Advanced Tunnelling for OPC with Cogent DataHub

OPC has become a leading standard for industrial process control and automation systems.  Among several OPC standards, the one most widely used throughout the world is OPC DA, or OPC Data Access. Many hardware manufacturers offer an OPC DA interface to their equipment, and OPC DA servers are also offered by third-party suppliers.  Likewise, most HMI vendors build OPC DA client capabilities into their software.  Thus data from most factory floor devices and equipment can connect to most HMIs and other OPC DA clients.  This universal connectivity has greatly enhanced the flexibility and efficiency of industrial automation systems.

But OPC DA has a major drawback—it does not network well.  OPC DA is based on the COM protocol, which uses DCOM (Distributed COM) for networking.  DCOM was not designed for real-time industrial applications. It is neither as robust nor secure as industrial systems require, and it is very difficult to configure. To overcome these limitations, Cogent offers a “tunnelling” solution, as an alternative to DCOM, to transfer OPC data over a network.  Let’s take a closer look at how tunnelling solves the issues associated with DCOM, and how the Cogent DataHub from Cogent Real-Time Systems provides a secure, reliable, and easy-to-use tunnelling solution with many advanced features.

Making Configuration Easy and Secure

The first problem you will encounter with DCOM is that it is difficult to configure.  It can take a DCOM expert hours, and sometimes days, to get everything working properly.  It is difficult to find good documentation on DCOM because configuration is not a simple, step-by-step process.  Even if you are successful, the next Windows Update or additional new setting may break your working system.  Although it is not recommended practise, many companies “solve” the problem by simply bypassing DCOM security settings altogether.  But this kind of granting broad access permissions is becoming less and less viable in today’s security-conscious world, and most companies cannot risk lowering their guard to allow DCOM to function.

Tunnelling with the Cogent DataHub eliminates DCOM completely, along with all of its configuration and security issues.  The Cogent DataHub uses the industry standard TCP/IP protocol to network data between an OPC server on one computer and an OPC client on another computer, thus avoiding all of the major problems associated with using the DCOM protocol.

The Cogent DataHub offers this tunnelling feature by effectively ‘mirroring’ data from one Cogent DataHub running on the OPC server computer, to another Cogent DataHub running on the OPC client computer, as shown in the image above.  This method results in very fast data transfer between Cogent DataHub nodes.

Better Network Communication

When a DCOM connection is broken, there are very long timeout delays before either side is notified of the problem, due to DCOM having hard coded timeout periods which can’t be adjusted by the user.  In a production system, these long delays without warning can be a very real problem.  Some OPC clients and OPC client tools have internal timeouts to overcome this one problem but this approach does not deal with the other issues discussed in this paper.

The Cogent DataHub has a user-configurable heartbeat and timeout feature which allows it to react immediately when a network break occurs.  As soon as this happens, the Cogent DataHub begins to monitor the network connection and when the link is re-established, the local Cogent DataHub automatically reconnects to the remote Cogent DataHub and refreshes the data set with the latest values.  Systems with slow polling rates over long distance lines can also benefit from the user-configurable timeout, because DCOM timeouts might have been too short for these systems.

Whenever there is a network break, it is important to protect the client systems that depend on data being delivered.  Because each end of the tunnelling connection is an independent Cogent DataHub, the client programs are protected from network failures and can continue to run in isolation using the last known data values.  This is much better than having the client applications lose all access to data when the tunnelling connection goes down.

The Cogent DataHub uses an asynchronous messaging system that further protects client applications from network delays.  In most tunnelling solutions, the synchronous nature of DCOM is preserved over the TCP link.  This means that a when a client accesses data through the tunnel, it must block waiting for a response.  If a network error occurs, the client will continue to block until a network timeout occurs.  The Cogent DataHub removes this limitation by releasing the client immediately and then delivering the data over the network.  If a network error occurs, the data will be delivered once the network connection is re-established.

Cogent DataHub Other tunnelling products
The Cogent DataHub keeps all OPC transactions local to the computer, thus fully protecting the client programs from any network irregularities. Other products expose OPC transactions to network irregularities, making client programs subject to timeouts, delays, and blocking behavior. Link monitoring can reduce these effects, while the Cogent DataHub eliminates them.
The Cogent DataHub mirrors data across the network, so that both sides maintain a complete set of all the data. This shields the clients from network breaks as it lets them continue to work with the last known values from the server. When the connection is re-established, both sides synchronize the data set. Other products pass data across the network on a point by point basis and maintain no knowledge of the current state of the points in the system. A network break leaves the client applications stuck with no data to work with.
A single tunnel can be shared by multiple client applications. This significantly reduces network bandwidth and means the customer can reduce licensing costs as all clients (or servers) on the same computer share a single tunnel connection. Other tunnelling products require a separate network connection for each client-server connection. This increases the load on the system, the load on the network and increases licensing costs.

