IP•Tube CEP 202 T
Bell 202 T 4-Wire Modem Over IP MPLS Ethernet
Overview & Applications
Flexible Bell 202 Serial Data Extensions over Packet Networks | ||
The IP•Tube CEP 202 T has integrated Bell 202 T modem interfaces that connect to the Bell 202 T 4 Wire modem interface of Data Communication Equipment and transports their serial communication over IP & MPLS Packet networks. This conversion facilitates a cost effective path for Utility and Pipeline industries to migrate their SCADA communication from end of life analog circuits to Ethernet based LAN/WAN/MAN wired and wireless networks.
| ||
| ||
.
| ||
Asynchronous Serial Over IP Asynchronous characters with 5 to 8 data bits, a baud rate 1.2 kilobits, 1 or 2 stop bits, and with or without parity are efficiently encapsulated into IP packets. The latency is controlled by setting the maximum number of consecutive async characters per IP packet. | ||
SCADA Protocol Transparency | ||
IP•Tube CEP 202 T Standard Features | ||
Dual LAN Interfaces Assured Delivery Protocol In order to assure high quality communications over links with intermittent or noisy performance, such as Wireless, the IP•Tube CEP 202T employs Engage’s robust Assured Delivery Protocol with the following benefits:
| ||
IP•Tube CEP 202T Optional Features | ||
Protector OPTION -PRO The protector option utilizes the second LAN interface as a redundant path for the interconnection of the IP encapsulated Bell 202 T data. The extension of the Bell 202T has a fault tolerant link that is configured to always on, or with switch over criteria. |
Applications
SCADA
The volume application for the IP•Tube CEP 202T is the conversion of legacy serial communication interfaces of Utility SCADA systems from leased telco circuits to IP and MPLS packet services.
Legacy Utility SCADA installations utilize technology that was designed decades ago. Many substations have proprietary or bit orientated SCADA communication protocols that require the constant delay of circuits.
Engage adapted our Serial Circuit Emulation technology to facilitate the transparent transport of Serial SCADA over packet networks and to comply with the unique Utility industry specifications required by NERC. NERC is the Electric Reliability Corporation for North America, subject to oversight by the Federal Energy Regulatory Commission and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system.
A NERC reliability standard mandates that SCADA systems have Data Center Front End redundancy. The IP•Tube CEP RS232 at the Substations support from 1 to 4 Data Center redundant and diversely routed connections.
NERC -CIP mandates control center redundancy. RTUs must be accessible from, and be able to connect to, multiple control centers.IP•Tube CEP continuously monitors connectivity to the active control center and automatically switches to the active backup control center (1 to 4 supported).
|
NERC is committed to protecting the bulk power system against cybersecurity compromises that could lead to misoperation or instability. Engage incorporated a sophisticated locked-down embedded Linux based management module into the IP•Tube CEP that exceeds the NERC -CIP cybersecurity standards and is upgradeable to support future standards.
Management module isolates management and data plane functionality with the use of two separate processors modules. Management processor access is limited to encrypted sessions via SSH, or SNMPv3, that employ AES 256 bit keys and sophisticated NIST passwords. These sessions may be established after authentication via TACACS+.
The independent Linux based management plane of the IP•Tube CEP ensures Critical Infrastructure Data is isolated from management network access. The Management Module uses internal serial ports to connect to the Data Plane processor. Administration and User Logs are available with Syslog.
The IP•Tube CEP installations achieve NERC CIP compliance with a combination of internal and external functions.
Internally the Management Module software has the sophistication to implement comprehensive policies and privileges for administrator and user accounts. Administrator policy includes removal, disabling or renaming.
Interoperability with external functions such as Syslog, Network Timing Protocol TACACS+ and RADIUS with its support for RSA SecureID delivers trusted compliance.
Electronic Security Perimeter
The IP•Tube CEP in combination with industry standard services meets the Electronic Security Perimeter's NERC CIP-005 specifications. In addition Control Plane isolation from the Data plane provides a higher level of security for the Cyber Assets.
CIP-005 Requirement | IPTube CEP Solution | |
R2.1 - Deny Access by Default | • Accounts must be created to allow access | |
R2.2 - Enable only needed ports | • Each Port may be enabled or disabled | |
R2.4 - Strong Technical Controls | • RSA's SecureID two-factor Authentication | |
R3.2 - Unauthorized Access | • Alert messages via Syslog, RADIUS or TACACS+ | |
R5.3 - Access Logging | • Syslog of Access and Command interactions |
System Security Management
Access control is Authenticated, Authorized and Accounted for with RADIUS or TACACS+.
Security Patches managed proactively.
CIP-007 Requirement | IPTube CEP Solution |
R2.1-3 - Ports and Services | • Unused Serial Ports and Services are disabled |
R3 - Security Patch Management | • Kernel and application upgrade alerts |
R5.3 - Secure Passwords | • Require minimum length, strength, frequency |
R6.4 - Security Status Logs | • Syslog and AAA via TACACS+ |
MultiDrop
In order to minimize the number of analog telephone circuits required to connect Data Center Front End SCADA controllers to Substation Remote Terminal Units Multi-Drop communication protocol was implemented. The CEP Multi-Drop feature allows a single RS-232 SCADA host connection to communicate with up to 8 remote terminals over a packet based network. The IP•Tube CEP transparently supports Multi-Drop by simultaneously transmitting IP packetized Front End SCADA messages to up to eight remote IP•Tube CEPs. The IP•Tube CEP connected to the addressed RTU detects a control signal and sends the SCADA response back to the Serial interface connected to the Front End polling port.
Technical Specifications
|
How to Order
Ordering Information | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Optional Features | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Protector OPTION -PRO | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The protector option utilizes the second LAN interface as a redundant path for the interconnection of the IP encapsulated CEP 202T data. The extension of the CEP 202T has a fault tolerant link that is configured to always on, or with switch over criteria. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|