Terafence MBsecure Installation And Configuration Manual

Terafence MBsecure

Installation and Configuration Manual

PN: PartNumber-TBD-001

Contents

Introduction .................................................................................................................... 1

Background ............................................................................................................................ 1

Definitions and Acronyms ..................................................................................................... 2

About this Manual ................................................................................................................. 3

Safety First ....................................................................................................................... 3

Warnings and Precautions ..................................................................................................... 3

Labels and Symbols ............................................................................................................... 3

TF_MBsecure solution diagram: ....................................................................................... 4

Solution Highlights:................................................................................................................ 4

MBsecure Panels .............................................................................................................. 5

Front Panel ............................................................................................................................ 5

Rear Panel .............................................................................................................................. 5

MBsecure Installation ...................................................................................................... 6

What’s in the box .................................................................................................................. 6

Installing MBsecure ............................................................................................................... 6

Configuring MBsecure ........................................................................................................... 8

Technical Specifications ................................................................................................. 10

Hardware ............................................................................................................................. 10

Environmental Conditions ................................................................................................... 10

Limited Warranty ........................................................................................................... 10

Warranty Card ..................................................................................................................... 10

Appendix A: MBSecure Configuration Sheet ................................................................... 11

-1-

Introduction

Background

MODBUS is a serial communications protocol originally published in 1979 by Schneider Electric (formerly known as Modicon) for use with its programmable logic controllers (PLC). MODBUS has become a de facto standard communication protocol and is now a commonly available means of connecting industrial electronic devices. The main reasons for the use of MODBUS in the industrial environment are:

• developed with industrial applications in mind

• openly published and royalty-free

• easy to deploy and maintain

• moves raw bits or words without placing many restrictions on vendors

MODBUS enables communication among many devices connected to the same network, for example, a system that measures temperature and humidity and communicates the results to a computer. MODBUS is often used to connect a supervisory computer with a remote terminal unit (RTU) in supervisory control and data acquisition (SCADA) systems. Many of the data types are named from industry usage of Ladder logic and its use in driving relays: a single-bit physical output is called a coil, and a single-bit physical input is called a discrete input or a contact.

Supervisory Controls and Data Acquisition (SCADA) protocols are communications protocols designed for the exchange of control messages on industrial networks. Over the past three decades, several hundred of these protocols have been developed for serial, LAN, and WANbased communications in a wide variety of industries including petrochemical, automotive, transportation, and electrical generation/distribution.

SCADA MODBUS is the most widely used SCADA Protocol. There are many variants of MODBUS protocols:

MODBUS RTU

Used in serial communication and makes use of a compact, binary representation of the data for protocol communication. The RTU format follows the commands/data with a cyclic redundancy check checksum as an error check mechanism to ensure the reliability of data. MODBUS RTU is the most common implementation available for MODBUS. A MODBUS RTU message must be transmitted continuously without inter-character hesitations. MODBUS messages are framed (separated) by idle (silent) periods.

MODBUS ASCII

Used in serial communication and makes use of ASCII characters for protocol communication. The ASCII format uses a longitudinal redundancy check checksum. MODBUS ASCII messages are framed by leading colon (":") and trailing newline (CR/LF).

MODBUS TCP/IP or MODBUS TCP

Used for communications over TCP/IP networks, connecting over port 502. It does not require a checksum calculation, as lower layers already provide checksum protection.

-2-

MODBUS over TCP/IP or MODBUS over TCP or MODBUS RTU/IP

Differs from MODBUS TCP in that a checksum is included in the payload as with MODBUS RTU.

MODBUS over UDP

Some have experimented with using MODBUS over UDP on IP networks, which removes the overheads required for TCP.

MODBUS Plus (MODBUS+, MB+ or MBP)

Proprietary to Schneider Electric and unlike the other variants, it supports peer-to-peer communications between multiple masters. It requires a dedicated co-processor to handle fast HDLC-like token rotation. It uses twisted pair at 1Mbit/s and includes transformer isolation at each node, which makes it transition/edge-triggered instead of voltage/level-triggered. Special hardware is required to connect MODBUS Plus to a computer, typically a card made for the ISA, PCI or PCMCIA bus.

Pemex MODBUS

Extension of standard MODBUS with support for historical and flow data. It was designed for the Pemex oil and gas company for use in process control and never gained widespread adoption.

Enron MODBUS

Extension of standard MODBUS developed by Enron Corporation with support for 32-bit integer and floating-point variables and historical and flow data. Data types are mapped using standard addresses. The historical data serves to meet an American Petroleum Institute (API) industry standard for how data should be stored.

Terafence MBsecure (currently supporting only RTU over MODBUS TCP/IP or MODBUS TCP) allows network architects to interconnect network segments of unequal security classification without exposing the secure network to hacking attacks. The secure network (or segment) is physically isolated (at OSI Layer 1) from the less secure segment.

Data is transmitted downstream untouched. Terafence MBsecure unit acquires MODBUS data from sensors and PLCs over TCP/IP and

responds to the HMI with the acquired data. At no time physical access to the PLC is available to any device on the HMI network side.

Definitions and Acronyms

Acronym/Term

Definition

ASCII

American Standard Code for Information Interchange

HMI

Human-Machine Interface

Internet Protocol

Module A

MBsecure Module connected to Programmable Logic Controller.

Module B

MBsecure Module connected to HMI

PLC

Programmable Logic Controller

RTU

Remote Terminal Unit

TCP

Transmission Control Protocol

-3-

Acronym/Term

Definition

SCADA

Supervisory Controls and Data Acquisition

UDP

User Datagram Protocol

About this Manual

This document provides instructions for pre-installation site survey, operation, troubleshooting, and maintenance of MBsecure system.

This document uses various types of messages. An explanation of each type, in the appropriate format, is given below.

NOTE A note provides important information, emphasizing or supplementing the

main text. The information does not relate directly to issues that might cause injury to patients or users, or damage to the system.

CAUTION! A caution provides information relating to issues that might cause injury to

patients or users, or damage to the system.

Safety First

CAUTION! Unpack and use the device in a dry environment.

CAUTION! Read this document carefully before using the device.

CAUTION! The device has no user-serviceable parts. Do not open the covers!

Warnings and Precautions

CAUTION! Be sure to follow the Power Supply polarity labels on the rear panel. Switching

the poles may cause damage to the device.

Labels and Symbols

Symbol

Description

Keep dry

+ 9 hidden pages

Terafence MBsecure Installation And Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual