Cogent Real-Time Systems Inc

CogentDataHubOffersAdvancedTunnellingofProcessData
ByPaulBenfordandRobertMcIlvride,CogentRealTimeSystemsInc.
&ColinWinchester,SoftwareToolbox,Inc.
Intodaysprocesscontrolenvironment,OPCisbecomingtheprotocolofchoice.TherearemanyOPCservers
offeredbycompaniesspecializinginconnectivity,andPLC,DCS,andequipmentmanufacturersoftenofferanOPC
serverinterfaceaspartoftheirproductsuite.ThisallowssoftwarevendorstocreateOPCclientapplicationsthat
easilyaccessrealtimedatafromanypieceofequipmentofferedbyanyvendor.Datafromthefactoryflooris
moreavailablenowthaneverbefore.Accessingthisdataoftenmeansconnectingovercorporateorpublic
networks.
ButnetworkingOPCischallenging.ThenetworkingprotocolforOPCisDCOM,whichwasnotdesignedfor
industrialrealtimedatatransfer.DCOMisdifficulttoconfigure,respondspoorlytonetworkbreaks,andhas
serioussecurityflaws.UsingDCOMbetweendifferentLANs,suchasconnectingbetweenmanufacturingand
corporateLANs,issometimesimpossibletoconfigure.UsingOPCoverDCOMalsorequiresmorenetworktraffic
thansomenetworkscanhandlebecauseofbandwidthlimitations,orduetothehightrafficalreadyonthesystem.
Toovercometheselimitations,Cogentoffersatunnellingsolution,asanalternativetoDCOM,totransferOPC
dataoveranetwork.LetstakeacloserlookathowtunnellingsolvestheissuesassociatedwithDCOM,andhow
theCogentDataHubfromCogentRealTimeSystemsprovidesasecure,reliable,andeasytousetunnelling
solutionwithmanyadvancedfeatures.

MakingConfigurationEasyandSecure
TheDCOMprotocolisdifficulttoconfigure.Eventhemostexperiencednetworkadministratorscanhaveproblems
configuringDCOMnetworking,especiallywhentryingtogettheWindowsloginpermissionsandsecuritysettings
tomatch.PartoftheproblemisthatitisveryhardtofindanydocumentationonDCOM.Evenseasonedpros,
whohavelearnedthehardway,arechallengedwhenWindowsUpdateresetsDCOMoraddsnewsettingsthat
breakaworkingsystem.Mostintegratorsgetaroundtheseproblemsbydefiningverybroadaccesspermissionson
allmachinesinvolved.Inatypicalnetworkenvironment,though,youdonotwanttoconfigureyourcomputers
withlooseaccesspermissions.ThismeansusingDCOMcanactuallycompromiseyournetworksecuritystandards.
Keepingyourproductionnetworkonaclosedsystemhashistoricallybeenonewayofprotectingit,butwiththe
demandstosharedataacrosssystemsthisisbecominglesspractical.Firewallsareusedtoprotectnetworkto
networkdata,butDCOMconfigurationinthesesituationsisevenmoredifficulttogetworking.
TunnellingwiththeCogentDataHubeliminatesDCOMusagebetweenPCsandallofitsconfigurationandsecurity
issues.TheCogentDataHubusestheindustrystandardTCP/IPprotocoltonetworkdatabetweenanOPCserveron
onecomputerandanOPCclientonanothercomputer,thusavoidingallofthemajorproblemsassociatedwith
usingtheDCOMprotocol.

TunnellingdatausingtheCogentDataHub
TheCogentDataHuboffersthistunnellingfeaturebyeffectivelymirroringdatafromoneCogentDataHubrunning
ontheOPCservercomputer,toanotherCogentDataHubrunningontheOPCclientcomputerasshowninthe
imageabove.ThismethodresultsinveryfastdatatransferbetweenCogentDataHubnodes.

