109822009 Brownfield Connectivity BFC Gateway

Product Information

The Brownfield Connectivity BFC Gateway is a software that
enables communication and data exchange between different systems
and devices in a brownfield environment. It allows for seamless
integration and interoperability, facilitating efficient operation
and management of industrial processes.

Specifications

  • Software: Brownfield Connectivity – Release 1.11
  • BFC Client, Version 2.15
  • BFC Gateway, Version 1.11
  • Valid until: November 2022

Requirements

In order to use the Brownfield Connectivity BFC Gateway, the
following requirements must be met:

  • Compatible operating system (refer to the system requirements
    documentation)
  • Sufficient hardware resources (RAM, storage, etc.)
  • Access to the network where the systems and devices are
    connected
  • Properly configured network settings
  • Installation of the BFC Client software (Version 2.15) on the
    client device

Installing the BFC Gateway

To install the BFC Gateway, follow these steps:

  1. Download the BFC Gateway installation package from the official
    Siemens website.
  2. Run the installation package and follow the on-screen
    instructions.
  3. Specify the installation directory and any additional
    configuration settings as required.
  4. Complete the installation process and ensure that there are no
    errors or issues reported.

Operating the BFC Gateway

Once the BFC Gateway is installed, you can start using it to
facilitate communication between systems and devices in your
brownfield environment. Here are some key operations and
functionalities:

Using the BFC Client

The BFC Client software (Version 2.15) is used to interact with
the BFC Gateway. It provides a user-friendly interface for
configuring and managing the gateway. To use the BFC Client, follow
these steps:

  1. Launch the BFC Client software on your client device.
  2. Enter the necessary connection details, such as the IP address
    or hostname of the BFC Gateway.
  3. Authenticate with the appropriate credentials to establish a
    secure connection.
  4. Once connected, you can access various configuration options
    and settings to customize the behavior of the gateway.

Using an OPC UA Server

The BFC Gateway supports communication with OPC UA servers,
allowing for seamless integration with OPC UA-enabled systems and
devices. To use an OPC UA server with the BFC Gateway, follow these
steps:

  1. Ensure that the OPC UA server is properly configured and
    accessible on the network.
  2. In the BFC Client software, navigate to the OPC UA
    configuration section.
  3. Add a new OPC UA server connection by providing the necessary
    connection details (e.g., server address, security settings).
  4. Save the configuration and establish a connection to the OPC UA
    server.
  5. You can now exchange data and interact with the connected OPC
    UA-enabled systems and devices.

Client Interface with HTTP REST Protocol

The BFC Gateway also provides a client interface that supports
communication using the HTTP REST protocol. This allows for easy
integration with web-based applications and services. To use the
client interface with the HTTP REST protocol, follow these
steps:

  1. In the BFC Client software, navigate to the client interface
    configuration section.
  2. Enable the HTTP REST protocol and specify the necessary
    settings (e.g., port number, authentication).
  3. Save the configuration and restart the BFC Gateway for the
    changes to take effect.
  4. You can now send HTTP requests to the BFC Gateway using the
    specified protocol and interact with the connected systems and
    devices.

BFC Gateway API

The BFC Gateway provides an API (Application Programming
Interface) that allows for programmatic access and control.
Developers can use this API to integrate the gateway functionality
into their own applications or build custom solutions on top of it.
Detailed documentation and examples for the BFC Gateway API are
available in the provided developer resources.

File Transfer

The BFC Gateway supports file transfer capabilities, allowing
for seamless exchange of files between systems and devices. To
transfer files using the BFC Gateway, follow these steps:

  1. In the BFC Client software, navigate to the file transfer
    section.
  2. Select the source and destination systems/devices for the file
    transfer.
  3. Specify the file(s) to be transferred and any additional
    options or settings.
  4. Initiate the file transfer process and monitor its
    progress.
  5. Once completed, verify the successful transfer of the file(s)
    between the specified systems/devices.

Configuring the SSA Gateway

The BFC Gateway allows for configuration of the SSA (System
Security Agent) gateway, which provides additional security
features and functionalities. To configure the SSA gateway with the
BFC Gateway, follow these steps:

  1. In the BFC Client software, navigate to the SSA gateway
    configuration section.
  2. Specify the necessary settings and parameters for the SSA
    gateway, such as access control rules, encryption settings, and
    authentication mechanisms.
  3. Save the configuration and restart the BFC Gateway for the
    changes to take effect.
  4. The SSA gateway will now enforce the configured security
    measures to protect the systems and devices connected through the
    BFC Gateway.

Configuring the AMP Gateway

The BFC Gateway also allows for configuration of the AMP (Asset
Management Platform) gateway, which facilitates asset management
and monitoring capabilities. To configure the AMP gateway with the
BFC Gateway, follow these steps:

  1. In the BFC Client software, navigate to the AMP gateway
    configuration section.
  2. Specify the necessary settings and parameters for the AMP
    gateway, such as asset discovery options, monitoring intervals, and
    notification preferences.
  3. Save the configuration and restart the BFC Gateway for the
    changes to take effect.
  4. The AMP gateway will now provide asset management and
    monitoring functionalities for the systems and devices connected
    through the BFC Gateway.

BFC Apps

The BFC Gateway supports various apps that extend its
functionality and provide additional features. These apps can be
installed and configured through the BFC Client software. To
install and use BFC apps, follow these steps:

  1. In the BFC Client software, navigate to the app management
    section.
  2. Browse through the available apps and select the desired ones
    for installation.
  3. Follow the on-screen instructions to complete the installation
    process for each app.
  4. Once installed, configure the apps according to your specific
    requirements and use them to enhance the capabilities of the BFC
    Gateway.

FAQ (Frequently Asked Questions)

Q: Can I use the BFC Gateway on multiple operating systems?

A: The BFC Gateway is compatible with specific operating
systems. Please refer to the system requirements documentation for
detailed information on supported platforms.

Q: Is there a limit to the number of systems and devices that
can be connected through the BFC Gateway?

A: The BFC Gateway can handle a large number of connections, but
the exact limit may depend on factors such as hardware resources
and network capacity. It is recommended to consult the
documentation and perform load testing if you anticipate a high
number of connections.

Q: Can I customize the behavior and settings of the BFC
Gateway?

A: Yes, the BFC Gateway provides various configuration options
and settings that can be customized according to your specific
requirements. The BFC Client software allows you to access and
modify these settings.

Q: Is technical support available for the BFC Gateway?

A: Yes, Siemens provides service and support for the BFC
Gateway. Please refer to the “Service and Support” section in the
documentation for contact information and further assistance.

Q: Are there any additional legal considerations or
disclaimers?

A: Please refer to the “Legal Information” section in the
documentation for detailed information regarding liability,
warranty, and other legal aspects related to the use of Siemens
products.

Brownfield Connectivity BFC Gateway
Function Manual
Valid for software: Brownfield Connectivity – Release 1.11: – BFC Client, Version 2.15 – BFC Gateway, Version 1.11 11/2022
A5E49457327B AF

Introduction

1

Security instructions

2

Product information

3

Requirement

4

Installing the BFC gateway

5

6 Operating the BFC gateway

Using the BFC client

7

Using an OPC UA server

8

Client interface with HTTP REST protocol

9

BFC gateway API

10

File transfer

11

Configuring the SSA gateway

12

Configuring the AMP gateway

13

BFC apps

14

Appendix

A

Legal information
Warning notice system This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.
DANGER indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION indicates that minor personal injury can result if proper precautions are not taken.
NOTICE indicates that property damage can result if proper precautions are not taken. If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.
Qualified Personnel The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.
Proper use of Siemens products Note the following:
WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.

Siemens AG Digital Industries Postfach 48 48 90026 NÜRNBERG GERMANY

A5E49457327B AF 12/2022 Subject to change

Copyright © Siemens AG 2019 – 2022. All rights reserved

Table of contents

1 Introduction ……………………………………………………………………………………………………………………….. 11

1.1

About Brownfield Connectivity – Gateway ………………………………………………………………… 11

1.2

About this documentation ……………………………………………………………………………………. 13

1.3

Feedback on the technical documentation ………………………………………………………………. 15

1.4

mySupport documentation …………………………………………………………………………………… 15

1.5

Service and Support…………………………………………………………………………………………….. 16

1.6

Using OpenSSL …………………………………………………………………………………………………… 17

1.7

Compliance with the General Data Protection Regulation……………………………………………. 17

2 Security instructions ……………………………………………………………………………………………………………. 19

2.1 2.1.1 2.1.2 2.1.3

Fundamental safety instructions…………………………………………………………………………….. 19 General safety instructions……………………………………………………………………………………. 19 Warranty and liability for application examples …………………………………………………………. 19 Security information ……………………………………………………………………………………………. 19

2.2

Specific security instructions………………………………………………………………………………….. 20

2.3

Improvements to product security ………………………………………………………………………….. 22

3 Product information…………………………………………………………………………………………………………….. 27

3.1

Form in which the BFC client is delivered…………………………………………………………………. 27

3.2

Form in which the BFC gateway is delivered …………………………………………………………….. 27

3.3 3.3.1 3.3.2 3.3.3

BFC update ………………………………………………………………………………………………………… 28 BFC Gateway update (docker-based)……………………………………………………………………….. 28 BFC Gateway update (Kubernetes-based)…………………………………………………………………. 33 BFC client update ………………………………………………………………………………………………… 35

3.4

Contacting the hotline …………………………………………………………………………………………. 36

4 Requirement ………………………………………………………………………………………………………………………. 39

4.1

Specialist know-how ……………………………………………………………………………………………. 39

4.2

General conditions………………………………………………………………………………………………. 39

4.3 4.3.1 4.3.2 4.3.3 4.3.3.1 4.3.3.2 4.3.4 4.3.5 4.3.6 4.3.7

System requirements …………………………………………………………………………………………… 40 BFC gateway ………………………………………………………………………………………………………. 40 BFC apps……………………………………………………………………………………………………………. 44 BFC client ………………………………………………………………………………………………………….. 44 Hardware and operating software ………………………………………………………………………….. 44 Network ……………………………………………………………………………………………………………. 46 FANUC client………………………………………………………………………………………………………. 49 MTConnect client………………………………………………………………………………………………… 51 Modbus client…………………………………………………………………………………………………….. 52 OPC UA client……………………………………………………………………………………………………… 53

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

3

Table of contents

4.3.8 4.3.9 4.3.10 4.3.11 4.3.12 4.3.13 4.3.14

S7 client ……………………………………………………………………………………………………………. 54 Heidenhain client………………………………………………………………………………………………… 56 Beckhoff client ……………………………………………………………………………………………………. 59 Ethernet IP client…………………………………………………………………………………………………. 60 Omron client ……………………………………………………………………………………………………… 61 HTTP script client for HP 3D printers ……………………………………………………………………….. 61 SFTP client …………………………………………………………………………………………………………. 62

5 Installing the BFC gateway …………………………………………………………………………………………………… 63

5.1

Requirement………………………………………………………………………………………………………. 63

5.2

Installing the docker CE………………………………………………………………………………………… 64

5.3

Installing the BFC gateway ……………………………………………………………………………………. 67

5.4

Installing BFC Gateway in a Kubernetes cluster …………………………………………………………. 71

6 Operating the BFC gateway ………………………………………………………………………………………………….. 79

6.1

Icons and buttons ……………………………………………………………………………………………….. 79

6.2 6.2.1 6.2.2 6.2.3

“Landing page” area …………………………………………………………………………………………….. 80 Log in to the BFC gateway …………………………………………………………………………………….. 80 Installing a user-defined certificate …………………………………………………………………………. 81 Starting processing ……………………………………………………………………………………………… 83

6.3 6.3.1 6.3.2

“Activation” area …………………………………………………………………………………………………. 83 Show activation ………………………………………………………………………………………………….. 84 Importing activation ……………………………………………………………………………………………. 85

6.4 6.4.1 6.4.2 6.4.2.1 6.4.2.2 6.4.2.3 6.4.3 6.4.3.1 6.4.3.2 6.4.3.3 6.4.3.4 6.4.3.5 6.4.3.6 6.4.3.7 6.4.3.8 6.4.3.9 6.4.3.10 6.4.3.11 6.4.3.12 6.4.3.13 6.4.3.14 6.4.3.15 6.4.3.16 6.4.3.17 6.4.4 6.4.5

