ipConv/Cloud

Universal protocol conversion for the cloud environment or Linux based edge devices

  • ipConv/Cloud

    ipConv/Cloud is a solution for universal protocol conversion in a cloud environment or on edge devices and enables data transmission between different protocols.

    ipConv/Cloud is based on ipConv and basically offers the same functionality except for system related features, like VPN or network configuration. These missing features need to be managed by the user on the system level if required.

    Established standard protocols are available for conversion with ipConv/Cloud for flexible use on existing hardware or in a hosted environment, e.g. a cloud service. For serial protocol communication ipConv/Cloud supports the integration of Serial Device Servers.

    Deployment

    ipConv/Cloud is a software solution which consists of two archive files and can be installed on Linux based devices which meet the defined minimum prerequisites. The application will operate as a systemd service within the Linux environment.

    Hosting on a standard Linux distribution gives you full control over the operating system, enabling you to take full advantage of the powerful tools to run and manage the operating system/host environment. Maintenance and updating of the host system are consequently up to the operator.

    Licensing

    No USB dongle is needed to license an instance of ipConv/Cloud: We provide you with a specific license in form of a license file which is linked to the operating environment/hardware. For virtual instances, the license is preserved when the operating environment is moved or migrated. By cloning or copying the host environment, the imported license becomes invalid and must be requested again.

    Benefits at a Glance

    • High performance through 64-bit architecture
    • Use in cloud-based environments
    • Use of existing hardware
    • Reduction of physical devices, i.e. operating cost and energy savings
    • Leverage of free resources by consolidating multiple systems
    • Efficient deployment and administration (moving instances, live migration)
    • Quick system commissioning
    • Lower maintenance expenditure

    Please visit the ipConv/Cloud Use Cases for some practical examples.

Characteristics
    • Security at the highest level
    • Communication between multiple data sources
    • Simultaneous use of diverse protocols
    • User-defined mapping of information
    • Intelligent information processing
    • No programming required
    • Redundancy
Cyber Security
    • Secure access to all administrative services (HTTPS, SSH, SFTP)
    • Role-based access protection with login and password
    • User administration for local users
    • Support for two-factor authentication 2FA (TOTP, WebAuthn)
    • Central user administration via Active Directory (LDAP) and/or RADIUS
    • PKI and Crypto Store for certificate management
    • Creation of self-signed certificates and Certificate Signing Requests (CSRs)
    • Import and export of certificates
    • IEC 62351-3 TLS protection for IEC 60870-5-104, IEC 61850, DNP 3.0, TASE.2 protocol stacks
Configuration
  • System configuration is completely executed in a web browser. No other special configuration tools are required.

    ipConv in its current version 4 enables encrypted communication between web server and browser via the HTTPS protocol.

    ipConv main menu

    The main menu provides access to all relevant functions of ipConv, showing the overall system status at a glance.

    The following functions are available:

    • Switching operating mode OPERATIONAL (unattended station) or MAINTENANCE (allows full access to all ipConv functions)
    • Backup and restore the complete configuration
    • License management (ADMIN)
      Installation of (DEMO-) licenses, (un-) limited and (un-) restricted licenses
    • Software upgrade (ADMIN)
    • Import configuration information from tables
      The Excel file can be imported directly (Supported formats: .xlsx, .xlsm, .csv)
    • Edit configuration parameters
    • Release and versioning of a station configuration
    • Start up and stop the system
    • Access diagnostic data (see also diagnostics)
    • Access process image and data simulation (see also simulation)
    • Creation of own logbooks
      Changes of normalized information are selectively documented in configurable logbooks for tracing or logging reasons over a period of time.
    • Access current logfiles (see also logging)

    The following example shows the configuration of a protocol stack (here   IEC 60870-5-101, Master). All parameters are shown with their configured values, relevant measurement units, and short descriptions.
    A parameter value can be changed by clicking on the parameter name. A detailed description is also shown, if available. The entered value is checked for permissible value range, or a selection list offers a pre-selection of permissible values.

