system description for communication - siemens€¦ · system description for communication remote...
TRANSCRIPT
System Description for Communication
Remote Access to SIMATIC Stations via WAN
Overview Document, System Description, Selection Criteria
Warranty, Liability and Support
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 2/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Note The Application Examples are not binding and do not claim to be complete regarding the circuits shown, equipping and any eventuality. The Application Examples do not represent customer-specific solutions. They are only intended to provide support for typical applications. As a user you are responsible for ensuring that the described products are correctly used. These application examples do not relieve you of the responsibility to use sound practices in application, installation, operation and maintenance. By using these Application Examples you accept that Siemens is not liable for any damages except for those specified in the above liability clause. We reserve the right to make changes to these Application Examples at any time without prior notice. If there are any deviations between the recommendations provided in this application example and other Siemens publications – e.g. Catalogs – the contents of the other documents have priority.
Warranty, Liability and Support
We do not accept any liability for the information contained in this document.
Any claims against us – based on whatever legal reason – resulting from the use of the examples, information, programs, engineering and performance data etc., described in this example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of a condition which goes to the root of the contract (“wesentliche Vertragspflichten”). However, claims arising from a breach of a condition which goes to the root of the contract shall be limited to the foreseeable damage which is intrinsic to the contract, unless caused by intent or gross negligence or based on mandatory liability for injury of life, body or health. The above provisions do not imply a change of the burden of proof to your detriment.
Copyright© 2008 Siemens I IA/DT. It is not permissible to transfer or copy these examples or excerpts of them without first having prior authorization from Siemens I IA/DT in writing. If you have any questions concerning this document please e-mail us to the following address:
Preface
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 3/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Preface
Introduction Today’s communication options in the automation environment cannot remain restricted to the location of the plant. Global communication options are core requirement and necessity in all layers of automation technology.
The communication structure of modern plants must enable integrated data exchange between various plant component as well as between worldwide working maintenance personnel and the plants.
The SIMATIC environment with its standardized interfaces offers a homogenous environment to ensure a safe communication within a plant. For connecting locally disconnected plant parts, cable-based as well as wireless options via private or public networks are available.
Basic knowledge of basics and properties of the usable communication options is important as a selection aid for each application case.
Problems during remote accesses to SIMATIC stations From the user’s or planner’s viewpoint, the following questions may often arise when designing plants and their communication solutions:
• Which communication option (cable-based / wireless) is available as a platform for the planned automation solutions?
• Which transport mechanism (dialup network / package transfer) is available / can be selected?
• Are there preferred protocols which must be used based on the communication partner?
Purpose of the document The reader of this document shall be able to gain an overview of the available communication options and communication solutions for its application.
Basic information on the available WAN interfaces shall enable the project engineer to make a selection of the communication options used in the project, taking into consideration the plant-specific criteria.
Furthermore, this document provides argumentation aids regarding the introduced WAN configurations.
Preface
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 4/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Delimitation This document contains
• no suggestions on “large company concepts”
• neither product-oriented nor activity-oriented solutions, the description in the SIMATIC family is restricted to the usable product group / families.
• no detailed explanation on telecontrol systems (e.g. SINAUT, SICAM, Vicos, etc., or solutions such as S7 Teleservice).
• no detailed consideration of costs, performance measurement regarding products or services.
Structure of this document The document is divided into the following parts.
Table 0-1
Components
Description
1. User scenarios in the WAN environment This chapter gives an overview of the structural setup of the communication options in the WAN. This describes explicitly the correlation between cable-based and wireless communication tools and the correlation between package-based and dialup-based communication methods.
2. Network accesses for WAN networks This chapter serves as selection aid for the WAN accesses available in SIMATIC. Furthermore it serves as jump distributor in the WAN configurations that can be used with WAN access.
3. WAN configurations in the SIMATIC environment This chapter comprises a collection of summaries trying to explain in a short and comparable form the individual communication solutions.
Reference to the Automation and Drives Service & Support This article is from the Internet application portal of the Automation and Drives Service & Support. The following link takes you directly to the download page of this document.
http://support.automation.siemens.com/WW/view/en/26662448
Preface
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 5/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Table of Contents
Table of Contents ......................................................................................................... 5
Basic Information ......................................................................................................... 6
1 User Scenarios in the WAN environment..................................................... 6 1.1 Communication principles................................................................................. 7 1.2 Model for WAN communication ........................................................................ 9 1.3 User scenarios................................................................................................ 11
Network access variants............................................................................................ 13
2 Network Access for WAN Networks ........................................................... 14 2.1 Categorizing the WAN network accesses....................................................... 15 2.2 Connection-oriented data transfer via radio networks .................................... 17 2.3 Connection-oriented data transfer via cable-based networks......................... 20 2.4 Package-oriented data transfer via radio networks ........................................ 24 2.5 Package-oriented data transfer via broadband networks ............................... 29
WAN Configurations................................................................................................... 34
3 WAN Configurations in the SIMATIC Environment ................................... 35 3.1 Categories of viewed WAN configurations ..................................................... 36 3.2 Configuration 1: RS485 connection with dialup connection via modem ......... 38 3.3 Configuration 2: RS485 connection with dialup connection via radio modem 42 3.4 Configuration 3: Ethernet connection with dialup connection via modem....... 46 3.5 Configuration 4: Ethernet connection with dialup connection via radio modem51 3.6 Configuration 5: Ethernet connection via package-based broadband networks56 3.7 Configuration 6: Ethernet connection via package-based radio networks ...... 62 3.8 Configuration 7: Secure Ethernet connection via package-based broadband
internet access ........................................................................................... 69 3.9 Configuration 8: Secure Ethernet connection via package-based mobile phone
internet access ........................................................................................... 77
Bibliography................................................................................................................ 85
4 Notes on Additional Information ................................................................. 85 4.1 Internet Links .................................................................................................. 85
5 History ........................................................................................................... 86
User Scenarios in the WAN environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 6/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Basic Information
Content This part of the document provides basic information on the topic of data communication and its application in the WAN communication.
Note WAN = Wide Area Network
1 User Scenarios in the WAN environment
Introduction The reasons for planning and integrating WAN interfaces in plants are manifold.
Some examples are:
• The access to plant components for the purpose of error repair or maintenance.
• Access to data of the controller or the systems in order to monitor or visualize the plant status.
• The notification of e.g. service personnel through the plant in order to report defined pant statuses.
• Quality assurance or resource planning through superordinate systems.
Developer / planner (as user of this document) decides which communication system fulfills the set requirements for the plant specific requirements.
The document on hand supports the user in recording which communication options exist and which communication scenarios are possible for his application and which are necessary.
Note The concepts viewed here are restricted to individual and cost-efficient solutions for integrating individual plants / machines to the WAN. Large company concepts for connecting entire company sites including the respective security efforts are not discussed here.
User Scenarios in the WAN environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 7/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
1.1 Communication principles
Introduction This chapter describes the common principles and methods of a WAN communication.
Communication in the data communication The following table shows the communication relations which also occur with SIMATIC S7. Table 1-1
Communication relationship
Logic relationship Description
1 : 1 Communication
Point-to-point communication
two end nodes communicate with each other directly
1 : n communication Point-to-net communication
an end node communicates with a network with a many different nodes.
n : m communication Net-to-net communication
two networks of different size communicate with each other. A node of each network or all nodes of the networks can communicate with each other here.
Each of the communication used in the SIMATIC is based on these relationships. They also apply independent on the applications used on these relationships.
Apart from the pure, abstract communication relations, further, more technical frame conditions (e.g. infrastructure, technology, etc.) must be considered for the data communication which can impact this communication.
User Scenarios in the WAN environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 8/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Technical restrictions A technical differentiation criteria and frame conditions for the data communication the following points must be considered.
• the physical connection Here principally two different technologies exist for connecting a communication partner to a WAN, which are:
– the cable-based connection, and
– the wireless connection (radio technology).
Both of these technologies can be combined in general and must be applied depending on the application case and the availability.
• the transfer type Here two different principles can be differentiated which are decisive for the communication of two partners in WAN.
– the package-oriented data transmission (IP-based), or
– the dialup-based (connection-based) data transfer (PSTN / ISDN).
A direct combination of both principles is generally not possible.
User Scenarios in the WAN environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 9/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
1.2 Model for WAN communication
Introduction To yield a sensible and manageable division of the task for WAN communication it is necessary to divide the total tasks.
When considering the numerous cases of communication options a model results which can be used for a division and later evaluation.
Overview of the communication model The following model shows the WAN communication in the SIMATIC environment. Figure 1-1
Package-based Transmission
Package-based Transmission ISPISPISPISP
“Network Access”“Network Access”
“Application Scenarios”“Application Scenarios”
Dialup Connection
WAN access component
WAN access component
Interface Interface
“Systems”“Systems”
Plant /Station B
Plant /Station ALogic Connection
SIMATIC SIMATIC
User Scenarios in the WAN environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 10/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Viewing the levels in the model The displayed model consists of 3 levels: Table 1-2
Level Description
Application scenarios
In the SIMATIC environment the functions used by the user can be divided into few groups. These are: • HMI, • reporting • remote maintenance and • data transfer. In a real application these groups are mostly necessary in combination in order to fulfill the requirements.
Network access The network access can be defined by: • the physical interface • the transfer methods • the possible communication bandwidth. Selecting the suitable network access based on the requirements is decisive for the application.
Systems In today’s version, SIMATIC offers a number of interfaces and modules which use these network accesses. They enable communicating with other devices via various communication media and via different services and applications.
The mentioned levels are only treated in the listed order in this document.
User Scenarios in the WAN environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 11/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
1.3 User scenarios
Graphical display of tasks in WAN communication The next representation shows the communication structures and their application cases common in the SIMATIC environment. Figure 1-2
1
2
3
HMI / Remote Maintenance
Reporting
Data Transfer
Plant
System
1 23
3
Control Center / Mobile Service
Public Networks
During plant operation there are different requirements for the communication depending on the application.
