If you haven't received one of my emails or heard from a colleague about our latest TOP Server release, you may not have heard about the key new features in the TOP Server V6.5 release.
In this post, I'm going to go through the top 5 key features released in V6.5 in more detail and how they benefit you as a TOP Server user.
1. New Security Enhancements
With the security threat landscape for Industrial Control Systems (ICS) continually changing, it's clear that a common practice of "security by obscurity" is no longer sufficient to protect systems where safety and uptime are of the utmost concern. Take, for instance, the well-known Stuxnet attack - airgapped networks were not enough to foil that threat.
As such, it is becoming more generally accepted (and even recommended by ICS CERT) that system administrators have a strategy for updating ICS components, which includes TOP Server, instead of assuming that isolation, security, and air gaps are enough.
To that end, TOP Server V6.5 offers a number of new security enhancements and resources to help with secure implementation.
- TOP Server Secure Deployment Considerations Guide
We're providing this document as a resource for best practices that existing and new users should consider if your business needs require deploying TOP Server with maximum security. When your needs dictate a maximum security installation, it is recommended that administrators follow this guide as closely as possible when deploying TOP Server in a production environment. It is up to the user, their IT administration, or other responsible parties for your system to decide what parts of the guide to implement for specific use cases. Click here to get your copy!
Current OS and OPC Interface Capabilities and Security
TOP Server V6.5 supports all current Windows desktop and server operating systems at the time of its release. As recommended in the Secure Deployment Considerations guide that I just mentioned, we always suggest running the most current operating system available whenever possible.
With TOP Server operating system support being regularly updated as new OS versions become available, you're covered. Full specifications, including OS support, are always available on the TOP Server website here.
In addition to considerations about OS, OPC UA continues to evolve as a standard with security capabilities such as encryption and client user authentication down to the tag level. TOP Server V6.5, as with previous releases in the Version 6.x family of TOP Server, includes significant security features for the OPC UA interface. Running Version 6.5 insures you have the most up-to-date and secure OPC UA interfaces.
Project File Encryption
Project files in TOP Server regularly contain customer proprietary information on an organization’s network, processes and control devices. For example, it's common for project files to contain device IP addresses, passwords to access the PLC, process tagnames and related memory addresses.
As such, it's important to protect such information to avoid issues with cybersecurity and client intellectual property concerns. To address this, TOP Server V6.5 gives you the ability to encrypt and password protect .opf project files (NOTE: .json formatted files are not affected) for security during transfers of the project either to other users or other instances of TOP Server.
The encryption mechanism used is such that it wouldn't be practically feasible to attack using brute force methods.
Administrator Password during Installation
To ensure the secure operation of TOP Server, users really need to consider utilizes a strong administrator password in the built-in User Manager. To help remind users to set a password for the Administrator user, starting with V6.5, you are now encouraged to set an Administrator password during the TOP Server installation process. This helps to enhance the security of your server even before you begin to configure it.
When presented with the User Manager Credentials dialog during the installation, you'll want to set a strong administrator password. It is recommended that the password be at least 14 characters in length and include a mix of uppercase and lowercase letters, numbers, and special characters. And you should also avoid well known, easily guessed, or common passwords.
And it is imperative that, if you choose to set a password, that you store the password securely - they are not recoverable and will require re-installing the product if lost.
You'll want to work with your IT department on centralized storage of this information, considering that you might not be working for the company or available when another employee needs this information.
Back-end Security Updates
To continue protecting against constantly evolving encryption-breaking technology, TOP Server V6.5 has updated encryption algorithms throughout the product, and we'll continue to update those algorithms to ensure the on-going security of the application as part of the continuous improvements process you're familiar with.
Additionally, third-party components utilized by TOP Server are upgraded as vendors make them available to utilize the most modern security components and encryption available, further combating cyber threats.
2. MQTT Client Driver Auto Tag Generation (ATG)
You may recall that, in the TOP Server V6.4 release, we added a new driver for MQTT Client connectivity. MQTT (Message Queue Telemetry Transport) is a lightweight message protocol used to connect a wide variety of IoT and industrial automation devices using a publish/subscribe model for communications.
MQTT is commonly implemented in sensor networks which can be used to connect legacy machines having no other connectivity options, as a lower cost alternative to replacing that legacy hardware. Such sensor information is routed through a gateway, which then published the data via MQTT.
