Issue
- With the standard real-time data retrieval from controllers using Node Red or EcoStruxure Operator Terminal Expert, we must add Modbus addresses to Unity Pro/EcoStruxure Control Expert variables. This increases the deployment time and effort considering that there may be iterations leading to the final variable list.
- Since Modbus deals natively with bytes, and the Modbus nodes generally provide data in 16-bit numbers (int, word), they must be further converted to 32-bit types using additional nodes or JS functions. Bit extraction from words also need separate nodes.
- Often WiFi media is used to connect the EcoStruxure Augmented Operator Advisor App on a tablet to the EcoStruxure Augmented Operator Advisor runtime. The WiFi network and/or WiFi devices may not be secure. Hence, these must be placed in an untrusted zone separated from the trusted SCADA+Controller zone by a firewall. Incoming connections from untrusted zones to trusted zones should be avoided. Outgoing connections from the trusted zone to untrusted zones can be allowed and must be monitored.
- To protect the controller from accidental/malicious Modbus commands, a deep packet inspection firewall (E.g. Tofino) is required.
Resolution
As a proof-of-concept, this article proposes to write real-time data from CItect SCADA to the EcoStruxure Augmented Operator Advisor Runtime via HTTP/json commands. This approach can mitigate the issues described above.
Disclaimer
The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of Schneider Electric.
