1 / 74

Substation Communications

Substation Communications. Southern Company specific applications. Customer Needs and Applications. Customer Needs. Monitoring and control of Mission critical assets In far-flung, remote locations Exposed to harsh environmental, physical, and electrical conditions.

myrnar
Download Presentation

Substation Communications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Substation Communications Southern Company specific applications

  2. Customer Needs and Applications

  3. Customer Needs Monitoring and control of • Mission critical assets • In far-flung, remote locations • Exposed to harsh environmental, physical, and electrical conditions Oil/gas drilling, production, storage, pipeline Upstream and Midstream • SCADA • Ethernet and Serial connectivity • Voice and video • Field office connectivity • Enterprise network access for field crews Distributed generation Remote control locomotive Railyard operations Substation automation Distribution automation Field crew connectivity INDC Wireless Overview

  4. Typical ApplicationsWhat problems are we solving? • AMI Backhaul • C&I Metering • Distribution Line devices • Transmission Line devices • T&D Substations • Reservoir Management • Street Lighting • Gas Metering • Substation Card Readers • Transmission Tower Lighting • Transformer Gas Monitoring • Transformer Bushing Monitor • Wellhead Monitoring • Drilling operations • Pipeline Flow and Pressure • Tank Level Monitoring • Drilling/Construction Camp • Campus Surveillance • Factory Automation • Paper Mills, Rolling Mills • Remote Control Locomotive • Positive Train Control • Distributed Power (rail) • Wastewater Lift Stations • Effluent Monitoring

  5. Edge Equipment • Just about anything with a serial port for SCADA • Any production and automation equipment with an Ethernet port • Most commonly PLCs and RTUs • Cameras • VoIP phones

  6. Enabling the Networks of the Future Industry Trends Orbit Platform Capabilities

  7. Orbit Overview

  8. Orbit & Master Station models Master Station Radio and Power Supply Redundancy Interface with existing vendor systems ECR Edge-Connect Router Single Wireless Channel MCR Multiservice-Connect Router Dual Wireless Channels • or Evolution Module

  9. The MDS Orbit Platform Multiple Wireless Technologies Advanced Networking 100 / 200 / 400 / 700 / 900 MHz Licensed Unlicensed 900MHz ISM Cellular 3G/4G LTE WiFi 2.4 GHz, 7 clients WiFi 2.4/5.8 GHz MIMO, 32+ clients Layer 2 Bridging Layer 3 Routing VLANs and GRE Quality of Service (QoS) DHCP, DNS, NTP And more Comprehensive Cybersecurity Wireless encryption AES-256, key rotation WiFi IEEE 802.11 WPA/WPA2 IPsec VPN Firewall X.509 certificates User authentication (RADIUS…) Role Based Access Control Device authentication Tamper detection Physical/logical port disable Secure boot/firmware FIPS 140-2 Level 2 Network User Multiple Data Interfaces • 10/100 Ethernet • RS232 / RS485 Serial • USB 2.0 Device

  10. GE MDS World Class Ruggedness • 5-year Warranty • Hardened Cast Aluminum Enclosure • IEEE 1613, IEC61850-3 Certified • CSA Class 1, Div. 2 & ATEX Certified • UL 508, UL 1604 • -40 to + 70 C Operating • EN 60079-0:2012, EN60079-15:2010 • Shock: MIL-STD-810F Method 516.5 • Vibration: MIL-STD-810F Method 514.5 • Shock and Vibration: EIA RS374A • Storage Temp: Mil-Std 810F Section 501.4 • IP 40/41 per IEC 60529 for Vertical Falling Water • Power input : 10-60VDC • 4-5 watts average power consumption

  11. Typical Network Topologies • 1 Ethernet • 1 Serial • Opt. WiFi Private Uplink Backhaul ECR Remote With Optional WiFi As a Remote with a Single Uplink MCR AP ControlCenter Backhaul Primary Private Uplink MCR AP • 2 Ethernet • 1 Serial As a Remote with Redundant Uplinks Cellular Backup MCR Remote Backhaul ControlCenter • 1 Ethernet • 1 Serial • Opt. WiFi Cellular or Licensed/ISM Uplink As a Field Area Network Gateway As a Single Unit Repeater ECR SAF Backhaul Backup Path ECR Remotes MCR Gateway/AP ControlCenter

