A

Summer Training Report

On
SCADA Systems

At

UJVN Ltd.
Dharasu Power House, Maneri Bhali Stage-II
Chinyalisaur, Uttarkashi, Uttarakhand-249196

Submitted By:
Sumit Shah, B.Tech (CSE)
Govind Ballabh Pant, University of Agriculture & Technology, Pantnagar

ACKNOWLEDGEMENT
It is my pleasure to be indebted to various people, who directly or indirectly
contributed in the development of this work and who influenced my thinking,
behavior, and acts during the course of study.
I express my sincere gratitude to Er. Manoj Rawat, Executive Engineer
(Test) for providing me an opportunity to undergo summer training at Test Section
of Dharasu Power House.
I am thankful to Er. Krishna Kumar, Assistant Engineer (Test) for his
support, cooperation, and motivation provided to me during the training for
constant inspiration, presence and blessings.
I also extend my sincere appreciation to Er. Anoop Rawat, JE (Test) who
provided his valuable suggestions and precious time in accomplishing my traning
report.
Lastly, I would like to thank the almighty and my parents for their moral
support and my friends with whom I shared my day-to-day experience and
received lots of suggestions that improved my quality of work.

(Sumit Shah)
B.Tech (CSE)

INDEX
Chapter No.
1
2
3
4

Topic
About the Company
Hydroelectricity
Basics of SCADA System
SCADA Systems Used in MB-II

Communication Protocols for SIMATIC PLC devices

References

Page No.
5-6
7-14
15-21
22-26
27-31
32

Chapter-1
About The Company

1. UJVN Ltd.:
Uttarakhand is renowned for its scenic beauty and rivers. India's two major rivers viz.
Ganga and Yamuna start their journey from here. Besides these two rivers, Uttarakhand has a
large network of rivers and canal which provides an immense scope for hydropower energy. One
of the first hydro-power station in India was commissioned at Galogi in 1907. More power
stations were subsequently developed over a period of time.
12th February, 2001 - A new dawn in the Power Sector of Uttarakhand when UJVNL
came into existence, with some promises to keep with the home state, to emerge as a Power
Major and to make the state, so called "Urja Pradesh".
Uttarakhand has a very high potential which is yet to be developed and to give impetus to
power sector, Uttarakhand Jal Vidyut Nigam Limited (UJVNL) was formed. UJVNL is a wholly
owned Corporation of the Government of Uttarakhand set up for managing hydro power
generation at existing power stations and development, promotions of new hydro projects with
the purpose of harnessing, the known, and yet to be known, hydro power resources of the State.
Today, UJVNL operates hydropower plants ranging in capacity from 0.2 MW to 376
MW, totaling up to 1284.85 MW. Though the State is more or less sufficient in its energy
generation to meet its own requirements, it is committed to develop its huge hydro power
resources in an early and efficient manner for economic well-being and growth of the State and
its people.
2. Dharasu Power House, MB-II:
Maneri Bhali Stage-II Hydroelectric Project is a Run-of-River (ROR) scheme under on
river Bhagirathi, in District Uttarkashi (Uttarakhand). The project is located near the famous city
of Uttarkashi and is on the downstream of the existing UJVNL's Tiloth Hydro Power Project.
The project site is approximately 150 kms. from Rishikesh, lies between the tail race channel of
Maneri Bhali Stage-I project and the reservoir of Tehri project. The project preliminary works
were started in 1979 by the erstwhile UPSEB along with UP Irrigation Department and the main
civil works contracts were signed in the years from 1980-84. The original estimate of the project
5

(with an installed capacity of 3x52 MW), costing Rs. 4333.00 Lakhs, was submitted to CWPC in
April 1972. The cost was updated to Rs. 4571.00 Lakhs during examination by CWPC in June,
1973. This cost was cleared by CWPC. The project installed capacity was then revised to 4x76
MW due to revision in design discharge of HRT from 120 cumecs to 142 cumecs.
3. Salient features of the project
a) 81 meter long barrage with a storage capacity of 7.55 lac cum., with intake and
sedimentation tank near the barrage. The barrage will provide a daily peaking of
about four hours during the lean season.
b) 16 km long, 6.0 m diameter horse shoe shaped head race tunnel from Diversion
barrage to power house with 172 m high, restricted orifice type surge tank, of 13.7
m diameter, at the end of the head race tunnel.
c) Four steel penstocks of 3.0 m diameter.
d) A surface power station of 4 units of 76 MW (BHEL make) with Francis turbines
along with a 220 kV switchyard.
e) Annual generation of 1566GWh.

