Training Document

COMPUTER HARDWARE & NETWORKS
TRAINING DOCUMENT
ON
CONTROL CENTRE EQUIPMENT
TABLE OF CONTENTS
1. INTRODUCTION .......................................................................................................... 3
1.1 Control Centre Sub-Systems ............................................................................................................................ 3
1.2 SUBSYSTEM DETAILS ....................................................................................................................................... 5
2. SERVERS (IBM SYSTEM X3530 M4) ......................................................................... 9
2.1 SERVER COMPONENTS ............................................................................................................................................. 16
2.2 HW REQUIREMENTS FOR WINDOWS SERVER 2008 R2 STANDARD .................................................................................. 19
2.3. IBM SYSTEM STORAGE DS3524 EXPRESS AND X3630 M3 ........................................................................................... 21
2.4. TAPE LIBERARY .................................................................................................................................................. 26
2.5 RAID CONCEPT ...................................................................................................................................................... 30
3. ATEN, CL1000 ........................................................................................................... 34
4. WORKSTATION ........................................................................................................ 37
4.1 HARDWARE REQUIREMENTS FOR WINDOWS 7 ......................................................................................................... 38
4.2 HOW TO CREATE ADDITION DRIVE IN WINDOWS 7 ..................................................................................................... 39
5. LAPTOP ..................................................................................................................... 42
6. COLOR LASERJET PRINTER ................................................................................. 44
6.1 SPECIFYING AN IP ADDRESS (NO DHCP) .................................................................................................................. 49
6.2 RECEIVING AN IP ADDRESS AUTOMATICALLY (DHCP) ................................................................................................. 50
6.3 PREPARING A PRINT SERVER .................................................................................................................................. 50
7 B/W LASERJET MULTIFUNCTION PRINTER ........................................................... 54
7.1 STORING DATA IN THE DOCUMENT SERVER .............................................................................................................. 61
7.2 HOW REMOTE FAX WORKS................................................................................................................................... 62
7.3 PRINTING OF DOCUMENTS .................................................................................................................................... 62
7.4 BASIC PROCEDURE FOR STORING SCAN FILES ............................................................................................................ 63
7.5 PREPARING A PRINT SERVER .................................................................................................................................. 64
8 BASIC CONCEPT OF NETWORKING ................................................................... 65
8.1 L3 SWITCHES......................................................................................................................................................... 75
8.2 . ROUTERS ............................................................................................................................................................. 77
9. FIREWALL ................................................................................................................. 80
9.1 NAT MODE ........................................................................................................................................................... 88
9.2 TRANSPARENT MODE ............................................................................................................................................... 89
9.3 (A) FIREWALL CONFIGURATION SETTING FOR PROJECT .................................................................................................... 91
9.4 (B) HOST BASED INTRUSION DETECTION ...................................................................................................................... 92
10. GLOBAL POSITIONING SYSTEM ........................................................................ 100
10.1 GPS CONNECTIVITY DIAGRAM ............................................................................................................................... 101
SRLDC Upgrade Computer Hardware and Networks Training Document Page 2 of 101
1. Introduction
In the proposed solution the EMS/SCADA Hardware and Software system shall
be installed at Southern Regional Load Dispatch Centre (SRLDC) and State Load
Despatch Centres (SLDCs) of APTRANSCO, Puducherry and Kerala State
Electricity Board (KSEB). The back up control center would be able to perform all the
functions of the main control center in case of emergency.
• Installation of new EMS/SCADA platform equipped with Hardware & Software.
• Installation of 25 DCUs at various locations and integration of new/old RTUs to

Main & Backup Control Center through these DCUs on IEC 104 protocol.
• The intent of the project is to replace/upgrade the Supervisory Control and Data
acquisition System and Energy management System (SCADA/EMS) at Southern
Regional Load Dispatch Centre (SRLDC) and State Load Despatch Centres
(SLDCs) of APTRANSCO, Puducherry and Kerala State Electricity Board
(KSEB).
• SRLDC should be integrated with MCC, BCC OF TANTRANSCO through ICCP.
1.1 Control Centre Sub-Systems

The main subsystems in the SRLDC control centers are:
SCADA / EMS Subsystem

• SCADA/EMS Servers (Data Server)
• Front end servers (FEP)
• Inter control center Communication Servers (ICCP)
HIS & Archive Subsystem

• Historical Information Server (HIS) & Archive Subsystem
Web Subsystem
• Web Server
User Interface subsystem

• Operator Consoles
• Video Projection System (VPS)
DTS Subsystem
• DTS server and consoles
Development Subsystem
• Development (Maintenance) Server
NMS Subsystem
• Network Management Servers (NMS)
GPS Subsystem
• Global Positioning System Clock
• Time, Day & Frequency Displays
WAN Subsystem
• Router
• Firewall
LAN Subsystem
• Switch
1.2 SUBSYSTEM DETAILS
The main subsystems are explained in the following sections.
SCADA/EMS Subsystem
The SCADA/EMS subsystem is the heart of the system. It hosts the SCADA &
EMS databases, carries out the SCADA processing and EMS calculations, feeds the
historical information server and sends data to the operator consoles (amongst other
functions). It will support the functions of SCADA and real time dispatching. The
SCADA/EMS functions are considered as critical. To that end, they are implemented via
dual-redundant SCADA/EMS servers.
Operating system: Windows Server 2008 R2 Standard
Front End
The Communication Front End (CFE) drives the communication and pre-
processing between RTUs (on both IEC 60870-5-101 and IEC 60870-5-104 protocol)
and SCADA/EMS servers. It passes the RTU data up to the SCADA/EMS servers on a
“report by exception” basis. The FE functions are considered as critical functions and
hence supported with dual redundant FE servers.
Our e-terracontrol product will be used in the FE servers for the acquisition of
data from the RTU’s. E-terracontrol supports communications via a large number of
protocols and is written with a view to extremely efficient and rapid operation. It uses a
database based upon the Microsoft Foundation Classes (MFC) and .NET Framework
and includes the capacity for full on-line updating.
Inter Control Center Communication (ICCP)

The Inter Control Center Communication system handles communications with
external systems and the neighboring utilities of control centers, future plants of
neighboring countries etc. via the standard TASE.2 protocols. The SCADA/EMS system
shall acquire real-time data like analog, status, calculated and manually entered data
from connected control centers over ICCP protocol.
HIS & Archive Subsystem

The Archive/Report subsystem (based on e-terraarchive), stores any user-defined
data and events into the SQL Server based historic database; In particular, the Archive
system will store:
• Real time database snapshot
• Historical Information
• SOE data
• System message log etc.
Report functionality will be achieved with Crystal Report or equivalent reporting
software. The reporting software will provide:
It supports connectivity to virtually any enterprise data source. Rich features for
building business logic, comprehensive formatting and layout, and high-fidelity output for
the web or print.
Operating system: Windows Server 2008 R2 Enterprise
Web Subsystem
E-terrabrowser is a web based application which provides the user interface to

the system through configurable graphic displays accessible through any web browser.
The web subsystem is primarily composed of the e-terrabrowser user interface

which makes use of classical client/server architecture. E-terrabrowser provides the web
based graphical user interface for control room operators. A lightweight client may also
be used by remote users through any standard web browser. Remote access is subject
to the appropriate permission and authorization mechanisms. E-terrabrowser allows
virtually any number of users to connect to the system across the WAN.
User Interface (UI) Subsystem
The Microsoft Windows based Model UI provides a simple, intuitive, user-

friendly, and powerful graphical interface for database maintenance.
The User Interface (UI) subsystem is composed of multiple workstation consoles.

All of the consoles are equivalent from a hardware perspective (dispatcher, engineer,
trainees, instructor, etc.). The privileges assigned to a user depend upon the user
account type (dispatcher, maintenance, administrator, etc.) and the console’s IP
address.
Development Subsystem
The role of the development system is to maintain a central repository for all
software development tools and environment, data models and displays representing
the network. It will also act as test bench for the integration of new RTU/DCU integration
into the system and Control Centre integration to the existing hierarchy through ICCP
with main/backup SCADA/EMS system before putting them online in real time
environment.
Network Management Subsystem
The Network Management system will monitor the interfaces, CPU and
Memory of the servers, workstations & Networking devices. The system shall monitor
the performance, resource usages and error statistics of all the servers, workstations,
routers, and LAN devices.
GPS Subsystem
The role of the GPS subsystem is to accumulate the real data through GPS
antenna and synchronize the time & date to servers, workstations and networking
equipment, using the standard Network Time Protocol (NTP). Simultaneously the GPS
system is transmitting the time, Day & Frequency data to respective display units.
WAN Subsystem
The role of the Wide Area Network (WAN) subsystem is to communicate with
external system (Remote Control center, IP Based RTU and the corporate Network) and
the Firewall is to protect the network from Intrusion and Detection system shall be
provided to meet the cyber security requirements.
LAN Subsystem
The role of the Local Area Network (LAN) subsystem is to assume the inter-
connection of all the servers, workstations, and peripherals. The LAN is considered as
critical function, it is materialized into redundant standard Fast Ethernet switches.
Operator Consoles and VPS
Operator Consoles and Video Projection System handle the machine interface for
system control and supervisory operations.
Operating system: Windows 7
Overview of proposed architecture of main control center:
2. SERVERS (IBM System x3530 M4)
The IBM System x3530 M4 server delivers dual-socket performance in a 1U

compact footprint. Featuring the latest Intel platform, the x3530 M4 is a flexible rack
server positioned as a good investment value, while considering your total cost of
ownership and IBM commitment. It is designed to provide more affordable value and
increased flexibility with performance and quality to match.
Designed with redundancy, flexible subsystems, and a wider range of
configuration options, the x3530 M4 also offers an innovative Feature on Demand
design for an easier upgrade path.
The below figure shows the IBM System x3530 M4:
IBM System x3530 M4

The x3530 M4 offers a flexible and scalable design and a simple upgrade path to
eight HDDs plus an optical drive at the same time. The flexible onboard Ethernet
solution provides two standard integrated Gigabit Ethernet ports and two additional
integrated Gigabit Ethernet ports with an optional software feature for an on-demand
upgrade without needing to buy additional hardware.
Key features
The x3530 M4 delivers dual-socket performance in a compact 1U footprint and
features the latest Intel Xeon processor E5-2400 product family technology with greater
processing, memory, and I/O capabilities. Built with a focus on a reduced TCO, the
x3530 M4 provides the 80 PLUS power supply certification to help enable energy
savings. With a better balance between cost and system features, the x3530 M4 is an
ideal platform for general business workloads.
Server Configuration as per technical specification:
Sr.No. Item Characteristics

1 Manufacturer IBM System x3530 M4
2 Features :
A Processor Intel Xeon 4C E5-2407 ,4 Core Processor,10MB
Cache
B Processor Sockets 2-Processor Slot,1no.Installed Processor.
C CPU/ Clock Speed 2.2GHz
D RAM Installed RAM:16 GB,Upto 384 GB via 12 slots
Installed 4 x 300GB 10K 6Gbps SAS 2.5" SFF
E Hard Disk G2HS HDD;Maximum Internal staorge :up to 8
TB with 1 TB 2.5-inch NL SAS/SATA HDDs.
F Storage Drive DVD R/W Drive
G Supports both IPv4 and IPv6 Yes
H Supports SNMP v1/ v2/ v3 Yes
I SpecINT & SpecFP Compliance report from OEM attached
J Cooling 4 redundant non hot swappable
Scalability and performance

The x3530 M4 offers numerous features to boost performance, improve and
scalability:
The Intel Xeon processor E5-2400 product family improves productivity by
• Offering affordable dual-socket system performance with eight-core processors
with up to 2.3 GHz core speeds, up to 20 MB of L3 cache, and one QPI
interconnect link of up to 8 GTps.
• Up to two processors, 16 cores, and 32 threads maximize the concurrent
execution of multithreaded applications.
• Intelligent and adaptive system performance with Intel Turbo Boost Technology
2.0 allows processor cores to run at maximum speeds during peak workloads by
temporarily going beyond processor thermal design power (TDP).
• Intel Hyper-Threading Technology boosts performance for multithreaded
applications by enabling simultaneous multithreading within each processor core,
up to two threads per core.
• Intel Virtualization Technology integrates hardware-level virtualization hooks that
allow operating system vendors to better use the hardware for virtualization
workloads.
• Intel Advanced Vector Extensions (AVT) significantly improve floating point
performance for compute-intensive technical and scientific applications.
• The 12 RDIMMs of 1600 MHz DDR3 ECC memory provide speed, high
availability, and a memory capacity of up to 384 GB (running at 1066 MHz).
• The theoretical maximum memory bandwidth of the Intel Xeon processor E5-
2400 product family is 38.4 GBps at 1600 MHz, which is 20% more than the
previous generation of Intel Xeon 5600 processors.
• The server offers up to four integrated Gigabit Ethernet ports with a convenient
FoD upgrade process that does not require the purchasing of additional
hardware.
• The server offers PCI Express 3.0 I/O expansion capabilities that improve the
theoretical maximum bandwidth by almost 100% (8 GTps per link using
128b/130b encoding) compared to the previous generation of PCI Express 2.0 (5
GTps per link using 8b/10b encoding).
• With Intel Integrated I/O Technology, the PCI Express 3.0 controller is integrated
into the Intel Xeon processor E5 family. This controller reduces I/O latency and
increases overall system performance.
• Up to eight 2.5-inch hot-swap or simple-swap drive bays or four 3.5-inch hot-swap
or simple-swap drive bays provide maximum internal storage capacity in a
compact 1U form factor.
Availability and serviceability

