ipConv/VM

Universal protocol conversion for VMware Workstation and VMware ESXi

  • ipConvVM

    ipConv/VM is a system for universal protocol conversion in virtual machines and enables data transmission between different protocols.

    ipConv/VM is based on ipConv and basically offers the same functionality. Established standard protocols are available for conversion with ipConv/VM for flexible use on existing IT infrastructure. For serial protocol communication ipConv/VM supports the integration of Serial Device Servers.

    Provisioning

    The virtual machine is provided as a downloadable OVA template (Open Virtualization Appliance), which can be opened or imported by supported hypervisors to create new VM instances.

    To run the virtual appliance ipConv/VM, a VMware Workstation (version 11.x or later) or a VMware ESXi host system (version 6.0 or later) is required. For evaluation purposes, ipConv/VM can also be set up with the VMware Workstation Player.

    Licensing

    No USB dongle is needed to license a virtual machine: We provide you with a VM-specific license in form of a license file. Thus, the license is preserved when the VM is moved or migrated. By cloning or copying the VM, the imported license becomes invalid and must be requested again.

    Scope of Supply

    In addition to the bundled software for protocol conversion ipConv/VM, the OVA template comes with our proprietary open source Linux distribution ipLinux, which is preconfigured for optimal interoperability with virtual machines.

    Benefits at a Glance

    • Use of existing IT infrastructure
    • Reduction of physical devices, i.e. operating cost and energy savings
    • Leverage of free resources by consolidating multiple systems
    • Efficient provisioning and administration of virtual machines
      (moving VM instances, live migration)
    • Quick system commissioning
    • Lower maintenance expenditure
Characteristics
    • Security at the highest level
    • Communication between multiple data sources
    • Simultaneous use of diverse protocols
    • User-defined mapping of information
    • Intelligent information processing
    • No programming required
    • Redundancy
Cyber Security
    • Secure access to all administrative services (HTTPS, SSH, SFTP)
    • Role-based access protection with login and password
    • User administration for local users
    • Central user administration via Active Directory (LDAP) and/or RADIUS
    • PKI and Crypto Store for certificate management
    • Creation of self-signed certificates and Certificate Signing Requests (CSRs)
    • Import and export of certificates
    • Configuration of VPN tunnels (OpenVPN and IPsec)
    • Firewall
    • Safeguarded real-time Linux operating system
    • IEC 62351-3 TLS protection for IEC 60870-5-104, IEC 61850, DNP 3.0, TASE.2 protocol stacks
Network Features
    • Assigning multiple IP addresses to one physical Ethernet interface
    • Network management using an integrated SNMP agent
    • NTP based clock synchronization
    • HTTPS/SSH/SFTP access
    • DHCP
    • Bonding
    • PRP
    • VLAN
Configuration
  • System configuration is completely executed in a web browser. No other special configuration tools are required, a normal notebook with a network interface card and web browser are all that is needed.

    ipConv in its current version 4 enables encrypted communication between web server and browser via the HTTPS protocol.

    ipConv main menu

    The main menu provides access to all relevant functions of ipConv, showing the overall system status at a glance.

    The following functions are available:

    • Switching operating mode OPERATIONAL (unattended station) or MAINTENANCE (allows full access to all ipConv functions)
    • Backup and restore the complete configuration
    • License management (ADMIN)
      Installation of (DEMO-) licenses, (un-) limited and (un-) restricted licenses
    • Software upgrade (ADMIN)
    • Import configuration information from tables
      The Excel file can be imported directly (Supported formats: .xlsx, .xlsm, .csv)
    • Edit configuration parameters
    • Release and versioning of a station configuration
    • Start up and stop the system
    • Access diagnostic data (see also diagnostics)
    • Access process image and data simulation (see also simulation)
    • Creation of own logbooks
      Changes of normalized information are selectively documented in configurable logbooks for tracing or logging reasons over a period of time.
    • Access current logfiles (see also logging)

    The following example shows the configuration of a protocol stack (here   IEC 60870-5-101, Master). All parameters are shown with their configured values, relevant measurement units, and short descriptions.
    A parameter value can be changed by clicking on the parameter name. A detailed description is also shown, if available. The entered value is checked for the permissible value range, or a selection list offers a pre-selection of permissible values.

    ipConv protocol stack configuration

    Only relevant parameters are displayed, for instance, if the link layer type is set to "unbalanced", only the corresponding parameters are shown.

    ipConv enables fast and efficient processing of large volumes of data points by allowing data import from tables. These tables are based on templates and may be processed with various spreadsheet programs, such as Microsoft Excel. The extended use of formulae minimizes the data volume, substantially reducing the number of errors.

    ipConv datapoint table import

Diagnostics
  • With protocol converters it is essential that the state of all interfaces can be determined at a glance. This is all the more important, if the available personnel at the facility does not have particular knowledge of the system.

    The diagnostic data can be accessed with the DIAGNOSTICS button in the main menu. The most important information is provided subdivided and in plain text with time stamps. Colored highlights indicate whether a state is OK or not.

    ipConv diagnostics

    You can configure the type of information, descriptions and colors.

    Plain messages, measured values, and also control commands, such as a button for initiating a general poll, can be shown.

