CAS KRUG-2000

2025: KICS for Linux Nodes and KICS for Networks compatibility

KRUG and Kaspersky Lab have confirmed the compatibility of PAK PTK KRUG-2000 products with Kaspersky Industrial CyberSecurity for Linux Nodes and Kaspersky Industrial CyberSecurity for Networks. Krug announced this on April 22, 2025.

PAK CAS KRUG-2000 is a Russian software and hardware (software and hardware) complex designed to create automated control systems for objects with a continuous or periodic nature of technological processes.

Kaspersky Industrial CyberSecurity for Linux Nodes (KICS for Nodes) software products are specialized software products for protecting end nodes in industrial automation systems.

Kaspersky Industrial CyberSecurity for Networks (KICS for Networks) is an industrial-class specialized product designed for inventory, monitoring, detection of risks and threats to industrial infrastructures. As part of the Kaspersky Industrial CyberSecurity solution, the product provides the ability to detect cybersecurity threats and anomalies in a passive way based on analyzing a copy of network traffic, and (optionally) telemetry data from devices protected by the KICS for Nodes product. The solution provides tools to investigate and manually respond to threats at the level of protected devices and network infrastructure.

NPF KRUG and Kaspersky Lab conducted comprehensive tests compatibility of their products while simultaneously operating as part of a single system. As a result of testing, it was found that the products, taking into account their individual system requirements, are compatible and can be used as part of a single system. The use of these products in a single system will ensure a high level of information security when creating and operating automated process control systems of any complexity and scale.

2021: Integration with InfoWatch ARMA Industrial Firewall

On August 10, 2021, InfoWatch ARMA, which is part of InfoWatch Group of Companies, completed compatibility tests for the next-generation industrial network screen InfoWatch ARMA Industrial Firewall with automated process control systems based on the KRUG-2000 software and hardware complex (CAS KRUG-2000) developed by NPF KRUG. The test confirmed the use of InfoWatch ARMA Industrial Firewall as a means of protecting information - a firewall with an intrusion detection and prevention system for APCS based on KRUG-2000 CAS. Read more here.

2018: Gazprom Neft Compliance Tests

In January 2018, the KRUG-2000 software and hardware complex was tested for compliance with the company's technical requirements Gazprom neft"" for automated facility management systems oil processings at the company's Technopark site "" Avtomatika-Service(g.). Omsk

In the test report, the software and hardware complex KRUG-2000 classified as a base for building reliable APCS: "the confirmed capabilities of redundancy functions, as well as compliance with the functional safety requirements for the level of SIL3, allow using CAS KRUG-2000 as DCS and ESD systems for automation of hazardous production facilities with continuous process management of PJSC Gazprom Neft enterprises."

From 1992 to January 2018 NPF KRUG put into operation more than 700 APCS in various industries. The accumulated experience of implementing automation systems in the oil refining industry made it possible to create a number of typical technical solutions.

2017

Compatibility with Kaspersky Industrial CyberSecurity

On November 20, 2017, NPF Krug announced that Kaspersky Lab's solution for critical infrastructures and industrial environments Kaspersky Industrial CyberSecurity had been tested for compatibility with the KRUG-2000 software and hardware complex (CAS KRUG-2000) and SCADA KRUG-2000 v4.2.

Kaspersky Industrial CyberSecurity is designed specifically to protect complex industrial environments, is highly flexible and customizable to meet your needs. It is based on Kaspersky Lab's long-term expertise in the field of cybersecurity, a deep understanding of the nature of vulnerabilities in information systems and close cooperation with international and Russian regulators in the field of protection requirements.

During the tests, a number of components of Kaspersky Industrial CyberSecurity were checked, including functions for monitoring the launch of applications and connecting devices, protecting against encryption, blocking access to network file resources from invalid nodes, as well as updating antivirus databases and scanning selected areas. According to the test results, the products can be used within a single information system, even taking into account the individual requirements of these solutions for the environment.

KRUG-2000 compatibility with Kaspersky Industrial CyberSecurity confirms the ability to seamlessly ensure the information security of complex production infrastructures. Protecting enterprises from cyber threats is key - any vulnerabilities in process software can lead to huge financial losses, and sometimes serious consequences for society. Tests have shown that the advanced technologies of Kaspersky Lab, created specifically to protect industrial facilities from malicious attacks, can be successfully used together with KRUG-2000, - commented Alexander Proshin, technical director of NPF Krug.

