PWM (Pulse-Width Modulation)

Pulse-width modulation (PWM) of a signal or power source involves the modulation of its duty cycle, to either convey information over a communications channel or control the amount of power sent to a load.



Principle

Fig. 1: a square wave, showing the definitions of ymin, ymax and D.

Pulse-width modulation uses a square wave whose pulse width is modulated resulting in the variation of the average value of the waveform. If we consider a square waveform f(t) with a low value ymin, a high value ymax and a duty cycle D (see figure 1), the average value of the waveform is given by:



As f(t) is a square wave, its value is ymax for and ymin for . The above expression then become



This latter expression can be fairly simplified in many cases where ymin = 0 as . From this, it is obvious that the average value of the signal () is directly dependent on the duty cycle D.


Fig. 2: A simple method to generate the PWM pulse train corresponding to a given signal is the intersective PWM: the signal (here the green sinewave) is compared with a sawtooth waveform (blue). When the latter is less than the former, the PWM signal (magenta) is in high state (1). Otherwise it is in the low state (0).

The simplest way to generate a PWM signal is the intersective method, which requires only a sawtooth or a triangle waveform (easily generated using a simple oscillator) and a comparator. When the value of the reference signal (the green sine wave in figure 2) is more than the modulation waveform (blue), the PWM signal (magenta) is in the high state, otherwise it is in the low state.


Delta
Main article: Delta modulation

The output signal is compared with limits, which correspond to a reference signal offset by a constant. Every time the output signal reaches one of the limits, the PWM signal changes state.


Fig. 3 : Principle of the delta PWM. The output signal (blue) is compared with the limits (green). These limits correspond to the reference signal (red), offset by a given value. Every time the output signal reaches one of the limits, the PWM signal changes state.


Sigma-Delta
Main article: Delta-sigma modulation

The output signal is subtracted from a reference signal to form an error signal. This error is integrated, and when the integral of the error exceeds the limits, the output changes state.


Fig. 4 : Principle of the sigma-delta PWM. The top green waveform is the reference signal, on which the output signal (PWM, in the middle plot) is subtracted to form the error signal (blue, in top plot). This error is integrated (bottom plot), and when the integral of the error exceeds the limits (red lines), the output changes state.


Digital

Many digital circuits can generate PWM signals (e.g many microcontrollers have PWM outputs to control an electrical motor). They normally use a counter that increments periodically (it is connected directly or indirectly to the clock of the circuit) and is reset at the end of every period of the PWM. When the counter value is more than the reference value, the PWM output changes state from high to low (or low to high).

The incremented and periodically reset counter is the discrete version of the intersecting method's sawtooth. The analog comparator of the intersecting method becomes a simple integer comparison between the current counter value and the digital (possibly digitized) reference value.The duty cycle can only be varied in discrete steps, as a function of the counter resolution.
Three types of pulse-width modulation (PWM) are possible:
The pulse center may be fixed in the center of the time window and both edges of the pulse moved to compress or expand the width.
The lead edge can be held at the lead edge of the window and the tail edge modulated.
The tail edge can be fixed and the lead edge modulated.

Types
Three types of pulse-width modulation (PWM) are possible:
The pulse center may be fixed in the center of the time window and both edges of the pulse moved to compress or expand the width.
The lead edge can be held at the lead edge of the window and the tail edge modulated.
The tail edge can be fixed and the lead edge modulated.


Fig. 5 : Three types of PWM signals (blue): leading edge modulation (top), trailing edge modulation (middle) and centered pulses (both edges are modulated, bottom). The green lines are the sawtooth signals used to generate the PWM waveforms using the intersective method.

Spectrum

The resulting spectra (of the three cases) are similar, and each contains a dc component, a base sideband containing the modulating signal and phase modulated carriers at each harmonic of the frequency of the pulse. The amplitudes of the harmonic groups are restricted by a sinx / x envelope (sinc function) and extend to infinity.


Applications


Telecommunications

In telecommunications, the widths of the pulses correspond to specific data values encoded at one end and decoded at the other.

Pulses of various lengths (the information itself) will be sent at regular intervals (the carrier frequency of the modulation).



The inclusion of a clock signal is not necessary, as the leading edge of the data signal can be used as the clock if a small offset is added to the data value in order to avoid a data value with a zero length pulse.


Power delivery

PWM can be used to reduce the total amount of power delivered to a load without losses normally incurred when a power source is limited by resistive means. This is because the average power delivered is proportional to the modulation duty cycle. With a sufficiently high modulation rate, passive electronic filters can be used to smooth the pulse train and recover an average analog waveform.

High frequency PWM power control systems are easily realisable with semiconductor switches. The discrete on/off states of the modulation are used to control the state of the switch(es) which correspondingly control the voltage across or current through the load. The major advantage of this system is the switches are either off and not conducting any current, or on and have (ideally) no voltage drop across them. The product of the current and the voltage at any given time defines the power dissipated by the switch, thus (ideally) no power is dissipated by the switch. Realistically, semiconductor switches such as MOSFETs or BJTs are non-ideal switches, but high efficiency controllers can still be built.

