C79000-G8976-1415 APE APE1808 ConfigurationManual

Edition 04/2023
Configuration Manual
SIMATIC NET
Networking Components
RUGGEDCOM APE (Application Processing Engine)
For APE1808LNX, APE1808W10, APE1808CKP, APE1808ADM, APE1808SAM-L,

APE1808ELAN, APE1808CC
https://www.siemens.com/ruggedcom
Preface
Overview 1
Configuring and Using the
RUGGEDCOM APE 2
SIMATIC NET
Frequently Asked Questions 3
Networking Components
RUGGEDCOM APE (Application
Processing Engine)
Configuration Manual
For APE1808LNX, APE1808W10, APE1808CKP,

APE1808ADM, APE1808SAM-L, APE1808ELAN,
APE1808CC
04/2023
C79000-G8976-1415-05
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety
alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown
below are graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger
will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning
relating to property damage.
Qualified personnel
The product/system described in this documentation may be operated only by personnel qualified for the
specific task in accordance with the relevant documentation, in particular its warning notices and safety
instructions. Qualified personnel are those who, based on their training and experience, are capable of
identifying risks and avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant
technical documentation. If products and components from other manufacturers are used, these must be
recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning,
operation and maintenance are required to ensure that the products operate safely and without any
problems. The permissible ambient conditions must be complied with. The information in the relevant
documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens Canada Ltd.. The remaining trademarks in this
publication may be trademarks whose use by third parties for their own purposes could violate the rights of
the owner.
Disclaimer of liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
Digital Industries C79000-G8976-1415-05 Copyright © Siemens 2023

Process Automation © 04/2023 Subject to change All rights reserved
300 Applewood Crescent
Concord, Ontario, L4K 4E5
Canada
Table of contents
Preface ............................................................................................................................................ v
Security Information ................................................................................................................ v
Related Documents ................................................................................................................. vi
SIMATIC NET Glossary ............................................................................................................. vi
Registered trademarks ............................................................................................................ vi
Warranty ................................................................................................................................ vii
Training ................................................................................................................................. vii
Customer support ................................................................................................................. viii
Contacting Siemens .............................................................................................................. viii
1 Overview ............................................................................................................................... 1
1.1 Operating System .................................................................................................. 1
1.2 Requirements and Restrictions ............................................................................... 3
1.3 Security Recommendations ................................................................................... 4
1.4 Operating Temperature Range and Behavior .......................................................... 6
1.5 Rebooting/Powering Down the RUGGEDCOM APE Module ...................................... 6
1.6 Internal Network Interface .................................................................................... 6
1.7 Default IP Addresses .............................................................................................. 7
1.8 RUGGEDCOM APE Ethernet and Network Settings .................................................. 8
1.8.1 Example: Networking in Factory Default Conditions ............................................... 8
1.8.2 Example: RX15xx Services and WAN Networking ................................................... 9
1.9 Decommissioning the Module ............................................................................. 10
2 Configuring and Using the RUGGEDCOM APE .................................................................... 13
2.1 Logging in to RUGGEDCOM APE .......................................................................... 13
2.2 Adding a User (Linux Only) ................................................................................. 13
2.3 Setting the Root and User Passwords (Linux Only) ............................................... 14
2.4 Setting the BIOS Password .................................................................................. 14
2.5 Disabling Alternative Boot Options ...................................................................... 15
2.6 Setting the GRUB Bootloader Password ................................................................ 16
2.7 Setting the Hard Drive Password ......................................................................... 17
2.8 Disabling the Gigabit Ethernet Port (Linux Only) .................................................. 17
2.9 Configuring the APE1808ELAN ............................................................................ 17
2.10 Troubleshooting the RUGGEDCOM APE ................................................................ 18
3 Frequently Asked Questions ............................................................................................... 21

Configuration Manual, 04/2023, C79000-G8976-1415-05 iii
Table of contents
iv RUGGEDCOM APE (Application Processing Engine)

Configuration Manual, 04/2023, C79000-G8976-1415-05
Preface
This guide describes how to install and configure the RUGGEDCOM APE in any
RUGGEDCOM RX15xx device. Its purpose is to familiarize users with the ways
that RUGGEDCOM APE can be used to support processing applications in RX15xx
networks. It includes information about:
• The RUGGEDCOM APE modules
• Obtaining, installing and using the RUGGEDCOM APE software
• Configuring networks with RUGGEDCOM APE
• Troubleshooting
This guide is intended for use by network technical support personnel who are
familiar with the operation of networks and the supplied operating system (i.e.
Windows, Linux, etc.). Others who might find the book useful are network and
system planners, system programmers, and line technicians.
Security Information
Siemens provides products and solutions with industrial security functions that
support the secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it
is necessary to implement – and continuously maintain – a holistic, state-of-the-art
industrial security concept. Siemens’ products and solutions constitute one element
of such a concept.
Customers are responsible for preventing unauthorized access to their plants,
systems, machines and networks. Such systems, machines and components should
only be connected to an enterprise network or the internet if and to the extent
such a connection is necessary and only when appropriate security measures (e.g.
firewalls and/or network segmentation) are in place.
For additional information on industrial security measures that may be implemented,
please visit https://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them
more secure. Siemens strongly recommends that product updates are applied as
soon as they are available and that the latest product versions are used. Use of
product versions that are no longer supported, and failure to apply the latest updates
may increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security
RSS Feed under https://www.siemens.com/cert.

