Safe OPC Tunnelling to Connect OT to IT

Protocols used to connect industrial equipment don’t work well over a network, making it difficult to connect Operations Technology (OT) to Information Technology (IT) through a reliable a secure connection

  • Safe OPC Tunnelling to Connect OT to IT
    Safe OPC Tunnelling to Connect OT to IT

There is hidden treasure in data. Companies that adopt Industrie 4.0 and the technologies of IoT (Internet of Things) are discovering this. Among other things, they derive value from getting data from their plants into their corporate offices in real time. Connecting OT (Operations Technology) to IT (Information Technology), though, must be both reliable and secure. 

Sharing data through secure connection

When control engineers at ABB working on a secure power plant in Italy wanted to share data between the plant and the corporate office, they needed a highly reliable and secure connection. “Customers are very sensitive about security these days since they need to exchange information on the Internet,” said the project manager. “We had OPC DA servers on our equipment, but found that using DCOM for networking was too risky. It required us to open too many ports in our firewalls. We had to find a way to avoid using DCOM.”

The OPC DA protocol is used to connect industrial equipment, but it does not work well over a network. OPC DA uses DCOM, which is difficult to configure, and not secure because it requires opening several firewall ports. To solve this problem, the ABB team implemented OPC tunnelling using the Cogent DataHub from Skkynet.

Tunnel connection configured

The engineering team connected a Cogent DataHub to the OPC server running on the plant, and configured a tunnel connection out to another DataHub running in the office, which was connected to the corporate LAN. The DataHub tunnel provides an SSL-encrypted TCP connection, as well as a way to make an outbound connection from the plant, keeping all firewall ports closed. The two DataHubs mirror the data, so that every data change received by the DataHub on the plant LAN is immediately sent to the DataHub on the corporate LAN, and from there to the central data-handling system. The data connection is bidirectional, so that supervisory commands can be sent from the office system to the plant, if necessary.

The protocol for the tunnel itself is DHTP (DataHub Transfer Protocol), which is designed for data connectivity and communication for Industrial IoT applications. It consumes minimal bandwidth at the lowest possible latency, and can support hundreds of interconnected data sources and users. It adds virtually no latency to the data transmission, and guarantees consistency of data, preserved through multiple interconnections. 

Seamless connection

By seamlessly integrating OPC and DHTP, the DataHub tunnel allows the OPC server and client to remain connected, even when the network connection drops, and immediately updates the data when the connection is restored. This combination of security and reliability is why the ABB team chose the DataHub for their OT to IT connection.

“For us, this OPC tunnel is very good, because we only need to open one port on the IT side, and we are secure from DCOM hassles and break-ins,” said the project manager. “We are considering installing this same solution in our top plants.”

Graduated in political sciences and international relations in Paris, Anis joined the team in early 2019. Editor for IEN Europe and the new digital magazine AI IEN, he is a new tech enthusiast. Also passionate about sports, music, cultures and languages. 

More articles Contact