Scada PDF

Certified Associate in PLC & SCADA
(CAPS)
Presented By:
Arslan Adil
M. Muzammil
Zeeshan Qamar
Welcome to CAPS
W
Wear the
th cap off CAPS tto b
be di
distinguished!
ti i h d!
Thank you for choosing SEECSNUST & BIS CAPS

ThankyouforchoosingSEECSNUST&BISCAPS
Wearetheoneoftheleadingtrainingproviderfor
We are the one of the leading training provider for
cuttingedgeIndustrial/ITconcepts.
Notice:
Thecontentofthiscourseareprotectedbycopyrightandcannotbereproducedin
y
anymanner.
2010BuraqIntegratedSolutions,All
rightsreserved
Who Should Attend
Anyonewhoneedstounderstandanddealeffectivelywith
theSCADASystem&PLC.
SCADASystemsPersonnel;Novice,IntermediateandSenior
Engineers,Technicians.FiledSupportandOperations
ProcessEngineersandManagers
OperationsandMaintenanceManagers,Engineersand
Technicians
HardwareandInstrumentSpecialists
BusinessSystemAnalystsWhoSupportSCADAInterfaces
SystemandApplicationProgrammers
S t d A li ti P
TelecommunicationsSupportPersonnel
rightsreserved
Introduced Yourself
Name
Name
Organization
Role
l
PersonalObjectivefortheCourse
BiggestIndustrialAutomation/ITChallenges
rightsreserved
Instructor: Arslan Adil
Master Trainer HMI & SCADA
SCADA Practitioner, Professional HMI Designer
Instructor: Zeeshan Qamar

Senior Consultant QMS,ISMS, ITSMS, BCMS, IT Governance, ITIL & COBIT
CISA, PMP (Trained) SQA, ISO 9001:2008 LA, ISO 27001:2005 LA, ISO 20000
20000-1:2005
1:2005
LA, BS 25999:2007 LI, ISO 20000-1:2005 Consultant, BS 7799:2002 LI, ITIL Fn,
COBIT Fn
Instructor: M. Muzzamil
Director Technical
Chief Designer SCADA HMI
rightsreserved
I t d ti
Introduction
Buraq Integrated Solutions

About Buraq
Establishedin1990
SpecializingthefieldsofDMS,GIS,OfficeAutomationande
Commerce Solutions
CommerceSolutions
WideCustomersRange
Providehighqualitysoftwaresolutions&services
Development&TrainingFacilities
UsingStateoftheArt&DynamicTechnologies
ProvideconsultancyandprojectstudiesrelatedtoDMS&GIS
P id lt d j t t di l t d t DMS & GIS
projects
Our Presence
Pakistan (Rawalpindi, Muzaffarabad,
L h
Lahore, K
Karachi,
hi MMultan)
lt )
Australia
Saudi Arabia (Jeddah,

(Jeddah Riyadh,
Riyadh Dammam)
Turkey (Ankara, Istanbul, Izmir, Afyon,
Adana))
Korea
UAE
Bahrain
Sudan
Tunis
T i
Housekeeping
StartandEndTimes
Start and End Times
Facilities
LunchandBreaks
h d k
RulesforCellPhonesandPagers
GroupDiscussionandParticipationare
g
Encouraged
PhotoIDRequiredforExamination
9
Training Objectives
After completing this course, students will be able to:
ExplainthebasicarchitectureandcomponentsofaSCADAsystem.
Explain the basic architecture and components of a SCADA system
DescribethecomponenttechnologiesbehindaSCADAsystem&OpenControl.
ApplypotentialbenefitsofSCADAappliedtoWorld.
UnderstandthebasestandardsthatapplytoSCADA.
Understand the base standards that apply to SCADA
RecognizethatHumanMachineInterfaces(e.g.OpenControl)arejustapartof
SCADA.
Understandthetermsusedindescribingthetechnology.
Understand the terms used in describing the technology
Discussthetechnicalaspects ofRTUs,PLCs,MTUs,andcommunications
methods.
ReviewSCADASystemDesignConsiderations.
Review SCADA System Design Considerations
ExploreprojectplanningprocessofSCADAImplementation.
DiscusssuccessfulandunsuccessfulSCADAdeployments.
PLCprogramming&interfacingwithSCADASystems.
rightsreserved
ProgramAgenda>>>>
Time Day1 Day2 Day3 Day4
Ch#15
Revisionof
Welcome&Introduction IntrotoSCADAHMI
OpenControlHandson
Ch#10 OpenControl
Overviewoffunction
Ch # 1
Ch#1 performed by SCADA
performedbySCADA Ch # 16
Ch#16 Ch # 28
Ch#28
TheHistory&Backgroundof OpenControl IntrotoSCADAProcess
SCADASystem Architecture Control&Security
09:00am 10:45am
Ch#29
Ch#17 SecuringProcess
g
Ch # 2
Ch#2 Ch # 11
Ch#11
OpenControl Control&Security
WhyweneedSCADA? DataAcquisition
ComparativeAnalysis Ch#30
UnderstandBusiness
Risk
10:45am 11:00am Break
Ch # 31
Ch#31
ImplementSecure
Ch#12 Architecture
Ch#3
NetworkedData
SCADASystemArchitecture Ch#32
communication
EstablishResponse
Capabilities
Ch#18 Ch#33
OpenControlInstallation ImproveAwareness&
11:00am 01:00pm Ch#13
&Configurationofall Skills
DataPresentation&
Modules Ch#34
Visualization
Ch#4 ManageThirdParty
p
OverviewofComponentsof s s
Risks
SCADASystem Ch#35
EngageProject
Ch#14
Ch#36
SystemControl
2010BuraqIntegratedSolutions,All EstablishOngoing
rightsreserved Governance
ProgramAgenda>>>>
Program Agenda >> >>
Time Day1 Day2 Day3 Day4
01:00 pm- 02:00 pm Lunch Break
Ch # 19
Ch # 5
Intro to OpenControl
Analog & Digital I/O Field
g g Module
Designing
Devices
Ch # 23 OpenGraph A Quick Recap of
Components of PLC Ch # 20 Content
Ch # 6
02:00 pm- 03:45 pm Remote Terminal Unit
Trending Module
(RTU)
OpenTrend
Ch # 21
Ch # 7 Ch # 24
Master Terminal Unit PLC Selection
alarming Module
(MTU) Parameters
OpenAlarm
03:45 pm- 04:00 pm Break
Ch # 8 Ch # 25 CBT* For CAPS
Communication Medium & PLC Programming Certification
their types using GCL *CBT(ComputerBased
Ch # 26
Ch # 22 Testing)
PLC Programming
04:00 pm- 05:00 pm Ch # 9 OpenControl
using Ladder Logic
Man Machine Interfacing with PLC
Ch # 27
Interface(MMI)/Human
I l
Implementation
t ti off
Machine Interface (HMI)
Counters, Timers &
Totalizers
rightsreserved
Study Content Modules
Module Description
1 SCADA System
2 Components of SCADA
3 Functions performed by a SCADA system
4 SCADA HMI OPENCONTROL
5 Working With PLC
6 Overview of SCADA Process Control & Security
rightsreserved
Module 1
Module-1
SCADA Systems
SCADASystems
rightsreserved
Chapter
p # 1:
The History & Background of
SCADA Development
rightsreserved
History & Background of SCADA
System
ThehistoryofSCADAcanbetracedbacktotheearly1900swith
theadventoftelemetry.
Telemetry:
Telemetry : Transmissionandcollectionofdataobtainedby
Transmission and collection of data obtained by
sensingrealtimeconditions.
SCADAbeganintheearlysixtiesasanelectronicsystem
operatingasInput/output(I/O)signaltransmissionsbetween
amasterstationandaRemoteTerminalUnit(RTU)station.
SCADAsystemsbecamepopularinthemidof1960
SCADA systems became popular in the mid of 1960ssasthe
as the
needtomonitorandcontrolremoteequipmentsgrew.
rightsreserved
Cont
Cont
EarlySCADAsystems:
usedmainframetechnology
used mainframe technology
requiredhumanoperatorstomaintainthe
informationsystems
increasedthehumanlaborcost
veryexpensivetomaintain.
TodaySCADAis:
usedformeasuring,forecasting,billing,analyzing
andplanning.
muchmoreautomated
costefficient
rightsreserved
DCS (Distributed Control Systems)
DCSareusedtocontrolindustrialprocesses
ForExample:
electricpowergeneration
oilandgasrefineries
waterandwastewatertreatment
chemical,food,andautomotiveproduction.
typicallyeffectivewithinaconfinedarealikeafactory
complex
communicationiscarriedoutthroughalocalareanetwork
(LAN)
highlydependableandfast,andcanmanageclosedloop
hi hl d d bl df t d l dl
(feedbackbased)control
cannotcoverlargeterritories
rightsreserved
PLC Programmable Logic Controller
PLCis
acomputerbasedsolidstatedevicesthatcontrols
industrialequipmentandprocesses.
moreintelligentthanmicrocontrollers
abletocontrolsiteswithouttakingdirectionfrom
amaster
usedinveryregular,highspeedbinarycontrols,
suchascontrollingahighspeedprintingpress.
providesBooleanlogicoperations,timers,and
continuouscontrol.
rightsreserved
What PAC concept is?
PAC:ProgrammableAutomationController
or Process Automation Controller
orProcessAutomationController
anamalgamationofthesethreeconcepts
of DCS PLCs & SCADA S stems
ofDCS,PLCs&SCADASystems.
rightsreserved
Generations of SCADA Systems
SCADAsystemshaveevolvedthrough3generationsasfollows:
Firstgeneration:"Monolithic
computingwasdonebymainframecomputers.
p g y p
Networksdidnotexist.
thecommunicationprotocolsusedwereoftenproprietary.
redundantsinceabackupmainframesystemwasconnectedatthebuslevelandwas
usedintheeventoffailureoftheprimarymainframesystem.
Secondgeneration:"Distributed
processingwasdistributedacrossmultiplestationsconnectedthroughaLAN.
Stationssharedinformationinrealtime.
Eachstationwasresponsibleforaparticulartask.
p p
networkprotocolsusedwerestillmostlyproprietary:veryfewpeoplebeyondthe
developersandhackersknewenoughtodeterminehowtosecureaSCADAinstallation?
Thirdgeneration:"Networked
usesopensystemarchitectureratherthanavendorcontrolledproprietaryenvironment.
p y p p y
functionalityacrossaWANratherthanaLAN.
WANprotocolssuchasInternetProtocol(IP)areusedforcommunicationbetweenthe
masterstationandcommunicationsequipment.
easiertoconnectthirdpartyperipheraldeviceslikeprinters,diskdrives,andtapedrives.
potentiallyvulnerabletoremotecyberattacks.
standardsecurityimprovementsapplicabletotheSCADAsystems.
rightsreserved
What are SCADA Systems?
y
SCADA:SupervisoryControlAndDataAcquisition
Typeofcontrolsystemwithapplicationsinmanaging
largescale,automatedindustrialoperations.
Usedforgatheringandanalyzingrealtimedata.
Used for gathering and analyzing real time data
Coverslargeterritories.
Consistsof:
OneCentralTerminal(whichcouldbeseveralmilesaway
fromthesiteofoperations)forSupervisoryControl.
OneorseveralRTUs(normallyclosetothesiteof
One or several RTUs (normally close to the site of
operations)tosendrealtimedatabacktocontrolcenter.
FieldDevices/monitoringsystemorsensorsnormallyknown
asPoints
rightsreserved
Cont
Cont
Points:
DataCollectionelementsarecalledPoints.
Twotypes:HardPointsandSoftPoints
Two types: Hard Points and Soft Points
Ahard datapointcanbeanactualmonitoringsystem.
Whileasoft
While a soft pointcanbevieweduponasan
point can be viewed upon as an
applicationorsoftwarecalculation.
rightsreserved
Basic requirements of SCADA
D l
Deploymentt
AnySCADAscenarioinvolvestwobasic
y
requirementsinearlystagesofits
implementation
1. Thingsyouwanttomonitorandcontrol
System,processes,machineryetc
2 Devices
2. Devicesyouwillusetoperformmonitoringand
you will use to perform monitoring and
controllingfunctions
sensors(discreteoranalog),controlrelaysetc
ThesystemisgovernedbyaSCADAmaster
HMI,whocollectsdatafrommonitoring
devices and issues controls in response
devicesandissuescontrolsinresponse.
rightsreserved
Types of SCADA
Threetypes:
1. D+R+N(Development+Run+Networking).
1 D R N (D l t R N t ki )
2. R+N(Run+Networking).
3. Factoryfocus.
rightsreserved
Features of SCADA
1. DynamicprocessGraphic.
2. Alarmsummery.
3. Alarmhistory.
4. Realtimetrend.
5. Historicaltimetrend.
6. Security(ApplicationSecurity).
7. Databaseconnectivity.
8. Deviceconnectivity.
9. Scripts.
10 Recipemanagement.
10. R i
rightsreserved
Chapter
Ch t # 2:
2
Why We Need SCADA
rightsreserved
Potential Problems without SCADA System
Earlycontrolsystemsweredesignedaroundserialcommunication
from field instruments to Central terminal unit which is very slow
fromfieldinstrumentstoCentralterminalunitwhichisveryslow
Autosignaling,autosorting,autodialinginvolvedadvanced
electronicssuchasdigitalswitchingandprogrammablelogical
controlswhichcouldnotsupportedbyearlycontrolsystems
pp y y y
Centralmonitoringroomwithhugewallofmeters,gauges,
indicatorsandpushbuttons&switches.
Asoldtraditionalsystemsutilizeddataacquisitionbymeansof
panelsofmeters,lightsandstripchartrecorders.Theoperator
manuallyoperatingvariouscontrolknobs.
Theproblemsregardingolddirectpaneltosensorsystemsare:
Amountofwirebecomesunmanageableaftertheinstallationofhundredsofsensors.
Amount of wire becomes unmanageable after the installation of hundreds of sensors
Quantityandtypeofdataareminimalandrudimentary.
Installationofadditionalsensorsbecomesprogressivelyharderasthesystemgrows.
Reconfigurationofthesystembecomesextremelydifficult.
Simulation using real data is not possible
Simulationusingrealdataisnotpossible.
rightsreserved
Contd
Contd
Storageofdataisminimalanddifficulttomanage.
Nooffsitemonitoringofdataoralarms.
NocentralizedHMIvisibility.
Increased human resource dependency
Increasedhumanresourcedependency.
Increasedproductioncost.
Increasedmaintenancecost.
Productqualitycouldnotbeensured.
Unreliablesystems.
Failure could be fatal.
Failurecouldbefatal.
rightsreserved
Early Control Systems
rightsreserved
SCADA HMI System
rightsreserved
You need SCADA if
Youneedaconstantstreamofpowertooperateyour
p p y
equipment
Youneedtomonitor,control&respondtoremote
equipmentsorotherRealTimefactors
i t th R l Ti f t
Youneedtoconstantlymonitortheconnectivityofdifferent
devices,presentatremotesitesofalargesystem
,p g y
Youneedtogatherinformationthatdemonstratetheeffects
ofinputchangesonyouroperationaloutputlevels
Youneedreliable,realtimeinformationreportingabout
missioncriticalprocessesthataffectoveralloutput
rightsreserved
Benefits of SCADA
UsingSCADA:
Reducesoperationalcosts
Providesimmediateknowledgeofsystemperformance
Improves system efficiency and performance
Improvessystemefficiencyandperformance
Increasesequipmentlife
Reducescostlyrepairs
R d
Reducesnumberofmanhours(laborcosts)requiredfor
b f h (l b ) i df
troubleshootingorservice
Freesuppersonnelforotherimportanttasks
Facilitatescompliancewithregulatoryagenciesthrough
automatedreportgenerating
Andmanymore
rightsreserved
SCADA-monitoring
SCADA monitoring example
SCADAmonitoredelementscouldbejustaboutanything,fromanoil
refineryplant,watertreatmentplant,apowergenerationsystem,
anorganization
an organizationsscommunicationnetwork,orevenasimpleswitch.
communication network or even a simple switch
rightsreserved
Chapter
Ch t #33:
SCADA System Architecture
rightsreserved
Hi
Hierarchy
h off SCADA S
System
t IImplementation
l t ti
TheHierarchyofSCADASystemcouldbe
e e a c y o SC Syste cou d be
implementedthroughfollowingthreelayers;
providinginterfacewithbothhardware&HMI
softwareatthesametime.
f h
Layer1: Fieldinstrumentscollectrealtimedatafrom
industrial environment
industrialenvironment.
Layer2: PLCs/Controllersthenprovidesinterface
betweenHMI(HumanMachineInterface)&Field
Instruments.
Layer3: HMIapplicationforSCADAsystem
implementation.
implementation
rightsreserved
rightsreserved
Architecture
Architecture
ArchitectureofSCADAsystemsisdividedinto
of SCADA systems is divided into
twobasicdivisionsbothareinterrelatedto
each other:
eachother:
1. HardwareArchitecture.
2 SoftwareArchitecture.
2. Software Architecture
rightsreserved
1. Hardware Architecture
HardwareArchitecturedescribesbasicallythe
interconnectionofdifferentdeviceshaving
g
differentprotocols;implementingthroughSCADA
systems.
DataserversareconnectedtotheProcess
controllers.
Dataserversareconnectedtoeachotherandto
clientstationsviaanEthernetLAN.
rightsreserved
rightsreserved
2 Software
2. S ft Architecture
A hit t
Twobasiclayershandlehumanmachineinteractionand
processdatacontrolactivities:
1. Clientlayer:catersforthehumanmachineinteraction.
li l f h h h
2. Dataserverlayer:handlesmostoftheprocessdatacontrolactivities.
rightsreserved
FigureshowsaSCADAarchitecturethatisgenericforthesoftwareproductsthatexistinSCADAHMI
Application.
rightsreserved
Communication Architecture
rightsreserved
Fieldbus protocols
For
ForUnderstandingthecommunicationarchitectureofSCADA,
Understanding the communication architecture of SCADA,
weneedtoknowtheprotocolsoffieldbusstandards
Fieldbusisthenameofafamilyofindustrialcomputernetwork
protocolsusedforrealtimedistributedcontrol,nowstandardizedas
IEC 61158
IEC61158.
awaytoconnectinstrumentsinamanufacturingplant.
worksonanetworkstructurewhichtypicallyallowsdaisychain,star,
ring, branch, and tree network topologies.
ring,branch,andtreenetworktopologies.
equivalentofthecurrentLANtypeconnections
devicesthatcommunicatethroughfieldbusrequireamicroprocessor
amountofcablingrequiredismuchlowerinFieldbusthanin420mA
g q
installations.
rightsreserved
Commonly used Standards of Fieldbus
Thereisawidevarietyofconcurringfieldbus
standards Some of the Industrial Ethernet
standards.SomeoftheIndustrialEthernet
based;mostwidelyusedprotocolsare:
PROFIBUS
Modbus
Interbus
Interbus
LonWorks
BITBUS
CompuBus
CompuBus
SafetyBUSp
rightsreserved
Profibus (Process Field Bus)
astandardforfieldbuscommunicationinautomation
technology
twovariationsofPROFIBUSinusetoday
1. PROFIBUSDP(DecentralizedPeripherals)
Usedtooperatesensorsandactuatorsviaa
centralizedcontroller.
l d ll
designedfor(deterministic)communication
betweenProfibusmastersandtheirremoteI/O
slaves.
slaves
2. PROFIBUSPA(ProcessAutomation)
usedtomonitormeasuringequipmentviaa
used to monitor measuring equipment via a
processcontrolsysteminprocessautomation
applications.
g p /
designedforuseinexplosion/hazardousareas .
rightsreserved
Modbus
serialcommunicationsprotocol.
usesPLCstoconnectindustrial
uses PLCs to connect industrial
electronicdevices.
forcommunicationbetweenmany
d
devicesconnectedtothesamenetwork,
d h k
forexample:
aasystemthatmeasurestemperatureand
system that measures temperature and
humidityandcommunicatestheresultsto
acomputer.
often
oftenusedtoconnectasupervisory
used to connect a supervisory
computerwithRTUonSCADAsystems.
rightsreserved
Versions of Modbus Protocol
TherearemanyvariantsofModbusprotocolsforexample:
ModbusRTU
RTUformatfollowsthecommands/datawithacyclicredundancycheckchecksumasanerrorcheckmechanismto
ensurethereliabilityofdata.
isusedinserialcommunication.
makesuseofacompact,binaryrepresentationofthedataforprotocolcommunication.
ModbusRTUmessagemustbetransmittedcontinuouslywithoutintercharacterhesitations.
messagesareframed(separated)byidle(silent)periods.
ModbusASCII
usedinserialcommunication.
makesuseofASCIIcharactersforprotocolcommunication.
ASCIIformatusesalongitudinalredundancycheckchecksum.
messagesareframedbyleadingcolon(':')andtrailingnewline(CR/LF).
ModbusTCP/IPorModbusTCP
/
amodbusvariantusedforcommunicationsoverTCP/IPnetworks.
doesnotrequireachecksumcalculationaslowerlayertakescareofthesame.
ModbusoverTCP/IPorModbusoverTCP
amodbusvariantthatdiffersfromModbusTCPinthatachecksumisincludedinthepayloadaswithModbus
RTU
RTU.
ModbusPlus(Modbus+orMB+)
requiresadedicatedcoprocessortohandlefastHDLCliketokenrotation.
usestwistedpairat1Mbit/s
includestransformerisolationateachnode,whichmakesittransition/edgetriggeredinsteadofvoltage/level
triggered.
triggered
SpecialinterfacesarerequiredtoconnectModbusPlustoacomputer,typicallyacardmadefortheISA(SA85),
PCIorPCMCIAbus.
rightsreserved
Modbus RTU Frame Format
Name Length Function
Start 3.5c idle at least 3-1/2 character times of silence (MARK condition)
Address 8 bits Station Address
Function 8 bits Indicates the function codes like read coils / inputs
Data n * 8 bits Data + length will be filled depending on the message type
CRC
16
6bbits
ts Error
o cchecks
ec s
Check
End 3.5c idle at least 3-1/2 character times of silence between frames
rightsreserved
Modbus ASCII Frame Format
Start 1 char starts with colon ( : ) (ASCII value is 3A hex)
Address 2 chars Station Address
Function 2 chars Indicates the function codes like read coils / inputs
Data n chars Data +length will be filled depending on the message type
LRC
2 chars Error checks
Check
End 2 chars carriage return line feed(CRLF) pair (ASCII values of 0D & 0A hex)
rightsreserved
Modbus TCP Frame Format
Transac
For synchronization between messages of server
tion
2 bytes
Identifie & client
r
Protoco
l
2 bytes Zero for MODBUS/TCP
Identifie
r
Length
2 bytes Number of remaining bytes in this frame
Field
U it
Unit
Identifie 1 byte Slave Address (255 if not used)
r
Functio
1b
byte
t F
Function
ti codes
d as iin other
th variants
i t
n code
rightsreserved
BACnet
A
AcommunicationsprotocolforBuilding
communications protocol for Building
AutomationandControlnetworks.
ASHRAE,ANSI,andISOstandardprotocol.
ASHRAE, ANSI, and ISO standard protocol.
designedtoallowcommunicationofbuilding
automation and control systems for
automationandcontrolsystemsfor
applicationssuchas
heating,ventilating,andairconditioningcontrol,
g, g, g ,
lightingcontrol,accesscontrol,andfiredetection
systemsandtheirassociatedequipment.
rightsreserved
BACnet Protocol:
definesanumberofservicesthatareusedto
communicatebetweenbuildingdevices.Theprotocol
servicesincludeWhoIs,IAm,WhoHas,IHave,whichare
usedforDeviceandObjectdiscovery.
definesanumberofObjectsthatareacteduponbythe
services.TheobjectsincludeAnalogInput,AnalogOutput,
AnalogValue,BinaryInput,BinaryOutput,BinaryValue,
M lti St t I
MultiStateInput,MultiStateOutput,Calendar,Event
t M lti St t O t t C l d E t
Enrolment,File,NotificationClass,Group,Loop,Program,
Schedule,Command,andDevice.
definesanumberofdatalink/physicallayers,including
d fi b f d t li k / h i l l i l di
ARCNET,Ethernet,BACnet/IP,PointToPointoverRS232,
MasterSlave/TokenPassingoverRS485,andLonTalk.
rightsreserved
Benefits of BACnet
Singlepointofcontrol
Competitivesystemexpansion
Eliminatefearofbeinglockedin
P ibilit f i t
PossibilityofintegratingallBACfunctions
ti ll BAC f ti
Lowcost
Interoperability
Datasharing
Alarmandeventmanagement
T di
Trending
Scheduling
Remotedeviceandnetworkmanagement
rightsreserved
BACnet Applications
Scope
Scalablefromsmalltolargeinstallations
Mainlyforlargeinstallation
Differentbuildingsusingequipmentsfromdifferentmanufactures
Equipments
E i t
HVACcontrol(Heating,VentilationandAirConditioning,i.e.Climate
Control)
Firedetectionandalarm
Fire detection and alarm
Lightingcontrol
Security
Smartelevators(AnewelevatorsystemdevelopedbyFujitec
( y p y j
AmericaInc.alleviatespassengerbottlenecksinlobbiesandinother
hightrafficareas.minimizesstopsbygroupingtogetherpassengers
withcommondestinations.)
Utilitycompanyinterface
Utility company interface
rightsreserved
What is BACnet Protocol?
SetofHardware+SoftwareofRules
Set o a d a e So t a e o u es
BACnetRulesApplyto:
ElectricalSignalling
g g
Addressing
NetworkAccess(Master/Slave,PeertoPeer)
ErrorChecking
FlowControl
M
MessageSequencing,Segmentation,Checkpointing
S i S t ti Ch k i ti
PresentationFormat(Compression,Encryption)
Message Format
MessageFormat
rightsreserved
Contd
Objects
Anobjectissimplyacollectionofinformationrelated
toaparticularfunction.
p
canbeuniquelyidentifiedandaccessedovera
networkinastandardizedway.
mayrepresentsinglephysicalpoints,orlogical
groupingsofpointsthatperformaspecificfunction.
allowsustoorganizeinformationrelatingtophysical
ll i i f i l i h i l
inputsandoutputs,aswellasnonphysicalconcepts
like software, or calculations.
likesoftware,orcalculations.
rightsreserved
Contd
Each
Eachobjectischaracterizedbyasetof
object is characterized by a set of
propertiesthatdescribeitsbehavioror
govern its operation e g
governitsoperatione.g.
Thetableshowsanexampleofatemperaturesensor,whichmightbe
representedasaBACnetAnalogInputobject.
Object Name SPACE TEMP
Object Type ANALOG INPUT
Present Value 72.3
Status Flags Out-of-Service
High Limit 78.0
Low2010BuraqIntegratedSolutions,All
Limit 68.0
rightsreserved
Contd
Contd
BACnetDevice
collectionofobjectsthatrepresentsthefunctions
ll ti f bj t th t t th f ti
actuallypresentinagivenrealdevice.
rightsreserved
Communication in BACnet
BACnetisbasedona"ClientServer"communicationmodel.
messagesarecalled"services"whicharecarriedoutbythe
serveronbehalfoftheclient.
Differentwaysofcommunicationare:
y
NativeBACnet
InterconnectMultipleLANs
G t
Gateways
WorkingoverIPinternet
BACnet/IP
BACnet/IPUnicast
BACnet/IPBroadcast
rightsreserved
Native BACnet
devicesonlyspeakandunderstandBACnet.
BACnet LAN: Ethernet, ARCNET, LonTalk, MS/TP, LonTalk or BACnet/IP
BACnet Field
Panels
BACnet
Workstation Sensors and Actuators
Figure:
i NativeBACnetdevicesprovideBACnetcommunicationsdirectly,devicetodevice
d d d l d d
rightsreserved
Interconnect Multiple LANs
B A C n e t L A N : E th e rn e t
B A C n e t F ie ld
P a n e ls
E th e rn e t to E th e rn e t to
B A C net A R C N E T M S /P T
S e n s o rs a n d
R o u te r R o u te r
W o r k s ta tio n A c tu a to rs
B A C net LA N : A R C N E T B A C n e t L A N : M S /P T
B A C n e t F ie ld B A C n e t F ie ld
P a n e ls P a n e ls
S e n s o rs a n d A c tu a to rs S e n s o rs a n d A c tu a to rs
ThetworoutersshownaboveimplementtheBACnetnetworklayerprotocolandallowdeviceson
disparatenetworkstocommunicate.
MessagesbetweentheARCNETandMS/TPLANspassthroughbothroutersviatheEthernet
segment in the middle.
segmentinthemiddle.
rightsreserved
Gateways
B A C n e t L A N : E t h e r n e t , A R C N E T , L o n T a lk , M S / T P , L o n T a lk
B A C n e t F ie ld
P a n e ls
B A C n e t to
V endor B
B A C net G a te w a y
S e n s o rs a n d A c tu a to rs
W o r k s ta tio n
V e n d o r B P r o p r ie ta r y L A N
N o n -B A C n e t
F ie ld P a n e ls
S e n s o rs a n d A c tu a to rs
Agatewayisdifferentfromarouterinthatitdoesntsimplytransfer
messages;italsotranslatesthemintoeachnetworkslocallanguage.
rightsreserved
Working over IP internet
In
InBACnet/IP,eachBACnetdeviceisactuallya
BACnet/IP each BACnet device is actually a
fullfledgedIPnode,completewithitsownIP
address and IP protocol stack
addressandIPprotocolstack.
rightsreserved
BACnet/IP
BACnet/IPdevicesviewtheIPinternetasifitwerealocalareanetwork.
BACnet/IPdevicesdon'tneedAnnexHroutersandcantalkwitheachotherdirectlyoverthe
Internet.TheonlyhitchisthatIProutersdon'tnormallypassalong"broadcast"messages,
i.e.,messagesintendedforalldevicesonaBACnetinternetwork.Enterthe"BACnet
BroadcastManagementDevice"(BBMD).
rightsreserved
BACnet/IP Broadcast
BACnet/IP-Broadcast
BBMDsactsimilarlytotheAnnexHrouterspreviouslydescribedexceptthattheyonlyhandle
theforwardingofbroadcastedIPmessages.Sincebroadcastsaregenerallyusedvery
h f di fb d d IP Si b d ll d
infrequentlyinBACnet,theirpropagationshouldnotcauseanyproblems.
rightsreserved
BACnet/IP-Foreign
BACnet/IP Foreign Device
ByregisteringwithaBBMD,theworkstationabovebecomesamemberoftheBACnet/IP
networkandwillreceiveforwardedbroadcastmessagesfromtheBBMDwhentheyare
k d ill i f d db d f h BBMD h h
availableandcanrequestthatmessagesbebroadcastbytheBBMDonitsbehalf.
rightsreserved
Hart Protocol
HARTcommunicationtechnologywereintroducedintheearly1980s.
ThecommunicationspeedforHARTsignallingis1.2kbpswhilefieldbussignalling
is31.5kbps
BothHARTandfieldbusdevicescontainamyriadofconfigurationanddiagnostic
d t
data.
HARTprotocoldoesallowseveraldevicestobeconnectedinseriesinthesame
currentloopthusprovidingdigitaldatafromeachdevice.
In HART devices the PV data is delivered via digital signalling that is
InHARTdevices,thePVdataisdeliveredviadigitalsignallingthatis
superimposedontopofthetraditional420mAcurrentloopusedtoreturn(or
send)theprocessvariable(PV).
PVisalwaysderivedfromthe420mAsignallingloopfromthedevicedespitethe
y g g p p
factthatthePVisalsoavailableaspartofthedigitaldataprovidedbythedevice.
TheHARTCommunicationFoundationestimatesthatthereareapproximately10
MillionHARTdevicesinservicethroughouttheworldtoday.
rightsreserved
Contd
the
thecurrentintheloopiskeptataconstant
current in the loop is kept at a constant
value.
MultidropHARTnetworksareusedin
Multi drop HART networks are used in
applicationswherefastupdateratesarenot
required.
required
rightsreserved
HART Message Structure
rightsreserved
Comparison of HART & Field bus Protocols
rightsreserved
ARCHITECTURES USING BOTH HART
AND FOUNDATION FIELDBUS
rightsreserved
INTEGRATED ARCHITECURE USING
HART MULTIPLEXERS
rightsreserved
M d l 2
Module-2
Components of SCADA Systems

