Cybersecurity IT Guide

Area View settings

User 1. Click Start on the taskbar.
access to
application 2. Select AVEVA > Configurator. The Configurator opens.
resources 3. Select Power Operation > Security Roles.
User Open the configuration file configuration.xml located in C:\Program Files
account (x86)\Schneider Electric\Power
roles and Operation\v2021\Applications\AppServices\bin\. See User account
privileges roles and privileges for more information.

Default port numbers

Each server component has a unique default port assigned to it. This default port may only be used
with that type of server. However, application engineers may choose ports other than the defaults,
depending on the design of the project. Non-default ports need to also be added to the firewall
exceptions.

Which ports are required for a specific installation depends on the Power Monitoring Expert system
configuration and the monitoring devices used.

If Power Operation alarm, trend, report and I/O servers are created using non-default ports, create
those ports exceptions.

Default
Service Description
port
Alarm Server (Citect) 5482 Database port for alarms.
Synchronization between redundant Citect alarm server
Alarm Server (Citect) 2080
components.
Application Server 23103 Web services used by Basic Reports and Live View.
Client (Citect) 2074 Cicode (custom script) debugging.
Client access and/or 5500- Ports used for thick control client and ActiveX web client to
ActiveX web client 5509 communicate to server.
Used by Power Operation components to interact with
CTAPI (Citect) 2073
Citect server processes.
Database 5432 Used to connect to PostreSQL Database Engine.
Synchronization between redundant Power Operation
Event Notification 23104
notification servers.
Page downloads for IDC, Internet Display Server/Client
FTP, IDC 21
communications.
I/O Server (Citect) 2082 Publish and subscribe I/O server communications.
ODBC 20222 Open Database Connnectivity server.
OPC UA 48031 OPC Unified Architecture communication
Report Server (Citect) 2084 Report server communications.

Page 35 of 85 7EN02-0465-00
IT Guide Cybersecurity

Default
Service Description
port
Services for communications with the Service Layer
Platform Server 23201
Platform Server.
Synchronization between redundant Citect trend server
Trends Server (Citect) 2085
communications.
Web HMI application. Access to page and document
Web Server 443
content, diagrams, and all system data.
Services for communications with the Service Layer Pso
Service Layer 23200
Web Service.

Default port numbers and associated server types

HTML5 Web Client

Thick Client

7EN02-0465-00 Page 36 of 85
Cybersecurity IT Guide

For information about the ports for Advanced Reporting and Dashboards, see Ports in the Power
Monitoring Expert – IT Guide.

Windows Active Directory

It is recommend to use Windows Active Directory exclusively for user account management and
access to network resources. Power SCADA Anywhere users should only be managed using
Windows Active Directory.

Power Operation supports Windows Active Directory integration, including enforcement of minimal
password complexity, password expiration, role based access control and other password
management strategies.

For cybersecurity purposes, we recommend that you use Windows Active Directory with a strong
password policy.

If you don't use Windows Active Directory:

• Unintentional access could occur, for example assumed inactive accounts could actually be
active.

• The ability to configure some settings may not be available, for example automated password
complexity and expiry.

There are eight levels of user privileges (HMI user partitioning) and HMI user event monitoring
(login/logout, shut down, control).

Power Operation components including Servers, Client Access, and View-only Clients support both
user management using Windows Active Directory groups and local users.

NOTE: Power SCADA Anywhere must be installed on a machine that is part of a Windows
domain.

Page 37 of 85 7EN02-0465-00