration.
Explanation User has changed the configuration data by loading a new *.cfg file.
Severity Info
Facility local0
SE_CONFIG_CHANGE_(protocol)_(reset to factory)
Message text {Protocol}: User {User name} has initiated a reset to factory defaults.
Example WBM: User admin has initiated a reset to factory defaults.
Explanation User has initiated a reset to factory settings.
Severity Info
SIMATIC CC7
Syslog messages
C.2 Syslog messages
Facility local0
C.2.8 Communication integrity
SE_COMMUNICATION_DATA_INTEGRITY_ERROR_(protocol)
Message text {Protocol}: Integrity verification failed.

Example MQTT: Integrity verification failed.
Explanation Proof of integrity failed.
Severity Error
Facility local0
C.2.9 Session authenticity
SE_INVALID_SESSION_ID_(protocol)
Message text {Protocol}: Session ID verification failed.

Example WBM: Session ID verification failed.
Explanation The session ID is invalid.
Severity Error
Facility local0
C.2.10 IACS Backup
SE_BACKUP_SUCCESSFULLY_DONE_(protocol)
Message text {Protocol}: User {User name} created backup file.

Example Console: User <user name> created backup file.
Explanation User has created a backup file.
Severity Notice
Facility local0
SIMATIC CC7
Syslog messages
C.2 Syslog messages
SE_BACKUP_FAILED_(protocol)
Message text {Protocol}: User {User name} failed to create backup file.
Example Console: User <user name> failed to create backup file.
Explanation Creation of backup file by user failed.
Severity Error
Facility local0
C.2.11 IACS Recovery and Reconstitution
SE_BACKUP_RESTORE_FAILED_(protocol)
Message text {Protocol}: User {User name} failed to apply backup file.
Example Console: User <user name> failed to apply backup file.
Explanation Use of backup file by user failed.
Severity Error
Facility local0
SE_BACKUP_RESTORE_SUCCESSFULLY_DONE_(protocol)
Message text {Protocol}: User {User name} applied backup file.

Example Console: User <user name> applied backup file.
Explanation Backup file successfully used by user.
Severity Notice
Facility local0
SE_FW_DEPLOYMENT_SUCCEEDED_(protocol)_(user)
Message text {Protocol}: User {User name} activated the Firmware {Version}.
Example Console: User <user name> activated the Firmware V2.
Explanation Firmware successfully activated by user.
Severity Notice
Facility local0
SIMATIC CC7
Syslog messages
C.2 Syslog messages
SE_FW_DEPLOYMENT_FAILED_(protocol)_(user)
Message text {Protocol}: User {User name} failed to activate Firmware {Version}.
Example Console: User <user name> failed to activate Firmware V2.
Explanation Firmware activation by user failed.
Severity Error
Facility local0
SIMATIC CC7
Syslog messages
C.2 Syslog messages
SIMATIC CC7
Index
A M
Abbreviations/acronyms, 4 MAC address, 3
Application to the runtime system, 58 MQTT - version, 14
Apply, 58
Article numbers, 3
O
OPC UA, 14
B
Open Source Software, 61
Broker, 14
Browse OPC UA, 134
P
Ports, 54
C
Certificate validation (OPC), 82, 89
CLP, 19 Q
Configuration error, 94
QualityCode, 105
Connection abort, 106
Connections - Number, 20
R
D Recycling, 7
Reset to factory settings, 32
Data type alias, 129
DATAPOINT_TYPE, 129
Deadband, 91
S
DHCP, 19
Disposal, 7 Safety notices, 35
DNS server, 65 Service & Support, 7
SIMATIC NET glossary, 7
Subscriptions, 91
F
Firmware - Version, 3
T
Training, 7
G
Glossary, 7
W
Grounding, 42
WBM, 15, 21
Web Based Management, 21
I Web browser, 25
Import variables, 135
SIMATIC CC7
Index
SIMATIC CC7

Ba CC7 76

Uploaded by

Copyright:

Available Formats

Ba CC7 76

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ba CC7 76

Uploaded by

Copyright:

Available Formats

Preface

Application and functions 1

SIMATIC CloudConnect 712 (6GK1411-1AC00)

Siemens AG C79000-G8976-C503-03 Copyright © Siemens AG 2019 -

Figure 1 SIMATIC CC716

Product name Article number Functions

Purpose of the manual

Terminology: Names and abbreviations

New in this release

Current edition of the manual and application example on the Internet

Lizenzbedingungen Open Source - aufrufbar aus WBM

Recycling and disposal

SIMATIC NET glossary

Training, Service & Support

4.4.3 Log out ................................................................................................................................................61

5 Diagnostics and maintenance ............................................................................................................. 147

Applications of the gateway

1.2 Functions and communication services

Protocols for the cloud connection

Supported cloud systems

OPC UA server for process data

Configuration using the WBM

1.3 Configuration examples

Connecting process stations

Figure 1-1 CloudConnect 712: Connection of a station to the cloud

Figure 1-2 CloudConnect 716: Connection of stations to the cloud

Connection of process stations to external OPC UA clients

Figure 1-3 CloudConnect 712: Connection of a station to OPC UA clients

1.4 Other services and properties

Other services and properties

1.5 Configuration limits - communication

Connection resources over the process interface

Maximum number of connections

Number of process data

Connections over the Cloud interface

1.6 Range of functions of the WBM

Web Based Management (WBM)

Access to the WBM

Overview of the functions of the WBM

Reusing the configuration file

1.7 Scope of delivery and requirements

Requirements in the S7 stations

Web browser for the configuration PC

LED status OFF ON (steady light) * Flashing

* : Part flashes yellow and part lit green

Meaning of the LED displays

LED name LED pat- Meaning / Module status

No communication with process stations Possible causes:

No communication with cloud server. Possible causes:

LED name LED pat- Meaning / Module status

Reset is initiated (button pressed during startup).

Reset is executed (button can be released).

P1 / P2 Connection to Ethernet at interface P1 or P2

Established connection to PROFIBUS/MPI

2.2.1 Ethernet interfaces P1/P2

2.2.2 PROFIBUS/MPI interface (CC716)

9-pin D-sub socket (MPI/DP)

2.2.3 Digital Input / Output (CC716)

The output is a switch that switches the signal at +DO to -DO.