Ba CC7 76
Ba CC7 76
Ba CC7 76
Installation, wiring,
commissioning 3
Industrial Ethernet -
CloudConnect 4
SIMATIC CC7 Configuration
Diagnostics and
maintenance 5
Operating Instructions
Technical specifications 6
Approvals 7
Dimension drawings 8
Accessories A
Escape sequences B
Syslog messages C
10/2020
C79000-G8976-C503-03
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to
prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a
safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices
shown below are graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger
will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning
relating to property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the
specific task in accordance with the relevant documentation, in particular its warning notices and safety
instructions. Qualified personnel are those who, based on their training and experience, are capable of
identifying risks and avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant
technical documentation. If products and components from other manufacturers are used, these must be
recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning,
operation and maintenance are required to ensure that the products operate safely and without any
problems. The permissible ambient conditions must be complied with. The information in the relevant
documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this
publication may be trademarks whose use by third parties for their own purposes could violate the rights of
the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in
subsequent editions.
CAUTION
To prevent injury, read the manual before use.
Products
This document contains information on the following products:
SIMATIC CC712 / SIMATIC CC716
Hardware product version 1
Firmware version V1.5
Gateway for connection of a SIMATIC S7, OPC UA, or Modbus station to a cloud system,
OPC UA server for SIMATIC S7 data
The MAC address of the device is located below the socket for the power supply. You
will find the article number on the device front.
You will find the hardware product version on the right side of the device as placeholder
"X". "X 2 3 4", for example, indicates hardware product version 1.
Validity
This manual is valid for the following products:
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 3
Preface
Individual paragraphs or sections that are only valid for the CC716 are labelled with the
short form of the device.
Example: "PROFIBUS (CC716)"
Required experience
To install, commission and operate the module, you require experience in the following
areas:
• Data transfer via Ethernet / Internet / PROFIBUS
• Cloud systems, MQTT
• OPC UA
• Automation engineering
SIMATIC CC7
4 Operating Instructions, 10/2020, C79000-G8976-C503-03
Preface
Replaced edition
Edition 10/2019
Cross references
In this document there are cross references to other sections.
To be able to return to the initial page after jumping to a cross reference, some PDF
readers support the command <Alt>+<left arrow>.
License conditions
Note
Open source software
Read the license conditions for open source software carefully before using the product.
You will find the license conditions as a loadable file on the WBM pages of the device.
You will find the description of opening and loading license conditions in section Logging
into the WBM (Page 60).
You can find the file with the license conditions for Open Source software under the
following name:
• OSS_CloudConnect_99.html
Siemens provides products and solutions with industrial security functions that support
the secure operation of plants, systems, machines, and networks.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 5
Preface
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art
industrial security concept. Siemens’ products and solutions form one element of such a
concept.
Customers are responsible for preventing unauthorized access to their plants, systems,
machines and networks. These systems, machines and components should only be
connected to the enterprise network or the Internet if and only to the extent necessary
and with appropriate security measures (firewalls and/or network segmentation) in
place.
You can find more information on protective measures in the area of industrial security
by visiting:
https://www.siemens.com/industrialsecurity
(https://www.siemens.com/industrialsecurity).
Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends performing product updates as soon as they are
available and using only the latest product versions. Use of product versions that are no
longer supported, and failure to apply latest updates may increase customer’s exposure
to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security
RSS Feed under
https://www.siemens.com/industrialsecurity
(https://www.siemens.com/industrialsecurity).
Firmware
The firmware is signed and encrypted. This ensures that only firmware created by
Siemens can be downloaded to the device.
Device defective
If a fault develops, please send the device to your Siemens representative for repair.
Repairs on-site are not possible.
Decommissioning
Shut down the device properly to prevent unauthorized persons from accessing
confidential data in the device memory.
To do this, restore the factory settings on the device.
Also restore the factory settings on the storage medium.
SIMATIC CC7
6 Operating Instructions, 10/2020, C79000-G8976-C503-03
Preface
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 7
Preface
SIMATIC CC7
8 Operating Instructions, 10/2020, C79000-G8976-C503-03
Table of contents
Preface .........................................................................................................................................................3
1 Application and functions....................................................................................................................... 13
1.1 Application ......................................................................................................................................... 13
1.2 Functions and communication services ...................................................................................... 13
1.3 Configuration examples .................................................................................................................. 15
1.4 Other services and properties ....................................................................................................... 19
1.5 Configuration limits - communication ......................................................................................... 20
1.6 Range of functions of the WBM .................................................................................................... 21
1.7 Scope of delivery and requirements ............................................................................................. 22
2 LEDs, Connectors, Buttons, CLP ........................................................................................................... 27
2.1 LEDs ................................................................................................................................................... 27
2.2 Connections ...................................................................................................................................... 29
2.2.1 Ethernet interfaces P1/P2 ............................................................................................................. 29
2.2.2 PROFIBUS/MPI interface (CC716) .............................................................................................. 29
2.2.3 Digital Input / Output (CC716) ...................................................................................................... 30
2.2.4 External power supply ..................................................................................................................... 31
2.3 The button "SET" ............................................................................................................................. 32
2.4 CLP Slot ............................................................................................................................................. 33
3 Installation, wiring, commissioning....................................................................................................... 35
3.1 Important notes on using the device............................................................................................ 35
3.1.1 Notes on use in hazardous areas ................................................................................................. 35
3.1.2 Notes on use in hazardous areas according to ATEX / IECEx ................................................ 36
3.1.3 General notices on use in hazardous areas according to UL HazLoc / FM ........................ 38
3.2 Installation ......................................................................................................................................... 39
3.3 Connecting ......................................................................................................................................... 44
3.4 Commissioning ................................................................................................................................. 48
3.4.1 Commissioning ................................................................................................................................. 48
3.4.2 Using a CLP ....................................................................................................................................... 49
4 Configuration ............................................................................................................................................ 53
4.1 Security recommendations............................................................................................................. 53
4.2 Overview of the WBM pages.......................................................................................................... 56
4.3 General functions of the WBM ...................................................................................................... 57
4.4 Calling the WBM............................................................................................................................... 59
4.4.1 Establishing a connection to the WBM ....................................................................................... 59
4.4.2 Logging into the WBM..................................................................................................................... 60
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 9
Table of contents
SIMATIC CC7
10 Operating Instructions, 10/2020, C79000-G8976-C503-03
Table of contents
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 11
Table of contents
SIMATIC CC7
12 Operating Instructions, 10/2020, C79000-G8976-C503-03
Application and functions 1
1.1 Application
Process stations
The gateway can communicate with the following process stations:
• SIMATIC S7-300/400/1200/1500/LOGO!
S7 communication via:
– Ethernet
– PROFIBUS/MPI (CC716)
• Modbus controllers
Communication via Ethernet (Modbus/TCP)
• OPC UA Station
Communication via Ethernet and integrated OPC UA client
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 13
Application and functions
1.2 Functions and communication services
SIMATIC CC7
14 Operating Instructions, 10/2020, C79000-G8976-C503-03
Application and functions
1.3 Configuration examples
The OPC UA server is implemented based on the "Micro Embedded Device 2017 Server
Profile" of the OPC Foundation. For details, see:
Link:
(https://apps.opcfoundation.org/ProfileReporting/ModifyProfile.aspx?ProfileID=19dfd3d
2-eb5a-40b0-b80b-b2b181d9fc51)
The OPC UA server supports the functions relevant for this profile from the following
specifications:
• IEC/TR 62541-1 (08-2012) OPC Unified Architecture - Part 1: Overview and Concepts
• IEC/TR 62541-2 (02-2009) OPC Unified Architecture - Part 2: Security Model
For the supported security profiles, refer to the section OPC UA Security (Page 86).
• IEC 62541-3 (08-2012) OPC Unified Architecture - Part 3: Address Space Model
For the supported data types, refer to the section Data points (Page 123).
• IEC 62541-4 (08-2012) OPC Unified Architecture - Part 4: Services
• IEC 62541-5 (08-2012) OPC Unified Architecture - Part 5: Information Model
• IEC 62541-6 (08-2012) OPC Unified Architecture - Part 6: Mappings
• IEC 62541-7 (09-2010) OPC Unified Architecture - Part 7: Profiles
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 15
Application and functions
1.3 Configuration examples
A Modbus station or an OPC UA server, for example the automation device of a third-
party manufacturer, can also be connected to a cloud broker for data transfer.
• When it is connected to a SIMATIC S7, the gateway communicates using an S7
connection. Alternatively, S7 stations with OPC UA servers, e.g. a CPU1500 or a
CPU1200 as of FW 4.0, can also communicate via an OPC UA connection. The
gateway is the OPC UA client here. Data from the S7 station with activated block
optimization can also be accessed via OPC UA.
• When it is connected to a Modbus station, the gateway communicates using
Modbus/TCP.
• When connected to an OPC UA server, the gateway communicates with the process
station as an OPC UA client.
Configuring a CC712
The process station is a SIMATIC S7-300 in this example.
SIMATIC CC7
16 Operating Instructions, 10/2020, C79000-G8976-C503-03
Application and functions
1.3 Configuration examples
Configuring a CC716
You can connect up to 7 stations over Ethernet or PROFIBUS using the CC716 gateway.
The gateway transfers the data to a cloud broker using MQTT.
In the example shown, an S7 300 is connected via Ethernet, an S7 1200 and an S7 400
via PROFIBUS and an S7-1500 via OPC UA.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 17
Application and functions
1.3 Configuration examples
Configuring a CC712
In the configuration shown, the CC712 gateway transfers process data of an S7 station
over OPC UA to a central control room or one or more OPC UA clients.
The gateway reads process data from the S7 station and, as OPC UA server, makes it
available to one or more OPC UA clients.
Via the CC716 gateway, up to 7 SIMATIC S7, OPC UA or Modbus stations can be
connected via Ethernet or PROFIBUS and the data can be exchanged with the external
OPC UA clients.
SIMATIC CC7
18 Operating Instructions, 10/2020, C79000-G8976-C503-03
Application and functions
1.4 Other services and properties
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 19
Application and functions
1.5 Configuration limits - communication
SIMATIC CC7
20 Operating Instructions, 10/2020, C79000-G8976-C503-03
Application and functions
1.6 Range of functions of the WBM
OPC UA server
As OPC UA server, the gateway supports the following quantity structure.
• Number of variables
– CC712: Total of max. 500 symbols / PLC tags
– CC716: Total of max. 3500 symbols / PLC tags
• Number of supported subscriptions
Max. 5 subscriptions per session
In total maximum of 50 subscriptions at the same time
• Number of items per subscription
Max. 500 variables per subscription
Max. 2500 variables over all subscriptions
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 21
Application and functions
1.7 Scope of delivery and requirements
Scope of delivery
The following positions ship with the gateway:
• Gateway "CloudConnect 7"
• Terminal block for power supply of the gateway
• Terminal block for the digital input and the digital output (CC716)
SIMATIC CC7
22 Operating Instructions, 10/2020, C79000-G8976-C503-03
Application and functions
1.7 Scope of delivery and requirements
Required accessories
The following accessories (which do not ship with the product) are required for gateway
operation:
• Power supply
You need a 24 V DC external voltage source.
• PC
To configure the gateway, you need a configuration PC with suitable Web browser
(see below).
• LAN cable
For the connection of the configuration PC to the X2 LAN interface of the gateway,
you need a Cat 5 or higher ITP cable.
• Cable for the process connections
To connect the process station(s) with the gateway, you need the appropriate LAN or
PROFIBUS cable.
Communication partner
• Process access
For process access you need a station in productive operation, alternatively:
– S7 station
– OPC UA station with OPC UA server
– Modbus station
• Cloud access / External OPC clients
– For cloud access, you need the access set up to a cloud broker.
– You need at least one configured OPC UA client to connect external OPC UA
clients.
WARNING
Writing values to outputs
When referencing to outputs with write access, note that the values are written
immediately to the outputs of the CPU without first being processed by the user
program.
Writing values has a direct influence on the process.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 23
Application and functions
1.7 Scope of delivery and requirements
The following requirements need to be met in your STEP 7 project or in the connected
S7 stations.
• Variables / symbols
For access to the process data by referencing to variables of the CPU, variables or
symbols must be created in the relevant CPU.
Write access via the MQTT Subscriber function of the gateway is only possible in DB
variables of the CPU.
STEP 7 Professional: The "Optimized block access" option must be disabled for DBs
and access via an S7 connection. The option need not be disabled for access via the
OPC UA server of the CPU.
The variables of the CPU must be marked as follows for use by OPC UA services
(options selected):
– "Accessible from HMI/OPC UA"
– "Writable from HMI/OPC UA"
Required for write access
For further details, see section Data points (Page 123).
• OPC UA: Components of the identifier
During configuration, note that the following names are used as part of the identifier
in the NodeId of a variable:
– CPU name
– Name of the DB variable
• CPU 1200/1500 via S7 connection
– Read protection cannot be configured under "Protection & Security" in the CPU.
– Access via PUT/GET must be configured under "Protection & Security" in the CPU.
• CPU 300/400 via S7 connection
Read protection cannot be configured under "Protection" in the CPU.
• CP 300/400 via S7 connection
The following requirements must be met on the CP for access to the station via a CP:
– When "IP access protection" is configured, the IP address of the gateway must be
configured with the right "A".
• CP 1200 via S7 connection
For access to the station via a telecontrol CP, S7 communication must be enabled on
the CP under "Communication types".
SIMATIC CC7
24 Operating Instructions, 10/2020, C79000-G8976-C503-03
Application and functions
1.7 Scope of delivery and requirements
Optional
• CLP
Exchangeable storage medium for storing configuration data
• NTP server - can be reached over interface P1 / P2
• DHCP server - can be reached over interface P1
• DNS server - accessible via the P1 / P2 interface (P2 if the "Cloud interface in same
subnet" option is enabled)
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 25
LEDs, Connectors, Buttons, CLP 2
2.1 LEDs
The LEDs on the front show the states of the module.
The LED symbols in the table below correspond to the following states of the LEDs:
LED symbol
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 27
LEDs, Connectors, Buttons, CLP
2.1 LEDs
SIMATIC CC7
28 Operating Instructions, 10/2020, C79000-G8976-C503-03
LEDs, Connectors, Buttons, CLP
2.2 Connections
2.2 Connections
Ethernet interfaces
The gateway has two Ethernet interfaces according to Gigabit standard IEEE 802.3ab,
designed as RJ45 socket.
• P1
Cloud interface for connecting a cloud broker and external OPC clients
• P2
Process interface for connecting the stations of the automation plant
Note
Connection to subnets
The two Ethernet interfaces are not designed as a switch but are intended for
connection to different networks.
If the connection to the cloud is in the same subnet as the process connection, enable
the "Cloud interface in the same subnet" option in the "Interface configuration" in the
configuration.
You can find the properties of the Ethernet interfaces in section Technical specifications
(Page 151).