Logging
  • With all communication applications, it is always essential to know which data is transmitted via the protocol and how the data is converted from one protocol to another. And it is even more important when problems occur with transmission. ipConv features logging and archiving functions for all data traffic.

    ipConv allows you to keep track of the system state and information flow inside the converter by recording and archiving all information passing through a module for a given time period. This data can be recorded:

    • All data to/from ipConv sent and received via the relevant communication module
    • System messages, i.e. connection abortion, communication error messages etc.
    • Configuration and software error messages
    ipConv data logging

    The range of data recorded is defined by the logging level. This can be changed dynamically (at runtime) or statically (in the configuration) for each module.

    The logging level defines the representation format for the sent or received information. Data can be represented either in hexadecimal code or in decoded, symbolic form or both. This example shows the content of a logfile generated from an IEC 60870-5-101, Master protocol stack.

    Data is stored directly in the easy to read ASCII format. Logfiles can be displayed, searched, or downloaded for offline diagnosis via the web interface.

    All recorded data is archived cyclically, enabling you to keep track of communication over a period of days or even weeks (depending on the data volume).

    29.01.20 11:38:15 IECAppl3 communication with link layer established !
    29.01.20 11:38:15 cid=1 open !
    29.01.20 11:38:15 cid=3 open !
    29.01.20 11:38:15 cid=4 open !
    29.01.20 11:38:15 cid=1 connected !
    29.01.20 11:38:15 CA=1: starting GI ...
    (2): << 15.473 [1] C_IC_NA_1 SQ=0 NUM=1 T=0 P/N=0 CT=<act> ORG=<0> CA=<65535>
                   0: QOI=<14> 
    29.01.20 11:38:15 CA=2: starting GI ...
    (2): >> 15.526 [1] M_DP_TB_1 SQ=0 NUM=4 T=0 P/N=0 CT=<spon> ORG=<0> CA=<1>
                 115: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.980 STD> 
                 116: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.980 STD> 
                 117: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.981 STD> 
                 118: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.981 STD> 
    (2): >> 15.527 [1] M_ME_NA_1 SQ=0 NUM=4 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
                 142: NVA=<27944> QDS=<OK> 
                 143: NVA=<27968> QDS=<OK> 
                 144: NVA=<28013> QDS=<OK> 
                 145: NVA=<28095> QDS=<OK> 
    (2): >> 15.527 [1] M_DP_TB_1 SQ=0 NUM=1 T=0 P/N=0 CT=<spon> ORG=<0> CA=<1>
                 114: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:06.982 STD> 
    (2): >> 15.527 [1] M_ME_NC_1 SQ=0 NUM=2 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
                 135: SFP=<267> QDS=<OK> 
                 136: SFP=<140> QDS=<OK> 
    (2): >> 15.527 [1] M_SP_TB_1 SQ=0 NUM=1 T=0 P/N=0 CT=<spon> ORG=<0> CA=<133>
             7750142: SIQ=<OFF Q=OK> BT7=<29.01.20 11:38:07.430 STD> 
    29.01.20 11:38:15 ERROR: ASDU from CA=133, unknown CA or received on unexpected connection !
    (2): >> 15.527 [1] M_DP_TB_1 SQ=0 NUM=2 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
                 118: DIQ=<ON   Q=OK> BT7=<29.01.20 11:38:07.981 STD> 
                 119: DIQ=<ON   Q=OK> BT7=<29.01.20 11:38:07.981 STD>
    (2): >> 15.527 [1] M_ME_NC_1 SQ=0 NUM=3 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
                 137: SFP=<120> QDS=<OK> 
                 138: SFP=<226> QDS=<OK> 				 
    		
Simulation
  • ipConv is capable of representing and simulating all signals in a simple project-specific form, a functionality which is particularly useful for signal tests during commissioning. This greatly facilitates tracking down wiring and configuration errors.

    All data points can be shown in a hierarchical form defined by the configuration. Names, nesting depth and signal range can be freely chosen and configured for each project. This enables personnel not familiar with ipConv or the relevant protocol to access information.

    testing signals, data and control commands with ipConv

    The signal name, information type, value, quality identifier and time stamp (if available) are shown.

    At the same time, data and commands can be simulated directly in the web browser. This functionality is very useful, if only one communication partner is connected (control station or RTU). Pretests can thus eliminate most configuration errors, even if the complete communication path is not yet available.

Redundancy
  • To meet even increased security requirements, ipConv/VM is fully capable of redundancy in combination with a second device.

    • Line redundancy
    • Information redundancy
    • Device redundancy (hot-standby, parallel operation)

    With redundant protocol converters, reliability can be ensured, based on the "hot standby" principle. At any one time only one device assumes the active role, while the passive device monitors the active one and takes the initiative if it fails.
    This minimizes downtime due to maintenance work or component and interface outages, for example.

    redundancy with ipConv/VM

    The adjacent figure shows the Ethernet based redundancy coupling with ipConv/VM.

Further Information
Flyer
Available Protocol Stacks

BACnet, Client

BACnet, Server

Database, Client

DNP V3.00, Master

DNP V3.00, Slave

ELCOM-90 Initiator, Client

ELCOM-90 Responder, Server

Simatic Fetch/Write, Master

IEC 60870-5-101, Master

IEC 60870-5-101, Slave

IEC 60870-5-104, Master

IEC 60870-5-104, Slave

IEC 61850, Client

IEC 61850, Server

MQTT, Publisher

MQTT, Subscriber

Modbus, Master

Modbus, Slave

Modbus TCP/IP, Master

Modbus TCP/IP, Slave

OPC DAXML 1.01, Server

OPC UA 1.02, Client

OPC UA 1.02, Server

S7 Protocol, Client

SNMP, Client

TASE.2, Client

TASE.2, Server