TBoxMS Programming 2.13

February 2022
TBox-MS
Programming Guide
Version: 2.13
TBox-MS Programming Guide
The document contains confidential and proprietary information of Ovarro SA and must be kept strictly confidential. It may not be
disclosed in whole or in part under any circumstances without the express prior written consent of Ovarro SA.
General enquiries or enquiries regarding Ovarro SA

permission for use of material contained in Dreve Richelle 161, Waterloo Office Park, E: sales@ovarro.com
this document should be addressed to: Building M, Box 35 T: +32(0)2 387 42 59
B-1410 Waterloo
Belgium
Registered Office: Drève Richelle 161, Waterloo Office Park, Building M, Box 35, B-1410 Waterloo, Belgium / La Belgique | Belgium (No.
RLE (Nivelles) 0886.847.541)
Version: 2.13 Page 2 of 218

Revision History
Version Date Description
2.13 28/01/2022 Logo Ovarro
Updated to TWinSoft 12.6
Version: 2.13
Author Reviewer 1 Reviewer 2 Reviewer 3 Approver

Jean Burton

Contents
IMPORTANT SAFETY INSTRUCTIONS ................................................................................................................... 10
ENVIRONMENTAL CONSIDERATIONS ................................................................................................................... 11
GENERAL PRECAUTIONS IN CABLING ................................................................................................................... 11
APPROVALS ......................................................................................................................................................... 12
PRESENTATION .................................................................................................................................................... 13
OVERVIEW OF TBOX MS POSSIBILITIES ................................................................................................................ 14
1 HOW TO USE THIS MANUAL? ......................................................................................................................... 15
1.1 WHAT IS IN THE MANUAL?.......................................................................................................................................... 15
1.2 WHAT IS NOT IN THE MANUAL? ................................................................................................................................... 15
2 THE HARDWARE CONCEPT ............................................................................................................................ 16
2.1 THE RACKS ............................................................................................................................................................. 16
2.2 THE CARDS ............................................................................................................................................................. 17
3 INSTALLATION OF TWINSOFT .......................................................................................................................18
3.1 SYSTEM REQUIREMENTS............................................................................................................................................ 18
3.2 CONTENT OF THE USB STICK ..................................................................................................................................... 19
3.3 PROGRAMS OF ‘TWINSOFT SUITE’ .............................................................................................................................. 21
4 STARTING TWINSOFT .................................................................................................................................... 22
4.1 WIZARD.................................................................................................................................................................. 23
4.2 COMMUNICATING WITH TBOX MS .............................................................................................................................. 25
4.3 PC COMMUNICATION SET UP ..................................................................................................................................... 25
4.3.1 Communication possibilities of TWinSoft ......................................................................................................... 26
4.3.2 IP setting of PC .............................................................................................................................................. 26
4.3.3 IP setting of TWinSoft .................................................................................................................................... 28
4.4 FACTORY IP ADDRESS - CHANGING IP ADDRESS ............................................................................................................. 30
4.5 TESTING COMMUNICATION ........................................................................................................................................ 31
4.6 RESET OF TBOX MS ................................................................................................................................................ 32
4.7 GLOBAL RESET OF TBOX MS .................................................................................................................................... 32
4.7.1 MS-CPU16 : Global Reset Configuration .......................................................................................................... 32
4.7.2 MS-CPU32(-S2) : Global Reset Configuration .................................................................................................. 33
4.7.3 Working Modes Available with Toggle Switch .................................................................................................. 33
4.8 LED « RUN » ......................................................................................................................................................... 33
4.8.1 MS-CPU16 ..................................................................................................................................................... 33
4.8.2 MS-CPU32(-S2) .............................................................................................................................................. 34
4.9 SENDING ‘OPERATING SYSTEM’ .................................................................................................................................. 35
4.10 SAVING AND SENDING A PROGRAM ............................................................................................................................. 35
4.10.1 Saving a document – Backup document .......................................................................................................... 35
4.10.2 Compiling an application ................................................................................................................................ 36
4.10.3 Test of Memory .............................................................................................................................................. 36

4.10.4 Sending an application ................................................................................................................................... 37

5 INTRODUCTION TO PROGRAMMING.............................................................................................................. 38
6 RTU PROPERTIES .......................................................................................................................................... 39
6.1 GENERAL PROPERTIES............................................................................................................................................... 40
6.2 ADD-ONS................................................................................................................................................................ 41
6.3 PROTECTION ........................................................................................................................................................... 41
6.4 IP SECURITY ............................................................................................................................................................ 42
6.4.1 Firewall .......................................................................................................................................................... 42
6.4.2 HTTP Session Authentication ......................................................................................................................... 42
6.4.3 HTTPS ........................................................................................................................................................... 42
6.4.4 SSH ............................................................................................................................................................... 43
6.4.5 Certificates .................................................................................................................................................... 43
6.4.6 Security Wizard .............................................................................................................................................. 44
6.5 INFO PROPERTIES ..................................................................................................................................................... 48
6.6 ADVANCED ............................................................................................................................................................. 49
6.6.1 Start/Stop ...................................................................................................................................................... 49
6.6.2 Alarms ........................................................................................................................................................... 51
6.6.3 Sampling Tables ............................................................................................................................................. 54
6.6.4 Temperature .................................................................................................................................................. 56
6.6.5 ModBus Transactions ..................................................................................................................................... 56
6.6.6 Ports .............................................................................................................................................................. 57
6.6.7 TCP/IP ........................................................................................................................................................... 58
6.6.8 Environment variables .................................................................................................................................... 59
6.6.9 Power Fail ...................................................................................................................................................... 60
6.6.10 Web and Report ............................................................................................................................................. 61
6.6.11 Plug&Go ........................................................................................................................................................ 61
6.6.12 Security ......................................................................................................................................................... 62
7 RESOURCES ................................................................................................................................................. 64
7.1 THE CPU CARD ....................................................................................................................................................... 64
7.1.1 Communication Ports of the CPU .................................................................................................................... 65
7.1.2 Communication ports tabs .............................................................................................................................. 65
7.1.3 Serial ports..................................................................................................................................................... 65
7.1.4 Ethernet ........................................................................................................................................................ 66
7.2 ADDING CARDS........................................................................................................................................................ 66
7.2.1 Adding an I/O card ......................................................................................................................................... 68
7.2.2 Adding a PSTN Modem Card .......................................................................................................................... 69
7.2.3 GSM modem .................................................................................................................................................. 70
7.2.4 USB ............................................................................................................................................................... 75
7.3 COMMUNICATION VARIABLES .................................................................................................................................... 79
7.3.1 Digital Communication Variable ...................................................................................................................... 79
7.3.2 Analog Communication Variable ..................................................................................................................... 81
7.4 SYSTEM VARIABLES .................................................................................................................................................. 83
7.4.1 Digital System Variables ................................................................................................................................. 83
7.4.2 Analog System Variables ................................................................................................................................ 86
7.5 TIMERS & COUNTERS................................................................................................................................................ 92
8 TAGS & VARIABLES ....................................................................................................................................... 93

8.1 PHYSICAL I/O .......................................................................................................................................................... 94

8.1.1 Analog I/O ..................................................................................................................................................... 95
8.2 INTERNAL VARIABLES (REGISTERS) ............................................................................................................................. 96
8.2.1 Digital Internal Variable .................................................................................................................................. 96
8.2.2 Analog Internal Variable ................................................................................................................................. 97
8.2.3 Text Internal Variable ..................................................................................................................................... 98
8.3 MODBUS ADDRESS................................................................................................................................................... 99
8.3.1 ModBus address of System Variables .............................................................................................................. 99
8.4 TAGS - PRESENTATION / WRITE ................................................................................................................................ 100
8.5 RUN TIME PARAMETERS .......................................................................................................................................... 101
8.5.1 Modbus Device ............................................................................................................................................. 101
8.5.2 Alarm Parameters ........................................................................................................................................ 101
8.5.3 Datalogging Parameters .............................................................................................................................. 102
8.5.4 IP Parameters .............................................................................................................................................. 102
8.5.5 Communication Port Parameters .................................................................................................................. 104
8.5.6 RTU Properties ............................................................................................................................................. 105
9 IP PARAMETERS .......................................................................................................................................... 106
9.1 ISP CONFIGURATION............................................................................................................................................... 107
9.2 FTP(S) SERVER ..................................................................................................................................................... 108
9.3 SFTP SERVER........................................................................................................................................................ 109
9.4 SMTP(S) SERVER .................................................................................................................................................. 110
9.4.1 About SMTP Redundancy ............................................................................................................................. 110
9.5 POP3 SERVER ....................................................................................................................................................... 111
9.5.1 Alarm Acknowledgment through POP3 ......................................................................................................... 112
9.6 NTP SERVER ......................................................................................................................................................... 113
9.6.1 Time accuracy .............................................................................................................................................. 113
9.7 DYNDNS.............................................................................................................................................................. 114
9.7.1 How to configure DynDNS in TBox ................................................................................................................ 115
9.8 VIRTUAL SERVER .................................................................................................................................................... 116
9.9 IP BRIDGE ............................................................................................................................................................. 117
9.9.1 Introduction ..................................................................................................................................................117
9.9.2 Configuration ................................................................................................................................................117
9.9.3 Example with MS-CPU32X. .......................................................................................................................... 120
9.9.4 Sending Configuration through a Bridge ........................................................................................................ 121
9.10 HTTP SERVER ....................................................................................................................................................... 122
9.11 TCONNECT SERVER ................................................................................................................................................ 124
9.12 TRACE LOG ........................................................................................................................................................... 125
9.12.1 Diagnostics .................................................................................................................................................. 126
10 IP SECURITY ............................................................................................................................................. 128
10.1 VPN .................................................................................................................................................................... 128
10.1.1 Introduction ................................................................................................................................................. 128
10.1.2 How does OpenVPN work ? .......................................................................................................................... 128
10.1.3 Connection to TConnect ............................................................................................................................... 131
10.2 FIREWALL ............................................................................................................................................................. 132
10.2.1 Firewall “Input” ............................................................................................................................................ 132

10.2.2 Firewall “Forward” ....................................................................................................................................... 134

11 ALARMS ................................................................................................................................................... 136
11.1 INTRODUCTION ...................................................................................................................................................... 136
11.1.1 The Alarm Stack ........................................................................................................................................... 136
11.1.2 The Event Stack (or Alarms table) ................................................................................................................. 136
11.2 DIGITAL ALARM CONDITION..................................................................................................................................... 137
11.3 ANALOG ALARM CONDITION.................................................................................................................................... 139
11.4 RECIPIENTS ........................................................................................................................................................... 141
11.5 GROUP OF RECIPIENTS ............................................................................................................................................ 144
11.6 MESSAGES ............................................................................................................................................................ 144
11.6.1 SMS coding .................................................................................................................................................. 145
11.6.2 Value of Tag in a message............................................................................................................................. 145
11.6.3 IP address in a message ................................................................................................................................ 146
11.7 ALARM TIMETABLES ............................................................................................................................................... 146
11.7.1 Time Slices ................................................................................................................................................... 146
11.7.2 Holidays ...................................................................................................................................................... 146
11.7.3 Timetables ................................................................................................................................................... 147
11.8 ALARMS TABLE ...................................................................................................................................................... 148
12 READSMS/POP3 EMBEDDED .................................................................................................................... 149
12.1 INTRODUCTION ...................................................................................................................................................... 149
12.2 ACKNOWLEDGMENT OF AN ALARM BY SENDING DATA TO THE RTU ................................................................................ 150
12.2.1 Message sent by TBox .................................................................................................................................. 151
12.2.2 Acknowledgment by sending a SMS .............................................................................................................. 151
12.2.3 Acknowledgement by sending an e-mail........................................................................................................ 151
12.3 CONTROLLING THE RTU USING SMS MESSAGE OR POP3 ............................................................................................. 152
12.3.1 Using pre-defined messages(-) ...................................................................................................................... 152
12.3.2 Writing Tag with Direct addressing ( W ) ....................................................................................................... 153
12.3.3 Writing Tag with Indirect addressing – analog ( N ) ....................................................................................... 153
12.3.4 Writing Tag with Indirect addressing - digital ( D ) ......................................................................................... 153
12.3.5 Access Protection ( P ) .................................................................................................................................. 154
12.3.6 Acknowledgment (A) .................................................................................................................................... 154
12.3.7 SET a digital Tag ( S ) ................................................................................................................................... 154
12.3.8 RESET a digital Tag ( R )............................................................................................................................... 155
12.3.9 Writing minutes since midnight into a register ( h ) ........................................................................................ 155
12.4 AUTOMATIC UPDATE OF A RECIPIENT’S TELEPHONE NUMBER ........................................................................................ 155
12.5 READSMS STATUS ................................................................................................................................................. 156
12.6 GET MESSAGE IN TEXT TAG ..................................................................................................................................... 157
13 DATALOGGING ........................................................................................................................................ 158
13.1 INTRODUCTION ...................................................................................................................................................... 158
13.2 THE CHRONOLOGIES ............................................................................................................................................... 160
13.2.1 Digital chronologies ...................................................................................................................................... 160
13.2.2 Analog chronologies ..................................................................................................................................... 160
13.3 THE SAMPLING TABLES............................................................................................................................................ 161
14 MODBUS TRANSACTIONS ........................................................................................................................ 163

14.1 INTRODUCTION ...................................................................................................................................................... 163

14.2 CREATING A REMOTE DEVICE ................................................................................................................................... 163
14.3 CREATING A MODBUS TRANSACTION ........................................................................................................................ 164
14.4 MODBUS TRANSACTIONS ADVANCED FEATURES ........................................................................................................ 166
14.4.1 Diagnostics .................................................................................................................................................. 166
14.4.2 Compatibility ............................................................................................................................................... 167
14.5 MODBUS TRANSACTIONS THROUGH DIAL-UP MODEM .................................................................................................. 168
14.6 TIMING CONFIGURATION OF MODBUS TRANSACTIONS ................................................................................................. 169
15 PERIODIC EVENTS .................................................................................................................................... 170
16 PROTECTION (ACCESS SECURITY) ............................................................................................................ 172
16.1 ACCESS PROTECTION ON COMMUNICATION PORTS ..................................................................................................... 172
16.1.1 ModBus access protection ............................................................................................................................ 172
16.1.2 Access Protection for TConnect ..................................................................................................................... 174
16.1.3 ReadSMS protection..................................................................................................................................... 174
16.1.4 HTTP protection ............................................................................................................................................175
16.1.5 ModBus TCP protection on socket ................................................................................................................. 176
16.1.6 Brute Force protection ...................................................................................................................................177
16.1.7 FTP protection...............................................................................................................................................177
16.1.8 Advanced IP configuration .............................................................................................................................177
16.2 DOCUMENT PROTECTION ........................................................................................................................................ 177
16.2.1 TWinSoft Document Protected ..................................................................................................................... 178
16.3 PASSWORD UTILITY ................................................................................................................................................ 178
16.4 LOGIN/LOGOUT ..................................................................................................................................................... 179
16.4.1 With TWinSoft ............................................................................................................................................. 179
16.4.2 With Browser ............................................................................................................................................... 180
16.5 DEACTIVATING PROTECTION .................................................................................................................................... 180
16.6 DEACTIVATING PROTECTION OF TWINSOFT DOCUMENT ............................................................................................... 180
APPENDICES ...................................................................................................................................................... 181
A. LICENCES .................................................................................................................................................... 182
A.1. THE EVALUATION MODE ......................................................................................................................................... 182
A.2. THE DONGLE ......................................................................................................................................................... 182
A.3. THE CODE (LICENSE) .............................................................................................................................................. 182
A.4. THE TWINSOFT LITE ............................................................................................................................................. 182
B. TIME IN RTU ................................................................................................................................................ 183
B.1. TIME IN TBOX MS ................................................................................................................................................. 183
B.2. DATA LOGGING ...................................................................................................................................................... 184
B.3. SYSTEM VARIABLES ASSOCIATED ............................................................................................................................. 184
B.4. SUMMARY............................................................................................................................................................. 184
C. PLUG & GO .................................................................................................................................................. 185
C.1. PLUG & GO WITH SD CARD ...................................................................................................................................... 185
C.2. PLUG & GO WITH USB STICK ................................................................................................................................... 186
C.3. MENU OF TWINSOFT.............................................................................................................................................. 186
C.4. FILE SYSTEM.XML .................................................................................................................................................. 187

D. PACK & GO .................................................................................................................................................. 188

D.1. PRESENTATION ...................................................................................................................................................... 188
D.2. PACK.................................................................................................................................................................... 188
D.3. UNPACK ............................................................................................................................................................... 189
E. MODBUS REROUTING ................................................................................................................................. 191
E.1. PRESENTATION ...................................................................................................................................................... 191
E.2. ROUTING USING TWINSOFT..................................................................................................................................... 191
E.3. POSSIBILITIES OF ROUTING ...................................................................................................................................... 193
F. IP FORWARDING, NAT, VIRTUAL SERVER .................................................................................................... 194
G. TERMINAL MODE ......................................................................................................................................... 196
H. HTTP SESSION AUTHENTICATION ............................................................................................................... 198
H.1. CONFIGURATION IN TWINSOFT ................................................................................................................................ 198
H.2. THE DIFFERENT WAYS OF USING HTTP SESSION AUTHENTICATION ............................................................................... 199
H.2.1. HTTP Session Authentication using MainObject ............................................................................................ 199
H.2.2. Login Embedded in Identification Object ....................................................................................................... 201
H.2.3. Login htm page embedded in TBox ............................................................................................................... 203
H.3. SCRIPT FUNCTIONS................................................................................................................................................. 203
I. HANDLING CERTIFICATES TO A SERVER ...................................................................................................... 204
I.1. INTRODUCTION ...................................................................................................................................................... 204
I.2. CASE WHEN TBOX IS CLIENT .................................................................................................................................... 204
I.2.1. Creating the certificates................................................................................................................................ 205
I.2.2. Declaring certificates in TConnect ................................................................................................................. 205
I.2.3. Enabling validation of certificates in TWinSoft ............................................................................................... 206
I.2.4. Activating Validation During Connection to The Server .................................................................................. 207
I.2.5. Log In TBox .................................................................................................................................................. 207
I.2.6. Certification Revocation List ......................................................................................................................... 208
I.3. CERTIFICATE RENEWAL ............................................................................................................................................ 208
J. SIGNING THE APPLICATION ......................................................................................................................... 209
J.1. HOW DOES IT WORK? .............................................................................................................................................. 209
J.1.1. Implementation in TWinSoft ......................................................................................................................... 209
J.1.2. Adding the keys in Windows ......................................................................................................................... 210
J.1.3. Configuring Windows Registry ...................................................................................................................... 212
J.1.4. Update or Remove Certificate in TBox ........................................................................................................... 212
J.1.5. Removing the Signature of the Application .................................................................................................... 213
J.2. THE ERRORS ......................................................................................................................................................... 213
J.3. THE CASE OF PLUG&GO .......................................................................................................................................... 214
J.4. CERTIFICATE RENEWAL ............................................................................................................................................ 214
INDEX ................................................................................................................................................................. 215

Important Safety Instructions

Read and understand all instructions. Save these instructions.
• Read the instruction manual carefully before using the equipment and comply with the instructions that it contains to
avoid mistakes and to prevent any personal injury or damage to property.
• WARNING: It is mandatory that this equipment is earthed by the rack. Connect the crimp terminal ring to the earth
with a stranded wire between 1.5 and 2.5 mm² inclusively. The cable must be crimped consistent with rules of good
practice.
• Installation must be carried out by suitable, competent personnel, according to the steps and stated specifications
described in this manual.
• Use only the approved color-coded wires for connecting to mains. The green/yellow colored wire can be only used as
earth wire.
• This equipment has been designed for use only by qualified and instructed personnel in an industrial environment.
This equipment must be operated in a restricted access location according to IEC60950.
• It is Safety Class III equipment, according to IEC classification; this equipment must be powered by a Safety Extra Low
Voltage (SELV).
• This equipment has been designed to meet IEC60950-1 requirements (safety of information technology equipment)
• This equipment has been designed for indoor use in a Pollution Degree 2 environment (dry non-conductive pollution).
• The module must be fastened to the rack using a screw driver, with a recommended minimum torque of 0.5 Nm.
• CAUTION – Never power the module when not fixed on the rack. Switch off and disconnect power before removing
the module from the rack.
• Connection from the equipment to mains must be protected by a circuit breaker of 16 A on both line and neutral.
• CAUTION – To reduce the risk of fire, use only No. 26 AWG or larger telecommunication line cord.
• Do not use your TBox in a wet environment.
• Using this instrument in a way not specified by these instructions can impair the equipment safety. Do not operate
the instrument outside its rated supply voltage and environmental ranges.
• Do not open power supply unit. There are no user serviceable parts inside.
• Do not connect or disconnect any connector when powered.
• Protect your TBox from environmental hazards such as dirt, dust, food, liquids, excessive temperature, and sunlight
overexposure.
• Keep your TBox away from direct or excessive moisture or rain and extremely hot or cold temperatures to ensure that
the TBox is used within the specified operating range.
• CAUTION – Risk of explosion if battery is replaced by an incorrect type or is incorrectly installed. Be careful to insert
the battery with the right polarity. Dispose of used batteries according to the local regulations.
• This equipment is suitable for use in Class I, Division 2, Groups C-D
• WARNING: Do not open the box in explosive atmosphere
Canada
The TBOX MS must be mounted in a suitable protective enclosure, which incorporates means to allow for field wiring
connections in accordance with section 18 of the Canadian Electrical Code (CEC), Part I, where the suitability of the final
combination is to be determined by CSA or the Inspection Authority having jurisdiction.

Environmental Considerations
Battery Disposal
! CAUTION: There is a danger of a new battery exploding if it is incorrectly installed. Replace the battery only with the
same or equivalent type recommended by the manufacturer. Do not dispose of the battery along with household
waste. Contact your local waste disposal agency for the address of the nearest battery deposit site.
Your TBox uses a lithium coin cell battery. The lithium coin cell battery is a long-life battery, and it is
very possible that you will never need to replace it. However, should you need to replace it, see in
manual TBoxMS Technical Specifications for instructions.
General Precautions in Cabling

• To avoid electrostatic discharge, drain off electrostatic charges by touching a known earth immediately before
handling TBox, touching front plate toggle switch, connectors or cables.
• Ethernet cabling must be with Shielded SFTP cable to guarantee Class B immunity.
• Cabling of Inputs/Outputs, RS232 connections, GSM antennas cannot exceed 30m, neither leave the building
without surge protection.
• Cabling to DC power, PSTN modem and RS485 can exceed 30m.
• In case of DC power to a distribution network, it is mandatory to use a surge protection.

Approvals
SAFETY IEC 62368-1:2018
EMC EN 61000-4-2:1995 + A1:1998 + A2:2001 EN 61000-4-8:1993 + A1:2001

EN 61000-4-3:2002 + A1:2002 + A2:2005 EN 61000-4-11:2004
EN 61000-4-4:1995 + A1:2000 + A2:2001 EN 55011:1998 + A1:1999 + A2:2002
EN61000-4-5:2006 EN 61326-1:2006
EN 61000-4-6:1996 + A1:2000 + A2:2005
FCC CFR47: 2005 (Part15 Sub Part B)
EN55011: 1998 +A1, A2
CE Low Voltage directive: 2006/95/EC
Electromagnetic Compatibility Directive: 2004/108/EC
Shock & Vibration IEC 60068-2-6: Sine Sweep IEC 60068-2-31: Free Fall
IEC 60068-2-27: Shocks IEC 60068-2-64: Random Test
C-TICK ACMA N3413
A-TICK AS/ACIF S042.1:2006
AS/ACIF S042.3:2005
RoHS3 Amendment 2015/863
Class I, Division 2 CSA Std C22.2 No 0-M1991 - General Requirements – Canadian Electrical Code Part II
Gr. A, B, C, D - T4 CSA Std C22.2 No 142-M1987 - Process Control Equipment
CSA Std C22.2 No 213-M1987 – Non Incendive Electrical Eqpt for Use in CI, Div 2 Hazardous Loc.
UL 916 (4th Edition) - Energy Management Equipment
ANSI/ISA–12.12.01–2007 – Non incendive Electrical Eqpt. for Use in CI and II, Div 2 and Cl III, Div 1
and 2 Hazardous (Classified) Locations
CAN/CSA C22.2 No. 60950-1-07 - Information Technology Eqpt – Safety – Part 1: General Rqmts
ANSI/UL 60950-1, 2nd Edition - Information Technology Equipment – Safety – Part 1: General
Rqmts

Presentation
The ‘all-in-one’ concept of TBOX MS
CYBER SECURITY
WEB SERVER
Firewall, SSL, OPenVPN,
Control and Monitoring Brute force attack protection, …
using PC, Smart phone,
tablet, …
IP INTERFACE ALARMS
SMS, e-mail, FTP,
SMTP, HTTP, FTP, …
Pictures, …
IP forwarding, Router,
Gateway, …
COMMUNICATION DATALOGGING
Chronologies (SoE)
Ethernet, GSM, RS485 …
Sampling Tables
ModBus, SNMP, …
IEC-60870, DNP3, …
PLC
Ladder (IEC 1131-3) BASIC

Overview of TBOX MS possibilities
Consulting
process through
HTM pages
Programming :
locally or
remotely
Browser on PC, TWinSoft

Tablets, Smart
Phones, …
Sending of
Alarms
HTM
Page e-mail, SMS, report, …
HTM
Page
HTM Communication
Page to a remote site
HTM RS485, Ethernet, GSM, …
Page
WEB Server
Retrieving data
remotely, Consulting Process Process
process
Data
logging
Retrieving
data locally
TConnect, SCADA,
TView, …

1 How to Use This Manual?

1.1 What is in the manual?
This manual constitutes the essential of TWinSoft programming for TBOX MS. All along the manual, we discuss about
TBOX MS which corresponds to MS-CPU32-S2, most of the time…
The “on line” help of TWinSoft will also guide you more precisely again in each configuration.
It first introduces to the hardware concept of TBOX MS.
Then it brings you to the programming of TBOX MS using TWinSoft. All features are explained using plenty of snapshots for
an easy understanding.
➢ Starting TWinSoft ➢ chapter 4
➢ Properties of TBOX MS ➢ chapter 6
➢ Resources ➢ chapter 7
➢ Tags ➢ chapter 8
➢ IP Services Configuration ➢ chapter 9
➢ IP Security Services ➢ chapter 10
➢ Alarms ➢ chapter 11
➢ ReadSMS ➢ chapter 12
➢ Datalogging ➢ chapter 13
➢ ModBus Transactions ➢ chapter 14
➢ Periodic events ➢ chapter 15
➢ Access Security ➢ chapter 16
All technical specifications of the different models of TBOX MS and cablings are presented at the end of this manual.
Information related to Licenses is available in Appendix A.

All along this manual, I warn you: “Read the manual!”
All along this manual, I inform you with Notes and Remarks: “What a nice manual!”
1.2 What is not in the manual?

Rack and Cards installation, technical specifications and cabling of the cards are described in another manual:
TBox-MS – Technical Specifications & Cabling.
One major topic you will not find in this manual concerns the Logic Programming. TBOX MS supports BASIC and Ladder
languages for developing any advanced process. These languages are detailed in another manual: BASIC and LADDER for
TBOX
Another important feature, which is not presented into this manual, concerns the development of HTML pages, to use
TBOX MS as web server. This subject is explained in on-line help of WEBFORM STUDIO 2.0.
Another software part of the TWinSoft Suite is Report Studio, for creating e-mail report or files to send. It is explained in the
‘On line’ help of Report Studio.

2 The hardware concept

TBOX MS is a Modular System.
A RTU TBOX MS is built up using Racks and Cards.
Depending on your needs in communication(s) and in Inputs/Outputs, you select the cards required.
2.1 The Racks
Racks are made in aluminum alodined, giving a

very good electrical conductivity and
equipotentiality.
There are 5 models of Racks:
➢ 3 slots
➢ 5 slots
➢ 10 slots
➢ 15 slots
➢ 20 slots

2.2 The Cards
Cards are formed of a PCB mounted in aluminum

enclosure which assures the best shielding
against receiving and emitting noise (radio
emission, electromagnetic interference, …)
Bare aluminum inside the enclosure and on the

edges assures a good contact for the ‘ground’
signal of the PCB between the Card and the Rack.
There are several Card models:
➢ Power supply
➢ CPU
➢ Communication ports
o GSM
o RS232/RS485
o Ethernet
o …
➢ Input/output
o Digital inputs, outputs
o Analog input
o Analog outputs
o Combination of digital/analog I/O
o …

3 Installation of TWinSoft
3.1 System requirements
Hardware PC running Windows. 32 bits or 64 bits.
Memory 32 MB minimum.
Hard Disk 350 MB required plus the application files.
Display VGA, SVGA with a minimum resolution of 1024 x 768.
Mouse Any Windows compatible mouse.
USB Port Required in case of license with dongle for ‘USB’ port and/or to communicate with
TBOX MS through USB.
Serial Port Required for a local connection to TBOX MS . If no serial port available, you can use
USB or Ethernet on PC.
Ethernet Port 10/100 Mbps required for a connection to TBOX MS through a LAN
Modem To access TBox through dial-up connection from any modem properly configured in
Windows.
Operating System Windows 2008, 7, 8, 10
32bits or 64 bits
To Browse TBOX MS
Working with WebForm 2.0, any browser or smart phone supporting SVG and Ajax can be used. Note that a minimum
version of browser and smart phone is required (see “help” in WebForm Studio 2.0).

3.2 Content of the USB stick

When you receive a TWinSoft license, you receive a USB stick.
The USB stick of the Suite TWinSoft Suite includes also the following software’s accessible from the
setup:
TWinSoft 12.xx
TWinSoft is a Suite of software required for developing an application for TBOX MS . The basis for configuring a TBOX MS
application is explained in this manual.
Installation of TWinSoft includes:

• WebForm Studio 2.0: HTML editor producing WebForm 2.0 HTML pages dedicated to the TBOX MS .
Technology based on SVG, AJAX and JSON.
• Report studio: Report editor dedicated to TBOX MS
• WebForm Studio 1.0 and WebForm Viewer: HTML editor and viewer for legacy HTML pages based on
ActiveX. This has been replaced by WebForm 2.0 and AJAX technology

WebForm Viewer This setup contains the ‘ActiveX’ used with legacy HTML page used to display dynamic
objects dedicated to the RTU. It must be installed on the PC used by operators using IE to
display legacy HTML pages. In such case, TWinSoft Suite is not required; only the ActiveX
needs to be installed.
(It is highly recommended to use WebForm Studio 2.0 in new project based on
TBOX MS .)
TConnect TBox Devices Manager. To connect easily to TBox, to centralize connection to TBox and
update of configurations.
TBox Drivers List of add-ons available. Mostly communication protocols (IEC-60870, DNP3, SNMP, …
Hardware Dongle Driver If using a TWinSoft hardware license, (through USB dongle) you have to install a dedicated
USB driver.
TView TView is a data aggregator software. It collects TBox data using “pull” or “push”
technologies. Data can be displayed in chart, list and synoptic (using WebForm 1).
TBox Mail This software is used to display a Chart view from data logging attached to e-mail. To store
data in a global database, you should use TView (call your local distributor).
(Administrator credentials is required during installation.)
Documents All documentation related to TBox is available.
Explore the USB stick You will find on the USB many information related to TBOX MS and accessories:
datasheets, manuals, add-ons.
Administrator credentials is required during installation

3.3 Programs of ‘TWinSoft Suite’

During installation of TWinSoft, a group of programs is created where TWinSoft can be started from.
Other programs and menus (Found on Semaphore folder):

• Accessories: group containing the utility ‘Password generator’ and ‘Reset User preferences’: reset of registry
information to restore the default configuration of TWinSoft.
• Documentation: group containing the various documents associated to TWinSoft and RTU.
• Samples: group with TWinSoft documents installed as example.
• Report Studio: to create reports dedicated to TBOX MS . It can also be started directly from TWinSoft and the list of
“Web and Reports”.
• TWinSoft: to start TWinSoft.
• WebFormStudio 2.0: HTML editor based on SVG, JAVA and XML. It is advised to start it directly from TWinSoft and the
folder of “Web and Reports files”.

4 Starting TWinSoft
I am the Wizard of TWinSoft!
When you start TWinSoft the first time, or when you create a new document, I
help you with some basic configurations.
The use of TWinSoft is free, but sending of a program to TBOX MS is protected. For more
info about Licenses go to Appendix A at the end of this manual.

4.1 Wizard
The “New Document Wizard” helps you getting started with a new application by gathering information about your
hardware and some basic configuration.
Except for the “Type of RTU”, settings can be modified latter from the “RTU properties” {XE “RTU Type”}
Free name of the RTU (max. 11 char.)
ModBus Station address (1...254)
Sub address (0...255)
IP configuration of Ethernet

This window helps you in configuring

the wireless IP connection:
• you select a model of GSM

• you type the APN provided by the
operator
• you type a PIN code
corresponding to the SIM card (if
activated)
This window helps you configuring a

Client OpenVPN link to TConnect
(The Device Manager service).
The TCP port 443 is

used to exchange
certificates with
TConnect using
encryption.

