Multilin D400 - Legacy

Advanced Gateway Connectivity

Data collection, concentration and visualization

The D400 Substation Data Manager, when operating as a SCADA host, collects, filters, and sorts data from a wide range of intelligent devices (RTUs, relays, meters) in the substation and preserves original data time stamp for accurate sequence of event. Data can be presented to multiple SCADA hosts. The D400 comes with a built-in suite of protocols and security applications to facilitate communication with various substation devices and SCADA hosts, including:

• DNP3 serial and TCP/IP (client & server)
• IEC 61850 (client)
• Modbus serial & TCP/IP (client & server)
• IEC60870-5-101/103/104 client
• IEC60870-5-101/104 server
• SELFast Meter/SEL ASCII
• Hydran Host
• GE modem
• Generic ASCII protocols

IEC 61850 Gateway

The IEC 16850 Client application allows the D400 to act as a powerful IEC 61850 data concentrator. The D400 also includes valuable features such as Dynamic Data Sets, Buffered Control blocks, Enhanced Security controls.

Device Redundancy (Hybrid Model)

Dual D400 units can be deployed creating a redundant system where accumulators, SOE logs, and configurations are automatically synchronized between the two systems. Serial communication links are automatically switched between the units based on system health.

The D400 100Base-FX redundant Ethernet card enables automatic switchover between two sets of Ethernet switches ensuring there is no single point of failure in the system.

D400 now supports PRP by actively communicating on two physical Ethernet ports connected to two independent network LANs simultaneously. PRP allows systems to overcome any single network failure without affecting the data transmission. It provides seamless failover redundancy.

The D400 supports three modes of operation:

• Standalone
• Warm standby and
• Hot standby

The D400 can be configured to operate in one mode at any given time.

Built in Media Conversion

The D400 supports various communication media types—Serial: RS-232, RS-485, Glass Fiber, and Plastic Fiber; and Ethernet: 10/100Base-T, 10Base-FL, and 100Base-FX. Hot swappable communications modules eliminate the need for dongle type media converters used to convert to glass or plastic fiber, reducing total cost of deployment.

Advanced Automation

The D400 acts as the centralized, rugged computing platform in advanced Automation systems. Using the calculator tool and/or GE's programmable logic (LogicLinx), users can create custom automation programs for a variety of applications such as:

• Sequence switching
• Interlocking
• Auto-sectionalizing
• Autoreclosing
• Load Tap Changer Control
• Capacitor Bank Control
• Reactor Switching
• Alarm grouping

HMI, one-line viewer & Annunciator

The D400 supports a web based HMI/Annunciator feature, that is accessible remotely, using a standard Internet browser or locally, through a direct connection to the unit. Users have access to all data points in the systems, alarm screens, communications status screens ,and dynamic One-Line diagrams, all through the secure web interface.

The web based HMI supports the following security features to ensure secure remote or local access:

• Configurable auto logout/login for Remote and Local HMI access Disabling of Remote HMI Non-Observer Privileges
• Login to specific custom screens for added security to sensitive displays
• Remote access to Redundant or Active HMI screens
• Support for forcing points from one line diagram

Web based HMI/Annunciator feature, that is accessible using a standard Internet browser or through a VGA monitor and USB keyboard/mouse attached directly to the unit.

Mathematical Control Logic

Using the Calculator tool, users can create advanced solutions that group, manage and control points to produce the required automation results. The calculator tool can perform mathematical, logical, or timer based operations on any data points stored in the D400. Using a graphical interface, users can define logical expressions using mathematical functions such as; addition, multiplication, logarithm, greater than, less than, as well as other boolean functions.

Programmable Logic (LogicLinx)

For more advanced applications, programmable logic (LogicLinx) software provides PLC functionality on the D400 platform. LogicLinx offers textual and graphical languages as defined in the IEC 61131-3 standard for PLC programming environments, including Sequential Functions Chart, Instruction List, Structured Text, Ladder Diagram and Function Block Diagram. In addition, a wide range of arithmetic, Boolean and logical operations are supported.

Fault Recording/Data Logging

Data Logger

The Analog Data Logger provides a variety of means to monitor and record any analog input point value changes into data files that can be retrieved by the user. A variety of recording methodologies are supported including, Continuous (all changes), Periodic, Time weighted, Out of range and Triggered by a digital input point.

Trend Viewer

All data recorded by the Analog/Digital Data Logger can be viewed by the Digital event recorder using the built in web-based Trend Viewer. Users can select the range of data to be used by time and date, alternately a real time streaming view can be displayed. Up to 8 data points (pens) can be displayed on a single view and support for curve fitting is available.

Data Base Exporter

The Database Exporter tool allows users to save Analog Data Logger and Digital event recorder points from the D400 to your local PC, using the WEB interface, in comma-separated values (CSV) format.

Automatic Record Retrieval

The Automated Record Retrieval Manager (ARRM) retrieves and stores record files from devices connected to the D400. ARRM uses the Distributed Network Protocol (DNP) and the IEC 61850 protocol to communicate with a variety of devices, and uses the Trivial File Transfer Protocol (TFTP) or MMS to transmit the files from the IED to the device over a Local Area Network (LAN) or serial connection.

