The OPC Foundation, and supporting sponsors are hosting the free, one day technical training seminars again this year.  The plan is to hold six sessions this year.

The first OPC Seminar will be conducted on February 21, 2007 at the Marriott Greenville in Greenville, SC.  The seminar will start with registration and continental breakfast at 8:00 AM and the program will begin at 8:30 AM. The seminar will cover all aspects of OPC Technology from OPC Servers to OPC Clients to OPC Best Practices.

There is no cost for the seminar but registration is required.

If you are an end-user, system integrator, or involved in automation projects, and are new to OPC this is a good way to get immersed in the basics and a great opportunity to see many OPC vendors and products in one shot.  If you’re a vendor you might consider sponsoring the events, which averaged over a hundred attendees per session last year.

Nick’s latest posting over at ProSoft came across a blog entry on OPC in comparison to other Ethernet protocols, like Modbus.  Nick asked what I’d have to say, so I gotta say something, now don’t I?  Actually the article is rather fair, and makes some good points, but of course the discussion favors Modbus.  As I’ve said before,  OPC and Modbus are complementary protocols, and each has it’s merits in different installations.

I would like to add a few comments to the list of ‘limitations’ discussed about OPC.   Here’s the excerpt from the posting:

In comparison, OPC DA is a much more sophisticated protocol by design.  It incorporates many of the capabilities missing in the open Ethernet protocols:

• OPC supports the data discovery by tag browsing capability.

• Data quality and time stamps can be available as an attribute of the value.

Although there may be some who will argue with me, my experience is that the COM architecture (that OPC is built upon) is proven and sufficient for real-time data communications.  However, when applied to real-time, plan-floor network communications between different vendors, OPC DA runs into big limitations such as:

• The performance and stability of communications is many times dependent upon the characteristics and design of the OPC Server.  The OPC Client application almost needs to be tuned or designed for the characteristics of the OPC server that it is addressing.

• OPC is too big and difficult to implement for embedded systems.  Because it is built upon Microsoft technology, it is not easily ported to other operating systems.

• The configuration of DCOM between networked nodes is tricky and easily broken.  OS service packs can undo DCOM settings breaking the communication links.

• Because data sources are implemented as Servers, passing data between two data sources requires a middleware of some type of two-headed client.  Often these applications add another layer of complexity and unreliability.

• Redundant OPC applications require proprietary components and implementation.  I have yet to hear of a successful out-of the-box redundant OPC application.

Here’s my two cents on some of the points:

• On the point about performance being dependant on the OPC Client and Server design, I’d argue this is true for ANY software communications.  Modbus Master/Slaves are just as susceptible to this sort of thing.  Protocols are only as good as the implementation, for example a Master polling a Slave faster than it can handle requests can cause problem.

• Yes, OPC/Microsoft COM is big for an embedded system, and Microsoft centric.  There are OPC products for Windows CE, Embedded XP, etc.

• DCOM is tricky.  Got to agree on that, and DCOM can cause a lot of frustration to OPC users the first times around.  However with proper understanding and configuration this gets easier.   Also you can get the benefits of OPC, with the networking of TCP  by using OPC Tunnelling.

• Same is true for Modbus.   A Master is needed to pass data between two Slaves.

• Again same is true for Modbus.   Since Redundancy is not part of the specifications, then redundancy handling must be designed into the products, or applications that handle redundancy are required in the architecture.

As to successful out-of-the box redundant OPC solutions, here’s a small sampling:

Agrium Integrated Plant Wide Open Communication
Santee Cooper Automates Processes
OPC Redundancy in Critical Plant Application
OPC Redundancy for Nuclear Power Plant
Enbridge Energy Achieves Robust Redundancy
OPC in safe Burner Management System

(The Santee Cooper example is actually using an OPC Server for Modbus as part of their architecture.)

Having been a part of both projects, I know that Herman and Lee did have some difficult times.   As was mentioned, these gentlemen are early adopters of new technology driving their organizations.   Early adopters often have projects or applications that push the limits of technology and software.  Sometimes this is limitations of the specification, but usually it’s the growing pains of the specific applications.  I’ve rehashed Lyondell’s challenges before, and    without getting too deep into project details, Shell had similar experiences.  The project involved many thousands of points, combined OPC DA and OPC Alarms and Events interfaces, with multiple levels of redundancy and high speed data requirements.  Multiple vendors, Stratus hardware issues, and work flow problems made the situation even more fun. 

Their reluctance to fully embrace OPC for large scale, mission critical applications is understandable, given their experiences.  Lessons were learned, and had those same projects been implemented today (as many others have), it most likely would have been a much different experience for both.  I’d also have to say, that knowing the background on some of the issues faced, a Modbus implementation would have not been a cake walk either, and some of the project requirements may not even have been possible to meet.

