M2M Remode_access
General Communications Architecture
The Transformer Substations monitor the distributed MCUs using the Gridkey Protocol implemented over TCP/IP (PRIME). TCP/IP Prime Modems are installed at the Substations and at each remote MCU location.
Communications from the Transformer Substation to central server is based on GPRS.
A central M2M Gateway manages both security and routing between any configured VPN tunnels.
A number of options are available for the locations of the central M2M Gateway. These options are discussed later.
Communications Protocols
A number of different protocols are used to link the different sub-systems with the project architecture.
Gridkey Protocol :- this is used to link the MCUs to the USP-020 in the Transformer Substation.
DNP3.0 :- This is used to exchange information between he USP-020 and the TapCon Controller.
IEC870-104 :- All information exchange between the Transformer Substation and the Central HMI/Visualisation is based on the IEC-104 Protocol.
General M2M Set-up Requirements
At it's minimum the M2M Gateway requires these settings
One public IP address for M2M Gateway
SSH port (default 22) unblocked for incoming connections to M2M Gateway from the remote network
The M2M Gateway is recommended to be connected to a DMZ of a firewall. This way the M2M Gateway can have public or private IP address depending on the firewall configuration. When placed in DMZ the firewall protects efficiently against any unauthorized access to the M2M Gateway.
In the minimal configuration only incoming SSH connections are required to have access to DMZ zone. Services other than SSH are optional – however they are required in that case to provide access for monitoring of the HMI and for engineering /configuration purposes.
If the M2M Gateway is located in the DMZ and it has a private IP address the firewall has to support port forwarding or destination network address translation (DNAT).
The Transformer Substations monitor the distributed MCUs using the Gridkey Protocol implemented over TCP/IP (PRIME). TCP/IP Prime Modems are installed at the Substations and at each remote MCU location.
Communications from the Transformer Substation to central server is based on GPRS.
A central M2M Gateway manages both security and routing between any configured VPN tunnels.
A number of options are available for the locations of the central M2M Gateway. These options are discussed later.
Communications Protocols
A number of different protocols are used to link the different sub-systems with the project architecture.
Gridkey Protocol :- this is used to link the MCUs to the USP-020 in the Transformer Substation.
DNP3.0 :- This is used to exchange information between he USP-020 and the TapCon Controller.
IEC870-104 :- All information exchange between the Transformer Substation and the Central HMI/Visualisation is based on the IEC-104 Protocol.
General M2M Set-up Requirements
At it's minimum the M2M Gateway requires these settings
One public IP address for M2M Gateway
SSH port (default 22) unblocked for incoming connections to M2M Gateway from the remote network
The M2M Gateway is recommended to be connected to a DMZ of a firewall. This way the M2M Gateway can have public or private IP address depending on the firewall configuration. When placed in DMZ the firewall protects efficiently against any unauthorized access to the M2M Gateway.
In the minimal configuration only incoming SSH connections are required to have access to DMZ zone. Services other than SSH are optional – however they are required in that case to provide access for monitoring of the HMI and for engineering /configuration purposes.
If the M2M Gateway is located in the DMZ and it has a private IP address the firewall has to support port forwarding or destination network address translation (DNAT).