Remote data transmission and storage

[micpalmia]

Hi everybody,

 

I am a software engineer currently collaborating with some wind turbine owners in order to implement (almost-)real-time data monitoring and logging for their machines. The turbines are controlled by an Unitronic Vision V130 that imitates the electromechanical system that was operating the windmill before. The controller already deals with all the metrics I'd need to transmit remotely.

 

My architecture requires either

• a remote server to periodically contact the PLC extracting required metrics (in some form), or
• the PLC to periodically send the data to a remote server.

I know a PLC only has very restricted capabilities when it comes to remote communications, but I'm quite convinced there's ought to be a simple way to do this.

 

My first idea was to implement the whole thing using MODBUS over TCP/IP, that would be very simple for me. Anyway, I'm afraid that the technician operating the PLC would not know this protocol and would not want to learn it anytime soon. I don't know very much about PLCs (and that's why I'm asking here) but it would be much easier to have a easy message-passing or remote logging functionality already programmed in the machine.

 

Can you help me with this? Any suggestions? Ideas different from the one presented here would definitely be appreciated

Thank you in advance!

 

 

 

[TT_ZX]

Hi micpalmia. I recommend configuring the turbine PLC to be modbus slaves.  This only requires 2 nets to be added to the PLC code.  It doesn't get much simpler than that for the PLC technician.  Have a look at the example "V280_Ethernet_TCP_MODBUS_IP_Slave.vlp".  I think you will have more trouble getting a secure connection from your remote server to the PLC than with the PLC itself.  I don't know what the network is between the remote server and the PLC.  From your post it sounds like you will be doing the server software.  Would you care to elaborate a bit more?

[micpalmia]

Thank you for the suggestion about configuring the PLC as slave. I was thinking the same, mostly because it looks much simpler to implement for the technician.

I don't care about confidentiality of the data transmitted, but I do care about authenticity and integrity. By using ModBus over TCP, these two requirements should be completely satisfied.

From what I read online, anyway, it seems like once the PLC is connected to the network and enabled for ModBus, it will execute any received command, including reading and writing potentially sensitive registers. This is the very scary part: it would make the whole project absolutely unfeasible.

 

The plant will be soon wired and connected to the internet through a router connected to the various PLCs. I will not be able to set up a pc between the router and the single machines. With the router filtering requests by IP address (and by TCP port/MAC address) the problem should be eased a bit, but I would still not feel completely ok.

 

Does Unitronics provide any form of access control on the ModBus protocol? Could the technician disable the sensitive registers from being read/write through ModBus and only expose the registers we need? What if I configure the PLC as a master?

[TT_ZX]

I understand your concerns, I have the same concerns myself.  There is no way to limit the range of accessible registers which is a real shame.  This question pops up on this forum occasionally.  If you have a particular range of registers that hold sensitive values you can copy them to a data table at the end of each scan and then restore them at the start of each scan.  A bit of a hack that may or may not be suitable.  When giving a list of registers to 3rd parties to be read into SCADA systems I always buffer them into a vector of XI's etc.  This means they can only be read and not written to because there changes would be overwritten.  Not entirely foolproof of course.

[micpalmia]

Thank you for your answer! There is still something I cannot get though. I'm sorry if this will sound stupid but my knowledge about controllers is very limited.

 

Is there a way in which it's possible to program the PLC so that during normal execution it is impossible to interfere with the machine's operations via ModBus TCP?

 

In the VisiLogic Help documentation, I found two tables defining the addresses that can be written using modbus commands 15 and 16 (force coil and preset holding registers). Apart for the slots with operand type I, T and C, everything seems to be exposed to be overwritten by anybody sending a well-formed ModBus message to the PLC. Am I right in saying that any PLC directly connected via Ethernet to the internet is potentially exposed to be made completely useless very easily?

[TT_ZX]

If ModBus is enabled then it will accept valid commands from any device.  It has no security built in as far as I know.  I assume this is because it is designed to operate inside secure networks and not be exposed to the internet.  You will need to devise your own methods for securing the connection.  This may be by white listing IP addresses from external networks on a router or using a VPN or ssh tunnel.

 

You could try enabling the ModBus Scan FB only when required.  This could be done locally via a push button or on a time basis.  You could even send it a text message or define your own protocol using the Protocol TCP/IP function block to change the bit.  I haven't done this before but I can't see why it won't work.