Comprehensive security architecture and deterministic real-time performance.
Platform → Overview | Architecture | Technology | Security | FrameworX | Editions
Designed for Reliable Performance and Enterprise Security
FrameworX combines deterministic real-time performance with comprehensive security architecture. Built on the Technology Foundation of 100% managed .NET code, the platform delivers millisecond response times while maintaining defense-in-depth protection and full compliance capabilities.
Operational Excellence:
- Performance monitoring with <100ms tag updates & 1ms timestamps
- Multi-layer security with RBAC, Secrets and encryption
- Compliance ready: FDA, IEC 62443, NERC-CIP
- Git-based DevOps with JSON export
- Hot-standby redundancy with <5 second failover
Optimized Architecture
Optimization Layers
| Layer | Optimization | Impact |
|---|---|---|
| Application | Efficient scripts, optimized queries | CPU usage |
| Runtime | Thread pool tuning, memory management | Response time |
| Database | Indexing, partitioning, archiving | Query speed |
| Network | Compression, protocol selection | Bandwidth |
| Hardware | CPU cores, RAM, SSD storage | Overall capacity |
Performance Metrics
| Metric | Target | Measurement |
|---|---|---|
| Tag Update Rate | <100ms | Device to display. Test case: 100,000 Modbus tags in < 1s |
| Alarm Response | <1 second | Condition to notification, keeping 1ms timestamp on logs |
| Client Response | <200ms | User display action to feedback |
| Displays Update | < 50ms | Code behind execution and realtime updates on diaplays |
| Historian Write | <1 second | Tag change to storage, keeping 1ms timestamp on logs |
| Failover Time | <5 seconds | Primary to standby |
(*) Those are expected numbers in a typical implementation. Exact metrics depending on solution design and hardware
Built-in Performance Monitoring Tools:
- Real-time performance dashboards
- Resource utilization tracking
- Bottleneck identification
- Historical trend analysis
Operational Stability
- 100% Managed Code - No memory leaks or pointer errors
- Exception Handling - Graceful failure recovery at every level
- Multi-threaded Execution - Parallel processing with thread safety
- Resource Management - Automatic garbage collection and optimization
Security Architecture
Defense in Depth Implementation
| Layer | Protection Level | Components |
|---|---|---|
Layer 1: Network. Security | Perimeter defense |
|
Layer 2: Application Security | Access control |
|
Layer 3: Data Security | Information security |
|
Layer 4: Operational Security | Process integrity |
|
Security Zones Architecture (ISA-99/IEC 62443)
TSecureGateway enables secure data transfer across zones, bridging Level 2 (factory floor) to Level 4 (enterprise) while maintaining isolation and protection against threats.
Authentication & Authorization
Flexible Authentication Methods
| Enterprise Integration | Native Options |
|---|---|
|
|
Role-Based Access Control (RBAC)
- Granular Permissions - Display, object, and action-level control
- Group Hierarchies - Inherited permissions with override capability
- Dynamic Roles - Runtime permission changes based on context
- User Policies - Password complexity, session duration, auto-logoff
Compliance & Standards
Industry Standards Implementation
| Standard | Implementation | Key Features |
|---|---|---|
| ISA-95 | UNS design patterns | Enterprise/control integration model |
| ISA-101 | HMI design compliance | Operator effectiveness standards |
| FDA 21 CFR Part 11 | Electronic records/signatures | Audit trails, data integrity, validation |
| High Performance HMI | Display design principles | Situational awareness, alarm management |
| IEC 62443 | Cybersecurity guidelines | Security zones, defense in depth |
| NERC-CIP | Critical infrastructure | Access control, monitoring, recovery |
DevOps & Version Control
Enterprise Development Practices
| Native Tool | Feature |
|---|---|
| JSON-Git Export | Human-readable diffs for Git integration |
| Change Tracking | Keep track of changes at object level, with automated version numbering |
| Cross Reference | Dependency analysis and automated rename for all configuration objects |
| Build Procedure | Validation of all server scripts and all displays scripts |
| Publish Procedure | Readonly deployment files for regulated areas |
| Execution Profiles | Management for Development, Validation, Production and Custom environments. |
| DevOps APIs | Programmatic control of configuration and execution |
| Health Monitoring | Built-in runtime metrics and web dashboard |
| Container Support | Docker deployment including support for App Hosting in Cisco Routers |
| Execution Integrity | Built-in diagnostics to verify if running solution matches a given configuration. |
Solution Configuration Protection
- Encrypted Configuration - All settings in protected .dbsln file
- IP Protection - Source code and binaries secured
- Single File Deployment - Simplified distribution and management
- Access Control - Role-based modification rights
Redundancy & High Availability
Hot-Standby Configuration
| Feature | Specification | Benefit |
|---|---|---|
| Automatic Failover | <5 seconds switchover | Minimal disruption |
| Data Synchronization | <5 seconds switchover | No data loss |
| Client Reconnection | Transparent to operators | Continuous operation |
| State Preservation | Full context maintained | Seamless recovery |
(*) Those are expected numbers in a typical implementation. Exact metrics depending on solution design and hardware
Supported Redundancy Modes:
- Server redundancy (primary/standby)
- Database redundancy (mirrored/centralized)
- Network redundancy (dual-path)
- Device redundancy (PLC communication)
External Validation
- Regular third-party penetration testing
- Veracode security assessments
- Gap analysis and remediation
- 100% approval requirement for release
Aim high, start simple, scale without limits.
In this section...
Overview
Content Tools
Tasks