User’s Manual DX1000/DX1000N/DX2000 Advanced Security Function (/AS1) IM 04L41B01-05EN 2nd Edition
Thank you for purchasing the Daqstation DX1000, DX1000N, or DX2000 (hereafter referred to as the DX). This manual describes the operating procedure for the DX advanced security function (/AS1 option). Please use this manual in conjunction with the DX User’s Manual (IM04L41B01-01E or IM04L42B01-01E). Notes Trademarks Revisions • The contents of this manual are subject to change without prior notice as a result of continuing improvements to the instrument’s performance and functions.
Conventions Used in This Manual Unit K k Denotes 1024. Example: 768 KB (file size) Denotes 1000. Markings Improper handling or use can lead to injury to the user or damage to the instrument. This symbol appears on the instrument to indicate that the user must refer to the user's manual for special instructions. The same symbol appears in the corresponding place in the user's manual to identify those instructions. In the manual, the symbol is used in conjunction with the word “WARNING” or “CAUTION.
Applicable Recorders The models listed below can be equipped with the advanced security function. In this manual, the terms “DX1000” and “DX2000” refer to the following models. Notation in This Manual DX1000 DX2000 Models DX1006, DX1012, DX1006N, and DX1012N with release number 4 and later DX2010, DX2020, DX2030, DX2040, and DX2048 with release number 4 and later What This Manual Explains This manual primarily explains the login, audit trail, and signature functions of the advanced security option.
Contents Conventions Used in This Manual............................................................................................ ii Applicable Recorders............................................................................................................... iii What This Manual Explains..................................................................................................... iii Revision History.............................................................................................
Contents 2.3 2.4 Signing Display and Event Data......................................................................................... 2-16 Checking the Change Settings Log.................................................................................... 2-24 Chapter 3 Password Management 3.1 3.2 3.3 Appendix Configuring the Password Management Function................................................................ 3-1 Using the Password Management Function.........................................
Chapter 1 Explanation of the Advanced Security Function 1.1 Using the Advanced Security Function 1 2 Operation Overview Configuring Functions First, you need to configure the DX functions. You have to configure the measurement settings and register DX users. After you register users, to use the DX, you will need to log in to it by entering a user name, user ID, and password. DX User name Registered user Password History of the setting changes is recorded in the change settings log.
1.1 Using the Advanced Security Function DX Operation Range The DX Manages Measured Data in Its Internal Memory • You cannot change measured data files in the internal memory. You cannot delete measured data files without initializing the internal memory. • On the DX, you can only sign measured data files in the internal memory. • When the measured data in the internal memory is saved to a file on an external storage medium and there is already a file with the same name, that file is overwritten.
1.1 Using the Advanced Security Function 1 Terms Used in This Manual A type of user that can be registered on the DX. This type of user can perform any operation. 2 Audit Trail Function (See section 1.5) This function saves information that can be used to retrace past operations. Auto Save (See section 1.2) 3 A method for automatically saving the data in the internal memory to the CF card. Change Settings Log (See section 1.
1.2 Recording and Saving Data This section explains the types of data that a DX with the /AS1 advanced security option can record and how to save them. Data Types The types of data that the DX can store to files are listed below. For information about file name extensions, see page 1-9. Data Type Display data Description •This is the waveform data that appears on the trend display. Measured data is recorded at the set sampling interval. The sampling interval is determined by the trend update interval.
1.2 Recording and Saving Data 1 Data Recording and Storage Flowchart Measurement Computation Channel channel Only in DX2000 2 Data of other device (via communications) . . . . . . . . . External channel Explanation of the Advanced Security Function Measured data is recorded to internal memory and then saved to external memory.
1.2 Recording and Saving Data Display and Event Data Recording Methods For the setting procedure, see section 6.1 in the User’s Manual. For operating instructions, see section 6.4 in the User’s Manual. Type of Data to Record You can choose to record display or event data. • Choosing What Type of Data to Record Record the type of data that meets your needs. Use the following examples for reference.