4.2 Communicating with TBOX MS

Once you have opened a document, either created a new one with the Wizard or opened an existing one, you can establish
the connection with your TBOX MS .
The possible communications are serial, Ethernet, USB or modem, according to the media used to connect to TBOX MS .
See details chapter 7.1.1 RTU Communication Ports.
• Serial: check the Baudrate you have given to the serial port in your application
(by default 9600, N).
• Ethernet: check the IP address you have given to your TBOX MS and that it is in the same subnet of the PC or
accessible to the PC.
• USB: Communication happens in TCP/IP. TBOX MS acts as a DHCP server and provides to the PC an IP in the
range 10.8.10.xxx. TBOX MS itself uses the IP address 10.8.10.1.
• Modem: check the tel. Number of TBOX MS .
4.3 PC Communication Set up

To communicate with the TBOX MS , you need to select a communication media on the PC.
From the main menu of TWinSoft: → Communication → PC Setup:
Example: Communication Through Ethernet
Example with a Ethernet communication:

default IP of TBox MS32: 192.168.1.99

4.3.1 Communication possibilities of TWinSoft

• Offline: this option avoid sampling TBOX MS
• Local: you select a serial port of the PC (typically RS232). The Baudrate must fit with the port of TBOX MS you are
connected to { XE “Serial:on PC” }.
• TCP/IP: to establish a communication in TCP/IP, typically through the Ethernet port of TBOX MS . TWinSoft will
establish a connection with the IP address specified in the ‘Ethernet’ port settings (see chapter 7.1 ‘CPU
resources’).
It is also possible to specify another IP address, for instance if communicating to the TBOX MS through GPRS.
(See details chapter 4.3.3 below) { XE "Ethernet:on PC " }
• USB: You intend to access TBOX MS through a USB port of your PC.
The USB driver is installed upon TWinSoft setup. Driver is available in ..\Program Files\Semaphore\TBoxUSB\
name TBoxUSBDriver.inf.
IP address of TBox is 10.8.10.1. { XE "USB:PC driver"}.
• Modem: to establish a remote connection to the TBOX MS . TWinSoft takes full advantage of Windows' built-in
modem support: simply install your modem in the control panel's Modems applet of Windows and you are
ready to call your TBOX MS . { XE "Modem:on PC" }.
You can develop your application without being connected to TBOX MS , but it will be mandatory to
send it to have the RTU running !
The program can be sent through any media: RS232, RS485, USB, Ethernet, modem, GSM, …
4.3.2 IP setting of PC
When communicating to TBOX MS through Ethernet, you have to make sure your PC is configured with fix IP. Go to
“Network” -> “Local Area connection” -> “IPv4 properties”:

In IPv4 properties, type IP setting in the same subnet as TBox:
Example of subnet:
172.25.110.xxx
255.255.255.0
In case you intend to change IP address of TBOX MS , you can define several IP addresses in Windows.
In IPv4 properties, click “Advanced...”, then “Add...” to add an IP address in the subnet corresponding to the current IP
address of TBox, or to the one you want to change TBOX MS to:

4.3.3 IP setting of TWinSoft

You may encounter three different situations requiring specific IP setting.
1. You program your TBOX MS through Ethernet and

you want to keep its IP address.
You select in the drop list of IP addresses the one

corresponding to the TBOX MS you are connected to.

2. You program your TBOX MS through Ethernet and

you have changed its IP address to another subnet
(as illustrated chapter 7.1.4).
You check out the option “Always use IP address of the

RTU” and you type the current IP address of the TBOX
MS you are connected to.
When TWinSoft has finished sending the program, it

adapts itself automatically to communicate with the
new IP address.
Make sure you have declared both subnets

in Windows (see chapter 4.3.2. above)
3. You don’t program your TBOX MS through a direct

Ethernet connection and you don’t want TWinSoft
to adapt to the Ethernet IP address
Example: you access your TBOX MS through ADSL or

GSM in IP mode.
You check the option “Don’t change IP address after

sending…” and you type the current IP address of the
port of RTU you are connected to, for instance the
GSM IP address.
When TWinSoft has finished sending the program, it

does not adapt itself to IP address of Ethernet of the
RTU.
This mechanism is mandatory when

sending a program through GPRS
You check “Don’t change TCP port…” when sending a program using a TCP port which is not the
one declared in the application. For instance when sending a program through a router which
does PAT (Port Address Translation)
{ XE “Factory IP address” } { XE “IP setting: RTU factory setting” }

4.4 Factory IP address - changing IP address

When you receive your TBOX MS from the factory, its IP setting is:
IP address: 192.168.1.99
subnet MASK: 255.255.255.0
To communicate using Ethernet, make sure your PC is configured in the same subnet as TBOX MS (see chapter 4.3.2.
above).
If you have changed IP address of TBOX MS to another subnet (as illustrated chapter 7.1.4) you must use the settings as
described point 2 above.
In case you have not declared the 2 subnets in your PC (as described in chapter 4.3.2. above), to restore the communication
do the following:
• Send program to TBOX MS . At the end of sending the RTU restarts with its new IP address. TWinSoft will lose
communication and will not be able to start TBOX MS .
• Change the IP settings of your PC to the same subnet as TBOX MS .
• Go to TWinSoft “Communication” -> “PC Setup” and check the IP address selected is the new one.
• Click “OK” and check in the status bar you are connected.
• Go to TWinSoft “Communication” -> “Running mode” -> “Start/Stop Program”.
When you don’t know the IP address of TBOX MS , you can set its communication setting to the factory configuration (see
chapter 4.6 below).

4.5 Testing communication

Once you have selected the media on the PC, you can test the communication.
From the main menu of TWinSoft: Communication → RTU identification:
Available information:
• Name of the RTU
• Type of Hardware
• Version of Operating System
• Status of the process
• ModBus address of the Station
• Sub-address of the Station
• Access level of the current user
• Date/Time in the RTU
• IP configuration of the Ethernet
• General information about the program
• Process cycle time
• Unique ID of the RTU

• MMC (SD card) information
The Status bar of TWinSoft displays the status of the connection:
The communication media used by the PC is indicated as well as the access level of your connection (see chapter 16
‘Security’).
If a connection cannot be established with TBOX MS , it might be because the configuration of its port does not fit with the
PC setup you use (different Baudrate, different IP address, protocol other than ModBus, …).
To set TBOX MS to a default configuration, you do a global reset (see next).

4.6 Reset of TBOX MS

Pushing toggle switch to “Reset” position restarts the program:
• Stack of alarms and events are erased.
• Datalogging is maintained.
• Tags with initial value are set to their initial value; others are maintained.
• Local Tags and timers are reset (status and value=0).
• Counters are maintained.
4.7 Global reset of TBOX MS

The Global Reset is used to set TBOX MS to a default, well-known configuration, in case it does not communicate
anymore. The program running in the CPU is stopped and TBOX MS runs on the Operating System.
This is very useful when you take a CPU from the shell and you have no idea how the port you want to communicate with is
configured.
The global reset is achieved using the toggle switch on the front side of TBOX MS .
Procedure:
• Push and maintain the toggle switch to “Reset” side
• The LED turns red for about ½ second
• Let the LED flash “green” 3 times
• Release the toggle switch
Global reset configuration:
The global reset mode is indicated by the LED flashing green at 0.5 Hz (instead of 2 Hz in RUN mode). In this mode, TBOX
MS is configured like as following:
4.7.1 MS-CPU16 : Global Reset Configuration
The Global Reset does not erase the current program. Doing a single reset will restart the program
Port Baudrate Protocol Station address IP address

COM1 (RS232) 9600,N,8,1 ModBus 1 -
COM2 (RS485) 9600,N,8,1 ModBus 1 -
COM3 (Ethernet) - MosBus/TCP 1 192.168.1.99 (1)
MS-PSTN, MS-GSM - ModBus 1 -
(1) as of OS 3.05.xxx

4.7.2 MS-CPU32(-S2) : Global Reset Configuration
Port Baudrate Protocol Station address IP address

COM1 (RS232) 9600,N,8,1 ModBus 1 -
COM2 (RS485) 9600,N,8,1 ModBus 1 -
COM3 (Ethernet) - MosBus/TCP 1 192.168.1.99
COM4 (Ethernet) - - 1 -
COM5 (USB) (1) - ModBus/TCP 1 10.8.10.1
MS-PSTN, MS-GSM - ModBus 1 -
(1) Not available on MS-CPU32; MSCPU32-S2 only
4.7.3 Working Modes Available with Toggle Switch

Pressing and maintaining the toggle switch to “Reset” position, the LED Run will flash. According to the number of flashes,
you can set TBOX MS to different working modes:
Flash # Mode Communication Protocol LED “Run”
1 Restart application As in application As in application 2 Hz
3 Program stopped Serial: 9600, N, 8, 1 ModBus-RTU ½ Hz
Ethernet: 192.168.1.99 ModBus/TCP
USB: 10.8.10.1 ModBus/TCP
Modem: available Firewall stopped
9 OS stopped, Serial: 9600, N, 8, 1 SSH, PING, TFTP ON - Green
LINUX running Ethernet: 192.168.1.99
No USB
No Modem
10 U-BOOT Serial: 9600, N, 8, 1 Text, TFTP ON - Red
Ethernet: see Monitor32
No USB
No Modem
4.8 LED « RUN »

This LED, next to the “Reset” toggle switch indicates the status of the CPU.
4.8.1 MS-CPU16
Status MS-CPU16
Program runs 2 Hz
Program stopped 0.5 Hz
Program “Failsafe” runs -
OS Stopped 8 Hz

4.8.2 MS-CPU32(-S2)
Status MS-CPU32 MS-CPU32-S2
Starting Bootstrap “PGM”: OFF (+- 10 sec.) “PGM”: red (1 flash)
Starting UBOOT “PGM”: OFF (+- 10 sec.) “PGM”: ON red (+- 1 sec.)
Starting LINUX “PGM”: OFF (+- 10 sec.) “PGM”: ON orange (+- 4 sec.)
Starting OS “PGM”: ON green (+- 4 sec.) “PGM”: ON green (+- 4 sec.)
After sending, installation of packages, “Ala/PGM alternatively “PGM”: toggle green/red
Plug&Go on SD card or USB stick
Program runs PGM: flashing at 2 Hz PGM: flashing at 2 Hz
Other Status:
Status MS-CPU32 MS-CPU32-S2
CPU Powered (Vin or MS-PSxxx) “On”: green “On”: green
Program stopped “PGM”: ½ Hz “PGM”: green ½ Hz
LINUX stopped “PGM”: OFF “PGM”: ON red
OS stopped “PGM”: ON green “PGM”: ON green
Factory program (“failsafe”) “PGM”: 8 Hz “PGM”: green 8 Hz
Alarm active “Ala”: 8 Hz “Ala”: 8 Hz
Error on the BUS “Err”: ON red “Err”: ON red
Loading program from SD card -> CPU “Err”: ON red “PGM”: toggle green/red

4.9 Sending ‘Operating System’

Operating System is the heart of your TBOX MS . It contains all features of TBOX MS .
In some cases you might have to change this operating system, when new features are available or a bug fix released.
From the main menu, “Communication”,

select “Send to TBox”.
Select the highest version in the list to take

advantage of latest features and
corrections.
4.10 Saving and Sending a Program

Like any Windows program, TWinSoft creates “Documents”.
A document corresponds to a TBOX MS application. Each of them must be saved using the Windows standard.
4.10.1 Saving a document – Backup document

Possibilities for saving a document:
• Use the icon of the main tool bar

• From the main menu use: ‘File’ → ‘Save’
• Use the accelerator keys <CTRL + S>
Saving a document creates a file with the extension ‘.tws’ which is your TWinSoft application.
But each time a TWinSoft project ‘.tws’ is opened successfully; it is saved in a back up file ‘.tbk’. If you encounter some
problem retrieving your ‘.tws’ file, you can just replace the ‘.tbk’ extension by ‘.tws’ and use the back up.
During development of the application, it can be sent at any time to TBOX MS , for testing purpose.
When sending an application to TBOX MS , it is first compiled and then sent, in the same sequence.

4.10.2 Compiling an application

Compilation converts the document into microprocessor code. To compile, you can:
• use the icon of the main tool bar

• use the accelerator key <F9>
The result of the compilation is available in the Results window. This window automatically pops up when there is a
compilation error but it can be opened manually:
• from the main menu: ‘View’ → ‘Results’
• using the accelerator keys <ALT + 2>
The Results window provides useful data: Information: indicated in black
Warning: indicated in bold dark green
Error: indicated in bold red
4.10.3 Test of Memory

The result window also displays a detail of the memory:
MS-CPU16 ROM proc.: 256 KBytes ROM flash: 500 KBytes RAM proc.: 20 KBytes RAM: 320 KBytes
Features Loader, OS, Application Ladde/BASIC (64 K) Application 64 KB: Chronologies
Sources, Web & Reports 256 KB: Sampling Tables
MS-CPU32 Flash: 16 MBytes SDRAM: 64 MBytes SRAM: 1 MBytes SD: Max. 2 GBytes
Features Boot Loader, LINUX; Running part of 768 KB: Datalogging 2 GB: Sampling Table
OS, Application, LINUX, OS and 256 KB: log file, Tags and Plug&Go
Sources, Web & Reports Application values backup

MS-CPU32-S2 Flash: 32 MBytes SDRAM: 64 MBytes SRAM: 1 MBytes SD: Max. 32 GBytes
Features Boot Loader, LINUX; Running part of 768 KB: Datalogging 2 GB: Sampling Table
OS, Application, LINUX, OS and 256 KB: log file, Tags and Plug&Go
Sources, Web & Reports Application values backup
4.10.4 Sending an application

In order to have TBOX MS running with the program you have developed with TWinSoft, you have to send it. You can use
any media to achieve it (RS232, modem, Ethernet, …).
Possibilities for sending a program:
• Use the icon of the main tool bar

• From the main menu use: ‘Communication’ → ‘Send program’
• Use the accelerator keys <CTRL + F9>
• The sequence for sending is Compiling + Sending.
• If a problem occurs during compilation, the sequence is stopped and the “Results” window pops-up (see above).
TBOX MS keeps running during sending. At the end of sending, there is a de-installation/re-installation
controlled by TWinSoft. In case communication is lost during this period, TBOX MS will still be available
with its IP address of the application.
DO NOT RESET TBOX DURING INSTALLATION AND START PROCEDURE

5 Introduction to Programming
TWinSoft uses the standard look and feel of “Windows Explorer”, with at the left side a list of folders and at the right side the
content of the folder selected.
Each Folder consists in a list of items.
For instance, the list of “Tags”, or in the ‘Alarms’ folder the list of “Recipients” or in the ‘Datalogging’ folder the list of
“Sampling tables”, …
The programming of TBOX MS application will be done in different steps:

• Configuring the RTU properties
• Configuring the communication ports and I/O's (from the ‘Resources’)
• Creating Tags
• Creating Programs using automation language Ladder and/or BASIC
• Creating Alarms
• Creating Datalogging
• Creating Remote Device and associated ModBus Transactions to exchange data as Modbus “Master”.
The sequence in which those tasks are executed is not fixed, but at least RTU properties, Resources and Tags should be
configured first, as being required for all other programming.
All these configurations are explained in the following chapters.

6 RTU Properties
Setting the properties of TBOX MS has never been so easy thanks to a set of comprehensive dialog boxes, available from
the main tool bar.
RTU properties can be accessed easily

by clicking this icon.
The RTU properties are divided into:
• General: the type of the RTU, station ModBus address, RTU location, size of the chronologies, …
• Add-ons: configuration of external software modules written in ‘C’, typically to communicate with advanced
protocols like DNP.3 and IEC-60870, or to execute specific task like AGA calculations.
• Protection: to activate protection on TWinSoft document, communication port, protocols, ...
• IP Security: to activate Firewall, HTTPS and change SSH password.
• Info: to type any info about your program, its different versions, …
• Advanced: for some features, advanced parameters are available: during start-up, when sending alarms, about
sampling tables, TCP/IP, …
• Runtime Parameters: to declare some properties as Tag, to change them dynamically.
Communication ports are configured from the ‘Resources’.
Configuration of TCP/IP services is done from the ‘Workspace’ and folder IP parameters.

6.1 General properties
RTU Type: The type of RTU you have selected with the Wizard. It cannot be changed!
Name: type a free name for TBOX MS . It will be displayed when doing a ‘RTU identification’ and used by the data
aggregator software, TView.
Maximum 11 characters.
Don’t use space.
As far as TView is concerned, don’t start the name with a number
ModBus address: with ModBus protocol, each device must have a Station number. It is its ModBus address.
Enter a number between 1 and 254 (default=1).
Sub address: if more than 254 x TBox must be installed in one project, you need to define a Sub address. As this is not
ModBus standard, it is only supported by ‘TComm.dll’ based software (TWinSoft, TView,… please call your
distributor for further information).
Enter a number between 0 and 255 (default=0).
OS version: when working Offline, it is the OS used to simulate the compilation.

By default it is the OS version associated to version of TWinSoft.
Telephone number: Configuration used by TWinSoft when it needs to dial TBOX MS .
Sizes: Number of records of Digital and Analog chronologies. Chronologies represent the “on event” method of
recording data in TBOX MS , also known as “Sequence on Event” recording (see chapter 13: Data logging).

Digital Chronology: max. 32 000 (Default=100).

Analog Chronology: max. 32 000 (Default=100).
Check memory available. See chapter 4.10.2 : Compiling an application
Time zone: The Time Zone where TBOX MS is installed.
Timestamped data are recorded internally in TBOX MS with universal UTC time (Universal Coordinated
Time). When data is generated from TBOX MS the latter uses this setting to convert UTC time into local
time.
See Appendix B : Time in the RTU for more information.
Summer/Winter: Allows automatic management of day light saving. This selection has to be made according to
the location where TBOX MS is installed.
See Appendix B : Time in the RTU
6.2 Add-ons
An add-on is a module written in ‘C’ that executes a dedicated task not embedded in Operating System.
Typically, it is communication to SCADA using protocols like DNP.3, IEC, OPC-UA, … or communication to PLC like Siemens
(ISO TCP) AB (Ethernet IP, DF1), OMRON, ...
Check add-ons availability at https://servicedesk.ovarro.com/servicedesk/
6.3 Protection
Access security is discussed at chapter 16.

6.4 IP Security
6.4.1 Firewall
TBOX MS embeds a Firewall.
Once activated it gives access to exception rules in folder "IP Security" -> "Firewall" (see chapter 10.2).
Once Firewall has been activated, make sure to define rules! In case you activate Firewall
without declaring any rules, all IP access to TBOX MS will be blocked.
• Doing a global reset, the rules are deactivated while TBox is in stop mode and access restored.
• Doing a stop from TWinSoft, the rules stay active, also when sending a program.
6.4.2 HTTP Session Authentication

This feature is detailed Appendix H.
6.4.3 HTTPS
HTTPS, with "S" for "secured", is an alternative to HTTP but protected with the use of SSL and TLS protocols. It provides
protection on data when accessing TBox as Web Server.
When the Browser connects to TBox, it must identify using a certificate or a key (see below)
6.4.3.1 Certificate
When the browser connects to TBOX MS using HTTPS, it must identify the server using a certificate.
Either you have a certificate, public or private. A public certificate is authenticated by Certified Authorities like Thawte,
Verisign, DigiCert, …
Or you don’t have a certificate. In this case you can generate one from TWinSoft. Click “Generate”.
It is generated using SHA 256 (Secure Hash Algorithm). If generated using OpenSSL, use “Server” certificate: <server>.crt
6.4.3.2 Key
Either you have your own key or you let TWinSoft generate the key (see above).
If generated using OpenSSL “Server” key: <server>.key
6.4.3.3 Generate
In case you do not have certificate or key, you can use TWinSoft to generate them (see above).
Fill with your company information

6.4.3.4 Disable HTTP

To extend protection, HTTP can be disabled; meaning only secure connection will be allowed.
6.4.4 SSH
SSH stands for "Secure Shell". It is a secured protocol you can use to access TBox in Console mode.
SSH requires a login.
As of OS 1.35, SSH login name can be changed in TBOX MS . You cannot use the name "root", which has highest privileges
and a full system access. This is not allowed.
With older Operating System, the fixed name used previously is still used, even when it appears differently in TWinSoft.
Accessing TBox using console software, like PuTTY, make sure you start it "As Administrator".
Depending on the Windows version, login might be rejected if not running as administrator.
6.4.5 Certificates
This list constitutes the TBox store of certificates. It can be used:
- When TBox is client connecting to a Server
For instance, connecting in SSL to a server, like sending mail to GMAIL in SMTPS.
By default when TBox connects to the server it does not check the authenticity of the certificate and "continues anyway" as
you can see in tracelog:
SMTPS: SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
- To protect the sending of the application: see chapter J, Signing an Application
- To receive certificates deployed by external sources: this can be from add-on OPC UA (as of ver. 1.05)
6.4.5.1 Enable certificates validation

Activating the option, TBox will require to know the certificate of the server it connects to.
You have two possibilities for declaring the certificates:
1. Adding certificates manually
See examples in Appendix I,

How to handle Certificates.
2. Adding the certificate automatically
Checking the option Include CA from local

machine store, all certificates available on
the PC running TWinSoft will be sent to
TBox. Depending on certificates available
on the PC this will use around 80 kbytes of
memory.

6.4.6 Security Wizard

With the opening of TBox to the IT world, it becomes crucial to reinforce access protection and data encryption.
A sequence of wizards helps you in configuring three features that are concerned by cyber security:
• Firewall
• HTTPS
• SSH
• Application Signature
When sending your application, you are informed on the status of those four features:
To modify one or more of them, click “Security Wizard”.
According to the features already configured, click next to carry on with configuration:

6.4.6.1 Firewall
You can activate the firewall (all incoming IP will be blocked) and define some basic exceptions to filter access to TBox.
More exceptions can be configured in TWinSoft folder “IP Security” → “Firewall” → “Input”.
Click “Next”.

6.4.6.2 HTTPS
HTTPS secures communication from a browser. It encrypts all communication from/to TBox.
Click “Next”
6.4.6.3 SSH
SSH protocol is used to access TBox in console mode, at LINUX level.
Click “Next”

6.4.6.4 Brute Force Attack Protection

IT can be customized from RTU properties -> Advanced -> Security.
Click “Next”
6.4.6.5 Enabling Application Signature

It can be customized from RTU properties -> Advanced -> Security.

Your TBox is secured.
6.5 Info properties

You can enter a version number, the name of the programmer and a description of your program.
This information is not sent to TBOX MS .

6.6 Advanced
6.6.1 Start/Stop
By Start-up we mean:
• Reset of RTU (HW or SW).
• Sending of Program
See also chapter 4.6 ‘Reset of TBox’
Under these conditions two mechanisms of the RTU can be customized:
START
Reset all physical outputs:

• When active, at start-up the RTU reinitializes the outputs to ‘0’. After that, outputs are monitored according
to the process.
• When not active, at start-up the outputs are maintained to their last status. After that, outputs are
monitored according to the process (default).
Wait start of condition: this feature relates to alarm condition.

• The mechanism of generating alarm is based on transition: the changing of a digital Tags or the overstepping
of an analog threshold.
• This option allows changing this rule at start-up:

With ‘Wait start of condition’ active:
With ‘Wait start of condition’ not active:

if the alarm condition is true at startup, an internal ‘start of alarm - auto-ack’ is generated. When the alarm
condition disappears, the alarm is generated.
Activate Plug & Go: Plug & Go feature allows storing the complete TWinSoft project into a SD card. See chapter TBox-MS
Technical Specifications.
To use the feature, check this option.
Cycle Time: The frequency at which the process cycle is executed can be adjusted from here.
The choices are:
– Full Speed (default). By default it is executed as fast as possible, with no delay between the cycles.
– 20, 50, 100, 250, 500 ms.
The current time of one cycle can be checked in the RTU identification window.
STOP
Reset All physical outputs at program stop: When this option is active, the RTU reinitializes the outputs to '0' at stop. This
is particularly useful if you want to reset the outputs when sending a new program, and you want to be sure they
stay at '0' during the sending and restarting sequence. After that, outputs are monitored according to the
process.
Disconnect ModBus address at program stop: All variables will have their ModBus address disconnected, which means
that external equipment accessing the RTU will receive communication error.
This feature has been implemented to allow a SCADA detecting immediately a TBox is stopped: as the ModBus
addresses are not available, the RTU stays in communication but returns an 'Exception' error.
Stop program with toggle switch stop: When this feature is active, you have to select the Tag corresponding to the toggle
switch 'Stop' in front of the CPU (See in the Resources -> CPU -> Group 1).
Pressing the toggle switch will stop the program (Process, Alarms, Datalogging, ModBus Transactions, ...)
NO other digital input than 'Stop' toggle switch can be used, but any internal digital register can.

6.6.2 Alarms
Event stack: Is a public stack, accessible by users, where alarms are available with date, time, recipient, message, status.
The Event stack can be displayed from the main menu: ‘Communication’ → ‘Retrieve from TBox’ → ‘Alarms’.
The object ‘Alarms’ used in a WebForm displays the Event stack. It corresponds also to the list of Alarms sent
to TView.
Alarm stack :Is an internal stack used to buffer alarms when there are several to handle at the same time or when the
communication port is not available or when retries are required.
SMTP From When receiving an e-mail from TBOX MS , the field ‘From’ indicates the origin of the e-mail. It accepts any text
and the following parameters:
• %station% : replaced by the name of the station (see General properties)
• %email% : replaced by the e-mail address of the RTU
Example: TBox_%station% <%email%> .
SMTP subject: When receiving e-mail from TBOX MS , the field 'Subject' can be dynamized like following:
When sending a message, the field ‘Subject’ contains the message.
In addition, it accepts any fix text and the following dynamic data:

• %email% : replaced by the e-mail address of the RTU

• %time% : the time of the RTU when the e-mail was generated
Example: Report TBox %station% - %time% :
When sending a report, the subject field contains the Title of the report (see Report Studio); title that can contain
the parameter %station% (see above)
GSM & Printer message: When TBOX MS sends SMS, you can add information to the message. This information is sent in
front of the message. You can type any text and the following parameters:
• %time% : the time of the RTU when SMS (or printing) was generated
• %condition% : It will result in an exclamation mark (!) in the message if the condition of the alarm is still
active when the alarm is sent.
End of Alarm prefix: Allows specifying a text that will be sent in front of the message, when the alarm condition ends, to
indicate it corresponds to the End of the alarm
Example: END:
Message sent when the condition ends: .
END: Level too HIGH
Check the total length of SMS message according to the coding used (TEXT or UCS-2) as explained
chapter 11.6.1 SMS coding.
Process alarm even when com. port not available: An alarm corresponds always to a communication (at the exception of
"Internal" alarms). When an alarm condition is activated, by default, it waits the availability of the com. port to be
handled (Ethernet cable connected, GSM present, PSTN line detected, ...). This can lead to problems in handling
escalation: if a media is not present, the alarm process will be stopped.
This option allows carrying on alarms, even when the port is not available.
Alarm filter on both transitions: This option allows computing the filter of alarm condition during both transitions: when
the Tag value goes to alarm condition AND when it leaves alarm condition.
This option will be applied to all alarm conditions.
This is particularly useful to filter interferences on inputs.
Delay alarm processing when recipient's time table not available: This feature is associated to the "Scheduling" and time
table attached to the recipient. If the time table is not active when the alarm is initiated, this feature provides 2
options:
• the alarm is auto-acknowledged (by default)
• the alarm is maintained in the alarms stack until the time table becomes active. The "Start" timestamp is the
one at the moment the alarm condition was generated.
Example: the alarm condition happens at 2:35 AM, but it is not an urgent alarm. It is an SMS meant to inform the
technician. The "recipient" is configured with a time table starting at 8:00 AM (corresponding to the technician
work shift). Therefore, the technician will receive the message at 8:00 AM, but with a timestamp of 2:35,
informing him when the event happened
Display alarm calls in alarm table: This feature is associated to the alarm condition sent to a group of recipients. When this
feature is active, the alarms table displays the event having initiated the alarm and all the calls generated (see
below).

Event stack displaying also alarm calls: Working with group of recipients, it is also possible to display each call with its
acknowledgment status:
• Message: message preceded by (*) means that it corresponds to a call

• Start: always Ack’ed
• Recipient: name of each recipient of the group
• End timestamp: timestamp corresponding to the end of the call
• End: acknowledgment status of the call: Not Ack; Ack'ed or Auto ack.
Display logon/logoff events in alarm table: Logon/Logoff are events logged when a user logs in on a communication port
which is protected.
These events can be removed from the list, to avoid events not being real alarms.
Check Alarm Inhibition after filter time: For each alarm condition, one can declare a filter before the alarm will be
computed. For each condition, an option "handling" allows inhibiting the alarm according to external
circumstances: flag Disala or power failure.
This option allows checking the inhibition condition after the filter has elapsed. This is particularly useful
working with “Power Failure” detection; the latter might be detected after the sensors have been in error which
will then generate an alarm. In such case, you declare a filter of some seconds on the alarm condition and check
this option; the alarm on the sensor will be inhibited properly in case of power failure.
Display time set events in alarms list:When one sets TBox time, the information is logged in the list of alarms. When there
are regular time settings it risks polluting the table with unwanted information.
By checking this option, you prevent time setting to be stored in the list of alarms.

6.6.3 Sampling Tables

This menu gives access to the parameters for long period recording in Sampling tables. (See chapter 13.3 : ‘Sampling
tables’).
These configurations
concern all sampling tables.
• Daily: When ‘daily’ is selected in sampling table, it is the time of the day the recording is executed.
• Weekly: When ‘weekly’ is selected in sampling table, it is the day of the week and the time the recording is
executed.
• Monthly: When ‘monthly’ is selected in sampling table, it is the day of the month and the time the recording is
executed.
Behavior in case of time Synch: Those options relate to the principle of recording sampling table in TBox: at each sampling,
TBox records the value but ONLY the timestamp of the LAST record. When sampling table is generated by TBox
(sending out a report or pulled from TWinSoft, TView, a SCADA, ...) timestamps are rebuilt based on the last
timestamp minus the period.
Example: sampling table with a period between recording of 1 minute

last record at 9:45:00
Then previous records at:
9:44:00
9:43:00
9:42:00
...

It means if you update the time of TBox, at next sampling it will use the current timestamp which means all
previous timestamps will be different from the original ones.
Example, the time is set ahead of 2 minutes. At 9:45:15, it is changed to 9:47:15.

At next recording, the last timestamp will be 9:48:00.
Then timestamps of previous records become:
9:47:00 -> previously at 9:45:00
9:46:00 -> previously at 9:44:00
9:45:00 -> previously at 9:43:00
...
Those features determine what mechanism will be used to "rebuild" previous timestamps:
• update timestamps "slowly"
• timestamp of last record updated to the current timestamp and therefore all previous records.
• delete sampling table.
Differentiate between big time gap and time synchronization: This option allows checking the time difference between
current and new time set (manually or by synchronization). Different options are possible depending whether this
option is checked or not. You still have the original mechanism that will update the timestamp each seconds or
you can update to the last record, or select a DELTA with associated action.
When the option “Differentiate...” is not checked, we have 2 choices:
• Fill Sampling Tables: current cases which update timestamp slowly (each second)
• Update timestamp of records: the time stamp of last record is updated, then automatically all records
When the option “Differentiate...” is checked, we can select a DELTA and an action. When the DELTA is > than
selected, the action is taken:
• Reset Sampling Tables: Sampling Tables are deleted
• Update timestamp of records: the time stamp of last record is updated, then automatically all records
Sampling Table on SD card: In some applications, the size of datalogging might be an issue, more specially Sampling Table
recording. Micro SD memory card can be used with TBOX MS to store Sampling Tables. The maximum size of
one table is not increased (max. 65535 records), but the quantity of tables can now be highly increased (max.
2000 sampling tables)
As the micro SD memory card can also be used for Plug & Go, an option allows you to activate Plug&Go (see
chapter 6.6.11 Plug&Go)
Sampling Table handling will be done seamlessly to the RAM and micro SD card. It will be on an application point
of view totally transparent, to send data by e-mail, to display data in WebForm, to retrieve data from TView, a
SCADA, ...
1. Keep in mind that the goal of datalogging is to retrieve data stored in the RTU.
The more data you store, the longer connections to the RTU will be, which can be an issue with GSM,
GPRS connections.
2. To avoid overwriting on the micro SD card (limited number of writings on Flash memory), data is
buffered in 4 kbytes buffer before it is stored on the SD. A very small risk exists of micro SD corruption
if you stop during writing to the card. We then advise to stop the RTU before switching it off or
resetting it. (Identical precaution on PC when removing a memory stick).
Fill Tables with "0": Sampling Tables mechanism records data based on the clock of TBox.
If the TBox is switched off for a period longer than the period of recording, it will miss data. Therefore TBox adds
automatically missing records.
By default, it fills records with the last known value.
Check this option to fill with value=0.

