HMS IXXAT SG-basic User manual
SG-basic
Extended Version
USER MANUAL
4.01.0401.20001 1.1 en-US ENGLISH
Important User Information
Disclaimer
The information in this document is for informational purposes only. Please inform HMS Networks of any
inaccuracies or omissions found in this document. HMS Networks disclaims any responsibility or liability for any
errors that may appear in this document.
HMS Networks reserves the right to modify its products in line with its policy of continuous product development.
The information in this document shall therefore not be construed as a commitment on the part of HMS Networks
and is subject to change without notice. HMS Networks makes no commitment to update or keep current the
information in this document.
The data, examples and illustrations found in this document are included for illustrative purposes and are only
intended to help improve understanding of the functionality and handling of the product. In view of the wide range
of possible applications of the product, and because of the many variables and requirements associated with any
particular implementation, HMS Networks cannot assume responsibility or liability for actual use based on the data,
examples or illustrations included in this document nor for any damages incurred during installation of the product.
Those responsible for the use of the product must acquire sufficient knowledge in order to ensure that the product
is used correctly in their specific application and that the application meets all performance and safety requirements
including any applicable laws, regulations, codes and standards. Further, HMS Networks will under no circumstances
assume liability or responsibility for any problems that may arise as a result from the use of undocumented features
or functional side effects found outside the documented scope of the product. The effects caused by any direct or
indirect use of such aspects of the product are undefined and may include e.g. compatibility issues and stability
issues.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Table of Contents Page
1 User Guide ........................................................................................................................... 3
1.1 Target Audience...............................................................................................................3
1.2 Related Documents ..........................................................................................................3
1.3 Document History ............................................................................................................3
1.4 Trademark Information.....................................................................................................3
1.5 Conventions....................................................................................................................4
2 Safety Instructions .............................................................................................................. 5
2.1 General Safety Instructions................................................................................................5
2.2 Data Security Features ......................................................................................................5
2.3 Intended Use...................................................................................................................7
3 Scope of Delivery ................................................................................................................ 7
4 Product Description ............................................................................................................ 9
5 Installation......................................................................................................................... 10
5.1 System Requirements ..................................................................................................... 10
5.2 Installing the Hardware................................................................................................... 11
5.3 Reset the Device ............................................................................................................ 13
6 Configuration..................................................................................................................... 14
6.1 Accessing the Device ...................................................................................................... 14
6.2 Accessing the Embedded WEB-PLC.................................................................................... 15
6.3 Activating HTTPS............................................................................................................ 15
6.4 Updating the Firmware ................................................................................................... 16
6.5 Changing Password and Access Rights ............................................................................... 19
6.6 Exporting and Importing a Configuration ............................................................................ 21
7 WEB-PLC Editor ................................................................................................................. 23
7.1 Creating an Application................................................................................................... 23
7.2 Debugging .................................................................................................................... 25
7.3 Mapping I/Os Directly..................................................................................................... 26
7.4 Configuring MQTT Messages............................................................................................ 26
8 Diagnostics and Logging.................................................................................................... 28
8.1 Event Log...................................................................................................................... 28
8.2 Diagnostics Console........................................................................................................ 29
8.3 Data Logging ................................................................................................................. 30
SG-basic User Manual 4.01.0401.20001 1.1 en-US
9 Operation........................................................................................................................... 31
9.1 Power LED .................................................................................................................... 31
9.2 HMS Hub LED A ............................................................................................................. 31
9.3 PLC LED B ..................................................................................................................... 31
10 Technical Data ................................................................................................................... 32
11 Support/Return Hardware................................................................................................ 33
11.1 Support........................................................................................................................ 33
11.2 Return Hardware ........................................................................................................... 33
12 Decommissioning and Disposal ........................................................................................ 33
A Regulatory Compliance ..................................................................................................... 35
A.1 EMC Compliance (CE) ..................................................................................................... 35
A.2 Disposal and recycling..................................................................................................... 35
A.3 ROHS and REACH ........................................................................................................... 35
B UL Ordinary Locations (OrdLoc) ....................................................................................... 36
C Open Source Software ...................................................................................................... 37
User Guide 3 (38)
1 User Guide
Please read the manual carefully. Make sure you fully understand the manual before using the
product.
1.1 Target Audience
This manual addresses trained personnel who are familiar with the applicable standards of the
application field. Exclusively trained staff authorized by the operator is allowed to install,
commission and maintain the device. The contents of the manual must be made available to any
person authorized to use or operate the product.
