Network monitoring

QUICK START GUIDE

SINEC NMS V2.0

Up and scanning in
less than 15 minutes
Preparation Download & First-time Adapt Connect the Network Use cases &
installation logon profile operation configuration features

Table of Contents
1. Preparation 3

2. Download & installation 4

3. First-time logon / set new password for local user 5

4. Adapt operation parameter profile 6

5. Connect the operation to the control system 7

6. Network scan, device list, topology, & credentials

n Scan the network & check the scan results, – asset list 8

n Check the scan results – network topology 9

n Check the scan results – event list 10

n Check the scan results – device credentials 10

7. Use cases & features with SINEC NMS 11

Contact 12
 Preparation Download & First-time Adapt Connect the Network Use cases &
installation logon profile operation configuration features

CHAPTER 1

Preparation

Checklist before SINEC NMS installation „ Is the installation file version the latest one?

Hardware- and software requirements checked „ Is the installation file copied directly to the PC
(see manual chapter 1.9)? (e.g., Download folder)?

„ Security recommendations checked (see manual chapter A.1)? „ Do you have a valid licence and licence key ?

„ Current user is a local Windows admin and not an

Active Directory user?

„ Does PC name not contain spaces or special characters?

„ At least one network card (NIC) has an active link?

„ PC time settings correct?

‒ For multi-node: Do both machines have the same

time source (e.g., NTP-Server) and time zone?
 Preparation Download & First-time Adapt Connect the Network Use cases &
installation
Installation logon profile operation configuration features

CHAPTER 2

Download & Installation

Download
Download the latest SINEC NMS version from the
Siemens Industry Online Support Portal:
https://support.industry.siemens.com/cs/ww/en/ps/25518/dl

Alternatively, you can purchase SINEC NMS with

Online Software Delivery (OSD). Network monitoring
 Preparation Download & First-time Adapt Connect the Network Use cases &
installation
Installation logon profile operation configuration features

CHAPTER 2

Download & Installation

Installation
Installation as a Single Node system: The Control and Operation
is installed on the same PC.

1. Launch the downloaded file “SINECNMS_V2.0.exe” with 3. Click “Next” and choose either to create a new UMC domain
administrator privileges, extract it, start the installation or to use an existing UMC domain. Define a name and
wizard, and define the installation language. password for the UMC administrator to be added to this
domain. To complete the configuration of UMC, click “Next. “
2. Select which components of SINEC NMS should be
installed. In this example: 4. Select the desired trap service (recommended: SINEC NMS
trap service because it can handle SNMPv3 traps.)
„ Single-node: Control and Operation
5. Follow the instructions of the installation wizard and
„ User-management component (UMC): Install UMC
restart the PC after the installation is complete.
locally Needed for central user-management, ­
Web-Single Sign On, and Active Directory Integration

„ Win10 Pcap
 Preparation Download & First time
First-time Adapt Connect the Network Use cases &
installation logon profile operation configuration features

CHAPTER 3

First-Time Log-On –
set new password for local user

Sign into the Web interface

1. SINEC NMS starts automatically with Windows Log on
with your Web browser to the SINEC NMS Webserver using
either the Desktop shortcuts or these URLs:
SINEC NMS log-on options
n SINEC NMS Control:
https://<IP-address / hostname SINEC-NMS-Control>:443 A) Login as a local user:

n SINEC NMS Operation: „ During first log-on, a password

https://<IP-address / hostname SINEC-NMS-Opera- must be set for the default user
tion>:8443 “superadmin”

2. The very first log-on can only be done by the default B) Login as a UMC user:
local user “superadmin”: „ UMC user that was created auto-
n Enter a new, secure password for the “superadmin” matically during the installation

n Log on as a “superadmin” user and use the previously

set secure password
n Now, you can log on as the UMC user that was created
during the installation
 Preparation Download & First-time Adapt Connect the Network Use cases &
installation logon profile operation configuration features

CHAPTER 4

Adapt the Operation

Parameter Profile for Scanning

Now, adjust the most important parameters 3. What type of devices are you expecting? Are you
of the default parameter profile “Starter Set” expecting “old” firmware versions?