There will always be a place for different protocols, and it will be a long time before there is one to truly rule them all.  (Maybe OPC UA?).  From my seat, the automation industry has had many successes and is still moving forward with OPC.  It is also looking forward to OPC UA to see what solutions it may bring.

The S4 SCADA Security Scientific Symposium kicks off tomorrow.  It bears mentioning that there will be a couple of papers presented that discuss OPC specifically.   Here’s the excerpt from the agenda:
S4 SCADA Security Scientific Symposium 2007

OPC Exposed: Denial of Service Attacks
Ralph Langner, Langner Communications AG

It is well known that OPC does not include effective security controls and relies on DCOM.  Well, the problem is much larger than that. In this paper, several DoS attacks that have proven effective against OPC servers are discussed that could be carried out by attackers with no technical background or by malware. In addition, a man-in-the-middle attack is explained that could be used by an aggressive attacker to have a SCADA system assume normal operation while the process is running wild. Last but not least, suggestions for remedies are presented.

OPC Exposed: Protocol Analysis and Security Testing
Lluis Mora, Neutralbit

Although MSRPC services have been widely tested for security vulnerabilities, the tests have centered around the transport layer and not on the application layer that DCOM implements. In this paper, we present a security analysis of the Data Access specification with emphasis on the application layer, identifying theoretical weaknesses that implementers should take into consideration when developing OPC clients and servers. To validate our findings a vulnerability group test has been conducted against several OPC servers.

I think the work being done in this area and the increased focus on security in the SCADA and OPC worlds is a very good thing.   However, I would like to add a bit of context here.   These are not new, ground breaking concepts that have been dug out from under a rock somewhere.   These vulnerabilities have always existed, and many OPC users are very aware of them.   As with many other SCADA protocols/standards, the security and access control for systems was left to the operating system or external security setups.   Not saying that’s a good thing, that’s just the facts.   In these days of wireless access, globalization and increased security concerns, the ‘M&M’ model of a solid shell, and a mushy middle is no longer enough.   Defense in Depth is the new word of the day.   To that end, OPC UA have been designed with security in mind.  In addition, there are ways to increase the security of your existing OPC installations such as; proper use of DCOM settings, incorporating products like OPC Tunneller, and working with security aware OPC vendors.

What I hope many OPC users get from these papers (and what I believe the symposium hosts are trying to convey) is not that OPC is a scary communications choice, but rather when developing and implementing OPC architectures, Security should be a key consideration.

This is a completely unrelated side note, but it just jumped out at me from the agenda; 

Who should attend: Researchers, engineers and thought leaders in SCADA security.
Who should not attend: Those looking for best practices, standards overviews and case studies. Marketing, sales and managers.

Thought leaders should attend, but managers should not.  So, if you’re a Manger, but not a Thought Leader, does this mean most Managers neither Think nor Lead?   Maybe security is not the top of the list for things to worry about.

I was supposed to have this post up yesterday, but it was National Nothing Day, and nothing is about all I got accomplished.  Go figure.

Talking about Nothing.  Am I the only one getting the impression nothing is about what’s going to run on Vista?   There’s been a lot of blog traffic on Vista and Security lately.   It may not be all the doom and gloom some make it out to be, but Vista is definitely going to make new software installations more challenging then they are today.   Take for example the recent article on Microsoft TechNet, Services Hardening in Windows Vista.    Since most OPC Servers run as Services, the Secure By Default vision of Vista means implementers will need to be even more security aware.

For better or worse, we’ve been saying for a while that security is becoming more and more of an issue.   If the recent OPC security items posted on OPCConnect.com are any indication, looks like words are being put into action.  What effect will things like more OPC based US-CERT Vulnerability Notes and OPC focused Security papers have on future OPC product development and implementations?  Time will tell.

There’s a cute article in Automation.com, “Ten Reasons You Know You’re an Engineer”.   I can relate to many of them, including 9, 6 and 2.  If you check out the rest of the list, there are even better ones, which I’m sure speak to engineers, software developers and computer folk in general.  Ones I particularly like…

• Your kid’s new toys are more inspiration to you than to them (LEGO Rocks!)
• You can quote scenes from any Monty Python movie (My laptop actually says “Now Go Away, Or I Shall Taunt You A Second Time”, when Windows shuts down.)
• You have used coat hangers and duct tape for something other than hanging coats and taping ducts (You can tape ducts with duct tape?)
• You can type 70 words a minute but can’t read your own handwriting (I even type out my grocery list)
• You rooted for HAL (Extra Geek Points if you’ve ever used the phrase “Dave. What are you doing, Dave?”)

Speaking of computer software going manically awry…  One of the best ways to ensure that doesn’t happen with your OPC products, is have them Interoperability tested.  In case you forgot the OPC Foundation 2007 North America Interoperability Workshop will be held the week of May 7, 2007 at the Embassy Suites Hotel Deerfield Beach Resort.

