Westermo is happy to announce the release of WeOS 4.21.0. The new version contains new features that add on to the already extensive set of features in WeOS as well as support for new hardware products. New hardware products are announced separately. As a part of the continuous quality improvement process Westermo has identified and corrected a number of issues.
WeOS has in version 4.21.0 been extended with the following new features. See the Release Notes (available at the download page) for detailed information about corrected errors.
- Centralised user authentication with TACACS+ server – can be used for login and SSL-VPN
- Chained authentication – allows more flexibility when using a combination of centralised and local authentication
- Unique web server certificate – every switch automatically generates a unique web server certificate (used for https) at start-up
How to get the new version
WeOS units manufactured after the release of WeOS 4.21.0 will have the latest version installed.
The new version of the WeOS firmware is also available for download from the Westermo website. Version 4.21.0 is verified to support all active WeOS products, i.e. products presented on the website at the time of release.
Read more about WeOS and download the new version here
Westermo is happy to announce the release of WeOS 4.20.0. On top of improved VPN functionality, WeOS now supports "horseshoe" network topology. This can be very useful in applications that cover large geographical areas such as networks running along the trackside, wind mill farms or wastewater systems. These are examples where there can be a problem to find a return path to close the network sub ring in order to create a reliable and robust network solution. Read more about how this can be solved using WeOS devices.
Broadband Ethernet solution enables significant cost savings in carriage refurbishment projects by reusing existing coupler cabling.
Westermo has launched an Ethernet broadband bridge designed especially for the rail vehicle market. The DDW-002-B1, part of the Wolverine series of industrial Ethernet extenders, can be used to interconnect Ethernet networks within rail cars using the existing cables in the train coupling. This provides considerable savings for refurbishment, negating the need to rebuild or replace the train coupler.
The DDW-002-B1 uses power-line communication technology according to IEEE 1901 and is able to support data communication networks by propagating high bandwidth Ethernet traffic over almost any 2-wire cable. This communication technology is well proven, highly robust and able to negate problems with degraded legacy cabling, such as oxidized connectors.The unit requires no configuration, and plug-and-play simplicity allows rapid installation and commissioning, providing a cost-effective and more robust solution compared to wireless technologies.
The unit has been designed to meet the full requirements of the rail vehicle market and has been tested and certified to meet and exceed EN 50155. It is also approved for track side deployment according to EN 50121-4.
The DDW-002-B1 also has potential for use in a variety of non-rail applications, e.g. involving communication over slip rings. Its compact and robust construction makes it well suited for deployment in areas with severe operating conditions and extreme environments.
By using the highest quality components the DDW-002-B1 delivers extended Mean Time Between Failure (MTBF) figures. Features like a GORE-TEX® membrane in the IP67 enclosure prevent water build-up, and the vibration-safe integrated connector threading, further contribute to high MTBF and long service life.
This product complements Westermo’s comprehensive range of Ethernet backbone and consist network switches already in wide use throughout the rail industry.
PRODUCT PAGE: DDW-002-B1
New range of Ethernet switches manage increasing demand for high-speed communication networks on-board rail vehicles
To meet the growing need for more capacity in train communications networks, Westermo has introduced a new generation of Ethernet train switches that provide highly robust networks to support many end devices and high data rates. Specifically designed for train applications, the wide range of interoperable Viper switches delivers reliable and versatile solutions for train networks, enabling optimal configuration for every need.
Based on the previous well proven and highly popular train switches from Westermo, the new models provide a range of 12 and 20 ports standard Ethernet, Gigabit Ethernet and PoE (Power over Ethernet) variants as well as additional routing functionality to enable the connection of subnets and improved overall network performance.
The Viper is available with up to 5 gigabit ports to meet the need for connectivity of gigabit end devices, such as WLAN access points and network video recorders. Simultaneously, lightning fast failover on gigabit ring ports can be achieved.
The Viper offers eight PoE ports that support the IEEE 802.3af/at plug-and-play PoE communications standard. PoE enables both power and data to be transmitted on a single multi-core cable, especially useful for camera applications, reducing overall wiring and enabling faster installation. The Viper with PoE is available in variants for low or high voltage power supply range allowing installation in any rail vehicle regardless of power standard. The Viper can also provide gigabit speed over the PoE ports, making the switch ideal e.g. for WLAN access points.