“Commissioning” area ………………………………………………………………………………………….. 86 Starting the configuration …………………………………………………………………………………….. 86 BFC Protect ………………………………………………………………………………………………………… 87 Integrating the tunnel device ………………………………………………………………………………… 88 Configuring BFC Protect for clients………………………………………………………………………….. 89 Example: Configuring BFC Protect for the Modbus client …………………………………………….. 90 Creating clients (Import) ………………………………………………………………………………………. 96 Creating a BFC client ……………………………………………………………………………………………. 97 Creating a FANUC client ……………………………………………………………………………………… 103 Creating an MTConnect client ……………………………………………………………………………… 111 Creating a Modbus client ……………………………………………………………………………………. 117 Creating an OPC UA client …………………………………………………………………………………… 127 Creating an S7 client ………………………………………………………………………………………….. 134 Creating an HTTP REST client……………………………………………………………………………….. 145 Creating an HTTP script client………………………………………………………………………………. 147 Creating a Heidenhain client ……………………………………………………………………………….. 157 Creating a Beckhoff client……………………………………………………………………………………. 165 Creating an Ethernet IP client ………………………………………………………………………………. 171 Creating an Omron client ……………………………………………………………………………………. 180 Creating an MQTT client……………………………………………………………………………………… 187 MQTT client – configuring scriptlogic …………………………………………………………………….. 189 MQTT client – calling connection data……………………………………………………………………. 193 Creating an SFTP client……………………………………………………………………………………….. 194 Defining a dataset configuration…………………………………………………………………………… 198 Displaying/editing the client ………………………………………………………………………………… 205 Using configured datasets …………………………………………………………………………………… 206

BFC Gateway

4

Function Manual, 11/2022, A5E49457327B AF

Table of contents

6.4.5.1 6.4.5.2 6.4.6 6.4.6.1 6.4.7 6.4.8 6.4.8.1 6.4.8.2 6.4.8.3 6.4.8.4 6.4.8.5 6.4.8.6 6.4.8.7 6.4.8.8 6.4.8.9 6.4.8.10 6.4.8.11 6.4.8.12 6.4.8.13 6.4.8.14 6.4.8.15 6.4.8.16 6.4.8.17

Exporting datasets from a client …………………………………………………………………………… 207 Importing data sets into a client …………………………………………………………………………… 209 Creating Middlewares (Processing) ……………………………………………………………………….. 211 Creating script logic …………………………………………………………………………………………… 211 Creating the plant hierarchy ………………………………………………………………………………… 214 Creating gateways (Export) …………………………………………………………………………………. 218 Gateways (Export) …………………………………………………………………………………………….. 218 Creating a MindSphere gateway …………………………………………………………………………… 218 Creating the MindConnectLib asset ………………………………………………………………………. 224 MySQL export gateway ………………………………………………………………………………………. 226 Creating a MySQL export gateway ………………………………………………………………………… 230 Creating the AMP 4.1 export gateway……………………………………………………………………. 238 Creating an MQTT export gateway ……………………………………………………………………….. 246 Elasticsearch gateway ………………………………………………………………………………………… 254 Creating an Elasticsearch gateway ………………………………………………………………………… 255 InfluxDB gateway ………………………………………………………………………………………………. 261 Creating an InfluxDB gateway………………………………………………………………………………. 263 HTTP gateway …………………………………………………………………………………………………… 269 Creating an HTTP gateway ………………………………………………………………………………….. 270 MS SQL gateway ……………………………………………………………………………………………….. 277 Creating an MS SQL gateway……………………………………………………………………………….. 283 Kafka gateway ………………………………………………………………………………………………….. 290 Creating a Kafka gateway ……………………………………………………………………………………. 291

6.5 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5

“System State” area ……………………………………………………………………………………………. 297 Displaying information ………………………………………………………………………………………. 297 Area “Clients (Import)” ……………………………………………………………………………………….. 299 “Middlewares (Logic)” area ………………………………………………………………………………….. 303 “Gateways (Export)” area…………………………………………………………………………………….. 307 System State Report …………………………………………………………………………………………… 311

6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.4.1 6.6.4.2 6.6.4.3

“Usermanagement” area …………………………………………………………………………………….. 313 Creating a new user …………………………………………………………………………………………… 315 Adapting an existing user……………………………………………………………………………………. 316 Deleting an existing user…………………………………………………………………………………….. 316 Using an external IAM system ……………………………………………………………………………… 317 Requirements …………………………………………………………………………………………………… 317 Adjusting the configuration in the user management of the BFC gateway ……………………. 317 Logging on over an external IAM ………………………………………………………………………….. 318

6.7

“Custom Variable List” area ………………………………………………………………………………….. 319

7 Using the BFC client…………………………………………………………………………………………………………… 321

7.1 7.1.1 7.1.2 7.1.2.1 7.1.2.2 7.1.3 7.1.4 7.1.5 7.1.6 7.1.7

Installing a BFC client …………………………………………………………………………………………. 321 Requirement…………………………………………………………………………………………………….. 321 Installing the BFC client on SINUMERIK 840D sl / 828D……………………………………………… 321 Preparing the installation ……………………………………………………………………………………. 321 Synchronizing date and time ……………………………………………………………………………….. 322 Installing the BFC client on HMI-Advanced……………………………………………………………… 323 Installing the BFC client on SINUMERIK Operate under Windows (PCU)………………………… 326 Installing the BFC client on SINUMERIK Operate under Linux ……………………………………… 329 Configuring data buffering ………………………………………………………………………………….. 337 BFC client update ………………………………………………………………………………………………. 337

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

5

Table of contents

7.2 7.2.1 7.2.2 7.2.3

Deinstalling a BFC client……………………………………………………………………………………… 338 Deinstalling the BFC client on HMI-Advanced………………………………………………………….. 338 Deinstalling the BFC client on SINUMERIK Operate under Windows (PCU)…………………….. 339 Uninstalling the BFC client from SINUMERIK Operate under Linux ………………………………. 339

7.3 7.3.1 7.3.2 7.3.2.1 7.3.2.2 7.3.2.3 7.3.2.4 7.3.2.5 7.3.2.6 7.3.2.7

Configuring high-frequency data acquisition…………………………………………………………… 340 Requirement…………………………………………………………………………………………………….. 342 Configuration……………………………………………………………………………………………………. 343 Performing the configuration ………………………………………………………………………………. 343 Compiling signals………………………………………………………………………………………………. 344 Defining a start/stop operation …………………………………………………………………………….. 345 Changing the sampling rate for signals………………………………………………………………….. 347 Saving the configuration …………………………………………………………………………………….. 348 Accept configuration ………………………………………………………………………………………….. 349 Test configuration ……………………………………………………………………………………………… 350

7.4 7.4.1 7.4.2 7.4.3 7.4.3.1 7.4.3.2

BFC client diagnostics ………………………………………………………………………………………… 351 Analyzing the BFC client……………………………………………………………………………………… 351 Checking the accessibility of the BFC gateway in the network ……………………………………. 354 Trace ………………………………………………………………………………………………………………. 356 Activating the trace……………………………………………………………………………………………. 356 Analyzing the trace file……………………………………………………………………………………….. 357

8 Using an OPC UA server ……………………………………………………………………………………………………… 361

8.1

Overview …………………………………………………………………………………………………………. 361

8.2 8.2.1

Configuring a certificate ……………………………………………………………………………………… 361 Uploading the client certificates in the ConfigUI ………………………………………………………. 362

8.3

OPC UA address space ………………………………………………………………………………………… 363

8.4

Changing the system configuration while in operation……………………………………………… 367

8.5 8.5.1 8.5.2 8.5.3 8.5.4 8.5.5

Write access to variables……………………………………………………………………………………… 368 Configuring the release list for write accesses …………………………………………………………. 368 Writing variables using the “WriteData” method ………………………………………………………. 371 Call method “WriteData” ……………………………………………………………………………………… 372 Feedback after write process ……………………………………………………………………………….. 374 Direct write access via variables……………………………………………………………………………. 376

8.6

Historical Access ……………………………………………………………………………………………….. 376

8.7

Companion Specification…………………………………………………………………………………….. 379

8.8

Other OPC UA server settings ………………………………………………………………………………. 389

9 Client interface with HTTP REST protocol ……………………………………………………………………………… 391

9.1

Overview …………………………………………………………………………………………………………. 391

9.2

Test and documentation …………………………………………………………………………………….. 391

9.3

Authorization……………………………………………………………………………………………………. 393

9.4

Format for time stamp ……………………………………………………………………………………….. 395

9.5

Method POST /datasets ………………………………………………………………………………………. 396

9.6

Method POST /datasets/raw…………………………………………………………………………………. 397

BFC Gateway

6

Function Manual, 11/2022, A5E49457327B AF

Table of contents

9.7

Method POST /events …………………………………………………………………………………………. 401

9.8

Method POST /hfdataset……………………………………………………………………………………… 402

9.9

GET /writes method……………………………………………………………………………………………. 403

9.10

POST /writes/{ID}/ack method ………………………………………………………………………………. 404

10 BFC gateway API ……………………………………………………………………………………………………………….. 407

10.1

SwaggerUI ……………………………………………………………………………………………………….. 407

10.2

Authentication………………………………………………………………………………………………….. 407

10.3

Client configuration …………………………………………………………………………………………… 408

10.4

Middleware configuration …………………………………………………………………………………… 438

10.5

Gateway configuration ……………………………………………………………………………………….. 450

11 File transfer………………………………………………………………………………………………………………………. 465

11.1

Configuring access rights ……………………………………………………………………………………. 467

11.2

Using the WebDAV interface with curl …………………………………………………………………… 470

11.3

Using the WebDAV interface as Windows network drive …………………………………………… 470

11.4

Using the WebDAV interface under Linux……………………………………………………………….. 472

11.5

Using the WebDAV interface with WinSCP………………………………………………………………. 473

11.6

Directory structure on SINUMERIK machines…………………………………………………………… 474

12 Configuring the SSA gateway ……………………………………………………………………………………………… 479

12.1

Overview …………………………………………………………………………………………………………. 479

12.2

Requirement…………………………………………………………………………………………………….. 479

12.3

Check status of the middleware……………………………………………………………………………. 479

12.4

Creating aspects in MindSphere …………………………………………………………………………… 480

12.5

Creating the asset type “bfc_ssa_sinumerik”……………………………………………………………. 481

12.6 12.6.1 12.6.2 12.6.3

Connecting a new machine to SSA ……………………………………………………………………….. 484 Creating a new asset of the type “bfc_ssa_sinumerik”……………………………………………….. 485 Generating connection information of the assets…………………………………………………….. 488 Creating a MindSphere gateway for SSA ………………………………………………………………… 489

12.7

Configuring the BFC client data acquisition …………………………………………………………….. 495

12.8

Creating and saving a machine identity …………………………………………………………………. 499

13 Configuring the AMP gateway …………………………………………………………………………………………….. 503

13.1

System requirements relating to the AMP server ……………………………………………………… 503

13.2 13.2.1 13.2.1.1 13.2.1.2 13.2.1.3 13.2.2

Configuring the AMP server…………………………………………………………………………………. 504 General settings in the AMC server……………………………………………………………………….. 504 Setting to process alarms ……………………………………………………………………………………. 504 Configuring the http interface ……………………………………………………………………………… 505 Adapting Pit.ini …………………………………………………………………………………………………. 505 Configuring the machine in the AMP server ……………………………………………………………. 512

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

7

Table of contents

13.3 13.3.1 13.3.2 13.3.3

Configuring the AMP gateway ……………………………………………………………………………… 515 Configuration parameters of an AMP gateway ………………………………………………………… 515 Data selection and topics of the AMP gateway ………………………………………………………… 517 Environment variables of the AMP gateway ……………………………………………………………. 518

13.4 13.4.1 13.4.2

Script logic to link FANUC clients to AMP………………………………………………………………… 518 Creating a script configuration for a client………………………………………………………………. 519 Restarting the script logic……………………………………………………………………………………. 520

14 BFC apps ………………………………………………………………………………………………………………………….. 523

14.1 14.1.1 14.1.2 14.1.3

IBase app …………………………………………………………………………………………………………. 523 Using the IBase app……………………………………………………………………………………………. 524 Manually sending data to IBase ……………………………………………………………………………. 525 Sending data semiautomatically to IBase ……………………………………………………………….. 526

14.2 14.2.1 14.2.2 14.2.3 14.2.4

Optimization Check app ……………………………………………………………………………………… 527 Storing licenses…………………………………………………………………………………………………. 527 Creating a log …………………………………………………………………………………………………… 529 Using the Optimization Check app………………………………………………………………………… 529 Recording a trace session ……………………………………………………………………………………. 532

A Appendix………………………………………………………………………………………………………………………….. 535

A.1

List of abbreviations…………………………………………………………………………………………… 535

A.2

Checking the connection to a Heidenhain control ……………………………………………………. 536

A.3

Checking the connection to the MTConnect control …………………………………………………. 539

A.4

Check connection to FANUC control system……………………………………………………………. 540

A.5

API calls of the FOCAS interface……………………………………………………………………………. 543

A.6 A.6.1 A.6.2 A.6.3 A.6.4 A.6.5 A.6.6

AMP gateway……………………………………………………………………………………………………. 546 AMP gateway signals………………………………………………………………………………………….. 546 Script logic example: AMP_SIGNAL set…………………………………………………………………… 547 Script logic example: AMP_PARTCOUNT set …………………………………………………………….. 548 Script logic example: AMP_CYCLEDATA set ……………………………………………………………… 548 Alarms in the AMP gateway…………………………………………………………………………………. 549 AMP gateway logging ………………………………………………………………………………………… 550

