4 Operating Systems. KEB E22 Book Mount IPC
Advertisement
Advertisement
OPERaTING SySTEMS
4 Operating Systems
4.1 KEB Windows Images (Windows Embedded Standard 7 / Windows 10)
4.1.1 Introduction
KEB has created a “Windows Embedded Standard 7" (WES7) / Windows 10 (Win10) image for C6 E22 / C6 P3x with special features that support the work with the devices.
4.1.2 User accounts
There are two user accounts implemented in the KEB image: AutoLogon and remote.
The following table shows the details for the accounts: account administrator autoLogon
Yes
Password No
Remote access Not possible
Intention Automatic logon after reboot
Tabelle 2: User Accounts remote
Yes remote
Yes
Remote Desktop connection
WaRNING The default password for “remote” account should be changed to an individual password for security reasons.
The AutoLogon should be continuously used as the standard logon, because only a logon without password reaches immediate start of Control and HMI application after boot of the device, which is generally the desired behavior for a machine control device.
Since in WES7 / Win10 a remote logon as account without password is not possible, there is no security risk regarding the missing password for AutoLogon.
Of course own user accounts can be created, but this is not the default approach destined by KEB.
4.1.3 Ethernet address
The C6 E22 / C6 P3x are configured to obtain an IP address from a DHCP server. If no
DHCP server is available in the network the device uses the IP address 192.168.0.100.
Thus it is also possible to connect directly to the device without a network infrastructure with a development PC by configuring the Ethernet adapter of the development PC with another 192.168.0.xxx address.
Switching to the IP address 192.168.0.100 by the device can take several minutes because the device waits this time for the possible DHCP address assignment.
43
OPERaTING SySTEMS
4.1.4 Usage of storage memories
The C6 E22 C6 P3x is delivered with two hard disk drives, a SSD and a CFast card. In
Win7 Image the SSD is divided into two volumes C:\ and D:\ of its half size each. On
C:\ the Operating System and the runtimes (Control, HMI, Connect) are located. D:\ is reserved for future use.
The SSD is not divided in Win10.
44
The applications and data are separated and located on the CFast (E:\). Since the CFast is easy to remove, the applications can easily be transmitted to an exchange device.
OPERaTING SySTEMS
4.1.5 firewall
The Windows-firewall is enabled in the delivery state. This protects the device against many types of network based attacks. KEB has configured the Windows firewall that all foreseen network connections are allowed. The Control runtime and the HMI runtime are allowed to open all network ports because for both programs a rule in the firewall exists.
This is the recommended way to configure a firewall: allow (trusted) programs to open any port instead of allow ports to be opened by any program.
However, in case of assumption that the firewall blocks desired network communication there is an easy way to disable the firewall completely for testing. On the desktop you find a “FirewallDisable” shortcut which does this and also a shortcut for enabling the firewall again.
The commands need “elevated rights”. Confirm the question from the User Account
Control with “Yes”:
45
OPERaTING SySTEMS
WaRNING
It is not recommend to disable the firewall permanently. If the test with disabled firewall confirms that the desired network commu nication is possible, an appropriate rule should be implemented in the firewall configuration (preferred for a program instead of a port) and the firewall should be activated again. How to implement firewall rules can be referred on the appropriate web sites from Mi crosoft for Windows 7 / Windows 10.
4.1.6 Network location and firewall rules
The general concept is to allow access to dedicated programs against opening dedicated ports completely.
When a new network is connected the first time to the system, the user is asked by win dows to define a network location. When choosing „public“ (e.g. internet cafe or airport) the firewall will block almost every connection from outside.
The user should choose „work“ or „home“.
Then the prepared firewall rules become active and all known standard programs are allowed to communicate.
If the user needs to allow further programs, he can easily add further rules:
-> control panel -> system and security -> allow programms.
Optional: add self defined rules:
-> control panel -> system and security -> advanced settings -> inbound rules/ outbound rules ->add rule.
Disabling the firewall is not recommended and should only be done for test.
4.1.7 eGalax Touch Driver
The eGalax driver is installed on all C6 E22 / P3x devices, except the panel devices with capacitive touch. This driver supports all touch controllers of C6 E22 / P3x panel devices and external C6 monitors from KEB. But it does not support Multi-Touch functionality.
