Windscada Secure Edition 2.0 Wind KXXX Cfa01 Edb001 en Doc-0079190 r05

- Original Document -
GE Renewable Energy
Technical Documentation
Wind Turbine Generator Systems
All Turbine Types - Onshore
Technical Description
WindSCADA Compact, WindSCADA Refresh,
and WindSCADA Secure Edition 2.0
RDS-PP: WIND = Kxxx CFA01 & EDB001
Rev. 05 - Doc-0079190 - EN 2020-09-29
imagination at work
© 2020 General Electric Company. All rights reserved.
GE Renewable Energy
Visit us at
www.gerenewableenergy.com
All technical data is subject to change in line with ongoing technical development!
Copyright and patent rights
All documents are copyrighted within the meaning of the Copyright Act. We reserve all rights for the exercise of
commercial patent rights.
© 2020 General Electric Company. All rights reserved.
This document is public. GE and the GE Monogram are trademarks and service marks of
General Electric Company.
Other company or product names mentioned in this document may be trademarks or registered trademarks of
their respective companies.
imagination at work
WindSCADA_Secure Edition_2.0_WIND = Kxxx CFA01 & EDB001_EN_Doc-
0079190_r05.
GE Renewable Energy Technical Description
Table of Contents
Document Revision Table.................................................................................................................................................................. 7
Abbreviation List.................................................................................................................................................................................. 5
1 Introduction ................................................................................................................................................................................. 6
2 WindSCADA System Offerings for New Windfarms......................................................................................................... 7
2.1 WindSCADA Secure Edition 2.0..................................................................................................................................... 7
2.2 WindSCADA Compact...................................................................................................................................................... 7
2.3 More than 200 WTGs ....................................................................................................................................................... 9
3 WindSCADA System Offerings for Existing Windfarms .................................................................................................. 9
3.1 WindSCADA Refresh ........................................................................................................................................................ 9
3.2 WindSCADA Secure Edition 2.0 for Upgrade ............................................................................................................. 9
3.3 More than 200 WTGs ....................................................................................................................................................... 9
3.4 Summary of System Functions.................................................................................................................................... 10
4 Network Topology Description ............................................................................................................................................. 11
4.1 Overview ............................................................................................................................................................................ 11
4.2 Environmental.................................................................................................................................................................. 14
5 Cybersecurity Features .......................................................................................................................................................... 16
5.1 Anti-Malware Endpoint Protection ............................................................................................................................ 16
5.2 Segmented Network ...................................................................................................................................................... 17
5.3 SCADA Firewall ................................................................................................................................................................ 17
5.4 (Optional) Wind farm Firewall ..................................................................................................................................... 17
5.5 Switch Hardening ............................................................................................................................................................ 17
5.6 Turbine Secure Mode ..................................................................................................................................................... 18
5.7 Access Control System - Microsoft® Active Directory® ....................................................................................... 18
5.8 The ANIXIS™ Password Policy Enforcer™ ................................................................................................................. 19
5.9 Domain Controller........................................................................................................................................................... 19
5.10 Backup Domain Controller............................................................................................................................................ 19
5.11 Certificate Authority....................................................................................................................................................... 19
5.12 Security Information and Event Management (SIEM)........................................................................................... 20
5.13 Backup and Recovery ..................................................................................................................................................... 20
5.14 Regulatory and Standards alignment ........................................................................................................................ 21
5.15 WindSCADA Services ..................................................................................................................................................... 21
6 Wind Plant Fiber Optic Network .......................................................................................................................................... 22
6.1 Customer Scope .............................................................................................................................................................. 22
6.2 Customer’s Fiber Optic Contractor Scope ............................................................................................................... 22
6.3 GE Scope ............................................................................................................................................................................ 23
6.4 Single Mode Fiber Optic Cable Specification ........................................................................................................... 23
6.5 Wind Farm Cable Distance Design Requirements................................................................................................. 24
6.6 Windfarm Network Fiber Loops.................................................................................................................................. 24
7 System Compatibility .............................................................................................................................................................. 24
8 System Interfaces .................................................................................................................................................................... 25
8.1 Local System Interface Support.................................................................................................................................. 25
8.2 Modbus TCP/IP Client Interfaces to Customer Supplied Met Mast Dataloggers........................................... 25
8.3 Modbus TCP/IP Client Interface to Customer Supplied devices within the Substation .............................. 26
8.4 Customer Integrated IO................................................................................................................................................. 27
9 WindSCADA Remote System Integration (RSI) ............................................................................................................... 28
9.1 ODBC Connection ........................................................................................................................................................... 28
9.2 OPC Connections ............................................................................................................................................................ 28
9.3 Data licensing................................................................................................................................................................... 28
9.4 RSI Technical Specifications ......................................................................................................................................... 29
9.5 OPC Tags for Basic Monitoring .................................................................................................................................... 30
PUBLIC – May be distributed external to GE on an as need basis.
UNCONTROLLED when printed or transmitted electronically.
© 2020 General Electric Company and/or its affiliates. All rights reserved.
WindSCADA_Secure Edition_2.0_WIND = Kxxx CFA01 & EDB001_EN_Doc-0079190_r05

Document Revision Table

Date Affected
Rev. Change Description
(YYYY/MM/DD) Pages
01 2019/11/20 - New document, initial release.
02 2019/12/19 - ADDED Offshore to the scope and RDS-PP Code

Removed Offshore from the scope, modified product names, added WindSCADA
03 2020/07/20 -
Refresh
Removed Offshore from the scope, modified product names, added WindSCADA
04 2020/07/26 -
Refresh – With updates
28 Modified Section 9 WindSCADA Remote System Integration (RSI)
28 Modified Section 9.2 OPC Connections

05 2020/09/29
28 Modified Section 9.3 Data licensing
30 ADDED Section 9.5 OPC Tags for Basic Monitoring

Abbreviation List
GPS Global Positioning System
HMI Human Machine Interface
IO Input / Output
LAN Local Area Network
ODBC Open Data Base Connectivity

Open Platform Communications, (formerly “OLE for Process Control”) DA, unless
OPC
explicitly mentioned otherwise
O&M Operations and Maintenance
PC Personal Computer
PLC Programmable Logic Controller
RTU Remote Terminal Unit
SCADA Supervisory Control and Data Acquisition
SQL Structured Query Language
SSI Substation Interface
TCP/IP Transmission Control Protocol/Internet Protocol
UPS Uninterruptible Power Supply
WTG Wind Turbine Generator

