15.2 IEC 61850 Server
WCC Lite can act as an IEC 61850 server to serve data to remote SCADA systems. For example, WCC Lite can be used to acquire data from various protocols (Modbus, IEC 60870-5-103, etc.), this data can be redirected and propagated further to a single or multiple IEC 61850 clients. IEC 61850 Server supports TCP and TLS connection types. TCP connection can be secured with password authentication.
Commands
WCC Lite IEC 61850 Server implementation defines four command types which are described by their control model:
- Case 1: Direct control with normal security (direct-operate);
- Case 2: SBO control with normal security (operate-once or operate-many);
- Case 3: Direct control with enhanced security (direct-operate);
- Case 4: SBO control with enhanced security (operate-once or operate-many).
Normal security commands are considered for execution if the command signal is found in Excel configuration. There aren’t any additional checks in command execution in any master protocol.
Enhanced security commands need feedback from the master protocol to either succeed or fail. If feedback is not received within the command_ack_timeout_ms timeframe, the command is considered as failed.
Command value attributes (e.g. stVal) must be updated separately (if they need to be updated).
When using SBO commands, select is not routed to the master protocol and select logic is performed only in IEC 61850 Server protocol.
Configuring data points
To use the IEC 61850 Server in WCC Lite, it has to be configured via an Excel configuration and the data model must be uploaded. This configuration contains two Excel sheets where parameters have to be filled in - Devices and Signals.
If a few devices were to connect to a server using the same virtual port, all of the IP addresses have to be specified on the host field separated by space. That way all of the clients will be able to connect from different IP addresses but using the same port as long as they all have the same subnet address.
IEC 61850 Server parameters for Devices tab
| Parameter |
Type |
Description |
Required |
Default value (when not specified) |
Range |
|
|
Min |
Max |
|||||
|
name |
string | User-friendly name for a device | Yes | |||
| description | string | Description of a device | No | |||
| device_alias | string | Alphanumeric string to identify a device | Yes | |||
| enable | boolean | Enabling/disabling of a device | No | 1 | 0 | 1 |
| protocol | string | Protocol to be used | Yes | IEC 61850 Server | ||
| bind_address | string (IP address format) | The IP address of an interface to use with the server | No | 0.0.0.0 | ||
| host | string (IP address format) |
IP address list of allowed IPs (separated with spaces) |
Yes | |||
| port | integer |
TCP communication port |
No | 102 | ||
| auth | string |
Authorization type |
Yes | “NONE”, “PASSWORD”, “TLS” | ||
| password | string |
Authorization password for server device |
Yes ( for PASSWORD) | |||
| tls_local_certificate | string |
Local certificate for TLS connection |
Yes (for TLS) | |||
| tls_peer_certificate | string | Certificate authority file for TLS connection | Yes (for TLS) | |||
| tls_private_key | string | A file consisting of the private key for TLS connection | Yes (for TLS) | |||
| ied_name | string | Name of an Intelligent Electronic Device | Yes | |||
| originator | string | Origin identification for the device | No | |||
| model_filename | string | The filename of the server model, without the .server extension | Yes | |||
|
command_ack_timeout_ms |
integer |
Timeframe (ms) in which enhanced security commands must be acknowledged (Default: 3000) |
No | 3000 | ||
| report_buffered_size | integer |
Report control blocks buffer size in bytes (Default: 65536) |
No | 65536 | ||
| report_unbuffered_size | integer |
Unbuffered report control blocks buffer size in bytes (Default: 65513) |
No | 65513 | ||
IEC 61850 Server parameters for Signals tab
| Parameter |
Type |
Description |
Required |
Default value (when not specified) |
Range |
|
|
Min |
Max |
|||||
| signal_name | string | User-friendly signal name | Yes | |||
| device_alias | string | Device alias from a Devices tab | Yes | |||
| signal_alias | string | Unique alphanumeric name of the signal to be used | Yes | |||
| enable | boolean | Enabling/disabling of an individual signal | No | 1 | 0 | 1 |
| log | boolean | Allow signal to be logged. If the log is 0 signal will not be logged. If the log is more than 0 signal will be logged | No | 0 | ||
| number_type | string | Number format type (BOOLEAN, FLOAT, INT16, etc.) | Yes | BOOLEAN, INT8, INT16, INT32, INT64, INT128, INT8U, INT24U, INT32U, FLOAT32, FLOAT64, ENUMERATED, OCTET STRING 64, OCTET STRING 6, OCTET STRING 8, VISIBLE STRING 32, VISIBLE STRING 64, VISIBLE STRING 65, VISIBLE STRING 129, VISIBLE STRING 255, UNICODE STRING 255, TIMESTAMP, QUALITY, CHECK, CODEDENUM, GENERIC BITSTRING, CONSTRUCTED, ENTRY TIME, PHYCOMADDR, CURRENCY, OPTFLDS, TRGOPS | ||
| ld_instance | string | An instance of a logical device | Yes | |||
| ln_class | string | Logical node class type | Yes | |||
| ln_instance | integer | An instance of a logical node | No | |||
| ln_prefix | string | Prefix of logical node string | No | |||
| cdc | string | Common Data Class (CDC) name | Yes | SPS, DPS, INS, ENS, ACT, ACD, MV, CMV, SAV, SPC, DPC, INC, ENC, BSC, ISC, APC, BAC | ||
| data_object | string | Name of a data object in the dataset | Yes | |||
| da_value | string | Name of a data attribute value node | Yes | |||
| da_fc | string | Functional constrain for data object | Yes | ST, MX, CO, SP | ||
| control_model |
string |
Model of output control |
Yes (for commands) |
read-only |
read-only, direct-with-normal-security, sbo-with-normal-security, direct-with-enhanced-security, sbo-with-enhanced-security |
|
Device status signals
IEC 61850 has an additional signal which can be configured to show communication status. It is used to indicate if the client device has disconnected from the server (WCC Lite). To configure such a signal for the IEC 61850 protocol, job_todo and tag_job_todo fields with string values are required. For the IEC 61850 server required parameters for the status signal will be signal_name device_alias, signal_alias, number_type, job_todo and tag_job_todo. Job_todo value must be device_status and for tag_job_todo there are 4 variations: communication_status, device_running, device_error, uknown_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down.
Converting and uploading data model
To use the IEC61850 Server protocol in WCC Lite, the user must upload a data model in a specific format (file extension .server). These data models can be converted from SCL files (.icd, .cid or .scd files). To convert a data model, the user must use WCC Excel Utility. There’s a separate tab for this operation as shown in the picture below.
The converted file can be uploaded in the WCC Lite web interface, Protocol Hub section. The current model can be also downloaded on the same page as shown in the picture below.
Debugging an IEC 61850 server application
If the configuration for the IEC 61850 Server is set up, a handler for the protocol will start automatically. If the configuration is missing or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage.
If the IEC 61850 Server does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly.
To launch a debugging session, a user should stop iec61850-server process and run iec61850-server command with respective flags as you can see below:
iec61850-server-h [--help] Show help message
-c [--config] arg Configuration file location
-V [--version] Show version
-d [--debug] arg Set Debug level
-r [--redis] Show Redis messages
-C [--commands] Show command messages
-R [--readyfile] arg Ready notification file