Multi-Touch functionality is only possible with capacitive panel devices and requires the
WES7/Win10 internal Microsoft Touch driver.
This driver, in turn, is not able to operate resistive touch displays. The following table gives an overview:
Single Touch
Multi Touch
Resistive eGalax driver
Not possible
Capacitive eGalax driver
Microsoft touch driver
46
OPERaTING SySTEMS
The appropriate driver is installed on C6 E22 / C6 P3x panel devices. For Box and
Bookmount devices, this preselection could not be done at the factory because the used external C6 monitor is not known at the time of production. Thus the eGalax driver is installed on those devices.
If they are used in combination with capacitive C6 monitors (and Multi Touch functionality is desired at all) it is necessary to uninstall the eGalax driver. The Microsoft touch driver becomes active than automatically after 2 reboots. To uninstall the eGalax driver you find an “eGalaxUninstall” desktop shortcut which does this and also a shortcut for installing the eGalax again.
Since the used touch technology is predetermined for C6 E22 / C6 P3x panel devices, the desktop shortcuts are not placed on the desktop on these devices.
The commands need “elevated rights”, thus please confirm the question from the User
Account Control with “Yes”:
Reboot the device twice finish the switch to the Microsoft driver.
47
OPERaTING SySTEMS
4.2 Windows Updates
The Windows Update service is disabled by KEB because it influences the realtime behavior of the system.
KEB recommends to enable the Enhanced Write Filter (EWF) for volume C:\ to protect the Operating System against any change and damage in productive phase, thus windows updates would be discarded anyway.
WaRNING
Necessity of windows updates for security reasons depends on an overall concept of security for the field of application and is the responsibility of the user of this device.
4.3 EWf implementation in the Windows Embedded Standard 7 images
All the KEB Windows Embedded Standard 7 images have a built-in support for Enhanced Write Filter (EWF).
EWF protects a volume from write access.
Its two major components are the EWF Overlay and the EWF Volume:
• EWF Overlay: EWF protects the contents of a volume by redirecting all write operations to another storage location. This location is called an overlay. An EWF overlay can be in RAM, or on another disk partition. An overlay is conceptually similar to a transparency overlay on an overhead projector. Any change that is made to the overlay affects the picture as it is seen in the aggregate, but if the overlay is re moved, the underlying picture remains unchanged.
• EWF Volume: In addition to the EWF overlay, an EWF volume is created on the media in unpartitioned disk space. This EWF volume stores configuration information about all of the EWF-protected volumes on the device, including the number and sizes of protected volumes and overlay levels. Only one EWF volume is created on your device, regardless of how many disks are in the system. If your media does not support multiple partitions, you can save the EWF configuration infor-mation in the system‘s registry (RAM Reg Mode, KEB’s choice)
EWF was configured by KEB with the RAM Reg Mode to protect the C: volume. So, the overlay is in RAM and the EWF volume location is in system registry.
If EWF is activated, each write operation for C: is redirected to an overlay in the RAM memory. no data will be permananetly stored into C.
In case of a reboot or of a system restart after a power failure, the overlay will be reset and all the data written in the previous session will be lost. The view of volume C: will be the same after each restart.
If no persistent volume C: is available, at least one other volume (a separate D: partition, another storage device, a network share) must be created that contains persistent data for the application.
This second volume will not be protected from power failures, but will not contain information that is vital for system booting.
On KEB Windows Embedded Standard 7 images, EWF is disabled by default at shipment and it must be enabled by the customer, in case it is needed.
48
OPERaTING SySTEMS
4.4 KEB Write filter Manager (KEB-Wf_MGR)
4.4.1 Introduction
KEB Write Filter Manager bases on the Enhanced Write Filter (EWF) from Microsoft for
Windows Embededd Standard 7(WES7).
4.4.2 How EWf works
EWF protects a volume from write access. This is realized by an EWF overlay: EWF protects the contents of a volume by redirecting all write operations to another storage location. This location is called an overlay. An EWF overlay can be in RAM, or on another disk partition. An overlay is conceptually similar to a transparency overlay on an overhead projector. Any change that is made to the overlay affects the picture as it is seen in the aggregate, but if the overlay is removed, the underlying picture remains unchanged.
