SCADA Solutions

Migrate Multi-Protocol Legacy Networks To Secure IP VPN

Printable Version

The Problem

Legacy SCADA networks have become outdated and generally do not support communications to multiple host sites. Most common SCADA networks involve radio or leased line connectivity into substations which requires a one-for-one hardware solution. Remote Terminal Units (RTU’s) need a modem/radio to modulate and the host requires another device to demodulate. This makes the need for a dual host scenario for redundancy hard to manage and very expensive.

Figure 1 depicts a standard utility solution with two remote RTU’s communicating to a single host. The RTU has a serial connection to the radio/modem which uses licensed or unlicensed radio frequencies. At the host end, a single front end processor (FEP) port is connected to a demodulation modem. This has the user purchasing twice the hardware needed for what is ultimately a poor host end solution.

The Encore Solution

Encore Networks provides a complete, end-to-end SCADA solution with their seamless IP network migration strategy. Encore’s BANDIT™ family of environmentally hardened (rugged) routers support Legacy SCADA protocols to IP conversion and supports both connections simultaneously. This allows the customer to migrate to IP as budget and time allows. The SCADA network becomes secure by using VPN to connect the entire network.

Figure 2 illustrates the Encore solution. The RTU is connected to the BANDIT 2™ or BANDIT 3™ using a serial connection. When the RTU is upgraded or replaced with IP, the connection is changed from serial to Ethernet. Since the VPN network is already in place, only the cable needs to change and will terminate on any IPsec supporting device. Encore’s VSR 1200™ will terminate up to 480 remote connections and can support up to 24 ports of serial connections on the FEP. The VSR 1200™ can also be stacked to support an unlimited amount of serial connections.

Figure 1

Circuit Diagram 1

Problem Summary:
  • Radio and leased lines
  • No encryption
  • Single host
  • Double hardware
  • Single point of failure

Figure 2

Circuit Diagram 2

Solution Summary:
  • Dual route support
  • Multiple host
  • Network agnostic
  • VPN–IPSEC – AES256 or 3DES (Encryption Algorithms)

BANDIT 2™ Data Sheet

BANDIT 3™ Data Sheet

VSR 1200™ Data Sheet