A.7 A.7.1 A.7.2 A.7.3 A.7.4 A.7.5 A.7.6

BFC client data points ………………………………………………………………………………………… 551 Overview …………………………………………………………………………………………………………. 551 NC variables……………………………………………………………………………………………………… 551 PLC tags…………………………………………………………………………………………………………… 552 Machine data……………………………………………………………………………………………………. 553 Global User Data (GUD)………………………………………………………………………………………. 554 Drive parameters ………………………………………………………………………………………………. 557

A.8 A.8.1 A.8.2 A.8.3 A.8.4 A.8.5 A.8.6 A.8.7

FANUC client data points (reading)……………………………………………………………………….. 561 cnc_rdtimer ……………………………………………………………………………………………………… 561 cnc_sysinfo………………………………………………………………………………………………………. 562 cnc_statinfo……………………………………………………………………………………………………… 562 cnc_rddynamic2 ……………………………………………………………………………………………….. 563 cnc_rdpdf_subdirn …………………………………………………………………………………………….. 564 cnc_rdpdf_subdir ………………………………………………………………………………………………. 564 cnc_rdpdf_alldir ………………………………………………………………………………………………… 564

BFC Gateway

8

Function Manual, 11/2022, A5E49457327B AF

Table of contents

A.8.8 A.8.9 A.8.10 A.8.11 A.8.12 A.8.13 A.8.14 A.8.15 A.8.16 A.8.17 A.8.18 A.8.19
A.9 A.9.1 A.9.2 A.9.3 A.9.4
A.10 A.10.1 A.10.2
A.11 A.11.1 A.11.2 A.11.3 A.11.4 A.11.5 A.11.6
A.12 A.12.1 A.12.2 A.12.3
A.13
A.14 A.14.1 A.14.2 A.14.3 A.14.4 A.14.5 A.14.6
A.15
A.16 A.16.1 A.16.2 A.16.3 A.16.4 A.16.5
A.17 A.17.1

cnc_rdparam ……………………………………………………………………………………………………. 565 cnc_diagnoss ……………………………………………………………………………………………………. 565 cnc_rdset…………………………………………………………………………………………………………. 566 cnc_rdsetnum…………………………………………………………………………………………………… 566 cnc_rdaxisdata………………………………………………………………………………………………….. 566 cnc_rdaxisname………………………………………………………………………………………………… 567 cnc_rdpdlname …………………………………………………………………………………………………. 567 cnc_alarm2………………………………………………………………………………………………………. 567 pmc_get_number_of_pmc ………………………………………………………………………………….. 567 pmc_rdmcrng …………………………………………………………………………………………………… 567 cnc_exeprgname ………………………………………………………………………………………………. 568 tooldata…………………………………………………………………………………………………………… 568
FANUC client data points (writing) ……………………………………………………………………….. 569 cnc_wrparam……………………………………………………………………………………………………. 569 cnc_wrset ………………………………………………………………………………………………………… 569 pmc_wrpncrng …………………………………………………………………………………………………. 570 cnc_wrtimer …………………………………………………………………………………………………….. 570
S7 client ………………………………………………………………………………………………………….. 571 Addressing in the SIMATIC PLC……………………………………………………………………………… 571 Data types, accuracy and formatting for write operations …………………………………………. 572
Heidenhain client data points (reading)…………………………………………………………………. 574 Structure of the datapoints………………………………………………………………………………….. 574 GetRunInfo ………………………………………………………………………………………………………. 574 GetMachineParameters ………………………………………………………………………………………. 577 DataGetValue……………………………………………………………………………………………………. 577 ReadMemory ……………………………………………………………………………………………………. 577 Examples of important Heidenhain datapoints ……………………………………………………….. 578
Heidenhain client data points (writing) …………………………………………………………………. 579 SetMachineParameters……………………………………………………………………………………….. 579 DataSetValue ……………………………………………………………………………………………………. 580 WriteMemory……………………………………………………………………………………………………. 580
Data points Beckhoff client ………………………………………………………………………………….. 581
EIP client………………………………………………………………………………………………………….. 582 Addressing of data, general ………………………………………………………………………………… 582 Addressing in the PCCC message format ……………………………………………………………….. 582 Interpretation of 16 and 32-bit numbers, signed or unsigned…………………………………….. 584 Addressing in the Allen-Bradley CIP message format with tags …………………………………… 584 Addressing arrays ……………………………………………………………………………………………… 586 Reading and writing very large 64-bit numbers ………………………………………………………. 586
Data points of the Omron client …………………………………………………………………………… 586
MQTT export gateway………………………………………………………………………………………… 587 Topics ……………………………………………………………………………………………………………… 587 Data format: data set …………………………………………………………………………………………. 588 Data format: alarms …………………………………………………………………………………………… 590 Data format: alarm state changes…………………………………………………………………………. 591 Data format: high frequency data…………………………………………………………………………. 592
OPC UA……………………………………………………………………………………………………………. 595 Supported OPC UA profiles ………………………………………………………………………………….. 595

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

9

Table of contents

A.18

MindSphere MMM Dashboard ……………………………………………………………………………… 596

A.19

MS SQL gateway ……………………………………………………………………………………………….. 601

A.20

HTTP script client ………………………………………………………………………………………………. 602

A.21

Further notes ……………………………………………………………………………………………………. 605

A.22

Troubleshooting………………………………………………………………………………………………… 609

A.23

Release Notes V1.11 ………………………………………………………………………………………….. 611

Glossary …………………………………………………………………………………………………………………………… 613

BFC Gateway

10

Function Manual, 11/2022, A5E49457327B AF

Introduction

1

1.1

About Brownfield Connectivity – Gateway
Brownfield Connectivity (BFC) is software that can establish a connection between a heterogeneous production network and higher-level information systems. BFC integrates itself into the structural framework of an existing software and architecture concept, known as a brownfield situation. Via a central BFC Gateway, you can connect SINUMERIK control systems, third-party controls and automation systems to higher-level systems. The system offers wide ranging options, such as reading and writing variables, preprocessing acquired data, transferring files from IT to OT and “trigger”-based reading from a central connectivity management system.
1SPEVDUJPOOFUXPSL
.PECVT5$1

)5513&45 4*/6.&3*,

*OUFSOBMTZTUFN

)JHIFSMFWFM JOGPSNBUJPOTZTUFNT

.255 )FJEFOIBJO

#SPXOFME$POOFDUJWJUZ(BUFXBZ

.JOE4QIFSF

4

$VTUPNFSDMPVE

.5$POOFDU

01$6″

*OUFSOBMEBUBCBTF

‘”/6$

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

11

Introduction 1.1 About Brownfield Connectivity – Gateway
Note High availability of the BFC Gateway To increase the system reliability of BFC Gateway, high system availability can be implemented together with end users on a project-specific basis. If you are interested in the solution and require more detailed information, then contact your local Siemens sales partner.
Note Performance dips in the network communication Performance dips can occur in the network communication, for example as a result of incorrect configuration of connected devices. If a high number of data points are added, when commissioning and configuring the BFC Gateway, carefully ensure that performance dips do not occur in the network communication in the existing network infrastructure. Carry out network analysis before and after the BFC Gateway installation.

Architecture

The “BFC Gateway” software forms the architecture for this solution, which is installed on a virtual or physical system between your networked machines and office network. This software provides a connection between the various machines of the factory and a higher-level IT system.
The BFC client can be installed on SINUMERIK controls to connect them to the BFC gateway.
The BFC driver is a component of the BFC gateway that enables a connection to the BFC devices in the machine park of a factory.
A BFC device is a data source like a SINUMERIK control, third-party control, or another automation solution.
For devices that do not support encrypted communication, an encrypted configuration can be offered on a project-for-project basis between the device and the BFC Gateway. In the following diagram, this project-specific solution is declared as “BFC project” as example. If you are interested in the solution and require more detailed information, then contact your local Siemens sales partner.
Note
The BFC Gateway is neither a real-time nor deterministic system. As a consequence, data exchange in a precisely defined time interval cannot be guaranteed.

BFC Gateway

12

Function Manual, 11/2022, A5E49457327B AF

1SPEVDUJPO #’$EFWJDF %
).*”EWBODFE
#’$DMJFOU
#’$EFWJDF %
0QFSBUF
#’$DMJFOU
#’$EFWJDF
#’$1SPUFDU
#’$EFWJDF9

Introduction 1.2 About this documentation

‘BDUPSZ 0DF*OUSBOFU

*OUFSOFU

*OUFSOBMTZTUFN *1$ #’$HBUFXBZ #’$ESJWFS
*OUFSOBMEBUBCBTF

.JOE4QIFSF &YUFSOBMTZTUFN

1.2

Different data formats Different devices code their information in the various manufacturer-specific formats. The BFC Gateway transfers the data from the various devices and control systems unchanged. The higher-level system must be able to interpret the manufacturer-specific data. If you wish to scale, link or preprocess the data, then you can configure this on a project-forproject basis. If this data is to be visible in MindSphere Fleet Manager, then configuration operations are also required in MindSphere. If you are using Apps, then carefully check the data and interface compatibility.
About this documentation
Contact your regional Siemens sales partner for training courses on the BFC Gateway. This salesperson will provide you with a quotation for a training course that meets your individual requirements.
Note To install and configure the BFC Gateway, you should first participate in an appropriate training course offered by Siemens AG.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

13

Introduction 1.2 About this documentation

FAQs

You can find answers to Frequently Asked Questions in the Service&Support pages at Product Support (https://support.industry.siemens.com/cs/products?dtp=Faq&mfn=ps&lc=en-DE).

Target group

This documentation addresses appropriately qualified commissioning engineers.
The document provides information for commissioning engineers that they require to commission and parameterize the software.

Disclaimer

All product designations, product names, etc. may contain trademarks or other rights of Siemens AG, its subsidiaries or third parties. Unauthorized use may violate the rights of the respective owners.

Write accesses and file write accesses to connected controls and devices.
The BFC Gateway is only responsible for transferring data in the form of digital messages between sender and receiver.
The sender is responsible for the content of this message. This must be observed in particular for messages to control systems and devices that are to be executed as write accesses on the respective target device.
For file write accesses to controls and devices, too, the sender is responsible for the contents of the files transferred and, in particular, for the consequences of writing these files onto the target device.

Standard scope
This documentation only describes the functionality of the standard version. This may differ from the scope of the functionality of the system that is actually supplied. Please refer to the ordering documentation only for the functionality of the supplied drive system.
It may be possible to execute other functions in the system which are not described in this documentation. This does not, however, represent an obligation to supply such functions with a new control or when servicing.
For reasons of clarity, this documentation cannot include all of the detailed information on all product types. Further, this documentation cannot take into consideration every conceivable type of installation, operation and service/maintenance.
The machine manufacturer must document any additions or modifications they make to the product themselves.

BFC Gateway

14

Function Manual, 11/2022, A5E49457327B AF

Introduction 1.4 mySupport documentation
Websites of third-party companies This document may contain hyperlinks to third-party websites. Siemens is not responsible for and shall not be liable for these websites and their content. Siemens has no control over the information which appears on these websites and is not responsible for the content and information provided there. The user bears the risk for their use.

1.3

Feedback on the technical documentation

If you have any questions, suggestions or corrections regarding the technical documentation which is published in the Siemens Industry Online Support, use the link “Send feedback” link which appears at the end of the entry.

1.4

mySupport documentation

With the “mySupport documentation” web-based system you can compile your own individual documentation based on Siemens content, and adapt it for your own machine documentation.

To start the application, click on the “My Documentation” tile on the “mySupport links and tools” (https://support.industry.siemens.com/cs/ww/en/my) portal page:

The configured manual can be exported in RTF, PDF or XML format.
Note Siemens content that supports the mySupport documentation application can be identified by the presence of the “Configure” link.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

15

Introduction 1.5 Service and Support

1.5

Service and Support

Product support You can find more information about products on the internet: Product support (https://support.industry.siemens.com/cs/ww/en/) The following is provided at this address: · Up-to-date product information (product announcements) · FAQs (frequently asked questions) · Manuals · Downloads · Newsletters with the latest information about your products · Global forum for information and best practice sharing between users and specialists · Local contact persons via our Contacts at Siemens database ( “Contact”) · Information about field services, repairs, spare parts, and much more ( “Field Service”)

Technical support
Country-specific telephone numbers for technical support are provided on the internet at address (https://support.industry.siemens.com/cs/ww/en/sc/4868) in the “Contact” area.
If you have any technical questions, please use the online form in the “Support Request” area.

Training

You can find information on SITRAIN at the following address (https://www.siemens.com/ sitrain). SITRAIN offers training courses for automation and drives products, systems and solutions from Siemens.

Siemens support on the go

BFC Gateway

16

Function Manual, 11/2022, A5E49457327B AF

Introduction 1.7 Compliance with the General Data Protection Regulation
With the award-winning “Siemens Industry Online Support” app, you can access more than 300,000 documents for Siemens Industry products ­ any time and from anywhere. The app can support you in areas including: · Resolving problems when implementing a project · Troubleshooting when faults develop · Expanding a system or planning a new system Furthermore, you have access to the Technical Forum and other articles from our experts: · FAQs · Application examples · Manuals · Certificates · Product announcements and much more The “Siemens Industry Online Support” app is available for Apple iOS and Android.
Data matrix code on the nameplate The data matrix code on the nameplate contains the specific device data. This code can be read with a smartphone and technical information about the device displayed via the “Industry Online Support” mobile app.