Configuration Manual, 04/2023, C79000-G8976-1415-05 v
Preface
Related Documents
Related Documents
The following are other documents related to this product that may be of interest.
Unless indicated otherwise, each document is available on the Siemens Industry
Online Support (SIOS) [https://support.industry.siemens.com] website.
Note
Documents listed are those available at the time of publication. Newer versions
of these documents or their associated products may be available. For more
information, visit SIOS or consult a Siemens Customer Support representative.
Catalogs
Document Title Link
RUGGEDCOM RX1500 Modules Catalog https://support.industry.siemens.com/cs/ww/en/
view/109747072
Installation Guides
Document Title Link
RUGGEDCOM RX1500 Installation Guide https://support.industry.siemens.com/cs/ww/en/
view/82166529
view/82164308
view/82164310
view/82166915
view/82167597
SIMATIC NET Glossary

The SIMATIC NET Glossary describes special terms that may be used in this
document.
The glossary is available online via Siemens Industry Online Support (SIOS) at:
https://support.industry.siemens.com/cs/ww/en/view/50305045
Registered trademarks
The following and possibly other names not identified by the registered trademark
sign ® are registered trademarks of Siemens Canada Ltd.:
• RUGGEDCOM
• ROS
vi RUGGEDCOM APE (Application Processing Engine)

Preface
Warranty
• RCDP
• Discovery Protocol
Windows® is a registered trademark of Microsoft Corporation in the United States
and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other
countries.
The registered trademark Linux® is used pursuant to a sublicense from LMI, the
exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.
Other designations in this manual might be trademarks whose use by third parties
for their own purposes would infringe the rights of the owner.
Warranty
Refer to the License Agreement for the applicable warranty terms and conditions, if
any.
For warranty details, visit https://www.siemens.com or contact a Siemens customer
service representative.
Training
Siemens offers a wide range of educational services ranging from in-house training
of standard courses on networking, Ethernet switches and routers, to on-site
customized courses tailored to the customer's needs, experience and application.
Siemens' Educational Services team thrives on providing our customers with the
essential practical skills to make sure users have the right knowledge and expertise
to understand the various technologies associated with critical communications
network infrastructure technologies.
Siemens' unique mix of IT/Telecommunications expertise combined with domain
knowledge in the utility, transportation and industrial markets, allows Siemens to
provide training specific to the customer's application.
For more information about training services and course availability, visit https://
www.siemens.com or contact a Siemens Sales representative.

Configuration Manual, 04/2023, C79000-G8976-1415-05 vii
Preface
Customer support
Customer support
Customer support is available 24 hours, 7 days a week for all Siemens customers.
For technical support or general information, contact Siemens Customer Support
through any of the following methods:
Online
Visit http://www.siemens.com/automation/support-request to submit a Support Request
(SR) or check on the status of an existing SR.
Telephone
Call a local hotline center to submit a Support Request (SR). To locate a local hotline
center, visit https://w3.siemens.com/aspa_app/?lang=en.
Mobile app
Install the Industry Online Support app by Siemens AG on any Android, Apple iOS or
Windows mobile device and be able to:
• Access Siemens' extensive library of support documentation, including FAQs and
manuals
• Submit SRs or check on the status of an existing SR
• Contact a local Siemens representative from Sales, Technical Support, Training, etc.
• Ask questions or share knowledge with fellow Siemens customers and the support
community
Contacting Siemens
Address Siemens Canada Ltd.
Digital Industries
Process Automation
Concord, Ontario
Canada, L4K 5C7
Telephone Toll-free: 1 888 264 0006
Tel: +1 905 856 5288
Fax: +1 905 856 1995
E-Mail [email protected]
Web https://www.siemens.com
viii RUGGEDCOM APE (Application Processing Engine)

Overview
1
The RUGGEDCOM APE (Application Processing Engine) is an x64-based computer
designed to occupy a single line module slot in a RUGGEDCOM RX15xx device. The
RUGGEDCOM APE can host a variety of x64-based operating systems and features
Gigabit Ethernet, USB ports and a Display port.
The following RUGGEDCOM APE modules are available:
• APE1808LNX
• APE1808W10
• APE1808CKP
• APE1808ADM
• APE1808SAM-L
1 2 3 4 5
4 6
1 SD Card Slot
2 Display Port
3 Gigabit Ethernet (GbE) Port
4 USB Ports
5 Reset Button
6 Power LED
Figure 1.1 RUGGEDCOM APE Module
1.1 Operating System

The RUGGEDCOM APE is available with one of the following operatings systems pre-
installed:
• Debian Linux®
• Microsoft Windows® 10 Enterprise 2019 LTSC