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 29
LEDs, Connectors, Buttons, CLP
2.2 Connections
Digital input
SIMATIC CC7
30 Operating Instructions, 10/2020, C79000-G8976-C503-03
LEDs, Connectors, Buttons, CLP
2.2 Connections
Digital output
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 31
LEDs, Connectors, Buttons, CLP
2.3 The button "SET"
For information on allocation of the socket and for the connection, see section
Connecting (Page 44).
You will find further data on the power supply in section Technical specifications
(Page 151).
WARNING
EXPLOSION HAZARD
Do not press the button if there is a potentially explosive atmosphere.
Note
Configuration data is deleted
By resetting to factory settings, the gateway is reset to the status as it was delivered
from the factory. This deletes all the configured settings.
The data on an optional CLP are deleted as well.
For the precise effects of resetting, refer to the section Restarting and resetting
(Page 148).
SIMATIC CC7
32 Operating Instructions, 10/2020, C79000-G8976-C503-03
LEDs, Connectors, Buttons, CLP
2.4 CLP Slot
Figure 2-2 Slot for optional CLP on the back of the device
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 33
LEDs, Connectors, Buttons, CLP
2.4 CLP Slot
SIMATIC CC7
34 Operating Instructions, 10/2020, C79000-G8976-C503-03
Installation, wiring, commissioning 3
3.1 Important notes on using the device
WARNING
If the device is installed in a cabinet, the inner temperature of the cabinet corresponds
to the ambient temperature of the device.
WARNING
EXPLOSION HAZARD
DO NOT OPEN WHEN ENERGIZED.
WARNING
EXPLOSION HAZARD
Replacing components may impair suitability for Class 1, Division 2 or Zone 2.
WARNING
WARNING
The device may only be operated in an environment with pollution degree 1 or 2 (see
IEC 60664-1).
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 35
Installation, wiring, commissioning
3.1 Important notes on using the device
WARNING
EXPLOSION HAZARD
Do not connect or disconnect cables to or from the device when a flammable or
combustible atmosphere is present.
WARNING
WARNING
WARNING
DIN rail
In the ATEX and IECEx area of application only the Siemens DIN rail 6ES5 710-8MA11
may be used to mount the modules.
WARNING
Requirements for the cabinet/enclosure
To comply with EC Directive 2014/34 EU (ATEX 114) or the conditions of IECEx, this
enclosure or cabinet must meet the requirements of at least IP54 (in compliance with
EN 60529) according to EN 60079-7.
SIMATIC CC7
36 Operating Instructions, 10/2020, C79000-G8976-C503-03
Installation, wiring, commissioning
3.1 Important notes on using the device
WARNING
Cable
If the cable or conduit entry point exceeds 70 °C or the branching point of conductors
exceeds 80 °C, special precautions must be taken. If the equipment is operated in an
air ambient in excess of 50 °C, only use cables with admitted maximum operating
temperature of at least 80 °C.
WARNING
Take measures to prevent transient voltage surges of more than 40% of the rated
voltage. This is the case if you only operate devices with SELV (safety extra-low
voltage).
WARNING
LAN connection (Local Area Network)
A LAN or LAN segment with all the interconnected devices should be contained
completely in a single low voltage power distribution system in a building. The LAN is
designed either for “Environment A” according to IEEE802.3 or "Environment 0"
according to IEC TR 62102.
Do not connect any electrical connectors directly to the telephone network (Telephone
Network Voltage) or a WAN (Wide Area Network).
WARNING
EXPLOSION HAZARD
Do not press the SET button if there is a potentially explosive atmosphere.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 37
Installation, wiring, commissioning
3.1 Important notes on using the device
WARNING
EXPLOSION HAZARD
You may only connect or disconnect cables carrying electricity when the power supply
is switched off or when the device is in an area without inflammable gas
concentrations.
WARNING
EXPLOSION HAZARD
The equipment is intended to be installed within an ultimate enclosure. The inner
service temperature of the enclosure corresponds to the ambient temperature of the
module. Use installation wiring connections with admitted maximum operating
temperature of at least 30 ºC higher than maximum ambient temperature.
WARNING
Wall mounting is only permitted if the requirements for the housing, the installation
regulations, the clearance and separating regulations for the control cabinets or
housings are adhered to. The control cabinet cover or housing must be secured so that
it can only be opened with a tool. An appropriate strain-relief assembly for the cable
must be used.
WARNING
SIMATIC CC7
38 Operating Instructions, 10/2020, C79000-G8976-C503-03
Installation, wiring, commissioning
3.2 Installation
3.2 Installation
WARNING
Open equipment
The device is "open equipment" acc. to the standard UL 61010-2-201. To fulfill
requirements for safe operation with regard to mechanical stability, flame retardation,
stability, and protection against contact, the following alternative types of installation
are specified:
• Installation in a suitable cabinet.
• Installation in a suitable enclosure.
• Installation in a suitably equipped, enclosed control room.
Note
You must not install the device on a wall in hazardous areas.
WARNING
Wall mounting outside of the control cabinet or housing does not fulfill the
requirements of the FM approval.
WARNING
Cable temperatures
If the cable or housing socket exceeds 70 °C or the branching point of the cables
exceeds 60 °C, special precautions must be taken. If the equipment is operated in an
ambient environment in excess of 40 °C, only use cables with permitted maximum
operating temperature of at least 80 °C.
NOTICE
Install and remove the device only when the power is off.
Switch off the power supply of the device before you install or remove the device.
Installing and removing devices with the power supply on can lead to damage to the
devices and to loss of data.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 39
Installation, wiring, commissioning
3.2 Installation
Installation options
You have the following options to install the gateway:
• Wall mounting
• Mounting on the following rail types (rack):
– DIN rail
– S7-1500 standard rail
– S7-300 standard rail
You can find suitable standard rails in the Siemens accessories program for
automation technology, for example:
35 mm standard mounting rail for 19" cabinets, article numbers 6ES5710-8MA11
• Mounting on pedestal
You can use the SCALANCE M pedestal 6GK5898-8MD00 for table mounting (does
not ship with the product).
Installation location
NOTICE
Installation location - Dependency of the temperature range
Note the dependency of the permitted temperature range of the installation location.
• Horizontal installation of the rack (DIN rail) means a vertical position of the modules.
• Vertical installation of the rack (DIN rail) means a horizontal position of the modules.
You will find the permitted temperature ranges in the section Technical specifications
(Page 151).
SIMATIC CC7
40 Operating Instructions, 10/2020, C79000-G8976-C503-03
Installation, wiring, commissioning
3.2 Installation
Minimum clearances
Mount the device so that its upper and lower ventilation slits are not covered, allowing
adequate ventilation as protection from overheating.
Keep to the following minimum clearances for the circulation of air when the rack is
installed horizontally:
• Above the device: At least 33 mm
• Below the device: At least 25 mm
Wall mounting
1. Prepare the drill holes for wall mounting. For the dimensions, refer to the section
"Dimension drawings (Page 159)".
2. Secure the device to the wall with two screws (4 mm).
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 41
Installation, wiring, commissioning
3.2 Installation
NOTICE
Grounding
For reasons of electrical safety, the DIN rail must be connected to the protective
conductor system (PE) of the electrical system.
Note
Protecting the modules from slipping on the DIN rail
If you install the modules in an area with mechanical load, use suitable clamping devices
at both ends of the device group to secure the modules on the DIN rail, e.g. Siemens and
retainer 8WA1808.
The end retainers prevent the modules separating under mechanical load.
SIMATIC CC7
42 Operating Instructions, 10/2020, C79000-G8976-C503-03
Installation, wiring, commissioning
3.2 Installation
Mounting on pedestal
1. Insert the device with the bottom housing guide on the top edge of the pedestal ①.
2. Press the device against the pedestal until the mounting rail release audibly locks in
place ②.
Uninstalling
Follow the steps below to remove the device from the rail:
1. Turn off the supply voltage of the device.
2. Pull the power supply plug and the cables of the communication networks.
3. Pull down the mounting rail release on the rear of the device.
4. Tilt the device out of the standard rail.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 43
Installation, wiring, commissioning
3.3 Connecting
3.3 Connecting
WARNING
Safety Extra-Low Voltage (SELV) by a Limited Power Source (LPS)
The equipment is designed for operation with Safety Extra-Low Voltage (SELV) by a
Limited Power Source (LPS).
This means that only SELV / LPS complying with IEC 60950-1 / EN 60950-1 /
VDE 0805-1 must be connected to the power supply terminals. The power supply unit
for the device must meet NEC Class 2 according to the National Electrical Code (r)
(ANSI / NFPA 70).
If the equipment is connected to a redundant power supply (two separate power
supplies), both must meet these requirements.
NOTICE
Suitable fusing for the power supply cables (corresponds to "Limited Energy")
The current on the terminal must not exceed 3 A. Use a fuse for the power supply that
protects against currents > 3 A.
The fuse has to be designed for protection of DC power supply circuits as well as for
the following requirements.
• In areas subject to the NEC or CEC, the fuse must meet the following requirements:
– Suitable for DC (min. 60 V / max. 3 A)
– Breaking current min. 10 kA
– UL/CSA listet (UL 248-1 / CSA 22.2 No. 248.1)
– Classes R, J, L, T or CC
• In other areas:
– Suitable for DC (min. 60 V / max. 3 A)
– Breaking current min. 10 kA
– Approved for power supply circuits (branch circuits) according to local regulations
(e.g. IEC 60127-1, EN 60947-1)
– Breaking characteristics: B or C circuit breakers and fuses
SIMATIC CC7
44 Operating Instructions, 10/2020, C79000-G8976-C503-03
Installation, wiring, commissioning
3.3 Connecting
If the properties of the supplying current source are known, the following fuse is also
possible:
• In areas subject to the NEC or CEC, the fuse must meet the following requirements:
– Suitable for DC (min. 60 V / max. 3 A)
– Breaking current > highest possible current of the current source (incl. short
circuit current and fault)
– Approval in accordance with UL 1077 or CSA C22.2 No. 235
• In other areas, the fuse must meet the following requirements:
– Suitable for DC (min. 60 V / max. 3 A)
– Breaking current > highest possible current of the current source (incl. short
circuit current and fault)
– Approval according to IEC/EN 60934
– Breaking characteristics: Max. 120 s at 2 x In
You do not need a fuse for the power supply cable if you use a voltage source according
to NEC Class 2 or a power supply from the range of accessories, see appendix Power
supply (Page 161).
Recommendation: Use the power supply of a process station if this is in the vicinity of
the gateway.
Note
Protective ground
A PELV circuit contains a connection to protective ground. Without a connection to
protective ground, or in case there is a fault in the connection to the protective ground,
the voltage for the circuit is not stabilized.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 45
Installation, wiring, commissioning
3.3 Connecting
NOTICE
Fuses for the cables of the digital output (corresponds to "Limited Energy")
The current on the terminal must not exceed 1 A. Use a fuse for the power supply that
protects against currents > 1 A.
The fuse has to be designed for protection of DC power supply circuits as well as for
the following requirements.
• In areas subject to the NEC or CEC, the fuse must meet the following requirements:
– Suitable for DC (min. 60 V / max. 1 A)
– Breaking current min. 10 kA
– UL/CSA listet (UL 248-1 / CSA 22.2 No. 248.1)
– Classes R, J, L, T or CC
• In other areas:
– Suitable for DC (min. 60 V / max. 1 A)
– Breaking current min. 10 kA
– Approved for power supply circuits (branch circuits) according to local regulations
(e.g. IEC 60127-1, EN 60947-1)
– Breaking characteristics: B or C circuit breakers and fuses
NOTICE
Connection only with power off
Only connect the device with the power switched off.
The device can be disconnected from the power supply with the terminal block.
SIMATIC CC7
46 Operating Instructions, 10/2020, C79000-G8976-C503-03
Installation, wiring, commissioning
3.3 Connecting
NOTICE
Contacting the shield of the cable on the connector
The shield of the cable must be contacted. To do this, strip the insulation from the
end of the cable and connect the shield to functional earth.
4. CC716:
If necessary, connect the cable for the digital input/output to the terminal block of the
device.
– Always wire the digital input and output in pairs.
– The maximum permitted cable length is 30 m.
For information on the position of the terminals, see section Digital Input / Output
(CC716) (Page 30).
5. Turn the power supply on only after the device has been completely wired and
connected.
The further procedure is described in the section Commissioning (Page 48).
Table 3- 1 Assignment of the sockets for the digital input (DI) and digital output (DQ)
Terminal Assignment
DI+ DC 24 V
DI- (ground) -
DO+ Max. 24 V DC / max. 1 A
DO- -
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 47
Installation, wiring, commissioning
3.4 Commissioning
Power supply
Note
The power supply unit of the device is not electrically isolated.
Terminal Assignment
L1+ DC 24 V
M1 Reference ground
M2 Ground reference for redundant connection
L2+ 24 V DC for redundant connection (optional)
Functional earth
3.4 Commissioning
3.4.1 Commissioning
Commissioning
1. After connecting the power supply to the gateway, switch on the power supply.
2. Connect the configuration PC to the gateway for configuration, refer to the section
Establishing a connection to the WBM (Page 59).
If you want to use a CLP, turn off the power supply before you start configuring, insert
the CLP and turn on the power supply again.
To make it easier to commission multiple gateways, see section Backup and Restore
(Page 141).
SIMATIC CC7
48 Operating Instructions, 10/2020, C79000-G8976-C503-03
Installation, wiring, commissioning
3.4 Commissioning
Note
Using brand-new CLPs
If you are using a brand-new CLP, follow the steps below:
1. Insert the CLP into the turned-off gateway.
2. Switch on the power of the gateway.
3. Format the CLP.
See section Backup and Restore (Page 141) for more on this.
Clicking the "Apply" button automatically writes the configuration data of the gateway to
the CLP.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 49
Installation, wiring, commissioning
3.4 Commissioning
Function
The configuration of the gateway is automatically saved on the CLP when you apply the
configuration in the WBM.
A device with the CLP plugged in only uses the configuration data on the CLP during
startup if it has been reset to the factory settings. This is, however, only possible when
the data was written by a compatible device type.
This allows fast and simple replacement of the basic device. If a device is replaced, the
CLP is taken from the failed device and inserted in the replacement. As soon as it starts
up, the replacement automatically applies the same device configuration as the failed
device.
Note
Insert and remove only when power is off
The CLP may be inserted or removed only when the power is off!
The slot for the CLP is located on the back of the device, see section CLP Slot (Page 33).
To insert the CLP, follow these steps:
1. Turn off the power to the gateway.
2. Insert the CLP in the slot.
The CLP can only be inserted in one position.
3. Switch on the voltage again.
The behavior of the gateway depends on the state of the gateway and the CLP:
SIMATIC CC7
50 Operating Instructions, 10/2020, C79000-G8976-C503-03
Installation, wiring, commissioning
3.4 Commissioning
Diagnostics
Malfunctions of the CLP are signaled by diagnostic messages.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 51
Installation, wiring, commissioning
3.4 Commissioning
SIMATIC CC7
52 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration 4
4.1 Security recommendations
Keep to the following security recommendations to prevent unauthorized access to the
system.
