IP-Tube CEP RS232
IP•Tube RS232 CEP

Serial Data Over IP MPLS Ethernet

• LAN Network Interface
• Interface Control Signal Extension
• RS232 Over IP Protocol
• CEP management

Image is not available
SIZE
9" (L) x 7.3” (W) x 1.5” (H)
Rack Mount and Power Options
Image is not available

Rack Mount and Power Supply Options

Serial 4 Port Backplate VDC
Image is not available

Rear Panel: 4-Port with 12/30 VDC/AC Adapter Power (option)

Serial 2 Port Back Panel VDC
Image is not available

Rear Panel: 2-Port with 12/30 VDC/AC Adapter Power (option)

Serial 2 Port Back Panel -48
Image is not available

Rear Panel: 2-Port with Negative 48VDC power (option)

previous arrow
previous arrow
next arrow
next arrow

IP•Tube CEP RS232

Serial Data Over IP MPLS Ethernet

IP•Tube CEP RS232

Serial Data Over IP MPLS Ethernet

- LAN Network Interface -
- Interface Control Signal Extension -
- RS232 Over IP Protocol -
- CEP management -

Product Image

SIZE

9" (L) x 7.3” (W) x 1.50” (H)

Overview

The IPTube CEP RS232 converts RS232 serial data connections into IP packets, extending the serial data over very cost effective Ethernet or MPLS based LAN/WAN/MAN wired and wireless networks. Synchronous, Asynchronous, Isochronous or HDLC serial data is encapsulated into IP packets. This facilitates the interconnection of Serial Data over IP between Serial Bulk Encryptors (KIV7/OMNI), Data Terminals, Data Acquisition Systems, WAN Routers and Bridges and SCADA RTUs.

Layer 1 with Isochronous Support

In Layer 1 operating mode every bit is encapsulated into an IP packet. The size and frequency of the IP packets can be set with data bit rates from 75 bits to 256 kilobits per second. Isochronous serial protocols, such as Conitel, are transported synchronously to maintain message alignment. A configured number of incoming packets are buffered in order to compensate for the packet delivery jitter introduced by the network. The size of the Tube bit buffer is configurable to accommodate the peak amount of jitter.

Asynchronous Over IP

Asynchronous characters from the RS232 interface with 5 to 8 data bits, baud rates from 1.2 to 38.4 kilobits, 1 or 2 stop bits that are with or without parity are efficiently encapsulated into IP packets. The encapsulation supports block mode transfers to minimize the bandwidth required. Additionally the latency is controlled by setting the Tube Bytes per packet.

HDLC Over IP

In Layer 2 operating mode HDLC Data frames, such as those used by Wide Area Networking protocols PPP and Frame Relay or proprietary Data Links, are transported within IP packets as HDLC over IP. The Serial to Packet conversion only occurs when HDLC frames are active.

SCADA Protocol Transparency

The IPTube CEP RS232 transports Bit or Byte orientated SCADA protocols transparently because of its unique TDM circuit emulation capability. RTU transmit data is encapsulated into IP packets at 64,000 samples per second and de-encapsulated at the far end at the same rate, ensuring properly timed RTU SCADA message delivery. 

SCADA Protocol Transparency Diagram

IP•Tube CEP Management

IPTube CEP isolates management and data plane functionality with the use of two separate processors modules. Management processor access is limited to encrypted sessions via SSH or SNMPv3, that employ AES 256 bit keys and sophisticated NIST passwords. These sessions may be established after authentication via TACACS+, RADIUS and two factor authenticated with RSA SecurID.

The independent Linux based management plane of the IPTube CEP ensures Critical Infrastructure Data is isolated from management network access. The Management Module uses internal serial ports to connect to the Data Plane processor.

Administration and User Logs are available with Syslog.

