To maintain security, ClearSCADA changes the Session Keys whenever either a Change Interval or Change Count is reached (whichever is the shorter). ClearSCADA also changes the Session Keys after any communications failure.
Use the fields within the Session Keys section of the Security tab to specify the change criteria.
Ideally, the values that you specify in these fields should equate to half that of the values configured in the outstation itself. This should help to prevent the outstation from invalidating the Session Keys unnecessarily if an expected Session Key Change is delayed. In certain circumstances, Session Key Change delays can occur, for instance, when the system is exceptionally busy.
- Change Interval—Use to specify the frequency with which ClearSCADA is to change the Session Keys. The default is 15M (15 minutes). If a different interval is required, either overtype the existing entry or use the Interval Window (accessed via the field’s browse button) to specify the required interval. Ideally you should specify an interval that is half that of the interval specified in the outstation itself. When entering an interval, you need to use the OPC Time Format.
- The maximum interval that you can specify varies, depending on the type of communications used by the outstation:
- With outstations that have a direct communications connection that is constantly online, the maximum interval you can specify is 2 hours
- With outstations that are sometimes offline, the maximum interval you can specify is 1 week. Outstations that may be offline at certain times include PSTN only outstations, direct outstations on which communications are ‘On Demand’, and outstations on which communications are ‘Incoming Only’ or ‘Periodic’.
- The interval timer is reset whenever it expires, or the Change Count is reached (whichever is the shorter).
- If required, you can disable the Change Interval by specifying an interval of 0 (zero). With such an interval, ClearSCADA changes the Session Keys whenever the Change Count is reached, or on re-establishing communications with the outstation.
- Change Count—Use to specify the maximum number of authentication messages that can be transmitted between ClearSCADA and this outstation before the Session Keys have to change. The default is 1000 authentication messages. If required you can specify a different number of messages, in the range 1 to 10,000 inclusive. Ideally you should specify a count that is half that of the count specified in the outstation itself.
- The count is reset whenever it is exceeded, or the Change Interval expires (whichever is the shorter).
Whenever either change trigger is reached, ClearSCADA changes the Session Keys.
Should communications fail at any time, the current Session Keys will be invalidated. When the communications with the outstation are re-established, ClearSCADA will re-initialize the Session Keys.
Further Information
‘On Demand’ outstations: see Specify Whether the Direct Communications Connection is Always Online or only Available on Demand in the ClearSCADA Guide to Advanced Drivers.
‘Incoming Only’ and ‘Periodic’ communications: see Specify the Availability of Communications Between the Outstation and ClearSCADA in the ClearSCADA Guide to Advanced Drivers.