Chapter-2
Hydroelectricity
1. Introduction: Hydroelectricity is the term referring to electricity generated by hydropower;
the production of electrical power through the use of the gravitational force of falling or flowing
water. In 2015 hydropower generated 16.6% of the worlds total electricity and 70% of
all renewable electricity, and is expected to increase about 3.1% each year for the next 25 years.
Hydropower is produced in 150 countries, with the Asia-Pacific region generating 33
percent of global hydropower in 2013. China is the largest hydroelectricity producer, with 920
TWh of production in 2013, representing 16.9 percent of domestic electricity use.
The cost of hydroelectricity is relatively low, making it a competitive source of
renewable electricity. The hydro station consumes no water, unlike coal or gas plants. The
average cost of electricity from a hydro station larger than 10 megawatts is 3 to 5 U.S.
cents per kilowatt-hour. With a dam and reservoir it is also a flexible source of electricity since
the amount produced by the station can be changed up or down very quickly to adapt to changing
energy demands. Once a hydroelectric complex is constructed, the project produces no direct
waste, and has a considerably lower output level of greenhouse gases than fossil fuel powered
energy plants.
2. Power Generating Method:

Figure 1: Cross section of a conventional hydroelectric dam

Figure 2: A typical turbine and generator

3. Conventional (dams)
Most hydroelectric power comes from the potential energy of dammed water driving a water
turbine and generator. The power extracted from the water depends on the volume and on the
difference in height between the source and the water's outflow. This height difference is called
the head. A large pipe (the "penstock") delivers water from the reservoir to the turbine.

Pumped-storage:
This method produces electricity to supply high peak demands by moving water
between reservoirs at different elevations. At times of low electrical demand, the excess
generation capacity is used to pump water into the higher reservoir. When the demand becomes
greater, water is released back into the lower reservoir through a turbine. Pumped-storage
schemes currently provide the most commercially important means of large-scale grid energy
storage and improve the daily capacity factor of the generation system. Pumped storage is not an
energy source, and appears as a negative number in listings.
Run-of-the-river:
Run-of-the-river hydroelectric stations are those with small or no reservoir capacity, so that only
the water coming from upstream is available for generation at that moment, and any oversupply
must pass unused. A constant supply of water from a lake or existing reservoir upstream is a
significant advantage in choosing sites for run-of-the-river. In the United States, run of the river
hydropower could potentially provide 60,000 megawatts (80,000,000 hp) (about 13.7% of total
use in 2011 if continuously available).
Tide:
A tidal power station makes use of the daily rise and fall of ocean water due to tides; such
sources are highly predictable, and if conditions permit construction of reservoirs, can also
be dispatchable to generate power during high demand periods. Less common types of hydro
schemes use water's kinetic energy or undammed sources such as undershot water wheels. Tidal
power is viable in a relatively small number of locations around the world. In Great Britain, there
are eight sites that could be developed, which have the potential to generate 20% of the
electricity used in 2012.
4. Sizes, types and capacities of hydroelectric facilities:
Large facilities:
Large-scale hydroelectric power stations are more commonly seen as the largest power
producing facilities in the world, with some hydroelectric facilities capable of generating more
than double the installed capacities of the current largest nuclear power stations.
Although no official definition exists for the capacity range of large hydroelectric power
stations, facilities from over a few hundred megawatts are generally considered large
hydroelectric facilities.
Currently, only four facilities over 10 GW (10,000 MW) are in operation worldwide, see table
below.

Rank

Station

Country

Capacity (MW)

1.

Three Gorges Dam

China

22,500

2.

Itaipu Dam

Brazil
Paraguay

14,000

3.

Xiluodu Dam

China

13,860

4.

Guri Dam

Venezuela

10,200

5. Advantages of Hydro Power Generation:

(a) Hydropower is a flexible source of electricity since stations can be ramped up
and down very quickly to adapt to changing energy demands. Hydro turbines have a
start-up time of the order of a few minutes. It takes around 60 to 90 seconds to bring a
unit from cold start-up to full load; this is much shorter than for gas turbines or steam
plants. Power generation can also be decreased quickly when there is a surplus power
generation. Hence the limited capacity of hydropower units is not generally used to
produce base power except for vacating the flood pool or meeting downstream
needs. Instead, it serves as backup for non-hydro generators.
(b)

Low Power Cost: The major advantage of hydroelectricity is elimination

of the cost of fuel. The cost of operating a hydroelectric station is nearly

immune to increases in the cost of fossil fuels such as oil, natural
gas or coal, and no imports are needed. The average cost of electricity
from a hydro station larger than 10 megawatts is 3 to 5 U.S. cents per
kilowatt-hour.
(c)

Hydroelectric stations have long economic lives, with some plants still in service
after 50100 years. Operating labor cost is also usually low, as plants are
10

automated and have few personnel on site during normal operation. Where a dam
serves multiple purposes, a hydroelectric station may be added with relatively low
construction cost, providing a useful revenue stream to offset the costs of dam
operation. It has been calculated that the sale of electricity from the Three Gorges
Dam will cover the construction costs after 5 to 8

years of full

generation. Additionally, some data shows that in most countries large

hydropower dams will be too costly and take too long to build to deliver a
positive risk adjusted return, unless appropriate risk management measures are
put in place.
(d) Suitability for industrial applications:
While many hydroelectric projects supply public electricity networks, some are
created to serve specific industrial enterprises. Dedicated hydroelectric projects
are often built to provide the substantial amounts of electricity needed
for aluminum electrolytic plants, for example. The Grand Coulee Dam switched
to

support Alcoa aluminum

in Bellingham,

Washington, United

States for

American World War II airplanes before it was allowed to provide irrigation and
power to citizens (in addition to aluminum power) after the war. In Suriname,
the Brokopondo

