Cellular IP network

Cellular IP communication relies on public infrastructure networks from a telecommunications provider.

Note: Where a public infrastructure communication network (including Internet as well as

other infrastructure) is used to interconnect parts of a remote SCADA system, careful attention should be paid to system security. Best practice and defense-in-depth security should be deployed.

System availability requirements for your application should be carefully analyzed if you are considering using public infrastructure communication systems. For more information see 5.6.2.

Cellular IP (small model)

Cellular IP modems at each remote site can connect to an RTU device to provide communication connectivity for remote SCADA.

Serial or Ethernet interfaces are available; each may potentially be suitable for different RTU devices in different applications.

For example:

SCADAPack E RTU supports both Ethernet and serial (PPP) cellular IP modems for remote SCADA IP connectivity, including dynamic IP

Standard SCADAPack RTUs support Ethernet modems

M340 PAC with RTU module supporting Ethernet, including PPPoE DSL modems and serial (PPP) cellular IP modems

In the case of serial PPP cellular IP modem connections, the SCADAPack E RTU can manage the configuration of the cellular modem through initialization strings, allowing installation and maintenance of the modem without complex configuration.

Cellular dynamic IP addresses for remote sites can also be managed by the SCADAPack E RTU, as long as the central modem has a static IP address. See Remote SCADA and cellular dynamic IP addressing in 5.6.2.

In the following small model architecture for cellular IP networks, the connection of the network to the SCADA LAN is by way of an entry point cellular IP modem, local to the control room systems. This architecture is suitable where there are a small number of remote systems. The cellular IP modem is operating in a “1-to-many” topology and may be constrained to providing a total system throughput equivalent to that of one remote device. A large volume of data coming from the remote sites, or anticipated to come from the remote sites in abnormal operating conditions or where system expansion is expected, may exceed the capacity of the entry point modem to

receive the data from the cellular network (even if its communication interface is Ethernet). In this case, use the large model cellular architecture, below.

Where the entry point cellular modem provides a PPP serial connection, a device such as a SCADAPack E smart RTU can be used as a remote communication gateway, connecting to both the entry point cellular modem and the SCADA LAN.

Where security measures provided by the modem and telecommunications network are deemed sufficient (i.e. the network is not on the public Internet, the service includes VPN and so on), a connection may be made from the modem to a communication gateway RTU, or directly to the SCADA LAN. Otherwise, additional security equipment, such as a firewall, should be used.

Figure 57: Cellular IP network (small) Cellular IP (large model)

Similar to the cellular IP small model, cellular IP modems at each remote site can connect to an RTU device to provide communication connectivity for remote SCADA.

In this large model architecture for cellular IP networks, the connection of the network to the SCADA LAN is by way of a „backhaul link‟ from the telecommunication provider‟s network. This a common architecture for medium to large systems and where volumes of data coming from remote sites can be anticipated to be higher under certain operational conditions, or where network data usage is expected to expand over time.

As described above, a SCADAPack E RTU can automatically configure a serial cellular modem, easing the installation and long term maintenance of the modem without independent complex configuration in the modem.

Remote Communication Network

Cellular dynamic IP addresses at remote sites can also be managed by a SCADAPack E solution. See Remote SCADA and cellular dynamic IP addressing in 5.6.2.

The backhaul link is typically in the form of a business IT connection, and may provide VPN services to the remote cellular network. It may use communication links such as Frame-Relay, DSL, or may use existing physical business network links such as fiber optic. It may use existing equipment such as IT routers. Talk to your telecommunications provider and IT network

administrator for the architecture best suited to your application.

Figure 58: Cellular IP network (with backhaul) Remote SCADA and cellular dynamic IP addressing

Where only dynamic IP addresses are available from a telecommunications provider for cellular IP communications (e.g. GPRS), the architecture shown in Figure 59 can be used. This solution uses DNP3 telemetry protocol with a SCADAPack E as a gateway RTU on the SCADA LAN, and SCADAPack E RTUs at remote sites.

A SCADAPack 300E can be used as a gateway for up to approximately 25 remote RTUs. A SCADAPack ES can be used for up to 90 remote RTUs. The architecture can be extended to operate with more additional gateway RTUs for a larger number of cellular IP remote RTUs. (It may be possible to use DNP3 RTUs other than SCADAPack E devices at remote sites, however there are specific requirements that must be provided such as using DNP3/TCP and detecting a renegotiated IP address as a trigger to sending a DNP3 TCP Keep-alive message or unsolicited response).

The gateway RTU uses the SCADAPack E DNP3 network routing table features to dynamically track changes in each remote RTU‟s IP address, updating the network table routing entry on behalf of communications between the RTU and master station. The remote RTUs and the

Remote Communication Network

master station use a static IP address for the communication with the gateway RTU for all communication transactions.

Using this architecture it is possible to use the SCADAPack E gateway RTU to route cellular dynamic IP communication between:

Redundant remote SCADA servers to remote sites

Maintenance terminal(s) on the SCADA LAN to a remote site Maintenance terminal at remote sites to other remote sites Peer-to-peer communication between remote sites