Grid AutomationTCP/IP Connectivity

ABB Medium Voltage Products – Sanjay Sharma, 29.11.2016

Introduction: Typical IP client – server connection

GPRSgatewayGet dynamic

IP address

HTTP request from client

HTTP response from server

Server

Client

Typical client – server connection• After switch-on, client gets dynamic IP address (e.g. from

GPRS gateway or ADSL gateway)• Client sends HTTP request to server (e.g. www.google.com)• Server sends response (e.g. Google page) to client’s IP

address• Note: client-terminated communication is not possible, since

server does not know client’s IP address beforehand

Internet

Client-terminated connection:1) Dynamic IP address

SCADA

Public access point(GPRS gateway)Get dynamic

IP address

Client-terminated connection not possible:• Supervisory Control And Data Acquisition (SCADA) computer

cannot initiate a connection to a device behind a GPRSnetwork, since it does not know the dynamic IP address ofthis device beforehand

REC615+ARCTIC

Client-terminated connection:2) Private APN

SCADA

Private access point(via network operatorcontract)Connect to the

static IP address

Client-terminated connection possible:• Static address obtained via network operator contract• Now SCADA can send DNP3.0 or IEC-104 request to

REC615 device

DNP3.0/IEC-104 requestto static IP address

DNP3.0/IEC-104 ResponseREC615+ARCTIC

Client-terminated connection:3) M2M GW tunneling

SCADA

Using M2M Gateway:• Client-terminated connection always possible• Virtual IP address: endpoint of VPN tunnel• Remote LAN tunneled over VPN tunnel

Response (virtual IP address)

Get dynamicor static IPaddress

M2M Gateway withpublic, fixed IPaddress

Request to M2M Gateway

DNP3.0/IEC-104 request via VPN tunnel

DNP3.0/IEC-104 response also via VPN tunnel

Public or privateaccess point

RemoteLAN

REC615+ARCTIC

Private APN vs. M2M GW tunneling

FEATURE PRIVATE APN TUNNELING (with M2M GW)

Operator Fixed Any

APN Unique Any

Routing Limited (D-NAT) Full routing

Security Good (VPN from LAN to operator) Good (end-to-end)

QOS on GPRS Good Good/Standard

Additional Components VPN router (from LAN to operator) Tunnel client & M2M Gateway

Delivery time ~1-4 weeks Instant

Maximum GPRS devices Depends on contract Unlimited

Initial investment Depends on operator M2M Gateway + static IPaddress for M2M GW

Cost per SIM/month Normal + x/month Normal

Communication costs Normal Normal

Foreign countries Roaming Roaming or local operator

Maintenance Operator Own/ASP

High Availability in Public Wireless NetworksNormal mobile versus utility-grade equipment

§ Small antenna§ Standard radio§ Listens to few base stations

§ Large antenna§ Enhanced radio§ Connected to multiple base stations

Power outage in base station maycause failure in connection

Power outage in base station causesno failure in connection

Benefits of public wireless networksOften the most suitable solution

Fast implementation

Low CAPEX

Low OPEX

Security

No need for network building and obtaininglicenses

Investment only in own communicationequipment

Low communication and maintenance costs

High network availability combined withutility-grade communication equipmentReliability

Continuous multidirectional connection withimmediate nationwide coverageSuitability

Multiple levels of encryption andauthentication provides high security

CAPEX = capitalexpenditure

OPEX =operationalexpenditure

Security in Wireless Networks

SECURE CONNECTION PIPE

§ M2M gateway physically separatesexternal and internal IP networks

§ Integrated firewall blocksunauthorized access

§ Secure VPN: strong authenticationand encryption

§ Private IP address on equipmentlevel: not visible to public, onlythrough M2M gateway

§ GPRS/3G/4G radio signals areencrypted with multiple algorithms

§ Equipment has in-built firewalls:accepts traffic only from M2Mgateway

Multiple Levels of Security

SCADA/DMS

M2M GATEWAY

APN TUNNELING

COMMS EQUIPMENT

Grid AutomationIngrid Demo

ABB FI-PPMV/Distribution Automation – Sanjay Sharma, 25.11.2014

Grid Automation Demo2 - InGRIDCommunication Setup

Devices(REC615 / REC523)

VAA

ARCTICVAA

LAN / Ethernet cable

Public Network(VPN Tunnel)

MicroSCADAVAA

M2M GatewayVAA

LAN/Ethernetcable

Remote Desktop(iPAD) – JNB

PublicNetwork

Grid Automation Demo2 - InGRIDSwitch yard - OHL line Setup

Grid Automation Demo2 - InGRIDMicroSCADA Setup

Grid Automation Demo2 - InGRIDCamera View

Two live cameras with multiple views