App Store Wiki

User Tools

Site Tools

Trace:
data_core:tcp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
data_core:tcp [2020/08/06 08:30] sudata_core:tcp [2022/04/18 10:53] (current) – [Fire & Forget] su
Line 9: Line 9:
    A Data Core Node is an instance of Intelligent Plant's    A Data Core Node is an instance of Intelligent Plant's
    data-routing and data-access software operating as a Windows    data-routing and data-access software operating as a Windows
-   service. App Store Connect is a type of Data Core Node +   service. 
-   pre-configured to work with the App Store.+    
 +   App Store Connect is a type of Data Core Node pre-configured 
 +   to work with the App Store.
  
  
 ===== When to use TCP Event Sink and Source ===== ===== When to use TCP Event Sink and Source =====
  
-Data Core'Event Source and Sink subscription model is +The TCP Event Sink and Source provides a reliable and secure way to relay data across network boundaries and firewallsMessage data is signedencrypted and relayed on strictly one-way data-only channelMinimal firewall configuration is required. This makes it particulary suitable for moving data across high-security militarized networks: for example, from a **Process Control Network** to a **Process Information Network** to a **Business Network**.
-designed to relay messages reliably within a Data Core Node. +
-Using a Data Bridge (a means of registering Data Core Nodes +
-with one another) this model can be extended between Data Core Nodes. +
-However, a Data Bridge allows one Node to employ the API of the other. +
-In dealing with data communication from a high-security militarized network +
-any communication to an exposed application API is not permissable.+
  
-The TCP Event Sink and Source provides more suitable method for crossing +The diagram below illustrates such configuration
-network boundaries: a strictly data-only channel with minimal +
-firewall reconfiguration required.+
  
-=====  Data Core Components =====  
  
-{{ :data_core:datacorediagram.png? |}}+{{ :data_core:tcp_06.png? | 500}}
  
-In the above diagram, Alarms & Events (A&E) are transmitted from the PCN to the PIN via +Alarms & Events (A&E) arrive on a serial feed and are captured by Serial Port Listener, data is collected then relayedThree distinct data core nodes act as stepping stones across network boundariesFirewalls at each boundary only require single rule to allow the downstream flow of secure TCP traffic.
-a serial feed. (In terms of physical architecture,Serial Port to TCP Converter +
-would be employed). +
- +
-The A&E Collector may be any Data Core Event Sink that writes data to a repository  +
-(for example, MSMQ Event Sink, Big Data Event Sink, etc). +
- +
-A subscription is set from an A&E Collector to the TCP Event Sink, which in turn relays +
-messages to the remote TCP Event Source. +
- +
-Finally, a collector on the remote Data Core node persists incoming messages. +
- +
-If problem is encountered at any point along the chain, events are +
-resubmitted from PIN collector to BN collector. +
- +
-===== Firewall Configuration =====  +
- +
-  * PIN:BN Firewall requires TCP Port 11000 (configurable) open to outbound traffic.+
  
  
Line 61: Line 37:
  
   *Encryption protects the privacy of the data. It helps to ensure that while data is in transit it cannot be deciphered by third parties.   *Encryption protects the privacy of the data. It helps to ensure that while data is in transit it cannot be deciphered by third parties.
 +
 +
 +===== Resilient Data Transfer ===== 
 +
 +The TCP Event Source and Sink supports resilient data transfer.
 +
 +The diagram below includes a **relient flow** where transmission is guaranteed.
 +
 +{{ :data_core:resilientflow.png?800 |}}
 +
 +Resilient flow uses [[data_core:msmqeventsourcesink|Microsoft Message Queue (MSMQ)]] as a local collector (this is essential if data is arriving on an ephemeral flow). The TCP Event Sink component is then chained to the transactional MSMQ.
 +
 +The TCP Event Sink is configured with the "Check Response" property set to true. This acts as a guaranteed delivery mechanism - repeating attempts to relay data downstream until a positive acknowledgement is received.
 +
 +{{ :data_core:tcp_04.png?700 |}}
 +
 +===== Fire & Forget ===== 
 +
 +The above "Resilient Data Transfer" method using TCP and MSMQ is not expected to introduce any overhead, however if a faster flow was required, paralel TCP components can be chained directly and configured to "fire-and-forget" by setting the "Check Reponse" property to false. Each event will pass through both fast and resilient flows and are consolidated at their final Alarm Analysis destination.
 +
 +{{ :data_core:tcp_05.png?700 |}}
 +
  
 =====  System Account Requirements =====  =====  System Account Requirements ===== 
  
-For TCP authentication, the TCP Client supplies credentials for the TCP server to verify. We recommend creating a local windows account defined on the computer hosting the TCP Event Source.+For TCP authentication, the TCP Client supplies credentials for the TCP server to verify. This could be a service account available on a common domain, or if the Data Core Nodes are on separate networks,  a local windows account defined on the computer hosting the TCP Event Source (as in the picture below).
  
 {{ :data_core:tcp_02.png?300 |}} {{ :data_core:tcp_02.png?300 |}}
Line 73: Line 71:
  
 NB. Sensitive Data Core configuration is encrypted. NB. Sensitive Data Core configuration is encrypted.
- 
-=====  Resilient Data Transfer =====  
- 
-{{ :data_core:tcp_04.png?700 |}} 
- 
-{{ :data_core:tcp_05.png?700 |}} 
  
  
data_core/tcp.1596702602.txt.gz · Last modified: 2020/08/06 08:30 by su