G500-4004 l G500/G100 Configure Network Communications v1

L&D for Protection and Control

5 Mar 202421:14

Summary

TLDRThis video provides a comprehensive guide on configuring network communications for the G500 and G100 devices. It covers the setup of network connections, including Master/Client stations, Modbus TCP, secure connections using SSH tunneling and SSL/TLS, as well as VPN server configuration. The video explains how to manage connections, modify application parameters, and secure communications through advanced settings. Additionally, it touches on configuring the CIS log client for secure event logging. With clear instructions, this video is an essential resource for users looking to optimize network communication and security in industrial control systems.

Takeaways

😀 The mCP supports efficient network communication through multiple protocols, including Modbus TCP, DNP3, and IEC 61850.
😀 Network connections can be configured for either client or master station server communication using selected protocols.
😀 The mCP allows for the configuration of multiple master stations, with up to eight supported, each with unique or identical data presentations.
😀 Network blocks, representing specific protocol client or server applications, are used to manage network connections within the mCP system.
😀 Custom map files must be created for specific protocols before network connections can be configured, although default maps are available.
😀 Modifying a network connection is simple: double-click on the connection and change the necessary parameters, then save the configuration.
😀 Deleting a network connection removes both the connection block and any configured devices, potentially leading to home directory mismatches.
😀 Application parameters can be customized and saved as profiles, which can then be applied across different connections or modified as needed.
😀 The mCP supports secure Modbus TCP SSH connections, providing enhanced security for machine-to-machine communication via key rotation and SSH settings.
😀 Secure connection relay allows SSL/TLS encryption for external client devices connecting to the mCP, ensuring secure communications over the network.
😀 The mCP can integrate with OpenVPN for a secure virtual private network (VPN), allowing remote access to protected substation services with certificate-based authentication.

Q & A

What is the purpose of the network communication overview in the video?
-The network communication overview introduces the different types of network connections supported by the mCP (multi-communication platform) and how these connections are configured for devices like the G500 and G100.
What types of network connections can be configured in the mCP?
-The mCP allows configuration of various network connections such as device client or master station server communications, with protocols including DNP3, IEC 60870-5-104, Modbus TCP, SNMP, and IC 61850.
How can a network connection be added in the mCP configuration?
-To add a network connection in the mCP, click the 'Add Connection' button in the connection tab, select the network connection type, and modify any specific parameters for the connection before saving.
What is a Master station connection in the context of the mCP?
-A Master station connection in the mCP represents a server application that can manage up to eight master stations. It is configured to handle communications with devices using a selected protocol, allowing the data to be presented in either identical or unique formats based on the server map.
What happens when a network connection is deleted in the mCP?
-When a network connection is deleted, the configured devices associated with it are also deleted, potentially causing a home directory mismatch in other parts of the configuration.
How are Modbus TCP SSH connections secured in the mCP?
-Modbus TCP SSH connections are secured using SSHv2 protocol. The mCP provides options for SSH key rotation, key transfer to IEDs (Intelligent Electronic Devices), and setting SSH server parameters like port number and username.
What is the function of a secure connection relay in the mCP?
-The secure connection relay establishes an SSL/TLS connection to ensure secure communication between the mCP and an external client device. This is especially crucial for services like DNP3 Master or Modbus TCP Master, where security is enforced using certificates and mutual authentication.
What are the key parameters when configuring a secure connection relay in the mCP?
-Key parameters for configuring a secure connection relay include the connection name, remote IP address, SSL/TLS port, maximum number of connections, and security features like session key renegotiation and peer identity validation.
How is a VPN server configured on the mCP?
-The VPN server on the mCP is configured by selecting a unique server name, specifying the network IP address and port number, setting encryption and authentication algorithms, and configuring the transport layer (TCP or UDP). Concurrent connections and custom options can also be set.
What is the role of the CIS log client in the mCP?
-The CIS log client in the mCP is responsible for transferring security and application event logs to a remote CIS log server. It can be configured to handle logs from various categories such as system events, user activity, diagnostic logs, and more, based on severity levels.