To maintain security, the DNP3 master changes the Slave outstation’s current set of Session Keys whenever the DNP3 master’s change interval or change count is reached (whichever is the shorter). The DNP3 master also changes the Session Keys after detecting any communications failure.
Use the fields within the Session Keys section of the Security tab to specify how long the Slave outstation (ClearSCADA) should wait before invalidating its pair of Session Keys, should an expected Session Key Change not occur.
Ideally, the values that you specify in these fields should be twice the size of the values set in the DNP3 master. This will mean that ClearSCADA does not invalidate its Session Keys unnecessarily, should a Session Key Change be delayed when the system is exceptionally busy. (Should the Slave outstation invalidate its Session Keys, it will be unable to process any further critical requests. This will result in authentication failures, causing the DNP3 master to issue a new set of Session Keys once the DNP3 master’s Maximum Error Count has been exceeded.)
- Change Interval—Use to specify the frequency with which the Slave outstation should invalidate its Session Keys.
- We recommend that you specify an interval that is twice that of the DNP3 master’s change interval.
- The default is 30M (30 minutes). If a different interval is required, either overtype the existing entry or use the Interval Window (accessed via the field’s browse button) to specify the required interval. When entering the Change Interval, you need to use the OPC Time Format.
- The interval timer is reset whenever a Session Key Change occurs or the Slave outstation’s Change Count is reached (whichever is the shorter).
- If required, you can disable the Change Interval by specifying an interval of 0 (zero). With such an interval, ClearSCADA invalidates its Session Keys whenever the Change Count is reached.
- Change Count—Use the specify the maximum number of authentication messages that can be transmitted between the Slave outstation (ClearSCADA) and its DNP3 master before ClearSCADA is to invalidate its Session Keys.
- We recommend that you specify a Change Count that is twice that of the DNP3 master’s change count.
- The interval timer is reset whenever a Session Key Change occurs or the Slave outstation’s Change Interval is reached (whichever is the shorter).