Access Management Software

Access, Identity and Password Mangement for Utility Users Groups and Substation IEDs

NovaTech Connection Manager (NCM) provides an encrypted connection between the enterprise and an OrionLX/LXm running a Connection Manager Agent. NovaTech Identity Manager™ (NIM) software provides centralized management of both system Users and system IEDs (called Hosts) using role-based access privileges. Passwords for Users and Hosts/IEDs (currently OrionLX/LXm and SEL® relays) are also centrally managed, including special modes for managing password changes.

NovaTech Connection Manager (NCM) and Agent

NCM software runs at the enterprise level and establishes encrypted connections to the OrionLX Cyber Secure Gateway in a substation.  Within the OrionLX, the Connection Manager Agent allows transparent pass-through connection (using apprpriate keys and certificates) to serially-connected or LAN-connected SEL® relays at the appropriate user access level (e.g. access level 1, access level 2, etc.).  The software monitors un-permitted keystroke combinations when accessing SEL® relays (e.g. “PAS”, “SET”)

NovaTech Identity Manager (NIM)

User Identity and User Password Management

NIM software provides centralized LDAP-based user authentication, and can be configured to set up a Trust with an Active Directory authentication system. Strong password generation rules meet IT industry standards, and complete logging of all changes is provided for audits. Role-based Authentication assigns specific user privileges to each user or group of users, and rules can vary for different User Groups. “Manager Group” may require stronger password construction, or more frequent password changing than “General Group”.  Other examples include:

  • Technician Group Permitted to view relay settings but not change settings, view HMI but not control critical devices, only acknowledge non-critical alarms, attach using SSH but not HTTPS, etc.
  • Manager Group Same privileges as Technician group but additional privileges to change settings, control critical devices, acknowledge critical alarms
  • IT Group Permitted to change IP addresses, firewall settings, etc. but not permitted to have access to “non-IT” settings or controls

IED Password Management

Centralized administration of IED passwords is currently designed for management of SEL relay passwords, with other IEDs to be added in future development phases.  SEL relays can be placed into groups for simplified administration such as “Transmission Relays”, “Distribution Relays”, “Critical Relay Assets”, “Non-critical relay Assets”, etc.  IED-specific password rules are created for specific IED password construction.  For example, the password construction rules for an SEL-421 can be different than the rules for an SEL-501. This enables SEL relays to be secured with the strongest passwords possible without running into password requirement conflicts.  All activity is logged for auditing purposes.

There are four SEL relay Password Change Modes:

  • Normal Password Change Mode Users can select specific SEL relays or groups to be changed, view the password policies for the SEL relays in the selected group (different relays in the group may have different password policies), enter or generate new random passwords according to those rules, and then send the passwords to all the relays in the group, with all actions logged.
  • Maintenance Mode This mode is for when crews are in the substation performing upgrades and reconfigurations. Passwords for substation IEDs are temporarily changed to a well-known “maintenance” password.
  • Emergency Mode (or “Password Checkout” Mode) Generally only used if the broadband connection to the substation has been lost. An administrator can view passwords and divulge them to utility people in substation, with all administrator actions logged.
  • Local Password Caching in the Security Gateway Caching includes settings to enable or disable caching, and set time limits for how long caching is enabled after connection to the remote server is lost.


  • Orion Products Overview Brochure  

    The Orion Family of Substation Automation Platforms and I/O perform an expanding array of automation and security applications in electric utility substations, with minimal setup and maintenance. A single Orion can replace multiple legacy boxes in a substation, reducing hardware, design, wiring, and panel costs.

    February 21, 2019

  • TechTalk Summer 2018  

    D650 Master Display
    Bitronics M661P3 Pole Top Power Monitor
    Firmware 9.1 for Orion Family

    August 17, 2018

  • Orion Hot Active: Standby Redundancy  

    A Hot Active – Standby Redundancy capability is now available for the OrionLX and OrionLXm. This new design simplifies operation and diagnostics in multiple redundant substation automation and SCADA applications.

    April 10, 2018

  • NovaTech Orion I/O Application Note  

    NovaTech Orion I/O™ is an extension of the family of OrionLX™ Automation Platforms for substation automation and incorporates the same security features, software tools and “NCD” configuration as the OrionLX. It is a rack-mountable I/O assembly with four slots—A, B, C, and D—that can be filled with any combination of I/O cards: currently 16-Point Discrete Input Card,

    December 12, 2018

  • Pole Top Power Monitoring Solutions  

    NovaTech now offers complete packaged solutions for pole top mounting to support distribution automation applications. Solutions are engineered and packaged per customer specification and can include a user-specified enclosure, locking door with door switch, radio and associated distribution sensors.

    January 29, 2018

  • Additional Datasheets, Application Notes, Customer Success Stories and other documents in our documentation library

  • NovaTech Orion WEBserver SCADA & HMI

    The NovaTech Orion WEBserver uses open-source graphics development, a pre-defined library of faceplates, a tiled alarm annunciator and simple setup to provide small and medium-sized utilities with a robust, low-cost SCADA solution for substation monitoring.

    April 3, 2018

  • Hot Standby Redundancy in OrionLX and OrionLXm

    Hot standby redundancy allows continuous synchronization of substation data in two OrionLX or OrionLXms, providing additional reliability for critical substation automation and SCADA applications.

    April 3, 2018

  • NERC CIP Cyber Security Solutions

    Tripwire and NovaTech jointly present on security solution to meet the latest NERC CIP requirements including Access Management, Security Monitoring, Configuration Management, and Event Analysis.

    March 18, 2016

Your browser is out-of-date!

Update your browser to view this website correctly.Update my browser now