EcoStruxure™ Machine Expert HVAC Training Portfolio

Module 1 – T06 Commissioning on ESME HVAC

Machine Solutions Training Center

Confidential Property of Schneider Electric

Module 1 – T06 1 Menus & Custom Defaults

Commissioning with ESME 2 Commissioning Perspective

HVAC & M172P
3 File Storage

4 USB Programming Files

5 Parameters Export

6 Cybersecurity

Confidential Property of Schneider Electric | Page 2

CONFIGURATION Perspective
Menus - How To
Menus:
> Useful to group a set of parameters /
variables, based on categories.

> The Menus are folders accessible in

Commissioning.
CONFIGURATION Perspective
Menus – Step by Step
In Configuration
3 • right-click Menu (1)
• add Menu (1)
• rename (2)
• Build All (3)

2 In Commissioning → Access Set of Parameters (4)

1

4
CONFIGURATION Perspective
BIOS Parameters – Custom Default Value
BIOS Parameters:
> This section allows to customize
the default value of the BIOS
Parameters available on the
target.
> The default values are shown in
Commissioning and are
downloaded during a “Download
BIOS Custom All” operation.
Parameter Default Value

> In Commissioning, the

parameters with a custom
default value have the related
line in blue color.
Commissioning Perspective
Deep-dive

> Parameters Settings / Recipes

> BIOS Update
> File Browser
> Web Site Preview
> USB Key Program Files

Confidential Property of Schneider Electric | Page 6

Commissioning Perspective
Color Indication

• Red - Not aligned with the target

• Black - Aligned with the target

• Blue - Value is different from default

• Grey - Read only data

• Green - Data is not visible in the target

Confidential Property of Schneider Electric | Page 7

 Commissioning Perspective
Parameter Settings and Recipe Management

➢ Drag&Drop the parameters in the recipe

➢ Writing of all recipe parameters in one shot:

Confidential Property of Schneider Electric | Page 8

 Commissioning Perspective
BIOS Update
> Steps 1
1. Connect to Controller
2. BIOS Download

Confidential Property of Schneider Electric | Page 9

 Commissioning Perspective
BIOS Update
> Steps - Suite
3. Click on the «Browse»
button 3
4. Select the latest BIOS
5. Click on «Open» 6
6. Click on «Download»
7. BIOS upgrade in
4
progress

8. Final output
5

Confidential Property of Schneider Electric | Page 10

 Commissioning Perspective
File Browsing

• Mmc:0: SD card (32 GB max)

• Nor:0: internal memory (8 MB max)

Confidential Property of Schneider Electric | Page 11

 Commissioning Perspective
Web site Preview 2

• Select Controller
• Build WebSite 1
• Web Site Preview

4
3

Confidential Property of Schneider Electric | Page 12

M172 File Storage
Deep-dive

> NOR / NAND Memory

> Storage Selection
> microSD/USB-Host Commands
> File Browsing
> File Handling
> MicroSD Card Presence
Confidential Property of Schneider Electric | Page 13
 M172 File Storage
> What is NOR flash memory • Some devices use both NAND and NOR. A pocket
• Type of non-volatile storage technology that PC, for instance, may use embedded NOR to boot
up the operating system and a removable NAND
does not require power to retain data.
card for all its other memory or storage
requirements.
> 2 types of flash memory:
• M172P uses a NOR Memory
• NOR: It is faster, but it's also more expensive
and takes longer to erase and write new data.
It’s most often used in mobile phones
• NAND: It has significantly higher storage
capacity than NOR. It has found a market in
devices to which large files are frequently
uploaded and replaced. MP3 Players, digital
cameras and USB drives use NAND flash

Confidential Property of Schneider Electric | Page 14

 M172 File Storage
Via the 3 volumes (NOR, SD, USB) it is possible to :

• Update the parameters into the Controller

• Copy files from USB pen drive to NOR Flash or NOR SD
microSD and vice versa
• Handling files in Applications
• Read, write, delete files in NOR Flash or microSD
via serial communication
• Proceed "file browsing"

