Secure digitalization and connectivity

Secondary substations

Secure digitization and connectivity for secondary substations

Connecting secondary substations as the basis for smart grid

To provide a future-proof solution for connecting secondary substations, thousands of LTE routers from Welotec create the infrastructure for a digital future.

To minimize sources of error and make the rollout as secure as possible, routers are integrated into the existing structure in the field via zero-touch provisioning. The central point of the router management is the SMART EMS. The SMART EMS can be used to manage the devices and update the configurations and software.

Technical implementation

  • IPv4 and IPv6 support in the cellular network
  • Separation of payload and management traffic through simultaneous use of two APNs
  • Management and rollout through zero-touch provisioning of thousands of devices through SMART EMS
  • Integration into customer infrastructure through on-premise installation as well as API integration into customer’s ERP system

Secure digitization and connectivity for secondary substations

Future-proof implementation with cellular radio and IPv6

We are facing increasing fluctuations in the power grid due to renewable energies and e-mobility. This requires greater flexibility as well as more targeted monitoring and control of energy flows. To realize this, new measurement points have to be generated. Traditionally, high voltage is already very well monitored. New approaches must be used for medium and low voltage. Classical secondary substations are generally very well suited for this purpose. Usually they do not have any intelligence or communication links to a central system though. Due to the fact that secondary substations are located far away from any wired infrastructure, a connection via cellular is often the only option.

To ensure that the solution approach will still be viable in a few years, the entire solution was designed with IPv6 technology. To be able to implement the solution on such a scale, close coordination between suppliers, as well as mobile network operator and chip manufacturers, is necessary.

A zero-touch provisioning approach is required to minimize costs as well as error-proneness during commissioning. Furthermore, it is essential to be able to configure all devices in the field later from a central system and to provide them with new software.

Management and zero-touch provisioning of Welotec routers using SMART EMS

In order to keep the commissioning effort as low as possible, the customer’s SIM cards and a previously agreed “startup configuration” are pre-installed and documented at Welotec during the provisioning of the routers. When delivered, the routers can only use the cellular network and connect to the customer’s central management system. When the devices are shipped, the customer receives an electronic delivery bill, which includes information such as the IMEI and serial number of the router, as well as the IMSI of the SIM card. By means of IMEI and IMSI, the customer can ensure at the central RADIUS server that this constellation is unchanged after delivery. The customer imports the electronic delivery bill directly into his SAP, from where the routers are registered at the SMART EMS via middleware and a specific configuration is predefined. If a router is now put into operation, it reports to the customer’s central system and receives its specific configuration including firewall rule, dual APN configuration, IPv6 behavior and VPN configuration.

The router is now in a stable state, has an individual configuration and provides two separate communication channels via dual APN.

In special retro-fit situations, an additional VTI4 tunnel was placed over the IPv6 network to connect corresponding non-IPv6 compatible devices. To ensure that the IPv4 devices are also known to the central endpoint, the router propagates appropriate routes to the central system.

Zero-Touch-Provisioning: Rollout of Welotec TK800 and TK500 4G LTE Routers

Advantages and implications

The use of IPv6 ensures that the concept is technically flexible, scalable and future-proof. The large number of IPv6 addresses makes it possible to address each individual device directly, even in large structures. This not only offers enormous advantages in terms of monitoring and data acquisition, but also opens doors for new digital business models.

Furthermore, retro-fit solutions can be realized by using VTI and propagated routes.

The zero-touch provisioning approach elevates the rollout of the solution from a technical level to a pure business process. By integrating the interfaces into the central SAP system, the management of configurations as well as firmware of the devices in the field, is done directly from SAP.

Furthermore, the interfaces, as well as log and debug information of the routers, offer the possibility to provide data for further processing in monitoring or SIEM systems.

TK600 4G LTE Router with integrated Modbus to IEC 104 conversion

In addition to the IPv6 solution with the Welotec TK800 series there is the TK600. The industrial 4G LTE Router has an integrated functionality for Modbus to IEC 104 conversion. The Modbus Master can poll slaves over Modbus TCP or via the serial RS-232 / RS-485 Interface via Modbus RTU.

The data can be converted to IEC 60870-5-104 or MQTT and send to SCADA or Cloud systems.

The TK600 Router is only working in combination with the device management – Smart EMS from Welotec and the VPN Security Suite for end to end connectivity.