Also, aside from sensor networks, there are a number of other industrial automation devices starting to implement MQTT as an option for transferring data, including PLCs and HMIs.
With TOP Server V6.5, the MQTT Client driver now supports Automatic Tag Generation (ATG), significantly simplifying the tag creation process in TOP Server.
By simply subscribing to an MQTT topic and consuming data over a configurable period of time, the driver will create tags based on the data sent to that particular topic.
3. Expanded Torque Tool Ethernet addressing
Torque tools (or torque wrenches) are widely used in discrete manufacturing to apply a specific torque to a fastener such as a nut or bolt. Advanced torque tools are connected, and send information on tightening results and device status back to a controller which is typically collected for traceability and process improvement purposes and, also, allows settings to be downloaded to the device in order to automate fastening.
The Torque Tool Open protocol is commonly supported by such torque tools and is the protocol utilized by the TOP Server Torque Tool Ethernet driver for integration of those tools with HMI/SCADA and other control systems. As new tools utilizing the Torque Tool Open protocol enter the market, new revisions of the protocol supporting additional parameters known as Message IDs (MIDs) are introduced.
With V6.5, the Torque Tool Ethernet driver has been updated to support additional MIDs for compatibility with a greater range of torque tools and provide additional data from those tools.
Support has been added for the following additional MIDs:
- MID 0030 - 0031 (Job Number)
- MID 0032 - 0033 (Job Data)
- MID 0034 - 0039 (Job Info)
- MID 0128 (Job Batch Number)
Support for these new MIDs to give users of the Torque Tool Ethernet driver more visibility into and control over tightening processes in their applications.
4. Easier S7 Ethernet Tag Creation from TIA Portal
More and more of our TOP Server users continue adopting the latest Siemens technology, particularly S7-1200 and S7-1500 controllers. With those controllers came an updated programming and configuration platform called TIA (Totally Integrated Automation) Portal.
You may recall that, starting with TOP Server V6.2, we have already added a TIA Portal Exporter utility that allows you to generate an export file of your TIA Portal tags for use in automatically creating your TOP Server tag database, in those situations where you prefer to maintain a static tag database in your TOP Server project.
Since the V6.2 release, Siemens has released Service Pack 1 for Version 14 (V14 SP1) and Version 15 of TIA Portal. So in TOP Server V6.5, the TIA Portal Exporter Utility has been updated to support these new updates. The utility remains backwards compatible with V13 and V14.
This utility installs on your TIA Portal machine, allowing it to open your S7-300, S7-400, S7-1200 or S7-1500 TIA Portal projects and select program blocks, tag tables or individual tags for generation of the corresponding tags in TOP Server. Auto tag generation was previously only available for older S7-300 and S7-400 controllers still using Step7 for programming and configuration.
The utility produces a .TPE file format that can then be imported by the TOP Server S7 Ethernet driver for auto generation of static tags.
Additionally, the TIA Portal Exporter utility now supports the following capabilities:
- Select a specific controller within the TIA Portal project
- Display and export tags from all tag tables, data blocks and function blocks
- Select all or multi-select specific tags required for a TOP Server project
- Search/filter by tag name, address or data type
- Export the specific tags required for a given project
This greater compatibility and ease-of-use should further streamline the tag creation process for Siemens users.
5. Current ControlLogix Firmware Support
And last but certainly not least, TOP Server V6.5 further expands support for ControlLogix controllers with added support for Firmware Revision 31. This includes support for the new CIP Energy Object-backed Tags included with that particular firmware revision.
CIP Energy object-backed tags are used in automated processes to monitor and manage energy usage for the following purposes:
- To store and deliver energy information collected from machines that report energy data.
- To aggregate the energy usage of devices, machines, and other CIP Energy object-backed tags.
In manufacturing environments moving more and more towards greater efficiency and smarter energy consumption, these new Energy tags provide the data needed by control systems to increase the efficiency and overhead of the process they are controlling.
For a full list of supported ControlLogix Firmware revisions by controller model in V6.5, click here.
These and the other features not covered here provide more secure operations with greater ease-of-use, compatibility and performance. As always, a list of the other enhancements and features in the release notes that we just don’t have room to cover here is available - click for details.
Want to see TOP Server V6.5 for yourself? Download the free trial.