1. What are the initial device credentials for the „ For “older” devices such as SCALANCE X200/X300 or
network devices? RUGGEDCOM ROS devices or “old” firmware versions:
– Parameter group: Monitoring settings Permit device
„ Parameter group: Initial device credentials (SNMP,
communication with legacy ciphers
SSH/NETCONF, HTTPS)
„ Note: If legacy ciphers are not allowed, no policy-based
2. What are the SNMP versions and credentials
configurations are possible for the above mentioned
used for the network devices?
“older” devices
„ Parameter group: SNMP settings for discovery
– For example, add SNMPv3 profiles for discovery &
monitoring here

„ Note: SNMP discovery, based on the version, uses this

order: SNMPv3 SNMPv2c SNMPv1
 Preparation Download & First-time Adapt Connect the Network Use cases &
installation logon profile operation configuration features

CHAPTER 4

Adapt the Operation

Parameter Profile for Scanning

Good to know about the

SINEC NMS parameter
profile:
„ Configure all parameters, e.g.,
discovery settings, device
credentials …

„ For each operation, one param-

eter profile can be assigned with
a specific set of parameters.

„ By default, the “Start Set” profile

is available with all default
settings for all parameters.

Further information for parameter

profiles can be found in the manual,
chapter 6.3.
 Preparation Download & First-time Adapt Connect the Network Use cases &
installation logon profile operation configuration features

CHAPTER 5

Add the Operation

to the Control System Control

Now, add the SINEC NMS Operation

to the Control
1. Navigate to Control System Administration Operations

2. Click on the button “Add Operation” and provide these details:

„ IP address/host name of the operation

„ Certificate password Add

„ Parameter profile “Starter Set”

„ Position in folder hierarchy

„ Operation name

„ Number of devices (one device will consume one license)

„ Name of scan range + first IP address + last IP address

3. To finish, click on the button “Add.”

 Preparation Download & First-time Adapt Connect the Network Use cases &
installation logon profile operation configuration features

CHAPTER 6

Network Scan, Device List,

Topology & Credentials
Good to know about the asset list:
If an expected device ...
Scan the network ... is not discovered at all:
Wait, until the SINEC NMS operation is added to the „ Check whether it’s reachable via one of the
control system and all the parameters are synced discovery protocols, e.g., ICMP
(System Status: “OK”).
„ Check if a firewall is between the Operation
When OK, click on the action “Start network scan” and wait and device
until the network scan is finished (depends on the number
... is discovered as “DEFAULT_ICMP_Device”:
of devices in the scan range and network quality).
„ Check, if SNMP is enabled on the device or allowed
Check the scan results – asset list
through the firewall
Once the network scan is completed, you can find the
„ Check, if a suitable SNMP profile for discovery
discovered network devices in the automatically generated
is available
asset-/inventory list either in the Control system or Operation:
„ Check, that SINEC NMS is not blocked by a
Device list in the Control:
brute-force-mechanism on the device…
1. Navigate to Control Network monitoring Devices
... is discovered as “DEFAULT_SNMP_Device”:
Asset list in the Operation:
n A proper device profile was not found in the SINEC NMS
2. Navigate to Operation Network monitoring Devices database If needed, you can create your own SNMP-based
device profile (see FAQ “3rd party device integration”)
 Preparation Download & First-time Adapt Connect the Network Use cases &
installation logon profile operation configuration features

CHAPTER 6

Network Scan, Device List,

Topology & Credentials

Check the scan results – network topology Topology in Operation:

During the scan, the network topology is identified using a 1. Navigate to Operation Topology.
standardized mechanism and displayed in the SINEC NMS Using the green/gray button (orange frame) in the left
Operation: navigation bar, you can change between the:

„ Online mode (monitoring of device and connection

Good to know about network topology: status and network load), and
If a network connection is not automatically „ Offline mode (add and arrange devices, draw connec-
discovered: tions, change topology settings, add background
pictures, create a reference topology)
„ Check whether SNMP is reachable for the
device(s)

„ Check whether LLDP is enabled on the device(s)

Now, create a reference topology (green frame) in offline
„ Workaround: Draw the network connection
mode and start 24/7 monitoring by changing back to the
between the devices manually
online mode (orange frame).
The network topology can be directly integrated
into the overlaying HMI/SCADA system via URL call
 Preparation Download & First-time Adapt Connect the Network Use cases &
installation logon profile operation configuration features

CHAPTER 6

Network Scan, Device List,

Topology & Credentials

Check the scan results – event list Good to know about device credentials:
During the 24/7 monitoring, all network and system events In the device credential repository, you can:
are collected in the Operations event list:
„ Copy and paste credentials from one device to
Navigate to Operation Devices
multiple other devices
The event list can be found at the bottom of the User Interface.
„ Trust or untrust one or more devices
The event list can be hidden, filtered and additional columns
can be added via the wrench icon.