Copyright 2011, Cogent Real-Time Systems Inc.

www.cogentdatahub.com

Cogent Real-Time Systems Inc

BetterNetworkCommunication
WhenaDCOMconnectionisbroken,thereareverylongtimeoutdelaysbeforeeithersideisnotifiedofthe
problem,duetoDCOMhavinghardcodedtimeoutperiodswhichcantbeadjustedbytheuser.Inaproduction
system,theselongdelayswithoutwarningcanbeaveryrealproblem.SomeOPCclientsandOPCclienttoolshave
internaltimeoutstoovercomethisoneproblembutthisapproachdoesnotdealwiththeotherissuesdiscussedin
thispaper.
TheCogentDataHubhasauserconfigurableheartbeatandtimeoutfeaturewhichallowsittoreactimmediately
whenanetworkbreakoccurs.Assoonasthishappens,theCogentDataHubbeginstomonitorthenetwork
connectionandwhenthelinkisreestablished,thelocalCogentDataHubautomaticallyreconnectstotheremote
CogentDataHubandrefreshesthedatasetwiththelatestvalues.Systemswithslowpollingratesoverlong
distancelinescanalsobenefitfromtheuserconfigurabletimeout,becauseDCOMtimeoutsmighthavebeentoo
shortforthesesystems.
Wheneverthereisanetworkbreak,itisimportanttoprotecttheclientsystemsthatdependondatabeing
delivered.BecauseeachendofthetunnellingconnectionisanindependentCogentDataHub,theclientprograms
areprotectedfromnetworkfailuresandcancontinuetoruninisolationusingthelastknowndatavalues.Thisis
muchbetterthanhavingtheclientapplicationsloseallaccesstodatawhenthetunnellingconnectiongoesdown.

TheCogentDataHubusesanasynchronousmessagingsystemthatfurtherprotectsclientapplicationsfrom
networkdelays.Inmosttunnellingsolutions,thesynchronousnatureofDCOMispreservedovertheTCPlink.This
meansthatawhenaclientaccessesdatathroughthetunnel,itmustblockwaitingforaresponse.Ifanetwork
erroroccurs,theclientwillcontinuetoblockuntilanetworktimeoutoccurs.TheCogentDataHubremovesthis
limitationbyreleasingtheclientimmediatelyandthendeliveringthedataoverthenetwork.Ifanetworkerror
occurs,thedatawillbedeliveredoncethenetworkconnectionisreestablished.

Cogent DataHub

Other tunnelling products

The Cogent DataHub keeps all OPC transactions local

to the computer, thus fully protecting the client
programs from any network irregularities.

Other products expose OPC transactions to network

irregularities, making client programs subject to
timeouts, delays, and blocking behavior. Link
monitoring can reduce these effects, while the Cogent
DataHub eliminates them.

The Cogent DataHub mirrors data across the

network, so that both sides maintain a complete set of

Other products pass data across the network on a

point by point basis and maintain no knowledge of the

Copyright 2011, Cogent Real-Time Systems Inc.

www.cogentdatahub.com

Cogent Real-Time Systems Inc

all the data. This shields the clients from network breaks
as it lets them continue to work with the last known
values from the server. When the connection is reestablished, both sides synchronize the data set.

current state of the points in the system. A network

break leaves the client applications stuck with no data
to work with.

A single tunnel can be shared by multiple client

applications. This significantly reduces network
bandwidth and means the customer can reduce licensing
costs as all clients (or servers) on the same computer
share a single tunnel connection.

Other tunnelling products require a separate network

connection for each client-server connection. This
increases the load on the system, the load on the
network and increases licensing costs.

Thesefeaturesmakeitmucheasierforclientapplicationstobehaveinarobustmannerwhencommunicationsare
lost,savingtimeandreducingfrustration.Withoutthesefeatures,clientapplicationscanbecomeslowtorespond
orcompletelyunresponsiveduringconnectionlossesorwhentryingtomakesynchronouscalls.