ComponentsofSCADASystems
rightsreserved
Chapter
Ch t #44:
Components of SCADA System
rightsreserved
Overview of Components of SCADA
System
There
TherearefivemaincomponentsofabasicSCADA
are five main components of a basic SCADA
systemwhichare:
1. Analog&DigitalI/Ofielddevices.
2. RTUs.
3
3. MTUss.
MTU
4. CommunicationMediums&theirtypes.
5. MMI/HMI.
rightsreserved
1. Analog & Digital I/O Field Devices
Fielddevices
Smalldedicateddevicesthatarehardenedfor
industrialenvironments.
FForExampleSensors,Indicators,Motors,Actuators,
E l S I di M A
Conveyers,Switches,Relays,Valves,FlowMeters,Level
detectorsetc
TypesofFieldDevices
fourtypes:
1. Discrete/DigitalInputDevices
2. Discrete/DigitalOutputDevices
3. AnalogInputDevices
g p
4. AnalogOutputDevices
rightsreserved
Contd
1. Discrete/DigitalInputDevices:
detectconditionswhicharereportedasanONoranOFF
e.g.Doorsensor,Smokedetector,StatusSensorsetc.
S k d S S
2. Discrete/DigitalOutputDevices:
indicateorgenerateconditionswhicharereportedasONorOFF
e.g.ON/OFFIndicators/Meters,Switches,RelaysandDigitalValvesetc
ON/OFF I di /M S i h R l d Di i l V l
3. AnalogInputDevices:
providetheabilitytomonitorcontinuousenvironmentalconditions
e.g.LevelDetectors,Temperature/HumiditySensors,Voltages/Current
L lD T /H idi S V l /C
Sensors andFlowMeters etc.
4. AnalogOutputDevices:
providetheabilitytodoworkonRealtimeinstant&indicate
id h bili d k R l i i & i di
continuousenvironmentalconditions
e.g.Motors,Actuators,Conveyers, AnalogMeters/Indicators,Analog
Valves alarms etc
Valves,alarmsetc
rightsreserved
2 RTUs
2. RTU s (Remote Terminal Units)
generally
generallysmalldedicatedanalogtodigitalconvertingdevices
small dedicated analog to digital converting devices
thatarehardenedforoutdooruse.
converttheelectricalsignalsfromtheequipmenttoitsdigital
value.
actaslocalcollectionpointsforgatheringreportsfrom
sensors and delivering commands to control relays
sensorsanddeliveringcommandstocontrolrelays.
gatherdatafromfielddevices(pumps,valves,alarms,etc.)in
y
memoryuntiltheMTUinitiatesasendcommand.
rightsreserved
3 MTUs
3. MTU s (Master Terminal Units)
Oftenacomputingplatform,likeaPC,whichrunsSCADA
software.
utilizedbyoperatorstomonitorandcontrolalargenumber
utilized by operators to monitor and control a large number
ofRTUs.
provideahumaninterfacetothesystem.
ASCADAnetworkconsistsofoneormoreMTUsdepending
upontheneedandrequirements.
4. Communication
CommunicationsbringRTUsinformationfromthevarious
g
plantorregionalRTUsitestoacentrallocation.
occasionallyreturnsinstructionstotheRTUs.
Communicationwithinaplantisconductedbydatacable,
wireorfibreoptic,whileregionalsystemsmostcommonly
utilizeradiolink.
IninternalcommunicationbetweenServerclientandserver
serverisingeneralonpublishsubscribeandeventdriven
b i
basisandusesaTCP/IPprotocol.
d TCP/IP l
WhileDataserversarecommunicatedPLCs;eitherdirectlyor
via networks or fieldbuses (proprietary or nonproprietary).
vianetworksorfieldbuses(proprietaryornon proprietary).
rightsreserved
5. MMI/HMI
p
providestheapparatuswhichpresentsrealtimeprocessdata
pp p p
toahumanoperator.
displaysinformationinaneasytounderstandgraphicsform.
archivesthedatareceivedandrepresentthatdataonthe
screenintheformofvisualizationforoperatorassistance.
transmitsalarmsandtheircontrollingwithnecessaryactions.
transmits alarms and their controlling with necessary actions
permitsoperatorcontrolas&whenrequired.
alsosupportsmultiplescreens,whichcancontain
pp p ,
combinationsofsynopticdiagramsandtext.
rightsreserved
Chapter # 5:
C
Analog
g & Digital
g I/O Field Devices
rightsreserved
1. Analog & Digital I/O Field Devices
Fielddevices
Smalldedicateddevicesthatarehardenedfor
industrialenvironments.
FForExampleSensors,Indicators,Motors,Actuators,
E l S I di M A
Conveyers,Switches,Relays,Valves,FlowMeters,Level
detectorsetc
TypesofFieldDevices
fourtypes:
1. Discrete/DigitalInputDevices
2. Discrete/DigitalOutputDevices
3. AnalogInputDevices
g p
4. AnalogOutputDevices
rightsreserved
Digital & Analog Sensors:
DigitalSensorsdetectconditionsthatare
reportedasanonoranoff.
p
AnalogSensorsmeasuremorecomplexsituations
Analog Sensors measure more complex situations
whereexactmeasurementisimportant.Notevery
alarmconditioncanberepresentedbyanon
andoff.
rightsreserved
Powering of Sensors
Twomethods:
Two methods:
1. Commercialpoweringmethod.
poweringupthedevicethroughavailablecommercial
powering up the device through available commercial
poweratremotesite.
unprotectedwayagainstapowersurge.
2. RTUpoweringmethod.
poweringupthedevicethroughRTU.
protectedfrompowersurgeduetosecure,
redundantpowersupply.
rightsreserved
Critical Thresholds and Alarms
generation
AlmostallSCADAsystemshaveanaloginputs
in one form or other so we will be able to
inoneformorother,sowewillbeableto
measureexactvalues.
rightsreserved
Contd
ForExample:
For Example:
measuringthetemperatureofaremotesite:
Asanexample,wesetup4differentthresholdvalues:
As an example we set up 4 different threshold values:
temperatureisbelow45degrees:notifytheNetwork
OperationsCentre(NOC)withamajoralarm(Heaternot
working).
working)
temperatureisbelow60degrees:notifytheNOCwithaminor
alarm(heaterisnotfunctioningatfullcapacity).
temperatureisabove90degrees:notifytheNOCwithaminor
t t i b 90 d tif th NOC ith i
alarm(airconditioningunitisnotfunctioningatfullcapacity)
temperatureisabove100degrees:notifytheNOCwitha
majoralarm(airconditioningunithasfailed)
j l ( i diti i it h f il d )
rightsreserved
CriticalThresholds
rightsreserved
Analog Parameters and Scaling
AdvancedSCADARTUusesanalogscalingtoconvertvoltage
readingstotheunitsweneed,suchasdegrees.
TheTop10SCADASensors:
1.
1 TTemperatureSensors.
S
2. HumiditySensors.
3. MotionSensors.
4
4. Liquid Level Detectors
LiquidLevelDetectors.
5. LiquidFlowSensors.
6. SmokeDetectors.
7
7. Door Sensors
DoorSensors.
8. PowerFailureSensors.
9. CurrentSensors.
10. GasSensors.
rightsreserved
Thermocouple
Adeviceusedtoconvertheatintoelectricalpower.
Verysimpleanddurabletemperaturesensors
measuresthetemperaturedifferencebetweentwopoints
comprised of two different materials joined at one end and
comprisedoftwodifferentmaterialsjoinedatoneendand
separatedattheother.
Theseparatedendsareconsideredtheoutput,andthey
generate voltage which is proportional to the heat, they are
generatevoltagewhichisproportionaltotheheat,theyare
measuringormonitoring.Thatis,thehotterthetemperature,
thehigherthevoltage.
Twocommonapplicationsofthermocouplesare
pp p
measuringhightemperature
andmonitoringthepresenceofapilotlight
rightsreserved
The Seebeck Effect
Itstatesthatatemperaturedifferencebetween
It states that a temperature difference between
twometalsemiconductorswillcreateelectricity.
Whenthesesemiconductorsformaloop,an
electriccurrentismade.
playsakeyroleinthefunctionofathermocouple
Whenathermocoupleisplacedbetweena
temperaturegradientbetweentwo
semiconductors,itbecomespartofthecircuit
d b f h
createdbytheSeebeck effect.
rightsreserved
Contd
usedtomeasuretheheatbetweentwopointsina
circuit
Industriesinwhichthermocouplesarecommonlyused
include heating and appliance safety; steel and iron
includeheatingandappliancesafety;steelandiron
manufacturing;generalmanufacturing;andelectrical
engineering.
When a thermocouple measures a temperature
Whenathermocouplemeasuresatemperature
gradient,itismeasuringthetemperaturedifference
betweentwosemiconductors.
Whenathermocouplemeasuresatemperature
When a thermocouple measures a temperature
gradient,itismeasuringthetemperaturedifference
betweentwosemiconductors.
rightsreserved
Advantages with Thermocouples
Capable
Capableofbeingusedtodirectlymeasure
of being used to directly measure
temperaturesupto2600oC.
Thethermocouplejunctionmaybegrounded
The thermocouple junction may be grounded
andbroughtintodirectcontactwiththe
material being measured
materialbeingmeasured.
Availableindifferentcombinationsofmetals
orcalibrations.
lib i
rightsreserved
Disadvantages with Thermocouples
Thermocouplerequirestwotemperaturestobemeasured,thejunctionat
the work end (the hot junction) and the junction where wires meet the
theworkend(thehotjunction)andthejunctionwherewiresmeetthe
instrumentationcopperwires(coldjunction).
Toavoiderrorthecoldjunctiontemperatureisingeneralcompensatedin
theelectronicinstrumentsbymeasuringthetemperatureattheterminal
bl k
blockusingwithasemiconductor,thermistor,orRTD.
h d h
Thermocouplesoperationsarerelativelycomplexwithpotentialsources
oferror.Thematerialsofwhichthermocouplewiresaremadearenot
g p g g
inertandthethermoelectricvoltagedevelopedalongthelengthofthe
thermocouplewiremaybeinfluencedbycorrosionetc.
Therelationshipbetweentheprocesstemperatureandthethermocouple
signal(millvolt)isnotlinear.
The calibration of the thermocouple should be carried out while it is in use
Thecalibrationofthethermocoupleshouldbecarriedoutwhileitisinuse
bycomparingittoanearbycomparisonthermocouple.
Ifthethermocoupleisremovedandplacedinacalibrationbath,the
outputintegratedoverthelengthisnotreproducedexactly.
rightsreserved
Thermocouple Types
Therearefour"classes"ofthermocouples:
Thehomebodyclass(calledbasemetal)
Theuppercrustclass(calledraremetalorpreciousmetal)
Theexoticclass(standardsanddevelopmentaldevices)
p
Therarifiedclass(refractorymetals)
1. ThehomebodiesaretheTypesE,J,K,NandT.
2. TheuppercrustistypesB,S,andR,platinum;alltovarying
pp yp , , ,p ; y g
percentages.
3. Theexoticclassincludesseveraltungstenalloythermocouples
usuallydesignatedasTypeW(something).
4. Rarefiedthermocouplesdonothavespecialalphacodes
assignedtothem,becausetheyaremuchlessfrequentlyused.
rightsreserved
Temperature
Range
Instrument Composition
p Accuracyy
R
Recommended
d d M i
Maximum
(oF) (oF)
Platinum 30%
Type B probes Rhodium (+)
2500-3100 - -
Platinum 6%
Rhodium ((-))
W5Re Tungsten
Type C probes 5% Rhenium (+)
3000-4200 - -
W26Re Tungsten
26% Rhenium (-)
1.8
1 8 tto 7 9oF or
7.9
0.4% of reading
Chromel (+)
Type E probes 32 to 1600 32 to 1650 above 32oF,
Constantan (-)
whichever is
greater
1.8
1 8 to 7 9oF or 0
7.9 0.4%
4%
Iron (+) of reading above
Type J probes 32 to 1336 -310 to 1832
32oF, whichever is
Constantan (-)
greater
1.8 to 7.9oF or 0.4%
Chromel (+) of reading above
Type K probes 32 to 2300 -418 to 2507
32oF,
F whichever is
Alumel (-)
()
greater
1.8 to 7.9oF or
0.4% of reading
Type M probes Nickel (+) above 32oF,
32-2250 -
Nickel (-) whichever is
greater
rightsreserved
Temperature
Range
Instrument Composition Accuracy
Recommended Maximum
(oF) (oF)
Nicrosil (+)
Type N probes 1200-2300 - -
Nisil (-)
2.5oF or 0.25%
Platinum 13%
of reading,
Type R probes Rhodium (+) 32 to 2700 32 to 3210
whichever is
Platinum (-)
greater
o
2.5 F or 0.25%
Platinum 10%
of reading,
Type S probes Rhodium (+) 32 to 2700 32 to 3210
whichever is
Platinum (-)
greater
0.9 to 3.6oF or
0.4% of reading
Copper (+)
Type T probes -299 to 700 -418 to752 above 32oF,
Constantan (-)
()
whichever is
greater
rightsreserved
Base Metal Thermocouples
Temperature
Range
Recommended Maximum
(oF) (oF)
1.8 to 7.9oF or
0.4% of reading
Chromel (+)
Type E probes 32 to 1600 32 to 1650 above 32oF,
Constantan (-)
whichever is
greater
1.8 to 7.9oF or 0.4%
Iron (+) of reading above
Type J probes 32 to 1336 -310 to 1832
32oF, whichever is
Constantan (-)
greater
1.8
1 8 to 7 9oF or 0
7.9 0.4%
4%
Chromel (+) of reading above
Type K probes 32 to 2300 -418 to 2507
32oF, whichever is
Alumel (-)
greater
Nicrosil (+)
Type N probes 1200-2300 - -
Nisil (-)
0.9 to 3.6oF or
0.4% of reading
Copper (+)
Type T probes -299 to 700 -418 to752 above 32oF,
Constantan (-)
whichever is
greater
rightsreserved
Base Metal Thermocouples
Maximum Temperature (oC)
Thermocouple
Continuous Spot
Copper-Constantan
Copper Constantan 400 500
Iron-Constantan 850 1,100
Chromel-Constantan 700 1,000
Chromel-Alumel 1,100 1,300
Nicrosil-Nisil 1,250 -
Tungsten-Molybdenum* 2,600 2,650
*Notusedbelow1250oC.
rightsreserved
Upper Crust Thermocouples
Temperature
Range
Recommended Maximum
o
( F) (oF)
Platinum 30%
Type B probes Rhodium (+)
2500-3100 - -
Platinum 6%
Rhodium (-)
2.5oF or 0.25%
Platinum 13%
of reading,
Type R probes Rhodium (+) 32 to 2700 32 to 3210
whichever is
Platinum (-)
greater
2.5oF or 0.25%
Platinum 10%
of reading,
Type S probes Rhodium (+) 32 to 2700 32 to 3210
whichever is
Platinum ((-))
greater
t
rightsreserved
Resistance Temperature Detectors (RTD)
temperature
temperaturesensorsthatcontainaresistor
sensors that contain a resistor
thatchangesresistancevalueasits
temperaturechanges.
RTDsofferseveraladvantages:
Awidetemperaturerange(50to500Cforthin
p g (
filmand200to850Cforwirewound)
Goodaccuracy(betterthanthermocouples)
Goodinterchangeability
Longtermstability
rightsreserved
RTD standards
TherearetwostandardsforplatinumRTDs:
There are two standards for platinum RTDs:
1. TheEuropeanstandard(alsoknownastheDIN
or IEC standard)
orIECstandard).
2. TheAmericanstandard.
rightsreserved
1. European/DIN/IEC standard
ConsideredtheworldwidestandardforplatinumRTDs.
Thecombinationofresistancetoleranceandtemperature
coefficientdefinetheresistancevs temperature
characteristicsfortheRTDsensor
RequireRTDtohaveanelectricalresistanceof100.00at
0Candatemperaturecoefficientofresistance(TCR)of
0.00385//Cbetween0and100C.
ClassAA(Formerly1/3B)=(0.1+0.0017*t)Cor100.00 0.04
at0C
ClassA= (0.15+0.002*t)Cor100.00 0.15 at0C
ClassB= (0.3+0.005*t)Cor100.00 0.3 at0C
Class1/10B=1/10(0.3+0.005*t)Cor100.00 0.03at0C
Tablecontainsaresistancevs.temperaturecurvefrom196to
p
600CwithresistancevaluesgivenforeverydegreeCelsius.
rightsreserved
rightsreserved
2. American standard
Has
Hasaresistanceof100.000.10at0
a resistance of 100 00 0 10 at 0C
Cand
and
atemperaturecoefficientofresistance(TCR)
of 0 00392 //C
of0.00392// Cnominal(between0and
nominal (between 0 and
100C).
Table include a resistance vs temperature curve
Tableincludearesistancevs.temperaturecurve
from100to457C,withresistancevalues
given every one degree Celsius
giveneveryonedegreeCelsius.
rightsreserved
rightsreserved
Actuators:
isamechanicaldevicethattakesenergy,usuallycreatedbyair,electricity,or
liquid,andconvertsthatintosomekindofmotion.
typicallyusedinmanufacturingorindustrialapplications
may be used in things like motors, pumps, switches, and valves.
maybeusedinthingslikemotors,pumps,switches,andvalves.
mostcommontypeofactuatorispoweredbyair thepneumaticcylinder,
alsoknownastheaircylinder:
air tightcylinders
airtight cylinders
typicallymadefrommetal
usetheenergyofcompressedairtomoveapiston.
usedinmanufacturingandassemblyprocesses.
Grippers,whichareusedinrobotics,useactuatorsdrivenbycompressedairtoworkmuchlike
humanfingers.
rightsreserved
Different Types of Actuators:
ManualActuators
employslevers,gears,orwheelstofacilitatemovement
HydraulicandPneumaticLinearActuators
oftensimpledeviceswithaminimumofmechanicalparts,usedon
linear or quarter turn valves
linearorquarterturnvalves.
Hydrauliclinearactuatorsuseacylinderandhydraulicfluidformotive
force.
Sufficientairorfluidpressureactsonapistontoprovidethrustina
p p p
linearmotionforgateorglobevalves.
oftenusedinhydraulictableliftsandhydrauliccablifts.
ElectricActuators
hasamotordrivethatprovidestorquetooperateavalve.
frequentlyusedonmultiturnvalvessuchasgateorglobevalves
rightsreserved
Contd...
CylindricalLinearActuators
Linearactuator(LiMax)
slimallcylindricalLinearactuatorwithMaximumforceratingand
amodulardesign
usesaninlinelayoutofmotor,planetarygearingandleadscrew
driver(orballscrew)toachieveahighforceratinginrelationto
thediameterofthebody.
cost
costeffective
effectivelinearactuatorofferingtheoptimum
linear actuator offering the optimum
price/performanceratio.
Integratedfullyadjustablelimitswitcheswithoptionalsafety
switch
Splashproof(IP65)option
S l h f (IP65) ti
Stainlesssteelresistscorrosion
Customizedversionstoorder
Specialstrokelengthsavailableonrequest
Special stroke lengths available on request
rightsreserved
Contd
LinearactuatorMini
basedontheeconomicminimumprinciple
useofpowerfulcoaxialmotorsenablestherequiredstrokeforce
tobeachievedusingaminimumamountofspace.
especiallyusefulforoperationwherespaceislimited.
especially useful for operation where space is limited
Integratedoptions
Manifoldoptionsinmodulardesign
p p (
Splashproof(IP65) )
Stainlesssteelprotectsagainstcorrosion(Mini0,01,1)
Functionaldesign
ExplosionproofinaccordancewithATEX95
rightsreserved
Chapter # 6:
Remote Terminal Unit (RTU)
rightsreserved
Remote Terminal Unit (RTU)
converts
convertstheelectricalsignalsfromthe
the electrical signals from the
equipmenttoitsdigitalvalueandthen
transmits to MTU
transmitstoMTU.
locatedattheremotesite.
WithintheRTUisthecentralprocessingunit
Wi hi h RTU i h l i i
(CPU)thatreceivesadatastream.
rightsreserved
RTU Developmental Stages
Remote
RemoteAccessProgrammableLogic
Access Programmable Logic
Controllers(RAPLC)
specificallydesignedforSCADAandData
specifically designed for SCADA and Data
AcquisitionapplicationstoreplaceRTUasan
advancedfeature.
checkssiteconditions.
re
reprograms
programsanytimefromanywhere.
anytime from anywhere.
generatesalarmorevent.
rightsreserved
Contd
TheMicroprocessorbasedRTUs
The Microprocessor based RTUs
MPsbasedRTUs,likeMTUs,cancontinuouslycollect,
p
processandstoredata,operatingindependentlyfrom
p g p y
theMTUthrough"intelligent"programming.
MPscanprovidesecurityandmonitoringofdoor
switches,heatandmotiondetectors.
MPbasedSCADAsystemcanreducethenumberof
man hours needed for on site visual inspections
manhoursneededforonsitevisualinspections,
adjustments,datacollectionandlogging.
rightsreserved
What to Look for in a SCADA RTU?
RTUshould:
RTU should:
beabletowithstandextremesoftemperatureand
humidity.
supportredundantbatterypower.
useredundantcommunicationportse.g.a
secondaryserialportorinternalmodemwillkeep
RTUonlineeveniftheLANfails.
haveNonvolatilememory(NVRAM)forstoring
have Non volatile memory (NVRAM) for storing
softwareorfirmware.
NVRAMretainsdataevenwhenpowerislost.
rightsreserved
Features of RTU
IfcommunicationwiththeMTUislost,aPLCbasedRTUcanoperatealonethrough"intelligent"
programming.
PLCsaremodularandcanprovideroomforfutureexpansionandgrowth.
ProgrammingforsecuritysensorscanbeintegratedintoPLCs
Nowaitingperiodtoreplaceelectricalcomponents.
Standardbuiltindiagnosticscancontinuouslymonitoranddisplayallstatusandfaultinformation
ineasytounderstandtext.
d d
TheHMI(HumanMachineInterface)softwarecanprovideextensive,onscreendocumentation
includingoperatorsmanual,wiringdiagrams,programs,etc.
PLCbasedSCADAsystemscanautomaticallygatherandreportdatanecessarytocomplywithlocal,
stateandfederalregulationsinformatsthatintegratewellwillMicrosoftExcel,AccessandWord.
g g
DatacollectedcanbestoredinthePLCandalsointheMTUsdatabaseprovidingamorerobust
reportingsystem.
TheSCADAsystemcankeepmanagersandoperatorsinformed24hoursadaythroughautomatic
email,paginganddialupcallfeatures.
Future upgrades and/or new installations of pumps,
Futureupgradesand/ornewinstallationsof pumps monitoringsystems,
monitoring systems levelandflowsensors
level and flow sensors
etc.,canbeeasilyintegratedintothesystem.
MultipleuserfeaturescaneasilybeintegratedintotheSCADAsystemthroughwebbased
technology.
rightsreserved
Benefits of RTU:
morereliableandcanrunwithoutdirectionfromthemastercontrol.
operatorscanseerealtimesystemtrouble.
numberofcustomercomplaints/inquiriescanbedrasticallyreduced.
Wearandtearonequipmentcanbereducedbycontinuouslymonitoring
levels.
levels
Thenumberofmanhoursfortroubleshootingand/ormaintenancecanbe
drasticallyreduced.
Laborcostscanbereducedthroughautomaticreportgenerating.
OperatingcostscanbereducedandgreaterROI(returnoninvestment)
canbeachievedbyusingaPLCbasedSCADAsystemcomparedtoa
proprietarysystem.
Compliance with local state & federal agencies is met easier
Compliancewithlocal,state&federalagenciesismeteasier.
useopenarchitecture,nonproprietaryproductsandprotocol.Pricelists
arepublishedtoeliminate"hostage",discriminatorypricefixing.
rightsreserved
Key Advantages of Using an Advanced RTU as
SCADA Sensor Integration Platform
Able
Abletocollectallthediscreteandanalogdata
to collect all the discrete and analog data
weneedatasingleonsiteRTU.
correctsnetworkthreatswithinsecondsdue
corrects network threats within seconds due
totheiridentificationrecordthroughRTU.
withstandsextremetemperaturesand
withstands extreme temperatures and
humidity.
compatiblewithalltypesofSensors.
compatible with all types of Sensors.
convertsrawdigitalvalueintoascalable
format, which is easy to understand.
format,whichiseasytounderstand.
rightsreserved
Chapter # 7:
Master Terminal Unit (MTU)
rightsreserved
Master Terminal Unit (MTU)
masterorheartofaSCADAsystem.
largercomputerconsolesthatserveasthecentral
processorfortheSCADAsystem.
provideahumaninterfacetothesystemand
provide a human interface to the system and
automaticallyregulatethemanagesysteminresponse
tosensorinputs.
locatedattheoperatorscentralcontrolfacility.
l t d t th t t l t l f ilit
initiatesvirtuallyallcommunicationwithremotesites
andinterfaceswithanoperator.
p
Datafromremotefielddevices(pumps,valves,alarms,
etc.)issenttotheMTUtobeprocessed,storedand/or
sent to other systems
senttoothersystems.
rightsreserved
General Architecture of SCADA System
y
having MTU
rightsreserved
Chapter # 8:
Communication Media & its Types
rightsreserved
Communication Media
CommunicationsbringRTUsinformationfromthe
variousplantorregionalRTUsitestoacentrallocation.
canalsooccasionallyreturnsinstructionstotheRTUs.
Communicationwithinaplantisconductedbydata
Communication within a plant is conducted by data
cable,wireorfiberoptic,whileregionalsystemsmost
commonlyutilizeradiolink.
internalcommunicationbetweenServerclientand
i t l i ti b t S li t d
serverserverisingeneralonpublishsubscribeand
eventdrivenbasisandusesaTCP/IPprotocol
DataserversarecommunicatedPLCs;eitherdirectlyor
vianetworksorfieldbuses(proprietaryornon
p p
proprietary).
y)
rightsreserved
Types of Communication Media
PrivateMediaTypes:
owned,licensed,operatedandservicedbytheuser.
PrivateWire
Wireless
SpreadSpectrumRadio:
licensefreeandavailabletothepublicinthe900MHzand5.8GHz
bands.
higherthefrequencyusedinthesystem,themore"lineofsight"it
hi h h f di h h "li f i h "i
becomes.
builtinerrorcorrection,encryptionandotherfeaturesthatmakethema
reliable,secureandlonglastingsolutionfornetworkcommunication.
MicrowaveRadio:
Mi R di
transmitsathighfrequenciesthroughparabolicdishesmounted
ontowersorontopofbuildings.
pointtopoint,lineofsighttechnology
pointtopoint lineofsight technology
rightsreserved
Contd
VHF/UHFRadio:
goodforupto30miles,
df l
electromagnetictransmissionwithfrequenciesof175MHz
450MGz900MHzreceivedbyspecialantennas.
needslicensefromtheFCC.
limitedtospecialgeographicalboundaries.
PublicMediaTypes:
customerpaysforonamonthlyorpertimeor
customer pays for on a monthly or per time or
volumeuse.
TelephoneCompany
localtelephonecompanycanprovideincluding:
local telephone company can provide including:
SwitchedLines,PrivateLeasedLines,DigitalData
Service,CellularandPCS/CDPD.
rightsreserved
Contd
SwitchedLines:
aredialupvoiceanddatatransmissionnetworksfurnishedbylocaltelephone
di l i dd i i k f i h db l l l h
company.
PrivateLeasedLines:
permanentlyconnected24hoursadaybetweentwoormorelocations.
usedforanalog(continuouslyvaryingsignal)datatransmission.
DigitalDataService:
privateleasedlinewithaspecialbandwidthusedtotransferdataatahigher
speedandlowererrorrate.
p
applicableforcomputertocomputerlinks.
Cellular:
equivalenttoSwitchedLineservicesoverlandlines.
PCS/CDPD:
PCS/CDPD
PersonalCommunicationServiceisprovidedbycellularcompaniesona
monthlyfeeortrafficvolumebasisandisusedwhencontinuous
communicationisneeded.
rightsreserved
Contd
OtherMediaTypes:
(WiFiSMR)
utilizesbroadbandwithhighdatarates.
usedina"timeshare"basistocommunicatebetweensitesofthe
system.
generallyrequiresadvancedprotocolslikeTCP/IPandnetwork
typeconnections.
(SatelliteGeosynchronous/LEO)
(Satellite Geosynchronous/LEO)
GeosynchronousSatellite'sorbitsaresynchronouswiththeearth's
orbitandremaininthesamepositionwithrespecttotheearth.
usehighfrequencytransmissionsreceivedbyparabolicdish
use high frequency transmissions received by parabolic dish
antennas.
LowEarthOrbit(LEO)satelliteshandoffsignalstoothersatellites
forcontinuouscoverageandlatencytimesarelessthan
geosynchronous satellites due to the lower orbit
geosynchronoussatellitesduetothelowerorbit.
rightsreserved
Chapter
p # 9:
Man Machine Interface (MMI)/
Human Machine Interface (HMI)
rightsreserved
MMI/ HMI
AtypicalSCADAsystemprovidesaHumanMachineInterface(HMI)
allowing the operator to visualize all the functions as the system is
allowingtheoperatortovisualizeallthefunctionsasthesystemis
operating.
ThegeneralMMI/HMIsystemshavefollowingpropertiesincommon:
fundamentallyaspecializedPCsystemrunningpowerfulgraphicandalarm
y p y gp g p
softwareprogramsknownasSCADAmastersoftware.
providestheapparatuswhichpresentsrealtimeprocessdatatoahuman
operator.
Displaysinformationinaneasytounderstandgraphicsform.
p y y g p
Archivesthedatareceivedandrepresentthatdataonthescreenintheform
ofvisualizationforoperatorassistance.
Transmitsalarmsandtheircontrollingwithnecessaryactions.
Permitsoperatorcontrolas&whenrequired.
Permits operator control as & when required
alsosupportsmultiplescreens,whichcancontaincombinationsofsynoptic
diagramsandtext.
rightsreserved
What is SCADA Master Software?
aamulti
multiuser
user,real
realtime
timeHMIsolution.
HMI solution
collectsallvaluabledatafromawidevarietyof
devices including control roomsscomputers,
devices,includingcontrolroom computers
MasterTerminalUnits(MTUs),RemoteTerminal
Units (RTUs), Programmable Logic Controllers
Units(RTUs),ProgrammableLogicControllers
(PLCs),andIntelligentElectronicDevices(IEDs).
softwarecontainsmultiplefeaturesthatuse
software contains multiple features that use
Ethernet,Intranet/Internet,anddialup
capabilities.
p
rightsreserved
Properties of SCADA Software
p
providesreportingofcomplexeventsthattracks
o des epo t g o co p e e e ts t at t ac s
combinationofsensorinputs;date/time
statementsandsoftcontrols.
automaticallysendsapageoremaildirectlyto
repairtechnicians.
filtersoutnuisance/nonessentialalarms.
supportsfuturegrowthforupto15years.
supportsmultipleprotocolsandequipment
types.
rightsreserved
Module 3
Module-3
Functions Performed by SCADA

