ABB RELION 670 SERIES Manual page 64

Section 5
Central Account Management
58
IEC15000287 V1 EN-US
Figure 48: Central Account Management write status
When Central Account Management is set to active, the IED will do the following:
• Verify the configuration to secure that SDM600 can be accessed.
• Replicate the defined user group from SDM600 to the IED. At least one user
must be replicated.
The maximum number of replicated users supported by the IED is
100. If replication group is empty or contains more then 100 users,
the Central Account Management will fail.
It is recommended to define replication groups in SDM600 and
associate them to the devices when CAM configuration is created.
One replication group can be used in several devices. SDM600 has
the possibility to replicate all users from the server however this is
not consider a good security practice and it reduces the maximum
number of replicated users.
If replication is disabled and the Central Account Management
server is not reachable, the user will not be able to login to the IED.
Replication support is only available if the customer is using
SDM600. If the customer is using LDAP servers other than
SDM600 no user replication is possible. .
The replication support must be disabled to enable CAM in the IED
The configuration for Central Account Management is handled by a
new tool in PCM600. The possibility to enable/disable replication is
done in a checkbox (Replication) in the tool.
When this is successfully done, the IED will indicate that Central Account
Management as active. In addition the IED will delete any users locally defined in
the IED by PCM600 user tool.
1MRK 511 399-UEN B
670 series 2.2 IEC
Cyber security deployment guideline