ip4Cloud – SEC3PB

Capture PROFIBUS data by eavesdropping and transmit it to Cloud/IT or SCADA services

SEC3PB collects data from Profibus, by listening-in without directly interfering with or disrupting communication, and enables the transmission of obtained data to (a) cloud services, (b) databases and (c) SCADA systems over a wide range of industrial protocols. Connecting SEC3PB to the Profibus network does not require any change in the configuration of bus devices (PLC, bus terminals, etc.) and has no influence on the bus cycle. Feeding data to the bus is already physically prevented.
As a result, data can be extracted from critical processes without any reaction and be forwarded for processing in IoT or IT applications, cloud services, etc. without the risk of production downtime.
SEC3PB is connected to Profibus either electrically, by extending the existing bus with an additional cable segment, or even more simply by an optical link (OLM).
No alterations to the configuration of vital process components like the central PLC, subordinate IO terminals and other bus components are necessary. SEC3PB's setup can be performed simultaneously to the running process without any considerations.

Protocols/communication interfaces (primary)

  • Profibus DPV0 monitor
    • Up to 12MBaud, up to 126 connected devices (recommended <= 32), multi-master capable
    • Processing of cyclic data
    • Configuration from GSD/GSE files
  • Modbus TCP/RTU Master
  • Simatic Fetch/Write RFC1006
  • SNMP Client
  • IEC 60870-5-101 Master*
  • IEC 60870-5-104 Client*
  • IEC 60870-5-103 Master*
  • IEC 61850 Client*
  • DNP 3.0 Master*

Protocols/communication interfaces (secondary)

  • Cloud technologies
    • Microsoft Azure Cloud (MQTT/MSSQL/Cosmos DB)
    • Amazon AWS Cloud (MQTT/MongoDB)
  • Database technologies
    • MSSQL Database
    • MySQL Database
    • MongoDB Database
  • Industrial communication protocols
    • OPC UA Server
    • OPC UA Client*
    • OPC DA XML Server
    • Modbus TCP/RTU Slave
    • IEC 60870-5-101 Slave*
    • IEC 60870-5-104 Server*
    • IEC 60870-5-103 Slave*
    • IEC 61850 Server*
    • DNP 3.0 Slave*
  • Miscellaneous
    • REST Client
    • SMTP Client
    • Local storage of data in CSV files
(* optional license required)

Data processing

  • All data is split into separate information objects (individual signals, measured values, counted values, etc.) and processed accordingly. A quality identifier and - if necessary - a time stamp are associated with each information item.
  • Namespace or data model can be changed as desired.
  • Performance features for data processing such as type conversion, scaling, grouping, etc.
  • Adjustment of bandwidth required on secondary level through update intervals, thresholds, data reduction, etc.
  • up to 3000 data points (6000 variables)
  • up to 600 information changes/sec


  • Central access to all settings and services through the web interface
  • Import of configuration data using Excel tables
  • Comprehensive import and export of configuration data

Network features

  • Assigning multiple IP addresses to a physical Ethernet interface
  • DHCP
  • Bonding
  • PRP
  • VLAN
  • Network management using an integrated SNMP V3 agent
  • SSH/SFTP access
  • SNMP agent
  • Time synchronization by NTP

Cyber Security

  • Secure access to all administrative services (HTTPS, SSH, SFTP)
  • Role-based access protection with login and password
  • User administration for local users
  • Central user administration through Active Directory (LDAP) and/or RADIUS
  • Crypto-Store for certificate management
  • Creation of self-signed certificates and CSRs
  • Import/export of certificates
  • Configuration of VPN tunnels (OpenVPN and IPsec)
  • Firewall
  • Safeguarded state-of-the-art Linux operating system


  • Configuration and maintenance using the web interface
  • Firmware upgrade (application and operating system) through the web interface


  • By default, the usage of one (1) primary protocol and one (1) secondary protocol are included in the license. If additional protocols are used at the same time, an additional license can be purchased separately

Processor / Memory / Mass Storage

ARM Cortex-A8 1 GHz
256 MB DDR3L

Power Supply

12 / 24 / 48 V DC (9 – 60 V DC)
Power consumption
Max. 10 watt (typ. 4 W without USB)
Line cross-section
0.13 – 3.31² mm (AWG 26...12, solid or stranded wire)
Redundant power supply with fault contact


Ethernet interface
2x RJ45 10/100BASE-T
Serial interface

2x RJ45 RS232 / RS422 / RS485
Baud Rate: 300 – 115200 Baud
PROFIBUS interface
1x PROFIBUS interface DB9 female (DPV0, RS485 9600 to 12M Baud, passive)
USB interface
1 x USB 2.0 up to 480 Mbps “high speed”

Diagnostics (Status LEDs)

Power LED
Free configurable LED by software
LED to show different software conditions
Send and receive LED for serial interfaces
Link and activity LED for Ethernet interfaces
Receive LED
Power LED for PROFIBUS interface
Operation LED

Additional Functions and Features

Battery buffered real time clock
Supported by a lithium battery (CR2032)
State relay “FAIL”
Changeover switch controlled by software
Hardware watchdog
Temperature monitoring
Power supply monitoring
Overvoltage protection
The power supply and all interfaces are ESD, surge, and burst protected (see EMC)


Body material
Steel chassis
35 mm DIN-Rail
International Protection
Rotating parts
Dimensions (W x H x D)
65 mm x 106 mm x 122 mm
approx. 0.6 kg

Operating Environment

Operating temperature
-20 °C to 60 °C
Storage temperature
-40 °C to 85 °C
Relative humidity
5% to 95% not condensing

Approval, Standards and Conformity

CE (Industrial)

EN 55032:2015
EN 61000-6-2: 2005


Electromagnetic Compatibility (EMC) – Emission Requirements

EN 55016-2-1:2014
Conducted emission on power supply lines in the frequency range 150 kHz - 30 MHz
EN 55016-2-1:2014
Conducted emission on telecommunication lines in the frequency range 150 kHz - 30 MHz
EN 55016-2-3:2010 + A1:2010 + AC:2013 + A2:2014
Radiated emission in the frequency range 30 MHz - 1 GHz
EN 55016-2-3:2010 + A1:2010 + AC:2013 + A2:2014
Radiated emission in the frequency range 1 GHz – 6 GHz

Electromagnetic Compatibility (EMC) – Immunity Requirements

EN 61000-4-2: 2009

Electrostatic discharge (ESD)
- Contact discharge ± 6 kV
- Air discharge ± 8 kV
EN 61000-4-3: 2006 + A1:2008 + A2:2010

Immunity to RF electromagnetic fields in the frequency range 80 – 2700 MHz,
Test level 10 V/m
EN 61000-4-4: 2012

Immunity to fast transients (Burst)
- DC power port ± 4 kV
- Signal lines ± 2 kV
EN 61000-4-5: 2014

 Immunity to surges on power supply lines (Surge)
- DC power port: line <-> ground ± 2 kV
- DC power port: line <-> line ± 2 kV
EN 61000-4-5: 2014

Immunity to surges on shielded signal lines (Surge)
- Shielded lines ± 2 kV
EN 61000-4-6: 2014

Immunity to conducted interference induced by radio-frequency fields in the frequency range 150 kHz – 80 MHz, Test level 10 V