General
• You should make regular checks to make sure that the device meets the following
recommendations and other internal security guidelines if applicable.
• Evaluate your plant as a whole in terms of security. Use a cell protection concept with
suitable products.
• Check regularly for security updates of the products and use them.
• Check regularly for new features on the Siemens Internet pages.
– Here you will find information on industrial security:
Link: (http://www.siemens.com/industrialsecurity)
– Here you will find information on security in industrial communication:
Link: (http://w3.siemens.com/mcms/industrial-communication/en/ie/industrial-
ethernet-security/Seiten/industrial-security.aspx)
• Keep the software up to date. Always use the latest software version of the device.
Information regarding product news and new software versions is available at the
following address:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/25621/pm)
Physical access
Restrict physical access to the devices to qualified personnel.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 53
Configuration
4.1 Security recommendations
Passwords
• Define rules for the use of devices and assignment of passwords.
• Make sure that all passwords are protected and inaccessible to unauthorized
personnel.
• Do not use one password for different users and systems.
Protocols
Server ports
The following table provides you with an overview of the open ports on this device.
• Protocol / function
Protocols that the device supports.
• Port number (protocol)
Port number assigned to the protocol.
• Default of the port
– Open
The port is open at the start of the configuration.
– Closed
The port is closed at the start of the configuration.
• Port status
– Open
The port is always open and cannot be closed.
– Open after configuration
The port is open if it has been configured.
• Authentication
Specifies whether or not the protocol authenticates the communications partner
during access.
SIMATIC CC7
54 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.1 Security recommendations
Protocol / func- Port number (proto- Default of the port Port status Authentication
tion col)
HTTPS 443 (TCP) Open Open Yes
OPC UA server 4840 (or individually Closed Open after configuration Yes, when security is
port configured) (TCP) (server) enabled.
Client ports
Make sure that you open port 443 in your configuration PC (HTTPS) as well as the
required client ports of the services used in the respective firewall in the subnet of the
cloud in intermediary routers/gateways.
This can be:
• Broker port
– MQTT unsecured: 1883 (TCP)
– MQTT via TLS: 8883 (TCP)
The port number can be set in WBM.
• OPC UA client / 4840 (TCP)
The port number can be set in WBM.
• NTP / 123 (UDP)
• DNS / 53 (UDP)
• DHCP / 67, 68 (UDP)
• Syslog / 514 (UDP)
The port number can be set in WBM.
Note
Ensure that the PC and gateway are located in a protected network.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 55
Configuration
4.2 Overview of the WBM pages
SIMATIC CC7
56 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.3 General functions of the WBM
Symbol Function
Time and date of the runtime system
Apply
All saved data is applied to the Runtime system.
Apply
Applies saved configuration data to the Runtime system. The
Runtime system is restarted with the applied settings.
Counter which displays the remaining time of the current session.
By clicking the time display, the counter of the session duration is
reset.
Menu bar
The menu bar shows the tabs of the WBM over which you reach the different pages of
the WBM.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 57
Configuration
4.3 General functions of the WBM
When you minimize your browser window, the display of the tabs disappears and the
following symbol is displayed:
Symbol Function
Shows the tab titles as navigation with a minimized browser win-
dow.
In the example, all topics containing the characters "To" are displayed.
Save
Confirm all your entries by clicking the "Save" button. Your settings are thus saved to the
buffer.
The saved configuration data is not applied by the device yet by saving. This prevents
inconsistent changes from being loaded to the Runtime system when the WBM page is
changed.
SIMATIC CC7
58 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.4 Calling the WBM
Requirements
You can establish a connection between a PC and the gateway via HTTPS:
You can establish a connection over the P2 interface of the gateway.
The condition for access to the gateway is that the PC is located in the same subnet and
that the gateway can be reached.
Note
IP address of the CP
By default, the DHCP client of the gateway is disabled. Make sure that the PC has a
fixed IP address during the first connection setup and that it is located in the same
subnet as the connected interface of the gateway.
When using a DHCP server you do not need to specify the addressing on the PC to be
connected. When it is connected to the network, the PC is assigned an address.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 59
Configuration
4.4 Calling the WBM
HTTPS connection
Only HTTPS connections are supported.
You can establish a connection between a PC and the WBM of the device.
Note
Changing standard user data
For security reasons, the factory set user data (user name, password) of the standard
user must be changed when you log in the first time, see section User (Page 139).
Standard user data for the first login to the WBM is preassigned by the system:
An administrator can be set up with all available rights for operation of the WBM.
Logging in
After establishing a connection between the PC and the device, the WBM opens with the
logon page.
Note
Entering the wrong user name or password
After entering an incorrect user name or password three times, a lockout period of one
minute begins. Only after the lockout time has expired can you try to log in again.
• User name
Enter the user name here.
• Password
Enter the password here.
• Logging in
Click the button to set up the connection to the WBM.
When you log in for the first time, you are prompted to change the default user data. You
can find the rules for password assignment in the section User (Page 139).
SIMATIC CC7
60 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.4 Calling the WBM
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 61
Configuration
4.5 Start page
4.5.1 Info
The page provides an overview of important status and configuration data of the device.
Status
• Operating state
Operating state of the device
• Process communication
Shows the status of the communication with the process stations.
• System runtime (dd-hh-mm-ss)
Time since the last startup (dd-hh-mm-ss)
• Serial number
Serial number of the device
• Article number
Article number of the device
• Hardware product version
Hardware product version of the device
• U-Boot version
Current U-Boot version for the firmware bootloader
• Software version
Current firmware version of the device
• CLP
Shows whether a CLP is currently inserted.
SIMATIC CC7
62 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.6 Interface configuration
DNS server
The parameter group shows the IPv4 addresses of up to two configured DNS servers.
4.6.1 Ethernet
In this tab, you configure the address data of the Ethernet interfaces of the device.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 63
Configuration
4.6 Interface configuration
Note
No address check / configuration rules
The address bands are not checked automatically.
Make sure that the subnets of the two interfaces are not the same.
Configuration of link local, multicast and broadcast addresses is not allowed for the IPv6
address.
Note
No reachability when IP address data of the process interface is applied
The IP parameters of the process interface must match the settings of the IP address
data of your PC.
• IP address
Shows the default or last configured IP address. The actual IP address is displayed on
the "Info" start page.
During the initial configuration: Assign the IP address of the respective interface or
activate addressing by a DHCP server.
SIMATIC CC7
64 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.6 Interface configuration
Note
DHCP server
The device supports the DHCP client function at the cloud Cloud interface. To use the
function, a DHCP server must be located in the subnet.
• Subnet mask
Shows the preset, last configured or the last subnet mask to be obtained from the
DHCP server.
During the initial configuration: Assign the subnet mask of the respective interface.
• Default router
Shows the configured IP address of the router being used or the one last obtained
with DHCP.
During the initial configuration: Assign the IP address of the router.
DNS server
• DNS server
You have the option of configuring the IP addresses of up to two DNS servers. The
DNS servers can be located in the subnet that is connected to the Cloud interface.
With an activated DHCP server, the related IP addresses of the DNS server are
displayed.
If no DNS server is used, the address box is empty.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 65
Configuration
4.6 Interface configuration
PROFIBUS configuration
• Address
Unique PROFIBUS/MPI address of the gateway in the bus system
Range of values: 0...126
Note:
You configure the address of the gateway communication partner in the tab "Process
access > Station configuration".
• Automatic configuration
– Option enabled
The gateway reads all relevant configuration data from the connected PROFIBUS
network. The following parameters are hidden for the configuration.
– Option disabled
You configure the PROFIBUS parameters yourself.
• Transmission speed
Transmission speed on the bus, value range - depending on the profile:
9.6 kbps, 19.2 kbps, 45.45 kbps, 93.75 kbps, 187.5 kbps, 500 kbps, 1.5 Mbps, 3 Mbps,
6 Mbps, 12 Mbps
With the "Universal" profile, max. 1.5 Mbps
• Highest address
Highest possible PROFIBUS address of a node in the PROFIBUS bus system
Range of values: 1...126
• Profile
Here you can specify the method (algorithm) with which the bus parameters
important for PROFIBUS operation should be calculated. The various methods are
optimally adapted to the respective operating mode of the subnet and result in stable
network operation.
– Standard/DP
The DP profile is suitable for using the DP protocol. For a homogenous DP
network with maximum one Class 1 DP master and no other DP masters
(additional PG is possible).
The standard profile is suitable for multi-protocol and multi-master operation with
fast bus nodes, for example, all SIMATIC NET S7 PROFIBUS CPs.
SIMATIC CC7
66 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.6 Interface configuration
– Universal
For operation with stations that cannot be operated in the DP or Standard
categories.
This option can only be selected with a transmission speed ≤ 1.5 Mbps.
– User-defined
With this setting, you can configure some bus parameters.
This profile should only be selected by trained specialists. You should only change
the default values if you are familiar with the configuration of the bus profile for
PROFIBUS.
• Number of masters / Number of slaves
When using the "Standard/DP" and "Universal" profiles, you can specify the number
of masters and slaves in the network in these two text boxes. The number of masters
and slaves is used for calculating the bus parameters in the network.
Permissible value ranges for these profiles:
– Number of masters: 0..126
– Number of slaves: 0..126
If you are using the "User defined" profile, the two text boxes are disabled. In this
case, the boxes have a fixed presetting:
– Number of masters: 1
– Number of slaves: 126
Bus parameters
The parameters (see table) that describe the properties of the PROFIBUS subnet are
mostly preset:
• The bus parameters are fixed or are calculated from them with the use of the
"Standard/DP" "Universal" profiles.
• If you are using the "User-defined" profile, you can configure some bus parameters.
Note
Configuring the bus parameters
We recommend applying the values already set in the connected PROFIBUS network for
the bus parameters.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 67
Configuration
4.6 Interface configuration
SIMATIC CC7
68 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.6 Interface configuration
* value can only be defined under "User-defined" profile; value range depending on transmission speed.
** Default: Values depending on the profile and transmission speed.
*** The parameter values are specified in t_Bit. Exception: Ttr (ms)
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 69
Configuration
4.6 Interface configuration
Digital Input
Configuration
The input can be disabled or used alternatively as a trigger for the following functions:
• No function
The input is disabled.
• Use as data point trigger
– 1→0
A falling edge at the input triggers the transfer of the topics with the assigned data
points once with the 1 → 0 trigger condition.
– 0→1
A rising edge at the input triggers the transmission of the topics with the assigned
data points with the trigger condition 0 → 1 once.
• Control process communication
An edge change at the input causes the following:
– 1 → 0: Stop
With a negative edge at the input, communication with all process stations is
stopped.
– 0 → 1: start
With a positive edge at the input, communication with all process stations is
started.
SIMATIC CC7
70 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.7 Process access
Digital output
Configuration
The output can be disabled or used alternatively as a display for the following functions:
• No function
The output is disabled.
• Connection to the cloud
The output signal shows the following:
– 0: disconnected
The output signal 0 indicates that the connection of the gateway to the cloud has
been terminated.
– 1: connected
The output signal 1 indicates that the connection of the gateway to the cloud has
been established.
Add station
Here you create new process stations as communication partners.
• Station name
To create a new station, enter a unique name in the text box.
• Add
Creates a new station with the previously entered name in the configuration data of
the gateway.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 71
Configuration
4.7 Process access
Station configuration
• Select station
Select one of the created stations to configure its settings.
• Protocol
Select the protocol type for the selected station:
– S7 Ethernet
– S7 PROFIBUS / MPI
– Modbus / TCP
After selecting the protocol, click on the tab "S7 Ethernet", "S7 PROFIBUS / MPI",
"OPC UA client" or "Modbus / TCP". The configurable parameters for this station are
displayed.
• Delete station
By clicking the button, the selected station is deleted.
Note
Accidental deletion
If you accidentally delete a station, you cannot undo the deletion.
4.7.1.1 S7 Ethernet
The gateway and the SIMATIC S7 station communicate over S7 connections. The
connection type is TCP. The gateway is the active partner during connection setup.
Requirements:
• PUT/GET communication must be activated in the S7 CPU.
• STEP 7: The "Optimized access" option must be deactivated for data blocks of the
CPU that are accessed by the gateway via an S7 connection.
You do not necessarily have to create a connection at the station end for the gateway to
communicate with the S7 station. The CPU reserves connection resources to unspecified
partners.
If you nevertheless want to create fixed connections, disable the "Active communication
establishment" option in the connection properties of the CPU. In this case, write down
the TSAP of the connection assigned by STEP 7 for each station.
SIMATIC CC7
72 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.7 Process access
Parameters:
• IP address
IPv4 address of the station interface (CPU or CP)
• Controller family
Select the controller family of the connected station from the drop-down list:
– S7-1200/1500
– S7-300/400
– LOGO!
• Standard TSAPs
When the option is enabled, the device uses the standard TSAPs for its local TSAP
and the remote TSAP (S7 CPU). The standard settings for the remote TSAP are
intended for the case that you have not configured a connection to the gateway in the
STEP 7 project.
TSAPs are entered as hexadecimal values. For an S7-300/400, the TSAP references
the rack, the slot and the type of CPU connection resource.
Examples for an S7-300 CPU:
– TSAP: 11.02
Rack 0, slot 2, connection resource 11
– TSAP: 03.02
Rack 0, slot 2, connection resource 03
Connection configured at one end (Local end point "One-way") Connection partner
"unspecified"; the gateway as connection partner is not configured.
A connection resource for a connection configured at one end with unspecified
partner has the value 03.
A connection resource for a connection configured at both ends with unspecified
partner has the range of values 0x10...0xDF.
Recommendation for station configuration:
Use the configuration 0/0 or 0/1 for the rack/slot.
The following standard TSAP IDs are used:
– Local TSAP of the gateway: 01.01
– Remote TSAP of the controller family:
- S7-1200/1500: 02.01
- S7-300/400: 03.02
- LOGO!: 20.00
Disable the option if the remote TSAPs do not match the preset standard TSAPs. In
this case, configure the TSAP that is assigned in the STEP 7 project.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 73
Configuration
4.7 Process access
• Local TSAP
Range of values: 01.01 ... 7E.7E
We recommend using the default TSAP (01.01).
• Remote TSAP
Enter the TSAP of the S7 connection assigned in STEP 7 at the station end if you
have configured a connection with an unspecified partner in the CPU for the gateway.
When using a configured unspecified connection, disable the "Active connection
establishment" option in STEP 7.
• Polling cycle (ms)
Cycle time in milliseconds in which the gateway reads the data from the station.
Range of values: 50...100 000 000
Note: If you transfer large volumes of data, the actual cycle time may be longer than
configured.
Requirements:
The same requirements apply as described in section "S7 Ethernet" above.