The x3530 M4 provides many features to simplify serviceability and increase
system uptime:
• The server offers Chip kill, memory mirroring, and memory rank sparing for
redundancy in the event of a non-correctable memory failure.
• Tool-less cover removal provides easy access to upgrades and serviceable parts,
such as processor, memory, and adapter cards. IBM System x3530 M4 3. The
server offers simple-swap or hot-swap drives supporting affordable software
• RAID and advanced hardware RAID redundancy for data protection and greater
system uptime.
• The server offers two redundant hot-swap power supplies and up to six dual-
motor redundant non-hot-swap fans to provide cost-efficient availability for
applications.
• The power source-independent light path diagnostics panel and optional
individual light path LEDs quickly lead the technician to failed (or failing)
components. This feature simplifies servicing, speed up problem resolution, and
improves system availability.
• Predictive Failure Analysis (PFA) detects when system components (processors,
memory, hard disk drives, fans, and power supplies) operate outside of standard
thresholds and generates proactive alerts in advance of possible failure, therefore
increasing uptime.
• Built-in Integrated Management Module II (IMM2) continuously monitors system
parameters, triggers alerts, and performs recovery actions in case of failure, to
minimize downtime.
• Built-in diagnostics using Dynamic Systems Analysis (DSA) Preboot speeds up
troubleshooting tasks to reduce service time.
• Three-year customer replaceable unit and on-site limited warranty, next business
day 9x5. Optional service upgrades are available.
Manageability and security
Powerful systems management features simplify local and remote management
of the x3530 M4:
• The server includes an Integrated Management Module II (IMM2) to monitor
server availability and perform remote management.
• An integrated industry-standard Unified Extensible Firmware Interface (UEFI)
enables improved setup, configuration, and updates, and simplifies error
handling.
• Integrated Trusted Platform Module (TPM) V1.2 support enables advanced
cryptographic functionality, such as digital signatures and remote attestation.
• Industry-standard AES NI support provides faster and stronger encryption.
• IBM Systems Director is included for proactive systems management. It offers
comprehensive systems management tools that increase uptime, reduce costs,
and improve productivity through advanced server management capabilities.
• Intel Execute Disable Bit functionality can help prevent certain classes of
malicious buffer overflow attacks when combined with a supporting operating
system.
• Intel Trusted Execution Technology provides enhanced security through
hardware-based resistance to malicious software attacks, allowing an application
to run in its own isolated space protected from all other software running on a
system.
Energy efficiency
The x3530 M4 offers the following energy-efficiency features to save energy, reduce
operational costs, increase energy availability, and contribute to a green environment:
• Energy-efficient planar components help lower operational costs.
• 80 PLUS certified power supplies enable greater energy savings while providing
flexibility to meet your business needs.
• The Intel Xeon processor E5-2400 product family offers better performance over
the previous generation, while fitting into the same TDP limits.
• Intel Intelligent Power Capability powers individual processor elements on and off
as needed, to reduce power draw.
• Low-voltage Intel Xeon processors draw less energy to satisfy the demands of
power and thermally constrained data centers and telecommunication
environments.
• Low-voltage 1.35 V DDR3 memory RDIMMs consumes 19% less energy
compared to 1.5 V DDR3 RDIMMs.
• The server uses hexagonal ventilation holes, a part of IBM Calibrated Vectored
Cooling™ technology. Hexagonal holes can be grouped more densely than round
holes, providing more efficient airflow through the system.
• IBM Systems Director Active Energy Manager™ provides advanced data center
power notification and management to help achieve lower heat output and
reduced cooling needs.
Locations of key components and connectors
The below figure shows the front of the server with four 3.5-inch hot-swap drive bays
Front View
IBM System x3530 M4 with four 3.5-inch hot-swap drive bays
The below figure shows the rear view of the server with hot-swap power supply
Front LED Status:-
Rear View
IBM System x3530 M4 with hot-swap power supplies
The below figure shows the locations of key components inside the server
Crossectional View
Figure 5. Inside view of the IBM System x3530 M4
2.1 Server Components
Central Processing Unit
The central processing unit (CPU) is the portion of a computer system that carries out
the instructions of a computer program, and is the primary element carrying out the
functions of the computer or other processing device.
The fundamental operation of most CPUs, regardless of the physical form they take, is
to execute a sequence of stored instructions called a program. The program is
represented by a series of numbers that are kept in some kind of computer memory.
There are four steps that nearly all CPUs use in their operation: fetch, decode, execute,
and writeback
Operation
The fundamental operation of most CPUs, regardless of the physical form they take, is
to execute a sequence of stored instructions called a program. The program is
represented by a series of numbers that are kept in some kind of computer memory.
There are four steps that nearly all CPUs use in their operation: fetch, decode, execute,
and write back.
Clock rate
The clock rate is the speed at which a microprocessor executes instructions. Every
computer contains an internal clock that regulates the rate at which instructions are
executed and synchronizes all the various computer components. The CPU requires a
fixed number of clock ticks (or clock cycles) to execute each instruction. The faster the
clock, the more instructions the CPU can execute per second.
Most CPUs, and indeed most sequential logic devices, are synchronous in nature. That
is, they are designed and operate on assumptions about a synchronization signal. This
signal, known as a clock signal, usually takes the form of a periodic square wave. By
calculating the maximum time that electrical signals can move in various branches of a
CPU's many circuits, the designers can select an appropriate period for the clock signal.
Dynamic Random Access Memory
Random-access memory (RAM) is a form of computer data storage. Today, it takes the
form of integrated circuits that allow stored data to be accessed in any order with a worst
case performance of constant time.
TYPE OF RAM
1) Static RAM
2) Dynamic RAM
Static RAM
In static RAM, a bit of data is stored using the state of a flip-flop. This form of RAM is
more expensive to produce, but is generally faster and requires less power than DRAM
and, in modern computers, is often used as cache memory for the CPU.
Dynamic RAM
DRAM stores a bit of data using a transistor and capacitor pair, which together comprise
a memory cell. The capacitor holds a high or low charge (1 or 0, respectively), and the
transistor acts as a switch that lets the control circuitry on the chip read the capacitor's
state of charge or change it. As this form of memory is less expensive to produce than
static RAM, it is the predominant form of computer memory used in modern computers.
DDR3 SDRAM, an abbreviation for double data rate type three synchronous dynamic
random access memory, is a modern kind of dynamic random access memory (DRAM)
with a high bandwidth interface. DDR3 SDRAM is not directly compatible with any earlier
type of random access memory (RAM) due to different signaling voltages, timings, and
other factors.
Cache Memory
Cache (pronounced cash) memory is extremely fast memory that is built into a
computer’s central processing unit (CPU), or located next to it on a separate chip. The
CPU uses cache memory to store instructions that are repeatedly required to run
programs, improving overall system speed. The advantage of cache memory is that the
CPU does not have to use the motherboard’s system bus for data transfer. Whenever
data must be passed through the system bus, the data transfer speed slows to the
motherboard’s capability. The CPU can process data much faster by avoiding the
bottleneck created by the system bus.
As it happens, once most programs are open and running, they use very few resources.
When these resources are kept in cache, programs can operate more quickly and
efficiently. All else being equal, cache is so effective in system performance that a
computer running a fast CPU with little cache can have lower benchmarks than a system
running a somewhat slower CPU with more cache. Cache built into the CPU itself is
referred to as Level 1 (L1) cache. Cache that resides on a separate chip next to the CPU
is called Level 2 (L2) cache. Some CPUs have both L1 and L2 cache built-in and
designate the separate cache chip as Level 3 (L3) cache.
Front Side Bus
The FSB connects the computer's processor to the system memory (RAM) and other
components on the motherboard. These components include the system chipset, AGP
card, PCI devices, and other peripherals. Because the FSB serves as the main path
from the processor to the rest of the motherboard, it is also called the "system bus."
The speed of the front side bus is measured in Megahertz or Gigahertz, just like the
processor. Most computers' processors run faster than their system buses, so the FSB
speed is typically a ratio of the processor speed. For example, a Pentium 4 processor
that runs at 2.4 GHz may have an FSB speed of only 400 MHz. The CPU to FSB ratio
would be 6:1. A Power Mac G5, however, with a 2.0 GHz processor, has a 1.0 GHz front
side bus. Therefore, its CPU to FSB ratio is 2:1.
The smaller the ratio, the more efficiently the processor can work. Therefore, faster front
side bus speeds lead to faster overall performance. When the CPU to FSB ratio is high,
the processor often has to wait for data to be sent out over the system bus before
getting new data to process. For this reason, the FSB can be a bottleneck in a
computer's performance.
Controller Card
The controller card, or simply "controller," is a piece of hardware that acts as the
interface between the motherboard and the other components of the computer. For
example, hard drives, optical drives, printers, keyboards, and mice all require controllers
to work. Most computers have all the necessary controllers built in the motherboard as
chips, not full-sized cards. However, if you add additional components such as a SCSI
hard drive, you may need to add a controller card as well. Controller cards are typically
installed in one of the computer's PCI slots
2.2 HW requirements for Windows Server 2008 R2 Standard
This software is intended for evaluation and deployment planning purposes only. If
you plan to install the software on your stand-alone server, it is recommended that
you take the image backup of your existing data prior to installation.
To use Windows Server 2008 R2 Standard, you need:
Component Requirement
Processor • Minimum: 1 GHz (x86 processor) or 1.4 GHz (x64 processor)

• Recommended: 2 GHz or faster
Note: An Intel Itanium 2 processor is required for Windows Server

2008 for Itanium-Based Systems.
Memory •Minimum: 512 MB RAM

• Recommended: 2 GB RAM or greater
• Maximum (32-bit systems): 4 GB (Standard) or 64 GB (Enterprise
and Datacenter)
• Maximum (64-bit systems): 32 GB (Standard) or 1 TB (Enterprise
and Datacenter) or 2 TB (Itanium-Based Systems)
Available Disk • Minimum: 10 GB

Space • Recommended: 40 GB or greater
Note: Computers with more than 16 GB of RAM will require more
Component Requirement
disk space for paging, hibernation, and dump files.
Drive DVD-ROM drive
Display and • Super VGA (800 x 600) or higher-resolution monitor

Peripherals • Keyboard
• Microsoft Mouse or compatible pointing device
Actual requirements will vary based on your system configuration and the applications
and features you choose to install. Processor performance is dependent upon not only
the clock frequency of the processor, but the number of cores and the size of the
processor cache. Disk space requirements for the system partition are approximate.
Itanium-based and x64-based operating systems will vary from these disk size
estimates. Additional available hard-disk space may be required if you are installing over
a network.
Installation and Activation:
Evaluating Windows Server 2008 software does not require product activation or
entering a product key. Any edition of Windows Server 2008 may be installed without
activation and evaluated for an initial 60 days.
If you need more time to evaluate Windows Server 2008, the 60-day evaluation period
may be reset (or re-armed) three times, extending the original 60-day evaluation period
by up to 180 days for a total possible evaluation time of 240 days. After this time, you
will need to uninstall the software or upgrade to a fully-licensed version of Windows
Server 2008.
2.3. IBM System Storage DS3524 Express and x3630 M3
The Information Storage and Retrieval subsystem (based on eterra archive), stores
user-defined data and events into the ORACLE-based historic database; in particular,
the ISR system will store:

• Real time database snapshot, storage and playback
• Historical Information
• SOE data
• Alarm message log
• Storage of files
• The requirement of ISR system is implemented on redundant set of Servers.
Front View :
Rear View:-
Host Connectivity :-
Hardware Configuration as per Technical Specification:
SAN BOX:-
NAS : Over View:-
The IBM System x3630 M3
Locations of key components and connectors
Front View:-
Rear View:-
Internal View :-
NAS BOX DRS:-
2.4. TAPE LIBERARY
There is an External TAPE LIBERARY of IBM System StorageTS3200 Tape Library Model L4U
Driveless,35734UL (HVEC)
http://publibfp.dhe.ibm.com/epubs/pdf/32054510.pdf
Technical Specification are as follows:-

1 Manufacturer type IBM System StorageTS3200 Tape Library Model L4U
Driveless, 35734UL (HVEC)
2 Features
• Tape Drive Technology LTO Ultrium 5 half-height