WindSCADA_Secure Edition_2.0_WIND = Kxxx CFA01 & EDB001_EN_Doc-0079190_r05 5/33
1 Introduction
The GE Renewable Energy wind plant Supervisory Control and Data Acquisition (WindSCADA) system is a
supervisory control and operational data management system for a wind plant (wind farm) consisting of GE
wind turbines. WindSCADA is a fully integrated and easy-to-use system that improves productivity and
profitability of a wind plant. The solution integrates high reliability, superior data integrity, open system access,
and advanced data management into a single platform. This system also includes fully integrated, web-based
operator screens that are powerful and flexible. In addition, a web-based wind plant level reporting system
allows operators, owners and other stakeholders to monitor and analyze historical wind plant operation and
performance. This all-encompassing tool set can support a wind plant which consists of up to 200 wind turbine
generators (WTG) depending upon the system configuration.
WindSCADA features a full range of unified and integrated modules to meet individual wind plant site
requirements. These functions allow information to be shared between wind plant assets and enterprise
applications, helping organizations to improve operational efficiencies. Unified modules are focused on specific
applications such as real time data collection, historical data collection, archiving, alarm management,
enterprise interfaces, and can be implemented individually or as part of an overall solution. The open
architecture of the GE Renewable Energy WindSCADA system allows wind plant operators to start with a basic
monitoring, control and reporting system, while maintaining the ability to expand as needed to meet the
evolving requirements of wind plant operations.
The WindSCADA system offerings are available in flexible packages based on wind farm needs. The most
advanced GE WindSCADA system, WindSCADA Secure Edition 2.0, provides significant cybersecurity
capabilities to elevate the security level of a windfarm. These capabilities align to international cybersecurity
standards like ISA/IEC 62443 and NERC CIP.

6/33 WindSCADA_Secure Edition_2.0_WIND = Kxxx CFA01 & EDB001_EN_Doc-0079190_r05
2 WindSCADA System Offerings for New Windfarms

GE WindSCADA is available in WindSCADA Secure Edition 2.0 or WindSCADA Compact packages to fit the
needs of a new windfarm installation:
2.1 WindSCADA Secure Edition 2.0

The WindSCADA Secure Edition 2.0 is the most robust GE WindSCADA platform available for all new windfarm
installations. Customers will have the benefits of a system with comprehensive plant-level and unit-level user
interface screens, advanced data manipulation and alarming functions, connectivity and interoperability with
other systems, as well as an integrated rational database that enables comprehensive reporting on plant and
unit metrics. The system database stores three years of detailed ten-minute records, as well as 20 years of key
operational data (aggregated).
The system provides several preconfigured database scripts and jobs to facilitate ODBC interactions with the
historical data. The WindSCADA Secure Edition 2.0 supports up to 200 WTGs.
The WindSCADA Secure Edition 2.0 includes the following items:
 Global Positioning System (GPS) Time Synchronization server with antenna

 Extended UPS Backup Time (extends backup time from 30 to 60 minutes)
 System Interface
 One Modbus TCP/IP interface to 3rd party system, such as a substation RTU (pre-qualification
required by GE)
The WindSCADA Secure Edition 2.0 is also the most security enabled WindSCADA platform with a segmented
network architecture and cybersecurity features as described in Section 5.
2.2 WindSCADA Compact

WindSCADA Compact is specifically designed for small wind plants that do not have a substation or control
room for the full-size WindSCADA rack. The WindSCADA hardware is installed inside a compact enclosure that
is mounted inside the WTG tower or small control room.
The system provides the same features and functionality as WindSCADA Secure Edition 2.0 with the following
restrictions and limitations:
 Limited to wind farms of less than 20 GE onshore wind turbines

 Only one fiber optic loop available
 UPS backup time of ten minutes
 Historical data is limited to 1 year of wind plant operational and alarm data records. No additional
backup is provided. Customers should schedule periodic backup 1
 Lifetime aggregated data is limited to 10 years
1 Available with WindSCADA11.0 SP2 and newer, 45 days for older version

 No CD or DVD writer for backup purposes. Customers can utilize standard portable USB devices
(DVD, external hard drive, etc.) for backup.
 Five simultaneous SiteWebHMI connection sessions are included, and additional five SiteWebHMI
connections can be optionally added.
The WindSCADA Compact enclosure includes a network switch for network connectivity. The optional product
components that can be installed within the enclosure while maintaining certification compliance are:
1. GE managed WAN router for remote monitoring service

2. Extra WindSCADA meteorological mast interface PC
3. CMS server instance
4. Compact server for security package
5. GPS time server
Any additional devices would require re-evaluating certification compliance.
The primary HMI at the turbine level is implemented through a web-based interface. WindSCADA also provides
a web-based HMI for supervisory control at the wind farm level and for remote access. The system supports
connectivity to GE meteorological mast (metmast) interfaces, but no additional device (e.g. dataloggers) can be
installed in the WindSCADA Compact enclosure due to space limitations.
Cybersecurity features can be available through an optional cybersecurity package. Please refer to Section 5 for
additional details on options.

2.3 More than 200 WTGs

For Wind Farms that have more than 200 WTG up to 500 WTG, a custom engineered SCADA from GE is
required in order to provide a suitable system. GE provides detailed system configuration and specification as
part of the custom engineered solution.
3 WindSCADA System Offerings for Existing Windfarms

3.1 WindSCADA Refresh
For customers with existing windfarms it is recommended old or obsolete hardware is upgraded periodically to
ensure performance and security are maintained on the system. GE's WindSCADA Refresh is specifically
designed to meet that need.
The WindSCADA Refresh includes upgrade of operating systems, SQL license if needed, end-of-life hardware
components like GE router and core switch and some select security features as described in Section 5. Some
software upgrades may require hardware upgrades outside of the included scope which will be determined
based on the existing WindSCADA system at site.
The WindSCADA Refresh is designed to fit a standard rack and therefore cannot be used to upgrade previously
installed WindSCADA Compact units, however, upgrade options for WindSCADA Compact can be quoted, if
desired.
3.2 WindSCADA Secure Edition 2.0 for Upgrade

WindSCADA Secure Edition 2.0, described in Section 2.1, can also be available for upgrade of existing
WindSCADA Systems but requires a full rack replacement and additional engineering effort to design the
network IP scheme for implementing network segmentation into an existing installation.
3.3 More than 200 WTGs

For Wind Farms that have more than 200 WTG up to 500 WTG, a custom engineered SCADA from GE is
required in order to provide a suitable system. GE provides detailed system configuration and specification as
part of the custom engineered solution.