1.6

Using OpenSSL

This product can contain the following software:

· Software developed by the OpenSSL project for use in the OpenSSL toolkit

· Cryptographic software created by Eric Young.

· Software developed by Eric Young

You can find more information on the internet:

· OpenSSL (https://www.openssl.org)

· Cryptsoft (https://www.cryptsoft.com)

1.7

Compliance with the General Data Protection Regulation

Siemens observes standard data protection principles, in particular the data minimization rules (privacy by design).

For this product, this means:

The product does not process or store any personal data, only technical function data (e.g. time stamps). If the user links this data with other data (e.g. shift plans) or if he/she stores person-related data on the same data medium (e.g. hard disk), thus personalizing this data, he/she must ensure compliance with the applicable data protection stipulations.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

17

Introduction 1.7 Compliance with the General Data Protection Regulation

BFC Gateway

18

Function Manual, 11/2022, A5E49457327B AF

Security instructions

2

2.1
2.1.1

Fundamental safety instructions
General safety instructions
WARNING Danger to life if the safety instructions and residual risks are not observed If the safety instructions and residual risks in the associated hardware documentation are not observed, accidents involving severe injuries or death can occur. · Observe the safety instructions given in the hardware documentation. · Consider the residual risks for the risk evaluation.
WARNING Malfunctions of the machine as a result of incorrect or changed parameter settings As a result of incorrect or changed parameterization, machines can malfunction, which in turn can lead to injuries or death. · Protect the parameterization against unauthorized access. · Handle possible malfunctions by taking suitable measures, e.g. emergency stop or
emergency off.

2.1.2 2.1.3

Warranty and liability for application examples
Application examples are not binding and do not claim to be complete regarding configuration, equipment or any eventuality which may arise. Application examples do not represent specific customer solutions, but are only intended to provide support for typical tasks. As the user you yourself are responsible for ensuring that the products described are operated correctly. Application examples do not relieve you of your responsibility for safe handling when using, installing, operating and maintaining the equipment.
Security information
Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

19

Security instructions
2.2 Specific security instructions
In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement ­ and continuously maintain ­ a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions constitute one element of such a concept.
Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection is necessary and only when appropriate security measures (e.g. firewalls and/or network segmentation) are in place.
For additional information on industrial security measures that may be implemented, please visit https://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under https://www.siemens.com/cert.
Further information is provided on the Internet:
Industrial Security Configuration Manual (https://support.industry.siemens.com/cs/ww/en/ view/108862708)
WARNING
Unsafe operating states resulting from software manipulation
Software manipulations, e.g. viruses, Trojans, or worms, can cause unsafe operating states in your system that may lead to death, serious injury, and property damage. · Keep the software up to date. · Incorporate the automation and drive components into a holistic, state-of-the-art industrial
security concept for the installation or machine. · Make sure that you include all installed products into the holistic industrial security concept. · Protect files stored on exchangeable storage media from malicious software by with suitable
protection measures, e.g. virus scanners. · On completion of commissioning, check all security-related settings.

2.2
20

Specific security instructions
Note Network traffic When using the BFC gateway, network traffic is generated in the customer network. Ensure that sufficient bandwidth is available in your network depending on the use of the BFC gateway.
BFC Gateway Function Manual, 11/2022, A5E49457327B AF

Security instructions 2.2 Specific security instructions
Note Connection to SINUMERIK control systems SINUMERIK control systems are connected by default via an encrypted MQTT/TLS 1.2/TLS 1.3 connection. If a system operator explicitly wishes to use an unencrypted connection, then this can be implemented as part of the configuration process. You can contact the hotline to obtain the necessary information to do this.
Note Connecting SINUMERIK control systems to the network Connecting SINUMERIK control systems via the BFC Gateway using TLS 1.2/TLS 1.3/MQTT corresponds to current security standards.
Note SINUMERIK control system security The company operating the systems is solely responsible for preventing unauthorized access to your plants, systems, SINUMERIK control systems and the network. Systems, SINUMERIK control systems and components should only be connected to the company’s network or the Internet if and to the extent necessary and with appropriate security measures in place. Security measures include the use of firewalls, whitelisting, virus scanners, network segmentation, OS patching.
NOTICE Data misuse due to an unprotected Internet connection An unrestricted Internet connection can result in data misuse. Before establishing a network connection, ensure your PC is only connected to the network via a secure connection. Carefully observe the security-relevant notes and instructions.
Note Data backup before and after commissioning the BFC client Before you make any changes, carefully ensure that data backups have been generated via the PCU 50 (Ghost) or the CF card of the NCU (tgz file). Create a data backup after completing all activities. Additional information about creating a data backup is provided under: · Commissioning Manual SINUMERIK 840Di sl / 840D sl / 840 D, Base Software and HMI-
Advanced · Commissioning Manual SINUMERIK 840D sl Base Software and Operating Software · Equipment Manual for SINUMERIK 828D PPU and components

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

21

Security instructions 2.3 Improvements to product security
Note Backing up the commissioning PC The necessary security measures (e.g. virus scanner, firewalls, OS patching, etc.) must be implemented on the PCs that are used to configure a BFC Gateway at the OEM or end user.
Note Appropriate parameterization When defining the amount of data to be transferred to the BFC Gateway and the intervals, the system load of the relevant control system and the network infrastructure involved must be carefully taken into consideration. The company operating the plant or system is responsible for carefully planning and providing the datapoints. This can avoid performance bottlenecks at the control system and in the network.
Additional information relating to IT security is provided in Chapter: Security information (Page 19).
NOTICE Damage to the machine by writing to control variables Writing to control variables can damage the machine. This is why, from Version 1.11, when configuring the permitted write access operations, an appropriate note must be confirmed.
Note Writing to variables for SINUMERIK control systems For SINUMERIK control systems, the BFC Gateway is prevented from writing to the following variables: · Machine data, drive parameters, DB20, DB18 · Axis DBs: DB31-DB61 (for SINUMERIK 828D: DB3800-DB3818, DB3900) · Basic program DBs: DB7, DB8, DB10 (for SINUMERIK 828D: DB2900)

2.3

Improvements to product security

Warnings are issued when configuring write access operations.

The area of application refers to writing to variables and deleting and/or changing files in the control system.

Note
The BFC client prevents the BFC Gateway from being able to change security-relevant addresses and directories.

BFC Gateway

22

Function Manual, 11/2022, A5E49457327B AF

Security instructions 2.3 Improvements to product security
System requirements · The Declaration of Conformity of the machine OEM regarding machine safety (hazardous to human life and safety) is not diminished when using the BFC Gateway. · When using BFC write functions, users must be warned about potential economic damage.
NOTICE Economic damage to the machine as a result of incorrect use Incorrectly using BFC write functions can result in economic damage at the machine. This cannot be completely prevented in the BFC Gateway, e.g. for a GUD variable that specifies a traversing path. If the specified traversing path is too long then the machine will be damaged.
SINUMERIK 840D PowerLine / SolutionLine / One Data areas of the SINUMERIK control system, which have the potential of influencing “SINUMERIK Safety Integrated”:
Note Deviating areas for SINUMERIK 828D are specified in brackets.
· Machine data / Drive parameters/ DB20 · SAFE.SPF (lock the complete directory) (828D: is not used) · Manufacturer cycles · Safety-relevant DBs: DB18 (828D: is not used) · Axis DBs: DB31-DB61 (828D: DB3800-DB3818, DB3900) · Basic program DBs: DB7, DB8, DB10 (828D: DB2900) From this, the following addresses and directories were derived to access the control system: · “DB20.xxx”, “/Plc/DataBlock/xxx[c20,xxx” · “DB18.xxx”, “/Plc/DataBlock/xxx[c18,xxx” · “DB31.xxx” – “DB61.xx”, “/Plc/DataBlock/xxx[c31,xxx” – “/Plc/DataBlock/xxx[c61,xxx” · “DB7.xxx”, “/Plc/DataBlock/xxx[c7,xxx” · “DB8.xxx”, “/Plc/DataBlock/xxx[c8,xxx” · “DB10.xxx”, “/Plc/DataBlock/xxx[c10,xxx” · “DB3800.xxx” – “DB3818.xx”, “/Plc/DataBlock/xxx[c3800,xxx” – “/Plc/DataBlock/
xxx[c3818,xxx” · “DB2900.xxx”, “/Plc/DataBlock/xxx[c2900,xxx” · “xxxTEA_ACX/xxx” · “xxxSEA_ACX/xxx” · “/Nck/Configuration/xxx”

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

23

Security instructions 2.3 Improvements to product security

· “/Nck/Settings/xxx”

· “/Nck/Drive/xxx”

· “/Nck/ProtectedArea/xxx”

· “/Channel/Settings/xxx”

· “/Channel/Drive/xxx”

· “/Channel/Configuration/xxx”

· “/Channel/ProtectedArea/xxx”

· “/Axis/Drive/xxx”

· “/Axis/Settings/xxx”

· “/DriveVsa/xxx”

· “/acx/xxx”

· Directory “/NC/CST.DIR/xxx”

=> Standard cycles

· Directory “/NC/CMA.DIR/xxx”

=> Manufacturer cycles (incl. SAFE.SPF)

This involves a superset of addresses, which can be used under HMI-Advanced (PowerLine) and Operate (SolutionLine/One/828D).

Overview
You configure write access operations to variables of the control system in the ConfigUI of the BFC client in Section “Define whitelisting configuration”. In this section, you configure which control system addresses may be written to.
The white list defined here (list of addresses) is transferred to the BFC client for each change and when the machine restarts. The BFC client only permits write access operations to addresses that are in this list. Attempts to access other addresses are rejected with message “Access denied”.
Example:
In this example, a message is sent with two addresses to the BFC client (connectivity/ machine/<MachineId>/iotclient/update/config/request/).
{ “writeAccess”: [ “DB21.DBX7.1”, “DB20.DBX1” ] }
At this position, address “DB20.DBX1” is filtered out, as this lies in a SINUMERIK data area, which potentially has influence on “SINUMERIK Safety Integrated”. The addresses are filtered out using a regular expression.

Note Observe uppercase/lowercase letters and space characters.

The following log message is entered:

BFC Gateway

24

Function Manual, 11/2022, A5E49457327B AF

Security instructions 2.3 Improvements to product security
2022-07-13T17:09:21.246498+02:00 [E] 1254 Write access to the following addresses is not allowed: ‘DB20.DBX1’ All files from directories “/NC/CST.DIR/xxx” (standard cycles) and “/NC/CMA.DIR/xxx” (manufacturer cycles incl. SAFE.SPF) are also filtered out using a regular expression in the affected functions of the BFC client.
Application in ConfigUI ConfigUI calls a check box for “allowlist” and “filepermissions”, which must be defined in order to save the configuration. Note The settings in ConfigUI apply to all clients.
· To be able to release an address in the “allowlist”, you must set the check box as shown in the following diagram.
· If there is no entry in the “allowlist”, then there is no check box for the “allowlist”. If there is no entry with skills “delete” or “write” in the file authorization list, then there is no check box for file authorization.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

25

Security instructions 2.3 Improvements to product security
· The check box is displayed as soon as an entry is set for one of the skills “delete” or “write”.
· Select the check box to save the skills for the appropriate path.
You must again select the check box if you wish to edit, add or import entries.

BFC Gateway

26

Function Manual, 11/2022, A5E49457327B AF

Product information

3

3.1

Form in which the BFC client is delivered

Siemens provides you with the software corresponding to the order data, either on a data storage medium or per download.

Siemens includes with the software an electronic form of the software documentation.

Note Software package
The software package is a zip archive that contains the software and documents for commissioning a SINUMERIK 840D/840D sl/828D.
The Siemens Third-Party Software Disclosure Document (BFC_readme_oss.html) for BFC is provided in the root directory of the software provided.

3.2

Form in which the BFC gateway is delivered

Siemens provides you with the software corresponding to the order data, either on a data storage medium or per download, as well as the associated Certificate of License (CoL).

Siemens includes with the software an electronic form of the software documentation.

Siemens provides a license key, which is documented on the CoL.