• Number of Tape Cartridges Slots 48
• Drive Interface 6GB SAS HBA
• Physical Catridge Capacity 3.0 TB compressed ; 1.5 TB native
• Physical Library Capacity 144 TB compressed ; 72 TB native
• Data transfer rate (per drive) Up to 140 MBps native with LTO Ultrium 5
3 Compression Minimum 2:1
4 No of Drives Installed : 2 x LTO-5; Possible : 4
Front Panel :-
Menu Tree:-
Check list:-
a. Follow Front Panel for error logs.
b. Check from server for Backup Status schedule.
c. Power supply indicators should be green.
d. Check Front LED status for system error activity.
2.5 RAID Concept
Redundant Array of Independent Disks
RAID drives for editing means you take 2 or more hard drives and stripe
them together as one large media drives. You do this using Apple's Disc Utility and just
use the RAID function in there. The more drives you stripe together, the more speed you
get out of your media array and the more real time functionality you'll get from your FCP
system.
Type of RAID: - RAID 0, RAID 1, RAID 5, RAID 6
RAID 0 -
A hard drive array striped for the absolute fastest speed possible. The trade-
off is you have absolutely ZERO protection in the event of a drive failure. If any of the
drives in your array fail, you more than likely have lost all of your data. If you run in RAID
0, it is highly recommended that you also run some sort of a backup device to protect
your data each day. A RAID 0 can be set up with as few as 2 hard drives.
RAID 1
A hard drive array striped so that all of the data is mirrored. This essentially
splits your storage in half so that you are writing / editing to half of the array and the
other half is creating a mirror copy of all your data. This gives you absolute protection
against data loss, but cuts your storage capacity in half and seriously slows down your
array speed. This is really not a recommended RAID setup for video editing. RAID 1 can
be set up with as few as 2 hard drives.
RAID 5
A hard drive array can rebuild itself in the event of a single hard drive failure.
This is a great combination of high speed and protection for your data. The array has
one drive essentially on "stand-by" that will immediately activate in the event that any of
the other drives in the array fail. The data will not be lost and you will not lose any time
editing. With the properly configured array, you should not even know that a drive has
failed, it should all happen seamlessly in the background.
RAID 6
RAID 6 does not have a performance penalty for read operations, but it does
have a performance penalty on write operations because of the overhead associated
with parity calculations. Performance varies greatly depending on how RAID 6 is
implemented in the manufacturer's storage architecture – in software, firmware or by
using firmware and specialized ASICs for intensive parity calculations. It can be as fast
as a RAID-5 system with one fewer drive (same number of data drives).[
Difference B/W RAID 5 and RAID 6
o By using additional parity calculations (two parity disks rather than the one
disk required by RAID 5), RAID 6 can protect mission-critical data from two
concurrent disk drive failures
o RAID 6 is essentially an extension of RAID 5 that allows for additional fault
tolerance by using a second independent distributed parity scheme (dual
parity)
o Second extra drive in the RAID 6 array can be thought of as an “active”
parity drive
o The hot spare in RAID 5 is still an option but not nearly as necessary in
RAID 6 since the array is still RAID 5 protected after the first drive failure
3. ATEN, CL1000
ATEN's 17" LCD integrated console and 8-port IP KVM bundle offers a streamlined
and economic approach to IT environments. The CL1000M, incorporates a
keyboard with touchpad and a 17" LCD monitor into a 1U Slide way housing.
The bundled ATEN IP KVM, CS1708i, allows you to manage 8 computers either
directly from the CL1000M, or remotely from anyplace on your network or the
internet.
1
1. Carry handle to release the 2-pt lock

2. 2-point lock
3. LCD interchangeable module kit.
4. LCD membrane
5. Adjustable rear mounting L-bracket.
6. Micro switch for screen auto power off.
7. Membrane switch (KVM option)
8. Keyboard interchangeable module kit
9. Mouse interchangeable module kit.
Main Menu
BRIGHTNESS / CONTRAST
Brightness: Adjust background black level of the screen image.
Contrast: Adjust the difference between the image background (black level) and the
foreground (white level).
AUTO ADJUST
Auto Adjust: Fine tunes the video signal to eliminate waviness and distortion. An
"Adjusting" message is displayed
during the process.
Auto Tune: Optimize phase, clock, position and size. An "Adjusting" message is
displayed during the process.
PHASE/CLOCK
Phase / Clock: To enter into the phase & clock sub menu.
H/V POSITION
H/V Position: Align the screen image left or right and up or down.
MISC
Information: Display the current resolution, refresh rate and frequency information on
the screen.
OSD Timer: Set the time duration in seconds that the OSD is visible after the last button
is pressed. The factory
default is 10 seconds.
Color: Select the screen color - 5500K, 6500K & 9500K. The factory default is 9500K.
Language: Select the language in which the OSD menu is displayed -
English, Chinese, Japanese, German, French, Spanish, Italian.
RESET : Restore the settings to factory defaults.
4. Workstation
The User Interface (UI) subsystem is composed of workstation consoles

with appropriate graphic cards to drive multiple monitors. All the consoles are equal, the
privilege of the logged user depends on the logging modes (Development, maintenance,
administrator, etc.), and the console’s IP address.
Over View
• Disks: It's having 1 hard disk (250GB) with 2 partitions C & D.
• RAM: It’s having 4GB (Expandable to 8GB) for each console.
• Network interface: It’s having 2 network adapters (Giga byte). Check the status of the
network by studying the properties on right clicking the folder of Network Places on the
Desktop.
• Storage: CD-RW + DVD combo (SATA),
• User interface:
• 1 or 2 TFT
• Keyboard
• Mouse
• 2 Speakers
4.1 Hardware requirements for Windows 7
The following table shows the minimum hardware requirements for Windows 7 as
provided by Microsoft:
Minimum 32-bit Operating Minimum 64-bit Operating

System System
Processor 1 GHz or faster, 32-bit (x 86) 1 GHz or faster, 64-bit (x 64)
Memory 1 GB RAM 2 GB RAM
Available Disk
16 GB 20 GB
Space
DirectX® 9 graphics processor DirectX® 9 graphics processor
Graphics
with WDDM or higher driver with WDDM or higher driver
These minimum requirements are for basic computing tasks such as word processing
and Web browsing. Additional memory and graphics may be required for more powerful
computing tasks.
The recommendations above are provided by Microsoft. When using multiple programs
or when several windows are open simultaneously, Dell recommends at least 2 GB of
system memory for a PC with 32-bit Windows® 7 operating system and 4 GB for a PC
with 64-bit Windows® 7 operating system.
4.2 How to create addition drive in Windows 7
The Windows 7 Disk Management tool provides a simple interface for managing
partitions and volumes. Here’s an easy way to shrink a volume to free up space so you
can create a new partition on your disk.
To shrink a basic volume & simple volume:
1. Open the Disk Management console by typing diskmgmt.msc at an elevated

command prompt.
2. In Disk Management, right-click the volume that you want to shrink, and then click
Shrink Volume.
3. In the field provided in the Shrink dialog box, enter the amount of space by which
to shrink the disk.
The Shrink dialog box provides the following information:
(a) Total Size before Shrink in MB Lists the total capacity of the volume in MB.
This is the formatted size of the volume.
(b) Size Of Available Shrink Space In MB Lists the maximum amount by which
you can shrink the volume. This doesn’t represent the total amount of free space
on the volume; rather, it represents the amount of space that can be removed, not
including any data reserved for the master file table, volume snapshots, page
files, and temporary files.
(c) Enter the Amount of Space to Shrink in MB Lists the total amount of space
that will be removed from the volume. The initial value defaults to the maximum
amount of space that can be removed from the volume. For optimal drive
performance, you should ensure that the volume has at least 10 percent of free
space after the shrink operation.
(d) Total size after shrink in MB- Lists what the total capacity of the volume in
MB will be after you shrink the volume. This is the new formatted size of the
volume.
4. Click Shrink.
Once you have unallocated space, you can use that space to create a new partition.
.
5. Laptop
A laptop (notebook) is a personal computer for mobile use. A laptop

integrates most of the typical components of a desktop computer, including a display, a
keyboard, a pointing device (a touchpad, also known as a trackpad, and/or a pointing
stick) and speakers into a single unit. A laptop is powered by mains electricity via an AC
adapter, and can be used away from an outlet using a rechargeable battery. A laptop
battery in new condition typically stores enough energy to run the laptop for three to five
hours, depending on the computer usage, configuration and power management
settings. When the laptop is plugged into the mains, the battery charges, whether or not
the computer is running. Yet as it ages the battery's energy storage will progressively
dissipate to lasting only a few minutes
Over View

1 Manufacturer, Model Dell, Vostro Laptop 2520
2 Features
a Processor 3rd generation Intel Core i3-3110M processor
b CPU/Clock Speed 2.40 GHz
c RAM Installed: 8GB
d Hard Disk Drive Installed:500GB 5400RPM SATA Hard Drive
e Storage Drive DVD+/-RW
3 Interfaces :
a I/O Ports VGA, HDMI, Power, Headphone/Microphone out, 3 x USB 2.0
b Serial Port Yes, Through USB to serial converter
c Ethernet ports 1 x 10/100/1000 Mbps
4 User Interface
a Display Size 15.6” Display
b Keyboard Yes
c Optical Mouse Yes
d Graphics Intel HD Graphics
5 Multimedia
a Web Cam Dell Webcam Central and video conferencing
b Speaker 2 Integrated speakers (2W x 2)
6. Color LaserJet Printer
There is 1 Color Inkjet Printer of RICOH, SP C730DN with Intel Celeron-M 600 MHz
Processor with 512 MB ram used in the TANTRANSCO System. The printer has the
following configuration.
1. Top cover
Open this cover to replace the toner or black drum unit/color drum units.
2. Standard tray
Output is stacked here with the print side down.
3. Control panel
You can set the display up with your hands. Adjust the angle of it to see clearly.
4. Front cover
Open this cover when replacing the waste toner bottle, etc., or removing jammed paper.
Pull the right side lever to open the front cover.
5. Bypass tray
Up to 100 sheets of plain paper can be loaded.
For details about the sizes and types of paper that can be used, see p.23 "Paper
Specifications".
6. Main power switch

Use this switch to turn the power on and off.
Perform the shutdown procedure before turning the power off. For details about how to
shut down the printer,
see p.18 "Turning Off the Power".
7. Remaining paper indicator

Indicates the approximate amount of paper remaining in the tray.
8. Standard paper feed tray (Tray 1)

Up to 250 sheets of plain paper can be loaded.
For details about the sizes and types of paper that can be used, see p.23 "Paper
Specifications".
9. Stop fence (A3, Legal, and Double letter-size prints)

Raise the rear fence (by pulling it in the direction of the arrow) to prevent A3, Legal, and
Double letter-size prints from falling behind the printer. After using the stop fence, be
sure to return it to its original position. The fence may be damaged if it is hit with
something or excessive force is applied.
10. Standard tray extension

Use this to support sheets that come out curled after they are printed.
Flip open the extension by pushing down on the end that is toward the rear of the printer.
After using the standard tray extension, be sure to return it to its original position. The
tray may be damaged if it is hit with something or excessive force is applied.
11. Top cover open lever

Pull this lever upward to open the top cover.
12. Vents
To prevent overheating, heat from internal components is released through these vents.
Malfunctions and failure can result if these vents are blocked or obstructed.
13. Front cover open lever

Pull this lever to open the front cover.
14. Paper size dial
Use this dial to specify the paper size. To use a paper size that is not indicated on the
paper size dial, set the dial to " ". If this is the case, set the paper size using the control
panel.
RAM: 512MB (Expandable to 1024MB)
Network interface: Dual Ethernet Port (One network card on EIO slot & 01 through
external Print server on USB Port).

1 Manufacturer, type RICOH, SP C730DN
2 General Features
A Technology Laser beam scanning, electro-photographic printing & dual-component
toner development; 4-drums tandem method
B Print speed 32 PPM
C Warm-up time 34/48 seconds or less
B/ W : 4 seconds or less
D First-page-out-time Full Colour : max 9 Sec for graphics /PDF files, less than 7 sec for
normal text print job
E Duty cycle 100,000 prints per month
3 Controller
A Processor Intel Celeron-M 600 MHz
PCL5c: 600 x 600 dpi/4bit, 2bit, 1bit,300 x 300 dpi/1bit
PCL6: 600 x 600 dpi/4bit, 2bit, 1bit, 1,200 x 1,200 dpi/1bit
B Printer language/resolution
RPCS, Adobe PostScript 3: 600 x 600 dpi/4bit, 2bit, 1bit, 1,200 x 1,200
dpi/1bit
C Memory Standard: 512 MB, Maximum: 1,024 MB
1. [Job Reset] key
When the printer is online, press this key to cancel an ongoing print job.
2. Light sensor
The sensor that detects the ambient light level when the ECO Night Sensor
function is enabled.
3. [Switch Functions] key

Press this key to switch between the operation screen of the printer function and
the function screens of the extended features currently in use.
4. Display
Displays current printer status and error messages.
Entering energy saver mode turns off the back light. For details about energy
saver mode, see p.19 "Saving
Energy".
5. Scroll keys
Press these keys to move the cursor in each direction.
When the [ ] [ ] [ ] [ ] keys appear in this manual, press the scroll key of the same
direction.
6. Power indicator
Lights up when the printer is ready to receive data from a computer. Flashes
when the printer is warming up or
receiving data. It is unlit when the power is off or while the printer is in energy
saver mode.
1. Getting Started
7. [Suspend/Resume] key
Press this to suspend the print job currently being processed. The indicator
remains lit as long as the job is suspended. To resume the job, press this
key again. Resumption of a suspended job will occur automatically when
the time
specified in [Auto Reset Timer] elapses (default: 60 seconds). For details
about the [Auto Reset Timer] setting, see "Making Printer Settings Using
the Control Panel",Operating Instructions.
8. Data in indicator
Flashes when the printer is receiving data from a computer. The data in indicator
is lit if there is data to be
printed.
9. [Menu] key
Press this key to configure and check the current printer settings. Press to change
the default settings to meet your requirements. See "Making Printer Settings
Using the Control Panel", Operating Instructions.
10. Alert indicator
Lights up or flashes when a printer error occurs.
Steady red: printing is not possible, or is possible but print quality cannot be
ensured.
Flashing yellow: the printer will soon require maintenance or a replacement
consumable such as toner
cartridge.
Follow the instructions that appear on the display.
11. Selection keys

