system description for communication - siemens€¦ · system description for communication remote...

System Description for Communication

Remote Access to SIMATIC Stations via WAN

Overview Document, System Description, Selection Criteria

Warranty, Liability and Support

WAN Access Methods Entry ID: 26662448

V1.0 12/04/2008 2/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Note The Application Examples are not binding and do not claim to be complete regarding the circuits shown, equipping and any eventuality. The Application Examples do not represent customer-specific solutions. They are only intended to provide support for typical applications. As a user you are responsible for ensuring that the described products are correctly used. These application examples do not relieve you of the responsibility to use sound practices in application, installation, operation and maintenance. By using these Application Examples you accept that Siemens is not liable for any damages except for those specified in the above liability clause. We reserve the right to make changes to these Application Examples at any time without prior notice. If there are any deviations between the recommendations provided in this application example and other Siemens publications – e.g. Catalogs – the contents of the other documents have priority.

Warranty, Liability and Support

We do not accept any liability for the information contained in this document.

Any claims against us – based on whatever legal reason – resulting from the use of the examples, information, programs, engineering and performance data etc., described in this example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of a condition which goes to the root of the contract (“wesentliche Vertragspflichten”). However, claims arising from a breach of a condition which goes to the root of the contract shall be limited to the foreseeable damage which is intrinsic to the contract, unless caused by intent or gross negligence or based on mandatory liability for injury of life, body or health. The above provisions do not imply a change of the burden of proof to your detriment.

Copyright© 2008 Siemens I IA/DT. It is not permissible to transfer or copy these examples or excerpts of them without first having prior authorization from Siemens I IA/DT in writing. If you have any questions concerning this document please e-mail us to the following address:

[email protected]

mailto:[email protected]�

Preface


V1.0 12/04/2008 3/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Preface

Introduction Today’s communication options in the automation environment cannot remain restricted to the location of the plant. Global communication options are core requirement and necessity in all layers of automation technology.

The communication structure of modern plants must enable integrated data exchange between various plant component as well as between worldwide working maintenance personnel and the plants.

The SIMATIC environment with its standardized interfaces offers a homogenous environment to ensure a safe communication within a plant. For connecting locally disconnected plant parts, cable-based as well as wireless options via private or public networks are available.

Basic knowledge of basics and properties of the usable communication options is important as a selection aid for each application case.

Problems during remote accesses to SIMATIC stations From the user’s or planner’s viewpoint, the following questions may often arise when designing plants and their communication solutions:

• Which communication option (cable-based / wireless) is available as a platform for the planned automation solutions?

• Which transport mechanism (dialup network / package transfer) is available / can be selected?

• Are there preferred protocols which must be used based on the communication partner?

Purpose of the document The reader of this document shall be able to gain an overview of the available communication options and communication solutions for its application.

Basic information on the available WAN interfaces shall enable the project engineer to make a selection of the communication options used in the project, taking into consideration the plant-specific criteria.

Furthermore, this document provides argumentation aids regarding the introduced WAN configurations.

Preface


V1.0 12/04/2008 4/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Delimitation This document contains

• no suggestions on “large company concepts”

• neither product-oriented nor activity-oriented solutions, the description in the SIMATIC family is restricted to the usable product group / families.

• no detailed explanation on telecontrol systems (e.g. SINAUT, SICAM, Vicos, etc., or solutions such as S7 Teleservice).

• no detailed consideration of costs, performance measurement regarding products or services.

Structure of this document The document is divided into the following parts.

Table 0-1

Components

Description

1. User scenarios in the WAN environment This chapter gives an overview of the structural setup of the communication options in the WAN. This describes explicitly the correlation between cable-based and wireless communication tools and the correlation between package-based and dialup-based communication methods.

2. Network accesses for WAN networks This chapter serves as selection aid for the WAN accesses available in SIMATIC. Furthermore it serves as jump distributor in the WAN configurations that can be used with WAN access.

3. WAN configurations in the SIMATIC environment This chapter comprises a collection of summaries trying to explain in a short and comparable form the individual communication solutions.

Reference to the Automation and Drives Service & Support This article is from the Internet application portal of the Automation and Drives Service & Support. The following link takes you directly to the download page of this document.

http://support.automation.siemens.com/WW/view/en/26662448

http://support.automation.siemens.com/WW/view/en/26662448�

Preface


V1.0 12/04/2008 5/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Table of Contents

Table of Contents ......................................................................................................... 5

Basic Information ......................................................................................................... 6

1 User Scenarios in the WAN environment..................................................... 6 1.1 Communication principles................................................................................. 7 1.2 Model for WAN communication ........................................................................ 9 1.3 User scenarios................................................................................................ 11

Network access variants............................................................................................ 13

2 Network Access for WAN Networks ........................................................... 14 2.1 Categorizing the WAN network accesses....................................................... 15 2.2 Connection-oriented data transfer via radio networks .................................... 17 2.3 Connection-oriented data transfer via cable-based networks......................... 20 2.4 Package-oriented data transfer via radio networks ........................................ 24 2.5 Package-oriented data transfer via broadband networks ............................... 29

WAN Configurations................................................................................................... 34

3 WAN Configurations in the SIMATIC Environment ................................... 35 3.1 Categories of viewed WAN configurations ..................................................... 36 3.2 Configuration 1: RS485 connection with dialup connection via modem ......... 38 3.3 Configuration 2: RS485 connection with dialup connection via radio modem 42 3.4 Configuration 3: Ethernet connection with dialup connection via modem....... 46 3.5 Configuration 4: Ethernet connection with dialup connection via radio modem51 3.6 Configuration 5: Ethernet connection via package-based broadband networks56 3.7 Configuration 6: Ethernet connection via package-based radio networks ...... 62 3.8 Configuration 7: Secure Ethernet connection via package-based broadband

internet access ........................................................................................... 69 3.9 Configuration 8: Secure Ethernet connection via package-based mobile phone

internet access ........................................................................................... 77

Bibliography................................................................................................................ 85

4 Notes on Additional Information ................................................................. 85 4.1 Internet Links .................................................................................................. 85

5 History ........................................................................................................... 86

User Scenarios in the WAN environment


V1.0 12/04/2008 6/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Basic Information

Content This part of the document provides basic information on the topic of data communication and its application in the WAN communication.

Note WAN = Wide Area Network

1 User Scenarios in the WAN environment

Introduction The reasons for planning and integrating WAN interfaces in plants are manifold.

Some examples are:

• The access to plant components for the purpose of error repair or maintenance.

• Access to data of the controller or the systems in order to monitor or visualize the plant status.

• The notification of e.g. service personnel through the plant in order to report defined pant statuses.

• Quality assurance or resource planning through superordinate systems.

Developer / planner (as user of this document) decides which communication system fulfills the set requirements for the plant specific requirements.

The document on hand supports the user in recording which communication options exist and which communication scenarios are possible for his application and which are necessary.

Note The concepts viewed here are restricted to individual and cost-efficient solutions for integrating individual plants / machines to the WAN. Large company concepts for connecting entire company sites including the respective security efforts are not discussed here.



V1.0 12/04/2008 7/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

1.1 Communication principles

Introduction This chapter describes the common principles and methods of a WAN communication.

Communication in the data communication The following table shows the communication relations which also occur with SIMATIC S7. Table 1-1

Communication relationship

Logic relationship Description

1 : 1 Communication

Point-to-point communication

two end nodes communicate with each other directly

1 : n communication Point-to-net communication

an end node communicates with a network with a many different nodes.

n : m communication Net-to-net communication

two networks of different size communicate with each other. A node of each network or all nodes of the networks can communicate with each other here.

Each of the communication used in the SIMATIC is based on these relationships. They also apply independent on the applications used on these relationships.

Apart from the pure, abstract communication relations, further, more technical frame conditions (e.g. infrastructure, technology, etc.) must be considered for the data communication which can impact this communication.



V1.0 12/04/2008 8/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Technical restrictions A technical differentiation criteria and frame conditions for the data communication the following points must be considered.

• the physical connection Here principally two different technologies exist for connecting a communication partner to a WAN, which are:

– the cable-based connection, and

– the wireless connection (radio technology).

Both of these technologies can be combined in general and must be applied depending on the application case and the availability.

• the transfer type Here two different principles can be differentiated which are decisive for the communication of two partners in WAN.

– the package-oriented data transmission (IP-based), or

– the dialup-based (connection-based) data transfer (PSTN / ISDN).

A direct combination of both principles is generally not possible.



V1.0 12/04/2008 9/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

1.2 Model for WAN communication

Introduction To yield a sensible and manageable division of the task for WAN communication it is necessary to divide the total tasks.

When considering the numerous cases of communication options a model results which can be used for a division and later evaluation.