3.4 Summary of System Functions

WindSCADA
WindSCADA WindSCADA
Secure Edition
Compact Refresh**
2.0
Number of Wind Turbines supported 20 200 200
Web based HMI and Reporting for PC Included Included Included
Local Data Storage (10-min historical
1-yr 3-yr 3-yr
record)
Main Functions
Local Data Storage (1-hr aggregation) 10-yr 20-yr 20-yr

UPS backup 10min 30min 60min
GPS time synchronization system Optional Included Included
One desktop PC for user interface Optional Optional Optional
One laptop for user interface Optional Optional Optional
Rack mounted keyboard and monitor No Included Included
Multi-language support - English,
Included Included Included
French, Spanish, German, and Chinese
Network Segmentation No No Yes

Windfarm Firewall Optional Optional Optional
Anti-Malware (McAfee) Yes1 Yes Yes
Cybersecurity Functions
Backup Domain Controller No No Yes

SCADA Firewall No Yes Yes
Backup and Recovery No Yes Yes
Password Policy Enforcement No No Yes
Switch Hardening2 Yes Yes
Turbine "Secure Mode" feature No Yes
Optional
Domain Controller Yes Yes
Security
Active Directory Yes Yes
Package 3
Certificate Authority No Yes
Log File Management No No
Security Information Event Manager
No Yes Yes
(SIEM)
1
Only available for replacing existing WindSCADA Standard or Plus installations
2
Requires managed switches
3
Can be quoted separately as requested

4 Network Topology Description

4.1 Overview
The GE Renewable Energy WindSCADA system is designed with a flexible architecture in order to support the
broad requirements of different applications and to address the various functions of wind plant monitoring,
control, visualization, and reporting. The system can expand to support the addition of incremental wind farm
assets, such as additional GE WTGs, the GE WindCONTROL wind park management system, meteorological
dataloggers, and substation/utility interfaces. Customer-supplied device interfaces require validation by GE.
The schematics below portray the most advanced WindSCADA system offering: WindSCADA Secure Edition 2.0.
The network topology connects the WindSCADA, WindCONTROL, and turbines on the wind farm network
utilizing the Purdue Model or IEC 62443 zones and conduits approach to segment the network :
Figure 1: Wind Farm Network System Topology for WindSCADA Secure Edition 2.0 demonstrating segmentation

WAN
IPSec
VPN
Cus tomer FW GE Wind Rou ter GE Site
IPSec
VPN
Customer Scope DMZ Switch Cus tomer

Cus tomer
Site
PE
Customer Scope
IPSec
VPN
3rd Party Site

Cus tomer
Direct Marketing / Energy Compliance
Core
SCADA Rack
Virtualization In Us e for Infrastructure DMZ FW
USB Server DMZ Core
NTP Remote Security Cus tomer
Wind Farm
Wind Farm FW
SCADA Core
OBDC Modbus CMS OPC Wind Farm

AI Master Edge
(Transparent) FW
Optional Components
Figure 2: WindSCADA Secure Edition 2.0 options and scope view
NOTICE
Not all components or systems may be included in a standard project.

Figure 3 shows the network topology for WindSCADA Refresh which has been designed as a retrofit solution to
upgrade existing WindSCADA Standard or Plus models to a more secure architecture without disruption of the
existing IP scheme or replacement of the SCADA rack.
Figure 3: WindSCADA Refresh
Figure 4 shows the network topology for WindSCADA Compact which is the SCADA solution intended for
windfarms with 20 or less turbines.

Figure 4: WindSCADA Compact System
The WindSCADA system consists of the following primary subsystems:
 Wind Plant Local Area Network (SCADA LAN) is an Ethernet fiber optic-based system that
connects all GE WTGs within the wind plant to the WindSCADA rack. The LAN also connects
optional components such as the WindCONTROL plant-level control system, Substation Interface
Device and other approved/validated customer-supplied devices which interface with the
WindSCADA system.
 WindSCADA real-time system is the collection of services and applications which gather data from
the WTGs and auxiliary systems (WindCONTROL, substation, metmasts) and present them in real-
time to the client interfaces. It resides primarily on the servers in the SCADA rack but includes
applications running on the substation and metmast interface devices.
 The WindSCADA historical system includes a relational database of plant operational data, which
collect the historical (10-min) records from the WTG controllers and auxiliary systems.
Additionally, the historical system includes the reporting service for querying and running reports
on this data.
4.2 Environmental
For WindSCADA Secure Edition 2.0 and WindSCADA Refresh , the SCADA server rack is typically located in the
substation control room or in an adjacent O&M building. The equipment must be in an environmentally
controlled location. (Operating temperature +20°C +/-25 %, protected against rain, dust, moisture, etc.). The
SCADA rack requires one square meter of floor space and 1.2 meters of clearance in all directions to allow for
access and the operation of the cabinet doors. Cable entry can be routed from either the top or bottom of the
rack for network connectivity and power. The rack is 1.85 m tall x 0.625 m wide x 1.2 m deep and weighs
approximately 500 kg.
For the WindSCADA Compact configuration the SCADA hardware is designed to be installed inside a
WindSCADA Compact enclosure located within the WTG. When deploying the WindSCADA Compact edition,
GE provides all power connections. Equipment supplied for this deployment will be environmentally compatible
with other control equipment within the WTG. The Universal Cabinet which houses WindSCADA Compact is
2.1 m tall x 0.6m wide x 0.6 m deep and weighs about 300 kg.
Power requirements are typically:
 WindSCADA 2.0:
 Power consumption: 1500 W
 Heat dissipation: 5465 BTU/h
GE recomends the following breakers:
 Europe and 50 Hz market region: one circuit 230 VAC / 50 Hz / 16 A

 60 Hz market region: one circuit of 120 VAC / 60 Hz / 30 A / NEMA L5-30R Outlet
 Compact:
 Power consumption (without heater and A/C unit): 575 W
 Power consumption of heater: 1000 W
 Power consumption of A/C unit: 1334 W
 Heat dissipation: 2080 BTU/h
GE recomends the following breaker:
 One circuit of 230 VAC, 50 or 60 Hz, 15 A, which is standard for GE turbine auxiliary power supply.