These features make it much easier for client applications to behave in a robust manner when communications are lost, saving time and reducing frustration.  Without these features, client applications can become slow to respond or completely unresponsive during connection losses or when trying to make synchronous calls.

Securing the System

Recently, DCOM networking has been shown to have serious security flaws that make it vulnerable to hackers and viruses. This is particularly worrying to companies who network data across Internet connections or other links outside the company.

To properly secure your communication channel, the Cogent DataHub offers secure SSL connections over the TCP/IP network.  SSL Tunnelling is fully encrypted, which means the data is completely safe for transmission over open network links outside the company firewalls.  In addition, the Cogent DataHub provides access control and user authentication through the use of optional password protection.  This ensures that only authorized users can establish tunnelling connections.  It is a significant advantage having these features built into the Cogent DataHub, since other methods of data encryption can require complicated operating system configuration and the use of more expensive server PCs, which are not required for use with the Cogent DataHub.

Advanced Tunnelling for OPC

While there are a few other products on the market that offer tunnelling capabilities to replace DCOM, the Cogent DataHub is unique in that it is the only product to combine tunnelling with a wide range of advanced and complimentary features to provide even more added benefits.

Significant reduction in network bandwidth

The Cogent DataHub reduces the amount of data being transmitted across the network in a two ways:

  1. Rather than using a polling cycle to transmit the data, the Cogent DataHub only sends a message when a new data value is received.  This significantly improves performance and reduces bandwidth requirements.
  2. The Cogent DataHub can aggregate both client and server connections.  This means that the Cogent DataHub can collect data from multiple OPC servers and send it across the network using a single connection.  On the client side, any number of OPC clients can attach to the Cogent DataHub and they all receive the latest data as soon as it arrives.  This eliminates the need for each OPC client to connect to each OPC server using multiple connections over the network.

While it may seem simple enough to replace DCOM with TCP/IP for networking OPC data, the Cogent DataHub also replaces the inherent blocking behaviour experienced in DCOM communication.  Client programs connecting to the Cogent DataHub are never blocked from sending new information.  Some vendors of tunnelling solutions for OPC still face this blocking problem, even though they are using TCP/IP.

Supports slow network and Internet links

Because the Cogent DataHub reduces the amount of data that needs to be transmitted over the network, it can be used over a slow network link.  Any interruptions are dealt with by the Cogent DataHub while the OPC client programs are effectively shielded from any disturbance caused by the slow connection.

Access to data on network computers running Linux

Another unique feature of the Cogent DataHub is its ability to mirror data between Cogent DataHubs running on other operating systems, such as Linux and QNX.  This means you can have your own custom Linux programs act as OPC servers, providing real-time data to OPC client applications running on networked Windows computers.  The reverse is also true.  You can have your Linux program access data from OPC servers running on networked Windows computers.

Load balancing between computers

The Cogent DataHub also offers the unique ability to balance the load on the OPC server computers.  You may have a system where multiple OPC clients are connecting to the OPC server at the same time, causing the server computer to experience high CPU loads and slower performance.  The solution to this is to mirror data from the Cogent DataHub on the OPC server computer to an Cogent DataHub on another computer and then have some of your OPC clients connect to this second ‘mirrored’ computer.  This reduces the load on the original OPC server computer and provides faster response to all OPC client computers.

Advanced Tunnelling for OPC Example – TEVA Pharmaceuticals (Hungary)

TEVA Pharmaceuticals in Hungary recently used the Cogent DataHub to combine tunnelling and aggregation to network OPC data over the network and through the company firewall.

Laszlo Simon is the Engineering Manager for the TEVA API plant in Debrecen, Hungary. He had a project that sounded simple enough. He needed to connect new control applications through several OPC stations to an existing SCADA network. The plant was already running large YOKOGAWA DCS and GE PLC control systems, connected to a number of distributed SCADA workstations. However, Mr. Simon did face a couple of interesting challenges in this project:

  • The OPC servers and SCADA systems were on different computers, separated by a company firewall. This makes it extremely difficult to connect OPC over a network, because of the complexities of configuring DCOM and Windows security permissions.
  • Each SCADA system needed to access data from all of the new OPC server stations. This meant Mr. Simon needed a way to aggregate data from all the OPC stations into a single common data set on each SCADA computer.

After searching the web, Mr. Simon downloaded and installed the Cogent DataHub. Very quickly he had connected the Cogent DataHub to his OPC servers and determined that he was reading live process data from the new control systems. He was also able to easily set up the tunnelling link between the OPC server stations and the SCADA workstations, by simply installing another Cogent DataHub on the SCADA computer and configuring it to connect to the OPC server stations.

“I wanted to reduce and simplify the communication over the network because of our firewall. It was very easy with the Cogent DataHub.” said Mr. Simon after the system was up and running. Currently about 7,000 points are being transferred across the network, in real-time, using the Cogent DataHub. “In the future, the additional integration of the existing or new OPC servers will be with the Cogent DataHub.”