The possibility of integrated use of the software solutions Circle-2000 and Kaspersky Industrial CyberSecurity is confirmed by the corresponding compatibility verification act.

Version 8.1 of the Controller Real-Time System Simulator has been released KRUG-2000

On May 16, 2017, the research and production company KRUG announced the release of version 8.1 of the Real-Time Controller System (RVCC).

IOPC allows to execute arbitrary programs of Users and implements functions of object control, collection, storage and processing of information.

This release improves the reliability of the system, facilitates configuration and extends the scope of controllers under the control of the Real-Time Controller System.

For systems with increased reliability requirements, I/O modules are redundant in one controller. A mixed backup scheme will allow both 100% controller redundancy and 100% processor part redundancy to be used simultaneously.

Automatic mirroring of internal states and user program variables provides a transition when controller statuses change without the need to create additional user program code.

2015: Real-Time Controller System Simulator KRUG-2000

KRUG developed in the summer of 2015 a new version of the KRUG-2000 Controller Real-Time System Simulator.

IOPC simulator is a software package that implements all basic functions of the Real Time System of the KRUG-2000 Controller (IOPC KRUG-2000), with the exception of the functions of polling I/O modules, as well as third-party devices using drivers. The IOPRS simulator fully repeats the algorithms for processing the controller DB variables, allows debugging the User's programs with simulating input/output signals, performing inter-control exchange with other simulators and controllers, transmitting data to SCADA KRUG-2000® via the "internal" exchange protocols "PC-controller" and "TM-channel."

The product is designed to replace the controller during the development and debugging of user software of the automated control system (APCS) in the absence of controller hardware and serves for:

• debugging programs written in the KRUGOL programming language
• checking the correctness of the controller database and correctly setting up the "built-in" algorithms for processing variables
• intercontroller interaction testing
• debugging the relationship between the controllers and the SCADA system
• training of employees of engineering companies
• creation of simulators of control objects.

2014: PTK KRUG-2000

CAS KRUG-2000 - software and hardware complexes - are designed for measuring voltage, current, resistance, time, frequency, temperature, electric energy and power, indicators of electric energy quality.

CAS "KRUG-2000" can be used as part of automated information and measuring and control systems, including as part of automated process control systems (APCS), telemechanics systems, systems for commercial and technical accounting of electricity, systems for monitoring electricity quality indicators in various industries with normal and fire/explosive production conditions.

CAS "KRUG-2000" is a multi-level hierarchical system of a distributed type, consisting in general of upper and lower levels, interconnected by means of cable (wired) digital communication lines based on standard interfaces IRPS, RS-232, RS-485, RS-422, CAN, Ethernet and (or) by means of wireless digital communication channels based on interfaces of radio modem connections, interfaces of cellular communication channels (GSM/GPRS), etc. (see Figure 1).

The lower level is represented by microprocessor devices for collecting and processing information (hereinafter referred to as RTU), as which the following can be used:

• TREI- 5V software control devices;
• measuring Sh932 transducers;
• DECONT information, measuring and control systems;
• multifunctional KR-500 controllers;
• Mercury electric energy meters;
• electric energy meters "SET-4ТМ.ХХ";
• electrical energy quality indicators meters "RESOURCE-UF2";
• digital transducers of measuring type PTs6806;
• communication servers (COM Servers) based on IBM PC compatible industrial computers.

Devices of the upper level of CAS "KRUG-2000" are technical means of collecting and processing information made on the basis of IBM PC compatible computers of industrial or office version under the control of WINDOWS operating systems, combined by a local area network (via Ethernet interface): online and/or archive database servers, local automated workstations (AWS) and AWS - clients, archive center, WEB Control server, communication servers (COM servers), engineering station, etc.

Generalized structural diagram of CAS "KRUG-2000"

In addition, other devices can be used as devices of the upper and lower level of the KRUG-2000 CAS, the type of which is approved and included in the State Register of Measuring Instruments, the measurement and calculation results of which are transmitted to the KRUG-2000 CAS via cable (wire) and wireless digital communication channels.

CAS architecture

The client-server CAS architecture allows you to distribute computing tasks between system subscribers, thereby increasing the reliability and survivability of the complex.