FunctionsPerformedbySCADA
rightsreserved
Chapter # 10:
Overview of Functions
Performed by SCADA System
rightsreserved
Principles
p by
y which SCADA system
y
Works
SCADA
SCADAsystemworksonfollowingfour
system works on following four
principles
1.
1 Dataacquisition
Data acquisition
2. Networkeddatacommunication
3
3. Information reporting & Data Presentation
Informationreporting&DataPresentation
4. SystemControlfunctions
rightsreserved
1. Data Acquisition
For
ForDataAcquisition;sensorscanbeclassifiedas
Data Acquisition; sensors can be classified as
twotypes,eitherdiscreteoranalog.
Discrete
Discretesensorscollectinformationaboutsimple
sensors collect information about simple
events.
Analogsensorscanprovidemoredetailed
informationthatcanfallwithinarangeofvalues,
ratherthanapresent/notpresenttypeofsituation.
usefulinmeasuringenvironmentalfactors,suchas
f li i i t lf t h
temperatureandhumidity,batterylevels,fuellevels
etc
rightsreserved
2. Networked Data Communication
SCADAcommunicationsgenerallytakeplaceon
EthernetandIPoverSONET.
SCADAusesprotocolcommunicationmethods,so
input and output devices cannot interpret or create
inputandoutputdevicescannotinterpretorcreate
SCADAcommunicationsontheirown.
RTUsinterpretinformationfromattachedsensorsand
transmit it to the SCADA master (HMI)
transmitittotheSCADAmaster(HMI).
Inreturn,theRTUreceivescontrolcommandsinprotocol
formatfromtheSCADAmaster,andforwardsthese
commands to the appropriate control relays.
commandstotheappropriatecontrolrelays.
ThisallowstheSCADAmastertocontrolindividual
operationalprocessesthroughoutthenetworkfroma
singlelocation.
g
rightsreserved
3. Information Reporting & Data
P
Presentation
t ti
A
ASCADAsystempresentsdatatooperatorsvia
SCADA system presents data to operators via
theSCADAHMI(HumanMachineInterface).
Themastercontinuouslymonitorsallsensorsand
The master continuously monitors all sensors and
alertstheoperatorwhenthereisaChangeof
State (COS) event within the managed system.
State(COS)eventwithinthemanagedsystem.
Themasterpresentsacomprehensiveviewofthe
entire network of devices, and presents more
entirenetworkofdevices,andpresentsmore
specificinformation.
rightsreserved
4. System Control Functions
A
ASCADAsolutionwithcontrolfunctionscan
SCADA solution with control functions can
respondtoCOSeventsanywhereinthe
system by automatically issuing related user
systembyautomaticallyissuingrelated,user
specifiedcommands.
.Advancedsystemsalsoallowoverridingof
Advanced systems also allow overriding of
automaticcontrolsastheneedoccurs.
rightsreserved
How SCADA System Performs its
Pi i l
Principles
SCADAfunctionsareperformedbyseveralkindsofSCADAcomponents:
Sensors (eitherdigitaloranalog)andcontrolrelays
( h d l l ) d l l thatdirectlyinterfacewith
h d l f h
themanagedsystem.
Remotetelemetryunits(RTUs)aresmalldedicatedcomputerizedunits
deployedinthefieldatspecificsitesandlocationsthatarehardenedfor
outdoor use
outdooruse.
RTUsserveaslocalcollectionpointsforgatheringreportsfromsensorsanddelivering
commandstocontrolrelays.
SCADAMasterTerminalUnits(MTU)isoftenacomputingplatform,likeaPC,
which runs SCADA software
whichrunsSCADAsoftware.
ASCADAnetworkconsistsofoneormoreMasterTerminalUnits(MTUs),whichare
utilizedbyoperatorstomonitorandcontrolalargenumberofRemoteTerminalUnits
(RTUs).
Masterunitsprovideahumaninterfacetothesystemandautomaticallyregulatethe
managed system in response to sensor inputs
managedsysteminresponsetosensorinputs.
Thecommunicationsnetwork thatconnectstheSCADAmasterunittothe
RTUsinthefieldmonitoratyourremotesites
rightsreserved
Chapter # 11:
Data Acquisition
rightsreserved
Data Acquisition
The
Thelargenumbersofsensorscollectinput
large numbers of sensors collect input
dataforasystemtomeasuretheoutputlevels
ofasystemorprocess.
Theinformationcollectedbythesesensorsis
transferredtoRTUslocally,andthen
forwardedtotheSCADAmaster,where
reportsandalarmsarepresentedtothe
networkoperator;thisprocessisknownas
k hi i k
DataAcquisition.
rightsreserved
Chapter # 12:
Networked Data
Communication
rightsreserved
Networked Data Communication
SCADA
SCADAcommunicationsgenerallytakeplaceon
communications generally take place on
EthernetandIPoverSONET.
Toalleviatesecurityconcernswhentransporting
To alleviate security concerns when transporting
sensitivedata,communicationofdatashouldbe
done over internal LAN/WANs, not the public
doneoverinternalLAN/WANs,notthepublic
Internet.
SCADAusesprotocolcommunicationmethods,so
SCADA uses protocol communication methods, so
inputandoutputdevicescannotinterpretor
createSCADAcommunicationsontheirown.
rightsreserved
Working Mechanism of RTUs to
handshake with Sensors & SCADA
RTU
RTUisneededtoprovideaninterface
is needed to provide an interface
betweenthesensorsandtheSCADAnetwork.
RTUencodessensorinputsintoprotocol
RTU encodes sensor inputs into protocol
formatandforwardsthemtotheSCADA
master; in return the RTU receives control
master;inreturn,theRTUreceivescontrol
commandsinprotocolformatfromtheSCADA
master and transmits electrical signals to the
masterandtransmitselectricalsignalstothe
appropriatecontrolrelays.
rightsreserved
Chapter # 13:
Information reporting
p g & Data
Presentation
rightsreserved
Information reporting
The
Themastercontinuouslymonitorsallsensors
master continuously monitors all sensors
andalertstheoperatorwhenthereisa
ChangeofState
Change of State(COS)eventwithinthe
(COS) event within the
managedsystem.
Themasterpresentsacomprehensiveviewof
The master presents a comprehensive view of
theentirenetworkofdevices,andpresents
more specific information
morespecificinformation.
rightsreserved
Data Presentation
ArealSCADAsystempresentsdatatohuman
ea SC syste p ese ts data to u a
operatoroveraspecializedcomputerthatis
calledamasterstation,anHMI(HumanMachine
Interface)oranHCI(HumanComputerInterface).
f ) ( f )
Themastercontinuouslymonitorsallsensors
d t
dataandthenpresentitintheformofalertsto
d th t it i th f f l t t
operator;whenthereisanalarm.
Themasterpresentsacomprehensiveviewofthe
The master presents a comprehensive view of the
entiremanagedsystem,andpresentsmoredetail
inresponsetouserrequests.
p q
rightsreserved
Chapter # 14:
System Control
rightsreserved
Control
A
ASCADAsolutionwithcontrolfunctionscan
SCADA solution with control functions can
respondtoCOSeventsanywhereinthe
systembyautomaticallyissuingrelated,user
specifiedcommands.
SCADAsystemsautomaticallyregulateall
kindsofindustrialprocesses.
FullscaleSCADAsystemcanadjustthe
managedsysteminresponsetomultiple
inputs.
rightsreserved
M d l 5
Module-5
Working with PLC

