Updating device XML configuration - Grid automation - User Manual - ARM600 M2M Gateway - Arctic series - 5.0 - IEC - ANSI - 22.06.2023

ARM600 User Manual

Arctic field devices have their full configuration stored in XML format. ARM600 product Ver.4.5.1 and newer include support for updating the full XML configuration using Arctic Patrol.

The configurations use a template mechanism on ARM600. In each XML configuration file, device-specific parts of the configuration file must be marked using special markers in the XML file. The files must be named as configuration-xxx.xml where the xxx part can contain the letters a-z and A-Z, 0-9 and hyphens (-).

The tags that mark the device-specific values are of the form _PRECONFIG_XXX where XXX is the label/name of a specific setting. The marker tags are always inside html tags since the markers mark a single configuration value in the configuration file. It is important to make sure that all device-specific parts of the configuration have been properly defined in the template using _PRECONFIG_XXX tags inside the XML template.

Figure 1. List of XML configuration templates
image/svg+xml

It is recommended not to use any production field devices for the initial setup but have at least two Arctic devices in a laboratory type of setup so that if any problems arise, the devices can be easily reset to a factory default state.

The typical workflow of using the XML configuration templates is described below.

  1. Manually configure a single Arctic device to work as planned in the production system.

    This configuration includes at least Patrol configuration, possibly a VPN configuration and any other configuration that the field devices must have to work as intended.

  2. Take the working XML configuration file from the Arctic device and use this as a base for creating a configuration template.
  3. Edit the XML configuration file and mark all the device-specific parts of the XML with _PRECONFIG_XXX marker tags.
  4. Upload the configuration template to ARM600.

    XML files can be imported to ARM600 under the Arctic Patrol menu Profiles page. The first version of the XML template becomes revision 1 on ARM600. Any changes made and updated after this increase the revision counter automatically.

  5. Take a second Arctic device and update its XML configuration using the Patrol Management XML Configuration Update tool.
  6. Reboot the second Arctic device to make sure it does not lose any important parts of the configuration file as part of the XML configuration update process.

    If the XML configuration template works as intended, after the reboot the second Arctic device should be able to connect to ARM600 using Arctic Patrol and work as intended.

  7. If there are any issues, repeat steps 3 through 6 until the XML configuration template works as intended.

    When the second Arctic is proven to be working as wanted, any other Arctic field devices can be mass-updated at a time.

Typically the following parts of the XML configuration should be marked with _PRECONFIG_XXX tags:

  • system.general.hostname: <hostname> _PRECONFIG_HOSTNAME </hostname>
  • system.user.shadow: <shadow> _PRECONFIG_SHADOW </shadow>
  • system.console_access.shadow: <shadow> _PRECONFIG_ROOTSHADOW_</shadow>
  • system.cli.password: <password> _PRECONFIG_CLIPASSWORD </ password>
  • network.lans.iface.address: <address> _PRECONFIG_LANIP </address>
  • network.lans.iface.mask: <mask> _PRECONFIG_LANMASK </mask>
  • certificates.local_ssh_keys.key.public_key_data: <public_key_data>_PRECONFIG_PATROLSSHPUBLICKEY </public_key_data>
  • certificates.local_ssh_keys.key.private_key_data: <private_key_data>_PRECONFIG_PATROLSSHPUBLICKEY </private_key_data>
  • certificates.remote_ssh_keys.key.public_key_data: <public_key_data>_PRECONFIG_PATROLSSHHOSTKEY </public_key_data>
  • certificates.trusted_cas.key.public_key_data: <public_key_data>_PRECONFIG_VPNCA </public_key_data>
  • certificates.local_identity.key.name: <name> _PRECONFIG_VPNNAME </ name>
  • vpn.openvpn_client.client.loc_cert <loc_cert> _PRECONFIG_VPNNAME </ loc_cert>
  • certificates.local_identity.key.private_key_data: <private_key_data>_PRECONFIG_VPNKEYDATA </private_key_data>
  • certificates.local_identity.key.public_key_data: <public_key_data>_PRECONFIG_VPNCRTDATA </public_key_data>
  • vpn.openvpn_client.client.name: <name> _PRECONFIG_VPNSERVER </ name>
  • vpn.openvpn_client.client.remote_port: <remote_port>_PRECONFIG_VPNPORT </remote_port>

The tag names described above use the same naming conventions as the ARM600 command line operations viola patrol create-ssh-clients and viola openvpn export-clients. This way if the field device Patrol configurations and OpenVPN configuration have been mass-created on ARM600 using command line utilities, the field names in the generated CSV files match the XML template's _PRECONFIG_ tags.

When a working configuration has been set up and tested, multiple field devices can be updated at a time using the XML Configuration Update tool under the Arctic Patrol Management menu.