This page is frozen, 
actual one here.OpenSCADA server's infrastructure
| Founded: Jun 2014 Members: Roman Savochenko Description: OpenSCADA servers infrastructure representing, tracing and managing. Managing task: by the linkFunding: 89% from the request, mostly by the Beams&Plasmas |  |
Introduce
The page aimed for server's infrastructure of OpenSCADA project represents, traces and manages.From begins the OpenSCADA resources hosted on a main server of
DIYA Ltd and the server's details and specific were not possible to publish. From 2015 year the OpenSCADA project had own a server and an internet channel thanks mostly to Beams&Plasmas funding. From 2016 year all resources of the project OpenSCADA were moved to the new server and domain name "oscada.org" was switched to it. For the domain name "oscada.org" and it's DNS uses the Hosting Ukraine, the configuration shown in Table 1.Table 1: Domain "oscada.org" configuration.
| Property | Old value | Current value |
| Name Server 1 | NS0.XNAME.ORG | NS1.FASTDNS.HOSTING |
| Name Server 2 | NS1.UKRAINE.COM.UA | NS2.FASTDNS.HOSTING |
| Name Server 3 | NS2.UKRAINE.COM.UA | NS3.FASTDNS.HOSTING |
| oscada.org. | 82.207.88.73 | 134.249.149.50 |
| ftp | 82.207.88.73 | 134.249.149.50 |
| wiki | 82.207.88.73 | 134.249.149.50 |
| 82.207.88.73 | 134.249.149.50 | |
| www | 82.207.88.73 | 134.249.149.50 |
1. Hardware and internet channel
The OpenSCADA server located now into a quarter of author of the OpenSCADA system it is Roman Savochenko. For link to the global network (Internet) used a service of Internet providerKyivstar in Kamjanske city of Ukraine. The provider uses the conception of Fiber To The Building (FTTB) and the internet channel's bandwidth now it is 30Mbit/s. For temporary access (for dynamic IP) used domain name "oscada.dlikddns.com" which allowed yet and next there was registered a static IP 134.249.149.50 to which now connected the main domain "oscada.org". Hardware configuration of the server shown into Table 2:Table 2: Hardware configuration of the OpenSCADA server.
| Name | Configuration | Notes |
| CPU | AMD Phenom(tm) II X4 900e | purchased that as used instead the original Athlon 64 X2 (too weak) and the brand new A8-6500, TDP 65W |
| MB | ASUS M2NPV-VM, Socket AM2 | used as a hard tested and reliable solution, instead purchased specially the brand new MB MSI A88X-G41 PC Mate |
| Chipset | NVIDIA GeForce 6150 + nForce 430 MCP | |
| Memory | 3GB (DDR2-800) | original for the MB |
| HDD | 1TB, RAID1 (ST1000VM002+WD10EZRX) | brand new, low power consumption, heating about +8ฐC, through changing of 2xDT01ACA050 |
| Power Supply | Cooler Master 400W | brand new |
| Case | MidiTower, ATX | used |
| UPS | PowerCom INF-800 + AB 60Ah | brand new, external battery 60Ah, measured internal consumption 23...30W, measured effectiveness 61% (40 from 60Ah), the output is clean sine curve. |
2. Program environment and services
In base of the program environment used OSLinux distributive Debian 7 (Wheezy). For external services isolation and some other purposes used the OpenVZ lightweight isolation into different Virtual Private Servers (VPS). Into mostly VPS also used Linux distributive Debian 7 (Wheezy), sometime used Debian 8 (Jessie) and ALTLinux T6. Hardware server (HS) it is x86_64 program environment but the VPSs mostly used x86 environment especially for high demanded tasks, as the result we have the memory consumption 1.2GB instead 2GB of even-functional x86_64 pure environment. The program environment structure shown in Figure 1.
Figure 1. OpenSCADA server's network and the program environment structure.
File system of the hardware server (HS) has not a swap partition and has two main mirrored partitions:
- "root (/)": 9.1GB
- "data (/data): 908GB
Besides only VPS containers management by OpenVZ the HS environment also has some services for the external and internal networks:
- SSH: Generic access to the server control by SSH from internal and external.
