Hello,

I need hardware and software to retrieve data from remote MODBUS energy meters using GSM GPRS.

Any ideas or offers would be appreciated?

regards
António Mota

 

What country?

Your biggest problem might be whether you can use 'mobile-terminated' (so your Master polls), or 'mobile-originated' (so the device pushes, or acts as Master to write to central).

Mobile-terminated requires either fixed IP, or some form of DDNS support. Not all carriers offer fixed IP, while others offer them at anywhere from us$5 to $25 extra per month (big 1000+ unit customers might get for free). A few countries only offer what is called 'private IP' (like your iPhone or Android), which means you'll have *NO* ability to ever poll from a central master. Your device have a private non-routable IP like 10.x.x.x.

With Mobile-originated, you'll need a smart or programmable cellular device which can poll your Modbus data locally, then write (or push) it up to your host. mobile-originated has the big advantage of working in ALL countries on ALL carriers. Since if could add some smart alarm handling, it also can reduce your monthly cellular costs by NOT uploading data which isn't very interesting.

 

Hi Antonio,

It sounds as if our product Netbiter is just what you are looking for.
It has a Modbus master and the solution has reporting, dashboard, alarming etc.

www.netbiter.com

//Me

 

Hello,
You can use the Moxa module with GPRS modem, AirLink Fastrack Xtend programmable GPRS modem, or get any GPRS modem and embedded system with Linux.

Regards,
Andrzej
www.modbus.pl

 

Any system capable of modbus communication will work. The important piece is this.. What are you doing with the data?

If you are just displaying it, get an HMI. If you are storing it for historical records, get a historian system. If you are doing SCADA, for the love of all that is holy, get a SCADA system.

As far as GPRS communications... Modbus is an insecure protocol. Anyone who can connect to TCP port 502 over your GPRS network can control, and potentially modify your device. Hacking tools exist for modbus. If you are using it for control (like remote shutoff or something), be especially aware of this.

Since Modbus is likely what you have on the meter and you can't change it, you need a GPRS modem that will add security for your communications, specifically you want encryption and firewall functionality. The only device I've seen so far that does this is the Digi Connect Device. http://www.digi.com/products/wireless-routers-gateways/routing-gateways/digiconnectwanfamily

I have no relationship where I would benefit from recommending this product, it's just the only one that has security features that works with SCADA type applications that I've seen.

Mike Toecker, PE
www.digitalbond.com

 

I actually do work for Digi :-], and one partial and one full solution exist.

The full/perfect solution is to use a VPN tunnel over cellular, which means your Modbus is then fully hidden. The Digi ConnectPort WAN or WR21 product Micheal mentions supports modern IPSec tunnels. In locations WITHOUT fixed/predictable IP support, VPN can also be used to allow the gateway to open the tunnel back to a central VPN concentrator, which allows the central host to assign a predictable IP to the remote unit via the tunnel (for example, the remote site might look like a 192.168.x.x subnet on the corp system). This allows the central master to poll the remote slave via this this internal IP.

The partial solution is that one should NEVER open any predictable ports, so no port 23, 80, 502, 44818 (Rockwell) etc. If you must expose your Modbus/TCP, change the port to some random value like 53289 (pick something) as then a probe detecting the port won't instantly know what it is. All reasonable cellular products (the Digi, Moxa, AirLink, ...) will allow you to fix-up the port through the firewall. So if you master can open Modbus/TCP on port 53289, the gateway then maps this to 502 internally, so the PLC or Meter is unaware of the ruse. The Modbus is on port 53289 on the public network, but 502 on the isolated Ethernet by the meter/plc.

And do not assume because they don't know your PLC program or device, that they 'can not turn off the pump' - what happens if someone just zero's your entire holding register range? That would fun for a kid in school. What would that do to your PLC program! In fact, turning a pump on/off implies an inside job, which means leaves a trail. So even if I know which coil/register to change, if I wanted to mimic an attacker I'd just zero (or 0xFFFF) the full range to hide my understanding.

Last time I checked (on an AT&T SIm with fixed IP), my gateway was receiving from 10 to 100 'probes' per day, which means someone connects and tries to open FTP or SQL or any of many remote-desktop schemes. I don't remember ever seeing a probe of 502, but that doesn't mean one won't show up. By the way, you MUST pay for all of the probes! So do not expect a public exposed IP to have no traffic/cost unless you use it. 100 probes could easily eat 100-250K of your data plan. If someone tries a dictionary attack on your port 80 web server with a username/password, that could cost you dozens of MB per day. (all reasons to avoid fixed IP under cellular).

 

Lynn,

Bad guys are well aware of the 'switch port numbers' trick, they invented it. This isn't security, it's the equivalent of telling someone not to bump the non-covered big red trip button that is conveniently located near butt level in a claustrophobic and busy turbine shack.

The best option as it stands today to prevent your modbus device from becoming someone else's modbus device is to encrypt it. This costs more $$$ and more time, we really need secure protocols in automation to do internet based stuff.

Mike

 

Hi Antonio,

The GT-540 (2G) and GT-540-3GWA (3G) are Modbus RTU device servers that allow you to get Modbus RTU data back over the cellular network.

GT-540: http://www.icpdas-usa.com/gt_540.html

GT-540-3GWA: http://www.icpdas-usa.com/gt_540_3gwa.html

M2M RTU Center is free software that allows you to monitor and control Modbus RTU devices remotely. It can be used with SCADA software on a PC.

Free M2M RTU Center: http://www.icpdas-usa.com/m2m_rtu_center.html

If you have any questions, let me know.

Maria Lemone
ICP DAS USA, Inc.