Parameters:
• PROFIBUS / MPI address
PROFIBUS address of the S7 station (gateway communication partner)
• Controller family
Select the controller family of the connected station from the drop-down list:
– S7-300
– S7-400
– S7-1200
– S7-1500
SIMATIC CC7
74 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.7 Process access
• Standard TSAPs
When the option is enabled, the device uses the standard TSAPs for its local TSAP
and the remote TSAP (S7 CPU). The standard settings for the remote TSAP are
intended for the case that you have not configured a connection to the gateway in the
STEP 7 project.
TSAPs are entered as hexadecimal values. For an S7-300/400, the TSAP references
the rack, the slot and the type of CPU connection resource.
Examples for an S7-300 CPU:
– TSAP: 11.02
Rack 0, slot 2, connection resource 11
– TSAP: 03.02
Rack 0, slot 2, connection resource 03
Connection configured at one end (Local end point "One-way") Connection partner
"unspecified"; the gateway as connection partner is not configured.
A connection resource for a connection configured at one end with unspecified
partner has the value 03.
A connection resource for a connection configured at both ends with unspecified
partner has the range of values 0x10...0xDF.
The following standard TSAP IDs are used:
– Local TSAP of the gateway: 01.01
– Remote TSAP of the controller family:
- S7-1200/1500: 01.01
- S7-300: 02.02
- S7-400: 03.03
Disable the option if the remote TSAPs do not match the preset standard TSAPs. In
this case, configure the TSAP that is assigned in the STEP 7 project.
• Local TSAP
Range of values: 01.01 ... 7E.7E
We recommend using the default TSAP (01.01).
• Remote TSAP
Enter the TSAP of the S7 connection assigned in STEP 7 at the station end if you
have configured a connection with an unspecified partner in the CPU for the gateway.
• Polling cycle (ms)
Cycle time in milliseconds in which the gateway reads the data from the station.
Range of values: 50...1 000 000 00
Note: If you transfer large volumes of data, the actual cycle time may be longer than
configured.
You configure the transmission speed and the other network parameters in the tab
"Interface configuration > PROFIBUS".
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 75
Configuration
4.7 Process access
SIMATIC CC7
76 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.7 Process access
• Retries
Maximum number of retries of the station query when the gateway does not receive
any or a faulty response from the station.
Range of values: 0...10
• Endianness
You use this option to specify the order in which the data of the station read word by
word is saved.
– Big Endian
The higher byte 1 is saved first. (Modbus standard)
– Little Endian
The lower byte 0 is saved first.
Numbering of the two bytes of a word: | 1 | 0 |
Add station
This is where you create new OPC UA stations as communication partners.
• Station name
To create a new station, enter a unique name in the text box.
• Add
Creates a new station with the previously entered name in the configuration data of
the gateway.
Station configuration
You configure the station settings here
• Select station
Select one of the created stations to configure the settings.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 77
Configuration
4.7 Process access
Settings
• Application URI
Unique URI of the station with the following default components:
<Scheme (protocol)>:<Authority (station)>:<Path>
Default:
– urn:cc7-device:Siemens:OPCStation1@cc7-device
• Application name
Name of the OPC UA application of the gateway. The application name is required to
display the station at the server.
Default:
– OPCStation1@cc7-device
• Server address
Set the IPv4/IPv6 address or the DNS name of the OPC UA server to which the
station connects.
• Port number
You can change the port number of the station here. As default port number 4840 is
used, the standard TCP port for the OPC UA binary protocol. Permitted port numbers
are as follows:
– 1024 .. 65535
• Service call timeout (ms)
Enter the required time in milliseconds. If there are no service calls to the lower-level
OPC UA server after this period of time, the service calls are automatically
interrupted.
• Connection timeout (ms)
Enter the required time in milliseconds. If no connection to the lower-level OPC UA
server is established after this period of time, the connection is automatically
terminated.
• Watchdog time (ms)
Enter the required time in milliseconds. If a connection fails, this is the time interval
between connection checks or attempts to reconnect.
• Watchdog timeout (ms)
Enter the required time in milliseconds. If the connection to the lower-level OPC UA
server is not successfully checked after this time, the check is automatically aborted.
SIMATIC CC7
78 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.7 Process access
• Delete station
By clicking the button, the selected station is deleted.
Note
Accidental deletion
If you accidentally delete a station, you cannot undo the deletion.
• Discover
When using "Discover", a connection is established with the server address and port
number specified above. If an OPC UA server is found, the application name, the
application UI and the discovery URLs of the OPC UA server are displayed.
Clicking on one of the discovery URLs displays the available endpoints of the OPC UA
server connection. If one of the available endpoints with the desired encryption is
selected and accepted with "Save", this security policy is set and the OPC UA server
certificate is automatically saved.
Note that an OPC UA client certificate must first be created or imported before an
endpoint != None - None can be saved.
Note
Update interval of the data
The OPC UA client works with subscriptions instead of polling. This allows the load
on the CPU side to be reduced as much as possible while still increasing the actuality
of the data in the gateway. This is why it is not necessary to specify the polling cycle
as is the case with S7 or Modbus stations.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 79
Configuration
4.7 Process access
OPC UA security
First, use the first two options to specify whether the OPC UA station should use a self-
signed or an imported certificate.
• Use self-signed certificate
Select the option if the station should use a self-signed certificate.
When the option is enabled, the corresponding GUI elements are shown:
– Created client certificate
Shows the name of the created certificate.
– +
Opens the following dialog for configuring the certificate to be created:
"Create client certificate."
In this dialog, you configure the parameters of the certificate you are going to create.
– Issuer
Issuer of the certificate. Default: Siemens
– Common name of subject (CN)
Application name of the station
– Signing Algorithm
Select the required hash algorithm and the encryption method.
– Validity period (days)
Enter the required period of validity. Default: 365 days
– Subject alternate name (SAN)
As an alternate name (SAN), you can specify the IP address, host name, URI or an
e-mail address of the station.
The URI must be configured; either the IP address or the host name.
URI of the client with the following default components:
<Scheme (protocol)>:<Authority (station)>@<Path>
Default: urn:Siemens:UA:CC7
The protocol part (urn) must not be changed, the other components can be
configured.
After you have created a certificate, the certificate properties are displayed. For the
meaning of the parameters, see below, section "Trusted clients".
In addition, the following icons are shown next to the certificate name:
– Export client certificate
By clicking on the icon, you open a dialog for saving the certificate on your PC.
SIMATIC CC7
80 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.7 Process access
– Delete certificate
By clicking on the icon, the self-created certificate is deleted.
• Import client certificate and private key
Select the option if you alternatively want to import the client certificate and key into
the station.
Requirement: The files are saved on your PC.
When the option is enabled, the corresponding GUI elements are shown:
– Import client certificate / Import private key
Shows the name of the selected certificate or key file in the file system.
– Browse
Opens the browser for browsing your PC file system.
– Imported client certificate / Imported private key
Shows the name and path of the last imported certificate or key file.
You can delete the respective file with the "Delete" symbol.
• Security Policy
Select the required option in the table.
The station supports the following options of the "SecurityPolicy":
– None (not recommended)
– Basic128Rsa15 (not recommended)
Signing and 128-bit encryption
– Basic256 (not recommended)
Signing and 256-bit encryption
– Basic256Sha256 (SecurityPolicy [B])
Signing and 256-bit encryption (SHA-256)
– Aes128_Sha256_RsaOaep
Signing and 256-bit encryption
– Aes256_Sha256_RsaPss
Signing and 256-bit encryption
The supplementary Conformance Units (Signing / Encryption) mean:
– Sign
The station only allows communication with signed frames.
– Sign and encrypt
The station only allows communication with signed and encrypted frames.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 81
Configuration
4.7 Process access
Trusted servers
• No certificate validation
With this option you disable the validation of the partner certificates.
If this option is enabled, the client generally allows communication even if the
certificate validation criteria mentioned below are not met or if the server certificate
is not available in the list of trusted servers.
If this option is disabled, the station checks the certificates of its partners, except
when "SecurityPolicy - None" is selected.
For information on the check mechanisms, refer to the "Certificate validation" section
below.
• Import server certificate
You use this option to import the certificates of communication partners you trust.
Requirement for import of a certificate is that it is available in the PC file system. You
can open the certificate with the "Browse" button.
Imported certificates are displayed in a table with their parameters.
• Imported server certificates
The following parameters are displayed:
– File
The name and path of the certificate file are displayed.
– Issuer
Certificate authority that issued the certificate.
– Certificate owner (CN)
Name of the device (or certificate authority) for which the certificate was issued.
– Valid from
Start date of the period of validity of the certificate
– Valid to
End date of the period of validity of the certificate
– Finger print
Finger print (Digest) of the certification data
Certificate validation
If the "No certificate validation" option is disabled, the UA server of the station checks
the certificates of its communication partners, except if "SecurityPolicy - None" is
configured.
SIMATIC CC7
82 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.7 Process access
User authentication
Use the option to set the access authorization of the OPC UA station:
• Authentication via user name and password
If you activate the option, the text boxes for the user of the OPC UA station open. The
station can only access the OPC UA data with user authentication.
• User name
User name of the communication partner
• Password
Password of the communication partner
The user data must be configured on the respective server.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 83
Configuration
4.8 OPC UA server
Requirements
CPU variables
The process data that the gateway makes available to the OPC UA services originate
from the connected process stations. The permissible memory areas of the different
station types and the supported data types are described in section Data points
(Page 123).
The data point names assigned during data point configuration are included in the
NodeID of an item as part of the identifier, see section Properties of the OPC UA server
(Page 90).
Note:
Where possible, read variables in data blocks block by block per DB to achieve a higher
speed.
OPC UA server
• Host name (optional)
Optional text box for a host name that can be used instead of the IP address of the
UA endpoint of the gateway.
If you do not want to use a host name, leave the box empty.
• Application URI
Unique OPC UA server URI of the gateway with the following preset components:
<Scheme (Protocol)>:<Authority (Server)>:<Path>
Default:
– urn:Siemens:UA:CC7
The protocol part (urn) must not be changed; the other components can be
configured.
• Application name
Name of the OPC UA application of the gateway. The application name is required for
display of the OPC UA server at the clients.
Default:
– SIMATIC Cloud Connect 7 OPC UA Server
SIMATIC CC7
84 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.8 OPC UA server
Settings
Here you configure the server settings.
• Port number
Here, you can change the port number of the server application. As default port
number 4840 is used, the standard TCP port for the OPC UA binary protocol.
Permitted port numbers are as follows:
– 1024 .. 65535
• Min. publishing interval (ms)
Here you set the minimum publishing interval that the server application of the
gateway should support. Lower values requested by OPC UA clients are not taken
into account.
The OPC UA server provides the clients with the UA data in the cycle of the
publishing interval.
Range of values: 100 .. 65535 ms
Default setting: 500 ms
• Min. sampling interval (ms)
Here you set the minimum sampling interval that the server application of the
gateway should support. Lower values requested by OPC UA clients are not taken
into account.
The OPC UA server of the gateway samples its internal process image with the
sampling interval.
You specify reading from the station with the polling cycle, see section S7 / Modbus
station (Page 71).
The default is suitable for most applications. A smaller sampling interval can be
selected for reading fewer data points when the polling cycle is configured with a
smaller value as well.
Range of values: 100 .. 65535 ms
Default setting: 500 ms
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 85
Configuration
4.8 OPC UA server
Security mechanisms
The gateway supports the following security profiles in accordance with the OPC UA
specification:
• SecurityPolicy
It determines the signing and encryption of the transferred data.
• UserToken
Enables authentication using certificates.
• Authentication of the communications partners with user name and password
See section User authentication (Page 90) for more on this.
For information on the OPC UA profiles of the OPC Foundation, see:
Profiles (https://apps.opcfoundation.org/ProfileReporting)
Server security
First you specify with the first two options whether the OPC UA server of the gateway is
to use a self-signed or an imported certificate.
• Use self-signed certificate
Select this option when the gateway is to use a self-signed server certificate.
When the option is enabled, the corresponding GUI elements are shown:
– Created server certificate
Shows the name of the created certificate.
– +
Opens the following dialog for configuring the certificate to be created:
"Create new certificate"
In this dialog, you configure the parameters of the certificate you are going to create.
Note:
Ensure the consistency with the configuration data of the OPC UA server in section
OPC UA server (Page 84).
SIMATIC CC7
86 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.8 OPC UA server
– Issuer
Issuer of the certificate. Default: Siemens
– Common name of subject (CN)
Application name of the gateway
– Signing Algorithm
Select the required hash algorithm and the encryption method.
– Validity period (days)
Enter the required period of validity.
– Subject alternate name (SAN)
As alternative name (SAN), you can specify the IP address, the host name, the URI
or an e-mail address of the gateway.
The URI must be configured; either the IP address or the host name.
URI of the gateway with the following default components:
<Scheme (Protocol)>:<Authority (Server)>:<Path>
Default: urn:Siemens:UA:CC7
The protocol part (urn) must not be changed; the other components can be
configured.
After you have created a certificate, the certificate properties are displayed. For the
meaning of the parameters, see below, section "Trusted clients".
In addition, the following icons are shown next to the certificate name:
– Export server certificate
By clicking on the icon, you open a dialog for saving the certificate on your PC.
– Delete certificate
By clicking on the icon, the self-created certificate is deleted.
• Import server certificate and private key
Select this option if you want to import the server certificate and the key into the
gateway as an alternative.
Requirement: The files are saved on your PC.
When the option is enabled, the corresponding GUI elements are shown:
– Import server certificate / Import private key
Shows the name of the selected certificate or key file in the file system.
– Browse
Opens the browser for browsing your PC file system.
– Imported server certificate / Imported private key
Shows the name and path of the last imported certificate or key file.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 87
Configuration
4.8 OPC UA server
You can delete the respective file with the "Delete" symbol.
• Security Policy
Select the required option in the table.
If you enable several options, then the client selects a suitable profile depending on
the settings on the gateway.
The gateway supports the following options of the "SecurityPolicy":
– None (not recommended)
– Basic128Rsa15 (not recommended)
Signing and 128-bit encryption
– Basic256 (not recommended)
Signing and 256-bit encryption
– Basic256Sha256 (SecurityPolicy [B])
Signing and 256-bit encryption (SHA-256)
The supplementary Conformance Units (Signing / Encryption) mean:
– Sign
The gateway only allows communication with signed frames.
– Sign and encrypt
The gateway only allows communication with signed and encrypted frames.
Trusted clients
• No certificate validation
With this option you disable the validation of the partner certificates.
When this option is enabled, the gateway generally permits communication even if
the criteria of the certificate validation listed below are not met or when the client
certificate is not included in the list of trusted clients.
When the option is disabled, the gateway validates the certificates of its partners,
except if "SecurityPolicy - None" is selected.
For information on the check mechanisms, refer to the "Certificate validation" section
below.
• Import client certificate
You use this option to import the certificates of communication partners you trust.