Correspond to the function items at the bottom line on the display.
Example: When this manual instructs you to press [Option], press the selection
key on the left below the initial
screen.
12. [Escape] key

Press this key to cancel an operation or return to the previous display.
13. [OK] key

Use this key to confirm settings, or setting values, or move to the next menu level.
6.1 Specifying an IP address (no DHCP)

If you want to use the printer on a network without using DHCP or want to use a static
IP address, use the following procedure to assign a specific IPv4 address to the
printer. Before making any changes, contact your network administrator to obtain the
IP address, subnet mask, and gateway address to be specified on the printer.
Press the [Menu] key, and then select the setting items using the [ ] or [ ] key.
Select [Host Interface] Press [OK]
Select [Network] Press [OK]
Select [Effective Protocol] Press [OK]
Select [IPv4] Press [OK]
Select [Active] Press [OK] Press [Escape]
Set other protocols you need to set in the same way.
Enable IPv4 to use the pure IPv4 environment of NetWare 6.5.
Select [Machine IPv4 Address] Press [OK]
Press [IP Add.] Specify the IPv4 address for the printer. Press [OK]
Press [Subnet M] and [Gateway] to specify the subnet mask and gateway
address in the same manner.
Make sure [Specify] is selected Press [OK]
6.2 Receiving an IP address automatically (DHCP)
Follow the procedure below to set the printer to receive an IP address automatically
using DHCP. The DHCP feature is active by default, so this procedure is only required
if you have changed the default settings.
• When [Auto-Obtain (DHCP)] is selected, you cannot configure the IP address,

subnet mask, or gateway address.
Press the [Menu] key, and then select the setting items using the [ ] or [ ] key.
Select [Host Interface] Press [OK]
Select [Network] Press [OK]
Select [Machine IPv4 Address] Press [OK]
Select [Auto-Obtain (DHCP)] Press [OK]
You can check the detected addresses by pressing [IP Add.], [Subnet M], and
[Gateway].
6.3 Preparing a Print Server

This section explains how to configure the printer as a Windows network printer. The
printer is configured to enable use by network clients.
Open the printer properties.
For details, see Displaying the Printer Driver Properties with Windows .
On the [Sharing] tab, click [Share this printer].
To share the printer with users using a different version of Windows, click
[Additional Drivers...].
If you have installed an alternative driver by selecting [Share As:] during the printer
driver installation, this step can be ignored.
On the [Advanced] tab, click the [Printing Default...] button. Specify the
default values for the printer driver that will be distributed to the client
computers, and then click [OK].
Click [OK], and then close the printer properties.
Overview of Network Setup and Configuration
To set up and configure the network:
1. Connect the printer to the network using the recommended hardware and cables.
2. Turn on the printer and the computer.
3. Print the Configuration page and keep it for referencing network settings.
4. Install the driver software on the computer from the Software and Documentation
CD-ROM. For information on driver installation, see the section in this chapter for
the specific operating system you are using.
5. Configure the printer’s TCP/IP address, which is required to identify the printer on the
network.
Windows operating systems: Run the Installer on the Software and Documentation
CD-ROM to automatically set the printer’s IP address if the printer is connected to an
established TCP/IP network. You can also manually set the printer’s IP address on
the control panel.
Choosing a Connection Method
Connect the printer via Ethernet or USB. A USB connection is a direct connection and
is not used for networking. An Ethernet connection is used for networking. Hardware
and cabling requirements vary for the different connection methods. Cabling and
hardware are generally not included with your printer and must be purchased
separately. This section includes:
• Connecting via Ethernet (Recommended)
• Connecting via USB
Connecting via Ethernet (Recommended)
Ethernet can be used for one or more computers. It supports many printers and systems
on an Ethernet network. An Ethernet connection is recommended because it is faster
than a USB connection. It also allows you direct access to CentreWare Internet
Services, which enables you to manage, configure, and monitor network printers from
your computer.
Network Connection
Depending on your particular setup, the following hardware and cabling is required for
Ethernet.
• If you are connecting to one computer, an Ethernet RJ-45 crossover cable is

required.
• If you are connecting to one or more computers with an Ethernet hub, or cable or
DSL router, two or more twisted-pair (category 5/RJ-45) cables are required. (One
cable for each device.)
If you are connecting to one or more computers with a hub, connect the computer to the
hub with one cable, and then connect the printer to the hub with the second cable.
Connect to any port on the hub except the uplink port.
Connecting via USB
If you are connecting to one computer, a USB connection offers fast data speeds.
However, a USB connection is not as fast as an Ethernet connection. To use USB,
PC users must have Windows 2000/XP/Server 2003 or newer. Macintosh users must
use Mac OS X, version 10.3 and higher.
USB Connection
A USB connection requires a standard A/B USB cable. This cable is not included with
your printer and must be purchased separately. Verify that you are using the correct
USB (1.x or 2.0) cable for your connection.
6. Connect one end of the USB cable to the printer and turn it on.
7. Connect the other end of the USB cable to the computer.
Configuring the Network Address
This section includes:
1 TCP/IP and IP Addresses
2 Automatically Setting the Printer’s IP Address
3 Dynamic Methods of Setting the Printer’s IP Address
4 Manually Setting the Printer’s IP Address
TCP/IP and IP Addresses
If your computer is on a large network, contact your network administrator for the
appropriate TCP/IP addresses and additional configuration information.
If you are creating your own small Local Area Network or connecting the printer directly
to your computer using Ethernet, follow the procedure for automatically setting the
printer’s Internet Protocol (IP) address.
PCs and printers primarily use TCP/IP protocols to communicate over an Ethernet
network. With TCP/IP protocols, each printer and computer must have a unique IP
address. It is important that the addresses are similar, but not the same; only the last
digit needs to be different. For example, your printer can have the address 192.168.1.2
while your computer has the address 192.168.1.3. Another device can have the address
192.168.1.4.
Generally, Macintosh computers use either TCP/IP or the EtherTalk protocol to talk to
a networked printer. For Mac OS X systems, TCP/IP is preferred. Unlike TCP/IP,
however, EtherTalk does not require printers or computers to have IP addresses.
Many networks have a Dynamic Host Configuration Protocol (DHCP) server. A DHCP
server automatically programs an IP address into every PC and printer on the network
that is configured to use DHCP. A DHCP server is built into most cable and DSL
routers. If you use a cable or DSL router, see your router’s documentation for
information on IP addressing.
7 B/W LaserJet Multifunction Printer
Over view
1. Exposure glass cover or ADF
(The illustration shows the ADF.)

Lower the exposure glass cover or the ADF over originals placed on the exposure
glass.
If you load a stack of originals in the ADF, the ADF will automatically feed the originals
one by one.
2. Exposure glass
Place originals face down here.
3. Ventilation holes
Prevent overheating.
4. Main power switch
To operate the machine, the main power switch must be on. If it is off, turn the switch
on.
5. Control panel
See Guide to the Names and Functions of the Machine's Control Panel .
6. Internal Tray 1
Copied/printed paper and fax messages are delivered here.
7. Front cover
Open to access the inside of the machine.
8. Paper trays
Load paper here.

The Type 1 model has one paper tray.
9. Lower paper trays
Load paper here.
1. Extender
Raise the extender to support large paper.
2. Ventilation holes
Prevent overheating.
3. Paper guides
When loading paper in the bypass tray, align the paper guides flush against the paper.
4. Bypass tray
Use to copy or print on thick paper, OHP transparencies, envelopes, and label paper
(adhesive labels).
5. Extender
Pull this extender out when loading A4 , 81/2 × 11 or larger size paper in the bypass
tray.
6. Lower right cover
Open this cover when a paper jam occurs.
7. Lower paper tray right cover
Open this cover when a paper jam occurs.
8. Right cover
Open this cover to remove jammed paper fed from the paper tray.
1. [Home] key
Press to display the [Home] screen. For details, see How to Use the [Home] Screen .
2. Function keys
No functions are registered to the function keys as a factory default. You can register
often used functions, programs, and Web pages. For details, see Configuring function
keys .
3. Display panel
Displays keys for each function, operation status, or messages. See How to Use the
Screens on the Control Panel .
4. [Reset] key
Press to clear the current settings.
5. [Program] key (copier, Document Server, facsimile, and scanner mode)
• Press to register frequently used settings, or to recall registered settings.
See "Registering Frequently Used Functions", Convenient Functions.
• Press to program defaults for the initial display when modes are cleared or reset,
or immediately after the main power switch is turned on.
See "Changing the Default Functions of the Initial Screen", Convenient
Functions.
6. Main power indicator
The main power indicator goes on when you turn on the main power switch.
7. [Energy Saver] key
Press to switch to and from Sleep mode. See Saving Energy . When the machine is
in Sleep mode, the [Energy Saver] key flashes slowly.
8. [Login/Logout] key
Press to log in or log out.
9. [User Tools/Counter] key
• User Tools
Press to change the default settings to meet your requirements. See "Accessing
User Tools", Connecting the Machine/ System Settings.
• Counter
Press to check or print the counter value. See "Counter", Maintenance and
Specifications.
10. You can find out where to order expendable supplies and where to call when a
malfunction occurs. You can also print these details. See "Checking Inquiry Using the
User Tools", Maintenance and Specifications.
11. [Simple Screen] key
Press to switch to the simple screen. See Switching Screen Patterns .
12. [ ] key (Enter key)
Press to confirm values entered or items specified.
13. [Start] key
Press to start copying, printing, scanning, or sending.
14. [Clear] key
Press to delete a number entered.
15. [Stop] key
Press to stop a job in progress, such as copying, scanning, faxing, or printing.
16. Number keys
Use to enter the numbers for copies, fax numbers and data for the selected function.
17. Fax Received indicator, Communicating indicator, Confidential File indicator
• Fax Received indicator

Lights continuously while data other than personal box or Memory Lock file is
being received and stored in the fax memory.
See "Substitute Reception", Fax.
• Communicating indicator
Lights continuously during data transmission and reception.
• Confidential File indicator
Lights continuously while personal box data is being received.
Blinks while Memory Lock file is being received.
18. See "Personal Boxes" and "Printing a File Received with Memory Lock", Fax.
19. [Check Status] key
Press to check the machine's system status, operational status of each function, and
current jobs. You can also display the job history and the machine's maintenance
information.
20. Data In indicator (facsimile and printer mode)
Flashes when the machine is receiving print jobs or LAN-Fax documents from a
computer. See Fax and Print.
21. Media access lamp
Lights up when a memory storage device is inserted in the media slot.
22. Media slots
Use to insert an SD card or a USB flash memory device.
Basic Copy :-
Basic Copying
Basic Procedure
Function Compatibility
Auto Paper Select

Rotate Copy
Manual Paper Select
Copying from the Bypass Tray

Copying onto Regular Size Paper from the Bypass Tray
Copying onto Custom Size Paper from the Bypass Tray
Copying onto Various Types of Paper

Copying onto Thick Paper
Copying onto OHP Transparencies
Copying onto Envelopes
Reducing or Enlarging Originals

Preset Reduce/Enlarge
Zoom
Auto Reduce/Enlarge
Create Margin
Duplex Copying
Specifying the Original and Copy Orientation
Combined Copying
One-Sided Combine
Two-Sided Combine
ID Card Copy
Series Copies
Spread Duplex
Sort
Changing the Number of Sets
Margin Adjustment
Adjusting Copy Image Density
Auto Image Density
Manual Image Density
Combined Auto and Manual Image Density
Image Adjustment
Sharp/Soft
Contrast
Background Density
7.1 Storing Data in the Document Server

The Document Server enables you to store documents being read with the copy
feature on the hard disk of this machine. Thus you can print them later applying
necessary conditions.
You can check the stored documents from the Document Server screen. For details
about the Document Server, see Storing Data .
Depending on which options are installed on your machine, this function might not be
available. For details, see "Functions Requiring Optional Configurations", Getting
Started.
Press [Other Func.].
Press [ ].
Press [Store File].
Enter a file name, user name, or password if necessary.
Press [OK] twice.
Place the originals.
Make the scanning settings for the original.
Press the [Start] key.
Stores scanned originals in memory and makes one set of copies. If you want to store
another document, do so after copying is complete.
7.2 How Remote Fax Works
You can send and receive faxes from a machine that does not have a fax function if
you can use the remote fax function to connect to a machine that has a fax function.
You can instruct a remote machine to send a fax by displaying the [Remote Fax]
screen on your machine. From the [Remote Fax] screen, you can send scanned
documents to the remote machine and instruct it to fax the document.
Remote fax transmissions are possible on a G3 line.
On your machine you can also set the user tools for the remote fax function and add
fax numbers to the Address Book of your machine.
For details about the optional units required for this function, see "Functions Requiring
Optional Configurations", Getting Started.
To use this function, follow the procedure below:
1. Connect the client-side machine to the remote machine over the network.
2. In [Program/Change/Delete Remote Machine] on the System Settings menu on
the remote machine, specify the IP address or the host name of the client-side
machine.
If you cannot register the client-side machine on the remote machine, check the
client-side machine's settings. You cannot register the client-side machine if
another machine is registered in [Program/Change/Delete Remote Machine] on
the client-side machine.
3. In [Program/Change/Delete Remote Machine] on the System Settings menu on
the client-side machine, specify the IP address or the host name of the remote
machine.
7.3 Printing of Documents
Click the WordPad menu button in the upper left corner of the window, and
then click [Print].
In the [Select Printer] list, select the printer you want to use.
Click [Preferences].
In the "Job Type:" list, select [Normal Print].
In the "Document Size:" list, select the size of the original to be printed.
In the "Orientation:" list, select [Portrait] or [Landscape] as the orientation of
the original.
In the "Input Tray:" list, select the paper tray that contains the paper you
want to print onto.
If you select [Auto Tray Select] in the "Input Tray:" list, the source tray is automatically
selected according to the paper size and type specified.
In the "Paper Type:" list, select the type of paper that is loaded in the paper
tray.
If you want to print multiple copies, specify a number of sets in the "Copies:"
box.
Click [OK].
Start printing from the application's [Print] dialog box.
7.4 Basic Procedure for Storing Scan Files
Press the [Home] key on the top left of the control panel, and press the
[Scanner] icon on the [Home] screen.
Make sure that no previous settings remain.

