Express Interface (Xi) Technical Overview

1. EXPRESS interface Technical Overview

2. What is Xi? A simple Microsoft.NET interface for securely wrapping industrial automation systems, for both local and remote access. Xi Client Xi Client Xi Client Xi Client Existing Client Xi Secure Messaging Xi Interface Xi Secure Messaging OPC COM Server

3. Why was Xi developed? New Microsoft-based client developments have moved to .NET => These application need a native .NET interface to talk to OPC COM servers, instead of each having to develop its own. Before Xi (need a custom adapter for each type of OPC server) .NET Interface “A” COM/DCOM .NET Client Application “A” Custom Adapter OPC COMServer Custom Adapter .NET Interface “B” COM/DCOM .NET Client Application “B” Custom Adapter .NET Interface “C” COM/DCOM .NET Client Application “C” With Xi (Xi Wrapper is common to all types of OPC Servers) OPC COM Server .NET Client Application “A” COM/ DCOM Xi .NET Interface Xi Wrapper .NET Client Application “B” .NET Client Application “C”

4. Is Xi a common interface? Yes - Xi provides access to runtime and historical data, events, and alarms, all in one interface Xi Integrated Client Xi Integrated Client Xi Alarm Client Xi DA Client Xi History Client Xi Interface OPC DA Server OPC HDA Server OPC A&E Server

5. Security model Limited Access (e.g. no Writes) Full Access Full Access

6. Performance model Remote Access Performance Higher Performance Highest Performance

7. Platform model Open – Any platform using web services Open – Generally Windows Windows

8. Xi Interface Architecture Multi-layer architecture to reduce interoperability problems Client Interface Server Interface Standard code for OPC Wrappers OPC COM Server Client Base Server Base OPC Wrapper WCF Client App Alternate Server Implementation Developer-specific code Standard code for the client Standard code for the server Developer-specific code

9. Xi Functional Architecture Clients select resources (data/alarms/events) into lists, and add lists to endpoints for access System Resources Common to all clients Client App Manage Historical Alarms & Events filter filter Historical Data Alarms & Events Runtime. Data Read Write Client-specific Context Subscribe

10. Security concepts Base user privileges defined by access control list Base encryption and authentication provided by .NET WCF Read, write, and subscribe privileges for the user can be restricted based on location of the user and the client application being used (e.g. only approved client apps can write). Patent pending (royalty-free license for use with Xi)

11. Security architecture Server Discovery Endpoint List of Resource Discovery Endpoints One per server Resource Management Endpoint Read Endpoint List of Resources List of Resources List of Resources Only if authorized List of Resources Write Endpoint Subscribe Endpoint One per system (may be redundant) Client Application Secure Access Controls <ul><li>Dynamically opened

12. Multiple endpoints per client

13. Multiple lists per endpoint

14. Known only to the client</li></ul>Poll or Callback

15. Server and endpoint discovery PNRP Enabled Clients PNRP Enabled Servers PNRP Discovery of Servers PNRP Discovery of Discovery Servers Xi Discovery of Server Endpoints Xi Discovery Server Xi Discovery of Xi Server Endpoints Manual Configuration of Server Address Manual Configuration of Discovery Server Address Non-PNRP Enabled Servers Non-PNRP Enabled Clients PNRP = Peer Name Resolution Protocol (Microsoft)

16. Endpoint interfaces Used to locate servers ServerDiscovery Used to: discover resources of a server, create lists of resources, create endpoints, and assign lists to endpoints ResourceManagement Subscribe Callback Poll Used to get the value of list entries Read Write Used to update the value of list entries

17. Obtaining information about the server Server Management Info Base (MIB) Server capabilities and settings Standard MIB Objects Vendor MIB Object descriptions Server-specific management object values Vendor MIB Objects (optional)

18. Finding objects (filtered browsing) Objects located by their path (e.g. A/C/G) Object Hierarchy A Object Attributes InstanceId B C Name Description ObjectTypeId DataTypeId ListDimensions D E F G Flags IsLeaf IsReadable IsWritable IsCollectingHistory FastestScanRate Roles

19. Data lists <ul><li>Data lists select data objects that are to be accessed via read/write/subscribe

20. Data lists can be created by the client or the server</li></ul>Data Lists Object Hierarchy A B C E F G D data objects

21. Historical data lists <ul><li>Historical data lists are data lists that contain historical values

22. Historical lists are updated as new values are received into the Data Journal</li></ul>Historical Data Lists Object Hierarchy A B C E F G D Historical values

23. <ul><li>Alarms and events, like data, are accessed via lists, but membership in the list is defined by filters

24. Events are in lists only long enough for them to be reported via a subscription

25. Alarms stay in lists until they are acked/inactive

26. Alarms and event lists can be created by the client or the server</li></ul>Event/Alarm List Filter Criteria Area Hierarchy Alarm and event lists Alarms and Events Areas Alarm/Event Sources

27. Historical alarm and event lists <ul><li>Historical alarm/event list membership is defined by filters

28. Historical lists are updated as new alarms/events are received into the Event Journal</li></ul>Historical Event/Alarm List Filter Criteria Event Journal Areas Alarm/Event Sources Historical Alarms and Events

29. Interface summary

30. Example specification page

31. Conclusion Open Additional security layered on top of traditional security mechanisms Supports runtime and historical data, events, and alarms. Additionally supports passthroughs Provides: Local access via NamedPipe bindings LAN access via NetTcp bindings Web access and off-platform access via REST interface & Http bindings