FIELD OF THE INVENTION
This disclosure generally relates to network communications, and more particularly, to systems and methods associated with a communications network of a power generation entity.
BACKGROUND OF THE INVENTION
A power generation entity typically includes at least one power plant that is located at a first location and can also include various operational entities such as offices and control centers that are used to operate the power plant and provide services to customers. Electric power is generated at the power plant by using at least one power generation unit. The power generation unit can include a compressor that provides pressurized air to a combustor where the pressurized air is mixed with fuel and ignited for producing hot combustion gases. The hot combustion gases flow downstream from the combustor and into a turbine where energy is extracted from the hot combustion gases in order to rotate rotor blades that are attached to a shaft. The rotation of the shaft can be used to generate electricity in an electric generator and the generated electricity coupled into an electric grid for distribution to customers. The power generation unit is typically controlled by using a power plant controller that provides certain control signals to the power generation unit based on input provided by various operators, some located in the power plant and others operating from a distance, for example, from a control center located elsewhere. The interaction between the various operators and the power plant controller can be carried out by using a communications network. In some setups, a portion of the communications network is located inside the power plant and can be linked to an external network, such as the Internet, so as to allow people such as administrators and technicians to communicate with personnel inside the power plant and to also interact with computers located inside the power plant. In certain instances, unwanted intrusions from malicious entities, such as from computer hackers and

spammers, can target communications internal to the power plant, as well as communications with computers and people outside the power plant.
BRIEF DESCRIPTION OF THE INVENTION
Embodiments of the disclosure are directed generally to a communications network that provides secure authenticated, authorized and encrypted communication between two or more computers used in a power generation entity. The computers can be located in various locations of the power generation entity including near the equipment being controlled.
According to one exemplary embodiment of the disclosure, a system can include a server computer that hosts a hypervisor. The hypervisor can be configured to execute a virtual machine that authenticates at least one of a first request from a first computer for obtaining access to a first application running on a second computer, or a second request from the second computer for obtaining access to a second application running on the first computer. At least one of the first application or the second application is associated with operating a power generation unit. According to another exemplary embodiment of the disclosure, a method can include providing a server computer comprising a hypervisor configured to host a virtual machine; using the virtual machine to communicate with a first computer via a firewall provided in a third computer, the first computer located in a first facility, the first computer comprising a first application for controlling one or more operations of a power generation unit located in the first facility; using the virtual machine to communicate with a second computer via the firewall provided in the third computer, the second computer located in a second facility that is communicatively coupled to the first facility via the firewall provided in the third computer; and using the second computer to one of independently control the one or more operations of the power generation unit, or cooperate with the first computer to control the one or more operations of the power generation unit. According to yet another exemplary embodiment of the disclosure, a method can

include defining a first operational zone of a power generation system network, the first operational zone comprising a power generation unit and a first computer communicatively coupled to the power generation unit for controlling one or more operations of the power generation unit, the first operational zone further comprising a server computer hosting a hypervisor, the hypervisor configured to execute a virtual machine that authenticates a first request from a second computer for obtaining access to a first application running on the first computer, the first application associated with operating the power generation unit. The method can further include defining a second operational zone of the power generation system network, the second operational zone comprising the second computer, the second computer communicatively coupled to the server computer via a firewall provided in a third computer.
Other embodiments and aspects of the disclosure will become apparent from the following description taken in conjunction with the following drawings.
BRIEF DESCRIPTION OF THE DRAWINGS OF THE INVENTION
Having thus described the disclosure in general terms, reference will now be made to
the accompanying drawings, which are not necessarily drawn to scale, and wherein:
FIG. 1 illustrates an example system that includes a communications network
configured to provide secure communications between various computers of a power
generation utility in accordance with an exemplary embodiment of the disclosure.
FIG. 2 illustrates the example system of FIG. 1 partitioned into several operational
zones in accordance with an exemplary embodiment of the disclosure.
FIG. 3 illustrates some exemplary elements that can be included in various computers
for providing secure communications in the example system shown in FIG. 1.
FIG. 4 illustrates an exemplary computer located at a remote facility that can be used
to securely control a power generation unit located in a power plant in accordance
with an exemplary embodiment of the disclosure.
FIG. 5 illustrates an exemplary wireless intelligent detection system that can be