  12. 1 Ethernet • 1 Serial • Opt. WiFi MDS OrbitExample applications and connectivity Ethernet RTU ECR Serial Cellular Backhaul RTU Backup link Orbit Licensed or Unlicensed private radio network Data Center MCR • 2 Ethernet • 1 Serial Field/Maintenance Office • 1 Ethernet • 1 Serial • Opt. WiFi BackhaulEthernet, Cellular, Private Fleet Management Dual Radio Orbit MCR Access Point ECR Wellhead

  13. Powerful Networking and Cybersecurity

  14. Key Selling Points • Rugged and reliable quality • Flexible wireless and local interfaces • Highly secure • Enterprise-grade networking

  15. Comprehensive Portfolio

  16. Comprehensive Solutions for Industrial Wireless Applications Management Tools Wireless Networks Accessories Antennas, RF Kits, Cables, Power Supplies, Filters, & more Licensed, Unlicensed, Cellular, WiFi Enclosures & Custom Designs High Capacity Backhaul Services Maintenance Contracts Provisioning & Configuration System Design Network Architecture Training Technical Support Licensing & Frequency Planning (200, 700 MHz, etc)

  17. GE MDS Master Station Overview • Rackmount design with hot-swappable power supplies and radios for high availability • Leverages the Orbit OS and includes Orbit’s security & networking capabilities • Supports SD radio modules to enable communication to SD and x710 radios • Supports Orbit Licensed Narrowband (LN) QAM radios • Redundant Power Supplies & Radios • In-Service hot-swappable power supplies and radios • Central to migration / evolution of legacy licensed networks • No fans, no moving parts, passive cooling • Optional Internal duplexer

  18. GE MDS Master Station Interior View

  19. Migration with backward compatibility Migration from x790 / x710 to SD to Orbit using backward compatibility modes for seamless transition to Orbit speed, networking, and security

  20. Migration with Evolution Master Migration from x790 / x710 to SD to Orbit using Evolution Master enables transition to Orbit speed, networking, and security

  21. Packaged Models A variety of enclosures are available for custom solutions Enclosures are IP67 weatherproof Order options include battery, charger, and DIN rail mount

  22. Orbit Wireless

  23. Licensed vs Unlicensed vs Semi-Licensed vs Shared Spectrum

  24. The MDS Orbit Platform Multiple Wireless Technologies Advanced Networking 100 / 200 / 400 / 700 / 900 MHz Licensed Unlicensed 900MHz ISM Cellular 3G/4G LTE WiFi 2.4 GHz, 7 clients WiFi 2.4/5.8 GHz MIMO, 32+ clients Layer 2 Bridging Layer 3 Routing VLANs and GRE Quality of Service (QoS) DHCP, DNS, NTP And more Comprehensive Cybersecurity Wireless encryption AES-256, key rotation WiFi IEEE 802.11 WPA/WPA2 IPsec VPN Firewall X.509 certificates User authentication (RADIUS…) Role Based Access Control Device authentication Tamper detection Physical/logical port disable Secure boot/firmware FIPS 140-2 Level 2 Network User Multiple Data Interfaces • 10/100 Ethernet • RS232 / RS485 Serial • USB 2.0 Device

  25. Orbit Cellular Modem Options

  26. Standard IEEE 802.11 b/g/n Speed Up to 54Mbps Operating Modes Access Point, Station Max Clients 7 Number of SSIDs Up to 2 VLAN Mapping Yes MIMO Support No Security WPA/WPA2 PSK, Enterprise authentication, SSID hiding Carrier Power 20dBm Antenna RP-SMA Orbit OS Networking: Routing/bridging/VLAN between Wi-Fi and Ethernet / Serial IP / Cellular / 900MHz ISM Quality of Service support on Egress traffic Firewalling, IPSec VPN, DMVPN WiFi is optional on ECR and MCR models Orbit Radio Technologies: Standard WiFi

  27. Orbit Radio Technologies: Enhanced WiFi • Built for high scalability, long range, high throughput broadband solution using WiFi technology at 2.4GHz and 5GHz • High throughput of 400 Mbps aggregate (air); 80 Mbps routed • High Power RF • 2.4Ghz (20Mhz @MCS0) ~ 25dBm (Aggregate for 2 chains) • 5Ghz (20Mhz @MCS0) ~22dBm (Aggregate for 2 chains) • 2x2 MIMO Radio for better performance • > 30 clients/remotes per AP • AP supports ad-hoc/bridge mode • Mini-PCIe architecture: • MCR: Can be used in conjunction with Licensed, Unlicensed, Cellular radios • ECR: Will be the ONLY radio in the chassis • Targeting production Q1 2018