SecuringtheSystem
Recently,DCOMnetworkinghasbeenshowntohaveserioussecurityflawsthatmakeitvulnerabletohackersand
viruses.ThisisparticularlyworryingtocompanieswhonetworkdataacrossInternetconnectionsorotherlinks
outsidethecompany.
Toproperlysecureyourcommunicationchannel,theCogentDataHubofferssecureSSLconnectionsoverthe
TCP/IPnetwork.SSLTunnellingisfullyencrypted,whichmeansthedataiscompletelysafefortransmissionover
opennetworklinksoutsidethecompanyfirewalls.Inaddition,theCogentDataHubprovidesaccesscontroland
userauthenticationthroughtheuseofoptionalpasswordprotection.Thisensuresthatonlyauthorizeduserscan
establishtunnellingconnections.ItisasignificantadvantagehavingthesefeaturesbuiltintotheCogentDataHub,
sinceothermethodsofdataencryptioncanrequirecomplicatedoperatingsystemconfigurationandtheuseof
moreexpensiveserverPCs,whicharenotrequiredforusewiththeCogentDataHub.

AdvancedOPCTunnelling
WhilethereareafewotherproductsonthemarketthatofferOPCtunnellingcapabilitiestoreplaceDCOM,the
CogentDataHubisuniqueinthatitistheonlyproducttocombinetunnellingwithawiderangeofadvancedand
complimentaryfeaturestoprovideevenmoreaddedbenefits.
Significantreductioninnetworkbandwidth
TheCogentDataHubreducestheamountofdatabeingtransmittedacrossthenetworkinatwoways:
1.

Ratherthanusingapollingcycletotransmitthedata,theCogentDataHubonlysendsamessagewhena
newdatavalueisreceived.Thissignificantlyimprovesperformanceandreducesbandwidthrequirements.

2.

TheCogentDataHubcanaggregatebothclientandserverconnections.ThismeansthattheCogent
DataHubcancollectdatafrommultipleOPCserversandsenditacrossthenetworkusingasingle
connection.Ontheclientside,anynumberofOPCclientscanattachtotheCogentDataHubandtheyall
receivethelatestdataassoonasitarrives.ThiseliminatestheneedforeachOPCclienttoconnectto
eachOPCserverusingmultipleconnectionsoverthenetwork.

CombiningTunnellingandAggregationwiththeCogentDataHub

Copyright 2011, Cogent Real-Time Systems Inc.

www.cogentdatahub.com

Cogent Real-Time Systems Inc

NonBlocking
WhileitmayseemsimpleenoughtoreplaceDCOMwithTCP/IPfornetworkingOPCdata,theCogentDataHubalso
replacestheinherentblockingbehaviourexperiencedinDCOMcommunication.Clientprogramsconnectingtothe
CogentDataHubareneverblockedfromsendingnewinformation.SomevendorsofOPCtunnellingsolutionsstill
facethisblockingproblem,eventhoughtheyareusingTCP/IP.
SupportsslownetworkandInternetlinks
BecausetheCogentDataHubreducestheamountofdatathatneedstobetransmittedoverthenetwork,itcanbe
usedoveraslownetworklink.AnyinterruptionsaredealtwithbytheCogentDataHubwhiletheOPCclient
programsareeffectivelyshieldedfromanydisturbancecausedbytheslowconnection.
AccesstodataonnetworkcomputersrunningLinux
AnotheruniquefeatureoftheCogentDataHubisitsabilitytomirrordatabetweenCogentDataHubsrunningon
otheroperatingsystems,suchasLinuxandQNX.ThismeansyoucanhaveyourowncustomLinuxprogramsactas
OPCservers,providingrealtimedatatoOPCclientapplicationsrunningonnetworkedWindowscomputers.The
reverseisalsotrue.YoucanhaveyourLinuxprogramaccessdatafromOPCserversrunningonnetworked
Windowscomputers.

