Secure, Firewall Friendly Communications

One of the issues with the proven OPC standard has been the communications between OPC client and OPC server when a firewall separates them. The cyber-security challenges that process manufacturers face were not envisioned in the original release of the OPC specification in the mid-1990s. The network transport is based on Microsoft’s distributed component object model (DCOM), and the challenges of using DCOM with firewalls are well documented.

An initiative was formed among process automation suppliers to solve the security challenges of the DCOM model by using the secure network communications services in Microsoft’s .NET framework. Current members of this initiative include Advosol, Emerson Process Management, Honeywell, Iconics, InduSoft, Matrikon, Mobiform, Mynah Technologies, OSIsoft, Smar and TiPS.

The result of their efforts is the Express Interface (Xi) and is described on a newly created Express Interface website:

Express Interface (Xi) is a new Microsoft .NET interface designed for secure and reliable access to automation systems. Xi provides an integrated set of methods for accessing both run-time and historical data, events, and alarms. It has been designed for fast and secure communication through firewalls and for simple implementation and use. Xi defines a Service Oriented Architecture (SOA) that is based on MMS (Manufacturing Messaging Service) and WCF (Windows Communication Foundation).

The site is primarily for client and server developers and includes a specification overview, specification and sample code downloads, internet-accessible Xi demo servers, and the Xi public license. There are also products and tools available to help accelerate software development.

At the recent Emerson Exchange, DeltaV product strategist, Chris Felts, described how the Express Interface communications technology was being incorporated into the upcoming release of the DeltaV system. Like OPC, Xi is a client-server architecture for data exchange between the ISA95 level 2 (control system level) and level 3 (manufacturing execution / operations management level). It also supports the same functionality as OPC Data Access (DA), OPC Historical Data Access (HDA), and OPC Alarms and Events (AE).

Unlike OPC, Xi incorporates the secure aspects of the .NET framework using both firewall-friendly HTTP/HTTPS services and secure web services via Microsoft’s Windows Communication Foundation. This communications framework also incorporates levels of robustness not found in the earlier DCOM communications. For example, if communications are lost between the client side and server side, the Xi interface will retain the current state of the connection and allow the client to re-establish communications without losing its original configuration.

At the Emerson Exchange, there were 10 Xi servers and 15 Xi clients in the demonstration area including Emerson’s DeltaV system, Ovation system, and Syncade operations management software, as well as ones from Advosol, Iconics, Indusoft, Matrikon, Mobiform, Mynah, OSIsoft, SMAR, and TiPS. Specifically for the DeltaV system, the version 10.3.1 release adds Xi Data Access, Xi Alarms & Events, and Xi Historical Data Access via one Xi interface. The existing DeltaV OPC DA, HDA, and AE servers will remain to support existing OPC applications. Xi and OPC can reside together in the same system.

Chris suggested some uses for the Xi interface including secure communications through firewalls, communications to non-Windows clients, real-time and historical supervisory control and data acquisition, high throughput (100Mb typical bandwidth) and high tag count applications.

GreenPodcast.gif MP3 | iTunes

Update: Updated the links above to the ExpressInterface.com site for the change from HTML to ASPX pages.

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Leave a Reply