Configuration Manual, 04/2023, C79000-G8976-1415-05 1
Overview
1.1 Operating System
Upgrading or Changing the Operating System

The operating system can be upgraded or extended as needed. It can also be
changed to an alternative software platform, such as Linux Mint or Ubuntu.
NOTICE
Siemens assumes no responsibility for upgrades or changes made to the operating
system.
NOTICE
Each RUGGEDCOM APE module supports UHS-I SD cards through its base operating
system. If the operating system is changed, make sure the replacement operating
system also supports this type of SD card.
Other Software/Applications
Siemens does not support any software installed on the RUGGEDCOM APE. This
includes, but is not limited to, software images provided by Siemens Customer
Support.
Linux and SD Card Support

By default, the Linux-based version of the RUGGEDCOM APE does not support SDXC
or SDUC microSD cards (i.e. microSD cards with a memory size of 32 GB or higher).
SDXC and SDUC microSD cards use the Extended File Allocation Table (exFAT)
file system, which is not pre-installed in the Linux-based versions of the
RUGGEDCOM APE. For more information, refer to the SD Standard Overview [https://
www.sdcard.org/developers/overview/capacity].
Linux add-ons that provide support for exFAT are available but must be used in
conjunction with a valid license from Microsoft or a Microsoft-authorized provider.
For more information, refer to the Microsoft Technology Licensing Program for
exFAT [https://www.microsoft.com/en-us/legal/intellectualproperty/mtl/exfat-
licensing.aspx].
Windows Support
Some Microsoft Windows 10 IoT Enterprise features (such as Cortana with voice,
support for 5-point touch, etc.) may require advanced hardware.
For more information, refer to https://new.siemens.com/global/en/products/
automation/industrial-communication/rugged-communications/ruggedcom-portfolio/
accessories/ape.html.
2 RUGGEDCOM APE (Application Processing Engine)

Overview
1.2 Requirements and Restrictions
Windows Licensing
To run Windows® 10 Enterprise 2019 LTSC on the RUGGEDCOM APE, the Windows®
operating system must be activated after the RUGGEDCOM APE module has been
installed.
For more information, refer to the product key sticker (included in the product
packaging) and Windows® Support [https://support.microsoft.com/en-us/
help/12440].
NOTICE
Microsoft products are not designed or intended for use in any system or application
where failure or fault of any kind could lead to death or serious bodily injury of any
person, or severe physical or environmental damage, otherwise considered high risk
use. High risk use is strictly prohibited.
1.2 Requirements and Restrictions

Note the following requirements and restrictions for using the RUGGEDCOM APE:
• Chassis Operating System
The RUGGEDCOM RX1500-series chassis must have RUGGEDCOM ROX v2.12.4 or
higher installed.
• Operating Temperature Range
Each module is rated for operation within the temperature range of -40 to 75 °C
(-40 to 167 °F).
• Power Consumption
When using the RUGGEDCOM APE module in combination with other line
modules – including other RUGGEDCOM APE modules – make sure the total
power consumption of all installed line modules does not exceed the power
budget of the RUGGEDCOM RX15xx host device.
NOTICE
Electrical hazard - risk of power failure
Installing more modules than allowed on a RUGGEDCOM RX15xx device can
lead to power fluctuations and irregular shut downs.
Module Power Consumption

Module Type Power Consumption
RUGGEDCOM APE1808 12 W
2-Port Fiber Optic (FG50 + SFPs) 7W
6-Port Fiber Optic (6FX50) 7W
WAN Cell (3G, LTE) 7W

Overview
1.3 Security Recommendations
Module Type Power Consumption

2-Port Copper (M12, RJ45) 4W
WAN T1, E1 3W
Serial (S01) 3W
Power Budget Considerations

Total Power Budget for the Device 50 W
Power Budget for Line Modules (@ 9 W Used For the System) 41.5 W
Line Module Power Budget Remaining After One APE1808 29.5 W
Module (12 W) Is Installed
Line Module Power Budget Remaining After Two APE1808 17.5 W
Modules (24 W) Are Installed
• USB Storage Devices

USB storage devices used with the RUGGEDCOM APE must have USB 3.0
Interfaces. Other peripheral devices, such as keyboards and mice, may have USB
2.0 or 3.0 interfaces.
• SD Card Usage
Limit the usage of 3.3 V SD cards and use UHS-I type SD cards whenever possible.
• eMMC speed limitation
The maximum speed of the on-board eMMC primary permanent storage device
is limited to DDR50 by the APE1808 BIOS. Any BIOS settings suggesting an eMMC
speed higher than DDR50 take no effect.

To assist in securing the module, note the following recommendations:
Note
When applicable, these recommendations can apply to all software and applications
that may be installed on the RUGGEDCOM APE module. This includes Debian Linux,
Microsoft Windows, and RUGGEDCOM applications pre-installed on the base image
(i.e. CROSSBOW, ELAN, and CloudConnect).
Hardware/Software
• Before commissioning and for on-going maintenance of the RUGGEDCOM APE
line module, apply the latest security updates from Debian or from Microsoft as
per the standard Windows® 10 Enterprise update procedure in line with the local
security policy of the deployed environment. For more information on applying
security updates from Debian, refer to the user documentation provided by
Debian or Microsoft.

