Bosch Appliances D6600 Using Encryption for the First Time, Upgrading Encryption

Using Encryption for the First Time

When deciding to use encryption for the first time:

–Check the hardware versions of the NIMs that will be used in the system. If all of the hardware versions used in a system do not match the versions listed below, encryption cannot be used on that system when they all report to one D6686/D6682/D6680. Any device that is not at the required hardware version must be replaced with a current version before it supports encryption.

–The D6680 must be a COBOX-FL-01 version. This is the only hardware version that supports encryption. The COBOX-E2-01 cannot be used.

–The D9133TTL-E and C900TTL-E NIMs must be CM-E2-RAD versions. This is the only hardware that supports encryption. The CBXM-ERAD cannot be used.

–Check the firmware versions of the NIMs that will be used in the system. For NIST approved AES support, the version must be 5.16 or later. The latest version is available on the D6600CD (v1.10 or higher) and the web site. To upgrade the firmware in the CoBox, refer to the DeviceInstaller Operation and Installation Guide (P/N: 4998138688). Use the latest DeviceInstaller version to upgrade the firmware in the NIMs.

–When enabling encryption on any NIM, it communicates only with a NIM that also has encryption enabled and has the same encryption key programmed in it. This means that when you enable encryption, all devices must be programmed in order for them to communicate with the D6680/D6682. During the time that it takes to program the encryption key into the NIMs, the devices will not communicate with the D6686/D6682/ D6680.

–You can have two D6686/D6682/D6680 on one D6600, one having encryption On and the other having it Off. This would allow for field devices to communicate with the D6686/ D6682/D6680 with encryption Off and begin the programming of the field devices to send with encryption On to the second D6686/D6682/D6680. This would allow devices to be programmed for encryption without the loss of any signals or data to the D6600. This section includes information on how to use two D6686/D6682/D6680 in a system as described.

Upgrading Encryption

If encryption is currently being used at a site that was set up before to the release of D6600CD v1.10 or NIM firmware versions before to v5.16 on the TTL-E devices, there are some items to consider before using other releases.

To ensure that NIST approved encryption is being used and communication between the NIMs continues, upgrade all TTL-E NIMs to v5.16 or later, D6200 v1.10 or later, and D6202 v2.3 or later. All versions of NIMs, D6200 software, and D6202 software are shipped with the latest software and firmware installed.

You can have two D6686/D6682/D6680 modules on one D6600, one with encryption On and the other with encryption Off. This setup would allow for field devices to continue to communicate with the D6686/D6682/D6680 with encryption Off and begin the programming of the field devices to send with encryption On to the second D6686/D6682/D6680. This would allow devices to be programmed for encryption without the loss of any signals or data to the D6600. This section includes information on how to use two D6686/D6682/D6680 modules in a system as described.

Using Two D6686/D6682/D6680 Modules in a System

If you will use two D6686/D6682/D6680 modules in a system, both using encryption (v5.16 or later) or one using encryption and the other unencrypted, then do the following steps:

4The following equipment is needed:

– One additional D6686/D6682/D6680