1.2 Recording and Saving Data Recording Conditions of Event Data Description Same as display data. Choices are available in the range of 25 ms to 30 min. You cannot choose a sampling interval that is higher than the scan interval. File generation A file is generated when the set data length is reached. Files are also generated in these cases: • When you generate a file manually. • When sampling stops (memory stop). • When a file is generated through the use of the event-action feature.
1.2 Recording and Saving Data Manual Sampled Data Manually sampled data is stored to internal memory. When the number of manualsampled-data exceeds 400, the oldest data are overwritten. Time Manual sampled data For operating instructions, see section 6.5 in the User’s Manual. Report Data Report data is stored to internal memory. When the number of report data files exceeds 100, the oldest data files are overwritten.
1.2 Recording and Saving Data 1 Directories and File Saving on External Storage Medium • CF card (32 MB or more) • USB flash memory (/USB1 option) 2 CF Card Directory The directories and files of the CF card that the DX automatically saves to are indicated below. Root directory Setup files SET0 directory Index • Stores the following files when settings are changed. Setup files Change settings log files • Has media FIFO action. For details, see section 1.5.
1.2 Recording and Saving Data Saving Data to External Storage Medium Auto Save Display data, event data, manual sampled data, and report data is automatically saved. Keep the CF card inserted into the drive at all times. The data in the internal memory is automatically saved to the CF card. For the setting procedure, see section 6.1 in the User’s Manual. Data Type Display data Description Files are saved as soon as they are generated.
1.2 Recording and Saving Data 1 Data Saved to Display and Event Data Files The following data is saved to display and event data files Explanation of the Advanced Security Function Contents of the display data and event data files 2 • Header string (see section 6.2 in the User's Manual) • Batch information (when the batch function is in use, see section 1.
1.2 Recording and Saving Data Save Operation (Always retain most recent data file/media FIFO) When the DX saves data files automatically to the CF card, it can save them so that the newest data files are always retained. With this method, you can use the DX continuously, without changing the CF card. For the setting procedure, see section 6.2 in the User’s Manual.
1.2 Recording and Saving Data Manual Save (Collectively storing unsaved data) Save operation Time File Saved the previous time File 2 3 File Saved this time App Note When you use manual save, it is important that you save the data in the internal memory to the external storage medium before the data is overwritten. Be aware of the condition of the internal memory, and save data to the external storage medium at the appropriate times. For the setting procedure, see section 6.
1.2 Recording and Saving Data File Name The DX can name measured data files that are automatically saved to the CF card in one of the following three ways. Structure Date Description Display data Event data Manual sampled data Snapshot data Report data 7-digit . Extension Date Specified string Ex.: 000123_AAAAAAAAAAA050928_174633.DSD 7-digit Type . Extension Date Specified string Ex.: 000123_AAAAAAAAAAA050928_174633HD.
1.2 Recording and Saving Data Saving Data through Key Operation Save Operation All save Selective save Manual sampled data save Report data save Description All the data in the internal memory is saved. The selected display data or event data file is saved. All manually sampled data in the internal memory is saved. All report data in the internal memory is saved. 2 3 Save Destination You can select a CF card or USB flash memory (/USB1 option).
1.2 Recording and Saving Data Other Types of Data That can Be Stored Setup Data When the Settings Change and the Change Settings Log For the description of functions, see section 1.5. Setup Data You can save the DX setup data to a CF card or to USB flash memory (/USB1 option). The setup data is saved to the root directory. Name of the Setup data file Specified . PEL Example: ABCD10005.PEL For operating instructions, see section 6.9 in the User’s Manual.
1.3 Login Function 1 2 Logging In and Out Using Keys You need to enter user identification information (a user name, user ID, and password) to log in to the DX in the following cases. DX Access Method Key operations When It Is Necessary to Log In When the power is turned on. When logging in after exiting basic setting mode. When logging in after logging out.
1.3 Login Function User Levels There are two user levels: “administrator” and “user.” Administrator Item Number of users that can be registered Login methods Description 5 Key Administrators can log in using keys and perform all operations. Key+Comm Administrators can log in using keys and communication commands and perform all operations.
1.
1.3 Login Function Explanation of user privileges • Operations performed using communication commands are also limited. However, operations can always be performed through Modbus communication, regardless of the settings. See section 3.2 in the Communication Manual • Operations assigned by the event action function are always performed, regardless of the operation-limitation settings.