WorkingwithPLC
rightsreserved
Chapter # 23:
Components of PLC
rightsreserved
PLC Background
microprocessor
microprocessorbaseddevice
based device
consistoftheCPU,MemoryandI/Odevices
hasaconnectionfortheProgrammingand
has a connection for the Programming and
MonitoringUnit,PrinterandProgramRecorder.
unitsofruggeddesignforanindustrialsetting
it f dd i f i d t i l tti
shieldedforimprovedelectricalnoiseimmunity
modular,allowingeasyreplacementandaddition
ofunits.
rightsreserved
PLC Components
PLCs spanawiderangeofsizes,butallcontain
span a wide range of sizes but all contain
sixbasiccomponents:
Rack/ChassisorMounting;
Rack/Chassis or Mounting;
PowerSupply;
ProcessororCentralProcessingUnit(CPU);
Processor or Central Processing Unit (CPU);
Memory;
Input/Outputassembly;
I t/ O t t bl
programmingunit,device,orPC/software
rightsreserved
Figure: PLC Components
rightsreserved
1. Chassis /Rack Assembly
RackAssembly
Rack Assembly
IndividualcomponentslikeCPU,Input/Output,
Power Supply etc are modules that are held
PowerSupplyetcaremodulesthatareheld
togetherwithinarack.
Chassis/Brick
Chassis/Brick
InsmallerPLCsystemsallofthesecomponents
may be contained in a single housing known as
maybecontainedinasinglehousingknownas
Chassisorbrick.
rightsreserved
2. Power Supply
provides
providesinternalDCcurrenttooperatethe
internal DC current to operate the
processorlogiccircuitryandinput/output
assemblies.
assemblies
providespowerforthePLCsystem
Commonpowerlevelsusedare24VDCor120
C l l d 24V DC 120
VAC.
rightsreserved
3. Processor (CPU)
Brain"
Brain ofthePLC.
of the PLC
CPUusedinPLCsystemisastandardCPU
present in many other microprocessor
presentinmanyothermicroprocessor
controlledsystems.
ChoiceoftheCPUdependsontheprocessto
Ch i f h CPU d d h
becontrolled.
rightsreserved
4. Memory
MemoryinaPLCsystemisdividedinto
Memory in a PLC system is divided into
programmemorywhichisusuallystoredin
EPROM/ROM
andtheoperatingmemory
TheRAMmemoryisnecessaryfortheoperation
The RAM memory is necessary for the operation
oftheprogramandthetemporarystorageof
inputandoutputdata
p p
rightsreserved
Communication Module
ModernPLCs provideEthernetconnection(Fast
Ethernet,IndustrialEthernet)tothenetwork
PLCs stillprovideSerialbasedconnectivitythatis
relatively slow ( RS 232, RS 485)
relativelyslow(RS232,RS485)
MasterPLCmayhaveEthernetwhileslaveRTUs may
beconnectedviaRS485totheMasterPLC
Ethernet/modem
Eth t/ d
Forcommunicationwithremotecomputers.
Takesinputsfromanencoderandtracksposition.
ASCIImodem
ASCII d
AddsaSerialportforcommunicatingwithstandardserialports
RS232/422.
rightsreserved
5. Input/output Module
Inputs
Inputscarrysignalsfromtheprocessintothe
carry signals from the process into the
controller,theycanbeinputswitches,
pressuresensors,operatorinputs,etc.These
arelikethesensesandsensorsofthePLC.
OutputsarethedevicesthatthePLCusesto
sendchangesouttotheworld.Thesearethe
actuatorthePLCcanchangetoadjustor
controltheprocess
l h motors,lights,relays,
li h l
pumps,etc.
rightsreserved
6. Programming Device
MostmodernPLCs areprogrammedusingsoftwareon
aPCorlaptopcomputer.Oldersystemsusedacustom
programmingdevice.
Thereareafewbasictypesofprogrammersinuse:
There are a few basic types of programmers in use:
PLCSoftwareforPersonalComputers: Similartothe
specializedprogrammingunits,butthesoftwarerunsona
multiuse,
multi use,usersuppliedcomputer.
user supplied computer.
Handheldunits(orintegrated): Allowprogrammingof
PLCusingacalculatortypeinterface.Oftendoneusing
mnemonics.
Specializedprogrammingunits: Effectivelyaportable
computerthatallowsgraphicaleditingoftheladderlogic,
andfastuploading/downloading/monitoringofthePLC.
p g g g
rightsreserved
PLC Operation
ThePLCoperatesinternallyinawayverysimilarto
computers
Theinputsarecontinuouslymonitoredandcopied
from the I/O module into RAM memory which is
fromtheI/OmoduleintoRAMmemorywhichis
dividedintotheinputandoutputsections.
TheCPUstepsthroughthecontrolprograminanother
section of the memory and fetches the input variables
sectionofthememoryandfetchestheinputvariables
fromtheinputRAM.
Dependingontheprogramandthestateofinputs,the
outputRAMisfilledwiththecontrolvariableswhich
RAM i fill d i h h l i bl hi h
arethencopiedintotheI/Omodulewherethey
controltheprocesses.
rightsreserved
Intro to PLC Programming
PLC
PLCisaprogrammabledevice,whichmakesit
is a programmable device, which makes it
possible,unlikeintherelaylogic,toeasily
designandmodifythecontrolprogramor
processwithoutanychangesinthewiring(no
hardwaremodifications).
TomaketheprogrammingofthePLCsystems
easyandefficient,industrystandardsdefining
theprogrammingapproachandthe
h i h d h
programminglanguagesusedwereadopted.
rightsreserved
Chapter # 24:
PLC Selection Parameters
rightsreserved
Selecting a PLC
TheprocessofselectingaPLCcanbebrokenintothestepslistedbelow:
Understandtheprocesstobecontrolled
Listthenumberandtypesofinputsandoutputs.
List the number and types of inputs and outputs
Determinehowtheprocessistobecontrolled.
Determinespecialneedssuchasdistancebetweenpartsoftheprocess.
Ifnotalreadyspecified,asinglevendorshouldbeselected.Factorsthatmightbe
considered are:
consideredare:
Manualsanddocumentation
Supportwhiledevelopingprograms
Therangeofproductsavailable
Supportwhiletroubleshooting
pp g
Shippingtimesforemergencyreplacements
Training
Thetrackrecordforthecompany
Businesspractices(billing,upgrades/obsoleteproducts,etc.)
Plantheladderlogicforthecontrols
Counttheprograminstructions,instructiontimingsandmemoryrequiredforeach
instruction
LookforspecialprogramneedsandcheckthePLCmodel.(e.g.PID)
Estimatethecostforsuitablehardware,programmingsoftware,cables,manuals,
training,etc.,oraskforaquotefromavendor.
rightsreserved
Selecting Parameters
Number&Typeoflogicalinputsoroutputs
Determine whetherthetypeisDigitalorAnalog/InputorOutput
whether the type is Digital or Analog / Input or Output
determinethenumbersofInputsandoutputvaluesrequiredforaparticularprocess
Memory
Memoryneedisdictatedbysizeofladderlogicprogram/instructionsthatneedstobeburninPLC
Aladderelementwilltakeonlyafewbytes,andwillbespecifiedinmanufacturersdocumentation.
y y , p
ScanTime
Theshorterbethescantime,thehigherwillbethecost&viceversa.
Typicalvaluesforthisare1microsecondpersimpleladderinstruction.
C
Communications
i ti
SerialorNetworkedcommunicationallowsthePLCtobeprogrammedandtalktootherPLCs.
Software
Availabilityofprogrammingsoftware
Typical Parameters for CPU
TypicalParametersforCPU
TypicalparametersforCPUmoduleofaPLCare:
Inputscantime
Outputscantimes
Housekeeping
Overheadmemoryforcontroller
rightsreserved
Chapter # 25:
PLC Programming using GCL
rightsreserved
What Is GCL?
GCL
GCL(GraphicConditionLogic)givesEthernet
(Graphic Condition Logic) gives Ethernet
I/Omodulescontrolability.
Userscandefinethecontrollogicrules
Users can define the control logic rules
throughgraphicalconfigurationenvironment
inADAM.NETUtility,anddownloaddefined
logicrulestospecificADAM6000EthernetI/O
module.
Ethernetmodulewillexecutethelogicrules
automaticallyjustlikeastandalonecontroller.
rightsreserved
IIntheconfigurationenvironmentofADAM.NETUtility,4graphic
th fi ti i t f ADAM NET Utilit 4 hi
iconsshowthe4stagesofonelogicrule:InputLogic,Execution
andOutput.
rightsreserved
GCL: A Complete Graphical Configuration
E i
Environment t
AdvantechGCLprovidesacompletegraphicalconfigurationutility,which
isveryintuitivetouse.
Bysimplyclickingtheicons,allrelatedconfigurationscanbedonethrough
thepopupdialogwindow.
WhenusersdefinethedestinationofOutputstage(suchasdigitaloutput,
analogoutput,counterandpulseoutput),userscanchooseeitheralocal
moduleorremotemoduleastarget,asshown:
rightsreserved
GCL Cascade Logic
userscandefinecomplexlogicarchitecturetosatisfy
p g y
variousapplicationrequirements.
rightsreserved
GCL Distributed Cascade Logic
Userscanassignotherruleasoutputofonelogicrule.
SeveralEthernetI/Omodulescanbeintegratedintoonecomplete
logicsystem.
rightsreserved
GCL Feedback Function
Userscanassigninputandoutputoflogicruletothesameinternalregister,
allowing GCL feedback
allowingGCLfeedback.
Intheexamplebelow,the3rdinputandthe3rdoutputaremappedtothesame
internalregister,sotheoutputvaluewilltransferbacktotheinput.
rightsreserved
Advantages of GCL
GCLdeliversvarietyofinputandoutputoptions.
Processingtimeisfast.
GCLprovideslinearscalingfunctiontoconvertmeasured
voltage/current value to its engineer unit value.
voltage/currentvaluetoitsengineerunitvalue.
AfteruserscompleteallGCLconfigurationsinADAM.NET
Utility,theycansimplyclickthe"RunMonitoring"button
users
userscanseereal
can see realtime
timeexecutionworkflowoflogicruleon
execution workflow of logic rule on
ADAM6000modules.
InGCL,youcandefineyourcustomizedmessage.When
conditions are satisfied, message, module'ssIPandI/O
conditionsaresatisfied,message,module IP and I/O
statuswillbesenttodefinedPCordevice.
InGCL,youcanreadthelocalDOchannelstatusanduseit
in the input condition. So you can define logic rule based on
intheinputcondition.Soyoucandefinelogicrulebasedon
localDOstatus.
rightsreserved
Chapter # 26:
PLC Programming
g g usingg Ladder
Logic
rightsreserved
Introduction
The
Thefollowingisalistofthebasicinstructions
following is a list of the basic instructions
inSLC500:
1.
1 XIC ExamineifClosed
XIC Examine if Closed
2. XIO ExamineifOpen
3
3. OTE OutputEnergize
OTE Output Energize
4. OTL OutputLatch
5
5. OTU OutputUnlatch
OTU O t tU l t h
6. OSR OneShotRising
rightsreserved
1. XIC Examine if Closed
Symbol
Definition
ExaminesabitforanOncondition
Examines a bit for an On condition
UsetheXICinstructioninyourladderlogictodetermineifabitisON.
0=False
1=True
Devices
Start/Stoppushbuttons
Selectors
Limit switch
Limitswitch
Proximityswitch
Light
Internalbit
rightsreserved
2. XIO Examine if Open
Symbol
Definition
Examinesabitforanoffcondition.
Examines a bit for an off condition
UseanXIOinstructioninyourladderlogictodetermineifabitifoff.
1=True
0=False
Devices
Start/Stoppushbuttons
Selectors
Limit switch
Limitswitch
Proximityswitch
Light
Internalbit
rightsreserved
3. OTE Output Energize
Symbol
Definition
D fi iti
Turnsabitonoroff
UseOTEinstructioninyourladderlogictoturnonabit
y g
whenrungconditionisevaluatedastrue.
Devices
Light
Light
Motorrunsignal
Internalbits
rightsreserved
4. OTL Output Latch
Symbol
Definition
Turns
Turnsabitonwhentherungisexecuted,andthisbitretainsitsstatewhen
a bit on when the rung is executed and this bit retains its state when
therungisnotexecutedorapowercyclepoweroccurs.
OTLisaretentiveoutputinstruction.OTLcanonlyturnonabit.This
instructionisusuallyusedwithOTUwithbothOTLandOTUaddressingthe
same bit
samebit.
LadderlogiccanexamineabitcontrolledbyOTLasoftenasnecessary.
WhenyouassignanaddresstotheOTLinstructionthatcorrespondstothe
addressofaphysicaloutput,theoutputdevicewiredtothescrewterminalis
energized when the bit is set When rung conditions become false the bit
energizedwhenthebitisset.Whenrungconditionsbecomefalse,thebit
remainssetandthecorrespondingoutputdeviceremainsenergized.
Actuatingthelatchinputturnsthefunctiononorcausesittochangestate.
Thefunctionthenstaysonevenifthelatchinputisturnedoff.Toturnthe
function off, another input must unlatch which turns the function off.
functionoff,anotherinputmustunlatchwhichturnsthefunctionoff.
rightsreserved
5. OTU Output Unlatch
Symbol
Definition
Turns
Turnsabitoffwhentherungisexecuted,andthisbitretainsitsstatewhen
a bit off when the rung is executed and this bit retains its state when
therungisnotexecutedorwhenpowercycleoccurs.
OTUisaretentiveoutputinstruction.OTUcanonlyturnoffabit.This
instructionisusuallyusedwithOTLwithbothOTLandOTUaddressingthe
same bit
samebit.
LadderlogiccanexamineabitcontrolledbyOTUasoftenasnecessary.
WhenyouassignanaddresstotheOTUinstructionthatcorrespondstothe
addressofaphysicaloutput,theoutputdevicewiredtothescrewterminalis
deenergized
de energizedwhenthebitiscleared.
when the bit is cleared
Theunlatchinstructiontellsthecontrollertoturnofftheaddressedbit.
Thereafter,thebitremainsoff,regardlessoftherungcondition,untilitis
turnedon.
rightsreserved
6. OSR One
One-Shot
Shot Rising
Symbol
Definition
Triggersaonetimeevent.
TheOSRinstructionisaretentiveinputinstructionthattriggers
an event to occur only one time Use the OSR instruction when
aneventtooccuronlyonetime.UsetheOSRinstructionwhen
aneventmuststartbasedonchangeofstateoftherungfrom
falsetotrue.
Whentheinputinstructiongoesfromfalsetotrue,theOSR
instructionconditionstherungsothattheoutputgoestruefor
onescan.Theoutputgoesfalseandremainsfalseforsuccessive
scansuntiltheinputmakesanotherfalsetotruetransition.
rightsreserved
Implementations
XICExamine
XIC ExamineifClosed,XIO
if Closed XIOExamine
ExamineifOpen,
if Open
andOTEOutputEnergize:
UsetheXICinstructioninyourladderlogicto
Use the XIC instruction in your ladder logic to
determineifabitisON.
UseanXIOinstructioninyourladderlogicto
Use an XIO instruction in your ladder logic to
determineifabitifoff.
UseOTEinstructioninyourladderlogictoturnon
Use OTE instruction in your ladder logic to turn on
abitwhenrungconditionisevaluatedastrue.
rightsreserved
Contd
constructionasimplecircuitwithoneswitchasacontactandoneoutput
asacoil.Whentheswitchisonthelightwillgoonandwhentheswitchis
offthelightwillturnoff.
Input/Output
SwitchI:1.0/0
LightO:2.0/0
LadderLogicSolution
WhentheswitchisontheinputAddress:I:1.0/0willbeonandhencetherungwillbe
energizedhencetheoutputsonaddressO:2.0/0willbeenergizeandthelightwillgoon.
rightsreserved
Contd
OSR OneShotRisingg
Triggersaonetimeevent.
TheOSRinstructionisaretentiveinputinstructionthattriggersaneventto
occuronlyonetime.UsetheOSRinstructionwhenaneventmaststartbased
onchangeofstateoftherungfromfalsetotrue.
Whentheinputinstructiongoesfromfalsetotrue,theOSRinstruction
conditionstherungsothattheoutputgoestrueforonescan.Theoutputgoes
f l
falseandremainsfalseforsuccessivescansuntiltheinputmakesanotherfalse
d i f l f i til th i t k th f l
totruetransition.
Inthisexamplewehaveonebuttonandalight.Firsttimewepressonthe
button the light will go on and the second time we press the button, In other
buttonthelightwillgoonandthesecondtimewepressthebutton,Inother
wordwewantthisbuttontoworkexactlylikeatogglebutton.
Input/Output
SwitchI:1.0/6
LightO:2.0/6
rightsreserved
Ladder Logic Solution
FirstTimewepushthebutton.
First Time we push the button
FirstScan:
When
WhenthepushbuttonispressedtheLIGHT_OSRwill
the push button is pressed the LIGHT OSR will
energizetherungONLYforonescanandduringthat
scantheLIGHT_ONSwillbeenergized.
Rung0SecondScan:
Whetherthebuttonispressedornot,theLIGHT_OSR
willnotpassthesignalandhencetheLIGHT_ONSwill
ill t th i l d h th LIGHT ONS ill
NOTbeenergized.
rightsreserved
Contd
FirstScan:
First Scan:
LIGHT_ONSisonandthelightitselfisnotonso
the rung will be energized and the output light will
therungwillbeenergizedandtheoutputlightwill
ON.
Rung1SecondScan:
LIGHT_ONSisoff,LIGHTisonsothelightwillstayenergized.
rightsreserved
Contd
SecondTimewepushthebutton.
p
FirstScan:
WhenthepushbuttonispressedtheLIGHT_OSRwill
energize the rung ONLY for one scan and during that scan
energizetherungONLYforonescanandduringthatscan
theLIGHT_ONSwillbeenergized.
SecondScan:
Whether
Whetherthebuttonispressedornot,theLIGHT_OSRwill
the button is pressed or not, the LIGHT OSR will
notpassthesignalandhencetheLIGHT_ONSwillNOTbe
energized.
Secondtimewepressthebuttonrung0willreactexactly
thesamewayasthefirsttimewepressedthebutton.The
h h f d h b h
differencewillbeintherung1.
rightsreserved
Cond
FirstScan:
First Scan:
LIGHT_ONSisonandthelightisofsotherungwill
be deenergized
bede energizedandtheoutputlightwillgooff.
and the output light will go off
SecondScan:
LIGHT_ONSisoffLIGHTisoffsothelightwillstay
LIGHT ONS is off LIGHT is off so the light will stay
deenergized.
rightsreserved
Implementation of OTL - Latch / OTU -
U l t h
Unlatch
Turnsabitonwhentherungisexecuted,andthisbitretainsitsstate
when the rung is not executed or a power cycle power occurs
whentherungisnotexecutedorapowercyclepoweroccurs.
OTLisaretentiveoutputinstruction.OTLcanonlyturnonabit.This
instructionisusuallyusedwithOTUwithbothOTLandOTUaddressing
thesamebit.
LadderlogiccanexamineabitcontrolledbyOTLasoftenasnecessary.
WhenyouassignanaddresstotheOTLinstructionthatcorrespondsto
theaddressofaphysicaloutput,theoutputdevicewiredtothescrew
terminal is energized when the bit is set When rung conditions become
terminalisenergizedwhenthebitisset.Whenrungconditionsbecome
false,thebitremainssetandthecorrespondingoutputdeviceremains
energized.
Actuatingthelatchinputturnsthefunctiononorcausesittochange
state The function then stays on even if the latch input is turned off To
state.Thefunctionthenstaysonevenifthelatchinputisturnedoff.To
turnthefunctionoff,anotherinputmustunlatchwhichturnsthefunction
off.
rightsreserved
Contd
Example
p
Inthisexampleweneedtostart/stopthemotor.
Whenthestartbuttonispushedwewanttostartthe
motor, and when the stop button is pushed we want
motor,andwhenthestopbuttonispushedwewant
tostopthemotor.Mindyouwhenyouthepush
buttonsispushedtheinputwillgoonaslongasthe
bu o s pus ed o e se
buttonispushedotherwiseitwillgooff.
go o
Input/Output
StartButtonI:1.0/1
StopButtonI:1.0/2
MotorO:2.0/1
rightsreserved
Contd
LadderLogicSolution
Theimportantpartinthisexampleistokeepthe
signalonevenwhentheoperatorreleaseshisfinger
g p g
fromthepushbutton.Wewilllatchtheinputsignal
forbothstartandstop.
BypressingthestartpushbuttontheinputI:0/1will
beonandhencebitB3:0/0willbeOntoo.Oncethe
operator release the start button The start button
operatorreleasethestartbutton.Thestartbutton
inputsignalwillgoOffbutB3:0/0willstayon.Thisbit
willstayonaslongastheStopbuttonisnotpushed.
rightsreserved
Oncethestopbuttonispushedtherungwillevaluatetotrueandhencethe
OTU(unlatch)instructionwillkickinandreleasethebitB3:0/0.
When bit B3:0/0 is on or off; the motor will be energized or deenergized