6.6.4 Temperature
For Temperature analog input (Pt1000), you can define a unit: Celsius, Fahrenheit or Kelvin.
The unit is the same for all inputs
6.6.5 ModBus Transactions

Reset the device Trigger only if success:
• When communicating as ‘Master’ using ‘ModBus Transactions’, a Trigger is switching communication to the
remote device (see chapter 14. ModBus Transactions).
• This Trigger activates the communication according to a ‘State’ or ‘Edge’. Working with ‘Edge’, the RTU
restores automatically the Tag after the transaction(s).
– With this option active: the Trigger is restored only when communication has been done successfully.
– Without this option: the Trigger is restored when all ModBus Transactions associated to the device have
been executed, with or without error.
Remote device inactivity delay: This option allows defining a quarantine delay when a Remote device is in communication
error.
Keep socket open: working with OS >= 1.35.374

When carrying on Modbus Transactions in Modbus/TCP, TBOX MS will use one TCP context per remote device.
Checking this option, the socket for each device will be kept opened, preventing overhead communication.
Working with OS < 1.35.374.

Only ONE is available socket available. Therefore, this socket is opened/closed at each execution of a list of
Modbus Transactions. When there is only ONE remote device, this option allows keeping the socket opened and
therefore improving the communication.
Allow Mixing of Analog Tags

As far as analog Tags are concerned in a ModBus communication, there are handled as 16 bits variables. Then
when communicating 32 bits or Float variables Modbus protocol will use two addresses.
As a standard then we cannot mix different formats of variable to avoid mixing data.
This option bypass this security when doing ModBus Master communication.
It means that in ONE transaction it is possible to access 16 bits, 32 bits and Float variables
Make sure variables are listed with identical format between Master and Slave:
32 bits with 32 bits, 16 bits with 16 bits, Floats with Floats
Make sure there is no gap between addresses

6.6.6 Ports
Each TCP/IP service has its own unique

TCP port. It provides a logical location
for the delivery of TCP data. TCP Port
number complies with a standard
defined by the IANA to be sure everyone
using a TCP service uses the same TCP
ports according to protocols used.
When working with TBOX MS , in some

cases, you might want to change this
port number.
HTTP(S): port used to access TBOX MS as WebServer. (by default= 80 & 443)
ModBus/TCP-Slave: port used by a ‘Master’ to access TBOX MS as ‘Slave’. (by default=502)
Changing of TCP port is automatically applied to 'WebForms 1.0' as it uses ModBus for data communication.
ModBus/TCP-Master: port used when TBOX MS is ‘Master’ to access a remote device (by default=502)
ModBus over TCP: port used by ModBus RTU encapsulated into TCP (by default= 7701)
ModBus over UDP: port used by ModBus RTU encapsulated into UD (by default= 49152)
FTP(S):port used by TBOX MS to send Files (by default=21).
SMTP(S): port used by TBOX MS to send e-mails (by default=25 & 587).
POP3(S): port used by TBOX MS to collect subject of e-mail (by default=110 & 995).
Modbus over TCP: ModBus over TCP is a ModBus RTU frame encapsulated into a TCP frame. Compared to ModBus/TCP, in
which there is no station address neither CRC. TCP port used by TBox MS to communicate in ModBus over TCP
(default=7701)
Modbus over UDP: ModBus over UDP is a ModBus RTU frame encapsulated into a UDP frame. Compared to TCP, it is faster
than TCP because it does not require any acknowledgement. With UDP, packets are just pushed without
verification. TCP port used by TBox MS to communicate in ModBus over UDP (default=49152)
SSH: used to carry on a secure connection, for instance to access LINUX in console mode. (default= 22)

6.6.7 TCP/IP
TCP/IP addresses for

incoming calls
Range of addresses used

during incoming calls. When
TBOX MS is dialed in by a
modem.
TBOX MS uses the first

address of the range and
applies the following to the
remote equipment.
Typically, this information is

needed when TBOX MS is
used as a Web Server, dialed
from a browser.
Avoid using addresses in the same range as the IP address defined for the LAN card of the PC used as
Browser.
TCP/IP miscellaneous
To access these features you have to enable advanced IP configuration (see chapter 16.1.8)
See also the sequence of configuration Appendix F.
Gives access to TCP/IP redirection:

• IP Forwarding
• NAT
• Virtual Server (configurable in IP Parameters as described chapter 9.8)
Once checking one of the above features, a login corresponding to the code typed when enabling advanced IP configuration
is required.
It corresponds to the login as described chapter 16.3.

6.6.8 Environment variables

The environment variables are used when particular configuration might be needed in external software. Available only
when sending historical data through .tma file.
Variable Value Description

TViewPath \path The path in which the station will be created when importing data in
TView.
The path is the relative path from the Project workspace of TView.
Example: with the Value: \Lines\10
Result in TView:
Longname Type any long name The name typed here will be used in TView, instead of the one
declared in the ‘General’ properties, which is limited to 8 characters

6.6.9 Power Fail

Working with an external 12 V backup battery, the RTU informs you when the main voltage is out of order and the RTU is
powered from the 12 V backup battery. An internal DI variable informs that the main power broke down.
Example with MS-230V:
From the list of DI available with the card, you Tag the one indicating the Power Fail.
From the RTU properties: →

“Advanced” → tab “Power Fail”
you select the Tag
corresponding to the Power
Failure (see above)
This power fail information will then condition the execution of alarm and chronology condition where you have specified a
handling associated to “Power Failure”: in case of power failure, alarm and chronology conditions will not be executed (see
chapters related to Alarm and Chronology conditions further in the manual).
In addition, the above Tag (in this example “PowerFail”) can be used to send an alarm and can be recorded into chronologies
(datalogging).

6.6.10 Web and Report

Check user's WebFormViewer version: This option concerns WebForm 1 only. (This service is not supported anymore.)
Unique Report file name format:

When sending a report by FTP, you have the choice of sending the report with ‘Unique file name’ (see
Report Studio → report properties → “Advanced”). In this case, the RTU includes supplementary
parameters in head of the name of the report.
Accepted parameters are:

%station% name of the RTU
%email% e-mail of the RTU
%time% complete date & time
%condition% ! (if alarm active)
%YY% year in 2 digits
%YYYY% year in 4 digits
%M%: month in 1 digit (if possible)
%MM% month in 2 digits
%MONTH% month in letters
%D% day in 1 digit (if possible)
%DD% day in 2 digits
%h% EU hour in 1 digit (if possible) Any supplementary text can be added
%hh% EU. hour in 2 digits as of OS >=1.38 the parameter %file% can be put at the
%H% US hour in 1 digit (if possible) beginning of the report name for example. the report will
%HH% US hour in 2 digits be generated with the extension at the end of the name.
%mm% minute in 2 digits Example: MyFile_20170310_105232.txt
%ss% second in 2 digits
%file% name of the report
%ampm% US time am/pm
~mytag~ value of Tag
Store Web Files on SD card: This option requires a SD card in TBox ...
When selected, only webfiles that have changed (based on a md5 signature on the files) will be updated
into TBox, upon TWinSoft sending of the application.
When used, the size of each file can be of max. 10 MB.
6.6.11 Plug&Go
Activate Plug&Go: Plug & Go is associated to the SD card. When Plug & Go is activated, the complete project including
webforms, reports, OS, ... is backed up on the SD card and loading upon CPU powering. Program is restored
when the program on SD card is different from the one running in the CPU.
This allows easy deployment and maintenance when CPU must be changed on field.
Global Tags Backup: To backup on SD card "Global Tags" periodically (see below), or using digital system variable [55 -
RuntimeBackup].
Tags are restored when the program on SD card is different from the one running in the CPU.
DB Backup: To backup on SD card "Sampling Tables and Chronologies" periodically (see below), or using digital system
variable [55 - RuntimeBackup]
DB are restored when the program on SD card is different from the one running in the CPU.
Backup and restore of Tags and DB are not applicable when doing a stop/start of the TBox or when
sending a new application. Only when putting SD card into a new CPU, it will restart with the image
of data backed up.
Period: Period for automatic backup of Global Tags and DB (see above) on a hour base period.

6.6.12 Security
As access security feature,

programming TBOX MS
through any port can be
disabled.
Brute Force Protection: Programming TBox can be disabled for each communication port individually. When the port is
disabled, Programming through TWinSoft is not available anymore through this port.
• Maximum Failures: number of unsuccessful attempts before a connection is blacklisted.
• Failures Interval: maximum interval in seconds between failed attempts. If no additional failures occur after
this time, the counter is reset.
• Blacklist timeout: when the number of failed attempts is reached, authentication is blocked for the specified
amount of time. Timer is restarted at each attempt (good or bad). This means there should have no attempt
during this timeout to allow new login attempt.
• When serial communication port is blacklisted, only authentication is blocked. It is still possible to read
data through this communication port.

• This would not prevent a SCADA communicating through a radio modem connected to a serial port of
TBox to still read data through this serial port, even if it has been attacked.
• In TCP (or UDP), the IP address is blocked for all authentications. One can still read data and open new
socket, but any new demand of authentication from the IP address will be blocked and timeout
restarted, even if login is correct. This limits the possibility of discovering a login.
• ModBus-RTU over TCP or over UDP is also protected.
• There is no report sent to a user who has been blacklisted. Any further authentication will fail as if
password was incorrect.
Information available in syslog:
Example: blacklisted for 30 seconds after 3 attempts:

Jan 24 11:39:49 tbox-cpu32 user.warn tbox[1602]: modbus: 172.25.110.31 auth failure for 'JEAN' (1)
Jan 24 11:39:55 tbox-cpu32 user.warn tbox[1602]: modbus: 172.25.110.31 auth failure for 'JEAN' (2)
Jan 24 11:40:00 tbox-cpu32 user.warn tbox[1602]: modbus: 172.25.110.31 auth failure for 'JEAN', blacklisted
for 30 seconds
Jan 24 11:41:37 tbox-cpu32 user.notice tbox[1602]: modbus: 172.25.110.31 auth succeed for 'JEAN'
Device Administrator: This login provide a “super user” level (level 4) when accessing TBox using HTTP APIs. See
documentation about TBox HTTP APIs for more information.

7 Resources
The resources represent the list of the hardware that your TBOX MS has to its disposal.
The TBOX MS is built with different modules (cards):

• A Power Supply
• A CPU
• Communication ports
• I/Os
If the CPU needs to communicate in ‘ModBus Master’ to another device (CPU, or an external ModBus device), the latter
must be declared as a Remote I/O card (see chapter 14: ‘ModBus Transactions’)
The Resources also contain 2 lists with System variables. Systems variables have pre-defined function (see chapter 7.4
‘System variables’)
7.1 The CPU Card

When starting a new document, TWinSoft creates automatically the CPU card corresponding to the selection in the wizard
(see chapter 4.1.).
The communication ports of the CPU with their associated configuration and the I/O of the CPU are part from the resources
of the CPU:
Example with MS-CPU32-S2
The CPU card is divided in several groups:
Example with Ms-CPU32-S2:

• Group 0 : communication ports
• Group 1: 2 x digital inputs: Sync. Input and STOP button input
• Group 2: 3 x digital outputs: Sync. Output, User LED red, User LED green
• Group 3: 2 x analog inputs: Input voltage at Vin (whenused), internal temperature

7.1.1 Communication Ports of the CPU

By selecting the Group 0 Communication ports in the workspace, you access each port individually.
7.1.2 Communication ports tabs

According to the type of communication port (RS232. RS485, modem or Ethernet), different tabs are available:
Parameters: general parameters (local or modem, Baudrate, Protocol).
DCV: Digital Communication Variables. Special variables with a pre-defined function (communication error,
modem online, …). (see chapter 7.3.1)
ACV: Analog Communication Variables. Special variables with a pre-defined function (time-out,
user ID, …). (see chapter 7.3.2)
Advanced: mainly ‘timing’ parameters required when CPU is ‘Master’ or ‘Slave’ in a ModBus communication.
TCP/IP: TCP IP configuration dedicated to the communication port, when available. .
To enter the configuration of the communication port, double click the port in ‘Group 0’.
7.1.3 Serial ports
Baudrate: 200…115200 bps
Data bits: 7 or 8
Parity: None, Odd, Even, Space,

Mark
Stop bits: 0, 1 or 2
Protocol:
ModBus (RTU/ASCII), Printer,
NMEA, SLIP
Example with COM1 – RS232

7.1.4 Ethernet
Obtain IP address: TBOX MS is connected to a DHCP server

providing its IP settings.
MS-CPU16 does not support DHCP
Use IP address: IP address: the IP address of the Ethernet of

TBOX MS (given by the network administrator).
Subnet mask: the subnet mask defined by the subnet the TBOX
MS will be included in (given by the network administrator).
Gateway: the IP address of the equipment on the LAN that

TBOX MS uses to access an IP address outside its subnet.
DNS: DNS Server is used to resolve 'Names' in 'IP address' (given

by the network administrator).
DNS can be set manually or acquired from a server when

available.
In case you use multiple Ethernet interfaces with your TBOX MS check they are configured in
different subnets
7.2 Adding Cards

All cards other than the CPU must be added in the ‘Resources’ folder: Power Supply, I/O cards and communication cards.
Starting a new document, the only card available is

the CPU.
You will add all cards corresponding to your
hardware into this list.

Example: Adding a MS-GSM-4G/LTE:
You then indicate its ID (software address)

see table below
TWinSoft does not detect the cards automatically. You have to add the cards manually, using the menu
"Add an I/O card"
Id number of the cards in TWinSoft vs. Slot in the Rack:
Type of Card Slot used in the Rack Address in TWinSoft

Power Supply (if used) If slot 0 1
Other slot Slot Id
MS-CPU (w/o redundancy) 0: when used without Power Supply Always 0
1: when used with a Power supply
MS-CPU32(-S2) (with CPU1: 0 Always 0
redundancy) CPU2: 1 Always 0
I/O card Any slot following the CPU Same as the slot index
Communication card
Example:

The order the cards are listed in TWinSoft has no importance.
7.2.1 Adding an I/O card

The Hardware is represented in TWinSoft with a hierarchy of 3 levels:
➢ CARD : CPU card, 16 DI card, COMBO card, Modem card …

➢ GROUP : when there are several types of I/O on a card, they are separated into groups: group of DI, group of
DO, group of AI …
➢ CHANNEL: each physical connection, within a group, corresponds to a channel.
CHANNEL
CARDS
GROUPS
When connected to a TBOX MS , the column ‘value’
displays the current value in the RTU, when the
channel has been declared as a Tag and sent to the
RTU.
When adding a Card, its ID number must correspond to its position in the Rack. Check the slot
index written in the Rack.
See examples in the manual “TBoxMS – Technical Specifications”, chapter 3.4.
See also technical details on I/O cards in the manual ”TBox-MS technical specifications”.

7.2.2 Adding a PSTN Modem Card

Each MS-PSTN card is composed of a modem and a serial port (RS232 or RS485). Technical specifications are available in
the manual” TBox-MS technical specifications”.
Once created, a ‘modem’

provides a Group 0 with
communication ports.
The numbering of communication ports starts after the communication ports of the CPU:
MS-CPU32, starts at COM4
MS-CPU32-S2, starts at COM8
The numbering is automatically incremented at each insertion of a communication card.
To enter the configuration of the modem,

double click the ‘modem’ port in ‘Group 0’
Example with COM8 – PSTN modem
Modem type: It cannot be changed. It corresponds to the modem of the card.
Initialization: The initialization string is sent at power up of the modem and after each connection.
You should not change it, but if changed, it is saved in the TWinSoft document.
Outside line prefix: if TBOX MS is placed behind a telephone switch (PABX), it is the number to get the outside line.
This prefix will be applied automatically each time TBOX MS dials out.
Default Initialization and prefix can be modified from the file ‘ModemProfiles.xml’.
Changes will be applied to all new document created.
Auto Answer: Number of rings after which the modem will go off hook.
Periodic Modem Reset: This feature allows resetting modem automatically when it is not in communication. When the
option is checked, the period between resets can be configured between 60minutes and 43200 minutes
(30days).It also resets the UART.
Debug Modem: (available with MS-CPU16). Allows displaying all communication flowing through the modem. Very
useful to debug a communication (see details in Appendix G.1.)

➢ Tab DCV: Digital Communication Variables

Dedicated variables, with a pre-defined function (communication error, modem online …) (see chapter 7.3).
➢ Tab ACV: Analog Communication Variables
Dedicated variables, with a pre-defined function (time-out, user ID …) (see chapter 7.3).
➢ Tab Advanced
Mainly ‘timing’ parameters required when modem is ‘Master’ or ‘Slave’ in a ModBus communication.
7.2.3 GSM modem

As an option, TBOX MS can be equipped with a GSM (2G, 3G or 4G).Technical specifications are available in the manual ”
TBox-MS technical specifications”.
In addition, each MS-GSM card is composed of a modem and a serial port (RS232 or RS485).
Once created, a ‘modem’ provides a Group 0 with communication ports:
The numbering of communication ports starts after the communication ports of the CPU:
MS-CPU32, starts at COM4
MS-CPU32-S2, starts at COM8
The numbering is automatically incremented at each insertion of a communication card.
The GSM modem can be used in 2 modes:

• as a “dial-up” modem, also known as CSD-DATA mode (available with model 3G only)
• in IP communication: GPRS,3G,4G, according to availability of the network
The main option IP (GPRS, 3G, …) determines the

working mode of the GSM:
CSD-DATA
OR
IP (GPRS, 3G…)

7.2.3.1 CSD-DATA settings
CSD mode is supported by GSM 3G: HiLo 3G or Gemalto-3E.
Modem Type
• Autodetected GSM: you let TBox detects itself the modem and the right configuration. It requires TBOX MS
to run OS firmware >=1.42.455.
It is mandatory for MS-GSM-3G, MS-GSM-3E, all 4G/LTE versions. For 2G version use manual configuration
(see next)
In case you want to run OS firmware < 1.42.455 or run a MS-GSM (2G), you have to select the model and its initialization
string (see below "Advanced"). Available models (Look at the side sticker the exact modem type):
• HiLo 3G : corresponds to MS-GSM-3G
• Gemalto-3E: corresponds to MS-GSM-3E
PIN Code: If the SIM card you have inserted requires a PIN code, type it here (max. 4 digits)
If you type the wrong PIN code, or you type a PIN code when the SIM card does not require one, there is
a risk of blocking the SIM card.
It must then be restored with the PUK code using a mobile.
Auto Answer: number of RINGS before the modem picks-up the line.
Disable ReadSMS: According to the modem or GSM service, it may not support incoming SMS (ASTRID, ...). Therefore, to
avoid the modem state machine to be disturbed accessing a service not supported by the SIM card, the reading
of SMS has to be disabled.
Periodic mode reset: This feature allows resetting modem automatically when it is not in communication, or not busy with
the event of an alarm. This is important especially with GSM modem in case it not available anymore and cannot
send data or be accessed anymore.
It is also possible to do this reset using ComX.Hooklink variable. This feature makes it automatic.
When the option is checked, the period between resets can be configured between 60 minutes and 43 200
minutes (= 30 days).
In addition to a modem reset, it also reset UART.
Advanced: Running MS-GSM (2G) or an OS firmware < 1.42.455, you have to select the modem type (see above) and select
the manual initialization string.
Click "Override init. string":

PIN code (if used) must be entered
in the corresponding field.
Dialing a GSM-data: The SIM card of a GSM has three telephone numbers: VOICE (the one you use to speak), DATA and
FAX. To dial TBOX MS , you have to be sure that data service has been activated and you dial the DATA
number (please call your GSM operator).

In some countries, like in US for instance, GSM operators do not provide DATA service.
DATA communication is then only available in IP mode (see below)
About sending out e-mail or Files through a GSM-data connection

Some ISP requires specific telephone number for connecting through GSM (please check with your ISP).
7.2.3.2 IP Communication (GPRS/3G/4G) settings

The GSM connects automatically to the best network (2G, 3G or 4G if available).
There is no configuration to select one or the other network.

You have to choose either ‘CSD-Data’ mode OR ‘IP (GPRS, 3G, …)’ mode. It is not possible to use the
modem in both modes at the same time, but it is possible to combine IP mode and sending of SMS (see
below).
When selecting IP (GPRS, 3G, …), TWinSoft

automatically adapts Initialization and
Operator Phone number fields (see next).
If the connection requires a login, select the
option ‘The server requires authentication’.
You may receive a fix, dynamic, public of
private IP address, it depends on your
subscription; You do not have to declare the IP
address anywhere.
Modem Type
• Autodeteected GSM: you let TBox detects itself the modem and the right configuration. It requires TBOX MS
to run OS firmware >=1.42.455. It is mandatory for MS-GSM-3G, MS-GSM-3E, all 4G/LTE versions. For 2G
version use manual configuration (see next)
In case you want to run OS firmware < 1.42.455 or run a MS-GSM (2G), you must select the model and its initialization
string (see below "Advanced"). Available models (Look at the side sticker the exact modem type):
• HiLo 3G : corresponds to MS-GSM-3G
• Gemalto-3E: corresponds to MS-GSM-3E
APN: APN stands for "Access Point Name". It is a URL of your operator the GSM will connect to get an IP address.

Examples of public APN:

– internet.proximus.be
– orange.fr
– internet.t-mobile
– web.omnitel.it
– ...
PIN Code: If the SIM card you have inserted requires a PIN code, type it here.
If you type the wrong PIN code, or you type a PIN code when the SIM card does not require one,
there is a risk of blocking the SIM card.
It must then be restored with the PUK code using a mobile.
Disable ReadSMS: According to the modem or GSM service, it may not support incoming SMS (ASTRID, ...). Therefore, to
avoid the modem state machine to be disturbed accessing a service not supported by the SIM card, the reading
of SMS has to be optional.
Periodic mode reset: This feature allows resetting modem automatically when it is not in communication, or not busy with
the event of an alarm. This is important especially with GSM modem in case it not available anymore and cannot
send data or be accessed anymore.
It is also possible to do this reset using ComX.Hooklink variable. This feature makes it automatic.
When the option is checked, the period between resets can be configured between 60 minutes and 43 200
minutes (= 30 days).
In addition to a modem reset, it also reset UART.
Advanced: Running an OS firmware < 1.42.455, you must select the modem type (see above) and select the manual
initialization string.
Click "Override init. string":

APN and PIN code (if used)
must be entered in the
corresponding fields.
Operator Phone number: special number to establish the GPRS connection.

Typically, the number is *99***1#. Check with your operator and type it following the command ATD.
Example with Orange, Proximus, SFR, AllIP, …: ATD*99***1#
Connection at start up: when this option is selected (by default) TBOX MS handles the modem to keep the connection
permanently. When this option is removed, TBOX MS handles the connection according to communication
variables: GPRSCon (see below)
Server requires authentication: Some TCP/IP connection requires authentication. Check with your ISP.
Authentication Protocol: When requiring authentication to connect in IP (GPRS, 3G, ...) the authentication protocol can
be selected. By default it is set to "Automatic" as it is negotiated with the Operator during connection.
Keep PPP alive: PPP is a low level TCP/IP protocol, used to establish the connection.
For safety reason, to be sure to keep the connection always active, TBox MS can keep sending regular
requests (LCP ECHO REQUEST).
According to some GSM operators, it seems it is not necessary. It is then optional.
PPP Echo Timeout: When the option is active, frequency in minutes with which the requests are sent.

Take into account that it uses around 50 bytes, and that with GPRS connection, you are charged for
each bytes sent or received.
Communication variables dedicated to IP Communication (GPRS, 3G,…)

Some communication variables allow manual handling of GPRS and give information on the status.
Digital Communication Variable

Handles the IP connection.
COMx.GPRSCon
Working in manual connection, writing ‘1’ forces a connection; writing ‘0’ forces a disconnection.
When working with automatic connection, if you reset this variable the connection will stop, but
after maximum 5 minutes, it will be automatically restarted.
USE A TRIGGER INPUT CONTACT TO ACTIVATE THE VARIABLE
Analog Communication Variable

COMx.GPRSState IP: indicates the status of the GPRS connection.
Value=0 : disconnected
Value=1 : currently connecting
Value=2 : connected
Value=3 : currently disconnecting
COMx.IPAddress IP: this register gives the IP address used by TBOX MS during its IP connection.
The information is available in a DWORD, but in the list of Tags, you can display it as an IP
address: from the list of Tags, right click the Tag →” Display As” → “IP address”.
This information is very important when working with dynamic IP address. It can be sent
for instance by SMS message, e-mail (see Report Studio), or displayed in a webform, to
inform on IP address changing.
COMx.CurrentNetwork Indicate the GSM network the GSM is connected to:
0 : GPRS
1 : 3G
2: 4G
COMx.ByteCount All bytes exchanged with the network, for output and input communication.
Sending of SMS with GSM configured in IP (GPRS, 3G, 4G)

As of OS 1.35.374, it is possible to send and receive SMS while connected in IP (GPRS, 3G, 4G).
TCP/IP settings
4G, 3G or GPRS connection represents a TCP/IP connection using GSM network. It then requires an IP address
which is provided from the operator.
Whichever account you have subscribed, you must not change its TCP/IP configuration.

Using TWinSoft to communicate to an RTU in IP (GPRS, 3G, 4G)

Typically, TWinSoft will access TBOX MS from a LAN, using an Ethernet connection (in case your LAN has a
Gateway connection to Internet).
In order to have a reliable communication, you might have to increase some timing parameters in TWinSoft:
menu ‘Communication’ -> ‘PC Setup’; select ‘Ethernet’ and click ‘Advanced...’.
Especially if communicating in GPRS, change ‘Comm. Timeout’

to 5000 ms. or higher.
Change ‘Inter-Frame Gap’ to 10 ms.
Before sending a program through IP (GPRS, 3G, 4G), check the PC setup settings of TCP/IP, like
explains chapter 4.3.3. IP address settings, point 3.
7.2.4 USB
TBOX MS-CPU32-S2 is equipped with 3 x USB ports. It can be used as "Device" as well as "Host".
USB as Device
USB1 is runs as “Device” and waits for a “Host”, like a PC.

This is the port that will be used to access TBOX MS either for programming or displaying HTML pages.
Connection
You need a USB A/A male cable (host to host). The USB driver (TBoxUSBDriver.inf) is installed on PC during TWinSoft setup.
Communication
Communication is carried out in TCP/IP. TBOX MS acts as a DHCP server and provides to the PC an IP in the range
10.8.10.xxx. TBOX MS itself uses the IP address 10.8.10.1. In PC Setup, you select "USB".
USB as Host
All three USB ports run as "Host", it expects to communicate with a "Device".
USB1 and USB2 support USB 2.0
USB3 supports USB 1.1
Models of USB device accepted:

• USB stick
• Serial
• Modem
• WiFi
When configured as communication port, a new port is available with its Communication Variables (DCV, ACV).

According to the drivers installed in LINUX, check below device chipsets accepted.
7.2.4.1 USB Stick: Programming TBox

This feature can be compared to Plug & Go. The procedure is:
– You create a "repository" directory on the USB stick, using Plug&Go.
– You insert the USB memory stick in TBOX MS .
– You press the button to the Reset position and let the LED flashing green 6 times (it must turn off after the
sixth one)
– After the LED starting sequence, it flashes at 1/2 Hz during copy and then starts with the new program.
7.2.4.2 USB Stick: Alarm Recipient

The USB memory stick can be configured as an alarm recipient.
In the recipient, you chose "external memory" and select USB Mass Storage

7.2.4.3 WiFi Devices

– WiFi dongle with Realtek RTL8192/CU chipset (obsolete) or LM Technoologies - LM 808.
The use of WiFi is having TBox acting as Access Point, to access it locally without cabling for
reprogramming or displaying WebForm, on a smartphone, tablet or PC..
WiFi configuration:
7.2.4.4 Serial Devices

USB/serial devices with FTDI chipset can be connected (most USB/Serial interfaces).
Serial configuration:
It can be used as TBox “Master” and “Slave”.

7.2.4.5 Modem Devices

Most of USB modems are “software” modems for which a dedicated driver is required. These modems are not supported.
Only “serial” modem through USB/RS232 interface.
A Modem Profile is required, then this is not a plug&play solution. Please contact your distributor.
Switching Between USB devices/host

1. It is not possible to switch between “device”, because each device has its own configuration. For instance, you
cannot plug a “serial” interface to a port configured for “WiFi”.
One exception, a USB stick. You can plug a USB stick on any USB port, it will always be available.
2. It is possible to switch between “device” and “host”. In other words, you can connect a PC to a port configured for
a “device”.
Demounting the USB Memory stick

When used for programming, the USB memory stick can be removed when TBOX MS has started with the new
program.
When used as Alarm Recipient, you should check TBOX MS is not in alarm anymore (Ala_on=0) and then
demount the USB Memory stick using the Digital System Variable 53 [USBStorage]

7.3 Communication Variables

Communication variables are dedicated registers providing different status of the communication.
It is very useful for monitoring and controlling the connection.
Those variables are divided into 2 tabs, Digital Communication Variables (DCV) and Analog Communication Variable (ACV).
When you need one, double click it from the list and click <OK>! It becomes a Tag and then available in any feature of
TBOX MS .
7.3.1 Digital Communication Variable

Example with COM8 – GSM modem
According to its function a
Communication variable is Read/Write
or Read only.
In the following table, the column R/W
indicates:
- : Read only.
0 : Write ‘0’ only.
1 : Write ‘1’ only.
* : Write ‘0’ or ‘1’.
Name R/W Description

COMx.NoReply 0 Communication: SET by TBOX MS in case of error during ModBus “Master”
communication. Possible errors:
- Timeout.
- ModBus: Unknown address, wrong quantity, CRC error.
- TCP/IP: wrong closing of socket
Must be RESET by the user.
COMx.HookLink * Modem:
Reading '1': indicates the modem is on-line
- dial-up modem: connected to another mode
- GPRS/3G: connected to the APN.
Writing '0' : forces a hardware reset of the modem.
Writing '1' : forces the modem to hang up and an IP disconnection.
Ethernet:
Reading '1' : indicates the Ethernet is connected to a device (Switch, PC, ...)
Writing '0' or '1': forces a reset of the Ethernet chip. Ethernet communication is not
interrupted.
VPN:
Reading '1' : indicates the VPN is connected
Writing ‘0' : disconnect properly the vpn connection
USE A TRIGGER INPUT CONTACT TO ACCESS THE VARIABLE


COMx.Call - Modem: with GSM acting as “dial-up” modem, reading ‘1’ indicates the modems
are synchronized with TBOX MS ‘dialing out’
COMx.Answer - Modem: with GSM acting as “dial-up” modem, reading ‘1’ indicates the modems
are synchronized with TBOX MS ‘Answering’ incoming call
COMx.NoDial 0 Modem: with PSTN modem, reading ‘1’ indicates that no dial tone has been
detected when the modem has picked-up the line. (not available with TBOX MS )
Must be RESET by the user.
COMx.GPRSCon * GPRS/3G/4G: Writing 1: demand of connection. (Automatic when selecting
“Connection at start-up”)
USE A TRIGGER INPUT CONTACT TO ACCESS THE VARIABLE
COMx.ModBusResp 0 Communication: indicates the port is transmitting answering. At each

transmission, TBOX MS SET this register.
To check TBOX MS is transmitting in “slave” mode. You RESET this register and
test whether it is SET again (using Ladder or BASIC).
COMx.ModemError 0 Communication: modem initialization failed.
Modem has answered with an ERROR to one of the parameters of the init. String
(see modem properties). A reason could be, working with GSM, because it is not
registered yet.
When you RESET this register, OS executes a warm start of the modem (sending
init. string)
COMx.ModemPower * LowPower: used only with Low Power RTU.
COMx.ModemAlarm * LowPower: used only with Low Power RTU.
COMx.VPNCon OpenVPN:
On VPN "Client" side:
VPN.VPNcon=0 -> exit OpenVPN process
VPN.VPNcon=1 -> restart OpenVPN process
On VPN "Server" side, it has no function..

7.3.2 Analog Communication Variable

Example with COM8 – GSM modem
According to its function a

Communication variable is
Read/Write or Read only.
In the following table, the column
R/W indicates:
- : Read only.
* : Write allowed.

