SIMATIC WinCC Open Architecture - Basic system


The object-oriented structure, extraordinary flexibility, as well as satisfaction of the highest safety demands have made SIMATIC WinCC Open Architecture the preferred solution for complex, large-scale and/or safety critical projects.

Many individual mechanisms and functions guarantee safety, security, reliability and availability of data, these include:

  • Secure data transfer also in public networks and widely geographically distributed architectures

  • Security functionalities (logon, authorization system, automatic logoff)

  • System stability through diagnosis functions

  • Controlled handling of overload

  • Exclusion of data tampering through logging

  • Redundancy through hot standby system

  • Distributed system through functional split across autonomous subsystems

  • Disaster Recovery System (redundant data storage in a geographically separated second control center)

SSL encryption

SSL encrypted communication / Multiplexing Proxy
SSL (Secure Sockets Layer) are cryptographic protocols which are
designed to provide communication security over the network.
From version 3.12 SSL encryption for communication of managers to each other and to all clients is used consistently. It is implemented by default in the system.
It is implemented directly in the manager base class and active by default when creating a new project.

Main features of the Multiplexing Proxy:

  • A reduction of open network server ports (only one per system)

  • Blocking of denial-of-service attacks

  • Multiplexing Proxy may run under a low-privileged user account (different from other managers)

Benefits of SSL encryption:

  • Highest data security

  • By default implementation of SSL encryption in WinCC OA the security of communication has been extended

WinCC OA Secure - Kerberos

WinCC OA Secure is a third party authentication mechanism based on Kerberos, developed by MIT. Symmetric key encryption, no key word transfer. Absolute secure protection of internal and external communication.

  • WinCC OA Secure enables the authentication, integrity and encryption of the communication

  • No transfer of User/Password information via the network

  • Fast due to use of symmetric encryption protocol

  • Allows Single-Sign-On

  • Proven method

  • State of the Art

Hot standby redundancy

With the aid of the well thought-out redundancy concept of SIMATIC WinCC Open Architecture it is possible to fulfill the demands of plant engineers and operators in terms of availability and process and data security.

  • Hot standby redundancy with dual computer systems

  • In a redundant system each user interface is linked with the active and passive system. Redundancy switching is thus smooth without impairing system operability

  • Automatic switching is performed in the tenth-of-a-second range without data loss

  • Automatic matching of process image, alarm data and history at system start-up

  • Freely configurable switching mechanisms with weighted error status evaluation

  • Additional security by means of differentiating between computer and network failure

  • Redundant network connections between different computers

  • Split mode with redundancy - Test of new configurations and parameterizations without interfering the operation.

Disaster Recovery System

High availability and breakdown security are significant factors in automation technology. Even a short downtime can cause considerable costs and safety risks. The Disaster Recovery System secures the availability of the installation and data retention, even in the event of a total failure of the Master Control Center.

This system extends the single redundancy by a second redundant system, to which, in the event of a malfunction (e.g. an emission, a fire or an explosion in the building housing the primary system) one can switch over. This additional local redundancy provides the highest level of availability.

The Disaster Recovery System is designed as a Warm Standby System and consists of two geographically separated Hot Standby Systems, the Master Control Center and the Disaster Recovery Center, connected together by a high-availability dedicated line. In the normal operating condition, the Master Control Center is permanently connected to the periphery. In the event of a total breakdown of the Master Control Center, the geographically separated Disaster Recovery Center automatically takes over all the monitoring and control activities and activates the local periphery drivers of its own accord.

A further characteristic of the Disaster Recovery System is the local archive data retention in the Oracle databases of both Hot Standby Systems. This means that historical data can be accessed at all times. All database queries remain within the local network, thus requiring a narrower bandwidth. In order to secure up-to-date data in both systems, the historical data from both systems, in normal operating mode, are actively written to the specific Oracle database concerned. Synchronization of the data ensures redundant data retention.

The Disaster Recovery System is an extension of today's SCADA redundancy concept and thus reduces the probability of data loss to a minimum, guarantees faultless operation of the entire system and reduces excessive downtimes.