Requirement for import of a certificate is that it is available in the PC file system. You
can open the certificate with the "Browse" button.
Imported certificates are displayed in a table with their parameters.
SIMATIC CC7
88 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.8 OPC UA server
Certificate validation
The UA server of the gateway checks the certificates of its communication partners
when the "No certificate validation" option is disabled, except if "SecurityPolicy - None"
is configured.
If a partner certificate is invalid or is not trustworthy, communication is aborted.
Communication is aborted in the following cases:
• The IP address of the communications partner is not identical to the IP address in its
certificate.
• The use stored in the certificate (OPC UA client/server) differs from the function
(OPC UA client/server) of the communications partner.
• The current time on the gateway is outside the period of validity of the partner
certificate.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 89
Configuration
4.8 OPC UA server
User authentication
You use the two options to set the access authorization of the communication partners
(clients) to the OPC UA data of the gateway. Select one or both (parallel operation
possible) options.
• Enable anonymous access
Clients can access the OPC UA data without user authentication when this option is
activated.
• Authentication via user name and password
Clients can only access the OPC UA data with user authentication when this function
is activated.
• Add user
With enabled "Authentication via user name and password" option, you use this
button to open the text boxes for a new user.
• User name
User name of the communication partner
• Password
Password of the communication partner
The user data must be configured for the respective client.
SIMATIC CC7
90 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
Subscriptions
For the number of subscriptions supported by the gateway as OPC UA server for
MonitoredItems, see section Configuration limits - communication (Page 20).
The data management of the subscriptions is stored in the RAM of the gateway.
If there is power down, all data and connection information of subscriptions is lost. After
restarting the server, the client needs to re-establish the connection and set up the
subscriptions again.
Deadband
When monitoring items in the "DataChangeFilter", the OPC UA server of the gateway
uses the filter "AbsoluteDeadband".
WARNING
Writing values to outputs
When referencing to outputs with write access, note that the values are written
immediately to the outputs of the CPU without first being processed by the user
program.
Writing values has a direct influence on the process.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 91
Configuration
4.9 Cloud configuration
Data structures
Depending on the cloud provider, the data is structured differently for transfer to the
broker:
• AWS / Azure / IBM Cloud
– Topics
A topic is the channel for the transfer of values of one or more data points.
You can create several topics.
No groups can be configured.
• MindConnect IoT Extension / Other Cloud
– Groups
A group can contain one or multiple data points.
You can create one or more groups.
– Topic
You can assign different topics to the groups.
MindConnect IoT Extension: In the default setting, the groups are assigned to the
standard topic "s/us" of the MindConnect IoT Extension.
SIMATIC CC7
92 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
Example:
You would like to name a group or topic "Motor5" and assign the name "Station1" to the
station. In this case, the following entry, for example, would be suitable for the topic
name or group name:
Station1/Motor5
Configuration rules
Observe the following rules for configuration:
• Topic name
The name of a topic must be unique within a cloud application.
This applies to all participating publishers and subscribers.
• Data point name
The name of a data point must be unique within a topic.
Note
Consistency check of parameters for Publisher and Subscriber
If the gateway as a subscriber receives data from a publisher during runtime, the
subscriber checks the following parameters supplied by the publisher in the user data for
each value received:
• Topic name
• Data point name
• Data type
If these three parameters of the publisher are identical with the parameters configured
in the subscriber and if the quality code of the message is "GOOD", the subscriber writes
the received data into the data block of its CPU.
If these three publisher parameters do not match the parameters configured in the
subscriber, the subscriber discards the data.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 93
Configuration
4.9 Cloud configuration
For access to the process data of an S7 station, the gateway can directly access inputs
and outputs or tags of the CPU.
Within a cloud application, individual publishers can publish data for multiple
subscribers. Individual subscribers can subscribe to data from multiple publishers.
For better clarity of the data and to reduce the possibility of identical names, the
following procedure is recommended for configuration:
• Data point name / DB number
Use the number of the data block (DB) that the data point accesses as part of the
data point name.
• Publisher
Integrate the station name as part of the data point name, for example, as prefix. This
will result in unique data point names.
• Subscriber
Create a separate DB for each publisher in the assigned CPU.
4.9.2 Profile
SIMATIC CC7
94 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
Add profile
Create at least one profile in which you save your settings for cloud access. You can
create up to 10 profiles.
• Profile name
Enter a name for the profile.
A profile summarizes your parameter settings for cloud access.
• Add
Adds the profile with the name edited on the left. The new profile is available for
selection in the "Profiles" drop-down list.
Profile selection
• Profile
Drop-down list with all created profiles.
Select the profile you are using.
By selecting a profile, you download all settings of this profile to the WBM. You can
edit all settings as needed.
To use the selected profile for productive operation, select the "Enable profile" option at
the bottom of the page.
Change profile
The topics/groups are bound to the individual profiles and are not transferred to another
profile. When a profile is changed, the topics/groups remain in the background but are
no longer displayed. The topics/groups must be created for each profile
To change the profile, follow these steps:
1. Select another profile from the "Profile" drop-down list.
2. Select the "Enable profile" option and save.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 95
Configuration
4.9 Cloud configuration
Settings
• Cloud provider
Select your service provider.
Selecting the cloud provider also affects the parameters of the topic configuration;
see also section Configuring topics (Page 102).
By selecting the cloud provider, you determine whether topics or groups are
configured for the data transmission:
– AWS / Azure / IBM Cloud
You can create several topics. A topic can contain multiple data points.
– MindConnect IoT Extension
You can create several groups. A group can contain multiple data points.
A group corresponds to the "Series" structure feature in the IoT Extension.
In the default setting, all groups are assigned to the preset standard topic "s/us".
Note
Name change of the assigned topic "s/us"
If you give a different name to the assigned topic in the configuration, note that it
may not be possible for the data to be evaluated by the IoT Extension.
– Other Cloud
You can create several groups. A group can contain multiple data points.
In the default setting, all groups are assigned to a topic. You can also assign
different groups to different topics.
If you do not wish to use groups, create only a standard group and delete the entry
"<GROUP_NAME>" in the payload editor.
• Protocol
Select the desired protocol from the drop-down list.
• Enable profile
Enables the currently selected profile for configuration and for use in productive
operation.
You configure access of the device to the cloud in the additional tabs of this page.
SIMATIC CC7
96 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
MQTT configuration
• MQTT version
Select the protocol version you are using.
• Broker address
Enter the IP address or the host name of the broker.
This information is provided by your service provider.
• Broker port
Enter the port number name of the broker.
• Client ID
Enter the client ID of the device that was assigned by your service provider or that
you defined.
• Keepalive interval (s)
Assign a value for monitoring the connection to the broker (seconds). If no further
data on transmission to the broker is pending within the configured time after the
data is sent, the device sends a keep-alive frame to the broker.
Permitted range: 0..65535
If you enter 0 (zero), the function is disabled.
Default setting: 10
• Authentication
– Select the option if you want to use a connection setup with authentication.
Authentication takes place via user name and password.
– When the option is disabled, the connection is established anonymously.
• User name
Enter the user name that was assigned by your service provider or that you defined.
• Password
Enter the password assigned by your service provider or that you defined.
• Clean session
– When the option is enabled, the session information is deleted when the
connection is terminated.
– When the option is disabled, the session information is retained when the
connection is terminated.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 97
Configuration
4.9 Cloud configuration
• TLS
– When the option is enabled, the data is transferred using the secure TLS method.
The default port for encrypted transmission is 8883.
When the option is enabled, the parameter group for importing the broker
certificate is displayed, see section Certificates (Page 99).
– When the option is disabled, the data is transferred unencrypted.
The default port for unencrypted transmission is 1883.
• TLS version
From the drop-down list, select the TLS protocol version you wish to use that is also
supported by the broker.
• Use secure ciphers only
If this option is selected, ciphers that are classified as insecure are excluded.
• Last will / testament
– When the option is enabled, the functions "Last will" and "Testament" are
released.
– When the option is disabled, the use of both functions is disabled.
The functions have the following meaning:
– Last will
If the connection between device and broker is terminated, a message can be sent
to the subscribers.
As soon as the broker (server) detects that the connection to the device (client)
was terminated, it sends a message (testament) to all subscribers that have
registered for this topic on the broker.
– Testament
The testament is the content of the message that is sent to the subscribers
registered on the broker for this topic when the connection is terminated.
The testament message is saved on the broker.
• Last will topic
Enter the name of the topic that transfers the testament here.
You configure the additional parameters of the topic in the topic editor, see section
Configuring topics (Page 102).
• Testament
Here you enter the text for the message to be transferred.
Max. number of characters: 65535
SIMATIC CC7
98 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
4.9.2.3 Certificates
Requirement
The parameter group is only displayed when the option "TLS" is enabled for transmission
via MQTT, see section MQTT configuration (Page 97).
The requirement for importing certificates and keys is that the corresponding files are
saved on your PC.
• The following types of certificate files are supported: *.pem, *.crt, *.cer, *.crl
• The following types of key files are supported: *.pem
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 99
Configuration
4.9 Cloud configuration
Certificate details
The table shows the details of the saved certificates with the following parameters:
• File
The name and path of the certificate file are displayed.
• Issuer
Certificate authority that issued the certificate.
• Certificate owner (CN)
Name of the device (or certificate authority) for which the certificate was issued.
• Valid from
Start date of the period of validity of the certificate
• Valid to
End date of the period of validity of the certificate
• Finger print
Finger print (Digest) of the certification data
Delete
You use the Delete symbol to delete the respective certificate and key files from the
certificate store.
SIMATIC CC7
100 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
4.9.3 Publisher
Overview
In this tab, you create the topics or groups for transfer to the broker for the enabled
profile. For configuration of the profile, refer to the section Configuring profile (Page 94).
You can find information on structuring the data in topics or groups for different cloud
providers and on configuring the topic names in section Notes on data structuring and
configuration (Page 91).
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 101
Configuration
4.9 Cloud configuration
Topic settings
In this parameter group, you add an optional name prefix and/or an optional name suffix
for all topics. Changing the prefix or suffix has an effect on all topics.
• Prefix
By using identical prefix components, you can group different topics in topic levels.
The prefix can also contain components that are necessary for the recipient of the
topic as component of the topic name.
Configuration:
– Assign an optional prefix in front of the topic name.
– Optional forward slashes (/) can be included as separators in the prefix.
Example:
– You would like to add the prefix "evt" as identification for an event.
You can label data points for which the transfer of values is triggered by a value
trigger, for example, as an event.
– You would like to add the prefix "Plant1" for plant 1 (Topic level).
Enter the following in the "Prefix" text box:
evt/Plant1/
SIMATIC CC7
102 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
• Suffix
By using identical suffix components, you can earmark different topics for the same
recipient.
The suffix can also contain components that are necessary for the recipient.
Configuration:
– Assign an optional suffix after the topic name.
– Optional forward slashes (/) can be included as separators in the suffix.
Example:
– You want to add "fmt".
– You want to add "json".
Enter the following in the "Suffix" text box:
/fmt/json
• Transfer on quality change
With this parameter, you specify the transfer behavior of the messages of all topics or
groups:
– Enabled
Transfer on change of "QualityCode" (Good → Bad or Bad → Good)
As soon as the quality of a data point changes, the topic is transferred.
– Disabled
No transfer on change of "QualityCode"
See below for the meaning of the "QualityCode" quality status.
Topic/group table
You can see the created topics or groups in the table and configure their properties.
• Group
⇒ Validity: Mindsphere / Other Cloud
The names of the configured groups are displayed.
• Topic
– ⇒ Validity: MindConnect IoT Extension / Other Cloud
The preset topic name "s/us" is inserted.
Use this default name when connecting to MindSphere via IoT Extension.
Adapt the name when connecting to another cloud according to the cloud
provider's specifications.
– ⇒ Validity: AWS / Azure / IBM Cloud
The names of the configured topics are displayed.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 103
Configuration
4.9 Cloud configuration
• Preview
Shows the configured name with all components.
• Retain
From topics/groups with the "Retain" flag, the broker always saves the last message.
When a subscriber subscribes to a new topic or when the connection with a
subscriber returns after being terminated, the broker sends the last message on each
topic with Retain flag to the subscriber.
You can set the Retain flag for all or for individual topics/groups (option enabled in
single row).
The higher-level check box activates the function for all topics/groups of the table.
Please note:
If you want to undo the sending of the last message by the broker to newly connected
subscribers after taking up productive operation, this is not performed by retroactively
disabling the Retain flag on the topic. The broker will still send the last valid message
of the publisher to newly connected subscribers. One possibility to prevent sending of
these messages by the broker is to send an empty message (0 bytes) to the broker.
• QoS
You use the "Quality of Service" parameter to specify the transfer performance of the
messages for this topic:
– QoS 0
Transfer no more than once
The device sends the topic once to the broker. The device does not expect an
acknowledgment. If the topic is not received by the broker, it is lost.
– QoS 1
Transfer at least once
The device sends the topic to the broker until it receives a PUBACK packet as
acknowledgment from the broker.
– QoS 2
Transfer exactly once
The device sends the topic and waits until it receives the two-step
acknowledgment from the broker as specified.
This version represents the highest level of quality, but it is also associated with
the highest administrative burden for the client as well as the server.
When a connection is aborted, the data frames are buffered for QoS 1 and QoS 2. See
also the section "Connection abort" below.
SIMATIC CC7
104 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
• Payload format
Shows the currently selected payload format. You use this button to open the Payload
editor to specify the format of the transferred paylaod. For a description, see section
User data format (Page 107).
Note
Payload format of older firmware versions cannot be changed
A payload format of older firmware versions is displayed as obsolete. Although it is
still supported by the current firmware version for runtime, it cannot be changed
without changing to a current format.
Future firmware versions will no longer support obsolete formats and a corresponding
configuration can then no longer be loaded.
• Message buffering
In the event of a connection loss between the gateway and the cloud server, the
gateway stores incoming messages in its message store up to the number entered in
the "Message buffering" field. The total size of the message store can be distributed
to the individual topics or groups. When the setting is saved, the system checks
whether the configured number for this topic or group still fits in the message store.
The required message memory space also depends on the number of data points
assigned to the topic and/or group and their maximum data width.
The message memory works chronologically, i.e. the oldest messages are sent first
(FIFO principle). As soon as the configured buffer locations for a topic or group are
full, the oldest message is overwritten.
• Data point assignment
Using the drop-down list, you assign the configured data points to a previously
created topic or a group. For a description, see section Data point assignment
(Page 115).
You assign the transferred payload to the topics in the data point configuration.
• Delete
By clicking the button, the topic of the respective row is deleted.
Note
Delete
Note that if you accidentally delete a topic or a group, you cannot undo the deletion.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 105
Configuration
4.9 Cloud configuration
The status is set by the gateway as publisher and has the following value range:
• GOOD
The value is valid.