WhenbitB3:0/0isonoroff;themotorwillbeenergizedorde energized
rightsreserved
Chapter # 27:
Implementation
p of Counters,,
Timers & Totalizers
rightsreserved
Ladder Logic Counters
Counters
Countersareusedtoindex,incrementor
are used to index increment or
decrementvalues.
Thefollowingisalistofcounterinstructionsin
The following is a list of counter instructions in
SLC500:
CTU
CTU CountUp
C tU
CTD CountDown
RES Reset
rightsreserved
CTU Count UP
Symbol
Definition
IIncrementstheaccumulatedvalueateachfalsetotrue
t th l t d l t hf l t t
transitionandretainstheaccumulatedvaluewhenthe
instructiongoesfalseorwhenpowercycleoccurs.
TheCTUisaninstructionthatcountsfalsetotrue
The CTU is an instruction that counts false to true
transition.Whenthistransitionhappenstheaccumulated
valueisincrementedbyonecount.
ACTUaccumulationisresetbytheRESinstruction.
A CTU accumulation is reset by the RES instruction
Iftheaccumulationvalueisoverthemaximumrangethen
theoverflow(OV)bitwillbetrue.
rightsreserved
Contd
Eachcounteraddressismadeofa3wordelement.
Word1isthecontrolword
d h l d
Bit07:InternalUse
Bit10:UA Updateaccumulationvalue.
Bit11:UN Underflowbit.
Bit 12 OV Overflowbit.
Bit12:OV O fl bit
Bit13:DN Done
Bit14:CD Countdownisenabled.
Bit15:CU Countupisenabled.
Word2storesthepresetvalue.(PRE)
Word 2 stores the preset value (PRE)
Specifiesthevalue,whichthecountermustreachbeforethecontrollersetsthedonebit.
Whentheaccumulatorvaluebecomesequaltoorgreaterthanthepresetvalue,the
donestatusbitisset.Youcanusethisbittocontrolanoutputdevice.
Presetvalueisfrom32,768to32,767
Ifatimerpresetvalueisnegativeanerrorwilloccur.
Word3storestheaccumulatedvalue.(ACC)
Thisisthenumberoftimesoffalsetotruetransitionsthathaveoccurredsincethe
counterwaslastrest.
rightsreserved
CTD Count Down
Symbol
Definition
Definition
Decrementstheaccumulatevalueateachfalsetotrue
transitionandretainstheaccumulatedvaluewhenthe
instructiongoesfalseorwhenpowercycleoccurs.
TheCTDisaninstructionthatcountsfalsetotruetransition.
Whenthistransitionhappentheaccumulatedvalueis
decrementsbyonecount.
ACTDaccumulationisresetbytheRESinstruction.
A CTD l i i b h RES i i
Iftheaccumulationvalueisbelowtheminimumrangethenthe
underflow(UN)bitwillbetrue.
rightsreserved
Contd
Eachcounteraddressismadeofa3wordelement.
d h l d
Bit07:InternalUse
Bit10:UA Updateaccumulationvalue.
Bit11:UN Underflowbit.
Bit 12 OV Overflowbit.
Bit12:OV O fl bit
Bit13:DN Done
Bit14:CD Countdownisenabled.
Bit15:CU Countupisenabled.
Word 2 stores the preset value (PRE)
Specifiesthevalue,whichthecountermustreachbeforethecontrollersetsthedone
bit.Whentheaccumulatorvaluebecomesequaltoorgreaterthanthepresetvalue,the
donestatusbitisset.Youcanusethisbittocontrolanoutputdevice.
Presetvalueisfrom32,768to32,767
, ,
rightsreserved
RES Reset
Sy
Symbol
bo
Definition
Resetstheaccumulatedvalueandstatusbitofatimer
orcounter.
UseaRESinstructiontoresettimersorcounters.
WhentheRESinstructionisenabled,itresetsthe
Timer On Delay, Retentive Timer, and Counter Up,
TimerOnDelay,RetentiveTimer,andCounterUp,
CounterDowninstructionhavingthesameaddressas
theRESinstruction.
rightsreserved
Ladder Logic Count Up Instruction
Incrementstheaccumulatedvalueateachfalse
totruetransitionandretainstheaccumulated
valuewhentheinstructiongoesfalseorwhen
power cycle occurs
powercycleoccurs.
TheCTUisaninstructionthatcountsfalsetotrue
transition.Whenthistransitionhappensthe
accumulatedvalueisincrementedbyonecount.
ACTUaccumulationisresetbytheRES
instruction.
instruction
Iftheaccumulationvalueisoverthemaximum
g ( )
rangethentheoverflow(OV)bitwillbetrue.
rightsreserved
Contd
Example1
a pe
Countthenumberoftimesaswitchgoesfromoff
g
toon.Oncewereachacountof10energizea
light.Weshouldalsohaveabuttontoresetthe
counter.
Input/Output
InputI:1.0/0
LightO:2.0/0
ButtonI:1.0/1
rightsreserved
When C5:0.DN is true then the light will go on.

WhenInputgoesfromofftoonthecounterC5:0.Accwillincrementbyone.
WhenAccisequaltopresetthenC5:0.DNwillbetrue.
WhenC5:0.DNistruethenthelightwillgoon.
OncethebuttonispressedthecounterC5:0.Accwillberesettozero.Hence
thecounterwillstartover.
rightsreserved
Ladder Logic Count Down Instruction
Decrementstheaccumulatevalueateachfalseto
truetransitionandretainstheaccumulatedvalue
whentheinstructiongoesfalseorwhenpower
cycle occurs
cycleoccurs.
TheCTDisaninstructionthatcountsfalsetotrue
transition.Whenthistransitionhappenthe
accumulatedvalueisdecrementsbyonecount.
ACTDaccumulationisresetbytheRES
instruction.
instruction
Iftheaccumulationvalueisbelowtheminimum
g ( )
rangethentheunderflow(UN)bitwillbetrue.
rightsreserved
Ladder Logic Solution RESET
WhenInputgoesfromofftoonthecounterAccvaluewill
d
decrementby1.WhentheAcc>=Presetthenthebitdonewillbe
t b 1 Wh th A P t th th bit d ill b
true;hencethelightwillgoon.
WhenInputgoesonthecounterAccvaluewilldecrementby1.When
theAcc<Presetthenthebitdonewillbefalse,hencethelightwillgo
off.
rightsreserved
Contd
Whenthebuttonispressedthiswillenergizetherungforonly
p g g y
onescanandsoresettingthecounter.ThiswillresettheAcc
valueto0.
rightsreserved
Ladder Logic Timers
Timers
Timersgivestheprecisionintime.Timerondelay
gives the precision in time Timer on delay
startstimingwheninstructionistrue.Timersare
usedtotracktimewheninstructionareonoroff.
Theycouldalsokeeptrackonaretentivebase.
Definition
ThefollowingisalistoftimerinstructionsinSLC500:
TON TimerOnDelay y
TOF TimerOffDealy
RTO RetentiveTimer
rightsreserved
TON Timer On Delay
Symbol
Definition
Counttimebaseintervalswhentheinstructionistrue.
TheTimerOnDelayinstructionbeginstocounttimebaseintervalswhenrungconditionsbecometrue.Aslongas
rungconditionsremaintrue,thetimeradjustitsaccumulatedvalue(ACC)eachevaluationuntilitreachesthe
presetvalue(PRE).Theaccumulatedvalueisresetwhenrungconditionsgofalse,regardlessofwhetherthetimer
hastimedout.
E h Ti
EachTimeronDelayismadeofa3wordelement.
D l i d f 3 d l t
Bit012:InternalUse
Bit13:Done(DN)thisbitisonwhentheAccumulationvalue>=PresetValue
Bit14:TimerTiming(TT)thisbitisonwhenthetimeristiming
Bit15:Enabled(EN),thisbitisonwhenthetimerisenergized.
i bl d ( ) hi bi i h h i i i d
Theprogrammerspecifiesthisvalue.Whentheaccumulatedtimereachesthepresetvaluethecontrollersetsthe
donebit.Whentheaccumulatedvaluebecomesequaltoorgreaterthanthepresetvalue,thedonebitisset.
Usuallypresetvalueisfrom0 32,767
If a timerpreset value is negative an error will occur
Thisisthetimeelapsedsincethetimerwaslastreset.Whenenabledthetimerupdatesthiscontinually.
TimeBase:isthetimingupdateinterval,thiscanvaryfrom0 1second.
rightsreserved
TOF Timer Off Delay
Symbol
Definition
Countstimebaseintervalswhentheinstructionisfalse.
TheTimerOffDelayinstructionbeginstocounttimebaseintervalswhentherungmakesatruetofalsetransition.
Aslongasrungconditionsremainfalse,thetimerincrementsitsaccumulatedvalue(ACCeachscansuntilit
reachesthepresetvalue(PRE).Theaccumulatedvalueisresetwhenrungconditionsgotrueregardlessof
whetherthetimerhastimedout.
E h ti
Eachtimeraddressismadeofa3wordelement.
dd i d f 3 d l t
Bit012:InternalUse
Bit13:DN Done
Bit14:TT TimerTiming
Bit15:EN
i Timerisenabled
i i bl d
Specifiesthevalue,whichthetimermustreachbeforethecontrollersetsthedonebit.Whentheaccumulated
valuebecomesequaltoorgreaterthanthepresetvalue,thedonebitisse.
Presetvalueisfrom0 32,767
If ti
t l i ti ill
rightsreserved
RTO Retentive Timer
Symbol
Definition
Countstimebaseintervalswhentheinstructionistrueandretainstheaccumulatedvaluewhentheinstructiongoesfalseor
whenpowercycleoccurs.
TheRetentiveTimerinstructionisaretentiveinstructionthatbeginstocounttimebaseintervalswhenrungconditions
becometrue.
TheRetentiveTimerinstructionretainsitsaccumulatedvaluewhenanyofthefollowingoccurs:
Rung conditions become false
Rungconditionsbecomefalse.
ChangingProcessormodefromREMrun/Test/programmode.
Theprocessorlosespowerwhilebatterybackupisstillmaintained.and afaultoccurs.
EachRetentiveTimerismadeofa3wordelement.
Bit012:InternalUse
Bit13:DN Done
Bit14:TT TimerTiming
Bit15:EN Timerisenabled
Specifiesthevalue,whichthetimermustreachbeforethecontrollersetsthedonebit.Whentheaccumulatedvalue
becomes equal to or greater than the preset value the done bit is se
becomesequaltoorgreaterthanthepresetvalue,thedonebitisse.
Presetvalueisfrom0 32,767
g p y
rightsreserved
Ladder Logic Timer On Delay
I t ti
Instruction
Cou
Counttimebaseintervalswhentheinstructionis
t t e base te a s e t e st uct o s
true.
y g
TheTimerOnDelayinstructionbeginstocount
timebaseintervalswhenrungconditionsbecome
true.Aslongasrungconditionsremaintrue,the
ti
timeradjustitsaccumulatedvalue(ACC)each
dj t it l t d l (ACC) h
evaluationuntilitreachesthepresetvalue(PRE).
Theaccumulatedvalueisresetwhenrung
The accumulated value is reset when rung
conditionsgofalse,regardlessofwhetherthe
timerhastimedoutornot.
rightsreserved
Contd
Example
Letssaythatwehaveaconveyor,sirenand1limitswitch
LS01.LS01isatthebeginningoftheconveyor.WhenLS
01isONwewantabuzzertogoonfor3seconds(Security)
andthenwewanttostarttheconveyor.WhenLS01is
clearedthenwewanttostoptheconveyor.
Input/Output
ConveyorO:2.0/0
SirenO:2.0/1
LS01I:1.0/0
LadderLogicSolution
L dd L i S l i
OnceLS01goesonthenthetimerwillstarttiming.Notethatthe
timebaseissetto1.0(second),andpresetis3thereforetotal
times is set to 3 seconds.
timesissetto3seconds.
rightsreserved
SinceLS01isonandaccumulatedvalueofthetimeisnotreachedyetthiswill
energizethesiren.Thisrungwillbekeptenergizedtillthe3secondsarepassed.
OncetheAccumulatedvaluegetsequaltothepresetvalue(3seconds)the
h l d l l h l ( d) h
Donevaluewillbeonandhencetheconveyorwillstart,itwillstopwhenLS01
goesoff
rightsreserved
Ladder Logic Timer off Delay Instruciton
TOF TimerOffDelay
Countstimebaseintervalswhentheinstructionisfalse.
b l h h f l
TheTimerOffDelayinstructionbeginstocounttimebaseintervalswhenthe
rungmakesatruetofalsetransition.Aslongasrungconditionsremainfalse,
thetimerincrementsitsaccumulatedvalue(ACCeachscansuntilitreaches
the preset value (PRE) The accumulated value is reset when rung conditions
thepresetvalue(PRE).Theaccumulatedvalueisresetwhenrungconditions
gotrueregardlessofwhetherthetimerhastimedout.
Example
Let'ssaywehaveinthefieldanemergencystop.OncetheEStopispressed
wewantthesirentogoonfor5seconds.
h i f 5 d
Input/Output
EStopPushButtonI:1.0/0
SirenO:2.0/0
Siren O:2.0/0
LadderLogicSolution
WhentheEstop isonthenTOFT4:1isenergized.WhenaTOFisenergized
thenitwillresettheaccumulatoranditsdonebitwillbeon.
rightsreserved
Ladder Logic Retentive Timer Instruction
RTO RetentiveTimer
Co
Countstimebaseintervalswhentheinstructionistrueandretainstheaccumulatedvalue
nts time base inter als hen the instr ction is tr e and retains the acc m lated al e
whentheinstructiongoesfalseorwhenpowercycleoccurs.
TheRetentiveTimerinstructionisaretentiveinstructionthatbeginstocounttimebase
intervalswhenrungconditionsbecometrue.
TheRetentiveTimerinstructionretainsitsaccumulatedvaluewhenanyofthefollowing
occurs:
Rungconditionsbecomefalse.
ChangingProcessormodefromREMrun/Test/programmode.
Theprocessorlosespowerwhilebatterybackupisstillmaintainedandafaultoccurs.
Example
Example
Let'ssaywetohaveatimeronamotorthattimesthetimethemotorwason.Whatwewant
todoistorunthelubricationpumpevery10minutesthemainmotorhasrun,for5seconds.
Input/Output
SelectorI:1.0/0
Selector I:1 0/0
MotorO:2.0/0
LubePumpO:2:0/1
LadderLogicSolution
Whentheselectorisonthemotorwillgoon.
When the selector is on the motor will go on.
rightsreserved
WhenthemotorgoesontheRTOwillstarttiming.Weneeded10minutes
so60seconds*10minutes=600seconds.
WhenRTOisdoneandthe5secondtimeronthelubricationisnotdone
starttimingonthelubesystem.
WhentheRTOisdonestartsthelubricationpump.NotethatRung2and3
When the RTO is done starts the lubrication pump Note that Rung 2 and 3
couldhavebeencombined.Thisisonlytokeepthingssimple.
rightsreserved
OncetheTONofthelubeisdonethenwehavetoresettheRTO.Sothe
wholethingwillstartoveragain.
rightsreserved
WhenweloosetheEstop TOFwillbedeenergized.WhenTOFisdeenergizedit
willstartcountinguntilitreachesitspresetvalue.Inthisexamplethesirenwill
goonfor5seconds.
rightsreserved
Ladder Logic Totalizers
Rung1
Rung 1 SampleTimer
Sample Timer
Firstapulseisprogrammedtofireeveryminuteasa
samplingtime.
p g
Rung2 AddingupTotalFlow
Nowhere'sthetrick. Takingourflowreading(V2000)
g g( )
weadditintoaregistersetasideforcalculatingthe
totalflowperhour(V3006). Thatvalueisdividingby
60 ( i
60(minutes)togetatotalflowperhourwhichwe
) l fl h hi h
storeintheFlowHrTotal register(V3004). Theflow
per hour is then added into our flow totalizers V3000.
perhouristhenaddedintoourflowtotalizers
rightsreserved
rightsreserved
Rung 3 - Hour Counter
Tokeeptrackwhenanhourgoesbyacounter(CT0)isset
uptocountupto60minutes.
Rung 4 - Transfer of Hour Totalizers
EveryhourtheFlowHourTotalizers (V3004)isaddedintotheFlowTotal
Calculatorregister(V3002)
rightsreserved
Rung 5 - Resetting the Hour Totalizer
Oncethehourflowtotalizer isaddedintothefinaltotalizer weresetthehour
totalizer byloadingazerointoit'sregistersandresetthehourcounter.
rightsreserved
Rung 6 - Resetting the Main Flow
Totalizer
Optionally,iftheabilitytozerothetotalizer wasneededwe'dhavetoclearall
theseregistersandresetthecounter/timer.
rightsreserved
M d l 4
Module-4
SCADA HMI OPENCONTROL