  28. Orbit Radio Technologies: Licensed Narrowband & Wideband • Orbit High Performance Licensed Radio Technology supported on all models • Patented Media Access Control for optimized, collision-free communications • Support for bi-directional adaptive modulation • LN Licensed Narrowband • Full Frequency coverage (100 MHz/200 MHz /400 MHz /900 MHz /700 MHz) • Modulations: Single Carrier QPSK, 16QAM or 64QAM • Channel Sizes: 12.5, 25, 50 kHz • Data Rates: Up to 60 kbps in 12.5 kHz; Up to 120 kbps in 25 kHz; Up to 240 kbps in 50 kHz • LW Licensed Wideband • Designed for 700MHz band where 1MHz bandwidth typically available • Modulations: Multicarrier OFDM (BPSK, QPSK, 16QAM) • Channel Sizes: 150, 280, and 550 kHz • Data Rates: Up to 300 kbps in 150 kHz; Up to 600 kbps in 280 kHz ; Up to 1200 kbps in 550 kHz

  29. Operates in the 902-928 MHz ISM Band Spreading method FHSS, DTS Occupied Bandwidth 152 to 1320 kHz Modulation 2-level & 4-level GFSK Latency: < 5 msec Configurable Data Rate (with adaptive modulation): 125kbps, 250kbps, 500kbps, 1Mbps, 1.25 Mbps Long Range: > 30 miles depending on modulation & terrain Power Output: 20 dBm to 30 dBm in 1 dB steps Number of Channels: 80 Multiple Topologies: Point-to-Point & Point-to-Multipoint Store-and-Forward tree, up to 8 hops Proprietary, self-healing GE’s patented intelligent MAC Configurable dwell time 10 to 400 msec Dynamic fragmentation Configurable channel blocking Error detection and retransmission Orbit Radio Technologies: Orbit 900Mhz Unlicensed • RF Security Features • All Orbit OS’s security features including firewalling and IPSec VPN can be applied to the 900 MHz NIC card. In addition it supports the following added RF security features: • Three Security (Authentication) Modes • None – Provide no device authentication or data privacy • PSK – Use pre-shared key authentication protocol with passphrase • EAP – Use encapsulated authentication protocol with certificates and AAA server • Three Data Privacy Choices • None – No data privacy • AES128-CCM – Protect data with 128-bit AES encryption using CCM mode • AES265-CCM - Protect data with 256-bit AES encryption using CCM mode

  30. Orbit Networking Details

  31. Routing Overview • What it is: • Full router capability • IPv4 Dynamic routing: OSPF, RIP, EBGP • IPv6* Dynamic routing: OSPF, RIP, EBGP • Static routing with route failover • Latency/packet loss performance based route redundancy • NetMon service for route monitoring and failover triggers • Integrated Routing & Bridging (virtual interfaces) • Where Used, Benefits: • Useful in segmenting large networks in a scalable way • Provides the network awareness and logic for the router to pick the best path to a destination in a multi-path network environment • Enables dynamic redundant paths between source and destination for improved network availability and self-healing • Scalability: provides tools to enable better segmentation and architecting of large scale networks Control Center BackboneBackhaul BackboneBackhaul Local Network AP Remotes Remotes Remotes

  32. Routing Details • Full IPv4 Routing Support for flexibility in design integration and deployments • Static IPv4/IPv6 routing with route failover • NetMon service for route monitoring and failover triggering • Dynamic IPv4 routing with RIPv2, OSPF, E-BGP routing protocols • IPv6 Dynamic Routing & IP Services Support in 2016 • Integrated Routing & Bridging (Layer 3 Switched Virtual Interfaces) 170.2.3.0/24all other routes/Internet 4G radio 1 Local Network 10.10.0.0 Ethernet 55.1.22.0/24 900MHz radio 2

  33. High Availability • What it is: • Capabilities to improve network resiliency and application availability • E.g. multiple paths to a specific destination • Protects against software, radio, router, uplink, backbone failures • Dual Radios (primary, backup) • Virtual Router Redundancy Protocol (VRRP) • Spanning Tree (STP) • Dynamic Routing Redundancy • Static Routing Redundancy • Where Used, Benefits: • Used to improve network uptime at critical sites • Customers may choose to have a primary licensed radio and a backup cellular or vice versa Control Center BackboneBackhaul BackboneBackhaul Redundant Uplinks Local Network AP Remotes Remotes Remotes