COMx.Level * Access Control: access level of the user currently logged (see chapter 16).
COMx.UserId * Access Control: user Id of the user currently logged (see chapter 16). The user Id and the
authority level correspond to those you have defined with the utility ' PASSWORD '.
The value returns to 0 when the user has disconnected.
Values can be written to those registers.
Example: when a user is connected you can modify its level access by writing a value in the
register COMx.level (level available: 0, 1, 2 or 3).
Those values can be stored in analog chronology for keeping a history on the access.
When a user disconnects (Logout), the register returns to 0
COMx.Timeout * Modem: global time-out for hanging-up the modem when there is no communication.
Correspond to the ‘Inactivity time-out’ in the ‘Advanced properties’ of the modem.
COMx.GPRSState - GPRS/3G/4G: indicates the status of the GPRS connection.
0 : disconnected
1 : currently connecting
2 : connected
3 : currently disconnecting
4 : sending SMS and keeping GPRS context (as of OS 1.23)
COMx.IPAddress - GPRS/3G/4G: this register gives the IP address received by TBOX MS during its connection to
the operator. The information is available in a DWORD. It can be displayed from the list of Tag
as ‘Ip Address’.
COMx.SigLevel - GSM: when available, quality of the GSM signal. The range of the value is 1 to 31. A value of 18
is considered as a good signal level.
As of OS 1.42.455 with 4G model, signal level like with mobile, between 0..5.
COMx.SmsState - GSM: associated to the GSM, can be used to check the status of ReadSMS. (see chapter 12.5)
COMx.AutoAnswer * MODEM:
Read: indicates the number of RING before the off hook
Write “0”: no off hook
Write “1”: force off hook at the next RING

COMx.ModemState - MODEM: gives current status of the modem. Possible values are:
1: PIN code sent (GSM only when PIN code activated)
4: Init string accepted
7: Idle mode
9: outgoing call. Waiting CONNECT
26: registered to the network
… more values in TWinSoft Help -> How to Debug modem communication.
The last value is maintained, until the next status changing.
COMx.CallerID * MODEM: variable which indicates the caller ID of the current incoming modem connection, 32
bits format, giving the 9 last digits of the calling number. It can be used in the program to
trace and control who is calling
Init string of GSM modem: Caller ID identification must be activated. ^AT+CLIP=1
COMx.ModemPoT * LowPower: used only with Low Power RTU.
COMx.StationAdd - General: Station address of the RTU (see general RTU properties).
LOW BYTE: ModBus station address.
HIGH BYTE: Sub address.
Doing ModBus Transactions through modem, useful to detect the calling “Slave“ station, by
doing a request to station “0” and read this variable. From there, the “Master” can activate the
proper Trigger.
COMx.CurNetwork - GPRS/3G/4G: Indicates the network the GSM is connected to
0 : GPRS or EDGE
1 : 3G
2 : 4G
COMx.UsbState - USB: Gives current status of the USB port:
0 = does not do anything (never visible)
10 = USB port in mode "device", waiting for a Host (PC)
11 = Something is connected in mode "device"
20 = USB port in mode "host" waiting for a device (USB stick)
21 = Something is connected to TBOX MS
WARNING: this could be a device not recognized by TBox like a mouse, a keyboard, ...
Without anything connected to the USB, the variable toggles 10, 20, 10, 20, ….
COMx.ByteCount - GPRS/3G/4G: returns all bytes (sent and received) during a IP communication. It counts bytes
at PPP level. It is reset at each start/stop of the program, then to sum the bytes up you should
use the following BASIC code:
COMx.VpnState - OpenVPN: returns the status of the connection.

0: Idle: ready to connect
1: DNS: If link to Connect is indicated with a name; resolution of the name
2: Login: Login to TConnect
3: Config:: Set TConnect configuration
4: Config: Downloading VPN configuration from TConnect (if required)
100: DNS: If connection to the VPN server uses a name; resolution of the name
101: VPN: OpenVPN process is started
102: VPN: Connected to VPN Server
255: ERROR: init process will be restarted 1 min. after an error

7.4 System variables

The system variables have pre-defined functions.
They are very useful to check or to act on features of TBOX MS .
They are divided into ‘Digital’ and ‘Analog’.
7.4.1 Digital System Variables

According to its function a register is Read/Write or Read only. In the following table, the column R/W indicates:
• - : Read only.
• 0 : Write ‘0’ only.
• 1 : Write ‘1’ only.
• * : Write ‘0’ or ‘1’.
When the action (SET) is specified, it means that TBOX MS maintains the variable at 1 to be sure it is detected. Such a
variable needs to be reset using Ladder/BASIC logic.
Index Name R/W Description
0 TikSec 0 Tik Second: Changes of state every second. Useful for counting time.
1 PrgRun - Program run: At each starting of TBOX MS , this register changes to 1 and stays at
1 as long as the BASIC/Ladder program runs.
This register is used in BASIC/Ladder to execute operations only at the start of the
program, with the help of a positive edge trigger function.
2 NewPro - New program: Start of a program flag. Changes to 1 if TBOX MS has started after
having received a new program. Changes to 0 after a reset of the TBOX MS
3 Reboot 1 Reboot: complete restart of TBOX MS . It is equivalent to hardware reset.
4 RstWat 1 Reset Watchdog: the watchdog checks the cycle time of BASIC/Ladder program.
In case it is longer than 1 second, it resets TBOX MS . This Watchdog can be reset
to reinitialize the 1 second timer in case of cycle time longer.
5 Ala_On 0 Alarm on: this register indicates that alarm is active (not acknowledged). Writing
0 in this register causes a global acknowledgment of all alarms.
It corresponds to a reset of the alarm stack.
6 Alaerr 0 Alarm in error: TBOX MS SET this register 1 when an alarm failed to be sent. This
means that after the number of tries, the alarm has been auto-acknowledged.
Must be Reset by User.
7 RstAla - Reset Alarm: Not used. See ‘Ala_On’ above.
8 EnaDCr * Digital Chronology: General enable of recording in digital chronology.
9 EnaACr * Analog Chronology: General enable of recording in analog chronology.
10 EnaSam * Sampling Tables: General enable of recording in sampling tables (not available).
11 EnaAla * Enable Alarm: General enable of generating alarms.
12 DisCrd * Flag digital chronology: can be associated to any digital chronology configuration
to inhibit recording. When at value ‘1’, inhibits recording in Database.
13 DisCra * Flag analog chronology: can be associated to any analog chronology configuration
to inhibit recording. When at value ‘1’, inhibits recording in Database.
14 DisSam - Not used
15 DisAla - Alarm: flag that can be associated to any Alarm condition. When at value ‘1’,
inhibits the sending of alarm.
16 DaySav - Time: 1 = summer time (the ASV “ZoneBia” increments or decrements with.
0 = wintertime. the number of seconds according to the time zone)


17 PrgEnb * Program Enable: when reset to ‘0’, allows stopping the execution of
BASIC/Ladder program. It can be useful to execute the program manually (see
next).
18 PrgOnc 1 Program Once: when set to ‘1’, executes the cycle of BASIC/Ladder program
once. Useful for debugging the program.
TBOX MS resets the variable automatically.
19 TcpIpLog * TCP Logging: Not needed with TBOX MS . All logs available from TWinSoft
main menu: ‘Communication’ -> ‘Retrieve from TBox’ -> ‘Trace Log’.
20 ALAovf * Alarm Overflow: overflow in the stack of alarms. The size of the stack of alarms
can be adjusted from the ‘Advanced’ properties of the RTU
21 ComErr 0 Communication error: general communication error flag. It means that one of
the communication ports (of the CPU or of a communication card) used as
‘Master’ has encountered a communication error. (SET)
22 SmtpEr 0 Smtp Error: an error occurred while sending an e-mail. (SET)
23 FtpErr 0 Ftp Error: an error occurred while sending files. (SET)
24 NTPErr 0 NTP Error: an error occurred while setting time of TBOX MS . (SET)
25 GpsVF - GPS: GPS validity (connected on COM1). GPS returns a valid signal.
Validity of the signal. When changes to ‘1’, it indicates the GPS receives
sufficient signals to calculate its position (from minimum 3 satellites).
When changing from 0 to 1, the time of TBOX MS is set to the time of GPS, with
correction in regards to GMT according to the location of TBox.
If you want to update the time manually, you reset the variable
26 GPRSErr 0 GPRS Error: an error occurred during GPRS connection. TBOX MS does not
succeed to connect (not supported yet) (SET)
27 ModemLog * ModemLog: Not needed with TBOX MS . All logs available from TWinSoft main
menu: ‘Communication’ -> ‘Retrieve from TBox’ -> ‘Trace Log’.
28 SystemEr 0 SystemErr: the RTU detected an error during starting. Typically a problem with
a card (not supported yet) or a discordance between cards detected in program
and cards installed (SET)
As of OS 1.42.455, it also reports the following errors:
Too many file descriptors opened. This can lead to a sort of memory leak, but for
file descriptors.
USB modem is not detected after some time. This can happen if USB driver has
crashed at LINUX level.
A reboot should be considered (using the system variable “Reboot”) to correct
the problem. This variable allows the user be aware of the issue and determine
when it is safe to perform the reboot.
29 MmcToRTU - SD card: indicates whether the program has been loaded from the micro SD.
1 = the program of the micro SD is different from the one of the RTU and has
been loaded from the micro SD.
0 = there is no micro SD; the micro SD is empty; the program of the micro SD is
identical to the one of the RTU (see also appendix C. Plug&Go)
30 DigChrOv - Chronologies: Indicates that the amount of records in the digital chronology has
reached the maximum selected
30 DigChrOv - Chronologies: Indicates that the amount of records in the digital chronology has
31 AnaChrOv - Chronologies: Indicates that the amount of records in the analog chronology has


32 RsDigChr - Chronologies: Allows emptying the digital chronology using a SET.
Automatically reset by OS
33 RsAnaChr - Chronologies: Allows emptying the analog chronology using a SET.
34 BusError - SYSTEM: When an error on the BUS is detected the variable changes to 1. The
LED error of the corresponding card is switched ON until hardware reset.
In parallel, OS reinitializes the TBox MS I/O cards every second.
An error on the BUS might happen if the earth of RTU is not good.
EMC protection is very good with TBox, but requires a very good connection
to earth
35 MasterAnsw * ModBus Transaction: when set to 1, allows handling of ModBus Transactions on
incoming call. It concerns then only ModBus Transactions through modem
36 DynDnsEr 0 TCPIP: error during a connection to DynDNS server. (SET)
37... 44 Tsl_Xa - Alarm: there are 8 time slices that can be used to build Time Tables.
Those 8 variables indicate the activity of each of them
45 DisAla2 * Alarm: flag #2 that can be associated to any Alarm condition. When at value ‘1’,
inhibits the sending of alarm
48 Pop3Err * Alarm: an error occurred while accessing POP3 server. (SET)
49 PgmCnt 1 Low Power: used only with Low Power RTU
50 CntErr 0 Low Power: used only with Low Power RTU
51 SftpErr 0 Ftp Error: an error occurred while sending files through Secure FTP. (SET)
52 CycErr 0 System: working with a periodical process cycle time, indicates the cycle –has
been bigger than the period selected (see advanced RTU properties ->
Start/Stop. (SET)
53 UsbStorage 0 USB
Reading 1 = USB device has been detected.
Writing 0 = demounting the USB device. Required after data transfer is done,
before removing the dongle.
54 HttpErr 0 HTTP Error: an error occurred while sending HTTP Post to a server. (SET)
55 Runtime 1 Plug&Go: to activate backup of global Tags and DB, as configured in Plug&Go
Backup configuration (see hapter 6.6.11).
56 SdPresent - SD Card: =1 means a SD card is detected in TBOX MS .
57 SdFull - SD Card: =1 means the SD card is full at 90%.
58 MemoryLoss - System: =1 indicates an internal lithium battery failure. Internal variables might
be at wrong values and time might be wrong.
59 SdError 0 SD Card
Read 1=indicates an error accessing the SD card. Led “Run” On
Write 0= to Reset the LED"Run"
60 RsSam 1 DATALOGGING: Allows emptying the Sampling Tables using a SET.

7.4.2 Analog System Variables

According to its function a variable is Read/Write or Read only. In the following table, the column R/W indicates:
• - : Read only
• * : Writable
0 Second * Time: Second in TBOX MS .
1 Minute * Time: Minute in TBOX MS .
2 Hours * Time: Hour in TBOX MS .
3 Day * Time: Day of the month in TBOX MS .
4 Month * Time: Month in TBOX MS .
5 Year * Time: Year in four digits in TBOX MS .
6 DayOfw * Time: Day of the week in TBOX MS . (Mo=1; Tu=2; We=3; …)
7 AlaCnt * Alarm quantity: Number of alarms in the alarms stack. It means the quantity of alarms that
have not been generated yet.
The size of the Alarm stack can be adjusted in the ‘Advanced RTU properties’).
8 AlaID * Alarm last index: Absolute index of the last alarms generated (number between 0 and
65535).
Can be used to acknowledge an alarm by writing its index.
9 ALACur * Alarm current index: Absolute index of the alarm being currently handled (number
between 0 and 65535).
10 ALARec * Alarm recipient: gives the index of the recipient of the current alarm.
Can be used to acknowledge all alarms of a Recipient by writing its index (see index in the
list of Recipients).
11 SamQty * Sampling Table: Quantity of sampling tables defined.
12 UtcTim - Time: Universal Coordinated Time (UTC). It is the number of seconds since 01/01/1970,
GMT time. It is used as time-stamp reference for datalogging.
13 ZonBia * Time: Time difference in seconds with GMT.
14 ZonID * Time: ID of the zone where TBOX MS has been installed. It uses by default Regional
Settings of PC. It can be changed from RTU properties.
15 WeYear * Time: week of the year (*)
16 CycTim * Time: time for one cycle of the program (BASIC and Ladder). This register is refreshed
after each cycle.
Within the program, you could compute this register to memorize the highest value.
17 AAcond - Alarms: Quantity of alarm conditions, which are still active.
18 LevId - Events: absolute number of the last event (0…65535).
19 AppVer - Application version: according to the ‘version’ indicated in the ‘Info’ of the RTU properties.
This register returns a version in a WORD format: 0…65535
20 OsVer - Operating System: version: running in TBOX MS .
21 OsBuil - Operating System: build number of the OS running in TBOX MS .
22 LoaVer - Loader version: Not available with TBOX MS .
23 LoaBui - Loader build: Not available with TBOX MS .
24 PortIdLog * TCP Log: Not needed with TBOX MS . All logs available from TWinSoft main menu:
‘Communication’ -> ‘Retrieve from TBox’ -> ‘Trace Log’.
25 EventLog - TCP Log: Not needed (see above)


26 MilliS - TIME:
With CPU-16: 10 milliseconds tik
With CPU-32 and –LT2: 1 millisecond tik
27 GpsLat - GPS: current latitude given by the external GPS (ACC-GPS on COM1).
Latitude in degrees multiplied by 1000000 (example: 50123456 means 50 degrees +
0.123456 degree). Resolution: 11 cm. Precision 15 meters
28 GpsLong * GPS: current longitude given by the external GPS (ACC-GPS on COM1).
Longitude in degrees multiplied by 1000000 (example: 7123456 means 7 degrees +
0.123456 degree). Resolution: 11 cm. Precision 15 meters
29 GpsAlt - GPS: current altitude given by the external GPS (ACC-GPS on COM1).
Altitude in meters. Resolution, 1 meter. Precision: depends on the quantity of satellites.
Poor precision
30 GpsSats - GPS: quantity of satellites detected by the external GPS (ACC-GPS on COM1). Must be of
minimum 3, or even 4 to expect a good precision.
31 Rerout * Modbus: variable 16 bits, each representing a COM Port from 1 to 16. The bits
corresponding to the Ports in Rerouting are at 1, others at 0. Can be use to set the mask.
32 MasterErr * Communication: indicates the last station ID (ModBus station) in communication error.
Once an error has been detected, the value is maintained until next error. Usually,
communication errors can be solved by modifying the time-out available in the ‘Advanced’
tab of the communication used (End of Fame Detection, IFG, Rx Time-out). To trace an
error, we advise you to reset the variable and check it when it is different from 0.
When this happens, you can handle it in your process and reset the variable, that it is ready
for the next error
33 CardErr * System: this variable indicates card(s) in error. For TBox-MS only
34 CPUusage - Low Power: Not available with TBOX MS . Used with Low Power RTU only.
35 SerialNb - Hardware: indicates the S/N. of the CPU (see sticker on the side of the card).
36 CPUmode - Redundancy: for TBox MS32 only
37 OpenSoc TCP/IP: number of sockets opened. Not available with TBOX MS
38 GpsSpeed - GPS: with a GPS connected to TBox, current speed of TBox, expressed in km/h
39 GpsRoute - GPS: with a GPS connected to TBox, current direction of TBox, expressed in degree (0 ..
359.9 degree)
40 AlaPop3 - Alarm: it indicates the number of alarms needing to be acknowledged by POP3 connection
41 EvenCur * Alarm: it indicates the current Event ID
42 HardRev - HW: it indicates the hardware revision of the CPU
43 Pop3State * Alarm: indicates the state of POP3 connection. Particularly useful when monitoring the
RTU with POP3 connections. The last value is maintained:
1 Accepted message received
2 Acknowledgment received
10 Invalid message
11 Unknown command
20 Incorrect password
21 Incorrect password or not supplied for a com. Port protected
30 Message received does not match a pre-defined message
44 CntID * Low Power: used only with Low Power RTU
45 CntValue * Low Power: used only with Low Power RTU
46 CntTime * Low Power: used only with Low Power RTU
47 CrdIndex - Datalogging: current position in the table of digital chrono. (circular counter)


48 CrdSize - Datalogging: size of the table for digital chrono. (see RTU properties → General)
49 CraIndex - Datalogging: current position in the table of analog chrono. (circular counter)
50 CraSize - Datalogging: size of the table for analog chrono. (see RTU properties → General)
51 CreIndex - Datalogging: current position in the table of events (circular counter)
52 CreSize - Datalogging: size of the table of events (see Advanced RTU properties → Alarms)
53 InstState - System: during sending of a new application, current state of installation
1 Initializing installation
2 Uninstall package XXX
3 Create RTU Infos
4 Flushing I/O buffers
100 Operation is finished
101 ERROR during TEST
102 ERROR during UNINSTALL
103 ERROR during INSTALL
104 ERROR during PLUG & GO
105 ERROR during MD5 verification
106 ERROR application MISSING
107 ERROR BAD INSTALLATION
200 Check package <xx>
300 Install package <xx>
400 Copy to Plug&Go <xx>
500 Checking MD5 <xx>
54 BatUsage - System: number of seconds the TBOX MS has been out of power and SRAM backed up
with lithium battery
The lifetime of the battery is estimated to 4 years (=126 144 000 seconds)
55 FreeMem - System: Displays the kBytes of SDRAM memory still available.
The SDRAM is 64 MBytes memory.
It shows the memory used by LINUX, like when establishing a 3G connection, or when
opening a socket for instance. In no case it shows memory used by the application
(datalogging, backup of Tag values, ...) or Operating System.
One should check it never goes below 32 MBytes (=32 000 kBytes), reserved for ..\tmp
directory. When sending a new application, it is first sent to ..\tmp directory before it is
flashed
56 XmlTag * Backup allows backup/restore of Tags.
Writing 1 in the variable forces the backup of value of Tags into the SD card. When the
operation has succeeded, the Tag returns automatically to zero (see also return codes
below).
A file tags.xml is created in directory ../public/xml of the SD card with the value of internal
variables
Writing 2 in the variable forces the restore of the value of Tags saved in file tags.xml (see
above).
Writing 2 in the variable, carries out a copy of the file into the directory ../public/dropbox
which then updates current value of Tags.
On can also remotely update value of internal variables. You send a file <file>.xml to the
directory ../public/dropbox of the SD card. It can be of any file name; only the extension is
important.
TBOX MS checks the presence of the file each 10 seconds. When a new file is detected, it
is computed and value of Tags is updated
Return codes:


XmlTag 0 Idle (or operation succeeded)
(next) 10: importing from FTP directory ../dropbox
11: import error from FTP directory ../dropbox
100: exporting to FTP directory ../xml
101: exporting error to FTP directory ../xml (see logs details)
200: restoring tags.xml
201: restoring failed
57 LogLevel * System: allows filtering recording of logs according to a level of log:
- 0 : Debug
- 1 : Verbose (default)
- 2 : Info
- 3 : Warning
- 4 : Error
- 5 : Fatal error
- 6 : None (log are disabled)
58 LogClass * System: 32 bit Tag allowing filtering recording of logs according to a Class of log. Each bit
corresponds to a class:
- SYSTEM: bit 0
- SERVICES: bit 1
- LOADXML: bit 2
- PROPERTIES: bit 3
- TAGS : bit 4
- SYSTEM TAGS: bit 5
- RESOURCES: bit 6
- COMMUNICATION: bit 7
- ALARMS: bit 8
- DATABASES: bit 9
- MODBUS TRANSACTIONS (alias Remote Tags): bit 10
- HIGH SPEED TAGS: bit 11
- PERIODIC EVENTS: bit 12
- PROGRAMS: bit 13
- REPORTS: bit 14
- ADDONS: bit 15
- MODBUS: bit 16
- AT MODEM: bit 17
- PAGERS: bit 18
- NMEA: bit 19
- TCPIP: bit 20
- PPP: bit 21
- HTTP: bit 22
- SMTP: bit 23
- FTP: bit 24
- NTP: bit 25
- PRINTER: bit 26
- PLUG AND GO: bit 27
- POP: bit 28
- SFTP: bit 29
- USB: bit 30


LogClass - VPN: bit 31
(next) Example: there is a lot of Modbus transactions that fill the log and you wish to debug the
GPRS or 3G connection. You need to log AT MODEM and PPP. You will set the system
variable LogClass = 131 072 + 2 097 152 = 2 228 224
Check with the Tag displayed in "binary" format the correspond bits are set to 1.
The value of these two "Log" variables is maintained in case of all different start-ups of
TBOX MS (new program, reset, ...)
59 Http - HTTP: Indicates the number of users that have logged in HTTP to TBox.
Session This requires HTTP protection to be activated as well as HTTP session Authentication (See
RTU properties-> Protection and IP Security)
60 Restart - Indicate the cause of last TBox startup

Cause - 0: Power up
- 1: RESET
- 2->4: Reset in STOP Program (depends how many LED flashing before stop)
- 5: Watchdog
- 10: New application and OS
- 11: New application
- 12: Software reset
- 13: Software reset due to a Start
- 14: Failsafe
61 TimeEvt - Inform of a changing in TBox time event.
the 3 lowest bits informs on the source of the event:
Example:
...0 0 0 : add-on or unknown
...0 0 1 : GPS
...0 1 0 : NTP
...1 0 0 : TConnect
the bits 4 ant 5 indicate the type of time settings:
Example:
... 0 1 x x x : indicates a time synchronization (for instance changing time from the time
variables), when the DELTA option defined in “RTU advanced properties -> “Sampling
Tables” is not activated, or time difference < DELTA.
... 1 0 x x x : indicates a time set when the DELTA is above the one defined in “RTU
advanced properties -> “Sampling Tables”
62 BackUsage - Returns the percentage of use of the background task on the last minute. If 100%, means
that there were task(s) running for the last 60 seconds... which is of course too high in
normal condition. This time will of course increase when installing a new application but it
is in such case not an issue.


63 Backup * To be used in conjunction with SD card to backup of Global Tags (See chapter 6.6.11
Status Advanced properties -> Plug&Go)
Value to read:
0 VALID
-1 NO_SD card
-2 INVALID
-3 RESTORE_FAILURE
-4 BACKUP_FAILURE
100 STARTING(Backup, Restore, Check)
200 RESTORING
201 RESTORING_TAGS
202 RESTORING_DB
203 RESTORING_ADDONS
300 BACKUPING
301 BACKUPING_TAGS
302 BACKUPING_DB
303 BACKUPING_ADDONS
304 SYNCING
305 CHECKING
Value to write:
1 : BACKUP TAGS AND DB
2 : RESTORE TAGS
3 : CHECK BACKUP INTEGRITY
64 OverdConfig * It indicates a configuration has been overridden. It works as a bit mask indicating which
configuration has been updated:
bit 0: System.xml (on SD card)
bit 1: Users.xml (list of users, from TConnect or WF2 through "USers" object)
bit 2: IOs.xml (Only for RM2)
bit 3: Firewall.xml (list of exceptions, from TConnect)
(*) System variable 15. ‘Week of the year’ :. This system variable indicates the week of the year according to the date in the
RTU.
The rules are the following:
– the changing of week happens on Monday, 00:00 AM
– if January 1 is a Friday, the week will change at that day
– if January 1 is a Saturday, Sunday, the week does not change
– In other cases, the week does not change
Examples:
Month Mon Tue Wed Thu Fri Sat Sun Week
dec 21 22 23 24 25 26 27 51
dec / jan 28 29 30 31 1 2 3 52 / 53
jan 4 5 6 7 8 9 10 1
jan 11 12 .. .. .. 2
Month Mon Tue Wed Thu Fri Sat Sun Week
dec 22 23 24 25 26 27 28 51
dec / jan 29 30 31 1 2 3 4 52 (or 53)
jan 5 6 7 8 9 10 11 1 (or 2)
jan 12 13 .. .. .. 2 (or 3)

7.5 Timers & Counters
Timers and Counters are described in the manual BASIC & Ladder for TBox

8 Tags & Variables

A Tag is essential for any programming
• An alarm is conditioned from a Tag.
• The Datalogging mechanism records values of Tags.
• BASIC/Ladder logic executes a process by handling Tags.
• …
Any variable of the TBOX MS that you want to use in any configuration has to be available as a Tag.
There are 4 types of variables:

• The Physical I/O DI, DO, AI, AO (See chapter 7.2.1)
• The Internal Variables, digital, analog and text (aka Registers) (See chapter 8.2)
• The System Variables, predefined analog and digital functions (See chapter 7.4)
• The Communication Variables, digital and analog (See chapter 7.3)
The Tags are gathered in the folder Tags of the Project Workspace:
GROUPS OF
TAGS
The Tags can be sorted into Groups of Tags:

- From the list of Tags, right click.
- From the Context menu, select ‘New’ -> ‘Group’.
- You can then move/create Tags into the Group.

8.1 Physical I/O

The physical I/O’s are the signals available on I/O cards. They can be easily accessed from the ‘Resources’ (see chapter 7:
‘The Resources’).
Details about the different I/O are available in manua TBoxMS Technical Specifications
To create a Tag of a variable from the Resources:

• select it into the list and double click it
• change its name and description
• click <OK>
If you are connected to a TBOX MS when the Tag is created, you will see ***** appearing in the column
‘Value’.
This is because the ModBus address of the Tag needs to be sent to TBOX MS (see chapter 8.3: ‘ModBus
addresses’)
Once the program has been sent, the value appears.
You can send the program clicking

this icon.

Examples of Physical Inputs:
Digital Input Analog Input
8.1.1 Analog I/O
Concerning Analog I/O, some

settings are available:
Type: depending on the model of Analog Input card, there may have different types of signal available (1..5V;
4..20mA; 0..10V, ...)
Scaling: the I/O can be scaled to real value by defining a MIN (corresponding to the smallest signal) and a MAX
(corresponding to the highest signal). The resolution defines the number of steps of the scale (MAX – MIN /
RESOLUTION).

8.2 Internal Variables (Registers)

An internal variable (also known as Register) is an addressable location of the memory. It is used as flag, as temporary value,
to make a calculation, …
There are 3 types of internal variables:

• Digital (DIV) Boolean register with possible values: 0 or 1.
• Analog (AIV) with several formats:
– 8 bits, Signed or Unsigned
– 32 bits Float, IEEE 754
• TEXT (AIV) analog register associated to a string of characters
The internal variables can only be created from the list of Tags.
8.2.1 Digital Internal Variable

To create a Digital Internal Variable, from the list of Tags, click ‘Add a Tag’.
Select ‘Digital’:
The definition menu pops up:
You type a Tag Name, a Comment and select as Type: ‘Internal

Variable’
The initial value is the value the Tag will have at the start-up of
TBOX MS .
If you select ‘None’ the value is maintained at start-up.
ModBus Address is discussed in chapter 8.3.

8.2.2 Analog Internal Variable

To create an Analog Internal Variable (also known as Register), from the list of Tags, click ‘Add a Tag’.
Select ‘Analog’
The definition menu pops up:
Internal “Float” Variable
You type a Tag Name, a Comment and select as Type: ‘Internal Register’
For each Analog Register, the formats available are:
• 8 bits (Signed or Unsigned)
• Float (32 bits, IEEE 754)
By default, TWinSoft creates Analog Internal Variable in format ‘Float’.

Check whether it fits with the use you intend to have of the variable.
The initial value is the value the Tag will have at the start-up of TBOX MS .
If you leave the field empty, the value is maintained at start-up.

ModBus Address is discussed in chapter 8.3.
8.2.3 Text Internal Variable

The Tag TEXT uses ASCII character encoding ISO/CEI 8859-1 of the Latin alphabet.
To create a Tag TEXT (string of characters), from the list of Tags, click ‘Add a Tag’ .
Select ‘Text’
The definition menu pops

up:

8.3 ModBus address

The ModBus address is the link to the outside world. When equipment must sample Tags in TBOX MS , it uses its ModBus
addresses; like TView, SCADA or TWinSoft.
Each Tag has a unique ModBus address. By default TWinSoft proposes a ModBus address.
You can change it if you want.

While being On-line, the value of the Tag can be displayed only when TWinSoft has sent the program to
TBOX MS .
The Tag is then available for the outside world at the ModBus address you have declared
8.3.1 ModBus address of System Variables

With System Variables it is a little bit different; they have two ModBus addresses:
• One internal and fixed ModBus address. It explains why when you are connected to TBOX MS , even without
sending a program, you still can see values from the Resources.
• The internal address of these variables is 65280 + ID of the variable.
Example: [AlaRec] = 65280+10=65290
• One user definable ModBus address that you modify as you want. When you create a Tag of system variable,
you can change its default ModBus address. In case you wish to access the Tag, you declare this user ModBus
address.
Other Tabs of the Tag configuration refer to menu where the Tag can be declared:
For Alarms, see chapter 11
For Datalogging, see chapter 13
For ModBus Transactions, see chapter 14
About Presentation-write, see next chapter

8.4 Tags - Presentation / Write

This tab contains configuration used when the Tag is declared in a Report or in a WebForm. The Description is also used in
TView.
Presentation settings can also be used when the value of the Tag is included into message (SMS or e-mail).
• Report: file edited with ‘Report Studio’ and used for instance as text body when sending e-mail.
To start Report Studio open the list of ‘Web and Report files’ from ‘Project Workspace’, double-click an existing
report or "Add a new Report…"
• WebForm: file edited with ‘WebForm studio 2.0’. Used to display values of Tags in a HTML page.
To start WebForm Studio 2.0, open the list of ‘Web and Report files’ from ‘Project Workspace’, double-click an
existing webform or "Add a new WebForm 2.0…"
• Message: with Digital Tags, the ‘states’ defined in Presentation will be used and with Float Tags, the number of
decimals.
(See also chapter 11.6.2. Value of Tag in message)
Presentation Makes the following information available to ‘Report’, ‘WebForm’, 'Message' and TView
Description In a Report, text displayed as ‘Header’ in sampling table or as Tag information in chronologies
when the data is retrieved.
Units (With analog Tags) text displayed as ‘Unit’ in datalogging when the data is retrieved. It can also
be displayed when selecting as format ‘Value + unit’ in the report or WebForm.
# dec (With analog Tags) the quantity of decimals of the value displayed
State On/Off (With digital Tags) Text appearing when value = 1 / 0
Write allowed If the Tag is declared in a WebForm, allows defining a writing access to the Tag, within a specific
range.