For large APCS consisting of several independent systems, it is possible to create a distributed database. The advantage of this approach is a decrease in the requirements for the computing power of servers, an increase in flexibility in terms of the phased implementation of APCS, its maintainability and fault localization, changes, etc. At the same time, client stations (operator stations) have access to all local databases of the distributed system in real time.

In most low power systems, information exchange between database servers and controllers takes place over one redundant network, and the DB servers themselves are combined with operator stations, i.e. simultaneously perform the functions of displaying, collecting and archiving information.

The distributed structure of the CAS and the extended ranges according to the operating conditions of the controller I/O modules provide the possibility of installing the RTU in close proximity to the heat and power equipment. This approach makes it possible to significantly reduce the costs of cable products and installation work during the implementation of APCS.

Specifications

Information power

Number of input/output signals

• per 1 controller 1 to 2048
• on CAS as a whole up to 64,000

Number of video frames (mnemonic diagrams) is not limited The number of dynamic elements per video frame (window) is limited only by the screen size and PC performance Types of light/sound alarm Number of standard alarm types 9 Number of messages (events):

• on the operating database server, pcs. Up to 21000
• on the archive database server, not limited to

Number of trends:

• on the server of the online database is not limited
• on the archive database server is not limited

Frequency of trend update, ms

• on the online database server from 100
• on the archive database server from 100

"Depth" of trends

• operative is determined by the resources of the personal computer (RAM)
• archived Limited to computer hard drive capacity

Speed

Controller

• Time of discrete signals polling, µsec per 1 channel is not more than 20
• Time of interrogation of analog input signals, ms per 1 channel, not more than 1.5
• Displaying information
  • Time of full frame change, sec from 0.5
  • Cycle of updating of operational information on the monitor, sec from 0.25 to 1.0

• Restart time
  • Total system restart time after power outage, from 30 to 60
  • Controller full restart time after power outage, from 20 to 30

• Transfer of control actions
  • Total delay in information transmission via process protection channels, ms not more than 50

• Total delay of signals in control and interlocking circuits, ms not more than 100
• Delay in transmission of control commands by the operator, ms not more than 200
• Event Logging
  • Duration of registration of the pre-accident and post-accident state protocol, min. 5 to 20

• Period of variables registration in pre-alarm state protocols and trends, sec is determined by controller cycle time
• Minimum time interval for event logging, ms 10

Accuracy

• Limits of permissible basic reduced error of CAS measuring channels for standard electrical signals of current, voltage, resistance 0.05%
• Limits of permissible basic absolute error of temperature measurements using external resistance temperature transducers, the rated static characteristics of which are regulated by GOST 6651-2009 0.50 ºS
• Limits of permissible basic absolute error of temperature measurements using external thermocouples, normalized static conversion characteristics of which are regulated by GOST R 8.585 0,85 ºS
• Limits of permissible basic reduced error of output analog DC control signals 0.1%
• Limits of permissible basic reduced error of input analog signal deviation from specified limits 0.05%

Limits of permissible basic reduced error of input analog signals representation in the form of operational or historical trend, when their values are counted by means of light indicator 0,05% Limits of permissible basic reduced error of value value determination, which is the result of conversion of standard electric signals of sensors by regulated nonlinear dependencies and tables of nonlinearity, including:

• by calibration tables of horizontal cylindrical tanks 0.12%
• by calibration tables of spherical (spherical) tanks 0.15%
• by interval nonlinearity tables regulated by MI 2153-2001 0.9%

Operating conditions

APCS CAS operation conditions in accordance with GOST 15150, CFL design, location category 4.1

• The content of corrosive agents in the atmosphere of the room 30... 60% from the values determined for the atmosphere of type IV
• Sulphur dioxide content 20... 250 mg/m3
• Chloride content 0.3... 30 mg/m3 (group of operating conditions for metals and alloys-1)
• Impact of vibration in the frequency range 10... 25 Hz with amplitude up to 0.1 mm
• Magnetic fields Constant and variable, frequency 50 Hz, intensity up to 400 A/m (except for controllers and computer equipment)
• Operating value of ambient air temperature 10... 35 ºS, limit upper value for SVT - 40 ºS, limit lower value - 3 ºS, possible temperature change with rate 5 ºS/chas
• Relative humidity 50... 80%, upper value - 90%
• Atmospheric pressure 86.6... 106.7 kPa (650... 800 mm Hg), lower limit value 84 kPa (630 mm Hg)
• Dust content in the room Not more than 1.0 mg/m3 with particle size not more than 3 mm

CAS controllers are protected from the influence of:

• electronic interference
• electromagnetic fields, the electrical component of which does not exceed 0.3 V per 1m2
• pulsed interference with amplitude up to 630 V and duration up to 2 μs.

