Professional Documents
Culture Documents
Applied Automation October 2013 PDF
Applied Automation October 2013 PDF
ControlENGINEERING
Engineering
and Control Engineering magazines
PLANT ENGINEERING magazines
C-more around your plant!
®
$
540.00 u.s.
EA7-T6CL-R ( w/serial port )
C-more operator
touch panels offer:
• Clear TFT 65K color displays with
6 to 15-inch screens (6-inch STN models
also available)
• Analog touch screen for maximum flexibility
• Easy-to-use software
Remote Access feature resides in all panels with grayscale 65,538 colors
A9
C OMME NT
The evolving Ethernet
E
thernet has come a long way since the BNC T-connectors; they weren’t allowed with
days of 10BASE5 and 10BASE2. While 10BASE5. Also, the maximum number of
editing the cover story for this issue, I 10BASE2 nodes was limited to 30. And this was
couldn’t help remembering a job I had a multidrop trunk—no determinism meant data
in the early 1980s. I supervised an engineering collision city.
group that maintained the automated test equip- In addition to making10BASE2 and 10BASE5
ment, computers, and network on the plant floor. virtually obsolete, Ethernet over twisted pair
Many of the challenges my group faced simplified cabling and transmission issues.
Jack Smith involved keeping the network up. More than a Routers, switches, and gateways solved the
Edit or dozen printed circuit board (PCB) test stations determinism and collision issues. And data
and as many repair/rework stations shared a transmission speeds: comparing the 10 Mbit/sec
10BASE2 network. Throw in a couple of mini- from back in the day with the 10 Gbit/sec that
computers to manage the PCB pass/fail data- Ethernet IEEE 802.3 can support today makes
base and generate reports for management, me wish we had this technology 30 years ago.
and watch the network go down at least 15 The evolution that has made Ethernet the
times each shift. dominant commercial network for nearly 40
This scenario is simple for the Ethernet years will continue to open doors for industries
of today. For the 10BASE2 we had to use that take advantage of the best that automation
in 1983, not so much. At least we could use has to offer.
S
of host systems
n Can communicate with multiple
ince its invention in 1973, hosts simultaneously
Ethernet has changed n Is instantly familiar to anyone
the world. It will continue with Ethernet experience
to deliver the fastest data n Can use all available Ethernet
throughput, improve the tools and technologies
architectures upon which n Can use quality of service
it is delivered, evolve into varying (QoS) to prioritize network traffic
electromechanical spectrums to meet n Can use simple network man-
the next industry trend, and penetrate agement protocol (SNMP) to
down into the tiniest of microproces- monitor and manage the network
Figure 1: Process instrumentation with
sors. Our world of process and fac- n Has more network topology
tory automation is no exception to the EtherNet/IP connections, such as the options when switches are
ever-reaching technological advance- Coriolis flow meter shown in the photo, is deployed
ments of this network. becoming more common as users realize n Provides better support for wireless
Around 20 years ago, the process the benefits. Courtesy: Endress+Hauser data transmission
automation market had proprietary n Provides better security through the
ways to meet the demands of remote I/O peer-to-peer use of standard Ethernet tools
communications. These approaches were successful and n Offers economies of scale that promise future gains
supportable, but users began to demand that their automa- that are outpacing fieldbus.
tion systems interface and share more data automatically
with their front office systems over Ethernet. This article explores these benefits.