1.3 Login Function 1 Login Restrictions You cannot log in with the same name. 2 Logging in Simultaneously There are five methods for logging in using key operations or Ethernet or serial communication. 1. Logging in and out using keys 2. Logging in to the setting function of the setting and measurement server through Ethernet communication* 3. Using the LL command to log in to the setting and measurement function through serial communication* 4.
1.3 Login Function • When Not Using the Multi Login Function Users cannot log in at the same time through key operations, an Ethernet connection (to the setting function), or serial communication. Only one user can log in to the DX at a time. DX Access Method Key operations Communication (Ethernet connection to the setting function) Communication (serial) When Another User Is Logged In None of the keys function. You cannot log in or send commands.
1.4 Password Management Function 1 Explanation of the Advanced Security Function With this function, you can manage access to the DX by using the Kerberos v5 authentication protocol. For the setting procedure and operating instructions, see chapter 3. 2 System Configuration The following figure shows the configuration of the authentication system.
1.5 Audit Trail Function This function records histories of the operations. It saves operation logs and change settings logs, and it saves setup files when the settings have changed. You do not need to perform any special settings to use this function. The figure below indicates what items are recorded to the operation log and the change settings log.
1.5 Audit Trail Function Operation Log Recorded Operations • Operations that affect the measured data, such as memory start and message writing are recorded. Error messages are also recorded. • Key operations, communication operations, remote-control operations (/R1 and /PM1 options), event-action operations, and automatic DX operations (error messages, etc.) can be distinguished from each other.
1.5 Audit Trail Function Change-Settings Log and Setup Files When Recording (Memory Sampling) Is Not in Progress When you change the settings, the changes are logged in the change settings log and the operation log. At the same time, a setup file is saved to the CF card. The date, user name, and affected setup file name are recorded in the change settings log, which is saved to the CF card. For information about the display, see section 2.4.
1.5 Audit Trail Function How the Change Settings Log Is Saved File Name Mddhhmma.TXT Example: 40209250. TXT Description The date and time of the first log entry M Month (1 to 9, X for October, Y for November, or Z for December) dd Day hh Hour mm Minute a Last digit of the year (0 to 9) A change settings log file whose first log entry was created at 9:25 on April 2 Viewing a Change Settings Log • You can display the change settings log in the internal memory on the DX screen.
1.5 Audit Trail Function How Setup Files Are Saved • If settings have been changed when you exit basic setting mode, a setup file is saved to the CF card. If a CF card is not inserted when the DX tries to save a setup file, an error occurs. • A setup file (.PEL extension) is saved to the SET0 directory on the CF card. • The file name is generated automatically.
1.5 Audit Trail Function 1 SET0 Directory Operations If there is not enough free space on the CF card, the DX cannot save the data in the internal memory to the CF card. When this happens, an error occurs, and the save operation cannot be performed. Use another CF card to save the data. 2 Save Operation (Always retain most recent data file/media FIFO) The newest data files are always kept on the CF card. With this method, you can use the DX continuously, without changing the CF card.
1.6 Signature Function (Digital signature) Signing is the act of attaching the following approval information to a measured data file. • Pass or fail judgment • Comment • Name of the user who attached the information and the date and time when the information was attached For the setting procedure, see section 2.1. For operating instructions, see section 2.3. Signable Files Display and event data files (.DSD and .DSE extensions) can be signed.
1.6 Signature Function (Digital signature) Signing from the DX 2 3 App Index Signing Using the Attached DAQSTANDARD Application You can sign measured data files using DAQSTANDARD. A measured data file can only be signed by a user with signature privileges who is registered in the login information of that measured data file. For operating instructions, see the DAQSTANDARD Viewer manual.
1.7 Unique Specifications of DXs with Advanced Security Functions That Differ from Those of DXs without Advanced Security The main functions that have not been explained thus far in this manual that differ with the functions of DXs without advanced security are explained in the table below.