• BAD
The value of the variable is not valid or not current. Possible causes:
– CPU in STOP
– Value not current
– Error while reading the variable
The value of the status has the following effect on the transmission:
• Publisher → Cloud
Publishing of messages of the gateway as publisher is independent of the value of
the status.
• Cloud → Subscriber
Receiving of messages by the gateway as subscriber is independent of the value of
the status.
However, when a message with the status "BAD" is received, the value is not written
to the process station by the gateway as subscriber.
SIMATIC CC7
106 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
See also
Configuring profile (Page 94)
Notes on data structuring and configuration (Page 91)
Syntax templates
The following templates are available:
• User defined
Empty template, available for editing by the user. Existing templates can be switched
to user-defined template with pre-filled text box.
• JSON generic / JSON specific
– The syntax of the JSON format according to ECMA-404 and ISO/IEC 21778:2017 is
used.
Both templates are suitable for connection to:
– AWS (Amazon) / IoT Core
– Azure (Microsoft) / IoT Hub
– IBM Cloud (IBM) / Watson IoT Platform
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 107
Configuration
4.9 Cloud configuration
Payload editor
You use the "Payload format" button to open the payload editor.
• Template for payload format
By default, the "Payload format" text box displays the "JSON generic" format.
You can select one of the syntax templates described above from the drop-down list.
After selecting a syntax template, you can click the pencil icon to switch to user-
defined editing.
• Payload format
In the text box, you can change the payload format to be used or create the format
according to your own requirements.
When a syntax template is selected (see above), the syntax of the template selected
above is displayed and used.
Note
Settings for the payload format
• If you change the "Template for payload format" (for example, from "User defined"
to "JSON specific"), a manually adjusted payload format is lost. However, you can
also use it to restore the automatic data point assignment to the payload format.
• The payload format must not contain more than 65,535 bytes of UTF-8 text,
otherwise it cannot be adopted.
SIMATIC CC7
108 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
• Escape sequences
Escape sequences which adapt the code according to the protocol used can be used
to convert certain special characters.
Special characters can occur within the following name components, for example:
– Station name
– Topic name
– Group name
The following escape sequences are available to the application for selection:
– JSON
Standard JSON escape sequences
– XML
Standard XML escape sequences
– CSV
Standard CSV escape sequences
When an option is selected, the respective special characters are converted into
escape sequences at the publisher.
At the subscriber, the escape sequences are converted in the reverse direction.
For information on the escape sequences used with the JSON format, see appendix
JSON escape sequences (Page 163).
• Apply
Applies the current settings in the topic editor.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 109
Configuration
4.9 Cloud configuration
SIMATIC CC7
110 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 111
Configuration
4.9 Cloud configuration
<Type>{{ST1.DP2.TYPE}}</Type>
<Value>{{ST1.DP2.VALUE}}</Value>
<QualityCode>{{ST1.DP2.QUALITY_CODE}}</QualityCode>
<StationName>{{ST1.DP2.STATION_NAME}}</StationName>
<Timestamp>{{ST1.DP2.SOURCE_TIMESTAMP}}</Timestamp>
</DataItem>
<DataItem>
<Var>{{ST1.DP3.NAME}}</Var>
<Type>{{ST1.DP3.TYPE}}</Type>
<Value>{{ST1.DP3.VALUE}}</Value>
<QualityCode>{{ST1.DP3.QUALITY_CODE}}</QualityCode>
<StationName>{{ST1.DP3.STATION_NAME}}</StationName>
<Timestamp>{{ST1.DP3.SOURCE_TIMESTAMP}}</Timestamp>
</DataItem>
</DataItems>
</root>
Switching from "XML specific" to "User defined"
Each data point can be individually formatted and displayed with selected properties in
the payload. Unneeded properties of individual data points can simply be erased.
Additional (e.g. static) content can be added. The properties of selected data points can
also be referenced multiple times. The references to the data points must always be
placed within the XML bracket <DataItems> ... </DataItems>.
Use cases:
• Complex XML payload format with rather few data points.
• Special adaptation of the payload to third-party specifications.
SIMATIC CC7
112 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
Code key
The code for formatting the payload can consist of the following keys listed below.
If you want to use not only the keys for the transfer of payload but also want to add text,
you can add the text in front of or after a key.
The code of the formatted payload can contain the following keys depending on the
format.
• Time stamp
{{PUBLISH_TIMESTAMP}}
Time of the publication
– Example for coding the time stamp with added text "sent at ":
Syntax: "sent at {{PUBLISH_TIMESTAMP}}"
Results in string: "sent at 2019-04-20T13:58:16.192313634+00:00"
• Start and end of the loop over all assigned data points
{{#DATA_POINT_ARRAY}}
{{/DATA_POINT_ARRAY}}
• 200
200
Function code (MindConnect IoT Extension)
• Station
{{STATION_NAME}} /
{{Station.Variable.STATION_NAME}}
Station name of the data point
Configuration only for publisher
• Data point / Variable
{{NAME}} /
{{Station.Variable.NAME}}
Name of the data point
• Group
{{GROUP}} /
{{Station.Variable.GROUP}}
Group name
• Value
{{VALUE}} /
{{Station.Variable.VALUE}}
Value of the data point
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 113
Configuration
4.9 Cloud configuration
• Attribute
{{ADDITIONAL_ATTRIBUTE}} /
{{Station.Variable.ADDITIONAL_ATTRIBUTE}}
Additional attribute, which can be configured manually for each individual data point
(mandatory for MindConnect IoT Extension, otherwise optional).
• QualityCode
{{QUALITY_CODE}} /
{{Station.Variable.QUALITY_CODE}}
Quality status of the value
For the meaning, see section Configuring topics (Page 102).
• Data type
{{TYPE}} /
{{Station.Variable.TYPE}}
Data type alias: Data type of the data point output by the device in the payload
For the output of the data types, see section Data points (Page 123).
• Last data point (in the generic variant only)
{{#LAST_DATA_POINT}} /
{{/LAST_DATA_POINT}}
Last data point
• All except the last data point (in the generic variant only)
{{^LAST_DATA_POINT}} /
{{/LAST_DATA_POINT}}
All data points except the last data point
• Source time stamp
{{SOURCE_TIMESTAMP}} /
{{Station.Variable.SOURCE_TIMESTAMP}}
Time of the last reception from the source station.
Example for transferred payload based on the unchanged "JSON generic" template
Below you will find an example of the transferred payload of a topic.
The topic contains three variables of an S7 station for the data points "DP1", "DP2" and
"DP3".
The value of the "DataItems" key is an array with the objects of the three variables.
{ "Timestamp": "2019-05-03T09:13:46.000000000+00:00",
"DataItems": [ { "Variable":"DP1", "Type":"BOOL", "Value":"0",
"QualityCode":"GOOD" }, { "Variable":"DP2", "Type":"DOUBLE_FLOAT",
"Value":"0.496043966059748", "QualityCode":"GOOD" },
SIMATIC CC7
114 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
Requirement
Before you assign data points to topics or groups, you need to create the data points,
see section Data points (Page 123). You also specify the data point name, data type and
the other parameters there.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 115
Configuration
4.9 Cloud configuration
SIMATIC CC7
116 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 117
Configuration
4.9 Cloud configuration
4.9.4 Subscriber
Validity
⇒ Validity: AWS / Azure / IBM Cloud
In this tab, you create the topics for the subscriber function of the gateway under the
enabled profile.
Note
A subscriber topic can only contain data points which are assigned to exactly one single
station.
Add topic
• Select station
From the drop-down list, select one of the configured stations to which you want to
assign this topic.
The received data is written to the CPU of this station.
• Topic
Enter the name of the topic in the text box. You can change the name later in the
topic table below.
The name of a topic must be unique within a cloud application.
• Add
Click the "Add" button to create the topic.
The new topic is applied and displayed in the topic table.
Topic settings
The "Payload format" output box specifies the syntax that is expected and required of
the received subscribed messages. Take this into account when configuring the relevant
publisher.
When a message is received with a payload format that does not correspond exactly to
this syntax, the message is discarded and the gateway generates a diagnostic message.
You can find the diagnostic messages in the WBM under "Maintenance > Diagnostics".
SIMATIC CC7
118 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
Payload format
Use the JSON Payload format from the template for communication between the
publisher and subscriber:
{
"Timestamp": "PUBLISH_TIMESTAMP",
"DataItems":
[
{
"Variable": "{{Var1.NAME}}",
"Type": "{{Var1.TYPE}}",
"Value": "{{Var1.VALUE}}",
"QualityCode": "{{Var1.QUALITY_CODE}}"
},
{
"Variable": "{{Var2.NAME}}",
"Type": "{{Var2.TYPE}}",
"Value": "{{Var2.VALUE}}",
"QualityCode": "{{Var2.QUALITY_CODE}}"
},
...
{
"Variable": "{{VarN.NAME}}",
"Type": "{{VarN.TYPE}}",
"Value": "{{VarN.VALUE}}",
"QualityCode": "{{VarN.QUALITY_CODE}}"
},
]
}
The time stamp is optional. It is not evaluated in the payload format.
Payload example
You will find an example of the expected syntax with different data types by clicking on
the button.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 119
Configuration
4.9 Cloud configuration
Topic table
You can see the created topics in the table and configure their "Quality of Service"
parameters.
• Topic
If necessary, you can change the name of the topic here.
• QoS
You use the "Quality of Service" parameter of the topic to specify the transfer
behavior of the messages between the broker and subscriber of the gateway:
– QoS 0
Transfer no more than once
The broker sends the topic once to the gateway. The broker does not expect an
acknowledgment. If the topic is not received by the gateway, it is lost.
– QoS 1
Transfer at least once
The broker sends the topic to the gateway until it receives a PUBACK packet as
acknowledgment from the gateway.
– QoS 2
Transfer exactly once
The broker sends the topic and waits until it receives the two-step
acknowledgment from the gateway as specified.
When a connection is aborted, the data frames are buffered in the broker for QoS 1
and QoS 2.
If a lower QoS value is configured at the subscriber of the gateway than at the
publisher, the lower value applies to the communication between broker and
subscriber.
• Delete
By clicking the button, the topic of the respective row is deleted.
Note
Delete
Note that if you accidentally delete a topic, you cannot undo the deletion.
SIMATIC CC7
120 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.9 Cloud configuration
Individual assignment:
Assign each data point in the table individually to a topic. To do so, you use the text box
"Topic" of the data point table (see below).
Bundled assignment:
Before you make the bundled assignment, select all data points in the table that you
want to assign to a topic using the check box on the left.
Then use one of the two buttons described below.
• Topic
Text box with filter
When entering individual characters in the text box, the names of all topics that start
with or contain these characters are displayed. Click on an entry to select a topic.
• Set for selected
By clicking on the button, all data points that you have previously selected in the table
are assigned to the topic selected in the text box.
• Set for all
By clicking on the button, all data points that you have previously selected in the table
are assigned to the topic selected in the text box.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 121
Configuration
4.10 Data points
Note
Requirements for the transfer (Cloud)
The following conditions must be met to transfer a value:
• The data point is assigned to a topic in the configuration.
• At least one trigger condition is met.
SIMATIC CC7
122 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.10 Data points
Note
Deletion of configured data points during import
When importing variables from STEP 7 files, you can select whether previously
configured data points should be deleted.
After importing variables from STEP 7 files, you can also manually configure more data
points.
A data point in the gateway can alternatively be configured for one of the two target
systems (Cloud / OPC UA).
However, multiple data points can be created for different target systems with reference
to the same address in the station.
• Select station
Select a station from the drop-down list whose data points you want to configure for
the transfer. The drop-down list contains all stations that were configured under
"Process access", see section Process access (Page 71).
If data points are already configured for a station, these are displayed in the table
below when selecting the station. You can change the data later.
• Add data point
Creates the row for a new data point in the table.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 123
Configuration
4.10 Data points
Alternative:
• Duplicate row
You can also create new data points by copying existing data points.
To do so, select one or more data points using the check boxes (see below) and click
the "Duplicate row" button.
Then adjust the properties of the copied data points.
• Multi-editing
You use this button to open the "Data point configuration" dialog. You can set
specific parameters for all or previously selected data points in one editing step in the
dialog.
Select multiple data points for this function using the check box in the selection
column (left) of the data point table.
You can set the following parameters for multiple data points in the dialog:
– Target
– Access
– Trigger
For the meaning of the parameters, see below.
Multi-editing is practical especially when you are importing large volumes of data
points which are to receive the same values for the specified parameters.
After configuring the specified parameters in the "Data point configuration" dialog,
click on the respective check boxes of the parameters in the dialog. Only these
parameters are set.
You can then assign the parameter values to the data points:
– Set for selected
Assigns the parameter values to those data points that you selected before
opening the dialog.
– Set for all
Assigns the parameter values to all data points of the data point table.
SIMATIC CC7
124 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.10 Data points
Note
Delete
You cannot undo deleting a data point.
You can delete individual data points using the "Delete" symbol in each row of the data
point table.
You can delete multiple data points by selecting them using the selection column (left)
and then clicking on the "Delete" button below the table.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 125
Configuration
4.10 Data points
SIMATIC CC7
126 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.10 Data points
Trigger
You use the triggers to specify the conditions that initiate the transfer of the value saved
in the device to the broker.
Up to two triggers can be selected per data point. The following trigger classes can be
configured:
• Time trigger
– Cyclic
Cyclic transmission - configurable cycle
– Time
Once daily / Once weekly / Once monthly
• Value trigger
– Deviation: Transmission in case of deviation from the last stored value
– Threshold LOW: Transmission if value is below the threshold
– Threshold HIGH: Transmission if value is above the threshold
– Range within: Transmission when the value enters a value range
– Range outside: Transmission when the value leaves a value range
• Input trigger
– Digital input
Transfer upon edge change at the digital input
You can combine two triggers for each data point. When two triggers are configured, the
transfer is initiated as soon as one of the two trigger conditions is met.
Not all trigger types can be combined for a variable in practice. The following trigger
combinations are supported:
Additional restrictions can result from the trigger types supported by the individual data
types; see "Data types" table below.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 127
Configuration
4.10 Data points
Trigger 1 / Trigger 2
The following types of triggers are available:
• Time trigger
For time triggers, select the value of the cycle and the respective unit of time from the
drop-down list.
– Cyclic
The value of the data point is transferred cyclically. Ranges of values:
100 .. 100 000 000 ms
1 .. 1 000 000 s
1 .. 1666 min
1 .. 27 h
– Once daily
The value is transferred once a day at the configured time.
– Once weekly
The value is transferred once a week.
– Once monthly
The value is transferred once a month.
If a month has fewer days than the day specified in the configuration, the value of
the data point is transferred at the end of the month.
• Value trigger
Select the type using the drop-down list and add the respective values.
The value ranges of the value triggers depend on the data type of the data point.
– Change
The value is transferred as soon as it changes compared to the value that was
read in before.
– Area outside
The value is transferred as soon as it is outside the configured area.
– Area within
The value is transferred as soon as it is inside the configured area.
