1. Company & SCADA Project Overview
Background
Pacific Coast Energy Company (PCEC) acquired a dozen mature oil leases, each connected through a distributed SCADA system. The system relied on a centralized Ignition Gateway that collected data from multiple PLCs deployed across remote field sites and connected via cellular radios. Operators could securely log in from the field or office to monitor conditions, adjust set points, and respond to alarms.
Although minimal in scope, the SCADA system was critical for maintaining operational visibility across geographically dispersed assets,keeping operating costs low, and ensuring projects remained on schedule.
At the time of acquisition, the Ignition Gateway supporting the SCADA system was hosted in Avadine’s Azure environment. Secure connectivity between the cloud-hosted gateway and field PLCs was provided through a managed VPN service.
Project Motivation
The SCADA system depended on a managed VPN platform for secure remote connectivity. When that VPN service was scheduled for retirement, PCEC faced the risk of increased operating costs, potential disruption to SCADA visibility, and reduced long-term viability of the system.
PCEC required a solution that could preserve secure access to field assets, minimize downtime during transition, and simplify long-term operations without introducing complex network engineering requirements.
2. Problem Definition
Key Challenges
Retirement of the existing VPN service threatened secure SCADA connectivity
Risk of downtime for remote monitoring, alarming, and control
Rising operating costs if remaining on the legacy VPN platform
Limited internal IT and network resources for a large-scale redesign
Interim Workarounds
Operators continued using the existing VPN platform while alternatives were evaluated. This approach carried increasing risk and was not sustainable long-term.
3. Decision-Making & Solution Selection
Selection Criteria
|
Priority |
Requirement |
|
Reliable transition |
Cut-over with minimal downtime |
|
Secure communications |
Encrypted isolation of SCADA traffic |
|
Cost-effective |
Avoid rising subscription costs |
|
Scalable |
Support for multiple sites and future expansion |
|
Easy deployment |
Minimal IT and network engineering overhead |
Process
Avadine evaluated multiple replacement options and presented recommendations to PCEC. After review, PCEC selected Tosi for its affordability, simple deployment model, and ability to support both secure field connectivity and hosted SCADA infrastructure.
4. Implementation Process
Ignition Gateway Hosting Migration
Prior to deploying secure connectivity in the field, the Ignition Gateway was migrated from Avadine’s Azure environment to Tosi’s hosting environment.
Tosi’s engineering team provisioned a new application server and restored a backup of the existing Ignition Gateway, preserving all configurations, data, and functionality. The migration required no rebuilding or reconfiguration of the Ignition application and was completed seamlessly in less than one day.
When Avadine logged into the Tosi environment for the first time, the Ignition Gateway and supporting infrastructure were already configured and operational.
Execution Strategy
Challenges & Solutions
|
Challenge |
Solution |
|
Retiring VPN service created risk of disruption |
Tosi Gateways provided immediate secure replacement |
|
Migrating the SCADA server under time constraints |
Tosi restored the Ignition Gateway from backup |
|
Multi-site coordination |
Standardized deployment across panels |
|
Limited time for cut-over |
Entire transition completed in less than a day |
5. Technical Architecture & Components
|
Layer |
Component |
Purpose |
|
Edge |
Tosi Gateways |
Establish encrypted VPN tunnels from field PLCs |
|
Data |
Cellular radios |
Maintain existing communications path |
|
Core |
Tosi Hosting Environment |
Hosts the Ignition Gateway migrated from Azure |
|
UI |
Ignition Vision |
Operator dashboards, alarming, monitoring |
|
Security |
Tosi encrypted isolation |
Ensures SCADA traffic remains encrypted and isolated |
6. Results & Impact (First 6 Months)
|
Metric |
Before (Legacy VPN) |
After (Tosi) |
|
Cut-over downtime |
Risk of weeks |
< 1 day |
|
Ignition Gateway migration |
Not applicable |
Completed in < 1 day |
|
Gateway uptime |
Limited by VPN reliability |
Improved stability |
|
Maintenance costs |
Rising |
Reduced |
|
SCADA traffic security |
Dependent on subscription VPN |
Encrypted isolation |
7. Customer & Stakeholder Feedback
“Data disruption during cut-over was measured in hours rather than weeks. The Ignition server migration was seamless, and when we logged into the Tosi environment everything was already configured. We simply continued onboarding sites.”
— PCEC Operations Team
8. Future Prospects
9. Lessons Learned & Recommendations
10. Operational & Business Metrics Impact
Conclusion
By migrating the Ignition Gateway to Tosi’s hosting environment and replacing the retiring VPN service with Tosi secure connectivity, Avadine and PCEC executed a fast, low-risk modernization of their SCADA infrastructure. What could have been a disruptive redesign was completed in less than a day, resulting in strengthening reliability, security, and long-term scalability.