This guide provides information on hardware installation and the setup of the SG-basic as well as
the basic steps how to access the integrated web-based user interface, the so-called WEB-PLC.
All configurations done via the WEB-PLC are described in detail in the integrated WEB-PLC online
help, available via the web-interface.
1.2 Related Documents
Document Author
OpenVPN documentation http://openvpn.net OpenVPN
WEB-PLC — Online Help HMS
For additional related documentation like Startup Guides for various protocols, How-to videos,
and file downloads see support website at www.ixxat.com/sg-gw-download.
1.3 Document History
Version Date Description
1.0 April 2020 First release
1.1 May 2021 Correction pin allocation, added information about variants, divided into
installation guide and extended user manual, added data security features
1.4 Trademark Information
Ixxat®is a registered trademark of HMS Industrial Networks. All other trademarks mentioned in
this document are the property of their respective holders.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
User Guide 4 (38)
1.5 Conventions
Instructions and results are structured as follows:
►instruction 1
►instruction 2
→ result 1
→ result 2
Lists are structured as follows:
• item 1
• item 2
Bold typeface indicates interactive parts such as connectors and switches on the hardware, or
menus and buttons in a graphical user interface.
This font is used to indicate program code and other
kinds of data input/output such as configuration scripts.
This is a cross-reference within this document: Conventions, p. 4
This is an external link (URL): www.hms-networks.com
Safety advice is structured as follows:
Cause of the hazard!
Consequences of not taking remediate action.
How to avoid the hazard.
Safety signs and signalwords are used dependent on the level of the hazard.
This is additional information which may facilitate installation and/or operation.
This instruction must be followed to avoid a risk of reduced functionality and/or damage
to the equipment, or to avoid a network security risk.
Caution
This instruction must be followed to avoid a risk of personal injury.
WARNING
This instruction must be followed to avoid a risk of death or serious injury.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Safety Instructions 5 (38)
2 Safety Instructions
Caution
The device may only be put into service and operated by qualified personnel. To ensure
the safe operation of the device, prevent access to the device by unauthorized persons.
If device is connected directly to the internet (without router), the firewall must be
enabled.
2.1 General Safety Instructions
►Protect product from moisture and humidity.
►Protect product from too high or too low temperature (see Technical Data, p. 32).
►Protect product from fire.
►Do not paint the product.
►Do not modify or disassemble the product. Service must be carried out by HMS Industrial
Networks.
►Store products in dry and dust-free place.
2.2 Data Security Features
The SG-basic supports various security features. HMS recommends to activate and use this
security features as described in the following chapters.
2.2.1 OpenVPN
HMS recommends using encoding via OpenVPN, if supported by all participants, to
increase the internet safety.
The firmware includes an OpenVPN client, that can be used to integrate the SG-basic into a
virtual private network. For more information about OpenVPN and possible settings see the
WEB-PLC Online Help Settings – Settings – Network – OpenVPN. Additionally a How-to video
and a Startup Guide for OpenVPN are available on www.ixxat.com/sg-gw-download.
2.2.2 WEB-PLC Security
HTTPS
To increase the internet security, HMS recommends activating HTTPS to access the WEB-
PLC.
If the WEB-PLC is accessed with activated HTTPS the integrity and confidentiality of the session
and the login data are ensured. For information about activating HTTPS see Activating HTTPS, p.
15.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Safety Instructions 6 (38)
Terminating a Session
On a static web page the session is terminated (log out) after 10 minutes of inactivity or when
the browser is closed. On a dynamic web page there is no automatic log out as long as the
browser is active. Make sure to log out manually or to close the browser to log out if WEB-PLC
programming page or event log is opened.
2.2.3 Password Protected Configuration
HMS recommends exporting configuration files password protected. For security reasons
exclude user credentials and access rights from the export.
The configuration file can optionally be secured with a password. If a configuration file is secured
with a password, the configuration can only be imported after entering the password. For more
information about the export and import of configurations see Exporting and Importing a
Configuration, p. 21.
2.2.4 Restrictive Access Rights
HMS recommends configuring access rights for each user as restrictive as possible.
It is possible to configure for each user different access rights for the different device functions.
Make sure, that each user only has the access rights that are required to perform the tasks of
their role to minimize security risks (principle of least privilege). For more information about the
configuration of user accounts and access rights see Changing Password and Access Rights, p. 19.
2.2.5 Password Policy
HMS recommends configuring the password policy according to the international
password guideline NIST Special Publication 800-63.
The password must be changed after the first login.