PWM is also often used to control the supply of electrical power to another device such as in speed control of electric motors, volume control of Class D audio amplifiers or brightness control of light sources and many other power electronics applications. For example, light dimmers for home use employ a specific type of PWM control. Home use light dimmers typically include electronic circuitry which suppresses current flow during defined portions of each cycle of the AC line voltage. Adjusting the brightness of light emitted by a light source is then merely a matter of setting at what voltage (or phase) in the AC cycle the dimmer begins to provide electrical current to the light source (e.g. by using an electronic switch such as a triac). In this case the PWM duty cycle is defined by the frequency of the AC line voltage (50 Hz or 60 Hz depending on the country). These rather simple types of dimmers can be effectively used with inert (or relatively slow reacting) light sources such as incandescent lamps, for example, for which the additional modulation in supplied electrical energy which is caused by the dimmer causes only negligible additional fluctuations in the emitted light. Some other types of light sources such as light-emitting diodes (LEDs), however, turn on and off extremely rapidly and would perceivably flicker if supplied with low frequency drive voltages. Perceivable flicker effects from such rapid response light sources can be reduced by increasing the PWM frequency. If the light fluctuations are sufficiently rapid, the human visual system can no longer resolve them and the eye perceives the time average intensity without flicker (see flicker fusion threshold).


Voltage regulation
Main article: Switched-mode power supply

PWM is also used in efficient voltage regulators. By switching voltage to the load with the appropriate duty cycle, the output will approximate a voltage at the desired level. The switching noise is usually filtered with an inductor and a capacitor.

One method measures the output voltage. When it is lower than the desired voltage, it turns on the switch. When the output voltage is above the desired voltage, it turns off the switch.

Variable-speed fan controllers for computers usually use PWM, as it is far more efficient when compared to a potentiometer.


Audio effects and amplification

PWM is sometimes used in sound synthesis, in particular subtractive synthesis, as it gives a sound effect similar to chorus or slightly detuned oscillators played together. (In fact, PWM is equivalent to the difference of two sawtooth waves. [1]) The ratio between the high and low level is typically modulated with a low frequency oscillator, or LFO.

A new class of audio amplifiers based on the PWM principle is becoming popular. Called "Class-D amplifiers", these amplifiers produce a PWM equivalent of the analog input signal which is fed to the loudspeaker via a suitable filter network to block the carrier and recover the original audio. These amplifiers are characterized by very good efficiency figures (≥ 90%) and compact size/light weight for large power outputs.

Historically, a crude form of PWM has been used to play back PCM digital sound on the PC speaker, which is only capable of outputting two sound levels. By carefully timing the duration of the pulses, and by relying on the speaker's physical filtering properties (limited frequency response, self-inductance, etc.) it was possible to obtain an approximate playback of mono PCM samples, although at a very low quality, and with greatly varying results between implementations.

In more recent times, the Direct Stream Digital sound encoding method was introduced, which uses a generalized form of pulse-width modulation called pulse density modulation, at a high enough sampling rate (typically in the order of MHz) to cover the whole acoustic frequencies range with sufficient fidelity. This method is used in the SACD format, and reproduction of the encoded audio signal is essentially similar to the method used in class-D amplifiers.

DCS - Distributed control system

A distributed control system (DCS) refers to a control system usually of a manufacturing system, process or any kind of dynamic system, in which the controller elements are not central in location (like the brain) but are distributed throughout the system with each component sub-system controlled by one or more controllers. The entire system of controllers are connected by networks for communication and monitoring.

DCS is a very broad term used in a variety of industries, to monitor and control distributed equipment.

Electrical power grids and electrical generation plants
Environmental control systems
Traffic signals
Water management systems
Oil refining plants
Chemical plants
Pharmaceutical manufacturing
Sensor networks
Dry cargo and bulk oil carrier ships

Contents

1 Elements
2 Applications
3 History
3.1 The Network Centric Era of the 1980s
3.2 The Application Centric Era of the 1990s
4 References



Elements
A DCS typically uses custom designed processors as controllers and uses both proprietary interconnections and protocols for communication. Input & output modules form component parts of the DCS. The processor receives information from input modules and sends information to output modules. The input modules receive information from input instruments in the process (a.k.a. field) and transmit instructions to the output instruments in the field. Computer buses or electrical buses connect the processor and modules through multiplexers/demultiplexers. Buses also connect the distributed controllers with the central controller and finally to the Human-Machine Interface (HMI) or control consoles. See Process Automation System.

Elements of a distributed control system may directly connect to physical equipment such as switches, pumps and valves or may work through an intermediate system such as a SCADA system.


ApplicationsDistributed Control Systems (DCSs) are dedicated systems used to control manufacturing processes that are continuous or batch-oriented, such as oil refining, petrochemicals, central station power generation, pharmaceuticals, food & beverage manufacturing, cement production, steelmaking, and papermaking. DCSs are connected to sensors and actuators and use setpoint control to control the flow of material through the plant. The most common example is a setpoint control loop consisting of a pressure sensor, controller, and control valve. Pressure or flow measurements are transmitted to the controller, usually through the aid of a signal conditioning Input/Output (I/O) device. When the measured variable reaches a certain point, the controller instructs a valve or actuation device to open or close until the fluidic flow process reaches the desired setpoint. Large oil refineries have many thousands of I/O points and employ very large DCSs. Processes are not limited to fluidic flow through pipes, however, and can also include things like paper machines and their associated variable speed drives and motor control centers, cement kilns, mining operations, ore processing facilities, and many others.

