Data extraction through 800xA to a corporate network
Voted best answer
It is not recommended to expose the DCS network to corporate network. Hence, you will need
1. Hardware firewall (like Cisco,Dlink etc.) to protect the DCS network.
2. OPC tunnelling software (from Matrikon/Kepware etc.) to channel OPC data from 800xA OPC server to third party OPC client which is in corporate network. (Since DCOM communication isnt possible through firewall). You need to pick data from OPC surrogate progid i.e. AfwOpcSurrogate process from aspect/connectivity server.
If Smart Client is being used as mentioned earlier in this post, tunnelling software isnt required. Smart Client has specific ports for which rules can be set in firewall.
You can access every 800xa node with OPC, the feature is called 800xA OPC Support and in the licence "OPC Client Connection". With every third party OPC Client you can connect to the ABB OPC Shadow Server to read and write data.
(see 3DS011222 "System 800xA 5.1 Configuration" for details)
As you probably already know, using OPC between 2 different domains basically does not work. To get round this limitation use a "Tunneller"
Matrikon sell a tuneller but personally I prefer Cogent's OPC Data Hub... http://www.cogentdatahub.com/Products...
There are probably several other alternatives.
Connect an OPC Client to the AfwOPCDaSurrogate server on any 800xA client node, then use the tunneller to pass the data accross to the corporate network through your firewall. OPCDataHub has all the features you need (and more).
If you do not need real time data then instead you can use an OPC-HDA client to connect to the basic History server in the 800xA system. If you are using a reporting package ( like for example DreamReports... http://www.dreamreport.net/ ) Then this can reduce the amount of traffic required and correspondingly the load on your OPC server. Also the good thing about History Data Access is you can allways recover data even if the OPC link stops.
OPC communication uses random TCP/UDP ports between 1024 to 65535. So in most of the corporate network it is not recommanded to ennable these ports in firewal which will intend security threat. My suggestion is to use Smart Client which is a firewall friendly and more secured as it communicates through one specific port which is also an user configurable one.
If you are ok on compramizing the security then follow the below steps,
1)Open the above said ports between your control and Corporate network
2)Perform DCOM settings on your OPCDA Server node & OPCDA Client node. Find more details[http://www.matrikonopc.com/dcom-configuration-opc.aspx]
3)Use any third party OPC Client and connect it to ABB.AfwOPCDaSurrogate from Aspect Server or Connectivity Server.You can try MatrikonOPCDA Explore as a OPCDA client which is free [http://www.matrikonopc.com/products/opc-desktop-tools/opc-explorer.aspx]
Another solution beside the fine answers you have recieved, is to use Datadirect with Excel, given you need data in less than realtime. Excel can be scheduled to read any data in the system, and then you could write a macro which updates an external database, using whatever security needed.
To security: It would be recommended that the Excelor OPC client "sits" in the DMZ first and then is accessed by the other party within the DMZ. Tunnelers could be considered problematic is a Secure environment as they by-pass Firewalls and Routers. Think on how VPN's function.
Just a thought.