  34. High Availability: Dual Radios • Performance-based route redundancy/route failover enable high network availability by allowing multiple backup routes between source and destination. • Backup routes could be individual wireless interfaces, individual wired interfaces (Ethernet), or multiple routes over the same interface Netmon IP service runs on Orbit, and inspects primary route for packet loss, latency (via ICMP) If performance degrades below configured threshold, Orbit switches traffic from primary to backup route to maximize network availability NetMon Service Primary Uplink, Licensed or ISM ApplicationsSerial and/or Ethernet Backup Orbit RemoteAt Critical Site Wireless connection Secure VPN Tunnel Cellular Network Cellular Carrier Network Control Center VPN

  35. High Availability: VRRP, Virtual Router Redundancy Protocol • A High Availability protocol which enables 2 (or more) routers to act as redundant IP Default gateways • Benefits: improves Layer 3 network availability • Standards-based, IETF RFC5798 interoperable with non-GE Devices • Enables Active/Standby scenario with a fast switchover between Standby to Active • Two VRRP routers connected (via Ethernet) negotiate who’s Active and who’s Standby based on pre-configuration • Active router assumes VRRP IP and MAC addresses and communicates them to downstream devices. • Downstream devices must have their IP Default gateway set to VRRP IP address • VRRP Routers exchange hello packets periodically to ensure the other side is alive • Supported on both Orbit MCR and ECR, with single or dual RF interfaces of any type • Interesting for 900Mhz ISM  a “virtual” Master Station

  36. High Availability: VRRP, Virtual Router Redundancy Protocol • If the standby stops hearing the Active’s hello packets it assumes that it’s down, and then claims the Active router status, takes over the VRRP IP/MAC Carrier A Carrier B Carrier A Carrier B ECR A ECR B ECR A ECR B FAULT Active Active Standby VRRP IP + MAC VRRP IP + MAC If a failover occurs as a result of a fault on ECR A (or carrier A – Q4 2016) then ECR B assumes the Active status. As a result, ECR B now assumes the VRRP IP and MAC addresses and acts as a default gateway for the downstream devices. switch switch RTU RTU RTU RTU IP Default Gateway = VRRP IP IP Default Gateway = VRRP IP

  37. High Availability: VRRP, Virtual Router Redundancy Protocol • Phase I: Standard-based, basic VRRP implementation. It is agnostic to whatever RF interfaces exist or are in use (be careful with overlapping radio frequencies) • Phase II: Tie between VRRP and RF interfaces • Without such a tie, the VRRP protocol has no awareness if the RF interface is active and passing traffic. It protects only against loss of Active router at Layer 3/as a whole • With the tie, you can program Orbit to failover from A to B the active router’s RF interface is down, or is no longer passing IP (ie. If carrier or upstream backhaul network is hoses) VRRP Phase II Protection Mechanisms • Primary router is at fault, or is powered down • Primary router is no longer reachable • Loss of Ethernet connection between primary router and switch • Loss of RF uplink on primary router • RF Uplink is still up on primary router, but not passing traffic

  38. Benefits: Enables path redundancy in a Layer 2 switched domain Standard Based Spanning Tree Protocol (STP) support with RSTP coming in 2015 Redundancy: Spanning tree can be configured on any Layer 2 physical wired or wireless interfaces (e.g Ethernet or NX915/LN4/LN9) or on logical interfaces such as Bridges or Layer 2 GRE tunnels Flexibility: Enabling Spanning Tree over Wireless Links provides more flexibility in uplink redundancy and allows multiple sites to be able to talk to one another simultaneously with redundant paths High Availability: Spanning Tree Protocol (STP) Example Site 2 STP ROOT Forwarding Forwarding Cellular Carrier Network Blocking Site 1 Site 3 L2 GRE Tunnel

  39. Orbit Network High Availability Summary

  40. Concurrent Routing • In situations where multiple traffic streams need to transfer over Orbit (e.g. Video, SCADA, VoIP etc…), Orbit offers the ability to route each application over a different path • Example: • Licensed Network: • Route all SCADA traffic over the licensed network with high priority and with a 32Kbps throughput • If the licensed network becomes unavailable (e.g. maintenance), automatically route SCADA over cellular • Route network management over the licensed network with low priority and a max of 5Kbps throughput • Cellular Network: (future: unlicensed broadband network) • Route all bandwidth intensive Video traffic over the cellular interface • Route all VoIP Traffic over the cellular interface • Route all workforce mobility traffic over the cellular network Wireless connection Secure VPN Tunnel Licensed Network Local Network Cellular Network Orbit RemoteAt Critical Site Cellular Network Control Center Cellular Carrier Network VPN

