Solutions
WeOS the solution provider
All new products from Westermo are based on the WeOS operating system. This means that regardless of which product, you will benefit from the massive development of our unique software platform. Our standard managed switches will now have advanced layer 3 functionality such as routing, firewalls, VPN, SNMP, IGMP, redundant rings and much more right from the start. Choose your product by interface and approval requirements, and WeOS will cover your networking needs.
Problem: Repeated IP addresses across network
Solution: NAT/port forwarding
In some applications, the same IP addresses are sometimes reused for each island of equipment. This is typical for Wind turbines or solar panels where the equipment is pre-configured and delivered to site as a stand alone unit. In large installations, a SCADA system is used to manage the individual islands, but this is a problem as all the devices in each island have the same IP address.
WeOS can overcome this issue using NAPT or NAT port forwarding rules. Using the integrated firewall in WeOS, rules can be created to translate an IP address and port numbers on the SCADA network to an IP address and port number on the Wind turbine network.
Problem: Access to secure data from untrusted network
Solution: DMZ firewall configuration
In infrastructural applications there are often demands for high network security, and being able to control the data traffic on the network is a key issue when utility companies want to allow network management and monitoring over insecure networks. With any WeOS product, you can create a Demilitarized Zone (DMZ) which acts as a buffer between the trusted zone and un-trusted zones (usually the Internet). DMZ prevents direct communication between the un-trusted zone and the protected network. All communications from the un-trusted zone are terminated on an intermediate Server or Historian.
Problem: Sensitive data passing through untrusted networks
Solution: Encrypted Ipsec VPN tunnel
Many applications within the utility sector extend over large geographical areas where the possibility of management and monitoring from a remote location can be crucial. All WeOS products are equipped with VPN functionality, which means that network resources can be provided in a secure manner over un-trusted networks like the Internet.
VPN can also be used to connect different remote networks with each other. Networks connected with VPN tunnels function exactly like one joined network, even though they can be physically located at any location.
WeOS allows for up to 25 IPSec encrypted VPN tunnels to be created.
Problem: Prediction of possible network failure
Solution: SNMP for alarms/traps and monitoring
With the WeOS enabled Wolverine, Lynx and RedFox, Westermo offers perfect solutions for migrating existing systems to IP and being able to make a flexible choice between copper and fibre runs.
The additional benefits that IP networks offer is being able to do monitoring on various parameters. Alarms or SNMP traps can be sent before there is a network failure mode. This increases the availability of legacy systems.
Problem: Use IP to replace legacy enterprise network
Solution: Layer 3 Dynamic Routing
In railway signalling, two different migrations take place at the same time. Apart from the migration from legacy IIP systems, Ethernet systems now also have the capability to replace large parts of existing SDH systems ( Synchronous Digital Hierarchy). In case of an increased density of trackside equipment, no additional SDH nodes are needed since Industrial Ethernet equipment is able to offer the needed availability, using either layer 2 redundancy and/or layer 3 static or dynamic routing. Whichever need you have, from simple 25 year-old FSK serial technology up to complex routing across different media, Westermo has it all to support you in offering a complete solution for complex and demanding environments.
Problem: Breaks in multicast data streams during ring recovery
Solution: IGMP Snooping
Long distance transmission of IP Video over existing backbone systems makes it possible to selectively monitor trackside cameras without draining the system’s bandwidth when cameras are not monitored.
In the same way, it is possible to ‘broadcast’ a single stream over the network and make it available to an unlimited amount of users, using only the single stream to each network node. With the implementation of IGMP Snooping and redundancy protocols supported in WeOS, Westermo is able to offer a IP CCTV and IP Broadcasting solution based on any kind of media.
Whether it is copper, fibre, or inter-station transmission over SDH (Synchronous Digital Hierarchy) backbones, WeOS offers all the protocols needed to build and manage the network solution.
Problem: Managing networks securely
Solution: SSH, HTTPS and SNMP V.3
As our networks grow, it becomes more important that they can be managed and monitored easily, but also with a high degree of security. Managing networks over insecure un-encrypted links, even on the local LAN is no-longer acceptable.
Products running WeOS can be configured through a secure user-friendly web interface or through an industry standard CLI interface. Regardless of how you configure your network devices, all management information will be SSL encrypted.
The industry standard SNMP (v2c and v3) and Syslog protocols are supported within WeOS to provide status information on the health of the network.
Problem: Resilient enterprise level network
Solution: OSPF and VRRP
Features for increased availability and security through layer 3 routing are crucial for the next generation of industrial control networks. For this reason, we have implemented the most widely used routing protocols in industrial networks into our software platform. OSFP (Open Shortest Path First) in combination with VRRP (Virtual Router Redundancy Protocol) allow you to build redundant network topologies such as ring, star, mesh or any network type at any time.
For control networks in the water and wastewater sector, this may be particularly important as these systems are often built to control and monitor critical processes.
An improved network availability and security lessens any negative impact on the environment through enhanced management and asset visibility. The lifetime of assets can be extended due to better maintenance and management. These are just some of the benefits that can be achieved.
Problem: Network security for critical control devices
Solution: Firewalls between VLANs
Older plants are often built up of small isolated processes or automation islands. The present situation does however look different where high security and availability are key requirements.
The cost of reprogramming the automation islands can be prohibitive. Westermo’s Ethernet devices running WeOS can solve this issue relatively easily with a combination of VLANs and routing to integrate all the automation islands into one system without the need to re-configure all the IP addresses on the system.
The security issues associated with a plant-wide network can be addressed with the integrated Firewall built into every WeOS enable device.