Professional Documents
Culture Documents
General Document
Rev. 1 / 2020-12-15
Status: Released
Language: EN - English
Classification
(Confidentiality): Nordex Internal Purpose
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
This document, including any presentation of its contents in whole or in parts, is the
intellectual property of Nordex Energy GmbH. The information contained in this document is
intended exclusively for Nordex employees and employees of trusted partners and
subcontractors of Nordex Energy GmbH, Nordex SE and their affiliated companies as defined in
Section 15ff. of the German Stock Corporation Act (AktG) and must never (not even in
extracts) be disclosed to third parties.
Any disclosure, duplication, translation or other use of this document or parts thereof,
regardless if in printed, handwritten, electronic or other form, without the explicit approval of
Nordex Energy GmbH is prohibited.
22419 Hamburg
Germany
info@nordex-online.com
http://www.nordex-online.com
2/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
Validity
Product series / turbine type Product
Delta4000 All incl. N155
Delta All
Gamma All
3/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
Table of contents
1 General 6
1.1 Purpose 6
1.2 Application 6
1.3 Abbreviations 6
1.4 Referenced documents 8
2 Internet connection 9
2.1 Remote connectivity 9
2.2 Internet access 9
2.3 Broadband connection 10
2.4 VPN and Site2Site 11
2.5 Port forwarding 13
2.5.1 Required ports for wind farm network 13
2.5.2 Additional ports 14
2.5.3 Source IP addresses 15
2.6 Supply limits 15
3 Access types 16
3.1 WAN / internet 17
3.2 Customer VLAN 17
3.3 Customer firewall 18
3.4 GIF 18
3.5 TIF 18
4 Fiber optic network 19
4.1 Fiber structure 19
4.2 Single-mode outdoor cable 20
4.3 Patch panel in wind turbine 21
4.4 Patch panel in ECC 22
4.5 Fiber optic park layout 23
4.6 Supply limits 24
4.7 Customer documentation 25
4/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
List of figures
Figure 1: Internet access 10
Figure 2: VPN connection to the site 11
Figure 3: Ethernet ports available in ECC 16
Figure 4: Diagram fiber E9/125 19
Figure 5: Patch panel in wind turbine 21
Figure 6: Patch panel in the ECC 22
Figure 7: Theory of a ring topology 23
Figure 8: Examples of fiber optic networks 24
List of tables
Table 1: Ports used for standard VPN connection 13
Table 2: Additional ports used 14
Table 3: Source IP addresses 15
Table 4: Optical values 20
Table 5: Geometrical values 20
5/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
1 General
The present document describes the setup and technical requirements for remote connectivity
to a wind farm, as well as internal park communication using Nordex OS.
The secure data transmission of a wind farm as well as the remote access require a reliable
and secure way to communicate. This is done via a broadband connection, which must be
capable of multi-user access. The remote connection is used by several users and used
permanently by the Nordex Control Center. It is also used for software updates. Therefore the
performance of SCADA and the connected services depends on bandwidth, which should not be
limited, but as high as possible.
In order to prevent unauthorized access to the wind farm and in order to ensure wind turbine
safety, its network has to be disconnected from host networks via firewall systems.
Additionally, access to the wind farm is only permitted for authorized users:
• Nordex users
• Customers
1.1 Purpose
This document contains formal information regarding wind farm communication as well as
requirements the customer has to fulfill before commissioning the wind turbines.
1.2 Application
This document addresses internal and external sales personnel of Nordex, as well as customers
or suppliers and service providers on behalf of the customer.
1.3 Abbreviations
Abbreviation Designation Description
6/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
Combined windfarm
CWE management and Power plant controller for Nordex wind parks
electrical system
Internet service
ISP Company who provide Internet access
provider
RTU Remote terminal unit Utility device for sending and receiving values
Subscriber identity
A card placed in mobile devices allowing the device
SIM Card module for mobile
to connect to an ISP access point
connections
7/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
8/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
2 Internet connection
• Public IP address
• Network mask
• DNS server
9/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
Recommended is minimum 6 Mbit/s in both directions and 0.2 Mbit/s per turbine.
Due to the requirements above, the following examples are non-valid technologies:
PSTN, ISDN, GSM, GPRS, UMTS, VSAT/SAT, PLC
Please note:
The internet connection will be shared by different parties using different kinds of services.
Static communication and live data interfaces, like CIF OPC XML DA, are consuming
bandwidth. The bandwidth of the internet connection is the main factor of a high performance
SCADA operation.
