Legal Information
The information provided in this document contains general descriptions, technical characteristics and/or recommendations related to products/solutions.
This document is not intended as a substitute for a detailed study or operational and site-specific development or schematic plan. It is not to be used for determining suitability or reliability of the products/solutions for specific user applications. It is the duty of any such user to perform or have any professional expert of its choice (integrator, specifier or the like) perform the appropriate and comprehensive risk analysis, evaluation and testing of the products/solutions with respect to the relevant specific application or use thereof.
The Schneider Electric brand and any trademarks of Schneider Electric SE and its subsidiaries referred to in this document are the property of Schneider Electric SE or its subsidiaries. All other brands may be trademarks of their respective owner.
This document and its content are protected under applicable copyright laws and provided for informative use only. No part of this document may be reproduced or transmitted in any form or by any means (electronic, mechanical, photocopying,recording, or otherwise), for any purpose, without the prior written permission of Schneider Electric. Schneider Electric does not grant any right or license for commercial use of the document or its content, except for a non-exclusive and personal license to consult it on an “as is” basis. Schneider Electric reserves the right to make changes or updates with respect to or in the content of this document or the format thereof, at any time without notice.
To the extent permitted by applicable law, no responsibility or liability is assumed by Schneider Electric and its subsidiaries for any errors or omissions in the informational content of this document, as well as any non-intended use or misuse of the content thereof.
Overview
Demand for increased software capability requires increases in processing power, storage, and connectivity to peripherals. Server class computers provide these capabilities in standard rack enclosures. This greatly concentrated capability reduces the volume needed and permits both physical and cybersecurity measures to be effectively put into practice.
As a multipurpose server running the Microsoft Windows Server® 2016 or Microsoft Windows Server® 2022 operating system, the Model H90 Foxboro DCS server supports hosting Foxboro DCS Control Core Services (Control Core Services) or Foxboro DCS Control Software (Control Software) workstations, historian, domain controller function, data acquisition, and processing related to a broad range of applications, file serving capabilities, and the display of graphics and text. It also interfaces with corporate communication networks.
These servers support a USB mouse or optional USB trackball, an optional USB speaker set, an alphanumeric keyboard, up to four USB annunciator keyboards including one optional annunciator keyboard with numeric keyboard, plus up to four video monitors.
The H90 can be configured with either 1 or 2 Intel Xeon® processors. A change to 600 GB drives allows a maximum hard drive capacity of 4.8 TB. Alternatively, Serial Attached SCSI (SAS) Hard Disks or Solid State Disks are preconfigured as a system disk, expansion disks, or RAID1 or RAID5 hard drive arrays. Client/server communications are accomplished using the TCP/IP networking protocol.
Features
The Model H90 Server for Windows Server 2016/Windows Server 2022 operating system features:
• A premium level system with high-end processor speed,16 GB of base memory, up to eight internal hard drives configurable as a Redundant Array of Independent Disks (RAID) with optional hot swappable spare drives, and redundant hot swappable power supplies
• The ability to host control stations and/or support data acquisition and monitoring functions
• Serves as a Control Core Services software or Control Software application platform and a human interface station
• The ability to support viewing Foxboro DCS applications from remote client stations over local area networks (LANs)
• The latest version of Veritas System Recovery software is included with each new server. However, the software is also available to be ordered as a separate part number to allow earlier versions of the servers to be upgraded to the latest version of Veritas System Recovery 23, if desired.
Network Connections
The Model H90 servers are connected to the Foxboro DCS Control Network (the Control Network) through dual Ethernet PCIe cards. It can also be simultaneously connected to one or more generic Ethernet based information networks via the four integrated Ethernet ports. Standard security practices should be followed when this is done.
Server Security
H90 Foxboro DCS servers support optional product features to allow customers to meet plant compliance for enhanced workstation security. Plant requirements for enhanced security can be met through a combination of new product security enhancements as well as current best practices, policies, and procedures.
Foxboro DCS server enhanced product security requirements are supported in two
broad categories, namely, server software including passwords and server platform
hardening.