Automation vendors began connecting their control sys-
tems via Ethernet, but there was no workable way to deploy Industrial Ethernet protocols
device control requirements over a non-deterministic net- Within the Ethernet frame, one can place almost any
work infrastructure like Ethernet. As process users started application protocol. There is no one particular protocol
to transition from traditional 4-20 mA analog devices and that serves all the needs of industry. Instead, application
demanded digital device communications, fieldbus networks protocols are like a tool chest, with users picking the ones
emerged to meet the demands that Ethernet couldn’t. that support the demands of their particular automation
Today, Ethernet communication has overcome many of applications to provide the required performance, security,
the disadvantages of previous years and established its and safety.
presence in field device communications. The focus for this article is on EtherNet/IP, the indus-
In factory automation, Ethernet-based networks are trial Ethernet protocol supported by the Open Device
being used to connect robots, variable speed drives, and Vendor Association (ODVA). EtherNet/IP uses the stan-
actuators to automation controllers. In the process control dard Ethernet frame as defined by IEEE 802.3 and uses
world, EtherNet/IP now connects flow meters, pressure ODVA’s and ControlNet International’s Common Industrial
instrumentation, and similar field devices to distributed Protocol (CIP) application protocol library of objects.
control systems, programmable controllers, and hybrid The CIP application library can be deployed upon sever-
programmable automation controllers (see Figure 1). al different physical network architectures. This is a unique
While there is no network panacea, EtherNet/IP has benefit to users because there are no physical application
benefits that some fieldbus architectures cannot deliver. interfaces between the layers. This gives the CIP library
Figure 2: The photo shows part of a process plant making hypoallergenic baby food using instrumentation, controllers, and industrial
managed switches on a single EtherNet/IP network. Courtesy: Endress+Hauser
for even faster propagation of critical able to compete for the data pack- network. Being able to perform these
data inside the network topology. ets to be processed in the switches QoS tasks within the network provides
There will be some applications throughout the network. EtherNet/ the best optimization of the network
where a user may not be able to IP has identifiers in the CIP library to for the automation network data.
completely segregate or constrain allow a switch, configured for QoS, Security is a wide and deep topic
the data to a virtual LAN or local sub- to prioritize these packets over the and is not addressed in this article,
net. The issue now becomes being voice, data, and media packets on the other than to note that EtherNet/IP
is able to leverage all of the com-
mercially available security features
that are delivered in the IT market
today for Ethernet-based networks.
There are several publicly available
documents for securing converged
networks, and the ODVA website has
a publication that discusses securing
Ethernet networks.
Looking ahead
Ethernet has been the dominant
commercial network for the past
40 years, and will continue to be
in the future. As the convergence
of the plant floor to the front office
continues its progress, leveraging
this future in automation devices will
be essential. Process devices will
Fast EtherNet/IP
get more intelligent—the past and
present demonstrate this. A process
connections
device will have a lot of information
to share, and will need ever more
network capacity and capabilities.
EtherNet/IP will meet these needs
by leveraging Ethernet advances,
taking advantage of Ethernet’s huge
economies of scale. More Ethernet
nodes will be connected this—or any
other—month than have been con-
nected in the entire history of field-
bus. This economy of scale and the
tremendous technological advance-
ments that go along with it is what
ascii • modbus • modbus tcp
to
makes EtherNet/IP more capable
than a fieldbus network, now and
or siemens industrial etherne t especially in the future.
By Derek Lee and Ted Phares, by power switchgear, large motors, or other electrically
Yask awa America Inc., D ri ve s a n d M ot i on D i v. noisy equipment. If such noise interferes with the net-
M
work and causes data loss, the designer’s assumptions
are invalid and the system will not behave as designed.
ost modern motion control systems Problems such as control loop instability and tracking
employ Ethernet-based networks to errors can result, as can other operational issues.
transmit data among various electrical To optimize system performance when real-time
and electronic components. The electri- Ethernet networks must be operated in electrically noisy
cal noise immunity of these networks is environments, potential data loss due to noise must be
critical to operation, as are the methods characterized and accounted for in the system design.
employed to deal with interruptions in data transmission One strategy to reduce data loss is to use a network
due to electrical noise and other factors. protocol that incorporates retry, which is a mechanism for
Designers of real-time motion control systems expect automatic retransmission of corrupt or missing data within
Ethernet-based motion networks to transport cyclic com- the same transmission cycle. If retry is built into the net-
mand and feedback data at specified intervals with per- work hardware, no explicit action is required by master or
fect data integrity. The designer’s selection of the motion slave to detect errors or trigger data retransmission.
