Communication Architectures
Overview
Panel Server Universal and Advanced feature two Ethernet ports and Wi-Fi connection. The Panel Server Entry features one Ethernet port and Wi-Fi connection
This topic presents several typical architectures that can be built with a Panel Server Entry, Universal or Advanced to highlight the use cases they serve.
Availability
This function is available on Panel Server Entry, Universal, and Advanced.
Switched Ethernet Network
When the Panel Server is configured in switched Ethernet mode, either ETH1 or ETH2 can be used for cloud connectivity and/or downstream device aggregation (single IP interface). Downstream devices connected to the same subnet as the Panel Server are reachable.
The following diagram illustrates a daisy-chain architecture with Ethernet port configuration in switched mode. Both Ethernet ports are connected together using the Panel Server internal Ethernet switch.
This architecture enables devices located upstream or downstream from the Panel Server to communicate together as part of the same network.
Switched Mode Configuration is available only for Universal and Advanced Models.
-
Panel Server
-
Edge monitoring and supervision software such as EcoStruxure Power Monitoring Expert or EcoStruxure Power Operation or EcoStruxure cloud services such as EcoStruxure Asset Advisor and EcoStruxure Resource Advisor
-
Wired devices
-
Wireless devices
IP communication area where ETH1 and ETH2 ports belong to the same IP network.
To set up this architecture:
-
Configure Ethernet network in the switched mode.
-
Enable Modbus service on Panel Server Ethernet ports.
Separated Ethernet Network
This architecture is recommended for network security:
-
This architecture keeps the Ethernet network segregated.
-
No IP packet is forwarded between Panel Server ports ETH1 and ETH2.
-
Modbus server can be enabled on Panel Server port ETH1 or ETH2.
The Panel Server supports direct connection to a PC on either of the Ethernet ports (ETH1 and ETH2). When connected, it is possible to ping and/or access the Panel Server webpages from a PC. Note that SSH connection is not supported.
When the Panel Server is configured in separated Ethernet mode, ETH1 is used as the upstream interface (default route passes through ETH1). ETH2 port is used for downstream device aggregation and only devices connected to the same subnet are reachable.
The following diagram illustrates an architecture with Ethernet port configuration in separated mode:
-
In the case of cloud connection, this architecture allows you to avoid malicious access to the downstream devices (including Modbus TCP/IP devices connected on ETH2). Cloud connection is done through ETH1 port. Modbus TCP/IP server is disabled on ETH1 port.
Modbus TCP/IP server on ETH2 port can also be disabled.
-
In the case of edge software, this architecture allows you to separate electrical distribution devices from the IT network (LAN) and also allows you to have a single IP address to access the electrical distribution devices. Modbus TCP/IP client is enabled on ETH1port to allow the edge software to access data within devices connected to ETH2 port.
Modbus TCP/IP server on ETH2 port can be disabled.
Separated Mode Configuration is available only for Universal and Advanced Models.
-
Panel Server
-
Edge monitoring and supervision software such as EcoStruxure Power Monitoring Expert or EcoStruxure Power Operation or EcoStruxure cloud services such as EcoStruxure Asset Advisor and EcoStruxure Resource Advisor
-
Wired devices
-
Wireless devices
IP communication area accessible from ETH1 port
IP communication area accessible from ETH2 port
To set up this architecture:
-
Configure Ethernet network in the separated mode.
-
Disable Modbus service on ETH1 port if you want to block upstream software using Modbus TCP/IP to access Panel Server and downstream devices.
In this case, an edge software connected upstream will not have access to the Panel Server and the devices connected.
Separated Ethernet network with two Ethernet ports enabled upstream
The Panel Server supports polling of serial devices connected downstream from two isolated Ethernet networks.
To set up this architecture:
-
Configure Ethernet network in the separated mode.
-
Enable Modbus service on ETH1 and ETH2 ports to allow upstream software using Modbus TCP/IP to access the Panel Server and downstream devices.
Wi-Fi Network
The following diagram illustrates an architecture with Wi-Fi only.
This architecture allows you to leverage Wi-Fi infrastructure network to avoid wiring a solid Ethernet cable. Depending on the upstream application (for example, SCADA or cloud), Modbus service on Wi-Fi interface can be disabled to avoid malicious access to downstream Modbus and wireless devices.
-
Panel Server
-
Edge monitoring and supervision software such as EcoStruxure Power Monitoring Expert or EcoStruxure Power Operation or EcoStruxure cloud services such as EcoStruxure Asset Advisor and EcoStruxure Resource Advisor
-
Wired devices
-
Wireless devices
IP communication area accessible from Wi-Fi interface
To set up this architecture:
-
Enable Wi-Fi.
-
Disable Modbus service on Wi-Fi interface if you want to block upstream software using Modbus TCP/IP to access Panel Server and downstream devices.
This set up is possible through the Panel Server webpages, not EcoStruxure Power Commission software.
Network with Wi-Fi and Switched Ethernet Network
The following diagram illustrates an architecture with Wi-Fi upstream and Ethernet port configuration in switched mode downstream. There is one downstream Ethernet network. The Wi-Fi and Ethernet networks managed by the Panel Server are separated.
This architecture allows you to leverage Wi-Fi infrastructure network to avoid wiring a solid Ethernet cable. Depending on the upstream application (SCADA, cloud, or web browser), Modbus service can be disabled to avoid malicious access to Modbus and wireless devices.
If the upstream system is an edge control software using Modbus TCP/IP service, then Modbus service needs to be enabled on Wi-Fi. Modbus service can be disabled on ports ETH1 and ETH2.
If the upstream system is a web browser accessing the Panel Server webpages or a cloud application, then Modbus service can be disabled on Wi-Fi and on ports ETH1 and ETH2.
Switched mode configuration is available only for Universal and Advanced models.
-
Panel Server
-
Edge monitoring and supervision software (for example, EcoStruxure Power Monitoring Expert or EcoStruxure Power Operation) or EcoStruxure cloud services (for example, EcoStruxure Asset Advisor and EcoStruxure Resource Advisor)
-
Devices
IP communication area accessible from Wi-Fi interface
IP communication area accessible from ports ETH1 and ETH2
To set up this architecture:
-
Enable Wi-Fi.
-
Configure Ethernet network in the switched mode.
-
Disable Modbus service on Wi-Fi interface if you want to block Wi-Fi access to Panel Server and downstream devices.
Network with Wi-Fi and Separated Ethernet Network
The following diagram illustrates an architecture with Wi-Fi upstream and Ethernet port configuration in separated mode downstream. There are two downstream Ethernet networks. The Wi-Fi and Ethernet networks managed by the Panel Server are always separated.
This architecture allows you to leverage Wi-Fi infrastructure network to avoid wiring a solid Ethernet cable. Depending on the upstream application (SCADA, cloud, or web browser), Modbus service can be disabled on a per interface basis (ETH1/ETH2/Wi-Fi) for optimized security.
-
Panel Server
-
Edge monitoring and supervision software (for example, EcoStruxure Power Monitoring Expert or EcoStruxure Power Operation) or EcoStruxure cloud services (for example EcoStruxure Asset Advisor and EcoStruxure Resource Advisor)
-
Devices
IP communication area accessible from Wi-Fi interface
IP communication area accessible from ETH1 port
IP communication area accessible from ETH2 port
To set up this architecture:
-
Enable Wi-Fi.
-
Configure Ethernet network in the separated mode.
-
Disable Modbus service on the one or several interfaces where Modbus TCP/IP server is not used if you want to help prevent malicious access to the Modbus devices through these interfaces.