A typical DCS consists of functionally and/or geographically distributed digital controllers capable of executing from 1 to 256 or more regulatory control loops in one control box. The input/output devices (I/O) can be integral with the controller or located remotely via a field network. Today’s controllers have extensive computational capabilities and, in addition to proportional, integral, and derivative (PID) control, can generally perform logic and sequential control.

DCSs may employ one or several workstations and can be configured at the workstation or by an off-line personal computer. Local communication is handled by a control network with transmission over twisted pair, coaxial, or fiber optic cable. A server and/or applications processor may be included in the system for extra computational, data collection, and reporting capability.


HistoryEarly minicomputers were used in the control of industrial processes since the beginning of the 1960s. The IBM 1800, for example, was an early computer that had input/output hardware to gather process signals in a plant for conversion from field contact levels (for digital points) and analog signals to the digital domain.

The DCS was introduced in 1975. Both Honeywell and Japanese electrical engineering firm Yokogawa introduced their own independently produced DCSs at roughly the same time, with the TDC 2000 and CENTUM[1] systems, respectively. US-based Bristol also introduced their UCS 3000 universal controller in 1975. In 1980, Bailey (now part of ABB[2]) introduced the NETWORK 90 system. Also in 1980, Fischer & Porter Company (now also part of ABB[3]) introducted DCI-4000 (DCI stands for Distributed Control Instrumentation).

The DCS largely came about due to the increased availability of microcomputers and the proliferation of microprocessors in the world of process control. Computers had already been applied to process automation for some time in the form of both Direct Digital Control (DDC) and Set Point Control. In the early 1970s Taylor Instrument Company, (now part of ABB) developed the 1010 system, Foxboro the FOX1 system and Bailey Controls the 1055 systems. All of these were DDC applications implemented within mini-computers (DEC PDP 11, Varian Data Machines, MODCOMP etc) and connected to proprietary Input/Output hardware. Sopshisticated (for the time) continuous as well as batch control was implemented in this way. A more conservative approach was Set Point Control , where process computers supervised clusters of analog process controllers. A CRT-based workstation provided visibility into the process using text and crude character graphics. Availability of a fully functional graphical user interface was a way away.

Central to the DCS model was the inclusion of control function blocks. Function blocks evolved from early, more primitive DDC concepts of "Table Driven" software. One of the first embodiments of object-oriented software, function blocks were self contained "blocks" of code that emulated analog hardware control components and performed tasks that were essential to process control, such as execution of PID algorithms. Function blocks continue to endure as the predominant method of control for DCS suppliers, and are supported by key technologies such as Foundation Fieldbus[4] today.

Digital communication between distributed controllers, workstations and other computing elements (peer to peer access) was one of the primary advantages of the DCS. Attention was duly focused on the networks, which provided the all-important lines of communication that, for process applications, had to incorporate specific functions such as determinism and redundancy. As a result, many suppliers embraced the IEEE 802.4 networking standard. This decision set the stage for the wave of migrations necessary when information technology moved into process automation and IEEE 802.3 rather than IEEE 802.4 prevailed as the control LAN.


The Network Centric Era of the 1980sThe DCS brought distributed intelligence to the plant and established the presence of computers and microprocessors in process control, but it still did not provide the reach and openness necessary to unify plant resource requirements. In many cases, the DCS was merely a digital replacement of the same functionality provided by analog controllers and a panelboard display. This was embodied in The Purdue Reference Model (PRM) that was developed to define Manufacturing Operations Management relationships. PRM later formed the basis for ISA95 standards activities today.

In the 1980s, users began to look at DCSs as more than just basic process control. A very early example of a Direct Digital Control DCS was completed by the Australian business Midac in 1981-1982 using R-Tec Australian designed hardware. The system installed at the University of Melbourne used a serial communications network, connecting campus buildings back to a control room "front end". Each remote unit ran 2 Z80 microprocessors whilst the front end ran 11 in a Parallel Processing configuration with paged common memory to share tasks and could run up to 20,000 concurrent controls objects.

It was believed that if openness could be achieved and greater amounts of data could be shared throughout the enterprise that even greater things could be achieved. The first attempts to increase the openness of DCSs resulted in the adoption of the predominant operating system of the day: UNIX. UNIX and its companion networking technology TCP-IP were developed by the Department of Defense for openness, which was precisely the issue the process industries were looking to resolve.

As a result suppliers also began to adopt Ethernet-based networks with their own proprietary protocol layers. The full TCP/IP standard was not implemented, but the use of Ethernet made it possible to implement the first instances of object management and global data access technology. The 1980s also witnessed the first PLCs integrated into the DCS infrastructure. Plant-wide historians also emerged to capitalize on the extended reach of automation systems. The first DCS supplier to adopt UNIX and Ethernet networking technologies was Foxboro, who introduced the I/A Series system in 1987.


The Application Centric Era of the 1990sThe drive toward openness in the 1980s gained momentum through the 1990s with the increased adoption of Commercial-Off-The-Shelf (COTS) components and IT standards. Probably the biggest transition undertaken during this time was the move from the UNIX operating system to the Windows environment. While the realm of the real time operating system (RTOS) for control applications remains dominated by real time commercial variants of UNIX or proprietary operating systems, everything above real-time control has made the transition to Windows.

