This action might not be possible to undo. Are you sure you want to continue?
De Silvio President, Industrial Telemetry, Inc. For Presentation at ISA Conference in Tulsa, April, 2007 Paper SCADA (Supervisory Control And Data Acquisition) (or DCS – Distributed Control Systems) systems are generally comprised of a central computer which is hard wired to a multitude of I/O and other devices. The SCADA system is the “brains” controlling the processes. SCADA systems, like computer systems in business, are “sized” for processing power and memory, generally based on the number of “tags” or IO points or devices it controls. In addition, there are PLC’s (Programmable Logic Controllers) which can be used in the field to aggregate collections of IO devices. These PLC’s are also programmable, and perform some of the rudimentary functions of a SCADA system, albeit on a scaled down basis. They can also act as a “clearing house” for what data is passed on to the SCADA system, after acting on the data locally. For example, in the case of a PID loop (Proportional-Integral-Derivative) a controller or PID is a standard feedback loop component in industrial control applications. It measures an "output" of a process and controls an "input", with a goal of maintaining the output at a target value, which is called the "setpoint". In the case where the data gathered requires action on the part of a target device not directly connected to the PID controller, the SCADA system is sent the data and it determines the action needed because it is connected to, and provides control functions for, the remote target device. It’s all about input, connectivity, decision making, and output instructions. One final issue in design considerations is “latency”. Latency is the time lag between the instant data is known and the time it can be finally acted upon. For example, if a pressure sensor was connected to a PLC, and the pump which created the pressure in the vessel was connected to the same PLC, latency would be defined as the time the PLC received a pressure reading impulse, interpreted it, decided on an action, sent a command signal to the pump, and the pump received it. The entire cycle of time elapsing between receiving the initial input from the pressure sensor, and sending an output to the pump, is the latency time. There are many factors determining latency, but in this example it would be measured in either nanoseconds or milliseconds at worse. If the pressure sensor was linked to a SCADA system and through it to the pump, the time the signal traveled hundreds or thousands of feet over a wire, got processed through the SCADA system and traveled hundreds or thousands of feet to the target, would define the latency. With improvements in wireless communications and the adaptation to process control and monitoring, there is an evolution and a migration toward acceptance of these devices where they are applicable. The two biggest issues in determining applicability of wireless as a solution are security needs and latency.
Copyright 2007 ISA. All Rights Reserved. www.isa.org Presented at the 53rd International Instrumentation Symposium
29 April – 3 May 2007, Tulsa, Oklahoma
all messages are sent to the base station which may be connected to a SCADA system. The main benefit of MESH is the ability to compensate for physical interference which would kill the other types of radios. and less cost. cost effective doors in process control and monitoring. Each time a message “hops” from one radio to another. and if not. the more milliseconds of latency it takes to complete the cycle. MESH is an acronym for “Multipoint Enhanced Signal Handling”. so MESH radios can be used in a variety of situations. All Rights Reserved. MESH radios also incorporate auto-routing and self-healing functions. with less equipment. MESH radios are transceivers and repeaters in one.isa. Tulsa. A secondary benefit is the ability to “route around” dead radios or interference. Auto routing is accomplished by the radio’s ability to constantly evaluate the RSS (relative signal strength) of the surrounding MESH radios. we achieve greater throughput possibilities. In a V configuration (name derived from the shape of the letter V indicating signal path).org Presented at the 53rd International Instrumentation Symposium 29 April – 3 May 2007. will send the message to the best RSS radio it has in its table. www. and V. where applicable latency is acceptable. one can address information packets directly from one radio to another WITHOUT necessarily going back to a base station for processing. Therefore. In Peer-to Peer. The purpose of the radio’s table is to rank hierarchically the proximal radios based on their ability to communicate with it. a virtually non-existent issue in wired applications. must be examined. it adds latency to the process. the faster the system operates. and