Latest News

OPC tunnelling through firewalls

OPC has quickly become the de facto open communication standard in the world of industrial connectivity, offering improved data connectivity and lower costs of data transfer, says Matrikon.

OPC stands for Object Linking and Embedding for Process Control. The OPC Foundation is an industry group that creates standards for open connectivity of industrial automation devices and systems.

The OPC standards specify the communication of industrial process data, alarms and events, historical data and batch process data between sensors, instruments, controllers, software systems, and notification devices.

OPC not only improves data connectivity, but also dramatically lowers the cost of data transfer between devices and applications.

The most common problem that engineers face when designing an OPC solution is communication through firewalls. When an OPC client is on one side of the firewall and the OPC server is on the other, communication between the two is very difficult. This is because OPC is built on Microsoft’s DCOM (Distributed Component Object Model) technology.

DCOM by default uses many random ports in its communication while the sole purpose of a firewall is to block unnecessary ports. This conflict makes setting up communication between the client and server almost impossible.

DCOM uses port 135 to initiate its connection. This port, in the past, has been used by hackers to take control of PCs and is by default blocked on most firewalls. IT administrators are usually very reluctant to open this port, let alone hundreds of ports leaving their network vulnerable to attack.

OPC Tunnelling eliminates DCOM and reinforces network security. It channels the communication through one single, unlisted TCP port. This removes a hacker’s ability to exploit DCOM’s multitude of open ports while allowing successful OPC communication through any firewall.

Contact Matrikon — Asia Pacific;

Richard Muniz, OPC Account Manager

Send this to a friend