Ensuring autonomy of the Microgrid assets using Protocol Specific RBAC for Major Utility in the Asia Pacific [IEC62351 based DNP3…

Customer: Utility in Asia Pacific Region

Industry: Microgrids. Defined as a group of interconnected load and distributed energy resources (DER) with clearly defined electrical boundaries that act as a single controllable entity concerning the Main Grid.

Business Case:

In a scenario, where multiple  Microgrids  & utility main power lines were connected to form an interconnected grid, the individual Asset Owners of various Micro Grids lost control and autonomy of their assets. 

Asset Owners, therefore, needed to evolve a mechanism to allow Microgrid Assets to be connected to the Main Grid but still retain Functional Autonomy of their owned assets. 

The mechanism must factor in the following Use cases: 

1. DER Asset Sharing between MicroGrids and Main Grids  for seamless Grid Integration when operating conditions demand it 

• DER Asset Boundary Fencing when the Microgrid owner needs to deny access to their DER resources for reading data, control, or both.

Solutions:  

The Business case criteria were fulfilled by having the Microgrid Network introduced with a combination of DNP3 SAV5 based Kalkitech SYNC Protocol Gateways and an RBAC Application Server to enforce Microgrid Asset segmentation.

Solution Components:

Application Segmentation for Network Access to shared DER/Microgrid Asset resources was created so that a DER resource within the same Microgrid was allowed to be read and controlled by its own DER Controllers but access to outside Controllers would be limited by real-time operational rules.

This Application Segmentation was achieved by DNP3 SAv5 Protocol Gateway Devices with Roles Based Access Control (RBAC) to create Operational Network boundaries for sharing or denying access to Microgrid controllers outside its segmental zone.

Each Segment zone had at least one Kalkitech SYNC2000 gateway (licensed with DNP SAv5 and Role-based access controls application client) and communications between two different security zones were routed through the respective security gateways with agreed access controls.

An Administrative Access Controller Server, owned by the designated corporatized owner was singled out to be the Main Role Base Access Controller for all the SYNC RBAC Gateways. This system would set Roles as defined by the Workflow Policy agreed by all Microgrid assets Owners.

Operations on SYNC2000 Gateway were invoked based on permissions. The permission to read or write can be revoked or allowed by the centralized Administrative Access Controller in real-time 

Irrespective of the protocols supported by the downstream Microgrid asset controllers, the interfacing SYNC2000 at the operational boundary of each Microgrid segment talked to each other on the DNP SAv5 protocol.  

Micro-Grid Controllers of anyone Grid can now issue a read/control command to one or more Microgrid resources within another zone (as per Resource Operational levels assigned real-time) through the SYNC2000 Gateways at the boundary of each security zone

.

Key Benefits:

• The customer was able to achieve application Segmentation to enforce Microgrid Autonomy in real-time
• The customer was able to roll out the Kalkitech RBAC based Application segmentation even on Microgrids which had been deployed on the ground
• The Application was non-invasive. There was no reconfiguration needed for existing Microgrid controllers in the Networks 
• Deployed Kalkitech Solution is scalable and can accommodate additional MicroGrids added to the main grid.

Webinar Link: Webinar on the complete Solution