User Scenarios in the WAN environment
WAN Access Methods Beitrags-ID: 26662448
V1.0 12/04/2008 12/86
Copyright © Siemens AG 2008 All rights reserved 26662448_WAN_Zugriffsmethoden_V01_en.doc
Fehler! Unbekannter Name für Dokument-Eigenschaft.
Application cases in the SIMATIC environment It is necessary to divide the application cases into user scenarios to be able to categorize the requirements of the WAN communication for SIMATIC. Table 1-3
Pic. Scenario Description Examples
HMI • Operation and monitoring of plants and systems
• Cyclic or event-controlled displays and logging of process values OP functions with WinCC, WinCC flexible or MP/TP/OPs, etc..
Reporting • Reporting of defined plant statuses PG/OP functions with STEP7,
E-mail / SMS via ISP / SP, etc.
Remote
maintenance • Programming and diagnosis of plants or controllers PG functions with STEP 7,
STEPS and SIMOTION SCOUT,
Data transmission • Transmission of data records between plants
• Transmission of data from / to servers • Transmission of management data and saved protocols
e.g. S7 protocols based on ISO-on-TCP; TCP/IP or UDP/IP protocol; FTP.
User Scenarios in the WAN environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 13/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Network access variants
Content In the following chapter of the document we show you the various current possibilities to connect a WAN network to SIMATIC.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 14/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
2 Network Access for WAN Networks
Introduction In this chapter we describe and evaluate the WAN network access options available at the time of generating this document.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 15/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
2.1 Categorizing the WAN network accesses
Representation Based on the communication principles explained in chapter 1.1 the following combination cases result:
Table 2-1
Network type
Radio Cable-based Connection-based
Tran
smis
sion
IP-based (package-based)
• Connection-oriented data transfer via radio networks
• Connection-oriented data transfer via cable-based networks
• Package-oriented data transfer via radio networks
• Package-oriented data transfer via cable-based networks
In the next chapters we look at and evaluate these network access types.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 16/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Evaluation criteria for network accesses In order to compare and view the different WAN network accesses it is necessary to use the next subchapters.
Table 2-2
Criterion Description
Overview At the beginning we provide an overview of the technologies as well as the introduction into the individual network access variants.
Connection Here we illustrate the required hardware and the interface(s) which can be used by the SIMATIC.
Performance data With the performance data we show you • how fast, • how many data, • on how many connections, can be transferred at once.
Perspectives When planning a network access the future perspective of a network access is important. In order to evaluate this we consider • how the technology in this area is developed
further, and • which potential can still be used.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 17/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
2.2 Connection-oriented data transfer via radio networks
Symbol Figure 2-1
Introduction Radio networks do not only consist of radio data transmission. Radio networks used today only consist of a meshed network of radio base stations.
End devices register at the radio network via individual base stations. You use the cable or radio connection of the base station in the meshed network with which the end device is connected.
If an end device changes the radio cell, then the end device is transferred bumpless from one radio cell to the next. This process is referred to as roaming.
GSM CSD (Circuit Switched Data) The “Global System for Mobile Communications” is a standard for fully digital mobile radio network. The standard principally serves for telephone, a part of the specification also serves for circuit switched data communication (CSD).
GSM is the first standard of the 2G (second generation) and the mobile radio standard with the most common worldwide distribution. GSM is the direct successor of the analog mobile radio standard which is common until then.
It is the aim of this standard to create a Europe-wide voice service of the landline network via mobile radio which is compatible with the common ISDN or PSTN. GSM was introduced in Germany in 1992.
According to the details of the GSA (General Service Administration) in 2007
• approx. 2 billion GSM-capable end devices are in operation,
• up to 1 million end devices have been sold
• worldwide up to 670 GSM mobile radio networks are in operation in over 200 countries or areas.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 18/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Connection For the data transfer via GSM CSD different device types are available. For example:
• GSM modems (e.g. the TC65i, the SINAUT MD720-3 GSM/GPRS),
• GSM remote systems and
• GSM mobile phone with modem function.
For connection to the SIMATIC controller there are serial interfaces such as the RS232 (EIA-232) interface.
Performance data Maximum data transmission rate: depending on the transmission quality the maximum data transmission rate varies between
• 9.6 Kbit/s and
• 14.4 Kbit/s
The maximum number of connection for data transmission is
• 1 per device.
Perspectives for GSM-CSD The development of GSM in the area of voice transmission, which the CSD area is a part of, is complete. Further developments hence increased performance cannot be expected.
Within the framework of GSM package-oriented services are in use which offer considerably more potential and a similar distribution.
In some regions, especially in the USA, the CSD services have already been switched off by the mobile radio providers.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 19/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Applicable configurations This WAN access can be utilized with these configurations: Table 2-3
Utilization as active nodes
• Configuration 2: RS485 connection with dialup connection via radio modem • Configuration 4: Ethernet connection with dialup connection via radio modem
Utilization as target node
• Configuration 1: RS485 connection with dialup connection via modem • Configuration 2: RS485 connection with dialup connection via radio modem • Configuration 3: Ethernet connection with dialup connection via modem • Configuration 4: Ethernet connection with dialup connection via radio modem
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 20/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
2.3 Connection-oriented data transfer via cable-based networks
Symbol Figure 2-2
Introduction The largest cable-based WAN networks are telephone networks. Telephone refers to communication systems which are designed for handling telephone calls. The usual designation for this is called Public Switched Telephone Network, or also PSTN.
Modern telephone networks are available in two variants as
• analog telephone network (also referred to as POTS) and as
• ISDN (Integrated Services Digital Network)
Both variants can be used for data transfer. A connection between the analog telephone network and the ISDN network for data transmission is not possible without problems due to the respectively different protocols and methods (analog / digital). As opposed to the data communication, the voice transmission is possible without problems.
In practice telephone connections without dialup connection, so-called dedicated lines, are used on top of dialup connections. Dedicated lines are used for both telephone network variants.
Decisive for this category is that the route selection for the connection already occurs during the connection establishment.
Analog telephone network The analog telephone network works with the analog transmission of tone signals.
For the transmission of digital information these data are modulated to the possible carrier frequency in the range of 300 Hz to 3400 Hz.
The modulation of the digital data comes in different standards of the ITU, the current versions are
• V.34 (up to) with Trellis-Code modulation according to the Shannon theorem (restriction of the data transmission bandwidth to 30 – 40 kbit/s for pure analog telephone networks with a bandwidth of 3.1 kHz)
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 21/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
• V.90 / V.92. using the digital return channels in digitalized telephone networks enables reaching higher band widths. (these standards are also known as K56flex)
In Germany, by the end of 2006, a total of 55.23 million telephone connections are in operation. (including ISDN)
Worldwide there are approx. 4 billion telephone connections.
ISDN ISDN (Integrated Services Digital Network) is a digital network which can transfer voices as well as data. ISDN enables two data transfer types where here only the circuit switched data transfer is considered. (The package-oriented service is known under the name DATEX P)
The standard of ITU used in circuit switched data transfer is X.75. The standard describes the connection-oriented digital data transfer to ISDN networks which do not require any modulation of data to a carrier signal. The data is transformed in the used protocols alone.
Today X.75 is the widest distributed standard for data communication via ISDN in Europe. This standard enables, amongst other things, bundling several channels which increases data throughput.
In Germany, by the end of 2006, a total of 12.65 million ISDN basic connections and 113,000 ISDN primary multiplex connections had been in operation. This makes approx. 1/3 of all telephone connections of the Federal Republic of Germany.
With 10% the worldwide distribution of ISDN is very low. Even in industrial nations outside Europe ISDN connections are an exception. In the emerging markets ISDN is not widely distributed.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 22/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Comparing the WAN network accesses Table 2-4
Analog telephone network ISDN
Com
pone
nts
Required components: • Modem (Modulator / Demodulator) (analog)
also as component of other devices, e.g. a notebook computer • ISDN card with DSS1 connection (ISDN) • TS-adapter (analog / ISDN) • Ethernet router (analog / ISDN) Possible interfaces for SIMATIC • RS232 (EIA232) • MPI/PROFIBUS • Industrial Ethernet
Per
form
ance
dat
a
Depending on standard and quality of the line, transfer rates of: • V.34: 33.6 kBit/s (Send / Receive) • V.90: 33.6 kBit/s Send
56 kBit/s Receive • V.92: 48 kBit/s Send
56 kBit/s Receive are possible. Maximal number of lines for data transfer: • 1 simultaneous data connection per
line connection
A B channel (a normal ISDN connection has 2 B channels) can use up to 64 kBit/s (Send/Receive). Maximal number of lines for data transfer: • 1 - 30 simultaneous data connections
(B channels) per connection (possible for primary multiplex connection)
For maximum bundling a band width of up to 2 Mbit/s (Send / Receive) is possible. ISDN connection with 2 B channels achieves up to 128 kBits/s.
Pers
pect
ives
Due to the large extent of digitalization in PSTN networks no further developments in the area of connection-oriented communication is expected in the telecommunication sector. Telecommunication networks today are, due to the development of broadband technology, increasingly used as carrier medium of package-based data services such as DSL. As an alternative for using broadband networks the data transmission via radio networks is on the increase.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 23/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Applicable configurations These WAN accesses can be utilized with these configurations: Table 2-5
Utilization as active nodes
• Configuration 1: RS485 connection with dialup connection via modem • Configuration 3: Ethernet connection with dialup connection via modem
Utilization as target node
• Configuration 1: RS485 connection with dialup connection via modem • Configuration 2: RS485 connection with dialup connection via radio modem • Configuration 3: Ethernet connection with dialup connection via modem • Configuration 4: Ethernet connection with dialup connection via radio modem
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 24/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
2.4 Package-oriented data transfer via radio networks
Symbol Figure 2-3
Basics Current radio networks are capable, apart from the connection-oriented transmission of telephone conversations to also offer package-based data services.
With the progress in satellite technology a well established satellite radio network has developed. Satellite radio networks are like mobile radio networks capable of transferring package-oriented data.
Apart from the communication-oriented satellite radio networks, satellite supported data services are also developed for the mobile internet connection.
All of these services use the TCP/IP protocol as a basis in order to react flexibly to wait times and to enable simple portability.