Reservoir was

constructed

to

provide

electricity

for

the Alcoa aluminum industry. New Zealand's Manapouri Power Station was
constructed to supply electricity to the aluminum smelter at Tiwai Point.
(e) Reduced CO2 emissions:
Since hydroelectric dams do not burn fossil fuels, they do not directly
produce carbon dioxide. While some carbon dioxide is produced during
manufacture and construction of the project, this is a tiny fraction of the operating
emissions of equivalent fossil-fuel electricity generation.

11

(f) Other uses of the reservoir:

Reservoirs created by hydroelectric schemes often provide facilities for water
sports,

and

become

tourist

attractions

themselves.

In

some

countries, aquaculture in reservoirs is common.

Multi-use dams installed for irrigation support agriculture with a relatively
constant water supply. Large hydro dams can control floods, which would
otherwise affect people living downstream of the project.
6. Disadvantages:
Large reservoirs associated with traditional hydroelectric power stations result in
submersion of extensive areas upstream of the dams, sometimes destroying biologically
rich and productive lowland and riverine valley forests, marshland and grasslands.
Damming interrupts the flow of rivers and can harm local ecosystems, and building large
dams and reservoirs often involves displacing people and wildlife. The loss of land is
often exacerbated by habitat fragmentation of surrounding areas caused by the reservoir.
Hydroelectric projects can be disruptive to surrounding aquatic ecosystems both
upstream and downstream of the plant site. Generation of hydroelectric power changes
the downstream river environment. Water exiting a turbine usually contains very little
suspended sediment, which can lead to scouring of river beds and loss of
riverbanks. Since turbine gates are often opened intermittently, rapid or even daily
fluctuations in river flow are observed.
Siltation and flow shortage:
When water flows it has the ability to transport particles heavier than itself downstream.
This has a negative effect on dams and subsequently their power stations, particularly those on
rivers or within catchment areas with high siltation. Siltation can fill a reservoir and reduce its
capacity to control floods along with causing additional horizontal pressure on the upstream
portion of the dam. Eventually, some reservoirs can become full of sediment and useless or overtop during a flood and fail.
Changes in the amount of river flow will correlate with the amount of energy produced by a dam.
Lower river flows will reduce the amount of live storage in a reservoir therefore reducing the
12

amount of water that can be used for hydroelectricity. The result of diminished river flow can be
power shortages in areas that depend heavily on hydroelectric power. The risk of flow shortage
may increase as a result of climate change. One study from the Colorado River in the United
States suggest that modest climate changes, such as an increase in temperature in 2 degree
Celsius resulting in a 10% decline in precipitation, might reduce river run-off by up to 40%.
Brazil in particular is vulnerable due to its heavy reliance on hydroelectricity, as increasing
temperatures, lower water ow and alterations in the rainfall regime could reduce total energy
production by 7% annually by the end of the century.
Relocation:
Another disadvantage of hydroelectric dams is the need to relocate the people living where the
reservoirs are planned. In 2000, the World Commission on Dams estimated that dams had
physically displaced 40-80 million people worldwide.
7. Comparison with other methods of power generation:
Hydroelectricity eliminates the flue gas emissions from fossil fuel combustion, including
pollutants such as sulfur dioxide, nitric oxide, carbon monoxide, dust, and mercury in the coal.
Hydroelectricity also avoids the hazards of coal mining and the indirect health effects of coal
emissions. Compared to nuclear power, hydroelectricity construction requires altering large areas
of the environment while a nuclear power station has a small footprint, and hydro-Power Station
failures have caused tens of thousands of more deaths than any nuclear station failure. The
creation of Garrison Dam, for example, required Native American land to create Lake
Sakakawea, which has a shoreline of 1,320 miles, and caused the inhabitants to sell 94% of their
arable land for $7.5 million in 1949.
Compared to wind farms, hydroelectricity power stations have a more predictable load
factor. If the project has a storage reservoir, it can generate power when needed. Hydroelectric
stations can be easily regulated to follow variations in power demand.

13

Ten of the largest hydroelectric producers as at 2013.

