Upload
jim-cahill
View
6.121
Download
3
Embed Size (px)
DESCRIPTION
A slidecast by Lee Neitzel explaining the new Express Interface (Xi) standard for secure, firewall friendly process automation communications.
Citation preview
© 2009 OPC Express Interface Slide 1
EXPRESS interfaceEXPRESS interface
Technical OverviewTechnical Overview
© 2009 OPC Express Interface Slide 2
What is Xi?What is Xi?A simple Microsoft.NET interface for securely wrapping industrial automation systems, for both local and remote access.
Xi Client Xi Client
Xi ClientExistingClient
Xi Client
OPC COM Server
Xi InterfaceXi SecureMessaging
Xi SecureMessaging
© 2009 OPC Express Interface Slide 3
Why was Xi developed?Why was Xi developed?New Microsoft-based client developments have moved to .NET => These application need a native .NET interface to talk to OPC COM servers, instead of each having to develop its own.
Before Xi (need a custom adapter for each type of OPC server)
OPC COMServer
.NET
Interface “A”
.NET Client Application “A”COM/DCOM
.NET
Interface “B”.NET Client Application “B”
COM/DCOM
Custom Adapter
Custom Adapter
Custom Adapter.NET
Interface “C”.NET Client Application “C”
COM/DCOM
With Xi (Xi Wrapper is common to all types of OPC Servers)
OPC COM Server
.NET Client Application “A”
.NET Client Application “B”COM/
DCOM
Xi Wrapper
.NET Client Application “C”
Xi .NET
Interface
© 2009 OPC Express Interface Slide 4
Is Xi a common interface?Is Xi a common interface?Yes - Xi provides access to runtime and historical data, events, and alarms, all in one interface
Xi Alarm Client
Xi Interface
Xi DA Client
OPC DAServer
OPC HDAServer
OPC A&EServer
Xi History Client
Xi Integrated Client
Xi Integrated Client
© 2009 OPC Express Interface Slide 5
Security modelSecurity model
Full Access
Limited Access (e.g. no Writes)
Full Access
© 2009 OPC Express Interface Slide 6
Performance modelPerformance model
Higher Performance
Remote Access Performance
Highest Performance
© 2009 OPC Express Interface Slide 7
Platform modelPlatform model
Open – Generally Windows
Open – Any platform using web services
Windows
© 2009 OPC Express Interface Slide 8
Xi Interface ArchitectureXi Interface ArchitectureMulti-layer architecture to reduce interoperability problems
Client Interface
Client App
Client Base
Server Base
OPC Wrapper
OPC COM Server
Server Interface
WCF
Alternate Server Implementation
Developer-specific code
Standard code for the client
Standard code for the server
Developer-specific code
Standard code for OPC Wrappers
© 2009 OPC Express Interface Slide 9
Xi Functional ArchitectureXi Functional ArchitectureClients select resources (data/alarms/events) into lists, and add lists to endpoints for access
Client App
System Resources
Client-specific Context
HistoricalData
Alarms & Events
Historical Alarms & Events
Runtime.Data
Common to all clients
filterfilter
Read
Write
Subscribe
Manage
© 2009 OPC Express Interface Slide 10
Security conceptsSecurity concepts Base user privileges defined by access
control list Base encryption and authentication
provided by .NET WCF Read, write, and subscribe privileges for
the user can be restricted based on location of the user and the client application being used (e.g. only approved client apps can write).
Patent pending (royalty-free license for use with Xi)
© 2009 OPC Express Interface Slide 11
Read Endpoint
Resource Management
Endpoint
Security architectureSecurity architecture
List of Resource Discovery Endpoints
Server Discovery Endpoint
List of Resources
Write Endpoint
Secure
One per server
One per system
•Dynamically opened
•Multiple endpoints per client
•Multiple lists per endpoint
•Known only to the client
Only if authorized
List of Resources
List of Resources
Subscribe Endpoint
List of Resources
Poll or Callback
(may be redundant)
Access Controls
ClientApplication
© 2009 OPC Express Interface Slide 12
Server and endpoint discoveryServer and endpoint discovery
PNRP Enabled Servers
Non-PNRP Enabled Servers
PNRP Enabled Clients
Non-PNRP Enabled Clients
Xi Discovery
Server
Manual Configuration of Discovery Server
Address
Manual Configuration of Server Address
PNRP Discovery of Servers
Xi Discovery of Server Endpoints Xi Discovery of Xi
Server Endpoints
PNRP Discovery of Discovery
Servers
PNRP = Peer Name Resolution Protocol (Microsoft)
© 2009 OPC Express Interface Slide 13
Endpoint interfacesEndpoint interfaces
ServerDiscovery
ResourceManagement
Callback Poll
Read
Write
Used to locate servers
Used to: discover resources of a server, create lists of resources, create endpoints, and assign lists to endpoints
Used to get the value of list entries
Used to update the value of list entries
Subscribe
© 2009 OPC Express Interface Slide 14
Obtaining information about the serverObtaining information about the server
Standard MIB Objects
Vendor MIB Objects
(optional)
Server Management Info Base (MIB)
Server capabilities and settings
Server-specific management object values
Vendor MIB Object descriptions
© 2009 OPC Express Interface Slide 15
Finding objects (filtered browsing)Finding objects (filtered browsing)
A
B C
D E F G
Object Hierarchy
Objects located by their path (e.g. A/C/G)
Object Attributes
InstanceId
Name
Description
IsLeaf
ObjectTypeIdDataTypeIdListDimensions
IsReadable
IsWritable
FastestScanRateRoles
IsCollectingHistory
Flags
© 2009 OPC Express Interface Slide 16
Data listsData lists
Data Lists
A
B C
E F G
Object Hierarchy
data objects
D
• Data lists select data objects that are to be accessed via read/write/subscribe
• Data lists can be created by the client or the server
© 2009 OPC Express Interface Slide 17
Historical data listsHistorical data lists
Historical Data Lists
A
B C
E F G
Object Hierarchy
Historical values
D
• Historical data lists are data lists that contain historical values
• Historical lists are updated as new values are received into the Data Journal
© 2009 OPC Express Interface Slide 18
Alarm and event listsAlarm and event lists
Event/Alarm List
Filter Criteria
Alarms and
Events
Alarm/Event Sources
AreaHierarchy
• Alarms and events, like data, are accessed via lists, but membership in the list is defined by filters
• Events are in lists only long enough for them to be reported via a subscription
• Alarms stay in lists until they are acked/inactive• Alarms and event lists can be created by the client or the server
Areas
© 2009 OPC Express Interface Slide 19
Historical alarm and event listsHistorical alarm and event lists
Historical Event/Alarm
ListFilter
Criteria
Historical Alarms and Events
Alarm/Event Sources
Event Journal
• Historical alarm/event list membership is defined by filters
• Historical lists are updated as new alarms/events are received into the Event Journal
Areas
© 2009 OPC Express Interface Slide 20
Interface summaryInterface summary
© 2009 OPC Express Interface Slide 21
Example specification pageExample specification page
© 2009 OPC Express Interface Slide 22
ConclusionConclusion Open Additional security layered on top of traditional
security mechanisms Supports runtime and historical data, events, and
alarms. Additionally supports passthroughs Provides:
– Local access via NamedPipe bindings– LAN access via NetTcp bindings– Web access and off-platform access via REST
interface & Http bindings