It is possible to define requirements for passwords that apply for all created users. To ensure
that adequately strong passwords are used, the configuration of the password guideline should
be based on the international password guideline NIST Special Publication 800-63. For more
information about configuring user accounts and access rights see Changing Password and
Access Rights, p. 19.
2.2.6 Firewall
If device is connected directly to the internet (without router), the firewall must be
enabled.
HMS recommends using the device only in the local network and behind a firewall.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Scope of Delivery 7 (38)
For security reasons block communications ports that are not used.
The firewall improves the security of the device by analyzing network traffic and blocking
unallowed traffic. The firewall has a blocking policy: outgoing connections are allowed while
incoming connections are blocked except if a rule allows this specific connection.
Dynamic rules are created by the firewall for outgoing connections. Static rules allow access to a
specific service on the device from the network. For more information about configuring the
firewall see WEB PLC Online Help – Settings – Settings – Network - Firewall.
2.2.7 Firmware Updates
HMS recommends to install always the latest firmware version to maintain device security.
The firmware is constantly improved and expanded. Firmware updates are encrypted and
digitally signed by HMS to ensure the authenticity of the firmware version. For more information
about updating the firmware see Updating the Firmware, p. 16.
2.2.8 Event Log
The event log is cleared when the device is restarted and new events may overwrite older
events once the ring buffer is completely filled. The events that are stored in the event
log can be downloaded as csv file.
The event log is available in the WEB-PLC and includes security events like failed login attempts
with timestamp, message and event type. For more information see Diagnostics and Logging, p.
28.
2.2.9 Disposal
Make sure, that all sensitive data is removed from the device before decommissioning.
Follow the guidelines for secure, safe, and sustainable disposal of devices after use (see
Decommissioning and Disposal, p. 33).
2.3 Intended Use
The SG-basic is used to connect Modbus devices and energy communication systems with each
other and to SCADA systems or to cloud systems. The device is intended for installation on
standard DIN rail inside industrial cabinets or on DIN rail distribution boards inside building
automation boards.
3 Scope of Delivery
Included in the scope of delivery:
• SG-basic device
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Product Description 9 (38)
4 Product Description
The SG-basic is an easy to use gateway, Remote Terminal Unit (RTU) and PLC for power
distribution and industrial applications. It includes a local web server for parameterization,
programming, protocol conversion and alarm functions. With its visual programming editor the
SG-basic is easy to configure without any programming skills needed.
Features
• 2 x Ethernet 100/100 Mbit/s
• 1 x RS485
• web based configuration via browser
• IEC 61850 Client/Server including GOOSE Subscriber and Publisher
• IEC 60870-5-104 Client/Server
• DNP3 Outstation
• Modbus-TCP Client/Slave
• Modbus RTU Master/Slave
• OPC-UA server
• MQTT publisher/subscriber
• Kolibri for connection to the optional HMS Hub IoT cloud
• Simple Network Management Protocol (SNMP)
• CODESYS network variables
• timer functionality
• DHCP server
• Simple Network Time Protocol (SNTP)
• Network Address Translation (NAT)
• OpenVPN client
• Transport Layer Security (TLS)
• password protection, user and access rights management
• firewall supporting dynamic and static rules
• event log
• encrypted and signed firmware
• export of configuration files with optional password protection
• diagnostics (Pcap, Ping, DNS lookup etc.)
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Installation 10 (38)
5 Installation
5.1 System Requirements
The WEB-PLC software runs on any up-to-date web browser on any PC operating system. The
Ixxat Energy IP configurator, used to determine or configure the IP address of the device, runs on
Windows.
The following features are needed on the local computer for the IP configuration:
• Ixxat Energy IP configurator, available on www.ixxat.com/sg-gw-download
• Ethernet network interface
• Microsoft Windows 7/10
The IP address can also be determined with other IP/Mac scanners. If the IP address of the device is
already known, the configuration can also be done in the WEB-PLC.
The following features are needed on the local computer for the device configuration:
• Ethernet network interface and Ethernet connection to the device (local or internet)
• Java-script capable web browser
• recommended OS:
– Windows 7/10
– Linux Kernel 4.x or 5.x
– MacOS X
• recommended web browser:
– Mozilla Firefox 87 or higher
– Google Chrome 89 or higher
– Chromium browser 88 or higher
– Apple Safari 14 or higher
– Opera 75 or higher
Firmware
The firmware is constantly improved and expanded. To configure the device the latest firmware
must be downloaded on the device. For more information about updating the firmware see
Updating the Firmware, p. 16.