Country

Annual hydroelectric
production (TWh)

Installed
capacity (GW)

Capacity
factor

% of total
production

China

920

194

0.37

16.9%

Canada

392

76

0.59

60.1%

Brazil

391

86

0.56

68.6%

United States

290

102

0.42

6.7

Russia

183

50

0.42

17.3%

India

142

40

0.43

11.9%

Norway

129

31

0.49

96.1%

Japan

85

49

0.37

8.1%

Venezuela

84

15

0.67

67.8%

France

76

25

0.46

14

13.2%

Chapter-3
Basics of SCADA System
1. Introduction:
The definition of SCADA is Supervisory Control and Data Acquisition. The major function
of SCADA is for acquiring data from remote devices such as valves, pumps, transmitters etc. and
providing overall control remotely from a SCADA Host software platform. This provides
process control locally so that these devices turn on and off at the right time, supporting your
control strategy and a remote method of capturing data and events (alarms) for monitoring these
processes. SCADA Host platforms also provide functions for graphical displays, alarming,
trending and historical storage of data. Historically, SCADA products have been produced that
are generic with a one shoe fits all approach to various markets. As SCADA has matured to
provide specific solutions to specific SCADA markets it has provided solutions for wide area
network SCADA systems that rely on tenuous communication links. These types of SCADA
systems are used extensively throughout the Oil & Gas market due to the fact that assets are
spread over large geographical areas. Looking at the overall structure of a SCADA system, there
are four distinct levels within SCADA, these being;
a.

Field instrumentation.

b.

PLCs and / or RTUs.

c.

Communications networks.

d.

SCADA host software.

Figure 1: SCADA System Overview

15

Field Instrumentation:
You cant control what you dont measure is an old adage, meaning that instrumentation is a
key component of a safe and optimized control system. Traditionally, pumps and their
corresponding operational values would have been manually controlled i.e. an operator would
start/stop pumps locally and valves would have been opened/closed by hand. Slowly over time,
these instruments would have been fitted with feedback sensors, such as limit switches,
providing connectivity for these wired devices into a local PLC or RTU, to relay data to the
SCADA host software.

Figure 2: Progress of Instrumentation

Although todays instrumentation technician requires more technical knowledge and the
ability to design, install and maintain equipment, than in the past, this is mitigated by the reduced
cost in automating processes and higher technical skills held by personnel. Today, most field
devices such as valves have been fitted with actuators, enabling a PLC or RTU to control the
device rather than relying on manual manipulation. This capability means the control system can
react more quickly to optimize production or shutdown under abnormal events. In terms of
regulatory compliance, instrumentation for the oil & gas industry has had to comply with
hazardous class, division and group classifications. The requirement is that the instrument must
be designed for the location or area in which it has been placed, eg. an environment where the
existence of explosive vapors during normal operating conditions, or during abnormal
conditions, are known. In many cases the instrument is also required to function in harsh
environments. Many types of instrumentation are designed for extremes of hot and cold. If the
instrumentation is not designed for these temperatures, an artificial environment within a cabinet
or some sort of building is required. This comes at an extra cost not just in initial design but also
16

for ongoing maintenance. Instrumentation must also comply with any EMC (electromagnetic
compatibility) standards which may be in place, to ensure that an electrical device does not have
any undesirable effects upon its environment or other electrical devices within its environment.
PLCs and RTUs:
Programmable Logic Controllers (PLCs) and Remote Telemetry Units (RTUs) used to be
distinctly different devices but over time they are now almost the same. This has been a
convergence of technology as manufacturers of these devices expanded their capabilities to meet
market demands. If we go back 30 years, an RTU was a dumb telemetry box for connecting
field instruments. The RTU would relay the data from the instruments to the SCADA host
without any processing or control but had well-developed communication interfaces or
telemetry. In the 1990s control programming was added to the RTU so it operated more like a
PLC. PLCs on the other hand could always do the control program but lacked communication
interfaces and data logging capability, which has been added to some extent over the past
decade. A further development of devices in the field is to offer a specific application that could
incorporate a number of instruments and devices with an RTU/ PLC, incorporating technology
sets to provide an off the shelf approach to common process requirements, e.g. gas well
production that includes elements of monitoring, flow measurement and control that would
extend as an asset into the SCADA Host. In terms of environmental and regulatory compliance,
PLCs and RTUs have the same type of requirements as instrumentation in that they operate in
the same environment. However, PLCs have traditionally not been as environmentally compliant
as RTUs. This is mainly due to the fact that PLCs were designed to operate in areas, such as
factory floors, where the environment was already conditioned to some degree.
Remote Communications Networks
The remote communication network is necessary to relay data from remote RTU/PLCs, which
are out in the field or along the pipeline, to the SCADA host located at the field office or central
control center. With assets distributed over a large geographical area, communication is the glue
or the linking part of a SCADA system and essential to its operation. How well a SCADA
system can manage communication to remote assets is fundamental to how successful the
SCADA system is. Twenty years ago the communication network would have been leased lines
or dial-up modems which were very expensive to install and maintain, but in the last 10-15 years
many users have switched to radio or satellite communications to reduce costs and eliminate the
17