5 Cybersecurity Features
WindSCADA Secure Edition 2.0 provides a comprehensive cybersecurity solution. An in-depth approach to
cyber solutions is integrated into the wind farm's industrial control system via:
 Anti-virus Endpoint Protection

 A segmented network architecture
 Firewalls at conduits that separate zones within the network
 An optional Windfarm Firewall, with GE pre-configurations at the point of external data
connection to enable secure windfarm connectivity for customers
 Hardening of the infrastructure equipment
 Secure and encrypted communication for management traffic and data replication
 Identity Management Services (Certificate Authority, Directory and Policy Services)
 Security Information and Event Management (SIEM)
 Industrial Protocol Inspection
 Integrated Backup and Recovery System
 Patch Validation Services to provide long-term support in keeping pace with new vulnerability and
security updates from 3rd party SW providers (optional)
 The WindSCADA Refresh contains a subset of these cybersecurity features. See Section 3.4 for details.
5.1 Anti-Malware Endpoint Protection

WindSCADA Compact, Refresh and Secure Edition 2.0 ships with McAfee™ as the standard offering for unified
End Point Protection application which provides antivirus and malware protection. The system is continuously
monitored for viruses, spyware, rootkits, Trojans, and adware. When detected, offending files are blocked, and
the data is consolidated to the SIEM for logging and management. The system is initially provided with a 1-year
license which requires the customer to update and maintain End Point Protection capability.
As part of the GE Renewables Patch and Vulnerability Management Program subscription service or the Wind
Farm Health Management (WFHM) Program, antivirus threat signatures are validated in a secure simulated
SCADA environment prior to being available to customers for auto-update through the GE update-server.
Threat signature validation is only available for McAfee at this time. GE will also verify, on regular basis, that the
updates successfully occured as part of the Wind Farm Health Management Program.

5.2 Segmented Network

With the WindSCADA Secure Edition 2.0, the wind farm network is designed using a segmentation and zoning
strategy by grouping and separating assets at various secure points. This segmentation helps to prevent any
malicious actor or infection from accessing or moving from one segmented area to another.
Wind Farm and SCADA dataflows are segmented based on the following functions:
 Infrastructure Management
 Windfarm Operations
 Industrial DMZ
 Physically Separation for IT Networks
 Services and Farm Level Function
It is possible to achieve additional security and segmentation at each individual turbine through the
deployment of managed switches within the wind tower.
5.3 SCADA Firewall

To secure the communications in and out of the SCADA environment a next generation firewall will be deployed
on the wind farm for the WindSCADA Refresh and WindSCADA Secure Edition 2.0. The firewall is configured
with a zero-trust model, meaning that all traffic is denied from traversing the environment by default. Individual
rules must be configured based on 5 tuple model. This security appliance is in line between each conduit
inspecting and authorizing traffic across the SCADA network. Both routed and transparent firewall
deployments are strategically deployed at these specific locations. Other functions have been enabled on the
firewall such as reporting, security posture assessments and a one arm sniffer to inspect industrial protocols
out of line (IDS).
5.4 (Optional) Wind farm Firewall

External connectivity is required for remote management and data acquisition of the Wind Farm. It is therefore
imperative that this ingress point utilize a firewall. This firewall provides the customer with control over the
separation point between the Wind Farm network and any other third party (including GE). The administration
of this firewall is in the customer's scope of responsibilities. A standard firewall configuration and policy is pre-
installed on the device. The customer can choose to enable the pre-installed configuration or create a
customized configuration to meet their needs. To support remote site access for GE personnel, the firewall
configuration requirements can be found in the "Technical Description Wide Area Network Connectivity
Requirements" document.
5.5 Switch Hardening

Network switches within the SCADA environment are hardened to protect the network and wind farm from
unauthorized access and attacks. This configuration is accomplished using several techniques from limiting
access to host facing ports to authorizing devices attached to the network. Network status changes,
configuration updates and access to these devices are logged for auditing purposes and compliance.
Furthermore, the logical segmentation is augmented using specialized technology which prevents advanced
techniques for circumventing layer 2 boundaries.

5.6 Turbine Secure Mode

WindSCADA Secure Edition 2.0 provides identity management capabilities that enable the wind turbine
controllers to operate in a "Secure Mode”. Turbine controllers in secure mode provide a variety of important
cybersecurity benefits. For example, in secure mode unencrypted protocols such as telnet, FTP and other
nonessential ports are disabled or closed to and from the controller. Furthermore, access to the controller is
augmented using a public key infrastructure to verify the identity and role of an individual user. This feature
helps to ensure that users are segmented and using the least privilege model when administering the wind
turbines. Moreover, secure mode also activates an application whitelist to ensure only authorized programs can
run on the device.
5.7 Access Control System - Microsoft® Active Directory®

The WindSCADA Refresh and WindSCADA Secure Edition 2.0 use the Microsoft® Active Directory®
infrastructure for access and account management. Privileged access to network devices is managed using
Remote Authentication Dial-In User Service (RADIUS) authentication. Authorized administrators can add and
delete users per site policy, as well as perform role-based user assignments to groups.
This platform domain provides a role-based access control system to manage access to resources and
applications based on the identity and privileges assigned to the user by the administrator. This role-based
concept grants users minimum rights and privileges to perform their role. By limiting the privileges to the
minimum required, user impact on the system is reduced. Proper assignment of user privileges limits the ability
of a user to cause harm to a system through either malicious intent or inadvertent action (e.g. inadvertently
triggered malware).
Role Based Concepts include:
 Each user has an individual identifiable account

 Each user account grants the rights and privileges needed to do the job (and no more)
 Users can have more than one account if they perform more than one role
 Event logs can trace actions back to the (unique, identifiable) user whom initiated the action
Human-machine Interfaces (HMIs) and other computers are also registered within the directory service. Policy
servers enforce access controls across users and computers in the domain. Additionally, access to network
devices is managed using the AAA model (Authentication, Authorization and Accounting).
The access management system is redundant between the primary directory server and the backup directory
server. An audit trail is created for access to the system and is available through the Security Information and
Event Management (SIEM) application.

5.8 The ANIXIS™ Password Policy Enforcer™

Additionally, the WindSCADA Secure Edition 2.0 comes with the ANIXIS™ Password Policy Enforcer™
application which extends the features of Active Directory®. This application provides a single management
point for all password settings for domain accounts. This product enforces additional password restrictions
(length, complexity, reuse, and such) over and above those supported by Active Directory®. An additional
benefit of this program is that its user interface better assists the user in creating a password that meets the
system password complexity requirements. Local accounts on HMIs have password settings governed by
Microsoft Windows® Policy.
The access management system is redundant between the primary directory and the backup directory. An
audit trail is created for access to the system and is available through the Security Information and Event
Management (SIEM) application.
5.9 Domain Controller

The Domain Controller (DC) runs the Windows Server operating system and has Active Directory Domain
Services installed. Microsoft® Active Directory® is used to create a domain for all computers and users in the
system. Active Directory® holds the list of users, rights and privileges granted to each user, the Group Policy
Objects (GPOs), and the assignments of the GPOs. Active Directory® runs on the Domain Controllers, and its
database is queried by all computers in the domain.
Non-domain based elements (such as network switches) access Active Directory® user authentication rights
through RADIUS servers running on the Domain Controllers. The RADIUS servers allow non-domain based
elements to leverage security permissions assigned to domain users to either allow or disallow access to
device.
5.10 Backup Domain Controller

The Backup Domain Controller (BDC) provides customers with a degree of redundancy. If the primary domain
controller has an issue, the Backup Domain Controller will continue to provide user authentication services. To
accomplish this, the domain controllers replicate information between each other to keep them up-to-date.
When a domain controller is started, it attempts to contact an existing running domain controller to
resynchronize.
5.11 Certificate Authority

The Microsoft® Active Directory® Certificate Services is used as the Certificate Authority (CA). The CA issues
and revokes digital certificates between users and services operating in the context of the Domain. The
certificate authority issues digital certificates that certify the ownership of a public key by the named subject of
the certificate. The CA provides a trusted third party, trusted both by the owner of the certificate and the
consumer of the certificate to have valid credentials. The CA enables encryption technologies such as SSL and
HTTPS.
The combination of Active Directory, Domain Controller and Certificate Authority provide key identity
management capabilities that are at the heart of securing access to the turbine controllers, the network
switches and WindSCADA.

