To reduce the attack surface, it is strongly recommended that you restrict access to the server and file system where EcoStruxure IT Gateway is installed. |
Prerequisites
Note: Prerequisites and system requirements do not apply to the Gateway appliance.
- A server or a PC that is always on with:
- Microsoft® Windows® 10 and 11 64-bit, Server 2016, Server 2019, and Server 2022
- Rocky Linux 8.7 and 9.1; Red Hat Enterprise Linux 7, 8, 9; CentOS 7 (end of life June, 2024)
- At least 2GB hard disk space. See system requirements
- The required CPU and memory depends on the number of monitored devices and the protocol.
See system requirements - Network:
Port 443 outbound for connecting to EcoStruxure IT
Port 443 inbound locally for accessing the Gateway web interface
See system requirements - Devices to be monitored must be accessible over the network from the EcoStruxure IT Gateway
- The ports used to communicate with devices vary based on communication protocol and device settings.
Checklist to help you deploy your Gateway
1. Sign up and create an EcoStruxure IT account
Sign up here or log in if you already have an account, and follow the on-screen instructions to download EcoStruxure IT Gateway.
|
Instructions on how to setup a Gateway appliance are here. |
After you install the Gateway, open a browser on any computer with network access to the Gateway and go to https://<ip address or hostname>/gateway/index.html.
If the browser you are using is on the same system you installed EcoStruxure IT Gateway on, you can access the Gateway at https://localhost/gateway/index.html.
Set the password for the system administrator. The default username is admin.
Need to configure cloud connectivity settings?
The Gateway server must use the internet to communicate with EcoStruxure IT.
If the Gateway is not connected to EcoStruxure IT, messages and recommended actions are displayed on the Cloud connectivity page. Otherwise, the Device credentials page is displayed.
See Configuring cloud connectivity in the Gateway
2. Configure device credentials
Discovery and polling
These settings are used by EcoStruxure IT Gateway to discover and poll devices. You can reuse these credentials for all your device discoveries and add additional credentials as needed.
Click New device credentials and select the communication protocol used by your devices. Specify a label that allows you to identify the credential along with the following settings depending on what protocol you selected:
-
SNMPv1: Specify the Read community name (public is default), the Write community name (private is default), and the port, (161 is default).
-
SNMPv3: Specify the Username, Authentication type (MD5 or SHA), Authentication password, Encryption type (DES, DES3, AES128, AES192, AES256), Encryption password, and Port (161 is default).
Note: When AES is configured in the APC Network Management Card (NMC) interface, choose AES128 in the Gateway user interface.
EcoStruxure IT Gateway versions older than 1.15 do not allow discovery of SNMPv3 devices with the Authentication type or Encryption type set to None.
- NetBotz: Specify the Username, Password, and Port (80 is default, or 443 with SSL enabled).
-
Redfish: Specify the Username, Password, and Port (443 is default).
Device configuration and firmware update
File transfer settings for the APC Network Management Card (NMC) are required to allow the Gateway to transfer files to and from monitored APC SNMP devices. These settings must be properly configured for device configuration, firmware update, and other EcoStruxure IT features to function properly.
- Click New file transfer credentials and select SCP or FTP.
- Specify a name for the configuration, and the username, password, and port.
Note: The EcoStruxure IT Gateway does not support SCP on NMC1 devices.
How to identify APC Network Management Card 1 (NMC1) devices
When one or more file transfer credentials are configured, the Gateway uses the provided credentials to gather certain device information daily. Some EcoStruxure IT features such as firmware update and device configuration also rely on additional file transfers to and from the device.
Make sure the Gateway has valid device file transfer credentials to prevent unnecessary unauthorized access attempt warnings from being triggered on your devices.
Your APC NMC3 devices might be configured to limit the number of failed login attempts. |
Note: This video was created using Gateway version 1.8.1. |
3. Discover devices
You can import a device list from Data Center Expert or another source to easily discover devices in EcoStruxure IT Gateway 1.8.0 and newer. See Import a device list to discover devices in EcoStruxure IT Gateway |
Go to Discover devices. Click Configure Credentials to select specific device file transfer credentials to use in a device discovery. Otherwise, all configured credentials will be used.
To comply with stricter cybersecurity requirements across various product groups, it is recommended that you review your username/password lists in EcoStruxure IT Gateway and confirm that configured credentials are both active and accurate.
You can run multiple discoveries simultaneously.
You can import a device list that contains the IP address for each device.
To discover devices manually, specify an IP address or IP address range. Use an asterisk to search an entire subnet: 192.168.1.* Use a dash to search a range of IP addresses: 192.168.1.100-254.
You can specify multiple IP addresses or IP address ranges separated by commas.
|
Check out the on-screen device discovery tips! |
Modbus discovery
To discover Modbus devices, click Discovering a Modbus device?
To discover Modbus devices manually, specify the Device type, Device vendor, Device family, and Server address. For TCP, specify the IP address and Port (502 is default). For Serial (RTU), specify the Port, Baud rate, Data bits, Parity, Stop bits, and Flow control.
Importing a device list
You can import a device list that contains the IP address and server address for each Modbus device. Each line must have both the IP address and server address.
IMPORTANT: On the Gateway Discover devices page, you must also specify the Device type, Device vendor, and Device family. For TCP, also specify the Port (502 is default). For Serial (RTU), you must also specify the Port, Baud rate, Data bits, Parity, Stop bits, and Flow control.
Discovery results
If device discovery fails, there are messages and suggestions on how to fix the issue on the page.
Click Go to devices to see all discovered devices listed on the Devices page.
Click Discovery log to see additional discovery results.
Click View details under the count of unsupported devices to see the list of devices not yet supported in EcoStruxure IT, if any. To request device support, click Need device support? Submit a DDF Request.
4. Register and connect the Gateway
Click the Register Gateway button and follow the on screen instructions to connect your Gateway to your EcoStruxure IT organization. If you are not logged into EcoStruxure IT, log in to connect your Gateway. You might be prompted for the 2 factor authentication code you chose when you set up your EcoStruxure IT account.
Note: The 2 factor authentication code you need to log in is not the same as the Gateway registration code.
|
If you have not yet signed up for an organization in EcoStruxure IT sign up here. Once you have an an account in EcoStruxure IT, click the Register Gateway button and follow the on screen instructions. |
After you log in to EcoStruxure IT, you'll see the Connect Gateway dialog with the Gateway registration code pre-populated.
If the registration code isn't prepopulated, for example if you login to the Gateway using a different browser than you use to log in to EcoStruxure IT, you can go to Administration > Gateways > Connect Gateway in the EcoStruxure IT web interface and manually enter the Registration code.
Return to the Gateway user interface and click Done.
Note: The setup wizard appears each time you access the Gateway until you click Done. All settings you configure in the wizard are applied whether or not you click Done on the last page of the wizard.
See also
Comments
1 comment
Hi CARLOS PÉREZ,
Have a look at this article. You can see if your third party devices are currently supported, and, if not, how to request support.
https://helpcenter.ecostruxureit.com/hc/en-us/articles/360020971853-How-can-I-see-if-my-device-is-currently-supported-
Best,
Jackie
Please sign in to leave a comment.