Note Installation
Install the software package as described in this document.
More information can be found in Chapter: Installing the BFC gateway (Page 67).
The Siemens Third-Party Software Disclosure Document (BFC_readme_oss.html) for BFC is provided in the root directory of the software provided.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

27

Product information 3.3 BFC update

3.3

BFC update

3.3.1

BFC Gateway update (docker-based)

Preconditions

· Access data for your existing BFC installation · Root rights on the BFC Gateway host system · You can obtain the current BFC version from your regional Siemens contact person · An SSH client, for example PuTTY · An SFTP client, for example WinSCP

Upgrading BFC version from v1.7 to v1.10.1
1. Copy the new BFC version unzipped to the target system in a folder next to the existing installation.
2. Make the setup file setup.linux.x64 so that it can be run.
­ sudo chmod 744 setup.linux.x64
­ This means that the owner of the setup is allocated the right to run this.
3. Run the setup via the Command Line Interface (CLI) of PuTTY. To do this, run the following command with user and password of the existing BFC installation in the folder of the BFC version to be installed: sudo ./setup.linux.x64 -u myuser -p mypass
­ When compared to a first installation, perform the setup without parameter -deploy.
4. Compare file /docker/secret.env of the existing installation with file /docker/ secret.env of the BFC version to be installed.
­ Lines or content are available in the new secrets.env file, which are not available in the existing secrets.env file.
5. Expand the existing secrets.env file to include these lines/content. Carefully ensure that you do not replace any existing “Password” or “User name” in the existing secrets.env file.
­ Expand line 3 to include the following: ‘http://entry:9876/doghouse.crl’
­ Insert the following in line 4: BFC_CA_NAME=’BFC CA <Custom Date>
­ Insert the following in line 5: BFC_CERT_HOST_FOLDER_PATH=’/etc/ssl/ certs/ca-certificates.crt
­ Expand line 17 to include the following: ‘entry’
6. Before the update, copy the modified file into the docker directory of the new version. Replace the secrets.env file saved there.
7. Delete the stacks before you execute the setup using parameter deploy.

BFC Gateway

28

Function Manual, 11/2022, A5E49457327B AF

Product information 3.3 BFC update
8. List the existing docker stacks using the following command: sudo docker stack ls
9. Delete the listed stacks using the following command: sudo docker stack rm stack1 stack2 … stackN
10.To do this, run the following command with user and password of the existing BFC installation in the folder of the BFC version to be installed: sudo ./setup.linux.x64 -deploy -u myuser -p mypass
11.For ALL configured clients, middleware and gateways, update the version numbers of the docker image. You can now read off the new version numbers using tile “System State”.
Note It is possible that certain IotServer services do not start as a result of queues that have not been activated. You can check the log file of a service using the following command: sudo docker service logs <service_name> You can activate the queue using the following command: rabbitmqctl enable_feature_flags all
Upgrading BFC version from v1.8 to v1.10.1 1. Copy the new BFC version unzipped to the target system in a folder next to the existing installation. 2. Make the setup file setup.linux.x64 so that it can be run. ­ sudo chmod 744 setup.linux.x64 ­ This means that the owner of the setup is allocated the right to run this. 3. Run the setup via the Command Line Interface (CLI) of PuTTY. To do this, run the following command with user and password of the existing BFC installation in the folder of the BFC version to be installed: sudo ./setup.linux.x64 -u myuser -p mypass ­ When compared to a first installation, perform the setup without parameter -deploy. 4. Compare file /docker/secret.env of the existing installation with file /docker/ secret.env of the BFC version to be installed. ­ Lines or content are available in the new secrets.env file, which are not available in the existing secrets.env file. 5. Expand the existing secrets.env file to include these lines/content. Carefully ensure that you do not replace any existing “Password” or “User name” in the existing secrets.env file. ­ Expand line 3 to include the following: ‘http://entry:9876/doghouse.crl’ ­ Insert the following in line 5: BFC_CERT_HOST_FOLDER_PATH=’/etc/ssl/ certs/ca-certificates.crt ­ Expand line 17 to include the following: ‘entry’ 6. Before the update, copy the modified file into the docker directory of the new version. Replace the secrets.env file saved there.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

29

Product information 3.3 BFC update
7. Delete the stacks before you execute the setup using parameter deploy.
8. List the existing docker stacks using the following command: sudo docker stack ls
9. Delete the listed stacks using the following command: sudo docker stack rm stack1 stack2 … stackN
10.To do this, run the following command with user and password of the existing BFC installation in the folder of the BFC version to be installed: sudo ./setup.linux.x64 -deploy -u admin -p mypass
11.For ALL configured clients, middleware and gateways, update the version numbers of the docker image. You can now read off the new version numbers using tile “System State”.
Upgrading BFC version from v1.9 to v1.10.1 1. Copy the new BFC version unzipped to the target system in a folder next to the existing installation.
2. Make the setup file setup.linux.x64 so that it can be run.
­ sudo chmod 744 setup.linux.x64
­ This means that the owner of the setup is allocated the right to run this.
3. Run the setup via the Command Line Interface (CLI) of PuTTY. To do this, run the following command with user and password of the existing BFC installation in the folder of the BFC version to be installed: sudo ./setup.linux.x64 -u myuser -p mypass
­ When compared to a first installation, perform the setup without parameter -deploy.
4. Compare file /docker/secret.env of the existing installation with file /docker/ secret.env of the BFC version to be installed.
­ Lines or content are available in the new secrets.env file, which are not available in the existing secrets.env file.
5. Expand the existing secrets.env file to include these lines/content. Carefully ensure that you do not replace any existing “Password” or “User name” in the existing secrets.env file.
­ Insert the following in line 5: BFC_CERT_HOST_FOLDER_PATH=’/etc/ssl/ certs/ca-certificates.crt
6. Before the update, copy the modified file into the docker directory of the new version. Replace the secrets.env file saved there.
7. Delete the stacks before you execute the setup using parameter deploy.
8. List the existing docker stacks using the following command: sudo docker stack ls
9. Delete the listed stacks using the following command: sudo docker stack rm stack1 stack2 … stackN

BFC Gateway

30

Function Manual, 11/2022, A5E49457327B AF

Product information 3.3 BFC update
10.To do this, run the following command with user and password of the existing BFC installation in the folder of the BFC version to be installed: sudo ./setup.linux.x64 -deploy -u myuser -p mypass
11.For ALL configured clients, middleware and gateways, update the version numbers of the docker image. You can now read off the new version numbers using tile “System State”.
Upgrading BFC version from v1.10 to v1.10.1 / BFC version from v1.10.1 to v1.11 1. Copy the new BFC version unzipped to the target system in a folder next to the existing installation.
2. Make the setup file setup.linux.x64 so that it can be run.
­ sudo chmod 744 setup.linux.x64
­ This means that the owner of the setup is allocated the right to run this.
3. Run the setup via the Command Line Interface (CLI) of PuTTY. To do this, run the following command with user and password of the existing BFC installation in the folder of the BFC version to be installed: sudo ./setup.linux.x64 -u myuser -p mypass
­ When compared to a first installation, perform the setup without parameter -deploy.
4. Compare file /docker/secret.env of the existing installation with file /docker/ secret.env of the BFC version to be installed.
­ With the exception of “User name” and “Password”, the new secrets.env file is identical with the existing secrets.env file. Replace the new secrets.env file with the existing file.
5. Delete the stacks before you execute the setup using parameter deploy.
6. List the existing docker stacks using the following command: sudo docker stack ls
7. Delete the listed stacks using the following command: sudo docker stack rm stack1 stack2 … stackN
8. To do this, run the following command with user and password of the existing BFC installation in the folder of the BFC version to be installed: sudo ./setup.linux.x64 -deploy -u myuser -p mypass
9. For ALL configured clients, middleware and gateways, update the version numbers of the docker image. You can now read off the new version numbers using tile “System State”.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

31

Product information 3.3 BFC update
Installing BFC Analytics Version v1.0 on BFC Version v1.9 1. Copy the BFC Analytics version unzipped to the target system in a folder next to the existing installation. 2. Make setup file setup_bfc-analytics.sh so that it can be run. ­ sudo chmod 744 setup.linux.x64 ­ This means that the owner of the setup is allocated the right to run this. 3. Execute the following command with user name and password of the existing BFC installation in the folder of the BFC Analytics version to be installed: sudo ./setup.linux.x64 -user myuser -password mypass -deploy -host myIP When doing this, ensure that you use -user and -password (instead of -u and -p).

Upgrading BFC version v1.9 with BFC Analytics v1.0 on BFC Version v1.10.1 The following describes how the BFC Gateway can be upgraded from version v1.9 to version 1.10.1 without having to reinstall the BFC Analytics tool.
Requirement: · BFC version v1.9 is installed.
· BFC Analytics v1.0 is installed.
· BFC version v1.10.01 is to be installed without upgrading BFC Analytics.
­ The background to this is that by installing the latest BFC Analytics version, the existing version is overwritten, and therefore no longer functions.
Procedure: 1. Copy the new BFC version unzipped to the target system in a folder next to the existing
installation.
2. Make the setup file setup.linux.x64 so that it can be run.
­ sudo chmod 744 setup.linux.x64
­ This means that the owner of the setup is allocated the right to run this.
3. Run the setup via the Command Line Interface (CLI) of PuTTY. To do this, run the following command with user and password of the existing BFC installation in the folder of the BFC version to be installed: sudo ./setup.linux.x64 -u myuser -p mypass
­ When compared to a first installation, perform the setup without parameter -deploy.
4. Compare file /docker/secret.env of the existing installation with file /docker/ secret.env of the BFC version to be installed.
­ Lines or content are available in the new secrets.env file, which are not available in the existing secrets.env file.
5. Expand the existing secrets.env file to include these lines/content. Carefully ensure that you do not replace any existing “Password” or “User name” in the existing secrets.env file.
­ Insert the following in line 5: BFC_CERT_HOST_FOLDER_PATH=’/etc/ssl/ certs/ca-certificates.crt

BFC Gateway

32

Function Manual, 11/2022, A5E49457327B AF

Product information 3.3 BFC update
6. Before the update, copy the modified file into the docker directory of the new version. Replace the secrets.env file saved there.
7. Delete the stacks before you execute the setup.
8. List the existing docker stacks using the following command: sudo docker stack ls
9. Delete the listed stacks using the following command: sudo docker stack rm stack1 stack2 … stackN
10.To do this, run the following command with user name and password of the existing BFC installation in the folder of the BFC version to be installed: sudo ./setup.linux.x64 -deploy -u myuser -p mypass -excluded-apps bfc-analytics
­ When doing this, ensure that the BFC Analytics App is not also installed: -excludedapps bfc-analytics
11.For ALL configured clients, middleware and gateways, update the version numbers of the docker image. You can now read off the new version numbers using tile “System State”.

3.3.2

BFC Gateway update (Kubernetes-based)

Installing Kubernetes
Requirement · A Debian system is available. · A CentOS7 system is available. · The system has an Internet connection.
Procedure 1. Establish a connection to the system, e.g. using WinSCP/PuTTY. 2. Log in as user with root rights. 3. Enter the following command:
sudo visudo 4. Scroll to Defaults secure_path. Expand the path by /urs/local/bin:
Defaults secure_path = /sbin:/bin:/urs/sbin:/urs/bin:/usr/ local/bin 5. Enter the following command: export KUBECONFIG=kubeconfig.yaml ­ Map the KUBECONFIG environment variable to the path of the Kubernetes configuration
file.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

33

Product information 3.3 BFC update
6. Install Kubernetes. Enter the following command: sudo curl -sfL https://get.k3s.io | sh ­
7. Reboot the system. ­ After logging on again, using command sudo kubectl get nodes | grep 0/1 you can check that Kubernetes has been correctly installed.
Installing the BFC Gateway on Kubernetes
Requirement · Kubernetes is installed on the target system.
Procedure 1. Copy the BFC version from Pridanet unzipped to the target system. 2. Make the setup file setup.linux.x64 so that it can be run. 3. Run the setup using the following command:
./setup.linux.x64 -u <username> -p <password> -kubernetes=true -kubeconfig=/etc/rancher/k3s/k3s.yaml -deploy -namespace=bfc -k3s
Upgrading BFC version from v1.9 to v1.10.1 1. Copy the new BFC version unzipped to the target system in a folder next to the existing installation. 2. Make the setup file setup.linux.x64 so that it can be run. ­ sudo chmod 744 setup.linux.x64 ­ This means that the owner of the setup is allocated the right to run this. 3. Run the setup via the Command Line Interface (CLI) of PuTTY. To do this, run the following command with user name and password of the existing BFC installation in the folder of the BFC version to be installed: ./setup.linux.x64 -u <username> -p <password> -kubernetes=true -kubeconfig=/etc/rancher/k3s/k3s.yaml -namespace=bfc -k3s ­ Carefully ensure that setup is NOT executed with -deploy. ­ By executing this command, files secret.env and configs.env are also created. ­ From version 1.9 to version 1.10.01, the installation structure changes. ­ In version 1.9, all files that are created are saved to the following directory: / kubernetes/builds/1.9/… ­ In version 1.10.01, all files that are created are saved to the following directory: / kubernetes/config/… 4. Compare file /kubernetes/builds/1.9/configs/secret.env of the existing installation with file /kubernetes/config/configs/secret.env of the BFC version to be installed. ­ A line is available in the new secrets.env file which is not available in the existing secrets.env file.