If a previous setting remains, press the [Reset] key.
Place originals.
Press [Send Settings].
Press [ ] four times, and then press [Store File].

Press [Store to HDD].
If necessary, specify file information, such as [User Name], [File Name], and
[Password].
• User Name
Press [User Name], and then select a user name. To specify an unregistered
user name, press [Manual Entry], and then enter the name. After specifying a
user name, press [OK].
• File Name
Press [File Name], enter a file name, and then press [OK].
• Password
Press [Password], enter a password, and then press [OK]. Re-enter the
password for confirmation, and then press [OK].
Press [OK] twice.
If necessary, press [Send Settings] or [Original] to configure settings for
resolution and scan size.
Press the [Start] key.
7.5 Preparing a Print Server

This section explains how to configure the printer as a Windows network printer. The
printer is configured to enable use by network clients.
Open the printer properties.
On the [Sharing] tab, click [Share this printer].
To share the printer with users using a different version of Windows, click
[Additional Drivers...].
If you have installed an alternative driver by selecting [Share As:] during the printer
driver installation, this step can be ignored.
On the [Advanced] tab, click the [Printing Default...] button. Specify the
default values for the printer driver that will be distributed to the client
computers, and then click [OK].
Click [OK], and then close the printer properties.
8 Basic concept of Networking
Ethernet:
Ethernet was developed in the mid 1970s by the Xerox Corporation, and in 1979
Digital Equipment Corporation DEC) and Intel joined forces with Xerox to standardise
the system. The first specification by the three companies called the "Ethernet Blue
Book" was released in 1980, it was also known as the "DIX standard" after the
collaborators' initials. It was a 10 Mbit/s system that used a large coaxial cable backbone
cable running throughout a building, with smaller coaxial cables tapped off at 2.5m
intervals to connect to workstations. The large coaxial cable - usually yellow in colour -
became known as "Thick Ethernet" or 10Base5. The key to this nomenclature is as
follows: the "10" refers to the speed (10 Mbit/s), the "Base" refers to the fact that it is a
baseband system and the "5" is short for the system's maximum cable length run of
500m.
The Institute of Electrical and Electronic Engineers (IEEE) released the official
Ethernet standard in 1983 called the IEEE 802.3 after the name of the working group
responsible for its development, and in 1985 version 2 (IEEE 802.3a) was released. This
second version is commonly known as "Thin Ethernet" or 10Base2, in this case the
maximum length is 185m even though the "2" suggest that it should be 200m.
In the years since, Ethernet has proven to be an enduring technology, in no small part
due to its tremendous flexibility and relative simplicity to implement and understand.
Indeed, it has become so popular that a specification for "LAN connection" or "network
card" generally implies Ethernet without explicitly saying so. The reason for its success
is that Ethernet strikes a good balance between speed, cost and ease of installation. In
particular, the ability of the 10BaseT version to support operation at 10 Mbit/s over
unshielded twisted pair (UTP) telephone wiring made it an ideal choice for many Small
Office/Home Office (SOHO) environments.
Ethernet's Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
Media Access Control (MAC) protocol defines the rules of access for the shared
network. The protocol name itself implies how the traffic control process actually works.
Devices attached to the network first check, or sense, the carrier (wire) before
transmitting. If the network is in use, the device waits before transmitting. Multiple
access refers to the fact that many devices share the same network medium. If, by
chance, two devices attempt to transmit at exactly the same time and a collision occurs,
collision detection mechanisms direct both devices to wait a random interval and then
retransmit.
With Switched Ethernet, each sender and receiver pair have the full bandwidth.
Implementation is usually in either an interface card or in circuitry on a primary circuit
board. Ethernet cabling conventions specify the use of a transceiver to attach a cable to
the physical network medium. The transceiver performs many of the physical-layer
functions, including collision detection. The transceiver cable connects end stations to a
transceiver.
Ethernet's popularity grew throughout the 1990s until the technology was all but
ubiquitous. By the end of 1997 it was estimated that more than 85% of all installed
network connections were Ethernet and the following year the technology reportedly
accounted for 86% of network equipment shipments. Several factors have contributed to
Ethernet's success, not least its scaleability. This characteristic was established in the
mid-1990s when Fast Ethernet offered a 10-fold improvement over the original standard
and reinforced a few years later by the emergence of Gigabit Ethernet, which increased
performance a further 10-fold to support data transfer rates of 1000 Mbit/s.
Fast Ethernet:
Fast Ethernet was officially adopted in the summer of 1995, two years after a
group of leading network companies had formed the Fast Ethernet Alliance to develop
the standard. Operating at ten times the speed of regular 10Base-T Ethernet, Fast
Ethernet - also known as 100BaseT - retains the same CSMA/CD protocol and Category
5 cabling support as its predecessor higher bandwidth and introduces new features such
as full-duplex operation and auto-negotiation.
In fact, the Fast Ethernet specification calls for three types of transmission schemes over
various wire media:
100Base-TX, the most popular and - from a cabling perspective - very similar to
10BASE-T. This uses Category 5-rated twisted pair copper cable to connect the various
hubs, switches and end-nodes together and, in common with 10Base-T, an RJ45 jack.
100Base-FX, which is used primarily to connect hubs and switches together
either between wiring closets or between buildings using multimode fibre-optic cable.
100Base-T4, a scheme which incorporates the use of two more pairs of wiring to allow
Fast Ethernet to operate over Category 3-rated cables or above.
The ease with which existing installations were able to seamlessly migrate to the
faster standard ensured that Fast Ethernet quickly became the established LAN
standard. It was not long before an even faster version was to become likewise for
WANs.
Gigabit Ethernet:
The next step in Ethernet's evolution was driven by the Gigabit Ethernet Alliance,
formed in 1996. The ratification of associated Gigabit Ethernet standards was completed
in the summer of 1999, specifying a physical layer that uses a mixture of proven
technologies from the original Ethernet Specification and the ANSI X3T11 Fibre Channel
Specification:
The 1000Base-X standard is based on the Fibre Channel Physical Layer and
defines an interconnection technology for connecting workstations, supercomputers,
storage devices and peripherals using different fibre optic and copper STP media types
to support varying cable run lengths.
1000Base-T is a standard for Gigabit Ethernet over long haul copper UTP.
Gigabit Ethernet follows the same form, fit and function as its 10 Mbit/s and 100 Mbit/s
Ethernet precursors, allowing a straightforward, incremental migration to higher-speed
networking. All three Ethernet speeds use the same IEEE 802.3 frame format, full-
duplex operation and flow control methods. In half-duplex mode, Gigabit Ethernet
employs the same fundamental CSMA/CD access method to resolve contention for the
shared media.
Use of the same variable-length (64- to 1514-byte packets) IEEE 802.3 frame
format found in Ethernet and Fast Ethernet is key to the ease with which existing lower-
speed Ethernet devices can be connected to Gigabit Ethernet devices, using LAN
switches or routers to adapt one physical line speed to the other.
The topology rules for 1000Base-T are the same as those used for 100Base-T,
Category 5 link lengths being limited to 100 metres and only one CSMA/CD repeater
being allowed in a collision domain. Migration to 1000Base-T is further simplified both by
the fact that 1000Base-T uses the same auto-negotiation system employed by 100Base-
TX, and the availability of product components capable of both 100 Mbit/s and 1000
Mbit/s operation.
Fast Ethernet achieves 100 Mbit/s operation by sending three-level binary
encoded symbols across the link at 125 Mbaud. 100Base-TX uses two pairs: one for
transmit, one for receive. 1000Base-T also uses a symbol rate of 125 Mbaud, but it uses
all four pairs for the link and a more sophisticated five-level coding scheme. In addition,
it sends and receives simultaneously on each pair. Combining 5-level coding and 4 pairs
allows 1000Base-T to send one byte in parallel at each signal pulse. 4 pairs x 125
Msymbols/sec x 2 bits/symbol equals 1Gbit/s.
The maximum cable length permitted in vanilla Ethernet is 2.5 km, with a
maximum of four repeaters on any path. As the bit rate increases, the sender transmits
the frame faster. As a result, if the same frames sizes and cable lengths are maintained,
then a station may transmit a frame too fast and not detect a collision at the other end of
the cable. To avoid this, one of three things has to be done:
maintain the maximum cable length and increase the slot time (and therefore,
minimum frame size)
maintain the slot time same and decrease the maximum cable length or,
both increase the slot time and decrease the maximum cable length.
In Fast Ethernet, the maximum cable length is reduced to a maximum of 100
metres, with the minimum frame size and slot time left intact. maintains the minimum
and maximum frame sizes of Ethernet. Since it's 10 times faster than Fast Ethernet, for
Gigabit Ethernet to maintain the same slot size, the maximum cable length would have
to be reduced to about 10 metres, which is impractical. Instead, Gigabit Ethernet uses a
larger slot size of 512 bytes. To maintain compatibility with Ethernet, the minimum frame
size is not increased, and a process known as "Carrier Extension" used. With this, if the
frame is shorter than 512 bytes it is padded with extension symbols, special symbols,
which cannot occur in the data stream.
Twisted Pair Cables

These come in two flavors of unshielded and shielded.
Unshielded Twisted Pair (UTP)

This is the most popular form of cables in the network and the cheapest form that
you can go with. The UTP has four pairs of wires and all inside plastic sheathing. The
biggest reason that we call it Twisted Pair is to protect the wires from interference from
themselves. Each wire is only protected with a thin plastic sheath.
Shielded Twisted Pair (STP)

It is more common in high-speed networks. The biggest difference you will see in
the UTP and STP is that the STP use’s metallic shield wrapping to protect the wire from
interference.
-Something else to note about these cables is that they are defined in numbers and also
in the bigger the number the better the protection from interference. Most networks
should go with no less than a CAT 3 and CAT 5 is most recommended.
-Now you know about cables we need to know about connectors. This is pretty important
and you will most likely need the RJ-45 connector. This is the cousin of the phone jack
connector and looks real similar with the exception that the RJ-45 is bigger. Most
commonly your connector are in two flavors and this is BNC (Bayonet Naur Connector)
used in thick nets and the RJ-45 used in smaller networks using UTP/STP.
Ethernet Cabling:
In 1985, the Computer Communications Industry Association (CCIA) requested

the Electronic Industries Association (EIA) to develop a generic cabling standard for
commercial buildings that would be capable of running all current and future networking
systems over a common topology using a common media and common connectors.
By 1987 several manufacturers had developed Ethernet equipment which could
utilise twisted pair telephone cable, and in 1990 the IEEE released the 802.3I Ethernet
standard 10BaseT (the "T" refers to Twisted pair cable). In 1991 the EIA together with
the Telecommunications Industry Association (TIA) eventually published the first
telecommunications cabling standard called EIA/TIA 568, the structured cabling system
was born. It was based on Category 3 Unshielded Twisted Pair cable (UTP), and was
closely followed one month later by a specification of higher grades of UTP cable,
Category 4 and 5.
The table below shows the different types of UTP commonly in use at the end of
2000:
Type Characteristics
Used for telephone communications and is not suitable for transmitting
Category 1
data
Category 2 Capable of transmitting data at speeds up to 1Mbit/s.
Used in 10BaseT networks and capable of transmitting data at speeds up
Category 3
to 16Mbit/s.
Used in Token Ring networks and capable of transmitting data at speeds
Category 4
up to 20Mbit/s.
Category 5 Capable of transmitting data at speeds up to 100Mbit/s.
simultaneously, and so the cross talk on each pair has to be measured for the
combined effects of the other three pairs. Enhanced Category 5 can be used with
Gigabit Ethernet.
NIC Card snap shot:
Most NICs are designed for a particular type of network, protocol, and media, although
some can serve multiple networks. Cards are available to support almost all networking
standards, including the latest Fast Ethernet environment. Fast Ethernet NICs are often
10/100 capable, and will automatically set to the appropriate speed. Full-duplex
networking is another option, where a dedicated connection to a switch allows a NIC to
operate at twice the speed.
OSI Model
The Open Systems Interconnection (OSI) reference model describes how

information from a software application in one computer moves through a network
medium to a software application in another computer. The OSI reference model is a
conceptual model composed of seven layers, each specifying particular network
functions. The model was developed by the International Organisation for
Standardisation (ISO) in 1984, and it is now considered the primary architectural model
for intercomputer communications. The OSI model divides the tasks involved with
moving information between networked computers into seven smaller, more
manageable task groups. A task or group of tasks is then assigned to each of the seven
OSI layers. Each layer is reasonably self-contained, so that the tasks assigned to each
layer can be implemented independently. This enables the solutions offered by one layer
to be updated without adversely affecting the other layers.
The seven layers of the OSI reference model can be divided into two categories:
upper layers and lower layers. The upper layers of the OSI model deal with application
issues and generally are implemented only in software. The highest layer, application, is
closest to the end user. Both users and application-layer processes interact with
software applications that contain a communications component. The term upper layer is
sometimes used to refer to any layer above another layer in the OSI model. The lower
layers of the OSI model handle data transport issues. The physical layer and data link
layer are implemented in hardware and software. The other lower layers generally are
implemented only in software. The lowest layer, the physical layer, is closest to the
physical network medium (the network cabling, for example) , and is responsible for
actually placing information on the medium.
Reference Layer Function