A huge advantage of package-oriented data transfer is that the costs are not charged for the duration of the connection but according to the effectively transferred data volume.
In this chapter we consider:
• GPRS (General Packet Radio Service)
• EDGE (Enhanced Date Rates for GSM Evolution),
• UMTS (Universal Mobile Telecommunications System)
• Broadband via satellite.
GPRS / EDGE / UMTS as passive coupling partner Package-oriented mobile radio networks with the exception of satellite networks generally work with private network addresses separated from the internet by NAT. This is required in order to minimize the IP addresses used on the internet. For this reason, a direct access from the internet to a device of the mentioned mobile radio networks is not possible. Some mobile radio providers offer provider-specific solution options.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 25/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
GPRS GPRS is based on the GSM networks of current mobile radio networks. As opposed to the dialup-based CSD connections, GPRS mobile devices are permanently connected with the base station. (The so-called always-on mode) .
Apart from the standard components of the GSM networks, the radio network requires interfaces for GPRS for package forwarding via ISPs to the internet or to company networks. Many of the active GSM mobile radio networks support GPRS.
EDGE EDGE is a further development of the GSM networks. It expands the technology by an additional modulation method. EDGE exists parallel to the previous GSM services. In the area of data communication EDGE expands the GPRS standard to E-GPRS or the HSCSD standard to ECSD.
EDGE can with little expenses be integrated into existing GSM networks. So far EDGE has been introduced in 75 countries, in Switzerland a population coverage of 99%.
UMTS The GSM hence GPRS of the 2G (2nd generation) mobile radio network corresponds to the UMTS of the 3G (3rd generation) mobile radio network. Similar as ISDN, UMTS is a communication service with additionally integrated services. Apart from the audio and video surveillance UMTS can also use messaging and information services.
UMTS is not compatible with GSM due to using different frequency areas and differentiated access methods. Furthermore, operating a UMTS network requires a much higher density of radio base stations than for GSM networks. Therefore a new network must be set up for UMTS. At the moment it is not available in wide-area coverage.
In 2007, 180 3G networks worldwide are active with approx. 200 million stations, which is 7% of all mobile radio providers.
Distribution of the 3G stations worldwide:
• 48% Europe (e.g. Italy with 20 million users)
• 45% Asia
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 26/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Internet via Satellit The most current variant of the wireless connection to the internet is the internet connection via satellite, access to which is provided by the providers. This is particularly ideal for remote regions or those unavailable for broadband technology.
To variants are offered for the internet via satellite technology. These are
• Access with return line via telephone and
• Access with return path via satellite.
The technology for using internet via satellite is available. The availability, hence that of a provider depends on the footprint and hence of the availability of the used satellite.
Comparison of the four technologies The table on the next page contains a comparison of the four selected, package-based data transfer methods via radio networks.
Network Access for WAN Networks
WAN Access Methods Beitrags-ID: 26662448
V1.0 12/04/2008 27/86
Copyright © Siemens AG 2008 All rights reserved 26662448_WAN_Zugriffsmethoden_V01_en.doc
Fehler! Unbekannter Name für Dokument-Eigenschaft.
Table 2-6
GPRS EDGE UMTS Internet via satellite
Com
pone
nts
The following GPRS-capable end devices are available: • SINAUT MD 740-1, • GSM/GPRS modem or • GPRS capable GSM mobile
phones. Ethernet lends itself as an interface for the SIMATIC.
The following EDGE-capable end devices are available: • SINAUT MD 741-1, • GSM/EDGE modem or • EDGE-capable GSM mobile
phones. Ethernet lends itself as an interface for the SIMATIC.
UMTS end devices are available in three categories. • UMTS mobile phones, • UMTS PCCard / Express
Card or • UMTS Ethernet router. Ethernet lends itself as an interface for the SIMATIC.
Using internet via satellite requires these components: • Data-capable LNC / BUC • Satellite modem • UMTS Ethernet router. Ethernet lends itself as an interface for the SIMATIC.
Per
form
ance
dat
a
The maximum transfer rate is: • 8.0 - 20.0 kit/s, per time slot • For current devices and their
assignable time slots as well as their bundling a maximum of 55.6 kbit/s are possible as of 2007.
• When bundling all 8 time slots up to 171.2 kbit/s are theoretically possible. (Shared Media)
The maximum transfer rate is: • 59.2 kbit/s per channel/user • For current devices and their
assignable channels as well as their bundling a maximum of 220 kbit/s downstream and 110 kbits/s upstream are possible.
• When bundling all channels up to 473 kbit/s are theoretically possible. (Shared Media)
The maximum transmission rates depend on the used methods. FDD mode 384 kbit/s downstream. (according to release 1999) TDD mode (HSDPA) Theoretical: 14.4 Mbit/s gross or 10.8 Mbit/s net downstream Practically: 1.4 Mbit/s or 5.1 Mbit/s (planned) downstream
The maximum transmission rates are very much depending on the available band-width of the satellite and the used return channel. • For a return channel via
setellite up to 1024 kbit/s downstream and 128 kbit/s upstream
• For a return channel via telephone / ISDN or DSL light up to 24 Mbit/s downstream
can be reached.
Per
spec
tives
The development of earth supported mobile data transmission is continued as follows. Currently the following developments can be observed: • WiMAX: Worldwide Interoperability for Microwave Access is a synonym for IEEE802.16 in 2 / 11 or 10
GHz area. The development of new standards in the mobile radio area promises a higher data bandwidth for lower wait time.
With the further commissioning of telecommunication satellites for the data communication the availability (more footprints) and performance of the data transmission increases.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 28/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Applicable configurations These WAN accesses can be utilized with these configurations: Table 2-7
Utilization as active nodes
• Configuration 6: Ethernet connection via package-based radio networks • Configuration 8: Secure Ethernet connection via package-based mobile
phone internet access Utilization as target node
• Configuration 5: Ethernet connection via package-based broadband networks • Configuration 6: Ethernet connection via package-based radio networks • Configuration 7: Secure Ethernet connection via package-based broadband
internet access • Configuration 8: Secure Ethernet connection via package-based mobile
phone internet access
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 29/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
2.5 Package-oriented data transfer via broadband networks
Symbol Figure 2-4
Basics For package-oriented cable-based WAN networks the following are used as carrier media
• broadband-capable telephone networks as well as
• broadband-capable networks such as the network of the cable television or power networks
Due to the high quality standard of the modern networks far more bandwidths can be transferred than used in the original usage area.
Separated frequency bands outside of the original usage area are used for data transfer. To transfer data
• from the provider to the end device (downstream) and back
• from the end device to the provider (upstream)
separate frequency bands are used.
The next figure shows a scheme of the different usage of frequency bands using the example of DSL via telephone networks.
Figure 2-5
ISDN
AnalogesTelefon
0 – 138 kHz
ADSL Upstream
ADSL Downstream
138 – 276 kHz276 – 1104 kHz
….
ISDN
Ana
log
Tele
phon
e
Frequencyrange in kHz
0 – 138 kHz
ADSL Upstream
ADSL Downstream
138 – 276 kHz276 – 1104 kHz
….
All broadband networks use a comparable method, even if the used frequency bands can be placed differently.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 30/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
DSL via telephone line DSL, the Digital Subscriber Line, was developed as method at the end of the 80s, early 90s of the 20th century. This development was favored by fast signal processors with very high computing power, which is required for processing the transferred data. In the course of the development more and more powerful processors, hence more powerful variants of DSL were developed, which are also referred to as xDSL. Currently DSL variants can either be transferred via dedicated line, without voice transmission, or via ISDN or analog telephone connection.
DSL is not available in wide-area coverage. This is due to the fact that two important requirements must be fulfilled for DSL.
1. A copper cable must be laid. An FO connection, common in NGN (Next Generation Network) does not work.
2. The distance between the station and the next DSLAM (Access Multiplexer) must not exceed 3 – 4 km. With increasing dampening of the data signals the transmittable data bandwidth is decreased.
In May 2007 there were approx. 200 million DSL connections worldwide, which corresponds to 65% of all broadband connections.
Today in Europe alone there are:
• 15 million DSL connections in Germany.
• 14 million DSL connections in France.
• 11 million DSL connections in the UK.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 31/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Internet via cable television networks Since due to the described limitations the telephone networks are subject to large restrictions, alternatives are searched in other networks.
An alternative is the cable network of the cable television. This network was designed with the standardization so that a large frequency spectrum is transferred with little noise. Since this frequency spectrum is not used up completely, free frequency bands can be used for data transfer. Since in metropolitan areas cable TV networks are available on a large scale, these networks are suitable for broadband data transfer.
Due to the expansion and restructuring of the existing cable network with fiber-optic cables the HFC (Hybrid Fiber Coax) method was made possible. With this method it is possible for a station to additionally receive and send data via its coaxial TV connection. End of 2006 there were approx. 57 million cable internet connections using cable modems. This represents approx. 30% of all broadband connections in the OECD states.
Approx. half of all cable internet connection has been installed in the US alone. Further states with a high proportion of broadband connection via cable television networks are
• Austria and
• Switzerland.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 32/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Comparison of both network types The next table contains the comparison between the data transmission via telephone networks with DSL and cable TV networks with internet access.
Table 2-8
DSL via telephone line Internet via cable TV network
Com
pone
nts
The local connection requires the following hardware: • A splitter, for separating the
telephone and DSL signals. • A modem for modulating the data • A DSL/ cable router with Ethernet
connection. Ethernet lends itself as an interface for the SIMATIC. For the transmission either • the PPPoE protocol or • the P2PTP protocol are used.
For the local connection to a cable connection the following hardware is required: • A cable modem, which supports the
DOCSIS version (data over cable service interface specification) of the cable network provider.
• A DSL/ cable router with Ethernet connection.
The modem supports encoding according to DES with a key length of 56 bit. Ethernet lends itself as an interface for the SIMATIC.