Overview of the communication model The following model shows the WAN communication in the SIMATIC environment. Figure 1-1

Package-based Transmission

Package-based Transmission ISPISPISPISP

“Network Access”“Network Access”

“Application Scenarios”“Application Scenarios”

Dialup Connection

WAN access component

WAN access component

Interface Interface

“Systems”“Systems”

Plant /Station B

Plant /Station ALogic Connection

SIMATIC SIMATIC



V1.0 12/04/2008 10/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Viewing the levels in the model The displayed model consists of 3 levels: Table 1-2

Level Description

Application scenarios

In the SIMATIC environment the functions used by the user can be divided into few groups. These are: • HMI, • reporting • remote maintenance and • data transfer. In a real application these groups are mostly necessary in combination in order to fulfill the requirements.

Network access The network access can be defined by: • the physical interface • the transfer methods • the possible communication bandwidth. Selecting the suitable network access based on the requirements is decisive for the application.

Systems In today’s version, SIMATIC offers a number of interfaces and modules which use these network accesses. They enable communicating with other devices via various communication media and via different services and applications.

The mentioned levels are only treated in the listed order in this document.



V1.0 12/04/2008 11/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

1.3 User scenarios

Graphical display of tasks in WAN communication The next representation shows the communication structures and their application cases common in the SIMATIC environment. Figure 1-2

1

2

3

HMI / Remote Maintenance

Reporting

Data Transfer

Plant

System

1 23

3

Control Center / Mobile Service

Public Networks

During plant operation there are different requirements for the communication depending on the application.


WAN Access Methods Beitrags-ID: 26662448

V1.0 12/04/2008 12/86

Copyright © Siemens AG 2008 All rights reserved 26662448_WAN_Zugriffsmethoden_V01_en.doc

Fehler! Unbekannter Name für Dokument-Eigenschaft.

Application cases in the SIMATIC environment It is necessary to divide the application cases into user scenarios to be able to categorize the requirements of the WAN communication for SIMATIC. Table 1-3

Pic. Scenario Description Examples

HMI • Operation and monitoring of plants and systems

• Cyclic or event-controlled displays and logging of process values OP functions with WinCC, WinCC flexible or MP/TP/OPs, etc..

Reporting • Reporting of defined plant statuses PG/OP functions with STEP7,

E-mail / SMS via ISP / SP, etc.

Remote

maintenance • Programming and diagnosis of plants or controllers PG functions with STEP 7,

STEPS and SIMOTION SCOUT,

Data transmission • Transmission of data records between plants

• Transmission of data from / to servers • Transmission of management data and saved protocols

e.g. S7 protocols based on ISO-on-TCP; TCP/IP or UDP/IP protocol; FTP.



V1.0 12/04/2008 13/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Network access variants

Content In the following chapter of the document we show you the various current possibilities to connect a WAN network to SIMATIC.

Network Access for WAN Networks


V1.0 12/04/2008 14/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

2 Network Access for WAN Networks

Introduction In this chapter we describe and evaluate the WAN network access options available at the time of generating this document.



V1.0 12/04/2008 15/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

2.1 Categorizing the WAN network accesses

Representation Based on the communication principles explained in chapter 1.1 the following combination cases result:

Table 2-1

Network type

Radio Cable-based Connection-based

Tran

smis

sion

IP-based (package-based)

• Connection-oriented data transfer via radio networks

• Connection-oriented data transfer via cable-based networks

• Package-oriented data transfer via radio networks

• Package-oriented data transfer via cable-based networks

In the next chapters we look at and evaluate these network access types.



V1.0 12/04/2008 16/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Evaluation criteria for network accesses In order to compare and view the different WAN network accesses it is necessary to use the next subchapters.

Table 2-2

Criterion Description

Overview At the beginning we provide an overview of the technologies as well as the introduction into the individual network access variants.

Connection Here we illustrate the required hardware and the interface(s) which can be used by the SIMATIC.

Performance data With the performance data we show you • how fast, • how many data, • on how many connections, can be transferred at once.

Perspectives When planning a network access the future perspective of a network access is important. In order to evaluate this we consider • how the technology in this area is developed

further, and • which potential can still be used.



V1.0 12/04/2008 17/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

2.2 Connection-oriented data transfer via radio networks

Symbol Figure 2-1

Introduction Radio networks do not only consist of radio data transmission. Radio networks used today only consist of a meshed network of radio base stations.

End devices register at the radio network via individual base stations. You use the cable or radio connection of the base station in the meshed network with which the end device is connected.

If an end device changes the radio cell, then the end device is transferred bumpless from one radio cell to the next. This process is referred to as roaming.

GSM CSD (Circuit Switched Data) The “Global System for Mobile Communications” is a standard for fully digital mobile radio network. The standard principally serves for telephone, a part of the specification also serves for circuit switched data communication (CSD).

GSM is the first standard of the 2G (second generation) and the mobile radio standard with the most common worldwide distribution. GSM is the direct successor of the analog mobile radio standard which is common until then.

It is the aim of this standard to create a Europe-wide voice service of the landline network via mobile radio which is compatible with the common ISDN or PSTN. GSM was introduced in Germany in 1992.

According to the details of the GSA (General Service Administration) in 2007

• approx. 2 billion GSM-capable end devices are in operation,

• up to 1 million end devices have been sold

• worldwide up to 670 GSM mobile radio networks are in operation in over 200 countries or areas.



V1.0 12/04/2008 18/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Connection For the data transfer via GSM CSD different device types are available. For example:

• GSM modems (e.g. the TC65i, the SINAUT MD720-3 GSM/GPRS),

• GSM remote systems and

• GSM mobile phone with modem function.

For connection to the SIMATIC controller there are serial interfaces such as the RS232 (EIA-232) interface.

Performance data Maximum data transmission rate: depending on the transmission quality the maximum data transmission rate varies between

• 9.6 Kbit/s and

• 14.4 Kbit/s

The maximum number of connection for data transmission is

• 1 per device.

Perspectives for GSM-CSD The development of GSM in the area of voice transmission, which the CSD area is a part of, is complete. Further developments hence increased performance cannot be expected.

Within the framework of GSM package-oriented services are in use which offer considerably more potential and a similar distribution.

In some regions, especially in the USA, the CSD services have already been switched off by the mobile radio providers.



V1.0 12/04/2008 19/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Applicable configurations This WAN access can be utilized with these configurations: Table 2-3

Utilization as active nodes

• Configuration 2: RS485 connection with dialup connection via radio modem • Configuration 4: Ethernet connection with dialup connection via radio modem

Utilization as target node

• Configuration 1: RS485 connection with dialup connection via modem • Configuration 2: RS485 connection with dialup connection via radio modem • Configuration 3: Ethernet connection with dialup connection via modem • Configuration 4: Ethernet connection with dialup connection via radio modem



V1.0 12/04/2008 20/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

2.3 Connection-oriented data transfer via cable-based networks

Symbol Figure 2-2

Introduction The largest cable-based WAN networks are telephone networks. Telephone refers to communication systems which are designed for handling telephone calls. The usual designation for this is called Public Switched Telephone Network, or also PSTN.

Modern telephone networks are available in two variants as

• analog telephone network (also referred to as POTS) and as

• ISDN (Integrated Services Digital Network)

Both variants can be used for data transfer. A connection between the analog telephone network and the ISDN network for data transmission is not possible without problems due to the respectively different protocols and methods (analog / digital). As opposed to the data communication, the voice transmission is possible without problems.

In practice telephone connections without dialup connection, so-called dedicated lines, are used on top of dialup connections. Dedicated lines are used for both telephone network variants.

Decisive for this category is that the route selection for the connection already occurs during the connection establishment.

Analog telephone network The analog telephone network works with the analog transmission of tone signals.

For the transmission of digital information these data are modulated to the possible carrier frequency in the range of 300 Hz to 3400 Hz.

The modulation of the digital data comes in different standards of the ITU, the current versions are

• V.34 (up to) with Trellis-Code modulation according to the Shannon theorem (restriction of the data transmission bandwidth to 30 – 40 kbit/s for pure analog telephone networks with a bandwidth of 3.1 kHz)



V1.0 12/04/2008 21/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

• V.90 / V.92. using the digital return channels in digitalized telephone networks enables reaching higher band widths. (these standards are also known as K56flex)

In Germany, by the end of 2006, a total of 55.23 million telephone connections are in operation. (including ISDN)

Worldwide there are approx. 4 billion telephone connections.

ISDN ISDN (Integrated Services Digital Network) is a digital network which can transfer voices as well as data. ISDN enables two data transfer types where here only the circuit switched data transfer is considered. (The package-oriented service is known under the name DATEX P)

The standard of ITU used in circuit switched data transfer is X.75. The standard describes the connection-oriented digital data transfer to ISDN networks which do not require any modulation of data to a carrier signal. The data is transformed in the used protocols alone.

Today X.75 is the widest distributed standard for data communication via ISDN in Europe. This standard enables, amongst other things, bundling several channels which increases data throughput.

In Germany, by the end of 2006, a total of 12.65 million ISDN basic connections and 113,000 ISDN primary multiplex connections had been in operation. This makes approx. 1/3 of all telephone connections of the Federal Republic of Germany.

With 10% the worldwide distribution of ISDN is very low. Even in industrial nations outside Europe ISDN connections are an exception. In the emerging markets ISDN is not widely distributed.