    ipConv protocol stack configuration

    Only relevant parameters are displayed, for instance, if the link layer type is set to "unbalanced", only the corresponding parameters are shown.

    ipConv enables fast and efficient processing of large volumes of data points by allowing data import from tables. These tables are based on templates and may be processed with various spreadsheet programs, such as Microsoft Excel. The extended use of formulae minimizes the data volume, substantially reducing the number of errors.

    ipConv datapoint table import

Diagnostics
  • With protocol converters it is essential that the state of all interfaces can be determined at a glance. This is all the more important, if the available personnel at the facility does not have particular knowledge of the system.

    The diagnostic data can be accessed with the DIAGNOSTICS button in the main menu. The most important information is provided subdivided and in plain text with time stamps. Colored highlights indicate whether a state is OK or not.

    ipConv diagnostics

    You can configure the type of information, descriptions and colors.

    Plain messages, measured values, and also control commands, such as a button for initiating a general poll, can be shown.

Logging
  • With all communication applications, it is always essential to know which data is transmitted via the protocol and how the data is converted from one protocol to another. And it is even more important when problems occur with transmission. ipConv features logging and archiving functions for all data traffic.

    ipConv allows you to keep track of the system state and information flow inside the converter by recording and archiving all information passing through a module for a given time period. This data can be recorded:

    • All data to/from ipConv sent and received via the relevant communication module
    • System messages, i.e. connection abortion, communication error messages etc.
    • Configuration and software error messages
    ipConv data logging

    The range of data recorded is defined by the logging level. This can be changed dynamically (at runtime) or statically (in the configuration) for each module.

    The logging level defines the representation format for the sent or received information. Data can be represented either in hexadecimal code or in decoded, symbolic form or both. This example shows the content of a logfile generated from an IEC 60870-5-101, Master protocol stack.

    Data is stored directly in the easy to read ASCII format. Logfiles can be displayed, searched, or downloaded for offline diagnosis via the web interface.

    All recorded data is archived cyclically, enabling you to keep track of communication over a period of days or even weeks (depending on the data volume).

    29.01.20 11:38:15 IECAppl3 communication with link layer established !
    29.01.20 11:38:15 cid=1 open !
    29.01.20 11:38:15 cid=3 open !
    29.01.20 11:38:15 cid=4 open !
    29.01.20 11:38:15 cid=1 connected !
    29.01.20 11:38:15 CA=1: starting GI ...
    (2): << 15.473 [1] C_IC_NA_1 SQ=0 NUM=1 T=0 P/N=0 CT=<act> ORG=<0> CA=<65535>
                   0: QOI=<14> 
    29.01.20 11:38:15 CA=2: starting GI ...
    (2): >> 15.526 [1] M_DP_TB_1 SQ=0 NUM=4 T=0 P/N=0 CT=<spon> ORG=<0> CA=<1>
                 115: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.980 STD> 
                 116: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.980 STD> 
                 117: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.981 STD> 
                 118: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.981 STD> 
    (2): >> 15.527 [1] M_ME_NA_1 SQ=0 NUM=4 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
                 142: NVA=<27944> QDS=<OK> 
                 143: NVA=<27968> QDS=<OK> 
                 144: NVA=<28013> QDS=<OK> 
                 145: NVA=<28095> QDS=<OK> 
    (2): >> 15.527 [1] M_DP_TB_1 SQ=0 NUM=1 T=0 P/N=0 CT=<spon> ORG=<0> CA=<1>
                 114: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:06.982 STD> 
    (2): >> 15.527 [1] M_ME_NC_1 SQ=0 NUM=2 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
                 135: SFP=<267> QDS=<OK> 
                 136: SFP=<140> QDS=<OK> 
    (2): >> 15.527 [1] M_SP_TB_1 SQ=0 NUM=1 T=0 P/N=0 CT=<spon> ORG=<0> CA=<133>
             7750142: SIQ=<OFF Q=OK> BT7=<29.01.20 11:38:07.430 STD> 
    29.01.20 11:38:15 ERROR: ASDU from CA=133, unknown CA or received on unexpected connection !
    (2): >> 15.527 [1] M_DP_TB_1 SQ=0 NUM=2 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
                 118: DIQ=<ON   Q=OK> BT7=<29.01.20 11:38:07.981 STD> 
                 119: DIQ=<ON   Q=OK> BT7=<29.01.20 11:38:07.981 STD>
    (2): >> 15.527 [1] M_ME_NC_1 SQ=0 NUM=3 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
                 137: SFP=<120> QDS=<OK> 
                 138: SFP=<226> QDS=<OK> 				 
    		