USB

Confidential Property of Schneider Electric | Page 15

 M172 File Storage
Storage Selection

> Controller’s Filesystems Features

The Controller has 2 possible volumes:

– Internal NOR flash (8Mb)
– microSD

• It is possible to download files on different media

• Each kind of file type will be downloaded to the selected media (PLC, Download All
HMI, HMI Remote, Cfg files, Web site)

Confidential Property of Schneider Electric | Page 16

 M172 File Storage
Files Overview

Visible
Inside both M172P/USB-Host:
PLCIEC.COD : PLC Application binary file
HMIIEC.COD : User Interface binary file (not mandatory)
HMIREM.KBD : Remote User Interface binary file (not mandatory)
CONNEC.PAR : Master Connectivity settings (not mandatory)
Inside M172P:
Webserver files
Logging file
Others…

Not Visible
Inside USB-Host:
PARAM.DAT (.RAW) : Parameter Map file

Confidential Property of Schneider Electric | Page 17

 M172 File Storage
Parameter File Details
PARAM.DAT Not Visible
• includes a set of M172 BIOS & IEC parameter values

• can be renamed as PARAM.RAW in order to skip parameters range limit check (used in case of par limited by other pars)

• can be created via IEC code using the target var

PARAM.DAT (.RAW) can be manually created/modified in order to contain even a subset of the full map:
• contains only the Defaults of the BACnet Parameters which have a Modbus address assigned

PARAM.BIN contains the defaults of all the PLC Parameters, also including the BACnet ones which have no Modbus
address assigned

Confidential Property of Schneider Electric | Page 18

 M172 File Storage
USB-Host and microSD commands

Upload an application from the USB-Host to the M172P

Upload/Download a parameter map from the M172P to
the USB-Host.

sysUSBCommand is the system command

to upload/download to/from USB-Host:

7 = load PARAM.BIN from USBH

8 = load PLCIEC.COD from USBH
9 = load HMIIEC.COD from USBH
10 = load PARAM.DAT from USBH
11 = save PARAM.DAT to USBH
12 = load CONNEC.PAR from USBH
13 = load HMIREM.KBD from USBH
14 = save sysUsbFileName file to USBH, file name can
be name. ext or *.ext
15 = load sysUsbFileName file from USBH, file name
can be name.ext or *.ext
16 to 218 : See Online Help

Confidential Property of Schneider Electric | Page 19

Use USB-Host from IEC Code
Commands allowed in USB Host mode
Supported Actions:
• Upload an application from the pen drive to M172
• Upload/Download a parameter map from M172 to the pen drive.

sysUSBCommand is the system command

to upload/download to/from USB-Host:
• 7 = load PARAM.BIN from USBH
• 8 = load PLCIEC.COD from USBH
• 9 = load HMIIEC.COD from USBH
• 10 = load PARAM.DAT from USBH
• 11 = save PARAM.DAT to USBH
• 12 = load CONNEC.PAR from USBH
• 13 = load HMIREM.KBD from USBH
• 14 = save sysUsbFileName file to USBH, file name can be name. ext or *.ext
• 15 = load sysUsbFileName file from USBH, file name can be name.ext or *.ext
USB Data Upload Workflow - Command
1

3
 M172 File Storage
USB-Host and microSD commands

microSD_Command is the system

command to do:

0 = No command
1 = Mount microSD, after plugged
the microSD
2=Unmount microSD, before unplug
the microSD

Similar when plugging / unplugging

an USB Stick in your PC

Confidential Property of Schneider Electric | Page 22

USB Device Activation
USB Data Upload Workflow - Status

To monitor the USB-Host status:

Drag & drop sysUsbStatus into the watch window

2
USB Programming Key
Deep-dive

Confidential Property of Schneider Electric | Page 25

Firmware Update via USB

How To Update:
• Copy the relevant .bin file into a USB pen drive (e.g. Msk596_10.bin)
• Connect USB pen drive to M172P
• Firmware will be downloaded into M172P
• Yellow LED will blink during download.
• Remove USB pen drive as soon as Yellow LED will switch off
• M172P will automatically reset and will reboot