WEB PLC Help
After connecting the SG-basic and accessing the Embedded Web the WEB PLC Online Help is
available via the button in the WEB PLC.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Installation 11 (38)
5.2 Installing the Hardware
5.2.1 Connectors
Fig. 1 SG-basic
1Micro SD card Make sure, that the Micro SD card is inserted.
2 Power connector, FE Functional earth
3 Power connector, GND Ground
4 Power connector, VCC 24 V DC
5Serial interfaces RS485, pin B B (+/Z)
6Serial interface, RS485, pin A A (-/Y)
7Ethernet port 1
8Ethernet port 0
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Installation 12 (38)
5.2.2 Mounting the Device
Damage caused by overheating!
Ensure adequate air circulation. Observe the recommended mounting distance.
Use in dry rooms exclusively!
The device is designed for installation on a 35 mm DIN rail.
►Ensure adequate air circulation and observe the recommended mounting distance.
– If venting slots are covered: 2 cm distance on top and bottom
– If venting slots are covered about 50 %: 1 cm distance on top and bottom
►Use top hat rail mounting.
→ After installation the housing of the device is connected to functional earth.
►Make sure, that the device is connected to the power supply (see Cabling, p. 12).
5.2.3 Cabling
Damaged device caused by reverse polarity or wrong power supply!
Make sure that power is connected with correct polarity and that power supply is of
recommended type.
The power supply must be a grounded circuit (PELV) and a 24 V DC ±15% regulated limited
power source according to EN 62368-1, annex Q, or IEC/EN 60950-1, clause 2.5.
►Connect the cables to the power connector (2/3/4).
→ Device is grounded via the FE pin of the power connector (2).
►To configure the device, connect the Ethernet port ETH0 (8) or ETH1 (7) directly to the
Ethernet port of the computer or via a hub or switch.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Installation 13 (38)
5.3 Reset the Device
All settings are lost when device is reset.
Fig. 2 Reset button
►Disconnect the device from power supply.
►To restore the factory settings, press and hold the Reset button (1) .
►While holding the Reset button (1) connect the device to power supply.
►Hold the Reset button until all LEDs are flashing twice. This can take up to 20 seconds.
→ When the reset is acknowledged all LEDs are flashing twice.
►Release the Reset button (1).
►Wait until the device is started up. Do not disconnect the power supply before the device is
started up.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Configuration 14 (38)
6 Configuration
6.1 Accessing the Device
Fig. 3 Ixxat Energy IP configurator
The IP address can also be determined with other IP/Mac scanners. If the IP address of the device is
already known, the configuration can also be done in the WEB-PLC.
►Connect the device to the computer (see Cabling, p. 12).
►Download the latest Ixxat Energy IP configurator from www.ixxat.com/sg-gw-download.
►Start Ixxat Energy IP configurator.
→ Ixxat Energy IP configurator scans for SG devices on the local network.
→ Found devices are shown in drop-down list (1).
►To identify the device, compare the number in the list (1) with the MAC on the label of the
device.
►To rescan the network click button Scan (2).
►Select desired device in drop-down list (1).
→ Current IP configuration of the device is displayed (4).
→ By default the device tries to get an IP address from a DHCP server.
►Check if settings match the needs of the network.
►If necessary, use a static IP address:
►Uncheck Use DHCP (6) and set the IP address manually (4).
►Click button Configure (5).
►In the opened popup enter username (default: ixxat) and password (default: ixxat) and
click OK.
→ If the configuration is successful, Configuration completed is shown.
►If desired device is selected and configured, click button Connect (3).
→ Standard browser to access the WEB-PLC and to configure the device is opened (see
Accessing the Embedded WEB-PLC, p. 15).
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Configuration 15 (38)
6.2 Accessing the Embedded WEB-PLC
►Enter IP address of the device in use into a web browser.
→ Log in window is opened.
►Enter user name (default: ixxat) and password (default: ixxat).
→ Home page of the WEB-PLC is opened.
Fig. 4 Accessing the embedded WEB-PLC
Password has to be changed after first login (see WEB-PLC Online Help).
The home page shows the following information:
• overview of the device status
• current values of the I/Os
• information about device hardware and software
• information about special components such as the cellular modem or OpenVPN
►To configure the settings, click icon Settings .
→Event Log is opened, which displays all events (information messages, warnings and
errors) generated by the device.
►For information about the protocol specific configuration see protocol specific Startup
Guides on www.ixxat.com/sg-gw-download.
►For detailed information about the settings possibilities and event log messages open the
WEB-PLC Online Help via button .
