If you haven't received one of my emails or heard from a colleague about our latest TOP Server release, you may not have heard about the key new features in the TOP Server V6.5 release.
In this post, I'm going to go through the top 5 key features released in V6.5 in more detail and how they benefit you as a TOP Server user.
As such, it is becoming more generally accepted (and even recommended by ICS CERT) that system administrators have a strategy for updating ICS components, which includes TOP Server, instead of assuming that isolation, security, and air gaps are enough.
To that end, TOP Server V6.5 offers a number of new security enhancements and resources to help with secure implementation.
Current OS and OPC Interface Capabilities and Security
With TOP Server operating system support being regularly updated as new OS versions become available, you're covered. Full specifications, including OS support, are always available on the TOP Server website here.
Project File Encryption
Project files in TOP Server regularly contain customer proprietary information on an organization’s network, processes and control devices. For example, it's common for project files to contain device IP addresses, passwords to access the PLC, process tagnames and related memory addresses.
As such, it's important to protect such information to avoid issues with cybersecurity and client intellectual property concerns. To address this, TOP Server V6.5 gives you the ability to encrypt and password protect .opf project files (NOTE: .json formatted files are not affected) for security during transfers of the project either to other users or other instances of TOP Server.
The encryption mechanism used is such that it wouldn't be practically feasible to attack using brute force methods.
Administrator Password during Installation
To ensure the secure operation of TOP Server, users really need to consider utilizes a strong administrator password in the built-in User Manager. To help remind users to set a password for the Administrator user, starting with V6.5, you are now encouraged to set an Administrator password during the TOP Server installation process. This helps to enhance the security of your server even before you begin to configure it.
When presented with the User Manager Credentials dialog during the installation, you'll want to set a strong administrator password. It is recommended that the password be at least 14 characters in length and include a mix of uppercase and lowercase letters, numbers, and special characters. And you should also avoid well known, easily guessed, or common passwords.
And it is imperative that, if you choose to set a password, that you store the password securely - they are not recoverable and will require re-installing the product if lost.
You'll want to work with your IT department on centralized storage of this information, considering that you might not be working for the company or available when another employee needs this information.
Back-end Security Updates
To continue protecting against constantly evolving encryption-breaking technology, TOP Server V6.5 has updated encryption algorithms throughout the product, and we'll continue to update those algorithms to ensure the on-going security of the application as part of the continuous improvements process you're familiar with.
Additionally, third-party components utilized by TOP Server are upgraded as vendors make them available to utilize the most modern security components and encryption available, further combating cyber threats.
You may recall that, in the TOP Server V6.4 release, we added a new driver for MQTT Client connectivity. MQTT (Message Queue Telemetry Transport) is a lightweight message protocol used to connect a wide variety of IoT and industrial automation devices using a publish/subscribe model for communications.
MQTT is commonly implemented in sensor networks which can be used to connect legacy machines having no other connectivity options, as a lower cost alternative to replacing that legacy hardware. Such sensor information is routed through a gateway, which then published the data via MQTT.
Also, aside from sensor networks, there are a number of other industrial automation devices starting to implement MQTT as an option for transferring data, including PLCs and HMIs.
With TOP Server V6.5, the MQTT Client driver now supports Automatic Tag Generation (ATG), significantly simplifying the tag creation process in TOP Server.
By simply subscribing to an MQTT topic and consuming data over a configurable period of time, the driver will create tags based on the data sent to that particular topic.
Torque tools (or torque wrenches) are widely used in discrete manufacturing to apply a specific torque to a fastener such as a nut or bolt. Advanced torque tools are connected, and send information on tightening results and device status back to a controller which is typically collected for traceability and process improvement purposes and, also, allows settings to be downloaded to the device in order to automate fastening.
The Torque Tool Open protocol is commonly supported by such torque tools and is the protocol utilized by the TOP Server Torque Tool Ethernet driver for integration of those tools with HMI/SCADA and other control systems. As new tools utilizing the Torque Tool Open protocol enter the market, new revisions of the protocol supporting additional parameters known as Message IDs (MIDs) are introduced.
With V6.5, the Torque Tool Ethernet driver has been updated to support additional MIDs for compatibility with a greater range of torque tools and provide additional data from those tools.
Support has been added for the following additional MIDs:
Support for these new MIDs to give users of the Torque Tool Ethernet driver more visibility into and control over tightening processes in their applications.
More and more of our TOP Server users continue adopting the latest Siemens technology, particularly S7-1200 and S7-1500 controllers. With those controllers came an updated programming and configuration platform called TIA (Totally Integrated Automation) Portal.
You may recall that, starting with TOP Server V6.2, we have already added a TIA Portal Exporter utility that allows you to generate an export file of your TIA Portal tags for use in automatically creating your TOP Server tag database, in those situations where you prefer to maintain a static tag database in your TOP Server project using drivers in the TOP Server Siemens Suite.
Since the V6.2 release, Siemens has released Service Pack 1 for Version 14 (V14 SP1) and Version 15 of TIA Portal. So in TOP Server V6.5, the TIA Portal Exporter Utility has been updated to support these new updates. The utility remains backwards compatible with V13 and V14.
This utility installs on your TIA Portal machine, allowing it to open your S7-300, S7-400, S7-1200 or S7-1500 TIA Portal projects and select program blocks, tag tables or individual tags for generation of the corresponding tags in TOP Server. Auto tag generation was previously only available for older S7-300 and S7-400 controllers still using Step7 for programming and configuration.
The utility produces a .TPE file format that can then be imported by the TOP Server S7 Ethernet driver for auto generation of static tags.
Additionally, the TIA Portal Exporter utility now supports the following capabilities:
This greater compatibility and ease-of-use should further streamline the tag creation process for Siemens users.
And last but certainly not least, TOP Server V6.5 further expands support for ControlLogix controllers with added support for Firmware Revision 31. This includes support for the new CIP Energy Object-backed Tags included with that particular firmware revision.
CIP Energy object-backed tags are used in automated processes to monitor and manage energy usage for the following purposes:
In manufacturing environments moving more and more towards greater efficiency and smarter energy consumption, these new Energy tags provide the data needed by control systems to increase the efficiency and overhead of the process they are controlling.
For a full list of supported ControlLogix Firmware revisions by controller model in V6.5, click here.
These and the other features not covered here provide more secure operations with greater ease-of-use, compatibility and performance. As always, a list of the other enhancements and features is in the TOP Server V6 release notes that we just don’t have room to cover here.
Want to see TOP Server V6.5 for yourself? Download the free trial.