7 Application Layer Application programs that use the network
6 Presentation Layer Standardizes data presented to the applications
5 Session Layer Manages sessions between applications
4 Transport Layer Provides error detection and correction
3 Network Layer Manages network connections
2 Data Link Layer Provides data delivery across the physical connection
1 Physical Layer Defines the physical network media
Layer 1: Physical Layer:
The bulk of your documentation needs to be done at Layer 1. A full description of
each device on the network is essential for inventory control, future upgrade planning,
and physical security. Device, in this instance, refers to computer hardware, peripherals,
routers, and switches. You should also make sure that you document network cabling
and patch panels. You may want to make use of system inventory software to simplify
documenting these items, especially in larger organizations. If you want to get a flavor
for what these software packages can do, check out Belarc Advisor, a free download
that allows you to audit the hardware, gather operating system information, and get a list
of installed application versions for one PC. Belarc and other vendors offer more robust
packages that can be used by businesses to automatically gather information from
hardware and software throughout your network. You should also diagram the topology
and architecture of the network using a tool such as Microsoft Visio, and this diagram
should be kept up-to-date as the network changes. This diagram can help you do some
pre-emptive planning and answer important questions about your network. Are hubs
close to being maxed out? If just a few nodes are added to the topology, will it push you
into a quick buying decision? This is valuable information for the managers of your
organization, and your documentation could be the ammunition you need to get new
purchases approved during planning meetings with management.
Layer 2: Data Link Layer:
The Data Link Layer is responsible for the communication between the network
and the physical layers. One of the primary network specifications handled at the Data
Link Layer is the hardware address (also called the MAC address) of network adapter
cards. Every network adapter in the world has a unique hardware address, based on the
vendor of the adapter. You should have a list of MAC addresses for each network
adapter on your network. You should know what speed they are and what protocols they
support. Plus, you should have statistics from a network monitoring application that
shows baseline information about activity on your network.
Layer 3: Network Layer:

The Network Layer defines the standards of how data is communicated across
your network and between your network and other networks, including the Internet.
Network Layer documentation should include information about WAN links, Internet
connections, and VPN and RAS servers. This is the layer that is responsible for
converting a logical name into an IP address. So the documentation of your subnet
should include a map of NetBIOS/Host names and IP addresses, DHCP scopes,
gateway/router addresses, proxy server addresses, WINS and DNS server addresses,
and IP addresses and information on any other network servers. Network Layer
documentation should also include policies on the naming conventions of computers and
users, domain controllers, and routers/switches.
Layer 4: Transport Layer:

The Transport Layer is responsible for the packets getting to their destination in
the proper sequence and without errors. This is a critical layer for security, especially
firewalls and screening routers. The two primary protocols that operate at this layer are
TCP and UDP, and one of the main methods that firewalls use to block or allow traffic is
based upon TCP and UDP port numbers. Your documentation should include a list of
which port numbers your firewall(s) allows.
Layer 5: Session Layer:

The Session Layer makes sure that a system can open a communications
connection with a remote system and that data can flow back and forth between the
systems. Examples of protocols that work at the Session Layer include Telnet, SSH,
SNMP, and SSL. In terms of documentation, you should include SSL-enabled sites in
security documentation, and you should have a policy about having SNMP enabled for
network monitoring and management. Telnet and SSH will probably be documented as
part of your remote access plan for administrators.
Layer 6: Presentation Layer:
The Presentation Layer transforms data into a form understandable to the
recipient. If encryption is required, it takes place here, as does decryption. The
Presentation Layer also participates in encapsulation and decapsulation and encoding
and decoding, such as in multimedia applications like MPEG. There really aren't any
documentation activities that relate specifically to the Presentation Layer.
Layer 7: Application Layer:

The Application Layer is the interface that controls applications such as e-mail
and other applications used to send or receive information. I'll use this space to talk
about application in the more traditional sense—the ones that are installed on operating
systems. The network administrator must have policies in writing from the powers-that-
be that spell out what applications should be available on the network and to whom.
Without this document, administrators are in a precarious position. If a user wants an
application, and you withhold it with no written policy, you face appeal. If you give a user
an application, and someone higher up doesn't think you should have done so, you face
reprimand. If you have policies in hand that make the decisions for you, you will have the
needed consistency.
8.1 L3 Switches
Hi-performance Gigabit Ethernet Switch
CISCO WS-C3560X-24T-L is the next-generation hi-performance L3 Ethernet switch. It

has advanced architecture, 160 Gbps switching capabilities. Its hardware wire-speed L3
switching capability provides for a powerful, multi-layered solution not only for
enterprises, but also for Internet Service Providers (ISP’s) and telecom carriers.
Application
• Multi-layer, hi-performance switching platform for enterprises, ISP’s and telecom
carriers.
Features
Performance
• 65.5 million pps forwarding rate.
• 160 Gbps switching capabilities.
• 1005 total Vlans
Security and reliability

• IEEE 802.1x and HTTP user authentication
• Powerful ACL supports L2-L7 data filtering
• Intelligent forwarding, complete defense against viruses like ‘Code Red’ or ‘Blaster’
• Double power supply
Easy maintenance
• Automatic recognition for straight-through or cross-over cables
• Stackable physically and through cluster technology. Central management with unified
IP
address saves IP addresses
• Management via CONSOLE port, Web, SNMP, Telnet, etc.
Traffic and broadcast control
• Auto-detection and restraining of broadcast storm, IGMP snooping, effectively restrict
broadcast flooding
• Full- and half- duplex traffic control
• Ethernet port rate limiting with 1 M step size
• IP multicast and QoS support
Routing protocols
• Static routing
• Support RIP v1/v2, OSPF v2, BEIGRP, BGP v4, and many other dynamic routing
protocols
• Support PIM-SM/DM, DVMRP and many other multicast routing protocols
8.2 . Routers
Routers are physical devices that join multiple networks together. Technically
router is a Layer 3 gateway, meaning that the router connects networks, and that
the router operates at the network layer of the OSI Model. Routers are
incorporated for Wide Area Network (WAN) subsystem for data exchange between
SCADA/EMS Control Centre Router.
Front View:-
Rear View:-
A router is a device that forwards data packets between telecommunications

networks, creating an overlay internetwork. A router is connected to two or more data lines
from different networks. When data comes in on one of the lines, the router reads the
address information in the packet to determine its ultimate destination. Then, using
information in its routing table or routing policy, it directs the packet to the next network on
its journey or drops the packet. A data packet is typically forwarded from one router to
another through networks that constitute the internetwork until it gets to its destination node.
Over View
Interface:-
Interfaces
4 x LAN 10/100/1000 ports
2 x SFP-based ports
2 x External USB 2.0 slots
Ports on-board
1 x USB console port
1 x Serial console port
1 x Serial auxiliary port
WAN communication Ports 4 x G.703 ports
Features
High performance Routing for data exchange between

a Yes, Through its WAN Ports
data centres, remote VDUs
Layer -2 & Layer-3 routing & Dynamic discovery of
b Yes
routing
c Processing capacity : Minimum 2Mpps Yes, or 2924 kpps
Features to support : QoS, MPLS, Security, Broadband,
d Yes
Multiservice, Voice, IP to IP Gateway
Routing protocols : IS-IS, OSPF, BGP, ARP, IPCP, IP
e Yes
forwarding, VLAN & MPLS etc.
Network protocols : TCP/IP, IPV4, IPv6, OSI, Telnet,
f Yes
UDP, DHCP
WAN Ports (HWIC-2T) shall be configured from 64kbps to
g Speed configurability at each port 2Mbps , LAN Ports shall be configurable from 10/100/1000
Mbps
Shall support Multi-Homing (Single Link – Multiple IP
h addresses, Multiple Links – An IP address, Multiple Yes
Links – Multiple IP addresses etc.)
9. FIREWALL
The Purpose of a Firewall

The purpose of the firewall to appraise the security hardening applied to various
components of the SCADA/EMS System.
Ranging from the FortiGate-310B series for small offices to the

FortiGate-5000 series for large enterprises, service providers and carriers, the FortiGate
line combines the FortiOS security operating system and latest hardware technologies to
provide a comprehensive and high-performance array of security and networking
functions.
FortiGate platforms incorporate sophisticated networking features, such as high
availability for maximum network uptime, and virtual domain (VDOM) capabilities to
separate various networks requiring different security policies.
At the heart of these networking security functions, is the firewall policy. Firewall policies
control all traffic attempting to pass through the FortiGate unit, between FortiGate
interfaces, zones, and VLAN sub-interfaces. They are instructions the FortiGate unit
uses to decide connection acceptance and packet processing for traffic attempting to
pass through. When the firewall receives a connection packet, it analyzes the packet’s
source address, destination address, and service (by port number), and attempts to
locate a firewall policy matching the packet.
Firewall policies can contain many instructions for the FortiGate unit to follow when it
receives matching packets. Some instructions are required, such as whether to drop or
accept and process the packets, while other instructions, such as logging and
authentication, are optional. It is through these policies that the FortiGate unit grants or
denies the packets and information in or out of the network, who gets priority
(bandwidth) over other users, and when the packets can come through.
This chapter describes the features of the FortiGate firewall that help to protect your
network, and the firewall policies that are the instructions for the FortiGate unit.
Firewall features
The FortiGate unit provides unified threat management by including a rich feature set to
protect your network from unwanted attacks. This section provides an overview of what
the FortiGate unit can protect against. Each of these elements are configured and added
to firewall policies as a means of instructing the FortiGate unit what to do when
encountering an security threat.
Antivirus
Antivirus is a group of features that are designed to prevent unwanted and potentially
malicious files from entering your network. These features all work in different ways,
whether by checking for a file size, name, type, or the presence of a virus or grayware
signature.
The antivirus scanning routines used are designed to share access to the network traffic.
This way, each individual feature does not have to examine the network traffic as a
separate operation, reducing overhead significantly. For example, if you enable file
filtering and virus scanning, the resources used to complete these tasks are only slightly
greater than enabling virus scanning alone. Two features do not require twice the
resources.
Antivirus scanning function includes various modules and engines that perform separate
tasks. The FortiGate unit performs antivirus processing in the following order:
• File size
• File pattern
• File type
• Virus scan
• Grayware
• Heuristics
If a file fails any of the tasks of the antivirus scan, no further scans are performed. For
example, if the file “fakefile.exe” is recognized as a blocked pattern, the FortiGate unit
will send the recipient a message informing them that the original message had a virus,
and the file will be deleted or quarantined. The virus scan, grayware, heuristics, and file
type scans will not be performed as the file is already been determined to be a threat
and has been dealt with.
For more information on FortiGate antivirus processes, features and configuration, see
the UTM chapter.
Web Filtering
Web filtering is a means of controlling the content that an Internet user is able to view.
With the popularity of web applications, the need to monitor and control web access is
becoming a key component of Secure Content Management systems that employ
antivirus, web filtering, and messaging security. Important reasons for controlling web
content include:
• Lost productivity because employees are accessing the web for non-business
reasons.
• Network Congestion - valuable bandwidth is being used for non-business purposes

and legitimate business applications suffer.
• Loss or exposure of confidential information through chat sites, non-approved email

systems, instant messaging, and peer-to-peer file sharing.
• Increased exposure to web-based threats as employees surf non-business related

web sites.
• Legal liability when employees access/download inappropriate and offensive material.
• Copyright infringement caused by employees downloading and/or distributing

copyrighted material.
As the number and severity of threats increase on the web, the risk potential is
increasing within a company's network as well. Casual non-business related web surfing
has caused many businesses countless hours of legal litigation as hostile environments
have been created by employees who download and view offensive content.web-based
attacks and threats are also becoming increasingly sophisticated. New threats and web-
based applications that are causing additional problems for corporations include:
• Spyware/Grayware
• Phishing
• Instant Messaging
• Peer-to-Peer File Sharing