When EWF is enabled for a volume, every write operation to that volume will be redirected to an overlay in RAM and no data will be persistently stored into the volume. In case of a reboot or of a system restart after a power failure, the overlay will be reset and all the data written in the previous session will be lost. The view of the volume will be the same, after every reboot. Thus the content of the volume is protected by any damage which can be caused by power fails otherwise.
4.4.3 Protectable Volumes
Volume
C:\
Protecable Intention
Yes Holds the operating system (including the registry) and the installed programs. Should be protected to ensure that the system never becomes unbootable.
D:\DaTa No
E:\CfaST Yes
For free data storage, future use
Holds the Control and HMI applications. Should be protected to ensure that the applications never become invalid.
Tabelle 3: Volume protection
4.4.4 KEB EWF configuration
On KEB devices RAM overlay is used and the EWF configuration is stored in the regis try of the WES7 operating system, which resides with the operating system on volume
C:\. This implies that changes to the EWF configuration are only possible if the EWF for volume C:\ is disabled or the changes to C:\ will be committed. Otherwise they will be discarded after a reboot. The following table shows the dependencies between the volumes:
49
OPERaTING SySTEMS
These dependencies are handled by the KEB_WF_Mgr internally. Therefore it is not necessary to understand this table completely or to use it as a reference when using the EWF. But keep in mind that there are dependencies because some internal operations of the KEB_WF_Mgr has to be confirmed by the user.
4.4.5 Delivery state of EWf on KEB devices
On KEB Windows Embedded Standard 7 image, EWF is disabled by default at shipment because some settings has to be made on the drive respective in the registry by the user
(e.g. IP address setting).
Every time WES7 starts with EWF disabled for volume C:\ the user is reminded to enable the EWF by the following message box:
50
After all settings to the registry are done you can directly activate the EWF for volume
C:\ by clicking ‘Yes’. The device will reboot immediately and the EWF is enabled for volume C:\.
If you click “No” the message box is closed but will be appear again after the next reboot.
Please note that the volume E:\ which holds the application data is not protectable by this way.
OPERaTING SySTEMS
4.4.6 Using KEB_Wf_Mgr
To disable EWF or to enable it for other volumes, KEB_WF_Mgr should be used (the use of the command line program “ewfmgr” from Microsoft is not recommended by KEB).
Start the KEB_WF_Mgr by double-click the icon on the desktop:
Then the desktop link will start the program which resides in the path „C:\Program Files\
KEB\IPCTools“.
The program needs “elevated rights”. Please confirm the question from the User Ac count Control with “Yes”:
The program’s GUI appears with volume C:\ (provided that EWF for volume C:\ has already been activated before).
51
OPERaTING SySTEMS
52
Under the Volume: you see the states of the selected volume as read-only fields:
• Overlay Type: On KEB devices always RAM-REG
• EWF Status: Current status of the EWF
• EWF Boot: Command which will be performed with the next reboot
On the right side you see the EWF Control commands, each with a help button aside
(the commands which are not available in the current constellation are greyed and disabled):
• Enable: Enables a currently disabled overlay on the specified EWF-protected vol ume. This function requires a reboot.
• Disable: Disables a currently enabled overlay on the specified EWF-protected vol ume. This function requires a reboot.
This function is not available at all for the volume C:\ which holds the registry, because the change in the registry for the new state of EWF cannot become persistent. Use ‘CommitDisable live’ instead to disable EWF for C:\
• Commit: Commits all current level data in the overlay to the EWF-protected volume. This function requires a reboot. After the reboot the EWF status of the volume is still “ENABLED”.
• CommitDisable live: Immediately commits all current level data to the EWF-protected volume and then disabled EWF. This function does NOT require a reboot.
WaRNING
All changes on the volume since the last reboot become effec tive. Do not execute this if you are not sure about the extent of the changes.
OPERaTING SySTEMS
WaRNING The changes become effective immediately with reboot. It is not possible to undo this command with “Clear Command”.
• Clear Command: Clears a pending command for the volume that would have occurred on the next restart.
4.4.7 Dependent Volumes (typically E:\)
As mentioned above, other volumes (in the following, typically E:\ which is the CFast on KEB devices) are dependent from volume C:\ to change their configuration because they are stored in the registry located on C:\ and thus the registry is protected against any changes, if EWF is activated for C:\
If EWF is deactivated for C:\ all commands for the dependent volumes can be used independently.
