SCADA systems

For a large Natural Gas distributor in The Netherlands, I architected a solutions for the connection of a SCADA system to PLC's in the field. SCADA systems are systems for process management that are used in factories, distribution systems and energy plants. Using computer technology, physical actions in processes are controlled and monitored.

In factories, energy plants or distributed systems, many physical controls are used. These controls can be:

• valves in gas pipes;
• electronic switches;
• thermometers;
• pressure sensors;
• etc.

In the past, people needed to manually open or close valves, or had to check thermometers visually. Today, most of these physical controls are connected to electronics, so they can be controlled remotely.

SCADA stands for “Supervisory Control And Data Acquisition". SCADA systems have 3 purposes:

1. Setting values to physical controls (like closing a valve).
2. Performing measurements (like the gas temperature in a gas pipe).
3. Managing alarms coming from controls (for instance when a temperature is getting below 0°C, an alarm is raised).

Usually, computer screens in the control room display an overview of the complete system, with it's status. The SCADA system is able to zoom-in to a location to show more details.

PLC's 

The physical controls "in the field" are usually connected to PLC's (Programmable Logic Controllers). PLC's are simple computer systems without keyboards or video screens, but with many I/O channels. The I/O channels can be outputs or inputs. Channels can be binary (on/off) or analogue (output or input of a voltage between for instance 0 and 5 volts). The I/O channels are connected to the physical controls. PLC's can be programmed to perform some actions when an event occurs. For instance, the PLC can shut-off a valve if some temperature raises to 100°.

Connections

Although PLC's can make some rudimentary decisions, more complex decisions should be made by humans. Therefore PLC's are connected to SCADA systems, which are usually located in a control room in a central building.

PLC's can be located all over a factory plant, or for instance in a natural gas distribution system, across an entire country. Connecting all PLC's to the central SCADA system is not a trivial task. The requirements for the connections are very high. In an electric energy grid, for example, the command for switching off an electric switch should not only be transferred in a few milliseconds, but it must be 100% certain at any time that commands are received by the PLC in the field.

Because SCADA systems are used for several decades now, and because setting-up connectivity is such a complex matter, old, but robust technology is still used frequently. Connections frequently are setup using serial lines, modems, X25 connections, and for more modern setups, TCP/IP WAN links. Special protocols, like IEC870 are used for communication between SCADA systems and PLC's.

Security

Traditionally SCADA systems were closed systems using proprietary technology. The SCADA systems are located in secured control rooms. Therefore, security issues were rare, and not much effort was done to secure the connections between the SCADA systems and the PLC's "in the field".

These days, companies start using more open communication protocols (like TCP/IP over a WAN) and COTS systems (running on for instance Microsoft Windows). This urges the companies to put more effort in securing their SCADA environments. The market for secured SCADA products is still immature at the moment. I expect that the coming years projects will be started to raise the level of security in SCADA systems.

Here is a nice article about the security issues.

LEAP - Halfway through the Dutch masterclasses

The past few months I have been attending the Microsoft Lead Enterprise Architect Program (LEAP).

LEAP is no architecture programme, but a programme for architects who want to know more about Microsoft solutions and the vision behind the various Microsoft products.

Last week the third of five masterclasses was given in The Netherlands. These masterclasses are about currently available technologies. In January a trip to the Microsoft head office in Redmond, USA will give us more information about the future vision of Microsoft.

LEAP is organised by the Dutch Microsoft Innovation Center. There are 4 groups of approximately 50 people each. Each masterclass is given for one of those groups, so Microsoft gives each masterclass 4 times, on several days.

The subject of the first masterclass was "(De)coupling or information systems". Presented technologies were among others BizTalk and Sharepoint, but also for instance Microsoft Host Integration Server. This session was mainly about Service Oriented Architectures (SOA).

The trainees get much information sent to them to prepare for the masterclasses. In this first masterclass 13 documents were sent, which had be studied in advance.

The masterclass itself started with a short (and fast) overview of the different products and their use in architectures. After the presentations a case was presented concerning a fictional bank.

The group was split up in 6 teams for a workshop. Each team got the following tasks:

• Extract the business requirements from the case.
• Define architectural decisions.
• Create a high-level architecture.
• Describe the pros and con's of the architecture.

After the workshop, the results had to be presented to one of the other groups.  After a short break Microsoft presented its own design to all people present.

After a good meal the masterclass was finished at 7:30 PM.

The set-up of the following masterclasses was equal to the first, only the subject was different.

The second masterclass was about "Access to information and services". Here technologies such as Silverlight, Smart Client, XAML, BI and datamining were discussed. This too was a very informative and inspiring day.

The third masterclass about infrastructure was my speciality. The presented processes and technologies were: Infrastructure Optimization (IO), MOF (ITIL with a Microsoft taste), System Center (formerly known as MOM and SMS server with some extra extensions) and the Dynamic Systems Initiative (DSI).

A very interesting subject was WSSRA (Windows Server System Reference Architecture). This is a set of documents with standard patterns for the implementation of Microsoft technology. It contains architecture blueprints, implementation guides and goods pratices concerning security, storage, networking and much more. The total scope of the information is approximately 3000 pages!

In a couple weeks the following LEAP session session is planned, about security. More about this later.