IP•Tube CEP RS232 Standard Features

Three LAN Interfaces

All IPTube CEP RS232 models ship with three 10/100BaseT
Ethernet LAN ports. The Ethernet interfaces provide for:

  • Management interface
  • Two Data Plane LAN interfaces for redundant connections
  • Protector Option for Redundant Packet Path connections with Constant or Switch Over Criteria

Assured Delivery Protocol

In order to assure high quality communications over links with intermittent or noisy performance, such as Wireless, the IPTube CEP RS232 employs Engage’s robust Assured Delivery Protocol with the following benefits:

  • Packet out of sequence detection and re-sequencing
  • Duplicate skipping
  • Lost packet retransmissions with configured delay

WAN Data Over IP

The IPTube CEP RS232 provides a transparent bandwidth regulated IP Tunnel for interconnecting remote Networks. With the IPTube CEP RS232 WAN security provisioning, such as firewalling, is maintained. WAN Protocols, such as PPP and Frame Relay, that utilize HDLC framing are encapsulated with HDLC Over IP. Broadband Service providers are able to transport Enterprise Wide Area Network connections with inband management of the Committed Information Rates. The IPTube CEP RS232 IP Tunnel can also be utilized as a secondary path for fault tolerant mission critical applications.

Service Quality Packet Prioritizing

The IPTube CEP RS232 uses the Type of Service byte in the IP packets to prioritize the encapsulated data. The setting of the TOS byte can be used to ensure that the data from the IPTube CEP RS232 is ensured high priority.

Management

Management of the IPTube CEP RS232 is accomplished with a Command Line Interface that is accessed through a Console or Telnet connection. Templates of the most common configuration provide for an Edit and Paste configuration. SNMP MIB I and II support is a standard feature.

VPN Network Management

The IPTube CEP RS232's Management module 10/100BaseT Ethernet interface provides a management port when interconnecting the IPTube CEP RS232 through a Virtual Private Network. Each LAN interface of the IPTube CEP RS232 features independent IP network configurations.  

Protector Option

The protector option utilizes the second Data Plane LAN interface as a redundant path for the interconnection of the IP encapsulated CEP RS232 data. The extension of the CEP RS232 has a fault tolerant link that is configured to always on, or with switch over criteria.

Serial Redundancy Option -Y

The Serial Redundancy option is used to switch the RS232 connection to a secondary IPTube in the case of a network or equipment failure maximizing network availability by providing complete hardware redundancy for mission critical applications.

Applications

Utility SCADA

The volume application for the IPTube CEP RS232 is the conversion of legacy serial communication interfaces of Utility SCADA systems from leased telco circuits to IP and MPLS packet services.

Legacy Utility SCADA installations utilize technology that was designed decades ago.  Many substations have proprietary or bit orientated SCADA communication protocols that require the constant delay of circuits.

Engage adapted our Serial Circuit Emulation technology to facilitate the transparent transport of Serial SCADA over packet networks and to comply with the unique Utility industry specifications required by NERC.  NERC is the Electric Reliability Corporation for North America, subject to oversight by the Federal Energy Regulatory Commission and governmental authorities in Canada.  NERC’s jurisdiction includes users, owners, and operators of the bulk power system.

A NERC reliability standard mandates that SCADA systems have Data Center Front End redundancy.  The IPTube CEP RS232 at the Substations support from 1 to 4 Data Center redundant and diversely routed connections. 

Utility SCADA Diagram

NERC -CIP mandates control center redundancy. RTUs must be accessible from, and be able to connect to, multiple control centers. IPTube CEP continuously monitors connectivity to the active control center and automatically switches to the active backup control center (1 to 4 supported).

  • Meets NERC mandates for control center redundancy
  • Preserves investment in RTU and Central site SCADA
  • Facilitates control center redundancy with IP flexibility
  • Supports up to four redundant control centers
  • Redundant and diverse connectivity

NERC is committed to protecting the bulk power system against cybersecurity compromises that could lead to misoperation or instability.  Engage incorporated a sophisticated locked-down embedded Linux based management module into the IPTube CEP that exceeds the NERC -CIP cybersecurity standards and is upgradeable to support future standards.

Management module isolates management and data plane functionality with the use of two separate processors modules. Management processor access is limited to encrypted sessions via SSH, or SNMPv3, that employ AES 256 bit keys and sophisticated NIST passwords. These sessions may be established after authentication via TACACS+.