V1.0 12/04/2008 22/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Comparing the WAN network accesses Table 2-4

Analog telephone network ISDN

Com

pone

nts

Required components: • Modem (Modulator / Demodulator) (analog)

also as component of other devices, e.g. a notebook computer • ISDN card with DSS1 connection (ISDN) • TS-adapter (analog / ISDN) • Ethernet router (analog / ISDN) Possible interfaces for SIMATIC • RS232 (EIA232) • MPI/PROFIBUS • Industrial Ethernet

Per

form

ance

dat

a

Depending on standard and quality of the line, transfer rates of: • V.34: 33.6 kBit/s (Send / Receive) • V.90: 33.6 kBit/s Send

56 kBit/s Receive • V.92: 48 kBit/s Send

56 kBit/s Receive are possible. Maximal number of lines for data transfer: • 1 simultaneous data connection per

line connection

A B channel (a normal ISDN connection has 2 B channels) can use up to 64 kBit/s (Send/Receive). Maximal number of lines for data transfer: • 1 - 30 simultaneous data connections

(B channels) per connection (possible for primary multiplex connection)

For maximum bundling a band width of up to 2 Mbit/s (Send / Receive) is possible. ISDN connection with 2 B channels achieves up to 128 kBits/s.

Pers

pect

ives

Due to the large extent of digitalization in PSTN networks no further developments in the area of connection-oriented communication is expected in the telecommunication sector. Telecommunication networks today are, due to the development of broadband technology, increasingly used as carrier medium of package-based data services such as DSL. As an alternative for using broadband networks the data transmission via radio networks is on the increase.



V1.0 12/04/2008 23/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Applicable configurations These WAN accesses can be utilized with these configurations: Table 2-5


• Configuration 1: RS485 connection with dialup connection via modem • Configuration 3: Ethernet connection with dialup connection via modem

Utilization as target node

• Configuration 1: RS485 connection with dialup connection via modem • Configuration 2: RS485 connection with dialup connection via radio modem • Configuration 3: Ethernet connection with dialup connection via modem • Configuration 4: Ethernet connection with dialup connection via radio modem



V1.0 12/04/2008 24/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

2.4 Package-oriented data transfer via radio networks

Symbol Figure 2-3

Basics Current radio networks are capable, apart from the connection-oriented transmission of telephone conversations to also offer package-based data services.

With the progress in satellite technology a well established satellite radio network has developed. Satellite radio networks are like mobile radio networks capable of transferring package-oriented data.

Apart from the communication-oriented satellite radio networks, satellite supported data services are also developed for the mobile internet connection.

All of these services use the TCP/IP protocol as a basis in order to react flexibly to wait times and to enable simple portability.

A huge advantage of package-oriented data transfer is that the costs are not charged for the duration of the connection but according to the effectively transferred data volume.

In this chapter we consider:

• GPRS (General Packet Radio Service)

• EDGE (Enhanced Date Rates for GSM Evolution),

• UMTS (Universal Mobile Telecommunications System)

• Broadband via satellite.

GPRS / EDGE / UMTS as passive coupling partner Package-oriented mobile radio networks with the exception of satellite networks generally work with private network addresses separated from the internet by NAT. This is required in order to minimize the IP addresses used on the internet. For this reason, a direct access from the internet to a device of the mentioned mobile radio networks is not possible. Some mobile radio providers offer provider-specific solution options.



V1.0 12/04/2008 25/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

GPRS GPRS is based on the GSM networks of current mobile radio networks. As opposed to the dialup-based CSD connections, GPRS mobile devices are permanently connected with the base station. (The so-called always-on mode) .

Apart from the standard components of the GSM networks, the radio network requires interfaces for GPRS for package forwarding via ISPs to the internet or to company networks. Many of the active GSM mobile radio networks support GPRS.

EDGE EDGE is a further development of the GSM networks. It expands the technology by an additional modulation method. EDGE exists parallel to the previous GSM services. In the area of data communication EDGE expands the GPRS standard to E-GPRS or the HSCSD standard to ECSD.

EDGE can with little expenses be integrated into existing GSM networks. So far EDGE has been introduced in 75 countries, in Switzerland a population coverage of 99%.

UMTS The GSM hence GPRS of the 2G (2nd generation) mobile radio network corresponds to the UMTS of the 3G (3rd generation) mobile radio network. Similar as ISDN, UMTS is a communication service with additionally integrated services. Apart from the audio and video surveillance UMTS can also use messaging and information services.

UMTS is not compatible with GSM due to using different frequency areas and differentiated access methods. Furthermore, operating a UMTS network requires a much higher density of radio base stations than for GSM networks. Therefore a new network must be set up for UMTS. At the moment it is not available in wide-area coverage.

In 2007, 180 3G networks worldwide are active with approx. 200 million stations, which is 7% of all mobile radio providers.

Distribution of the 3G stations worldwide:

• 48% Europe (e.g. Italy with 20 million users)

• 45% Asia



V1.0 12/04/2008 26/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Internet via Satellit The most current variant of the wireless connection to the internet is the internet connection via satellite, access to which is provided by the providers. This is particularly ideal for remote regions or those unavailable for broadband technology.

To variants are offered for the internet via satellite technology. These are

• Access with return line via telephone and

• Access with return path via satellite.

The technology for using internet via satellite is available. The availability, hence that of a provider depends on the footprint and hence of the availability of the used satellite.

Comparison of the four technologies The table on the next page contains a comparison of the four selected, package-based data transfer methods via radio networks.


WAN Access Methods Beitrags-ID: 26662448

V1.0 12/04/2008 27/86

Copyright © Siemens AG 2008 All rights reserved 26662448_WAN_Zugriffsmethoden_V01_en.doc

Fehler! Unbekannter Name für Dokument-Eigenschaft.

Table 2-6

GPRS EDGE UMTS Internet via satellite

Com

pone

nts

The following GPRS-capable end devices are available: • SINAUT MD 740-1, • GSM/GPRS modem or • GPRS capable GSM mobile

phones. Ethernet lends itself as an interface for the SIMATIC.

The following EDGE-capable end devices are available: • SINAUT MD 741-1, • GSM/EDGE modem or • EDGE-capable GSM mobile

phones. Ethernet lends itself as an interface for the SIMATIC.

UMTS end devices are available in three categories. • UMTS mobile phones, • UMTS PCCard / Express

Card or • UMTS Ethernet router. Ethernet lends itself as an interface for the SIMATIC.

Using internet via satellite requires these components: • Data-capable LNC / BUC • Satellite modem • UMTS Ethernet router. Ethernet lends itself as an interface for the SIMATIC.

Per

form

ance

dat

a

The maximum transfer rate is: • 8.0 - 20.0 kit/s, per time slot • For current devices and their

assignable time slots as well as their bundling a maximum of 55.6 kbit/s are possible as of 2007.

• When bundling all 8 time slots up to 171.2 kbit/s are theoretically possible. (Shared Media)

The maximum transfer rate is: • 59.2 kbit/s per channel/user • For current devices and their

assignable channels as well as their bundling a maximum of 220 kbit/s downstream and 110 kbits/s upstream are possible.

• When bundling all channels up to 473 kbit/s are theoretically possible. (Shared Media)

The maximum transmission rates depend on the used methods. FDD mode 384 kbit/s downstream. (according to release 1999) TDD mode (HSDPA) Theoretical: 14.4 Mbit/s gross or 10.8 Mbit/s net downstream Practically: 1.4 Mbit/s or 5.1 Mbit/s (planned) downstream

The maximum transmission rates are very much depending on the available band-width of the satellite and the used return channel. • For a return channel via

setellite up to 1024 kbit/s downstream and 128 kbit/s upstream

• For a return channel via telephone / ISDN or DSL light up to 24 Mbit/s downstream

can be reached.

Per

spec

tives

The development of earth supported mobile data transmission is continued as follows. Currently the following developments can be observed: • WiMAX: Worldwide Interoperability for Microwave Access is a synonym for IEEE802.16 in 2 / 11 or 10

GHz area. The development of new standards in the mobile radio area promises a higher data bandwidth for lower wait time.

With the further commissioning of telecommunication satellites for the data communication the availability (more footprints) and performance of the data transmission increases.



V1.0 12/04/2008 28/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.



• Configuration 6: Ethernet connection via package-based radio networks • Configuration 8: Secure Ethernet connection via package-based mobile

phone internet access Utilization as target node

• Configuration 5: Ethernet connection via package-based broadband networks • Configuration 6: Ethernet connection via package-based radio networks • Configuration 7: Secure Ethernet connection via package-based broadband

internet access • Configuration 8: Secure Ethernet connection via package-based mobile

phone internet access



V1.0 12/04/2008 29/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

2.5 Package-oriented data transfer via broadband networks

Symbol Figure 2-4

Basics For package-oriented cable-based WAN networks the following are used as carrier media

• broadband-capable telephone networks as well as

• broadband-capable networks such as the network of the cable television or power networks

Due to the high quality standard of the modern networks far more bandwidths can be transferred than used in the original usage area.

