RESOURCES / CASE STUDIES
How NovaSource Power Services Chile successfully bridged the gap between IT and OT
NovaSource Power Services (NSPS) is the insight and O&M services partner for renewables asset owners ready to fuel smart growth. Their strategy has always encompassed using the latest technologies and managing the largest solar projects in the world, delivering best-in-class turnkey support across the renewables project lifecycle and working to prevent and solve problems all along the way.
The NovaSource team has worked at the forefront of the renewables industry for more than 20 years and manages over 16 GW of residential, commercial, industrial, and utility scale projects. As an independent O&M-focused company, NovaSource is poised to offer a great value in the design, maintenance and management of off-grid to utility scale projects around the world.
The challenge
In 2018 NovaSource Chile faced the challenge of creating the Chilean Remote Operation Control Center (CROCC), located in La Serena. The Control Center was conceived to cover the business needs of the increasingly growing portfolio of assets that NovaSource managed and maintained in the country, making the most of new cutting-edge digital tools.
Taking advantage of the new Control Center project, the project scope also included the migration of some old SCADA systems, existing in a few plants, which due to their lack of robustness, implicit cyber risks linked to outdated technologies, and high maintenance operational costs were preventing NovaSource from excelling in the management of these assets.
The main goal of the project was to aggregate all the data in one robust platform that allowed to standardize the solution for every plant regarding reliability, scalability and usability as well as harnessing new technologies to share information with third party applications and stakeholders, via the most extended IIoT protocols, ensuring the security of the assets at all times.
To make all this happen, NovaSource worked with the system integrator Trekkor, a Spanish company with a strong background in developing this type of projects, not only for renewable energy plants, where they have taken part in projects accounting for over 2 GW of installed power, but also in pharma and food & beverage industries.
An infographic showing the Chilean Remote Operation Control Center (CROCC) located in “La Serena”, Chile.
Robust and secure
In order to meet all the requirements of such an ambitious project, Trekkor decided to implement N3uron, a web-based industrial application platform with fully integrated tools for building solutions in HMI, SCADA, and Industrial Internet of Things (IIoT) solutions. “So far, we have been working with N3uron for five years. Our experience during this time has been excellent. That is the main reason why N3uron is always our first choice when selecting which IIoT platform to deploy,” said Rubén Rato, Project Manager for Trekkor.
Trekkor designed and deployed a distributed redundant and scalable architecture including two local N3uron nodes in every plant, each of them connected to its corresponding redundant node in the CROCC.
Given the modular nature of N3uron, every node is running the strictly necessary modules according to the project requirements. Every local node is executing the following modules: Modbus Client, DNP3 Client, DNP3 Server, MQTT Client, Scripting, Derived Tags and Historian, while the two redundant central nodes are running Historian and Web Vision (N3uron’s SCADA module). Modbus and DNP3 are used to communicate with field devices such as inverters, weather stations, trackers, substations, etc.; MQTT and Scripting to exchange data with third party applications and Derived Tags to make calculations and data aggregation.
One of the major drawbacks the previous SCADA systems had was the frequent data loss, taking into account that a typical site has around 700 devices which in total amount to over 20,000 I/O tags per site. That’s a lot of data and therefore the impact in the management of the power plants was considerable. This issue was easily overcome thanks to the Store & Forward built-in mechanism that the communication between N3uron nodes provides, which means that any data, either real-time or historical, which is not delivered due to a communication failure between the nodes, is stored locally and automatically sent once the connection is restored.
Another major advantage of the communications between N3uron nodes, called Links, is that data integrity and security are guaranteed, the connection initiated by a node is configured as an outbound connection, meaning that it is not necessary to open any input port in the firewall, thus preventing critical infrastructures from being exposed to cyber attacks. On the other hand, all data exchanges between nodes are always secured using TLS protocol (Transport Layer Security). This means that in order to enable communication, nodes must exchange digital certificates with each other and these certificates must be previously validated manually in the nodes with which they are intending to communicate. Regardless of what node starts the communication, bidirectional data exchange is possible, as long as it is allowed when configuring the Link.
Also implemented was an extra security layer consisting of creating security zones, so that clients in each zone can only and exclusively access the strictly necessary data. In order to create this zone separation, depending on the information that will be accessed, N3uron allows to configure groups of variables called Views, in addition to the classic read/write permissions for each variable. This enables any potentially dangerous actions to be blocked, regardless of whether malicious or accidental.
Finally, and given that N3uron is fully web-based for both client access to nodes through the Web UI module (used for configuring and visualizing data), as well as the corresponding Web Vision module for SCADA/HMI functionalities, the system makes use of TLS protocol for ensuring secure and confidential communications over unsecured networks. Apart from preventing malicious third-party access to data, this measure also protects against the known vulnerability – session hijacking, which involves exploiting a valid session to gain unauthorized access to information or services.
“As for security N3uron is a warranty. With it you can easily deploy a DMZ architecture or ensure that data flows in only one direction using the Data Diode module,” said Rato.
Bridging the IT/OT gap
Another major project requirement was the need to exchange operational data from the OT infrastructure with a very well-known cloud-based asset performance management (APM) solution that integrates all the key data needed to monitor, manage and optimize the performance of the solar plants. The integration of both technologies was quite straightforward thanks to the use of N3uron’s MQTT module. These connections also use TLS protocol, and therefore establishing a secure and private connection with the APM platform requires the exchange and approval of security certificates.
On the other hand, it is mandatory to exchange some data from every plant with the Chilean System Operator (Coordinador Eléctrico Nacional or CEN by its acronym), in this regard communication is carried out with the REST API Server the CEN provides to that end, using N3uron’s scripting module.
Our main ally
NSPS is moving all its photovoltaic power plants to the new supervisory control and data acquisition (SCADA) system — which is bringing improvements in efficiency, maintenance, data access, forecasting, and mobility.
“At the moment N3uron is our main ally, taking into account that it allows us to perform a reliable and efficient remote monitoring of the entire fleet that handles NSPS in Chile. We currently control and monitor 30 sites with a total installed capacity of over 620 MW. No doubt, N3uron is a very useful tool for the management and control of our clients’ assets, which allows us to be alert and react in time to possible failures,” said Claudio Pavez, Site Manager CROCC for NovaSource Chile.
N3uron has helped NSPS to have available all the information that the company needs, and it allows access to this information from virtually anywhere. Users and developers can access the platform from any device using the web browser of their choice. “The easy management of all utilities, the friendly HMI which allows easy identification and resolution of failures, its stability and timely and reliable alarm warnings,” are some of the most outstanding features of the platform for Pavez.
Scalable and cost effective
From a development point of view, Trekkor needed to create a standard to efficiently integrate and commission every new solar site that was brought online in the future. Trekkor made full use of templates and N3uron’s object-oriented configuration to simplify the instantiation and configuration of objects and screens while maintaining the flexibility required in the application. The outcome was a drastic reduction in the development time. Moreover, NovaSource and N3uron, following a strongly recommended practice, created a project of templates in order to have available a common repository with all the templates used in the application. For Trekkor, N3uron was the logical choice for the new SCADA system.
“Our expertise using N3uron to deploy IIoT solutions and SCADA platforms over the past five years, together with N3uron being a rapid development tool, made it the right choice for this project,” said Rato.
If on top of the above mentioned, we add the fact that all N3uron’s module licenses are unlimited in tags, clients and device connections, the result is a perfect combination to guarantee a considerable cost reduction, when compared to other software platforms, and a quick ROI achievement.