Operating conditions of controllers

• Temperature 0... 60 ºS
• Special version of I/O modules provides a range of
• - 60 ºS...60 ºS
• Relative humidity 30... 85% at 35 ºS
• Atmospheric pressure 84... 107 kPa
• Vibration 30... 500 Hz at acceleration up to 0.5 g

Power supply

1. The primary power supply source of APCS, including information presentation means (signal boards, secondary devices, indication lamps), is a three-phase AC network with a voltage of 380/220 V with a frequency of 50 Hz uninterruptible power supply.

2. Power supply of CAS devices

Power supply of all CAS devices is performed from own power supply sources (modules) receiving energy from the general power grid.

Technical means remain operable:

• when AC and DC voltages change by ±25% for up to 100 ms
• for AC and DC power interruptions of up to 20 ms.

The main principle of power supply organization is distribution of operating current to groups of consumers in such a way that a separate malfunction or repair of the power supply network element does not lead to complete CAS failure. Current supply of CAS devices, which implement the functions of technological protections, is carried out with the highest reliability either from the storage battery or from an AC source with redundancy from the storage battery.

Duplicated CAS devices are powered from a redundant 220 V AC network, as a rule, from different sources.

To power CAS devices, uninterruptible power supply units made using On-line technology are used, having a booster device for connecting to computers and allowing to conduct operational control over the state of the CAS power supply system. These units have built-in batteries and devices for balancing the units.

The uninterruptible power supply system can be made with double or triple redundancy.

The CAS provides for the possibility of powering cabinets with controllers from the 24 V DC network, from the 220 V network of both AC and DC.

Reliability

APCS based on CAS KRUG-2000 refers to durable systems, the components of which are recoverable and serviced. CAS reliability is achieved by high quality of components (equipment of leading foreign and Russian companies), as well as redundancy of the most critical parts of CAS.

The flexibility of the CAS allows you to reserve almost any of its components. CAS provides for "hot" redundancy:

• Operator stations
• Database Servers
• Information networks (network adapters, switches, cables)
• Controllers.

Controllers are provided with:

• 100% redundancy
• Redundancy of processor parts of controllers
• I/O module redundancy
• Individual I/O redundancy
• Data bus redundancy.

Values of reliability indicators of individual subsystems and functions

• Mean time between failures of controllers used in the information subsystem is at least 75,000 hours
• Mean time between failures of controllers used in automatic control and emergency protection subsystems is at least 150,000 hours
• Average recovery time of the controller is not more than 15 - 20 minutes
• The average recovery time of the system as a whole does not exceed 1 hours
• The average service life of the CAS as a whole is at least 10 years
• Service life of individual hardware (monitors, system units of operator stations, etc.) in accordance with operating instructions of these hardware

Openness

One of the characteristics of KRUG-2000 CAS is openness, which means the possibility of simple, convenient, "seamless" communication - compatibility of individual local automation systems of different manufacturers into a single integrated control system. The openness of the CAS makes it possible to exchange information with related and upstream systems, and also minimizes the operational costs of supporting automation systems of various manufacturers (minimizing total cost of ownership). Such capabilities are provided by the following CAS properties.

Informational openness

The CAS allows the user (independent of the Supplier) to receive/transmit to any other system the current (operational) values ​ ​ of parameters with marks of astronomical time, diagnostic data on the functioning of the CAS; historical data in the form of parameter trends; operational database settings, etc. Such capabilities are provided by the support of international standards OPC DA/HDA, COM, DCOM, ODBC, etc., as well as generally accepted exchange protocols ModBus RTU, ModBus TCP, MEK60870-5-101, MEK60870-5-104. There are also options for exchanging with the user's file server and tools for converting data to Excel, Access, XML and ASCII formats.

An API is provided to access the real-time database and archives. In addition, there is an extensive driver library for communication with third-party devices for both the lower and upper levels of the CAS.

