The OPC communication standards have evolved over the past ten years to accommodate the changing business environment. Many of the existing solutions have solved the initial problems with Distributed Component Object Model (DCOM) setup complexity, but may not address new cyber security threats. With increased security risks and increased needs for interoperability, the traditional, proprietary OPC tunneling methods are too rigid to adequately address all of the potential security threats.
The next generation of OPC products is being built on an open, scaleable standard rather than proprietary technology. With the proliferation of Microsoft’s .Net framework, “Intelligent OPC Tunneling” is now possible. Building OPC Tunneling on this open framework serves to de-couple the application from the framework, minimizing setup complexity while allowing for increased reliability, security, scalability and interoperability.
Guide to OPC tunneling architecture
Security: How secure do your OPC communications need to be?
In de-coupling the framework from the OPC Tunneling application, users can leverage Microsoft’s resources in detecting security risks. Once a security breach is discovered, patches and quick fixes can quickly be deployed and implemented. OPC products that are based on .Net and .Net Remoting are de-coupled solutions, enabling repair of any security breaches in .Net to be effected without affecting process data traffic. Any changes that must be effected from the widely supported .Net are only done on that layer. This de-coupling of the framework from the application protects the integrity of the application, ensuring complete, secure connectivity.
Reliability: How reliable do your OPC Communications need to be?
The reliability of traditional OPC Tunneling applications based on DCOM is proven, however updates must be done to the entire system, as the tunneling application is tightly coupled with DCOM. To avoid this challenge, a means of de-coupling the framework of the system from the actual application is necessary. Solutions built on Microsoft’s .Net framework allow a separation of the application from the open framework. This architecture allows updates, hot-fixes and patches to be applied without affecting OPC traffic.
Scalability: How scalable do your OPC Communications need to be?
The life-cycle cost of proprietary OPC applications can be expected to increase as new technologies and security features come online. Intelligent OPC Tunneling solutions, built on the .Net framework, are more likely to be seamlessly integrated without changing the application itself. For instance, if smart cards were introduced enterprise-wide, utilizing any standard Windows-compliant security protocol, such as Integrated Windows Authentication, it would be natively supported by the .Net framework. If an enterprise moved to a new operating system, such as the upcoming Microsoft Vista platform, the Intelligent OPC Tunneling application would have the flexibility to automatically detect and integrate this new platform. Proprietary systems would have to be re-coded and re-developed to incorporate this new technology.
Performance: How well do your OPC communications need to perform?
In real-time process control environments, the time to process information requests is paramount in maintaining the data stream. Systems that can be flexible incorporating next-generation components must transmit data quickly with minimal computing overhead.
Web-XML has become a popular alternative to DCOM in some industries, but in process control, the performance overhead in transmitting eXtensible Mark-up Language (XML) securely may have significant implications to real-time systems. Web-XML transfers data only in XML files, which take more time to encrypt than pure binary data. A solid Intelligent OPC Tunneling architecture will incorporate solutions that allow the encryption of binary data alone.
Conclusion
The integration between business enterprise systems and production systems can increase visibility of the manufacturing supply chain and create a more agile business environment. Such integration requires the transmission of process data values across firewalls, where security considerations are essential. While the OPC standard is useful in this application, OPC and DCOM together can pose challenges to implement and maintain. OPCNet Broker from Integration Objects, for example, uses .Net Remoting for OPC communications. This technology easily enables integration while preventing cyber attacks and unauthorized users from gaining access to critical process control data and the systems that control production.
For more information on Integration Objects solutions and services, visit www.integ-objects.com.
