Data Core objects “TCP Event Source” and “TCP Event Sink” provide a mechanism to route Data Core event messages between Data Core Nodes, potentially crossing network boundaries and firewalls.
A Data Core Node is an instance of Intelligent Plant's data-routing and data-access software operating as a Windows service. App Store Connect is a type of Data Core Node pre-configured to work with the App Store.
The TCP Event Sink and Source provides a reliable and secure way to relay data across network boundaries and firewalls. Message data is signed, encrypted and relayed on a strictly one-way data-only channel. Minimal firewall configuration is required. This makes it particulary suitable for moving data across high-security militarized networks: for example, from a Process Control Network to a Process Information Network to a Business Network.
The diagram below illustrates such a configuration.
Alarms & Events (A&E) arrive on a serial feed and are captured by Serial Port Listener, data is collected then relayed. Three distinct data core nodes act as stepping stones across network boundaries. Firewalls at each boundary only require a single rule to allow the downstream flow of secure TCP traffic.
Connections between the TCP Event Sink and Source are only permitted if an autheticated, encrypted and signed communication is established.
The TCP Event Source and Sink supports resilient data transfer.
The diagram below includes a relient flow where transmission is guaranteed.
Resilient flow uses Microsoft Message Queue (MSMQ) as a local collector (this is essential if data is arriving on an ephemeral flow). The TCP Event Sink component is then chained to the transactional MSMQ.
The TCP Event Sink is configured with the “Check Response” property set to true. This acts as a guaranteed delivery mechanism - repeating attempts to relay data downstream until a positive acknowledgement is received.
The above “Resilient Data Transfer” method using TCP and MSMQ is not expected to introduce any overhead, however if a faster flow was required, paralel TCP components can be chained directly and configured to “fire-and-forget” by setting the “Check Reponse” property to false. Each event will pass through both fast and resilient flows and are consolidated at their final Alarm Analysis destination.
For TCP authentication, the TCP Client supplies credentials for the TCP server to verify. This could be a service account available on a common domain, or if the Data Core Nodes are on separate networks, a local windows account defined on the computer hosting the TCP Event Source (as in the picture below).
The username and password is then supplied in the TCP Event Sink configuration.
NB. Sensitive Data Core configuration is encrypted.