Per
form
ance
dat
a
The most common DSL variants are: • SDSL (Symmetrical DSL) with up to
3 Mbit/s downstream / upstream • ADSL (Assymetric) with up to 8
Mbit/s downstream and 1 Mbit/s upstream
• ADSL2+ (with dynamic negotiation) with up to 25 Mbit/s downstream and 3.5 Mbit/s upstream
• VDSL / VDSL2 (Very high data rate) with theoretically up to 210 Mbit/s downstream / upstream
Currently used cable modems support a data rate of up to 36 Mbit/s downstream / upstream. Theoretically data rates of up to 100 Mbit/s are possible. Since cable networks are a shared medium, the band width is distributed to all connected stations. The more stations have simultaneous access to the network, the less bandwidth is available for the individual station.
Pers
pect
ives
The expansion of cable TV networks outside Germany increases its potential and the availability for data transmission. The expansion of VDSL technology is in full swing, however, the limitations regarding the wide-area distributions remain.
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 33/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Applicable configurations These WAN accesses can be utilized with these configurations: Table 2-9
Utilization as active nodes
• Konfiguration 5: Ethernet Anbindung über paketorientierte Breitbandnetze • Konfiguration 7: Gesicherte Ethernet Anbindung über paketorientierte
Breitband Internet Zugänge Utilization as target node
• Konfiguration 5: Ethernet Anbindung über paketorientierte Breitbandnetze • Konfiguration 6: Ethernet Anbindung über paketorientierte Funknetzwerke • Konfiguration 7: Gesicherte Ethernet Anbindung über paketorientierte
Breitband Internet Zugänge • Konfiguration 8: Gesicherte Ethernet Anbindung über paketorientierte
Mobilfunk Internet Zugänge
Network Access for WAN Networks
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 34/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
WAN Configurations
Content In this chapter we illustrate to you individual scenarios for the WAN connection of SIMATIC components.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 35/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
3 WAN Configurations in the SIMATIC Environment
Introduction In the course of this chapter we introduce individual communication scenarios as described in chapter 1.2 and evaluate them regarding their applicability in the SIMATIC environment.
The evaluation of the individual configurations occurs subjectively, an evaluation based on numbers is not possible due to the continuously changing framework conditions.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 36/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
3.1 Categories of viewed WAN configurations
In order to monitor all possible WAN configurations makes sense to divide all possibilities. To achieve this
• the physical connection,
• the transmission type
• as well as the bus structure used in SIMATIC are also considered
in groups.
In this chapter these configurations close to SIMATIC are considered:
Table 3-1
Network type
Cable-based Radio
RS485 connection with dialup connection
via modem
RS485 connection with dialup connection
via radio modem
Con
nect
ion-
base
d
Ethernet connection with dialup connection
via modem
Ethernet connection with dialup connection
via radio modem
Ethernet connection via package-based
broadband networks
Ethernet connection via package-based
radio networks Tran
smis
sion
IP-b
ased
Ethernet connection via package-based
broadband networks
Secure Ethernet connection via package-
based radio networks
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 37/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Evaluation criteria for WAN configurations Comparing and viewing the different WAN configurations requires evaluation criteria which are used in all WAN configurations.
The following criteria are used for the module variants.
Table 3-2
Criterion Description
Application in the SIMATIC system
At the beginning we show you the application options of WAN configuration in the SIMATIC spectrum with • HMI • reporting • remote maintenance and • data transfer.
Quantitative cost situation
With the quantitative cost situation we illustrate which cost factors for • procurement and • operation of the communication must be expected.
Availability and reliability
Successful operation requires the availability and reliability of the communication. With these criteria we show you how this affects the different communication paths.
Security For communication, especially via public networks, the security of the data and the communication itself is important. Here we show you the possible measures that can be taken in the appropriate configuration.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 38/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
3.2 Configuration 1: RS485 connection with dialup connection via modem
Introduction into the configuration This configuration shows the connection of two SIMATIC components by means of a dialup connection via the landline using a TS adapter.
Configuration Figure 3-1
TS adapteropt. with modem
MPI/PB Network
ModemPSTNPSTN
PC/PG
Page AEnd Device A WAN Interface A
Page BWAN Interface B End Device B
Modem
I/O
OH AA RD TD TR CD CSEC DC V34 K56FAXMSG MRK56FLEX
Employed bus systems The used bus system of the TS adapter can be either
• the MPI network or
• the PROFIBUS
Applicable data connections For data transmission, telephone connections are used which are switched by the PSTN via
• ISDN
• analog telephone lines or
• a GSM-CSD modem (externally connected at the TS adapter)
Note GSM-CSD modems can be configured for the application with both telephone systems, since a compatible protocol is available for both systems.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 39/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page A: component variants / parts lists Table 3-3
End device A WAN Interface A Comment
PG/PC with teleservice
software
Modem (Analog / ISDN)
A standard modem is connected to the PC as a modem. The protocols / methods • V 34 up to, V90 / V92 or K56flex (for
analog), • X.75, V.110 or V.120 (for ISDN) are supported.
Controller / network TS adapter (analog / ISDN)
Possible SIMATIC modules: • TS adapter I (additionally analog / ISDN
modem) 6ES7972-0CA3*-0XA0
• TS adapter II (analog) 6ES7972-0CB35-0XA0
• TS adapter II (ISDN) 6ES7972-0CB35-0XA0
(depending on the respective partner station)
Page B: component variants / parts lists Table 3-4
End device B WAN interface B Comment
Controller / network TS adapter (analog / ISDN)
Possible SIMATIC modules: • TS adapter I (additionally analog / ISDN
modem) 6ES7972-0CA3*-0XA0
• TS adapter II (analog) 6ES7972-0CB35-0XA0
• TS adapter II (ISDN) 6ES7972-0CB35-0XA0
(depending on the respective partner station) Controller / network TS adapter <>
GSM-CSD modem If the partner station can only be reached via a mobile radio network, a GSM-CSD modem can be connected via the serial interface to the TS adapter. A GSM-CSD modem for this application from the SIMATIC spectrum is the: • GSM kit TC65T
6AG1011-1CC00-0AA0 (CSD for analog modems or the protocol V.110 for ISDN modems are supported)
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 40/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Application in the SIMATIC system This configuration is suitable for the application in the SIMATIC environment as follows: Table 3-5
SIMATIC service Evaluation Comment
Operator control and monitoring.
HMI functions are restricted to the transfer of configurations to end devices.
Diagnostics Diagnostic options are given which are only restricted due to the available bandwidth and reaction time of the connection.
Reporting The SMS function enables reporting diagnostic events through the user program to the SMS-capable end devices.
PG functions PC functions are possible. The bandwidth is sufficient for programming and monitoring of block statuses.
Data transmission The transmission of data is only possible between controllers which are connected via TS adapter.
Note Here only the application with the SIMATIC TS adapter is considered.
Modules of other providers can show other functions which would lead to a different evaluation.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 41/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Evaluation of the configuration Table 3-6
Criterion Evaluation
Quantitative cost situation
Regarding the costs the following points must be considered: • Procurement costs for TS adapter, TS software
and if necessary modem. • The basic costs for the used telephone
connections. • The cost of calls during the data connection.
Payment occurs per time unit, i.e. irrespective of the data volume.
Availability and reliability
Analog telephone connections are available worldwide. The global usage is guaranteed. Due to the fixed telephone connection the communication partner is bound by the location. The configuration is very reliable regarding its usage and distributed worldwide.
Security To secure the data connection two functions can be used: • The Call Back function, to ensure that only
authorized stations can use the function. The modem only calls back preconfigured telephone numbers
• Login password to enable a secure authentication. The data transfer itself is secured by the used protocols, the communication is not protected against bugging.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 42/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
3.3 Configuration 2: RS485 connection with dialup connection via radio modem
Introduction into the configuration This configuration shows the connection of two SIMATIC components by means of a dialup connection via the mobile radio network using a TS adapter.
Configuration Figure 3-2
MPI/PB NetworkCSD Modem
PSTNPSTNPC/PG
Page AEnd Device A WAN Interface A
Page BWAN Interface B End Device B
TS-Adapteropt. with Modem
Employed bus systems The used bus system of the TS adapter can be either
• the MPI network or
• the PROFIBUS
Applicable data connections A telephone connection via GSM-CSD is established for data transfer. The TS adapter of the communication partner can be connected to the PSTN via
• ISDN
• analog telephone lines or
• a further GSM-CSD modem (externally connected at the TS adapter)
Note GSM-CSD modems can be configured for the application with both telephone systems, since a compatible protocol is available for both systems.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 43/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page A: component variants / parts lists Table 3-7
End device A WAN Interface A Comment
PG/PC with teleservice
software
GSM-CSD modem
The employed modem is a GSM-CSD modem connected to the PC such as: • GSM kit TC65T
6AG1011-1CC00-0AA0 • SINAUT MD720-3 GSM/GPRS
6NH9720-3AA00
(CSD for analog modems or the protocol V.110 for ISDN modems)
Controller / network TS adapter <> GSM-CSD modem
Possible SIMATIC modules: • TS adapter I
6ES7972-0CA3*-0XA0 • TS adapter II (analog)
6ES7972-0CB35-0XA0 • TS adapter II (ISDN)
6ES7972-0CB35-0XA0 A possible GSM-CSD modem is the: • GSM kit TC65T
6AG1011-1CC00-0AA0 (CSD for analog modems or the protocol V.110 for ISDN modems)
Page B: component variants / parts lists Table 3-8
End device B WAN interface B Comment
Controller / network TS adapter (analog / ISDN)
Possible SIMATIC modules: • TS adapter I (additionally analog / ISDN
modem) 6ES7972-0CA3*-0XA0
• TS adapter II (analog) 6ES7972-0CB35-0XA0
• TS adapter II (ISDN) 6ES7972-0CB35-0XA0
Controller / network GSM-CSD modem <>
TS adapter
If the partner station can only be reached via the mobile radio network, the TS adapter can be expanded using a GSM-CSD modem. A possible GSM-CSD modem of SIMATIC is the: • GSM kit TC65T
6AG1011-1CC00-0AA0 • SINAUT MD720-3 GSM/GPRS
6NH9720-3AA00
(CSD for analog modems or the protocol V.110 for ISDN modems)
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 44/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Application in the SIMATIC system This configuration is suitable for the application in the SIMATIC environment as follows: Table 3-9
SIMATIC service Evaluation Comment
Operator control and monitoring.
