The data diode publisher tag is paired with the Data Diode Client Tag to establish communication across a Data Diode device. It is located on the Data Diode Publisher side, within the secured network. The Data Diode Publisher tag must have an IP Address and a port number from which the Data Diode will receive and publish data. At least one Historian tag must be linked to the Data Diode Publisher tag.
The historian tags and I/O tags must be the same on both applications and have the same Unique IDs. The easiest way to do this is to create the publishing application first and copy it to reconfigure as the client application.
You must link the Historian tag(s) to the Publisher tag and Client tag by inserting custom properties in the Application Configuration.
First, find the Unique IDs of the Historian tag and either the full name or UniqueID of the Data Diode Publisher/Client tag. You can find this by locating them in the tag browser and hovering over them with your cursor. Write these down.
Next go to the Application Configuration > Edit Properties in Advanced Mode and Insert a new property.
The property name will be (The unique ID of the Historian tag)"DDPublisherID" or "DDClientID" and it's value will be (The full name or unique ID of the Data Diode Publisher/Client tag).
ex. To link a Historian tag with a unique ID of "123ztg-y\y" to a Data Diode Publisher tag with a full name of Station 1\DDP_01 you must insert 123ztg-y\yDDPublisherID = Station 1\DDP_01
To link a Historian tag with a unique ID of "4561#3_yg" to a Data Diode Client tag with a unique ID of "8_6ynG-0" you must insert 4561#3_ygDDClientID = 8_6ynG-0
If you have more than one Historian tag, repeat the process for all tags you wish to publish to Data Diode. The client-side Historian tags must have identical Unique IDs to the publisher-side Historian tags.
The global unique ID of the default system historian found in every VTScada application is "SystemHistorian"
If the server fails on the client app, there is no way for the publishing app to detect it. It will continue transmitting data until the publishing application stops or an operator intervenes. Once the server issues on the client side is resolved, you can back-track by using the Start from Date/Time button to start retransmitting from the last date captured before the failure.
Your Data Diode configuration may resemble the above diagram. The publishing tags and widgets belong in a secured network. The data is transmitted out, to a client tag on the receiving application. There is no means to transmit data into the secured network, effectively isolating it.
A Data Diode configuration requires two VTScada applications, one app on the secured network (publishing side), and one on an external network (client side).
Data Diode Publisher Properties ID Tab
The ID tab of every tag includes the same common elements: Name, Area, Description, and Help ID.
Name:
Uniquely identifies each tag in the application. If the tag is a child of another, the parent names will be displayed in a separate area before the name field.
You may right-click on the tag's name to add or remove a conditional start expression.
Area
The area field is used to group similar tags together. By defining an area, you make it possible to:
- Filter for particular tag groups when searching in the tag browser
- Link dial-out alarm rosters to Alarm tags having a particular area
- Limit the number of tags loaded upon startup.
- Filter the alarm display to show only certain areas.
- Filter tag selection by area when building reports
When working with Parent-Child tag structures, the area property of all child tags will automatically match the configured area of a parent. Naturally, you can change any tag's area as required. In the case of a child tag, the field background will turn yellow to indicate that you have applied an override. (Orange in the case of user-defined types. Refer to Configuration Field Colors)
To use the area field effectively, you might consider setting the same Area for each I/O driver and its related I/O tags to group all the tags representing the equipment processes installed at each I/O device. You might also consider naming the Area property for the physical location of the tag (i.e. a station or name of a landmark near the location of the I/O device). For serial port or Roster tags, you might configure the Area property according to the purpose of each tag, such as System or Communications.
You may define as many areas as you wish and you may leave the area blank for some tags (note that for Modem tags that are to be used with the Alarm Notification System, it is actually required that the area field be left blank).
To define a new area, type the name in the field. It will immediately be added. To use an existing area, use the drop-down list feature. Re-typing an existing area name is not recommended since a typo or misspelling will result in a second area being created.
There is no tool to remove an area name from VTScada since such a tool is unnecessary. An area definition will exist as long as any tag uses it and will stop existing when no tag uses it (following the next re-start).
Description
Tag names tend to be brief. The description field provides a way to give each tag a human-friendly note describing its purpose. While not mandatory, the description is highly recommended.
Tag descriptions are displayed in the tag browser, in the list of tags to be selected for a report and also on-screen when the operator holds the pointer over the tag’s widget. For installations that use the Alarm Notification System, the description will be spoken when identifying the tag that caused the alarm.
The description field will store up to 65,500 characters, but this will exceed the practical limits of what can be displayed on-screen.
This note is relevant only to those with a multilingual user interface:
When editing any textual parameter (description, area, engineering units...) always work in the phrase editor. Any changes made directly to the textual parameter will result in a new phrase being created rather than the existing phrase being changed.
In a unilingual application this makes no difference, but in a multilingual application it is regarded as poor practice.
Help Search Key
Used only by those who have created their own CHM-format context sensitive help files to accompany their application.
Data Diode Publisher Properties Settings Tab
The settings tab of the Data Diode Publisher Properties.
TCP/IP Name/Address
The TCP/IP Name/Address field provides a space for you to identify the name or IP address of the server to which to connect (for example, MyRTU.com, or 198.255.32.1).
TCP/IP Port Number
The TCP/IP Port Number field refers to the port number on the host address through which communications are enabled. This information should be available from your hardware specification.
Privilege
Select a custom security privilege from this drop down to limit the access to this view to only those operators who have been granted the matching security privilege.
Reset Published State
The publishing application keeps track of data transmitted to Data Diode by using counters, state files and by utilizing a queue complete with headers and trailer checksums. In this way, VTScada can publish from where it left off if the transmission is stopped and started. To reset the published state and begin transmitting from the earliest recorded data in the historian, click Reset Published State to clear the slate.
If you select reset published state the data used as a placeholder will be deleted. You cannot undo it and you cannot speed up the process using Start from Date/Time. This widget relies on data that will be erased by resetting the published state. You will have to let the bulk sync process complete.