– Threshold HIGH
The value is transferred as soon as it exceeds the configured value.
– Threshold LOW
The value is transferred as soon as it drops below the configured value.
Note:
The range of values of the station data point is converted to the range of values of the
device data point.
SIMATIC CC7
128 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.10 Data points
• Input trigger
– Digital input
Transfer once upon edge change at the digital input
Alternatively with edge change 1 → 0 or 0 → 1
Data types
Not every data type supports all trigger types. The following tables list the configurable
data types and specify the supported trigger types for each data type.
* S7-1500 only
** S7-1200/1500 only
*** S7-300/400/1500 only
**** The accuracy of the DTL (1 ns, 10-9 seconds) is restricted to 100 ns (10-7 seconds) for OPC DateTime.
***** Formatting according to ISO 8601, e.g. "2020-03-31T08:25:59.1234+02:00".
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 129
Configuration
4.10 Data points
* If the string exceeds 256 bytes in the OPC Server, the string cannot be read by the OPC UA client and the Quali-
tyCode changes to BAD.
** An S7-1500 maps the internal data type DATE_AND_TIME as byte array with length of 8 in its OPC UA server. This
array can be interpreted by the OPC UA client of the CC7 as S7-DATE_AND_TIME variable and forwarded to the
target system with the date/time value.
*** Formatting according to ISO 8601, e.g. "2020-03-31T08:25:59.1234+02:00".
SIMATIC CC7
130 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.10 Data points
See also
User data format (Page 107)
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 131
Configuration
4.10 Data points
SIMATIC CC7
132 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.10 Data points
Import variables
1. Save the file exported from STEP 7 with the variable information in the file system of
your PC.
2. Open the WBM tab "Data points > Import PLC configuration".
3. Click "Browse", select the desired STEP 7 file and click on "Open".
The file name is displayed in the WBM.
4. If you do not want to use the file, click "Delete source file".
Both the file and variables already imported in the table are deleted (see below) are
deleted.
5. If you want to use the file, click "Import source file".
The import process is shown by a progress bar.
If you want to import multiple files, repeat the operation "Browse" > "Import source
file".
After a source file is imported from a DB, the following columns are first shown in a
table:
– Data block (DB name)
– Operand area (DB)
– DB number
Only this box can be edited.
6. Assign the DB number according to the STEP 7 configuration and click "Save".
This does not yet apply the data to the data point list of the application.
After the DB number is assigned or a source file is imported from a variable list, the
variables are displayed in a table with the following columns.
– Selection column
Used to select data points for partial transfer into the application.
– Delete
Deletes the respective variable from the table.
– Data point name
The data point name is formed from the following two components and applied
later:
- DB variable: <DB name>__<Variable name>
- PLC tag/symbol: <Operand range>__<Symbol name>
– Data type, operand area, DB number, offset, length
The relevant data pertaining to the contents of the source file is displayed.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 133
Configuration
4.10 Data points
SIMATIC CC7
134 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.11 Maintenance
Browse OPC UA
1. Select the desired station via "Select station".
2. Click the "Connect" button.
3. Confirm the message that the connection to the server was successful.
Result: The selected station with the associated variables is displayed. The "Display
only supported variables" option can also be selected.
You can now browse through the individual folders or variables and import variables.
Import variables
Select individual variables or entire folders and click "Import". To mark an entire folder,
you need to open it once. The variables are transferred to the "Data points" WBM tab
and can be edited there.
4.11 Maintenance
Synchronization method
You can synchronize the time of day manually or via NTP (Network Time Protocol).
Note
Time-of-day synchronization
For applications that require time-of-day synchronization, you should synchronize the
time of day of the device. If you do not synchronize the time of day regularly, there may
be deviations of several seconds each day between the device and its communication
partners.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 135
Configuration
4.11 Maintenance
System time
• Using NTP server
Enable the option if the time of day is to be synchronized via NTP.
When this option is disabled, you can set the time of day of the device manually.
• NTP server address
Enter the address of the NTP server as IPv4/IPv6 address or as DNS name.
• Synchronization cycle (s)
Specifies the cycle of the time-of-day queries to the NTP server.
Range of values in seconds: 16..1024
• NTP (secure)
The secure method NTP (secure) uses authentication with symmetrical keys.
SIMATIC CC7
136 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.11 Maintenance
• Time zone
In NTP mode, it is generally UTC (Universal Time Coordinated) that is transferred.
This corresponds to GMT (Greenwich Mean Time).
The time offset from UTC can be set by configuring the local time zone.
• Use daylight saving time changeover
If enabled, the system time is changed to daylight saving time, i.e. one hour is added.
Also enter when daylight saving time should be enabled and disabled.
If disabled, the current system time is not changed.
Note
Time does not continue to run when no voltage is applied
If you switch off the power supply to the gateway, the manually set time will not continue
to run during the power-off period.
The text boxes for date and time are only active with disabled time-of-day
synchronization via NTP.
To set the time, use the time table and the calendar via the symbols on the right, or enter
the data according to the following specifications.
• Time
Enter the current time of day manually in the specified format:
– hh:mm:ss
Hour, minute and second can also be entered as single digits.
• Date
Enter the current date manually in the specified format:
– DD/MM/YYYY
Month and day can also be entered as single digits.
Example: March is accepted as "03" or as "3".
• Save
When you click this button, the application saves the entered settings.
• Apply
The device only applies the saved time data when you click "Apply".
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 137
Configuration
4.11 Maintenance
SIMATIC CC7
138 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.11 Maintenance
4.11.3 User
Note
Loss of user data
Note changed or newly assigned user names and passwords.
When you lose the user data of the administrator, you no longer have access to the
WBM.
When losing the login data, you only have access to the WBM by resetting the device to
the factory settings. This is associated with a loss of data.
For the preset standard user data for initial login, see section Logging into the WBM
(Page 60).
Permitted length of the user name: 4...64 characters
Note
Changing the password
For security reasons, the user name and password preset at the factory must be
changed at the first login.
Passwort rules
Newly assigned user passwords must meet the following requirements:
• Minimum length: 8 characters
• At least 1 lowercase letter
• At least 1 uppercase letter
• At least 1 number
• At least one of the following special characters (ASCII 0x21..0x7E):
!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 139
Configuration
4.11 Maintenance
Edit user
Note
Applying changed user data
Changed user data is applied immediately after it has been saved.
After the user data is changed, it must be used for the next login.
• Action
Select the required action:
– Change user name
– Change password
– Change user name and password
• Current password
Enter the current password before you make any changes.
• New user name
Enter a new user name to change it.
• Repeat user name
To confirm a new user name, repeat the user name entered above.
• New password
Enter a new password to change the password.
• Repeat password
Repeat the new password.
4.11.4 Firmware
You can find the current firmware version of the device on the WBM page Info (Page 62).
If a new firmware version is available, you can download the firmware file from the PC to
the gateway via this WBM page.
For new firmware files for the gateway, refer to the section Loading new firmware
(Page 147).
Note
Digitally signed and encrypted firmware
The firmware is signed and encrypted. This ensures that only firmware created by
Siemens can be downloaded to the device.
SIMATIC CC7
140 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.11 Maintenance
Firmware update
• Firmware file
After selecting a firmware file stored on the PC using the "Search" button, the file
name is displayed here.
• Search
Searches the file system of the PC for a firmware file saved there that is intended to
be loaded on the gateway.
Firmware files have the file format *.upd.
After selecting the file, the name of the selected file is displayed but the firmware is
not used yet.
• Load on device
By clicking the button, you download the selected firmware file to the gateway.
The ongoing update process is indicated in the WBM by a progress bar.
After the update is complete, the gateway automatically reboots. After the restart you
will need to log in again.
Note
Firmware update
Note that updating the firmware can take a while.
• No input during activation
During activation until the gateway restarts, the WBM is not locked.
Do not change the WBM page during this time.
• No switch off of the gateway
Do not switch off the gateway during activation of the firmware. This avoids the
occurrence of inconsistent statuses.
• Automatic adoption of stored configuration changes
Configuration changes already saved but not yet adopted are automatically applied on
restart after a firmware update.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 141
Configuration
4.11 Maintenance
CLP
Use this function to format a brand new CLP or one previously used by another device.
The formatting deletes the existing data on the CLP.
• CLP formatting
The inserted CLP is formatted after you click the "Format" button.
When the formatting process is complete, a message is displayed in the WBM. Do not
switch off the gateway before the message appears.
Export configuration
Note
Options for exporting a configuration
You have the following options when exporting a configuration:
• Without user data and PKI
This file with the *.cfg file extension only contains the device configuration with the
configured connections and data points. This file is suitable for transferring the
configuration to other gateways, since certificates and keys usually have to be
adapted.
• With user data and PKI
This file with the *.cfgp file extension contains the device configuration with the
configured connections and data points as well as all user data, passwords,
certificates and, if necessary, the corresponding private keys. With this file, another
gateway can take over all settings, e.g. when replacing parts, and immediately resume
operation.
• Password (optional)
The configuration file is stored encrypted. Additionally, you can secure the
configuration file against unauthorized use by entering a password (8-64 characters).
The configuration file can only be reloaded by entering this password.
• Export
Saves the configuration currently used by the gateway with the selected options to a
configuration file on the PC.
SIMATIC CC7
142 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.11 Maintenance
Downloading a configuration
• Configuration file
After a configuration file saved on the PC is selected with the "Browse" button, the
file name is displayed here.
• Password (optional)
If a password was specified when the configuration file was saved, this password
must also be specified again when loading this configuration file.
• Browse
Searches the file system of the PC for a configuration file saved there that is intended
to be loaded on the gateway.
• Load on device
Downloads the configuration file shown under "File" to the gateway.
Note
The configuration data of the downloaded configuration file is only used by the
gateway after being applied to the runtime system ("Apply" button).
Process communication
The current status is displayed under "Status".
• Stop
Click the button to stop communication.
The labeling of the button changes.
• Start
Click the button to restart communication.
Restart
• Restart
Click the button to initiate a restart of the application.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 143
Configuration
4.11 Maintenance
Note
Data loss due to reset
Before you reset, note the effects of the reset described below.
• All configuration data, certificates, keys and user data are deleted by the reset.
The data on an optional CLP are deleted as well.
• By resetting the IP parameters at the respective interface, the application can no
longer be reached using the previously configured address data.
The application can be reached at the factory set IP address of the respective
interface. For information on the preset IP parameters, see section Restarting and
resetting (Page 148).
The MAC addresses of the interfaces are not deleted by the reset.
• Reset
By clicking the button, you reset all data of the application to the factory settings.
After the reset, the application performs a restart.
4.11.7 Diagnostics
Diagnostic messages
This page contains diagnostics messages for internal events and errors.
• Update
Here you set whether and in which cycle the WBM updates the displayed diagnostic
messages.
The entries contain a time stamp and the message text.
• Notifications (NOTIFICATION) are displayed in bold
• Errors are displayed in red.
• Notes are displayed in blue.
• Warnings are displayed in yellow.
Examples of events:
- Startup
- Establishment/termination of a communications connection
- Change to the configuration
SIMATIC CC7
144 Operating Instructions, 10/2020, C79000-G8976-C503-03
Configuration
4.11 Maintenance
4.11.8 Logging
Use of logging
By using the logging functions in log files, you can export important events to a file.
• Export
Click the button to export the respective file to the PC file system.
The exported files are displayed in the footer of the WBM. You can open the files from
the PC file system or directly from the WBM tab.
Security events
The gateway outputs Syslog messages according to RFC 5424 / RFC 5426. The
messages are based on IEC 62443-3-3.
When the address data of a Syslog server is input, the gateway sends the messages to
the server.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 145
Configuration
4.11 Maintenance
If you do not have a Syslog server, leave the server address free.
• Server address
Enter the IP address of the Syslog servers.
• Server port
You can change the default server port 514 (UDP).
You will find a description of the Syslog messages in the appendix Syslog messages
(Page 165).
SIMATIC CC7
146 Operating Instructions, 10/2020, C79000-G8976-C503-03
Diagnostics and maintenance 5
5.1 Diagnostics options
The following diagnostics options are available:
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 147
Diagnostics and maintenance
5.3 Restarting and resetting
Restart
The gateway ends productive operation, restarts automatically and takes up productive
operation again with the existing configuration data.
Note
Data is deleted
With the resetting to factory settings, all configuration data and process data on the
gateway is deleted.
With a reset to factory settings, the gateway can only be reached over the factory default
address data.
SIMATIC CC7
148 Operating Instructions, 10/2020, C79000-G8976-C503-03
Diagnostics and maintenance
5.3 Restarting and resetting
• Deleted data
The following data is deleted in the gateway by resetting to factory settings:
– Addresses of the LAN interfaces configured by the user
They are reset to the factory default address data.
– All other configuration data of the gateway
– All process data in the memory of the gateway
– User names and passwords
– All imported certificates
– Diagnostics buffer
The following data is also deleted:
– All data on an inserted CLP
• Data not deleted
The following data is not deleted by resetting to factory settings:
– MAC address of the LAN interfaces
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 149
Diagnostics and maintenance
5.4 Device replacement in the event of a fault
Device defective
If a fault develops, please send the device to your Siemens representative for repair.
Repairs on-site are not possible.
WARNING
Before replacement
• Before replacing the gateway, read the safety notices in the section Important notes
on using the device (Page 35).
• While working on the device make sure that the power supply is turned off.
When replacing the gateway follow the steps described in the section Installation
(Page 39).
SIMATIC CC7
150 Operating Instructions, 10/2020, C79000-G8976-C503-03
Technical specifications 6
6.1 Technical specifications - CloudConnect 712
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 151
Technical specifications
6.2 Technical Specifications - CloudConnect 716
For further data, refer to section Application and functions (Page 13).
SIMATIC CC7
152 Operating Instructions, 10/2020, C79000-G8976-C503-03
Technical specifications
6.2 Technical Specifications - CloudConnect 716
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 153
Technical specifications
6.2 Technical Specifications - CloudConnect 716
* The current load due to an external consumer connected between VP (pin 6) and DGND (pin 5) must not exceed a
maximum of 15 mA (short-circuit proof) for bus termination.
For further data, refer to section Application and functions (Page 13).
SIMATIC CC7
154 Operating Instructions, 10/2020, C79000-G8976-C503-03
Approvals 7
Approvals issued
Note
Issued approvals on the type plate of the device
The specified approvals apply only when the corresponding mark is printed on the
product. You can check which of the following approvals have been granted for your
product by the markings on the type plate.
EC declaration of conformity
The product meets the requirements and safety objectives of the following EC directives
and it complies with the harmonized European standards (EN) for programmable logic
controllers which are published in the official documentation of the European Union.