8.5 Run Time Parameters

Run time parameters feature allows accessing some TBOX MS configurations through Tags, in order to modify them
"on line".
For instance, to change a tel. number of a SMS recipient, the e-mail address of a recipient, the address of SMTP server, the
handling of alarm condition, …
When a configuration provides access to run time parameters, a tab is attached to the configuration.
Example with Alarm Recipient, Mobile Number
In the Recipient, configuration, you go to the tab “Runtime You associate the Tag, to the parameter you want to
Parameters” modified “on line” from TWinSoft, a WebForm, a SCADA, ...
The format of the Tag depends on the parameter (Bool, Byte, Word, Float, Text)
Changing of parameters is maintained in case of power cycle, reset, reboot and watchdog.
Original configuration is restored in case of sending new program or OS and doing stop/start from TWinSoft.
8.5.1 Modbus Device

Parameter Tag Format
Station Address Byte
URL Text(120)
Port TCP Word
8.5.2 Alarm Parameters

Alarm Condition
Parameter Choice Tag Format
Handling 0 = enabled Byte
1 = disabled
2 = power fail
3 = DisAla
4 = DisAla2
5 = DisAla3
6 = DisAla4
Threshold (analog) Byte or Word or DWord or Float
Hysteresis (analog) Byte or Word or DWord or Float

Alarm Recipient
Parameter Recipient Type Tag Format
Phone Number ModBus, SMS, Printer, RAS, Custom Text (20)
E-mail To Email Text (120)
E-mail Cc Email Text (120)
Tries All Byte
Path FTP Text (120)
Name All Text (16)
Alarm Time Slices

From Hour Byte
From Min Byte
To Hour Byte
To Min Byte
Alarm Holidays
Day Byte
Month Byte
Year Word
8.5.3 Datalogging Parameters

Chronologies Condition
Parameter Choice Tag Format
Handling 0 = enabled Byte
1 = disabled
2 = power fail
3 = DisCra/DisCrd
Variation (analog) Byte or Word or DWord or Float
8.5.4 IP Parameters
ISP
Phone Number Text (20)
User Name Text (30)
Password Text (30)
FTP
Host Text (120)
TCP Port Word
User Name Text (30)
Password Text (30)

SMTP
Server Text (120)
TCP Port Word
E-mail From Text (50)
Authentication Bool
Login Text (40)
Password Text (40)
POP3
Server Text (120)
TCP Port Word
Authentication Bool
Login Text (40)
Password Text (40)
NTP
Server Text (120)
DynDNS
URL Text (120)
Authentication Bool
User Name Text (30)
Password Text (30)
HTTP
Server Text (120)
TCP Port Word
Authentication Bool
Login Text (40)
Password Text (40)
VPN
Server Text (120)
TCP Port Word
Authentication Bool
Login Text (40)
Password Text (40)

8.5.5 Communication Port Parameters

Parameter Tag Format (max. length)
(GPRS,3G,4G) Authentication Bool
(GPRS,3G,4G) Login Text (40)
(GPRS,3G,4G) Password Text (40)
(GPRS,3G,4G) ModemInit Text (120)
(GPRS,3G,4G) APN (see below) Text (120)
(GPRS,3G,4G) PIN code (see below) Integer
(GPRS,3G,4G) AT Custom (see below) Text (120)
(Ethernet) IP DWord
(Ethernet) Subnet DWord
(Ethernet) Gateway DWord
(Ethernet) DNS1 DWord
(Ethernet) DNS2 DWord
(Ethernet) Automatic IP Bool
(Ethernet) Automatic DNS Bool
(Serial) Baudrate DWord
(Serial) Parity Byte (0=None, 1=Even, 2=Odd)
(Serial) StopBits Byte
(Serial) DataBits Byte
(Serial) FlowControl Byte (1=Hard flow control, 2=No flow control)
MasterTimeOut Word
PacketReceptionDelay Word
SlaveIFG Word
About PIN Code (as of OS 1.42.455)
To prevent sending the wrong PIN code to TBox, the procedure should be:
• Let the field in TWinSoft empty
• Associate an "INTEGER” Tag to the Runtime parameter “PinCode”
• Compile and send program to TBox
• The Tag will automatically be assigned a value of -1 meaning there is no PIN code; indeed !
• Assign the PIN code corresponding to the SIM card to the Tag
• Reset the digital communication variable by setting COMx_HookLink=0
About APN (as of OS 1.42.455)
When changing the APN in runtime mode, a reset of the GSM is required to run the new APN by setting
COMx_HookLink=0.
About AT Custom (as of OS 1.42.455)
The AT custom is sent at each "AT Check", which occurs every minute.
If AT custom is empty no command is executed.

8.5.6 RTU Properties

Parameter Tag Format (max. length)
StationName Text (11)
POP3AckTimeout Word
SMSTimeout Word
HTTPServerPort Word
FTPServerPort Word
ModbusOverTCPPort Word
ModbusOverUDPPort Word
HTTPServerPort Word
ModBusTCPSlavePort Word
ModBusStationAddress Byte

9 IP Parameters
IP parameters consist in the global configuration for TCP/IP services:
• Connecting to an ISP (dial-up connection)
• Sending files: FTP(S), SFTP
• Sending e-mail: SMTP(S)
• Reading e-mail subject: POP3
• Time synchronization: NTP
• DynDNS: handling of public, dynamic IP addresses
• Configuring Virtual Server rules
• Configuring IP Bridges
• Configuring HTTP POST to a server
• Configuring a connection to TConnect through Ethernet
Concerning IP configuration of Ethernet port, refer to chapter 7.1.4
All TCP/IP services are defined in a

Folder, available from the
‘Resources’.
The FTP Server, SMTP Server, POP3 Server and NTP configurations correspond to connections to the appropriate servers. It
is done for once, and called when creating a recipient of alarms.
This makes creating alarm recipients very easy!
Example with sending e-mail through a GSM connection:

– The Recipient is of type ‘e-mail’ with the recipient's e-mail address and it refers to a SMTP server.
– This SMTP server uses the GSM modem connection.
In other way round, when TBOX MS sends an e-mail, it sequences the tasks like following:
– Connection to a the GSM network (APN) → connection to a SMTP Server →sending to a recipient (e-mail address).

9.1 ISP configuration

ISP stands for Internet Service Provider. An ISP represents the entrance to Internet.
It is required to access Internet with a dial-up connection: PSTN, GSM-DATA (CSD).
It represents the connection to the company you call to access an Internet service, like sending e-mail or files (FTP).
Some among the most well-known: AT&T, Scarlet, Tiscali, …
When you want TBOX MS to send e-mail or send files to a FTP site through a dial-up connection, you subscribe an account
to an ISP.
Using the button ‘Import…’ you
access an existing ISP
configuration you have tested
successfully on the PC.
Name: It is the name of the provider.
Modem: a connection to an ISP is always carried out

through modem. Select the modem.
Phone number: It is the phone number of the provider

TBOX MS must dial to send an e-mail or files.
Dial Prefix: The default dial prefix to connect to an ISP

(ATDT). It should not be changed unless the modem
needs a particular configuration.
User name: It is the name of your account needed to

access Internet (usually it is given by the ISP).
Password: It is the password of your account needed to

access Internet (usually it is given by the ISP).
DNS : A DNS converts names in IP address. It is needed in case the Server (SMTP, FTP, NTP, POP3) is indicated in 'text' and
not with an IP address.
Most ISPs support dynamic DNS , they provide the DNS addresses when connecting.
If this is not the case, they provide you with a ‘Preferred’ and ‘Alternate’ DNS address.
You can declare several ISP entries!

Then they can be used in redundancy to access internet services (FTP, e-mail, NTP).
You are also allowed to define several SMTP Servers (see next), associated to different ISPs. Creating
the alarm recipient, you can select the ‘Redundancy’ option

9.2 FTP(S) Server

FTP stands for File Transfer Protocol. When subscribing an account to an ISP, usually you have some Mbytes to your
disposal for sending files. It supports secure, encrypted communication.
The FTP server represents the target when sending files. The directory where the files are sent is defined in the Recipient
(see chapter 11.4).
The sending is generated through an alarm recipient “FTP”. TBOX MS connects to Internet (through a connection: ISP,
Ethernet or GPRS/3G) and then connects to the FTP server.
Name: It is a free name, to recall when you create the

alarm recipient
Address: text and IP address are accepted.
Connection: You select the way to connect to the

Server (ISP, GPRS/3G, Ethernet).
TCP port: Each TCP/IP service has its own unique TCP
port. It provides a logical location for the delivery
of TCP data.
TCP port used by TBOX MS to establish FTP
connection (default=21).
Mode: A FTP connection uses 2 sockets: one CONTROL

and one DATA connection. The mode determines
which party takes the initiative of the DATA
transfer
Passive: During the CONTROL connection (port=21),

TBOX MS sends a request PASV. The server
returns a TCP port to use during data connection
TBOX MS initiates the DATA connection to
destination TCP port given by the Server during
the CONTROL connection
Active: During the CONTROL connection (Port=21),

TBOX MS sends a request with IP address and the
Active port (to access the IP address).
The Server initiates the DATA connection
(port=20) to destination TCP port given by TBOX
MS during the CONTROL connection.
Host Validation: see Appendix I, Handling Certificates
FTP: If required by the server, TBOX MS supports FTPS, for secure encrypted connection. It uses SSL as cryptographic
protocol
Login: Depending on the account you have subscribed, you have a login or work with ‘Anonymous login’.
Account: Some Servers require an account name. If it is not the case, leave this field empty.
This is the basic configuration to connect to the ‘FTP site’. You do not declare a directory in this
configuration, but when declaring the ‘Recipient’ (see chapter 11.4. The Recipients).
This allows creating any combination:
- several ‘FTP recipients’ to one FTP site
- several ‘FTP recipients’ to different FTP sites.
-…

9.3 SFTP Server

SFTP provides secure in transferring files, using SSH protocol.
It is also called Secure File Transfer Protocol.
The SFTP server represents the target when sending files. The directory where the files are sent is defined in the Recipient
(see chapter 11.4).
The sending is generated through an alarm recipient “SFTP”. TBOX MS connects to Internet (through a connection: ISP,
Ethernet or GPRS/3G) and then connects to the SFTP server
Server name: It is a free name, to recall

when you create the alarm recipient.
Server address: Address of the site. It can

be in IP format or in 'text' format. In this
last case, the DNS must be specified for
the communication port used to send the
file(s).
Connection: Connecting through dial-up

modem, you select the ISP you have
previously created.
Connecting through Ethernet or
GPRS/3G, select directly the
corresponding COM port.
TCP port: Each TCP/IP service has its own

unique TCP port. TCP port used by TBOX
MS to establish SFTP connection
(default=22).
Login: Depending on the account you have subscribed, type the name and password.

9.4 SMTP(S) Server

SMTP stands for Simple Mail Transfer Protocol. It is usually the main reason for subscribing an account to an ISP, for
sending e-mail. It supports secure, encrypted communication
Concerning e-mail, TBOX MS is able to send e-mail (through SMTP server) and to read e-mail (through
POP3 server)
The SMTP Server represents the mail server used for sending e-mail (typically the one of the ISP where we have subscribed
and account).
The sending is generated through an alarm recipient “SMTP”. TBOX MS connects to Internet (through a connection: ISP,
Ethernet or GPRS/3G) and then connects to the SMTP server.
Name: It is a free name, to recall when you create
the alarm recipient.
Mail Server (SMTP): It is the IP address (or the
name) of the outgoing e-mail Server. It is the
unique mail Server needed to send e-mails.
E-mail address: It is the e-mail address of the
TBOX MS . You can usually choose it when
you subscribe an account. This address will
appear in the 'From:' when receiving the e-
mail.
Server (ISP, GPRS/3G, Ethernet).
TCP Port: Each TCP/IP service has its own unique
TCP port. It provides a logical location for the
delivery of TCP data.
TCP port used by TBOX MS to establish
SMTP connection (default=25).
SMTPS: If required by the server, TBOX MS
supports SMTPS, for secure encrypted
connection. It uses SSL as cryptographic
protocol.
In order to protect the mail sever (and you) against spamming, the ISP risks to refuse sending e-mail if the
address of the originator is not known. Therefore, be careful to indicate here the e-mail address you have
received from your ISP

The Server requires authentication: Depending on your ISP and on the way you send e-mail, authentication might be
needed to send e-mail.
Usually, when you have subscribed the e-mail account at your ISP it is not required.
To be sure, if you have created this account to a PC, check its configuration otherwise contact your ISP.
TBOX MS supports two SMTP authentication protocols: PLAIN and LOGIN Authentication.
Check with your ISP
9.4.1 About SMTP Redundancy

If you create more than one SMTP Server, they can be used in redundancy according to their order in the list.
You decide to work with redundancy when creating the e-mail recipient (see chapter 11.4).

9.5 POP3 Server

POP3 stands for Post Office Protocol 3. It is used to check and collect e-mails in a mail box.
The POP3 Server represents the mail server used to read mails previously sent to the attention of TBOX MS .
The use of POP3 is not to retrieve e-mail, but to read the field "Subject" and take some actions.
Two actions can be taken by sending e-mail to TBox:
Alarm acknowledgment sent through e-mail (see next page)
RTU monitoring with predefine message (see chapter 12. ReadSMS/POP3)
The checking of e-mail is generated through an alarm recipient “POP3”. TBOX MS connects to Internet (through a
connection: ISP, Ethernet or GPRS/3G) and then connects to the POP3 server.
Name: It is a free name, to recall when you create the alarm recipient.
POP3 Server: It is the IP address (or the name) of the POP3 Server to which TBOX MS connects to read e-mails
Connection: You select the way to connect to the Server (ISP, GPRS/3G, Ethernet).
TCP Port: Each TCP/IP service has its own unique TCP port. It provides a logical location for the delivery of TCP
data.
TCP port used by TBOX MS to establish POP3 connection (default=110).
POPS: If required by the server, TBOX MS supports POPS, for secure encrypted connection.
It uses SSL as cryptographic protocol
The Server requires authentication: If authentication is required to connect to the server: Login and Password.

9.5.1 Alarm Acknowledgment through POP3

Introduction
With TBOX MS sending a SMS through a GSM, it is possible to acknowledge the alarm by sending back a SMS to TBOX MS
In some countries, SMS can only be sent through email. A POP3 connection can then be used to acknowledge the alarm.
Sequence of connections
1. TBOX MS sends an e-mail. The alarm condition has been configured with the option "POP3 Ack". It is important you
have a dedicated e-mail account for your RTU. The data sent by e-mail can be a report or a message.
2. The recipient retrieves its e-mail. The field "Subject" of the e-mail is preceded with internal data: RTU Id (I)
Alarm index (A)
Example of message: #I460000020107,A00004# MyTBox: PUMP stopped
3. The user sends back the e-mail. Typically, he will make a "Reply" and sends back the e-mail to the address as specified in
point 1. above, in the SMTP server
4. TBOX MS generates a POP3 connection (through alarm condition) and checks the presence of e-mail with specific data
in field "Subject". With this data, TBOX MS knows which alarm for which RTU it can acknowledge.
The POP3 connections have to be handled into your process and can be checked from System Variables (see below)
Illustration with a TBox MS
Supplementary information
1. The time between phases 1 and 4 can be determined in RTU properties --> Advanced Alarms properties
2. System Analog Variable: #40 [AlaPop3] indicates the quantity of alarms needing to be acknowledged by POP3
connection and #43 [Pop3State] indicates the state of connection.
3. If escalation is required, Group of recipients can be associated to the alarm condition
4. Like other alarms, failure in sending SMTP alarms can be checked using System Digital Variable:
#06 [AlaErr] and System Analog Variable: #10 [AlaRec]
5. Error in POP3 connection can be detected also using System Digital Variable: #48 [POP3Err]

9.6 NTP Server

NTP stands for Network Time Protocol, an Internet standard protocol (built on top of TCP/IP) that assures accurate
synchronization of the clock of TBOX MS .
The NTP Server represents a server dedicated to time synchronization.
The time synchronization is generated through an alarm recipient “NTP”. TBOX MS connects to Internet (through a
connection: ISP, Ethernet or GPRS/3G) and then connects to the NTP server.
Example with a connection to Windows server through Ethernet
Examples of Servers:
– time.windows.com
– europe.pool.ntp.org
You will find valuable information, like lists of Servers with open access at:
www.ntp.org → public time server list
The organization pool.ntp.org proposes servers using DNS round robin, which make a random selection from a pool of
open access time servers. This is good enough when working with TBOX MS .
Round Robin DNS technique is used when the number of access to a server is unpredictable, to balance the use of IP
addresses (load balancing technique).
9.6.1 Time accuracy

When setting time, TBOX MS takes into account the propagation delay. This is particularly important when connecting to
the server via modem.
The precision is of 1 second.

9.7 DynDNS
DynDNS stands for Dynamic Domain Name System.
It is a service, provided by companies like www.DynDNS.org or www.noip.com, offering the handling of dynamic IP
addresses.
When working with GPRS connection, using public dynamic IP addresses, it is not possible to access the RTU directly, as you
don't know its IP address.
The DynDNS service solves this problem: each time the RTU detects a changing of its IP address, it informs the DynDNS
server.
You then connect to the DynDNS Server that will redirect you to the RTU.
Example of Topology : connecting with a browser to a RTU having a GPRS dynamic IP address
Sequence:
1. Detecting a changing in its IP address, the RTU informs the DynDNS Server.
2. The browser connects to the DynDNS Server
(example: http://waterloo.dyndns.org). The DynDNS Server resolves the name and sends back the corresponding IP
address.
3. The browser connects to the IP address it has received.

9.7.1 How to configure DynDNS in TBox

1. Subscribe a DynDNS account:
– Go to www.dyndns.org or www.no-ip.com (examples of DynDNS services)
– Create an Account
– Create a Host
2. Create in TWinSoft IP Parameters the connection to DynDNS:
Name: Type any name
Server: DynDNS Server to which TBOX MS will connect

when it detects a changing in its IP address. It should not
be changed.
Path: Location in the server of the table of correspondences

between IP address --> name. It should not be changed.
Url: You type the host address you have creating when
subscribing the DynDNS account.
Example: waterloo.dyndns.org
Let DydDns detect IP address from source

Select this option if the TBOX MS is behind a Router that
do not support Dynamic DNS. In such case TBox will
report to the Dynamic DNS server the IP address of the
Router and not its own address.
Server requires authentication

Select the option to type the login corresponding to the
account you have created at DynDNS organization.
User Name: Type the login name of your account.
Password: Type the login password of your account.
3. Associate the DynDNS connection to the

modem (see communication port: TCP/IP
Advanced...)

9.8 Virtual Server

To access Virtual Server configuration, you have to activate “RTU properties” -> “Protection” -> “Enable
Advanced IP Configuration” (see chapter 16.1.8) and “RTU properties” -> “Advanced” -> “TCP/IP”, check
Virtual Server (see chapter 6.6.7)
Virtual Server Parameters allow defining specific routes (in <--> out) based on IP protocol and TCP port
Virtual Server Parameters Example
Accessing a Camera with IP address 192.168.1.100 connected to Ethernet, through a 3G connection using TCP port=81
Any request arriving with TCP port =81 will be redirected to IP address 192.168.1.100.
Example: http://78.25.56.126:81/jpg/image.jpg
Incoming Protocol The incoming protocol that has to be routed.
Incoming Port The incoming IP Port that has to be routed.
Destination IP address The IP address to which data coming with above settings has to be routed.
Destination Port The IP port used for data sent to the destination IP address.
Activate Allows activating/deactivating a Virtual Server rule

9.9 IP Bridge
9.9.1 Introduction
What is a Bridge ?
A Bridge is a device that connects two or more networks as a seamless single network. It supports any protocol as it
operates on MAC-layer addresses, and then protocol independent. The bridge passes packets according to the destination
and its internal table of addresses.
Why do we need a Bridge with TBox ?
To share 2 x IP interfaces with the same IP address. See an example below with MS-CPU32-X.
How do we configure a Bridge with TBox ?
From the IP Parameters folder, go to "IP Bridges" you create a Bridge and define an IP address.
Then you attach this Bridge configuration to the communication ports you want to bridge (see TCP/IP configuration).
The IP address of the bridge has then priority on the one originally defined for the communication port.
9.9.2 Configuration
You define the IP setting of the

Bridge.
This IP will be attached to each
port that needs to be bridged.
(See Ethernet IP settings chapter
7.1.4)

Type – Bridge: A Bridge is a device that connects two networks as a seamless single network. It supports any protocol as it
operates on MAC-layer addresses, and then protocol independent. The bridge passes packets according to
the destination and its internal table of addresses.
Type - Bonding: With MS-CPU32, connecting network interfaces together for redundancy purpose or to increase
throughput. The bonding implies a division of the traffic at low level either per packet (Layer 3) or data link
(Layer 2), using the same socket (Layer 4).
With MS-CPU32-S2, bonding status is available through the “HookLink” variable associated to the
communication ports. It informs not only on the physical link to the device it is connected to, but also to
interface activity (an interface may be inactive even if link is up, as the link may be broken behind the
switch). Because of difference in LINUX version and ARP monitoring, bonding status is not available with
MS-CPU32 , only the link status to the device it is connected to.
Make sure the SWITCH allows "Bonding".
Spanning Tree: It is an option of bridged Ethernet network, to ensure a loop-free topology. This protocol ensures a unique
path between 2 devices, to prevent broadcast radiation and overloading of the network.
Required when connecting 2 Ethernet ports bridged to two routers connected together, to avoid loops
between the 2 routers. Spanning tree will define one way for communicating.
Example with MS-CPU32

In IP ports you want to bridge, select the bridge you have configured as above.
The IP of the bridge will be applied to each port.
Example with MS-CPU32X

9.9.3 Example with MS-CPU32X.

In example below, one wants to access remote camera connected to TBox Ethernet.
By default in TBox, each IP port in TBox is separated from each other. The bridge represents a virtual connection between
the ports.
When you need to access devices through different connections, you bridge the ports.
The bridges are represented with the dot lines.
The easiest is to draw the connections needed to access the devices and then you visualize which ports to bridge together.

9.9.4 Sending Configuration through a Bridge

With example above, imagine TWinSoft is connected to COM3 of CPU#1 (192.168.1.11) and you wish to update the
application of CPU#4.
In menu “PC setup”:
Uncheck “Always use IP address of the RTU”
Type the IP address of destination TBox

(192.168.1.51 in this case)
Check “Don't change IP address after sending

program”

9.10 HTTP Server

HTTP Server stands for Hyper Text Transfer Protocol. This configuration allows posting files to a HTTP server. (TBOX MS
does not support "Put").
A HTTP request "Post" consists in a URL to the HTTP server, typically to a page <myfile>.php.
When received by the server, it executes the script associated. Typically copy files into a directory.
TBox uses the Content-Type: multipart/form-data . This allows sending multiple files in one connection, when sending a
report including attachments (other reports, camera image, ...)
Example of php Script
– With the above example, the .php file should be declared into the root of HTTP server.
– Then create a sub-directory ..\upload from the root.
– The report sent by HTTP POST will be copied in the ..\upload directory.
The HTTP Server represents the target when sending files. The directory where the files have to be sent is defined in the
Recipient (see chapter 11.4).
First, TBOX MS connects to Internet (through a connection: ISP, Ethernet or GPRS) and then to the HTTP server.
TBOX MS is able to send, on demand or on a regular base a file (typically a report) to the HTTP server. Sending is generated
from an alarm condition associated to a HTTP recipient.

Host name: It is a free name, to recall when you create the alarm recipient.
Server Address: Address of the server. It can be in IP format or in 'text' format. In this last case, the DNS must be specified
for the communication port used to send the file(s).
Connect: Connecting through dial-up modem, you select the ISP you have previously created. Connecting through Ethernet
or GPRS, select directly the corresponding COM port
TCP Port: Each TCP/IP service has its own unique TCP port. It provides a logical location for the delivery of TCP data.
TCP port used by TBox MS to establish FTP connection (default=80).
HTTPS: The server requires a secure connection: TBox MS supports HTTPS, for secure, encrypted connection. It uses SSL as
cryptographic protocol
Authentication: The Server requires Authentication: depending on the target on HTTP server, authentication might be
needed to post files
Headers: A header might be required to POST files to the server
Example:
A protected directory contains 2 files:

.htpassword: login:password (encrypted)
.htaccess: full path of .htpassword + advanced options

9.11 TConnect Server

There is VPN configuration to establish connection between TBox and TConnect (see chapter 10.1.3).
But a VPN connection to TConnect is not always required, depending on the topology:
In case TBox can be accessed from a LAN it might not require a VPN connection, but we might need to centralize access to
TBox through TConnect, to centralize access control to TBox.
If we want to access TBox through Ethernet but it requires to be configured in DHCP; one does not know IP address of TBox.
TBox will be accessible through TConnect.
Working with an existing OpenVPN server. TConnect and TBox are clients of the OpenVPN server. No need to double the
VPN configuration. Just a link to TConnect through the existing VPN connection is required to centralize access to TBox
through TConnect
This configuration will allow TBox to initiate a connection to TConnect, when VPN is not required.
HTTPS must be activated. See chapter 6.4.3
Name: It is a free name
Address: to access TConnect. Text or IP address are

accepted.

TConnect (GSM or Ethernet).
TCP port: Connection is carried out using HTTPS. Set

port used by TConnect (default=443).
Interface name: the name given in TConnect to its

Ethernet interface
Username - Password: the data of the “Outstation

account” created in TConnect

9.12 Trace Log

The Trace Log feature is a powerful tool to debug the TBOX MS , like modem connection or TCP/IP connection.
When you are online with your TBOX MS , it can be accessed from the menu 'Communication' -> 'Retrieve from TBox' ->
'Trace Log'.
Many events, related to many tasks are stored in the log. To adjust the analyses, TWinSoft provides 2 filters:
Level: The level allows you selecting the kind of messages (verbose, warning, info, ...). You can also select 'All' to display
all levels of messages.
Class: The Class allows you selecting the feature for which you want to display message (modem connection, sending e-
mail, ...).
Example With All Levels and All Classes
Time Range: You can select a “relative” or “absolute” time range.
Log can be filtered at recording level, using the analog system variable [LogClass]. See chapter 7.4.2.
TBOX MS can store 64 kbytes of data for Trace Log. When this amount is reached, newer data replaces older
data.

9.12.1 Diagnostics
By connecting with a browser to a specific URL of your TBOX MS , you can retrieve many system data from TBox, like the
log viewer (equivalent to the trace log) or the running processes:
Some Examples
LogViewer

IF Config
SysLog
Some LINUX level tasks are stored in a log and can be accessed using the Syslog protocol.
The tasks recorded are:

• Login
• Login failure
• Logout
• Login source (http, modbus, ftp, ssh, ...)
• Application update
• I/O simulation
Example of Logs
Jul 19 11:28:19 tbox-cpu32 user.notice tbox[4639]: modbus: 172.25.110.34 auth succeed for 'MAYA'
Jul 19 11:28:19 tbox-cpu32 daemon.notice proftpd[4654]: 0.0.0.0 - ProFTPD 1.3.3(stable) (built Tue
Sep 25 2012 15:17:28 CEST) standalone mode STARTUP
Jul 19 11:29:16 tbox-cpu32 user.notice tbox[4639]: http session: 172.25.110.34 auth succeed for
'MAYA'
Jul 19 11:29:49 tbox-cpu32 authpriv.info dropbear[4549]: Exit (twinsoft): Exited normally
Jul 19 11:29:50 tbox-cpu32 authpriv.info dropbear[4672]: Child connection from 10.8.10.2:60631
Jul 19 11:29:51 tbox-cpu32 authpriv.notice dropbear[4672]: Pubkey auth succeeded for 'twinsoft'
with key md5 c8:f8: . . . from 10.8.10.2:60631
Jul 19 11:30:10 tbox-cpu32 authpriv.info dropbear[4672]: Exit (twinsoft): Exited normally
Jul 19 11:30:11 tbox-cpu32 user.notice tbox[4639]: modbus: COM1 auth succeed for 'MAYA'
Jul 19 11:32:35 tbox-cpu32 user.notice tbox[4639]: http session: 10.8.10.2 auth succeed for 'MAYA

10 IP Security
IP security services are:
• VPN
• Firewall (must be activated from the RTU properties -> IP security)
10.1 VPN
10.1.1 Introduction
This feature provides secure connections using OpenVPN.
OpenVPN version used: 2.4.7.
TBOX MS can be configured as "Client" or "Server" in mode routing (Tun).
Any physical media can be used (Ethernet, 3G/4G, …). The VPN connection represents a new communication port, including
its communication variables.
As we have “COM3-Ethernet" or “COM4-GSM", we have new com. port(s) "VPN".
It supports site-to-site type of VPN.
10.1.2 How does OpenVPN work ?

Asymmetric Authentication
Asymmetric authentication uses a pair of keys:

– the public key
– the private key, not known by anybody.
When "Client" connects to the server, they exchange their certificate, which are checked using the CA certificate.
Each party receives the other one certificate, it checks whether the certificate is signed by the master root certificate as
specified in its CA certificate.
If the verification succeeds, the symmetric key (DH key) is exchanged between parties.
This asymmetric mechanism allows keeping this symmetric key secret.
Each partner is now able to encrypt data and the VPN tunnel is up.
Symmetric Encryption
Once parties have authenticated each other, meaning the VPN is up and secured, each client uses the symmetric key (DH
key) to encrypt and decrypt data.
Symmetric encryption highly improves time performance of communication.
OpenVPN is relying on a proper time consistency between Client and Server. If the time between
Client and Server is too high, the connection might fail.
More information at http://openvpn.net/index.php/open-source/documentation/manuals.html

Name: Type a name, without SPACE.

This name will be the reference to your
VPN entry, like in the list of communication
ports to protect, or as default prefix to the
communication variables, ...
Type: Select what TBOX MS will be: "Server",

"Client" or “TConnect” (see chapter 10.1.3
below).
Note that other parties need to support
OpenVPN.
It can be a PC or a TBox.
Connection:
When TBOX MS is "Client": you indicate
which communication port is used to connect
to the server.
Select an IP port available.
Server Address When TBOX MS is "Client": you indicate the IP address of the server.
In case you access the Server through Internet, you indicate the public IP address (or name if
accessing through dyndns for instance).
When TBOX MS is "Server": The Server acts as DHCP server, therefore, when VPN tunnel is built, it
attributes an IP address to the “Client” in the range of VPN subnet (see below).
This address is available in the ACV [OpenVPN.IPaddress].
Regarding DNS address, to access sites using names through the VPN connection, TBOX MS receives it
from the server.
Port Select the port used by OpenVPN.

Default: 1194
Auto Connect By default, TBox connects automatically.
If you uncheck this option, you have to use the digital communication variable <VPN.VPNcon> to
connect/disconnect:
• VPN.VPNcon=0 -> exit OpenVPN process
• VPN.VPNcon=1 -> restart OpenVPN process
Digital Communication Variable [VPN.HookLink=1] indicates the VPN is up. Writing [VPN.HookLink=0]
disconnects properly VPN connection.
VPN Subnet When TBOX MS is "Server": you have to indicate the IP subnet of VPN tunnel.
TBOX MS "Server" acts as DHCP server: the client(s) connecting to TBOX MS will receive an IP
address in the range of the subnet.
TBOX MS "Server" uses the first address of the subnet.
Protocol Two transport protocols can be encrypted to build VPN tunnels: UDP or TCP.
Select the one used in the tunnel.
Certificates and keys can be created using OpenSSL.exe.

CA Certificate: The certificate signed from a Certification Authority. It is used to check the authenticity of the
partner certificate.
Working in an internal network, you have to create your own self-signed CA.
After having generated certificates using OpenSSL, copy the content of CA.crt here
(file generated with build-ca.bat).
Certificate Partner certificate.
Working in an internal network, you have to create your own certificate.
Client: After having generated certificates using OpenSSL, copy the content of <client>.crt here
(file generated with build-key.bat)
Server: After having generated certificates using OpenSSL, copy the content of <server>.crt
here (file generated with build-key-server.bat).
Key It is the private key required for Authentication, associate to the certificate.
Client: After having generated certificates using OpenSSL, copy the content of <client>.key here
(file generated with build-key.bat)
Server: After having generated certificates using OpenSSL, copy the content of <server>.key
here (file generated with build-key-server.bat).
DH Key To declare on the Server only. It is used to encrypt and decrypt data transferred in the tunnel.
After having generated certificates using OpenSSL, copy the content of dh1024.pem here
(file generated with build-dh.bat).
Advanced the default parameters are:
Parameters persist-key
persist-tun
comp-lzo
keepalive 10 120

10.1.3 Connection to TConnect

The use of this configuration is to provide an access to TBox through TConnect.
By selecting the type of connection “TConnect Client”, you will let TBox requests an OpenVPN configuration from
TConnect.
One restriction, TConnect must be accessible to TBox, either through a public IP or in the same LAN (WAN) of TBox.
In the fields "TConnect"

you indicate “User” data
corresponding to the
TConnect interface used
to access TBox through
TConnect.