Check the scan results – device credentials

In case not all devices share the same credentials (as provided
in the “Starter Profile”), you can simply adjust them for each
device in the credential repository:

Navigate to Operation Network Administration

Credential repository
 Preparation Download & First-time Adapt Connect the Network Use-Cases
Use cases &
&
installation logon profile operation configuration features

CHAPTER 7

Further SINEC NMS

Use-Cases, & Features

Do you also have to solve 5. How can I reuse my existing users from my company’s Active
some of these challenges? Directory domain?
Use the SINEC NMS user-management component (UMC):
1. How can I diagnose and troubleshoot my network devices?
Link
Use the SINEC NMS inventory list, network topology,
and event list: Link 6. How can I integrate third-party devices into SINEC NMS?
Use the SINEC NMS device profile concept and extend
2. How can I update the firmware of my SCALANCE,
it easily: Link
RUGGEDCOM, and RFID devices?
Use SINEC NMS firmware-management: Link 7. How can I roll out Web server certificates to my SCALANCE
or RUGGEDCOM devices?
3. How can I disable unused ports or unsecure protocols of
Use the SINEC NMS certificate management feature: Link
my network devices?
Use the SINEC NMS configuration cockpit: Link 8. How can I transfer network information from SINEC NMS to
overlaying HMI/SCADA systems?
4. How can I easily and graphically configure my SCALANCE
Use the standardized SINEC NMS northbound interfaces:
SC-600, M-800 and RUGEDDCOM ROX 2 firewalls?
Link
Use SINEC NMS firewall management and create
communication relations: Link
 Preparation Download & First-time Adapt Connect the Network Use-Cases
Use cases &
&
installation logon profile operation configuration features
Features

CHAPTER 7

Further SINEC NMS

Use Cases & Features

Further SINEC NMS information such as FAQ,

downloads, manual, readme files can be found
in our Siemens Online Portal:
https://support.industry.siemens.com/cs/ww/en/ps/25518
 Preparation Download & First-time Adapt Connect the Network Use cases &
installation logon profile operation configuration features

Publisher Security information

Siemens AG
Siemens provides products and solutions with industrial security
Digital Industries functions that support the secure operation of plants, systems,
Process Automation machines and networks.
Östliche Rheinbrückenstr. 50
In order to protect plants, systems, machines and networks against cyber
76187 Karlsruhe
threats, it is necessary to implement – and continuously maintain – a
Deutschland
holistic, state-of-the-art industrial security concept. Siemens’ products and
Article No. DIPA-B10418-00-7600 solutions constitute one element of such a concept.
HL 23070983 WS 10230.0
© Siemens 2023 Customers are responsible for preventing unauthorized access to their
plants, systems, machines and networks. Such systems, machines and
components should only be connected to an enterprise network or the
Subject to changes and errors. The information given in this document
Internet if and to the extent such a connection is necessary and only when
only contains general descriptions and/or performance features which may
appropriate security measures (e.g. firewalls and/or network segmentation)
not always specifically reflect those described, or which may undergo
are in place.
modification in the course of further development of the products. The
requested performance features are binding only when they are expressly For additional information on industrial security measures that may be
agreed upon in the concluded contract. implemented, please visit
siemens.com/industrialsecurity
All product designations may be trademarks or other rights of Siemens AG,
its affiliated companies or other companies whose use by third parties for
their own purposes could violate the rights of the respective owner. Siemens’ products and solutions undergo continuous development to make
them more secure. Siemens strongly recommends that product updates are
applied as soon as they are available and that the latest product versions
are used. Use of product versions that are no longer supported, and failure
to apply the latest updates may increase customer’s exposure to cyber threats.

To stay informed about product updates, subscribe to the Siemens Industrial

Security RSS Feed under
siemens.com/industrialsecurity