1.7 Specification for DXs with Advanced Security 1 Functions That Differ from Those of the DX100P and DX200P Function Setting modes Number of failed password entry attempts Signature privilege settings Multi login Selecting a user name when logging in KDC server password management Specification for DXs with Advanced Security Engineering mode is equivalent to setting mode. System mode is equivalent to basic setting mode.
Chapter 2 Logging In, Logging Out, and Signing 2.1 Registering Users and Setting the Signature Method 1 Procedure for Configuring the Login and Signature Features for the First Time 2 • Security Logging In, Logging Out, and Signing When the DX is shipped from the factory, it is configured so that you can operate it without signing in. First, register an administrator. After you register an administrator, you will have to log in before you can use the DX.
2.1 Registering Users and Setting the Signature Method Press MENU (to switch to setting mode), hold down FUNC for 3 s (to switch to basic setting mode), and select the Menu tab > Login > Authority of user > Key action, Media, Actions, or Sign record (Key action, Media/USB, and Actions or Sign record on the DX2000).
2.1 Registering Users and Setting the Signature Method 1 Setup Items • Security > Key This setting is fixed at Login. 2 • Security > Communication * Description Only registered users can operate the DX through communication. The security function is not enabled. You can only use the monitoringfunction communication commands*. 3 For an explanation, see the Communication Manual. • Security > Multi login Setting On Off Description The multi-login function is used.
2.1 Registering Users and Setting the Signature Method • User basic settings > Password retry frequency Set how many consecutive failed password-entry attempts result in user invalidation. Setting 3 or 5 Off Description Three or five consecutive failed password entry attempts result in user invalidation. Users are never invalidated, no matter how many times they enter the wrong password.
2.1 Registering Users and Setting the Signature Method 1 • Admin settings > Mode The available settings vary depending on the Security setting. Setting Off Key Key+Com* Description No administrator is registered. The administrator can log in to the DX using keys. The administrator can log in to the DX using keys and communication commands. Web* The administrator can access the operator and monitor pages through the Web server function.
2.1 Registering Users and Setting the Signature Method • User number Select a user number from 1 to 90. • User settings > Mode The available settings vary depending on the Security setting. Setting Description Off No user is registered. Key The user can log in to the DX using keys. Comm* The user can log in to the DX using communication commands. Web* The user can access the monitor pages through the Web server function. Key+Comm* The user can log in to the DX using keys and communication commands.
2.1 Registering Users and Setting the Signature Method 1 • Signature > Sign from recorder Set the signature privilege range for DX key operations. Description You cannot sign files from the DX. You can sign files from the DX using the Signature1 privileges. You can sign files from the DX using the Signature1 and Signature2 privileges. You can sign files from the DX using the Signature1, Signature2, and Signature3 privileges.
2.2 Logging In and Out When you log in for the first time, you will be prompted to change the password. For information about the function, see section 1.3. Login Process FUNC key When user ID is not in use. When user ID is in use. User name selection screen User name input screen User ID input screen Password input screen Entering the wrong password consecutively for n times. Password is unestablished or expired.
2.2 Logging In and Out 1 Procedure • Logging In Logging In before the Password Has Been Set 1. Press FUNC. 2. Select or enter a user name, and press DISP/ENTER. On the left is the DX1000 screen. On the right is the DX2000 screen. When User IDs Are Used 2 Logging In, Logging Out, and Signing If the settings have been configured so that user IDs are used, a window for selecting the user name opens.
2.2 Logging In and Out 3. Enter the user ID, and press DISP/ENTER. A window for entering the password opens. 4. Enter the default password, and press DISP/ENTER. A window for entering the new password opens.
2.2 Logging In and Out 5. Enter a new password (between 6 and 20 characters, DISP/ENTER. Aa#1 1 ), and press A window for re-entering the password opens. 2 Logging In, Logging Out, and Signing 3 App Index Note • • • You cannot use the same combination of user ID and password as another user. Specify a password that is six or more characters long. You cannot register a character string that contains spaces or the word "quit." 6. Enter the password, and press DISP/ENTER.
2.2 Logging In and Out Logging In after the Password Has Been Set 1. Press FUNC. If the settings have been configured so that user IDs are used, a window for selecting the user name opens. If the settings have been configured so that user IDs are not used, a window for entering the user name opens. 2. Select or enter a user name, and press DISP/ENTER.