10/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
Nordex is using a static VPN connection to connect the wind farm to Nordex data center. Next
to this service technicians can also establish connections to site using OpenVPN client.
Like the Nordex service technicians, the customer also establishes a connection to the site
using OpenVPN client. The OpenVPN client software as well as user access configuration will be
provided by Nordex during SCADA installation.
As an alternative to direct communication to the site, Nordex also provides the service
“Site2Site”. Using “Site2Site” Nordex establishes the communication to the wind farm via the
customer's communication infrastructure, using IPsec Site2Site between Nordex and the
customer. It is the responsibility of the customer to guide incoming communication from
Nordex to the site.
The first line shows the alternative Site2Site solution (available as a separate option). In this
setup, Nordex has a static IPsec VPN Site2Site connection to the customer’s communication
infrastructure (shown in red). Inside this VPN connection, Nordex establishes a VPN tunnel to
11/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
the parks network. From that point on, the communication is identical to the standard
communication, with additional VPN tunnel to each turbine.
This VPN tunnel must be permanently available. After an initial configuration, the
communication between Nordex data center and the Nordex router CRO, which is located
behind the customer firewall of the wind farm, will be tunneled by this VPN. The
communication route through the data centers or VPN connections is transparent for Nordex.
Also, redundant connections should not affect the Nordex communication route.
Access to the wind farm systems, Nordex OS, CIF and SQL OA as well as the data exchange
with the central customer systems, are routed in the wind farm via the firewall.
For a smooth connection, the following criteria must have be met and configured initially
between the operators of the Site2Site router:
• Contact information of the IT service provider on both customer and supplier side
• VPN settings
• Routing settings
After the coordination of these items, the Nordex data center is able to establish a tunnel to
the customer network, which transmits all incoming data packages to the CRO wind farm
router and back to the VPN tunnel.
12/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
Direction in
the wind Description Port Protocol Target address
farm
217.5.230.28 ~
Outgoing SMTP e-mail 25 TCP
mail.nordexcontrol.com
217.5.230.28 ~
Outgoing SMTPS e-mail 465 TCP
mail.nordexcontrol.com
212.116.14.1
Outgoing HTTPS access for Bachmann 443 TCP
212.116.14.2
192.53.103.108
europe.pool.ntp.org
africa.pool.ntp.org
north-
Outgoing NTP time server 123 UDP
america.pool.ntp.org
south-
america.pool.ntp.org
optional customer server
212.116.14.1 ~
Outgoing SSH for Bachmann CMS 22 TCP
cmsdialin1.bachmann.info
13/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
Direction
the in wind Description Port Protocol Target address
farm
194.233.128.238
Outgoing NTP SWAS time server 123 UDP
194.64.233.7
194.163.252.4 ~
a.fwd-ns.de
Outgoing DNS domain name server 53 TCP / UDP
195..180.210.65 ~
b.fwd-ns.de
1490
Both NC communication channel TCP –
0
OPC UA
Both 4840 TCP –
(device to NordexOS)
14/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
Name IP Domain
If optional 4G fallback solution is used, the Nordex scope of delivery also ends with the Nordex
CRO router. The CRO is equipped with a SMA socket. The customer is responsible for the
delivery and the installation as well as for the lightning protection of the antenna. The antenna
must be equipped with a SMA plug after the lightning protection.
The scope of delivery ends with the WAN port of the CRO.
15/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
3 Access types
This chapter describes different data access types or types to access certain SCADA functions.
The EDGE & Control Cabinet (ECC) provides different Ethernet ports, depending on the
different functions or network separation of the Nordex OS SCADA EDGE system. The drawing
is a schematic description of how functions or features are related to Ethernet ports and which
ports require a direct internet connection. The drawing shows the standard setup, which
requires 3 separate connections to the router or firewall of the customer’s internet connection.
Some options may require further connections. For technical layout within the ECC and
connections between the modules, please refer to the ECC wiring plans.
WARNING
Customer VLAN and customer firewall are designed for local access. In order to
reach the services behind these Ethernet ports, the customer must configure
his router or firewall for remote connectivity to these ports in compliance with
cyber security regulations.
Bridges between the networks are not allowed.
16/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
In case the customer uses the Nordex OpenVPN client, the customer also uses this port to
access the web interface of the Nordex OS SCADA system. Additional customer services are
only available at the customer firewall, refer to 3.2.
