Express Interface (Xi) Technical Overview

EXPRESS interface
Technical Overview

What is Xi?
A simple Microsoft.NET interface for securely wrapping industrial automation systems, for both local and remote access.
Xi Client
Xi Client
Xi Client
Xi Client
Existing
Client
Xi Secure
Messaging
Xi Interface
Xi Secure
Messaging
OPC COM Server

Why was Xi developed?
New Microsoft-based client developments have moved to .NET
=> These application need a native .NET interface to talk to OPC COM servers, instead of each having to develop its own.
Before Xi (need a custom adapter for each type of OPC server)
.NET Interface “A”
COM/DCOM
.NET Client Application “A”
Custom Adapter
OPC COMServer
Custom Adapter
.NET Interface “B”
COM/DCOM
.NET Client Application “B”
Custom Adapter
.NET Interface “C”
COM/DCOM
.NET Client Application “C”
With Xi (Xi Wrapper is common to all types of OPC Servers)
OPC COM Server
.NET Client Application “A”
COM/
DCOM
Xi .NET Interface
Xi Wrapper
.NET Client Application “B”
.NET Client Application “C”

Is Xi a common interface?
Yes - Xi provides access to runtime and historical data, events, and alarms, all in one interface
Xi Integrated Client
Xi Integrated Client
Xi Alarm Client
Xi DA
Client
Xi History Client
Xi Interface
OPC DA
Server
OPC HDA
Server
OPC A&E
Server

Security model
Limited Access (e.g. no Writes)
Full Access
Full Access

Performance model
Remote Access Performance
Higher Performance
Highest Performance

Platform model
Open – Any platform using web services
Open
– Generally
Windows
Windows

Xi Interface Architecture
Multi-layer architecture to reduce interoperability problems
Client Interface
Server Interface
Standard code for OPC Wrappers
OPC COM
Server
Client
Base
Server
Base
OPC
Wrapper
WCF
Client
App
Alternate Server
Implementation
Developer-specific code
Standard code for the client
Standard code for the server
Developer-specific code

Xi Functional Architecture
Clients select resources (data/alarms/events) into lists, and add lists to endpoints for access
System Resources
Common to all clients
Client
App
Manage
Historical Alarms & Events
filter
filter
Historical
Data
Alarms & Events
Runtime.
Data
Read
Write
Client-specific Context
Subscribe

Security concepts
Base user privileges defined by access control list
Base encryption and authentication provided by .NET WCF
Read, write, and subscribe privileges for the user can be restricted based on location of the user and the client application being used (e.g. only approved client apps can write).
Patent pending (royalty-free license for use with Xi)

Security architecture
Server Discovery Endpoint
List of Resource Discovery Endpoints
One per server
Resource Management Endpoint
Read Endpoint
List of Resources
List of Resources
List of Resources
Only if authorized
List of Resources
Write Endpoint
Subscribe Endpoint
One per system
(may be redundant)
Client
Application
Secure
Access Controls

Dynamically opened
Multiple endpoints per client
Multiple lists per endpoint
Known only to the client

Poll or Callback

Server and endpoint discovery
PNRP Enabled Clients
PNRP Enabled Servers
PNRP Discovery of Servers
PNRP Discovery of Discovery Servers
Xi Discovery of Server Endpoints
Xi Discovery Server
Xi Discovery of Xi Server Endpoints
Manual Configuration of Server Address
Manual Configuration of Discovery Server Address
Non-PNRP Enabled Servers
Non-PNRP Enabled Clients
PNRP = Peer Name Resolution Protocol (Microsoft)

Endpoint interfaces
Used to locate servers
ServerDiscovery
Used to:
discover resources of a server,
create lists of resources,
create endpoints, and
assign lists to endpoints
ResourceManagement
Subscribe
Callback
Poll
Used to get the value of list entries
Read
Write
Used to update the value of list entries

Obtaining information about the server
Server Management Info Base (MIB)
Server capabilities and settings
Standard
MIB Objects
Vendor MIB Object descriptions
Server-specific management object values
Vendor
MIB Objects
(optional)

Finding objects (filtered browsing)
Objects located by their path (e.g. A/C/G)
Object
Hierarchy
A
Object
Attributes
InstanceId
B
C
Name
Description
ObjectTypeId
DataTypeId
ListDimensions
D
E
F
G
Flags
IsLeaf
IsReadable
IsWritable
IsCollectingHistory
FastestScanRate
Roles

Data lists

Data lists select data objects that are to be accessed via read/write/subscribe
Data lists can be created by the client or the server

Data Lists
Object
Hierarchy
A
B
C
E
F
G
D
data objects

Historical data lists

Historical data lists are data lists that contain historical values
Historical lists are updated as new values are received into the Data Journal

Historical Data Lists
Object
Hierarchy
A
B
C
E
F
G
D
Historical values

Alarms and events, like data, are accessed via lists, but membership in the list is defined by filters
Events are in lists only long enough for them to be reported via a subscription
Alarms stay in lists until they are acked/inactive
Alarms and event lists can be created by the client or the server

Event/Alarm
List
Filter Criteria
Area
Hierarchy
Alarm and event lists
Alarms and Events
Areas
Alarm/Event
Sources

Historical alarm and event lists

Historical alarm/event list membership is defined by filters
Historical lists are updated as new alarms/events are received into the Event Journal

Historical Event/Alarm
List
Filter Criteria
Event Journal
Areas
Alarm/Event
Sources
Historical Alarms and Events

Interface summary

Example specification page

Conclusion
Open
Additional security layered on top of traditional security mechanisms
Supports runtime and historical data, events, and alarms.
Additionally supports passthroughs
Provides:
Local access via NamedPipe bindings
LAN access via NetTcp bindings
Web access and off-platform access via REST interface & Http bindings