dealt with. Conversely the more hops a packet must take to its destination. sometimes “signally challenged” technologies of “point to point” or “point to multipoint” previously mentioned. but wireless adds latency. and decrypted upon landing. and point to multipoint radios are merely transceivers (transmitters and receivers together). evaluated. MESH radios can be further broken down into two categories: Peer-to-Peer. the phenomenon of “lost packets”. MESH radios can do their work without requiring polling of their attached devices. it sends “direct”. it checks its table to see if the target radio is in proximity. In addition. By combining the repeating function with the transceiver function. the more direct messages are possible. while providing dramatic cost and functional efficiency improvements over the more antiquated. or not. and encryption adds even more as the packets must be encrypted prior to flight. transparent to the user. Radios are primarily divided into two distinct categories: point to point (or multipoint) and MESH.Major strides have been made in the security of the packets of information as they fly through the air. the MESH protocol takes care of the routing and signal handling. Each MESH radio has a “routing table”. although it is supported. In either case. Greater message throughput via MESH yields greater reliability and adds flexibility to the overall Copyright 2007 ISA. Oklahoma . The recent move toward wireless communications and particularly MESH radios has opened new. When it needs to send out a message. and are processed out to the destination radio(s). While point to point. If the target is in range.
In fact. each distributed point would have a great excess of capacity just based on processor technology. the number of interrelationships among them. or can be involved in source or target activities using its previously attached devices. The ability to add memory would also add functionality beyond that required to support just the IO. As time goes by. Again.org Presented at the 53rd International Instrumentation Symposium 29 April – 3 May 2007. Oklahoma . In the parallel scenario. and allow seamless integration with the existing system. Copyright 2007 ISA. we achieve a localized decision functionality which is comparable to that of the SCADA. and the processing power and memory required to run the entire system efficiently. when the environment is suitable. Another option would be to simply add the processor and memory to the MESH radio function. one must consider a variety of factors. but the latency and packet delivery reliability are factors to be considered. especially when adding radios. although a higher level of knowledge of programming language is. the base station radio can be fully integrated with the SCADA system. www. a PLC can be added to the mix along with a MESH radio. In this case a PLC is not needed. without being assured of success. as with MODBUS. and distribute it to the I/O points via a processor and memory on a board. Most people do not want to embark on the costly upgrading of a SCADA system. whereby the MESH network is the communication backbone supporting message handling via the addressing scheme it supports.isa. a stand alone system can be developed where all sources and all targets are on the same wireless system. “true” MESH allows for an independent “peer to peer” addressing approach for packets on the MESH network. wireless is considerably more cost effective and flexible than wiring devices. most systems can be migrated seamlessly through the three scenarios over time as end user confidence builds. decisions. Finally. with the radios communicating in either MESH or V configuration protocols. it seems reasonable that one could take the proportional processing power and the proportional memory of the centralized SCADA computer required to support each I/O point. For example. At this point. As we move forward in pushing the technology envelope. or control. That is why MESHenabled systems can be deployed stand alone. the base station computer can be connected to the SCADA system where its attached computer can be polled. When one designs a SCADA system.system which translates to more efficiency and higher profits. and the SCADA system can record a copy of all its activities. Further. not the least of which is the number of IO points or “tags”. Tulsa. and program the processor using standard programming languages like C++. By distributing a processor and memory to the IO point. then. All Rights Reserved. which can then be used for either monitoring. and interface requirements to the radio. etc. in parallel with SCADA systems. albeit on a smaller scale. or can be integrated directly into the legacy SCADA. more and more people will become sophisticated in programming languages to the point where the PLC may actually become obsolete. In summary.