The invasion of Microsoft at the desktop and server layers resulted in the development of technologies such as OLE for Process Control (OPC), which is now a de facto industry connectivity standard. Internet technology also began to make its mark in automation and the DCS world, with most DCS HMI supporting Internet connectivity. The '90s were also known for the "Fieldbus Wars", where rival organizations competed to define what would become the IEC fieldbus standard for digital communication with field instrumentation instead of 4-20 milliamp analog communications. The first fieldbus installations occurred in the 1990s. Towards the end of the decade, the technology began to develop significant momentum, with the market consolidated around Foundation Fieldbus and Profibus PA for process automation applications. Some suppliers built new systems from the ground up to maximize functionality with fieldbus, such as ABB with System 800xA[5], Emerson Process Management[6] with the DeltaV control system, Siemens[7] with the Simatic PCS7[8] and azbil[9] from Yamatake with the Harmonas-DEO system.

The impact of COTS, however, was most pronounced at the hardware layer. For years, the primary business of DCS suppliers had been the supply of large amounts of hardware, particularly I/O and controllers. The initial proliferation of DCSs required the installation of prodigious amounts of this hardware, most of it manufactured from the bottom up by DCS suppliers. Standard computer components from manufacturers such as Intel and Motorola, however, made it cost prohibitive for DCS suppliers to continue making their own components, workstations, and networking hardware.

As the suppliers made the transition to COTS components, they also discovered that the hardware market was shrinking fast. COTS not only resulted in lower manufacturing costs for the supplier, but also steadily decreasing prices for the end users, who were also becoming increasingly vocal over what they perceived to be unduly high hardware costs. Some suppliers that were previously stronger in the PLC business, such as Rockwell Automation, Schnieder and Siemens, were able to leverage their expertise in manufacturing control hardware to enter the DCS marketplace with cost effective offerings. The traditional DCS suppliers introduced new generation DCS System based on the latest Communication and IEC Standards, which resulting in a trend of combining the traditional concepts/functionalities for PLC and DCS into a one for all solution -- named "Process Automation System/Controller".

To compound the issue, suppliers were also realizing that the hardware market was becoming saturated. The lifecycle of hardware components such as I/O and wiring is also typically in the range of 15 to over 20 years, making for a challenging replacement market. Many of the older systems that were installed in the 1970s and 1980s are still in use today, and there is a considerable installed base of systems in the market that are approaching the end of their useful life. Developed industrial economies in North America, Europe, and Japan already had many thousands of DCSs installed, and with few if any new plants being built, the market for new hardware was shifting rapidly to smaller, albeit faster growing regions such as China, Latin America, and Eastern Europe.

Because of the shrinking hardware business, suppliers began to make the challenging transition from a hardware-based business model to one based on software and value-added services. It is a transition that is still being made today. The applications portfolio offered by suppliers expanded considerably in the '90s to include areas such as production management, model-based control, real-time optimization, Plant Asset Management (PAM), Real Time Performance Management (RPM) tools, alarm management, and many others. To obtain the true value from these applications, however, often requires a considerable service content, which the suppliers also provide. DCS supplier such as azbil known as Yamatake services have also expanded in scope to the point where many suppliers can act as Main Automation Contractors (MACs), providing a single point of responsibility for all automation-related facets of a project.


References
^ [1] CENTUM
^ [2]INFI 90
^ [3]DCI-4000
^ [4] Foundation Fieldbus
^ ABB System 800xA
^ [5] Emerson Process Management
^ [6] Siemens
^ [7] Simatic PCS5
^ [8] Yamatake's azbil
Honeywell


Source: www.wkipedia.org

SCADA- Supervisory Control and Data Acquisition

SCADA is the abbreviation for Supervisory Control And Data Acquisition. It generally refers to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility based as described below:

Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, and large communication systems.
Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption.
A SCADA System usually consists of the following subsystems:

A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through which the human operator monitors and controls the process.
A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process
Remote Terminal Units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.
Communication infrastructure connecting the supervisory system to the Remote Terminal Units
There is, in several industries, considerable confusion over the differences between SCADA systems and Distributed control systems (DCS). Generally speaking, a SCADA system usually refers to a system that coordinates, but does not control processes in real time. The discussion on real-time control is muddied somewhat by newer telecommunications technology, enabling reliable, low latency, high speed communications over wide areas. Most differences between SCADA and Distributed control system DCS are culturally determined and can usually be ignored. As communication infrastructures with higher capacity become available, the difference between SCADA and DCS will fade.

Systems concepts
The term SCADA usually refers to centralized systems which monitor and control entire sites, or complexes of systems spread out over large areas (anything between an industrial plant and a country). Most control actions are performed automatically by remote terminal units ("RTUs") or by programmable logic controllers ("PLCs"). Host control functions are usually restricted to basic overriding or supervisory level intervention. For example, a PLC may control the flow of cooling water through part of an industrial process, but the SCADA system may allow operators to change the set points for the flow, and enable alarm conditions, such as loss of flow and high temperature, to be displayed and recorded. The feedback control loop passes through the RTU or PLC, while the SCADA system monitors the overall performance of the loop.

Data acquisition begins at the RTU or PLC level and includes meter readings and equipment status reports that are communicated to SCADA as required. Data is then compiled and formatted in such a way that a control room operator using the HMI can make supervisory decisions to adjust or override normal RTU (PLC) controls. Data may also be fed to a Historian, often built on a commodity Database Management System, to allow trending and other analytical auditing.