You can also retrieve downloaded records from the D400 using any FTP/SCP/SFTP client as needed or on a scheduled basis.

ARRM supports a configurable interval for polling connected devices. This can be activated or deactivated through the runtime viewer display screen.

The connection status of the devices, in addition to the data retrieved from the IEDs can also be displayed or made available directly to the Tarigma Grid Enterprise Manager (GEM) software.

The D400 fault recording capability allows system event information to be collected and viewed using a web-based trend viewer.

Parallel Redundancy Protocol

IEC 62439-3 (Edition 2), Parallel Redundancy Protocol

Substation LAN redundancy has been traditionally accomplished by reconfiguring the active network topology in case of failure. Regardless of the type of LAN architecture (tree, mesh, etc.), reconfiguring the active LAN requires time to switchover, during which the LAN is unavailable.

Parallel Redundancy Protocol is an IEC 62439-3 data communication network standard which is often used to overcome single network failure without affecting the data transmission. PRP is independent of the communication protocols and provides no packet loss (“zero recovery time”) availability by using connected nodes which transmit and receive over two independent network active paths. Under PRP, each network node has two Ethernet ports attached to two different local area networks, using standard bridges, and similar topology.

Existing D400 systems with 1 GHz or newer CPU can be upgraded via firmware in order to enable the Parallel Redundancy Protocol. The D400 can communicate simultaneously to devices connected to a common network, carrying mixed traffic: single LAN, legacy redundant or dual LAN, and PRP. This aids in implementing PRP in brown field installations, taking advantage of possible spare ports on existing managed switches LAN infrastructure. Additional LAN switches may be added as needed.

Analog Report Generation

In addition to the data logging capability within the D400, users can configure the D400 to record and generate online and offline reports from operational and non-operation analog data. While online reports can be retrieved instantly and are an extension of the data logger periodic reports, offline reports can be retrieved daily, weekly or monthly.

Offline Reports:

• Users can use the Analog report application to generate offline reports
• Users can configure different types of analog reports. For example: Shift, daily, weekly and monthly
• Users can use the offline report viewer to view generated reports
• Output format types includes: PDF, Excel and HTML

Offline Reports

• This is an extension of the data logger periodic reports
• Users can use the online report viewer to view periodic data logger reports
• Output format types includes: PDF, Excel and HTML

Report Configuration Steps

• Create report template using iReport Designer
• Import template to D400
• Configure Offline Reports

Types of Offline Reports and Key Parameters:

OpenVPN Architecture Example

Secure Remote Access

D400 provides robust security environment, providing seamless integration with existing IT department policies. Role based Access Control, Secure Web Interface, Secure File Transfer, and extensive user activity logging provide a complete security toolkit required to achieve NERC-CIP compliance.

Non-operational Data

Using pass-through connections, the utility user can extract valuable non-operational data such as digital fault recording (DFR) records and event files. The user can also access the historical log files and upload the archived data for trending and analysis.

Pass-through/Terminal Server

A built-in terminal server emulator allows pass-through connections to be initiated to substation device (relay, meter, RTU or other device). Once the connection is established, the local event records can be uploaded from the substation devices and viewed remotely. Remote access can be secured with TLS or SSH.

Virtual Serial Ports

Virtual serial ports eliminate copper wire communications to feeder bays when a serial-only device is located in the bay. A small terminal server can be placed in the bay and connected to the Ethernet network, allowing all D400 serial client applications to connect directly to the serial device.

Role Based Access Control

Role Based Access Control is achieved using LDAP, TACACS+, RADIUS or the D400’s internal database; ensuring only authenticated and authorized users gain access the system. When using LDAP, TACACS+, or RADIUS, revoking user privileges, system wide, is as simple as updating the centralized user database.

Network security protocols:

• HTTPS
• SSH
• SCP
• Syslog
• SFTP
• CHAP
• SFTP
• CHAP
• RADIUS
• TACACS+
• LDAP

Built-in Firewall

Multilin D400 is equipped with a built-in firewall for enhanced gateway cyber security. D400's firewall is designed to drop unsolicited or invalid routed packages. The firewall is preconfigured to block outbound traffic on external interfaces and inbound traffic on both internal and external interfaces. The D400 automatically generates rules allowing inbound traffic on internal interfaces for all configured services. The rules are user configurable for inbound/outbound traffic customization.

HMI, One Line & Annunciator

The Multilin D400 supports a web based HMI/ Annunciator feature, that is accessible using a standard Internet browser or through a VGA monitor and USB keyboard/mouse attached directly to the unit. Users have access to all data points in the systems, alarm screens, communications status screens and dynamic one line diagrams, all through the secure web interface.

The D400's web based HMI supports the following security features to ensure secure remote or local access:

• Configurable auto logout/login for Remote and Local HMI access
• Disabling of Remote HMI Non-Observer Privileges
• Login to specific custom screens for added security to sensitive displays
• Remote access to Redundant or Active HMI screens