The independent Linux based management plane of the IPTube CEP ensures Critical Infrastructure Data is isolated from management network access. The Management Module uses internal serial ports to connect to the Data Plane processor.  Administration and User Logs are available with Syslog.

NERC CIP 05 IP-Tube CEP RS232 Compliant Operation

The IPTube CEP installations achieve NERC CIP compliance with a combination of internal and external functions.

Internally the Management Module software has the sophistication to implement comprehensive policies and privileges for administrator and user accounts. Administrator policy includes removal, disabling or renaming.

Interoperability with external functions such as Syslog, Network Timing Protocol and TACACS+ with its support for RSA SecureID delivers trusted compliance.

Electronic Security Perimeter
The IPTube CEP in combination with industry standard services meets the Electronic Security Perimeter's NERC CIP-005 specifications.  In addition Control Plane isolation from the Data plane provides a higher level of security for the Cyber Assets.

CIP-005 Requirement

IPTube CEP Solution

R2.1 - Deny Access by Default

Accounts must be created to allow access

R2.2 - Enable only needed ports

Each Port may be enabled or disabled

R2.4 - Strong Technical Controls

RSA's SecureID two-factor Authentication

R3.2 - Unauthorized Access

Alert messages via Syslog or TACACS+

R5.3 - Access Logging

Syslog of Access and Command interactions

CIP-005 Requirement & IP•Tube CEP Solutions

R2.1 - Deny Access by Default

Solution: Accounts must be created to allow access

R2.2 - Enable only needed ports

Solution: Each Port may be enabled or disabled

R2.4 - Strong Technical Controls

Solution: RSA's SecureID two-factor Authentication

R3.2 - Unauthorized Access

Solution: Alert messages via Syslog or TACACS+

R5.3 - Access Logging

Solution: Syslog of Access and Command interactions

System Security Management

Access control is Authenticated, Authorized and Accounted for with TACACS+.

Security Patches managed proactively.

CIP-007 Requirement

IPTube CEP Solution

R2.1-3 - Ports and Services

Unused Serial Ports and Services are disabled

R3 - Security Patch Management

Kernel and application upgrade alerts

R5.3 - Secure Passwords

Require minimum length, strength, frequencyRequire minimum length, strength, frequency

R6.4 - Security Status Logs

Syslog and AAA via TACACS+

CIP-007 Requirement & IP•Tube CEP Solutions

R2.1-3 - Ports and Services

Solution: Unused Serial Ports and Services are disabled

R3 - Security Patch Management

Solution: Kernel and application upgrade alerts

R5.3 - Secure Passwords

Solution: Require minimum length, strength, frequencyRequire minimum length, strength, frequency

R6.4 - Security Status Logs

Solution: Syslog and AAA via TACACS+

MultiDrop

In order to minimize the number of analog telephone circuits required to connect Data Center Front End SCADA controllers to Substation Remote Terminal Units Multi-Drop communication protocol was implemented. 

The CEP Multi-Drop feature allows a single RS-232 SCADA host connection to communicate with up to 8 remote terminals over a packet based network.

The IPTube CEP transparently supports Multi-Drop by simultaneously transmitting IP packetized Front End SCADA messages to up to eight remote IPTube CEPs

The IPTube CEP connected to the addressed RTU detects a control signal and sends the SCADA response back to the Serial interface connected to the Front End polling port.