Separated frequency bands outside of the original usage area are used for data transfer. To transfer data

• from the provider to the end device (downstream) and back

• from the end device to the provider (upstream)

separate frequency bands are used.

The next figure shows a scheme of the different usage of frequency bands using the example of DSL via telephone networks.

Figure 2-5

ISDN

AnalogesTelefon

0 – 138 kHz

ADSL Upstream

ADSL Downstream

138 – 276 kHz276 – 1104 kHz

….

ISDN

Ana

log

Tele

phon

e

Frequencyrange in kHz

0 – 138 kHz

ADSL Upstream

ADSL Downstream

138 – 276 kHz276 – 1104 kHz

….

All broadband networks use a comparable method, even if the used frequency bands can be placed differently.



V1.0 12/04/2008 30/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

DSL via telephone line DSL, the Digital Subscriber Line, was developed as method at the end of the 80s, early 90s of the 20th century. This development was favored by fast signal processors with very high computing power, which is required for processing the transferred data. In the course of the development more and more powerful processors, hence more powerful variants of DSL were developed, which are also referred to as xDSL. Currently DSL variants can either be transferred via dedicated line, without voice transmission, or via ISDN or analog telephone connection.

DSL is not available in wide-area coverage. This is due to the fact that two important requirements must be fulfilled for DSL.

1. A copper cable must be laid. An FO connection, common in NGN (Next Generation Network) does not work.

2. The distance between the station and the next DSLAM (Access Multiplexer) must not exceed 3 – 4 km. With increasing dampening of the data signals the transmittable data bandwidth is decreased.

In May 2007 there were approx. 200 million DSL connections worldwide, which corresponds to 65% of all broadband connections.

Today in Europe alone there are:

• 15 million DSL connections in Germany.

• 14 million DSL connections in France.

• 11 million DSL connections in the UK.



V1.0 12/04/2008 31/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Internet via cable television networks Since due to the described limitations the telephone networks are subject to large restrictions, alternatives are searched in other networks.

An alternative is the cable network of the cable television. This network was designed with the standardization so that a large frequency spectrum is transferred with little noise. Since this frequency spectrum is not used up completely, free frequency bands can be used for data transfer. Since in metropolitan areas cable TV networks are available on a large scale, these networks are suitable for broadband data transfer.

Due to the expansion and restructuring of the existing cable network with fiber-optic cables the HFC (Hybrid Fiber Coax) method was made possible. With this method it is possible for a station to additionally receive and send data via its coaxial TV connection. End of 2006 there were approx. 57 million cable internet connections using cable modems. This represents approx. 30% of all broadband connections in the OECD states.

Approx. half of all cable internet connection has been installed in the US alone. Further states with a high proportion of broadband connection via cable television networks are

• Austria and

• Switzerland.



V1.0 12/04/2008 32/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Comparison of both network types The next table contains the comparison between the data transmission via telephone networks with DSL and cable TV networks with internet access.

Table 2-8

DSL via telephone line Internet via cable TV network

Com

pone

nts

The local connection requires the following hardware: • A splitter, for separating the

telephone and DSL signals. • A modem for modulating the data • A DSL/ cable router with Ethernet

connection. Ethernet lends itself as an interface for the SIMATIC. For the transmission either • the PPPoE protocol or • the P2PTP protocol are used.

For the local connection to a cable connection the following hardware is required: • A cable modem, which supports the

DOCSIS version (data over cable service interface specification) of the cable network provider.

• A DSL/ cable router with Ethernet connection.

The modem supports encoding according to DES with a key length of 56 bit. Ethernet lends itself as an interface for the SIMATIC.

Per

form

ance

dat

a

The most common DSL variants are: • SDSL (Symmetrical DSL) with up to

3 Mbit/s downstream / upstream • ADSL (Assymetric) with up to 8

Mbit/s downstream and 1 Mbit/s upstream

• ADSL2+ (with dynamic negotiation) with up to 25 Mbit/s downstream and 3.5 Mbit/s upstream

• VDSL / VDSL2 (Very high data rate) with theoretically up to 210 Mbit/s downstream / upstream

Currently used cable modems support a data rate of up to 36 Mbit/s downstream / upstream. Theoretically data rates of up to 100 Mbit/s are possible. Since cable networks are a shared medium, the band width is distributed to all connected stations. The more stations have simultaneous access to the network, the less bandwidth is available for the individual station.

Pers

pect

ives

The expansion of cable TV networks outside Germany increases its potential and the availability for data transmission. The expansion of VDSL technology is in full swing, however, the limitations regarding the wide-area distributions remain.



V1.0 12/04/2008 33/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.



• Konfiguration 5: Ethernet Anbindung über paketorientierte Breitbandnetze • Konfiguration 7: Gesicherte Ethernet Anbindung über paketorientierte

Breitband Internet Zugänge Utilization as target node

• Konfiguration 5: Ethernet Anbindung über paketorientierte Breitbandnetze • Konfiguration 6: Ethernet Anbindung über paketorientierte Funknetzwerke • Konfiguration 7: Gesicherte Ethernet Anbindung über paketorientierte

Breitband Internet Zugänge • Konfiguration 8: Gesicherte Ethernet Anbindung über paketorientierte

Mobilfunk Internet Zugänge



V1.0 12/04/2008 34/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

WAN Configurations

Content In this chapter we illustrate to you individual scenarios for the WAN connection of SIMATIC components.

WAN Configurations in the SIMATIC Environment


V1.0 12/04/2008 35/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

3 WAN Configurations in the SIMATIC Environment

Introduction In the course of this chapter we introduce individual communication scenarios as described in chapter 1.2 and evaluate them regarding their applicability in the SIMATIC environment.

The evaluation of the individual configurations occurs subjectively, an evaluation based on numbers is not possible due to the continuously changing framework conditions.



V1.0 12/04/2008 36/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

3.1 Categories of viewed WAN configurations

In order to monitor all possible WAN configurations makes sense to divide all possibilities. To achieve this

• the physical connection,

• the transmission type

• as well as the bus structure used in SIMATIC are also considered

in groups.

In this chapter these configurations close to SIMATIC are considered:

Table 3-1

Network type

Cable-based Radio

RS485 connection with dialup connection

via modem

RS485 connection with dialup connection

via radio modem

Con

nect

ion-

base

d

Ethernet connection with dialup connection

via modem

Ethernet connection with dialup connection

via radio modem

Ethernet connection via package-based

broadband networks


radio networks Tran

smis

sion

IP-b

ased


broadband networks

Secure Ethernet connection via package-

based radio networks



V1.0 12/04/2008 37/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Evaluation criteria for WAN configurations Comparing and viewing the different WAN configurations requires evaluation criteria which are used in all WAN configurations.

The following criteria are used for the module variants.

Table 3-2

Criterion Description

Application in the SIMATIC system

At the beginning we show you the application options of WAN configuration in the SIMATIC spectrum with • HMI • reporting • remote maintenance and • data transfer.

Quantitative cost situation

With the quantitative cost situation we illustrate which cost factors for • procurement and • operation of the communication must be expected.

Availability and reliability

Successful operation requires the availability and reliability of the communication. With these criteria we show you how this affects the different communication paths.

Security For communication, especially via public networks, the security of the data and the communication itself is important. Here we show you the possible measures that can be taken in the appropriate configuration.



V1.0 12/04/2008 38/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

3.2 Configuration 1: RS485 connection with dialup connection via modem

Introduction into the configuration This configuration shows the connection of two SIMATIC components by means of a dialup connection via the landline using a TS adapter.

Configuration Figure 3-1

TS adapteropt. with modem

MPI/PB Network

ModemPSTNPSTN

PC/PG

Page AEnd Device A WAN Interface A

Page BWAN Interface B End Device B

Modem

I/O

OH AA RD TD TR CD CSEC DC V34 K56FAXMSG MRK56FLEX

Employed bus systems The used bus system of the TS adapter can be either

• the MPI network or

• the PROFIBUS

Applicable data connections For data transmission, telephone connections are used which are switched by the PSTN via

• ISDN

• analog telephone lines or

• a GSM-CSD modem (externally connected at the TS adapter)

Note GSM-CSD modems can be configured for the application with both telephone systems, since a compatible protocol is available for both systems.



V1.0 12/04/2008 39/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Page A: component variants / parts lists Table 3-3

End device A WAN Interface A Comment

PG/PC with teleservice

software

Modem (Analog / ISDN)

A standard modem is connected to the PC as a modem. The protocols / methods • V 34 up to, V90 / V92 or K56flex (for

analog), • X.75, V.110 or V.120 (for ISDN) are supported.

Controller / network TS adapter (analog / ISDN)

Possible SIMATIC modules: • TS adapter I (additionally analog / ISDN

modem) 6ES7972-0CA3*-0XA0

• TS adapter II (analog) 6ES7972-0CB35-0XA0

• TS adapter II (ISDN) 6ES7972-0CB35-0XA0

(depending on the respective partner station)

Page B: component variants / parts lists Table 3-4

End device B WAN interface B Comment






(depending on the respective partner station) Controller / network TS adapter <>

GSM-CSD modem If the partner station can only be reached via a mobile radio network, a GSM-CSD modem can be connected via the serial interface to the TS adapter. A GSM-CSD modem for this application from the SIMATIC spectrum is the: • GSM kit TC65T

6AG1011-1CC00-0AA0 (CSD for analog modems or the protocol V.110 for ISDN modems are supported)



V1.0 12/04/2008 40/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Application in the SIMATIC system This configuration is suitable for the application in the SIMATIC environment as follows: Table 3-5

SIMATIC service Evaluation Comment

Operator control and monitoring.

