Learn to set up network connections for the RTDS Simulator in three ways: stand-alone local area network (LAN) setup, main network setup, or remote access.
Stand-alone local area network (LAN) setup
- RTDS simulator and host computers are all connected together via Ethernet switches.
- Host computers manually configure their IP addresses to be in the same range as the RTDS simulator so that communication is possible.
Main network setup with VPN
- The standalone configuration can be used as the base and then built up to connect to the main network.
- RTDS simulators are configured using static IP addresses provided by the user’s IT department.
- With the RTDS simulator reconfigured with the new IP addresses provided by IT department, the RTDS simulator can now be connected to the main network. This will allow anyone connected to this network to access the RTDS simulator and run simulations.
- It also allows other users in physically distant locations to run simulations if they can VPN/remote desktop. VPN network should be setup to connect to the main network through a firewall for the safety of the main network. Typically (but not always), the VPN and firewall are one device.
Advantages of VPN network
- Anyone with a VPN client can keep their RTDS cases and data local to their PC.
- Does not require as much physical infrastructure because there’s no need for a local workstation or jump server.
- If you use an open source VPN solution, such as OpenVPN, it can be reasonably inexpensive to deploy.
Disadvantages of VPN network
- Because of the way VPNs are usually implemented, the connected PC is usually connected to an adjacent routable network rather than being connected directly to the RTDS network. This means that these workstations will typically not be able to see non-routable protocols such as IEC 61850 GOOSE or IEC 61850 SV. The GTNET card often uses these protocols, and it’s useful to see them using Wireshark on a PC. However, this is not possible because of how routed VPNs work.
- VPNs effectively extend your security perimeter out to the PCs. So the PCs also need to be secured.
Setup using jump server for remote access
- RTDS simulators are configured using static IP addresses provided by the user’s IT department.
- After configuring the RTDS simulators with the updated IP addresses, they can link up with a jump server workstation.
- This way RTDS simulator is not connected to the main network and is only accessible through the jump workstation. Users from the main network connect to the RTDS simulator through a firewall jump server.
Advantages of jump server network
- A Jump server is a PC or Windows Server directly connected to the RTDS network. Because of this, it should be able to see non-routable protocols such as IEC 61850 GOOSE and SV (as explained above) using Wireshark.
- RTDS cases and data are stored on the jump server; this can simplify backups and security.
Disadvantages of jump server network
- This solution is not as scalable as a VPN solution.
- Users may want to use a Windows Server operating system with Windows Terminal Server installed, with enough licenses to accommodate all the users. And the Windows server will have to have enough physical resources to support those users. All these add to infrastructure costs.
TCP - UDP Ports
TCP Ports Used By RSCAD:
4068,4069,4070,4071 (Required To Download/Run Cases)
TCP Ports Used By Local Computer:
23 (To Telnet to a rack, or other hardware)
There are also various TCP ports that are user-controlled, such as:
502 (If Using Modbus Script Functionality on the Default Port)
--- (Any Port Specified in the Listen on Port Runtime Script Command)
--- (Any Port Specified by the PMU Component in Draft)
UDP Ports:
2,4455,4456,53693 (Required To Download/Run Cases)
The *SOURCE* TCP and UDP port numbers are randomly allocated by user’s PC (this is typical of most TCP/IP client software).
However, there are times when RTDS racks need to send asynchronous commands back to the RSCAD clients which can cause issues when the traffic goes through a NAT firewall. For this reason, using a NAT firewall between RSCAD clients and the RTDS racks is not