Overview
• Before using the RUGGEDCOM APE, make sure all relevant CERT security
advisories for the RUGGEDCOM RX1500-series hosting the APE have been
applied. For the latest information about security patches for Siemens products,
visit the CERT Services website [https://new.siemens.com/global/en/products/
services/cert.html]. Updates to Siemens Product Security Advisories can
be obtained by subscribing to the RSS feed on the ProductCERT Security
Advisories website [https://new.siemens.com/global/en/products/services/
cert.html#SecurityPublications], or by following @ProductCert on Twitter.
• Only enable the physical ports that are required on the module. Unused physical
ports could potentially be used to gain access to the network behind the module.
• When using the Windows®-based version of the RUGGEDCOM APE, as per the
local environment’s security policy, use Bitlocker to avoid unauthorized access to
sensitive information stored on the hard drive.
Authentication
• When using the Linux-based version of the RUGGEDCOM APE, as per the
local environment’s security policy, add an administrative account, disable
the root user on Debian Linux, and replace any default passwords. For a list
of default user profiles and passwords, refer to "Logging in to RUGGEDCOM
APE" (Page 13).
• To prevent unauthenticated access to the BIOS, configure a supervisor password
and set the power on password. For more information, refer to "Setting the BIOS
Password" (Page 14).
• When using the Linux-based version of the RUGGEDCOM APE, ensure the GRUB
bootloader password is configured. For more information, refer to "Setting the
GRUB Bootloader Password" (Page 16).
• Use strong passwords. Avoid weak passwords such as password1, 123456789,
abcdefgh, etc.
• Passwords should not be re-used across different usernames and systems, or
after they expire.
• If an application on the RUGGEDCOM APE uses SSH and/or TLS keys, generate
new keys and protect them inline with the environment’s local security policy
before provisioning the unit.
Physical/Remote Access
• Do not connect the device to the Internet. Deploy the device only within a secure
network perimeter.
• Exercise extreme caution when changing any settings in the BIOS. For example,
USB and PXE boot are disabled by default; enabling these settings is not
advisable for securing the module.
• Control access to the USB, SD card slot, and gigabit Ethernet ports to the same
degree as any physical access to the module.

Overview
1.4 Operating Temperature Range and Behavior
Policy
• Periodically audit the module to make sure it complies with these
recommendations and/or any internal security policies.
• Review the user documentation for other Siemens products used in coordination
with RUGGEDCOM APE for further security recommendations.
1.4 Operating Temperature Range and Behavior

The RUGGEDCOM APE is rated for operation within the temperature range of -40 to
75 °C (-40 to 167 °F).
1.5 Rebooting/Powering Down the RUGGEDCOM APE Module
NOTICE
Electrical hazard - risk of damage to the device.
When hot swapping the RUGGEDCOM APE module, wait 3 seconds before re-
inserting the module into the RUGGEDCOM router.
NOTICE
Whenever possible, reboot the RUGGEDCOM APE from the operating system instead
of requesting a reboot with the Reset button. This helps to safeguard against
improper shutdowns and protect data integrity.
Powering Down the RUGGEDCOM APE

To fully power down the module, shut down the operating system.
Rebooting the RUGGEDCOM APE

To reset the module, restart the operating system.
1.6 Internal Network Interface

In addition to the gigabit Ethernet interface on the faceplate, the RUGGEDCOM
APE features an internal gigabit Ethernet interface on the back of the module that
interfaces with the host RUGGEDCOM RX15xx device. The interface can be used
by the operating system running on the RUGGEDCOM APE as a normal network
interface. Typical port parameters for the internal interface, such as speed, duplex,
VLANs, and more, can be configured via RUGGEDCOM ROX II.

Overview
1.7 Default IP Addresses
NOTICE
Interface settings configured via RUGGEDCOM ROX II must be mirrored within
the RUGGEDCOM APE module. For instance, if a VLAN is assigned to the module
in RUGGEDCOM ROX II, a corresponding VLAN must also be configured via the
module's operating system.
2 2 3
1 Switch Fabric Data Plane

2 Line Module (10/100/1000Base-TX)
3 RUGGEDCOM APE Module
4 Gigabit Ethernet (GbE) Network Interfaces
Figure 1.2 A RUGGEDCOM RX15xx Device With a RUGGEDCOM APE Module Installed
1.7 Default IP Addresses

Based on the software platform installed on the RUGGEDCOM APE, the IP addresses
for the front and/or internal ports may be pre-configured or set dynamically by the
Dynamic Host Configuration Protocol (DHCP).
Software Platform External Port (RJ45) Internal Port
Windows® 10 Enterprise 2019 DHCP DHCP
LTSC
Debian Linux® DHCP DHCP

Overview
1.8 RUGGEDCOM APE Ethernet and Network Settings
1.8 RUGGEDCOM APE Ethernet and Network Settings