  41. Orbit supports a full fledged bridging capability via its integrated Layer 2 switch Benefits: Enables full layer 2 managed switch capabilities for easier integration with 3rd party Layer 2 devices Bridging refers to a set of functions that operate at OSI Layer 2, ie, SWITCHING Bridging includes MAC learning, frame forwarding, based on destination MAC address, broadcasting for frames whose destination MAC isn’t in the MAC table, etc. Bridging covers VLAN operations, which is the segregation of the Layer 2 physical domain into virtual Layer 2 broadcast domains Orbit MCR supports full 802.1Q/P as well as STP (Spanning Tree Protocol) for Layer 2 loop-free redundancy protocol. Orbit supports a Layer 3 switch whereby a Layer 2 interface terminates on a virtual Layer 3 interface By default, Ethernet, Licensed/Unlicensed interfaces are placed in the same bridge 4096 VLAN IDs, 64 Concurrent VLANs, Native VLAN 802.1p/802.1Q full trunking support - set an Ethernet interface to access/trunk/etc… Layer 2 Switching/Bridging

  42. Full 802.1Q/p VLAN/Switching support with 64 VLANs and 4K VLAN Ids Licensed and Unlicensed wireless interfaces can operate in L2 or L3 modes. Default = L2 mode Cellular interfaces are Layer3-only. However using Orbit’s GRE tunneling, one can pass Layer 2 traffic over a cellular interface Concurrent Routing & Bridging: For maximum flexibility, Orbit supports Bridging/Routing from/to its various NIC cards/interfaces according to the table above. In general, cellular NICs support routing only (future L2TPvx support would allow bridging over a routed connection). Orbit Networking: Bridging & Routing Paths Summary Layer 2 Bridged Layer 3 Routed

  43. Quality of Service Intro • What it is: • A set of networking capabilities for management of traffic flows in a network • Orbit supports Egress QoS with up to 16 Queues • Inspection • Classification • Prioritization • Marking • Queuing • Shaping • Where Used, Benefits: • Benefits shows in congested networks that carry multiple applications or flows of traffic • Quality of Service enables operators to configure the network in such a way that critical traffic transits first in a congested network, with the end goal of reducing its latency and improving throughput • QoS is especially beneficial in low bandwidth networks such as narrowband

  44. QoS – Quality of Service QoS Defined • Management of traffic flows in a network • Orbit supports Egress QoS with up to 16 Queues • Packet processing: • Inspection • Classification • Prioritization • Marking • Queuing • Shaping QoS Benefits • Benefits shows in congested networks that carry multiple applications or flows of traffic • Quality of Service enables operators to configure the network in such a way that critical traffic transits first in a congested network, with the end goal of reducing its latency and improving throughput • QoS is especially beneficial in low bandwidth networks such as narrowband Data over egress interface Prioritized and with bandwidth allocated Data from ingress interface Orbit QoS SCADA SCADA Work Reports Work Reports Video Video

  45. Quality of service (QoS) is a set of functions performed in the Orbit firewall which allow Orbit to classify incoming network traffic and give preference and priority to certain types of traffic to transmit first. QoS is useful during congestion when a large amount of data is trying to squeeze out of a tinier interface (outgoing port bandwidth is less than incoming port bandwidth). QoS ensures that important traffic is sent out first with priority in order to reduce its latency and to reduce its probability of being dropped due to running out of buffers. Classification: incoming packets are inspected and classified based on Layer 2,3 or 4 header information (matching specific applications), and then assigned classes. Classifiers may include Ethertype, VLAN ID, 802.1p, source/destination IP, DSCP, TOS, TCP/UDP port numbers etc… Prioritization: Each class is then assigned a priority with local significance. Orbit supports 16 priorities, and the lower the number, the higher the priority/importance. Shaping: allocation of dedicated (or dynamic) uplink bandwidth% on a per class and application basis. Ie, SCADA = 20%, VoIP = 30%, Video = 35% etc… Priority Queuing (Strict): Traffic in a higher priority queue keeps on getting processed/switched until exhausted, then Orbit moves on to process packets from the queue next in line Fair Queuing: An internal algorithm runs between the various queues to ensure that severe congestion on one specific queue does not prevent other queues from transmitting. Orbit Advanced Quality of Service Capabilities PrioritizeShape Queue Classify Serial/Ethernet Licensed Narrowband Wi-Fi