- PPTP: Secure tunneling. For connection from an external environment to the internal network at all or for remote connection to the connected client.
- NTP: Network time service. For internal and external hosts.
- FTP: Internal network FTP-server for the local data storage access.
- Samba: Internal network SMB-server for the local data storage access.
- AptCacher: APT cacher of new generation (apt-cacher-ng). Serves for unmistakable Live-disks building and used for Debian repositories updating by the http-cacher.
Service config files: "/etc/apt-cacher-ng/".
- AptMirror: APT mirroring (apt-mirror) for need APT-repositories. Serves for unmistakable Live-disks building in use TDE. For now there mirror next repositories:
- AutoBuilder: Automatic OpenSCADA package's builder for LTS and Work versions, by the local Subversion repository check. For details see to the task.
- DNS (Bind9): Internal network domain names server.
Some time in while lost all forwarders by no external host resolved, possible by DDNS update the original zone file, observed: 17.03.2016
- DHCP: Internal network dynamic hosts configuration.
- CUPS: Internal network print service.
- SmartHouse (in process): OpenSCADA-based smart-house and the server's sensors monitoring configuration.
2.1 VPS: FTP
Address: ftp.oscada (192.168.0.10)Service: exclusively provides a public file-service for OpenSCADA resources. To use the service go to
ftp://ftp.oscada.org.Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, file server ProFTP.
The FTP has next partial tree with the descriptions:
- "ALTLinux/" repositories of packages of OS Linux distribution ALTLinux;
- "Debian/" repositories of packages of OS Linux distribution Debian;
- "Misc/" misc files;
- "OpenSCADA/" OpenSCADA project's files;
- ...
- "books/" books, wrote by the OpenSCADA project participants, mostly by Roman Savochenko.
2.2 VPS: DB
Address: db.oscada (192.168.0.11)Service: exclusively provides different DBMS for internal and by VPSes using.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, allowed next DBMS: MySQL, PostgreSQL, FireBird, OpenLDAP (slapd).
Table 2.2: Allowed DBMS and its using.
| DBMS | Using |
| MySQL | TYPO3 (http://oscada.org), WackoWiki (http://wiki.oscada.org), Jabber, some OpenSCADA tests. |
| PostgreSQL | Some OpenSCADA tests. |
| FireBird | Some OpenSCADA tests. |
| OpenLDAP | Jabber users authentication. |
2.3 VPS: SVN
Address: svn.oscada (192.168.0.12)Service: provides the control versions systems.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, allowed next control versions systems: Subversion, CVS.
CVS it is old-deprecated control versions system used up to year 2005 by the OpenSCADA project and some projects of firm
DIYA Ltd of it's author Roman Savochenko. For now CVS provides only for the compatibility and supports only guest access: $ cvs -d:pserver:guest@oscada.org:/CVS_R co OpenScadaSubversion it is current control version system using now by the OpenSCADA project. Supported two managing and two display connections:
- In classic way, allowed to manage and anonymous reading/observing. By self service "svn://", for example: $ svn ls svn://oscada.org/trunk/OpenSCADA/
- In secure way by SSH, allowed to manage but only for authorized users. By secure prefix like "svn+oscada://", for example: $ svn ls svn+oscada://oscada.org/mnt/SVN_R/trunk/OpenSCADA
- Through DAV by HTTP, allowed only for anonymous reading/observing. By HTTP prefix "http://", for example: $ svn ls http://oscada.org/svn/trunk/OpenSCADA/
- Through the Web-interface by WebSVN, allowed only for anonymous observing. By the HTTP link.
2.4 VPS: HTTP
Address: http.oscada (192.168.0.13)Service: provides different HTTP-services which mostly based on
Apache2 web-server.Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, Apache web-server.
Main configuration file of the virtual hosts placed into "/etc/apache2/sites-available/openscada.conf". EMail configured as simple relay (into file "/etc/postfix/main.cf") to the server's email server, into different VPS.