2.2 Logging In and Out 1 4. Enter the password, and press DISP/ENTER. 2 Logging In, Logging Out, and Signing 3 App When the password has not yet expired: The window closes, and you are logged in. Index When the password has expired: You are prompted to change the password. Follow the instructions that appear on the screen, and change the password (between 6 and 20 characters, A a # 1 IM 04L41B01-01E ) to log in.
2.2 Logging In and Out • Dealing with the "Invalid User" Status If a user enters the wrong password and presses DISP/ENTER consecutively for the specified number of times (the password retry frequency), that user is invalidated and can no longer log in. The user-locked icon appears in the status area. User locked icon Clearing the User-Locked Icon (Only administrators can perform this operation) 1. Log in as an administrator. 2. Press FUNC. The FUNC key menu appears. 3.
2.2 Logging In and Out 1 • Logging Out Using the FUNC Key 1. Press FUNC. The FUNC key menu appears. 2 2. Press the logout soft key. Auto Logout When auto logout is enabled, users are logged out automatically if there are no key operations for the specified period of time. Logging In, Logging Out, and Signing You will be logged out.
2.3 Signing Display and Event Data You can sign display and event data from the historical trend display. You can sign a unit of data when: • You are logged in as a user with signature privileges. • The files are in the internal memory (even if the data is in the internal memory, you cannot sign it unless it has been saved to files). • The data has not already been signed in the same place. • The DX settings allow signing. • All the data that you want to sign can be displayed.
2.3 Signing Display and Event Data 1 Procedure • Showing the Historical Trend Display Opening the Displayed Data File in the Historical Trend Display 2 Logging In, Logging Out, and Signing The historical trend display appears automatically at memory stop. When Signature at batch stop is enabled, the historical trend display will appear if the following conditions are met. • A user with signature privileges stopped the recording (memory stop).
2.3 Signing Display and Event Data 3. Use the arrow keys to select a file. To display a file’s signature information in the signature information display, press the Add.info. soft key. Press ESC to close display. 4. Press DISP/ENTER to show the display selection menu. 5. Press the right arrow key to display the sub menu. 6. Use the arrow keys to select TO HISTORY, and press DISP/ENTER. The historical trend display of the selected file appears. • Changing the Displayed Contents 1.
2.3 Signing Display and Event Data 1 • Displaying Information When in the historical trend display: 1. Press DISP/ENTER to show the display selection menu. 2. Use the arrow keys to select INFORMATION. 2 3. Press the right arrow key to display the sub menu. Logging In, Logging Out, and Signing 4. Press the up and down arrow keys to select the sub menu item. 5. Press DISP/ENTER to display the information. 3 Operation Log App Cursor (blue arrow) Move the cursor with the arrow keys.
2.3 Signing Display and Event Data Alarm Summary For display information, see section 1.3 in the User’s Manual. Message Summary For display information, see section 1.3 in the User’s Manual. Memory Information (Information about the displayed measured data file) The following information is displayed. Page switch mark Use the left and right arrow keys to switch the page. For display information, see section 4.3 in the User’s Manual.
2.3 Signing Display and Event Data 1 • Signing Data (Attaching approval information) When in the historical trend display: 1. Press DISP/ENTER to show the display selection menu. 2. Use the arrow keys to select SIGNATURE. 2 3. Press the right arrow key to display the sub menu. SIGNATURE3, and then press DISP/ENTER. Logging In, Logging Out, and Signing 4. Use the up and down arrow keys to select SIGNATURE1, SIGNATURE2, or 3 The signature initiation display appears. App Index 5.
2.3 Signing Display and Event Data 6. Enter the user ID, and press DISP/ENTER. On the left is the DX1000 screen. On the right is the DX2000 screen. A window for entering the password opens. 7. Enter the password, and press DISP/ENTER. If the current password has expired, follow the instructions that appear on the screen to change it. A window for selecting Pass or Fail appears.