BIOS are available @<C:\Program Files (x86)\Schneider Electric\EcoStruxureMachineExpertHVAC\Catalog\FreeAdvance\<firmware>

Please Note: a SYSTEM FAULT message will appear - DO NOT CONSIDER -

BIOS upgrade has been completed successfully

Note: M172P makes a filter based on the filename in order to prevent user mistakes
 Application Upload via USB Pen Drive
Create Files

Confidential Property of Schneider Electric | Page 27

 Application Upload via USB Pen Drive
Select Controller

Confidential Property of Schneider Electric | Page 28

Application Upload via USB Pen Drive
Process and Monitoring
• Upload process starts when the pen drive is plugged
• Monitorin via LED status

• Failure will switch ON red LED (sysUsbStatus>1)

After Upload, PLC must be restarted in order to run the new application.

The parameters map update does not require to a power cycle.

Application Upload via USB Pen Drive
Procedure for multiple Applications

Uploading automatically an application via USB pen drive

• Copy into a pen drive the COD/PAR/DAT files
• Edit an UPLOAD.TXT file containing the list of the files to be uploaded

Note. PARAM.DAT (.RAW) file can be uploaded only if M172P has been rebooted with related
application, therefore PARAM.DAT (.RAW) cannot be uploaded at the same time of
PLCIEC.COD

The upload file can have a prefix from 00 to 07, for example 03UPLOAD.TXT:
• Copy into a pen drive the UPLOAD.TXT (03UPLOAD.TXT) files as well
Files with numeric prefix are uploaded only if the Evolution dip-switches match the prefix; in this
way it is possible to store on the same USB pen drive one or more Evolution applications.
USB Application Download Workflow
Files to collect manually
From
• @project root → Rename 00CONNEC.PAR

• @project root/PLC/Download → Rename 00PLCIEC.COD

• @project root/HMI/Download → Rename 00HMIIEC.COD

→ Rename 00HMIREM.KBD

• Create Text file 00UPLOAD.txt and copy it to USB stick

• Power cycle to apply them into the RAM

Note: Always use Capital letter in renaming TXT files

Parameter Export
Deep-dive

Confidential Property of Schneider Electric | Page 32

 Parameter Export
2

> Steps
• Select an element to export
• Select Parameters
• Export to text File
• Save as .CSV File 3

4
Confidential Property of Schneider Electric | Page 33
Cybersecurity: ESME HVAC 1.2 & BIOS 596.10 / 668.10

Confidential Property of Schneider Electric

 Cybersecurity settings of M172
> HTTP is unsecure, but still enabled since a user authentication
mechanism exists
• Being the factory credentials the same for all the PLC
controllers, the user is forced to change the password at
first access.

> The factory default configuration of the controller must be secure.

Therefore, following unsecure protocols are disabled by default:
TCP
• Modbus TCP
• BACnet IP
• FTP IP

> These protocols are disabled regardless of the related BIOS

settings until factory web credentials are changed by the user

Confidential Property of Schneider Electric | Page 35

 Cybersecurity settings of M172
> Administrator password is internally crypted and stored
in a safe area:
• It is no longer needed to save password into an
EEPROM location
• You can change it using:
- the embedded website, automatic redirect to page
evopsw.htm
- First connection with ESME HVAC 1.2
- Modbus/CAN from local or remote HMI

> If the password is not modified at least once:

• Modbus/TCP, FTP and BACnet IP are disabled
regardless of the related bios settings
• Green and yellow led will blink once at the same
time during the boot procedure

Confidential Property of Schneider Electric | Page 36

 Cybersecurity settings of M172
> BIOS Parameters Defaults
• Targets 596.9 & 668.9