HMI functions are restricted to the transfer of configurations.
Diagnostics Diagnostics options are possible, however, restricted by the very low band width.
Reporting The SMS function enables reporting the diagnostic events through the user program.
PG functions PC functions are possible. The bandwidth is still sufficient for programming and monitoring of block statuses.
Data transmission A transfer of data is only possible between controllers which are connected via TS adapter.
Bandwidth of the CSD modem The evaluation of the SIMATIC application is decided by the maximum data bandwidth of a CSD modem, which is at up to 14.4 kBit/s.
Note Here only the application with the SIMATIC TS adapter is considered.
Modules of other providers can show other functions which would lead to a different evaluation.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 45/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Evaluation of the configuration Table 3-10
Criterion Evaluation
Quantitative cost situation
Regarding the costs the following points must be considered: • Procurement costs for TS adapters, TS software
and CSD modem. • The basic costs for the used mobile phone card. • The cost of calls during the data connection.
Payment occurs per time unit, i.e. irrespective of the data volume.
Availability and reliability
GSM are distributed worldwide, however, the CSD service has already been stopped in some networks. Checking the availability of CSD functions at the local provider is therefore necessary. Due to the location-based access to the mobile radio network the communication partner can freely move in the radio field of the base station. If the communication partner is outside of the radio field, a communication cannot take place. The configuration can be used reliably as far as technically viable.
Security To secure the data connection two functions can be used: • The Call Back function, to ensure that only
authorized stations can use the function. The modem only calls back defined telephone numbers
• Login password to enable a secure authentication. The data transfer itself is secured by the used protocols, the communication is not protected against bugging.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 46/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
3.4 Configuration 3: Ethernet connection with dialup connection via modem
Introduction into the configuration This configuration shows the connection of two SIMATIC components by means of a dialup connection. The active communication partner is connected with a TS adapter IE or an Ethernet Dial In/Out Router.
Configuration Figure 3-3
TS adapter IEopt. with modemModem
PSTNPSTNPC/PG
Page AEnd Device A WAN Interface A
Page BWAN Interface B End Device B
Ethernet network
Modem
I/O
OH AA RD TD TR CD CS EC DC V34 K56FAXMSG MRK56FLEX
Employed bus systems The bus system of the TS adapter IE or the Ethernet Dial In/Out Routers is Industrial Ethernet. The communication is IP-based.
Applicable data connections For data transmission, telephone connections are used which are switched by the PSTN via
• ISDN
• analog telephone lines or
• a GSM-CSD modem (externally connected)
Note GSM-CSD modems can be configured for the application with both telephone systems, since a compatible protocol is available for both systems.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 47/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page A: component variants / parts lists Table 3-11
End device A WAN Interface A Comment
PG/PC with teleservice
Software from V 6.1
Modem (Analog / ISDN) (TS adapter IE)
A standard modem is connected to the PC as a modem. The protocols / methods • V 34 up to, V90 / V92 or K56flex (for
analog), or • X.75, V.110 or V.120 (for ISDN) are supported.
PG/PC Modem (Analog / ISDN)
(Ethernet Dial In/Out Router)
A standard modem is connected to the PC as a modem. The protocols / methods • V 34 up to, V90 / V92 or K56flex (for
analog), or • X.75, V.110 or V.120 (for ISDN) are supported depending on the used modem of the Ethernet Dial In/Out Router.
Controller / network Ethernet Dial In/Out Router
(Analog / ISDN)
Here the market offers different modules e.g.: • INAT echoroute, • Westermo ZR-200.
Note Only Ethernet Dial In/Out Router can be employed as gateway between two separate Ethernet networks via a dialup connection.
The TS adapter IE does not support this function in the current variant.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 48/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page B: component variants / parts lists Table 3-12
End device B WAN interface B Comment
Controller / network TS adapter IE (Analog / ISDN)
Possible SIMATIC modules: • TS adapter IE (analog)
6ES7972-0EM00-0XA0 • TS adapter IE (ISDN)
6ES7972-0ED00-0XA0 (Depending on the active station)
Controller / network GSM-CSD modem <>
TS adapter IE
If the partner station can only be reached via the mobile radio network, the TS adapter can be expanded with a GSM-CSD modem. A GSM-CSD modem of SIMATIC for this application is the: • GSM kit TC65T
6AG1011-1CC00-0AA0 • SINAUT MD720-3 GSM/GPRS
6NH9720-3AA00
(CSD for analog modems or the protocol V.110 for ISDN modems)
Controller / network Ethernet Dial In/Out Router
(Analog / ISDN)
Here the market offers different modules e.g.: • INAT echoroute, • Westermo ZR-200.
Controller / network GSM-CSD modem <>
Ethernet Dial In/Out Router
If the partner station can only be reached via the mobile radio network, an additional GSM-CSD modem must be used on top of one of the described Ethernet Dial In/Out routers. A possible GSM-CSD modem of SIMATIC is the: • GSM kit TC65T
6AG1011-1CC00-0AA0 • SINAUT MD720-3 GSM/GPRS
6NH9720-3AA00
(CSD for analog modems or the protocol V.110 for ISDN modems)
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 49/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Application in the SIMATIC system This configuration is suitable for the application in the SIMATIC environment as follows: Table 3-13
SIMATIC service Evaluation Comment
Operator control and monitoring.
HMI functions enable the transfer of configurations.
Diagnostics Diagnostics options are possible, however, restricted by the limited band width.
TS adapter IE The e-mail function enables reporting the diagnostic events through the user program using the TS adapter IE.
Reporting
Ethernet Dial In/Out Router
For Ethernet Dial In/Out routers the message functions are not implemented. Here e-mail functions can only be realized via functions of the advanced CP for example (if necessary internet connection required).
PG functions PC functions are possible. The bandwidth is sufficient for programming and monitoring of block statuses.
TS adapter IE ---
The TS adapter IE does not enable transfer of data in the current variant.
Data transmission
Ethernet Dial In/Out Router
IF Ethernet Dial In/Out Router are used, the function is given IP based via the routers with the bandwidth of the used dialup connection between the routers.
Note For the e-mail function of the TS adapter IE an internet access must be configured in the TS adapter IE.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 50/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Evaluation of the configuration Table 3-14
Criterion Evaluation
Quantitative cost situation
Regarding the costs the following points must be considered: • Procurement costs for TS adapter and TS software
or the Ethernet Dial In/Out router. • The basic costs for the used telephone connection. • The cost of calls during the data connection.
Payment occurs per time unit, .e. irrespective of the data volume.
• The costs of the ISP for any internet usage. Availability and
reliability Telephone connections are available worldwide. The global usage is guaranteed. Due to the fixed telephone connection the communication partner is bound by the location. The configuration is very reliable regarding its usage and distributed worldwide.
Security To secure the data connection two functions can be used here: • Call Back function, to ensure that only authorized
stations can use the function. The modem only calls back defined telephone numbers
• Login password to enable a secure authentication. The data transfer itself is secured by the used protocols, the communication is not protected against bugging.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 51/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
3.5 Configuration 4: Ethernet connection with dialup connection via radio modem
Introduction into the configuration This configuration shows the connection of two SIMATIC components by means of a dialup connection. The active communication partner is connected with a TS adapter IE or an Ethernet Dial In/Out Router.
Configuration Figure 3-4
CSD Modem
PSTNPSTNPC/PG
Page AEnd Device A WAN Interface A
Page BWAN Interface B End Device B
Ethernet NetworkTS adapter IEopt. with modem
Employed bus systems The bus system of the TS adapter IE or the Ethernet Dial In/Out Routers is Industrial Ethernet. The communication is IP-based.
Applicable data connections A telephone connection via GSM-CSD is established for data transfer. The TS adapter of the communication partner can be connected to the PSTN via
• ISDN
• analog telephone lines or
• a further GSM-CSD modem (externally connected)
Note GSM-CSD modems can be configured for the application with both telephone systems, since a compatible protocol is available for both systems.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 52/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page A: component variants / parts lists Table 3-15
End device A WAN Interface A Comment
PG/PC with teleservice
Software from V 6.1
GSM-CSD modem (TS adapter IE)
The employed modem is a GSM-CSD modem such as: • GSM kit TC65T.
6AG1011-1CC00-0AA0 • SINAUT MD720-3 GSM/GPRS
6NH9720-3AA00
(CSD for analog modems or the protocol V.110 for ISDN modems)
PG/PC GSM-CSD modem (Ethernet
Dial In/Out Router)
The employed modem is a GSM-CSD modem such as: • GSM kit TC65T.
6AG1011-1CC00-0AA0 • SINAUT MD720-3 GSM/GPRS
6NH9720-3AA00
(CSD for analog modems or the protocol V.110 for ISDN modems)
Controller / network Ethernet Dial In/Out Router
<> GSM-CSD modem
Here the market offers different modules e.g.: • INAT echoroute, • Westermo ZR-200. A possible GSM-CSD modem is the • GSM kit TC65T
6AG1011-1CC00-0AA0 • SINAUT MD720-3 GSM/GPRS
6NH9720-3AA00
(CSD for analog modems or the protocol V.110 for ISDN modems)
Note Only Ethernet Dial In/Out Router can be employed as gateway between two separate Ethernet networks via a dialup connection.
The TS adapter IE does not support this function in the current variant.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 53/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page B: component variants / parts lists Table 3-16
End device B WAN interface B Comment
Controller / network TS adapter IE (Analog / ISDN)
Possible SIMATIC modules: • TS adapter IE (analog)
6ES7972-0EM00-0XA0 • TS adapter IE (ISDN)
6ES7972-0ED00-0XA0 Controller / network GSM-CSD modem
<> TS adapter IE
If the passive station can only be reached via a mobile radio network, a GSM-CSD modem can be connected to the TS adapter IE via the serial interface. A possible GSM-CSD modem of SIMATIC is the: • GSM kit TC65T
6AG1011-1CC00-0AA0 • SINAUT MD720-3 GSM/GPRS
6NH9720-3AA00
(CSD for analog modems or the protocol V.110 for ISDN modems)
Controller / network Ethernet Dial In/Out Router
(Analog / ISDN)
Here the market offers different modules e.g.: • INAT echoroute, • Westermo ZR-200.