The RUGGEDCOM APE is essentially a two-port industrial computer. When the
RUGGEDCOM APE is inserted into a chassis, the first internal Ethernet port is
activated on the connector that carries power to to the RUGGEDCOM APE. The
second RUGGEDCOM APE Ethernet port is available for use on the faceplate of the
RUGGEDCOM APE line module.
To the RX15xx device, the RUGGEDCOM APE internal Ethernet port appears like any
other Gigabit-capable switched or routed port.
For examples of how the RUGGEDCOM APE can be configured in a RX15xx device,
refer to "Example: Networking in Factory Default Conditions" (Page 8) and
"Example: RX15xx Services and WAN Networking" (Page 9).
1.8.1 Example: Networking in Factory Default Conditions

The following figure illustrates how routing and switching would work when the
RUGGEDCOM APE is used in a RUGGEDCOM RX15xx chassis with a four-port Ethernet
module in LM2.
Figure 1.3 Example Configuration
In the factory default condition, all Ethernet interfaces on the RUGGEDCOM RX15xx
router (including the internal port of the RUGGEDCOM APE) are created as switched
ports in the default VLAN. When DHCP is configured in RUGGEDCOM ROX II, an IPv4
subnet and a gateway IP are automatically assigned to this VLAN.
In RUGGEDCOM ROX II, the default conditions for this VLAN are to use PVID 1 and to
operate untagged. The factory default creates the switch group (switch.0001) for
devices on this VLAN and creates a virtual interface 192.168.0.2/24 for devices (such
as the RUGGEDCOM APE) in switch.0001 to reach services on the control module and
network management.
In this situation, the RUGGEDCOM APE can be assigned an unused IP address
in subnet 192.168.0.0/24 and communicate with other devices in VLAN1 at a
bridging and routing level. In figure 1.3, "Example Configuration" (Page 8), the
RUGGEDCOM APE ETH0 interface has been assigned an address of 192.168.0.1,
either manually by the user or automatically by a pre-configured DHCP server, to

Overview
1.8.2 Example: RX15xx Services and WAN Networking
allow it to communicate on VLAN1. It has also been assigned a unique subnet to its
ETH1 port.
The RUGGEDCOM APE can also access services and network management of the
RUGGEDCOM RX1500 control module at its 192.168.0.2 address. These services
include SSH, HTTP and HTTPS services for network management, DHCP, NTP and TCP
connections to chassis serial ports.
The RUGGEDCOM APE can also communicate with any hosts on interfaces lm-2-1
through lm-2-4.
Should you wish to configure the RUGGEDCOM APE to forward traffic through to the
192.168.1.0/24 network via fe-cm-1, you would need to configure 192.168.0.2 as a
default gateway.
For much the same reason, should you wish to forward traffic arriving on fe-cm-1
through to the 172.16.0.0/16 network via the RUGGEDCOM APE, you would need to
configure a route for it on the RUGGEDCOM RX15xx device and enable IP forwarding
from the Windows or Linux operating system.
Note
When operating the RUGGEDCOM APE in either switch or router mode, the
RUGGEDCOM RX15xx will issue RSTP BPDUs to the RUGGEDCOM APE.
If you do not wish the RUGGEDCOM APE to receive these BPDUs, they may be
disabled in RUGGEDCOMRUGGEDCOM APE in the interface switch menu for the
RUGGEDCOM APE interface.
1.8.2 Example: RX15xx Services and WAN Networking

The following illustration shows how the RUGGEDCOM APE might be used in a more
complex situation in which it is routed as opposed to bridged. The use of internal
serial ports, firewalls, and port forwarding is discussed.

Overview
1.9 Decommissioning the Module
Figure 1.4 Example Configuration
In this scenario, the RUGGEDCOM APE is reached via a routed interface. This is
accomplished by moving the RUGGEDCOM APE port onto its own VLAN, and creating
a point-to-point connection between it and the control module.
The figure shows six serial ports available on serial LM 3. In order to become
network-accessible, these ports must be configured as socket ports that allow
incoming calls on TCP ports 5001 (ser-3-1) through 5006 (ser-3-6). While any
address on the RX1500 control module may be used to connect the RUGGEDCOM
APE to these ports, switch.0001, switch.0002, and dummy0 addresses are
recommended. In particular, dummy0 addresses are useful when router redundancy
is implemented.
As in the previous scenario, devices on the 192.168.0.0/24 subnet are still available
to the RUGGEDCOM APE; however, in this scenario, they are available through
routing.

Before taking a RUGGEDCOM APE module out of service make sure the module
has been fully decommissioned. This includes removing any sensitive, proprietary
information.
Note
For additional assistance in decommissioning the module, contact Siemens Customer
Support.
To decommission a RUGGEDCOM APE module, do the following:

1. Create a bootable USB running an operating system that can support data
erasure tools.

Overview
2. Load the operating system by selecting the USB device from the BIOS boot
settings.
3. From the operating system, use standard erasure tools to erase data on the
module that represents the RUGGEDCOM APE's flash memory. For example, use
standard Linux tools, such as dd, wipe, or shred, to wipe data from the module.
NOTICE
Security hazard – risk of data exploitation
Regardless of the erasure tool or method employed, even following multiple rounds
of flashing, erasure, or overwriting, residual data may still be present on Flash-based
storage media. To guarantee the destruction of all sensitive data persisting on the
unit, physical destruction of the storage media/platform may be required.

