Data Diode Client Tag
The data diode client tag is paired with Data Diode Publisher Tag to establish communication across a Data Diode device. This tag is configured on the Data Diode client side, outside of the secured network. The Data Diode Client tag must have a port number receiving data from Data Diode. At least one historian tag must be linked to the Data Diode Client tag.
Your Data Diode configuration may resemble the above diagram. The publishing tags and widgets belong in a secured network. The data is transmitted out, to a client tag on the receiving application. There is no means to transmit data into the secured network, effectively isolating it.
A Data Diode configuration requires two VTScada applications, one app on the secured network (publishing side), and one on an external network (client side).
The historian tags and I/O tags must be the same on both applications and have the same Unique IDs. The easiest way to do this is to create the publishing application first and clone it to reconfigure as the client application. Cloning is the only way to copy over the same assets with the same Unique IDs on an application outside of the secured network.
You must link the Historian tag(s) to the Publisher tag and Client tag by inserting custom properties in the Application Configuration.
First, find the Unique IDs of the Historian tag and either the full name or UniqueID of the Data Diode Publisher/Client tag. You can find this by locating them in the tag browser and hovering over them with your cursor. Write these down.
Next go to the Application Configuration > Edit Properties in Advanced Mode and Insert a new property.
The property name will be (The unique ID of the Historian tag)"DDPublisherID" or "DDClientID" and it's value will be (The full name or unique ID of the Data Diode Publisher/Client tag).
ex. To link a Historian tag with a unique ID of "123ztg-y\y" to a Data Diode Publisher tag with a full name of Station 1\DDP_01 you must insert 123ztg-y\yDDPublisherID = Station 1\DDP_01
To link a Historian tag with a unique ID of "4561#3_yg" to a Data Diode Client tag with a unique ID of "8_6ynG-0" you must insert 4561#3_ygDDClientID = 8_6ynG-0
If you have more than one Historian tag, repeat the process for all tags you wish to publish to Data Diode. The client-side Historian tags must have identical Unique IDs to the publisher-side Historian tags.
The global unique ID of the default system historian found in every VTScada application is "SystemHistorian"
After configuring the client application (historian and I/O tags are ready), you must refresh the historian storage location. There are two ways to do this. The easiest way is to set a new historian storage location. Alternatively, you can find the "History" folder and delete it. It will be located under VTScada > YourApplicationName > Data. When you begin receiving historian data, VTScada will create a fresh History folder.
There can only be one client server. The server list of the Data Diode Client tag must only contain one machine. If the client server fails, the client application would not be able to receive data. Data Diode can only send data to a specific IP address. It cannot automatically failover to a backup machine.
To switch to a new machine, you must reconfigure the server list to only have the new machine in it and update the IP and port number in the Data Diode. If the server has failed, the publisher will continue to transmit data. There is no way to signal to the publishing application directly that an error has occurred on the client application. Once the issue has been resolved, use Start from Date/Time on the publishing application to re-transmit data that was not replicated in the client application during the down-time.
Data Diode Client Properties ID Tab
The ID tab of every tag includes the same common elements: Name, Area, Description, and Help ID.
Name:
Uniquely identifies each tag in the application. If the tag is a child of another, the parent names will be displayed in a separate area before the name field.
You may right-click on the tag's name to add or remove a conditional start expression.
Area
The area field is used to group similar tags together. By defining an area, you make it possible to:
- Filter for particular tag groups when searching in the tag browser
- Link dial-out alarm rosters to Alarm tags having a particular area
- Limit the number of tags loaded upon startup.
- Filter the alarm display to show only certain areas.
- Filter tag selection by area when building reports
When working with Parent-Child tag structures, the area property of all child tags will automatically match the configured area of a parent. Naturally, you can change any tag's area as required. In the case of a child tag, the field background will turn yellow to indicate that you have applied an override. (Orange in the case of user-defined types. Refer to Configuration Field Colors)
To use the area field effectively, you might consider setting the same Area for each I/O driver and its related I/O tags to group all the tags representing the equipment processes installed at each I/O device. You might also consider naming the Area property for the physical location of the tag (i.e. a station or name of a landmark near the location of the I/O device). For serial port or Roster tags, you might configure the Area property according to the purpose of each tag, such as System or Communications.
You may define as many areas as you wish and you may leave the area blank for some tags (note that for Modem tags that are to be used with the Alarm Notification System, it is actually required that the area field be left blank).
To define a new area, type the name in the field. It will immediately be added. To use an existing area, use the drop-down list feature. Re-typing an existing area name is not recommended since a typo or misspelling will result in a second area being created.
There is no tool to remove an area name from VTScada since such a tool is unnecessary. An area definition will exist as long as any tag uses it and will stop existing when no tag uses it (following the next re-start).
Description
Tag names tend to be brief. The description field provides a way to give each tag a human-friendly note describing its purpose. While not mandatory, the description is highly recommended.
Tag descriptions are displayed in the tag browser, in the list of tags to be selected for a report and also on-screen when the operator holds the pointer over the tag’s widget. For installations that use the Alarm Notification System, the description will be spoken when identifying the tag that caused the alarm.
The description field will store up to 65,500 characters, but this will exceed the practical limits of what can be displayed on-screen.
This note is relevant only to those with a multilingual user interface:
When editing any textual parameter (description, area, engineering units...) always work in the phrase editor. Any changes made directly to the textual parameter will result in a new phrase being created rather than the existing phrase being changed.
In a unilingual application this makes no difference, but in a multilingual application it is regarded as poor practice.
Help Search Key
Used only by those who have created their own CHM-format context sensitive help files to accompany their application.
Data Diode Client Tag Properties Settings Tab
The settings tab of the Data Diode Client Properties.
TCP/IP Port Number
The TCP/IP Port Number field refers to the port number on the host address through which communications are enabled. The port number configured in the client tag can be any port that isn't used by other services. You must set up the Data Diode device with the same destination port. Refer to your hardware specification for more information.
The Data Diode Client Tag will act as a listener. That is why only a port number is required and not a TCP/IP Address. We strongly recommend your IT department set firewall rules for the port used by the Data Diode Client tag to ensure it only accepts connections from the Data Diode device.