Specifically designed to provide highly robust networks and long term field operation, the Viper range has been tested and approved to exceed the EN 50155 on-board railway standard for electronic equipment, as well as an extended range of approvals with NFPA 130 (NA fire & smoke) and shunting radio EMC requirements from European rail authorities.
The Viper has been designed to be very compact and ultra-thin, enabling installation within the confined spaces of railcar panels. The M12 connectors are integrated into the housing to reduce size and further protect against vibration. With an ultra-robust design, sealed to IP67 and vibration resistant to military standards, these units are ideal for situations where mechanical stress, moisture, condensation; dirt or continuous vibrations could adversely affect the function of standard Ethernet switches. A GORE-TEX(R) membrane is used to prevent condensation build up by normal climatic day/night cycling.
As well as high levels of reliability, the switches offer unique functionality that simplifies the creation, installation and maintenance of networks. The Viper switches’ WeOS operating system provides an extensive suite of IP networking features and protocols allowing resilient and flexible networks to be created.
WeOS is also able to balance data traffic on the network to maintain maximum throughput and stability. The introduction of increased traffic from new cameras or video streams will therefore not affect the stability of the network. In the event of any link or hardware failure Westermo’s unique FRNT technology is able to re-configure a large network in 20ms.
For easy configuration, the Ethernet switches can be safely accessed from anywhere in the network using the WeConfig network configuration tool, or directly via a console port on switch.
The use of IP technology has become the standard, over the last few years, for creating the data communication backbone used by the Train Control Management Systems (TCMS), Passenger Information Systems (PIS) and Infotainment on trains. Robust Ethernet switches featuring a range of IP networking protocols are being used to build these networks which now are absolutely critical to the operation of the train.
As more and more different types of equipment are connected to these networks the need for more ports and capacity is created. More equipment also means that more cables need to be installed both power and data. PoE (Power over Ethernet) technology is the ideal solution to this issue where end devices can be powered through the network cable resulting in significant cost and space savings.
Westermo can provide an extensive range of network devices that can be used to create reliable solutions for many different applications such as WLAN access points, observation and surveillance cameras, multimedia displays, network video recorders, online timetable information, diagnostic data and much more. The very compact Viper series of Ethernet train switches provides up to 20 ports with or without PoE and up to 5 gigabit ports. The versatility of the Viper series and the ability to process high amounts of data traffic solves the growing need for network capacity.
Westermo has also developed solutions to challenges that are specific to the train market. Train inauguration is a process where the network can automatically reconfigure as carriages are joined or rearranged. The TTDP (Train Topology Discovery Protocol) in the RedFox Rail backbone router allows this reconfiguration meaning that networking skills do not have to be taught the operations staff of the train operating company.
In some applications it is not possible to use network cables, for example to get information off the moving train to the ground, connecting carriages where a specialized train coupler is not available for network cables or to provide internet access for personnel and passengers. Westermo can provide a range of wireless products that can meet these needs.
Westermo switches and routers are powered by WeOS (Westermo Operating System) which provides an extensive suite of IP networking standards allowing reliable and secure networks to be created. With Ethernet connections being used for many train subsystems from the actual TCMS to PIS and Infotainment systems, there are risks that data congestion could occur if mistakes are made in connection or configuration. WeOS provides fast reconfiguration in the event of network failure and firewall functionality that can be used to block all but the required data from certain sections of the network. VLANs (Virtual Local Area Networks) can also be used to segregate networks, and prioritisation of data can guarantee delivery of critical packets on time.
Come and see - the Next Generation Network Solutions for the Rail industry
Westermo would like to invite you to visit us at the upcoming InnoTrans exhibition in Berlin from 20th-23rd September 2016. We will be located in Hall 4.1 booth 321 where you will be able to meet us and see the next generation network solutions for the rail industry.
Westermo provides a full range of data communications solutions for both trains and at the trackside. Great knowledge and understanding of this marketplace drives our product designs to be true to specification and capable of operating reliably over a long service life within rail environments. To ensure the highest quality, all Westermo products are manufactured in our own state of the art industrial electronics manufacturing facility in Sweden.