Overview

Configuring and Using the RUGGEDCOM APE
2
The following sections describe how to configure and use the RUGGEDCOM APE:
NOTICE
Before using the RUGGEDCOM APE, create a backup image that can be restored
should the module be configured improperly.
Warranty does not support modules rendered inoperable/inaccessible due to
configuration errors made by the user.
2.1 Logging in to RUGGEDCOM APE

Use the following default username and password to log in to the RUGGEDCOM APE:
NOTICE
Security hazard – risk of unauthorized access
To prevent unauthorized access to the device, make sure to change the default
password before commissioning the device.
Software Platform Default Username Default Password

Windows® 10 Enterprise 2019 There is no default username or password for Windows®10
LTSC Enterprise 2019 LTSC installations. The username and password is
set by the user during the first boot.
Linux root admin
2.2 Adding a User (Linux Only)

To add a new user, type:
adduser { name }
Where:
• { name } is the name of the user
NOTICE
Use strong passwords. Avoid weak passwords such as password1, 123456789,
abcdefgh, etc.
Follow the instructions provided to complete the user profile. For example:

2.3 Setting the Root and User Passwords (Linux Only)
root@wheezyape:~# adduser admin

Adding user àdmin' ...
Adding new group àdmin' (1000) ...
Adding new user àdmin' (1000) with group àdmin' ...
Creating home directory `/home/admin' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for admin
Enter the new value, or press ENTER for the default
Full Name []: Administrator
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
root@wheezyape:~#
2.3 Setting the Root and User Passwords (Linux Only)

For security reasons, the default root Linux password should be changed before the
module is deployed.
NOTICE
abcdefgh, etc.
Changing the Root Password

To change the default root password for Linux, do the following:
1. Login or gain root access.
2. Type passwd and follow the on screen instructions.
Changing User Passwords

To change the password for a user profile, type:
passwd { user }
Where:
• { user } is the user name (e.g. root, admin, operator, guest, etc.)
2.4 Setting the BIOS Password

A password for the RUGGEDCOM APE BIOS is not set by default.

2.5 Disabling Alternative Boot Options
To set the BIOS password, do the following:
NOTICE
If the BIOS password is lost, the module must be returned to Siemens for service. For
more information, contact Siemens Customer Support.
This service is not supported by warranty.
1. Make sure a recent backup image is available before setting the BIOS password.
2. Power on the RUGGEDCOM APE.
3. Press ESC to access the BIOS.
4. Select Setup Utility and then Security.
NOTICE
abcdefgh, etc.
Note
Supervisor-level users are granted full control of all RUGGEDCOM APE settings.
5. Enable Power On Password.

6. Set the supervisor and power on password.
7. Press F10 to save and reboot.
2.5 Disabling Alternative Boot Options

To prevent users with physical access to the module from logging in to the device
and bypassing the bootloader password, it is recommended that alternative,
unauthorized boot options be disabled before the module is deployed.
To disable alternative boot options, do the following:
1. Power on the RUGGEDCOM APE.
2. Press ESC to access the BIOS.
3. Enter the supervisor or user password, if enabled, to access the BIOS.
4. Select Setup Utility and then Boot.
5. For each boot option to disable, highlight the option and press ENTER and select
Disable.
6. Press F10 to save and reboot.

2.6 Setting the GRUB Bootloader Password
2.6 Setting the GRUB Bootloader Password

To set the GRUB bootloader password, do the following:
NOTICE
abcdefgh, etc.

2. Create the GRUB bootloader password by typing:
grub-mkpasswd-pbkdf2
Type the new password when requested. GRUB displays a message similar to the
following:
PBKDF2 hash of your password is
grub.pbkdf2.sha512.10000.380AD91E6C36BB4018B5CABDAFF5CABC52A16B6EFF503B6B
B2E211
99C006C526AEE3A2FF8CF41F9A07AEFB1E8E2275ABB44C41B1429B9C5D509786E2B57A51DA.98
9F1E9FAC061899E1BB8CB38D2119B26E6CE79A5CBB637E5A611AE099EBBF7CD9BCF1A3EC516CE
0E4AD007B7DF8E679220BC845E07E440F134DED2537081F54
3. Copy the password (e.g. select on-screen and then press Ctrl-C).
4. Using vim or nano, open the file /etc/grub.d/40_custom.
5. In the file /etc/grub.d/40_custom, add the following line:
set superusers="root"
6. Add the following line:

password_pbkdf2 root { key }
Add the GRUB password created in step 2 (Page 16) to this line (e.g. press P
or p in vim, or Ctrl-U in nano). For example:
password_pbkdf2 root
grub.pbkdf2.sha512.10000.380AD91E6C36BB4018B5CABDAFF5CABC52A16B6EFF503B6B
B2E21199C006C526AEE3A2FF8CF
41F9A07AEFB1E8E2275ABB44C41B1429B9C5D509786E2B57A51DA.989F1E9FAC061899E1B
B8CB38D2119B26E6CE79A5CB
B637E5A611AE099EBBF7CD9BCF1A3EC516CE0E4AD007B7DF8E679220BC845E07E440F134D
ED2537081F54
7. Save and close the file.