HMI functions are restricted to the transfer of configurations to end devices.

Diagnostics Diagnostic options are given which are only restricted due to the available bandwidth and reaction time of the connection.

Reporting The SMS function enables reporting diagnostic events through the user program to the SMS-capable end devices.

PG functions PC functions are possible. The bandwidth is sufficient for programming and monitoring of block statuses.

Data transmission The transmission of data is only possible between controllers which are connected via TS adapter.

Note Here only the application with the SIMATIC TS adapter is considered.

Modules of other providers can show other functions which would lead to a different evaluation.



V1.0 12/04/2008 41/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Evaluation of the configuration Table 3-6

Criterion Evaluation


Regarding the costs the following points must be considered: • Procurement costs for TS adapter, TS software

and if necessary modem. • The basic costs for the used telephone

connections. • The cost of calls during the data connection.

Payment occurs per time unit, i.e. irrespective of the data volume.


Analog telephone connections are available worldwide. The global usage is guaranteed. Due to the fixed telephone connection the communication partner is bound by the location. The configuration is very reliable regarding its usage and distributed worldwide.

Security To secure the data connection two functions can be used: • The Call Back function, to ensure that only

authorized stations can use the function. The modem only calls back preconfigured telephone numbers

• Login password to enable a secure authentication. The data transfer itself is secured by the used protocols, the communication is not protected against bugging.



V1.0 12/04/2008 42/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

3.3 Configuration 2: RS485 connection with dialup connection via radio modem

Introduction into the configuration This configuration shows the connection of two SIMATIC components by means of a dialup connection via the mobile radio network using a TS adapter.


MPI/PB NetworkCSD Modem

PSTNPSTNPC/PG



TS-Adapteropt. with Modem

Employed bus systems The used bus system of the TS adapter can be either

• the MPI network or

• the PROFIBUS

Applicable data connections A telephone connection via GSM-CSD is established for data transfer. The TS adapter of the communication partner can be connected to the PSTN via

• ISDN


• a further GSM-CSD modem (externally connected at the TS adapter)




V1.0 12/04/2008 43/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




software

GSM-CSD modem

The employed modem is a GSM-CSD modem connected to the PC such as: • GSM kit TC65T

6AG1011-1CC00-0AA0 • SINAUT MD720-3 GSM/GPRS

6NH9720-3AA00

(CSD for analog modems or the protocol V.110 for ISDN modems)

Controller / network TS adapter <> GSM-CSD modem

Possible SIMATIC modules: • TS adapter I

6ES7972-0CA3*-0XA0 • TS adapter II (analog)

6ES7972-0CB35-0XA0 • TS adapter II (ISDN)

6ES7972-0CB35-0XA0 A possible GSM-CSD modem is the: • GSM kit TC65T

6AG1011-1CC00-0AA0 (CSD for analog modems or the protocol V.110 for ISDN modems)








Controller / network GSM-CSD modem <>

TS adapter

If the partner station can only be reached via the mobile radio network, the TS adapter can be expanded using a GSM-CSD modem. A possible GSM-CSD modem of SIMATIC is the: • GSM kit TC65T


6NH9720-3AA00




V1.0 12/04/2008 44/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




HMI functions are restricted to the transfer of configurations.

Diagnostics Diagnostics options are possible, however, restricted by the very low band width.

Reporting The SMS function enables reporting the diagnostic events through the user program.

PG functions PC functions are possible. The bandwidth is still sufficient for programming and monitoring of block statuses.

Data transmission A transfer of data is only possible between controllers which are connected via TS adapter.

Bandwidth of the CSD modem The evaluation of the SIMATIC application is decided by the maximum data bandwidth of a CSD modem, which is at up to 14.4 kBit/s.

Note Here only the application with the SIMATIC TS adapter is considered.

Modules of other providers can show other functions which would lead to a different evaluation.



V1.0 12/04/2008 45/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Regarding the costs the following points must be considered: • Procurement costs for TS adapters, TS software

and CSD modem. • The basic costs for the used mobile phone card. • The cost of calls during the data connection.

Payment occurs per time unit, i.e. irrespective of the data volume.


GSM are distributed worldwide, however, the CSD service has already been stopped in some networks. Checking the availability of CSD functions at the local provider is therefore necessary. Due to the location-based access to the mobile radio network the communication partner can freely move in the radio field of the base station. If the communication partner is outside of the radio field, a communication cannot take place. The configuration can be used reliably as far as technically viable.

Security To secure the data connection two functions can be used: • The Call Back function, to ensure that only

authorized stations can use the function. The modem only calls back defined telephone numbers




V1.0 12/04/2008 46/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

3.4 Configuration 3: Ethernet connection with dialup connection via modem

Introduction into the configuration This configuration shows the connection of two SIMATIC components by means of a dialup connection. The active communication partner is connected with a TS adapter IE or an Ethernet Dial In/Out Router.


TS adapter IEopt. with modemModem

PSTNPSTNPC/PG



Ethernet network

Modem

I/O

OH AA RD TD TR CD CS EC DC V34 K56FAXMSG MRK56FLEX

Employed bus systems The bus system of the TS adapter IE or the Ethernet Dial In/Out Routers is Industrial Ethernet. The communication is IP-based.

Applicable data connections For data transmission, telephone connections are used which are switched by the PSTN via

• ISDN


• a GSM-CSD modem (externally connected)




V1.0 12/04/2008 47/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Software from V 6.1

Modem (Analog / ISDN) (TS adapter IE)


analog), or • X.75, V.110 or V.120 (for ISDN) are supported.

PG/PC Modem (Analog / ISDN)

(Ethernet Dial In/Out Router)


analog), or • X.75, V.110 or V.120 (for ISDN) are supported depending on the used modem of the Ethernet Dial In/Out Router.

Controller / network Ethernet Dial In/Out Router

(Analog / ISDN)

Here the market offers different modules e.g.: • INAT echoroute, • Westermo ZR-200.

Note Only Ethernet Dial In/Out Router can be employed as gateway between two separate Ethernet networks via a dialup connection.

The TS adapter IE does not support this function in the current variant.



V1.0 12/04/2008 48/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.



Controller / network TS adapter IE (Analog / ISDN)

Possible SIMATIC modules: • TS adapter IE (analog)

6ES7972-0EM00-0XA0 • TS adapter IE (ISDN)

6ES7972-0ED00-0XA0 (Depending on the active station)


TS adapter IE

If the partner station can only be reached via the mobile radio network, the TS adapter can be expanded with a GSM-CSD modem. A GSM-CSD modem of SIMATIC for this application is the: • GSM kit TC65T


6NH9720-3AA00



(Analog / ISDN)



Ethernet Dial In/Out Router

If the partner station can only be reached via the mobile radio network, an additional GSM-CSD modem must be used on top of one of the described Ethernet Dial In/Out routers. A possible GSM-CSD modem of SIMATIC is the: • GSM kit TC65T


6NH9720-3AA00




V1.0 12/04/2008 49/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




HMI functions enable the transfer of configurations.

Diagnostics Diagnostics options are possible, however, restricted by the limited band width.

TS adapter IE The e-mail function enables reporting the diagnostic events through the user program using the TS adapter IE.

Reporting


For Ethernet Dial In/Out routers the message functions are not implemented. Here e-mail functions can only be realized via functions of the advanced CP for example (if necessary internet connection required).

PG functions PC functions are possible. The bandwidth is sufficient for programming and monitoring of block statuses.

TS adapter IE ---

The TS adapter IE does not enable transfer of data in the current variant.

Data transmission


IF Ethernet Dial In/Out Router are used, the function is given IP based via the routers with the bandwidth of the used dialup connection between the routers.

Note For the e-mail function of the TS adapter IE an internet access must be configured in the TS adapter IE.



V1.0 12/04/2008 50/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Regarding the costs the following points must be considered: • Procurement costs for TS adapter and TS software

or the Ethernet Dial In/Out router. • The basic costs for the used telephone connection. • The cost of calls during the data connection.

Payment occurs per time unit, .e. irrespective of the data volume.

• The costs of the ISP for any internet usage. Availability and

reliability Telephone connections are available worldwide. The global usage is guaranteed. Due to the fixed telephone connection the communication partner is bound by the location. The configuration is very reliable regarding its usage and distributed worldwide.

Security To secure the data connection two functions can be used here: • Call Back function, to ensure that only authorized

stations can use the function. The modem only calls back defined telephone numbers




V1.0 12/04/2008 51/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

3.5 Configuration 4: Ethernet connection with dialup connection via radio modem

Introduction into the configuration This configuration shows the connection of two SIMATIC components by means of a dialup connection. The active communication partner is connected with a TS adapter IE or an Ethernet Dial In/Out Router.


