User Tools

Site Tools


alarm_analysis:resilient_data_transfer

This is an old revision of the document!


Alarm Analysis: Capturing Alarms & Events from Militarized Network Domains

Overview

Intelligent Plant produces highly configurable tools for capturing and analyzing data. We provide solutions that can be deployed in high-security/militarized network zones and reliably move data across networks, without compromising security.

This document describes best practice for a particular use-case:

Collect Process Control Alarm & Event data for Alarm Analysis on the Industrial App Store.

Terminology

Alarm Analysis Intelligent Plant application that processes Alarm & Event data to produce interactive EEMUA (Engineering Equipment and Materials Users Association) grade reports and analysis.
Data Core Node Intelligent Plant's data-routing and data-access software. Operates as a Windows service.
Industrial App Store Cloud portal for industrial apps (including online editions of Intelligent Plant applications).
App Store Connect An instance of Data Core Node pre-configured for secure connections with the Industrial App Store.
PCN Process Control Network.
PIN Process Information Network.
BN Business Network. Also referred to as the Enterprise Network.
TCP Transmission Control Protocol. A network communication protocol.

Network Topology

  1. Alarm & Event data enters the PIN via a serial printer-port cable connected to a Serial to Ethernet Converter.

  2. This physical architecture guarantees one-way data-flow.

  3. The Data Core node installation on the PIN includes:
    1. TCP Printer Port listener (listening for input from the Serial to Ethernet Converter)
    2. Alarm & Event Collector (collecting A&E data from the PCN)
    3. a TCP Out Channel for data transfer

  4. The Data Core TCP Out Channel (on the PIN) initiates an authenticated TCP connection with App Store Connect (on the BN). Data transmitted on the TCP channel is signed and encrypted.

    Alarm & Event data is sent to App Store Connect. App Store Connect responds with an acknowledgement. If the Alarm Analysis server fails to receive a positive acknowledgement, data is resubmitted.

  5. App Store Connect acts a local data processor and supports connections to the Industrial App Store.

    App Store Connect incudes:
    1. TCP Listener (listening for input from the Alarm Analysis server)
    2. Alarm & Event Collector (collecting A&E data from the Alarm Analysis server)
    3. Alarm Analysis Processing (converting A&E data to Alarm Analysis records)

      Alarm Analysis data remains on the Business Network.

  6. App Store Connect initiates a connection to the Industrial App Store using Microsoft's SignalR technology. This supports secure 2-way communication which allows App Store apps to connect and query data on the Business Network.

    Access to data via App Store Connect is only available if explicitly shared with another App Store User (see step 7).

    For more information, refer to the App Store Wiki: Connection Security.
  7. The Industrial App Store: a cloud portal of industrial applications that can connect to business data sources through App Store Connect.

  8. Users inside and outside the Business Network (e.g. office and home workers) access Alarm Analysis via the Internet. They log-in to the Industrial App Store and select the Alarm Analysis app.
    NB. App Store users must be granted access to the Alarm Analysis data source (configured on the Business Network App Store Connection).
    For instructions on sharing data, refer to the App Store Wiki: Share Data with other App Store Users.

Deployment and Configuration Guide

1. PIN: Data Core Node

The network topology above assumes data crosses into the PIN via a serial printer porter feed. Our first task is to install and configure a Data Core node on the PIN.

Configure the following Data Core components (assume default settings unless explicitly specified):

TCP Printer Stream
Description Listen and parse data arriving on TCP channel
Type TCP Printer (Event Source)
TCP Port 9000
Message Delimiter New Line {\n}
Maximum Characters per Scan 4000
Big Data Source
Description Retrieve collected data from Big Data Store
Type Big Data Event Source (Event Source)
Big Data URL http://localhost:9200
Index Filter tcpprinterstream.evt_*
Sleep Period 30
Lag 60
Big Data Sink
Description Save data to the Big Data Store
Type Big Data Event Sink (Event Sink)
Big Data URL http://localhost:9200
Subscribes to: TCP Printer Stream
TCP Out
Description Transfer data to the Business Network
Type TCP Event Sink (Event Sink)
TCP Server Host [ IP Address of server hosting “Fast TCP In” ]
TCP Server Port 11000
Username [Service account with access to server hosting “Fast TCP In” ]
Password [Service account password with access to server hosting “Fast TCP In” ]
Check Response Yes
Subscribes to: TCP Printer Stream
Big Data Source

Data Relay across 3-Zone Network Architecture

The following example illustrates relaying data across a 3 zone network architecture. In each zone a Data Core Node is installed.

Alarm & Event data enters Data Core Node 1 via a serial printer-port cable connected to a Serial to Ethernet Converter. This physical architecture guarantees one-way data-flow from Process Controllers to Data Core.

A Fast Flow relays data across the zones via a fire-and-forget process providing near-real-time data on the destination server.

On a separate resilient flow the database on the source server is poled and new data relayed via a guaranteed delivery process. This provides a complete data record on the destination server.

The database on the destination server consolidates data from both flows.

Data Core Installation

Stand-Alone installations of Data Core are required on each domain traversed.

If the intention is to make data available to the App Store, the destination server could be an “App Store Connect” Data Core instance.

App Store Connect is an instance of a Data Core Node pre-configured for secure connection with the Industrial App
Store.

Data Core Configuration

Configure the following Event Source and Event Sink components and subscriptions.

TCP Printer Stream
Type TCP Printer (Event Source)
TCP Port 9000
Message Delimiter New Line {\n}
Maximum Characters per Scan 4000
Fast TCP Out
Type TCP Event Sink (Event Sink)
TCP Server Host [ IP Address of server hosting “Fast TCP In” ]
TCP Server Port 11000
Username [Service account with access to server hosting “Fast TCP In” ]
Password [Service account password with access to server hosting “Fast TCP In” ]
Check Response False
Retrieve Data
Type Big Data Event Source (Event Source)
Big Data URL http://localhost:9200
Index Filter tcpprinterstream.evt_*
Sleep Period 30
Lag 60
TCP In
Type TCP Event Source (Event Source)
TCP Server Port 11000
TCP Out
Type TCP Event Sink (Event Sink)
TCP Server Host [ IP Address of server hosting “Resilient1TCP In” ]
TCP Server Port 11000
Username [Service account with access to server hosting “Resilient TCP In” ]
Password [Service account password with access to server hosting “Resilient TCP In” ]
Check Response True
Store Data
Type Big Data Event Sink (Event Sink)
Big Data URL http://localhost:9200
Big Data Refresh Interval 5s

Firewall Requirements

Network and server firewalls must be open for TCP traffic on the ports configured above.

alarm_analysis/resilient_data_transfer.1517839712.txt.gz · Last modified: 2018/02/05 14:08 by su