ABB RELION 670 Series Technical Manual page 1230
Generator protection
Hide thumbs
Also See for RELION 670 Series:
- Technical reference manual (1232 pages) ,
- Applications manual (944 pages) ,
- Manual (366 pages)
Table of Contents
Advertisement
Section 20
Security
•
A substation can be equipped with two redundant authentication servers operating in a hot
standby mode.
•
If configured by the security administrator, the IED itself maintains a local replica in the
database with selected users. This database is periodically updated with data from the server
and used as fallback if none of the servers are reachable.
Note that not all users in the SDM600 server are part of the replica. There might be users that are
not assigned to any replication group. IED only replicates those users which are part of replication
group configured in the IED.
This replication can be disabled using PCM600 by the security administrator, which means that
the IED will forward login requests to the SDM600 for authorization and in case of problems with
the network users will not be able to log in to the IED.
All communication between the central management and the IEDs is protected using secure
communication. Customers using SDM600 are required to generate and distribute certificates
during the engineering process of the substation. These certificates ensure mutual trust between
IED and for example SDM600, FTP, PCM600 and other system.
Table 944: Authority-related IED functions
Function
Authority status
ATHSTAT
Authority check
ATHCHCK
Authority
management
AUTHMAN
For more information on the functions Authority Management (AUTHMAN), Authority Status
(ATHSTAT), and Authority Check (ATHCHCK) functions, refer to chapter "Basic IED functions" in
the Technical Manual.
20.2
Authority management AUTHMAN
20.2.1
Identification
Function description
Authority management
1224
If user replication has been disabled in a CAM-enabled IED and if communication
with SDM600 is lost, access to that IED will be denied until communication is re-
established.
Description
This function is an indication function block for user logon activity.
User denied attempt to logon and user successful logon are reported.
To safeguard the interests of our customers, both the IED and the tools that are
accessing the IED are protected, by means of authorization handling. The authorization
handling of the IED and the PCM600 is implemented at both access points to the IED:
•
local, through the local HMI
•
remote, through the communication ports
The IED users can be created, deleted and edited only in the CAM server.
This function enables/disables the maintenance menu. It also controls the maintenance
menu logon time out.
IEC 61850
identification
AUTHMAN
IEC 60617
ANSI/IEEE C37.2
identification
device number
-
-
1MRK 502 066-UUS B
GUID-7925E6A3-301D-44A5-982F-167805EEA473 v1
Technical manual
Advertisement
Chapters
Table of Contents