NERC CIP 05 IP-Tube CEP RS232 Compliant Operation

Specifications

LAN Network Interface
  • LAN1/LAN2:Two Data Plane 10/100 Base T
  • MLAN: Control Plane 10/100 Base T
LAN Network Protocols Supported
  • IP, TCP, UDP, ICMP, Telnet, DHCP, DDNS, SSH
  • Network Time Protocol - NTPRS232 Interfaces:
  • 1-4 Sync/HDLC/Async, DCE/DTE RS232: 1 to 2 DB25M; DB60F connector supports 1 to 2 RS232s with DB25M adaptor cables
  • DTR Controllable Transmission
  • CD Reception IndicatorRS232 Interface Clocking:
  • Synchronous : 75 bits to 256 kiloabits per seconds
  • Asynchronous : 2.4/4.8/9.6/19.2/38.4 Kilobits per second
RS232 Interface Control Signal Extension
  • Full On Emulation of DCE to DTE control signals: DTR; DSR; RTS; CTS
RS232 Over IP Protocol
  • TDM Over IP
  • Circuit Extension Services Over IP
     
  • HDLC Over IP
  • Multi-Drop: 2 to 8
WAN Network Protocols Supported
  • HDLC, SDLC, PPP, Frame Relay SCADA Protocols Supported:
     
  • Conitel, Modbus, DNP, Proprietary, Bit or Byte, AutoBaud
Regulatory
  • CE
  • Safety -IEC60950
  • EMC - CFR 47 Part 15 Sub Part B:2002, EN55022: 1994 + A1 & A2, EN55024, ICES-003 1997, CISPR 22 Level A
Management
  • Secure Socket Shell - SSH V2 - Session Encryption
  • Centralized Authentication, Authorization and Accounting
       - TACACS+, RADIUS, Two Factor Authentication
  • Syslog with NTP Time Stamping
  • Console Port for Out of Band Management
  • SNMP V3 Public and Private MIB support with configured traps
Quality of Service Support
  • IP Type of Service (TOS) CLI configurable
  • IANA Registered UDP Port 3175
  • 802.1p/q mac level prioritization
Dimensions
  • 9" (L) x 7.3” (W) x 1.50” (H)
Environmental
  • 0° to 132° F (-10° to 50°C ) operating temperature
  • Up to 90% operating humidity (non-condensing)
  • Optional Extended Temperature Range available
Power
  • 12-30 VDC
  • Screw Locking Connector 
  • Universal Adapter 100/240 VAC 50/60 Hz
  • Optional -48V 0.25 Amp
  • Hot Standby

Ordering Information

Chassis Slot Card: IP-Tube CEP RS232

Rack Mount & Power Supply Options:

BlackGate RS232 Rear
BlackGate RS232 Rear

Part No.

Description

CEP-040-2232-0x*

IP•Tube CEP RS232, *Note: x = Number of specified RS232 Ports enables (1 to 4)

CEP-CH-040-2232-0x*

Chassis Slot Card: IP•Tube CEP RS232 *Note: x = Number of specified RS232 Ports enables (1 to 4)

Optional Features

Optional Features

-Y

Serial Redundancy, Complete hardware redundancy

PRO

Protector Option, Fault Tolerant Network Interconnect. The protector option utilizes the second LAN interface as a redundant path for the interconnection of the IP encapsulated data. The extension of the IP-Tube has a fault tolerant link that is configured to always on, or with switch over criteria.  Learn more.

Power Supply Options

Power Supply Options

094-2418

90-220 VAC Universal International/Domestic Adapter

094-2418-R

DUAL REDUNDANT, 90-220 VAC Adapter

094-N48V

Internal Power Module, -48 VDC Screw Terminals

094-N48V-02

DUAL REDUNDANT, -48 VDC Screw Terminals

094-1500

WIREDC Option, +24 VDC Screw Terminals

094-WIREDC-R

DUAL REDUNDANT, +24VDC

Rack Mount Options

Rack Mount Option

095-1000

Rack Mount Kit - for single 7" products (Fits both 19" and 23" racks)

095-2000

2 unit 19" x 1RU Rack Mount Kit for 7" products

095-3000-RTANG

Right Angle Wall Mount Bracket Kit

So What's Next?

WE’RE READY!

Engage Communication
9565 Soquel Drive. Aptos, CA 95003
This email address is being protected from spambots. You need JavaScript enabled to view it.
This email address is being protected from spambots. You need JavaScript enabled to view it.



Telephone: 1-831-688-1021
Toll Free : 1-877-ENGAGE4
 
 
Designed, Fabricated, and Assembled
in America 
Supported Worldwide