• Targets 596.10 & 668.10

Updated Defaults: Modbus/TCP,

Bacnet/IP and FTP disabled

These protocols are disabled regardless of the related BIOS settings

until factory web credentials are changed by the user
Confidential Property of Schneider Electric | Page 37
First connection via mini-USB or Modbus SL

• ESME HVAC will ask you to change the PLC password:

• ESME Connection is allowed only after password has been changed

• Modbus SL protocol via RS485/mini-USB is always enabled for read/write registers
Confidential Property of Schneider Electric
First connection via Ethernet
Since Modbus/TCP is disabled, when you try to connect
with ESME HVAC:
• An error message will be shown and the default browser
will be open trying to reach the PLC webserver
‒ Enter the default credentials:
user: administrator
password: password
‒ Change the password
‒ Enter again the new web
credentials
‒ Open link
‘Click here to enter site’

Confidential Property of Schneider Electric

First connection via Ethernet
‒ Open ‘Ethernet’ link:

‒ Set protocol ports as desired:

– 502 is the standard for Modbus/TCP
– 21 for FTP, 47808 for Bacnet
‒ Go back to ESME HVAC and connect
Confidential Property of Schneider Electric
Programming with USB memory key

• The USB programming files are created by the usual command in Commissioning:

• ESME HVAC will ask the developer

to define the web password:

Confidential Property of Schneider Electric

Programming with USB memory key

• Web password will be stored in a new programming file named

CREDEN.DAT
• It must be called by UPLOAD.TXT as last system file (before the
web and extra files as in the example):
• Content of CREDEN.DAT:

‒ Max length is 15 chars

‒ File must end with a CR+LF

Confidential Property of Schneider Electric

Programming with USB memory key
• Result of a USB memory key upload:
BIOS 596.10 / 668.10 or newer Previous BIOS Version

Web password not changed yet Web password already changed

USB content is uploaded

CREDEN.DAT present
Password is changed first, then Password file is downloaded
and called by Upload fails
USB content is uploaded but does not trigger any
UPLOAD.TXT
action

CREDEN.DAT not
USB content is not uploaded.
present or not called USB content is uploaded USB content is uploaded
Red led will blink 3 times.
by UPLOAD.TXT

• USB programming files generated by ESME HVAC 1.1 or SoMHVAC must

be updated adding CREDEN.DAT when used with bios 596.10 / 668.10 or
newer
Confidential Property of Schneider Electric
Manufacturing process or use of ESME HVAC 1.1
• Developers can create a text file named: OEMFILE.TXT
• File content must be:
‒ D:"<newpassword>" or E:"<newpassword>“ + <CR LF>
‒ D means web password is changed and after PLC reboot unsecure
protocol status will depend on bios/target block settings
‒ E means do not change web password (unsecure protocol disabled after
reboot)

• This file works only on brand new plc with web password not changed yet
• Plugging a USB stick at PLC boot with web password not yet changed will
temporarily enable all unsecure protocols

Confidential Property of Schneider Electric

How To restore Cybersecurity factory settings
• Call sysHTTP_Authentication() with the following input:
• MACaddress as string ‘00:18:BB:XX:XX:XX’
• ‘administrator’
• ‘password’ Code example
IF xReset THEN
▪ Reboot the PLC // restore Cybersecurity factory settings
sMacString := ‘’;
▪ BIOS defaults related to FOR i:=0 TO 5 DO
// With ESME HVAC 1.1 sysMacAddress[i] must be first converted
Modbus/TCP, FTP and into a INT var and then used as input of TO_STRINGFORMAT()
sByte := TO_STRINGFORMAT(sysMacAddress[i],'%02X');
BACnet IP are not modified sMacString := CONCAT(sMacString,sByte);
IF i<5 THEN
sMacString := CONCAT(sMacString,':');
END_IF;
END_FOR;
// MacAddress format: "00:18:BB:XX:XX:XX"
usiRet := sysHTTP_Authentication(sMacString,'administrator','password');
xReset := FALSE;
END_IF;
Confidential Property of Schneider Electric
Login Messages
First Connection or after Restore

USB Connection Ethernet Connection