5.12 Security Information and Event Management (SIEM)

The SIEM provides the Splunk® application that has a browser-based interface to security-related log and event
information. The Splunk® application presents this information in dashboards that users can review for further
analysis. Users can also extend the predefined queries through building custom queries and reports. Typically,
up to three years of data is available for review.
The Splunk® application receives and collates events received from various sources, including:
1. Microsoft Windows® Active Directory®

2. Microsoft Windows® Event Manager
3. Cisco® IOS® switches and routers
4. Fortinet® Unified Threat Management (UTM) and related devices
5. Devices that can generate Syslog Protocol RFC 5424
6. Mark VIe controller
a. The Splunk® application also records events sent from the sources listed above. Examples of data in
the database include:
 Account changes from Active Directory®
 Configuration changes reported by the Mark VIe controller
 Failed login attempts reported by Active Directory® and network switches
 UTM event records Splunk® information and can be exported to Microsoft Excel® for further
analysis. It is accessed and managed over the Plant Data Highway (PDH) only. Unit Data Highway
(UDH) operation is in listen-only mode
5.13 Backup and Recovery

The WindSCADA Secure Edition 2.0 and WindSCADA Refresh are provided with Acronis® Backup & Recovery®
application for the backup and recovery of computers on the domain. The system is sized to include the security
package and the number of HMIs in the original site configuration. Additional capacity can be added to include
other computers added to the domain. The Acronis® Backup & Recovery® Management Console is used as a
centralized backup management point. It provides dashboard information on backup status, including errors or
warnings related to backup or recovery tasks. Each HMI under security management has an Acronis® Backup
Agent installed to report status to the console.

5.14 Regulatory and Standards alignment

Certain WindSCADA platforms align to industry accepted Industrial Automation and Control System
cybersecurity standards such as IEC 62443, NERC CIP, and NIST 800-82 to provide security for wind farms.
Security features as shown in Section 3.4, align to NERC CIP and IEC 62443 as shown below:
Security Feature NERC CIP alignment* IEC 62443 alignment*
Network CIP-005 R1 - Electronic Security Perimeter IEC 62443-3-3 SR 5.1 - Network Segmentation,
Segmentation SR 5.2 Zone Boundary Protection
Windfarm Firewall CIP-005 R1 - Electronic Security Perimeter IEC 62443-3-3 SR 5.2 customer zone boundary
protection
Anti-Malware CIP-007 R3 - Malicious Code Prevention IEC 62443-3-3 SR 3.2 Malicious Code Protection
Domain Controller CIP-007 R5 - System Access Control IEC 62443-3-3 FR1 Identification and
authentication control
SCADA Firewall CIP-005 R1 - Electronic Security Perimeter IEC 62443-3-3 SR 5.1 - Network Segmentation,
SR 5.2 Zone Boundary Protection
Backup and CIP-009 R1 - Recovery Plans IEC 62443-3-3 SR 7.3 Control system backup
Recovery
Password Policy CIP-007 R5 - System Access Control IEC 62443-3-3 FR1 Identification and
Enforcement authentication control
Switch Hardening* CIP 007 R1 - Ports and Services IEC 62443-3-3 SR 7.7 Least functionality
Turbine "Secure CIP-007 R1 - Ports and Services IEC 62443-3-3 SR 3.1 Communication Integrity
Mode" feature
Backup Domain CIP-007 R5 - System Access Control IEC 62443-3-3 FR1 Identification and
Controller authentication control
Active Directory CIP-007 R5 - System Access Control IEC 62443-3-3 FR1 Identification and
authentication control
Certificate IEC 62443-3-3 FR1 Identification and
Authority authentication control
Log File CIP-007 R4 - Security Event Monitoring IEC 62443-3-3 SR 3.3 Security Functionality
Management Verification
Security CIP-007 R4 - Security Event Monitoring IEC 62443-3-3 SR 3.2 RE2 Central management
Information Event and reporting for malicious code protection, SR
Manager (SIEM) 6.1 Audit log accessibility, SR 6.2 Continuous
monitoring, SR 2.8 Auditable events
*Note: As shown In Section 3.4, some features are not included in all WindSCADA systems.
5.15 WindSCADA Services

To ensure the continued compliance and security posture of a wind farm, the WindSCADA systems should be
monitored for system health, maintained with the latest security patches, and verified for proper operation on a
regular basis. GE Renewable Energy has a suite of services provided in the Wind Farm Health Management
program to maintain the WindSCADA system. These can be purchased as an additional annual subscription.

6 Wind Plant Fiber Optic Network

The following defines GE requirements for the fiber optic cable within the wind plant network and details the
scope of work split between GE, the Customer, and the Customer’s fiber optic contractor. It is the customer’s
responsibility to ensure proper installation, termination, labeling, and testing of the fiber optic cable network.
The GE standard wind plant fiber optic design utilizes single mode 9/125 fiber cable. Any deviation from the
fiber optic specification in this section is considered a deviation from standard and must be agreed upon with
GE.
6.1 Customer Scope

 Procure single mode fiber optic cable per the specification defined within this document.
 Layout the fiber optic cable network according to the GE recommendation, with a minimum
service loop of 9 meters at the point where the cable termination is to take place (turbine,
meteorological interface, WindSCADA rack and WindCONTROL cabinet).
 Provide the communication drawings to GE showing the path of the fiber optic connections
throughout the wind farm, connections to turbine patch panels and connections to network
switches 60 days prior to commissioning start.
6.2 Customer’s Fiber Optic Contractor Scope

