1. The Problem
Oil and Gas Company Customer needed a secure , governed way for to allow approved users to view and adjust key LACT process parameters across multiple sites—without giving direct PLC access or bypassing IT/OT network boundaries. Existing workflows lacked a rules-driven change process, auditability, and end-to-end verification from business network (L4) to field PLCssites without exposing PLCs directly. Existing methods lacked role-based control, audit trails, and automated verification.
2. The Solution:
INS3 and Tatsoft implemented DataDirector application, The project deployed was a multi-tier application using FrameworX to orchestrate request → validate → execute → verify changes:layer FrameworX solution providing a secure path from business users down to site PLCs. The system included:
Layer 4 User InterfaceL4 User Interface (Business Network): Role-based UI login (Guest/, Operator/, Engineer/Admin via AD/2FA) to select assets and submit parameter changes. Reads current values from Business PI and prevents empty/duplicate requests.
L3.5 Application Gateway (SCADA/Common DMZ): Headless relay that securely routes requests and status/verification messages between L4 and site systems; contains site routing tables.
, Admin) with 2FA, viewing and requesting parameter changes.
Application Gateway (L3.5): Secure relay between business and field networks.
L3.5 Command & Control (Edge Node in Field DMZ): Runs the same UI but sources data from Site PI. Enforces Enforced business rules, queues requests FIFO, performs OPC queued changes, executed writes via Kepware, then validates by reading back from Site PI. Returns explicit statuses to L4 (e.g., Request Successful, Rule Failed, I/O Server Not Responding, Change Not Validated).Engineering Station (L3.5): Maintains users/roles and rule sets for pilot; can edit which parameters are viewable/changeable.OPC, and verified updates against Site PI before confirming back to the user.
Simple Architecture Diagram:
L4 Business UI → Application Gateway → Edge Command & Control → OPC/Kepware → PLC
Site PI → Corporate PI
Technical Specifications:
Facilities: Midway ST31 (LACT01–02), Cymric 31X (LACT03–04)
Parameters Managed: Meter Factor, Water Cut, API Gravity (+ telemetry)
Data Systems: PI (Site & Corporate), OPC via Kepware
Architecture: Layer 4 UI → Gateway → Edge Command & Control → PLCs
Architecture Diagram:
What Users Can Change (per asset):
View only: Temperature (°F), Pressure (PSI), Tank Level (bbl)
Changeable: Meter Factor, Water Cut (%), API Gravity
Embedded Rule Set (examples):
Context rules: Correct Area/Site; time window (07:00–17:00), weekdays only, not on first/last 2 days of month; frequency limit (≤2 successful changes per user/asset/parameter/day).
Value rules: Min/Max & delta checks
Meter Factor: 0.70–1.25, Δ≤1.00
Water Cut: 0–5, Δ≤6
API Gravity: −10.0–100.0, Δ≤111.0
Technical Specifications:
Enterprise / Areas / Facilities / Process / Equipment:
LACT at 6 sites
Networks/Layers: L4 Business; L3.5 SCADA/Common DMZ; L3.5 Field DMZ.
Data Systems: Business PI, Site PI (with PI-to-PI replication); status & mapping tables.
I/O: Kepware OPC (primary/backup read/write).
Ports/Comms (Gateway): Routed per-site (e.g., port family 5101–5106) with heartbeat tags.
Parameters Managed: Meter Factor, Water Cut, API Gravity (+ view-only telemetry).
Testing & Quality Gates:
FAT (≈60%) in INS3 sandbox with surrogate stores for AD/PI.
SAT (≈90%) on customer domains (CT/PCN), with end-to-end request/verify tests and full role matrix (Guest/Operator/Engineer/Admin).
3. Key Enablers:
Layered Architecture: Clean separation of L4 UI, L3.5 Gateway, and Edge rules engine.
Role-Based Security & Audit: AD/2FA, per-request logging, full status lifecycle.
Rules-Driven C&C at the Edge: Deterministic gatekeeping close to the process; FIFO queueing.
Closed-Loop Verification: OPC write to PLC, then Site PI read-back and PI-to-PI replication to Business PI for user confirmation.
Operational Transparency: Rich status codes returned to the user for every request.
4. The Results:
Secure change management across IT/OT boundaries without exposing PLCs to L4 users.
Governed, auditable adjustments with explicit pass/fail reasons—improves compliance and trust.
Reduced misconfigurations via rule enforcement and automatic verification.
Scalable multi-site pattern (6 sites in pilot) ready for broader rollout.
Consolidate
1. The Problem
Customer needed a secure way to allow approved users to view and adjust LACT process parameters across multiple sites without exposing PLCs directly. Existing methods lacked role-based control, audit trails, and automated verification.
2. The Solution
The project deployed was a multi-layer FrameworX solution providing a secure path from business users down to site PLCs. The system included:
Layer 4 User Interface: Role-based login (Guest, Operator, Engineer, Admin) with 2FA, viewing and requesting parameter changes.
Application Gateway (L3.5): Secure relay between business and field networks.
Command & Control (Edge Node): Enforced business rules, queued changes, executed writes via OPC, and verified updates against Site PI before confirming back to the user.
Simple Architecture Diagram:
L4 Business UI → Application Gateway → Edge Command & Control → OPC/Kepware → PLC
?
Site PI → Corporate PI
Technical Specifications:
Facilities: Midway ST31 (LACT01–02), Cymric 31X (LACT03–04)
Parameters Managed: Meter Factor, Water Cut, API Gravity (+ telemetry)
Data Systems: PI (Site & Corporate), OPC via Kepware
Architecture: Layer 4 UI → Gateway → Edge Command & Control → PLCs
3. Key Enablers
Role-based security with AD/2FA
Business rule enforcement at the Edge
End-to-end verification via PI read-back
Full audit trail and status reporting
4. The Results
Secure, governed change management across IT/OT layers
Reduced risk of misconfiguration through rules and verification
Transparent audit trail of all requests and outcomes
Scalable approach proven in pilot for Midway and Cymric facilities