ConnectingOPCtoLinuxusingtheCogentDataHub
Loadbalancingbetweencomputers
TheCogentDataHubalsoofferstheuniqueabilitytobalancetheloadontheOPCservercomputers.Youmayhave
asystemwheremultipleOPCclientsareconnectingtotheOPCserveratthesametime,causingtheserver
computertoexperiencehighCPUloadsandslowerperformance.Thesolutiontothisistomirrordatafromthe
CogentDataHubontheOPCservercomputertoaCogentDataHubonanothercomputerandthenhavesomeof
yourOPCclientsconnecttothissecondmirroredcomputer.ThisreducestheloadontheoriginalOPCserver
computerandprovidesfasterresponsetoallOPCclientcomputers.

LoadBalancingusingtheCogentDataHub

Copyright 2011, Cogent Real-Time Systems Inc.

www.cogentdatahub.com

Cogent Real-Time Systems Inc

AdvancedTunnellingExampleTEVAPharmaceuticals(Hungary)
TEVAPharmaceuticalsinHungaryrecentlyusedtheCogentDataHubtocombinetunnellingandaggregationto
networkOPCdataoverthenetworkandthroughthecompanyfirewall.
LaszloSimonistheEngineeringManagerfortheTEVAAPIplantinDebrecen,Hungary.Hehadaprojectthat
soundedsimpleenough.HeneededtoconnectnewcontrolapplicationsthroughseveralOPCstationstoan
existingSCADAnetwork.TheplantwasalreadyrunninglargeYOKOGAWADCSandGEPLCcontrolsystems,
connectedtoanumberofdistributedSCADAworkstations.However,Mr.Simondidfaceacoupleofinteresting
challengesinthisproject:

TheOPCserversandSCADAsystemswereondifferentcomputers,separatedbyacompanyfirewall.This
makesitextremelydifficulttoconnectOPCoveranetwork,becauseofthecomplexitiesofconfiguring
DCOMandWindowssecuritypermissions.

EachSCADAsystemneededtoaccessdatafromallofthenewOPCserverstations.ThismeantMr.Simon
neededawaytoaggregatedatafromalltheOPCstationsintoasinglecommondatasetoneachSCADA
computer.

UsingtheCogentDataHubtoAggregateandTunnelData
Aftersearchingtheweb,Mr.SimondownloadedandinstalledtheCogentDataHub.Veryquicklyhehadconnected
theCogentDataHubtohisOPCserversanddeterminedthathewasreadingliveprocessdatafromthenewcontrol
systems.HewasalsoabletoeasilysetuptheOPCtunnellinglinkbetweentheOPCserverstationsandtheSCADA
workstations,bysimplyinstallinganotherCogentDataHubontheSCADAcomputerandconfiguringittoconnectto
theOPCserverstations.
"Iwantedtoreduceandsimplifythecommunicationoverthenetworkbecauseofourfirewall.Itwasveryeasy
withtheCogentDataHub."saidMr.Simonafterthesystemwasupandrunning.Currentlyabout7,000pointsare
beingtransferredacrossthenetwork,inrealtime,usingtheCogentDataHub."Inthefuture,theadditional
integrationoftheexistingornewOPCserverswillbewiththeCogentDataHub."
AboutCogentRealTimeSystemsInc.
TheCogentDataHubisdevelopedandmaintainedbyCogentRealTimeSystems.Foundedin1995,Cogentprovides
versatileandreliablemiddlewareproductstoenablerealtimedataintegrationandaccessforindustrial,
embedded,andfinancialsystems.CustomersincludeSiemens,ABB,Honeywell,IBM,GE,Statoil,Goodyear,BASF,
CadburyChocolate,andtheBankofCanada.CogentDataHubandDataHubWebViewareeitherregistered
trademarksortrademarksofCogentRealTimeSystemsInc.inCanada,theUnitedStates,andothercountries.

Copyright 2011, Cogent Real-Time Systems Inc.

www.cogentdatahub.com