Nor-Cal_Controls-logo-Combination_Mark-CMYK with Tagline-2

Networking Equipment for SCADA

  • News

Part One

A SCADA network connects all of the devices and equipment at a solar PV site. It not only allows the SCADA server to communicate with the field devices, but it allows the various networked devices to communicate with each other. Typically, SCADA networks are integrated using a combination of fiber optic cables and copper wires.


This is the first of three articles covering SCADA networks. Let's start with the basics: the network equipment.


What types of hardware make up the network within a SCADA system? What are the main network components?

The main network components are switches (either managed switches or unmanaged switches), firewalls and routers. In modern systems, the router is typically part of the firewall. A firewall can provide the same functionality as a router with additional security features.


network and internet communication


Let's look at each of these SCADA hardware components individually.


What is a Firewall and why is it needed?

Firewalls are designed to repel external Internet traffic in order to keep your internal network safe and secure. You may think of a software program when you hear the term "firewall," but there are also hardware firewalls. The main advantage of hardware firewalls is that they provide protection for any and all devices connected to your internal network.


In modern networks, the hardware firewall is typically integrated into the router. It prevents unwanted access and provides network configuration capabilities. This is crucial for not only protecting your SCADA network, but for meeting regulatory requirements. For example, one of the few explicit technical controls that's required for NERC-CIP low-impact entities is to only allow necessary communications in and out of the facility and deny all other communications. 99% of the time, this is done using a firewall.


Firewall Overview:

  • Provides traffic monitoring and threat detection/prevention to/from internal network by investigating the passing data throughout all seven layers of the OSI model
  • Provides remote connection capabilities through SSL/TLS or IPSec VPN
  • Provides network protection and traffic control/monitoring capabilities

What role do Routers play in a network?

As the name implies, the router routes traffic between different networks. In order for different networks to talk to each other, you need a router to route between them. Each port on the router has an IP address that acts as a gateway to the network it is connected to.


Routers also have a part to play in access control. An Access Control List (ACL) prevents access to the network by source/destination IP addresses and plication port numbers monitoring. (Stateless Access Control)


Router Overview:

  • Routes traffic between networks
  • Calculates the fastest route to the final destination network through multiple dynamic protocols
  • Interface between the WAN and LAN
  • Important for access control (basic firewall functionality)
  • Firewall routers combine router and hardware/software firewall functionality

How are Root Switch(s) used in a network?

A switch is a piece of networking hardware that connects devices together. Unlike a router, which enables communication between different networks, switches enable communication within the same network. (LAN)

Multiple networked devices can be plugged into the switch, enabling them to communicate with each other via Ethernet. It is called a "switch" because it uses a method called "packet switching" to receive and forward data to/from the correct device.


How does it do that? The switch looks at the media access control (MAC) address on each device that's connected to each port of the switch. It has a MAC table that maps all of the ports and all of the MAC addresses for all the devices. When two devices want to communicate, the switch creates a point-to-point connection and prevents collision.


Remember that switches are for in-network traffic only. If any traffic is destined for an outside network, it is switched to the router port (Gateway), which then routes it to the appropriate network.


There are two main types of switches: root switches and field switches. The root switch is the main switch in a network and is centrally located at the network hub with the SCADA server. All of the servers and substation Intelligent Electronic Devices (IEDs) are connected to the root switch. Fiber cables connect the root switch to the field equipment. So, the root switch is the means by which the IEDs and servers communicate with the field devices, such as inverters and trackers.


This makes the root switch a critical piece of SCADA networking equipment. For this reason, the root switch is a managed switch, meaning you can log into it via the SCADA server and monitor activities inside it.


Root Switch Overview:

  • The main network switch
  • Managed, configurable ports, fiber and copper ports, centrally located
  • Co-located at the network hub with the SCADA server, Historian Server, and other critical components of the SCADA System
  • Managed switch with web interface (GUI)
  • May have ports assigned to specific network subnets (VLANS)
  • May have fiber-optic ports, RJ45 Ethernet ports or SFP bays
  • Supports redundancy using Spanning Tree Protocol
  • Usually connects directly to firewall router

What is a Field Network Switch?

Dispersed throughout the solar plant are small switches called field network switches. They connect the network hardware as well as field devices like inverters and trackers, allowing them to communicate via Ethernet. The field switches then connect back to the main root switch via fiber cables.


Unlike root switches, most field switches are unmanaged or "dumb" switches. They don't have an IP address to log into in order to manage their activity. However, some plant owners require managed switches at the field level as well.


Field Network Switch Overview:

  • Used to connect devices and equipment in the field so they can communicate via Ethernet
  • Rugged, fiber and copper ports, located near field devices
  • Typically unmanaged with no web interface
  • Connects back to the root switch via fiber cables

What is a Media Converter used for?

Media converters are simple devices used to connect two devices or Local Area Networks (LANs) that aren't entirely compatible, due to different speeds, operation types, modes or media types (twisted pair, fiber, coax, Ethernet). "Media" is the means of communication, such as an electrical signal within copper wires, or light within fiber optic cables.


In a SCADA network at a solar plant, media converters are most often used to insert fiber segments into copper networks. Fiber is used to communicate over long distances, which makes it ideal for large, sprawling solar farms. The fiber is terminated in the patch panel. From there, it is sometimes necessary to convert the means of communication from fiber to copper wires. To bridge the fiber-to-copper conversion signal, you use a media converter.


Many newer network switches, routers and even firewalls are, or can be fitted with, fiber optic ports so media converters are not necessary.


Media Converter Overview:

  • Used to bridge fiber and copper networks, supports TCP/IP and serial communications
  • Converts from copper network media to fiber optic media, or the reverse
  • Often used in pairs
  • Some media converters can plug directly into serial ports

What are Small Form-factor Pluggable Transceivers (SFPs)?

SFP stands for "small form-factor pluggable," which is a compact, hot-pluggable network interface used for data communications. A "transceiver" is a device that can both transmit and receive data. This sounds complicated, but SFP transceivers are simply small metal devices that plug into a special slot on a network switch called an SFP bay. They support communication over either fiber optic cables or copper wires.


So why are they needed? They help different switches communicate with each other. SFP ports enable switches to connect to a variety of fiber and Ethernet cables in order to expand data exchange functionality throughout the network. Network switches do have fiber and copper ports, but SFP ports give you much more flexibility. Based on the requirements of the network, you could add more fiber or Ethernet connections if you needed to, or easily replace or remove them.


There are some potential issues of compatibility with SFPs. Some SFPs from different manufacturers are not compatible (despite sharing the same speed, mode and wavelength) due to the proprietary nature of the devices they're plugged into.


SFP Transceiver Overview:

  • Usually LC fiber connection (fiber and copper available)
  • Speed—10t , 100t , 1000t (Gigabit)
  • Mode—Single mode (SM), Multi-mode (MM)
  • Wavelength—commonly 850 nm, 1300 nm, and 1550 nm
  • Longer wavelengths = lower losses = greater distance

Learn More About SCADA Networks

This is the end of Part 1 of our article series on SCADA networks. Learn more in Part 2, covering common SCADA networking protocols.

If you are a solar industry professional who wants to learn more about SCADA networking, we invite you to our quarterly Solar PV Operations Training. SCADA networking comprises a large portion of the training. The training is system agnostic, meaning it can be applied to any SCADA system platform. Hope to see you there!


Kaveh Zarei

Written by Kaveh Zarei