1. The Problem
Oil and Gas Company needed a secure, governed way for approved users to view and adjust key LACT process parameters across multiple sites—without giving direct PLC access or bypassing IT/OT network boundaries. Existing workflows lacked a rules-driven change process, auditability, and end-to-end verification from business network (L4) to field PLCs.
2. The Solution:
INS3 and Tatsoft implemented DataDirector application, a multi-tier application using FrameworX to orchestrate request → validate → execute → verify changes:
L4 User Interface (Business Network): Role-based UI (Guest/Operator/Engineer/Admin via AD/2FA) to select assets and submit parameter changes. Reads current values from Business PI and prevents empty/duplicate requests.
L3.5 Application Gateway (SCADA/Common DMZ): Headless relay that securely routes requests and status/verification messages between L4 and site systems; contains site routing tables.
L3.5 Command & Control (Edge Node in Field DMZ): Runs the same UI but sources data from Site PI. Enforces business rules, queues requests FIFO, performs OPC writes via Kepware, then validates by reading back from Site PI. Returns explicit statuses to L4 (e.g., Request Successful, Rule Failed, I/O Server Not Responding, Change Not Validated).
Engineering Station (L3.5): Maintains users/roles and rule sets for pilot; can edit which parameters are viewable/changeable.
Architecture Diagram:
What Users Can Change (per asset):
View only: Temperature (°F), Pressure (PSI), Tank Level (bbl)
Changeable: Meter Factor, Water Cut (%), API Gravity
Embedded Rule Set (examples):
Context rules: Correct Area/Site; time window (07:00–17:00), weekdays only, not on first/last 2 days of month; frequency limit (≤2 successful changes per user/asset/parameter/day).
Value rules: Min/Max & delta checks
Meter Factor: 0.70–1.25, Δ≤1.00
Water Cut: 0–5, Δ≤6
API Gravity: −10.0–100.0, Δ≤111.0
Technical Specifications:
Enterprise / Areas / Facilities / Process / Equipment:
LACT at 6 sites
Networks/Layers: L4 Business; L3.5 SCADA/Common DMZ; L3.5 Field DMZ.
Data Systems: Business PI, Site PI (with PI-to-PI replication); status & mapping tables.
I/O: Kepware OPC (primary/backup read/write).
Ports/Comms (Gateway): Routed per-site (e.g., port family 5101–5106) with heartbeat tags.
Parameters Managed: Meter Factor, Water Cut, API Gravity (+ view-only telemetry).
Testing & Quality Gates:
FAT (≈60%) in INS3 sandbox with surrogate stores for AD/PI.
SAT (≈90%) on customer domains (CT/PCN), with end-to-end request/verify tests and full role matrix (Guest/Operator/Engineer/Admin).
3. Key Enablers:
Layered Architecture: Clean separation of L4 UI, L3.5 Gateway, and Edge rules engine.
Role-Based Security & Audit: AD/2FA, per-request logging, full status lifecycle.
Rules-Driven C&C at the Edge: Deterministic gatekeeping close to the process; FIFO queueing.
Closed-Loop Verification: OPC write to PLC, then Site PI read-back and PI-to-PI replication to Business PI for user confirmation.
Operational Transparency: Rich status codes returned to the user for every request.
4. The Results:
Secure change management across IT/OT boundaries without exposing PLCs to L4 users.
Governed, auditable adjustments with explicit pass/fail reasons—improves compliance and trust.
Reduced misconfigurations via rule enforcement and automatic verification.
Scalable multi-site pattern (6 sites in pilot) ready for broader rollout.