control system’s gains and trajectories is predicated on This article quantifies the contribution of retry to
this fundamental assumption. improved noise immunity by testing the noise immu-
But in many industrial applications, Ethernet cabling nity performance of two real-time industrial Ethernet
must be located in the presence of electrical noise caused protocols and comparing the results. The two real-time
industrial Ethernet protocols
are MECHATROLINK-III, which
includes retry, and network X,
which does not. Although the
trade name of network X isn’t
specified in this article, its noise
immunity performance is similar
to other Ethernet-based motion
control networks that don’t incor-
porate retry.
Design factors
Factors that influence the noise
immunity of a motion network
include:
n The noise immunity of the
W
A secure viewer replicates the local SCADA run time
screens on a thin client, typically a PC or a less powerful
hen supervisory control and data embedded computing device. When a PC is used, it often
acquisition (SCADA) systems were is used for multiple functions in addition to SCADA remote
first developed and deployed on main- access. When an embedded computing device is used, it
frame and mini computers, access functions as a dedicated remote access terminal.
was limited to local displays and to Many consider this the most secure method for remote
data terminals, which were typically viewing because the thin clients are connected to the
located in close proximity to the main computing platform. server via a secure corporate network, typically with no
Networking was proprietary and limited to connections to Internet connectivity allowed. Thin client screen naviga-
the data terminals, with no concept of open systems or tion and interaction can also be restricted to specific HMI/
remote access. SCADA functions to further safeguard the system. For
Much has changed since those early days, as SCADA example, a particular user could be assigned a password
and automation systems are now usually connected to an commensurate with his or her access requirements, with
extensive and open communications network within a plant more extensive access prohibited.
or facility. With fewer staff tasked with more responsibili- While this solution can’t be accessed over the Internet,
ties, it’s often necessary to extend the SCADA system it is compatible with both wired and wireless networks.
to remote users—either through the plant network or via In addition, it offers encryption capabilities using secure
other means. socket layer (SSL-RC6 Standard) 128-bit encryption tech-
Modern, networked SCADA systems offer many advan- nology to provide a high level of security.
tages over their predecessors, most notably in terms of the As well as being highly secure, this solution is also very
functionality, speed, and low cost of remote access. They easy to deploy, as it simply requires the installation of
are designed to provide easy data collection and control secure viewer software to permit users to interact with the
for remote sites, and extensive options for remote access graphical interface of the SCADA system. Users view the
to perform monitoring and control. Web-based SCADA has screens on the client as if they were in front of the main
taken this paradigm to the next level as it supplies users— terminal, and they can be granted read-only or read/write
regardless of their location—with similar access to what privileges. Advantages of secure viewer thin clients include:
they would have in the control room. n Most closely replicates local viewing experience
Modern SCADA systems provide local control and moni- n Highest speed
toring along with global access, giving workers crucial infor- n Very high security as Internet access can be
mation when and where they need it. They include valuable prohibited
tools, such as configurable alarms, that help personnel n Wired or wireless networking capabilities.
prevent small issues from escalating into major problems. In
addition, these advanced solutions deliver powerful visual- Some SCADA packages allow all of the software, appli-
ization capabilities to help identify the root cause of alarms. cations, and licenses to be stored on the local server. This
SCADA systems also offer impressive trending and report- simplifies implementation by reducing, or even eliminating,
ing capabilities to improve overall operations and maintain the need to install software on the secure viewers. It also
compliance with government regulations. facilitates the deployment of applications that require mul-
There are three main methods for accessing SCADA tiple, simultaneous views across multiple screens.