 Pull the fiber optic cable through the grommets placed at the bottom of the various enclosures.
 Provide the fan-out kit with a total of twelve pigtails for every twelve-strand cable end. Typically,
two cable ends are pulled inside the turbine controller (in/out), which requires two fan-out kits
with 24 pigtails (unless the turbine is at the end of the array). If met tower input arrives at a
turbine then three cables run into the unit and three fan out kits with 36 pigtails are required. If a
wind turbine generator is at a branch point within the fiber optic network, 36 pigtails are required
in a 3-Way. A maximum of four twelve-strand fiber optic cables is supported. The usage of four
way WTGs must be limited to not exceed one per site and must not follow or precede other
branch points within a fiber optic loop.
 Splice all the fiber optic strands using the fan-out kit of pigtails at the turbine controller, met
tower, substation, and O&M building.
 Connector type LC is universally used.
 Provide all the extra hardware that is not provided by GE (extra patch panels, inserts, fiber optic
connectors, etc.), if changes are made during project construction that are in variance from the
design provided to GE.
 Perform testing on all fiber optic terminations including splices by use of a qualified measurement
system at 1300 nm. Mark and inform the GE representative of any broken fibers.
 After the cable testing is complete, install all the fiber optic connectors at every turbine.
 Connect fiber strands within the fiber optic cable to the rear of wind farm equipment patch panels.
 Use patch cables provided with GE equipment to patch turbines, WindSCADA, WindCONTROL and
other wind farm equipment to the local network. Patch cables must be installed running from the
front of the patch panel to the fiber optic switch included with the wind farm equipment.

 The Send and Receive fibers must be crossed once per connection to a fiber optic switch to ensure
upstream and downstream communication.
 Met mast fiber optics switch and cable from met mast to SCADA server.
6.3 GE Scope
 GE utilizes single-mode fiber within the ring architecture for windfarm LAN per default.
 Provide the fiber optic switches for the GE wind farm network, patch panels and patch cables for
every turbine controller, and in the WindSCADA rack and WindCONTROL cabinet.
 Provide the fiber optic cable inserts that are pre-installed inside the patch panels.
 If the Site Fiber Optic Network Design option is selected, GE will perform the fiber optic network
loop design and provide the fiber optic communication drawings. These drawings must show the
path of the fiber optic connections throughout the wind farm, the connections to turbine patch
panels and connections to network switches based on the customer supplied wind farm collection
system drawing. The collection system drawing must be provided to GE 70 days prior to the start
of commissioning. The Site Fiber Optic Network Design option does not include fiber laying,
splicing, terminating or patching.
6.4 Single Mode Fiber Optic Cable Specification

 The cable must feature standard 9/125 single-mode fiber.
 The core tube must include twelve strands of fiber at a minimum. It must feature a high bandwidth
and must be designed for outside plant applications, underground duct or direct burial.
 Fiber optic cable that includes a steel core, which typically is used in overhead runs, cannot be
installed inside a WTG. Fiber optic cable used inside the WTG must not contain any metallic
materials due to the requirement for isolation of voltage transients.
 The fiber optic cable must at a minimum comply with the characteristic in the table below:
Fiber Optic Type: Single Mode

Fiber quantity: 12
Fiber diameter: 9/125 Microns
0.4 @ 1300 nm dB/km
Maximum attenuation:
0.3 @ 1550 nm dB/km

6.5 Wind Farm Cable Distance Design Requirements

 Single mode E9/125μm fiber optic cables are used for distances up to 20 km (12.4 miles) between
the transmitter and the receiver. Special equipment is required, if the distance is greater than 20
km (12.4 miles) with no intermediate splices and is not included in the standard scope of supply.
 The customer is responsible for informing GE, if the distances exceed 20 km (12.4 miles), so that
the appropriate hardware can be provided at an additional cost to the customer.
6.6 Windfarm Network Fiber Loops

The GE standard network switch configuration at the WindSCADA rack supports up to sixteen independent
fiber optic loops (loop-head switches) of up to 20 WTGs per loop. If there are more than sixteen loops (loop-
head switches), and/or more than 200 turbines total, a GE custom engineered solution is required, which may
include an additional cabinet or rack. WindSCADA Compact only supports one loop.
Every loop must have a dedicated fiber optic cable backbone and a dedicated fiber optic switch. No more than
one fiber optic loop can be accommodated within a single fiber optic backbone. Splitters must not be utilized on
a fiber optic backbone to create multiple loops.
7 System Compatibility
The SCADA system supports the MarkVIe PLC based control system for turbine and farm level controls. There
are SCADA system compatibility requirements that need to be evaluated by GE Application Engineering when a
customer is integrating or adding new Mark Vle PLC turbines into an existing wind plant that has non -Mark VIe
PLC turbines (Bachmann-based or Galileo based controllers). In order to support the Mark Vle PLC turbines, the
existing wind plant level WindSCADA system needs to be WindSCADA Release 11.0 or later. Depending upon
the existing turbine and farm level controllers and WindSCADA system, this can require hardware and/or
software replacement/upgrade of the existing WindSCADA or control system.
When adding new WTGs to an existing site, GE also typically upgrades all the existing WTG controller software
to the latest release to help assure end-to-end SCADA and controls reliability and interoperability. Customers
must also anticipate that a full re-commissioning of WindSCADA and WindCONTROL (if installed) may be
required when new WTGs are added to an existing site.
Customers adding new wind turbines to existing sites will require a new system to take advantage of the new
cybersecurity features added to the system architecture in WindSCADA Secure Edition 2.0.

8 System Interfaces
8.1 Local System Interface Support
The standard WindSCADA platform includes Local System Interfaces (LSI) for Integration of Auxilary on -
premise data generating devices. Detailed specifications for these interfaces are shown in the table below.
More information is provided in the following sections.
WindSCADA WindSCADA WindSCADA Secure

Compact Refresh Edition 2.0
Local System Interfaces (LSI)
Auxiliary Devices (Met mast 5 Devices Supported 12 Devices

12 Devices
dataloggers, RTUs, (Expandable to 7 with 50 Data
50 Data Points/Device
WindCONTROL). additional enclosures) Points/Device
Met mast datalogger and
Optional Optional Optional
substation interface
Modbus TCP/IP interface Optional Optional Included
Custom Integrated Turbine IO 16 non-standard IOs 16 non-standard IOs
No
Support per turbine per turbine
Customer Server
(for use by the customer running
No Included Included
terminal services and other
applications)
Max of 2 Interface Max of 4 Interface
Note Max of 2 Interfaces
VMs VMs
8.2 Modbus TCP/IP Client Interfaces to Customer Supplied Met Mast

Dataloggers
GE presently supports an interface to Campbell Scientific CR1000 and CR3000 met mast dataloggers with the
capability to support other devices dependent upon datalogger communication capability and system
validation by GE. The customer is responsible for datalogger and fiber-optic cabling between the SCADA system
entry point and the met mast, as well as the fiber optic switch.
The data from the met mast(s) is collected by the WindSCADA system for real-time operator displays. In
addition, the data is archived within the system database for historical reporting purposes.
Customer input is required in a comma-separated file format with the following information:
 Met Customer Input Per point

