Device Characteristics
Overview
The EcoStruxure™ Flex-Server has security-enabling features. These features come in a preset state, and you can modify them to meet your installation needs. Qualified personnel must configure and set the EcoStruxure™ Flex-Server because disabling or changing settings affects the overall security robustness of the EcoStruxure™ Flex-Server and your network security.
To set up the EcoStruxure™ Flex-Server features and settings, use this guide along with the EcoStruxure Building Activate - User Guide.
EcoStruxure™ Flex-Server Interfaces
The EcoStruxure™ Flex-Server communicates through the following interface types:
-
Wired communication through:
-
One Ethernet port
-
One RS-485 port
-
Two USB Ports
-
-
Radio communication through:
-
Wi-Fi infrastructure
-
LoRaWAN Modem
-
Cellular/LTE Modem
-
Supported Protocols
The EcoStruxure™ Flex-Server supports the following protocols:
-
HTTPS and MQTTS (TLS v1.2)
-
CoAP over DTLS
-
BACnet MSTP and BACnet IP for communications with other Operational Technology (OT) devices
-
SNMP for communications with other Operational Technology (OT) devices
-
Modbus TCP and Modbus-RTU for communications with other Operational Technology (OT) devices
-
LoRaWAN for wireless communications with IoT devices
-
OpenVPN client for remote access (open to Schneider Electric)
-
DHCP for network IP addressing
-
DNS for network name resolution
-
NTP for time synchronization
-
WPA2 and WPA for Wi-Fi communication
Security Features
EcoStruxure™ Flex-Server supports the following security features:
-
Schneider Electric digitally signs the only firmware that can be installed on the EcoStruxure™ Flex-Server.
-
At each boot, the system validates the firmware digital signature before execution, to help ensure that it has not been tampered.
-
User passwords are stored as salted and hashed (SHA256) passwords.
-
The device has an internal clock and maintains its date and time for a few months without power.