The IP•Tube CEP RS232 converts RS232 serial data connections into IP packets, extending the serial data over very cost effective Ethernet or MPLS based LAN/WAN/MAN wired and wireless networks. Synchronous, Asynchronous, Isochronous or HDLC serial data is encapsulated into IP packets. This facilitates the interconnection of Serial Data over IP between Serial Bulk Encryptors (KIV7/OMNI), Data Terminals, Data Acquisition Systems, WAN Routers and Bridges and SCADA RTUs.
Layer 1 with Isochronous Support
Asynchronous Over IP
HDLC Over IP
SCADA Protocol Transparency
IP•Tube CEP Management
IP•Tube CEP isolates management and data plane functionality with the use of two separate processors modules. Management processor access is limited to encrypted sessions via SSH or SNMPv3, that employ AES 256 bit keys and sophisticated NIST passwords. These sessions may be established after authentication via TACACS+, RADIUS and two factor authenticated with RSA SecurID.
The independent Linux based management plane of the IP•Tube CEP ensures Critical Infrastructure Data is isolated from management network access. The Management Module uses internal serial ports to connect to the Data Plane processor.
Administration and User Logs are available with Syslog.
IP•Tube CEP RS232 Standard Features
Three LAN Interfaces
Assured Delivery Protocol
WAN Data Over IP
|The IP•Tube CEP RS232 provides a transparent bandwidth regulated IP Tunnel for interconnecting remote Networks. With the IP•Tube CEP RS232 WAN security provisioning, such as firewalling, is maintained. WAN Protocols, such as PPP and Frame Relay, that utilize HDLC framing are encapsulated with HDLC Over IP. Broadband Service providers are able to transport Enterprise Wide Area Network connections with inband management of the Committed Information Rates. The IP•Tube CEP RS232 IP Tunnel can also be utilized as a secondary path for fault tolerant mission critical applications.|
Service Quality Packet Prioritizing
|The IP•Tube CEP RS232 uses the Type of Service byte in the IP packets to prioritize the encapsulated data. The setting of the TOS byte can be used to ensure that the data from the IP•Tube CEP RS232 is ensured high priority.|
|Management of the IP•Tube CEP RS232 is accomplished with a Command Line Interface that is accessed through a Console or Telnet connection. Templates of the most common configuration provide for an Edit and Paste configuration. SNMP MIB I and II support is a standard feature.|
VPN Network Management
The IP•Tube CEP RS232's Management module 10/100BaseT Ethernet interface provides a management port when interconnecting the IP•Tube CEP RS232 through a Virtual Private Network. Each LAN interface of the IP•Tube CEP RS232 features independent IP network configurations.
|IP•Tube CEP RS232 Optional Features|
|The protector option utilizes the second Data Plane LAN interface as a redundant path for the interconnection of the IP encapsulated CEP RS232 data. The extension of the CEP RS232 has a fault tolerant link that is configured to always on, or with switch over criteria.|
Serial Redundancy OPTION -Y
|The Serial Redundancy option is used to switch the RS232 connection to a secondary IPTube in the case of a network or equipment failure maximizing network availability by providing complete hardware redundancy for mission critical applications.|
The volume application for the IP•Tube CEP RS232 is the conversion of legacy serial communication interfaces of Utility SCADA systems from leased telco circuits to IP and MPLS packet services.
Legacy Utility SCADA installations utilize technology that was designed decades ago. Many substations have proprietary or bit orientated SCADA communication protocols that require the constant delay of circuits.
Engage adapted our Serial Circuit Emulation technology to facilitate the transparent transport of Serial SCADA over packet networks and to comply with the unique Utility industry specifications required by NERC. NERC is the Electric Reliability Corporation for North America, subject to oversight by the Federal Energy Regulatory Commission and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system.
NERC -CIP mandates control center redundancy. RTUs must be accessible from, and be able to connect to, multiple control centers.IP•Tube CEP continuously monitors connectivity to the active control center and automatically switches to the active backup control center (1 to 4 supported).
NERC is committed to protecting the bulk power system against cybersecurity compromises that could lead to misoperation or instability. Engage incorporated a sophisticated locked-down embedded Linux based management module into the IP•Tube CEP that exceeds the NERC -CIP cybersecurity standards and is upgradeable to support future standards.
The independent Linux based management plane of the IP•Tube CEP ensures Critical Infrastructure Data is isolated from management network access. The Management Module uses internal serial ports to connect to the Data Plane processor. Administration and User Logs are available with Syslog.
The IP•Tube CEP installations achieve NERC CIP compliance with a combination of internal and external functions.
Internally the Management Module software has the sophistication to implement comprehensive policies and privileges for administrator and user accounts. Administrator policy includes removal, disabling or renaming.
Interoperability with external functions such as Syslog, Network Timing Protocol and TACACS+ with its support for RSA SecureID delivers trusted compliance.
Electronic Security Perimeter
System Security Management
Access control is Authenticated, Authorized and Accounted for with TACACS+.
Security Patches managed proactively.
In order to minimize the number of analog telephone circuits required to connect Data Center Front End SCADA controllers to Substation Remote Terminal Units Multi-Drop communication protocol was implemented.
The CEP Multi-Drop feature allows a single RS-232 SCADA host connection to communicate with up to 8 remote terminals over a packet based network
The IP•Tube CEP transparently supports Multi-Drop by simultaneously transmitting IP packetized Front End SCADA messages to up to eight remote IP•Tube CEPs.
The IP•Tube CEP connected to the addressed RTU detects a control signal and sends the SCADA response back to the Serial interface connected to the Front End polling port.