problematic cabling issues. More recently, other communication types have been made available
that include cellular communications and improved radio devices that can support greater
communication rates and better diagnostics. However, the fact that these types of communication
media are still prone to failure is a major issue for modern, distributed SCADA systems. At the
same time as the communication medium changed so too did the protocols. Protocols are
electronic languages that PLCs and RTUs use to exchange data, either with other PLCs and
RTUs or SCADA Host platforms.
Traditionally, protocols have been proprietary and the product of a single manufacturer.
As a further development, many manufacturers gravitated to a single protocol, MODBUS, but
added on proprietary elements to meet specific functionality requirements. For the Oil & Gas
industry there are a number of variants of MODBUS, including but not limited to, MODBUS
ASCII, MODBUS RTU, Enron MODBUS and MODBUS/TCP. This provided a communication
standard for the retrieval of flow or process data from a particular RTU or PLC. This incremental
development in using MODBUS protocol variants was seen as an improvement, but it still tied a
customer to a particular manufacturer, which is very much the case today. A good example is
how historical flow data is retrieved from a RTU/PLC by a SCADA Host. However, the
advancement of SCADA Host software, and in some cases the sharing of protocol languages, has
meant that many of the issues with proprietary elements have been further resolved.
In recent years, protocols have appeared that are truly non-proprietary, such as DNP
(Distributed Network Protocol). These protocols have been created independently of any single
manufacturer and are more of an industry standard; many individuals and manufacturers have
subscribed to these protocols and contributed to their development. However, these protocols
have yet to develop significantly enough to have a broad appeal to the application process and
regulation requirements for oil & gas markets. Consequently, the oil and gas market is still
heavily invested in MODBUS variants. As the benefits of these protocols become more apparent
to users, it is expected that they will be more readily accepted and become a component of
standard solutions provided specifically for oil and gas markets.

18

Figure 3: Wide Area Network SCADA

SCADA Host Software

Traditionally, SCADA Host software has been the mechanism to view graphical displays, alarms
and trends. Control from the SCADA Host itself only became available when control elements
for remote instruments were developed. These systems were isolated from the outside world and
were the domain of operators, technicians and engineers. Their responsibility was to monitor,
maintain and engineer processes and SCADA elements. With advancements in Information
Technology (IT) this is no longer the case. Many different stake holders now require real time
access to the data that the SCADA Host software generates. Accounting, maintenance
management and material purchasing requirements are preformed or partly preformed from data
derived from the SCADA system. Consequently, there is a drive for the SCADA Host to be an
Enterprise entity providing data to a number of different users and processes. This has
encouraged SCADA Host software development to adopt standards and mechanisms to support
interfacing to these systems. It also means that IT, traditionally separated from SCADA systems,
is now involved in helping to maintain networks, database interfacing and user access to data.
Many of the initial SCADA Host products were developed specifically for the manufacturing
environment where a SCADA system resided within a single building or complex, and did not
posses many of the telemetry communication features required by SCADA systems for
geographically distributed assets.

19

Figure 4: SCADA Host Platform

These types of 1st-generation SCADA Hosts often required a hybrid PLC or RTU, called a Front
End Driver (FED) or Front End Processor (FEP), to be used for handling communications with
remote devices. This resulted in a number of disadvantages as it required specialized
programming, external to the SCADA Host platform, and created a communications bottleneck.
Although multiple FED or FEP devices resolved some of this, there were extra costs and
difficulties in creating and maintaining them due to their specialized nature. Modern SCADA
software that encapsulates telemetry functionality no longer requires these types of hybrid PLCs
for communications. They now use software programs called drivers that are integrated into the
SCADA Host itself. Software drivers contain the different types of protocols to communicate
with remote devices such as RTUs and PLCs. As technology developed, SCADA Host software
platforms were able to take advantage of many new features. These included the development of
integral databases specifically designed for SCADA Host software requirements, being able to
handle thousands of changes a second, for really large systems, yet still conform to standard
database interfacing such as Open Database Connectivity (ODBC) and Object linking and
Embedding for Databases (OLE DB). These standards are required so that third-party databases
can access data from the SCADA Host software. Remote client access to the SCADA Host is
another technology that has enabled users to operate and monitor SCADA systems while on the
move between or at other locations. There is a drive towards operational safety for SCADA Host
systems within the oil and gas industry. 49 CFR 195.446 Control Room Management regulations
look at SCADA Host software and how it functions in terms of operations, maintenance and
20