included in the system shown in FIG.l, in accordance with an exemplary embodiment of the disclosure.
FIG. 6 illustrates an exemplary system where a server is located inside a power plant, the server configured to provide security for network communications in accordance with an exemplary embodiment of the disclosure.
The disclosure will be described more fully hereinafter with reference to the drawings, in which exemplary embodiments of the disclosure are shown. This disclosure may, however, be embodied in many different forms and should not be construed as limited to the exemplary embodiments set forth herein; rather, these embodiments are provided so that this disclosure will satisfy applicable legal requirements. Like numbers refer to like elements throughout. It should be understood that certain words and terms are used herein solely for convenience and such words and terms should be interpreted as referring to various objects and actions that are generally understood in various forms and equivalencies by persons of ordinary skill in the art. Furthermore, the word "example" as used herein is intended to be non-exclusionary and non-limiting in nature. More particularly, the word "exemplary" as used herein indicates one among several examples, and it should be understood that no undue emphasis or preference is being directed to the particular example being described.
DETAILED DESCRIPTION
In terms of a general overview, certain embodiments described in this disclosure pertain to an exemplary communications network of a power generation entity. The communications network allows various computers to communicate with each other across partitions configured to provide security via various safeguards. In one example embodiment, the various safeguards can include a server computer that operates as an intermediary element to authenticate and/or regulate communications between two or more computers located in a power plant and other computers located elsewhere. When operating as an intermediary element, the server computer can use

a hypervisor that is configured to execute a virtual machine. The virtual machine can be used to perform various functions such as allowing a first computer to access an application running on a second computer after the virtual machine has verified the authenticity of an access request originated by the first computer and granted by the second computer.
Attention is now drawn to FIG. 1, which illustrates an exemplary system 100 that includes a communications network configured to provide secure communications between various computers of a power generation entity in accordance with an exemplary embodiment of the disclosure. The power generation entity can house a power plant 105 in a first facility such as an industrial complex, and a remote computer 175 in an external facility such as a call center having engineers that provide technical expertise. The power plant 105 can include a power generation unit 140 that can be controlled by a power plant controller 145, which is communicatively coupled to a server computer 160. The power plant 105 can further include a gateway computer 150 configured to operate as a jump host, and a wireless access point 125 that can be communicatively coupled to a local area network 135 via a wired connection. The wireless access point 125 provides wireless connectivity to a number of wireless devices/operators. For example, an operator 110 can use a portable computer 111 to communicate control signals to the power plant controller 145. The portable computer 111 can be for example, a laptop, a tablet computer, or a smartphone configured to allow the operator to communicate the control signals to the power plant controller 145 via the wireless access point 125, and the local area network 135, using a two-step connection procedure executed via the gateway computer 150. Another operator 115 can similarly use a portable computer 116 to communicate control signals to the power plant controller 145 when in the vicinity of the access point 125 and an operator 120 can similarly use a portable computer 121 to communicate control signals to the power plant controller 145 when in the vicinity of the access point 125. Each of the various operators can move around the power plant 105 and use any of the various wireless access points depending on where they are