Controller / network GSM-CSD modem <>
Ethernet Dial In/Out Router
If the passive station can only be reached via a mobile radio network, a GSM-CSD modem can be connected to the Ethernet Dial In/Out Router via the serial interface. A possible GSM-CSD modem of SIMATIC is the: • GSM kit TC65T
6AG1011-1CC00-0AA0 • SINAUT MD720-3 GSM/GPRS
6NH9720-3AA00
(CSD for analog modems or the protocol V.110 for ISDN modems)
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 54/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Application in the SIMATIC system This configuration is suitable for the application in the SIMATIC environment as follows: Table 3-17
SIMATIC service Evaluation Comment
Operator control and monitoring.
HMI functions enable the transfer of configurations.
Diagnostics Diagnostics options are possible, however, restricted by the limited band width.
TS adapter IE The e-mail function enables reporting the diagnostic events through the user program using the TS adapter IE.
Reporting
Ethernet Dial In/Out Router
For Ethernet Dial In/Out routers comparable functions, e.g. e-mail, must be realized via the Advanced CP (internet connection required).
PG functions
PC functions are possible. The bandwidth is sufficient for programming and monitoring of block statuses.
TS adapter IE ---
The TS adapter IE does not enable transfer of data in the current variant.
Data transmission
Ethernet Dial In/Out Router
IF Ethernet Dial In/Out Router are used, the function is given IP based via the routers with the bandwidth of the connection between the routers.
Bandwidth of the CSD modem The evaluation of the SIMATIC application is decided by the maximum data bandwidth of a CSD modem. It is up to 14.4 kbps.
Note For the e-mail function of the TS adapter IE an internet access must be configured in the TS adapter IE.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 55/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Evaluation of the configuration Table 3-18
Criterion Evaluation
Quantitative cost situation
Regarding the costs the following points must be considered: • Procurement costs for TS adapter, TS software or
the Ethernet Dial In/Out router and the CSD modem.
• The basic costs for the used mobile phone card. • The cost of calls during the data connection.
Payment occurs per time unit, .e. irrespective of the data volume.
• The costs of the ISP for any internet usage. Availability and
reliability GSM are distributed worldwide, however, the CSD service has in the mean time been stopped in some networks. The function therefore needs to be checked by the local provider. Due to the location-based access to the mobile radio network the communication partner can freely move in the radio field of the base station. If the communication partner is outside of the radio field, a communication cannot take place. The configuration can be used reliably as far as technically viable.
Security To secure the data connection two functions can be used here: • Call Back function, to ensure that only authorized
stations can use the function. The modem only calls back defined telephone numbers
• Login password to enable a secure authentication. The data transfer itself is secured by the used protocols, the communication is not protected against bugging.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 56/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
3.6 Configuration 5: Ethernet connection via package-based broadband networks
Introduction into the configuration This configuration shows the connection of two SIMATIC components by means of broadband networks without security measures.
The Port Forwarding function is used for transferring the data between target router and target station.
Configuration Figure 3-5
GPRS / EDGE / UMTS Router
InternetInternetPC/PG
Page AEnd Device A WAN Interface A
Page BWAN Interface B End Device B
Ethernet NetworkModem /Ethernet Router
Employed bus systems The bus system is IP-based and fixed to Ethernet. If the used WAN interface is integrated in an end device, it receives a public IP address.
Applicable data connections The communication partners can either be connected via cable-based broadband networks or via package-based radio networks.
A description of the possible partner network-accesses is available in the following chapters:
• 2.4 “Package-oriented data transfer via radio networks” and
• 2.5 “Package-oriented data transfer via cable-based networks”.
Note Only one communication partner with valid Public IP address can be used as target partner.
Stations which are located in NAT protected networks, such as GPRS / EDGE and UMTS, can generally not be used.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 57/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Public IP address in the partner station The public IP address of the partner station must be known. It can be realized by means of:
• a fixed IP address which is provided by the ISP, or
• a name via which IP is resolved. A respective service is DynDNS.
If the partner IP address is not known, the port forwarding, hence the WAN configuration, cannot be used.
Port forwarding Port forwarding is a configured function of the target router. This function enables forwarding certain data telegrams to a private network station defined in the configuration. The respective telegrams must be directed to a defined port of the public IP address of the target router.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 58/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page A: component variants / parts lists Table 3-19
End device A WAN Interface A Comment
PG/PC Broadband modem A broadband modem is used according to the employed broadband internet access.
PG/PC Ethernet router <>
Broadband modem
The internet connection of the router occurs via a broadband modem, depending on the employed broadband internet access.
Controller / network Ethernet router <>
Broadband modem
In order to connect a network with SIMATIC controllers, which work as passive stations, the router must support the Port Forwarding function. The internet connection of the router occurs via a broadband modem corresponding to the broadband internet access.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 59/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page B: component variants / parts lists Table 3-20
End device B WAN interface B Comment
PG/PC Broadband modem A broadband modem is used according to the employed broadband internet access.
Controller / network Broadband modem <>
Ethernet router
The internet connection of the router occurs via a broadband modem corresponding to the broadband internet access. In order to connect a network with SIMATIC controllers, which work as passive stations, the router must support the Port Forwarding function.
Controller / network Sat modem <>
Ethernet router
SAT connection of the Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network. In order to connect a network with SIMATIC controllers working as passive stations the router must support the Port Forwarding function.
Note In order to connect a controller to the internet a router is always necessary.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 60/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Application in the SIMATIC system This configuration is suitable for the application in the SIMATIC environment as follows: Table 3-21
SIMATIC service Evaluation Comment
Operator control and monitoring.
HMI functions enable the transfer of configurations to one station. The test operation is not sensible due to the limitations of the accessible stations.
Diagnostics The diagnostics options are possible, alone the limitation of the number of respectively accessible station restricts this function. A real-time capability is not given due to the high reaction times of the internet.
Reporting Reporting diagnostics events through the user program is only possible with permanent connections to the internet and static addresses.
PG functions PG functions are possible, the number of accessible stations is limited by Port Forwarding. A real-time capability is not given due to the high reaction times of the internet.
Data transmission A configured data transfer is only possible if static public IP addresses are used. Dynamic IP addresses allow for a very limited configuration only. (Unilateral configuration)
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 61/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Evaluation of the configuration Table 3-22
Criterion Evaluation
Quantitative cost situation
Regarding the costs the following points must be considered: • The procurement costs of the used modem and
possibly the Ethernet router. • The basic costs for the used broadband internet
connections. • The calculated data volume
(depending on the used tariff model). The payment occurs time-independent, the costs only depend on the transferred data volume.
Availability and reliability
(DSL)
DSL internet accesses are widely distributed in the industrial nations, alone the availability in thinly populated regions is limited. Due to the cable-based data access the communication partner is bound by the location. The configuration can be used reliably as far as technically viable.
Availability and reliability
(Cable internet)
Cable internet access is widely distributed in the industrial nations, in some countries it exceeds the number of DSL (broadband) connections. The available data bandwidth depends on the number of active stations of the medium. Due to the cable-based data access the communication partner is bound by the location. The configuration can be used reliably as far as technically viable.
Security The Internet as a transport medium is unsafe. Since the communication is port based, there is no security against bugging. The enabled ports are furthermore an additional “Point of Attack”, which is not acceptable in critical networks. The operation with Port Forwarding is only sensible over a limited time. Data is not secured against falsification.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 62/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
3.7 Configuration 6: Ethernet connection via package-based radio networks
Introduction into the configuration This configuration shows the connection of two SIMATIC components via package-oriented radio networks without security measures.
The Port Forwarding function is used for forwarding the data from target router to target station.
Configuration Figure 3-6
GPRS / EDGE / UMTS Router
InternetInternetPC/PG
Page AEnd Device A WAN Interface A
Page BWAN Interface B End Device B
Ethernet NetworkModem /Ethernet Router
Employed bus systems The bus system is IP-based and fixed to Ethernet. If the used WAN interface is integrated in an end device, it receives a public IP address.
Applicable data connections The communication partners can either be connected via cable-based broadband networks or via package-based radio networks.
A description of the possible partner network-accesses is available in the following chapters:
• 2.4 “Package-oriented data transfer via radio networks” and
• 2.5 “Package-oriented data transfer via cable-based networks”.
Note Only one communication partner with valid Internet Public IP address can be used as target partner.
Stations in NAT protected networks, such as GPRS / EDGE and UMTS, can generally not be used.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 63/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Public IP address in the partner station The public IP address of the partner station must be known. It can be realized by means of:
• a fixed IP address which is provided by the ISP, or
• a name via which IP is resolved. A respective service is DynDNS.
If the partner IP address is not known, the port forwarding, hence the WAN configuration, cannot be used.
Port forwarding Port forwarding is a configured function of the target router. This function enables forwarding certain data telegrams to a private network station defined in the configuration. The respective telegrams must be directed to a defined port of the public IP address of the target router.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 64/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page A: component variants / parts lists Table 3-23
End device A WAN Interface A Comment
PG/PC GPRS router For the application with package-based radio networks integrated modules or routers with Ethernet interface are available for the respectively supported service. For GPRS e.g. • MD 740-1
6NH9740-1AA00 PG/PC EDGE / UMTS
router For the application with package-based radio networks integrated modules or routers with Ethernet interface are available for the respectively supported service. For EDGE e.g. • MD 741-1
6NH9741-1AA00 For UMTS different modules of different manufacturers are available on the market.
PG/PC Ethernet router <>
SAT modem
SAT connection requires a SAT modem and a SAT receive / send system, depending on the employed satellite network.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 65/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
End device A WAN Interface A Comment
Controller / network
GPRS router
For the application with package-based radio networks integrated modules or routers with Ethernet interface are available for the respectively supported service. For GPRS the SIMATIC spectrum offers, e.g. • MD 740-1
6NH9740-1AA00 Controller / network EDGE / UMTS
router For the application with package-based radio networks integrated modules or routers with Ethernet interface are available for the respectively supported service. For EDGE the SIMATIC spectrum offers, e.g. • MD 741-1
6NH9741-1AA00 For UMTS different modules of different manufacturers are available on the market.