management. It also covers the degree of integration of the SCADA system itself and its use of
open architecture and standards.
Security
Security for SCADA systems has in recent years become an important and hotly debated topic.
Traditionally SCADA systems were isolated entities that were the realm of operators, engineers
and technicians. This has meant that SCADA Host platforms were not necessarily developed to
have protected connections to public networks. This left many SCADA host platforms open to
attack as they did not have the tools necessary to protect themselves. In terms of remote assets
communicating back to a SCADA Host, security has been an issue for many years with
numerous documented attacks on SCADA systems. However, its only been in recent years that
an open standard has been produced to provide secure encrypted and authenticated data
exchanges between remote assets and a SCADA Host platform. Solutions for remote asset and
SCADA host communication security have very different requirements. Security has to also be
viewed overall, and not just in terms of the SCADA system itself. For example, if somebody
wanted to disrupt production, they would not necessarily need to access the SCADA system to
do this. If a gas wellhead site or a monitoring point on a gas pipeline is remotely situated, it
could be easily compromised by a trespasser. If the asset is critically important, other solutions
that may or may not form part of the SCADA system itself would have to be considered. e.g.
camera surveillance security. A large number of unauthorised accesses to a SCADA system
come not from or at the remote assets themselves but through the SCADA Host or computers
used to access the SCADA system for diagnostic or maintenance purposes. For example, the
recent attack using the Stuxnet virus was introduced via a thumb drive on a computer used to
access a SCADA system. There are a number of standards available that describe how to secure
a SCADA system, not just in terms of the technology employed, but in terms of practices and
procedures. This is very important since the security solution to SCADA is not a technological
silver bullet, but a series of practices and procedures in conjunction with technological solutions.
These practices and procedures would include items of training, SCADA Host access and
procedures to follow when SCADA security has been compromised. In modern SCADA systems
IT departments are integral to implementing and maintaining SCADA security for an
organization and should be included in setting up practices, procedures and implementing
technologies.
21

Chapter-4
SCADA Systems Used in MB-II
1. For Monitoring of Joshiyara Barrage Level Siemens SIMATIC S7-200 Processor has
been used.

Figure 1: Picture of SIMATIC S7-200 Processor

Features of S7-200 Processor:

Open communication:
Built-in RS 485 interface with data transmission rates up to 187.5 kbit/s.
PPI protocol system bus for trouble-free networking.
Freeport mode programmable for user specific protocols for any peripheral devices.
Fast connection to PROFIBUS using the slave module.
Powerful connection to AS-Interface using the master module.
Communications anywhere using the modem module (for remote maintenance,
teleservice or telecontrol).
Connection to Industrial Ethernet via the Ethernet module.
Internet connectivity, e-mail, HTTP, and FTP server functionality using the Internet
module.
S7-200 PC Access OPC Server for simple connection to the PC environment.
Powerful performance:
Small and compact ideal for any applications where space is tight.
Basic and advanced functionality in all CPU models.
Large program and data memory.
Outstanding real-time response being in total command of the entire process at any time
means increased quality, efficiency and safety.
22

Easy-to-use STEP 7-Micro/WIN engineering software ideal for both beginners and
experts.

Optimal modularity:
5 distinct CPUs in the performance range with comprehensive basic functionality and
integrated Freeport communications interface.
A wide range of expansion modules for various functions:
Digital/analog expansions, scalable to specific requirements.
PROFIBUS communication as a slave.
AS-Interface communication as a master.
Exact temperature measurement.
Positioning.
Remote diagnostics.
Ethernet/Internet communications.
SIWAREX MS weighing module.
HMI functions.
STEP 7-Micro/WIN software with Micro/WIN add-on instruction library.
Compelling systems engineering now featuring precise dimensioning and optimum
solutions for a wide range of different requirements for the complete automation task.

Figure 2: Display View of Joshiyara Barrage Level on Computer Screen

23

2. For Monitoring of Temperature of Generators and Turbines BHEL make MaXDNA

SCADA System has been installed in the power house.
maxSTATION Hardware Overview:
A maxDNA distributed control system consists of various quantities of the following hardware
components that make up its resources:
maxSTATIONs providing the human interface with the system.
Remote Processing Units (RPU) consisting of Distributed Processing Units (DPUs) and
I/O Modules, which provide control and data acquisition capabilities.
maxNET, a redundant Ethernet network, which interconnects maxSTATIONs and DPUs.
maxSTATION Basics:
maxSTATION, an Intel Pentium-series workstation, running either Microsoft Windows NT or
2000 operating system, is a high-performance workstation outfitted with a high capacity hard
drive, color monitor, engineering or operator keyboard, mouse or track ball, and CD-ROM for
loading maxDNA application software. The Windows video display is called the desktop.
Icons representing files, folders or programs may be placed on the desktop. A window is
opened for each individual program (often called an application) that is executed. Multiple
windows can be open simultaneously, be moved and resized, as desired.
Physical Configuration:
maxSTATION components, normally located in a control room, can be packaged in either a
cabinet, a work desk, or a combination of both. Normally, RPU cabinets are located close to the
processes they are monitoring and controlling.
Setting up a maxSTATION:
A maxSTATION may be set up as an:
Operators Workstation
Engineers Workstation
Dedicated Function
The Operators Workstation uses maxVUE graphical interface software to provide a graphical
view of the process. The software uses both standard and custom displays. The Engineers
Workstation is used for creating and maintaining configurations and process control
documentation using the maxTOOLS4E configuration management software. It is also used to
create and maintain custom graphic displays using the maxVUE graphics editor software.
24