Otherwise, if EWF for C:\ is enabled, the following rules are effective:
• Enable and Disable: if one of these commands is used the following message box asks if the Commit command for C:\ should also be set. It is recommended to confirm with “Yes” because otherwise the Enable or Disable has no effect. The message is not displayed if the boot command for C:\ "Commit" is already present.
• The Clear Command can reset the Commit without any dependency, but for Enable/Disable it asks to clear the implicitly set of Commit for volume C:\, too:
Normally you should confirm with “Yes” because the Commit for volume C:\ was only set to take effect for the change of E:\.
53
OPERaTING SySTEMS
4.4.8 Leave the KEB_Wf_Mgr
A Shutdown or Reboot of the device can be initiated directly from the KEB_WF_Mgr to take effect for pending boot commands by using the particular buttons.
The program can also be left by the Exit button. In this case the program checks for pending boot commands and shows if appropriate the following message box:
It is recommended to choose “yes” to ensure that no subsequent changes of the system are committed accidentally; which could be happened if you quit the message box with “No” .
If you choose “Cancel” the exit of the program is discarded and you can continue to work in the KEB_WF_Mgr.
4.5 KEB UWf Manager
4.5.1 Introduction
The KEB UWF Manager offers a simple interface to use Microsoft's Unified Write Filter in Windows 10.
4.5.2 functioning of the UWf
UWF protects your volume from write access by redirecting all write commands to a virtual overflow. The virtual overflow is a temporary memory, which is either in RAM or directly on the volume and which is cleared when the device is restarted. Any change made to the overflow affects the image, but if the change is undone, the image remains unchanged.
If the UWF is enabled for a volume, no data are permanently stored on this volume. In case of a restart or power failure, the overflow will be reset and all data from the previ ous session will be lost. The view will be the same after each reboot and is therefore protected against damage that can be caused by a power failure.
4.5.3 KEB UWF Configuration and usage
To protect the system on volume C:\ including the registry, the overflow is configured with 4096 MB on the hard disk as standard.
KEB recommends the use of a write filter in order to increase the longevity of the devices and the data integrity. UWF Manager is disabled at the time of delivery, in order that the user can make changes during the start-up process.
54
OPERaTING SySTEMS
Each time the device boots up with disabled UWF, the user is reminded to activate the write filter. As soon as the start-up is completed, the user can activate the write filter directly by clicking "Yes".
To activate the UWF Manager or to display more information about the current protection status, the KEB UWF Manager should be used, because it provides a more intuitive configuration option compared to the command line tool provided by Microsoft.
A shortcut to the KEB UWF Manager can be found on the desktop and can be executed by double click. Please note that this tool requires elevated rights, the popup window of the user account control must be confirmed with "Yes".
The program interface appears and you can protect (Protect) or not protect (Unprotect) your system. Furthermore, after activating the write filter, the overflow info (Overlay Info
- Current) is displayed including type, maximum size and current usage.
55
OPERaTING SySTEMS
Depending on the current status of the UWF Manager, the user can protect or unprotect the system by using the buttons on the right. Both actions require a restart. If the state has changed, the "Reboot" button can be used to restart the system and to activate the set state.
In case of a state change without restart, the tool reminds the user to restart the system when leaving.
4.6 KEB Linux Image
4.6.1 Introduction
KEB has created a Linux image for C6 E22 / P3x with special features that support you in the work with the device.
4.6.2 Service User accounts
KEB Linux image has got a service account which can be used to change device settings.
Account
Password service service
56
OPERaTING SySTEMS
After login to the device with the service user account the following menu is shown:
WaRNING The default password for the service user account should be changed to an individual password for security reasons!
The C6 E22 / C6 P3x Linux is configured to use the IP address 192.168.0.100. This also makes it possible to set up a remote connection to the device with a development
PC, e.g. if no display unit is available. To do this, configure the Ethernet adapter of the development PC with another address 192.168.0.xxx and connect to the device with
Putty as service user:
57
OPERaTING SySTEMS
4.6.3 Change password for service user
To change the password, proceed as follows:
• Login as user “service”
• Select menu “8) Change password”
• Follow the instructions:
- Enter old password
Enter new password twice. It must fulfill conditions regarding length and com plexity
• Reboot the device
4.6.4 Ethernet IP address
To switching the Ethernet address the service user menu “1) Show/change IP address”.