located at any given instant in time. The wireless LAN controller 130 operates as a controller for the various wireless operations carried out in the power plant 105 via various wireless devices.
The gateway computer 150 can be securely coupled to the local area network 135, via the computer 165 that provides gateway functionality as well as security functionalities for the various devices such as the portable computer 111, the portable computer 116, and the portable computer 121. The firewall 166 can be a zone based firewall. The computer 165 can also provide connectivity between the gateway computer 150 and various other computers and Internet enabled devices located outside the power plant 105. For example, the computer 165 can allow a remote computer 175 to communicate with the gateway computer 150 for various purposes in accordance with some embodiments of the disclosure. The remote computer 175, which can be located in a remote facility 170 outside the power plant 105, can be operated by a remote operator 180 in order to communicate control signals to the power plant controller 145 for carrying out various operations upon the power generation unit 140 and/or for other purposes such as for conveying information to one or more of the operator 110, the operator 115, and the operator 120 via the respective portable computers carried by the operators. However, remote computer 175 is only allowed to connect with the gateway computer 150. The gateway computer 150 processes a connection request from the remote computer 175 through the firewall 166 and uses the jump host functionality when connecting the remote computer 175 to the wireless access point 125 and/or when connecting the remote computer 175 to a database (not shown) containing data pertaining to the power generation unit 140.
The server 160 can also be configured to access the local area network 135 only when allowed to do so by the firewall 166 in the gateway computer 165. More particularly, the server 160 can include a hypervisor 161 that is configured to execute a virtual machine in accordance with various exemplary embodiments of the disclosure. The virtual machine which can be implemented using a combination of hardware and

software can operate as a security management system 162. As a part of this operation, the security management system 162 can first ensure for example, that the remote computer 175 has received an access request from the portable computer 111 and that the remote computer 175 has granted permission to the portable computer 111 for accessing the application running on the remote computer 175. After ensuring that the permission has been granted, the hypervisor 161 can operate as an intermediary element to facilitate information exchange between the remote computer 175 and the portable computer 111. Facilitating the information exchange can include monitoring various types of traffic flowing between the remote computer 175 and the portable computer 111 and providing various layers of security. The various layers of security can be used to ensure that the portable computer 111 operates in accordance with the granted permissions and one or more limitations that may be indicated in the permissions.
For example, when the granted permission is a read-only permission, the hypervisor 161 can ensure that any write operations carried out by the portable computer 111 are prevented from affecting the power plant controller 145. However, in the case of a two-step read-write permission being granted, the hypervisor 161 can allow the portable computer 111 to carry out read operations as well as write operations upon the power plant controller 145. The two-step read-write permission can include a privilege level associated with role-based authentication of user 110 on portable computer 111 and can also include software-enabled logic control that is executed by a different already authorized user. Operator 110 can be allowed to access resources/applications hosted on remote computer 175. For making this connection operator 110 upon successful authentication with gateway computer 150, through firewall 166 is allowed to connect to remote computer 175. Only predefined communication protocols are allowed to communicate through the firewall 166. A few examples of applications that can be running on the remote computer 175 and pertinent to the access desired by the portable computer 111 (and/or other portable computers in the power plant 105) can include data collection applications that collect

operational data of the power generation unit 140 and/or the power plant controller 145; applications pertaining to various databases including historical databases related to the power plant 105 and/or other power plants; technical applications that provide technical information pertaining to the power generation unit 140 and/or the power plant controller 145; and so on. These various applications running on the remote computer 175 can be useful to the various operators in carrying out their duties in the power plant 105.
While the description above pertains to the portable computer 111 (and the other portable computers in the power plant 105) seeking access to applications running on the remote computer 175, the gateway computer 165 can also be configured to provide services to requests in the opposite direction as well. For example, the remote operator 180 of the remote computer 175 can be a supervisor who is interested in accessing an application running on the portable computer 111 so as to monitor the actions of the operator 110 and/or to assist the operator 110 in performing a job function. The application can be for example, a start-up procedure for starting the power generation unit 140 (or for commissioning the power generation unit 140) and the operator 110 may be a rookie employee who is unfamiliar with the start-up procedure. The remote operator 180 requests the operator 110 to grant access to the application running on the portable computer 111 so as to assist the operator 110. The operator 110 can grant permission to the remote operator 180 to do so. The gateway computer 165 ensures that the operator 110 has granted permission to the access request before permitting the remote computer 175 to obtain access to the application running on the portable computer 111, which in this example, is the start¬up procedure.
FIG. 2 illustrates system 100 partitioned into several operational zones in accordance with an exemplary embodiment of the disclosure. More particularly, in this exemplary embodiment, system 100 is partitioned into a first operational zone that can be referred to as a wireless access zone 205, a second operational zone that can be referred to as a remote plant operation zone 210, and a third operational zone that can