SCADAHMI OPENCONTROL
rightsreserved
Chapter # 15:
Introduction to OpenControl
rightsreserved
Real Time Visual Control
AnIndustrialAutomationSuite
BuraqIntegratedSolutions
www.buraq.com
opencontrol@buraq com
opencontrol@buraq.com
OpenControl
OpenControlis
OpenControl is
an OPC based
anOPCbased
HMI/SCADASoftware
OpenControl
OpenControlisanOPCbasedHMI/SCADASoftware
OpenControl is an OPC based HMI/SCADA Software
HumanMachineInterface istheaggregateofmeansbywhichthe
usersinteractwithaparticularmachineordevice.HMIreferstothe
layer thatseparatesahumanthatisoperatingamachinefromthe
layer that separates a human that is operating a machine from the
machineitself.
HumanMachineInterface(HMI)enablesustocontroltheindustryina
realtime manner.HMIcommunicateswithProgrammableLogic
Control(PLC)unitsusingindustrystandardcommunicationprotocol
calledOLEforProcessControl(OPC).
OpenControl isspecializedsoftwaredesignedforIndustrial
Automation to provide real time visualization to the Executives
AutomationtoproviderealtimevisualizationtotheExecutives,
Management,OperatorsandMaintenanceStaff.
OpenControl providesagraphicsbasedvisualizationofanindustrial
control and monitoring system.
controlandmonitoringsystem.
OpenControl providesacentralcontrolroommonitoringenvironment,
ideallysuitablewheremultiplebrandsofhardwareisdeployed.
SCADA Application Levels
HMI/SCADAApplication
PLC C t ll
PLC,Controllers,I/OBoards
I/O B d
FieldDevices,Instruments
,
OpenControl
EasytoUse
EasytoCustomize
EasytoDeploy
EasytoMaintain
OpenControl
233
Real Time Control on Mouse Click

RealTimeControlonMouseClick
OpenControl - Modules
OpenControlAdmin
OPCConfigurator
OpenGraphDesign
OpenTrend
AlarmConfigurator
OpenAlarmViewer
ScriptConfigurator
ScriptEditor
DataSourceConfigurator
DatalogConfigurator
OpenControlServer
OPCConnector
AlarmConfigurator
OpenDataAccess
ScriptService
Datalogger
Reports
Securityy
234
O
OpenControl
C t lM Modules
d l
SecureoperationoftheServicesandConfigurators
OpenControl Admin
OpenControl Server
OpenGraph
The graphical module is the key component for
the visualization of real time data associated with
dynamic objects using the industrial standard
communication protocol OPC.
OpenGraph module provides advanced drawing
tools to create user configurable visualization
objects. These objects, when linked to realtime
data tags, provide dynamic information from field
devices and plant floor; any change in the field is
immediately reflected on the operator screen.
screen
For example, draw a vertical bar with filled color
that changes according to the associated
temperature reading from the controller. Similarly
there
h are severall other
h dynamic
d i actions
i that
h may
be associated with real time data for online
representation.
OpenGraph Key Features
PowerfulDrawingTools
g
RichDynamicActions
HighResolutionGraphics
DetailedPropertiesandObjectExplorer
IndustrialWidgetsLibrary
SupportforTagBrowser
EmbeddedAlarmsandTrendCharts
No Compilation of Displays is Required
NoCompilationofDisplaysisRequired
DisplaysreadytobeusedinMultiuserNetworkingEnvironment
OpenGraph
OpenGraph providesrealtimedynamicsandanimationtomimictherealtime
process.OpenGraph comeswithrichgraphicalobjectlibraryandWidgets,justdrag
anddroptheobjects,linktoOPCTagsanddisplayisready.Youdonotneedto
p p
compileorwritescriptsforanimationorruntime.
OpenGraph providesaneasytooperateuserinterface,powerfulobjectproperties
forcustomization,enhancedgraphicalobjectsandeasynavigationfordaily
operations.Operatorshavechoicetoopenthedisplaysoverthenetworkoffering
complete mobility and networking environment
completemobilityandnetworkingenvironment.
Open
p Graph
p
AhighresolutionWidgetslibraryisavailableintheOpenGraph
moduleprovidinghundredsofgraphicalobjectsreadytobe
d l idi h d d f hi l bj d b
insertedinthegraphicaldisplay.ArichlistofWidgetsisavailable
withmajorcategoriesas:
Dials,Meters&Knobs
Toggles&Switches
Sliders & Joysticks
Sliders&Joysticks
Buttons&Indicators
ProcessControlEquipment
Process Control Gauges & Indicators
ProcessControlGauges&Indicators
Tanks,Columns&HeatExchangers
Motors,Pumps&Fans
Valves, Pipes & Lines
Valves,Pipes&Lines
Special/MiscWidgets
OpenTrend
Realtimedatatrendingandchartingisanessentialtoolforstatisticalanalysis
andreporting.OpenControlSuitecomeswithabuiltintrendingmodulecalled
d ti O C t l S it ith b ilt i t di d l ll d
OpenTrend.
TheOpenTrend moduleisbasedonOPCspecificationsdefinedbytheOPC
F
Foundation.
d ti
OpenTrendplotsrealtimedataasPoint,Multiline,Area,Bar,Steps,Multiset
Pyramids&Ribbons,Cylinder,PolarandPie charts.
OpenTrendsupportsmultipledatacurvesrepresentingprocessdependencyand
relationships.SimplydroptheTrendControl,selectyourdatasourceandgoto
runtime;thereisnoneedtodocomplexprogrammingorscripting.Youcan
selectvariouspropertiesofthetrendtocustomizetoyourowndesign.
l t i ti f th t d t t i t d i
OpenTrendoffersdynamiccontrolstothescreendesignerincludingAxisRange,
Legend,ColorandScaleControletc.Youcanalsoselectpencontroloptions
suchastype,color&widthtodifferentiatevariousinputs.
h t l & idth t diff ti t i i t
OpenTrend
OpenTrend
OpenTrend
OpenAlarm
OpenAlarm isanimportantmoduleoftheOpenControlthat
generates critical alarms
generatescriticalalarms.
AlarmConfiguratorwhereyoucandefinealistofvaluestobe
monitoredconstantlyinthebackground;ifanyvaluereachesthe
d fi d li i
definedlimits,OpenAlarmgeneratesalarmmessagesandalertsthe
l l d l h
operators.
p y g
OpenAlarmanalyzestheonlinerealtimedatatogeneratelimitand
digitalalarmstointimatetheoperatoraboutvariousfield
instrumentsanddevices.
Theoperatorcanseealarmsdescription,alarmpriorityandcurrent
The operator can see alarms description, alarm priority and current
status.
OpenAlarmassistsinestablishingaprewarningsystemtobeused
for Safety Quality Assurance and Smooth Operations etc
forSafety,QualityAssuranceandSmoothOperationsetc.
OpenAlarm Key Features
SixlevelsofAlarms
AlarmAcknowledgment
MultipleAlarmSeverity
AlarmsbasedonOPCData,ScriptsandExpressions
Alarmfilteringandsorting
AlarmLogging
ViewCurrentandHistoryAlarmsinonewindow
Networkbasedalarmviewingandacknowledgment
OpenAlarm
OpenAlarmsupportsfollowingalarms:
p pp g
Digital
Limit
Deviation
e at o
RateofChange
OpenAlarmconstantlyanalyzestheonlinerealtimedataandgeneratesvarious
levels of alarms to alert the operator about the status of processes.
levelsofalarmstoalerttheoperatoraboutthestatusofprocesses.
Theoperatorcanviewalarmdescription,alarmpriorityandcurrentstatusina
simplealarmviewer.OpenAlarmassistsinestablishingaprewarningsystemto
be used for safety, quality and continuous operations.
beusedforsafety,qualityandcontinuousoperations.
AlarmscanbeviewedalongwithTrendsandGraphicalobjects,andcanbe
loggedtovariousdatabasesforfurtheranalysisandreporting.
Open Alarm Configurator
ConfiguresLimit,Digital,Deviation&RateofChangeAlarms
OpenAlarm Viewer
Viewandacknowledgegeneratedalarms
against
250
Open Alarm Viewer
HistoricalAlarms
251
Data Source Configurator
ConfiguresthesourcefordatastorageinOracle,mySQL &XML.
Data Log Configurator
UsedtocollectrealtimedatafromPLCsviaOPCserversandlogthesedata.Thelogged
data can be acce%ssed byanyreportingtoolforfurtheranalysisandscheduled
datacanbeacce%ssed by any reporting tool for further analysis and scheduled
reporting.Dataloggersupportshighspeeddatacollectionandlogging
Script Editor
OpenControlcouldwriteandloadcustomizedexpressions&scriptsthroughitsscript
editor module
editormodule.
Script Configurator
ScriptConfiguratorconfigurestheschedulingofascriptwritteninscripteditoreither
local or global
localorglobal.
OPC Configurator
OPCConfiguratorconfiguresanOPCserverusingTCP/IPforDataloggingandNetworking.OPC
server should configure before using any application of OpenControl
servershouldconfigurebeforeusinganyapplicationofOpenControl.
Networking
OpenControl isdesignedaroundTCP/IPnetworkingwithtrueClientServerarchitecture.Youcandeploy
multipleserversdistributedoverthegeographicalareathuscreatinganintegratedenvironment.Multiple
p g g p g g p
clientuserscanseamlesslyconnecttomultipleserverswithoutswitchingscreens.
OpenControl supportsLAN,WAN,Internet,Intranet,WiFi,GPRSand3Gconnectivity.
Internet/WAN
Enterprise/
Outside World
To: Manufacturing Execution System (MES),

HMI Management Information System (MIS),
Engineering Stations Stations Firewall
Enterprise Resource Planning System (ERP), ...
SCADA Network
Database Server
Application Server
Router OPC Server
Remote Station 1 Remote Station 2

Wired or Wireless Link
RTU/PLC
Voltage Sensor Current Sensor Relay Pressure Sensor Pump Level Sensor Valve
OpenControl SCADA Network Architecture

Security
OpenControl isdesignedwithrobustsystemsecurity
is designed with robust system security
asakeyfeature.
ClientServerconnectionsarecreatedusing128bit
g
securitymethods.
TheSecurityServerkeepstracksofalluserloginand
events.
Varioussecuritylevelscanbedefinedtocreateread
only accounts with the option to enter a second level
onlyaccountswiththeoptiontoenterasecondlevel
ofsupervisorloginfordatawrites.
SecurityServerpreventstheaccessofunauthorized
y p
userstothedevelopmentmode.
Chapter # 16
OpenControl
p Architecture in the
light of SCADA
rightsreserved
OpenControl System Architecture
OpenControl SuiteofferstrueClient/ServerArchitecture.Youcan
select various Microsoft Windows Operating Systems for Server
selectvariousMicrosoftWindowsOperatingSystemsforServer
basedapplications.Theclientcomputerscanbeacombinationof
bothMicrosoftWindowsandLinuxbasedOperatingSystem.
Server Requirements
MicrosoftOperatingSystemsuchasWindowsXPPro,Windows
Vista, Windows Server 2003/2008 and Windows 7 having 4GB
Vista,WindowsServer2003/2008andWindows7having4GB
RAM,1.8MHzCPU,200GBHDDwithstandardperipherals.
ClientRequirements
Microsoft Operating System such as Windows XP Pro Windows
MicrosoftOperatingSystemsuchasWindowsXPPro,Windows
Vista,andMSWindows7orLinuxbasedOperatingsystemhaving
2GBRAM,1.8MHzCPU,200GBHDDwithstandardperipherals.
Cont
OpenControl
p Web Architecture
Web Client
Web Server
Security
Script
Triggers
Data Logger HMI Server
Alarm Server /Logger Expressions
Periodic Alarm
S h d l
Scheduler
Graphical Client group Info +Active Tag Data Base Buffer
OPC Connector DB/XML Connector
OPC Server
My SQL
MS SQL
PostGre SQL
Oracle
XML
PLC Text
General Key Features
EasytoLearn
SimpletoUse
p
RapidDeployment
BuiltinWidgetsandSymbols
CentralizedConfiguration
T B
TagBrowsingforquickconfiguration
i f i k fi i
BuiltinEngineforScriptingandExpressions
Client/ServerArchitecture
Flexible and Scalable Design
FlexibleandScalableDesign
ConnectivityonFingerTips
UseasastandaloneorwithinNetworkingEnvironment
DesignedaroundOPCandTCPArchitecture
ConnectivitytomultiplePLCs/ControllersviaOPCServers
SupportforDataLoggingtoMySQL Database
SupportforAlarmLoggingtoMySQL Database
Supports IT Security and Networking Firewalls
SupportsITSecurityandNetworkingFirewalls
SupportforLinuxClients
SupportforopenReportingTools
Chapter # 17
OpenControl
p Comparative
p
Analysis
rightsreserved
Why OpenControl
CostEffectiveSCADASuite
MorePracticalLicensingslots
CustomizableWidgetsetswithpowerful
developmentenvironment
RapidSCADAApplicationDevelopment
EnvironmentforSystemIntegrators
OpenSystemwithmultivendorhardwaresupport
p y pp
64bit,Realtime&NonresourcehungrySCADA
MultiOperatingSystemsupportincludingWindows
and Non Windows platforms
andNonWindowsplatforms
Integrationoptionswith3rd partyapplicationslike
ERP,MIS,etc.
OpenControl - Benefits
OpenControl improvestheproductquality,reduces
downtime increases performance and provides cost
downtime,increasesperformanceandprovidescost
savings.
OpenControl isveryflexibleandcanbeusedinany
ype o dus y
typeofindustry.
OpenControliseasytolearnandcanberapidly
deployedandmaintainedinhousebytheendusers.
SystemIntegratorspreferproductsthatofferre
y g p p
usability,lessprogrammingandrapidcustomization
Faultfindingandrapiddiagnosticsbecomeeasywith
OpenControl Suite.
OpenControl systemissuitableforallindustries
wheretherequirementofmonitoringandcontrolling
iscritical.
266
OpenControl Focused
Vertical Industries
OpenControl canbeimplementedinalltheindustrieswherethereisacritical
d
demandofmonitoringandcontrollingthemachinesandprocessesinrealtime.
d f it i d t lli th hi d i l ti
Someoftheverticalstofacilitateare: EnergyMonitoring
SugarMills PowerGeneration,Distributionand
TextileIndustry Metering
Food&Pharmaceutical WaterWastewaterTreatmentPlants
CementPlants AutomotiveIndustry
ChemicalFactories PulpandPaper
Flour,GrainandFeedMills
, Packaging
g g
Automotive&Transportation MetalandMining
Oil,Gas&Petrochemical DefenseIndustry
HVAC,BuildingControl&Security Simulation,TrainingandResearch
Building Automation and Facility Monitoring
BuildingAutomationandFacilityMonitoring
Vertical Industries
Chapter # 18
Installation & Configuration
g of
HMI
rightsreserved
Windows Firewall Configuration
OpenWindowsFirewallApplication:
Open Windows Firewall Application:
OpenControlPanel
Run
'WindowsFirewall'applet.
Thentemporaryoff
Firewallsettings
ThenclickOK
rightsreserved
Database Configuration
GotoStartAllProgramsMySQLMySQLAdministrator
NOTE:IfMySQLisnotalreadyinstalledtheninstalleditfirst.
rightsreserved
Awindowopensasshownbelow.Enterthe
A window opens as shown below. Enter the
usernameandpasswordandclickOk
rightsreserved
NowselectRestoreintheleftpane.Itsdetailswillappearintherightpane.Selectopenbackup
fileandselectthefollowingfilefromthefolderOpenControlServer.Defaultbackupfilewillbe
installedwiththeinstallationofOpenControlServer.
opencontroldb 201001261456
ClickOpenandthenclickSystemRestore
rightsreserved
Open Control Server Side Installation
Gototheopencontrolsetupfolder.Itcontainsafoldernamedasserver
whichcontainstheserversetup.RunthesetupinordertoinstallOpenControl
Server.
Server
Clicknext tocontinue.
Note: OpenControlsetuprequiresjre1.6orgreater.Ifitisnotpresentontargetmachine,
OpenControlsetupwillinstallitautomaticallybeforeinstallingtheactualcomponentsofserver
p p y g p .
rightsreserved
Readthelicenseagreement.CheckIagreeoptiontocontinue.
rightsreserved
ChoosethecomponentyouwanttoinstallinOpenControlServer
Installatione.g.FullInstallation
ThenClicknext tocontinue.
rightsreserved
SpecifythepathwhereyouwanttoinstalltheOpenControlServer.
ThenClicknext
Then Click next tocontinue.
to continue
rightsreserved
Clickclose attheendoftheinstallation.
rightsreserved
Start/Stop
p of OpenControl
p Server Services
GotoStartAllProgramsOpenControlServerOpen
ControlServer
Open Control Client Installation
RuntheOpenControlClientsidesetupfromtheclientfolderinthe
OpenControlrelease.
Clicknext tocontinue.
Note: OpenControlsetuprequiresjre1.6orgreater.Ifitisnotpresentontargetmachine,
OpenControlclientsetupwillinstallitautomaticallybeforeinstallingtheactualcomponentsof
OpenControlclient.
rightsreserved
ReadthelicenseagreementandCheckIAgreebutton.
ClickNext tocontinue.
rightsreserved
ChoosethecomponentyouwanttoinstallinOpenControlClientInstallation
e.g.FullInstallation
rightsreserved
SpecifythepathwhereyouwanttoinstalltheOpenControl
Client.
rightsreserved
Clickclose attheendoftheinstallation.
rightsreserved
Start/Stop OpenControl Client Applications
GotoStartAllProgramsOpenControlClient
AdministrativeTools
rightsreserved
Contd
Theadministrativetoolswindowappearsasshownbelow:
rightsreserved
DCOM Configurations
ToaccessDCOMsettings,typethefollowingcommandatthe
run prompt dcomcnfg
runprompt, dcomcnfg thenpressEnter
then press Enter key
rightsreserved
DCOM Configurations
TheComponentServiceswindowappearsinfrontofyou.
rightsreserved
DCOM Configurations
ClickonComponentServicesundertheConsoleRoottoexpandit.
ClickonComputersunderComponentServicestoexpandit.
RightclickonMyComputerinthepaneontheleftandselectProperties
rightsreserved
DCOM Configurations
DoubleclickDcom Configfolder,thenextwindowthatappearscontainsall
the files for which we are going to set the properties in the next steps
thefilesforwhichwearegoingtosetthepropertiesinthenextsteps.
rightsreserved
DCOM Configurations
Thesethreefilesare:
OPCserverspecificsettings(i.e.Kepware/OPCModbusEthernet)
SettingsforOPCEnum(opcenumfile)
SettingsforsurrogatecreatedagainstOPCDAAuto.dll(e.g.OPCDataaccess
AutomationWrapper)
S
Searchtheabovethreefilesfromcomponentslistandthenrightclickto
h h b h fil f li d h i h li k
accessitsproperties.
rightsreserved
OPC server specific settings
rightsreserved
Settings for OPCEnum (opcenum file)
rightsreserved
Settings for the Surrogate (OPC Data access
A t
Automation
ti Wrapper)
W )
rightsreserved
Chapter # 19
p designing
g g
module OpenGraph
rightsreserved
OpenControl Designing Module OpenGraph
OpenGraph
GettingStarted
GotoAllPrograms OpenControlClient AdministrativeTools
rightsreserved
OpenControl Designing Module OpenGraph
OpenGraph
TheAdministrativeToolswindowappearsasshownbelow:
ThenClickontheOpenGraphDesigner icontoopenOpenGraphModule:
rightsreserved
OpenControl Designing Module
rightsreserved
MainToolbar
ViewToolbar
Main Tabs
MainTabs
Cli b d T lb
ClipboardToolbar
ViewToolbar
rightsreserved
ArrangeToolbar
TextToolbar StyleToolbar
y
ShapesToolbar
rightsreserved
PropertiesWindow
DynamicsToolbar
rightsreserved
Widgets Toolbar
WidgetsToolbar
rightsreserved
Chapter # 20
p Trending
g
module OpenTrend
rightsreserved
OpenControl Trending Module
Trend Toolbar
TrendToolbar
rightsreserved
Bar Chart
rightsreserved
Multi-Line
Multi Line Chart
rightsreserved
Multi-Step
Multi Step Chart
rightsreserved
Packed Bar Graph
rightsreserved
Pie Chart
rightsreserved
Filled Multi-Line Chart
rightsreserved
3D Packed Graph
rightsreserved
Chapter # 21
OpenControl
p alarming
g module
OpenAlarm
rightsreserved
Alarm Configurator
TheAdministrativeToolswindowappearsasshownbelow:
ClickonAlarmConfigurator toopentheAlarmConfiguratorapplication
rightsreserved
Alarm Configurator
AlarmConfigurator opensasshownbelow:
rightsreserved
Defining Alarm Type
Limit
Deviation
Digital
Di it l
RateofChange
rightsreserved
Limiting Alarm
rightsreserved
Deviation Alarm
rightsreserved
Digital Alarm
rightsreserved
Rate
aeo of C
Change
a ge
rightsreserved
Alarm Viewer
GotoStartAllProgramsOpenControlClientAlarmViewerasshown
below:
TostarttheAlarmViewerfromOpenGraph,proceedasfollows:
rightsreserved
Alarm Viewer
Note:AlarmViewerwilldisplaythealarmsonlyiftheAlarmGenerator
Serviceisstartedasshownbelow:
rightsreserved
Alarm Viewer
RecentAlarmsTab
rightsreserved
Alarm Viewer
HistoricalAlarmsTab
rightsreserved
Chapter # 22
OpenControl
p Interfacing
g with
PLCs
rightsreserved
PLC Connectivity
provides connectivity to various