BFC Gateway

34

Function Manual, 11/2022, A5E49457327B AF

3.3.3

Product information 3.3 BFC update
5. Expand the existing secrets.env file to include this line. Carefully ensure that you do not replace any existing “Password” or “User name” in the existing secrets.env file.
­ Insert the following in line 5: BFC_CERT_HOST_FOLDER_PATH=’/etc/ssl/ certs/ca-certificates.crt
6. Before the update, copy the modified file into the Kubernetes directory kubernetes/ config/configs/ of the new version. Replace the secrets.env file saved there.
7. Compare file /kubernetes/builds/1.9/thirdparty/broker/config/ definitions.json of the existing installation with file /kubernetes/config/ broker/definitions.json of the BFC version to be installed.
­ Copy the passwords of the existing definitions.json into the new definitions.json file.
­ Lines 6, 11, 16, 25, 26, 31, 89 and 112 are involved.
­ Save the modified, new definitions.json in directory kubernetes/config/ broker/definitions.json.
8. Compare file /kubernetes/builds/1.9/infrastructure/configui/config/ settings.json of the existing installation with file /kubernetes/config/configui/ settings.json of the BFC version to be installed.
­ Copy the passwords of the existing definitions.json into the new definitions.json file.
­ Lines 37, 39, 50, 55 and 60 are involved.
­ Save the modified, new definitions.json in directory kubernetes/config/ broker/definitions.json.
9. Compare file /kubernetes/builds/1.9/infrastructure/configui/users/ users.json of the existing installation with file /kubernetes/config/users/ users.json of the BFC version to be installed.
­ The file comprises only one line.
­ Copy the ID of “passwordHash” from the existing users.json into the new users.json file.
­ Save the modified, new users.json in directory kubernetes/config/users/ users.json.
10.Run the setup using the following command: sudo ./setup.linux.x64 -u admin -p admin -kubernetes=true -k3s -kubeconfig=/etc/rancher/k3s/k3s.yaml -namespace=bfc -deploy
BFC client update
You can perform the update of a BFC client on machines that are already connected.
The configuration of the BFC client is not changed by the update.
This procedure is identical for all SINUMERIK control variants (HMI-Advanced / Operate). You do not need to distinguish between different control system types.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

35

Product information 3.4 Contacting the hotline

Procedure

1. Open the “Commissioning” area, which displays the current version of the BFC client of the affected machine.

2. Click the button to transfer a corresponding ZIP file (BFC-Client-xx.xx.xx.zip) with the new version to the machine. The ZIP file can be obtained through PridaNet. It is also part of the software delivery of BFC Gateway.
3. After transferring the ZIP file to the machine, you can see which version of the BFC client is currently installed on the machine in the “System State > Clients” area. The new version is displayed in the “Description” column. Restart the machine to activate the new BFC client version on the machine. You can thus decouple the activation of a version transferred to the machine from the transfer in terms of time.
Note In the same way, it is possible to downgrade a machine to an older BFC client version.

3.4

Contacting the hotline

Use the service request on the Internet page “Industry Online Support” to contact the hotline.

Note Maintenance contract
Please note that to obtain support through the hotline, it is necessary to conclude a maintenance contract (Connectivity Maintenance BF, article number: 9MC1110-1PR00-0AA5).

Requirement

You must register/log in to be able to use the “Industry Online Support” website.

BFC Gateway

36

Function Manual, 11/2022, A5E49457327B AF

Product information 3.4 Contacting the hotline
Creating a service request 1. Open this Link (https://support.industry.siemens.com/cs/ww/en/) to open the “Industry Online Support” website. 2. “Industry Online Support” landing page opens. Click on “mySupport”.

3. Window “mySupport Links and Tools” opens. Select “Support Request”

4. Input window “Support Request” opens. Click on “New request”.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

37

Product information 3.4 Contacting the hotline
5. The “Create support request” input window opens. ­ Perform a product search using the term “BFC Brownfield Connectivity – Gateway”. ­ Select the product. ­ Click on “search”.
6. A new page opens. Formulate your request to the hotline on the following pages. Always specify the BFC client and BFC Gateway version. The hotline will then immediately process your request and contact you.

BFC Gateway

38

Function Manual, 11/2022, A5E49457327B AF

Requirement

4

4.1

Specialist know-how

Specialist know-how is required in the following areas in order that installation and configuration can be professionally performed:

· Windows, Linux, Linux console

· Docker

· Kubernetes

· WinSCP, PuTTY

· http, https, TLS, SSH

· Handling certificates

· SINUMERIK 840D/828D/ONE: Using the service mode

· SINUMERIK 840D/828D/ONE: Creating commissioning archives

· SINUMERIK 840D/828D/ONE: Creating system backups

· MindSphere

· MindSphere API and Fleet Manager

· MindSphere application “SINUMERIK Service Assistance”

4.2

General conditions
The following constraints apply when using the BFC Gateway:
· Ensure that all of the devices, machines, PCs and higher-level customer and/or cloud systems involved are networked and ready for operation. Network requirements: At least 100 Mbit/s full-duplex
· Provide a specification for all of the device addresses to be read for all of the required data and operating states as follows:
­ All of the required variables have been defined and documented.
­ If you need support with defining the necessary variables, you can order the Application Consulting BF (article number: 9MC1110-1PR00-0AA7).
· We strongly recommend before installing the software that a malware and/or virus check is carefully performed for every device to be networked.
· Note that the system time of all of the devices involved must be synchronized. Synchronization can be performed by connecting to an NTP time server or by manually entering and updating, for example.
· Provide a PC with the appropriate performance with a released Linux distribution to install the BFC Gateway. When selecting the PC, take into account the installation requirements. If necessary, the extensions must be scaled using additional hardware.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

39

Requirement
4.3 System requirements
· The target system must have an Internet connection while installing and commissioning the BFC Gateway.
· For the duration of the warranty time we recommend a remote and SSH access to the gateway PC for maintenance and servicing. Carefully ensure that the machines can access ports 1883 and 8883 at the gateway PC. If you require maintenance and care by Siemens experts after the warranty period or are unable or unwilling to provide remote access, cRSP (Common Remote Service Platform) can enable secure access to the BFC gateway. You can find out about the various remote services (https://support.industry.siemens.com/cs/sc/2281/remote-services-for-processautomation?lc=de-DE). The implementation process is described in the cRSP Remote Collaboration Regulations. You can also contact the DI CS SD Remote Collaboration Team about this. You will find more detailed information in the Siemens Industry Online Support (SIOS).
· At the time of commissioning, provide the appropriate access authorizations to install the BFC client on machines equipped with SINUMERIK 840D/840D sl/828D. Access authorizations include, for example, protection levels, logins and passwords. When required, obtain this information from the machine OEMs.
· Because of the growing use of resources (hard disk space), you should integrate the lowerlevel hardware or virtual machine of the BFC into the customer’s IT monitoring.

4.3

System requirements

4.3.1

BFC gateway
Install the software on an appropriate computer with a Linux operating system with the appropriate processing performance.
Note Kubernetes cluster You will find the system requirements for operating BFC in a Kubernetes cluster in Installing BFC Gateway in a Kubernetes cluster (Page 71).
To prevent data loss in the event of a power failure, we recommend the use of an uninterruptible power supply (UPS). Perform a data backup on a regular basis.
Note Reinstallation If the TCP/IP address of the computer on which the BFC Gateway is installed changes, then the BFC Gateway must be reinstalled. This is especially the case if the BFC Gateway was installed in a virtual machine, and this virtual machine is copied or shifted.

BFC Gateway

40

Function Manual, 11/2022, A5E49457327B AF

Requirement 4.3 System requirements
Note Installation in a virtual machine Contact the hotline if you wish to install the software in a virtual machine.
Note Hard disk memory Only use the SSD hard disk memory for installation and operation.

Minimum system requirements
The following minimum system requirements (valid for up to 10 devices to be connected) are applicable for the BFC Gateway.

Parameters CPU kernels CPU threads CPU basis frequency RAM Free hard disk space (SSD) Free network interfaces

Value 4 4 1.9 GHz 8 GB 480 GB 2 (1 Gbit/s)

Supplementary system requirements ­ high-frequency data acquisition
The BFC function “High-frequency data acquisition” allows you to acquire data with a high clock rate from a SINUMERIK control. You will find further information on this in: Configuring highfrequency data acquisition (Page 340).
When high-frequency data acquisition is activated, additional system resources are required on the BFC Gateway. The following additional resources are required depending on the configured number of variables for the high-frequency data acquisition.

Parameters CPU performance RAM Network speed Hard disk speed Memory required per hour

10 variables

20 variables

400 MHz

600 MHz

50 MB

50 MB

Can be neglected for the Gigabit communication link that is required

Can be neglected for the SSD that is required

1 GB

2 GB

Note
The overall CPU performance is obtained from: Number of kernels x CPU basis frequency

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

41

Requirement 4.3 System requirements
Example: If you have activated high-frequency data acquisition for five machines (for 10 variables), then the following additional resources are required: · CPU performance: 5 x 400 MHz = 2 GHz · RAM: 5 x 50 MB = 250 MB · 5 GB HD space per hour = 120 GB per day This means that the CPU must provide 2 GHz more overall CPU performance.

Selecting an industrial PC
The following tables list as example a selection of industrial PCs as target platform for installing the gateway.

Devices* Up to 10 Up to 30 Up to 60 Up to 60

SIMATIC IPC 427E (box PC) 427E (box PC) 627E (box PC) 647E (rack PC, 19″, 2HE)

Processor Intel® Core i5-6442EQ Intel® Xeon E3-1505L Intel® Core i7-8700 Intel® Xeon E-2176G

RAM 8 GB 8 GB 32 GB 32 GB

SSD 480 GB 480 GB 960 GB 960 GB

Article number 6AG4141-5BB00-0GA0 6AG4141-7AB00-0GA0 6AG4131-3GD30-8AA0 6AG4112-3KR03-0XX0

* The CPU performance depends on the configured client as well as the configured gateway(s). If necessary, using the same systems, the required CPU performance must be provided through scaling.

The following CPU architectures are supported:

· AMDx64

The following non-commercial Linux distributions are supported:

· Debian 10

· Debian 9

· CentOS 7

The following chapters provide information regarding the system requirements of the components that are used.

The hotline is available if you have questions or require more information.

Supported web browsers The following web browsers are supported for configuring the BFC Gateway: · Mozilla Firefox Version 91 or higher · Google Chrome Version 100 or higher Microsoft Internet Explorer and Edge are not supported.

BFC Gateway

42

Function Manual, 11/2022, A5E49457327B AF

Requirement 4.3 System requirements
Network for internal communication Within the BFC Gateway a network for internal communication is configured on the basis of Docker. As a minimum, the Docker version should support docker-compose file format version 3.3 and use a docker engine from version 20.10.8 and higher. The network mask 172.18.0.0/16 is the default mask for this internal network. Please note the following: · Avoid any collisions on the BFC Gateway between the network masks of the Docker network within BFC and the configured communication networks in the customer network. · If the Docker network collides with another network configured on the BFC Gateway host system, you must reconfigure the Docker network.
Note You will find more information in the Docker Online Help (https://docs.docker.com/engine/ tutorials/networkingcontainers/). To operate BFC in swarm mode with several physical or virtual nodes, you must configure the Docker environment according to the following instructions: · Creating a Docker swarm (https://docs.docker.com/engine/swarm/swarm-tutorial/create-
swarm/) · Adding nodes (https://docs.docker.com/engine/swarm/swarm-tutorial/add-nodes/) · Scaling a service (https://docs.docker.com/engine/swarm/swarm-tutorial/scale-service/)

Overview of system limits (quantity framework) BFC Gateway supports up to 60 connected clients (BFC devices) by default. Up to 50 data points are supported per BFC device, divided into “datasets”. The shortest interval for reading datasets is 200 ms.

Empirical values for tests
The following empirical values were determined when performing tests with the hardware example listed above (IPC427E with Intel® Core i5-6442EQ):

Client / gateway BFC client BFC driver (all) MindSphere gateway AMP gateway OPC UA server

Transmission rate [data points/seconds] 250 250 500 40 250 per client

All MindSphere and AMP gateways back up data for ~90 days up to a limit of ~5 GB or ~150,000,000 data points. The computer hard disk must have the appropriate size.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

43

Requirement 4.3 System requirements

4.3.2

BFC apps
The BFC Gateway enables the installation of applications. Currently, the following applications are available for installation:

Application bfc-analytics

Description
BFC Analytics offers a solution to visualize data and machine tool-related KPIs that give insights about production and machine conditions.

For more information on additional system requirements, refer to the documentation of the respective application. Any system requirements of applications must be added to the basic system requirements.

4.3.3 4.3.3.1

BFC client
The BFC client for SINUMERIK is the only client that is directly installed on the SINUMERIK machine control system.
· Before starting installation, ensure that the machine in your network can access the BFC gateway.
· For each machine, check the values to be read from the machine.
Additional information on the operating software is provided in:
· SINUMERIK Operate Commissioning Manual (https:// support.industry.siemens.com/cs/ww/en/view/109769186)
· Equipment Manual for SINUMERIK 828D PPU and components (https:// support.industry.siemens.com/cs/ww/en/view/109763414)
· Commissioning Manual SINUMERIK 840Di sl / 840D sl / 840D, Base Software and HMIAdvanced (https://support.industry.siemens.com/cs/ww/en/view/109310641)

Hardware and operating software
The following tables provide an overview of the hardware and operating software required for SINUMERIK control systems.