be referred to as a control zone 215. It should be understood that the names of these operational zones are merely labels and these operational zones (as well as any other operational zones that may be defined) can be relabeled as desired on the basis of various preferences. The zones can be defined in accordance with IEC 62443 standard so that a clear communication path can be established between devices that are a part of different zones and the communication can be monitored and controlled by the gateway computer 165.
The wireless access zone 205 can include various wireless devices such as the portable computer 111 used by the operator 110, the portable computer 116 used by the operator 115, and the portable computer 121 used by the operator 120. The remote facility 170 can include the remote computer 175. In some example implementations, the remote computer 175 can include one or more databases and/or can be coupled to other devices having databases. The databases can contain data pertaining to various security features, such as passwords, encryption, decryption, codes, operating procedures, etc.
The various operational zones, individually and cooperatively, provide a secure communications arrangement between various computers of the communications network of the power generation entity. It should be understood in accordance with various embodiments of the disclosure, that the communications network of the power generation entity can include the local area network 135, the firewall 166 in the gateway computer 165, and one or more other networks (such as a local area network at the remote facility 170). The communications network can support various types of communications such as voice communications, video communication, data communications, and signal connections between the various computers. The communications network can also incorporate various types of communication formats. For example, the gateway computer 150 can communicate with the server 160 using secure protocol such as OPC unified architecture (OPC UA). The various wireless devices can communicate with the gateway computer 150 using a secure mobile application. This mobile application could be using a

proprietary protocol that runs on Android, IOS and/or Windows operating systems. The system 100 can also include various host-based firewalls in addition to the firewall 166, such as a first firewall incorporated into the server 160, and a second firewall incorporated into the remote computer 175.
FIG. 3 illustrates some exemplary elements that can be included in one or more computers for providing security in the communication network of the power generation entity. In one exemplary implementation, each of various portable computers in the power plant 105 can be provided with a human machine interface (HMI). For example, the portable computer 111 operated by the operator 110 can include a human machine interface 113 that allows the operator 110 to enter commands via a graphical user interface. The graphical user interface can be installed on the various computers in the power plant 105 (particularly in wireless computers located in the wireless access zone 205 shown in FIG. 2) and elsewhere, by providing a template that can be used to populate various fields in the graphical user interface. The various fields can include fields pertaining to security procedures (login field, password field, etc.) and can also include certain fields that are offered only to certain personnel. For example, supervisory personnel can be offered a graphical user interface that includes fields for performing certain operations that are denied to the operator 110 (such as overriding an action performed by the operator 110).
Various computers located in operational zones other than the wireless access zone 205 can be provided with replicated versions of one or more human machine interfaces that are installed on various portable computers in the power plant 105. For example, the remote computer 175 can include a human machine interface 171 that dynamically replicates the human machine interface 113 used by the operator 110 thus allowing the remote operator 180 to observe various operations carried out by the operator 110. In an exemplary embodiment, the human machine interface 171 can be synchronized to the human machine interface 113 and can be dynamically updated in one of a real-time mode or a near real-time mode. This arrangement