The current IP address is shown and following sub menu occurs:
Choices:
1.
Switch network to DHCP, to switch to dynamic network configuration (DHCP).
2.
Switch network to default Static IP, to switch to default static IP 192.168.0.100/24.
3.
Switch network to static IP for static network configuration.
The set e.g. the IP address 172.17.131.100 and the mask 255.255.255.0 must be entered as followed:
172.17.131.100/24
The value 24 for mask means 24 set bits in the mask beginning from left. Accordingly, 8 bits on the right are not set.
4.6.5 Usage of storage memories
The C6 E22 / P3x Linux is delivered with two hard disk drives, a SSD and a CFast card.
On the SSD the Operating System and the runtimes (Control, CNC Kernel etc.) are located. The applications and data are separated and located on the CFast. Because the CFast is easy to remove the applications can be transferred to an exchange device easily.
58
OPERaTING SySTEMS
4.7 Common (Windows and Linux)
4.7.1 Micro-UPS Handling
As also mentioned in the hardware related parts of this manual all C6 E22 / P3x devices are equipped with a micro-UPS to ensure storage of Retain and Persistent variables of the Control application in case of power lost.
To avoid inconsistent data sets, the Retain and Persistent variables will be stored only if the µUSV is charged completely. Otherwise the capacity could not be sufficient to store all variables and the consistency of the data set cannot be ensured.
The charging time of the micro UPS is about 15 s for C6 E22 / P3x devices, thus normally the micro UPS is always charged until the Control application is started after a restart of the device. But for security and to keep the Control application easy portable to devices this longer charging time the charging level should be evaluated in the Control application.
For this an “Internal I/O Mapping” named “IoDrvUPS” is automatically available with the
C6 E22 / P3x device in KEB COMBIVIS studio 6.
59
OPERaTING SySTEMS
To evaluated the „Power status” inside the Control application a variable has to be defined, e.g. „PowerStatus“.
The values of Power status are:
0 Unit isn‘t available (must not appear on functional C6 E22 / P3x)
1 Low charge
2 Half charge
3 Full charge
The Machine application should wait until the micro-UPS is fully charged before any operation is performed which changes Retains or Persistents. This can be achieved with an implementation comparable with the following example:
4.7.2 Ip-Scan
The other “Internal I/O Mapping” variables “24 Vdc power input status” and “24
Vdc power fail counter” cannot be used in a sensible manner, because the PLC is configuered to stop after a short voltage drop already.
Ip-Scan is an IP address scanner from KEB to find other KEB devices in the network.
This requires that Ip-Scan runs also on the device which should be found. The C6 E22
/ P3x should be detectable by the Ip-Scan (also integrated in COMBIVIS studio 6). The
Ip-Scan starts automatically after booting on the device.
Ip-Scan is not yet available on C6 E22 / P3x Linux!
60
OPERaTING SySTEMS
4.7.3 Serial interface
The C6 E22 / C6 P3x can be equipped with an (optional) serial interface (COM ports).
The following table gives an overview:
COM1
COM3
Bookmount
C6 E22
---opt. RS232/
RS422/RS485
Panel/Box
RS232 opt. RS232/
RS422/RS485
C6 P33
---opt. RS232/
RS422/RS485
C6 P34
RS232 opt. RS232/
RS422/RS485
By default the COM port is configured to the RS232 protocol. RS422/RS485 is also possible for some devices.
In order to enable activate ports and to switch the protocol setting, it is necessary to enter the BIOS. This is done by pressing the "F2" key during start-up. You can change the settings by navigating to "Advanced/Super IO Configuration" for C6 E22 or "Advanced/
F81866 Super IO Configuration" for C6 P3x. There you find the settings for the COM ports.
The names of the COM ports differ within the BIOS. In the C6 E22 BIOS,
"COM1" is designated as "COM A" and "COM3" as "COM C. In C6 P3x BIOS,
COM ports are called "Serial Port x", but with the same number.
Navigate to the "Mode" setting for the COM port and change it to "RS422" or "4-Wire
RS485“. Leave the BIOS with “F10” key to save the changes.
In Windows and/or the COMBIVIS studio 6 application no changes are necessary.
61

Public link updated
The public link to your chat has been updated.
Advertisement