Controller / network Ethernet router <>
SAT modem
SAT connection of the used Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network.
Note In order to connect a network with SIMATIC controllers working as passive stations the router must support the Port Forwarding function.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 66/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page B: component variants / parts lists Table 3-24
End device B WAN interface B Comment
Controller / network
PC/PG
Broadband modem <>
Ethernet router
The broadband connection of the used Ethernet router occurs via a modem. A broadband modem is used according to the employed broadband internet access.
Controller / network
PC/PG
Sat modem <>
Ethernet router
SAT connection of the Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network.
PC / PG Broadband modem A broadband modem is used according to the employed broadband internet access. Unique identification of the PG/PS requires a fixed IP address.
Note In order to connect a controller to the internet a router is required which supports the Port Forwarding function as passive station.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 67/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Application in the SIMATIC system This configuration is suitable for the application in the SIMATIC environment as follows: Table 3-25
SIMATIC service Evaluation Comment
GPRS
EDGE / UMTS
Operator control and monitoring.
Internet via satellite
HMI functions via package-based radio internet access enable the transfer of configurations to one station. The test mode can not be sensibly used due to the very low bandwidth for GPRS and the very high reaction times such as for internet via satellite.
Diagnostics The diagnostics options are possible, alone the limitation of the number of accessible station restricts this function. Due to the considerable reaction times of the transmission media a real-time capability is not given.
GPRS ---
EDGE / UMTS ---
Reporting
Internet via satellite
Reporting events through the user program is possible with permanent connections to the internet and static addresses. If functions outside the SIMATIC spectrum are used for reporting events such as e-mail or SMS, other end devices can be used.
GPRS
EDGE / UMTS
PG functions
Internet via satellite
PG functions are well possible, the number of accessible stations is limited by Port Forwarding. The real-time capability is not given due to the high reaction times of the internet.
GPRS
EDGE / UMTS
Data transmission
Internet via satellite
A bilaterally configured data transfer is only possible if static public IP addresses are used. If the IP addresses are assigned dynamically or NAT protected, only a unilaterally configured data transfer can be used.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 68/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Evaluation of the configuration Table 3-26
Criterion Evaluation
Quantitative cost situation
Regarding the costs the following points must be considered: • The procurement costs of the employed GPRS /
EDGE / UMTS router or the Ethernet router and the SAT send and receive system.
• The basic costs for the used mobile phone cards or the SAT connection.
• The calculated data volume (depending on the used tariff model). The payment occurs time-independent, the costs depend on the transferred data volume only.
Availability and reliability (GPRS)
Mobile radio networks with package-based data transfer are widely distributed in the industrialized world. Due to the location-based access to the mobile radio networks the communication partner can freely move in the radio field of the base station. The configuration can be used reliably to a limited extent.
Availability and reliability
(EDGE / UMTS)
Mobile radio networks with package-based data transmission within the industrialized world are widely distributed, only thinly populated regions have a limited availability. Providers generally either offer UMTS or EDGE. This depends on the local network expansion. Due to the location-based access to the mobile radio networks the communication partner can freely move in the radio field of the base station. The bandwidth hereby be reduced to GPRS level. The configuration can be used reliably as far as technically viable.
Availability and reliability
(Internet via SAT)
The application of broadband internet via SAT depends on the “footprint” of the used satellite. The configuration can be used reliably as far as technically viable.
Security The Internet as a transport medium is unsafe. Since the communication is port based, there is no security against bugging. The enabled ports are furthermore an additional “Point of Attack”, which is not acceptable in critical networks. The operation with Port Forwarding is only sensible over a limited time. Transferred data is not secured against falsification.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 69/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
3.8 Configuration 7: Secure Ethernet connection via package-based broadband internet access
Introduction into the configuration This configuration shows the secure connection of two SIMATIC components via broadband networks. Securing the communication and the transferred data occurs via encoded tunnel connection.
Configuration Figure 3-7
Modem /Ethernet RouterBroadband
Modem
InternetInternetPC/PG
Page AEnd Device A WAN Interface A
Page BWAN Interface B End Device B
Ethernet Network
VPN Tunnel
Employed bus systems The bus system is IP-based and hence fixed to Ethernet. If the used WAN interface is integrated in an end device, it receives a public IP address.
Applicable data connections The communication partners can either be connected via cable-based broadband networks or via package-based radio networks.
A description of the possible partner network-accesses is available in the following chapters:
• 2.4 “Package-oriented data transfer via radio networks” and
• 2.5 “Package-oriented data transfer via cable-based networks”.
Note Only one communication partner with valid Internet Public IP address can be used as target partner.
Stations in NAT protected networks, such as GPRS / EDGE and UMTS, can generally not be used.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 70/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Public IP address in the partner station The public IP address of the partner station must be known. It can be realized by means of:
• a fixed IP address which is provided by the ISP, or
• a name via which IP is resolved. A respective service is DynDNS.
If the partner IP address is not known a tunnel connection cannot be used.
Tunnel connection A special type of data connection is necessary to secure the data communication between two stations or entire networks.
This data connection type is referred to as tunnel.
The most common tunnel types are:
• PPTP (Point to Point Tunneling Protocol)
• L2TP (Layer 2 Tunneling Protocol)
A tunnel ensures the safe connection and the safe transfer of data.
The tunnel represents no security against bugging attempts by a third party. Protecting the data transmission against bugging by a third party requires encoding the data.
IP encoding methods The most common method for securing data of a communication in the internet is IPsec. It offers:
• a cryptographic protection of the transferred data,
• securing the data integrity and
• authentication of the stations and the used keys.
IPsec support all IP-based communication protocols and services.
In IP version 6, IPsec is a basic component of the protocol standard.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 71/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Configuration of the tunnel end points A tunnel connection can be established either between:
• two stations (clients),
• two networks (gateways) or
• one station and one network (client / gateway)
The tunnel connection must be configured identical on both sides in order to establish the connection.
Encoding the data transmission may be part of this configuration.
If tunnels of the described type are established, these are also referred to as Virtual Private Networks VPNs.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 72/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
VPN A VPN consists of a configured tunnel connection with two tunnel end points.
Possible tunnel end points are: Table 3-27
Tunnel end point Description
Client A VPN client is a software which can either be • a standard client such as integrated in
Windows XP, • a proprietary tool or • the SOFTNET SECURITY CLIENT Ed. 2008.
6GK1704-1VW02-0AA0 depending on VPN partner station / tunnel end point.
Gateway A VPN Gateway is generally a network component which either works as network access account for the internet access as well as for processing the tunnel connection. The market offers a number of VPN variants, here • a VPN Gateway-capable Ethernet router can
equally be used as • an Ethernet router and a VPN Gateway be
switched in succession. The tunnel connections are here forwarded with Port Forwarding from the router to the Gateway.
The configuration of the VPN Gateways occurs either via a web-based interface or via a proprietary configuration software. Within the SIMATIC spectrum the VPN Gateways (without network access accounts for internet access): • SCALANCE S612
6GK5612-0BA00-2AA3 • SCALANCE S613
6GK5613-0BA00-2AA3 are known.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 73/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page A: component variants / parts lists Table 3-28
End device A WAN Interface A Comment
PG/PC with VPN Client
Software
Broadband modem A broadband modem is used according to the employed broadband internet access.
PG/PC with VPN Client
Software
Ethernet router <>
Broadband modem
The internet connection of the router occurs via a broadband modem, depending on the used broadband internet access.
PG/PC
Controller / network
VPN Gateway Ethernet router
<> Broadband modem
The internet connection of the router occurs via a broadband modem, depending on the used broadband internet access.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 74/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page B: component variants / parts lists Table 3-29
End device B WAN interface B Comment
Controller / network
PG/PC
Broadband modem<>
VPN Gateway Ethernet router
The internet connection of VPN Gateways / of VPN Gateway-Router combination occurs via a broadband modem, according to the used broadband internet access.
Controller / network
PG/PC
Sat modem <>
VPN Gateway Ethernet router
SAT connection of VPN Gateways / of the VPN Gateway-Router combination requires a SAT modem and a SAT receive / send system, depending on the employed satellite network.
PG/PC with VPN Client
Software
Broadband modem A broadband modem is used according to the employed broadband internet access.
PG/PC with VPN Client
Software
Broadband modem <>
Ethernet router
The internet connection of the Ethernet router occurs via a broadband modem, depending on the used broadband internet access. The Port Forwarding function is required for forwarding the tunnel telegrams to the VPN client.
PG/PC with VPN Client
Software
Sat modem <>
Ethernet router
SAT connection of the Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network. The Port Forwarding function is required for forwarding the tunnel telegrams to the VPN client.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 75/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Application in the SIMATIC system This configuration is suitable for the application in the SIMATIC environment as follows: Table 3-30
SIMATIC service Evaluation Comment
Operator control and monitoring.
HMI functions enable the transfer of configurations to all stations and networks. The test operation is possible, however, the reduced bandwidth and increased reaction times are only sensible to a limited extend.
Diagnostics Diagnostics options are fully possible. A real-time capability is not given due to the high reaction times of the internet.
Reporting Reporting diagnostics events through the user program is possible for a permanent connection.
PG functions PC functions are fully possible. The real-time capability is not given due to the high reaction times of the internet.
Data transmission Full as well as partially configured data transfer is possible.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 76/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Evaluation of the configuration Table 3-31
Criterion Evaluation
Quantitative cost situation
Regarding the costs the following points must be considered: • The procurement costs of the used modem, VPN
Gateways, the Ethernet router and possibly the VPN client software.
• The basic costs for the used broadband internet connections.
• The calculated data volume (depending on the used tariff model). Payment occurs time independent, depending on the data volume.
Availability and reliability
(DSL)
DSL internet accesses are widely distributed in the industrial nations, only the availability in thinly populated regions is limited. Due to the cable-based data access the communication partner is bound by the location. The configuration can be used reliably as far as technically viable.
