Citrix XennApp as mobile SCADA platform
As the SCADA market has grown and the device mobility surged to the forefront, the need of mobile support for SCADA host systems has grown dramatically. This has influenced some of the major host SCADA platforms, i.e. ClearSCADA to introduce mobile application support to keep up with the industry demand. However, not all companies like to expose SCADA applications to the cloud. Company policy and size play major roles in what deployment strategy SCADA teams have to accommodate.
There is one solution that is scalable, secure, and widely supported across mobile device platforms. The Citrix XenApp allows a company to host its SCADA system through a trusted corporate solution with the desired security and platform support. Citrix provides a free, downloadable application called the “Receiver” to connect to published applications through a secure port with the user credentials found on your corporate network. Essentially, it stays inside the firewall with only the “Receiver” ports opened to the world. This allows you to publish the desired SCADA application that can be accessed from any device that supports the “Receiver” application. The “Receiver” can be attached to any typical Microsoft applications as well so linking your SCADA system to PID ro C&E diagrams/documents is supported. Also, the remote Desktop feature allows the development team to access the SCADA server through Citrix as well.
In some host systems, the credential issue is key as the credentials that are used to access the SCADA/host are passed into the host as access factors on what privileges users are given. For example, when a operator logs into his host system, he only has access to his route or responsibilities. When engineers log in, they have access to their entire field or business unit. The great part about this access, is the user only enters credentials one time and is directed through the published app to the host system accordingly. Some internal networks do not even support this when using a VPN.
Other main issues facing small businesses are the deployment and support costs. “We can not afford a large mobile support team!” “We outsource our IT department for a service agreement yearly!” With the pricing model of the Citrix XenApp, the access starts around $1200 for 5 users. This may be all small groups need if the users are defined as admin, development, operators, etc. The support costs are addressed with the free “Receiver” application that is updated and supported by Citrix. It resizes screens and formats the display to stay exactly as how the host system appears. It functions well on touch screens/pads as it encompasses all mouse functionality a user could experience. Simple training usually covers most users of such solutions.
One limitation we did experience is the trusted certificates that certain web applications require. Apple does not always play nice with certifications for small hosting sites or certificate providers. There are work arounds for this as well. This allows your users to have a direct website i.e. https:\myscada.com to access their SCADA system remotely through Citrix without risking the security of VPN or external ISA sites. The “Receiver” is downloaded in the browser as an active X add on and deploys when the site is requested. As a hosting/integration provider you can use sub domains to isolate client sites with the Citrix XenApp directing the traffic on the virtual server level. this allows a service company to have one large server with virtual servers stacked together to use back-up, redundancy, and isolated features for the clients. On the back end, the Citrix is installed on one virtual server but the client gets a unique front i.e. https://MyOilCompany.com. So one server can be used to deploy several clients with one large support model. This reduces the number of IT employees a company requires to provide SCADA hosting.
On the mobile side, a clients iPad looks just like his laptop. The clients BlackBerry looks just like his office computer. No large development group addresses the painful platform support process, just downloads the “Receiver” application given away by Citrix. In several instances, we have used iPads on site testing and commissioning from a wifi hotspot supplied from a tethered device. This allows the operator to approve of the host, while fully function testing his control system on site. At the end of each test, the operator and foreman can see a site come alive while receiving the callouts on his cell phone, further enriching the commissioning process.
Knowing the Citrix solution is not the end all of mobile solutions, it simply becomes a powerful option for companies that may not have the expertise, time, or money to deploy such a valuable host system. With limited cost, a small company can have the features of large corporations in a small window of time.