ipConvLite

ipConvLite is a universal protocol converter for transferring data between different protocols. ipConvLite is based on ipConv and has basically the same abilities. In contrast to ipConv ipConvLite is designed for small to medium applications and has a lower performance.

ipConvLite is available in conjunction with the hardware models SEC3, MEC2, MEC2 PROFIBUS and MEC2 PROFINET. For wireless communication, the 4G LTE cellular model SEC3M is offered.

The following ipConvLite Use Cases illustrate some of the possible applications.

• Security at the highest level
• Communication between multiple data sources
• Simultaneous use of diverse protocols
• User-defined mapping of information
• Intelligent information processing
• No programming required
• Redundancy

• Secure access to all administrative services (HTTPS, SSH, SFTP)
• Role-based access protection with login and password
• User administration for local users
• Central user administration via Active Directory (LDAP) and/or RADIUS
• PKI and Crypto Store for certificate management
• Creation of self-signed certificates and Certificate Signing Requests (CSRs)
• Import and export of certificates
• Configuration of VPN tunnels (OpenVPN and IPsec)
• Firewall
• Safeguarded real-time Linux operating system
• IEC 62351-3 TLS protection for IEC 60870-5-104, IEC 61850, DNP 3.0, TASE.2 protocol stacks

• Assigning multiple IP addresses to one physical Ethernet interface
• Network management using an integrated SNMP agent
• NTP based clock synchronization
• HTTPS/SSH/SFTP access
• DHCP
• Bonding
• PRP
• VLAN

System configuration is completely executed in a web browser. No other special configuration tools are required, a normal notebook with a network interface card and web browser are all that is needed.

ipConv in its current version 4 enables encrypted communication between web server and browser via the HTTPS protocol.

The main menu provides access to all relevant functions of ipConv, showing the overall system status at a glance.

The following functions are available:

• Switching operating mode OPERATIONAL (unattended station) or MAINTENANCE (allows full access to all ipConv functions)
• Backup and restore the complete configuration
• License management (ADMIN)
  Installation of (DEMO-) licenses, (un-) limited and (un-) restricted licenses
• Software upgrade (ADMIN)
• Import configuration information from tables
  The Excel file can be imported directly (Supported formats: .xlsx, .xlsm, .csv)
• Edit configuration parameters
• Release and versioning of a station configuration
• Start up and stop the system
• Access diagnostic data (see also diagnostics)
• Access process image and data simulation (see also simulation)
• Creation of own logbooks
  Changes of normalized information are selectively documented in configurable logbooks for tracing or logging reasons over a period of time.
• Access current logfiles (see also logging)

The following example shows the configuration of a protocol stack (here   IEC 60870-5-101, Master). All parameters are shown with their configured values, relevant measurement units, and short descriptions.
A parameter value can be changed by clicking on the parameter name. A detailed description is also shown, if available. The entered value is checked for the permissible value range, or a selection list offers a pre-selection of permissible values.

Only relevant parameters are displayed, for instance, if the link layer type is set to "unbalanced", only the corresponding parameters are shown.

ipConv enables fast and efficient processing of large volumes of data points by allowing data import from tables. These tables are based on templates and may be processed with various spreadsheet programs, such as Microsoft Excel. The extended use of formulae minimizes the data volume, substantially reducing the number of errors.

With protocol converters it is essential that the state of all interfaces can be determined at a glance. This is all the more important, if the available personnel at the facility does not have particular knowledge of the system.

The diagnostic data can be accessed with the DIAGNOSTICS button in the main menu. The most important information is provided subdivided and in plain text with time stamps. Colored highlights indicate whether a state is OK or not.

You can configure the type of information, descriptions and colors.

Plain messages, measured values, and also control commands, such as a button for initiating a general poll, can be shown.

With all communication applications, it is always essential to know which data is transmitted via the protocol and how the data is converted from one protocol to another. And it is even more important when problems occur with transmission. ipConv features logging and archiving functions for all data traffic.

ipConv allows you to keep track of the system state and information flow inside the converter by recording and archiving all information passing through a module for a given time period. This data can be recorded:

• All data to/from ipConv sent and received via the relevant communication module
• System messages, i.e. connection abortion, communication error messages etc.
• Configuration and software error messages

The range of data recorded is defined by the logging level. This can be changed dynamically (at runtime) or statically (in the configuration) for each module.