Availability and reliability
(Cable internet)
Cable internet access is widely distributed in the industrial nations, in some countries it exceeds the number of DSL (broadband) connections. The available data bandwidth depends on the number of stations of the medium. Due to the cable-based data access the communication partner is bound by the location. The configuration can be used reliably as far as technically viable.
Security The Internet as a transport medium is unsafe. Since the communication through the tunnel is IPsec secured, maximum security is provided against bugging and data falsification
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 77/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
3.9 Configuration 8: Secure Ethernet connection via package-based mobile phone internet access
Introduction into the configuration This configuration shows the secure connection of two SIMATIC components via package-based radio networks. Securing the communication as well as the transferred data occurs via encoded tunnel connection.
Configuration Figure 3-8
GPRS / EDGE / UMTS Router
InternetInternetPC/PG
Page AEnd Device A WAN Interface A
Page BWAN Interface B End Device B
Modem /Ethernet Router
Ethernet Network
VPN Tunnel
Employed bus systems The bus system is IP-based and hence fixed to Ethernet. If the used WAN interface is integrated in an end device, it receives a public IP address.
Applicable data connections The communication partners can either be connected via cable-based broadband networks or via package-based radio networks.
A description of the possible partner network-accesses is available in the following chapters:
• 2.4 “Package-oriented data transfer via radio networks” and
• 2.5 “Package-oriented data transfer via cable-based networks”.
Note Only one communication partner with valid Internet IP address can be used as target partner.
Stations in NAT protected networks, such as GPRS / EDGE and UMTS, can generally not be used.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 78/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Public IP address in the partner station The public IP address of the partner station must be known. It can be realized by means of:
• a fixed IP address which is provided by the ISP, or
• a name via which IP is resolved. A respective service is DynDNS.
If the partner IP address is not known a tunnel connection cannot be used.
Tunnel connection A special type of data connection is necessary to secure the data communication between two stations or entire networks.
This data connection type is referred to as tunnel.
The most common tunnel types are:
• PPTP (Point to Point Tunneling Protocol)
• L2TP (Layer 2 Tunneling Protocol)
A tunnel ensures the safe connection and the safe transfer of data.
The tunnel represents no security against bugging attempts by a third party. Protecting the data transmission against bugging by a third party requires encoding the data.
IP encoding methods The widest distributed method for securing data of a communication in the internet is IPsec. It offers:
• a cryptographic protection of the transferred data,
• securing the data integrity and
• authentication of the stations and the used keys.
IPsec support all IP-based communication protocols and services.
In IP version 6, IPsec is a basic component of the protocol standard.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 79/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Configuration of the tunnel end points A tunnel connection can be established either between:
• two stations (clients),
• two networks (gateways) or
• one station and one network (client / gateway)
The tunnel connection must be configured identical on both sides in order to establish the connection.
Encoding the data transmission may be part of this configuration.
If tunnels of the described type are established, these are also referred to as Virtual Private Networks VPNs.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 80/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
VPN A VPN consists of a configured tunnel connection with two tunnel end points.
Possible tunnel end points are: Table 3-32
Tunnel end point Description
Client A VPN client is a software which can either be • a standard client such as integrated in
Windows XP, • a proprietary tool or • the SOFTNET SECURITY CLIENT Ed. 2008.
6GK1704-1VW02-0AA0 depending on VPN partner station / tunnel end point.
Gateway A VPN Gateway is generally a network component which either works as network access account for the internet access as well as for processing the tunnel connection. The market offers a number of VPN variants, here • a VPN Gateway-capable Ethernet router can
equally be used as • an Ethernet router and a VPN Gateway be
switched in succession. The tunnel connections are here forwarded with Port Forwarding from the router to the Gateway.
The configuration of the VPN Gateways occurs either via a web-based interface or via a proprietary configuration software. Within the SIMATIC spectrum the VPN Gateways (without network access accounts for internet access): • SCALANCE S612
6GK5612-0BA00-2AA3 • SCALANCE S613
6GK5613-0BA00-2AA3 are known.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 81/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page A: component variants / parts lists Table 3-33
End device A WAN Interface A Comment
PG/PC with VPN Client
Software
GPRS modem / router
When using a GPRS module as modem.
PG/PC
Steuerung / Netzwerk
VPN Gateway GPRS router
The SIMATIC product family offers a router with VPN Gateway functionality and Ethernet interface. For GPRS this is • MD 740-1
6NH9740-1AA00
PG/PC with VPN Client
Software
EDGE / UMTS modem / router
When using an EDGE capable module as modem.
PG/PC
Controller / network
VPN Gateway EDGE / UMTS
router
The SIMATIC product family offers a router with VPN Gateway functionality and Ethernet interface. For GPRS / EDGE this is • MD 741-1
6NH9741-1AA00 For UMTS different modules are available on the market.
PG/PC with VPN Client
Software
Ethernet router <>
SAT modem PG/PC
Controller / network
VPN Gateway Ethernet router
<> SAT - modem
SAT connection of the Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 82/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Page B: component variants / parts lists Table 3-34
End device B WAN interface B Comment
PG/PC with VPN Client
Software
Broadband modem The broadband connection of PC occurs via a broadband modem, depending on the employed broadband internet access.
Controller / network
PG/PC
Broadband modem <>
VPN Gateway Ethernet router
In order to connect a network with SIMATIC controllers, which work as passive stations, the router must be configured as VPN Gateway corresponding to the partner Gateway. The internet connection of the Ethernet router occurs via a broadband modem, depending on the employed internet access.
PG/PC with VPN Client
Software
Broadband modem <>
Ethernet router
For forwarding the tunnel telegrams to the VPN client the router used for the internet connection must support the Port Forwarding function. The internet connection of the Ethernet router occurs via a broadband modem, depending on the employed internet access.
Controller / network
PG/PC
Sat modem <>
VPN Gateway Ethernet router
SAT connection of the Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network.
PG/PC with VPN Client
Software
Sat modem <>
Ethernet router
SAT connection of the Ethernet router requires a SAT modem and a SAT receive / send system, depending on the employed satellite network. The Port Forwarding function is required for forwarding the tunnel telegrams to the VPN client.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 83/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Application in the SIMATIC system This configuration is suitable for the application in the SIMATIC environment as follows: Table 3-35
SIMATIC service Evaluation Comment
GPRS
EDGE / UMTS
Operator control and monitoring.
Internet via satellite
HMI functions via package-based radio internet access enable the transfer of configurations to all stations of the network. The test mode is not sensible due to the very low bandwidth for GPRS and the very high reaction times such as for internet via satellite.
Diagnostics Diagnostics options are well possible. Due to the high reaction times of the transmission media a real-time capability is not given.
GPRS
EDGE / UMTS
Reporting
Internet via satellite
Reporting events through the user program is possible for a permanently established VPN. If functions outside the SIMATIC spectrum are used for reporting events such as e-mail or SMS, other end devices can be used.
GPRS
EDGE / UMTS
PG functions
Internet via satellite
PC functions are possible. The real-time capability is not given due to the high reaction times of the internet.
GPRS
EDGE / UMTS
Data transmission
Internet via satellite
Data transmission is fully possible if the VPN has been continuously built up.
WAN Configurations in the SIMATIC Environment
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 84/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Evaluation of the configuration Table 3-36
Criterion Evaluation
Quantitative cost situation
Regarding the costs the following points must be considered: • The procurement costs of the employed GPRS /
EDGE / UMTS router / modem, the Ethernet router and the SAT send and receive system.
• The basic costs for the used mobile phone cards or the SAT connection.
• The calculated data volume (depending on the used tariff model). The payment occurs time-independent, the costs depend on the transferred data volume only.
Availability and reliability (GPRS)
Mobile radio networks with package-based data transfer are widely distributed in the industrialized world. Due to the location-based access to the mobile radio networks the communication partner can freely move in the radio field of the base station. The configuration can be used reliably to a limited extent.
Availability and reliability
(EDGE / UMTS)
Mobile radio networks with package-based data transmission within the industrialized world are widely distributed, only thinly populated regions have a limited availability. Providers generally either offer UMTS or EDGE, which depends on the local network expansion. Due to the location-based access to the mobile radio networks the communication partner can freely move in the radio field of the base station. The bandwidth hereby be reduced to GPRS level. The configuration can be used reliably as far as technically viable.
Availability and reliability
(Internet via SAT)
The application of broadband internet via SAT depends on the “footprint” of the used satellite. The configuration can be used reliably as far as technically viable.
Security The Internet as a transport medium is unsafe. Since the communication through the tunnel is IPsec secured, maximum security is provided against bugging and data falsification
Notes on Additional Information
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 85/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
Bibliography
4 Notes on Additional Information
4.1 Internet Links
This list is not complete and only represents a selection of relevant literature. Table 4-1
Topic Title \1\ Reference to
this entry Applications & Tools WAN Access Methods http://support.automation.siemens.com/WW/view/de/26662448
\2\ Siemens A&D Customer Support
Communication with SIMATIC http://support.automation.siemens.com/WW/view/de/1254686
\3\ Siemens A&D Customer Support
SCALANCE S and SOFTNET Security Client http://support.automation.siemens.com/WW/view/de/21718449
\4\ Siemens A&D Customer Support
Industrial Communication SIMATIC NET Industrial Ethernet network manual system manual http://support.automation.siemens.com/WW/view/de/27069465
\5\ Siemens A&D Customer Support
TS Adapter IE http://support.automation.siemens.com/WW/view/de/24623021
\6\ Siemens A&D Customer Support
TS Adapter II http://support.automation.siemens.com/WW/view/de/20983182
History
WAN Access Methods Entry ID: 26662448
V1.0 12/04/2008 86/86
Cop
yrig
ht ©
Sie
men
s A
G 2
008
All
right
s re
serv
ed
2666
2448
_WA
N_Z
ugrif
fsm
etho
den_
V01_
en.d
oc
Fehl
er! U
nbek
annt
er N
ame
für D
okum
ent-E
igen
scha
ft.
5 History Table 5-1 History
Version Date Modification
V1.0 04.12.2008 First issue