OPC Improves Security in Plant-to-Corporate Connection

Secure OPC tunnelling is established between power plants and the company offices by using the OPC DataHub from Cogent Real-Time Systems.

Aw 3687 08 08 Cogent Graphic
In two recent projects, Italy’s ABB Energy Automation has developed a control solution that feeds data from power plant facilities directly to corporate offices—in real time—using the OPC DataHub from Cogent Real-Time Systems, located in Georgetown, Ontario, Canada. A key requirement was to provide a highly secure means of data transmission, with the minimal risk of break-ins. The OPC DataHub tunnelling solution establishes a secure, reliable connection between the power plant and corporate networks.

ABB Energy Automation implements software and control systems for power plants to ensure that equipment operates at optimum speed and efficiency. For this project, it became clear that several Italian power companies would benefit substantially by monitoring the performance of the plant directly from the company offices. Michele Mannucci, ABB Project Engineer, began looking for a way to make the plant-to-office connection, using the most reliable and secure means available.

“Customers are very sensitive about security these days since they need to exchange information on the Web,” he said. “We had OPC servers on our equipment, but found that using DCOM [Distributed Component Object Model] for networking was too risky. It required us to open too many ports in our firewalls. We had to find a way to avoid using DCOM.”

A search on the Web brought Mannucci to the OPC DataHub. For the first test, he connected the OPC DataHub to the plant’s DigiVis Freelance 2000 OPC server, and then connected to an OPC client, tunnelling through the plant firewall using just one open port. With that working, Mannucci installed another OPC DataHub on the corporate network, and then created a mirroring connection between the two DataHubs.

For the production system, the company decided to use ABB’s own proprietary OPC server on the secure LAN in the plant, and connect that to the OPC DataHub. From the OPC DataHub, the data flows out through a single port on the plant firewall via SSL-encrypted TCP to an OPC DataHub in the corporate offices, which is connected to the corporate LAN. The two OPC DataHubs mirror the data, so that every data change on the plant LAN is immediately received on the corporate LAN.

It took only a few days for Mannucci to go from initial testing to a working system in the first power plant. The second system was up and running in a similar time frame. Both systems have been running 24/7 since installation, with no breaches in security.

“For us, this OPC tunnel is very good, because we only need to open one port, and we are secure from DCOM break-ins,” said Mannucci. “We are considering installing this same solution in other plants.”


For more information on OPC solutions from Cogent Real-Time Systems, visit www.opcdatahub.com.

More in Home