CSD Modem

PSTNPSTNPC/PG



Ethernet NetworkTS adapter IEopt. with modem

Employed bus systems The bus system of the TS adapter IE or the Ethernet Dial In/Out Routers is Industrial Ethernet. The communication is IP-based.

Applicable data connections A telephone connection via GSM-CSD is established for data transfer. The TS adapter of the communication partner can be connected to the PSTN via

• ISDN


• a further GSM-CSD modem (externally connected)




V1.0 12/04/2008 52/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Software from V 6.1

GSM-CSD modem (TS adapter IE)

The employed modem is a GSM-CSD modem such as: • GSM kit TC65T.


6NH9720-3AA00


PG/PC GSM-CSD modem (Ethernet

Dial In/Out Router)

The employed modem is a GSM-CSD modem such as: • GSM kit TC65T.


6NH9720-3AA00



<> GSM-CSD modem

Here the market offers different modules e.g.: • INAT echoroute, • Westermo ZR-200. A possible GSM-CSD modem is the • GSM kit TC65T


6NH9720-3AA00


Note Only Ethernet Dial In/Out Router can be employed as gateway between two separate Ethernet networks via a dialup connection.

The TS adapter IE does not support this function in the current variant.



V1.0 12/04/2008 53/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.



Controller / network TS adapter IE (Analog / ISDN)

Possible SIMATIC modules: • TS adapter IE (analog)

6ES7972-0EM00-0XA0 • TS adapter IE (ISDN)

6ES7972-0ED00-0XA0 Controller / network GSM-CSD modem

<> TS adapter IE

If the passive station can only be reached via a mobile radio network, a GSM-CSD modem can be connected to the TS adapter IE via the serial interface. A possible GSM-CSD modem of SIMATIC is the: • GSM kit TC65T


6NH9720-3AA00



(Analog / ISDN)




If the passive station can only be reached via a mobile radio network, a GSM-CSD modem can be connected to the Ethernet Dial In/Out Router via the serial interface. A possible GSM-CSD modem of SIMATIC is the: • GSM kit TC65T


6NH9720-3AA00




V1.0 12/04/2008 54/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




HMI functions enable the transfer of configurations.

Diagnostics Diagnostics options are possible, however, restricted by the limited band width.

TS adapter IE The e-mail function enables reporting the diagnostic events through the user program using the TS adapter IE.

Reporting


For Ethernet Dial In/Out routers comparable functions, e.g. e-mail, must be realized via the Advanced CP (internet connection required).

PG functions

PC functions are possible. The bandwidth is sufficient for programming and monitoring of block statuses.

TS adapter IE ---

The TS adapter IE does not enable transfer of data in the current variant.

Data transmission


IF Ethernet Dial In/Out Router are used, the function is given IP based via the routers with the bandwidth of the connection between the routers.

Bandwidth of the CSD modem The evaluation of the SIMATIC application is decided by the maximum data bandwidth of a CSD modem. It is up to 14.4 kbps.

Note For the e-mail function of the TS adapter IE an internet access must be configured in the TS adapter IE.



V1.0 12/04/2008 55/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Regarding the costs the following points must be considered: • Procurement costs for TS adapter, TS software or

the Ethernet Dial In/Out router and the CSD modem.

• The basic costs for the used mobile phone card. • The cost of calls during the data connection.

Payment occurs per time unit, .e. irrespective of the data volume.

• The costs of the ISP for any internet usage. Availability and

reliability GSM are distributed worldwide, however, the CSD service has in the mean time been stopped in some networks. The function therefore needs to be checked by the local provider. Due to the location-based access to the mobile radio network the communication partner can freely move in the radio field of the base station. If the communication partner is outside of the radio field, a communication cannot take place. The configuration can be used reliably as far as technically viable.

Security To secure the data connection two functions can be used here: • Call Back function, to ensure that only authorized

stations can use the function. The modem only calls back defined telephone numbers




V1.0 12/04/2008 56/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

3.6 Configuration 5: Ethernet connection via package-based broadband networks

Introduction into the configuration This configuration shows the connection of two SIMATIC components by means of broadband networks without security measures.

The Port Forwarding function is used for transferring the data between target router and target station.


GPRS / EDGE / UMTS Router

InternetInternetPC/PG



Ethernet NetworkModem /Ethernet Router

Employed bus systems The bus system is IP-based and fixed to Ethernet. If the used WAN interface is integrated in an end device, it receives a public IP address.

Applicable data connections The communication partners can either be connected via cable-based broadband networks or via package-based radio networks.

A description of the possible partner network-accesses is available in the following chapters:

• 2.4 “Package-oriented data transfer via radio networks” and

• 2.5 “Package-oriented data transfer via cable-based networks”.

Note Only one communication partner with valid Public IP address can be used as target partner.

Stations which are located in NAT protected networks, such as GPRS / EDGE and UMTS, can generally not be used.



V1.0 12/04/2008 57/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Public IP address in the partner station The public IP address of the partner station must be known. It can be realized by means of:

• a fixed IP address which is provided by the ISP, or

• a name via which IP is resolved. A respective service is DynDNS.

If the partner IP address is not known, the port forwarding, hence the WAN configuration, cannot be used.

Port forwarding Port forwarding is a configured function of the target router. This function enables forwarding certain data telegrams to a private network station defined in the configuration. The respective telegrams must be directed to a defined port of the public IP address of the target router.



V1.0 12/04/2008 58/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.



PG/PC Broadband modem A broadband modem is used according to the employed broadband internet access.

PG/PC Ethernet router <>

Broadband modem

The internet connection of the router occurs via a broadband modem, depending on the employed broadband internet access.

Controller / network Ethernet router <>

Broadband modem

In order to connect a network with SIMATIC controllers, which work as passive stations, the router must support the Port Forwarding function. The internet connection of the router occurs via a broadband modem corresponding to the broadband internet access.



V1.0 12/04/2008 59/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.



PG/PC Broadband modem A broadband modem is used according to the employed broadband internet access.

Controller / network Broadband modem <>

Ethernet router

The internet connection of the router occurs via a broadband modem corresponding to the broadband internet access. In order to connect a network with SIMATIC controllers, which work as passive stations, the router must support the Port Forwarding function.

Controller / network Sat modem <>

Ethernet router

SAT connection of the Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network. In order to connect a network with SIMATIC controllers working as passive stations the router must support the Port Forwarding function.

Note In order to connect a controller to the internet a router is always necessary.



V1.0 12/04/2008 60/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




HMI functions enable the transfer of configurations to one station. The test operation is not sensible due to the limitations of the accessible stations.

Diagnostics The diagnostics options are possible, alone the limitation of the number of respectively accessible station restricts this function. A real-time capability is not given due to the high reaction times of the internet.

Reporting Reporting diagnostics events through the user program is only possible with permanent connections to the internet and static addresses.

PG functions PG functions are possible, the number of accessible stations is limited by Port Forwarding. A real-time capability is not given due to the high reaction times of the internet.

Data transmission A configured data transfer is only possible if static public IP addresses are used. Dynamic IP addresses allow for a very limited configuration only. (Unilateral configuration)



V1.0 12/04/2008 61/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Regarding the costs the following points must be considered: • The procurement costs of the used modem and

possibly the Ethernet router. • The basic costs for the used broadband internet

connections. • The calculated data volume

(depending on the used tariff model). The payment occurs time-independent, the costs only depend on the transferred data volume.


(DSL)

DSL internet accesses are widely distributed in the industrial nations, alone the availability in thinly populated regions is limited. Due to the cable-based data access the communication partner is bound by the location. The configuration can be used reliably as far as technically viable.


(Cable internet)

Cable internet access is widely distributed in the industrial nations, in some countries it exceeds the number of DSL (broadband) connections. The available data bandwidth depends on the number of active stations of the medium. Due to the cable-based data access the communication partner is bound by the location. The configuration can be used reliably as far as technically viable.

Security The Internet as a transport medium is unsafe. Since the communication is port based, there is no security against bugging. The enabled ports are furthermore an additional “Point of Attack”, which is not acceptable in critical networks. The operation with Port Forwarding is only sensible over a limited time. Data is not secured against falsification.



V1.0 12/04/2008 62/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

3.7 Configuration 6: Ethernet connection via package-based radio networks

Introduction into the configuration This configuration shows the connection of two SIMATIC components via package-oriented radio networks without security measures.

The Port Forwarding function is used for forwarding the data from target router to target station.






Ethernet NetworkModem /Ethernet Router

Employed bus systems The bus system is IP-based and fixed to Ethernet. If the used WAN interface is integrated in an end device, it receives a public IP address.





Note Only one communication partner with valid Internet Public IP address can be used as target partner.

Stations in NAT protected networks, such as GPRS / EDGE and UMTS, can generally not be used.



V1.0 12/04/2008 63/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




If the partner IP address is not known, the port forwarding, hence the WAN configuration, cannot be used.