SINUMERIK 840D – HMI-Advanced

BFC client 02.15.00.00

Operating software 6.1 6.2 6.3 6.4 7.1 7.2 7.3 7.5 7.6

Hardware PCU 50.1 PCU 50.2 PCU 50.3 PCU 50.5

Operating system Windows NT Windows XP

BFC Gateway

44

Function Manual, 11/2022, A5E49457327B AF

Requirement 4.3 System requirements

SINUMERIK 840D – HMI-Advanced for retrofit

BFC client 02.15.00.00

Operating software 6.5 for retrofit 7.7 for retrofit

Hardware IPC427D

SINUMERIK 840D – MMC103*

BFC client

Operating software Hardware

Operating system Windows 10
Operating system

02.15.00.00

5.3

MMC103

Windows 95

* No general release for MMC103 / Windows 95 Contact your regional Siemens sales partner for additional information or project-specific solutions.

SINUMERIK 840D – SINUMERIK Operate (PCU/TCU)*

BFC client 02.15.00.00

Operating software 2.6 2.7 4.5 4.7 4.8 4.9

Hardware PCU 50.3 PCU 50.5

Operating system Windows XP Windows 7 Windows 10

* No general release for operation on an IPC
Contact your regional Siemens sales partner for additional information, other versions of the operating software or project-specific solutions.

SINUMERIK 840D – SINUMERIK Operate (NCU/TCU)

BFC client 02.15.00.00

Operating software 2.6 2.7 4.5 4.7 4.8 4.9

Hardware NCU7x0.2 NCU7x0.3

Operating system Linux

Contact your regional Siemens sales partner for additional information, other versions of the operating software or project-specific solutions.

SINUMERIK 828D – SINUMERIK Operate (PPU)

BFC client 02.15.00.00

Operating software 4.5 4.7 4.8

Hardware PPU2xx3 PPU2xx4

Operating system Linux

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

45

Requirement 4.3 System requirements

1:n connections Using the BFC client on control systems equipped with several NCUs has not been released.
Contact your regional Siemens sales partner for additional information or project-specific solutions.

SINUMERIK ONE – SINUMERIK Operate (NCU/TCU)

BFC client 02.15.00.00

Operating software 6.13 6.20

Hardware NCU1760

Operating system Linux

DMG CELOS

BFC client 02.15.00.00

Operating software 4.9 preliminary CELOS V06.34.22.1759

Hardware IPC627D

Operating system Windows 7 Windows 10

Note You must reinstall the BFC client for each CELOS update.

4.3.3.2

Network
The system topology with the ports used is shown in the following figure.
Activate the following ports in the network. Before you do this, talk with the IT person responsible for the network.

BFC Gateway

46

Function Manual, 11/2022, A5E49457327B AF

Requirement 4.3 System requirements

Port 22
1883 4840
8883 9877

Open BFC gateway ports for incoming communication

Type TCP
TCP TCP

Protocol SSH
MQTT OPC UA

Usage
Commissioning/ updates Commissioning Data forwarding

Coded Yes
No Yes

TCP MQTT Data acquisition

Yes

TCP HTTPS Configuration &

Yes

HTTP REST Client &

WebDAV

Description SSH access for commissioning and system updates
Standard MQTT port for the commissioning of BFC clients Standard OPC UA server port. Is used to present collected data. Standard MQTTS port for data acquisition from BFC clients HTTPS WebUI to configure the BFC Gateway and file func- tions via WebDAV

Note Ports during operation In operation, the BFC Gateway does not automatically open additional ports.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

47

Requirement 4.3 System requirements

Outgoing communication to the office network

Port Type Protocol Usage

443

TCP HTTP

Data forwarding

1883 TCP MQTT Data forwarding

3306 TCP MYSQL Data forwarding

3560 TCP HTTP

Data forwarding

8086 TCP HTTP/S Data forwarding

8883 TCP MQTT Data forwarding

9200 TCP HTTP

Data forwarding

Coded Yes No Yes/No No Yes/No Yes No

Description
Standard HTTPS port used to send data to upstream sys- tems (e.g. MindSphere)
Standard MQTT port for sending data to a customer MQTT broker
Standard MySQL server port for sending data to a custom- er MySQL database
HTTP interface of the Analyze MyPerformance (AMP) serv- er
Standard InfluxDB HTTP service port to send data to a cus- tomer Influx database
Standard MQTTS port for sending data to a customer MQTT broker via an encrypted connection
Standard Elasticsearch HTTP service port to send data to a customer Elasticsearch database

Outgoing communication to the production network

Port Type Protocol Usage

80

TCP HTTP

Data acquisition

102

TCP S7 comm Data acquisition

443

TCP HTTPS Data acquisition

500

TCP TwinCAT Data acquisition

502

TCP Modbus Data acquisition

801

TCP

811

TCP

821

TCP

831

TCP

4840 TCP

8192 TCP

19000 TCP

TwinCAT TwinCAT TwinCAT TwinCAT OPC UA FOCAS LSV2

Data acquisition Data acquisition Data acquisition Data acquisition Data acquisition Data acquisition Data acquisition

44818 TCP

Ethernet Industri- al Proto- col

Data acquisition

Coded No
No Yes No No
No No No No Yes/No No No
No

Description
Standard HTTP port for connection to MTConnect agents or HTTP-REST client Standard port ISO over TCP to SIMATIC control systems Standard HTTPS port for connection to MTConnect agents Standard Beckhoff port for NC data Standard Modbus port for connection to Modbus TCP de- vices Standard Beckhoff port for PLC runtime system 1 Standard Beckhoff port for PLC runtime system 2 Standard Beckhoff port for PLC runtime system 3 Standard Beckhoff port for PLC runtime system 4 Standard OPC UA port for connection to OPC UA devices Standard FOCAS port for connection to FANUC controllers Standard LSV2 communication port for connection to Hei- denhain controls Standard EIP communication port

BFC Gateway

48

Function Manual, 11/2022, A5E49457327B AF

4.3.4

Requirement 4.3 System requirements

FANUC client
The BFC driver for machines with FANUC control supports reading and writing data, retrieving alarms, and transferring programs via the FOCAS interface.

Interface FOCAS1 FOCAS2

FANUC models* 0i-B/C, 15i, 16i, 18i, 21i, Mate i-D, Mate i-H 0i-D/F, 30i/31i/32i-A, 30i/31i/32i/35i-B, Motion i-A

* Additional models that support FOCAS1 or FOCAS2 can possibly be released on a project-for-project basis. Contact your regional Siemens sales partner regarding verification.

The following diagram provides an overview of the data and information that can be used.

* Not available for control systems that only support the FOCAS1 interface

Requirement

· Test the connection to the FANUC control system using the “Fanuc Focas Tester” tool. More information relating to testing the connection is provided in Chapter: Check connection to FANUC control system (Page 540).
· Before starting installation, ensure that the FOCAS interface of the machine is accessible in the customer network.
· You require the following to read out data from a FANUC control system via the FOCAS interface:
­ Option “Extended driver/library function” for using the FOCAS interface must be activated
­ Ethernet connection that is ready to operate to the FANUC control system

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

49

Requirement 4.3 System requirements
Note Older FANUC control systems FANUC control systems, which only support the FOCAS1 interface, can only access a restricted functional scope in the interface. · If you have any questions, contact your regional Siemens sales partner.
Note New parameters The application is only delivered with standard parameters. Before you parameterize new parameters that are to be read out, we urgently recommend that you first have these parameters checked by a Siemens AG Application Center.
More information about possible NC/PMC parameters is available in the Internet: · The “FANUC Connection Manual Function” Manual; e.g. 30i/31i/32i/35i-B, document
B-64483EN-1
Note API calls of the FOCAS interface You can find information about the possible API calls of the FOCAS interface in the Appendix (Page 543).
The following must be observed when transferring programs: · Controls that only use the FOCAS1 interface are not supported. · On the FANUC side, depending on the control type there is a limit to the maximum size of the
programs that can be transferred. · All FANUC programs must have a certain format and contain, for example, the file name or
the program number. If this format is not given, the BFC Gateway tries to emulate it so that the transferred target program is larger than the source program. · The program file name and the name within the program data must match. · If a FANUC program on the machine is in editing mode or is currently active, it cannot be changed with the BFC Gateway. · The file size of all files is specified as 0 bytes in the BFC Gateway.

BFC Gateway

50

Function Manual, 11/2022, A5E49457327B AF

4.3.5

Requirement 4.3 System requirements
· The access rights to individual paths or files can be defined when configuring the FANUC client.
· The following file operations are possible: ­ Read programs ­ Write programs ­ Delete programs ­ Overwrite existing programs ­ Create directories ­ Delete directories
More information can be found in Chapter: File transfer (Page 465).
MTConnect client
For each MTConnect agent, from which data should be read, a BFC driver must be created for one MTConnect instance. The BFC driver for MTConnect can only read access the MTConnect IDs of the agent. This is a property of the MTConnect specification. The general hierarchy of variables for MTConnect is structured as follows:

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

51

Requirement 4.3 System requirements

Requirement

· Before starting the project, you require complete information relating to the following points:
­ Data regarding the versions of all MTConnect agents available locally
­ Output of the probe response/call of the locally available MTConnect Agents http://<MTConnect-Agent-IP>/probe
­ Specification of the MTConnect agent available locally The scope and format of possible control data depend on the manufacturer of the MTConnect agent and the software version of the agent.
­ Specifying the data to be read out of third-party control systems
· Before starting the installation, carefully ensure that the MTConnect interface of the machine can be accessed in the customer network.
· For each machine, determine the data made available from MTConnect agent. To do this, from a PC in the customer network, via a web browser, call the following URL once:
­ http://<MTConnect-Agent-IP>/probe
­ http://<MTConnect-Agent-IP>/current
Save the displayed result (XML) for diagnostics.
· When updating the MTConnect agent, note that the format or data made available can change.
· The function has been tested against MTConnect protocol versions 1.2 up to and including 1.8 and supports MTConnect schema version up to 1.7.0. Protocol version 1.1 is not supported.

4.3.6

Modbus client
For each device connected via Modbus TCP, you must set up an instance of the BFC driver for Modbus as a client.

Requirement

· Before starting the installation, carefully ensure that the Modbus device can be accessed in the customer network.
· For each device, check the data to be read from the device.

Specifications that are used The Modbus client uses the following specifications: · Connection to precisely one Modbus device · Connection via TCP/IP · Read and write access

BFC Gateway

52

Function Manual, 11/2022, A5E49457327B AF

· The following data types are supported: ­ Boolean ­ Integer ­ Float
· The following Modbus functions are supported: ­ (0x01) Read Coils ­ (0x02) Read Discrete Inputs ­ (0x03) Read Holding Registers ­ (0x04) Read Input Registers ­ (0x05) Write Single Coil ­ (0x06) Write Single Holding Register ­ (0x16) Write Multiple Holding Registers

Requirement 4.3 System requirements

4.3.7

OPC UA client

Requirement

· Before starting the installation, carefully ensure that the OPC UA server of the device can be accessed in the customer network.
· For each device, check the data to be read from the device.

Specifications that are used The OPC UA client uses the following specifications: · Connection to precisely one OPC UA server · Binary OPC UA transfer protocol · The XML-based transfer protocol is not supported. · The connection to the OPC UA server is either encrypted or unencrypted. · Supports the login mechanisms “Anonymous”, “User name/password” and “Certificate”. · Read-only access to OPC UA nodes of the server · The following data types are supported: ­ String ­ Float ­ Integer ­ Boolean · Only alarms with OPC UA data types “AlarmConditionType” and “CncAlarmType” are supported.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

53

Requirement 4.3 System requirements

4.3.8

S7 client
The S7 client enables the connection of the SIMATIC PLC S7 to the BFC gateway.

Requirement

· The network connection is exclusively established via PROFINET or TCP/IP networks. For the network connection via PROFINET the PLC requires the following equipment:
­ Integrated PROFINET interface Examples: SIMATIC S7-300 CPU 315-2 PN/DP or SIMATIC S7-1200 SIMATIC S7-1500
– OR –
­ Additional PROFINET communications processor Examples: SIMATIC CP 243/343/443
· The network addressing is done via TCP/IPv4 and uses the RFC1006 protocol.
­ The PLC must be enabled for network access.
­ Activation takes place in the configuration of the SIMATIC STEP 7 project or in the TIA Portal.
· For secure operation, you need a secure network infrastructure, since the RFC1006 protocol does not implement encrypted or signed communication. An access password set in the PLC configuration for network communication may be compromised by recording the network communication.

