DMZ双向CS模式安全数据交互设计开发与应用

Design Development and Application of DMZ Safety Data Interaction Based on Bidirectional CS Mode

通常,数据采集与监视控制(SCADA)系统不允许外部网络直接访问。但出于生产管理需要,无法避免双方数据通信。为有效隔离SCADA与外部网络、实现双方数据快速自动交互、保证数据交互安全性和稳定性,在双方之间设置隔离区(DMZ)系统进行中转。采用可进行数据加密和证书认证通信的OPCUA协议与外部网络通信,并采用时序性较好的IEC104协议和SCADA通信。对协议转换进行了创新,采用双向客户端服务器(CS)模式,自主开发可视化数据中转应用,搭建双方数据交互桥梁。结果表明,DMZ有效保障了SCADA的安全运行,数据通信安全性极高,DMZ双向CS模式使数据中转更加快速、稳定、可靠。该研究为自动化控制系统对外数据交互设计实施提供了丰富的参考价值,对工业生产信息化平台如何安全访问生产过程数据具有一定的指导意义。

Generall,the supervisory control and data acquisition(SCADA)system does not allow the external network to access direetly,but the data communication between them cannot be avoided for the needs of production management,in order to effectively isolate the SCADA system from the external network,realize the rapid and automatic data interaction between the two parties,ensure the security and stability of data interaction.Demilitarized zone(DMZ.)system is set up between the two parties for transfer.OPC UA protocol which can be used for data encryption and certificate authentication communication is used to communicate with the external network,IEC 104 protocol with better timing is used to communicate with SCADA system,the protocol conversion is innovated and bidirectional client and server(CS)mode is adopted,developing visual data transfer application independently,building a data interaction bridge between both sides.The results show that the DMZ system effectively ensures the safe operation of the SCADA system,and the data communication safety is extremely high,the DMZ.dual terminal C/S architecture makes the data transfer fast,stable and reliable.The research provides a rich reference value for the design and implementation of the external data interaction of the automatic control system,and has a certain guiding significance for the industrial production information platform how to safely access the production process data.