systems remotely: secure viewer thin clients, Web-based
thin clients, and mobile clients. This article provides an Web-based thin clients
overview of these methods, and also examines the best For remote access far from the control room, the
option for different applications. Internet often provides low-cost networking with accept-
ing the need for excessive scroll- tially spread using infected
ing and long retrieval times. removable drives (USB
Many HMI/SCADA software flash drives), and it then
packages provide a mobile phone used peer-to-peer remote
app for free or for a very nominal procedure calls to infect
charge. As with thin client and other computers inside pri-
mobile browser access, remote vate networks that weren’t
users benefit from full-featured connected to the Internet.
two-way communication. As This example is used to
compared to a browser, these show that any network—
SCADA apps connect and load regardless of how it’s
screens faster to deliver more accessed—is vulnerable to
rapid response times. While many attacks if it’s not properly
of these apps don’t require users protected. It’s equally impor-
to do screen conversions, there is tant to prohibit unauthorized
a small level of effort required for access from the PCs con-
setup, typically similar to what a nected to a private network
user would execute when loading as it is to create firewalls for
an app for his or her cell phone. Web-based and cell network
Whether implementing browser access. Industrial secu-
or app access, it’s important to rity experts advise treating
select the right SCADA devel- SCADA security with an in-
opment package. Because the depth strategy that leverag-
programming languages used for es common IT practices and
Figure 2: Smartphones, tablets, and other handheld devices
Apple products are different from security measures including
those used for Android-based and offer remote access from virtually any location, empower- firewalls, encryption, and
other tablets and smartphones, ing the mobile worker. Courtesy: AutomationDirect Inc. proper procedures.
less innovative SCADA suppliers A firewall is a hardware
must write apps and browser-based applications separate- appliance or software application that monitors network
ly for each operating system type. This means users often traffic based on user-defined or preconfigured rules to
have to wait months for their smartphone or tablet applica- prevent unauthorized access. There are different types
tion to be developed or upgraded. of firewalls, with some offering enhanced safeguards for
However, this problem is easily overcome by choosing industrial use. Password protection and encryption will
the right SCADA package, specifically from a supplier that further strengthen the network against intrusion.
programs its remote access applications in HTML5. This Many companies use a virtual private network (VPN)
latest version of HTML works on an open standard that to secure communications between multiple networks
enables the development of Web applications for multiple or multiple hosts. A VPN establishes a protected tun-
types of devices, including iPhones and Android-based nel across the Internet or other communication net-
phones at the same time. A SCADA software package with work that keeps data safe from unauthorized access.
HTML5 support will eliminate the development delays for Communications are safeguarded regardless of the
different types of handheld operating systems. path taken or the distance traveled. Fortunately, today’s
advanced SCADA systems offer a high level of protection
Improving security and functionality for remote access if implemented cor-
SCADA security is of utmost importance. The general rectly, and if correct security procedures are followed.
media has publicized alarming stories on the vulnerability Regardless of the device and method used, inevitably
of SCADA systems, and enabling Internet or cell network the vast majority of SCADA systems need to provide
access to SCADA systems does require additional secu- some sort of remote access. The very nature of these
rity measures such as firewalls, passwords, and possibly systems is to facilitate the monitoring and control of
encrypted virtual private networks. remote processes and operations, so trying to isolate
Most SCADA users are familiar with the Stuxnet worm the SCADA system creates a real risk of falling behind
that was discovered in June 2010. In addition to gain- competitors. The good news is now SCADA users have
ing access to the SCADA system, it was the first major many options for providing that remote access, with dif-
instance of malware used to destroy equipment. Stuxnet ferent ones to suit each application.
was an important wake-up call to many companies.
However, many continue to erroneously believe it demon- Jeff Payne is the product manager for the Automation
strates the dangers of the Internet. The Stuxnet worm ini- Controls Group at AutomationDirect Inc.
seweurodrive.com / 864-439-7537
©2013 Siemens Industry, Inc.
Want
trial
software?
www.usa.siemens.com/s7-1500-aa