OPC Improves Security in Plant-to-Corporate Connection

July 24, 2008
Secure OPC tunnelling is established between power plants and the company offices by using the OPC DataHub from Cogent Real-Time Systems.
In two recent projects, Italy’s ABB Energy Automation has developed a control solution that feeds data from power plant facilities directly to corporate offices—in real time—using the OPC DataHub from Cogent Real-Time Systems, located in Georgetown, Ontario, Canada. A key requirement was to provide a highly secure means of data transmission, with the minimal risk of break-ins. The OPC DataHub tunnelling solution establishes a secure, reliable connection between the power plant and corporate networks. ABB Energy Automation implements software and control systems for power plants to ensure that equipment operates at optimum speed and efficiency. For this project, it became clear that several Italian power companies would benefit substantially by monitoring the performance of the plant directly from the company offices. Michele Mannucci, ABB Project Engineer, began looking for a way to make the plant-to-office connection, using the most reliable and secure means available. “Customers are very sensitive about security these days since they need to exchange information on the Web,” he said. “We had OPC servers on our equipment, but found that using DCOM [Distributed Component Object Model] for networking was too risky. It required us to open too many ports in our firewalls. We had to find a way to avoid using DCOM.”A search on the Web brought Mannucci to the OPC DataHub. For the first test, he connected the OPC DataHub to the plant’s DigiVis Freelance 2000 OPC server, and then connected to an OPC client, tunnelling through the plant firewall using just one open port. With that working, Mannucci installed another OPC DataHub on the corporate network, and then created a mirroring connection between the two DataHubs.For the production system, the company decided to use ABB’s own proprietary OPC server on the secure LAN in the plant, and connect that to the OPC DataHub. From the OPC DataHub, the data flows out through a single port on the plant firewall via SSL-encrypted TCP to an OPC DataHub in the corporate offices, which is connected to the corporate LAN. The two OPC DataHubs mirror the data, so that every data change on the plant LAN is immediately received on the corporate LAN. It took only a few days for Mannucci to go from initial testing to a working system in the first power plant. The second system was up and running in a similar time frame. Both systems have been running 24/7 since installation, with no breaches in security.“For us, this OPC tunnel is very good, because we only need to open one port, and we are secure from DCOM break-ins,” said Mannucci. “We are considering installing this same solution in other plants.” For more information on OPC solutions from Cogent Real-Time Systems, visit www.opcdatahub.com.

Sponsored Recommendations

Optimize food production with SEW-EURODRIVE’s hygienic, energy-efficient automation and drive solutions for precision, reliability, and sustainability.
George Reed, with the help of Factory Technologies, was looking to further automate the processes at its quarries and make Ignition an organization-wide standard.
Goodnight Midstream chose Ignition because it could fulfill several requirements: data mining and business intelligence work on the system backend; powerful Linux-based edge deployments...
In the automation world, the Purdue Model (also known as the Purdue reference model, Purdue network model, ISA 95, or the Automation Pyramid) is a well-known architectural framework...