BFC Gateway

54

Function Manual, 11/2022, A5E49457327B AF

Addressing

Requirement
4.3 System requirements
· Address the CPUs of the SIMATIC controls as follows:
­ The set IP address
­ The TSAP address The TSAP addressing is used for addressing on the backplane/backplane bus of the SIMATIC PLC and is still used compatibly in the newer PLC series with integrated PROFINET.
­ Rack and slot position These parameters are internally converted into a TSAP address.
When addressing the PLC, you can set further optional parameters such as timeouts. However, these parameters are usually not required or their default values are sufficient in a LAN.
· Communication takes place with PDU with a pre-defined structure. The access of the S7 client takes place via a multi-variable access, which allows addressing of a maximum of 20 elements in the SIMATIC in a single access operation. This type of access leads to minimum latency and maximum performance. The maximum size of the data to be read out is limited by the fixed structure. If scalar variables such as bit, byte, word or DWord are addressed exclusively, the user data are not a limiting factor when reading. Only by addressing byte arrays, character arrays and S7 strings, can the maximum PDU user data volume be exceeded when reading. For write jobs, the addressing and the net data (user data) are transferred to a shared PDU. As a consequence, the quantity of net data for a write job is limited. With a PDU size of 240 bytes for example (e.g. S7 300, S7 1200), a maximum of 12 values can be processed in one single write job. Details are provided in the appendix to this document. If necessary, write operations must therefore be subdivided into several substeps. You can check the PDU sizes used in the trace outputs of the S7 client. There you may also check how long the communication job was processed by the PLC.
· The addressing in the data blocks does not support symbolic addressing, but is done with byte offset addresses. For this reason, “optimized data blocks” of the SIMATIC S7-1200 and SIMATIC S7-1500 series cannot be read out.

Manual optimization of data addressing
The setup of the PDU structure means that 2 bytes are always occupied in the PDU structure, even for individual bits and bytes. If you want to read several bits of a byte or word, do not address individual bits. Address the whole word or byte and separate them in the target application or on the script level of the BFC gateway.
Examples:
· DB1.DBX0.0, DB1.DBX0.1, … DB1.DBX0.7 Addresses the same data as DB1.DBB0, but occupies eight times the amount in the PDU. Processing in the PLC takes longer.
· DB1.DBX0.0, DB1.DBX0.1, …, DB1.DBX1.7 Reads the same data as DB1.DBW0, but occupies sixteen times the amount in the PDU. Processing in the PLC takes longer.
To optimize the required accesses to the PLC, you may also read out several bytes as array.
Example: “E0:BYTE[8]” reads eight input bytes during one single read access.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

55

Requirement 4.3 System requirements
For addressing larger data structures in data blocks that would exceed the usable data volume of a PDU, a reading set with a single address can be read out. In this special case, the S7 client automatically detects if the data must be read out in several steps. Example: DB1.DBB0:BYTE[256] is automatically read from the PLC by the S7 client with two separate calls when the PDU size is 240 bytes.

Performance influence on PLC cycle time
You can configure the maximum portion of the communication time of the PLC cycle in the SIMATIC STEP 7 project. An extended PLC cycle time can be observed due to the communication. If a communication job is not completed within the maximum cycle time, it is continued in the next PLC cycle.

Data consistency over several PLC cycles
Read access
The PLC communication used does not guarantee data consistency of the read values. The values that are read can originate from different PLC cycles and I/O images, since the communication does not influence the logic of the PLC user program.
Write access
It is not guaranteed that all data to be written within a PLC cycle is accepted or that the addresses at the start of the write job are written into the PLC memory before addresses at the end of the write job. If the PLC user program write accesses the same memory during a write operation, it is not guaranteed which data actually apply at the end. A coordination mechanism must be implemented for shared (common) memory areas in the PLC.

Diagnostics

After establishing the connection, diagnostic data is read out from the PLC and logged as log messages. Depending on the PLC type, only parts of the data are provided: · Negotiated PDU size · Information on the current access protection · Information on the PLC, such as the MLFB no. Hardware version, serial number · Information on the CP such as the maximum number of connections, the bandwidth of the
connection, and the backplane bus · Output of the PLC time · Listing of the data blocks in the PLC

4.3.9
56

Heidenhain client
The BFC driver for machines equipped with a Heidenhain control system supports reading and writing data, retrieving alarms and transferring programs via the Ethernet. The driver supports the connection just one Heidenhain machine, but can be started several times.
BFC Gateway Function Manual, 11/2022, A5E49457327B AF

Requirement 4.3 System requirements
The following Heidenhain machines are supported: · Heidenhain TNC 320, TNC 360, TNC 426, TNC 430, iTNC 530, TNC 620, TNC 640 · DataPilot CP 620, DataPilot CP 640, DataPilot MP 620, DataPilot 4110, DataPilot 4290 among
others. All Heidenhain functions were tested against NC software version 340494-07 on an iTNC530. Deviations may occur with newer software versions or other control models. Not all machines offer the same scope of functions. If another client is already connected to the Heidenhain control system, functions that are connected with memory accesses may fail. This is because with the Heidenhain control system, access to this area is exclusive.

Preconditions

· Before starting the installation, make sure that the Heidenhain machine in the customer network is operational and can be accessed.
· To read out data from the Heidenhain control system, you may have to activate external access as follows:
­ In the machine or MOD operating mode, press the “External Access On/Off” softkey.
­ If the “External Access On/Off” softkey is not available, the entry “REMOTE.LOCKSOFTKEYVISIBLE = YES” must be available in the OEM.SYS configuration file. The entry must not be commented out by a semicolon.
­ A password may be set in the OEM.SYS configuration file, which is required for data access (parameters PLCPASSWORT, REMOTE.PLCPASSWORTFORCED and REMOTE.PLCPASSWORTNEEDED).
­ In the OEM.SYS configuration file, access to machine parameters can also be protected by a password (MPPASSWORD parameter).
­ With newer NC software versions from 340 49X-03 or higher, you can prohibit access by certain clients. To do this, the entry “REMOTE.PERMISSION” must be present in the TNC.SYS. This entry contains a list of IP addresses or host names of clients for which remote access is permitted. Add the IP address or the host name of the BFC as shown in the following example. Example: REMOTE.PERMISSION = PC123;192.168.0.92
­ A password may be set in TNC.SYS that is required for access to certain areas (parameters REMOTE.TNCPASSWORD and REMOTE.TNCPRIVATEPATH).
­ An SE Linux firewall is integrated in NC software versions 60642x and higher. In addition to OEM.SYS and TNC.SYS, the Linux firewall is another way to restrict access to the machine.
­ Access to some data areas is exclusive. If another application already has access to it and does not relinquish it (no logout from the area), no other applications can access the area.
­ As of software versions 34049X-03, the machine manufacturer has the possibility to restrict access to areas or variables. The machine manufacturer can block access in his PLC basic program. Without the machine manufacturer, you then have no possibility of reading data.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

57

Requirement 4.3 System requirements

Specifications

The Heidenhain client uses the following specifications: · Presently, reading and writing data is not supported. · The following data types are supported:
­ Boolean ­ Integer ­ Float ­ String ­ Word ­ DWord

Note Within the BFC Gateway, Word and DWord values are treated as integer values.

The following must be observed when transferring programs: · Access rights to individual paths or files can be defined when configuring the Heidenhain
client. · It is not possible to transfer files larger than 10 MB. · Heidenhain machines respond differently depending on the data type transferred. It cannot
be ensured that all data types can be transferred. · If a Heidenhain program on the machine is in the edit mode or is currently active, it cannot
be changed via the BFC Gateway. · The machine manufacturer has the option of inhibiting file operations. · Files and directories can be protected on the Heidenhain machine side. In cases such as these,
overwriting is not possible. · The following file operations are possible:
­ Read programs ­ Write programs ­ Delete programs ­ Rename programs ­ Overwrite existing programs ­ Create directories ­ Delete empty directories · It is not possible to rename directories. · Directories that contain files or subdirectories cannot be deleted. More information can be found in Chapter: File transfer (Page 465).

BFC Gateway

58

Function Manual, 11/2022, A5E49457327B AF

4.3.10

Requirement 4.3 System requirements
Beckhoff client
The BFC driver for machines with Beckhoff controls supports reading and writing of data via Ethernet. A connection to a Beckhoff machine can only be established by the driver. However, the driver can be started multiple times and access multiple machines in parallel instances. All Beckhoff models with TwinCAT 2 or TwinCAT 3 are supported.
Note Writing and reading of NC programs is not supported. Reading of alarms is not supported, but can be implemented project-specifically if necessary. Not all control systems offer the same range of features.

Data types

The following Beckhoff data types are supported: · BOOL · BYTE · WORD · DWORD · LWORD · SINT · USINT · INT · UINT · DINT · UDINT · LINT · ULINT · REAL · LREAL · STRING · WSTRING · TIME · TIME_OF_DAY · DATE · DATE_AND_TIME

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

59

Requirement 4.3 System requirements
Note Arrays of the respective data types are supported. Note Encrypted ADS is not supported.

Requirements

Before starting the installation, make sure that the Beckhoff machine in the customer network is operational and can be accessed.

4.3.11

Ethernet IP client
The Ethernet IP client (EIP client) enables the connection of “Allen Bradley”, “Rockwell”, and “Omron” control systems to the BFC gateway.

Requirements

The network connection is exclusively established via TCP/IP networks.
For communication, the control system requires an Ethernet port and support for the Ethernet Industrial Protocol.
The EIP client establishes a TCP connection to the control system, the default port is 44818.
An IP address must be configured on the control system and communication to the control system must be possible.
The operator is responsible for a secure network infrastructure.

Supported control system families The following control system families can be connected to BFC with the EIP client. They use different message formats of EIP communication. · CIP-EtherNet/IP TCP/IP ­ Rockwell/Allen-Bradley ControlLogix(tm) PLCs ­ Rockwell/Allen-Bradley CompactLogix(tm) PLCs ­ Rockwell/Allen-Bradley Micro 850/870 PLCs ­ Omron NX/NJ PLCs · PCCC-EtherNet/IP TCP/IP ­ Rockwell/Allen-Bradley MicroLogix PLCs ­ Rockwell/Allen-Bradley SLC 500 PLCs ­ Rockwell/Allen-Bradley PLC/5 PLCs

BFC Gateway

60

Function Manual, 11/2022, A5E49457327B AF

Requirement 4.3 System requirements
Note Alternative to the EIP client As an alternative to the EIP client, some Rockwell/Allen-Bradley control systems (e.g.: Micro 830) can be connected to BFC with the ModBus client.
Note Supported data types The supported data types and data structures are documented under EIP client (Page 582).

4.3.12

Omron client
The BFC driver for Omron machines supports reading and writing of data over Ethernet. The driver can only establish a connection to one Omron machine. However, the driver can be started multiple times and access multiple machines in parallel instances. The driver supports all Omron models that are capable of the FINS protocol.
Note · Writing and reading of NC programs is not supported. · Reading of alarms is not supported. · The following data types are supported:
­ BOOL ­ WORD ­ STRING · Not all control systems offer the same range of features.

Requirements

· Before starting the installation, make sure that the Omron machine in the customer network is operational and can be accessed.
· Make sure that the network, node, and device identifiers are known.

4.3.13

HTTP script client for HP 3D printers
The HTTP script client is supplied with a preconfigured JavaScript for the HP 3D API version 1.2 and higher.

BFC Gateway

Function Manual, 11/2022, A5E49457327B AF

61

Requirement 4.3 System requirements
The preconfigured JavaScript supports HP Jet Fusion 3D printers of the series (https:// developers.hp.com/3d-printing-apis): · 5200 · 4200 · 500 · 300

Requirement

· The printer must be connected to a locally installed HP SmartStream 3D Command Center Version 3.7. Direct access to the printer is not provided. In the client, therefore, the URL of the HP SmartStream 3D Command Center and the printer name configured there are always used.
· To access the HP SmartStream 3D Command Center, you need HP’s access credentials. To use https encryption securely, you need the CA certificates for the SmartStream 3D Command Center or the included device proxy. On the local network, you can also use the pre-installed self-signed certificates of the HP SmartStream 3D Command Center if you activate the “Skip verification of CA cert” option.
· Technically, the data that is available according to the documentation (https:// developers.hp.com/3d-printing-apis) and which the printer actually provides can be read out. Write access to HP 3D printers is not supported.

4.3.14

SFTP client
The SFTP client allows files to be accessed on devices that support the SFTP protocol (SFTP server).
All file and directory operations (reading, writing, renaming, deleting) are supported.
Authorization to access individual directories can be individually defined in the BFC Gateway. More information can be found in Chapter Configuring access rights (Page 467).
You can access SFTP devices via the WebDAV interface of the BFC Gateway.

Preconditions

· Before starting the installation, ensure that the SFTP server in the customer network is operational and can be accessed.
· Ensure that the SFTP server access the data are known.

BFC Gateway

62

Function Manual, 11/2022, A5E49457327B AF

Installing the BFC gateway

5

This chapter describes the new installation of the BFC Gateway.
Note Procuring the BFC Gateway As an end user, contact the sales representative responsible for you about procuring the BFC Gateway software. As a Siemens employee, you can obtain the BFC Gateway via PridaNet.
Note Installation scope of the BFC Gateway installation By default, when you install the BFC Gateway under Docker Swarm or Kubernetes, the BFC Analytics application is also installed. Please note the additional system requirements due to BFC Analytics. You

Documents / Resources

SIEMENS 109822009 Brownfield Connectivity BFC Gateway [pdf] User Manual
109822009 Brownfield Connectivity BFC Gateway, 109822009, Brownfield Connectivity BFC Gateway, Connectivity BFC Gateway, BFC Gateway, Gateway

References

Leave a comment

Your email address will not be published. Required fields are marked *