Secure OPC tunnel/mirror between power plants and company offices
In two recent projects, Italy’s ABB Energy Automation has developed a control solution that feeds data from power plant facilities directly to corporate offices – in real time – using DataHub® software. A key requirement was to provide a highly secure means of data transmission, with minimal risk of break-ins. For each project they implemented a DataHub tunnel/mirror solution to establish a secure, reliable connection between the power plant and corporate networks.
ABB Energy Automation provides software and control systems for power plants to ensure that equipment operates at optimum speed and efficiency. For these projects, it became clear that several Italian power companies would benefit substantially by monitoring the performance of the plant directly from the company offices. Mr. Michele Mannucci, ABB Project Engineer, began looking for a way to make the connection, using the most reliable and secure means available.
“Customers are very sensitive about security these days since they need to exchange information on the web,” he said. “We had OPC DA servers on our equipment, but found that using DCOM for networking was too risky. It required us to open too many ports in our firewalls. We had to find a way to avoid using DCOM.”
A search on the web brought Mr. Mannucci to DataHub software. For the first test, he connected a DataHub instance to the plant’s DigiVis Freelance 2000 OPC server, and then configured it to tunnel out through the plant firewall. With that working, he installed another DataHub instance on the corporate network, and then created a tunnel/mirror connection between the two DataHub instances.
For the production system, the company decided to use ABB’s own proprietary OPC server on the secure LAN in the plant, and connect that to the DataHub instance. From there the data flows out through the plant firewall via SSL-encrypted TCP to a DataHub instance in the corporate offices, which is connected to the corporate LAN. The two DataHub instances mirror the data, so that every data change on the plant LAN is immediately received on the corporate LAN.
“This DataHub tunnel with data mirroring is very good for our OPC networking, because we only need to open one port, and we are secure from DCOM break-ins,” said Mannucci. “We are considering installing this same solution in our top plants.”
It took only a few days for Mannucci to go from initial testing to a working system in the first power plant. The second system was up and running in a similar time frame. Both systems have been running 24/7 since installation, with no breaches in security.