Port forwarding Port forwarding is a configured function of the target router. This function enables forwarding certain data telegrams to a private network station defined in the configuration. The respective telegrams must be directed to a defined port of the public IP address of the target router.



V1.0 12/04/2008 64/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.



PG/PC GPRS router For the application with package-based radio networks integrated modules or routers with Ethernet interface are available for the respectively supported service. For GPRS e.g. • MD 740-1

6NH9740-1AA00 PG/PC EDGE / UMTS

router For the application with package-based radio networks integrated modules or routers with Ethernet interface are available for the respectively supported service. For EDGE e.g. • MD 741-1

6NH9741-1AA00 For UMTS different modules of different manufacturers are available on the market.

PG/PC Ethernet router <>

SAT modem

SAT connection requires a SAT modem and a SAT receive / send system, depending on the employed satellite network.



V1.0 12/04/2008 65/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.


Controller / network

GPRS router

For the application with package-based radio networks integrated modules or routers with Ethernet interface are available for the respectively supported service. For GPRS the SIMATIC spectrum offers, e.g. • MD 740-1

6NH9740-1AA00 Controller / network EDGE / UMTS

router For the application with package-based radio networks integrated modules or routers with Ethernet interface are available for the respectively supported service. For EDGE the SIMATIC spectrum offers, e.g. • MD 741-1

6NH9741-1AA00 For UMTS different modules of different manufacturers are available on the market.

Controller / network Ethernet router <>

SAT modem

SAT connection of the used Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network.

Note In order to connect a network with SIMATIC controllers working as passive stations the router must support the Port Forwarding function.



V1.0 12/04/2008 66/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




PC/PG

Broadband modem <>

Ethernet router

The broadband connection of the used Ethernet router occurs via a modem. A broadband modem is used according to the employed broadband internet access.


PC/PG

Sat modem <>

Ethernet router

SAT connection of the Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network.

PC / PG Broadband modem A broadband modem is used according to the employed broadband internet access. Unique identification of the PG/PS requires a fixed IP address.

Note In order to connect a controller to the internet a router is required which supports the Port Forwarding function as passive station.



V1.0 12/04/2008 67/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.



GPRS

EDGE / UMTS


Internet via satellite

HMI functions via package-based radio internet access enable the transfer of configurations to one station. The test mode can not be sensibly used due to the very low bandwidth for GPRS and the very high reaction times such as for internet via satellite.

Diagnostics The diagnostics options are possible, alone the limitation of the number of accessible station restricts this function. Due to the considerable reaction times of the transmission media a real-time capability is not given.

GPRS ---

EDGE / UMTS ---

Reporting


Reporting events through the user program is possible with permanent connections to the internet and static addresses. If functions outside the SIMATIC spectrum are used for reporting events such as e-mail or SMS, other end devices can be used.

GPRS

EDGE / UMTS

PG functions


PG functions are well possible, the number of accessible stations is limited by Port Forwarding. The real-time capability is not given due to the high reaction times of the internet.

GPRS

EDGE / UMTS

Data transmission


A bilaterally configured data transfer is only possible if static public IP addresses are used. If the IP addresses are assigned dynamically or NAT protected, only a unilaterally configured data transfer can be used.



V1.0 12/04/2008 68/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Regarding the costs the following points must be considered: • The procurement costs of the employed GPRS /

EDGE / UMTS router or the Ethernet router and the SAT send and receive system.

• The basic costs for the used mobile phone cards or the SAT connection.

• The calculated data volume (depending on the used tariff model). The payment occurs time-independent, the costs depend on the transferred data volume only.

Availability and reliability (GPRS)

Mobile radio networks with package-based data transfer are widely distributed in the industrialized world. Due to the location-based access to the mobile radio networks the communication partner can freely move in the radio field of the base station. The configuration can be used reliably to a limited extent.


(EDGE / UMTS)

Mobile radio networks with package-based data transmission within the industrialized world are widely distributed, only thinly populated regions have a limited availability. Providers generally either offer UMTS or EDGE. This depends on the local network expansion. Due to the location-based access to the mobile radio networks the communication partner can freely move in the radio field of the base station. The bandwidth hereby be reduced to GPRS level. The configuration can be used reliably as far as technically viable.


(Internet via SAT)

The application of broadband internet via SAT depends on the “footprint” of the used satellite. The configuration can be used reliably as far as technically viable.

Security The Internet as a transport medium is unsafe. Since the communication is port based, there is no security against bugging. The enabled ports are furthermore an additional “Point of Attack”, which is not acceptable in critical networks. The operation with Port Forwarding is only sensible over a limited time. Transferred data is not secured against falsification.



V1.0 12/04/2008 69/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

3.8 Configuration 7: Secure Ethernet connection via package-based broadband internet access

Introduction into the configuration This configuration shows the secure connection of two SIMATIC components via broadband networks. Securing the communication and the transferred data occurs via encoded tunnel connection.


Modem /Ethernet RouterBroadband

Modem




Ethernet Network

VPN Tunnel

Employed bus systems The bus system is IP-based and hence fixed to Ethernet. If the used WAN interface is integrated in an end device, it receives a public IP address.





Note Only one communication partner with valid Internet Public IP address can be used as target partner.




V1.0 12/04/2008 70/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




If the partner IP address is not known a tunnel connection cannot be used.

Tunnel connection A special type of data connection is necessary to secure the data communication between two stations or entire networks.

This data connection type is referred to as tunnel.

The most common tunnel types are:

• PPTP (Point to Point Tunneling Protocol)

• L2TP (Layer 2 Tunneling Protocol)

A tunnel ensures the safe connection and the safe transfer of data.

The tunnel represents no security against bugging attempts by a third party. Protecting the data transmission against bugging by a third party requires encoding the data.

IP encoding methods The most common method for securing data of a communication in the internet is IPsec. It offers:

• a cryptographic protection of the transferred data,

• securing the data integrity and

• authentication of the stations and the used keys.

IPsec support all IP-based communication protocols and services.

In IP version 6, IPsec is a basic component of the protocol standard.



V1.0 12/04/2008 71/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Configuration of the tunnel end points A tunnel connection can be established either between:

• two stations (clients),

• two networks (gateways) or

• one station and one network (client / gateway)

The tunnel connection must be configured identical on both sides in order to establish the connection.

Encoding the data transmission may be part of this configuration.

If tunnels of the described type are established, these are also referred to as Virtual Private Networks VPNs.



V1.0 12/04/2008 72/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

VPN A VPN consists of a configured tunnel connection with two tunnel end points.

Possible tunnel end points are: Table 3-27

Tunnel end point Description

Client A VPN client is a software which can either be • a standard client such as integrated in

Windows XP, • a proprietary tool or • the SOFTNET SECURITY CLIENT Ed. 2008.

6GK1704-1VW02-0AA0 depending on VPN partner station / tunnel end point.

Gateway A VPN Gateway is generally a network component which either works as network access account for the internet access as well as for processing the tunnel connection. The market offers a number of VPN variants, here • a VPN Gateway-capable Ethernet router can

equally be used as • an Ethernet router and a VPN Gateway be

switched in succession. The tunnel connections are here forwarded with Port Forwarding from the router to the Gateway.

The configuration of the VPN Gateways occurs either via a web-based interface or via a proprietary configuration software. Within the SIMATIC spectrum the VPN Gateways (without network access accounts for internet access): • SCALANCE S612

6GK5612-0BA00-2AA3 • SCALANCE S613

6GK5613-0BA00-2AA3 are known.



V1.0 12/04/2008 73/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.



PG/PC with VPN Client

Software

Broadband modem A broadband modem is used according to the employed broadband internet access.


Software

Ethernet router <>

Broadband modem

The internet connection of the router occurs via a broadband modem, depending on the used broadband internet access.

PG/PC


VPN Gateway Ethernet router

<> Broadband modem

The internet connection of the router occurs via a broadband modem, depending on the used broadband internet access.



V1.0 12/04/2008 74/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




PG/PC

Broadband modem<>


The internet connection of VPN Gateways / of VPN Gateway-Router combination occurs via a broadband modem, according to the used broadband internet access.


PG/PC

Sat modem <>


SAT connection of VPN Gateways / of the VPN Gateway-Router combination requires a SAT modem and a SAT receive / send system, depending on the employed satellite network.


Software

Broadband modem A broadband modem is used according to the employed broadband internet access.


Software

Broadband modem <>

Ethernet router

The internet connection of the Ethernet router occurs via a broadband modem, depending on the used broadband internet access. The Port Forwarding function is required for forwarding the tunnel telegrams to the VPN client.


Software

Sat modem <>

Ethernet router

SAT connection of the Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network. The Port Forwarding function is required for forwarding the tunnel telegrams to the VPN client.



V1.0 12/04/2008 75/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




HMI functions enable the transfer of configurations to all stations and networks. The test operation is possible, however, the reduced bandwidth and increased reaction times are only sensible to a limited extend.

Diagnostics Diagnostics options are fully possible. A real-time capability is not given due to the high reaction times of the internet.

Reporting Reporting diagnostics events through the user program is possible for a permanent connection.

