Scribd
Upload
120 views18 pages

O-PAS Standard

Uploaded by

Wanniwat Naruenatwanit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
120 views18 pages

O-PAS Standard

Uploaded by

Wanniwat Naruenatwanit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

O-PAS™ Standard Version 1.

0
A Preliminary Standard of
The Open Group
O-PAS™ Standard Version 1.0
A Standard of The Open Group
» Released December 2019 (Preliminary released February 2019)
– O-PAS Part 1 – Technical Architecture Overview (Informative)
• Describes an O-PAS conformant system through a set of interfaces to the components
– O-PAS Part 2 – Security (Informative)
• Describes the informative aspects necessary to ensure the Cybersecurity functionality
of O-PAS conformant components
– O-PAS Part 3 – Profiles
• Conformance profile summary
– O-PAS Part 4 – O-PAS Connectivity Framework
• Run time communication and information exchange models
– O-PAS Part 5 – System Management
• Management of distributed control nodes
– The O-PAS Standard is defined to allow development of systems
consisting of components from multiple vendors, without requiring custom
integration
2
Copyright © The Open Group 2019
The Big Picture

Copyright © The Open Group 2019


For example, IEC 61131-3 SFC,
FILO Model ST, & LL or FBD Program written
by a System Integrator or
Application
F
End User
Layers of Applications & Services
Configuration Program Data

Uses services & features of Layer I

For example, IEC 61131-3


Execution Engine written by a Application
Software Supplier I
Configuration Program Data

Uses services & features of Layer L

For example, OPC UA Services


Component written by a Software Application
Supplier L
If needed then additional
Configuration Program Data
layers above and below
FILO can be used Uses services & features of Layer O

A B C D E F For example, UNIX® O/S written


G H I Application
J
M
K
N
L
O
or ported by a Software or
Hardware Supplier O
P Q R S
Configuration Program Data

Copyright © The Open Group 2019


Example Deployment Environments
Runtime Environment Containers
Native O/S Configuration Configuration
Configuration Configuration
(Layer F) (Layer F)
Apps/Libs (Layer F) (Layer F)
App App
App App (Layer I) (Layer I)
Configuration Configuration
(Layer F) (Layer F) (Layer I) (Layer I)
Library Library
Bare App App (Layer L) (Layer L)
Metal (Layer I) (Layer I)
Library Library Framework Framework
Apps/Libs (Layer L) (Layer L) (Layer L) (Layer L)
Configuration
(Layer F) Library
(Layer L) Guest OS Guest OS
App
(Layer I) or RTOS or RTOS
BOOT Native OS (Layer O) (Layer O)

Library
or RTOS
(Layer L)
(Layer O) Hypervisor/Separation Kernel

UEFI Hardware
BIOS
Network
Processor Memory Peripherals
Interface
5
From IIC – IISF (Industrial Internet Security Forum)
Copyright © The Open Group 2019
External
External
Configuration External
Management
Management
Management
Information Tool
Tool
Tool

Distributed Control Node (DCN)


Distributed
Control Application
Application
Application
Application
Framework
Distributed (DCF)
Distributed
Distributed
Control
Distributed
Control
NodeControl
(DCN) DCF Services
NodeControl
(DCN)
Node (DCN)
Node (DCN)

Distributed Control Platform (DCP)

Field Devices, Sensors,


OCF Networking Infrastructure
Actuators … 6
Copyright © The Open Group 2019
O-PAS – A Future Vision
Information in Basic Configuration Format Configuration Application Security System
and Companion Configuration Formats Used by Management Management Management Management
(e.g., 61131-3 Companion Spec, …) Tools Tools Tools Tools

Distributed
Control
Framework Configuration
Applications Management
(DCF) Interface^

Connectivity Application Configuration Security


Framework Application
Connectivity Software Services Information Services Management
Framework Interface* Interface Interface* Interface* Interface^
Other Distributed Interface+ Security
Control Nodes Management
DCF Interface^
(DCNs) DCF (Distributed Control Framework) Services
Connectivity
Framework
Interface+ DCP Security System
Services Management Management
Interface* DCP Interface^ Interface^

DCP Networking Distributed Control Platform (DCP)


Physical Interface~

DCP Networking DCP I/O Physical


Physical Interface~ Interface~* Distributed Control Node (DCN)