SCADA systems typically implement a distributed database, commonly referred to as a tag database, which contains data elements called tags or points. A point represents a single input or output value monitored or controlled by the system. Points can be either "hard" or "soft". A hard point represents an actual input or output within the system, while a soft point results from logic and math operations applied to other points. (Most implementations conceptually remove the distinction by making every property a "soft" point expression, which may, in the simplest case, equal a single hard point.) Points are normally stored as value-timestamp pairs: a value, and the timestamp when it was recorded or calculated. A series of value-timestamp pairs gives the history of that point. It's also common to store additional metadata with tags, such as the path to a field device or PLC register, design time comments, and alarm information.


Human Machine Interface
A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through which the human operator controls the process.

An HMI is usually linked to the SCADA system's databases and software programs, to provide trending, diagnostic data, and management information such as scheduled maintenance procedures, logistic information, detailed schematics for a particular sensor or machine, and expert-system troubleshooting guides.

The HMI system usually presents the information to the operating personnel graphically, in the form of a mimic diagram. This means that the operator can see a schematic representation of the plant being controlled. For example, a picture of a pump connected to a pipe can show the operator that the pump is running and how much fluid it is pumping through the pipe at the moment. The operator can then switch the pump off. The HMI software will show the flow rate of the fluid in the pipe decrease in real time. Mimic diagrams may consist of line graphics and schematic symbols to represent process elements, or may consist of digital photographs of the process equipment overlain with animated symbols.

The HMI package for the SCADA system typically includes a drawing program that the operators or system maintenance personnel use to change the way these points are represented in the interface. These representations can be as simple as an on-screen traffic light, which represents the state of an actual traffic light in the field, or as complex as a multi-projector display representing the position of all of the elevators in a skyscraper or all of the trains on a railway.

An important part of most SCADA implementations are alarms. An alarm is a digital status point that has either the value NORMAL or ALARM. Alarms can be created in such a way that when their requirements are met, they are activated. An example of an alarm is the "fuel tank empty" light in a car. The SCADA operator's attention is drawn to the part of the system requiring attention by the alarm. Emails and text messages are often sent along with an alarm activation alerting managers along with the SCADA operator.


Hardware solutions
SCADA solutions often have Distributed Control System (DCS) components. Use of "smart" RTUs or PLCs, which are capable of autonomously executing simple logic processes without involving the master computer, is increasing. A functional block programming language, IEC 61131-3, is frequently used to create programs which run on these RTUs and PLCs. Unlike a procedural language such as the C programming language or FORTRAN, IEC 61131-3 has minimal training requirements by virtue of resembling historic physical control arrays. This allows SCADA system engineers to perform both the design and implementation of a program to be executed on an RTU or PLC. Since about 1998, virtually all major PLC manufacturers have offered integrated HMI/SCADA systems, many of them using open and non-proprietary communications protocols. Numerous specialized third-party HMI/SCADA packages, offering built-in compatibility with most major PLCs, have also entered the market, allowing mechanical engineers, electrical engineers and technicians to configure HMIs themselves, without the need for a custom-made program written by a software developer.


Remote Terminal Unit (RTU)
The RTU connects to physical equipment. Typically, an RTU converts the electrical signals from the equipment to digital values such as the open/closed status from a switch or a valve, or measurements such as pressure, flow, voltage or current. By converting digital setpoints to electrical signals and sending these electrical signals out to equipment the RTU can control equipment, such as opening or closing a switch or a valve, or setting the speed of a pump.

Quality SCADA RTUs have these characteristics:

Data Networking capability
Data Reliability
Data Security.

Supervisory Station
The term "Supervisory Station" refers to the servers and software responsible for communicating with the field equipment (RTUs, PLCs, etc), and then to the HMI software running on workstations in the control room, or elsewhere. In smaller SCADA systems, the master station may be composed of a single PC. In larger SCADA systems, the master station may include multiple servers, distributed software applications, and disaster recovery sites. To increase the integrity of the system the multiple servers will often be configured in a dual-redundant or hot-standby formation providing continuous control and monitoring in the event of a server failure.

Initially, more "open" platforms such as Linux were not as widely used due to the highly dynamic development environment and because a SCADA customer that was able to afford the field hardware and devices to be controlled could usually also purchase UNIX or OpenVMS licenses. Today, all major operating systems are used for both master station servers and HMI workstations.


Operational philosophy
For some installations, the costs that would result from the control system failing is extremely high. Possibly even lives could be lost. Hardware for some SCADA systems is ruggedized to withstand temperature, vibration, and voltage extremes, but in most critical installations reliability is enhanced by having redundant hardware and communications channels, up to the point of having multiple fully equipped control centres. A failing part can be quickly identified and its functionality automatically taken over by backup hardware. A failed part can often be replaced without interrupting the process. The reliability of such systems can be calculated statistically and is stated as the mean time to failure, which is a variant of mean time between failures. The calculated mean time to failure of such high reliability systems can be on the order of centuries.


Communication infrastructure and methods
SCADA systems have traditionally used combinations of radio and direct serial or modem connections to meet communication requirements, although Ethernet and IP over SONET / SDH is also frequently used at large sites such as railways and power stations. The remote management or monitoring function of a SCADA system is often referred to as telemetry.

