1. The Problem

Customer needed a secure way to allow approved users to view and adjust LACT process parameters across multiple sites without exposing PLCs directly. Existing methods lacked role-based control, audit trails, and automated verification.

2. The Solution:

The project deployed was a multi-layer FrameworX solution providing a secure path from business users down to site PLCs. The system included:

  • Layer 4 User Interface: Role-based login (Guest, Operator, Engineer, Admin) with 2FA, viewing and requesting parameter changes.

  • Application Gateway (L3.5): Secure relay between business and field networks.

  • Command & Control (Edge Node): Enforced business rules, queued changes, executed writes via OPC, and verified updates against Site PI before confirming back to the user.

Simple Architecture Diagram:

L4 Business UI → Application Gateway → Edge Command & Control → OPC/Kepware → PLC

Site PI → Corporate PI

Technical Specifications:

  • Facilities: Midway ST31 (LACT01–02), Cymric 31X (LACT03–04)

  • Parameters Managed: Meter Factor, Water Cut, API Gravity (+ telemetry)

  • Data Systems: PI (Site & Corporate), OPC via Kepware

  • Architecture: Layer 4 UI → Gateway → Edge Command & Control → PLCs

Architecture Diagram:

image2020-10-30_17-7-45.png


What Users Can Change (per asset):

  • View only: Temperature (°F), Pressure (PSI), Tank Level (bbl)

  • Changeable: Meter Factor, Water Cut (%), API Gravity

Embedded Rule Set (examples):

  • Context rules: Correct Area/Site; time window (07:00–17:00), weekdays only, not on first/last 2 days of month; frequency limit (≤2 successful changes per user/asset/parameter/day).

  • Value rules: Min/Max & delta checks

    • Meter Factor: 0.70–1.25, Δ≤1.00

    • Water Cut: 0–5, Δ≤6

    • API Gravity: −10.0–100.0, Δ≤111.0

Technical Specifications:

  • Enterprise / Areas / Facilities / Process / Equipment:

    • LACT at 6 sites

  • Networks/Layers: L4 Business; L3.5 SCADA/Common DMZ; L3.5 Field DMZ.

  • Data Systems: Business PI, Site PI (with PI-to-PI replication); status & mapping tables.

  • I/O: Kepware OPC (primary/backup read/write).

  • Ports/Comms (Gateway): Routed per-site (e.g., port family 5101–5106) with heartbeat tags.

  • Parameters Managed: Meter Factor, Water Cut, API Gravity (+ view-only telemetry).

  • Testing & Quality Gates:

    • FAT (≈60%) in INS3 sandbox with surrogate stores for AD/PI.

    • SAT (≈90%) on customer domains (CT/PCN), with end-to-end request/verify tests and full role matrix (Guest/Operator/Engineer/Admin).

3. Key Enablers:

  • Layered Architecture: Clean separation of L4 UI, L3.5 Gateway, and Edge rules engine.

  • Role-Based Security & Audit: AD/2FA, per-request logging, full status lifecycle.

  • Rules-Driven C&C at the Edge: Deterministic gatekeeping close to the process; FIFO queueing.

  • Closed-Loop Verification: OPC write to PLC, then Site PI read-back and PI-to-PI replication to Business PI for user confirmation.

  • Operational Transparency: Rich status codes returned to the user for every request.

4. The Results:

  • Secure change management across IT/OT boundaries without exposing PLCs to L4 users.

  • Governed, auditable adjustments with explicit pass/fail reasons—improves compliance and trust.

  • Reduced misconfigurations via rule enforcement and automatic verification.

  • Scalable multi-site pattern (6 sites in pilot) ready for broader rollout.