allows the operator 110 and/or the remote operator 180 to carry out various operations such as transmitting command signals to the power plant controller 145; exchanging information/data between the various computers; carrying out troubleshooting procedures by obtaining a snapshot of one or more elements in the power generation unit 140 and/or the power plant controller 145; and carrying out troubleshooting procedures by obtaining a live video stream when the power generation unit 140 and/or the power plant controller 145 is in operation. In some exemplary embodiments, the gateway computer 150 and the security management system 162 hosted on the server computer 160 can be configured to work in conjunction with each other, for example to provide two-factor authentication, to access, monitor, authenticate, and/or control the various communications that are carried out between the human machine interface 113 in the portable computer 111 and the human machine interface 171 in the remote computer 175. FIG. 4 illustrates the remote computer 175 configured to securely control the power generation unit 140 located in the power plant 105 in accordance with an exemplary embodiment of the disclosure. In one exemplary implementation, the hypervisor 161 monitors and grants an access request sent by the remote computer 175 to the gateway computer 150. Direct access from remote computer 175 to plant controller 145 is not allowed and remote computer 175 can only access gateway computer 150. If the security management system 162 running on server computer 160 denies the access request and does not provide authentication of the request, the gateway computer 165 drops further communication requests and locks down any new request from the remote computer 175 for a pre-defined period of time. On the other hand, if the security management system 162 running on server computer 160 grants the access request, the gateway computer 165 accepts data signals and/or control signals from the remote computer 175. The propagation of the access request, access grant/denial, and subsequent signals are indicated by the dashed line 405. FIG. 5 illustrates a wireless intrusion detection system 505 that can be included in the system 100 in accordance with an exemplary embodiment of the disclosure. In this

exemplary embodiment, the wireless intrusion detection system 505 is shown coupled to the local area network 135 inside the power plant 105. The wireless intrusion detection system 505 can be configured to detect any unauthorized device/unauthorized device on the wireless infrastructure. The wireless intrusion detection system 505 can use a built-in machine learning algorithm to predict any anomaly in the wireless network and raise a red flag in the form of an alarm or an event. The alarm and/or event can be integrated with a control system alarm and/or event management system (not shown). In some implementations, the wireless intrusion detection system 505 can be configured to monitor wireless transmissions in the power plant 105, including wireless transmissions of the various portable computers, in order to detect suspicious wireless transmissions that may be directed at harming one or more of the elements in the power plant 105, particularly the power generation unit 140.
FIG. 6 illustrates an exemplary system 600 that can include a server 605 configured to provide secure communications between various computers of the power plant 105 in accordance with another exemplary embodiment of the disclosure. In contrast to the server 160 described above that is coupled to the gateway computer 165, the server 605 in this exemplary embodiment, is coupled to the local area network 135. In addition to providing various functionalities as a server computer, the server 605 can also include a hypervisor 606 that operates in a manner similar to the hypervisor 161 described above. The security controller 610 can be a computer that executes functionalities similar to that described above with respect to the remote computer 175.
Many modifications and other embodiments of the example descriptions set forth herein to which these descriptions pertain will come to mind having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Thus, it will be appreciated the disclosure may be embodied in many forms and should not be limited to the exemplary embodiments described above. Therefore, it is to be understood that the disclosure is not to be limited to the specific embodiments

disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

We claim:
1. A system comprising:
a server computer that hosts a hypervisor, the hypervisor configured to execute a virtual machine that authenticates at least one of a first request from a first computer for obtaining access to a first application running on a second computer, or a second request from the second computer for obtaining access to a second application running on the first computer, wherein at least one of the first application or the second application is associated with operating a power generation unit.
2. The system as claimed in claim 1, wherein the power generation unit is located in a first facility, the first computer is a wireless device for controlling one or more operations of the power generation unit at the first facility, and the second computer is located in a second facility that is communicatively coupled to the first facility via a firewall provided in a third computer.
3. The system as claimed in claim 2, wherein the second application running on the first computer comprises a first human machine interface for controlling at the first facility, one or more operations of the power generation unit.
4. The system as claimed in claim 3, wherein the first application running on the second computer is a replicated version of the second application running on the first computer, the replicated version generated on the second computer by using the virtual machine in the server computer.
5. The system as claimed in claim 4, wherein the second computer is configured for using the replicated version of the second application to control from the second facility, the one or more operations of the power generation unit at the