• Streaming Media
• Blended Network Attacks
Spyware/Grayware
Spyware is also known as Grayware. Spyware is a type of computer program that

attaches itself to a user’s operating system. It does this without the user’s consent or
knowledge. It usually ends up on a computer because of something the user does such
as clicking on a button in a popup window. Spyware can do a number of things such as
track the user’s Internet usage, cause unwanted popup windows, and even direct the
user to a host web site. It is estimated that 80% of all personal computers are infected
with spyware.
Some of the most common ways of grayware infection include:
• Downloading shareware, freeware or other forms of file-sharing services
• Clicking on pop-up advertising
• Visiting legitimate web sites infected with grayware
Phishing
Phishing is the term used to describe social engineering attacks that use web
technology to trick users into revealing personal or financial information. Phishing
attacks use web sites and emails that claim to be from legitimate financial institutions to
trick the viewer into believing that they are legitimate. Although phishing is initiated by
spam email, getting the user to access the attacker’s web site is always the next step
Instant messaging
Instant Messaging presents a number of problems. Instant Messaging can be used to
infect computers with spyware and viruses. Phishing attacks can be made using Instant
Messaging. There is also a danger that employees may use instant messaging to
release sensitive information to an outsider.
Peer-to-peer
Peer-to-Peer networks are used for file sharing. Such files may contain viruses.
Peer-to-Peer applications take up valuable network resources and lower employee
productivity but also has legal implications with the downloading of copyrighted material.
Peer-to-Peer file sharing and applications can also be used to expose company secrets.
Streaming media
Streaming media is a method of delivering multimedia, usually in the form of audio or
video to Internet users. The viewing of streaming media has increased greatly in the
past few years. The problem with this is the way it impacts legitimate business
Blended network attacks

Blended network threats are rising and the sophistication of network threats is increasing
with each new attack. Attackers are learning from each previous successful attack and
are enhancing and updating attack code to become more dangerous and fast spreading.
Blended attacks use a combination of methods to spread and cause damage. Using
virus or network worm techniques combined with known system vulnerabilities, blended
threats can quickly spread through email, web sites, and Trojan applications. Blended
attacks can be designed to perform different types of attacks - from disrupting network
services to destroying or stealing information to installing stealthy back door applications
to grant remote access.
Antispam/Email Filter
The Firewall unit performs email filtering (formerly called antispam) for IMAP, POP3, and
SMTP email. Email filtering includes both spam filtering and filtering for any words or
files you want to disallow in email messages. If your Firewall unit supports SSL content
scanning and inspection you can also configure spam filtering for IMAPS, POP3S, and
SMTPS email traffic.
You can configure the Firewall unit to manage unsolicited commercial email by detecting
and identifying spam messages from known or suspected spam servers. The Firewall
Antispam Service uses both a sender IP reputation database and a spam signature
database, along with sophisticated spam filtering tools, to detect and block a wide range
of spam messages. Using Firewall Antispam protection profile settings you can enable
IP address checking, URL checking, E-mail checksum check, and Spam submission.
Updates to the IP reputation and spam signature databases are provided continuously
via the global FortiGuard distribution network.
From the FortiGuard Antispam Service page in the FortiGuard center you can use IP
and signature lookup to check whether an IP address is blacklisted in the FortiGuard
antispam IP reputation database, or whether a URL or email address is in the signature
database.
Email filter techniques
The FortiGate unit has a number of techniques available to help detect spam. Some use
the FortiGuard AntiSpam service, requiring a subscription. The remainder use your DNS
servers, or lists you must maintain.
The FortiGate unit queries the FortiGuard Antispam service to determine if the IP
address of the client delivering the email is blacklisted. A match will have the FortiGate
unit treat delivered messages as spam. If enabled, the FortiGate unit will check all the IP
addresses in the header of SMTP email against the FortiGuard Antispam service.
The FortiGate unit queries the FortiGuard Antispam service to determine if any URL in
the message body is associated with spam. If any URL is blacklisted, the FortiGate unit
determines that the email message is spam
The FortiGate unit sends a hash of an email to the FortiGuard Antispam server which
compares the hash to hashes of known spam messages stored in the FortiGuard
Antispam database. If the hash results match, the email is flagged as spam.
The FortiGate unit compares the IP address of the client delivering the email to the
addresses in the IP address black/white list specified in the protection profile. If a match
is found, the FortiGate unit will take the action configured for the matching black/white
list entry against all delivered email.
The FortiGate unit takes the domain name specified by the client in the HELO greeting
sent when starting the SMTP session, and does a DNS lookup to determine if the
domain exists. If the lookup fails, the FortiGate unit determines that any messages
delivered during the SMTP session are spam.
The FortiGate unit compares the sender email address, as shown in the message
envelope MAIL FROM, to the addresses in the email address black/white list specified in
the protection profile. If a match is found, the FortiGate unit will take the action
configured for the matching black/white list entry.
The FortiGate unit performs a DNS lookup on the reply-to domain to see if there is an A
or MX record. If no such record exists, the message is treated as spam.
The FortiGate unit will block email messages based on matching the content of the
message with the words or patterns in the selected spam filter banned word list.
For more information on FortiGate antispam processes, features and configuration
Intrusion Protection
The FortiGate Intrusion Protection system combines signature detection and prevention
with low latency and excellent reliability. With intrusion Protection, you can create
multiple IPS sensors, each containing a complete configuration based on signatures.
Then, you can apply any IPS sensor to each protection profile. The FortiGate intrusion
protection system protects your network from outside attacks. Your FortiGate unit has
two techniques to deal with these attacks.
Anomaly-based defense is used when network traffic itself is used as a weapon. A host
can be flooded with far more traffic than it can handle, making the host inaccessible. The
most common example is the denial of service attack, in which an attacker directs a
large number of computers to attempt normal access of the target system. If enough
access attempts are made, the target is overwhelmed and unable to service genuine
users. The attacker does not gain access to the target system, but it is not accessible to
anyone else. The FortiGate unit DoS feature will block traffic over a certain threshold
from the attacker, allowing connections from other legitimate users.
Signature-based defense is used against known attacks or vulnerability exploits. These
often involve an attacker attempting to gain access to your network. The attacker must
communicate with the host in an attempt to gain access, and this communication will
include particular commands or sequences of commands and variables. The IPS
signatures include these command sequences, allowing the FortiGate unit to detect and
stop the attack.
The basis of signature-based intrusion protection are the IPS signatures, themselves.
Every attack can be reduced to a particular string of commands or a sequence of
commands and variables. Signatures include this information so your FortiGate unit
knows what to look for in network traffic.
Signatures also include characteristics about the attack it describes. These
characteristics include the network protocol in which it will appear, the vulnerable
operating system, and the vulnerable application.
Before examining network traffic for attacks, the FortiGate will identify each protocol
appearing in the traffic. Attacks are protocol-specific so your FortiGate unit conserves
resources by looking for attacks only in the protocols used to transmit them. For
example, the FortiGate unit will only examine HTTP traffic for the presence of a
signature describing an HTTP attack.
Once the protocol decoders separate the network traffic by protocol, the IPS engine
examines the network traffic for the attack signatures.
The IPS engine does not examine network traffic for all signatures, however. You must
first create an IPS sensor and specify which signatures are included. You do not have to
choose each signature you want to include individually, however. Instead, filters are
used to define the included signatures.
IPS sensors contain one or more IPS filters. A filter is simply a collection of signature
attributes you specify. The signatures that have all of the attributes specified in a filter
are included in the IPS signature.
For example, if your FortiGate unit protects a Linux server running the Apache web
server software, you could create a new filter to protect it. Set OS to Linux, and
Application to Apache and the filter will include only the signatures applicable to both
Linux and Apache. If you wanted to scan for all the Linux signatures and all the Apache
signatures, you would create two filters, one for each.
For more information on FortiGate IPS processes, features and configuration
Traffic Shaping
Traffic shaping, when included in a firewall policy, controls the bandwidth available to,
and sets the priority of the traffic processed by, the policy. Traffic shaping makes it
possible to control which policies have the highest priority when large amounts of data
are moving through the FortiGate unit. For example, the policy for the corporate web
server might be given higher priority than the policies for most employees’ computers.
An employee who needs extra high speed Internet access could have a special outgoing
policy set up with higher bandwidth.
Traffic shaping is available for firewall policies whose Action is ACCEPT, IPSEC, or
SSLVPN. It is also available for all supported services, including H.323, TCP, UDP,
ICMP, and ESP
Traffic shaping cannot increase the total amount of bandwidth available, but you can use
it to improve the quality of bandwidth-intensive and sensitive traffic.
The bandwidth available for traffic set in a traffic shaper is used to control data sessions
for traffic in both directions. For example, if guaranteed bandwidth is applied to an
internal and an external FTP policy, and a user on an internal network uses FTP to put
and get files, both the put and get sessions share the bandwidth available to the traffic
controlled by the policy.
Once included in a firewall policy, the guaranteed and maximum bandwidth is the total
bandwidth available to all traffic controlled by the policy. If multiple users start multiple
communications session using the same policy, all of these communications sessions
must share from the bandwidth available for the policy.
However, bandwidth availability is not shared between multiple instances of using the
same service if these multiple instances are controlled by different policies. For example,
you can create one FTP policy to limit the amount of bandwidth available for FTP for one
network address and create another FTP policy with a different bandwidth availability for
another network address
Traffic shaping attempts to “normalize” traffic peaks/bursts to prioritize certain flows over
others. But there is a physical limitation to the amount of data which can be buffered and
to the length of time. Once these thresholds have been surpassed, frames and packets
will be dropped, and sessions will be affected in other ways. For example, incorrect
traffic shaping configurations may actually further degrade certain network flows, since
the excessive discarding of packets can create additional overhead at the upper layers
that may be attempting to recover from these errors.
A basic traffic shaping approach is to prioritize certain traffic flows over other traffic
whose potential discarding is less advantageous. This would mean that you accept
sacrificing certain performance and stability on low-priority traffic, in order to increase or
guarantee performance and stability to high-priority traffic.
If, for example, you are applying bandwidth limitations to certain flows, you must accept
the fact that these sessions can be limited and therefore negatively impacted. Traffic
shaping applied to a firewall policy is enforced for traffic which may flow in either
direction. Therefore a session which may be set up by an internal host to an external
one, through an Internal-to-External policy, will have traffic shaping applied even if the
data stream flows external to internal. One example may be an FTP “get” or a SMTP
server connecting to an external one, in order to retrieve email.
Note that traffic shaping is effective for normal IP traffic at normal traffic rates. Traffic
shaping is not effective during periods when traffic exceeds the capacity of the FortiGate
unit. Since packets must be received by the FortiGate unit before they are subject to
traffic shaping, if the FortiGate unit cannot process all of the traffic it receives, then
dropped packets, delays, and latency are likely to occur.
For more information on traffic shaping
NAT vs. Transparent Mode
The FortiGate unit can run in two modes: Network Address Translation (NAT) mode and
Transparent mode. Generally speaking, both modes function the same, with some minor
differences in feature availability due to the nature of the mode. With both modes,
however, firewall policies define how traffic moves, or is prevented, from moving within
the local network or to an external network or the Internet.
9.1 NAT mode
In NAT mode, the FortiGate unit is visible to the network that it is

connected to. All of its interfaces are on different subnets. Each interface that is
connected to a network must be configured with an IP address that is valid for that
subnetwork.
You would typically use NAT mode when the FortiGate unit is deployed as a gateway
between private and public networks. In its default NAT mode configuration, the
FortiGate unit functions as a firewall. Firewall policies control communications through
the FortiGate unit to both the Internet and between internal networks. In NAT mode, the
FortiGate unit performs network address translation before IP packets are sent to the
destination network. For example, a company has a FortiGate unit as their interface to
the Internet. The FortiGate unit also acts as a router to multiple sub-networks within the
company.
FortiGate unit in NAT mode
In this situation, as shown in Figure 19, the FortiGate unit is set to NAT mode. Using this
mode, the FortiGate unit can have a designated port for the Internet, in this example,
wan1 with an address of 172.20.120.129, which is the public IP address. The internal
network segments are behind the FortiGate unit and invisible to the public access, for
example port 2 with an address of 10.10.10.1. The FortiGate unit translates IP
addresses passing through it to route the traffic to the correct subnet or the Internet.
9.2 Transparent mode
In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces
are on the same subnet and share the same IP address. You only have to configure a
management IP address so that you can make configuration changes.
You would typically use the FortiGate unit in Transparent mode on a private network
behind an existing firewall or behind a router. In Transparent mode, the FortiGate unit
also functions as a firewall. Firewall policies control communications through the
FortiGate unit to the Internet and internal network. No traffic can pass through the
FortiGate unit until you add firewall policies.
For example, the company has a router or other firewall in place. The network is simple
enough that all users are on the same internal network. They need the FortiGate unit to
perform antispam, antivirus and intrusion protection and similar traffic scanning. In this
situation, as shown in Figure 22, the FortiGate unit is set to transparent mode. The traffic
passing through the FortiGate unit does not change the addressing from the router to
the internal network. Firewall policies and protection profiles define the type of scanning
the FortiGate unit performs on traffic entering the network.
FortiGate unit in transparent mode
By default when shipped, the FortiGate unit operates in NAT mode. To use the FortiGate
unit in Transparent mode, you need to switch its mode. When switched to a different
mode, the FortiGate unit does not need to be restarted; the change is automatic.
In the following example, the steps change the FortiGate unit to Transparent mode with
an IP of 10.11.101.10, netmask of 255.255.255.0 and a default gateway of 10.11.101.1
Operating mode differences
The FortiGate unit, running in either NAT or Transparent mode have essentially the
same feature set. Due to the differences in the modes, however, some features are not
available in Transparent mode. The list below outlines the key features not available in
Transparent mode:
• Network > DNS Databases

• DHCP
• Router (basic routing is available by going to Network > Routing Table)
• Virtual IP
• Load Balance
• IPSec Concentrator (Transparent mode supports policy-based configurations)
• SSL VPN
• WCCP cache engine
9.3 (a) Firewall Configuration setting for Project
Set up 1) The system is operational.