Table 2.4: Provided HTTP-services.
| Name | Description | Notes |
| phpMyAdmin | DBMS MySQL management by a WEB-interface of phpMyAdmin | |
| phpLDAPadmin | LDAP management by a WEB-interface of phpLDAPadmin | |
| TYPO3oscada.orgoscada.org/typo3 | Main OpenSCADA project's site based on the TYPO3 CMS, include an admin Web-interface | The project tree used original and placed into "/var/www/oscada/". The configuration and DB moved from PHP version 5.2 to 5.4 and from TYPO3 version 4.3 to 4.5 LTS. In that reason and the PHP 5.4 significant changes here was some migrations problems into extensions mm_forum, sr_feuser_register and lz_gallery which were fixed. Migration DB commands: Fixed bugs:
|
| WackoWIKIwiki.oscada.org | Main OpenSCADA project's knowledge base on WackoWIKI | The project tree used original and placed into "/var/www/oscada/wiki/". The configuration and DB moved from PHP version 5.2 to 5.4 which caused to some problems, at first it is into function htmlspecialchars() and the default charset is UTF-8. The problems mostly fixed before moving to a new version of Wiki-engine. Migration DB commands: Planed tasks for select, update and migrate. |
| File serveroscada.org/oscadaArchftp.oscada.org | File service by HTTP of Apache2 | |
| WebSVNoscada.org/websvn | Web-interface for manages the Subversion repository of the OpenSCADA project by the WebSVN. | The project tree used original and placed into "/var/www/oscada/websvn/". Config file "/var/www/oscada/websvn/include/config.php" for edit function "addRepository(...)". No a migration problem here was detected. |
| DAV svnoscada.org/svn | Browsing and observing on the OpenSCADA Subversion repository as file-system on HTTP. | |
| AWStatsWWWWWW filesWIKIFTP | Visits of the server different statistic by the AWStats. | Original statistic of the old server was saved and attached to the server. |
2.5 VPS: Mail
Address: mail.oscada (192.168.0.15)Service: provides exclusively EMail service.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, SASL, Postfix, Cyrus, Amavis, SpamAssasin, ClamAV, FetchMail.
Table 2.5: Provided EMail-services.
| Name | Description | Notes |
| SASL | Simple Authentication and Security Layer (SASL) | For authentication used the local DB "/etc/sasldb2". For Cyrus IMAP-server the DB pointed direct into the file "/etc/imapd.conf", as line "sasldb_path: /etc/sasldb2". For Postfix here special configured the daemon "saslauthd" into the config file "/etc/default/saslauthd" by lines: Some managing of users and passwords tools' examples: |
| Cyrus | Internet Message Access Protocol (IMAP) server provides access to personal mail and system-wide bulletin boards through the IMAP protocol, by the project Cyrus. Sieve (server side filters) enabled. | Main config files: "/etc/{cyrus.conf, imapd.conf}". Local DB's folder: "/var/lib/cyrus". User's mails folder: "/var/spool/cyrus/mail". The folders "/var/lib/cyrus" and "/var/spool/cyrus/mail" were taken from the old server and spare mailboxes for OpenSCADA were removed. Some managing of mailboxes tools' examples: |
| Postfix | Send messages service by the Send Message Transport Protocol (SMTP), by Postfix. | Main config files: "/etc/postfix/{master.cf,main.cf}". Local lists and DBs: "/etc/aliases.db", "/etc/postfix/{bcc_map.db, local_recipients.db, mynetworks}". Some managing of DB and the mail queue tools' examples: |
| Amavis | A Mail Virus and spams Scanner (AMaViS) which for the viruses scan mostly uses ClamAV and for spam uses SpamAssasine. | Main config files folder: "/etc/amavis/conf.d". Viruses and SPAM quarantine folder: "/var/lib/amavis/virusmails". The configuration was taken from old server and provides next policy:
|
| ClamAV | Anti-virus checking by the ClamAV. | Main configuration file: "/etc/clamav/clamd.conf". |
| SpamAssasin | Anti-spam checking by the SpamAssasin. | Main configuration file: "/etc/spamassassin/local.cf". Training DB: "/var/spool/spamassassin/". Some training tool's examples: |
| FetchMail | Fetch mailboxes to the local ones by FetchMail. | Main configuration file: "/etc/fetchmailrc". |
2.6 VPS: Jabber
Address: jabber.oscada (192.168.0.16)Service: provides instant messages server.