In addition to these functions, maxSTATIONs may be dedicated to a primary application or

function. For instance, maxSTATIONs may be set up to collect and manage process and system
alarms, process and event history, archive history, or log history reports, using various maxDNA
applications. In network domains, maxSTATIONs may also be configured as proxy servers.
Network and Communications Architecture:
maxDNA uses a client/server architecture. Simply put, providers supply data to clients using the
Software Backplane distributed communications infrastructure software. The DPU4E is a
primary data provider for system clients. In earlier systems using DPU4A and DPU4Bs, the DPU
Bus Module (DBM) is a primary data provider. Most maxDNA applications, such as maxVUE
and maxTOOLS4E, are clients accessing providers for data; however, applications, such as
maxSTORIAN, could play the role of provider as well as client. The maxSTORIAN package
gathers historic trend data and provides it to clients such as maxVUE and the History Reports
utility. The DPU4E, acting as a server, collects information, stores it, and ultimately transfers the
information to the appropriate maxSTATION clients. The collected data is comprised of alarm,
event, trend, historical and general point information.
The SBP software suite includes the following core applications:
maxRRS - Registration and Routing (RRS), which connects clients with providers of
information. Providers register information on the software backplane. Clients read, write
and subscribe to that information through the software backplane.
maxLSS - Local Status Server (LSS), which provides maxSTATION housekeeping functions,
such as storage for other processes (for example, the last display and selected point for maxVUE)
and a set of simulation functions.
Real Time Gateway (RTG), required with systems using DPU Bus Modules, provides an
interface between the DBM and the software backplane. The RTG provides immediate data,
trend data, alarm data, and more.
The maxNET Network is a fully redundant 10/100 Mb per second Ethernet network using
industry standard TCP/IP protocol for communications between Workstation clients and servers.

25

Figure 3: Generator & Turbine Parameters Displaying on Computer Screen

26

Chapter-5
Communication Protocols for SIMATIC PLC devices
1. PROFINET IO Services:
PROFINET IO is a communication standard for the implementation of modular,
distributed applications. With PROFINET IO, distributed field devices (IO-Devices)
can be directly connected to Industrial Ethernet.
Features:
PROFINET IO communication provides three performance levels:
Non-Real-Time (NRT) uses the TCP/UDP/IP channel to transfer parameterization
and non-time-critical data with a typical cycle time of approximately 100 ms.
Real-Time (RT) provides the transfer of time-critical process data by prioritizing
and optimizing the communication stacks with a typical update cycle time of 1 ms to
10 ms.
Isochronous Real-Time (IRT) provides isochronous execution cycles to ensure that
the information is transmitted at consistently equidistant time intervals. IRT delivers
isochronous data transmission with very short update cycles (from 250 microseconds
to 1 ms) and very little jitter. PROFINET offers the following further advantages:
PROFINET IO provides the same device model as PROFIBUS.
In PROFINET IO, you configure the devices with the same engineering system (for
example STEP 7). The properties of a PROFINET device are described in a GSD file
(General Station Description) that contains all the information required for
configuration and communication.
During configuration with STEP 7, these field devices are assigned to an IOController. Existing PROFIBUS modules or devices can continue to be used with
PROFINETcapable interfaces or links.
A proxy is the connecting element between PROFINET and any lower-level field
bus. For example, the PROFINET IO IE/PB Link allows a PROFINET IO controller
to communicate with a PROFIBUS DP slave device.
2. PROFIBUS
PROFIBUS is used to connect field devices, such as distributed I/O devices, valves or
drives, to automation systems, such as SIMATIC S7, SIMOTION, SINUMERIK or PCs.
27

PROFIBUS that is standardized in accordance with IEC 61158 and EN 50170 is a

powerful, open and robust with fieldbus system with short reaction times. This open
fieldbus standard is supported by the most important companies in the automation
industry. PROFIBUS provides a fieldbus solution for the complete production and
process automation with rapid and reliable data exchange as well as integrated
diagnostics capabilities. PROFIBUS can also be used in hazardous areas as well as for
fail-safe applications and HART devices.
Advantages:
In comparison to conventional operation of process I/O, PROFIBUS provides many
advantages:
Reduced planning and engineering costs and time
Reduced installation and start-up costs through Reduced effort required for wiring,
Abolition of termination modules, Mounting in the field and
Rationalization of connection and power distribution
Reduced operating and maintenance costs due to embedded diagnostics in devices
PROFIBUS supports the data exchange between the field devices on the cell and field
levels and systems on a higher level. PROFIBUS is available in different forms for
various applications, for example:
PROFIBUS DP provides rapid communication with intelligent devices of the
distributed I/Os.
PROFIBUS PA supplies signals and power for sensors and actuators by means of the
same line.
(a) PROFIBUS DP services PROFIBUS DP (distributed I/Os) is used to connect the
following devices:
Controllers, PCs, HMI devices
Distributed field devices, for example SIMATIC ET 200
Valves
Drives
As at a centralized I/O devices access to the distributed I/Os is carried out by means of
the configured device address. The STEP 7 user program can read and write data to these
addresses in the same manner as to the central I/O devices. This means that the
28