OpenControlprovidesconnectivitytovarious
OpenControl
brandsofPLCsandequipmentviaOPCServers
Multiplebrandsofequipmentisconnected
Multiple brands of equipment is connected
seamlessly
M d l 6
Module-6
OverviewofSCADAProcess
Overview of SCADA Process
Control&Securityy
rightsreserved
Chapter # 28
Introduction of SCADA Process
Control & Security
rightsreserved
ProcesscontrolandSCADAsystems
Thetermsprocesscontrolsystemand
process control and SCA A system are
processcontrolandSCADAsystemare
usedasgenerictermstocoverall
industrialcontrol,processcontrol,
distributed control systems (DCS)
distributedcontrolsystems(DCS),
supervisorycontrolanddataacquisition
(SCADA),industrialautomationandrelated
safetysystems.
rightsreserved
An Important Problem
Oilandgasprocessingiscontrolledbycomputer
g p g y p
systems
Trendtowardgeneralpurposeplatformsanduniversal
connectivity
ti it
Thesesystemsarevulnerabletocyberattack
Anattackcouldhavesevereconsequencesfor
An attack could have severe consequences for
Humanlives
Theenvironment
The environment
Theeconomy
2010Buraq IntegratedSolutions,All
rightsreserved
Example: Pipelines
June10,1999
I B lli h
InBellingham,Washington,agasolinepipelineoperatedby
W hi li i li db
OlympicPipelineCompanyruptured
237,000gallonsofgasolinewasreleasedintoWhatcomCreek
The gasoline ignited sending a fireball racing do n the creek
Thegasolineignited,sendingafireballracingdownthecreek
Two10yearoldboysandan18yearoldmanwerekilled
SCADAsystemproblemspartialcause
rightsreserved
Why Is There A Problem?
Controlsystemside ITside
Toppriorityisreliabilityand Traditionalsecuritytoolsmay
availability,notsecurity notworkforcontrolsystems
Traditionallyreliedonobscurity ITpeopledonotknowcontrol
andisolation systems
Trend:usinggeneralhardware Enterprisenetworksarebeing
andOS connectedtocontrolsystems
Owner/operatorcompaniesare Controlsystemsareoverlooked
inthehandsofvendors becausetheyarenotmanaged
Vendorsoftenhavebackdoor byIT
modemlines
Defaultpasswords
rightsreserved
Good Practice
Thebestofindustrypracticessuchasstrategies,
f yp g
activities,orapproaches,whichhavebeen shownto
beeffectivethroughresearchandevaluation
Goodpracticestatement:Protectprocesscontrolsystemswithantivirus
softwareonworkstationsandservers
Complication:Itisnotalwayspossibletoimplementantivirus
software on process control systems workstations or servers
softwareonprocesscontrolsystemsworkstationsorservers
Goodpracticestatement:Obtainvendoraccreditationandconfiguration
g
guidancefromprocesscontrolsystemvendorspriortodeploymentof
p y p p y
suchsoftware
Complication:Somevendorswillnotaccreditantivirussoftwareand
otherprocesscontrolsystemsareincompatiblewithsuchsoftware.
rightsreserved
Stuxnet first SCADA Malware/Worm
Newcomputerworm,20092010,hasappearedthatattacksindustrial
networks and plants The worm is called Stuxnet
networksandplants.ThewormiscalledStuxnet
ItattackstheWindows7operatingsystemandSiemensindustrialcontrol
andSCADAsoftwaresuchthatthefoundinpipeline,powernetworks,etc.
It is claimed that the level of effort and the sophistication of the worm
Itisclaimedthatthelevelofeffortandthesophisticationoftheworm
indicatethatonlyawellfinancedandmotivatedprofessionalgroupcould
havecreatedit.Siemensreportsthatatleast4industrialsitesinGermany
andmanyotherplacesintheworldhavebeenattackedbytheworm.The
y p y
wormhasbeenaroundforayear(2010)andbothMicrosoftandSiemens
claimtohavepatchesfortheworm.
rightsreserved
How does Stuxnet work?
Langner,one ofthefirstexpertstoreportonStuxnet states:
"Langner's analysisalsoshows,stepbystep,whathappens
afterStuxnet findsitstarget.OnceStuxnet identifiesthe
critical function running on a programmable logic controller,
criticalfunctionrunningonaprogrammablelogiccontroller,
orPLC,madebySiemens,thegiantindustrialcontrols
company,themalwaretakescontrol.Oneofthelastcodes
Stuxnet sendsisanenigmatic
sends is an enigmatic DEADF007.
DEADF007. Thenthe
Then the
fireworksbegin,althoughtheprecisefunctionbeing
overriddenisnotknown,Langner says.Itmaybethatthe
maximum safety setting for RPMs on a turbine is overridden
maximumsafetysettingforRPMsonaturbineisoverridden,
orthatlubricationisshutoff,orsomeothervitalfunction
shutdown.Whateveritis,Stuxnet overridesit,Langners
analysis shows "http://news.yahoo.com/s/csm/327178
analysisshows. http://news yahoo com/s/csm/327178
rightsreserved
rightsreserved
Chapter # 29
Securing
g Process Control &
SCADA Systems
rightsreserved
Process Control & Security
IncreasedconnectivityviastandardITtechnologieshasexposedtheprocessesto
newthreats
forexample:worms,virusesandhackers
Astheseprocessescontrolnetworkscontinuetoincreaseinnumbers,expandand
connectsotheriskstotheprocesscontrolsystemsfromelectronicthreats
continuetoescalate.
Theimpactsofanelectronicattackonprocesscontrolsystemscaninclude:
denialofservice,unauthorizedcontroloftheprocess,lossofintegrity,lossofconfidentiality,
lossofreputationandhealth,safetyandenvironmentalimpact.
Virus Cost to Businesses
60
50
40
$ in Billions 30
20
10
0
2001 2002 2003
rightsreserved
Process Control Security Framework
Theframeworkbasedonindustrygoodpracticefrom
The framework based on industry good practice from
processcontrolandITsecurityandfocusesonseven
keythemes:
Understandthebusinessrisks.
Implementsecurearchitecture.
Establishresponsecapabilities.
Improveawareness`andskills.
Managethirdpartyrisks.
Manage third party risks.
Engageprojects.
Establishongoinggovernance.
rightsreserved
Guiding principles
Protect,DetectandRespond
P
Protect:Deployingspecificprotectionmeasurestopreventanddiscourageelectronic
D l i ifi i d di l i
attackagainsttheprocesscontrolsystems.
Detect:Establishingmechanismsforrapidlyidentifyingactualorsuspectedelectronic
attacks.
Respond:Undertakingappropriateactioninresponsetoconfirmedsecurityincidents
Respond: Undertaking appropriate action in response to confirmed security incidents
againsttheprocesscontrolsystems.
DefenseinDepth
Implementingmultipleprotectionmeasuresinseriesavoidssinglepointsoffailure.
Technical Procedural and Managerial protection
Technical,ProceduralandManagerialprotection
Whenimplementingsecurity,thereisanaturaltendencytofocusthemajorityofeffort
onthetechnologyelements.Althoughimportant,technologyisinsufficientonitsown
toproviderobustprotection.
Forexample,whenimplementingafirewallitisnotjustamatterofinstallationand
p , p g j
configuration.
Considerationmustalsobegiventoassociatedproceduralandmanagerial
requirements:
Proceduralrequirementsmayincludechangecontrolandfirewallmonitoring.
Managerialrequirementsmayincludefirewallassurance,standards,assuranceandtraining
Managerial requirements may include firewall assurance standards assurance and training.
rightsreserved
Chapter # 30
Understand the Business Risks
rightsreserved
Principles of Good Practice
Understand
Understand Understand Understand
the
the systems
thesystems the threats
thethreats the impacts
theimpacts
vulnerabilities
Understandthesystems
Conductaformalinventoryauditandevaluationoftheprocesscontrolsystems.
U d t d th th t
Understandthethreats
Identifyandevaluatethethreatsfacingtheprocesscontrolsystems.Possiblethreats
mayinclude:denialofservice,targetedattacks,accidentalincidents,unauthorized
control,orviruses,wormsorTrojanhorseinfections.
Understand the impacts
Understandtheimpacts
Identifypotentialimpacts
lossofreputation,violationofregulatoryrequirements(e.g.healthandsafety,
environmental),inabilitytomeetbusinesscommitments,orfinanciallosses.
Understandthevulnerabilities
Understand the vulnerabilities
Undertakeavulnerabilityassessmentoftheprocesscontrolsystems.Suchareview
shouldinclude:evaluationoftheinfrastructure,operatingsystems,applications,
componentsoftware,networkconnections,remoteaccessconnectivity,andprocesses
p
andprocedures.
rightsreserved
Methods:
Governance
Systemdefinition Security&Risksanalysis
System Security
design analysis
models model
(severalsystem
definitionviewpoints) ADVANTAGES
Toward aclose
integration of
Real security analysis
world andsystemmodel
Provides a
management view
managementview
Managesfiner
grainanalyses
rightsreserved
The Global Economy
GlobalFactors
ExchangeRate
CountryRisk
CreditRisk
Protectionismandtradepolicy
FreeFlowofCapital
StatusofNationsWorkforce
Inflation: is the rate at which the general level of prices is rising.
rising High rate of inflation
is often associated with overheated economies i.e. economies where demand of
goods and services is over stripping productive capacity, which leads to upward
pressure on prices.
I t
Interestt rates:
t Hi h interest
High i t t rates
t reduce
d th presentt value
the l off future
f t cashh flows,
fl
thereby reducing the attractiveness of investment opportunities.
Budget Deficit: The budget deficit of a government is the difference between government
spending and revenues. Any budgetary shortfall must be offset by government borrowing and
large borrowings will increase the interest rates and thus choking off the business opportunities.
rightsreserved
Demand and Supply Shocks
A demand shock is an event that affects the demand for
goods
d and d services in the
h economy. Examples l off positive
demand shocks are reduction in tax rates, increase in money
supply, increase in government spending, or increases in
foreign export demand.
demand
A supply shock is an event that influences production capacity
and costs. Examples of supply shocks are changes in the price
of imported oil,
oil freezes,
freezes floods,
floods droughts that might destroy
large quantities of agricultural crops; changes in the
educational level of economys work force; or changes in the
wage
g rates at which the labor force is willingg to work.
rightsreserved
System Analysis
Syste
Systemsanalysisisaprocessofunderstandingin
s a a ys s s a p ocess o u de sta d g
detailwhatasystemshouldaccomplish.
g
Thefirststageofthe(BIA)assetidentification
stageanswersthequestion,WhatamI
protecting?
Italsoidentifiestherelationshipbetweenassets
Theassetidentificationstageensuresthat
everythingnecessaryforthepreservationof
thi f th ti f
essentialFunctionsandtheirassociatedassets,is
identified.
identified
rightsreserved
Threat Analysis
ThesecondstepintheBIAProcessis
TheThreatAnalysis
Whichanswersthequestion,WhatamIprotectingagainst?
During the threat analysis each asset is paired with a vulnerability (a
Duringthethreatanalysis,eachassetispairedwithavulnerability,(a
weaknessthatmakesitsusceptibletointerruptionordestruction)
Foreachasset/vulnerabilitypair,alististhendevelopedofthethreat(s)
that could exploit that particular asset/vulnerability
thatcouldexploitthatparticularasset/vulnerability
Thethreatanalysisproducesalistofvulnerabilitiesforeachassetandthe
associatedthreats,whichinturn,arerankedbylikelihoodofoccurrence
rightsreserved
Business Impact Analysis
The BIA answers three questions,

questions
1. WhatamIprotecting?
2 WhatamIprotectingagainst?
2. What am I protecting against?
3. Howmuchmoney,time,andeffort
shouldIexpend?
The BIA is the basis and justification for any proposed recovery strategy.
The BIA also establishes the objectives for recovery