8. Apply the GRUB bootloader password by typing:
grub-mkconfig -o /boot/grub/grub.cfg
9. Using vim or nano, open the file /boot/grub/grub.cfg and verify the username
and password defined within are correct

2.7 Setting the Hard Drive Password
2.7 Setting the Hard Drive Password

On Windows 10 Enterprise 2019 LTSC, BitLocker can be used to password-encrypt
the hard drive. There is no pre-installed applications to password-encrypt the hard
drive on Linux.
2.8 Disabling the Gigabit Ethernet Port (Linux Only)

To disable the RJ45 gigabit Ethernet port on the front face of the RUGGEDCOM APE
module, do the following:
2. Using vim or nano, open the file /etc/network/interfaces.
3. In the file, locate the following line:
auto allow hotplug eth1
iface eth1 inet dhcp
4. Change the line to the following:

#auto allow hotplug eth1
#iface eth1 inet dhcp
5. Save and close the file.

6. Restart the module or restart the networking service by typing:
/etc/init.d/networking restart
2.9 Configuring the APE1808ELAN

After installing/updating the ELAN image on an APE1808, the IEC 61850 remote
capabilities must be configured. This is required so the binary can be run by the ELAN
TIE (Telemetry Integrated Environment) as a non-root user.
To configure the IEC 61850 remote capabilities, do the following:
1. Log in to the CLI for the RUGGEDCOM ELAN server as the root user over SSH.
For information, refer to the "RUGGEDCOM ELAN Configuration Manual".
2. Enter the following command to configure the remote capabilities:
/sbin/setcap cap_net_admin,cap_net_raw=ep /usr/bin/
iec61850_rem
3. [Optional] Enter the following command to confirm the remote capabilities are
configured:
/sbin/getcap /usr/bin/iec61850_rem
The remote capabilities are configured when the following is returned:

2.10 Troubleshooting the RUGGEDCOM APE
/usr/bin/iec61850_rem = cap_net_admin,cap_net_raw+ep

The following describes potential solutions for common problems.
Lost IP Address
The simplest resolution to this problem occurs when the RUGGEDCOM APE is easily
reached and a monitor is attached. The RUGGEDCOM APE can be queried for the IP
address and the configuration of the RUGGEDCOM APE or command module may be
changed to allow networking.
If the RX15xx device is remotely situated, it may be possible to use the TCPDUMP
command to trace IP traffic from the RUGGEDCOM APE. If the RUGGEDCOM APE is
networked successfully then one of the captured packets will almost certainly reveal
the source IP address. A badly networked RUGGEDCOM APE, attached to an incorrect
subnet, may still reveal an IP address.
RUGGEDCOM APE Does Not Boot

If the RUGGEDCOM APE LEDs remain dark after an RX15xx device reboot, the
most likely cause of failure is a module-type mismatch. This occurs when a slot's
configured module-type does not exactly match that of the RUGGEDCOM APE
in that slot. To correct this problem, log in to the RX15xx device and change the
module-type for the slot to none. After rebooting the device, the module-type will be
determined automatically from the RUGGEDCOM APE module.
Note
Line modules have the capability of being disabled. When disabled, a line module
does not consume power. If your RUGGEDCOM APE does not boot, ensure that it is
not disabled. If you are installing a RUGGEDCOM APE to act as a spare, you may wish
to disable the RUGGEDCOM APE to reduce power.
If the module-type is correct, the next most likely cause of failure is the module has
been disabled. Enabling the module in the chassis should allow it to boot.
If the module is correctly enabled, the next most likely cause of failure is a power
problem. The possibility of a power problem may be eliminated by making sure the
power supplied to the RUGGEDCOM APE is sufficient. For information about power
requirements, refer to the "Installation Manual" for your RUGGEDCOM RX15xx device.
If power is sufficient the syslog file should be examined for irregularities during the
boot. The last boot may have occurred some time in the past and may no longer be
recorded in the syslog. If this is the case, the module can be rebooted by disabling
it and re-enabling it. The syslog will then contain enties reflecting the RUGGEDCOM
APE boot.

If the syslog contains no messages reflecting an improper boot of the RUGGEDCOM

APE, return the RUGGEDCOM APE to Siemens.
The RUGGEDCOM APE should be returned to Siemens if its power LEDs remain dark
and all above debugging steps have been performed.
If the power LED lights up but the RUGGEDCOM APE does not boot, a monitor must
be attached to further diagnose the problems.
Problems with USB Ports

If problems occur when accessing devices (e.g. keyboard, storage media, etc.) via
USB, the most likely cause is the power consumed by all the devices on the USB
exceeds the maximum power capability of the RUGGEDCOM APE. This may be tested
by employing a powered USB hub. For information about the maximum power
available through the USB ports on the RUGGEDCOM APE module, refer to the
"Installation Manual" for your RUGGEDCOM RX15xx device.