Configuration openness This term refers to the ability for the User (independent of the Supplier) to make changes in the application software during its operation, namely: to perform all actions related to changing the controller configuration, system database, graphic project, application (technological) programs, as well as actions related to setting up information exchange with other systems. These tasks were solved in the CAS in accordance with the requirements of the international standard for programming languages ​ ​ of IEC-61131-3 controllers.

In addition, the User can create programs in C++ language (for controller) and high-level languages (for upper-level stations). However, this requires coordination with the CAS Supplier, since it is related to the issue of ensuring guarantees for the CAS and maintaining its temporary and reliable characteristics.

Classification openness

CAS KRUG-2000 supports a single, end-to-end mechanism for classification and coding of objects within the enterprise (for example, AKS and KKS systems).

Network Openness (Protocol Layer)

Information exchange between CAS components and other systems is carried out with the support of international standards at the level of data exchange protocols, including: IP family protocols (TCP/IP, UDP, etc.), NTP, etc.

Network Openness (Physical Layer)

The following standards are KRUG-2000 supported at the physical level in CAS: 1. Ethernet technology is used for information exchange between CAS components and for information interaction with adjacent and upstream systems (ERP, MES, APCS, APSCS, etc.). The physical environment is copper, fiber optic. Design - office or industrial, depending on the operating conditions. 2. Standard RS-485. 3. Fieldbus standards (FieldBus, Profibus, etc.).

Protection of information from unauthorized access

To ensure the protection of information from unauthorized access (NSD), in addition to organizational measures, the following mechanisms are included:

• program key (password) of access to operation at the operator station and engineering station
• Function Group Access Password
• password for access to individual function execution.

Common and system-wide software is supplied in the form of executable modules and excludes the possibility of their retransmission into character format. CAS software is KRUG-2000 protected by a hardware key. The software of archiving tasks (including recording of emergency events and recording of CAS faults) together with organizational and technical measures excludes the possibility of unauthorized erasure and recording of information in the corresponding data archives and arrays stored on disks.

It is possible to maintain a log (form) for recording changes in the data archive, software and information software.

To ensure the protection of information from unauthorized access (NSD), in addition to organizational measures, the following mechanisms are proposed:

• Sensors for monitoring the opening of the cabinet with controllers
• Special controllers with electronic lock installed in cabinets (optional). The controllers are combined into an autonomous network that goes to the workstation of the NSD protection service. Electronic keys (such as touch memory) are individually programmed for each user.

Functions (tasks) performed by CAS

Information functions

• information collection, measurement and monitoring of process parameters
• event logging
• detection, recording and signaling of parameter deviations from established limits
• manual data entry
• generation and issuance of data to operational personnel
• preparation and printing of reporting documents
• archiving the history of parameters on the hard magnetic disk
• calculation tasks
• monitoring and recording of actuation of emergency protection systems (interlocks and protections).

Control functions

• remote control of actuators (gate valves, pumps, fans, etc.)
• automatic regulation
• Software and Logic Management
• process protection and safety interlocks.

Auxiliary functions

• testing and self-diagnostics of CAS components status
• validation of information signals
• check of execution of control actions
• elimination of errors, failures, malfunctions by connection of backup means and (or) interlocks of erroneous signals and impacts
• inform the APCS engineer in case of failure of technical devices with indication of the device, location, time and mode of failure
• recording errors, failures, faults and actions to eliminate them
• setting of prohibition or permission of information passing through measurement and alarm channels
• detailed on-screen assistance to the operator
• time correction.

Controllers

Basic example of CAS implementation using Russian-made TREI- 5B controller.

The controllers are compact multifunctional automatic monitoring and control devices made in the 19 'design standard GOST R IEC 60297-3 or for installation on a standard DIN rail. The computing part of the controllers is made on a PC-compatible platform.

Controllers have a modular structure so that when changing the set and number of modules, it is possible to configure devices of different information and computing power. The controller architecture allows you to create systems with both a centralized and a distributed structure. The range of modules includes intelligent I/O modules with the ability to execute the technological program directly on the module itself, regardless of the central processor part.