• 2014/34/EU (ATEX explosion protection directive)
Directive of the European Parliament and the Council of 26 February 2014 on the
approximation of the laws of the Member States concerning equipment and protective
systems intended for use in potentially explosive atmospheres, official journal of the
EU L96, 29/03/2014, pages. 309-356
• 2014/30/EU (EMC)
EMC directive of the European Parliament and of the Council of February 26, 2014 on
the approximation of the laws of the member states relating to electromagnetic
compatibility.; official journal of the EU L96, 29/03/2014, pages. 79-106
• 2011/65/EU (RoHS)
Directive of the European Parliament and of the Council of 8 June 2011 on the
restriction of the use of certain hazardous substances in electrical and electronic
equipment, official journal of the EC L174, 01/07/2011, page 88-110
The EC Declaration of Conformity is available for all responsible authorities at:
Siemens Aktiengesellschaft
Digital Industries
Process Automation
DE-76181 Karlsruhe
Germany
You can also find the EU Declaration of Conformity on the Internet at the following
address:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/25621/cert)
> Certificate: Declaration of conformity / EC/EU certificate of conformity
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 155
Approvals
IECEx
The product meets the requirements of explosion protection according to IECEx.
IECEx classification:
Ex ec IIC T4 Gc
Certificate: IECEx DEK 18.00xxX
Applied standards:
• EN 60079-0 - Explosive atmospheres - Part 0: Equipment - General requirements
• EN 60079-7 - Explosive Atmospheres - Part 7: Equipment protection by increased
safety 'e'
You can see the current versions of the standards in the IECEx certificate that you will
find on the Internet at the following address:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/25621/cert)
Note the conditions for the safe deployment of the product according to the section
Notes on use in hazardous areas according to ATEX / IECEx (Page 36).
You should also note the information in the document "Use of subassemblies/modules
in a Zone 2 Hazardous Area" that you will find on the Internet at the following address:
Link: (https://support.industry.siemens.com/cs/ww/en/view/78381013)
ATEX
The product meets the requirements of the EC directive:2014/34/EC "Equipment and
Protective Devices for Use in Potentially Explosive Atmospheres".
ATEX approval:
II 3 G Ex ec IIC T4 Gc
Type Examination Certificate: DEKRA 18ATEX00xxX
Applied standards:
• EN 60079-0 - Explosive atmospheres - Part 0: Equipment - General requirements
• EN 60079-7 - Explosive Atmospheres - Part 7: Equipment protection by increased
safety 'e'
The current versions of the standards can be seen in the EC Declaration of Conformity,
see above.
The conditions must be met for the safe deployment of the product according to the
section Notes on use in hazardous areas according to ATEX / IECEx (Page 36).
You should also note the information in the document "Use of subassemblies/modules
in a Zone 2 Hazardous Area" that you will find on the Internet at the following address:
Link: (https://support.industry.siemens.com/cs/ww/en/view/78381013)
EMC
The product meets the requirements of the EC Directive 2014/30/EU "Electromagnetic
Compatibility" (EMC directive).
SIMATIC CC7
156 Operating Instructions, 10/2020, C79000-G8976-C503-03
Approvals
Applied standards:
• EN 61000-6-4
Electromagnetic compatibility (EMC) - Part 6-4: Generic standards - Emission
standard for industrial environments
• EN 61000-6-2
Electromagnetic compatibility (EMC) - Part 6-2: Generic standards - Immunity for
industrial environments
RoHS
The product meets the requirements of the EC directive 2011/65/EU on the restriction of
the use of certain hazardous substances in electrical and electronic equipment.
Applied standard:
• EN 50581:2012
c(UL)us
Applied standards:
• Underwriters Laboratories, Inc.: UL 61010-1 (Safety Requirements for Electrical
Equipment for Measurement, Control, and Laboratory Use - Part 1: General
Requirements)
• IEC/UL 61010-2-201 (Safety requirements for electrical equipment for measurement,
control and laboratory use. Particular requirements for control equipment)
• Underwriters Laboratories, Inc.: UL 62368-1 (Audio/video, information and
communication technology equipment - Part 1: Safety requirements)
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 157
Approvals
FM
Factory Mutual Approval Standard Class Number 3600, 3611, 3810
FM16US0205X
Equipment rating:
Class I, Division 2, Group A, B, C, D, Temperature Class T4, Ta = 0..50/70 °C *
Class I, Zone 2, Group IIC, Temperature Class T4, Ta = 70 °C
ANSI/ISA-61010-1 (82.02.01)
* Remember that the permitted ambient temperature depends on the mounting position;
see section Technical specifications - CloudConnect 712 (Page 151).
Ta: Refer to the temperature class on the type plate
Note the conditions for the safe deployment of the product according to the section
General notices on use in hazardous areas according to UL HazLoc / FM (Page 38).
Australia - RCM
The product meets the requirements of the AS/NZS 2064 standards (Class A).
Current approvals
SIMATIC NET products are regularly submitted to the relevant authorities and approval
centers for approvals relating to specific markets and applications.
If you require a list of the current approvals for individual devices, consult your Siemens
contact or check the Internet pages of Siemens Industry Online Support:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/15248/cert)
SIMATIC CC7
158 Operating Instructions, 10/2020, C79000-G8976-C503-03
Dimension drawings 8
All dimensions in the dimension drawings are in millimeters.
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 159
Dimension drawings
SIMATIC CC7
160 Operating Instructions, 10/2020, C79000-G8976-C503-03
Accessories A
You will find details and ordering data for the products of the accessories program in the
Siemens Industry Mall, see:
Link: (https://mall.industry.siemens.com)
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 161
Accessories
A.2 CLPs
A.2 CLPs
Usable CLPs
The device can be operated with a CLP, an exchangeable storage medium for storage of
configuration data. A CLP does not ship with the device.
The following CLPs are available:
• SCALANCE CLP 2GB
Article number: 6GK1900-0UB00-0AA0
Exchangeable storage medium for easy device replacement
• SCALANCE CLP EEC 2GB
Article number: 6GK1900-0UQ00-0AA0
Exchangeable storage medium with painted circuit boards for easy device
replacement
SIMATIC CC7
162 Operating Instructions, 10/2020, C79000-G8976-C503-03
Escape sequences B
B.1 JSON escape sequences
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 163
Escape sequences
B.1 JSON escape sequences
SIMATIC CC7
164 Operating Instructions, 10/2020, C79000-G8976-C503-03
Syslog messages C
Security events
The gateway outputs Syslog messages according to RFC 5424. The messages are based
on IEC 62443-3-3.
Possible values:
– 0 Emergency
– 1 Alert
– 2 Critical
– 3 Error
– 4 Warning
– 5 Notice
– 6 Information
– 7 Debug
• Facility (Origin)
Possible values, e.g.: Sub-system, service, user
VERSION Version number of the Syslog specification
TIMESTAMP Time stamp of the device as local time including time zone and correction for daylight sav-
ing/standard time
Format: YYYY-MM-DDThh:mm:ss.msmsmsms+xx:yy
Example: 2010-01-01T02:03:15.0003+02:00
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 165
Syslog messages
C.1 Structure of the messages
This parameter specifies whether the time zone is known in the source device.
– 1 = known
– 0 = unknown
• isSynced
This parameter specifies whether the source device is synchronized with a reliable exter-
nal time source, e.g. via NTP.
– 1 = synchronized
– 0 = not synchronized
MSG
MESSAGE Message text as ASCII string (English)
You can read more detailed information on the structure of the Syslog messages and on
the meaning of the parameters in the RFCs:
https://tools.ietf.org/html/rfc5424
https://tools.ietf.org/html/rfc5426
SIMATIC CC7
166 Operating Instructions, 10/2020, C79000-G8976-C503-03
Syslog messages
C.2 Syslog messages
SE_COMMUNICATION_STARTED_(protocol)
Message text {Protocol}: User {User name} started the process communication.
Example Console: User <user name> started the process communication.
Explanation The user has started the process communication.
Severity Notice
Facility local0
Standard -
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 167
Syslog messages
C.2 Syslog messages
SE_COMMUNICATION_STOPPED_(protocol)
Message text {Protocol}: User {User name} stopped the process communication.
Example Console: User <user name> stopped the process communication.
Explanation The user has stopped the process communication.
Severity Notice
Facility local0
Standard -
SE_NETWORK_SUCCESSFUL_LOGON_(protocol)
Message text {Protocol}: User {User name} logged in from {IP address}.
Example Console: User admin logged in from 192.168.0.1.
Explanation Login with valid login information
Severity Info
Facility local0
Standard IEC 62443-3-3 Reference: SR 1.1
SE_NETWORK_UNSUCCESSFUL_LOGON_(protocol)
Message text {Protocol}: User {User name} failed to log in from {IP address}.
Example Console: User admin failed to log in from 192.168.0.1.
Explanation Incorrect user name or password specified during login.
Severity Error
Facility local0
Standard IEC 62443-3-3 Reference: SR 1.1
SE_LOGOFF (protocol)
Message text {Protocol}: User {User name} logged out from {IP address}.
Example Console: User admin logged out from 192.168.0.1.
Explanation Session ended with user logout.
Severity Info
Facility local0
Standard IEC 62443-3-3 Reference: SR 1.1
SIMATIC CC7
168 Operating Instructions, 10/2020, C79000-G8976-C503-03
Syslog messages
C.2 Syslog messages
SE_DEFAULT_USER_AUTHENTICATION_USED (protocol)
Message text {Protocol}: Default user {User name} logged in from {IP address}.
Example Console: Default user <user name> logged in from 192.168.0.1.
Explanation Default user has logged in via the IP address.
Severity Info
Facility local0
Standard IEC 62443-3-3 Reference: n/a (NERC-CIP 007-R5)
SE_ACCESS_PWD_CHANGED_(protocol)_(own password)
Message text {Protocol}: User {User name} has changed the password.
Example Console: User admin has changed the password.
Explanation User has changed own password.
Severity Notice
Facility local0
Standard IEC 62443-3-3 Reference: SR 1.3
SE_ACCOUNT_NAME_CHANGE_(protocol)_(user)
Message text {Protocol}: Default user account was changed to {User name}.
Example Console: Default user account was changed to <new user>.
Explanation The default account was changed.
Severity Notice
Facility local0
Standard IEC 62443-3-3 Reference: SR 1.3
SE_ACCOUNT_LOCKED_TEMP_(protocol)_(User)
Message text {Protocol}: User {User name} account is locked for {Time minute} minutes after {Failed login
count} unsuccessful login attempts.
Example Console: User admin account is locked for 544 minutes after 2 unsuccessful login attempts.
Explanation After too many failed login attempts, the corresponding user account is locked for a specific
time.
Severity Warning
Facility local0
Standard IEC 62443-3-3 Reference: SR 1.11
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 169
Syslog messages
C.2 Syslog messages
SE_RAS_SESSION_TERMINATED_INACTIVITY_(protocol)
Message text {Protocol}: Remote session {Config detail} was closed after {Time second} seconds of inactiv-
ity.
Example WBM: Remote session o1cs3jjKy... was closed after 600 seconds of inactivity.
Explanation The session was closed after a period of inactivity.
Severity Notice
Facility local0
Standard IEC 62443-3-3 Reference: SR 2.6
SE_ACCESS_DENIED_NUMBER_OF_CONCURRENT_SESS_(protocol)
Message text {Protocol}: The maximum number of {Max sessions} concurrent login session exceeded.
Example WBM: The maximum number of 1 concurrent login session exceeded.
Explanation The maximum number of simultaneous sessions has been reached.
Severity Warning
Facility local0
Standard IEC 62443-3-3 Reference: SR 2.7
SE_CONFIG_CHANGE_(protocol)_(complete configuration)
SE_CONFIG_CHANGE_(protocol)_(reset to factory)
Message text {Protocol}: User {User name} has initiated a reset to factory defaults.
Example WBM: User admin has initiated a reset to factory defaults.
Explanation User has initiated a reset to factory settings.
Severity Info
SIMATIC CC7
170 Operating Instructions, 10/2020, C79000-G8976-C503-03
Syslog messages
C.2 Syslog messages
Facility local0
Standard IEC 62443-3-3 Reference: SR 2.12
SE_COMMUNICATION_DATA_INTEGRITY_ERROR_(protocol)
SE_INVALID_SESSION_ID_(protocol)
SE_BACKUP_SUCCESSFULLY_DONE_(protocol)
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 171
Syslog messages
C.2 Syslog messages
SE_BACKUP_FAILED_(protocol)
Message text {Protocol}: User {User name} failed to create backup file.
Example Console: User <user name> failed to create backup file.
Explanation Creation of backup file by user failed.
Severity Error
Facility local0
Standard IEC 62443-3-3 Reference: SR 7.3
SE_BACKUP_RESTORE_FAILED_(protocol)
Message text {Protocol}: User {User name} failed to apply backup file.
Example Console: User <user name> failed to apply backup file.
Explanation Use of backup file by user failed.
Severity Error
Facility local0
Standard IEC 62443-3-3 Reference: SR 7.4
SE_BACKUP_RESTORE_SUCCESSFULLY_DONE_(protocol)
SE_FW_DEPLOYMENT_SUCCEEDED_(protocol)_(user)
Message text {Protocol}: User {User name} activated the Firmware {Version}.
Example Console: User <user name> activated the Firmware V2.
Explanation Firmware successfully activated by user.
Severity Notice
Facility local0
Standard IEC 62443-3-3 Reference: SR 7.4
SIMATIC CC7
172 Operating Instructions, 10/2020, C79000-G8976-C503-03
Syslog messages
C.2 Syslog messages
SE_FW_DEPLOYMENT_FAILED_(protocol)_(user)
Message text {Protocol}: User {User name} failed to activate Firmware {Version}.
Example Console: User <user name> failed to activate Firmware V2.
Explanation Firmware activation by user failed.
Severity Error
Facility local0
Standard IEC 62443-3-3 Reference: SR 7.4
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 173
Syslog messages
C.2 Syslog messages
SIMATIC CC7
174 Operating Instructions, 10/2020, C79000-G8976-C503-03
Index
A M
Abbreviations/acronyms, 4 MAC address, 3
Application to the runtime system, 58 MQTT - version, 14
Apply, 58
Article numbers, 3
O
OPC UA, 14
B
Open Source Software, 61
Broker, 14
Browse OPC UA, 134
P
Ports, 54
C
Certificate validation (OPC), 82, 89
CLP, 19 Q
Configuration error, 94
QualityCode, 105
Connection abort, 106
Connections - Number, 20
R
D Recycling, 7
Reset to factory settings, 32
Data type alias, 129
DATAPOINT_TYPE, 129
Deadband, 91
S
DHCP, 19
Disposal, 7 Safety notices, 35
DNS server, 65 Service & Support, 7
SIMATIC NET glossary, 7
Subscriptions, 91
F
Firmware - Version, 3
T
Training, 7
G
Glossary, 7
W
Grounding, 42
WBM, 15, 21
Web Based Management, 21
I Web browser, 25
Import variables, 135
SIMATIC CC7
Operating Instructions, 10/2020, C79000-G8976-C503-03 175
Index
SIMATIC CC7
176 Operating Instructions, 10/2020, C79000-G8976-C503-03