 Met Device Modbus Slave Address
 Met Device IP Address
 Modbus Register Address
 Data Point Description
 Data point units
 Data Point Type (16 bit = Single and 32 bit = Double Word)
 Data Point Signed or Unsigned. Data point Multiplier or Scaling/Conversion Factor
 Data point Normal Position or Active State of the Data Point
 Data Point Precision

8.3 Modbus TCP/IP Client Interface to Customer Supplied devices within the
Substation
Substation device interfaces can be supported as an option. GE presently supports interfaces to GE D20, GE
D25, SEL 2030, SEL 2032, SEL 3332, SEL 3551, and Orion 5R. Other devices can be capable of being supported
dependent upon system validation by GE.
GE scope includes the configuration of an interface of up to 200 data points and development of one
WindSCADA system user interface screen to display this data. Typically, up to ten control outputs (i.e. Open
Breaker) are supported. GE does not support Close Breaker controls due to the lack of Select-Check-Before
Operate functionality within the WindSCADA system.
For every Modbus instance, an instance of the Modbus interface software is required. Currently only one
instance of the Modbus interface software can run on a single virtual machine. That means for every instance of
a Modbus device an additional virtual machine is required.
Customer input is required in a comma-separated file format with the following information:
 SSI Customer Input Per point

 Substation Device Modbus Slave Address
 Substation Device IP Address
 Modbus Register Address
 Data Point Description
 Data point units
 Data Point Type (16 bit = Single and 32 bit = Double Word)
 Data Point Signed or Unsigned. Data point Multiplier or Scaling/Conversion Factor
 Data point Normal Position or Active State of the Data Point
 Data Point Precision

8.4 Customer Integrated IO

Customer Integrated IO enables customers to add external sensors and systems at the wind turbine level. IOs
can be located both up-tower and down-tower. WindSCADA supports all current data types to configure digital
and analog IOs. The web-based HMI displays real-time values and reports for non-standard inputs.
Up to two sets of additional IOs are supported per turbine, one set down-tower and one set up tower. A cabinet
needs to be provided and installed for every IO set. Each IO cabinet contains up to 16 non-standard IO points,
but each turbine only accommodates a maximum of 16 non-standard IOs.
Both digital and analog inputs and outputs are supported. Additionally, control commands that set an AO or a
DO are supported. The IO data is connected via Modbus TCP to the SCADA system. The IO data is not available
to the turbine controller.

9 WindSCADA Remote System Integration (RSI)

The optional WindSCADA Remote System Integration (RSI) module provides the necessary protocols, data and
software services to securely integrate the farm level SCADA system with the Customer's enterprise
infrastructure. Several service product packages are available to increase access and transparency to turbine
data with the protocols necessary to enhance remote Monitoring, Operations and/or Data Collection.
Data access and use of certain classifications of data or data acquisition methods may be subject to additional
terms and conditions. Licensing and pricing are available upon request to support the following WindSCADA
features.
9.1 ODBC Connection

The ODBC Connection enables enterprise integration via ODBC protocol to programmatically access data
within the WindSCADA Historical Database. Customer can run custom queries against the local WindSCADA
database from remote/enterprise systems to generate new reports and datasets across their fleet. ODBC
connections also enable mirroring and batch data transfer from local to enterprise systems. Information
accessible remotely via ODBC Connectivity includes Historical Events, 10 min historical records and Reports.
9.2 OPC Connections

GE WindSCADA provides an external data interface via the Open Platform Commu nications (OPC) Data Access
(DA) or Unified Architecture (UA) specifications. OPC supports real-time data only and can be used to send 1-
second resolution data to external data receivers such as the customer’s enterprise historian database or a
third-party such as an Independent System Operator.
There are technical resource limitations for each WindSCADA platform as described in the “RSI Technical
Specifications” table below. Purchase of the OPC Server License option includes access to approximately 51
fixed tags for Basic Monitoring in section 9.5. Please contact your GE Sales Representative for information on
expanded data licensing.
9.3 Data licensing

WindSCADA Remote System Interfaces are configured according to the purchased data services and licenses.

9.4 RSI Technical Specifications

WindSCADA
WindSCADA WindSCADA
Secure Edition
Compact Refresh
2.0
ODBC Interface
Database connection Optional Optional Optional
configuration
Option
Option
Option Approximately
Approximately
Approximately 50 50 Standard
50 Standard
Standard Remote Remote
Remote
Monitoring Monitoring
Monitoring
Maximum number of Tags/WTG Tags/WTG
Tags/WTG
OPC Items Included w/ OPC Included w/ OPC
Included w/ OPC
Server Server
Server
Expandable to Expandable to
Expandable up to
200,000 tags max. 200,000 tags
5,000 tags.
max.
Maximum number of
Remote System Integration
clients for optimal 3 3 3

performance
Maximum number of
5 5 5
clients
OPC DA & UA
Maximum number of
interfaces 200 200 200
systems
(Concurrent
Maximum number of
interfaces not
supported, must OPC groups for optimal 50 50 50
performance
choose 1)
Maximum number of
OPC Items per OPC 1,000 1,000 1,000
Group
Minimum update rate 1s 1s 1s
For WindSCADA upgrades on existing hardware, actual OPC
performance may vary based on hardware configuration,
total number of connected systems and OPC clients.
OPC Clients may impact performance.

Notes
Tag & client limitations are based upon concurrent open
sessions. For system reliability, ensure all clients disconnect
before re-establishing new sessions. Clients which may leave
prior sessions open when reconnecting will artificially utilize
available capacity.

9.5 OPC Tags for Basic Monitoring

No. Tag Type Tag/Signal Name Unit Description
1 Basic Monitoring AI_CuTorqueAct kNm Generator Torque calculated by CU (kNm)