10.2 Firewall
To access Firewall rules, make sure you have activated Firewall from the “RTU properties” -> “IP
security” (see chapter 6.4)
Two kinds of rules can be applied:

• Input: to prevent incoming access
• Forward: to prevent access through TBox when configured in IP forwarding
10.2.1 Firewall “Input”

When Firewall has been activated from the RTU properties, all incoming accesses to TBox are blocked.
Outgoing connections, like sending mail or files are not affected.
By defining rules, you will control access for displaying HTM files, for access with TWinSoft, with SSH console, ....
A rule defines an exception: it gives

access to TBOX MS based on:
• Service
• Protocol
• TCP Port
• IP address(es)
• Communication Port
• Mac address

Services Any: all IP services have access to TBox. You filter access based on source IP only (see below).
Custom: you select the protocol and the TCP port yourself (see below).
ModBus, FTP, HTTP, HTTPS: server services available in TBox. Protocol is set by default to "TCP" and the
port as defined in "RTU properties" -> "Advanced TCP /IP".
Protocol If you have selected "Custom" as service (see above)
Any: all protocols (UDP, TCP, ICMP) have access to TBox. You can filter access based on TCP port and/or
source IP (see below).
UDP, TCP, ICMP: you select the protocol yourself.
PING protocol is supported by TBOX MS . It works on ICMP protocol for which there is no TCP port.
Port When selecting a "Custom" service, you can type a TCP port.
When selecting a specific service, the TCP port is automatically set as defined in "RTU properties" ->
"Advanced TCP /IP".
IP Source Any: Any source IP address can access TBox.
Single: you type a unique IP address.
Subnet: you type an IP address and a subnet mask, to filter on a group or IP addresses.
Examples:
IP: 172.25.110.0 Subnet: 255.255.255.0 ALL IP addr. in the range 172.25.110.xxx
IP: 172.25.110.80 Subnet: 255.255.255.224 ALL IP addr. in the range 172.25.110.64...96
Mac Source Any: Any Mac address can access TBox.
Single: you type a unique source Mac address (of PC, HMI, ...) that is allowed to access TBOX MS .
Syntax: xx:xx:xx:xx:xx:xx -> with xx in hexadecimal
Example: F8:B1:56:AB:56:F6
Limit This will limit the number of incoming connections per second for the service selected above. Beyond
the limit the frames are rejected, until next second.
• Regarding UDP the limit is the number of frames per second.
• Regarding TCP the limit is the number of incoming SYN per second.
This protection participates to the protection against DoS (Denial of Service) by limiting the incoming
traffic.
When being polled in Modbus, take this traffic into account.
Connected Port Select in the IP ports available in the TBOX MS the port you want to
Activate Uncheck the box in case you don't want the rule to be applied but don't want to delete the rule neither.
Example of Rules
Once created, the rules

appear in the list.
The order has no

importance.

Access authorized:
1. ModBus-TCP on COM3 from IP 172.25.110.80 only
2. HTTP on COM3 from any IP in the range 172.25.110.xxx
3. SSH on COM3 from 172.25.110.80 only
4. FTP Server on COM3 from any IP
5. PING on COM3 from any IP
6. HTTPS only on COM4 (3G) from any IP
10.2.2 Firewall “Forward”

When Firewall has been activated from the RTU properties, IP forwarding, NAT and Virtual Servers rules are blocked. By
defining forward rules, you will control data communication between ports.
A rule defines an exception: the control of interconnection between ports is based on:
• 2 x IP communication ports (IN -> OUT)
• Protocol
• TCP Port
• Source IP address
• Destination IP address
The Forward entries provide automatically Firewall rules to the outgoing port.
Concerning the incoming port, make sure you have defined input rules (see above).

Communication Ports: Select both ports concerned by data forwarding (From .. To)
Services Any: all IP services have access to TBox. You filter access based on source IP only (see below).
Custom: you select the protocol and the TCP port yourself (see below).
ModBus, FTP, HTTP, HTTPS: server services available in TBox. Protocol is set by default to "TCP" and the
port as defined in "RTU properties" -> "Advanced TCP /IP".
Protocol If you have selected "Custom" as service (see above)
Any: all protocols (UDP, TCP, ICMP) have access to TBox. You can filter access based on TCP port and/or
source IP (see below).
UDP, TCP, ICMP: you select the protocol yourself.
PING protocol is supported by TBOX MS . It works on ICMP protocol for which there is no TCP port.
Port When selecting a "Custom" service, you can type a TCP port.
When selecting a specific service, the TCP port is automatically set as defined in "RTU properties" ->
"Advanced TCP /IP".
IP Source Any: Any source IP address can access TBox.
Single: you type a unique IP address.
Subnet: you type an IP address and a subnet mask, to filter on a group or IP addresses.
Examples:
IP: 172.25.110.0 Subnet: 255.255.255.0 ALL IP addr. in the range 172.25.110.xxx
IP: 172.25.110.80 Subnet: 255.255.255.224 ALL IP addr. in the range 172.25.110.64...96
Mac Source Any: Any Mac address can access TBox.
Single: you type a unique source Mac address (of PC, HMI, ...) that is allowed to access TBOX MS .
Syntax: xx:xx:xx:xx:xx:xx -> with xx in hexadecimal
Example: F8:B1:56:AB:56:F6
Destination Any: Any destination IP address TBox is communicating with.
Single: you type a unique destination IP address TBox is communicating with.
Subnet: you type a destination IP address and a subnet mask, to filter on a group or IP addresses.
Limit This will limit the number of incoming connections per second forwarded per interface to prevent
brute-force attack. Beyond the limit the frames are rejected, until next second.
Regarding UDP the limit is the number of frames per second.
Regarding TCP the limit is the number of incoming SYN per second.
This protection participates to the protection against DoS (Denial of Service) by limiting the incoming
traffic.
When forwarding Modbus transaction to multiple devices, take this traffic into account.
Activate Uncheck the box in case you don't want the rule to be applied but don't want to delete the rule neither.
Example of ”Forward” Rules

Once created, the rules appear in
the list.
The order has no importance.
Forwarding authorised:
1. ModBus-TCP forwarded through COM4-COM3, from any IP address (on COM4) to any IP address (on COM3)
2. HTTP forwarded through COM4-COM3, from any IP address arriving on COM4 to 192.168.1.98 connected to COM3. For
instance a camera with IP address 192.168.1.98 connected to COM3 of TBox

11 Alarms
11.1 Introduction
Alarm module of TBOX MS is the gate to the outside world.
An alarm consists in a communication event, not only for sending warning messages but to establish a connection, like we
will see.
Via alarms, you are able to send SMS message to Mobile phone, send e-mail, send files to a FTP site, to dial another TBox
or a SCADA, …
Alarms can be used also to send historical data (datalogging) on regular base using e-mail or FTP. The historical data is
sent as the attached file of a report, developed using Report Studio.
TView, the data aggregator software can then be used to collect data from a mail box or a FTP site.
The initiation of alarms in the TBOX MS relies on the variation of digital or analog Tags.
For example, an intrusion contact or a flow level generates a call.
The three main items to create an alarm:

• The condition: a changing in a Tag.
• The recipient: to whom the data is sent.
• The message (or report): information to send to the recipient.
11.1.1 The Alarm Stack

Each new alarm is immediately entered into a 32-alarms internal queue (adjustable) and processed, according to the
availability of communication ports required and its severity level. Alarms are generated one by one.
The alarm queue represents the alarms stack: if several alarms happen at the same time or if a communication port is not
available when the alarm happens.
11.1.2 The Event Stack (or Alarms table)

The Events stack, gives information about alarms status (Recipient - Started – Stopped – Acknowledged).
The Events stack (also called Alarms table) is discussed in chapter 11.8.
To access the definition of Conditions, click the folder ‘Alarms’ in the Project workspace and select ‘Conditions’.
According to the Tag you select, you define a digital alarm condition or an analog alarm condition.

11.2 Digital Alarm Condition
Tagname The Tag selected to generate the alarm.

Type The edge on which the alarm is going to be started (rising, falling or both).
Message or text or file associated to the alarm.
Report Depending on the type of recipient associated, you can send a message or a report. It can be a message
sent to a GSM, a message or report sent as e-mail, to a printer or the file sent by FTP …
I always appears in the table of alarms, to distinguish them (see chapter 11.8).
If the alarm condition sends an e-mail, it can be of 2 kinds:
Message: a text message is sent and it appears in the ‘object’ field of the e-mail
Report: sending of a report created with Report Studio. The report must be created from the Project
Workspace and the list of ‘Web & Report files’.
Recipient Select a Recipient or a group of recipients. The ‘person’ you wish to contact in case of alarm (see
‘Recipients’ below).
In case you select a ‘group of Recipients’ see next.
Call all Can be used when selecting a Group of Recipients.
Recipients When the option is cleared: TBOX MS calls the first one in the group. In case the alarm cannot be
acknowledged after the number of tries, TBOX MS automatically calls the next recipient in the group
and so on until it succeeds. Then it stops. (Also known as ‘Chain’)
When the option is checked: TBOX MS sends the alarm to all recipients of the group. (Also known as
‘Link’)
Filter
The time in hour:minute:second during which the condition must stay TRUE, before the call is
generated.
Filter can be tested either during both transitions or only during the transition selected
(see chapter 6.6.2)

Handling The handling option allows blocking each alarm condition, manually or automatically.
Enabled: alarm condition always active.
Disabled: alarm condition always de-activated.
PowerF:alarm condition disabled when there is a main power failure.
DisAla: alarm condition de-activated when the system variable ‘DisAla’ =
Severity Each alarm can be assigned a level of severity: Low, Normal or High. When several alarms
are still present in the queue and then not processed yet, TBOX MS generates the calls
according to the highest severity.
Notify End of Alarm When the alarm condition is finished, the alarm is automatically re-sent to the same
recipient with the same message preceded with a prefix (see chapter 6.6.2).
Example: for a ‘positive edge’ alarm, it is when the Tag returns to ‘0’.
It is also useful when the alarm condition is active when TBOX MS starts up. When ‘end of
alarm’ is checked, an alarm is automatically generated when the alarm condition
disappears (see illustration chapter 11.8: Alarms table).
SMS acknowledge See chapter 12.2
POP3 acknowledge See chapter 9.5.1

11.3 Analog Alarm Condition
Tagname The Tag selected to generate the alarm.

Type Maximum or Minimum.
The threshold for which the alarm will be started. If the value of the analog Tag passes under
(minimum) or over (maximum) this threshold, the alarm is started. If an alarm must be generated for
both a maximum and a minimum threshold, 2 conditions must be declared with the same Tag.
Value The threshold value, according to the format and scaling of the Tag (see chapter 8. The Tags).
Hysteresis The amount that the level must fall or rise below or above the Max. or Min. value before an alarm can
be re-started.
Relation between Value and Hysteresis

With “MAXIMUM” threshold Value > threshold = Alarm TRUE
Value < (threshold – hysteresis) = Alarm FALSE
With “MINIMUM” threshold Value < threshold = Alarm TRUE

Value < (threshold + hysteresis) = Alarm FALSE
Recipient: Select a Recipient or a group of recipients. The ‘person’ you wish to contact in case of alarm
(see ‘Recipients’ below).
In case you select a ‘group of Recipients’ see next.
Call all Recipients To be used when selecting a Group of Recipients.
When the option is cleared: TBOX MS calls the first one in the group. In case the alarm cannot
be acknowledged after the number of tries, TBOX MS automatically calls the next recipient in
the group and so on until it succeeds. Then it stops. (Also known as ‘Chain’)
When the option is checked: TBOX MS sends the alarm to all recipients of the group. (Also
known as ‘Link’)

Message or text or file associated to the alarm.

Report Depending on the recipient associated, it is the SMS sent to a GSM, or the message/report sent
as e-mail or the text printed, or the file sent by FTP …
It also appears in the table of alarms, to distinguish them (see chapter 11.8).
If the alarm condition sends an e-mail, it can be of 2 kinds:
Message: a text message is sent and it appears in the ‘object’ field of the e-mail
Report: sending of a report created with ‘Report Studio’. The report must be created from the
Project Workspace and the list of ‘Web & Report files’.
Filter The time in hour:minute:second during which the condition must stay TRUE, before the call is
generated.
Filter can be tested either during both transitions or only during the transition selected
(see chapter 6.6.2)
Handling The handling option allows blocking each alarm condition, manually or automatically.
Enabled: alarm condition always active.
Disabled: alarm condition always de-activated.
PowerF: alarm condition disabled when there is a main power failure.
DisAla: alarm condition de-activated when the system variable ‘DisAla’ = 1.
Severity Each alarm can be assigned a level of severity: Low, Normal or High. When several alarms are
still present in the queue and not processed yet, TBOX MS generates the calls according to the
highest severity.
Notify End of When the alarm condition is finished, an alarm is automatically sent to the same recipient with
Alarm the same message preceded with a prefix (see chapter 6.6.2).
Example: for a ‘maximum’ alarm, it is when the value returns below maximum - hysteresis.
It is also useful when the alarm condition is active when TBOX MS starts up. When ‘end of alarm’
is checked, an alarm is automatically generated when the condition of alarm disappears (see
illustration chapter 11.8: Alarms table).
SMS acknowledge See chapter 12.2
POP3 See chapter 9.5.1
acknowledge

11.4 Recipients
To access the definition of Recipients, click the folder ‘Alarms’ in the Project workspace and select ‘Recipients’.
The types of recipients supported are:

Internal The alarm is saved in the stack of events and no call is generated.
It can be used to memorize a particular event without generating an alarm or to test an alarm condition.
ModBus It can be Master or Slave.
It is used to establish a dial-up ModBus connection to another ModBus device or a SCADA accepting
unsolicited ModBus communication (for instance TView).
The difference between Master and Slave concerns the handling of the modem connection and
acknowledgement.
A ‘Slave’ connection means that TBOX MS dials equipment and doesn’t do anything else. The dialed
equipment will sample, acknowledge and hang-up. Typically used for instance when dialing TView.
A ‘Master’ connection means that TBOX MS dials ModBus equipment and will also sample this equipment
(with Modbus Transactions).
TBOX MS will then be also responsible for acknowledgment (see chapter 7.4 System Variables [8] AlaID or
[10] AlaRec) and hanging-up (see ‘Advanced’ properties of the communication port used to send the alarm).
A modem parameter: “Hang up timeout”

is used by ‘ModBus-Master’ alarm to
define the maximum connection time.
The maximum value is 600 seconds.
Value=0 means it will

never hang up!

Pager/SMS:to send SMS to a mobile or

message to a Pager.
Select the Service corresponding to the
SIM card in TBox and a Modem.
Type the Phone Number of the Pager or
Mobile.
The default Dial prefix is ATDT. It should
not be changed unless the modem needs
a particular configuration.
Printer: sending of message(s) or report to a local printer.
E-mail: If you have subscribed an e-

mail account (see chapter 9.4.
SMTP Server), TBOX MS is able to
send an e-mail. You only have to
specify the e-mail address of the
recipient.
Sending of e-mail supports Redundancy.

If you have created several SMTP Servers and you select ‘Redundancy’ instead of a Server, TBOX MS will
use the first one in the list (see chapter 9.4. SMTP Server). In case it fails, it will try with the second one and
so on…

FTP: TBOX MS is able to send files to a FTP Host (see chapter 9.2. FTP Server). In the recipient configuration you only
need to indicate the directory where you want to send the files Do not indicate front and end " / ".
SFTP: TBOX MS is able to send files to a through Secure FTP (see chapter 9.3. SFTP Server). In the recipient
configuration you only need to indicate the directory where you want to send the files.
NTP: TBOX MS is able to synchronize its clock with an external NTP server. In the recipient, you only select a server
you have created in the list of NTP Servers (see chapter 9.5. NTP Serve).
RAS: This type of recipient can be used to

establish a ‘Client’ dial-up modem
connection to a ‘Server’. The Server is
considered by TBOX MS as an ISP: it
requires a telephone number and a
login to establish the connection. You
associate an ISP (previously created in
the IP parameters of TWinSoft), and
when connection is established, the
‘Server’ has to communicate in protocol
ModBus-TCP
It can be assimilated to a ‘Modbus-

Slave’ connection using ModBus/TCP
protocol. The Server is responsible of
acknowledgment and hanging-up.
Custom: in case an add-on if it allows sending alarms.
POP3: allows reading e-mail to acknowledge e-mail or to operate TBox with a message (see details chapter 12)
External memory: To send report to the SD

card or USB mass storage.
With SD card: the directory reports is

automatically created to receive the
files. It corresponds to the root directory
when sending files to the SD card.
With USB mass storage: the root of the

memory stick corresponds to the root
directory.
When declaring the recipient, you can

specify a dedicated directory; in case it
does not exist, it will be automatically
created.
Do not indicate start and end " / "
HTTP: To Post files (=reports) to a HTTP server using a HTTP request "Post". Indicate the URL on the HTTP Server.

11.5 Group of Recipients

A group of recipients is composed of several recipients, which can be of different types (SMS, e-mail, …).
You can declare several groups.
Then previous to creating groups of recipients, you have to create first the recipients (see above).
You can then associate an Alarm condition to a ‘recipient’ or a ‘group of recipients’.
See chapter 11.2. and 11.3. Alarm Conditions.
11.6 Messages
To access the definition of Alarm messages, click the folder 'Alarms' in the Project workspace and select 'Messages'.
Message number : ID of the message from the list of messages. Type a message of maximum 120 characters. This message
is user specific:
If it is for a Digital Pager, it will consist only of numbers.
If it is meant to a mobile or e-mail, type a text.

11.6.1 SMS coding

By default, SMs message are coded according to GSM 03.38 table (7 bits character). It provides a total length of message of
160 characters:
Hex 0 10 20 30 40 50 60 70
0 @ Δ space 0 ¡ P ¿ p
1 £ _ ! 1 A Q a q
2 $ Φ “ 2 B R b r
3 ¥ Γ # 3 C S c s
4 è Λ ¤ 4 D T d t
5 é Ω % 5 E U e u
6 ù Π & 6 F V f v
7 ì Ψ ' 7 G W g w
8 ò Σ ( 8 H X h x
9 Ç Θ ) 9 I Y i y
A LF Ξ * : J Z j z
B Ø ESC + ; K Ä k ä
C ø Æ , < L Ö l ö
D CR æ - = M Ñ m ñ
E Å ß . > N Ü n ü
F å É / ? O § o à
When characters in a message are not in the table, with an accent or from another alphabet than Latin, like Hebrew, Greek,
Cyrillic, … TWinSoft encodes the message in UCS-2 format. This format uses 2 bytes of 8 bits per character, which limits the
total length of SMS message to 70 characters.
11.6.2 Value of Tag in a message

Two kinds of value are available:
The value at the moment the alarm is sent
The value will be the value of the Tag at the moment the alarm is accessed: the SMS is sent, the alarm list is displayed in a
WebForm, the alarms retrieved from TView, ...
The syntax is: ~TAG~ (with TAG=the name of the Tag).
The value at the moment the alarm appeared
The value will be frozen to the one at the moment the alarm is stored in the stack of events.
The syntax is: $TAG$ (with TAG=the name of the Tag).
Remarks:
• With MS-CPU16: ONE $Tag$ can be inserted in a message. No limit with ~Tag~
• With MS-CPU32(-S2): TWO $Tag$ (digital or analog) can be inserted in a message. No limit with ~Tag~
• Tag TEXT with MS-CPU32(-S2): ONE $Tag$ of maximum 80 characters
With a Digital Tag for which you have defined ‘States’ in the ‘Presentation’ menu, those states will
be used; otherwise, 0 and 1.
With a Float Tag for which you have defined a number of decimals in the ‘Presentation’ menu, this
number will be used; otherwise, fixed to 3 decimals.

11.6.3 IP address in a message

In an alarm message, the syntax ~@Tag~ will sent the value of Tag in IP address format (4 bytes: x.x.x.x)
11.7 Alarm Timetables

Alarm timetables allow specifying an activity period associated to a recipient, in other words, periods of time during the day,
the week, the year, when a recipient can receive an alarm.
The timetables are based on the specification of ‘Time Slices’ (time periods of the day) and on ‘Days’ (days of the week and
holidays).
11.7.1 Time Slices

The time slices are used to trunk the day in different slices. Further, you select these time slices when creating timetables.
To declare the time slice,

just select the start time
and the end time of the
slice.
A time slice can’t be part

of 2 different days: no
time slice can include
midnight! (eg: 18h30 to
08h30).
11.7.2 Holidays
The holidays offer to flag specific days of the year; these days constitute a group that can be checked in the timetables (all at
once, not days separately) like if it was a specific day of the week (see Time Tables next).
You can choose to keep

each selected day as
holiday for ‘every year’ (by
default).

11.7.3 Timetables
Based on the ‘Time Slices’, days of the week and ‘Holidays’ you create different ‘Timetables’ according to activity periods in
your company (day shift, night shift, holidays, week-end, …). A time table can then be associated to a recipient. You select
for each day of the week which time slice will be part of the timetable (Holidays being treated like a unique ‘day’).
Following, in the recipients’

setting, you can choose to have
the recipient ‘always active’
which means that he will receive
his alarms any time of the day,
or you can also choose to have
the recipient associated to a
time table (eg: Day shift without
week-end and holidays).
If an alarm occurs when time table is active, the alarm will be sent.
Otherwise, the alarm will be handled according to “RTU properties” ->”Advanced alarms” settings:
If the option is checked, the alarm will be maintained in the queue and generated when the time table turns active,
otherwise it is auto-ack.

11.8 Alarms Table

The Alarms table of TWinSoft displays the Event stack of TBOX MS . The Events stack is the visible part of the handling of
some system events and alarms in TBOX MS .The internal queue of alarms is not accessible. You access the Alarms table
from the main menu: Communication → Retrieve from TBox → Alarms:
Date/Time of the Message Acknowledg. Recipient Date/Time of the Acknowledg.

start of the Report Name Status of the start of the Status of the
condition Start condition End
The Alarms table does not only display alarms generated in TBOX MS , but also system events like start-up of the program,
Reset of the TBOX MS , …
Columns description
Start Timestamp Date and Time when the alarm condition appears (‘Start’ condition).
Message Message (or name of the file) associated with the alarm. System events appear between brackets.
Start Acknowledgment status of the ‘Start’ condition.
The possibilities are:
Not ack.: the alarm is still in process.
Ack’ed: the alarm has been processed successfully.
Auto ack.: the alarm has not been processed successfully.
In case of ‘system events’, it is always the case as it is not an alarm but an event.
Recipient The name of the Recipient (from the list of Recipients).
The name is listed only if the alarm was sent successfully. With chained alarms, this allows to
show the one that was used. In case of ‘system events’, there is no name.
End Timestamp Date and Time when the alarm condition disappears (‘End’ condition).
End Acknowledgment status of the ‘End’ condition.
When creating an alarm condition, there is an option ‘Notify end of alarm’. This option will
automatically generate an alarm when the condition generating the alarm disappears.
The possibilities are:
Not ack.: there is a ‘Notify end of alarm’ condition and the alarm is still in process.
Ack’ed: the ‘end of alarm’ has been processed successfully.
Auto ack.: the ‘end of alarm’ has not been processed successfully. When there is no ‘end of alarm’,
it is immediately indicated as ‘Auto ack.’

12 ReadSMS/POP3 Embedded
12.1 Introduction
ReadSMS/POP3 is the ability to TBOX MS to receive and interpret incoming SMS messages, and to read “subject” field of e-
mail in order to execute tasks.
Receiving an SMS requires a GSM on TBOX MS .!
ReadSMS/POP3 features allow two uses:

1. Acknowledgment of an alarm by sending back a SMS to the RTU
2. Controlling the RTU by sending SMS message(s) or sending e-mail(s)
An advanced menu is available in

the RTU properties:
For any incoming connection, either for acknowledgement or for controlling, the caller ID (phone
number of the caller for the last call received) is available in the communication variable
“ComX.Caller ID” (see chapter 7.3.2)

12.2 Acknowledgment of an alarm by sending data to the RTU

Two types of recipient may require an acknowledgment by SMS:
• Pager/SMS: sending a message through a SMS-C (standard way)
• E-mail: sending a message through a SMTP server, which can be forwarded as SMS through a dedicated service
Alarm conditions associated

to a recipient of type
“Pager/SMS” or “E-mail”
provide the options: SMS
acknowledge and POP3
acknowledge (with e-mail
recipient only).
Acknowledgment is carried out in twosteps. Example with sending of a SMS:

1. Sending of the message by TBOX MS (to the SMS-C or to the e-mail provider) will be first performed. Retries and time-
out defined in the recipient will be used to determine the success or failure of sending.
2. Then a second time-out, defined in the advanced ‘Alarms’ properties, will check whether incoming SMS required to
acknowledge the alarm, arrives on time.

The incoming SMS must arrive within this time-out for the alarm to be acknowledged. If not, a retry will be executed
according to the definition in the Recipient. After the end of retries, the alarm will be considered as in error: “auto-ack” and
the system variable ‘AlaErr=1’.
Working with ‘Group of Recipients’:

– - with option ‘Call all recipients’: all recipients have to acknowledge the alarm.
– - without option ‘Call all recipients’: any recipient can acknowledge the alarm.
Don’t set a time-out too short; to give time to the SMS Center to send the SMS back to the CPU, in case the
service is busy. Also, if the CPU is sending a SMS while an acknowledgment SMS is coming back, it may miss
the warning received from the GSM. The SMS will be stored in the SIM card and will be treated at next auto-
check from the CPU (max. 5 minutes).
12.2.1 Message sent by TBox

If the option “SMS acknowledge” or “POP3 acknowledge” has been selected, the RTU will send a header with the message
including an identification number.
Example: #A00056# Level too HIGH
Header:
# prefix (fixed).
A precedes the absolute identification number of the alarm.
00056 absolute identification number of the alarm.
# suffix (fixed).
Message:
Level too High message associated to the alarm condition.
12.2.2 Acknowledgment by sending a SMS

By sending a SMS back including the same header to the RTU, you will acknowledge this specific alarm. Typically, this can
be done using the option ‘Reply’ of the mobile. Verify that your mobile also sends the original message.
The text sent back to the RTU does not matter, as long as the syntax #Axxxxx# is sent.
Some Tags can be very useful to monitor the acknowledgment of the alarms by SMS: AlaErr, SmsState,
CallerID (see chapters 7.3.2 and 7.4.1).
12.2.3 Acknowledgement by sending an e-mail

When SMS service is not supported, acknowledgement can be sent through e-mail. TBOX MS uses then POP3 to read the e-
mail (see chapter 9.5.1)

12.3 Controlling the RTU using SMS message or POP3

ReadSMS/POP3 provides the possibility to control the RTU by sending a SMS to TBOX MS or by reading e-mail using POP3
service.
A message can combine several data: Password, acknowledgment ID, writing values directly to ModBus addresses,... It must
always start and end with the character #
A specific character indicates the type of data sent to the RTU.
Examples -: :pre-defined message

W : : writing a value to a Modbus address
S : setting of a Digital Tag
Details of the different types of data that can be included in a message sent to TBOX MS :
12.3.1 Using pre-defined messages(-)

– From the ReadSMS properties menu,
you select a ‘Message index Tag’ (analog
Tag - 16 bits format), that will contain a
value associated to the message sent to
the RTU
– You add the message(s) you intend to
send to the RTU
When the RTU receives the message, it will put the

corresponding value to the ‘Message index Tag’
The maximum number of pre-defined messages

supported is 20. In case you need to monitor more
process, you can use the direct/indirect addressing (see
next).
SMS/POP3 message is not case sensitive
This method of monitoring using message, is
the only method supported by POP3.
Make sure the message sent is preceded by the
character “-“
Message sent by a Mobile
Examples
#-START PUMP#
#P1568,A00056,-START PUMP,W20480=123#

Message sent by e-mail
A message must include the RTU Id of TBOX MS , preceded by the letter I and a pre-defined message. It may also include an
acknowledgment ID.
Examples
#I460000020107,-START PUMP#
#I460000020107,A00002,-START PUMP#
12.3.2 Writing Tag with Direct addressing ( W )

You write a value or a text directly to a ModBus address.
Syntax: #Wmodbus address=value#
#Wmodbus address=”text”#
Examples:
#W20480=123#
This message sent to the RTU will write value 123 to the analog Tag with ModBus address 20480
#W1500=”jean@tbox.be”#
This message sent to the RTU will the text “jean@tbox.be” to the Text Tag with ModBus address 1500. This can be useful
for changing online runtime parameters (see chapter 8.5. “Runtime Parameters”)
Notes:
1. You can combine several adresses, separated by a comma. For instance:

#W20480=123,W20481=456#
2. ReadSMS checks access protection level of the port before writing (see chapter 12.3.5. below)
12.3.3 Writing Tag with Indirect addressing – analog ( N )

You write a value directly to a ModBus address representing a pointer.
Syntax: #Nmodbus address=value#
The value at ‘modbus address’ corresponds to the ModBus address to write in.
Examples:
#N20480=123#
If ModBus address 20480 contains the value 1000, the value 123 will be written to the ModBus address 1000.
We make a distinction between Target address corresponding to an analog Tag and a digital Tag (see next).
With indirect addressing, ReadSMS does no check the access protection level of the GSM port.
12.3.4 Writing Tag with Indirect addressing - digital ( D )

You write a value directly to a ModBus address representing a pointer.
Syntax: #Dmodbus address=value#
The value at ‘modbus address’ corresponds to the ModBus address to write in.
Examples:
#D20481=1#
If ModBus address 20481 contains the value 512, the value 1 will be written to the ModBus address 512.

12.3.5 Access Protection ( P )

ReadSMS/POP3 access protection is independent from the GSM port it is associated to. In other words, even if the
communication port is protected, ReadSMS feature will not specially be protected.
ReadSMS/POP3 has its
own independent access
protection configuration,
that can be activated from:
RTU properties
→ Security.
If ReadSMS protection is activated, a login is required in the incoming the SMS message or POP3 message. The login is
composed of the last 8 digits of telephone number of the mobile used to send the SMS and a password.
To obtain the Password, the utility 'Password Generator' is needed (Start -> Programs -> Semaphore -> Accessories ->
Password generator).
From the Password utility, you define:
– the global code used in the RTU
– as NAME: the last 8 numbers of the telephone number of the mobile which will be used to send the SMS.
– as Access Level: Engineer (Level 3).
The resulting 'PASSWORD' must be used to login.

Syntax: #Ppassword#
Examples:
#P1568#
If needed, the Password must be declared first.

Acknowledgment (with code A) does not require password
12.3.6 Acknowledgment (A)

See chapter 12.2 above
12.3.7 SET a digital Tag ( S )

You write 1 to a digital Tag using its ModBus address.
Syntax: #Smodbus address#
Examples:
#S32#
The digital Tag at ModBus address 32 will be set to 1.
Note: ReadSMS checks access protection level of the port before writing (see chapter 12.3.5. above)

12.3.8 RESET a digital Tag ( R )

You write 0 to a digital Tag using its ModBus address.
Syntax: #Rmodbus address#
Examples:
#R32#
The digital Tag at ModBus address 32 will be reset to 0.
Note: ReadSMS checks access protection level of the port before writing (see chapter 12.3.5. above)
12.3.9 Writing minutes since midnight into a register ( h )

To write in an analog register, the current number of minutes since midnight at the moment the message is received.
Syntax: #Wmodbus address=h#
Examples:
#W20482=h#
If the message is received at 15:23, the value 923 will be written at ModBus address 20482
Note: ReadSMS checks the access protection level of the port before writing (see chapter 12.3.5. above) and also the 'Write'
configuration of the 'Presentation' of the Tag (see chapter 8.4)
12.4 Automatic Update of a Recipient’s telephone number

An existing recipient of type ‘Pager/SMS’ can be updated with the mobile number of the originator.
The idea is to check the incoming

message, for instance using ReadSMS
status (see next) and to send back a
message to the originator.
ReadSMS uses the caller ID of the
originator to update the recipient you
select in this menu; it uses the runtime
parameter associated to the recipient
(see chapter 8.5.2)
From the Process, you can then decide to
send back an SMS, to confirm the
command, to indicate the incoming
message was invalid, that password was
incorrect, …
If this option is activated, the selected
recipient will be automatically updated
with the telephone number of any
incoming call (if caller ID of originator has
been activated!).

12.5 ReadSMS status

A communication variable,
associated to the GSM can be
used to check the status of
ReadSMS.
From the GSM Com port, go to
the tab ‘ACV’ and make a Tag of
‘SmsState’.
Value Description
1 Accepted message received
2 acknowledgment received
10 Invalid message
11 Unknown command
12 Equality character (=) not found or incorrect
20 Incorrect password
21 Incorrect password or not supplied for a com. Port protected
30 Message received does not match a predefined message
31 Writing to an unknown address
32 Writing to an unknown address, using indirect addr. (address contained in the Tag not known)
33 Changing the telephone number of an unknown recipient

12.6 Get Message in Text Tag

This feature allows receiving the complete message (SMS or POP3) into a TEXT Tag. At the exception of the caller ID, which
is available is a dedicated Communication Variable.
The message will then be parsed using BASIC functions.

When this feature is active, ReadSMS/POP3 pre-defined message feature (see chapter 12.3.1) is not
available anymore and the ack. by SMS or POP3 neither. OS is not parsing message anymore as it is done
in the application.
Tag Text: It will contain the date, time and the message. Make sure you define this text Tag with a minimum of 160
characters.
Examples:
11/03/25,10:29:14+04 Hello to TBox!
The date and time are the one given by the SMS-C (not from TBox, not from sender)
The +04 indicates the differences to GMT in quarters of an hour.
Tag Stack: This is a digital Tag. When changing to 1, it indicates message(s) is (are) on the stack. By writing "0", you bring up
a message from the stack to the Text Tag (see above). When it switches back to "1", it means there is at least one
more message in the stack.
– MS-CPU32, -LT2: stack of 50 messages. Circular buffer.
– MS-CPU16, -LITE, -WM, -LP: no stack. Message with a maximum length of 89 characters.