distributed I/Os can be addresses through direct I/O access or through the process image
exchange.
PROFIBUS offers various performance levels:
The basic functionality (DPV0) includes the cyclic data exchange of process data
between the master and PROFIBUS DP slaves as well as workstation- module- and
channel-specific diagnostics.
The extensions in accordance with DPV1 encompass acyclic data traffic during
operation for: Parameterization as well as operator control & monitoring (non-timecritical) Handling of interrupts (time-critical)
Isochronous mode and data exchange broadcast (DPV2): Isochronous mode is
characterized by a deterministic and clock-synchronized behavior. The synchronized
execution cycles ensure that the data are transmitted at consistently equidistant time
intervals. This ensures that demanding control systems, high-precision position processes
and rapid motion control applications can be realized. Data exchange broadcast means
that PROFIBUS DP slaves communicate with each other using broadcasting without
going through the master, thus reducing the bus response times notably. The additional
"HART on PROFIBUS DP" profile also allows communication with HART devices.
(b) PROFIBUS PA Communication Services PROFIBUS PA (Process Automation) is
based on the MBP transmission technology and the DPV1 functions. PROFIBUS PA
allows intrinsically safe data transfer and power supply by means of a 2-wire cable.
PROFIBUS PA with the PA Devices profile is suitable in particular for the process
industry. It is used to integrate, for example, pneumatic actuators, solenoid valves and
measuring transducers.
Features:
The PA Devices profile defines the parameters and functions for various classes of
process devices. PA Devices is available as Version 3.0 in "Profile for Process Control
Devices". The PA instruments are connected to the current-limited PA bus and, with few
exceptions, are supplied with power and data over the bus. These instruments are lowvoltage devices that can be installed in hazardous areas up to Zone 0.
The communication encompasses cyclic and acyclic access:

29

 Cyclic access to the inputs/outputs is typically carried out using a SIMATIC Controller.
Acyclic access to the potentially extensive set of device operating parameters is
typically carried out using an engineering tool such as Process Device Manager (PDM).
The inputs/outputs of a PROFIBUS PA slave are addressed through process image
exchange, exactly like the central I/O devices.
All the bus components used as PROFIBUS PA differ from those used at PROFIBUS
DP, for example:
Cables
Plug connectors
Repeaters
Terminations
These differences are due to the differing electrical properties of the bus. PROFIBUS PA
allows a transfer rate of 31.25 kbps and can have a line or tree structure. PROFIBUS PA
is connected to PROFIBUS DP by means of the following active network components:
DP/PA couplers for small volumes of data
DP/PA links for large volumes of data
DP/PA couplers allow the following segment lengths:
Up to 1 km in an Ex area
Up to 1.9 km in a non-Ex area
3. Multi-Point Interface (MPI)
MPI provides a simple network capability with the following services:
PG/OP communication
S7 communication
S7 basic communication
Global Data Communication (GD) MPI supports baud rates of 187.5 kbps to 12 Mbps.
The addresses of the MPI nodes must be unique and are set with the programming device
PC.
Transmission Methods:
MPI uses the electrical standard transmission medium RS 485 that is also used by
PROFIBUS. However, an MPI network can also be connected to optical PROFIBUS
networks by means of the PROFIBUS OLM (Optical Link Module).
30

4. Point-to-Point Interface (PPI)

PPI (Point-to-Point Interface) is an integrated interface that was developed specially for
the SIMATIC S7-200. A PPI network typically connects S7-200 devices. However, other
SIMATIC S7 controllers (such as S7-300 and S7-400) or operator panels can
communicate with an S7-200 in the PPI network.
PPI is a master-slave protocol in which the master devices send requests to slave
devices. Slave devices do not initiate messages, but wait until a master device sends a
request or polls for a response. Communication is carried out by means of a commonly
used PPI connection. Master devices are, for example:
Programming device with STEP 7 Micro/WIN
HMI devices (touch panels, text displays or operator panels)
Slave devices are, for example:
S7-200 CPUs
Expansion racks (for example EM 277) S7-200 CPUs can also be activated as PPI
masters through programming.
Transmission Methods: PPI is an asynchronous character-based protocol. Data transfer
is carried out through the RS 232 or USB interface. The data transfer rate lies between
1.2 kbps and 115.2 kbps.

31

Chapter-6
References
1. BHEL User manual on MaXDNA systems.
2. Siemens user manual for the SCADA system.
3. DPR of Dharasu Power House, MB-II
4. www.uttarakhandjalvidyut.com

32