2 Basic Monitoring AI_GenSpdProximitySensor rpm Generator speed from proximity sensor
3 Basic Monitoring AI_In_GridMonCosPhiAct deg Power Factor from Gridmonitoring device
Measured kWatts from Gridmonitoring
4 Basic Monitoring AI_In_GridMonRealPowerAct kW
device
5 Basic Monitoring AI_In_GridMonVoltageL1Act V V phase A from Gridmonitoring device
6 Basic Monitoring AI_In_GridMonVoltageL2Act V V phase B from Gridmonitoring device
7 Basic Monitoring AI_In_GridMonVoltageL3Act V V phase C from Gridmonitoring device
8 Basic Monitoring AI_In_PitchAngleCurrent1 ° Measured blade 1 pitch position angle
Measured generator speed frim CU
11 Basic Monitoring Cu_GenSpeedAct rpm
generator encoder
12 Basic Monitoring Curt_SCADAPossPower kW Possible power sent to SCADA
13 Basic Monitoring DynCtl_Blad1AngleSetpt ° Blade 1 setpoint
16 Basic Monitoring In_GridMeasVoltL1Act V Phase A Disposal Voltage
17 Basic Monitoring In_GridMeasVoltL2Act V Phase B Disposal Voltage
18 Basic Monitoring In_GridMeasVoltL3Act V Phase C Disposal Voltage
19 Basic Monitoring In_RotorSpd rpm Rotor speed from proximity sensor
20 Basic Monitoring In_WindSpd m/s Wind speed corrected by transfer function
Speed set point of speed regulator pitch,
21 Basic Monitoring OpCtl_MBCSpeedSetptPitch rpm
OpCtl -> DynCtlMBC
22 Basic Monitoring OpCtl_SpeedMode Turbine in manual speed mode
Speed set point of speed regulator pitch,
23 Basic Monitoring OpCtl_SpeedSetptPitch rpm
OpCtl -> DynCtl
Speed set point of speed regulator torque,
24 Basic Monitoring OpCtl_SpeedSetptTorque rpm
OpCtl -> DynCtl
25 Basic Monitoring OpCtl_TurbineStatus Turbine status (enumerated integer)
26 Basic Monitoring Out_CalcTurbineConditionSCADA New Turbine Condition for Scada
27 Basic Monitoring Out_CalcTurbineStateSCADA New Turbine State for Scada
28 Basic Monitoring Out_CurtSTopTime s Curtailment stop time
29 Basic Monitoring Out_CustomerStopTime s Customer stop time
30 Basic Monitoring Out_ExternalStopTime s External stop time
31 Basic Monitoring Out_GridOperationTime s (Grid) operating time
32 Basic Monitoring Out_GridOutageTime s Grid outage time
33 Basic Monitoring Out_InteCurtailTime s UPE: Internal curtailment time

No. Tag Type Tag/Signal Name Unit Description

Time internal curtailment was active but
34 Basic Monitoring Out_InteDetCurtailTime s not limiting turbine power due to
superseding external curtailment
35 Basic Monitoring Out_RepareTime s Repair time
36 Basic Monitoring Out_ServiceTime s Service time
37 Basic Monitoring Out_TotalConsumption kWh Total energy consumed (kWHr)
38 Basic Monitoring Out_TotalProduction kWh Total energy produced (kWhr)
39 Basic Monitoring Out_TurbineDownTime s Outage time
40 Basic Monitoring Out_TurbineOKTime s Turbine o.k. time
41 Basic Monitoring Out_TurbineStatusSCADA Turbine status in SCADA
42 Basic Monitoring Out_WeatherStopTime s Weather outage time
43 Basic Monitoring Out_WindDireStopTime s Wind direction curtailment stop time
44 Basic Monitoring W_In_LoadShutdown Load Shutdown WindSCADA
45 Basic Monitoring W_In_PitchBatteryTest Start battery test WindSCADA
Idle Wtg in feathering position
46 Basic Monitoring W_In_WtgIdle
WindSCADA
47 Basic Monitoring W_In_WtgReset Reset errors WindSCADA
48 Basic Monitoring W_In_WtgStart Start Wtg WindSCADA
49 Basic Monitoring W_In_WtgStop Stop Wtg WindSCADA
50 Basic Monitoring Yaw_PositionToNorth ° Yaw absolute position to north
51 Basic Monitoring Yaw_RevolutionsToUntwist ° Yaw revolutions to untwist pos.


Windscada Secure Edition 2.0 Wind KXXX Cfa01 Edb001 en Doc-0079190 r05

Uploaded by

Copyright:

Available Formats

You might also like

Windscada Secure Edition 2.0 Wind KXXX Cfa01 Edb001 en Doc-0079190 r05

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Windscada Secure Edition 2.0 Wind KXXX Cfa01 Edb001 en Doc-0079190 r05

Uploaded by

Copyright:

Available Formats

- Original Document -

RDS-PP: WIND = Kxxx CFA01 & EDB001

Rev. 05 - Doc-0079190 - EN 2020-09-29

Copyright and patent rights

© 2020 General Electric Company. All rights reserved.

GE Renewable Energy Technical Description

PUBLIC – May be distributed external to GE on an as need basis.

Document Revision Table

01 2019/11/20 - New document, initial release.

02 2019/12/19 - ADDED Offshore to the scope and RDS-PP Code

28 Modified Section 9.2 OPC Connections

30 ADDED Section 9.5 OPC Tags for Basic Monitoring

PUBLIC – May be distributed external to GE on an as need basis.

HMI Human Machine Interface

LAN Local Area Network

ODBC Open Data Base Connectivity

O&M Operations and Maintenance

PLC Programmable Logic Controller

RTU Remote Terminal Unit

SCADA Supervisory Control and Data Acquisition

SQL Structured Query Language

SSI Substation Interface

TCP/IP Transmission Control Protocol/Internet Protocol

UPS Uninterruptible Power Supply

WTG Wind Turbine Generator

PUBLIC – May be distributed external to GE on an as need basis.

GE Renewable Energy Technical Description

PUBLIC – May be distributed external to GE on an as need basis.

2 WindSCADA System Offerings for New Windfarms

2.1 WindSCADA Secure Edition 2.0

The WindSCADA Secure Edition 2.0 includes the following items:

 Global Positioning System (GPS) Time Synchronization server with antenna

2.2 WindSCADA Compact

 Limited to wind farms of less than 20 GE onshore wind turbines

PUBLIC – May be distributed external to GE on an as need basis.

GE Renewable Energy Technical Description

1. GE managed WAN router for remote monitoring service

PUBLIC – May be distributed external to GE on an as need basis.

2.3 More than 200 WTGs

3 WindSCADA System Offerings for Existing Windfarms

3.2 WindSCADA Secure Edition 2.0 for Upgrade

3.3 More than 200 WTGs

PUBLIC – May be distributed external to GE on an as need basis.

GE Renewable Energy Technical Description

3.4 Summary of System Functions

Local Data Storage (1-hr aggregation) 10-yr 20-yr 20-yr

Network Segmentation No No Yes

Backup Domain Controller No No Yes

PUBLIC – May be distributed external to GE on an as need basis.

4 Network Topology Description

PUBLIC – May be distributed external to GE on an as need basis.

GE Renewable Energy Technical Description

Cus tomer FW GE Wind Rou ter GE Site

Customer Scope DMZ Switch Cus tomer

3rd Party Site

USB Server DMZ Core

NTP Remote Security Cus tomer

OBDC Modbus CMS OPC Wind Farm