Alternative to Data Diode switches for ControlLogix to ControlLogix comms

sanger · Feb 9, 2020

I have an application where one ControlLogix needs to read data from another ControlLogix. The second PLC is part of a validated pharma process and it needs to be possible to guarantee that the first PLC can only read and never write data to the second PLC. I have seen so called “Data Diode” switches that understand the Ethernet/IP protocol and enforce the one way data path buy they are very expensive. I’m wondering if there are any less expensive solutions that will achieve the same goal.

dmroeder · Feb 9, 2020

I don't know much about Pharma rules but the Producer/Consumer model of exchanging data is one way communication. Of course, it would require you to modify your validated PLC in order to create the Produced tag.

Another method, might depend on your firmware revision, would be to find the tags you want to read and change their external access property to Read Only. Then you could use a message from your non sensitive PLC to read the tags from your pharma validated PLC.

sanger · Feb 9, 2020

dmroeder said:
I don't know much about Pharma rules but the Producer/Consumer model of exchanging data is one way communication. Of course, it would require you to modify your validated PLC in order to create the Produced tag.

Another method, might depend on your firmware revision, would be to find the tags you want to read and change their external access property to Read Only. Then you could use a message from your non sensitive PLC to read the tags from your pharma validated PLC.

Any modifications to the protected PLC will open up a whole can of worms so options that avoid that are preferred.

shawn_75 · Feb 9, 2020

Is there an HMI that's less tightly controlled that can do the data exchange for you?

drbitboy · Feb 9, 2020

Does the controlled CL have a web server?

timryder · Feb 9, 2020

Why not use a SQL server as a mediator between the two PLC's.

rdrast · Feb 9, 2020

Can you not just issue a MSG Read instruction in the non-validated PLC?

AustralIan · Feb 10, 2020

Get your Linux admin to install a deep packet inspection filter on the firewall that only allows the particular ethernet IP cip service you want to allow (and allow all responses).
Might be a bit if wireshark poking around.
If you are the Linux admin yourself, I am sure you could set this up for free with one of the open source networking packages.

TheWaterboy · Feb 10, 2020

If the protected, validated PLC does not have this write protection built in, I would imagine that the validation spec would dictate what you can and can't connect it to. Just connecting it to anything might be a problem.
But if not maybe an EIP gateway would work. You set it up to only read and then use the second PLC to read from the gateway.

harryting · Feb 10, 2020

I used an EIP to EIP gateway from Anybus before for similar purpose. I did it to avoid "IT entanglement". It acted like a virtual interposing relay board. If you have V20 or higher then you can use EDS and treat it like a IO. You can still exchange data both way but this prevent one from communicate directly to the other PLC.

Alternative to Data Diode switches for ControlLogix to ControlLogix comms

sanger

Member

dmroeder

Lifetime Supporting Member

sanger

Member

shawn_75

Member

drbitboy

Lifetime Supporting Member

timryder

Member

rdrast

Lifetime Supporting Member

AustralIan

Member

TheWaterboy

Lifetime Supporting Member + Moderator

harryting

Lifetime Supporting Member

Similar Topics