Frequently Asked Questions
3
General
Q: How do I power a USB DVD-ROM drive or USB hard disk using the
RUGGEDCOM APE USB port?
A: The RUGGEDCOM APE USB port is limited in the amount of power it can
provide. Use a powered hub to employ devices such as these.
Q: How can I re-install the software platform on the RUGGEDCOM APE?

A: There are two possible options:
• Return the RUGGEDCOM APE module to Siemens and request a re-install.
This service is not covered by warranty.
• Restore the backup image that was made before commissioning the
RUGGEDCOM APE module.
Linux
Q: How do I recover an image of the original factory settings?

A: Siemens strongly recommends creating a backup image of the RUGGEDCOM
APE before it is configured. If this image is available, it can be easily restored.
If an original backup image is not available, contact Siemens Customer Support
for assistance. In most cases, the RUGGEDCOM APE module must be returned
to the factory to be re-imaged. This service is not covered by warranty.
Q: Does the RUGGEDCOM APE support a Real Time Operating System (RTOS)?
A: The software distributed by Siemens does not include an RTOS component.
However, this software could be installed.
Q: Does the RUGGEDCOM APE have a serial port?

A: The RUGGEDCOM APE does not have serial ports.

Frequently Asked Questions

For more information
Siemens RUGGEDCOM
https://www.siemens.com/ruggedcom
Industry Online Support (service and support)

https://support.industry.siemens.com
Industry Mall
https://mall.industry.siemens.com
Siemens Canada Ltd.

Digital Industries
Process Automation
Concord, Ontario, L4K 4E5
Canada
© 2023 Siemens Canada Ltd.

Subject to change

C79000-G8976-1415 APE APE1808 ConfigurationManual

Uploaded by

Copyright:

Available Formats

C79000-G8976-1415 APE APE1808 ConfigurationManual

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

C79000-G8976-1415 APE APE1808 ConfigurationManual

Uploaded by

Copyright:

Available Formats

Edition 04/2023

RUGGEDCOM APE (Application Processing Engine)

For APE1808LNX, APE1808W10, APE1808CKP, APE1808ADM, APE1808SAM-L,

For APE1808LNX, APE1808W10, APE1808CKP,

Digital Industries C79000-G8976-1415-05 Copyright © Siemens 2023

RUGGEDCOM APE (Application Processing Engine)

iv RUGGEDCOM APE (Application Processing Engine)

RUGGEDCOM APE (Application Processing Engine)

SIMATIC NET Glossary

vi RUGGEDCOM APE (Application Processing Engine)

RUGGEDCOM APE (Application Processing Engine)

viii RUGGEDCOM APE (Application Processing Engine)

1.1 Operating System

RUGGEDCOM APE (Application Processing Engine)

Upgrading or Changing the Operating System

Linux and SD Card Support

2 RUGGEDCOM APE (Application Processing Engine)

1.2 Requirements and Restrictions

Module Power Consumption

RUGGEDCOM APE (Application Processing Engine)

Module Type Power Consumption

Power Budget Considerations

• USB Storage Devices

1.3 Security Recommendations

4 RUGGEDCOM APE (Application Processing Engine)

RUGGEDCOM APE (Application Processing Engine)

1.4 Operating Temperature Range and Behavior

1.5 Rebooting/Powering Down the RUGGEDCOM APE Module

Powering Down the RUGGEDCOM APE

Rebooting the RUGGEDCOM APE

1.6 Internal Network Interface

6 RUGGEDCOM APE (Application Processing Engine)

1 Switch Fabric Data Plane

1.7 Default IP Addresses

RUGGEDCOM APE (Application Processing Engine)

1.8 RUGGEDCOM APE Ethernet and Network Settings

1.8.1 Example: Networking in Factory Default Conditions

Figure 1.3 Example Configuration

8 RUGGEDCOM APE (Application Processing Engine)

1.8.2 Example: RX15xx Services and WAN Networking

RUGGEDCOM APE (Application Processing Engine)

Figure 1.4 Example Configuration

1.9 Decommissioning the Module

To decommission a RUGGEDCOM APE module, do the following:

10 RUGGEDCOM APE (Application Processing Engine)

RUGGEDCOM APE (Application Processing Engine)

12 RUGGEDCOM APE (Application Processing Engine)

2.1 Logging in to RUGGEDCOM APE

Software Platform Default Username Default Password

2.2 Adding a User (Linux Only)

RUGGEDCOM APE (Application Processing Engine)

root@wheezyape:~# adduser admin

2.3 Setting the Root and User Passwords (Linux Only)

Changing the Root Password

Changing User Passwords

2.4 Setting the BIOS Password

14 RUGGEDCOM APE (Application Processing Engine)

To set the BIOS password, do the following:

5. Enable Power On Password.

2.5 Disabling Alternative Boot Options