We feel that the best way for you to understand the quality and robustness of our solutions is for you to see and touch the actual products. As well as this you will get a chance to meet some of our communications experts who have been involved in data communications solutions for the rail industry going back over many years.
InnoTrans, Berlin, Sept 20-23, Booth 321, Hall 4.1
Reliable, ease to use industrial Ethernet devices suitable for heavy industrial, maritime and trackside applications
Westermo has launched three new Ethernet devices that support the growing need for higher bandwidth networks with industrial applications. Two new Gigabit switches and a media convertor offer outstanding reliability, robustness and ease of installation, making them suitable for heavy industrial, maritime and rail trackside data communication networks.
The MCW-211-F1G-T1G is an unmanaged industrial Ethernet media convertor with one SFP fibre port and one copper port that enables the connection of legacy serial devices to new Gigabit Ethernet networks. The SDW-541-F1G-T4G and SDW-550-T5G are unmanaged Ethernet switches that offer a choice of five copper or one fibre and four copper ports. The units support 100 Mbit/s or Gbit Ethernet, with the SDW-550-T5G also supporting 10 Mbit/s communications. Using Westermo’s range of pluggable 100Mbit or Gbit SFP transceivers, different types of fibre can be easily converted and distances of up to 120km can be achieved.
The three devices are designed for demanding applications that require high levels of reliability. All three units feature tri-galvanic isolation, a unique solution that provides isolation between the ports, the shield connection and the power supply. This helps to avoid ground loop currents and increases reliability. By using only industrial grade components the units are robust and provide a long service life. The SDW-541-F1G-T4G has a mean-time-between-failure of over 1.1 million hours.
“There is a growing desire for higher bandwidth industrial networks that are extremely reliable,” said Bo Jansson, Westermo product manager. “To support this Westermo has launched three Gigabit devices that are designed to be extremely reliable and offer extended service life, even when operating in the toughest environments. The products are also very simple to commission and operate.”
To simplify installation the devices are compatible with all standard industrial Ethernet protocols. For legacy Ethernet equipment unable to support auto-negotiation, a DIP switch can lock data rate and flow control. Network diagnostics is simplified using the port mirroring functionality of the switches. This allows data flow through the switch to be monitored using a network analyser, enabling engineers to use it for fault diagnosis.
The units all meet the highest EMC, isolation, vibration and shock standards, and are certified for rail trackside and maritime applications. Their IP21 rating ensures that the units can be installed in locations where condensed water may occur. A power input range of between 10 and 57 VDC and an extended operating temperature range of -40 to +74 C enable the units to support a broad range of applications, even in extreme environments.
Latest version of WeConfig provides enhanced cyber security functionality; enables quick and reliable network configuration, commissioning and maintenance
Westermo has released the latest version of its WeConfig network configuration management tool, which allows users to save significant time and costs when configuring large and complex industrial data communication networks. WeConfig 1.4 not only enables the configuration of these networks to be implemented quickly and reliably, it also features enhanced functionality to bolster cyber security.Read more
WeConfig simplifies the initial installation and configuration of single or multiple Westermo devices, plus ongoing maintenance through the life of the network, improving network management efficiency. Once devices are configured and the network commissioned, a back-up of all the device configuration files can be easily made and stored. In the event that a switch or router needs to be replaced in service, the saved configuration can be easily downloaded to the new unit, resulting in a faster network repair, helping to save time for maintenance engineers.
The new version of WeConfig enables users to configure and maintain cyber security features on devices delivered by the Westermo Operating System (WeOS). Powerful spoofing protection features such as MAC address filters and the configuration of IEEE802.1x port access authentication can be easily deployed and maintained. This helps to prevent unauthorised access to the network. It is also possible to scan and then harden the security features of switches with factory default passwords or which use unsecure protocols. It is possible for the default password of all switches across a network to be changed simultaneously and also for unused ports to be disabled, further securing the network from unauthorised intrusion.
“WeConfig 1.4 is available to users of WeOS devices and is a really powerful tool supporting more efficient network configuration and increased cyber security functionality,” said Bo Jansson, Westermo Product Manager. “Critically it makes industrial cyber security easier, helping to provide peace of mind for our customers, but it also delivers huge savings in terms of network configuration, commissioning and maintenance time.”