((i.e., how long
g the department
p can do without the asset
before restoration becomes essential).
rightsreserved
Vulnerabilities Analysis
Avulnerabilityisahardware,software,oroperational
d f
deficiencyaweaknessthatprovidesanopportunityfora
k h d f
threattodoharm.
Iftheuniversityislocatedonthebanksofariver,andthedata
centerisonthefirstfloor,thenitsvulnerabilitiesareitslow
t i th fi t fl th it l biliti it l
altitudeanditsproximitytotheriver.
Exposureistheharmthatresultsfromathreattaking
advantageofvulnerability.
Ifthedatacenterflooded,computingequipmentwouldbe
destroyed and revenue would be lost
destroyedandrevenuewouldbelost.
Thesecostsareexposures.
rightsreserved
Chapter # 31
Implement Secure Architecture
rightsreserved
Organizationsshouldselectand
O i ti h ld l t d
implementtechnical,proceduraland
management protection measures to
managementprotectionmeasuresto
increasethesecurityofprocesscontrol
systems.
y
Selectappropriatesecuritymeasures
Implementselectedriskreduction
measures
rightsreserved
Network Architecture
Identifyallconnectionstotheprocesscontrolsystem.
Minimizethenumberofconnectionstotheprocesscontrol
systemandensurethatthereisavalidbusinesscasefor
anyremainingconnections.
Segregateorisolateprocesscontrolsystemsfromother
networkswherepossible.
Implementdedicatedinfrastructureformissionorsafety
Implement dedicated infrastructure for mission or safety
criticalprocesscontrolsystems.
Remove,wherepossible,TCP/IPconnectionsbetween
safety systems (e.g. emergency shutdown
safetysystems(e.g.emergencyshut downsystems)and
systems) and
processcontrolsystemsorothernetworks.Wherethisis
notpossible,ariskanalysisshouldbeundertaken.
rightsreserved
Exposure
System Exposure
SystemExposure
C
Components
t V l
Vulnerabilities
biliti Mitigation
Block
Networks Advisories
OperatingSystems ExploitCode
GAP Detect
Workaround
Applications AdvancedTools
Fix
Fix
rightsreserved
Firewalls
Protectconnectionsbetweenprocesscontrolsystemsandothersystems
appropriately(e.g.withafirewallanddemilitarizedzone(DMZ)architecture)
Deploy firewalls with tightly configured rule bases
Deployfirewallswithtightlyconfiguredrulebases.
Firewallconfigurationshouldbesubjecttoregularreview.
Firewallchangesshouldbemanagedunderstrictchangecontrol.
Implementappropriatefirewallmanagementandmonitoringregimes.
Firewallsshouldbemanagedbyappropriatelytrainedadministrators.
A24/7capabilityforthemanagementandmonitoringoffirewallsshouldbe
established.
rightsreserved
Remote access
Maintainaninventoryofallremoteaccessconnectionsandtypes(e.g.
virtual private network or modems)
virtualprivatenetworkormodems).
Ensurethatavalidbusinessjustificationexistsforallremoteaccess
connectionsandkeepremoteconnectionstoaminimum.
p pp p ( g
Implementappropriateauthenticationmechanisms(e.g.strong g
authentication)forremoteaccessconnections.
Carryoutregularauditstoensuretherearenounauthorizedremote
accessconnections.
Implement appropriate procedures and assurance mechanisms for
Implementappropriateproceduresandassurancemechanismsfor
enablinganddisablingremoteaccessconnections.
Restrictremoteaccesstospecificmachinesandforspecificusersandif
possible,atspecifictimes.
Undertakesecurityreviewsofallthirdpartiesthathaveremoteaccessto
thecontrolsystems.
Ensurethatremoteaccesscomputersareappropriatelysecured(e.g.anti
virus antispam
virus,anti spamandpersonalfirewalls).
and personal firewalls)
rightsreserved
Anti virus
Anti-virus
Protectprocesscontrolsystems
withantivirussoftwareon
workstationsandservers.Where
antivirussoftwarecannotbe
d l d th
deployedotherprotection
t ti
measuresshouldbe
implemented(e.g.gatewayanti
virus scanning or manual media
virusscanningormanualmedia
checking).
Obtainaccreditationand
configuration guidance from
configurationguidancefrom
processcontrolsystemvendors
priortodeploymentofsuch
software.
software
rightsreserved
E
E-mail
il and
d IInternet
t t access
Disableallemailandinternetaccessfrom
processcontrolsystems.
l
rightsreserved
System Hardening
Undertakehardeningofprocesscontrolsystemstoprevent
networkbasedattacks.Removeordisableunusedservicesand
t k b d tt k R di bl d i d
portsintheoperatingsystemsandapplicationstoprevent
unauthorizeduse.
Understandwhatportsareopenandwhatservicesandprotocols
Understand what ports are open and what services and protocols
usedbydevices(especiallyembeddeddevicessuchasPLCsand
RTUs).Thiscouldbeestablishedbyaportscaninatest
environment.Allunnecessaryportsandservicesshouldbedisabled
(
(e.g.embeddedwebservers).
b dd d b )
Ensureallinbuiltsystemsecurityfeaturesareenabled.
Wherepossiblerestricttheuseofremovablemedia(e.g.CDs,
floppy disks USB memory sticks etc ) and if possible removable
floppydisks,USBmemorysticksetc.)andifpossibleremovable
mediashouldnotbeused.Whereitisnecessarytouseremovable
mediathenproceduresshouldbeinplacetoensurethattheseare
checkedformalwarepriortouse.
rightsreserved
Defense in Depth Security
DefenseinDepthSecurity
1 PerimeterControls
Internet&CorporatePerimeter
1
2 2 AccessControl,
3
4 People,Policies
l l
5
6
7 CyberControl
3 Network Architecture Components
NetworkArchitectureComponents
4 OperatingSystems
5 HostSecurity
6 Application Security
ApplicationSecurity
7 CoreOperationalServices
rightsreserved
Backups and Recovery
Ensure
Ensureeffectivebackupandrecoveryprocedures
effective backup and recovery procedures
areinplace,andareappropriateforthe
identifiedelectronicandphysicalthreats.These
p y
shouldbereviewedandregularlytested.
Testtheintegrityofbackupsregularlythrougha
Test the integrity of backups regularly through a
fullrestoreprocess.
Storebackupsatonandoffsitelocations.
Store backups at on and off site locations.
Mediashouldbetransportedsecurelyandstored
in appropriately secure locations
inappropriatelysecurelocations.
rightsreserved
Physical Security
Deploy
Deployphysicalsecurityprotectionmeasuresto
physical security protection measures to
protectprocesscontrolsystemsandassociated
networkingequipmentfromphysicalattackandlocal
unauthorizedaccess.Acombinationofprotection
measuresislikelytoberequiredwhichcouldinclude,
di l k t
drivelocks,tamperproofcasing,andsecureserver
f i d
rooms,accesscontrolsystemsandCCTV.
rightsreserved
System Monitoring
Monitorinrealtimeprocesscontrolsystemstoidentifyunusualbehavior
which might be the result of an electronic incident (e g an increased
whichmightbetheresultofanelectronicincident(e.g.anincreased
amountofnetworkactivitycouldbetheresultofaworminfection).A
varietyofparametersshouldbedefinedandmonitoredinrealtimeand
comparedwithsystembaselinesfornormaloperationtoprovidean
indication of unusual behavior
indicationofunusualbehavior.
Wherepossible,implementintrusiondetectionandpreventionsystemsto
provideamoregranularviewofnetworkactivity.Thesesystemsshouldbe
tailoredtotheprocesscontrolenvironment.
Reviewandanalyzeregularlyadefinedsuiteofcontrolsystemlogfiles.
Backupimportantlogfilesandprotectfromunauthorizedaccessor
modification.
Give due consideration to the installation of physical monitoring systems
Givedueconsiderationtotheinstallationofphysicalmonitoringsystems
suchasclosedcircuittelevisioncamerasortamperalarmsonphysical
enclosures.Thisisespeciallyimportantforremotesites.
Ensurethataccesstosecureareasviapasscardsislogged.
rightsreserved
Wireless Networking
Wirelesssystemscanintroducesignificantriskconsequentlywireless
systemsshouldonlybeusedwhereathoroughriskassessmenthasbeen
carriedoutthatconsidersbothoperationalandsecurityrisks.
Thefieldofwirelesssecurityisconstantlychangingandsolutionsthat
werethoughttobesecureonlyacoupleofyearsagoarenowrecognized
asbeingvulnerable.Wirelesssystemsshouldbesecuredusingindustry
bestpractices.Regularverificationsshouldbemadetodeterminewhether
industrybestpracticehasmovedon.
rightsreserved
Security Patching
Wirelessnetworkingisahottopicinthefieldofindustrialcontrol
systemsowingtothesignificantbusinessbenefitsitprovides.
t i t th i ifi t b i b fit it id
Howeverwirelesssystemscanintroducesignificantrisk
consequentlywirelesssystemsshouldonlybeusedwherea
thoroughriskassessmenthasbeencarriedoutthatconsidersboth
g
operationalandsecurityrisks.
Thefieldofwirelesssecurityisconstantlychangingandsolutions
thatwerethoughttobesecureonlyacoupleofyearsagoarenow
recognizedasbeingvulnerable.Wirelesssystemsshouldbesecured
i d b i l bl Wi l t h ld b d
usingindustrybestpractices.Regularverificationsshouldbemade
todeterminewhetherindustrybestpracticehasmovedon.
Whendesigninganddeployingwirelesssolutionsensurethatthe
When designing and deploying wireless solutions ensure that the
securitymechanismsinthesolutionareunderstoodandcorrectly
configured.
rightsreserved
Personnel Background Checks
Ensureallstaffwithoperationalor
administration access to process control
administrationaccesstoprocesscontrol
systemsareappropriatelyscreened.
rightsreserved
Passwords and Accounts
Implementandenforceapasswordpolicyforallprocesscontrolsystems
thatcoverstrengthofpasswordsandexpirationtimes.Itisrecommended
thatpasswordsarechangedfrequently,butwherethisisnotpossibleor
practical,alternativeappropriateprotectionshouldbeconsidered.
Regularlyreviewallaccessrightsanddecommissionoldaccounts.
Wherepossiblechangevendorpasswordsfromdefaultsettings.
Passwordsmaynotbedeemednecessaryforsomefunctions(e.g.view
y y ( g
onlymode).
Considerstrongerauthenticationmethodsforcriticalfunctions.
rightsreserved
Document Security Framework
Documentafullinventoryoftheprocesscontrolsystemsand
y p y
components.
Documenttheframeworkthatprovidesthesecurityforthe
processcontrolsystemsandregularlyreviewandupdateto
t l t d l l i d d t t
reflectcurrentthreats.Thisdocumentshouldincludedetails
oftheriskassessments,assumptionsmade,known
vulnerabilitiesandsecurityprotectionmeasuresdeployed.
Ensureallprocesscontrolsystemdocumentationissecured
l d h d l.
andaccesslimitedtoauthorizedpersonnel
d
rightsreserved
Resilient Infrastructure & Facilities
Systems
Systemsshouldbeinstalledusingappropriate
should be installed using appropriate
infrastructure,suchasredundantnetworks.
Equipmentshouldresideinenvironmentally
Equipment should reside in environmentally
controlledareastoensureequipmentisbeing
maintained at the appropriate ambient
maintainedattheappropriateambient
conditions.
Wherenecessaryfiresuppressionssystems
Wh fi i
shouldbeinstalledtoprotectcontrolsystems.
rightsreserved
Vulnerability Management
Implementavulnerabilitymanagementsystemtoensurethat
p y g y
vulnerabilitiesarekepttoaminimumintheprocesscontrol
environment.Acommonmethodofvulnerability
management is security scanning There are potentially
managementissecurityscanning.Therearepotentially
seriousrisksofscanningprocesscontrolsystemsandthis
shouldonlybeperformedatcarefullychosentimes,for
example,plantshutdownsoronatestenvironment.
Undertakeafullriskassessmentpriortoanyscanning
activities.
rightsreserved
Identify Vulnerable Assets
Front End Applications Configuration Database HMI Engineering
Historian
Processor Server Server Server Computers Workstation
Vendor
Modem
SCADA LAN
MODEM
ICCP WWW
Pool Historian
Components
Network
Server Server
Communications
Networks
Operating Systems
OperatingSystems
Applications
Applications Corporate
DMZ LAN
PBX
SCADA Web
Firewall Communications Business Business Applications DNS
Servers Servers Workstations Servers Server
CORPORATE LAN
Attacker Communications
Corporate
Firewall
rightsreserved
Identify Threat Vectors
Historian
Vendor
Modem
SCADA LAN
MODEM
ICCP WWW
Pool Historian
Vulnerabilities
Advisories
Server Server
Advisories
Exploit Code
Advanced Tools
ExploitCode
AdvancedTools Corporate
DMZ LAN
PBX
SCADA Web
CORPORATE LAN
Corporate
Firewall
rightsreserved
Identify Mitigations
Historian
Vendor
Modem
SCADA LAN
MODEM
Mitigation
Fix
Pool
ICCP
Server Historian
WWW
Server
Block Block
Detect
DetectWorkaround
Workaround
Corporate
Fix PBX
DMZ LAN
SCADA Web
CORPORATE LAN
Corporate
Firewall
rightsreserved
Starters and Leavers Process
Implementproceduresthatensurenewstarters
p e e t p ocedu es t at e su e e sta te s
receivetheappropriateaccounts,authorization
levelsandsecuritytrainingwhentheyjoina
processcontrolteam.
l
Implementprocedurestoensurethat
confidentialinformationanddocumentationis
fid ti l i f ti dd t ti i
retrieved,accountsaredeactivatedand
passwords are changed when personnel leave
passwordsarechangedwhenpersonnelleave
processcontrolteamsorwhenteammembers
changerolesandresponsibilities.
rightsreserved
Management of Change
Certify
Certifythatallsystemsaresubjecttostrict
that all systems are subject to strict
changecontrolprocesses.Security
assessments should be included in these
assessmentsshouldbeincludedinthese
processes.Itmaybenecessaryforchangesto
be assessed and approved by multiple change
beassessedandapprovedbymultiplechange
controlprocesses(e.g.afirewallmodification
might be subject to both IT and plant change
mightbesubjecttobothITandplantchange
managementprocesses).
rightsreserved
Security Testing
Securitytestingshouldbecarriedoutwhere
y g
possible.Itisrarelypossibletodosecuritytesting
intheliveenvironment,sotestingshouldbe
done in dedicated testing environments or on
doneindedicatedtestingenvironmentsoron
backupsystems,whereavailable,orduringplant
shutdowns.
AllIPenabledcontroldevicesshouldundergo
securitytestingtogainanunderstandingofwhat
services and sorts are available and to provide
servicesandsortsareavailableandtoprovide
assurancethattheydonotpossesanyknown
vulnerabilities.
rightsreserved
Device Connection Procedures
Establishaproceduretoverifythatdevices
are free from virus or worm infections before
arefreefromvirusorworminfectionsbefore
beingconnectedtoprocesscontrolnetworks.
rightsreserved
Chapter # 32
Establish Response
p Capabilities
p
rightsreserved
Establishingformalresponsemanagementprocessesensures
thatanychangestorisksareidentifiedasearlyaspossible
h h k d f d l bl
andanyrequiredcorrectiveactionembarkedonquickly.
FormaProcessControlSecurityResponseTeam(PCSRT)torespondto
suspected security incidents
suspectedsecurityincidents.
Ensurethatappropriateelectronicsecurityresponse,businesscontinuityand
recoveryplansareinoperationforallprocesscontrolsystems.
Ensurethatallelectronicsecurityplansareregularlymaintained,rehearsed
and tested
andtested.
Establishanearlywarningsystemthatnotifiesappropriatepersonnelof
securityalertsandincidents.
Establishprocessesandprocedurestomonitor,assessandinitiateresponses
to security alerts and incidents Possible responses may include: increase
tosecurityalertsandincidents.Possibleresponsesmayinclude:increase
vigilance,isolatesystem,applypatches,ormobilizethePCSRT.
Ensureallprocesscontrolsecurityincidentsareformallyreportedand
reviewedandlessonslearntarecaptured.
rightsreserved
General Response Model Overview
Productivity
SCADA-
SCADA L
Loss (%) Recovery
Inoperability Dynamics
Attack Infrastructure
Input-Output
Response
Model (IIM) time
Model Econ. Loss ($)

Purpose:
1)Mapcyberintrusioneventstomacroeconomicinoperabilityeffects
2)IntegrateSystemDynamicsmodelwiththeInoperabilityInputOutput
Model(IIM)forcomprehensiveandtractableimpactanalysis
3)Usescenariosofcyberattack,informationsecurity,infrastructureresilience
andemergencymanagementsystemstoderivesupply anddemand
side perturbations for IIM economic and inoperability impact analysis
sideperturbationsforIIMeconomicandinoperabilityimpactanalysis
4)Understandtheroleofpublicresponsetoindustryeventsinshaping,
amplifyinganddampeningeconomicimpact
5) Develop means by which the efficacy of candidate risk management
5)Developmeansbywhichtheefficacyofcandidateriskmanagement
strategiescanbequantitativelyevaluated
rightsreserved
General Response Model Framework
Cyber SCADA-Infrastructure Response Model

Demand
Attack Intrusion Process Product Public Perturbatio
on Dynamics Disruption Disruption Response n
SCADA
System
Process Control
Physical Sector
IIM
Manipulation
Coupling Inoperability
Supply
Cyber Risk Physical Effects Economic Perturbatio
S
Scenarios
i P
Propagation
ti I
Inoperability
bilit n
Network Recovery Regional

Security
i Dynamics
i Risk
i k
Strategies Management Management
Recovery
Dynamics
Risk Management
g
rightsreserved
Chapter # 33
Improve Awareness & Skills
rightsreserved
Toincreaseprocesscontrolsecurityawarenessthroughoutthe
organizationandtoensurethatallpersonnelhavetheappropriate
knowledgeandskillsrequiredtofulfilltheirrole.
Increaseawareness
Engagewithseniormanagementtoensurethatthebusinessimplicationsof
processcontrolsecurityrisksareunderstoodandthereforehelpachievebuyinfor
managementoftheserisks.
Establishawarenessprogramstoincreasegeneralsecurityunderstanding.These
p g g y g
programswillhighlightsecurityresponsibilities,drawattentiontocurrentthreats
andincreasevigilance.
Buildthebusinesscasetosupporttheprocesscontrolsecurityprogram.
rightsreserved
Establish training frameworks
CoachITpersonneltodevelopanappreciationandunderstanding
oftheprocesscontrolsystemsandtheiroperatingenvironments,
highlightingthedifferencesbetweenthesecurityofprocess
controlsystemsandITsecurity.
DevelopappropriateITsecurityskillswithinprocesscontrolteams
and/orprovideappropriateITsupportservices.
Successfultrainingincludesdetailsabout:
Howisriskapplied?
Impactstologfiles,authenticationattempts,successiveconnections,
tracefiles
Generationofalertsand/oremails
f l d/ l
Bandwidthconsiderations
Frequencyofscansfortroubleshooting
Falsepositiveremediation
False positive remediation
rightsreserved
Develop working relationship
EstablishlinksbetweenITsecurityandprocesscontrolteams
tobuildworkingrelations,shareskills,andfacilitate
knowledgetransfer.
rightsreserved
Chapter # 34
Manage Third Party Risks
rightsreserved
Toensurethatallsecurityrisksfromvendors,supportorganizations
andotherthirdpartiesaremanaged:
d th thi d ti d
Identifythirdparties
Identifyallthirdparties,includingvendorsandserviceproviders,andallotherlinks
inthesupplychainthatareassociatedwiththeprocesscontrolsystems.
Manageriskfromvendors
M i kf d
Ensurethatsecurityclausesaredetailedinallprocurementcontractspriorto
agreements.
Engagewithallvendorsonanongoingbasistoensurethatanycurrentandfuture
discoveriesofvulnerabilitieswithinthesystemsthattheysupplyareidentifiedand
y y pp y
notifiedpromptlytotheuserorganization.
Requestvendorstoprovidesecurityguidancefortheircurrentcontrolsystemsand
asecurityroadmapforfuturesystemdevelopment.
Ensurethatallvendorsincorporateappropriateantivirusprotectionwithintheir
process control systems
processcontrolsystems.
Establishwiththevendoraneffectivesoftwarepatchingprocess.
Agreewiththevendorsystemhardeningproceduresfortheprocesscontrol
systemsinoperation.
Undertakeregularsecurityreviewsandauditsofallvendors.
Undertake regular security reviews and audits of all vendors
rightsreserved
What Risk Level Is Acceptable?
Aligning the right context of assets that relate back to the business is
mandatory. Otherwise, data may not be meaningful or actionable by
management
Focusing on certain vulnerabilities will enable a working group to
ensure that the strategy will address the existingcommunities
vulnerabilities of greatest concern.
Byy reporting
p g on groups
g p of
assets that are defined from
a business viewpoint, the
metrics suddenly take on an
importance to the decision
makers.
rightsreserved
M
Manageriskfromsupportorganizations
i kf t i ti
Undertakeregularriskassessmentsofsupportorganizationsandensure
anyrequiredcountermeasuresareimplemented.
Preventaccesstotheprocesscontrolsystemsbysupportorganizations
Prevent access to the process control systems by support organizations
untilappropriatemeasurestopreventorreducepotentialsecurity
breacheshavebeenimplemented.Issueandagreeacontractdefiningthe
termsoftheconnection.
Engagewithallsupportorganizationsonanongoingbasistoensurethat
anycurrentandfuturediscoveriesofvulnerabilitieswithintheirsystems
thatinteractwiththeenterpriseprocesscontrolsystemsareidentified
and notified to the user organization
andnotifiedtotheuserorganization.
Manageriskinthesupplychain
Engagewithanyorganizationlinked
totheprocesscontrolsystems
throughthesupplychainto
provideassurancethattheir
process control security risks are
processcontrolsecurityrisksare
managed.
rightsreserved
Chapter # 35
Engage Projects
rightsreserved
Dealingwithsecurityrisksbyintegratingprotectionmeasuresintothe
projectdevelopmentprocessesatanearlystageismoreeffective,avoids
overrunsandisusuallylesscostly.
Identifyandengageallprojectsthathaveprocesscontrolsystemsimplicationsatanearly
stage of their development
stageoftheirdevelopment.
Ensurethatasecurityarchitectisappointedasasinglepointofaccountabilityforsecurityrisk
managementforthefulllifecycleoftheproject.
Ensurestandardsecurityclausesandspecificationsareincorporatedinallprocurement
contracts.
t t
Includesecurityrequirementsinthedesignandspecificationofprojectsandensurethatall
appropriatesecuritypolicesandstandardsareadheredto.
Undertakesecurityreviewsthroughouttheprojectdevelopmentlifecycle,forexample,atthe
sametimeashealthandsafetychecksaredone.
h lh d f h k d
Planforsecuritytestingatkeypointsofthelifecycle(e.g.tender,commissioning,factory
acceptancetesting,commissioningandduringoperations).
rightsreserved
Chapter # 36
Establish Ongoing Governance
rightsreserved
An
Aneffectivegovernanceframeworkprovides
effective governance framework provides
clearrolesandresponsibilities,anuptodate
policy and standards for managing process
policyandstandardsformanagingprocess
controlsecurityrisks,andassurancethatthis
policy and standards are being followed
policyandstandardsarebeingfollowed.
Definerolesandresponsibilities
Appointasinglepointofaccountabilityforprocesscontrolsecurityrisks.
pp g p y p y
Definerolesandresponsibilitiesforallelementsofprocesscontrol
security.
Obtainseniormanagementsupportforprocesscontrolsystemsecurity.
rightsreserved
Developpolicyandstandards
Define,document,disseminateandmanageunderchangecontrol,formalpolicyand
standardsforprocesscontrolsystemsecurity.Ensurethatthepolicyandstandards
accuratelyreflecttheorganizationalrequirements,supportbusinessrequirementsand
areagreedtobyallrelevantparties.
Identifyimpactsoflegalandregulatoryrequirementsonprocesscontrolsecurity.Ensure
Identify impacts of legal and regulatory requirements on process control security Ensure
thatthesearebuiltintothepolicyandstandards.
Ensureprocesscontrolsystemsecuritypracticesalignwiththebusinessandoperational
needs.
Ensurecompliancewithpolicyandstandards
Ensure compliance with policy and standards
Implementanassuranceprogramtoensurethattheprocesscontrolsystempolicyand
standardsarecompliedwithonacontinuousbasis.
Updatepolicyandstandards
Establishanongoingprogramtoensurethattheprocesscontrolsecuritypolicyand
standardsareregularlyreviewedupdatedinlinewithcurrentthreatsandchangesin
legalandregulatoryrequirementsandchangesinthebusinessandoperational
requirements.
rightsreserved
Th k Y
ThankYou
real time visual control

Scada PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Scada PDF

Uploaded by

Copyright:

Available Formats

Certified Associate in PLC & SCADA

Thank you for choosing SEECSNUST & BIS CAPS

SCADA Practitioner, Professional HMI Designer

Instructor: Zeeshan Qamar

Chief Designer SCADA HMI

Buraq Integrated Solutions

Saudi Arabia (Jeddah,

Address 8 bits Station Address

Name Length Function

Start 1 char starts with colon ( : ) (ASCII value is 3A hex)

Address 2 chars Station Address

Object Type ANALOG INPUT

Present Value 72.3

Status Flags Out-of-Service

High Limit 78.0

BACnet LAN: Ethernet, ARCNET, LonTalk, MS/TP, LonTalk or BACnet/IP

Components of SCADA Systems

Iron-Constantan 850 1,100

Chromel-Constantan 700 1,000

Chromel-Alumel 1,100 1,300

Tungsten-Molybdenum* 2,600 2,650

Functions Performed by SCADA

Working with PLC

When bit B3:0/0 is on or off; the motor will be energized or deenergized

Ladder Logic Solution

SCADA HMI OPENCONTROL

Real Time Control on Mouse Click

To: Manufacturing Execution System (MES),

Remote Station 1 Remote Station 2

OpenControl SCADA Network Architecture

Graphical Client group Info +Active Tag Data Base Buffer

OPC Connector DB/XML Connector

provides connectivity to various

The BIA answers three questions,

The BIA also establishes the objectives for recovery

Model Econ. Loss ($)

Cyber SCADA-Infrastructure Response Model

Network Recovery Regional

real time visual control

You might also like