Recently, a service outage from a major ISP affecting Pennsylvania, Illinois, Indiana, and Michigan caused a fair amount of disruption. Whether driven by ISP outages, cloud service interruptions, cyber-attacks, or any other flavor of internet event we often see an increased number of questions around the viability, resiliency, and reliability of cloud deployments. In this article we’ll take a moment to look at three of the more common questions and some potential answers and discussion points.
What happens if the internet goes out?
Internet service disruption is legitimate concern, especially in areas prone to extreme weather, construction, or other disruptive activities. Of all the questions we get this is by far the most common. Much like a defense in depth OpSec plan though, the answer isn’t a straightforward “do this” or “deploy this”. For large scale cloud deployments that contain a site SCADA, Historian, and other critical systems many of our clients choose to have dual ISPs running to their location. This helps ensure that if there is disruption from one ISP, the other is on standby.
We would also recommend a deployment method that utilizes edge devices for local data buffering. This allows critical data to be collected so that when the internet connection is restored the buffered data can be sent to the cloud data historian or archive. Industry leading SCADA platforms will typically allow you to deploy them in a way that when Cloud connections are lost, local control can be achieved with the ability to access all of the data buffered locally in the edge devices. If setup correctly, this can facilitate a seamless transition to local control without any disruptions.
We also recommend clients take time to evaluate any systems they may want to keep on premise, or potentially mirrored on premise and in the cloud as part of a hybrid-cloud approach. The core of all these points though is to think through the design, the system allocation, and the data buffering approach early in a deployment keeping potential outage events and disruptions in mind.
What happens to my data during an outage?
As described above, with a well-designed data buffering methodology your data is safe and sound on local non-volatile memory and once a connection is restored, the buffered data is sent to the cloud data historian. In some cases, clients may choose to have a local on-premises data historian that report to a cloud-based enterprise level Historian. Under any method, local data buffering should be part of the deployment design.
Can my HMI/SCADA still talk to my PLCs?
Similarly described above, in well-designed cloud deployments there should be some form of on-premises gateway or lightweight software application running locally, either on the edge devices, or on a central edge device/VM/computer. This locally running application is what allows your data historian to continue to collect data without a connection to the cloud, and also allows operators and engineers to continue interacting with the local equipment for control. There might be a disruption for people connecting remotely, but the priority is to maintain normal operations on-premises.
No different than any other technology, there is a lot of fear, uncertainty, and doubt that gets dispersed after major disruptive events. It is important during these times to not downplay the risks, but rather educate around design strategies and mitigation methods so that everyone understands what is possible. When designed correctly, cloud-based SCADA and historian deployments can be viable, resilient, and reliable.
Will Aja is VP of Customer Operations at Panacea Technologies, a certified member of the Control System Integrators Association (CSIA). For more information about Panacea, visit its profile on the Industrial Automation Exchange.