  46. Animated QoS Animation Illustration They are then lined up in queues based on class-to-priority settings. Queue 1 is the highest priority, and Queue 16 is the lowest • IP SCADA • VoIP • Net Mgmt • Video • Email Queue 1 Packets arrive at ingress Orbit interface They are then inspected and classified/categorized based on Layer 2-4 header info Based on queuing mechanism setting, higher priority packets are let out first Queue 2 Queue 3 Queue 4 Outgoing Port/Radio Incoming Interface 16 Queues/Lanes Total Queue 16 • Prioritization: • Packets placed in Queue 1 are treated with highest priority • Packets placed in Queue 2 are treated with second highest priority • Etc… • Classification: • Look into Layer 2/3/4 header • If Layer 4 TCP/UDP port number = SCADA, then classify packet as SCADA and place it in Queue 1 • If Layer 4 TCP/UDP port number = SIP/VOIP, then classify as VoIP and place in Queue 2 • Etc…. • Queuing: • Strict Priority: process packets in Queue 1 for as long as it has packets in it. If Queue 1 becomes empty, then address Queue 2 etc… • Fair Queuing: like strict queueing, but every now and then pause processing of Queue 1 and address lower priority queues so they don’t wait indefinitely • Traffic Shaping: assign a certain bandwidth (kbps) for each queue and process accordingly

  47. QoS Example in Oil & Gas VoIP SCADA Orbit Licensed or Unlicensed Network Field/Maintenance Office Cellular Backhaul GPS ECR Fleet Management BackhaulEthernet, Cellular, Private SCADA Dual Radio Orbit MCR Access Point SCADA1 VoIP 16 Egress QoS Queues SCADA2 VoIP Net Mgmt SCADA2 ECR Wellhead • Architecture Characteristics: • Orbit’s advanced Quality of Service allows the convergence of multiple applications on the same network while allowing critical applications to be routed or switched first to minimize latency and improve determinism • Orbit’s QoS is important for networks with lesser bandwidth, such as the Licensed Narrowband as it allows the efficient utilization of the bandwidth to maximize determinism in the presence of multiple applications • Orbit supports 16 Quality of Service queues/priorities and classification of applications based on their Layer 2,3 and 4 header information (MAC addresses, VLANs, Source/Destination IP address, TCP/UDP ports etc..). In 2015 GE MDS will also release Traffic Shaping which will enable operators to carve a dedicated % bandwidth on the uplink on a per application basis.

  48. Orbit Networking: Serial Server • Terminal Server available on COM ports • Allows interfacing with legacy serial RTUs or controllers • COM: RS232, RS485 with RTS/CTS Flow control, and Baud Rate up to 230,400bps • Intake serial “data” (RTU/MODBUS/RAW) on the serial side, and packs it inside of IP/TCP/UDP packets • Granular packetization with Vmin and Vtime • Modes: Raw packets, TCP, UDP, Modbus, RTU, Unicast & Multicast • Supports point to point (IP/TCP/UDP) or Multipoint (UDP) connections Serial Server Vmin, Vtime Raw IP Encapsulation IP Encapsulated 32 Bytes Payload Serial RF Uplink IED Bit Stream

  49. Orbit Security Details

  50. Orbit Security Intro • What it is: • Advanced cyber security capabilities on Orbit platform across all radios/options • WurldTech Achilles Level 1 certified • FIPS 140-2 Level 2 certification in progress (government certified military grade encryption) • Orbit uses configuration wizards in its GUI to simplify the provisioning of complex security functions such as firewalling or IPSec VPN • Where Used, Benefits: • Orbit’s security framework built around modern utility requirements • Ensures a comprehensive protection for network against attacks and intrusions • Encryption helps ensures no eavesdropping especially on air • Firewalling blocks illegal traffic and permits only valid traffic • Authentication: enables only valid users or devices to log into the network and gain access after a user/password challenge • Secure Boot: Ensures that only hardware components paired together in factory would run on system, protects against physical alterations in future • Secure Firmware: Ensures that only factory-authenticated/authorized firmware can be run on Orbit

More Related