This has also come under threat with some customers wanting SCADA data to travel over their pre-established corporate networks or to share the network with other applications. The legacy of the early low-bandwidth protocols remains, though. SCADA protocols are designed to be very compact and many are designed to send information to the master station only when the master station polls the RTU. Typical legacy SCADA protocols include Modbus RTU, RP-570, Profibus and Conitel. These communication protocols are all SCADA-vendor specific but are widely adopted and used. Standard protocols are IEC 60870-5-101 or 104, IEC 61850 and DNP3. These communication protocols are standardized and recognized by all major SCADA vendors. Many of these protocols now contain extensions to operate over TCP/IP. It is good security engineering practice to avoid connecting SCADA systems to the Internet so the attack surface is reduced.

RTUs and other automatic controller devices were being developed before the advent of industry wide standards for interoperability. The result is that developers and their management created a multitude of control protocols. Among the larger vendors, there was also the incentive to create their own protocol to "lock in" their customer base. A list of automation protocols is being compiled here.

Recently, OLE for Process Control (OPC) has become a widely accepted solution for intercommunicating different hardware and software, allowing communication even between devices originally not intended to be part of an industrial network.


[edit] Trends in SCADA
There is a trend for PLC and HMI/SCADA software to be more "mix-and-match". In the mid 1990s, the typical DAQ I/O manufacturer supplied equipment that communicated using proprietary protocols over a suitable-distance carrier like RS-485. End users who invested in a particular vendor's hardware solution often found themselves restricted to a limited choice of equipment when requirements changed (e.g. system expansions or performance improvement). To mitigate such problems, open communication protocols such as IEC870-5-101/104 and DNP 3.0 (serial and over IP) became increasingly popular among SCADA equipment manufacturers and solution providers alike. Open architecture SCADA systems enabled users to mix-and-match products from different vendors to develop solutions that were better than those that could be achieved when restricted to a single vendor's product offering.

Towards the late 1990s, the shift towards open communications continued with individual I/O manufacturers as well, who adopted open message structures such as Modbus RTU and Modbus ASCII (originally both developed by Modicon) over RS-485. By 2000, most I/O makers offered completely open interfacing such as Modbus TCP over Ethernet and IP.

SCADA systems are coming in line with standard networking technologies. Ethernet and TCP/IP based protocols are replacing the older proprietary standards. Although certain characteristics of frame-based network communication technology (determinism, synchronization, protocol selection, environment suitability) have restricted the adoption of Ethernet in a few specialized applications, the vast majority of markets have accepted Ethernet networks for HMI/SCADA.

"Next generation" protocols such as OPC-UA, Wonderware's SuiteLink, GE Fanuc's Proficy and Rockwell Automation's FactoryTalk, take advantage of XML, web services and other modern web technologies, making them more easily IT supportable.

With the emergence of software as a service in the broader software industry, a few vendors have begun offering application specific SCADA systems hosted on remote platforms over the Internet, for example, PumpView by MultiTrode. This removes the need to install and commission systems at the end-user's facility and takes advantage of security features already available in Internet technology, VPNs and SSL. Some concerns include security,[1] Internet connection reliability, and latency.

SCADA systems are becoming increasingly ubiquitous. Thin clients, web portals, and web based products are gaining popularity with most major vendors. The increased convenience of end users viewing their processes remotely introduces security considerations.


Security issues
The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems and office networks and the Internet has made them more vulnerable to attacks. Consequently, the security of SCADA-based systems has come into question as they are increasingly seen as extremely vulnerable to cyberwarfare/cyberterrorism attacks.[2][3]

In particular, security researchers are concerned about:

the lack of concern about security and authentication in the design, deployment and operation of existing SCADA networks
the mistaken belief that SCADA systems have the benefit of security through obscurity through the use of specialized protocols and proprietary interfaces
the mistaken belief that SCADA networks are secure because they are purportedly physically secured
the mistaken belief that SCADA networks are secure because they are supposedly disconnected from the Internet
Because of the mission-critical nature of a large number of SCADA systems, such attacks could, in a worst case scenario, cause massive financial losses through loss of data or actual physical destruction, misuse or theft, even loss of life, either directly or indirectly. Whether such concerns will cause a move away from the use of existing SCADA systems for mission-critical applications towards more secure architectures and configurations remains to be seen, given that at least some influential people in corporate and governmental circles believe that the benefits and lower initial costs of SCADA based systems still outweigh potential costs and risks.[citation needed] Recently, multiple security vendors, such as Byres Security, Inc., Industrial Defender Inc., Check Point and Innominate, and N-Dimension Solutions have begun to address these risks by developing lines of specialized industrial firewall and VPN solutions for TCP/IP-based SCADA networks.

Also, the ISA Security Compliance Institute (ISCI) is emerging to formalize SCADA security testing starting as soon as 2009. ISCI is conceptually similar to private testing and certification that has been performed by vendors since 2007, such as the Achilles certification program from Wurldtech Security Technologies, Inc. and MUSIC certification from Mu Dynamics, Inc. Eventually, standards being defined by ISA SP99 WG4 will supersede these initial industry consortia efforts, but probably not before 2011.