Controllers provide:

• input of information from discrete signal sensors
• input of unified analog signals, thermocouple signals and resistance thermometers
• cyclic and targeted polling of sensors
• filtering and smoothing of parameter values; linearization of nonlinearity of sensor characteristics: scaling (reduction to a physical scale) of parameter values; compensation of cold junctions temperature, extraction of square root
• monitoring of disturbance of warning limits, emergency values, setpoints
• control of validity by boundary values, rate of change (or other criteria)
• event recording (timestamp assignment) and its feature generation
• reception of operator commands, emergency protection systems, generation of actuators control commands
• generation of emergency protection commands for process parameters and operator actions
• formation of control actions for the implementation of regulatory laws (P-, I-, PID, etc.)
• control of actuators, monitoring of their condition.

Controllers are characterized by the following features:

• Certified and entered into the State Register of Measuring Instruments.
• They include network devices for inclusion in the local area network. Corresponding space-time characteristics of information exchange between controllers and upper level devices are provided. Communication between the controllers and the upper layer is digital, noise-resistant, protected from failures or destruction of the equipment of the communication system by redundancy.
• All process programming and controller configuration procedures can be performed via the interface channel.
• Static non-volatile RAM and FLASH memory are available for storing operating programs and current information.
• The controller is equipped with hardware and software self-diagnostics. Information about the operation of these means is generated using indicators located in the controller and messages transmitted to the subscriber through the interface channel.
• Controllers provide automatic restart (watchdog) when cyclic programs are stopped, as well as automatic restart (if necessary) after power is restored.
• Failure time is at least 75 thousand hours. When using the 100% controller redundancy scheme, the system has a failure time of 150 thousand hours.

The design reliability of the controller can be increased by:

• individual I/O redundancy in the controller
• I/O module redundancy within a single controller
• redundancy of processor parts of the controller
• duplicated controllers.

Recovery of failed means at the place of their installation is carried out by replacement of standard replacement elements (TEZ), which occurs, as a rule, without power supply disconnection. Replacement of the TEZ, disconnection of part of the hardware for repair or prevention does not lead to disturbances in the functioning of the entire CAS.

Specifications

• Number of discrete and analog I/O channels up to 2048
• Number of I/O modules per ST-BUSM interface up to 255
• Pentium Processor Type, AMD Geode LX PC104 + (400 MHz)
• Non-volatile RAM (SRAM), MB 1
• Flash disk from 32 MB to 2 GB
• Standard interface PC/104-Plus up to 3 modules
• Built-in real-time non-volatile clock There is
• Indication of inputs/outputs for each channel
• Communication channels with external devices RS-232, RS-485, Ethernet, USB
• Constructs 19 'standard GOST R IEC 60297-3,
• mounting on a standard DIN rail
• Board dimensions, mm 3U (100x160)
• 188x128x61
• The possibility of expansion by additional communication channels of various types is
• Operating ambient temperature range, ° С
  • typical
  • optional 0 to 60

• -60 to 60
• Rated 220VAC/DC supply voltage; 24VDC
• AC frequency 50±1 Hz
• Permissible deviations of power supply voltage 95-264 NP; 18-36 DC
• Level and type of explosion protection [Ex ia] IIC
• Degree of protection of the IP20 shell; IP65
• Analog Input Signals
  • unified DC signals: 0- 5/±5/0 -20/4- 20/±20mA (GOST 26.011)
  • unified DC voltage signals: 0-5/0- 10/±5/±10V
  • signals of thermocouples of various calibrations (GOST R 8.585)
  • signals of TCM and pyrolysis oil thermal resistance with nominal value of 50 and 100 Ohm (GOST 6651)

• Analog outputs
  • unified signals 0-20/4-20mA

• DC discrete input signals
  • logical zero from 0 to 6 V
  • logical unit from 18 to 30 V

• 220V discrete output signals
  • There is

• Galvanic isolation
  • each analog and discrete input is isolated from other controller circuits

• withstands sinusoidal voltage with amplitude up to 100 V and pulse voltage with duration up to 50 mx with amplitude up to 1500 V

Communication devices

The CAS KRUG-2000 as controllers with low information power, as well as for collecting information from third-party devices and converting protocols is DevLink-S1000 - a universal, freely programmable industrial controller.

DevLink-S1000 has the following capabilities:

• Polls many different devices (with support for reading archive data)
• Supports I/O module connections
• Allows easy creation of PID control loops (including cascade and multi-link)
• Support for archiving within the controller
• The CAS includes deep integration with the upper level. ON