For increased network security WeConfig has a configuration baseline feature which creates alerts in an alarm window if changes have been made to network settings. When firmware upgrades are made available to address potential device security vulnerabilities, WeConfig 1.4 makes it easy to manage a system-wide implementation.
WeConfig also features comprehensive diagnostics to aid troubleshooting should network problems arise. Network failures can be visualised and diagnostic information displayed at the click of a button to enable rapid and effective maintenance.
Go to WeConfig download page
Security Advisory: WEOS-15-06 Default factory web interface certificate
WeOS products running WeOS versions 4.2.0 and newer share a common self-signed certificate and private key from factory. An attacker can extract the private key from our WeOS firmware and masquerade as a WeOS device. If successful, the attacker may be able to obtain credentials from an end-user that enter their credentials in the belief it is a valid WeOS device they are accessing. To be successful, the attacker must be able to access and inject themselves in the the network path between the end-user and the legitimate WeOS device.
Westermo provides self-signed certificates from factory to minimize the risk of compromise in the time between shipping and commissioning, but we strongly recommend our WeOS users to replace the default certificate and private key with ones they trust, typically coming from their own corporate certificate authority. The ability to replace the web interface certificate and private key exists as a tech preview (undocumented and with limited user interface support) since WeOS version 4.15.2.
WeOS users that utilize the web interface for management of the device should ensure that:
- they've upgraded to the latest version of WeOS, which is 4.18.0
at the time of writing, and
- they've replaced the default password with a strong unique one
in compliance with corporate security policy, and
- Insecure management services like ipconfig, telnet and http are
disabled for all interfaces, and
- https, ssh and snmp services are only exposed to the most
secure interfaces (typically those facing higher security zones), and
- the default web interface certificate is replaced following the procedure
described in the security advisory linked below
Robust, reliable and easy to set up Wolverine devices deliver secure, resilient networking for mission-critical operation in extreme environments
Westermo has released two additions to its range of Wolverine advanced industrial Ethernet line extenders. These rugged, reliable and compact devices are used to establish long-distance, high-speed remote connections between simple or complex Ethernet networks using existing copper cables, thereby reducing installation time and cost. The DDW-242 and DDW-242-485 include a range of features that deliver secure and resilient networking, even in extreme industrial environments, which makes them suitable for mission-critical applications.
The line extenders enable Ethernet networks to be connected over distances of up to 15km, at data rates up to 15.3 Mbit/s on a single twisted pair cable. Using two pairs bonded, the rate can be doubled to support applications requiring larger bandwidths. An integral switch allows two Ethernet devices to be attached, and a choice of either 232 or 485 serial port enables legacy equipment to be incorporated into the IP network.
To help improve cyber security the DDW-242 and DDW-242-485 include full layer 3 functionality and unique IP security provided by the Westermo WeOS operating system. The devices include a built-in port-based firewall securing data between trusted and un-trusted networks; NAT rules - a way to make systems that are configured with private IP addresses appear to have public IP addresses; and VPN tunnels for encrypting data on the ‘last mile’ section of the network, which is particularly susceptible to security risk.
The WeOS operating system also provides advanced switching and routing functionality that enables the management of complex industrial networks. With no software configuration needed for basic installation the DDW-242 and DDW-242-485 are extremely easy to set up. A web interface and command line interface support configuration of large and complex networks. Should maintenance be required, a back-up and restore facility enables configurations to be quickly downloaded from a USB stick.
To enable installation in harsh industrial environments and rail trackside applications the devices offer a wide operating temperature range of -40 to +70 degrees C, and have been tested to meet electromagnetic compatibility (EMC), isolation, vibration and shock standards.
In the event of link or hardware failure, Westermo’s unique FRNT (Fast Recovery of Network Topology) technology enables network reconfiguration, whilst an extensive diagnostics function allows the quality of the line and the connection status to be analysed.
Ethernet Extender with RS-232 serial support
DDW-242 product page
Ethernet Extender with RS-485 serial support
DDW-242-485 product page
- June 2017
- March 2017
- February 2017
- November 2016
- October 2016
- September 2016
- July 2016
- June 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- June 2013
- May 2013
- April 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- December 2011