Procedure 2) Firewalls have been provided to separate the EMS system from the
DMZ.
3) Firewalls have been provided to separate the DMZ system from the
Corporate Network
Verification 4) Verify the access to EMS servers cannot be performed from the Web
Servers.
Cleanup 5) None

Procedure 2) Firewalls have been provided to separate the EMS system from the
DMZ.
Verification 3) List the ports that have been opened for connectivity between
SCADA/EMS and the DMZ System.
4) Verify that the specific ports have been blocked
5) Verify the following
• ISR system can connect to the Web Servers
• Web Server cannot connect to any system on SCADA/EMS
LAN
• EMS/SCADA & RDServer are able to establish a connectivity
Cleanup 6) None

Procedure 8) Firewalls (Upstream) have been provided to separate the DMZ
system from the Corporate Network
Verification 9) List the ports that have been opened for connectivity between the
DMZ System and the external LAN.
10) Verify that the specific ports have been blocked
11) Verify that the specific applications as in the web Design notes have
been blocked for connectivity from out of Upstream Firewall
12) Verify the following
• Remote VDUs can connect to the Web System
• Remote VDUs can connect to the RDServer System using
WebFG Client through VPN
• Remote VDUs can connect to the Web Servers directly for
data access after login of username and password as
configured in the Habitat RDS Configuration.
Cleanup 13) None
9.4 (b) Host based Intrusion Detection
Set up 1) The Firewall and the Hosts with IDS are operational.
Procedure 2) Confirm that tools for intrusion detection are provided on the
Web/Mail and RDServer.
Verification 3) Confirm above
Cleanup 4) None
Set up 1) The Hosts with IDS are operational.

Procedure 2) Note the last date of signature update
3) Verify the latest CSA kit (Hotfixes) on the Cisco website
4) Download the latest patch and update the CSA MC software
Verification 5) Verify through log that the hotfix was updated successfully
Cleanup 6) None
Set up 1) The Upstream Firewall is operational.

2) The Upstream Firewall is connected to Internet
Procedure 3) Update the signature on the firewall.
Verification 4) Verify through log that the Signature was updated
Cleanup 5) None
Registering and installing the product
(1) Launch your preferred web browser and enter the address
https://10.0.0.254/config/index.html. This installation help web server will show
you through the different steps in the configuration. you may also use the
Quickstart CD-ROM (Appendix E: Installing via the CD-ROM).
(2) Next, you will be able to:
(3) Configure the network to define the network architecture in which your product
will be located.
(4) Register your product in order to obtain updates
(5) Perform the first updates
(6) Obtain the license. For more information on this subject, please refer to Appendix
A: Updating the
(7) license.
(8) Install the administration tools in order to obtain the Manager, Monitor and
Reporter software suite.
Over View
FortiGate -100D
The FortiGate-100D installs in minutes, automatically downloading regular updates to
protect against the latest viruses, network vulnerabilities, worms, spam and phishing
attacks, and malicious websites with no administrator intervention. Leveraging
patented FortiASIC acceleration, the FortiGate-100D offers market-leading
performance, with twenty-two GbE interfaces that facilitate network growth and
expansion. Onboard storage provides local archiving of data for policy compliance
and/or WAN Optimization. The WAN Optimization functionality increases network
performance by reducing the amount of communication and data transmitted
between applications and servers across a WAN.
Configuring
You would typically use NAT/Route mode when the FortiGate unit is deployed as a
gateway between private and public networks. In its default NAT/Route mode configura-
tion, the unit functions as a firewall. Firewall policies control communications through the
FortiGate unit.
Transparent mode
You would typically use the FortiGate unit in Transparent mode on a private network be-
hind an existing firewall or behind a router. In its default Transparent mode configuration,
the unit functions as a firewall.
Web-based Manager
1. Connect the FortiGate MGMT1 interface to a management computer Ethernet inter-
face. Use a cross-over Ethernet cable to connect the devices directly. Use straight-
through Ethernet cables to connect the devices through a hub or switch.
2. Configure the management computer to be on the same subnet as the MGMT1
interface of the FortiGate unit. To do this, change the IP address of the management
computer to 192.168.1.2 and the netmask to 255.255.255.0.
3. To access the FortiGate web-based manager, start a web browser and type the ad-
dress http://192.168.1.99
4. Type admin in the Name field and click Login.
NAT/Route mode
To change the administrator password
1. Go to System > Admin > Administrators.
2. Select Change Password for the admin administrator and enter a new password.
To configure interfaces
1. Go to System > Network > Interface.
2. Select the edit icon for each interface to configure.
3. Set the addressing mode for the interface. (See the online help for information.)
• For manual addressing, enter the IP address and netmask for the interface.
• For DHCP addressing, select DHCP and any required settings.
• For PPPoE addressing, select PPPoE, and enter the username and password and
any other required settings.
To configure the Primary and Secondary DNS server IP addresses
1. Go to System > Network > Options, enter the Primary and Secondary DNS IP ad-
dresses that you recorded above and select Apply.
To configure a Default Gateway
1. Go to Router > Static and select Edit icon for the static route.
2. Set Gateway to the Default Gateway IP address you recorded above and select OK.
Transparent mode
To switch from NAT/route mode to transparent mode
1. Go to System > Config > Operation Mode and select Transparent.
2. Set the Management IP/Netmask to 192.168.1.99/24.
3. Set a default Gateway and select Apply.
To change the administrator password
1. Go to System > Admin > Administrators.
2. Select Change Password for the admin administrator and enter a new password.
To change the management interface

1. Go to System > Config > Operation Mode.
2. Enter the Management IP address and netmask that you recorded above and select
Apply.
To configure the Primary and Secondary DNS server IP addresses
Go to System > Network > Options, enter the Primary and Secondary DNS IP
addresses that you recorded above and select Apply.
Command Line Interface

1. Use the RJ-45 to DB9 serial cable to connect the FortiGate Console port to the man-
agement computer serial port.
2. Start a terminal emulation program (HyperTerminal) on the management computer.
Use these settings: Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and
Flow Control None.
3. At the Login: prompt, type admin and press Enter twice (no password required).
NAT/Route mode
1. Configure the FortiGate MGMT1 interface.
config system interface
edit MGMT1
set ip <intf_ip>/<netmask_ip>
end
2. Repeat to configure each interface, for example, to configure the Port 1 interface.
config system interface
edit port1
...
3. Configure the primary and secondary DNS server IP addresses.
config system dns
set primary <dns-server_ip>
set secondary <dns-server_ip>
end
4. Configure the default gateway.
config router static
edit 1
set gateway <gateway_ip>
end
Transparent Mode
1. Change from NAT/Route mode to Transparent mode and configure the Management
IP address.
config system settings
set opmode transparent
set manageip <mng_ip>/<netmask>
set gateway <gateway_ip>
end
2. Configure the DNS server IP address.

config system dns
set primary <dns-server_ip>
set secondary <dns-server_ip>
LED Description
Over View
Watchguard,XTM 810
Configuration:-
(2) Connect your WatchGuard XTM Device and Power it On
• Make sure your computer is configured to use DHCP. When you connect it to the
XTM device, make sure it gets an IP address on the 10.0.1.0/24 network.
Run the Web Setup Wizard

• Open a web browser and type https://10.0.1.1:8080 to start the Web Setup Wizard.
NOTE: Because the XTM device uses a self-signed certificate, you may see a certificate
warning in your
browser. It is safe to ignore the warning (Internet Explorer) or to add a certificate
exception (Mozilla Firefox).
Log in with the user name admin and the passphrase readwrite.
• Follow the instructions on the screen and complete the Wizard.
NOTE: Your WatchGuard XTM device now has a basic configuration that allows
outbound TCP, UDP, and ping
traffic, and blocks all unrequested traffic from the external network.
• Log in to the Fireware XTM Web UI using the user name admin and the configuration
passphrase you set in the Wizard.
Upgrade your XTM device to the latest Fireware XTM OS.
• Install WatchGuard System Manager (WSM). WSM provides a full suite of
management
and monitoring tools for your XTM device. It includes WatchGuard server software and
access to features such as logging, reporting, and offline configuration editing.
Download Latest Software
• Go to www.watchguard.com/archive/softwarecenter.asp
• Find and download the latest version of Fireware XTM OS and WSM software.
Upgrade your XTM Device with latest Fireware XTM OS
• On the computer you use to connect to the XTM device, find and run the Fireware XTM
OS installation package you downloaded from the WatchGuard web site.
• Connect to your XTM device with the Fireware XTM Web UI. Select System > Upgrade
OS. NOTE: The default location for the upgrade file is C:\Program Files\Common
Files\WatchGuard\
resources\FirewareXTM\[version number\model]. The file name is
xtm800_1500_2500.sysa-dl.
Install and Start WatchGuard System Manager
• On the computer you use to connect to your XTM device, run the WSM installation
package you downloaded from the WatchGuard web site.
NOTE: For WSM minimum system requirements, see the product release notes.
• Select Start > All Programs > WatchGuard System Manager.
• From WSM, click the Connect to Device icon to connect your management computer
to the WatchGuard XTM device.
10. Global Positioning System
The Global Positioning System (GPS) is a space-based global navigation

satellite system (GNSS) that provides location and time information in all weather,
anywhere on or near the Earth, where there is an unobstructed line of sight to four or
more GPS satellites.
The GPS project was developed in 1973 to overcome the limitations of

previous navigation systems, integrating ideas from several predecessors, including a
number of classified engineering design studies from the 1960s. GPS was created and
realized by the U.S. Department of Defense (USDOD) and was originally run with
24 satellites. It became fully operational in 1994.
• The Time & Frequency subsystem (TFS) captures the GPS time and power
system frequency, and synchronizes the time of all the servers and workstations
via the LAN, using the standard Network Time Protocol (NTP).
• Each computer has a NTP client which gathers the time information from the NTP
server in the GPS.
• The time subsystem is implemented with Sertel (GPS) time device equipped with
appropriate antenna, display units (for frequency, day & time)
• GPS is connected with a raw power supply & provides Frequency output to
Display.
Over View
10.1 GPS connectivity diagram

Training Document

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Training Document

Uploaded by

Copyright:

Available Formats

COMPUTER HARDWARE & NETWORKS

• Installation of new EMS/SCADA platform equipped with Hardware & Software.

• Installation of 25 DCUs at various locations and integration of new/old RTUs to

• SRLDC should be integrated with MCC, BCC OF TANTRANSCO through ICCP.

1.1 Control Centre Sub-Systems

SCADA / EMS Subsystem

HIS & Archive Subsystem

User Interface subsystem

Inter Control Center Communication (ICCP)

HIS & Archive Subsystem

E-terrabrowser is a web based application which provides the user interface to

The web subsystem is primarily composed of the e-terrabrowser user interface

User Interface (UI) Subsystem

The Microsoft Windows based Model UI provides a simple, intuitive, user-

The User Interface (UI) subsystem is composed of multiple workstation consoles.

Operating system: Windows Server 2008 R2 Standard

Operating system: Windows Server 2008 R2 Standard

Network Management Subsystem

Operating system: Windows Server 2008 R2 Standard

Operator Consoles and VPS

Operating system: Windows 7

Overview of proposed architecture of main control center:

The IBM System x3530 M4 server delivers dual-socket performance in a 1U

The below figure shows the IBM System x3530 M4:

IBM System x3530 M4

Server Configuration as per technical specification:

Sr.No. Item Characteristics

Scalability and performance

Availability and serviceability

Locations of key components and connectors

IBM System x3530 M4 with four 3.5-inch hot-swap drive bays

IBM System x3530 M4 with hot-swap power supplies

Figure 5. Inside view of the IBM System x3530 M4

Central Processing Unit

Dynamic Random Access Memory

Front Side Bus

2.2 HW requirements for Windows Server 2008 R2 Standard

To use Windows Server 2008 R2 Standard, you need:

Processor • Minimum: 1 GHz (x86 processor) or 1.4 GHz (x64 processor)

Note: An Intel Itanium 2 processor is required for Windows Server

Memory •Minimum: 512 MB RAM

Available Disk • Minimum: 10 GB

Note: Computers with more than 16 GB of RAM will require more

disk space for paging, hibernation, and dump files.

Drive DVD-ROM drive

Display and • Super VGA (800 x 600) or higher-resolution monitor

Installation and Activation:

Hardware Configuration as per Technical Specification:

The IBM System x3630 M3

Locations of key components and connectors

Technical Specification are as follows:-

Sr.No. Item Characteristics

• Tape Drive Technology LTO Ultrium 5 half-height

3 Compression Minimum 2:1

4 No of Drives Installed : 2 x LTO-5; Possible : 4

b. Check from server for Backup Status schedule.

c. Power supply indicators should be green.

d. Check Front LED status for system error activity.

Redundant Array of Independent Disks

Difference B/W RAID 5 and RAID 6

1. Carry handle to release the 2-pt lock

RESET : Restore the settings to factory defaults.

The User Interface (UI) subsystem is composed of workstation consoles

• Disks: It's having 1 hard disk (250GB) with 2 partitions C & D.