Base of the VPS: OS Linux distributive Debian 8 (Jessie) x86, Jabberd2. The VPS was successfully updated from the Debian 7 minimal VPS template but no that VPS of x86 platform allowing for Debian 8.
For users authentication of the instant messages server used LDAP on the VPS "DB". For contacts store used the table "jabberd2" on the DBMS MySQL on the VPS "DB". The configuration and the table "jabberd2" were taken on the old server and successful adapted on the new.
2.7 VPS: ALTLinux32 builder
Address: bldrALT32.oscada (192.168.0.100)Service: Live-disks and firmwares building environment of the Linux distributive ALTLinux 5 (5.1) and 6 (T6) of the hardware platform x86.
Base of the VPS: OS Linux distributive ALTLinux T6 x86, MKImage.
The VPS contains and provides set of MkImage profiles which mostly used from the
AutoBuilder system of OpenSCADA and also allowed for manual its using. Allowed MkImage profiles shown into Table 2.7.Table 2.7: MkImage profiles.
| Profile | Description |
 mkimage-profiles-5-kdesktop | Live-disk for desktop of ALTLinux 5 (5.1) building. Inactive now! |
| mkimage-profiles-5-plc | Generic PLC firmwares (tarballs) building profile on ALTLinux 5 (5.1). |
| mkimage-profiles-5-plc-LP8x81 | ICP-DAS PLC firmwares (tarballs) building profile on ALTLinux 5 (5.1). |
| mkimage-profiles-5-KramMill | Project's "ACS TP of the ball mills "ุมฬ 287/410" of the boiler "มสว 160100 ฯา"" Live/Install/Service disk. |
| mkimage-profiles-6-kdesktop | Live-disk for desktop of ALTLinux 6 (T6) building, includes OpenSCADA and KDE 3.5.13.2. |
| mkimage-profiles-6-plc | Generic PLC firmwares (tarballs) building profile on ALTLinux 6 (T6). |
| mkimage-profiles-6-plc-LP8x81 | ICP-DAS PLC firmwares (tarballs) building profile on ALTLinux 6 (T6). |
| mkimage-profiles-6-bagley | Project's "Bagley Coke Boiler #1 dispatching system (will be soon prepared)" Live/Install/Service disk. |
| mkimage-profiles-6-KramWater | Project's "Kramatorsk Water (will be soon prepared)" Live/Install/Service disk. |
For the Live-disks unmistakable building the original packages repositories of ALTLinux 5 and 6 located in the server and it is regular mirroring performed. By the OpenSCADA project in different times was created a self repository of packages included builds of the OpenSCADA packages and other programs with fixings and renewals, for details see to the Automation Linux distributive of the project OpenSCADA. Next actual repositories for ALTLinux allowed on the OpenSCADA server:
- ALTLinux 5.1:
- "rpm ftp://ftp.oscada.org/ALTLinux/5/branch i586 classic" classic packages of the i586 architecture;
- "rpm ftp://ftp.oscada.org/ALTLinux/5/branch noarch classic" classic packages of independent from an architecture;
- "rpm ftp://ftp.oscada.org/ALTLinux/5 openscada main" repository of OpenSCADA packages.
- "rpm
- ALTLinux T6:
- "rpm ftp://ftp.oscada.org/ALTLinux/6/branch i586 classic" classic packages of the i586 architecture;
- "rpm ftp://ftp.oscada.org/ALTLinux/6/branch i586 debuginfo" debug information packages of the i586 architecture;
- "rpm ftp://ftp.oscada.org/ALTLinux/6/branch noarch classic" classic packages of independent from an architecture;
- "rpm ftp://ftp.oscada.org/ALTLinux/6 openscada main" repository of OpenSCADA packages.