29.01.20 11:38:15 IECAppl3 communication with link layer established !
29.01.20 11:38:15 cid=1 open !
29.01.20 11:38:15 cid=3 open !
29.01.20 11:38:15 cid=4 open !
29.01.20 11:38:15 cid=1 connected !
29.01.20 11:38:15 CA=1: starting GI ...
(2): << 15.473 [1] C_IC_NA_1 SQ=0 NUM=1 T=0 P/N=0 CT=<act> ORG=<0> CA=<65535>
               0: QOI=<14> 
29.01.20 11:38:15 CA=2: starting GI ...
(2): >> 15.526 [1] M_DP_TB_1 SQ=0 NUM=4 T=0 P/N=0 CT=<spon> ORG=<0> CA=<1>
             115: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.980 STD> 
             116: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.980 STD> 
             117: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.981 STD> 
             118: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:04.981 STD> 
(2): >> 15.527 [1] M_ME_NA_1 SQ=0 NUM=4 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
             142: NVA=<27944> QDS=<OK> 
             143: NVA=<27968> QDS=<OK> 
             144: NVA=<28013> QDS=<OK> 
             145: NVA=<28095> QDS=<OK> 
(2): >> 15.527 [1] M_DP_TB_1 SQ=0 NUM=1 T=0 P/N=0 CT=<spon> ORG=<0> CA=<1>
             114: DIQ=<OFF  Q=OK> BT7=<29.01.20 11:38:06.982 STD> 
(2): >> 15.527 [1] M_ME_NC_1 SQ=0 NUM=2 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
             135: SFP=<267> QDS=<OK> 
             136: SFP=<140> QDS=<OK> 
(2): >> 15.527 [1] M_SP_TB_1 SQ=0 NUM=1 T=0 P/N=0 CT=<spon> ORG=<0> CA=<133>
         7750142: SIQ=<OFF Q=OK> BT7=<29.01.20 11:38:07.430 STD> 
29.01.20 11:38:15 ERROR: ASDU from CA=133, unknown CA or received on unexpected connection !
(2): >> 15.527 [1] M_DP_TB_1 SQ=0 NUM=2 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
             118: DIQ=<ON   Q=OK> BT7=<29.01.20 11:38:07.981 STD> 
             119: DIQ=<ON   Q=OK> BT7=<29.01.20 11:38:07.981 STD>
(2): >> 15.527 [1] M_ME_NC_1 SQ=0 NUM=3 T=0 P/N=0 CT=<spon> ORG=<0> CA=<2>
             137: SFP=<120> QDS=<OK> 
             138: SFP=<226> QDS=<OK> 				 
		

ipConv is capable of representing and simulating all signals in a simple project-specific form, a functionality which is particularly useful for signal tests during commissioning. This greatly facilitates tracking down wiring and configuration errors.

All data points can be shown in a hierarchical form defined by the configuration. Names, nesting depth and signal range can be freely chosen and configured for each project. This enables personnel not familiar with ipConv or the relevant protocol to access information.

The signal name, information type, value, quality identifier and time stamp (if available) are shown.

At the same time, data and commands can be simulated directly in the web browser. This functionality is very useful, if only one communication partner is connected (control station or RTU). Pretests can thus eliminate most configuration errors, even if the complete communication path is not yet available.

To meet even increased security requirements, ipConvLite is fully capable of redundancy in combination with a second device.

• Line redundancy
• Information redundancy
• Device redundancy (hot-standby, parallel operation)

With redundant protocol converters, reliability can be ensured, based on the "hot standby" principle. At any one time only one device assumes the active role, while the passive device monitors the active one and takes the initiative if it fails.
This minimizes downtime due to maintenance work or component and interface outages, for example.

The redundancy coupling can be realized via Ethernet as well as over serial connections. If separate serial communication connections must be connected to both redundant devices, the CS channel switch will be applied.