13 Datalogging
13.1 Introduction
Datalogging allows memorizing values of your process, in order to visualize its history.
TBOX MS contains memory for recording historical values of Tags and events (see technical specifications); the latter is
what we call the database of TBOX MS .
There are two categories of databases:
The Chronologies
Chronologies are 'On event' recordings, by means of changes in Tags (also known as “Sequence of Events”). Each event is
recorded with time, date, Tag and its status or value.
The minimum resolution is 1 ms.
Example of ‘Digital Events’
t
0
The changes of status of the Tag represent the events.
Example of ‘Analog Events’
200
180
160
140
120
100
80
60
40
20
t
The variations of the Tag represent the events.
TBOX MS stores chronologies in 2 tables: one for digital data and one for analog data.
The size of the tables is defined in the General RTU properties, as described chapter 6.1.

The Sampling Tables
Sampling tables use ‘Periodical’ recording, with a minimum period of 1 second.
Recording in sampling tables happens at fixed intervals and does not depend on signal variations; it uses the clock of the
CPU to determine the recording.
Date and time of only the last record is stored. This mechanism requires less memory than chronology does. Timestamps
are re-built when data is generated (by report or by polling).
Example of ‘Periodic Recording’

temperature
t
9 :30 9 :45 10 :00 10 :15 10 :30 10 :45
Each Tag is recorded into a separate table. The maximum number of tables is 2000 and the size of each table is of maximum
65535 records. To increase quantity of data recorded, recording on micro SD card can be considered (see chapter 6.6.3. RTU
properties -> Sampling Tables)
The database information recorded in TBOX MS can be displayed directly on WebForm or retrieved with the use of SCADA
software such as TView or other HMI package running ‘TComm.dll’ based driver (please call your distributor).
By doing a compilation you can check the space of memory available (see chapter 4.10.2).

13.2 The chronologies
13.2.1 Digital chronologies

Example of an entry in Digital chronology: Recording the starting and stopping of ‘VALVE1’.
Edges: Recording on positive and (or) negative edge.
Handling:
• Enabled: always recorded.
• Disabled: never recorded.
• PowerF: recording disabled in case of ‘mains’ power failure.
• DisCRD: recording disabled when the system variable ‘DisCRD’ is at 1.
13.2.2 Analog chronologies

Example of an entry in Analog chronology: Recording of a variation of 10 mbar of ‘PRESSURE’.
Variation: Recording in case of variation (higher or lower) in comparison with the previous recording. The weight of the
value corresponds to the scaling defined in the Tag definition (see chapter 8.1.1: Analog I/Os).
Handling:
• Enabled: always recorded.
• Disabled: never recorded.
• PowerF: recording disabled in case of ‘main’ power failure.
• DisCRA: recording disabled when the system variable ‘DisCRA’ is at 1.

13.3 The sampling tables
Type: TBOX MS records data internally on a minimum time-base of 1 second. After the period selected (see next) the
selected type of data (min., max., ..)is recorded.
This value can be:

• Minimum : minimum value during the period.
• Maximum : maximum value during the period.
• Average : arithmetic average value calculated during the period. For each period a new average is calculated.
Tag format Limitation in recording
8 bits All periods accepted
16 bits Period limited to 12 hours
32 bits Not available
Float All periods accepted
• Instantaneous : value at the moment of the recording.
• Incremental : TBOX MS records the difference between the current value and previously recorded value.
Example of Incremental Recording:

Value of the Tag 865 878 902 905 965 985
Incremental value recorded … 13 24 3 60 20
Period: Period between 2 recordings. You may choose between:

1sec; 2sec; 4sec; 5sec; 10sec; 15sec; 30sec; 1min; 2min; 4min; 5min; 10min; 15min; 30min; 1h; 2h; 4h; 6h; 12h;
24h; 48h; daily; weekly; monthly.
The recording happens at ‘birthday’ time of the period selected.
Example: if you select as period 5 minutes, the recording will be done at:
9:25:00; 9:30:00; 9:35:00; 9:40:00 ...

In case you wish to make recording every day, or even with a longer period, the options are:
• daily: recording once a day
• weekly: recording once a week
• monthly: recording once per month.
The hour of the day, the day of the week and/or the month are defined once for all sampling tables in the RTU
Advanced properties (see chapter 6.6.3)
Size: The size can be expressed on two ways:

Size: the number of records of the table.
The recording works on the FIFO principle. According to the size, the duration is updated automatically (see
next).
The size can be of maximum 65535 records, with a total of 1 Mbytes in SRAM and 32 Gbytes on micro SD card
(optional).
Duration: You may prefer to enter a number of days and hours, in this case the size is automatically updated.
To adjust the sizes check the available memory with the compile option. See chapter 4.10.2:
Compiling a program.
Trigger: Synchronize each sample on external clock: recording of the value is executed on the positive edge of the Tag
selected, and not with the clock of the CPU.
The period between 2 pulses of the Trigger must correspond to the period selected between 2
recordings (see above). The period selected with the timestamp of the last record to rebuild the
table.
Example of use of external Trigger: quarter - hour management.

In some industries, every 15 minutes (may vary slightly), your electric company sends a pulse which is used to
calculate the consumption, based on average consumption during 15 minutes. You will be charged based on the
highest consumption.
In order to analyze your consumption and prevent from peaks, you can use this pulse as Trigger.
Recording will be done each time the pulse arrives, but when retrieving data, the calculation of timestamp will be
computed from the time stamp of the last recording and the period.
This means it can only be used if the period between pulses corresponds to a period between 2 recordings (see
above).
No sampling if trigger = 0: the CPU clock is used to record data (see period above), but recording is only possible when the
Tag Trigger is in “high state”. When it is negative, recording stops. On the positive edge of the Tag, the table is
erased and a new recording starts.
Reset Tag after sampling: if this option is checked, the RTU automatically resets the register that has been recorded.
This option works only with registers, NOT I/O!

14 ModBus Transactions
14.1 Introduction
ModBus Transactions feature allow exchanging data between two or more ModBus stations via any communication ports
One often speaks of 'Master Network' because it is a ModBus Master communication: the Master (TBOX MS ) executes
reading and writing in slave(s) through any media (RS485, Ethernet, modem...).
The protocol will be ModBus-RTU or ModBus/TCP according to the media used.
Each ModBus Transaction corresponds to one transaction (reading or writing) with 1 slave.
When there are several stations, TBOX MS executes the different transactions of one station at a time, then transactions of
the following station, and so on ….
When a dial-up modem is used to execute ModBus Transactions, TBOX MS needs first to establish the connection using an
Alarm of type ‘ModBus’ (see chapter 11.4. Recipients)
Before creating a ModBus Transaction you have to create the equipment you are going to communicate with.
14.2 Creating a Remote Device

From the Project Workspace, select
‘Resources’ -> ‘I/O’. Click ‘I/O’ and in
the list of I/O, click ‘Add an I/O Card’.
Select ModBus Device.
Name: You type any name. It will be available in

a list of available equipment when creating
‘ModBus Transactions’ (see next).
Address: It is the station address of the Remote

equipment. It must be different from the
TBOX MS and possible other equipment on
the same network.
When communicating through TCP/IP port,

you have to indicate the IP address of the
remote device
RTU Port: The communication port used by TBOX

MS to communicate with the remote
equipment.

Trigger: Select a digital Tag that will trigger the communication, according to a ‘Condition’ (see next). Working with several
equipment, you declare different Tags and then control differently the communication to each equipment.
The Trigger must be a digital variable (DIV).
Condition: Condition of Tag ‘Trigger’ to start communication. Typically, you will work with a permanent connection (Trigger
in High or Low state). Or you can decide to execute one-shot communication, on edge changing of the Tag
Trigger.
The changing of state of the Tag can be controlled by BASIC, Ladder, or Periodic events.
14.3 Creating a ModBus Transaction

Example: Reading of 8 ‘Floating’ Variables in Slave22 Starting At Address 168
Tag:
Select an existing Tag by clicking the button. Be sure you select a Tag of the same type than the
one you want to access in the ‘Slave’ (Byte, Word, DWord or Float).
If the Tag does not exist, you can create it after having clicked the button. It is the Tag of the Master;
it contains the value you want to write in a Slave or it is a register that contains the value that Master
reads in a Slave.
In case of block communication (with a quantity > 1), this Tag is the one of first ModBus address.
Operation Operations MASTER (Tag) SLAVE (Address)
READ Data
WRITE
Data
Read: The Master reads data from the Slave.
Write: The Master writes data to the Slave.
Quantity Quantity of variables of successive addresses that are read (or written) in the Slave. It depends on
the external source, the types of variable and the ModBus function used (see tables below).
ModBus protocol handles only words (16 bits). When working with 32 bits, TWinSoft adapts the quantity
to double the number of words. 32 bits variables are handled with:
<Hi word1><Lo word1><Hi word2><Lo word2>… It can be adapted from the “Advanced…” properties of
the remote device.
External Source. All the following parameters concern the Slave station:
Device: select an existing external device from the ‘Resources’. You can create one clicking the button

Type: select the type of the external variable. The choices are:
With external source ‘ModBus device’ (any TBox MS, TBox LT,, any ModBus device)
Types Connection in remote device ModBus Function
Digital input Only digital input(s) 2
Coil Digital output(s) or register(s) 1, 5 or 15
Analog input Only analog input(s) 4
Holding register Analog output(s) or register(s) 3, 6 or 16
Operations Types ModBus Functions Max. Quantity (*)
Read Digital Digital Input 2 1600 (see Warning below)
Read Digital Coil 1 1600 (see Warning below)
Read Analog Analog Input 4 125 (16 bits) - 62 (32 bits)
Read Analog Holding Register 3 125 (16 bits) - 62 (32 bits)
Write Single Digital Coil 5 1
Write Single Analog Holding Register 6 1 (word)
Write Multiple Digital Coil 15 800 (see Warning below)
Write Multiple Analog Holding Register 16 100 (16 bits) - 50 (32 bits)
(*): Maximum quantities for TBOX MS , TBox LITE, TBox MS. You also have to check the maximum quantities of the
‘Remote device’-they could be less.
With External source ‘Remote TBox’ (TBox CPU-3)

Description Operations Tag types Max. Quantity
Digital I/O Read/Write IOD, T4m 16
Analog I/O Read/Write IOW, I4M 8
Digital registers Read/Write DIR, STD 1600 (see Warning below)
Analog registers (8 bits) Read/Write STB 8
Analog registers (16 bits) Read/Write AIR, STO 100
Analog registers (32 bits) Read/Write TOT 8
Analog registers (32 bits) Read/Write FLT 8
Timers Read/Write ATP, ATV, DTI 16
Counters Read/Write ACP, ACV, DCN 16
Special Registers Read/Write DSPE, ASPE 16
Register ‘Sampling Table’ Read/Write ECH 16
(*): with quantity > 16, ModBus addresses and quantities must be multiple of 8
When accessing digital variables (DIV, DIR, …) into TBox CPU-3, make sure you use multiples of 8 for:
quantity and address of Variable in External Source
Address : The ModBus address must be typed according to the indication of the user’s guide of the Remote device.
Communicating to a TBox, you have to refer to the TWinSoft application and its configuration of Tags.

14.4 ModBus Transactions Advanced Features

By clicking “Advanced.” button, you access advanced parameters of ModBus transactions:
14.4.1 Diagnostics
It provides diagnostics information, through 3 Tags.
Cycle Count Tag : 16 bits unsigned Tag.

It increments each time all ModBus transactions of the device have been executed.
Status Tag: 16 bits unsigned Tag.

It returns information on the communication with the remote Modbus device.
Value is maintained until the next changing. Values are:
• 00: No error
• 01: Communication error (no communication)
• 02: TCP. Error other than timeout when connecting to a device through TCP
• 03: TCP. Timeout or error connecting to DNS server
When there is communication, but ModBus error:

• Byte 1 : Modbus function + 80h
• Byte 2 : Exception code
– 01 Illegal function
– 02 Illegal data address
– 03 Illegal data value
– 06 Slave device busy
– 84 Writing to a port protected
Communication Error Tag: This Tag provides a direct, immediate indication of communication error to the remote device,
without requiring any logic. Each transaction is tested, when it is in error, the Tag turns ON, when
communication is healthy it turns back OFF automatically.

14.4.2 Compatibility
It provides some customization of Modbus

Functions.
Force Multiple Write even if there is only one register : With some remote device, only one Write function is supported:
– FC 15 = write multiple Coils
– FC 16 = write multiple Holding Registers
In the Modbus Transactions configuration, if the quantity of Tags = 1, by default TWinSoft uses the standard
function dedicated to single write. This option allows TWinSoft to always use the "Multiple Write" function, even
when there is a quantity of 1.
Working with Analog Tags 32 bits, even with a quantity=1, the function used is always FC=16, because
one 32 bits is built on TWO consecutive addresses of 16 bits
Changes in 32 bits handling: Modbus protocol standard does not describe how to communicate with 32 bits register.
Therefore, there are several ways of transferring 32 bits (DWord/Long and Float).
By default, TBOX MS uses Big Endian method for communicating. This method can be modified.
The option selected is applied to all transactions of 32 bits variables with the device.
Force Little Endian: This option swaps Bytes and Words.

Examples of Bytes transfer:
Decimal value: 123456789
Hexadecimal Value: 07 5B CD 15
Big Endian (standard):

07 5B CD 15
L1 H1 L2 H2
Little Endian:
15 CD 5B 07
H2 L2 H1 L1
Swap of Words: This is the most common handling when Big Endian is not supported.
Examples of Bytes transfer:
Decimal value: 123456789
Hexadecimal Value: 07 5B CD 15

Big Endian (standard):

07 5B CD 15
L1 H1 L2 H2
Swap of Words:
CD 15 07 5B
L2 H2 L1 H1
ModBus Enron: The difference with classical ModBus is that counting of variables is based on 32 bits variables and not 16
bits variables
With ModBus Enron, a quantity=1 corresponds to a 32 bits variables.
It provides a way to communicate with "Slave" supporting Modbus Enron. It requires TBox OS >= 1.24.
14.5 ModBus Transactions through dial-up modem

With a remote device accessed by a dial-up modem, the connection must be first established using an Alarm “ModBus”.
The sequence is the following:

• Create a Remote Device, associated to the communication port of the modem and to a Trigger – DIV (digital
register) always active.
• Create the ModBus Transactions associated to this device.
• Create an Alarm Recipient of type ‘ModBus - Master’, with the telephone number of the remote device.
• Create an Alarm Condition, associated to the event requiring communication with the Remote TBox and to the
Recipient created above.
• When TBox needs to communicate, generate the alarm condition.
• When modems are connected (can be checked using the communication variable DCV – Comx.Call) and
Trigger is active (see above) ModBus Transactions associated to this station will be executed.
• Acknowledge the alarm, for instance using the special analog variable ‘AlaRec’. You write into ‘AlaRec’ the ID of
the “ModBus-Master” recipient.
• Stop connection by writing ‘0’ to the Communication Variable ‘COMx.HookLink’, alternatively, communication
will be automatically stopped after 1 minute (see hangup timeout below).

14.6 Timing configuration of ModBus Transactions

Several timings can be adjusted when communicating through ModBus Transactions. Their value mostly depends on the
media and the baudrate (see on line help for more info).
They are available from the tab ‘Advanced’ of the properties of the communication port.
Example with RS485 of the CPU
Packet reception delay: maximum time for receiving a valid frame.
ModBus Master Properties

timeout: maximum time to receive an answer before sending the next query
Number of Tries: in case of error, number of times a query is sent
Interframe gap: after having received a valid answer, time before sending the next query.
Hang up timeout: doing a ModBus Master define the maximum connection time. The maximum value is 600
seconds.
Value=0 means it will never hang up!
ModBus Slave Properties: Interframe gap: after having received a valid request, time before sending the answer.

15 Periodic Events
When tasks have to be executed periodically, periodical events constitute an easy way of creating events to launch the
tasks, like ModBus Transactions, sending of test alarm, datalogging, a piece of Ladder/BASIC logic, etc..., and this,
independently from any other condition.
A periodic event could be compared to an automatic timer.
A digital Tag is Triggered periodically: it is automatically SET when the period has elapsed. All tasks associated to a positive
edge on this Tag will be launched, then the Tag will be automatically RESET, ready for the next period.
Several tasks can be associated to the Tag triggered. This implies for the OS to RESET the Tag when all tasks have been
launched.
In the project workspace of TWinSoft, a folder is available to declare the Periodic Events:

Example of a ‘Daily Event’
The Tag ‘Half_Hour’ (a DIV) will be automatically SET each 30 minutes, at each xx:15:00 and xx:45:00. The task(s) associated
to Tag ‘Half_Hour’ will be executed each 30 minutes, for instance a communication to a Remote Device, the Tag would be
the Trigger of the Remote Device.
Examples of a Weekly and Monthly Event
Sending a SMS each Monday at 8:00 AM Sending a report each 1st of the Month at 6:00 AM
With the above examples, the digital Tags (DIV) “SMS” and “Month_Report” are associated to alarm condition.

16 Protection (Access Security)

This (optional) access control on TBOX MS prevents non-authorized persons from accessing the RTU and from opening the
TWinSoft document.
Several protocols can be protected: ModBus, HTTP, FTP (server), ReadSMS. More protection can be implemented, like
Firewall (chapter 6.4.1), OpenVPN (chapter 10.1) or IEE802-1X though an add-on (see chapter 6.2. Add-ons).
Once you activate the “Access security” option, the TWinSoft document will also be protected, even if no port has been
selected!
There are three methods of activating access security. You select one:
• Global Code: You define a 4 digits hexadecimal code.
• Enhanced Global Code: The same as above but with maximum 8 of any characters.
• User list: You define your own list of Users/Password.
16.1 Access Protection on Communication Ports

The configuration of access security of TBOX MS is available from the ‘RTU properties’:
• The protection must be activated by one of the three methods (see below).
• Then “ModBus” protection can be assigned individually to each port.
• Protection on other services (HTTP, ReadSMS, …) can then be assigned too.
16.1.1 ModBus access protection

The ModBus access protection protects against writing values (from TWinSoft, from a WebForm) and sending a new
application. Each port individually can be protected.
TWinSoft populates ports according to the model of TBOX MS you are configuring; you check the port(s) you want to
protect.
Three access levels are available to access protected port(s):

• Level 1: Surveillance mode or VISUALIZATION MODE. The operator can view all TBOX MS values (local or
remote), but cannot execute any command.
• Level 2: COMMAND MODE, the operator can view all the values and execute commands (locally or remotely).
Also known as READ/WRITE MODE.
• Level 3: ENGINEER MODE, the operator can view all the values, execute commands and send new application
(locally or remotely).
When a port is protected it cannot be written through ModBus Transactions.
TWinSoft presents all the communication ports according to your hardware configuration:

From the RTU properties -> tab

‘Protection’, you activate the access
security feature.
Global code: type in the 4 character

hexadecimal code that you have
used to generate the Access Codes
with the utility Password Generator
(see chapter 16.3 following).
Type it a second time to confirm.
Enhanced Global code: type in a code

with maximum 8 of any characters
corresponding to the one you have
used to generate the Access Codes
with the utility Password Generator
(see chapter 16.3 following).
Type it a second time to confirm.

User list: You add users with for each

an access level.
16.1.1.1 Monitoring access level

Current access level on serial and modem ports can be checked using the Communication Variables (see chapter 7.3.2).
16.1.2 Access Protection for TConnect

TConnect allows synchronizing list of users and the application. To authorize it, you must define a dedicated user for
TConnect synchronization that you have defined in TConnect.
In “User list”, select the level “User

Sync”, with name and password you
have configured in TConnect
16.1.3 ReadSMS protection

ReadSMS feature allows controlling TBox using SMS or e-mail. It can be protected as explained chapter 12.3.5.

16.1.4 HTTP protection

HTTP protection assures protection at HTTP level, to prevent accessing files stored in TBOX MS using HTTP protocol.
Typically, when displaying HTM files with a browser.
Once HTTP security is activated, each file building the web site must be assigned an access level.
In folder "Web and Reports files", right click each file:
ALL files (.twa, .htm, .twf, .gif, ...) composing a view must be given an access level:
• Level 0: the file is always visible and does not require a login. Typically a home page.
• Level 1: the file is visible by user “Read only”, “Read/Write” and “Engineer”.
• Level 2: the file is visible by user “Read/Write” and “Engineer”.
• Level 3: the file is visible by user “Engineer”.
Once HTTP protection has been activated (and sent to the RTU), when connecting to TBOX MS using a browser you are
prompted to login to open a file with access level 1, 2 or 3.

To create the Login, see chapter 16.3. below.

When several PC’s connect to TBOX MS , a login is required for each PC.
Different sessions of the same browser on one PC use the same login.
Protection on Objects Inside Webform 2.0
Example with WebForm 2.0
Each object composing a webform can be assigned

“visibility” and “write” levels of authorization
Ease of use recommendations

1. Common Files
Files that everybody can see and files part of the template (icon, images, ...) should be assigned an access level= 0. It
means they are displayed with any level of user. A home page with access level=0 will be displayed without requiring a
login.
2. Protecting "IP" Ports
Typically, Ethernet or GPRS communication port.
In case you need protection against writing to Tags or sending a program.
If the port is also protected, two login will be required: HTTP and ModBus/TCP.
3. Reminder about writing to Tags
If the communication port is protected and the presentation of the Tag is set "write enable" (see tab "Presentation" of
the concerned Tags) user requires access level = 2 (Read/Write) to change value.
A user with access level = 3 can always change Tag value.
A login at ModBus level will be also required if the port has been protected (see above).
16.1.5 ModBus TCP protection on socket

A TCP communication is based on “Sockets”. They allow multiple, simultaneous communication:
ONE socket = ONE communication context
TBOX MS supports 64 ModBus communication contexts.
Without the option checked: the protection is based on the com. port only:
When someone logs in to a communication port as “Engineer”, all users connecting after him will be
automatically logged as “Engineer” too …
With the option checked: the protection is based on sockets:

Each user connecting to a protected communication port must log in, individually

16.1.6 Brute Force protection

A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification
number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to
the value of the desired data.
TBox provides a way to protect against multiple, successive login attempts to the unit.
Protection is applied for every protocol where a TBox is the server and requires authentication such as Modbus/TCP, HTTP
and FTP. It is applied to all communication ports for which authentication is possible: GSM, Ethernet and serial port in the
case of ModBus-RTU with authentication.
SSH is a special case as this rely on dropbear; however, dropbear already includes such a mechanism and has its own
hardcoded parameters.
When a brute force attack is detected communications are blocked:

• In ModBus (TCP or UDP) for the incoming IP address
• In HTTP for the incoming IP address
• In FTP for all IP addresses
• In serial communication, for the concerned serial port
Brute Force protection settings are available in chapter 6.6.12 Advanced RTU Properties-> Security.
16.1.7 FTP protection

TBOX MS can act as a “FTP Server”. It opens access to the micro-SD and files sent using alarm recipient “micro SD”.
By default, FTP server is accessed in "anonymous" mode. To protect access by a login, check this option.
The login is created as explained chapter 16.3 below.
Activating protection is mandatory to delete files on the SD, using a FTP Client.
16.1.8 Advanced IP configuration

Activating this option gives access to different TCP/IP redirection features like IP forwarding and Virtual Server (see more
info in Appendix F: IP Forwarding, NAT, Virtual Server).
Type a 4 digits hexadecimal code.
16.2 Document protection

It provides a protection against opening the document, independent from the Global code mechanism.
Type a password of minimum 6 characters.
In case you have activated Access Security (see chapter 16.1. Access Security), this protection
replaces TWinSoft document protection through access security login.

16.2.1 TWinSoft Document Protected

Once a document has been protected (see above),
when opening it with TWinSoft, you are prompted to
type the password:
Click OK
- There is no distinction between access levels when opening a document. Any acceptable login will
be supported.
- By clicking ‘Cancel’, TWinSoft indicates the document is protected and opens a new one
16.3 Password utility

The utility program Password generates access codes based on global codes
When installing TWinSoft Suite a password-creation program named Password Generator is installed in the same directory as
TWinSoft. It can be started from the 'Start' button of Windows and is located in the group of programs “Techno Trade” ->
“Accessories” created while installing TWinSoft.
This program generates passwords needed to Login to TBOX MS when access security has been activated (see above).
A password is composed of 4 or 8 hexadecimal characters in response to information related to the user. It is based on a
complex algorithm using the global code (=key), the user’s name and the access level. A 5-digit number (User Id) allows
identifying the user accessing TBOX MS . This User Id can be used to trace users for example by inserting this number into
datalogging (chronologies), with the help of Analog Communication Variables (see chapter 7.3.2.).
Global Code This hexadecimal code of 4 or 8 characters is the basis for password generation. It is typed in the
‘RTU Properties’ (see above) of TWinSoft and sent to TBOX MS . When a user logs in, TBOX MS
checks whether NAME and PASSWORD fit with the global code. This means that if different users
with different access levels must communicate with TBOX MS , the global code used to generate
passwords must be the same.
User Name The NAME you use as login.

Access Level Three access levels are available:

• Level 1: Surveillance mode or VISUALIZATION MODE. The operator can view all TBOX MS
values (local or remote) but cannot execute any command.
• Level 2: COMMAND MODE, the operator can view all the values and execute commands
(locally or remotely).
• Level 3: ENGINEER MODE, the operator can view all the values and execute commands and
alter or send new TWinSoft documents (locally or remotely).
When this information has been entered, click on the button "Get password".
Two codes have been created:

• The PASSWORD: this PASSWORD must be used together with the NAME when logging in.
• The USER ID: this number is available in an Analog Communication Variable when a user is connected
to a protected communication port of TBOX MS .
16.4 Login/Logout
16.4.1 With TWinSoft

The Login feature of TWinSoft allows connecting to a protected communication port of the TBOX MS according to an
access level. If a port is not protected, access level is automatically 3= Engineer.
The Login/Logout is executed from the main menu
bar → 'Tools'.
Login
If connected to a port of TBOX MS that is protected, you
need to Login to get an access level.
You type the Name you used in the ‘Password’ utility and the Password that was created (see previous). According to those,
you access in:
• Read only
• Read/write
• Engineer
The access level is displayed in the Status bar.
If 'Save password' is checked and TWinSoft is connected to a protected port: when TWinSoft starts, it uses the access
level corresponding to the password saved (see the status line).
If it is not checked and TWinSoft is connected to a protected port: TWinSoft starts in 'Read only' mode. You need to do a
Login to get your access level.
Logout
If the TWinSoft is connected to a protected port, the Logout sets TWinSoft in 'Read only' mode.

16.4.2 With Browser

If you have developed HTML pages based on Webforms 2.0, you can access TBOX MS using a browser. TBOX MS acts as a
Web Server. Any browser on multiple platforms can access Webform 2.0 pages in TBOX MS .
In case HTTP protection has been activated, the browser will pop-up a login window.
16.5 Deactivating protection

There are two methods of deactivating TBOX MS access protection:
Global Reset (see chapter 4.6.)

The first method is by performing a global reset, which must be carried out on site. When the program has been stopped,
the local port is no longer protected and firewall is deactivated.
If the ‘modem’ has been declared protected, it will still be protected even after a global reset. To
deactivate the protection, an unprotected TWinSoft document must be sent to TBOX MS (see
below).
Sending an unprotected TWinSoft document

The second method involves modifying the TWinSoft document and deactivating the access Security option. The document
is sent to TBOX MS after having logged in as 'Engineer'.
16.6 Deactivating protection of TWinSoft document

You must open the document and de-activate ‘Access security’ and ‘Document password’ in tab ‘Security’ (RTU properties).
If you have forgotten your access security login, but still remember the Global Code, you can generate a new login (see
chapter 16.3. above).
If you have forgotten your document password, we will not be able to open the application; there is
no backdoor password.

Appendices

A. Licences
TWinSoft software itself is not protected and can be installed freely on any PC to develop TWinSoft document (online or
offline) and to monitor TBOX MS .
The only operation protected is the sending of an application to TBOX MS .
In order to find the best way for you we offer different possibilities:
A.1. The Evaluation Mode

You don’t have any license. You are able to develop a complete TBOX MS project without any restriction, but when you
send the application to TBOX MS , it will stop after 2 hours. This is a good solution for testing programs or creating a demo.
A.2. The Dongle

It is a hardware license. A dongle is placed on your PC. The dongle consists in a USB key. TWinSoft regularly checks the
presence of the dongle. It allows you to send applications to as many TBOX MS as you want, with any PC.
You need to install a driver to run the dongle. It is available in our website:
https://servicedesk.ovarro.com/servicedesk/
A.3. The Code (License)

Available from the menu ‘Help’ → ‘License Register.’
Using information of the PC (the Company name, the Username, a Serial Number), you receive a code that you enter in the
field “License”. Once entered, you can send any application as if you had a dongle (see previous).
The only restriction is that it must always be on the same PC.
A.4. The TWinSoft LITE

Available from the menu ‘Help’ → ‘TWinSoft Lite configuration.’
This protection mode is ideal for users having one or two TBOX MS units. The dongle or a license might be too expensive.
TWinSoft LITE code is linked to one and only one TBOX MS ; it allows you sending an application to the TBOX MS for which
you have the code.
This license can be introduced in as many PCs as you want.

B. Time in RTU
One of the biggest issues in Telemetry and data logging equipment is the handling of time.
In order to have a universal solution wherever TBOX MS is used, TWinSoft, OS of the RTU and software’s collecting data,
share the same mechanism of time management.
Time in the RTU is based on UTC time.
B.1. Time in TBOX MS

The RTC (Real Time Clock)
TBOX MS is equipped with a RTC chip (Real Time Clock). The RTC is used to manage timestamps internally.
Functions of the RTC:
• it is a calendar Y2000 compatible.
• it updates the UTC time (see next).
• it communicates with OS to handle the UTC time, used for data logging.
The RTC time is used at start-up of TBOX MS to update the UTC.
UTC Time
UTC time is based on the number of seconds since 1/1/1970 at Greenwich latitude. It is used as internal timestamp to each
event (alarm, chronology, …)
UTC time is converted into Analog System Variables to give access to time information: second, minute, hour, day, month,
year, week.
Changing UTC time automatically updates the RTC.
When time information needs to be sent (in a report, as header of an e-mail, in the Analog System Variable), it is always
computed from UTC time to a local time according to TBox configuration Time Zone and Daylight Saving option as specified
in the “General” RTU properties.
TBOX MS Time setting

In order to set TBOX MS to PC time, an option is available in the menu “Communication” from the main menu bar; option
available when connected (locally or remotely) to the RTU.
When sending an application to TBOX MS ,

TWinSoft updates automatically the RTU
time to the PC time.
This feature can be deactivated from the
“Send application” menu.
RTU time can be checked anytime doing a RTU Identification, from the main menu -> “Communication”
Day Light Saving (Winter/Summer time)

When installed in regions using daylight saving, TBOX MS handles the changing automatically.
It means that RTC and Analog System Variable [hour] are automatically updated when the time changes.
Standard changing date and time in Europe:
• last Sunday of October: 3:00 → 2:00
• last Sunday of March: 2:00 → 3:00

B.2. Data logging

Chronologies
In chronologies, timestamp is recorded for each log of data. The timestamp recorded is the UTC time. When generating
data, TBOX MS converts UTC timestamps into local timestamps according to its Time Zone. When retrieving data from a
PC, the latter reads UTC timestamps and converts them according to the local time of the PC, depending on the time
settings of the PC. When a daylight saving change occurs, TBOX MS is informed and automatically adapts all coming
timestamps to the new time.
Sampling Tables
In sampling tables, TBOX MS records the timestamp of the last record only. The previous timestamps are built up when
retrieving the data, based on the last timestamp and the period of recording. Conversion into local time is done as above
with chronologies. A choice had to be made concerning periods > 1 hour: either having always the same period of recording
or having always the same “hour” of recording. The latter case has been chosen. When daylight saving change occurs, the
target time is automatically updated for sampling tables having a period > 1 hour.
Example:
If recording a value once a day at 6.00 in the morning, the recording will always happen at 6.00, but when changing from
winter to summer (in Europe), the sampling period will be 23 hours and when changing from summer to winter the period
will be 25 hours.
Periodic Events
When a periodic event is defined with a period > 1 hour, its target time is automatically adjusted when a changing
winter/summer happens.
B.3. System Variables Associated

Some System Variables of TBOX MS are associated to the Time. They can be used in BASIC/Ladder programming to
execute specific operations:
Type Variable Comment
Analog Sec., Min., … 6 Registers giving the time in hour, minute, second, day, month and year.
Analog UtcTim Time in UTC format (number of seconds since 1/1/1970 at Greenwich latitude)
Analog ZonBia Time difference in seconds between local time and UTC time
Analog ZonID ID of the zone where RTU is installed. It uses regional settings of the PC
B.4. Summary
Summary of time handling in the different cases:
System variables in the RTU They display the local time where the RTU is installed, according to the
Regional settings declared in the “General” RTU properties
• Identification from TWinSoft The UTC time is computed according to Regional settings of the PC
• List of alarms in a report The time is computed according to RTU local time (see 1. above)
• List of alarms in TWinSoft See point 2. above
• Object ‘Time’ in WebForm See point 2. above
• System variables in WebForm Displays the value of the variables, as explained point 1. above

C. Plug & Go
Plug & Go allows storing the complete TWinSoft project into the micro SD card of TBOX MS or in a USB stick.
When required, micro SD card must be inserted at the back TBOX MS
Micro SD of max. 32 GBytes, formatted in FAT32.
As TWinSoft project, we mean all files, including TWinSoft compiled document with Web and Report files, OS and even
LINUX kernel; all ready to run in the RTU.
Plug&Go can also be used to generate the full TWinSoft project to the destination of TConnect. The latter will then update
TBox at a scheduled date and time.
C.1. Plug & Go with SD card

There are 4 ways Plug & Go with a SD card can be used:
1. TWinSoft sends a project to TBOX MS .
When TWinSoft sends a program to the RTU, all the files are sent and stored in the micro-SD card. This corresponds to a
complete backup of the project on the SD card.
The advantage is that if you must replace a CPU, you don’t need to send the program; you insert the MMC in the new
CPU and it will start with its program.
2. You insert an empty microSD card in TBOX MS .