- "rpm
2.8 VPS: Debian{8,9} builder
Address: bldrDeb8.oscada (192.168.0.101), bldrDeb9.oscada (192.168.0.102)Service: Live-disks and firmwares building environment of the Linux distributive Debian 7 and 8 of the hardware platforms x86 and x86_64.
Base of the VPS: OS Linux distributive Debian 8 (Jessie) x86_64, Live System Build Components (live-build).
The VPS contains and provides set of the Live System Build configurations which mostly used from the
AutoBuilder system of OpenSCADA and also allowed for manual its using. Some pure ToolChain-based builds located into the VPS. Allowed "Live System Build" configurations and toolchains shown into Table 2.8.Table 2.8: Live System Build configurations
For the Live-disks unmistakable building the original packages repositories of Debian 7 and 8 cached on the server by "APT cacher of new generation" and some repositories like
Trinity DE are located on the server and it is regular mirroring performed by "APT mirror". By the OpenSCADA project was created a self repository of packages included builds of the OpenSCADA packages and other programs with fixings and renewals, for details see to the Automation Linux distributive of the project OpenSCADA. Next actual repositories for Debian cached and placed on the OpenSCADA server:- Debian 7:
- "deb http://ftp.ua.debian.org/debian/ wheezy main non-free contrib" cached main, non-free and contribute packages of Debian;
- "deb http://ftp.ua.debian.org/debian/ wheezy-updates main non-free contrib" cached main, non-free and contribute packages of Debian updates;
- "deb http://ftp.ua.debian.org/debian/ wheezy-backports main non-free contrib" cached main, non-free and contribute packages of Debian backports;
- "deb http://ftp.ua.debian.org/debian-security/ wheezy/updates main non-free contrib" cached main, non-free and contribute packages of Debian security updates;
- "deb ftp://oscada.org/Debian/7/trinity-sb/ wheezy main-r14 deps-r14" located main and dependents packages of Trinity DE R14 for Debian;
- "deb ftp://oscada.org/Debian/7/openscada/ ./" repository of OpenSCADA packages.
- "deb
- Debian 8:
- "deb http://ftp.ua.debian.org/debian/ jessie main non-free contrib" cached main, non-free and contribute packages of Debian;
- "deb http://ftp.ua.debian.org/debian/ jessie-updates main non-free contrib" cached main, non-free and contribute packages of Debian updates;
- "deb http://ftp.ua.debian.org/debian/ jessie-backports main non-free contrib" cached main, non-free and contribute packages of Debian backports;
- "deb http://ftp.ua.debian.org/debian-security/ jessie/updates main non-free contrib" cached main, non-free and contribute packages of Debian security updates;
- "deb ftp://oscada.org/Debian/8/trinity-sb/ jessie main-r14 deps-r14" located main and dependents packages of Trinity DE R14 for Debian;
- "deb ftp://oscada.org/Debian/8/openscada/ ./" repository of OpenSCADA packages.
- "deb
- Debian 9:
- "deb http://ftp.ua.debian.org/debian/ stretch main non-free contrib" cached main, non-free and contribute packages of Debian;
- "deb http://ftp.ua.debian.org/debian/ stretch-updates main non-free contrib" cached main, non-free and contribute packages of Debian updates;
- "deb http://ftp.ua.debian.org/debian/ stretch-backports main non-free contrib" cached main, non-free and contribute packages of Debian backports;
- "deb http://ftp.ua.debian.org/debian-security/ stretch/updates main non-free contrib" cached main, non-free and contribute packages of Debian security updates;
- "deb ftp://oscada.org/Debian/9/trinity-sb/ stretch main-r14 deps-r14" located main and dependents packages of Trinity DE R14 for Debian;
- "deb ftp://oscada.org/Debian/9/openscada/ ./" repository of OpenSCADA packages.
- "deb
2.9 VPS: OpenSCADA models
Address: oscadaModels.oscada (192.168.0.110)Service: OpenSCADA models of automation systems execution and the Web-based external access providing.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, OpenSCADA.
All the OpenSCADA models were prepared for no any modified installation provide and easy its deploy besides some specific passwords setting into the config file. For now prepared and executed next models: