D20Mx Processor; Security - GE D20MX Instruction Manual

Hide thumbs Also See for D20MX:

User manual (146 pages)

User manual (104 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

page of 168

/ 168
Contents
Table of Contents
Bookmarks

Table of Contents

D20MX Processor

Security

CyberArk

The D20MX is a single board computer built around a 667 MHz embedded PowerQUICC II

Pro processor. The D20MX supports open standard cyber security features that allow

interoperability in NERC CIP environments and introduces compliance to IEC standards;

refer to Appendix A, Standards & Protection for the complete listing.

The D20MX can be retrofitted into either a D20 3U single-node VME chassis or D20 3U non-

VME chassis. In a single-node VME chassis, this one processor module replaces the

previous D20 M, M++, ME, and MEII CPU cards.

Due to aging printed circuit board assembly and mechanical constraints, only certain

chassis from 2002 and onward can be used with a D20MX. This comprises the following

chassis:

•

D20 VME chassis 500-0280 Release 08 or higher,

•

D20 Non-VME chassis 500-0305 Release 18 or higher

A solid partition between the Main processor bay and accessory bay prevents access to

the harness from the fiber card to D20MX card (only applicable to the 526-3005LF fiber

card version).

The D20MX provides the following new security improvements over its predecessors:

•

Centralized user authentication and authorization (RADIUS), including integration with

Microsoft Servers using NPS

•

Role Based Access Control (RBAC) keeping operator and engineering activities

separated, logged and simple

•

NERC compliant passwords, with strong complexity rules and one-way encrypted

•

Full auditing including Syslog integration to enterprise systems

•

SFTP for secure network-based firmware upgrades and configuration file transfers

•

SSH for secure network access to WESMAINT II+. and the LogicLinx Executor. Refer to

Appendix E: "Secure Connection for LogicLinx" on page 149 for details on securing

network access to the LogicLinx Executor.

To take advantage of these improvements, refer to the WESMAINT II+ for the D20MX

Configuration Guide (B014-1NCG) for details of these security features of the D20MX.

A plug-in available from CyberArk Software Ltd. enables the D20MX to be integrated with

the CyberArk Privileged Identity Management (PIM) Suite. In addition to centralized user

authentication and authorization, integration with CyberArk, PIM provides a one-time

password model for the D20MX.

Contact CyberArk (http://cyberark.com) for details.

GE INFORMATION

CHAPTER 1: BEFORE YOU START

D20MX INSTRUCTION MANUAL

Table of Contents

D20Mx Processor; Security - GE D20MX Instruction Manual

D20MX Processor

Security

Related Manuals for GE D20MX

Related Content for GE D20MX

Table of Contents