Migrate Multi-Protocol Legacy Networks To Secure IP VPN
Legacy SCADA networks have become outdated and generally do not support communications to multiple host sites. Most common SCADA networks involve radio or leased line connectivity into substations which requires a one-for-one hardware solution. Remote Terminal Units (RTU’s) need a modem/radio to modulate and the host requires another device to demodulate. This makes the need for a dual host scenario for redundancy hard to manage and very expensive.
A standard utility solution with two remote RTU’s communicating to a single host. The RTU has a serial connection to the radio/modem which uses licensed or unlicensed radio frequencies. At the host end, a single front end processor (FEP) port is connected to a demodulation modem. This has the user purchasing twice the hardware needed for what is ultimately a poor host end solution.
The function of a router is to convert IP-based data from one addressing scheme to another, for example, public to private addressing. All routers do this but very few incorporate a cellular modem designed to meet commercial and industrial grade requirements. A router supporting VPN in various encryption modes like 3DES or AES is fairly common, but again finding one with a cellular modem, not just a PCMCIA card, further limits your selection. Also, most routers encapsulate legacy protocols by bundling them into IP packets for file transfer over a cellular data link, creating unacceptable latency and efficiency problems.
THE ENCORE SOLUTION
Encore Networks provides a complete, end-to-end SCADA solution with its seamless IP network migration strategy. Encore’s BANDIT™ family of environmentally hardened (rugged) routers support Legacy SCADA protocols to IP conversion and supports both connections simultaneously. This allows the customer to migrate to IP as budget and time allows. The SCADA network becomes secure by using VPN to connect the entire network.
The RTU can be connected to the BANDIT 2™ or BANDIT 3™ using a serial connection. When the RTU is upgraded or replaced with IP, the connection is changed from serial to Ethernet. Since the VPN network is already in place, only the cable needs to change and will terminate on any IPsec supporting device. Encore’s VSR 1200™ will terminate up to 480 remote connections and can support up to 24 ports of serial connections on the FEP. The VSR 1200™ can also be stacked to support an unlimited amount of serial connections.