2.3 Signing Display and Event Data 1 8. Use the arrow keys to select Pass or Fail, and press DISP/ENTER. After you have checked the data, if it is OK, select Pass, if it is not OK, select Fail. You can use whatever criteria you please to determine whether data passes or fails. A window for entering a comment opens. 2 Logging In, Logging Out, and Signing 3 App Index 9. Enter a comment (of less than 32 characters), and press DISP/ENTER. The signature confirmation display appears. 10.
2.4 Checking the Change Settings Log Procedure 1. Press DISP/ENTER to show the display selection menu. 2. Use the arrow keys to select LOG. * LOG is not displayed with the default settings. To display LOG, see section 5.17 (DX1000/DX1000N) or 5.18 (DX2000) in the User's Manual. 3. Press the right arrow key to display the sub menu. 4. Use the up and down arrow keys to select Change Settings. To close the menu without changing the display contents, press ESC. 5. Press DISP/ENTER.
Chapter 3 Password Management 3.1 Configuring the Password Management Function 1 The following settings are necessary: For a description of the function, see section 1.4 2 ● Security > Password management Enables the password management function. See section 2.1. 3 Password Management ● Login Specify operation modes, user names, and restrictions for each normal user. See section 2.1 App ● Root password > Password Index Set the password of the root user. See section 2.
3.2 Using the Password Management Function Logging In and Out Logging In Log in by entering the user name and password. 1. Press FUNC. A window for entering the user name appears. 2. Select or enter a user name, and press DISP/ENTER. On the left is the DX1000 screen. On the right is the DX2000 screen. 3. Enter the password, and press DISP/ENTER. The window closes, and you are logged in.
3.2 Using the Password Management Function Signing In 1 When you sign in, you will be prompted for a user name and password. For operating instructions, see section 2.3 2 Dealing with the "Invalid User" Status App Note The "Invalid user" status is only applicable on the DX being operated. The user account on the server is not invalidated. Index Password Expiration Date Manage passwords and their expiration dates on the KDC server.
3.3 Error Messages and Corrective Actions Errors That Occur during Authentication Code Message Explanation/Corrective Action E006 Incorrect input character string. Check that the host principal, authentication key password, and realm name settings on the DX are correct. E085 The login password is incorrect. Enter the correct password. E110 This user name is not registered. The specified user is not registered on the DX. The user account is not registered on the server.
Appendix Appendix 1 Operation Log Contents 1 Operation Log Operation Display Detailed Information Additional Information* Error### Warning### Error message Error message - A/DCalDisp A/DCalExec - - PowerOn PowerOff Login Logout UserLocked - - ChgPasswd UsrLockACK MemStart## MemStop## AlarmACK AlmDspRst Message## Channel/level - - Manual sampling Math start Math stop Manual MathStart MathStop - - Math reset (##: batch group number) Computation data dropout acknowledgment Snapshot E-mai
Appendix 1 Operation Log Contents Operation Display Event edge switch Shift to setting mode Shift to basic setting mode Shift to operation mode Writing of a value from the custom display to a communication input channel EEdgSw MoveEng MoveSys MoveOpe WrCommuCH Writing of a value from the custom display through the use of a Modbus client Writing of a value from the custom display through the use of a Modbus master Saving of settings in setting mode Loading of settings in setting mode Loading of setting i
Appendix 1 Operation Log Contents 1 Detailed Information No. 1 2 Description Channel/level Difference from the time to change to Timer number 4 Switch number 5 Communication input channel/set value 6 Command number/set value 7 Setting file sequence number 8 Channel number 9 Channel number/calibration point 10 Message number Operation Types Type KEY COM Display [K] [C] REM ACT [R] [A] SYS [Y] Description Key operation Operation performed using Ethernet or serial communication.
Index Index A administrator.................................................................. 1-3, 1-18 admin number......................................................................... 2-4 advanced security................................................................. 1-32 alarm summary...................................................................... 2-20 applicable Recorders.................................................................. iii audit trail function.............................
Index signing in................................................................................. 3-3 signing process..................................................................... 2-16 sign record............................................................................... 2-6 snapshot data................................................................ 1-4, 1-16 SNTP client.............................................................................. 3-1 T time synchronization....................