It is the step just before eliminating PLC’s altogether and going with the processor and memory scenario mentioned previously. Break down the resulting source and object files into packets appropriate to the MESH protocol in use. At this point. The last phase of this approach involves the higher level HMI screens. Since the processor is already programmed to handle the packet formation. The processor then stores the currently used source code in its local memory. usually via RS232. memory. we can build a single board capable of supporting a MESH radio. all the same functionality is possible with just the processor. a PLC on a Chip. and supporting the function. The PLC on a Chip is a fully functional PLC and uses standard ladder logic programming. by Divelbiss. the associated processor and memory is used first to receive and store the packets containing the new object code for reflashing the PLCs. ancillary to. and addressing. These screens need to be written in such a way that they support the following functions: 1. All Rights Reserved. Since every PLC vendor allows reflashing. www. the PLC. or an external PLC. the processor sends a message to the base station requesting a copy of the source code used to compile the newly flashed object code. or more recently through an Ethernet connection path. Once the PLC is reflashed. When the processor must reflash itself. and IO connectivity.isa. Since this source code resides outside the PLC. Copyright 2007 ISA. any user from anywhere in the world a secure connection to the base station exists. the processor assembles them into the correct file format for transfer to the PLC.org Presented at the 53rd International Instrumentation Symposium 29 April – 3 May 2007. when combined with appropriate HMI (Human-Machine Interface – or computer screens) software. If we delete the PLC from the board we are left with a MESH radio. There is one additional feature which is valuable in either case. nor does it take PLC cycle time to reply. Oklahoma . then object code. a processor and memory. encryption. allows us to interface the MESH radio and its board directly with external PLC’s from various manufacturers. there needs to be a reboot program allowing this to happen. the chip can be easily integrated with a board of any design. can “ping” the processor through the MESH. Retrieving the PLC ladder logic program needed to create source. In the case of NO PLCs. In the case of either the PLC on a Chip. Tulsa. and outside of. its just a matter of programming the processor to execute the instructions the PLC would. a processor and memory and IO connectivity. Since it is in chip form. This approach. Displaying all important user information in a way meaningful to the user 2. the reflashing is done rather quickly. 3. They have taken a PLC processor and memory and scaled it down to the proportions necessary to support a reasonable number of IO. It involves storing the source code associated with the compiled code in use at any time either with or without the PLCs.A hybrid version of that is the PLC on a Chip. When all the packets are received. with one exception. OR eliminate the PLC’s altogether and just program the processor to do what we want. pinging the processor does not interfere with PLC functions. MESH radio and IO connectivity. either on board or externally. and receive a copy of the then-current source code in use with the object code being executed in the PLC. Once this is done.
Additionally. Address and send packets to the appropriate radio ID which corresponds to the processor and memory associated with the IO involved (with or without a PLC) 6. 5. they can be easily corrected and reflashed. then the PLC or processor programming needs to be checked. If all the maps are correct.4. IO Mapping does two things. 8. the first thing to check is the IO mapping. or integrate it with existing SCADA IO points. Display information from the system. and presents an accurate picture of current programming. Copyright 2007 ISA. Unless there is a radio failure. www. Oklahoma . Send a schedule for reflashing to the appropriate processor. it allows a cross check mechanism in case of problems. that can be corrected and reprogramming may follow. 7.isa. For example. First it allows the user to think through all the inputs and outputs and their requirements and relationships. Second. an I/O Mapping exercise should be performed first.org Presented at the 53rd International Instrumentation Symposium 29 April – 3 May 2007. the SCADA system can also support a segregated wireless system. Finally. Considering the HMI is also part of a SCADA system. data from one or more source IO’s may be sent to one or more targets. in the IO Mapping exercise. any problems will be associated with one or the other of these locations. Since retrieving the source code directly from the processor is easy. All Rights Reserved. If the flaws are in the IO Mapping exercise. inputs can be combined to create even more sophisticated “conditions” for alarms or triggers. if the system does not function as expected. If flaws in the source ladder logic or program are found. Reflash associated PLC’s or reboot the processor if no PLC is in use. Tulsa. the review is timely. Securely encrypt those packets. Since the low level technical approach is to actually map source registers to target registers.