Simulation
  • ipConv is capable of representing and simulating all signals in a simple project-specific form, a functionality which is particularly useful for signal tests during commissioning. This greatly facilitates tracking down wiring and configuration errors.

    All data points can be shown in a hierarchical form defined by the configuration. Names, nesting depth and signal range can be freely chosen and configured for each project. This enables personnel not familiar with ipConv or the relevant protocol to access information.

    testing signals, data and control commands with ipConv

    The signal name, information type, value, quality identifier and time stamp (if available) are shown.

    At the same time, data and commands can be simulated directly in the web browser. This functionality is very useful, if only one communication partner is connected (control station or RTU). Pretests can thus eliminate most configuration errors, even if the complete communication path is not yet available.

Redundancy
  • To meet even increased security requirements, ipConv/Cloud is fully capable of redundancy in combination with a second instance.

    • Line redundancy
    • Information redundancy
    • Device redundancy (hot-standby, parallel operation)

    With redundant protocol converters, reliability can be ensured, based on the "hot standby" principle. At any one time only one instance assumes the active role, while the passive instance monitors the active one and takes the initiative if it fails.
    This minimizes downtime due to maintenance work or component and interface outages, for example.

    redundancy with ipConv/Cloud

    The adjacent figure shows the Ethernet based redundancy coupling with ipConv/Cloud.

Prerequisites
  • The Linux based environment must meet the following requirements:

    • x86 64-bit architecture
    • systemd environment
    • OpenSSL library, libcrypto ≥ 1.1.1n
    • NCurses library, libncurses5 ≥ 5.7
    • Crypto library, libcrypt1 ≥ 1.44
    • admin and regular user groups
    • open port 22 for SSH access
    • open port 443 for web-based configuration tool

    The resources required for an instance depend on the size of the project:

    • 4 CPU | 8 GB RAM | 4 GB mass storage
      (standard instance for normal and larger projects)
    • 1 CPU | 256 MB RAM | 4 GB mass storage
      (minimum requirement for two protocol stacks and one thousand data points)

    The application ipConv/Cloud was tested on the following Linux image:

    • Canonical, Ubuntu, 20.04 LTS, amd64 focal image build on 2022-06-10, 64-bit (x86)

    The Ubuntu Linux image was picked due to its popularity and does not reflect any technical considerations.

Available Protocol Stacks

BACnet, Client

BACnet, Server

Database, Client

DNP V3.00, Master

DNP V3.00, Slave

ELCOM-90 Initiator, Client

ELCOM-90 Responder, Server

Simatic Fetch/Write, Master

IEC 60870-5-101, Master

IEC 60870-5-101, Slave

IEC 60870-5-104, Master

IEC 60870-5-104, Slave

IEC 61850, Client

IEC 61850, Server

MQTT, Publisher

MQTT, Subscriber

Modbus, Master

Modbus, Slave

Modbus TCP/IP, Master

Modbus TCP/IP, Slave

OPC DAXML 1.01, Server

OPC UA 1.02, Client

OPC UA 1.02, Server

S7 Protocol, Client

SNMP, Client

TASE.2, Client

TASE.2, Server