The increased interest in SCADA vulnerabilities also results in numerous new vulnerabilities in SCADA software (e.g. disclosures by Core Security and C4 Security) and more general offensive SCADA techniques presented to the general security community.[4][5]


See also
Industrial Control Systems
Telemetry

Notes
^ Donald Wallace (2003-09-01). "How to put SCADA on the Internet". Control Engineering. Retrieved on 2008-05-30. (Note: Donald Wallace is COO of M2M Data Corporation, a SCADA vendor.)
^ D. Maynor and R. Graham. "SCADA Security and Terrorism: We're Not Crying Wolf".
^ Robert Lemos (2006-07-26). "SCADA system makers pushed toward security". SecurityFocus. Retrieved on 2007-05-09.
^ "S4 2008 Agenda".
^ "SCADA Security - Generic Electric Grid Malware Design".

References
UK SCADA security guidelines
source :wikipedia.org

trick - how to hide apps from menu without installing any program

I just stumbled on this today while using xplore.... No need to install any hiding app..here is how it works....
1. Turn caps off.
2. Open explore
3. Go to private> 10003a3f > import > apps>
4. Select all the.rsc files linked with the app that you want to hide.
5. Press 2 to move it
6. Move it to any folder you like ( but dont forget that folder. I advise you to make a special folder under any name, under any folder)
7. Go to menu.
8. Voila...app is no more...
9. To unhide the app, just follow the reverse procedure..
10. I.e. Go to your special folder, highlight all the.rsc files that you want to see
11. Press 2 to move them
12. Move it to private> 10003a3f > import > apps>
13. Go to menu
14 app is there..
easy, aint it...
please try and tell if it works for you...'

Change animated startup on Symbian S60 3rd (hacked phone only)

Now when the S60 3rd edition security is broken and when the ROM patcher is available the only real limit for phone customization is the edge of our imagination.
There are bunch of talented young hackers around and you can expect much more cool hacks and patches to come shortly.
Anyway, speaking about the hack, first of all it doesn't patch the ROM it is the pretty simple method known from 2nd edition phones and the whole trick is moving the files from the ROM to C: drive and pointing phone to use these files instead of the original ROM files.
STARTUP ANIMATION
Here's how you could change your Start-up animation.
YES! It's the way to get rid of the shaking hands!
First Enable CAPS OFF
Use File Browser and go to Z:\resource\apps
Copy the startup.mbm, startup.mif and the rsc file corresponding to your installed language (*.r01 = english, *.r03 = german, etc.) to C:\resource\apps
Now browse to C:\resource\apps and press '8' on the startup.rXX file. Now you have the hex view of the file.
Scroll down to line 000050
change hex value '5A' which stands for 'Z' to '43', which will be 'C'.
After saving the file, on boot, device will look in C:\resource\apps for the Startup.mbm and use it!
CONFIRMED to work on FP1phones: N82, N95, N95 8GB, E51, E60, E90
Not working on the 6120, 6290, 5700, N73, N80, N81
STARTUP SOUND
1.First of all Get the package of course!
2.Unpack there you will find 101F8763.txt and Startup.mp3
3.Put 101F8763 to С:/private/10202be9/101F8763.txt (create folder 10202be9 if doesn't exists)
4.ut Startup.mp3 to E:\\Sounds\\Simple\\Startup.mp3
5.That's all now just restart your phone and you will have new and very unique start-up sound. You may edit Startup.mp3 file but remember it must not be longer than 10 sec !!!
If you have the problem with provided files than you'll have to do it manually.
1.Go to Z:/private/10202be9/ and copy 101F8763.txt
2.Put it С:/private/10202be9/101F8763.txt
3.Edit 101F8763.txt, you will find there:
o[Main] remember only change Z:\\Data\\Startup_tone.aac to E:\\Sounds\\Simple\\Startup.mp3
o0x1 int 1 0 cap_rd=alwayspass cap_wr=alwaysfail
o0x2 int 6 0 cap_rd=alwayspass cap_wr=alwaysfail
o0x3 string "Z:\\Data\\Startup_tone.aac" 0 cap_rd=alwayspass cap_wr=alwaysfail and so on
4.put Startup.mp3 to E:\\Sounds\\Simple\\Startup.mp3

Hack your Symbian S60 3rd phone

In order to install "Unsigned" releases and hack your phone{i.e to view all private folder}, you need to go trough a one-time procedure.
You will need to run "SecMan.exe", This program allows you to install all unsigned files without signing them every time...
Please Read the Brief & simplified procedure for using them accordingly..
Just follow 4 simple steps..
All the Tools needed are Attached below, Thanks to BiNPDA !!
Lets start..

Step 1 :
Install the TRK application for your Respective phones using the list below..

s60_3_0_app_trk_2_8_6.sisx for SymbianOS9 devices WITHOUT FP1

s60_3_1_app_trk_2_8_6.sisx for SymbianOS9 devices WITH FP1
Quote:
Pre-FP1 devices:
Nokia N77, E61i, E65, N93i, N91 8GB, E62, E50, 5500, N93, N73, N80, N71, N92, E70, E60, E61, 3250

FP1 devices:
Nokia 6124 classic, N82, N95-3 NAM, E51, N95 8GB, N81, N81 8GB, 6121 classic, 6120 classic, 5700 XpressMusic, 6110 Navigator, E90 Communicator,N76, 6290, N95

Now Connect your Phone Via USB in PC suite MODE
> Open TRK application from your phone, Select USB mode from settings
{Don't use Bluetooth Connect}
now you get the following screen..
Keep Metro TRK running on phone.

