2 Safety
SMA Solar Technology AG
Operating manualHM-20-BE-en-1912
NOTICE
Manipulation of system data in networks
You can connect the supported SMA products to the Internet. When connected to the Internet, there is a risk that
unauthorized users can access and manipulate the data of your system.
• Set up a firewall.
• Close unnecessary network ports.
• If absolutely necessary, only enable remote access via a virtual private network (VPN).
• Do not use the port forwarding feature. This also applies to the used Modbus ports.
• Disconnect system components from other network components (network segmentation).
• Even if the product is used as energy and grid-supply meter, the system setup assistant in SunnyPortal must be
used and an administrator account created.
DHCP Server is recommended.
The DCHP server automatically assigns the appropriate network settings to your nodes in the local network. A
manual network configuration is therefore not necessary. In a local network, the Internet router is usually the
DHCP server. If the IP addresses in the local network are to be assigned dynamically, DHCP must be activated in
the Internet router (see the Internet router manual). In order to receive the same IP address by the internet router
after a restart, set the MAC address binding.
In networks where no DHCP server is active, proper IP addresses must be assigned from the free address pool of
the network segment to all network participants to be integrated during commissioning.
2.3 Cyber Security
Most operating activities such as monitoring and control of systems can be done locally by the PV system operator or
service personnel without the need for data communication via public Internet infrastructure.
In other use cases of systems, the PV systems are also part of the global communication system, which is based on
Internet infrastructures.
The data communication via Internet is an up-to-date, economically viable and customer-friendly approach in order to
enable easy access for the following modern applications such as:
• Cloud platforms (e.g. SunnyPortal)
• Smartphones or other mobile devices (iOS or Android apps)
• SCADA systems, which are remotely connected
• Utility interfaces for grid management services
Alternatively, selected and secured communication interfaces may be used. These solutions are no longer state of the
art and are very expensive to use (special communication interfaces, separate wide area networks and more).
When using the Internet infrastructure, the systems connected to the Internet are entering a basically unsecure area.
Potential attackers constantly seek vulnerable systems. Usually, they are criminally motivated, have a terrorist
background or aim to disrupt business operations. Without taking any measures to protect systems and other systems
from such misuse, a data communication system should not be connected to the Internet.
Communication between the SMA internet platform SunnyPortal and the SunnyHomeManager takes place via the
Webconnect process as well as the HTTPS protocol, i.e. an authenticated and encrypted connection and thus allows
safe online communication.
You can find the current recommendations by SMA Solar Technology AG on the topic of Cyber Security in the
Technical Information "PUBLIC CYBER SECURITY - Guidelines for a Secure PV System Communication" at www.SMA-
Solar.com.
To Next Page
Loading...
Need help?
General