The running application of TBOX MS is not copied to the micro-SD card. Only when TWinSoft sends an application to
TBOX MS it will be copied into the SD card (see above).
3. You insert a micro-SD card including a project in a CPU.

In case of differences between the content of the micro-SD card and memory of TBOX MS , SD card has always priority.
Both programs are compared (dates are compared). When dates of creation of the program are different, the project
(including Webform, reports, OS, LINUX, ...) is copied from the SD card to the CPU. It may up to 1 minute. DO NO
RESET The CPU!
During the loading the LED “Run” flash at ½ Hz, indicating the program is stopped.
4. You program the micro-SD card directly from TWinSoft.

A menu in TWinSoft allows storing the project to the SD card. From the main menu “File” -> Plug & Go menu, TWinSoft
compiles the complete project into a directory called repository. You then copy this directory to the SD card using a
Card Reader on your PC.
The advantage is that you don’t need TWinSoft to program the RTU. You can distribute the SD card to the field
technicians.

C.2. Plug & Go with USB stick

To load the application using a USB stick, you must stop TBox program using the button in front of the CPU.
• Insert the USB stick to the USB connector
• Press and maintain the button to “Reset” position during 6 x green flash (Led off) then release the button
• After the LED starting sequence, the LED flashes at ½ Hz during the loading of the program. It can last several
minutes. DO NOT RESET TBox.
C.3. Menu of TWinSoft
Plug Click this button to create the Plug & Go directory repository.
The name is unique. It means if you want to create Plug & Go files for several RTU's, you have to
save each file in separate directories.
Once the Project is compressed, the window displays File Info (see example above)
Plug Info Click this button and select the parent directory of repository directory to display its Info
Extract Sources Once a repository has been selected (see Plug Info… above), allows extracting its content
Generate for TConnect Generates a .zip file for TConnect which will deploy in TBox according to a scheduled date and
time
System Variable
A digital system variable indicates the presence of micro-SD card:

29 MmcToRTU - MMC: indicates whether the program has been loaded from the SD card:
1 = the program of SD card is different from the one of the RTU and has been loaded from
SD card
0 = there is no SD card; the SD card is empty; the program of the SD card is identical to the
one of the RTU

RTU identification
Data relative to MMC is available in RTU
identification window:
C.4. File System.xml

IP address initialization is carried out using a file called ‘System.xml’, placed in the root of the SD Card.
When an IP configuration is defined in System.xml, it has priority on the one declared for the Ethernet
ports of the CPU as well as in a possible ‘Plug&Go’ file.
Example of System.xml
<PortName> Communication port of TBOX MS (COM3 = Ethernet)

<IP> IP address of the port selected
<Subnet> IP address of the Subnet mask of the port selected
<Gateway> IP address of the equipment used as Gateway on the Network
<PrimaryDNS> IP address of the DNS Server (only primary DNS is handled)

D. Pack & Go
D.1. Presentation
Pack & Go is a tool that builds up one file with your complete project, including TWinSoft document, WebForms, Reports,
OS,... The goal is to backup or to transfer a complete project without missing files or to update an RTU with the complete
project without requiring advanced knowledge of TWinSoft. All files are compressed and packed into one file with the
extension .tpg (TWinSoft Pack & Go). Once a project is packed, it can be unpacked and/or updated to the RTU from a
double click on the .tpg file. TWinSoft needs to be installed on the machine used to update the RTU with .tpg file, but the
TWinSoft license is not required.
A license is required to pack (See Appendix A.).
D.2. Pack
To Access Pack & Go Menu, select from the main menu:

‘File’ → ‘Pack & Go…’
Select the button Pack ...
IF YOU ARE OFF LINE while compiling, TWinSoft uses the OS indicated as ‘Off line OS’ in the ‘General
RTU properties’. This OS, and only this OS, will be sent to the RTU.

All Files of the project, TWinSoft

document, WebForm, html
pages, OS, … are packed in one
file, with the extension .tpg
Check the user running the .tpg file runs a version of TWinSoft equal or higher than the one used to pack the
files.
D.3. Unpack
To open the Unpack window, double click a file with the extension .tpg.
Unpack menu offers 2 features:
Restore a project
Extract a project into a
directory of your PC. This
option is very convenient for
backing up a project being
sure you don't miss any file.
Option available from the
main menu: ‘Tools’ →
Unpack.
Update RTU
Update a RTU with a
complete project, including
the application, OS,
WebForms, report, ...from a
unique file.
The button ‘PC Setup…’ gives
you access to the
configuration of the PC, to
communicate with the RTU.

The button ‘Update RTU’

sends the project and OS
to the RTU.
If packed OS is different from OS in the RTU, Pack & Go updated the RTU with the OS
Languages supported by this interface are English, French and German. It cannot be selected from “Unpack” menu but
changed from TWinSoft main menu: “Tools” → “Language”.

E. ModBus Rerouting
E.1. Presentation
One of the nice communication features offered by TBOX MS is the ability to act as a ModBus router. That means that you
can use a TBOX MS to make a connection between 2 x ModBus devices that are not on the same communication channel.
Routing can then be used to access a ModBus device through a TBOX MS .
ModBus Protocols
This feature creates a route between communication ports configured in ModBus protocol(s):
• ModBus-RTU <--> ModBus-RTU
• ModBus-RTU <--> ModBus/TCP
Concerning TCP/IP protocols, other redirections are possible using IP forwarding, NAT and Virtual Server
(see Appendix F.).
Routing 2 communication ports in ModBus/TCP, is called IP forwarding (see next chapter).
Communication Principle
The idea is that TBOX MS receiving frames, analyses the Station address: if it is for its own use, it keeps the frames;
otherwise they are pushed to the “routed” communication port.
E.2. Routing using TWinSoft

ModBus rerouting allows associating two ‘ModBus-RTU’ communication ports, to access a remote RTU with TWinSoft from
your computer by rerouting through a ‘Master’ RTU.
The typical application is dialling an RTU to access a remote RTU connected to the RS485 network.
You access routing from the main menu of TWinSoft :
Communication → Routing

Address: Address of the RTU you are physically

connected (the ‘Master’)
Timeout: Rx timeout used to communicate with the

Remote device
Route from: incoming communication port (the port

of the ‘Master’ TWinSoft is connected to)
to: outgoing communication port (the port of the

‘Master’ connected to the remote device).
Sequence to access a Remote TBox in rerouting:

1. Open in TWinSoft the document corresponding to the “Master” (TBOX MS )
2. Fill in the Routing request menu as explained above.
3. Open in TWinSoft the document corresponding to the “Remote” RTU (if you were using modem communication, you
will have to redial the “Master”).
You are in communication with the Remote TBox.

This sequence is only possible when Master and Remote are of the same model of RTU. If not, you have to
pre-configure the Analog system variable (see next chapter).
Analog System variable ‘Rerout’

An analog system variable ‘Rerout’ can also be used in your Ladder/BASIC logic to force a rerouting. This 16 bits variable
represents 16 communication ports, with the lsb corresponding to COM1.
Example: A rerouting between COM4(…001000) and COM2 (…000010) corresponds to the decimal value =10 (…001010)
Rerouting is only possible with local communication ports configured in ModBus
Sending a program using Rerouting

For instance, you can send a program by dialling a “Master”, and accessing “Slaves” on RS485 network.
Doing a ‘local’ rerouting, for instance from a RS232 port to a RS485, we recommend using the
same Baudrate all ports.
If you have ‘ModBus Transactions’ running between ‘Master’ and ‘Slave’, we recommend
stopping them during rerouting, to avoid communication errors.

E.3. Possibilities of Routing

The table below shows all possible connections between 2 ports:
IN: port in which requests are coming
OUT: ports to which requests have to be sent if it does not concern the “local” RTU (different ModBus address).
OUT RS232 RS485 GSM (CSD) GPRS/3G/4G Ethernet
IN
RS232 - Routing Routing (*) Not avail. Not avail.
RS485 Routing - Routing (*) Not avail. Not avail.
GSM (CSD) Routing Routing - Not avail. Not avail.
GPRS/3G/4G Routing Routing Routing (**) - IP Forward (**)
Ethernet Routing Routing Routing (*) IP Forward (*) -
(*) : increase Time out (see above) to at least 2 seconds.
(**) : increase Time out (see above) to 10 seconds when communicating in GPRS.

F. IP forwarding, NAT, Virtual Server

IP forwarding, NAT and Virtual Server allows redirecting IP requests:
The typical use is a remote access to an IP camera connected to the Ethernet port of the RTU: you connect through
GPRS/3G/4G and the request to the camera is forward to the camera.
This redirection feature requires enabling Advanced IP Configuration. As a matter of fact, if an Ethernet port of the RTU is
connected to a LAN, and the IP forwarding is activated, anyone can access the LAN from a modem connection!
We provide several security levels, to enable these features:
1. From RTU properties, ‘Protection’ tab,

you enable Advanced IP configuration
To generate login and password

corresponding to the code you must use
« Password generator » (see chapter 16.3).

2. From ‘RTU properties’ -> ‘Advanced’ ->

‘TCP/IP’ you can activate the required
service.
When clicking “OK” you have to type the login

corresponding to the code chosen above at
step 1.
To deactivate these features, you are also prompted to type the Advanced IP activation code.
Virtual Server rules can be configured as explained chapter 9.8.

G. Terminal mode
This feature allows accessing modem in AT command, for diagnostics or on-line configuration via a terminal window
through local IP communication (Ethernet or USB).
! ! It requires a good knowledge on using AT commands ! !
In this mode, you access the modem through its RS232 port.
For this port to be available, make sure BOTH internal communication ports of the modem (USB and RS232) are available;
make sure the following option is not checked:
To access the terminal window, go to main menu of TWinSoft “Communication” -> “Terminal” and select the internal GSM
modem.
Example with MS-GSM on COM8.
Check the option “Local echo active” and click “Start”

You can then type “AT” commands.
To quit the Terminal mode, click button “Stop”

H. HTTP Session Authentication

Standard HTTP protection is already embedded in TBox MS , when browser requires to login to access web server (=HTML
pages) of TBox. In addition, TBox MS supports now HTTP session authentication. It acts at TBox "Server" side and provides
to the browser a session ID (or cookie) when it connects and logs. This ID is used all along the session as long as the browser
stays open. When the browser closes, the cookie is deleted and one needs to log again. If there is no data exchange using a
session IDx, eg: the browser has been closed without logout, or there is no communication between the browser and TBox
MS, this session ID is deleted in TBox after 5 minutes.
When TBox MS restarts it resets its session ID's. TBox supports maximum 64 HTTP sessions.
When HTTP session authentication is activated, it replaces the login mechanism from the browser.
H.1. Configuration in TWinSoft

From RTU properties → “Protection”
1. Activate Access Security
Any type of access security can be used.
The login will have to be typed
accordingly.
2. Activate HTTP Protection
From RTU properties →” IP security”

3. Activate HTTP session Authentication

H.2. The Different Ways of using HTTP Session Authentication

H.2.1. HTTP Session Authentication using MainObject
We use an object « Login » embedded in MainObject of WebForm. It requires some script to launch the login. We use a
home page we have set to a required access level = 0 , available to everyone.
In index.twa, "MainObject", group « HTTP Session », type a script to open the login dialog box.
Example: if current access level is different from 3 (=Engineer)

When typing the URL, you are prompted to login, because there is no access level defined yet at that moment:
In the page, only objects with visibility level = always are displayed in background. Type login and
password and click "Login"
The page displays all objects:

As long as the session is opened, you can switch between pages without requiring any login.
To logout, you use script on a button.
For instance:
H.2.2. Login Embedded in Identification Object

With HTTP session active and showing the object "Identification", the latter provides ways to login/logout. In MainObject,
Security, set the Identification=show:

When typing the URL, click the Identification object to login:
Once logged, the page displays all objects (see above).

The advantage of this method is that it does not require any script.
Once logged, you can logout using the same mechanism:

H.2.3. Login htm page embedded in TBox

When none of the above are configured, an authentication htm page appears when a URL has not the required access level.
This page is embedded in the OS.
It will also appear when typing the URL of a report for instance to display its content in runtime when you have not logged in
yet: http://172.25.110.185/report.txt
There is also an internal page to logout. The URL is: http://<IP_address>/api/logout.htm
H.3. Script Functions

Session Authentication can be accessed from script:
WebForms.SessionStart("login", "pwd")
This function allows launching a login without using the embedded login box.
You can define input boxes with name and password and then activate the login with a button running this function.
WebForms.SessionEnd()
This function allows to force ending of a session
WebForms.SessionLoginDialog()
This function allows to force opening of the login dialog box
WebForms.SessionLogoutDialog()
This function allows to force opening logout message box
WebForms.SessionGetCurrentState()
This function allows to read the current state of authentication:

0 : not authenticated
1 : authenticated
-2: HTTP session authenticated not activated

I. Handling Certificates to a Server

More and more, cyber security requires better control on connections: to identify with each other and to hide data using
encryption.
TBox supports both identification and encryption using SSL.
I.1. Introduction
A certificate contains data used in identification and encryption.
Take for instance a connection from a browser to a web server, using SSL. We recognize such a connection by the url
starting with https:// … with “s” like “secured”, like “SSL”.
When the connection must be secured, the client requires information from the server. The certificate on the server will
provide this information to the client: its identity, a date of validity, a signature of the certificate by an authority and a
public key that will be used to decrypt data coming from the server.
On its side, the client checks in its certificate store whether it recognizes the CA certificate that has been used by the server.
Both cases have been implemented in TBox:
• When TBox is server it can provide CA certificate(s) to the client(s). This the case of HTTPS communication for
instance.
• When TBox is client it has a certificate store to validate CA certificate used by server(s), including support of
Certificate Revocation Lists (CRL)
I.2. Case when TBox is Client

There are five services for which TBox can check the validity of a certificate when being a client:
• FTPS: when sending files to a server.

• SMTPS: when sending e-mail.
• POP3S: when connecting to a mail box to read e-mail “subjects”.
• HTTPS: when doing POST do a HTTP server.
• TConnect: to establish VPN configuration between TBox and TConnect.
Let’s take an example with TConnect, that TBox should check the validity of the certificate in TConnect before connecting.

I.2.1. Creating the certificates

We need a certificate and a key for TConnect. The signing certificate that has been used to create the TConnect certificate
will be declared in TWinSoft.
I.2.2. Declaring certificates in TConnect

As of TConnect 1.6, the files can be copied directly into a directory of TConnect:
..\Program Files (x86)\Semaphore\TConnect\System\nginx\conf

The files must be named TConnect…
Then you must replace existing files:

I.2.3. Enabling validation of certificates in TWinSoft
Click “Add” and paste the content of the “Signing” certificate (<file>.crt):

I.2.4. Activating Validation During Connection to The Server

In each Server connection, there is a “Host validation Type” menu:
The options are:

• None: No verification will be done.
• Certificate: Verification according to TBox certificates store (see chapter 6.4.5).
• Certificate and Revocation List: Verification according to the certificates and CRL available in the list of validation (see
also “Certification Revocation List” next).
I.2.5. Log In TBox

I.2.6. Certification Revocation List

The certification revocation list is also called CRL. It indicates to a client which server certificate(s) has(ve) been revoked.
When the client connects to a server it gets its certificate and information about the CA that has signed it. It checks its
validity and then checks in its CRL whether it has been revoked or not.
Then this verification with TBox can be carried out when TBox is “Client”, typically to TConnect.
I.3. Certificate renewal

Be aware that certificates need to be renewed before the end of validity. When the date of validity of a certificate in TBox
has passed, you need to first add the new certificate CA in TBox, connect to the server (using the new certificate and key)
and then only the old certificate can be deleted.
Or do a factory reset of TBox.

J. Signing the Application

This feature allows TBox to check the validity of an application it receives, either from TWinSoft, Pack&Go or Plug&Go. It
will only accept an application which has been compiled on a trusted computer.
This option provides also a verification on an application loaded using Plug&Go (through SD card or USB stick); each file of
Plug&Go will be signed by TWinSoft and checked by TBox upon installation.
J.1. How does it work?

The verification by TBox is based on a CA certificate present in its store.
A key authenticated by this CA is used by TWinSoft to sign the application. All modules: LINUX, OS, Applications are signed.
This feature requires:
To have a Signing certificate in TBox Store. This can be a CA or self-signed certificate.
To have keys signed by the CA that will be used by TWinSoft to sign the application. Those keys must be imported in the list
of certificates of a PC. This PC becomes a trusted computer that will be used to compile TWinSoft application.
We need then a pair of CA and certificate:
Example from XCA utility
The keys (private and public) can be exported from the certificate.
J.1.1. Implementation in TWinSoft
This option can be enabled from the

Advanced RTU properties:

Then the CA certificate must be

declared in TBox Store.
Click “Add” and paste de content of

the certificate (file with extension
.crt).
J.1.2. Adding the keys in Windows

Certificate must be exported with the format PKCS#12 (includes private and public keys).
Example from XCA utility

The certificate must then be declared in Windows. This can be done using Microsoft Management Console (mmc.exe).
Then in folder “Personal -> “Certificates” you import the certificate (file with extension .p12)
We can see which CA has issued this certificate. It must be the one we have declared in TBox store (see above)

J.1.3. Configuring Windows Registry

To indicate at TWinSoft which certificate it must use to sign the application, you create a key in Windows registry, in
following folder:
Key: SigningCertificate
Data: the name of the Certificate
J.1.4. Update or Remove Certificate in TBox

Only the trusted computer can update TBox certificates. It requires the perfect match between:
Windows MMC → TWinSoft list of certificates → TBox store
In case you wish to update a certificate in TBox, the procedure must be carried out with the following sequence.
Imagine you have been using a certificate “Old_CA” and wish to replace it with “New_CA”:
Steps TWinSoft list of Windows MMC TBox Store Comment

certificates
Current situation Old_CA Old_CA + User_key Old_CA TBox runs with “Old_CA”
Send new CA to TBox Old_CA Old_CA + User_key Old_CA Add new CA in TWinSoft and send
New_CA to TBox
In TBox after it restarts Old_CA TBox hosts the new certificate

New_CA
Remove old CA and New_CA New_CA + Old_CA TBox can validate the new signature
update Windows MMC User_key New_CA with the new CA
New after TBox restart New_CA New_CA + New_CA Old CA has been removed from
User_key TBox store
You can keep the same name for the “User_key” used to sign packages by TWinSoft. Therefore, the
Windows Registry does not need to be updated.
In case the date of validity has expire it will not be possible to update TBox or its certificate (see
below) !!

J.1.5. Removing the Signature of the Application
There are two ways of removing the feature:
1. From a trusted computer, send the application

with the feature checked out
2. Doing a global reset, you reset TBox to its factory configuration. This is the only possibility when certificate has been
revoked in TBox.
J.2. The Errors

TBox running with a certificate and program sent from a PC which is not trusted:
There is no certificate declared in Windows Store:
There is no SigningCertificate key in Windows registry:

There is no signing certificate declared in TBox:
J.3. The case of Plug&Go

The signature is also applied to “Plug&Go” package copied on SD card.
When TBox start-ups, it checks the validity of signature in Plug&Go based on its certificate. When it fails, the application is
not updated and TBox keeps running with previous application.
1. TWinSoft sends the CA certificate to TBox Store.

2. TWinSoft signs the content of the Plug&Go (LINUX modules, OS and application) which will be copied on SD card.
3. When inserting the SD card into TBox it checks the signature with certificates in its store.
J.4. Certificate renewal

Be aware that certificates need to be renewed. When the date of validity of a certificate in TBox has passed, it will not
allow any new application. TBox will keep running its current program but will not accept any new program. A factory reset
will be required.

Index
A D
Access level ..........................................................................179 Datalogging ......................................................................... 158
Access Security ..................................................................... 172 chronologies ................................................................... 160
deactivating.................................................................... 180 sampling tables ............................................................... 161
TWinSoft document ....................................................... 180 Debugging ........................................................................... 125
Add-ons................................................................................. 41 Diagnostics .......................................................................... 126
Alarms ..................................................................................136 Document
advanced parameters ....................................................... 51 backup .............................................................................. 35
analog condition ..............................................................139 Dongle ................................................................................. 182
chain ........................................................................ 137, 139 DynDNS............................................................................... 114
digital condition ............................................................... 137
e-mail ............................................................................. 142
end of alarm ..................................................................... 52
E
events stack .................................................................... 148 EDGE ..................................................................................... 72
FTP ..................................................................................143 e-mail ............................................................. 100, 137, 140, 142
group of recipients .......................................................... 144 SMTP from ....................................................................... 51
HTTP ...............................................................................143 Ethernet
internal ............................................................................141 on RTU ............................................................................. 66
link ........................................................................... 137, 139 Events stack ............................................................. 51, 136, 148
Message ......................................................................... 144
ModBus ...........................................................................141
NTP .................................................................................143 F
printer ............................................................................ 142
recipients .........................................................................141 Firewall ..................................................................... 39, 42, 132
SD card ............................................................................143 FTP ............................................................................... 108, 143
SFTP................................................................................143
SMS................................................................................ 142 G
time tables ..................................................................... 146
USB stick .........................................................................143 Global code .......................................................................... 178
Alarms stack ................................................................... 51, 136 Global Reset .......................................................................... 32
Alarms table ............................................................ 51, 136, 148 GPRS ..................................................................................... 72
Approvals .............................................................................. 12 GPS ....................................................................................... 87
Group of Tags ........................................................................ 93
GSM ...................................................................................... 70
B 3G/4G ............................................................................... 72
Bridge................................................................................... 117 communicating from TWinSoft ......................................... 29
Brute force protection..................................................... 62, 177 communication variables .................................................. 74
CSD-DATA settings........................................................... 71
IP and SMS ....................................................................... 74
C IP settings ......................................................................... 72
signal level ........................................................................ 81
Caller ID ................................................................................. 82 GSM message
Certificates .......................................................................... 204 header .............................................................................. 52
TBox store ........................................................................ 43
Chronologies ....................................................................... 158
analog ............................................................................ 160 H
digital ............................................................................. 160
Communication Hardware concept.................................................................. 16
CPU ports ......................................................................... 65 Historical data ...................................................................... 136
PC Setup........................................................................... 25 HSDPA .................................................................................. 72
status ............................................................................... 31 HTTP protection ...................................................................175
testing with TWinSoft ....................................................... 31 HTTP Server
to other RTU ....................................................................163 post to HTTP server ........................................................ 122
variables ........................................................................... 79 HTTP session ................................................................. 42, 198
Compiling an application ....................................................... 36 HTTPS ............................................................................. 39, 42

Password utility ................................................................... 178

I PC
I/O 94 system requirement .......................................................... 18
analog .............................................................................. 95 PC Setup
IP Forwarding ........................................................................ 58 IP setting .......................................................................... 28
IP Parameters ...................................................................... 106 Periodic Events .................................................................... 170
IP Security ........................................................................... 128 Plug & Go............................................................................... 61
IP setting POP3 ............................................................................ 111, 149
TWinSoft PC Setup ........................................................... 28 controlling RTU ............................................................... 152
USB .................................................................................. 25 Power Fail .............................................................................. 60
Windows .......................................................................... 26 Precautions ............................................................................ 11
ISP ........................................................................................ 107 Protection
FTP .................................................................................. 177
HTTP ...............................................................................175
L IP socket ......................................................................... 176
Modbus .......................................................................... 172
LED ReadSMS ........................................................................ 174
‘Run’ ................................................................................. 33 TWinSoft document........................................................ 172
MS-CPU16 ........................................................................ 33 PSTN modem ........................................................................ 69
MS-CPU32(-S2) ................................................................ 34
License ................................................................................ 182
code ............................................................................... 182 R
dongle ............................................................................ 182
evaluation....................................................................... 182 RAS ..................................................................................... 143
TWinSoft LITE ................................................................ 182 ReadSMS ............................................................................. 149
Login/Logout ........................................................................179 Recipients ............................................................................ 141
Registers ................................................................................ 96
Remote Tags ..................................... See ModBus Transactions
M Report ............................................................ 100, 136, 137, 140
Reset ..................................................................................... 32
Memory ................................................................................. 36 Resources .............................................................................. 64
ModBus CPU .................................................................................. 64
address of station ............................................................. 40 RTC...................................................................................... 183
communication as 'Master' ..............................................163 RTU Properties ...................................................................... 39
default station address ..................................................... 32 advanced .......................................................................... 49
rerouting .........................................................................191 general ............................................................................. 40
ModBus device .....................................................................163 ModBus Transactions ........................................................ 56
ModBus Transactions ...........................................................163 name of the station ........................................................... 40
creating .......................................................................... 164 Ports ................................................................................. 57
ModBus device ................................................................163 report name ...................................................................... 61
through dial-up modem .................................................. 168 summer/winter ................................................................. 41
timing ............................................................................. 169 TCP/IP............................................................................... 58
trigger ............................................................................ 164 Tel. number ...................................................................... 40
Modem time zone .......................................................................... 41
caller ID ............................................................................ 82 RTU startup ........................................................................... 49
states ............................................................................... 82 RTU Type ............................................................................... 40
Run Time Parameters .......................................................... 101
N
NAT ....................................................................................... 58 S
NTP ............................................................................... 113, 143 Sampling Tables ........................................................... 159, 161
advanced properties ......................................................... 54
O Saving a document ................................................................ 35
Security
OpenVPN ............................................................................ 128 access security ................................................................ 172
Operating System.................................................................. 35 programming .................................................................... 62
Overview ............................................................................... 14 Security wizard ...................................................................... 44
Sending an application ........................................................... 37
Serial
P on RTU ............................................................................. 65
Pack & Go ............................................................................ 188 SFTP ............................................................................. 109, 143
Password Signing
SSH ............................................................................. 39, 43 application ...................................................................... 209
TWinSoft document ........................................................ 177 SMS
acknowledgment with incoming SMS ............................. 150

coding ............................................................................ 145 Trace Log ............................................................................. 125

controlling RTU .............................................................. 152 TView .................................................................................. 136
header .............................................................................. 52 TWinSoft
Tag value in a message ................................................... 145 starting ............................................................................. 22
SMTP ...................................................................................110 TWinSoft Suite
SSH password................................................................... 39, 43 installation ........................................................................ 19
Switch ................................................................................... 32 programs .......................................................................... 21
syslog ................................................................................... 127 system requirement .......................................................... 18
System Variables
analog .............................................................................. 86
digital ............................................................................... 83
U
GPS .................................................................................. 87 UMTS .................................................................................... 72
system.xml ........................................................................... 187 USB
IP setting to PC ................................................................. 25
T on RTU ............................................................................. 75
UTC time ............................................................................. 183
Tags
analog variable ................................................................. 97
digital variable .................................................................. 96
V
group................................................................................ 93 Variables
I/O 94 I/O 94
initial value ....................................................................... 97 internal variables............................................................... 96
internal variables .............................................................. 96 system .............................................................................. 83
ModBus address ............................................................... 99 Virtual Server .................................................................. 58, 116
presentation ................................................................... 100 VPN .................................................................... See OpenVPN
text variable...................................................................... 98
write ............................................................................... 100
TBox Mail .............................................................................. 20 W
TConnect .............................................................................. 131
LAN connection .............................................................. 124 WebForm............................................................................. 100
user ................................................................................. 174 WebForm Viewer (obsolete) ................................................... 20
TCP/IP address Week of the year .................................................................... 91
incoming call .................................................................... 58 Windows IP setting ................................................................ 26
of the CPU ........................................................................ 65 Wizard ................................................................................... 23
Temperature units ................................................................. 56 security ............................................................................. 44
Terminal mode .................................................................... 196 Working Modes...................................................................... 33
Time .....................................................................................183
system variables ............................................................. 184 X
week of the year ............................................................... 91
winter/summer ................................................................183 XmlTag .................................................................................. 88
Toggle Switch ........................................................................ 32

Copyright © 2022 Ovarro SA. ALL RIGHTS RESERVED.

Copyright in the whole and every part of this document belongs to Ovarro SA (‘the Owner’) and may not be used,
sold, transferred, copied or reproduced in whole or in part in any manner or form or in or on any media to any
person other than in accordance with the terms of the Owner’s agreement or otherwise without the prior written
consent of the Owner.

TBoxMS Programming 2.13

Uploaded by

TBoxMS Programming 2.13

Uploaded by

February 2022

General enquiries or enquiries regarding Ovarro SA

Version: 2.13 Page 2 of 218

Author Reviewer 1 Reviewer 2 Reviewer 3 Approver

Version: 2.13 Page 3 of 218

Version: 2.13 Page 4 of 218

4.10.4 Sending an application ................................................................................................................................... 37

Version: 2.13 Page 5 of 218

8.1 PHYSICAL I/O .......................................................................................................................................................... 94

Version: 2.13 Page 6 of 218

10.2.2 Firewall “Forward” ....................................................................................................................................... 134

Version: 2.13 Page 7 of 218

14.1 INTRODUCTION ...................................................................................................................................................... 163

Version: 2.13 Page 8 of 218

D. PACK & GO .................................................................................................................................................. 188

Version: 2.13 Page 9 of 218

Important Safety Instructions

Version: 2.13 Page 10 of 218

General Precautions in Cabling

Version: 2.13 Page 11 of 218

EMC EN 61000-4-2:1995 + A1:1998 + A2:2001 EN 61000-4-8:1993 + A1:2001

Version: 2.13 Page 12 of 218

The ‘all-in-one’ concept of TBOX MS

Version: 2.13 Page 13 of 218

Overview of TBOX MS possibilities

Browser on PC, TWinSoft

Version: 2.13 Page 14 of 218

1 How to Use This Manual?

It first introduces to the hardware concept of TBOX MS.

Information related to Licenses is available in Appendix A.

1.2 What is not in the manual?

Version: 2.13 Page 15 of 218

2 The hardware concept

A RTU TBOX MS is built up using Racks and Cards.

2.1 The Racks

Racks are made in aluminum alodined, giving a

There are 5 models of Racks:

Version: 2.13 Page 16 of 218

2.2 The Cards

Cards are formed of a PCB mounted in aluminum

Bare aluminum inside the enclosure and on the

There are several Card models:

Version: 2.13 Page 17 of 218

Version: 2.13 Page 18 of 218

3.2 Content of the USB stick

Installation of TWinSoft includes:

Version: 2.13 Page 19 of 218

(Administrator credentials is required during installation.)

Documents All documentation related to TBox is available.

Administrator credentials is required during installation

Version: 2.13 Page 20 of 218

3.3 Programs of ‘TWinSoft Suite’

Other programs and menus (Found on Semaphore folder):

Version: 2.13 Page 21 of 218

Version: 2.13 Page 22 of 218

Free name of the RTU (max. 11 char.)

ModBus Station address (1...254)

Sub address (0...255)

Version: 2.13 Page 23 of 218

This window helps you in configuring

• you select a model of GSM

This window helps you configuring a

The TCP port 443 is

Version: 2.13 Page 24 of 218

4.2 Communicating with TBOX MS

4.3 PC Communication Set up

From the main menu of TWinSoft: → Communication → PC Setup:

Example: Communication Through Ethernet

Example with a Ethernet communication:

Version: 2.13 Page 25 of 218

4.3.1 Communication possibilities of TWinSoft

Version: 2.13 Page 26 of 218

In IPv4 properties, type IP setting in the same subnet as TBox:

Version: 2.13 Page 27 of 218

4.3.3 IP setting of TWinSoft

1. You program your TBOX MS through Ethernet and