OCF Networking Field Devices, Sensors,


Infrastructure Actuators …

7
Copyright © The Open Group 2019
O-PAS – Version 1
Information in Basic Configuration Format Configuration Application Security System
and Companion Configuration Formats Used by Management Management Management Management
(e.g., 61131-3 Companion Spec, …) Tools Tools Tools Tools

Distributed
Control
Framework Configuration
Applications Management
(DCF) Interface^

Connectivity Application Configuration Security


Framework Application
Connectivity Software Services Information Services Management
Framework Interface* Interface Interface* Interface* Interface^
Other Distributed Interface+ Security
Control Nodes Management
DCF Interface^
(DCNs) DCF (Distributed Control Framework) Services
Connectivity
Framework
Interface+ DCP Security System
Services Management Management
Interface* DCP Interface^ Interface^

DCP Networking Distributed Control Platform (DCP)


Physical Interface~

DCP Networking DCP I/O Physical


Physical Interface~ Interface~* Distributed Control Node (DCN)

OCF Networking Field Devices, Sensors,


Infrastructure Actuators …

8
Copyright © The Open Group 2019
O-PAS™ Difference – Security Vision

Traditional O-PAS™

After
Thought
Designed-in
Adaptable
Bolted
Security
on

9
Copyright © The Open Group 2019
O-PAS™ - Key End-User Security
Requirements
» Standards-based, open, secure, and interoperable process
control architecture:

– The O-PAS architecture shall take advantage of existing industry


standards whenever possible and practical and consistent with
achieving the goals of the O-PAS Standard.
– O-PAS components shall meet or exceed the Security Levels (SLs)
defined in industry standards, as determined by the system owner.
– The O-PAS Standard shall allow for the development of O-PAS
components using secure programming practices and restrictions.
10
Copyright © The Open Group 2019
O-PAS™ Security Scope

11
Copyright © The Open Group 2019
OCF – Version 1.0 Content
» Written as an OPC UA Companion Specification
– Builds on OPC UA components:
• Use of a common Information Models for Interoperability
• References OPC UA’s latest communication profiles to fulfill OPAFs requirements on interoperability
between DCNs and exposing O-PAS data
• Mandates latest security facets and techniques in the OCF Framework

» Two OCF profiles enabling interoperability between DCNs


– OCF-001: OPC UA Client/Server Profile
– OCF-002: OPC UA Client/Server and Pub/Sub Profile
» Basis for an O-PAS specific Information model
– First focus on exposing Boundary Signals through OCF interface to local and remote
applications
– Extensible Information Model for future releases of the standard
» Includes optional components such as Alarms and Conditions Facets, plus
Historian Facets 12
Copyright © The Open Group 2019
O-PAS™ System Management
» Scope
– Define standardized management of hardware and software in an O-PAS
compliant system
» Version 1 - Remote hardware management focus
» Investigated multiple options - Adopted DMTF Redfish
– Provides wide range of desired functionality including: inventory, hardware
monitoring, telemetry, logging, and alarming across heterogeneous
hardware
– Interoperability between hardware and system management applications
– Can support OPAF-specific data models (profiles)
– Appear to be supported by many IT companies and is growing

13
Copyright © The Open Group 2019
What is Redfish?

» Next generation API for scalable, secure, and


interoperable remote hardware management
– Replaces IPMI over LAN
» RESTful interface – HTTP/HTTPS and JSON
– Schema-driven – Define models/profiles for JSON content
– Equally usable by applications, GUIs, browsers, and scripts
– Human readable
» Supports any development environment
» Extensible via data model profiles
14
Copyright © The Open Group 2019
Redfish Data Model

15
Copyright © The Open Group 2019
O-PAS™ Redfish Profiles
Legend
Network Connection

» OSM-RedfishBMC System Management Server Local


Diagnostics

– Nodes with traditional out- Node Compute


Board
Clients

of-band BMC BMC


Local Access

Ethernet

– (Baseboard Management
Controller) System
Management

– Targeted at servers to
Main
Clients

desktops Network

OSM-RedfishBMC Profile
16
Copyright © The Open Group 2019
O-PAS™ Redfish Profiles

» OSM-Redfish Legend
Network Connection

– In-band management without System Management Server

a BMC Node Compute


Board

– Subset of OSM-RedfishBMC
System
Main
Management
Clients

(no power control, BIOS, …) Agent


Software
Ethernet
Network

– Targeted at DCNs or other


small devices
OSM-Redfish Profile

17
Copyright © The Open Group 2019
Questions

Copyright © The Open Group 2019

You might also like