►To open the WEB-PLC editor, click button Editor (for more information see WEB-PLC
Editor, p. 23).
6.3 Activating HTTPS
To increase the internet security, HMS recommends to activate HTTPS to access the WEB-PLC.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Configuration 16 (38)
If the WEB-PLC is accessed with activated HTTPS the integrity and confidentiality of the session
and the login data are ensured.
►Open the WEB-PLC (see Accessing the Embedded WEB-PLC, p. 15).
►Click icon Settings and open tab Settings.
►In the configuration tree select Network.
Fig. 5 WEB-PLC network settings
►In Web server security activate checkbox Force HTTPS.
►Click button OK and button Reboot to apply the changes.
6.4 Updating the Firmware
The firmware is constantly improved and expanded. To configure the device, the latest firmware
must be downloaded on the device. For more information about updating the firmware see WEB
PLC Online Help — Update.
Damaged device if ongoing firmware update is stopped or cancelled!
Do not disconnect the power supply, reset the device or perform any other operations
while the update is in progress. Firmware update can take up to 10 minutes.
The device restarts several times during the update and error messages may occur.
Risk of resetting the configuration!
Identify the device and the device IP settings using the latest Ixxat Energy IP configurator.
Use an up to date browser version.
6.4.1 Saving Existing Configurations
HMS recommends to export and save existing configurations before updating the firmware as
backup in case the configuration is reset during the update.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Configuration 17 (38)
►Identify the device and the device IP settings using the latest Ixxat Energy IP configurator
(downloadable from www.ixxat.com).
►Use an up to date browser version (Firefox, Chrome, Chromium, MS Edge, or Apple Safari).
►Enter IP address of the device in use into a web browser.
→ Log in window is opened.
►Enter user name and password.
→ Home page of the WEB-PLC is opened.
►Click icon Settings and open tab Export.
►Export the existing device configuration.
►Check if the saved configuration is complete.
►Update the firmware online or offline.
6.4.2 Online Update
►Save existing configurations (see Saving Existing Configurations, p. 16).
►Identify the device and the device IP settings using the latest Ixxat IP configurator
(downloadable from www.ixxat.com).
►Use an up to date browser version (Firefox, Chrome, Chromium, MS Edge, or Apple Safari).
►Enter IP address of the device in use into a web browser.
→ Log in window is opened.
►Enter user name and password.
→ Home page of the WEB-PLC is opened.
►To check the current firmware version, expand the list entry Device Information.
Fig. 6 Home page
►Check if newer version is available on www.ixxat.com/sg-gw-download.
►If newer version is available, download the firmware update zip file and extract for the
firmware update cup file.
►If the firmware on the device is older than 19.3.32, update first to firmware version 19.3.32,
and then to newer versions. Update to version 19.4.5 and newer is only possible from
version 19.3.32 and newer.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Configuration 18 (38)
►Make sure, that the SD card (minimum 500 MB free memory) is inserted before starting the
device.
Upload may fail if SD card is inserted after the start-up of the device!
If the SD card is inserted after the start-up of the device, reboot the device before
updating.
►Click button Update .
►Browse for the update package with button Choose File, select the desired file and click
button Start update.
→ Start-up directory is created on SD card.
→ Device is programmed with the new software.
→ When firmware is updated, a message is shown that includes a link to the index page.
►Do not disconnect the power supply, reset the device or perform any other operations while
the update is in progress. Firmware update can take up to 10 minutes.
►To make sure, that the new version of the website is shown, clear the browser cache with
Ctrl + F5.
6.4.3 Offline Update
Whether updating offline is allowed or not, can be configured in Settings — Services — Update.
If the firmware on the device is older than 19.3.32, update first to firmware version
19.3.32, and then to newer versions. Update to version 19.4.5 and newer is only possible
from version 19.3.32 and newer.
If the update package is stored on the SD card and the cup file is extracted, updating is possible
without access to the WEB PLC.
►Save existing configurations (see Saving Existing Configurations, p. 16).
►Make sure that the update package is named update.cup and stored in the com.tom
directory on the SD card.
►Disconnect the device from power supply.
►Insert the SD card (minimum 500 MB free memory).
►Connect the device to power supply and start up the device.
►Press and hold the Reset button with a pointed object until all LEDs are flashing twice.
→ This can take up to 15 seconds.
►Wait until the update is finished. Do not disconnect the power supply, reset the device or
perform any other operations while the update is in progress. Firmware update can take up
to 10 minutes.
SG-basic User Manual 4.01.0401.20001 1.1 en-US
Table of contents