PG functions PC functions are fully possible. The real-time capability is not given due to the high reaction times of the internet.

Data transmission Full as well as partially configured data transfer is possible.



V1.0 12/04/2008 76/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Regarding the costs the following points must be considered: • The procurement costs of the used modem, VPN

Gateways, the Ethernet router and possibly the VPN client software.

• The basic costs for the used broadband internet connections.

• The calculated data volume (depending on the used tariff model). Payment occurs time independent, depending on the data volume.


(DSL)

DSL internet accesses are widely distributed in the industrial nations, only the availability in thinly populated regions is limited. Due to the cable-based data access the communication partner is bound by the location. The configuration can be used reliably as far as technically viable.


(Cable internet)

Cable internet access is widely distributed in the industrial nations, in some countries it exceeds the number of DSL (broadband) connections. The available data bandwidth depends on the number of stations of the medium. Due to the cable-based data access the communication partner is bound by the location. The configuration can be used reliably as far as technically viable.

Security The Internet as a transport medium is unsafe. Since the communication through the tunnel is IPsec secured, maximum security is provided against bugging and data falsification



V1.0 12/04/2008 77/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

3.9 Configuration 8: Secure Ethernet connection via package-based mobile phone internet access

Introduction into the configuration This configuration shows the secure connection of two SIMATIC components via package-based radio networks. Securing the communication as well as the transferred data occurs via encoded tunnel connection.






Modem /Ethernet Router

Ethernet Network

VPN Tunnel

Employed bus systems The bus system is IP-based and hence fixed to Ethernet. If the used WAN interface is integrated in an end device, it receives a public IP address.





Note Only one communication partner with valid Internet IP address can be used as target partner.




V1.0 12/04/2008 78/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




If the partner IP address is not known a tunnel connection cannot be used.

Tunnel connection A special type of data connection is necessary to secure the data communication between two stations or entire networks.

This data connection type is referred to as tunnel.

The most common tunnel types are:

• PPTP (Point to Point Tunneling Protocol)

• L2TP (Layer 2 Tunneling Protocol)

A tunnel ensures the safe connection and the safe transfer of data.

The tunnel represents no security against bugging attempts by a third party. Protecting the data transmission against bugging by a third party requires encoding the data.

IP encoding methods The widest distributed method for securing data of a communication in the internet is IPsec. It offers:

• a cryptographic protection of the transferred data,

• securing the data integrity and

• authentication of the stations and the used keys.

IPsec support all IP-based communication protocols and services.

In IP version 6, IPsec is a basic component of the protocol standard.



V1.0 12/04/2008 79/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Configuration of the tunnel end points A tunnel connection can be established either between:

• two stations (clients),

• two networks (gateways) or

• one station and one network (client / gateway)

The tunnel connection must be configured identical on both sides in order to establish the connection.

Encoding the data transmission may be part of this configuration.

If tunnels of the described type are established, these are also referred to as Virtual Private Networks VPNs.



V1.0 12/04/2008 80/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

VPN A VPN consists of a configured tunnel connection with two tunnel end points.

Possible tunnel end points are: Table 3-32

Tunnel end point Description

Client A VPN client is a software which can either be • a standard client such as integrated in

Windows XP, • a proprietary tool or • the SOFTNET SECURITY CLIENT Ed. 2008.

6GK1704-1VW02-0AA0 depending on VPN partner station / tunnel end point.

Gateway A VPN Gateway is generally a network component which either works as network access account for the internet access as well as for processing the tunnel connection. The market offers a number of VPN variants, here • a VPN Gateway-capable Ethernet router can

equally be used as • an Ethernet router and a VPN Gateway be

switched in succession. The tunnel connections are here forwarded with Port Forwarding from the router to the Gateway.

The configuration of the VPN Gateways occurs either via a web-based interface or via a proprietary configuration software. Within the SIMATIC spectrum the VPN Gateways (without network access accounts for internet access): • SCALANCE S612

6GK5612-0BA00-2AA3 • SCALANCE S613

6GK5613-0BA00-2AA3 are known.



V1.0 12/04/2008 81/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Software

GPRS modem / router

When using a GPRS module as modem.

PG/PC

Steuerung / Netzwerk

VPN Gateway GPRS router

The SIMATIC product family offers a router with VPN Gateway functionality and Ethernet interface. For GPRS this is • MD 740-1

6NH9740-1AA00


Software

EDGE / UMTS modem / router

When using an EDGE capable module as modem.

PG/PC


VPN Gateway EDGE / UMTS

router

The SIMATIC product family offers a router with VPN Gateway functionality and Ethernet interface. For GPRS / EDGE this is • MD 741-1

6NH9741-1AA00 For UMTS different modules are available on the market.


Software

Ethernet router <>

SAT modem PG/PC



<> SAT - modem




V1.0 12/04/2008 82/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Software

Broadband modem The broadband connection of PC occurs via a broadband modem, depending on the employed broadband internet access.


PG/PC

Broadband modem <>


In order to connect a network with SIMATIC controllers, which work as passive stations, the router must be configured as VPN Gateway corresponding to the partner Gateway. The internet connection of the Ethernet router occurs via a broadband modem, depending on the employed internet access.


Software

Broadband modem <>

Ethernet router

For forwarding the tunnel telegrams to the VPN client the router used for the internet connection must support the Port Forwarding function. The internet connection of the Ethernet router occurs via a broadband modem, depending on the employed internet access.


PG/PC

Sat modem <>




Software

Sat modem <>

Ethernet router

SAT connection of the Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network. The Port Forwarding function is required for forwarding the tunnel telegrams to the VPN client.



V1.0 12/04/2008 83/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.



GPRS

EDGE / UMTS



HMI functions via package-based radio internet access enable the transfer of configurations to all stations of the network. The test mode is not sensible due to the very low bandwidth for GPRS and the very high reaction times such as for internet via satellite.

Diagnostics Diagnostics options are well possible. Due to the high reaction times of the transmission media a real-time capability is not given.

GPRS

EDGE / UMTS

Reporting


Reporting events through the user program is possible for a permanently established VPN. If functions outside the SIMATIC spectrum are used for reporting events such as e-mail or SMS, other end devices can be used.

GPRS

EDGE / UMTS

PG functions


PC functions are possible. The real-time capability is not given due to the high reaction times of the internet.

GPRS

EDGE / UMTS

Data transmission


Data transmission is fully possible if the VPN has been continuously built up.



V1.0 12/04/2008 84/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.




Regarding the costs the following points must be considered: • The procurement costs of the employed GPRS /

EDGE / UMTS router / modem, the Ethernet router and the SAT send and receive system.

• The basic costs for the used mobile phone cards or the SAT connection.

• The calculated data volume (depending on the used tariff model). The payment occurs time-independent, the costs depend on the transferred data volume only.

Availability and reliability (GPRS)

Mobile radio networks with package-based data transfer are widely distributed in the industrialized world. Due to the location-based access to the mobile radio networks the communication partner can freely move in the radio field of the base station. The configuration can be used reliably to a limited extent.


(EDGE / UMTS)

Mobile radio networks with package-based data transmission within the industrialized world are widely distributed, only thinly populated regions have a limited availability. Providers generally either offer UMTS or EDGE, which depends on the local network expansion. Due to the location-based access to the mobile radio networks the communication partner can freely move in the radio field of the base station. The bandwidth hereby be reduced to GPRS level. The configuration can be used reliably as far as technically viable.


(Internet via SAT)

The application of broadband internet via SAT depends on the “footprint” of the used satellite. The configuration can be used reliably as far as technically viable.

Security The Internet as a transport medium is unsafe. Since the communication through the tunnel is IPsec secured, maximum security is provided against bugging and data falsification

Notes on Additional Information


V1.0 12/04/2008 85/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

Bibliography

4 Notes on Additional Information

4.1 Internet Links

This list is not complete and only represents a selection of relevant literature. Table 4-1

Topic Title \1\ Reference to

this entry Applications & Tools WAN Access Methods http://support.automation.siemens.com/WW/view/de/26662448

\2\ Siemens A&D Customer Support

Communication with SIMATIC http://support.automation.siemens.com/WW/view/de/1254686


SCALANCE S and SOFTNET Security Client http://support.automation.siemens.com/WW/view/de/21718449


Industrial Communication SIMATIC NET Industrial Ethernet network manual system manual http://support.automation.siemens.com/WW/view/de/27069465


TS Adapter IE http://support.automation.siemens.com/WW/view/de/24623021


TS Adapter II http://support.automation.siemens.com/WW/view/de/20983182

http://support.automation.siemens.com/WW/view/de/26662448�












History


V1.0 12/04/2008 86/86

Cop

yrig

ht ©

Sie

men

s A

G 2

008

All

right

s re

serv

ed

2666

2448

_WA

N_Z

ugrif

fsm

etho

den_

V01_

en.d

oc

Fehl

er! U

nbek

annt

er N

ame

für D

okum

ent-E

igen

scha

ft.

5 History Table 5-1 History

Version Date Modification

V1.0 04.12.2008 First issue

system description for communication - siemens€¦ · system description for communication remote...

Documents