Technical introduction

In this section the basic mode of operation is described, irrespective of the specific configuration.

Secure ADS introduced an additional communication channel for the familiar ADS protocol. This can be used by programs without them having to be adapted for the new communication channel.

From the point of view of security, therefore, it is a transport encryption, but not an end-to-end encryption between the components, because all applications running locally on a device can use this encrypted connection together – exactly as with ADS routes also.

Local realization

Secure ADS is part of the ADS router and is also configured here. The ADS router establishes an encrypted connection to another TwinCAT router and makes it available to the applications. Care must therefore be taken that the ADS devices do not themselves communicate applications in encrypted form, but that this takes place between the routers.

Transparent retrofitting

The realization of Secure ADS inside the TwinCAT router makes the retrofitting of applications possible. None of the ADS applications (client and server) – this also includes applications written by the customer – need to be recompiled.

The ADS applications use ADS routes to identify the communication partner. This ADS route is independent of the transport channel and is described in the TwinCAT router.

If the used route is switched to a Secure ADS connection, the ADS traffic is transported in encrypted form.