Page 14

Industrial Ethernet Book 105

WeConfig network management software enables central configuration and management of devices. and requirements for the project. This included fast communication performance, multiple routing ports per device, high MTBF periods, extended temperature ranges and very low power consumption,” said Rénald Marmet, project engineer at BKW Energie. “Another factor was the operation and parameterisation of the networking hardware via the WeOS operating system. Also, the extremely efficient and time-saving update capability provided by the WeConfig network management software, which enables the central configuration and management of all Westermo devices,” he added The main control network incorporates the AWA control centre in the capital, Berne, and further control centres at the water locks, Thun and Interlaken, each with one SCADA server and redundant controller. The control centres connect to 29 substations (measuring points). Eight SCADA clients access these servers. There is also a SCADA server located in the hydropower plant, providing BKW employees with access. Westermo networking technology allows all data to be transferred in real-time between the participating sites. Should an emergency arise, this enables those responsible to take the appropriate measures immediately to ensure the best possible protection against flooding. Also, maintenance and software updates for all the installed Westermo networking devices can be performed easily and quickly with just a few mouse clicks. In total, Westermo provided thirty of its RFIR-227 Industrial Routing Switches, twentyseven VDSL Routers, twenty-five MRD-4554G Mobile Routers, thirty-five Lynx 210-F2G Managed Ethernet Switches with Routing Capability, thirty-six L110-F2G Industrial Layer SOURCE: WESTERMO -2 Ethernet Switches, and over eighty 100 Mbps and 1 Gbps SFP fibre optic transceivers via multimode and single-mode fibre for distances up to 80km. Greater network redundancy The three control centres all have two firewall routers connecting them to the internet providers and enabling them to receive or set up the IPsec and OpenVPN tunnels. There are also two redundant Siemens Simatic S7-400 controllers installed in a demilitarized zone (DMZ) and a WinCC SCADA server connected to the local network. The AWA SCADA station has the same design, but without the control functionality. BKW took care not only to create network redundancy, but also to set up redundant routes to the internet providers. The VDSL routers use the service provider Swisscom, and the MRD-455 4G mobile radio routers are equipped with SIM-cards from Sunrise. The heart of the main network, the three control centres and the AWA control centre, are linked by IPsec-VPN Tunnels and Generic Routing Encapsulation (GRE) and form the automation backbone via Open Shortest Path First (OSPF) technology. The result of this is that even should there be simultaneous connection failure to an internet provider in one location and the other provider at another station, or the total failure of one provider, communication between all centres, the connected remote stations and the remote access by BKW or AWA is still possible. For increased safety, the external zones are segmented further. The service technicians can connect to the control centres through an OpenVPN tunnel and have access to all measuring stations on the network. There are two different types of measuring stations. The high availability station consists of two completely separate networks. Each PLC is installed 'behind' a Westermo Lynx 210 device, which acts as a firewall and establishes the connection to the control centre via an OpenVPN tunnel. The redundant internet access is provided either via a VDSL router, which is connected to Swisscom, or a MRD-455 with Sunrise as the provider. A standard station has only one PLC with a Lynx 210 acting as a firewall router and building the VPN tunnels in parallel via the two internet routers. Security requirements As well as network redundancy, security was also part of the requirements to guarantee high communication availability. The network implemented provides the necessary security in accordance with recommendations found in the BDEW whitepaper and IEC-62443 standard. The outstations not only form their own zone, but other areas are also segmented where necessary. The network for the SCADA servers in the control centres is also decoupled from the backbone using two VRRP routers. The flood defense system now has one of the most modern data communication systems in Switzerland. Explaining why this is so important to AWA, Dr. Bernhard Wehren said: “Protection against flooding must be guaranteed at all times. Depending on the meteorological or hydrological situation, the availability of the required measured values is critical." Because access to the measuring stations in the extensive regions of the canton is generally very time-consuming, network device failures and communication interruption must be kept to a minimum. It is therefore extremely important that all components of the communication systems meet the highest standards, offer extreme reliability and can be upgraded to meet new requirements. “We were able to simplify processes, make them secure, redundant and transparent for the engineering department via VPN connections. This contributes significantly to the simple, safe and efficient maintenance of the system,” Marmet said. “Thanks to the extensive cooperation with Westermo network engineers, we were able to create the ideal solution that meets all requirements and was delivered on time. Reliable networking technologies have given AWA and BKW the opportunity to build individual data communication solutions for critical industrial applications, while providing scalable, future-proof applications. The solution also offers all involved a high degree of investment security.” Application Report by Westermo. Applications 14 industrial ethernet book 4.2018


Industrial Ethernet Book 105
To see the actual publication please follow the link above