Server software:
• Changeable login passwords
• Individual user passwords
• Password lock-out after a user-configurable number of unsuccessful login attempts and secured mechanisms to reset login
• Password aging that requires password change on a periodic basis
• Password support of alphanumeric and symbol characters as per Microsoft conventions
• Password file protection
• User accounts and firewalls for Microsoft Server 2016 and Server 2022 managed from a central location through Microsoft Domains and Active Directory
• User account creation, deletion, and modifications tracking
• User logon/ logoff tracking
• Least privilege file and account access
• Necessary system services running in non-admin accounts where possible
• Security patches from software suppliers, including Microsoft, are supported, plus patch status reporting
• Security by Local Group Policies to provide a layer of protection
• Enhanced security by Secure Boot feature
• Trellix Endpoint Security provides additional security enhancement features to
help complement the security features already built into our products. For stations
operating in Local Edition mode, Trellix Endpoint Security (ENS) provides
advanced Threat Prevention. For stations operating in Enterprise Edition mode,
Trellix ePolicy Orchestrator (ePO) provides all the security of ENS plus Rogue
System Detection, Application Allowlisting, Integrity Control and Device Control
for Data Loss Prevention (DLP). The license entitlement for the first five years
after purchase for all of the listed options is included for the H90 server. After the
five years, a renewal is required with the purchase of the Trellix five year license
(J0202AS) for each H90 server using any Trellix products.
Foxboro DCS server operating system hardening:
• Unnecessary services, software, and programs removed
• Unneeded software ports disabled
• Documentation on how to re-enable services and ports where required by special circumstances
• Security-related BIOS changes
The H90 Server ships with standard Microsoft® security software.
Installation Considerations
These new security enhancements are supported on Windows Server 2016 and Windows Server 2022 stations which support the Control Network and require a software update to the latest Foxboro DCS software release. The security enhancements can be deployed on a subset of servers to help increase security, but in order to maximize security protection, all workstations need to be updated to the
latest software release to obtain the full benefits. Current applications, such as Control HMI, can require logon using a Microsoft Domain Controller. A Foxboro DCS Server in the system as the Primary Domain Controller runs standard Microsoft domain services. A Secondary Domain Controller is recommended as a back-up, but not strictly required. The Foxboro DCS Control Core Services Enterprise Edition installation creates Schneider Electric specific Organizational Units, Security Groups, and Group Policies (see Foxboro DCS Security Implementation Guide (B0700HM) or Foxboro DCS Security for Windows 10 21H2 LTSC and Windows Server 2022 Implementation Guide (B0700WX)). Customization of the Domain Server configuration requires Microsoft knowledgeable personnel.
The Primary and Secondary Domain Controller servers are installed as Foxboro DCS servers. However, they must be dedicated to their domain controller tasks, and must not be used to run Foxboro DCS applications, or Remote Desktop Services. An exception to this rule is the Trellix ePolicy Orchestrator® which is allowed to execute on one of the Domain Controllers. Domain Controllers are key resources since they provide user authentication and security policy enforcement for all the workstations in the domain.
Product recommendations:
FOXBORO P0912CB
FOXBORO E69F-BI2-MS
FOXBORO P0926TM
FOXBORO P0916VC
FOXBORO P0903ZQ
FOXBORO P0400YE
FOXBORO P0926AH-B
FOXBORO P0400GH
FOXBORO AD916CC
FOXBORO AD908MF
FOXBORO P0800DV
FOXBORO SY-1025115C/SY-1025120E
Foxboro P0922YU I/A Series Control Module
Invensys Foxboro P0916KP0B
FOXBORO AD916A
FOXBORO FBM207C RH917G
GFD563A102 3BHE046836R0102
3BHE022294R0101 3BHE020356R0101 GFD233A
PPD113B01-10-150000
PPD512 A10-15000
PPD512A10-150000
IS220PPDAH1B – I/O Pack for GE PLC Systems
PPD113B03-26-100110 3BHE023584R2634
PPD113B01-10-150000 3BHE023784R1023
PPD512 A10-15000 Module for Industrial Automation Systems
More…
English
العربية