In addition to incoming connections accessing the web interface of the SCADA system, the
CRO also handles outgoing VPN connections. They are used as an optional possibility to
connect the wind farm to a trader (TIF, Trading Interface), who wants to monitor live data and
control the wind farm according to market requirements.
Remote accessibility must be handled by the customer in compliance with cyber security
regulations. It is not allowed to bridge the customer VLAN with the wind farm network. If data
exchange between the networks is required, project-specific interfaces and communication
through the customer firewall must be agreed on.
17/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
At the customer firewall it is possible to access the web interface of the Nordex OS SCADA
system.
In addition to general SCADA access, it is also possible to access the customer interface (CIF).
Depending on the chosen protocol type, e.g. OPC XML DA, the customer can access live data.
For more information, refer to the CIF documentation.
In addition to general SCADA access and live data access, the customer can also access
historical data through SQL online access. The SQL access supports ODBC, using a PostgreSQL
driver. For more information, refer to the SQL online access documentation.
3.4 GIF
The grid interface (GIF) is the interface between the Nordex power plant control system CWE
and the signals from the utility. The GIF is directly connected to the CWE, without the Nordex
OS SCADA system in between. This ensures park operation independent of the Nordex OS
SCADA server. For more information, refer to GIF documentation.
3.5 TIF
The trader interface (TIF), is the interface between the Nordex power plant control system
CWE and a party also responsible for park operation, next to the utility, based on trading or
market requirements. The TIF is directly connected to the CWE, without the Nordex OS SCADA
system in between. This ensures park operation independent of the Nordex OS SCADA server.
For more information, refer to TIF documentation.
18/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
For any installation or routing work carried out independently by the customer, these specified
values must at least be observed. Nordex cannot guarantee the safe operation of the networks
unless fiber optic installations meet this specification.
• E9/125
• Longitudinal water tightness according to EN 187000 method 605, swelling tape covers
central buffered-fiber cable
• Outer sheath: PE
• Outer diameter: 9.2 mm for 1x12 fibers; 9.7 mm for 1x16 to 1x24 fibers
• Fabric load: 1.75 MJ/m for 1x12 fibers; 1.85 MJ/m for 1x16 to 1x24 fibers
19/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
Optical values
Max. 10 km at 1550 nm
1 Gigabit Ethernet segment length
Max. 60 km at 1550 nm with LH
** layer-stranded
Geometrical values
20/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
12 of the 24 terminals are reserved for the fiber optic input cable (from the preceding node)
and the other 12 terminals for the FO output cable (to the next node). Consequently, the
incoming and outgoing fiber optic cables have to be limited to a maximum of 12 single-mode
fibers type. E9/125 µm.
Figure 5 shows a picture of a patch panel inside a wind turbine with the following
specifications:
21/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
12 of the 48 terminals are reserved for the fiber optic input cable (from the preceding node)
and the other 12 terminals for the FO output cable (to the next node). The incoming and
outgoing fiber optic cables are limited to a maximum of 48 fibers type E9/125 µm, but the ECC
can optionally be extended with further patch panels.
Figure 6 shows a picture of a patch panel inside the ECC with the following specification:
• Dimension: 1 HE (19”)
22/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
When designing the redundant ring topology, the customer has to consider that only a
maximum of 10 network nodes (e.g., 9 WTs plus server) may be connected per ring.
Redundancy in "redundant ring topology", refers merely to the communication (send / receive)
via Gigabit Ethernet TCP/IP.
In theory, the network is established like a ring, meaning that the fiber optic cable starts starts
with the section between the server and the first turbine onf the ring and ends with the section
between the last turbine of the ring and the server. If one of the turbines of the ring goes
offline, the remaining network is still accessible.
Due to the fact that only one cable is connected to the turbines, it is necessary to create the
ring via patching. At each switch there are 2 ports, with 2 fibers each. In total 4 fibers are
used per turbine. For network planning it is necessary that 2 of the 4 fibers are patched
fromthe turbine to the next turbine. The figure below shows 2 examples.
23/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
For additional options, such as Condition Monitoring System (CMS) or shadow flicker module,
no additional requirements have to be considered regarding to communication, as both
systems also communicate via Fast Ethernet TCP/IP.
24/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 /2020-12-15
• Routing diagram showing topology, distances, connections to the grid and cable types
• Functional circuit diagrams of the individual wind turbines with specifications of the
connections in the patch panel
25/26
Classification: Internal Purpose
2000029EN
Wind Farm Communication
Rev. 1 / 2020-12-15
Revision index
Rev. Date Author Reason for modification / chapter AST
26/26