Step 2 :
Now Double Click on Secman.exe {attached below} and Follow Instructions..
You will get the following Screen :
Now Security manager will look for your com ports to which your phone has been connected..
If you Know your Port, select it and click NEXT..
If you Don't, then simply "Check" the Find Metro TRK ports automatically and click Next.
** TIP : To know Connected port
My Computer > Properties > Under Hardware Tab > Device Manager > Ports. { you will find your phone there }

Step 3 :
Security manager now install the "Secman" in your phone.
You will get following screen and then..
FINISH!!

Step 4 :
Now the last and final part which is done using your phone..
> Open the Secman from your phone
Application is too simple to use..
"Turn Plat security OFF"
This option will Hack your phone in other words you will be able to enjoy the Symbian Freedom, like any other hacked phone you can Edit and move Private files n folders..
When your phone is hacked you see this screen :
You can " Turn plat security ON " when you are Done.
Now the Important part..
" Install Root certificate " With this you can install any unsigned file, you will not be prompted for any certificate errors during installation of unsigned files like Normal Signed files.
" Restore Default " This will Remove all Root certificates and Remove Capabilities, making you phone like you used to use your phone before hacking.
" Uninstall Secman " will remove it from your phone.
NOTE : Please keep in mind, if you format / upgrade your phones firmware, you'll need to do steps 1 & 2 again and after that manually install those apps from Application Manager.
Benefits : Your Phone is now Hacked plus
Now you can install Unsigned files and your Phone

Download file from:
http://www.4shared.com/file/60331217/6ae69465/BiNPDA_Signing.html

YAHOO! Mail Setting For Symbian S60

1. ENABLE POP IN YOUR YAHOO MAIL SETTING
Note:
POP enable is not supported for free account at yahoo! International, in this site, I use yahoo! Indonesia as example for mail client setting on Symbian S60

2. With your phone, Select 'Messaging' > 'Options'>'Settings'>'E-mail'>'Mailboxes.'
If you have never set up email on your phone before, select 'Yes' to define a new mailbox. If you already have other mailboxes, select 'Options' and then 'New mailbox.'
Select 'Start' to begin the setup wizard.

3. Select 'POP3' and then 'Next.'
Enter your full email address (including '@yahoo.co.id) as the email address and select 'Next.'

4. Enter 'pop.mail.yahoo.co.id' as the incoming mail server and select 'Next.'

5. Enter 'smtp.mail.yahoo.co.id' as the outgoing mail server and select 'Next.'

6. Select the appropriate access point and then 'Next.'

7. Enter a descriptive name for the email account mailbox name.

8. Once your mailbox is set up, select it from the email mailbox settings screen.
Select 'Connection settings'

> 'Incoming e-mail.'
Enter your address (including '@yahoo.co.id') and password.
Select 'OFF' for your security (ports) and define your port as 'Default'
Select 'Back.'

> Select 'Outgoing e-mail.'
Enter your email address (including '@yahoo.co.id') and password.
Select 'OFF' for your security (ports) and define your port as '587.'
Select 'Back' and change any other settings according to your preferences.

Note:
For indonesian Users:
1. Sign in to yahoo.co.id
2. Click 'opsi'
3. Click 'akses&penerusan POP
4. Select akses web & POP (Setelan POP)
5. Clict 'simpan'

GMAIL Setting For Symbian S60

1. ENABLE IMAP IN YOUR GMAIL SETTING

2. With your phone, Select 'Messaging' > 'Options' > 'Settings' > 'E-mail' > 'Mailboxes.'
If you have never set up email on your phone before, select 'Yes' to define a new mailbox. If you already have other mailboxes, select 'Options' and then 'New mailbox.'

3. Select 'Start' to begin the setup wizard.

4. Select 'IMAP4' and then 'Next.'

5. Enter your full email address (including '@gmail.com') as the email address and select 'Next.' Google Apps users, enter your full address in the format 'username@your_domain.com.'

6. Enter 'imap.gmail.com' as the incoming mail server and select 'Next.'

7. Enter 'smtp.gmail.com' as the outgoing mail server and select 'Next.'

8. Select the appropriate access point and then 'Next.'

9. Enter a descriptive name for the email account mailbox name.

10. Once your mailbox is set up, select it from the email mailbox settings screen.
Select 'Connection settings'

> 'Incoming e-mail.'
Enter your address (including '@gmail.com' or '@your_domain.com') and password.
Select 'SSL/TLS' for your security (ports) and define your port as '993.'
Select 'Back.'

>Select 'Outgoing e-mail.'
Enter your email address (including '@gmail.com' or '@your_domain.com') and password.
Select 'StartTLS' for your security (ports) and define your port as '587.'

Select 'Back' and change any other settings according to your preferences.

Note:
Enable IMAP in Gmail:
1. Sign in to Gmail.
2. Click Settings at the top of any Gmail page.
3. Click Forwarding and POP/IMAP.
4. Select Enable IMAP.
Configure your IMAP client and click Save Changes.
Note: it's not possible to enable IMAP while using the basic HTML interface. Please use the standard view to see this option.