first facility.
6. The system as claimed in claim 2, further comprising a wireless intelligent detection system configured to detect an unauthorized device when the unauthorized device is coupled to a local area network located in the first facility.
7. A method comprising:
providing a server computer comprising a hypervisor configured to host a virtual machine;
using the virtual machine to communicate with a first computer via a firewall provided in a third computer, the first computer located in a first facility, the first computer comprising a first application for controlling one or more operations of a power generation unit located in the first facility;
using the virtual machine to communicate with a second computer via the firewall provided in the third computer, the second computer located in a second facility that is communicatively coupled to the first facility via the firewall provided in the third computer; and
using the second computer to one of independently control the one or more operations of the power generation unit, or cooperate with the first computer to control the one or more operations of the power generation unit.
8. The method as claimed in claim 7, wherein the first computer includes a human machine interface for executing the first application, and wherein using the second computer to cooperate with the first computer comprises using the virtual machine in the server computer to generate a replicated version of the human machine interface on the second computer.
9. The method as claimed in claim 7, wherein using the second computer to independently control the one or more operations of the power generation unit

comprises using the virtual machine in the server computer to provide communications between the second computer and the first computer.
10. The method as claimed in claim 9, using the virtual machine in the server
computer to provide communications between the second computer and the
first computer comprises:
providing in the server computer, a first interface configured for supporting communications between the first computer and the virtual machine in a first communication format; and
providing in the server computer, a second interface configured for supporting communications between the second computer and the virtual machine in a second communication format.
11. The method as claimed in claim 10, wherein the first communication format is a mobile app format and the second communication format is an OPC UA communication format.
12. The method as claimed in claim 9, further comprising:
using the second computer to provide an authentication of the first computer;
using the virtual machine on the server computer to verify the authentication of the first computer by the second computer; and
using the virtual machine on the server computer to allow the first computer to access the second computer based on one or more permissions granted by the second computer to the first computer.
13. A method comprising:
defining a first operational zone of a power generation system network, the first operational zone comprising a power generation unit and a first computer communicatively coupled to the power generation unit for

controlling one or more operations of the power generation unit, the first operational zone further comprising a server computer hosting a hypervisor, the hypervisor configured to execute a virtual machine that authenticates a first request from a second computer for obtaining access to a first application running on the first computer, the first application associated with operating the power generation unit; and
defining a second operational zone of the power generation system network, the second operational zone comprising the second computer, the second computer communicatively coupled to the server computer via a firewall provided in a third computer.
14. The method as claimed in claim 13, wherein the first operational zone is defined as a control zone and the second operational zone is defined as a remote plant operation zone.
15. The method as claimed in claim 14, wherein the first computer is configured to grant one or more permissions to a fourth computer for accessing one or more components in the control zone, and the virtual machine in the server computer allows the fourth computer to access the first computer based on the one or more permissions granted by the first computer to the fourth computer.
16. The method o as claimed in claim 15, wherein the one or more components in the control zone include a fifth computer containing a database containing data associated with operating the power generation unit.
17. The method as claimed in claim 15, wherein the one or more permissions comprises one of a read-only access or a read-write access.
18. The method as claimed in claim 15, wherein the virtual machine in the server computer monitors data transmission between the first computer and the second computer, and denies the fourth computer, access to one or more

applications in the first computer that are not included in the one or more permissions granted by the first computer to the fourth computer.
19. The method as claimed in claim 15, wherein the virtual machine in the server computer allows the fourth computer to access the first computer subject to one or more limitations indicated in the one or more permissions granted by the first computer to the fourth computer.
20. The method o as claimed in claim 15, further comprising:
providing a first firewall between the first computer and the server computer; and
providing a second firewall between the server computer and the second computer.