Since we started the post with talking about lists, here a list of good reasons to attend the IOP.

• The OPC Foundation will be unveiling the new certification process
• Meet other vendors serious about Compliance
• It is required for OPC Server and OPC Client Certification
• Match your client against the OPC Analyzer
• Test robustness of your OPC Server with the Network Fault Tools
• It’s held in Fort Lauderdale (it’s a balmy -32 C in Edmonton today)
• It’s a chance to test your applications with other OPC Products in the marketplace

The second of the Access Type specification parts, Part 11- Historical Access has been Released.  Some minor details dragged over the holidays on this spec, and some of the other documents as well, but things are basically still on target for the posted release dates.

I’ve been giving a Readers Digest version of how the Access specifications fit into the overall OPC UA picture, as they have been Released or set to Release Candidate.   (You should at least read Part 1 – Concepts for this to have any context).  As with all the Access Type specifications, Part 11 outlines how the Core specs (Parts 1-7) are applied, by defining specific Attributes, ObjectTypes, References, etc.  It does not modify anything from the Core or add new interfaces, but rather outlines specific usage of the Core Services.

No major changes from the Release Candidate description, I gave earlier.  The only real clarification that came up is how far servers will search for good interpolation values, in the cases where they have hit missing or bad data.

As always, members can get the full details of the specifications from the downloads section.  Part 10 – Programs should make it to full Release by around the end of the month, and Part 9 – Alarms by late February.  That will round out the Access Type specifications, and start the ball really rolling on new OPC UA products.

The OPC Foundation will be hosting two OPC-UA workshops at ARC Advisory Group’s upcoming Forum on February 12-15, 2007 at the Rosen Centre Hotel in Orlando.   This year’s forum is entitled Collaborative Manufacturing Strategies: Driving Performance in the Flat World.  

This ARC forum addresses the extraordinary opportunities and threats created by today’s flat world through informative, focused presentations by best-in-class CIOs, manufacturing and automation executives, and ARC’s Industry and Technology Analysts.   Come and learn about OPC-UA in the user and supplier workshops on Thursday afternoon, February 15. 

Added Bonus for OPC Foundation members – 10% off the ticket price. 

(Side note:  I assume the Flat World this is in no way connected with the Flat Earth Society, who by the way has one of the most comprehensive legal disclaimers I’ve ever seen.  Most disclaimers fail to mention the paprika and halibut clauses).

Well, I’m back from holidays, rested, relaxed and stuffed to the gizzards with turkey, chocolate, biscuits and a wee nip or two of holiday cheer.  I hope that among all the sweaters, tube socks, and fruit cake you all got at least one thing that really spoke to your heart  (like an OPC Real Time Data Calculator ).  Seriously, for me, this year it would have to be the framed, hand drawn, pencil sketch of our family home in Prince Edward Island from my sister (Thanks Renee!).  A simple, heartfelt and personal gift is what the ‘giving’ spirit of the holidays is all about.  We sometimes forget that in the frenzy of plasma TVs, Wii,  XBox and Tickle-Me-Elmo’s.  (that’s not to say I wouldn’t get good use out of a 50” Plasma screen TV.  It IS the hockey season after all )

Anyway….  Everyone always offers New Years good wishes, resolutions and predictions for the coming year.  Who am I to break with tradition?

Good Wishes:
• May your OPC installations be plentiful, your DCOM issues few, and your OPC projects successful.
• May you never need to call the OPC Support line, (and if you do, may you have remembered to renew your Annual Maintenance.)

Resolutions:
I always say I’m going to try and eat better, exercise more and get more sleep.   As a great Muppet once said “Do, or not Do.  There is no try”   So, let’s list some things I will actually do.

• To have one or more informative, useful or at least somewhat mildly amusing OPC posts every week.
• To continue evangelizing and promoting OPC as THE communication standard for the enterprise.
• Achieve World Peace and Harmony.  (You got to have at least one stretch goal)

Predictions:
I don’t stand any where near the great prognosticators, like Jim Pinto, Nostradamus or the Farmer’s Almanac, but let me peer into the murky depths of my coffee mug as see what we get…

• I predict several OPC UA products to be released before 2007 is out.  They will be basic functionality, and need some polish, which is to be expected as the standard is still emerging from the cocoon so to speak.  The specification releases have been on or close to on schedule, and many vendors have embraced the technology and are actively pushing the deliverables forward.
• I predict new ‘classic’ OPC products to continue to be released.   As vendors and users look forward to OPC UA, they will still need to balance and meet the demands of today.   OPC vendors will not derail or abandon the COM based products in their R&D pipes, but rather ensure they will map into the OPC UA specification when the time is right.
• I predict that all countries around the world will experience some form of weather.  (Got to make sure I’m batting at least .300)

Here’s looking forward to another exciting year of OPC.   Check back often and see if I’m living up to my first resolution.